* [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries
@ 2019-05-08 9:48 Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 1/3] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() Thomas Huth
` (4 more replies)
0 siblings, 5 replies; 12+ messages in thread
From: Thomas Huth @ 2019-05-08 9:48 UTC (permalink / raw)
To: cohuck, qemu-s390x; +Cc: jjherne, borntraeger, qemu-devel, armbru
This pull request is not for master.
Hi Cornelia,
the following changes since commit a6f6d24757a73f7176989134b97284a1a7df11e5:
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190507-pull-request' into staging (2019-05-07 21:39:28 +0100)
are available in the Git repository at:
https://gitlab.com/huth/qemu.git tags/s390-ccw-bios-2019-05-08
for you to fetch changes up to f7a339a5ba48a8a5c5bf4f1fdb1463bf8ac5f5bb:
pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix (2019-05-08 11:26:01 +0200)
----------------------------------------------------------------
Skip unsupported bootmap signature entries instead of aborting the boot process
----------------------------------------------------------------
Jason J. Herne (1):
s390-bios: Skip bootmap signature entries
Markus Armbruster (1):
pc-bios/s390-ccw: Clean up harmless misuse of isdigit()
Thomas Huth (1):
pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix
pc-bios/s390-ccw.img | Bin 42608 -> 42608 bytes
pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
pc-bios/s390-ccw/bootmap.h | 10 ++++++----
pc-bios/s390-ccw/libc.c | 2 +-
pc-bios/s390-ccw/menu.c | 2 +-
5 files changed, 25 insertions(+), 8 deletions(-)
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PULL SUBSYSTEM s390x 1/3] pc-bios/s390-ccw: Clean up harmless misuse of isdigit()
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
@ 2019-05-08 9:48 ` Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries Thomas Huth
` (3 subsequent siblings)
4 siblings, 0 replies; 12+ messages in thread
From: Thomas Huth @ 2019-05-08 9:48 UTC (permalink / raw)
To: cohuck, qemu-s390x; +Cc: jjherne, borntraeger, qemu-devel, armbru
From: Markus Armbruster <armbru@redhat.com>
atoui() and get_index() pass char values to isdigit(). With a
standard isdigit(), we'd get undefined behavior when the value is
negative. Can't happen as char is unsigned on s390x. Even if it
ould, we're actually using isdigit() from pc-bios/s390-ccw/libc.h
here, which works fine for negative values. Clean up anyway, just
to avoid setting a bad example.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190418145355.21100-6-armbru@redhat.com>
[thuth: updated the commit message]
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
pc-bios/s390-ccw/libc.c | 2 +-
| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/pc-bios/s390-ccw/libc.c b/pc-bios/s390-ccw/libc.c
index a786566c4c..3187923950 100644
--- a/pc-bios/s390-ccw/libc.c
+++ b/pc-bios/s390-ccw/libc.c
@@ -38,7 +38,7 @@ uint64_t atoui(const char *str)
}
while (*str) {
- if (!isdigit(*str)) {
+ if (!isdigit(*(unsigned char *)str)) {
break;
}
val = val * 10 + *str - '0';
--git a/pc-bios/s390-ccw/menu.c b/pc-bios/s390-ccw/menu.c
index 82a4ae6315..ce3815b201 100644
--- a/pc-bios/s390-ccw/menu.c
+++ b/pc-bios/s390-ccw/menu.c
@@ -134,7 +134,7 @@ static int get_index(void)
/* Check for erroneous input */
for (i = 0; i < len; i++) {
- if (!isdigit(buf[i])) {
+ if (!isdigit((unsigned char)buf[i])) {
return -1;
}
}
--
2.21.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 1/3] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() Thomas Huth
@ 2019-05-08 9:48 ` Thomas Huth
2019-05-10 13:59 ` Christian Borntraeger
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix Thomas Huth
` (2 subsequent siblings)
4 siblings, 1 reply; 12+ messages in thread
From: Thomas Huth @ 2019-05-08 9:48 UTC (permalink / raw)
To: cohuck, qemu-s390x; +Cc: jjherne, borntraeger, qemu-devel, armbru
From: "Jason J. Herne" <jjherne@linux.ibm.com>
Newer versions of zipl have the ability to write signature entries to the boot
script for secure boot. We don't yet support secure boot, but we need to skip
over signature entries while reading the boot script in order to maintain our
ability to boot guest operating systems that have a secure bootloader.
Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
Message-Id: <1556543381-12671-1-git-send-email-jjherne@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
pc-bios/s390-ccw/bootmap.h | 10 ++++++----
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
index 7aef65ab67..d13b7cbd15 100644
--- a/pc-bios/s390-ccw/bootmap.c
+++ b/pc-bios/s390-ccw/bootmap.c
@@ -254,7 +254,14 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
memset(sec, FREE_SPACE_FILLER, sizeof(sec));
read_block(block_nr, sec, "Cannot read Boot Map Script");
- for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD; i++) {
+ for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD ||
+ bms->entry[i].type == BOOT_SCRIPT_SIGNATURE; i++) {
+
+ /* We don't support secure boot yet, so we skip signature entries */
+ if (bms->entry[i].type == BOOT_SCRIPT_SIGNATURE) {
+ continue;
+ }
+
address = bms->entry[i].address.load_address;
block_nr = eckd_block_num(&bms->entry[i].blkptr.xeckd.bptr.chs);
@@ -489,7 +496,15 @@ static void zipl_run(ScsiBlockPtr *pte)
/* Load image(s) into RAM */
entry = (ComponentEntry *)(&header[1]);
- while (entry->component_type == ZIPL_COMP_ENTRY_LOAD) {
+ while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
+ entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+
+ /* We don't support secure boot yet, so we skip signature entries */
+ if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
+ entry++;
+ continue;
+ }
+
zipl_load_segment(entry);
entry++;
diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
index a085212077..94f53a5f1e 100644
--- a/pc-bios/s390-ccw/bootmap.h
+++ b/pc-bios/s390-ccw/bootmap.h
@@ -98,8 +98,9 @@ typedef struct ScsiMbr {
#define ZIPL_COMP_HEADER_IPL 0x00
#define ZIPL_COMP_HEADER_DUMP 0x01
-#define ZIPL_COMP_ENTRY_LOAD 0x02
-#define ZIPL_COMP_ENTRY_EXEC 0x01
+#define ZIPL_COMP_ENTRY_EXEC 0x01
+#define ZIPL_COMP_ENTRY_LOAD 0x02
+#define ZIPL_COMP_ENTRY_SIGNATURE 0x03
typedef struct XEckdMbr {
uint8_t magic[4]; /* == "xIPL" */
@@ -117,8 +118,9 @@ typedef struct BootMapScriptEntry {
BootMapPointer blkptr;
uint8_t pad[7];
uint8_t type; /* == BOOT_SCRIPT_* */
-#define BOOT_SCRIPT_EXEC 0x01
-#define BOOT_SCRIPT_LOAD 0x02
+#define BOOT_SCRIPT_EXEC 0x01
+#define BOOT_SCRIPT_LOAD 0x02
+#define BOOT_SCRIPT_SIGNATURE 0x03
union {
uint64_t load_address;
uint64_t load_psw;
--
2.21.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 1/3] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries Thomas Huth
@ 2019-05-08 9:48 ` Thomas Huth
2019-05-10 13:55 ` Jason J. Herne
2019-05-10 13:59 ` [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Christian Borntraeger
2019-05-13 15:05 ` Cornelia Huck
4 siblings, 1 reply; 12+ messages in thread
From: Thomas Huth @ 2019-05-08 9:48 UTC (permalink / raw)
To: cohuck, qemu-s390x; +Cc: jjherne, borntraeger, qemu-devel, armbru
Firmware now skips the unsupported signature entries instead of
aborting the boot process.
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
pc-bios/s390-ccw.img | Bin 42608 -> 42608 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/pc-bios/s390-ccw.img b/pc-bios/s390-ccw.img
index ba054828d35d72fd1ed5521a48f43f593a1c291f..a0234bf748e10fdfaab27b8a751bee1db1865256 100644
GIT binary patch
literal 42608
zcmeHwd3==B)&HGjvJe7HRwfC{GbBJ*5+(^t*kmRPCW<g@8lb)sl7U3BkxW=zYO1NC
zwmL-db$jbTi4UUHA=;KGNZRsRYimn!L94CcprWz$37~*Lp5OPJ=b6buki7if*S|WS
z&*a|c-gD16_uO;OJ@?%EOzy~^H#aEAAOfFY5s$oH5FW0V+q87Mms6X_7U9AshKRv<
z4#n4~)uT-N^hynFTCqPxYaxR1)!PMW)uML_3fjk?5?}NU(aSH9JhoD+@TVqvq;|wB
zK0n)|rO)?DgB@HRTz62b=XS)@W!f1S5G3@J`$v8A_fIbm>XnKVjZPpnmbyM!h_W!f
zyuXPF?G^!8r+2CT845In{!|zyRg|xqR8cy0a(Z2LdIr}Lj#zwyub#hDeBL?jz^_-m
zA3x&5rypy&ZA#eDg}+$IP}=yBY*?=NV;CUZl3qvUA@e7__}=D^)~&ql(FX?I_T*b1
z=yjJ&pb&b$gO79r3XKvhPZZsEOe-gnVlc`h`Pt|fJHy3yl}lVLL{K9#hCq36gI+F%
ziFM^Q6~eiyB(u1#L{wC7D5<V>3Y4w#gHZay5&cP{7ij;&@gC&?{$5aeln3~G;Y`nR
zNq_YEJD}qal>0MUxxu5u@Am2$9X{)z_Po2TS9xiBwPF=1@;TMo_K6VD!SpxvKpW`I
z8QUfa@gJdwhA1za#37^dhRMV*)9qg6<u;EHH=dCbgpkLH@Z1cK$jR_V$VtK=k5#{I
zHHrxgJEYAm#L^E5&L@yH0y^}rpx|(%hSobpbgK|ia+0dH)d1h0+oQxB5$Q112x=W4
zzJFwmkX<5GE)$}y0hnHq%_2B9{$7)aGFysF4Wc<-JsTe_k5g3#o~TvO^ypD&GhMzJ
zyi|!`*`<C)J-I4_YhU)6h!3CD6e-;DRU!zm_xr3=#uV-=kW5uRleH4H*`O6uWNi>c
zuX(C^wt0c7#>ccah?D@eAW&;GL=;IH_0;7gyBpUOSWUtl(+pcFkI2rH8^wL?S;8s?
z$s?w_ITwktR(XUa4Cyba%~iMftcpjZ=<*IBdD|t$V>c<UlC-a?mkUKWYM=24pA{W)
z9}-Hd$JAbgd_((EF-t_s1H=$;XO$-igMF#;j6F+v=8!N6hrnNhRbYIA<g3+>SRR8(
z9#L2M$0}+%mFC{SQW^`%sE|y%Tp$b%o28+^W*T9$SsEcXNCr>CNLouy7MV<Dl;7<z
zSvK?7WcWwLCy`9=wTh_t3<qTBlcXxKg|HjS<WuTu%Eb+B^8!m7cv$7LB5Raqs*|BD
ze}aAtv)irU+Xnu1y*jJw!xU;8dqGae2seu1e%YryN9D=QG$P_*$`3kBeVV<S@`inW
zxS6q_|25ZCQH^P@&qTC+CX<o=7P~PcPN_#pYul`7zmRm?2X2Jhyu@zzh<yufq?Z<*
zuT%1Lo(BztEp|HE?q=*`8T(H;pUnAtC~rGNc|&~w|Cqk<s}K0`>pE*<ogINOY!spL
z2pS>vHlIYivmA%%{jf@rBHkyNz%OXDK_e_gG3HBfR!SVq`aN?nne%TmXEQkeHRrk9
zb_c_Z3gb_kB7%a?6U>qekV(*>8Lb0FW^0hh0xt;|HMKn#)-@6(c^J)TlnywonlN^D
zQ<Q+toujrQEDxG1pStkcVbqvJ8(0*DEiER|E)*d~KN6&ba&8jWjQ5!gdqfK7=N<|(
zzzlLen_H~r7OG-wr<~Rz5iQQ>Ei%wT(OZn{qVezrKaH?XZaMm4;l~ly2^YiA0H*w(
z;9k!t_t$e8u%D@<!}3mOj8}-oYvhfpYHv_>v>g;;#meTN2}2Ra$(%?Qp?NH9o5exT
z(dKC_lN&_KC}G`f6~i#=f+0D~K2=4Uyv3kAgEWaoVoVxgpxpEnn{-h4pW-UzDuy2F
zGby{omV|h;kmOyM8;_{Jms4SRZ5;)|*cvNFwO4n93uD+Rp9ySj(JfOP*(9`qM!_1n
z)MIF4xVR0?D)n8WA7kU0=TiR(eR@;Z50em!zJxUp4wKjeOF-#fNcbzIhS!&s)N)8z
z+b623hRLU(3jERPNjH}N6{`?KC6|J_2^`0R<F6<ecB=ga#i8MWoLdOjC<}7iDQ9`R
zz~&7yPi`JDM1{SHjLq;lywtx0p+fhg6Q{He6ET=$WE*pkQt9^Aa1q-YDH1V%jF=}A
zR8^-ME-av?5Y@0SeS8Zc&2wr2S%aocz`!fv$OF96q?otMMIwsEy=g63#aVaS-Ac=$
z5T&I-U=7Kod5$(AcDvWGFT+NbLtiOH<W_?>6ta&5o#U9rry!k8xfyQE5%mk6&2EfF
za9p&UqAJl*fQ*AwMq?!~$jgO+`N=TXlN3hY&fMggZ$R7Mfo?wA7aLac#h@<P*LlPC
zWzc%69?|TIxWVW4UM)uOm|PY8n0b}l7<4!Ak0bnyoBe^24#qqYyfW`wgS-YgMTBl$
z>Ky@&vT5{YF74KXa4MOxleii@m}@1@bNN+^iC*V7%x5)2K18*H&N3vpLH;D=ueypM
zkD@;Za!GEd)Tg%Y@{U9gUf&<%#mcR+r?S;cUdEPv(0{C-<VjrhrhKoMvvo7%*eHg`
zPhdXWqkhZyM|Sbq`O;S54gr>q{V{Hgg8EOaS>a*?>78E!Tkj-(M*M{&U^oV;2KlAB
zmGr=D$4am-!$DI0vnEx;CTPDQu2?>R8Fe#e<|*|zz#A&In4{rGgm0EacziV3fz2in
z<S;2aiB^Hh9Yhk}at&!0N}ux`Bwm=ho2lR4wo-`V<wYj%cIt2O6w<Zg9EWM8(B_*P
za}Mil4WwXfO%&@`UmnYqFy`4pjZKCu9+5|clT4a?wwfSeOn4i<%V=1Jm)mE;@(oIi
zcEmJ@q8PVGLe4F=1l1$}dW-zLAU~y(tO`TJkAN=&+d|TQSaDbygu?>*_LZVttJ5{;
z;g5Y5upQ6+n8<o`U;DMx+Gj;mw>jCq#4U<q8^r#bSc=a9s~Ve`7~^y3{aEOeY9fR&
zDcNUrphZ%0VvHjNw9rPQRTR}A<kWD1S#m(VlSX;^%|tKqAmwK);`|%!uMkx#nH^1f
zb>WvqNxh`yQrA-NNYA=tQj`oW8h=J4MpJ(s$&gPnBt9N~5mJ&8<m^)S%DYsRTQMEK
z{ye<OH({mT|KZPZ|3}Erv%R+ZX)(u9%;g5=cp&H3QGV85=Jh7<w3?o?FK}H6w>i!E
z8yOC>4Sl+nal6#Fscc3f*I!p;Ri0~}D&UW@{#l`a8Jaihvne}a1>;4U=93cq@MX+p
zx__PsF;HS^e_?E6_K$QAgDzYHKW`Yg%FiX6a;o!opNU3^bPm=hF-(Pa59D^Qla6!S
zaKOJpW!aDOv*7x_Q+^=N&RO}?i}T03Xh(d^@H`6#9%p#=PzQ4PtTcu{2>Nw?i9hs=
zPg-f#G;Y{Q^kpaJp-U~1TaljXWE|PcnPwZ~!<q#8FH?S22;<ucxJax9slupng7t^@
zNwk{J`jLF@UuWRW!t1hIJHn~;@Dh@lA^V-+gQ6oGxoftHj!2|GfcM^J_jaVhHtiHC
zczPc>ujZlr=RD-$-@wif#Z0is<JHa_Ns+f26dCsQRe2<P1J9AqGyM_G&pVW^yl;Xp
zt+b(?+iMoQYk6>zeWh}m=3@3LvLX+Tl@n~DX_r;VGqF+(RnKE@u@hFoDB>X}+C{ux
zBYX~k(k|k?8dLjD<Qv*|b=yTasI7gM@;Y`BuhTBV!@CH~Qp|APMWD$8C#e6!e5^BW
zpVUBpG;;?}ko<5vasR+aSn)^OJth-4ScW|Wyb$og-psH!<w=-1M$rW5yL^(T2L_ZU
zqI?8PN`h`R?awkrU_3w2v0Ve-+q88TRtJ~*mV7OGJ5BwTIWR)oZk5NGjsr&$c(&O`
zDN?HiUV9!^&{u@ir`!*yb8}4k7`Oy_#4<)72P~7%MTKL=)UZ}q1^ffjnQ4<r0uhf>
zKKn(^KTP=<ACWGdyOSt^lRq*n+w+J<@aM(IQM(^9>>n7m0&puCE`sZ7D4%^B=Wk}X
zUou<~;40~P>Ni~X1BSbX^Vc)nHipa7^|7&&wR<W!0>ylWp3V6=41FI%r?Jj9cJ8FI
zso)5(lNdIO^WzxS#jry$L%5ey!4cq+7*4|($8hlE(EH#n`GvP$EI+@0Me}OL`|z-`
zF;+j<^oQDidlJtr<|d*s=rNvS-$0&*_Gb~v8iZAEMBElR#o#61>!-i)d1+>$#RN_J
zB|-aO)_&4RBh8GTvgJv-pK<L4?06mv%wkYGsB7YOtcs6oIJ|=B5e|Z744a6Xq?-vt
z&{Cewv~!%+Z3cTVgFWEuTAGnRT}ROi=zlaUWB`hz6SoQp^W6_U6?*5{8jO~W>X$TY
zemV;@$NCy-Fv~%Qd>i8Oc9b@ejBm$IS;8#u>L+T(5s$a?&NIo(v+@*4=k^icV5ZMQ
zzAo`U>`q8ejkUy$$80FtD!fL_vL#fLFdD5I#UHRA4-;;Ehqu!1@tW*5tAQxsn@y03
zd5quV^AaStRppn3p=FVn0GO9s&Eig^hy;P_QC+iKy&WUv!K`Rhe+G_1w5UMB(S+^r
zjGf?XNP)*26bl`OoIfQ#o1ezMns`l7J=F6lw@_X95z0^7&-uSme)?#lb@ugcyt~vL
z;Ne;MSwXgEJiNE?tt2s*`nawg-%`ul9=Mb&Z~GD9Ppl=Ws65lA%w&q&m^$VTIC+Bd
z*`G4?doeo;=y?i{LOAdLrxi0C@Bgz8F<d?1?q|3duG_@;)^Wa$@x97$#ej48<#_go
z$nmZx>2uh!?Q)))hI;lJCV$0kmogsqxWgAP9_T!zG8=RDJn16q8EL3X9EA_Ex_vd`
z<%4uh9%IU8`*sHN1-rD+e-MVrzh%s+l%KkT^P?DZC1W-LvyI`N=ek&iYvVlo|Jln3
z?#y|>v3;7%voKsR+|LLuj7K4x*Z(ue0XLau!2Q2tu4qnMde3PZP15!IIl7auopq7N
zq-3X@VC^w4*k`Z7j6#HjR$O=_9{FBHKpJM?!8n1tze3kBM`@jg{!b;`Ywsf75?qXX
z8qK4%x6mFRb19PSLJ{`S%aR_Xz4}J-jS1R(JJ#{@3EP4935?FaiilPsyhWspo#rxl
zkZ%>?@@n<BB!ekznZq{9&j`r!!s9GU_AJ7xxSn-9tc>#0u*QJf>oMxB^qh5y<+q&j
zQ~!hWOBn7chRXrm5QaO#b#obx_jO@BX4CFxxOC8EEzbHA!(|fOlse8&WPBSKE)n<^
za1V@-7d&4vlzTWr3`ITzy&gwx2IRo2+>TjifKLHiZEgboaj>;}G&{VCBMIi;^Q=0`
z{ILZI{f6mYO*ldori<C8s;B<}x^I#kp|Mej69+?Mc@?!=l7kqcL-RP)HX6CwrwN1k
zKN<h889!De;Czko59NFt<A=8m{Lcgb&#@jor4+!<9)z5?Vm)#o(h-b4k!9+n@xSjD
zYIEO)-r7hs@2kMxO)%XRq%nr8v2O~-eys+r<Cd8Yl8qezzf!^sdrH9!(>#bNEzHd(
zf@CO{@M5p+LaT>ind^~mM7kd74^X}V=}g$%+cmp6G(VvQB_o)xHQbj9aNNSru;}Pp
zDV{U&WlMa%@L~=!VUZvk-pNmC<~)!8)Z4i|`7ehEUnVRP;8G|*Wi#iQ?$mOIi|pbm
z{#$U>sQwx)|H>`dnumsQ%T?UcK>4ZjsO2|balabXM`)B8{$7F!`HJCfod2BRCo}wE
zmPey{OMo-Bn;{(Uoic*qneNnK48Nb{*r@(T03H?z`1cde$=`CGXVX-8W#9)sION}`
z((E}zvmCQ`haPWcuWa%jZu1nke~I&tk$&8JGwomDSuPOnSPNR%Fy<?fo<LfJx*@UA
z%}K%v8@!`wj?#<>Kiks~)~mufWT|`(Fl9sxX=j@a7;~Xjp+3YvggZCOfpZqOKOTOX
zso&Bh6t=q|MHpkAeIbjfCUXJvbsem!OwSo?WkT5hn_S9u?Eg(+|L+^DBc0DM#sc)Z
zsVNgZMkKo_gVSH=@wx{Un>IhD4#4~<VtCe=kOb=g<}bj*{iJJs&5+F>pf7AC<KJML
zdfPj}2aOFsfc`$<^E8xe8Xfl`djg)VqG1(kSd%v^G%jD$K4Cl2+>Bi#o=+1Mlr=T&
z>hjcRE^dArlwcRI_1?;q{s>B<0qeeK;hYh<#|TrwkGshnehJBZ^ZmVL4(v(r1IMZ?
z^Q<<=oGpy;XVh1sV`OX@TRHy_N~hyHp1AzhjTvXgoPUsFeA=APNMN`-Sbl8jjhi@s
zfcv#ZmrJ9%o=P*gCq}mali79~S26T27~0WIc2_}mjaro7`We%>jv%wnaQ<p;1%Dc{
zo5J#KR2Na1^{-q%jbV8{7&90ayAQyQgeF|YaQhf8nd{(fq2I$fU&e3)0e1t#J;Qa{
z%A<0A0K>6GI(0gLkL4A7j_R`BC%9lfnVF0^ud1hffE!Jkr^SECE>EU7aW;7elOqp}
zQMMt%k5;k2HAl;ds=Cy4Fcy2~Z0xju=Mw<uC^AN3QS05p)}DuTBa+S=+b0V|gAfCr
zjL3%pxd9>>F&%4;WHLnOnN#2&euBBVztw`Xj66XnajybP2H?n&CKHY(z(OO=qmHdx
z@S`*X?kPw8v-tKo1MXQ4&0>z@3Ry2HW?=FNSci0N#`M(VdnjJbqaT;S@RN%Gja7oq
z59cBcM|vG#pcROm{G9%FTA^>*(6<*z>!5E`HU^UXD@l3Mhb-kBmiS`M&*J<&Eb;Mx
z+rx0Lb6q;uUB~%U&ci3b$ixTuaH+3?K4vxOm*}O4fxz}N=O`@-@CSN`QXT2ZACGTf
z-Oc)^e6I5d(F?=*uVp19N$VTyMp&?JgFhxbCy%vxgt&XRx#jS!$_|D6eE9bi_ke$|
z@BGLX-0cB<O-ml^vIQ)2Xd~9M_kcABa!f!<@|?{5#MvNdu(ioz-{<6$;M+}WcSo5f
zSDctXz!-nUuwN3k=pS<luREIE%_`#B+b?b%vqnxwJk}*b7~)S%H<_>m)iSORFdBcS
z(oEO|l&*n%jX3!;ppAl9iAfkitx>$i{hUZJvBNcv$jYIQF7aPjNk}%+3D4c5aH1<<
z@kVN^jC>QG8qw<_c&La6$=3k)1bCq{5uq8XeifaETFh;%m7g%)<=Bsnh}(@hW`~D2
zf#lpiiab2~C=X<ewX+gDU(fyFv&Ky5j;fyMBpjj1Jbo^9luz0XNm7~k1>h5jxAX_;
z*}(HZGl%oM{%6i$41Wh4TbyW$I~H<_^$hhP<*kr1TE9#AObfR-0Js;>b6yjT|1`JY
zna4AIIm5F5ms!mDm$@B}!wJOy)Xj{4F4sNBb-A2>n(`SPjQ?T4@k*PX$#su19B6}&
zCWhlx>O=$JX3%pwdnSfPhU4BFe#mftV0;zYhyt4Bk?}TT;z&=%JDgv`&@G&&eWCE-
zL_x$;X>;14fkH?ktb^y%ex<1Uc^O6^gKTELb}o$j4>%*H`ww)=AK4TnMM6$|wt=}4
zLN_!Bx;eOYsCebjKxA?9inFOdI=mtrCwoSsm}O-?hC`bScSWHE$}%(C_mgK!Cs`+q
zu-hLgWtzW`IR$omB~Bt1<Ma{nzc!nywn(5Bx-Y{-dOA>BVMRhS&h<$is>cV66#F<x
zb{r>pfErA-?H|!OCZCo)pq~tV1WreBs~`7*xSi#}=ZCa@WSk{F^ti^26on-I5git7
z9wDB)&$k3b-Ix~<<`C$99^{gQ@9rFfXE4VXDIP=-&}kyoJi(lVRbw#rC82<M$!79|
z%jQIZG{Po%M3e9Yk@wgliA0?7N}DCYc0suxwg6H@n+g82MtRwg(^zfd5aW2a2M;c_
z&A!4jxM`3><QgUHJ=K?qTg<~y_>+T~>q#j69rd%#fgb*Z#_qY%nCZi8HpsR>7#)%+
z68Q*+)nqD?9K?~uf9gzfRC1`b-oA$0hXDI9n`9Er6Dg)^ihw?)3L8qI`@~?O_S!0p
zekEh14RJBB6JdCo%wuJvdpcpA1h*BM%C{yOaTYogapo9FY!##jIH#ji(D4M-ecjI(
zN8?6z?%6%S*n&}$h)xq>(ycvYBH2t<q02l5J@jn$XfprmuQ;LU1cV`O8_wp2qP<{g
z1(V13?BmeH@a|r=H{kJUW91(wov(l&Y(2_)oiOAKMvwNtcj4Ov3bW+aA!lfGo?R)M
zO#(V`NqzY0F6iTCXqyRX60KIqn{zWgLvk|R{@x*~?Fq+O+<5h@u03?3|DbY2V2x)T
zKBZEu`$g!&YhC9R8TH^Vn@$X09ERFe+FcTyEr5ohl;&&(>!dneyRidn4j)OMbDG~|
zw|kU*Xq$rX49u8;Z1E#$_Q(8#=N!j>Gk7Ph#^K(>^Y$9$Rgy3w1^Yyb&7}M{Jm%kH
z#GwPiMr}HOfw6#8l;^u~<PvwudoV7j|JT`f4B~F~Z)Tt!MIKX`RzCLq&tryC{4yF^
zHV9hQh*jhO-DrUH8r6@H-T_<j6L~l6Tci3n`DL8AX}1BGQ|n%Pl(Mf0`o^5>WqQBS
z>ABQ5bj}e?#%&a@82#{R<yV}WL_I)H_R$z|+iSpAJUxLcL}-co{Uf2rjpBKdt@U1p
zq8$-QE`*`j^2gY@=7$(d_-cr1Ou(4Ia+1FWFL=4nh9NVy$5Lz#US}*~9-7BWxgqSk
zQnU&@wuCC)-W)#??&p}LOZS<U^4Z)HoS8yqz>y74c)Az>t;H-=3vw(x#;Fv+WzI6t
zW_EA9Jtg6n!iC@SXzYfpZy{Nuw?lCPodmuUspmck)7A~mJqTMgAT9+~VWfUCbqe*^
zCBbhh2aXYO7Su&S8q_z)Q|q<4#U8a%ldB891>`zu7x8!j=SrP_=4Y&lcs@*;in2CM
z|H+dC{{3Xnc5gd;t9OTY$5tCz8Jho!uxCti?a#8(Xuau+nzSAoG%WZy*_hpTQ=AF+
z00nD3ujZ4UV;ap{1?FU<*iW)SB#^9l489q5i`ziGV%z3I5CN-%eT!Srs$*Xymn+Z_
zH{^ghJ_>fSQPd#b=f|)E7_PC82Zn3AFraKaY+FS0SoI9@cR-#e5K{}H9SUZd2RPy}
zhKLw|1Vxu_lEX18Oz_O2a-$F{z-d0qd5oBEk8Plxa%xiq?qnr4z!quRe_{4koZ3+h
z+Ov-nwS(kux9*k#Iu}FMJbIM<aW_Gpc4SmHQUskPpT<(bJ(_NPbEyw=-AJyBv`gL{
zocp!Uwi|vQ@Z&DhZU<?5E>6&)Y0X$$3`n=xr3UC9ZYCDvX&*|(#cd#Yf?bUDf$cCX
z9K}9(l+rm0fBq1yk&sa{WIR&4Ct#0q`{(8uU?9!kO<bn`1GXcJ_&fh=%u$N>W#h}c
z`Y7H7oPU<!vJf)@Of$D(eLMdYpAN~|&MJK;*Kb8zc%0Bi8|F54VBPoq<KO`T$6btL
zJLhk|h~{K2U&l0Ag6G#lXI|kp_d@Q!;d+wKURt}n94q&x<w!Q%3^hSx!#YXhy{TBW
zY2N8~0BPmr@?nAU26$B#D({MWrhh`x)NQjT$EtW7Hf4v+p=<{atI;>a7lg41dtU4-
zJU%ykIZJ`plYx1g<g*<ln>AD5rYkTP7D=9o`fb-`WL2<U%-3b|l%lY$gIrS|qW+va
z%l#X}`ID5NcopTpJc@q4L(g;Cw0_Om3;wf&oA~xA%0~8c#o?P24{pnXUvqTJ6sy46
zZ^9jfVQlrzY!$dk=Mu57zdKnXk*#+MOKULna1`zwN03JPl#Y$ysZ&nnTRUfHrAL1k
zL4G*Llu~i0((1?t4x7U&jCZAkz;lGH!!2f?gp!nY3*BBOt{~4RD2^;IG{6^;DAr{5
zxh3d=PoN|5H1B<0caYf9dXMm6w(dfd98m~cqT5LD;D%z{*j4$w7($~tq&cip^<{W5
zwm#JJYCyGCs&&|{;TM<M4A#gZE8~jMagj4;v}M=^_kcE`G#vMp2g@^r!G@GM<`WBW
zz7R7FzB&32?h8y(5XInaNV$iQ7WKB<I25&nKr3i1G(w&d$&>24_5o@8NWZ$EApgkT
z{s#Pea0=O{pf;Lh3XXw`MgwQ9klQkoL_75a2c_^MkYb-e{UeLvkW7#W?NiX@NU|(6
zz8Kj{j-)n%cL|Y4?KNoT`wk^r+rOkaFVA<I2Y1gZyZDC3hTC3vrgPAB`$u|&<`=^1
zKPp7~1QAN781U-CNz+v~S(C&jilHPVVNLEJexe_P{KxoAz+}|CHudklrAKl>eCz5i
z%CK#B0>kUncdSw2+_O{aKd5)w45U7`-=TSr7$4prwf~$s@<`way<G`>FCj7jt6~$v
zSR~oPi%hmi;2S6x8Bhv+M5!00-pKfcz?g&YQncc@XJ-RO#;^o+=$8re(513%R*PU4
z*q7@}jv95Jgjj^O8zPSMo0nbw>%?CWClpzm%_lpv-@(n<iE@GgD;QR8thaPJFP9@-
zW)Nf#XCJ_tc&rT*ZMIBuz3?zcF2de1cry;t%FQ>|y3wpw4nj|HE7l9E0ttoleao-l
z-5|DM!qo#%3nfb#uosaRw<c|Y9R2T8*dT?LB1xLqWK^E!(WUzfjfN*RZQY&cFnLqK
zwUC$LTZr#;k%cyVMss1N&I{l5Hhcho7TRw3BS(H34ZIRec#5!ov53Zpq)xc(w%u0X
z85O`YlzMJ>(C*p&BxxMh!)J-UPB#Q_1%Qtxc${!No8wkqAgt%lal1_19DA0uv2~<K
zj<w)#RBVhx@(|Ddwo(4J-0mZ87X%;0DC5pEWE~2+&_MOI{Ug1k{eN$B3-QunvVhnl
z$l%BeeQIc*L7E3#$+$5B?JF=T&tPxxD&3RBof|K#i9^{dwqTyqp5j%prTr+`NAj^?
z-C#S5gt7;g^q~D;HX(n2+t*P?M2tX$cQ{G~M$g1HB*jNoFva1JvVBKj(^5ztHq#Mc
zB?|}tlzL~f*-Sy2%|VF)PgGAc5cO0COF|{EQ1}bmkMTl80&`&^$<&c-N`+j>E9CJ!
zznJ7Aa+*gr5Jy|+ToiLgBqTy2OK5ip>F?oDq0w2!mhNg`;8Q!F8~snQd6c~*5u`HG
zXIS22fwxiR+kh#2LUM+^<M9Wn_Kbt(K<X2e|NJV9!2)_t`H<^4{yY8<=Q;kH%JJXN
z$M?Zwit44F=vrg2+mxrlTL!f~_bK-*AM?SAmA|@cRZn4W=*(cEIsO)=!x5rXjsYM4
z244EVn4gEK?)0||$C1+0rzoE~hsuwC47gVru7Tk`WjOYVP9I@7mhkaE18xb!RWRHk
zhSTyKS53v4FYvwG2dB)@=~iwL#I0YX{Mb%zu??7up(VJh3k}BjAT?pu(QU$fJO}IL
zR8QsDYjsXXIZph0z*|tB*1lGOwqTtw+&&vJeHnU`)g%B1%TIQ!NbouqjN3%yeZ!C1
zj1>gC$~nzugNU6V!^eOo&2Emv&Q`n09@I`@zd@}(A`SOofJrxVEmo0Z@x*XU?P|nS
ztio{HpFuGhwG};MCaQ{<Nd&yRrI@eu2FGfo;Z4FJ<Q3p*je4HB#!B8i0sHq>>_Zx`
zTOB1*nQAoop?*KSQvr?bZ7`bSJ|h{XB*JnVZrg%6+lE=<!TCSE;q)G6vBNu%J+UE&
zgmPRm0cTu$0m>S1N`rTqz_FOwhBul7_UiBX1Z;GQJx_V>kgyJ*+31a+yNlLv8`dG^
zb;kW3`W_{IV}{3K$fWjTvtfPI*e!rKB2vtS(AvSE6SLWdnLHhyeuKybH?ky{S|d35
zwPXT48I)wSIu34yHOz*akJfOLfK3a69Ug$T!~sQ63&b6<c0ej3W&a$EqYJm^5t*RA
zk6Ru~{^l8QH3EA*dMAnGvfO9t&_@ZmaO^Kh@;K|44IGVq2^!i!yM_*jz^c^#BiK3G
zsfU5vyO7db3>iAtz&A6&zFCoV&a)_I3TdF5nxR(Vb9)DaN3G3tt&IlRz8Uu#8&Gc+
zZoDNXw{IqyqtzfQtwcoQAq~C@J8EMag#9s+j5mR#Z;Eq^_D7L#&|upi)3A^fp`C;!
zvk7n7*~c+o!z5u(=G<_J_K_BnR1X=sRE|BS9_Uj>ji`lON8L*E^6R76f3yM1c)rQ=
zgyuti{jP7^gJ)nr>Gmo1-~>M=k>Eewmn-mwBFVT>Wy?6~2F9}w?=v2eA5&-!lCQ?T
z%hxTwXP?sW>;fLPNTa{e#)RUNpFTnwlUjl~eUNgaGLgfMA+Y|l?*wc=$9FEiQ}Au_
zIXa+uIQuBV-<2KnL_BeDf%f(kN16c1v;8?Yldb9iXo88Y>Os;3K#T)^<cWjM!Y+S<
zA`Iga;3t_OQIc#ZR)}9YgmT0tlwaZ;6l)V^5Y0dVP$SLBTYe9?<{X>y5>{3ZYF5(C
zC+zoLM0pN0)o{y~+N^`!54Ag#7Q0p9lfl$RL>aI;(p<)j#;j|KR$4&q81D69CQ_f&
zA7UNH48<(LEQf8f=x^Ad=dc{uC*fTrGxdtyCS7jSk5udrIu90^EM?&1t|F`DQLK%}
zF^|B#!>a7XnIP@XcaW`$&ceL;726i<o1(G-iFf%hYh&@3IH6wLi#&M5iSReb9idzY
zW-r+j++5ll69tdNaElFXzvP*STgX%%9cBI{XxtUI5NmX>dAGSf33`Wfu%FWXMnD`#
zYJr4ahqgsRbK*rN?0{FK93G&2qkMzfB!`5X-x8=}%xTX1BpwNgW<By436z^*A5tMt
zx}lwd788-9F^1-jy%zGt*kA-AFiJ-NZ-X3+7~Km^spyXz`hhX%kkC>nIOB(2{048c
zvgF;6e0&DunTVe7+17=0V8j^??q=Q}y#apX4cH~z4L$R~B96nJq`G4zjY^SM*;`bj
z&>MsI$Q$94oKo+K%fR~;i%7<Jn%{fe#(plJyKsbLx#<g^+foF3IMUL9k=ic1f(vOR
zHXXo8xk9?P>0WzHhlH3CjRVFBGJ@O)X2TnRIRYNrP+CJ81`N+?BZyopATe$<<INA@
zdEMcG3O;f|5cYc{KeQovVHViBR$rrR4#KGwk3U8WwgvJ+gj?c#D(9h#D9>hDQ}i42
z4ifj`FH0O_vPT<}G0)oEUT8nwsY_|{C`wb1asne@CEA$Xto;{o1IPpE)1D_Ne5>$8
zK>o|y#|f<G=%tVvF$eIb8hUet*24}7Z&-(P;B1EbXM~2P&`w6W6~17&?+DR`g;i*+
zgId7ycA$UlWym++_Ga%le^)CCY`OybELQTJeb{t5vARKf^LNZDNUn;pGPft`o-xN=
zPEKQcX(K&4pTKY1HX5Es6eU>Oc?26MnnLf))xe_2lb{!_pwH39u>Kn!O$Tv`h-Em%
z66APz^Hc&^lh(?Q3xj!F^B5ZSsQF?GV!a1c3sW2p4qoQ*HuBgTi38s;><lcv9J1%~
z0?=wy-v-<h_|`K#X$i$jvS=5GI1}9oq`7YN#X!i|E4Ym$?P(j~1q7o8oE#1zec?RL
zKzV$nZABzq8Usk1_F|#r>7oSVL42G`1vT=<gOKv-aAs|H>lSZ;zfmWbWB2KR20x+i
z=Ex2+^aU$<=|MwCP8)s#ISs*{0Ulm#45S)_wx8me;&j<!B$v^-<FKs@v4*;!j}+^~
z+kDUm!-jfL5Tg&%+G^iIZ=Siy<A`Q2Z>%AWWH}l)d2sfMI0@St)3%kY(-QMGTjz~V
zQ<%5&9}{neR{1eO?{XP7q~onJ!-jE?d<5Q`Gx$smh_)mo;0{cxJ)uTy^+HNm4<Vsh
zgc0LjD7=tO7sgh`SOCcz)_+Dg@Kz{h-?m2sxOS)??jO1BQP9QP;z+f3w^9t_4-Zm4
zRz4<J+TUZ8FrzUSB;-6atAA#K<vSw76UJ=D`;laO@mJ}Z&E##N=VmG=D@(0eDz$hv
zq0T|J6%Yb{dHm56x*2{A>dmP4lAUJ#AKq(>;S)2aB~<(Eeew&PZo6q)DaI-sR-9~!
zw5^7{IhrG(MW&8a^rX~hJK?4^{Dgz-Dn=Y{_;zl>ZP;(S?7@iJ`ezSD)cs%BgOnxc
ze>Z#3F&WQn4?1wJ+?kx4;eh?``~&UaeGTOG`c|@EiJLNrPT@`~?Cl+~Kaw9{FZU{v
z(s16Nc971C6y9HT@cl0fOYi7ulHu29_}un!J}<fx8fT;^71y-4YVoVHpqtA0enjPp
ze@{XAqf~C0NaaWWLVFN!F(kHFuEP9vsrym#7uk&4HK#h?WiD0`<XPPF?R?2+vLJ@7
zos1QjEO+lu-iGrGQME5-+kC{auYV`lZQSNSZZ>Oi8EYDJi7khheTgHqj;$X}>lkVe
zLOV}g;CFnav&<=<MI@i({7;C!beQvZgZ>QWX8`lF8qc}(oXmUnv$&yp;hzkT8z1Op
z71!}TRw?817rA^D`p3IeiBAKR<qWrw>v$h5aePRb54gv<9p4pH<}%zQhO=?`{hXgc
zZ=eE}R_rG<ON`vhY}MJ$g0Fd8#}=0AbbF22Ew*S@n=CHiu7)4n?Y(c@7E9JVSwxW$
zMfbnc&HigoII@fsgX6dtZkJQs%Z2eY2VurrFqhaL*53)ocw_G^rRueLcs4ZQFanTe
zJt2GZbMk{r(Fy-fI$TS1jQyk|6Hmk=^Td6lmU{n|aQ_;`40yYFayB*yLo7Lbnmr3X
zCwk9!!-fGzT#m_-+p|ydh#<24QK-%6s}^>;k@uqF;#$xvC3@g0Pp64@s)5OJF{~Dy
z(%=9Qc`?Mr<9KpH5BUz$$8k`R<R3$<+JSfb^_aAY*YZFq=4gR%qeb4mSedoHcW<Tp
zpZ@c|0%+uReChTDN0d%{-h+psx~$id&X3}_@JBDvNe?im>XaYU&fodWB^K*$3Eml|
z2)*W6dMPSSb4C40G@ak(iIV$FI7J*Lw!tbJunwB+@Zmv!0{hs!ik#pWl3It|0KYed
z9^@cSO=pZ8w>t4JJO!bx0d3_#sgLNKJb-v2$H`C7y~ReHnIoEiF~4X<y<dhe-;_K1
zgNtF{SIV&47xh(6G^m*M|3w_|y_@B_T=_nxeg;50!X|v1x%Y!`nhM`F!2*s30wcza
z?)BgV@i?t;B;Vm}1o<x$<R^*9=3l|9dYR8)#-ab$`uS8-5Y3|dXVC=Rc@#2g(eMFc
zJa#A(y5qEP-0~lP1GiuFp3fcl9U9mHUR!a}*4>6^x_5ER-)}=SiT2XH=Hbu_lf@<)
zn$y%dtrFclQ;#y250JGPYB7z%Z3cBS&Mv^uyWl5q-;SU<=>9LC5O=OeoR>JGSol=@
zasvHcO7HUrzA+beYU_~QIiPb=PB+5$*_{hJ*eIsK5{%<pqKzU=PABh642K>>4vofn
zBi-Z}#Wy+d`xV;08vMMi>xsWtI)0jGsQpAvC(EIJi)Xsy@pq(gNZ&_lLHf?c^I5%?
z^^f=_{qy71Wk@|%?~EEn(zv)**QXwKz9Xr}7>(EM1KuR!Q6yPOphZ1G4>g=xKmBV5
zYQ?2%b0tg8rE4$lpYm3}_?dHQoR{S%_tI^dpC0<7(0w7+p9|Nst=WM&hM7wC23{$x
zkhrmoxkR4kNWQg<S>&_suA#Yz2+%#)H)-R9h_7}d6X#p{T!rLxjX(?QceQ|C2Yz?O
z%(oR3`n{+Yheu++>%{$t?{ux#Lv$NEg8hnY?JSS1%7+{eMU)kq@+HS1I!Cca>3)I#
z)UU|2I}bQkLdWMJPwS+F{20a;O0C;J1%3U_Bw;@NTPp3$1vYvo+>7(C1YzkOQSaj7
z9G?T2f53QtOE^dVh4XtUKP-&$AMWCE_Ql%y)T68YY4+pHv$)N6hTF#ZCn=xw8MnU=
zGiV3y4FriyjLo%tgNUNUs@W17i;^6@Pf>QO)qwR>)$T^&CL8s&QT>K@*psLxHkyAE
zpzF?53Y|XD&P*>a!d<G-@KWQ<DfdbuD3Sge5-p4wcdg7h8gAAg{0bWMB?V{T&=34B
z51&&~ylv!vv6T<vNM#G8+Xyb#XwfM=(YZ2N?3DIs?5`uyn(ocCz$)F2JtM3E?WDjH
z-G8NXM2gB}pbf=srt|6SGPJ<GL$r!(AHz6O)OM8Ap=6`HL*(0sdh{DiO#*k53O&Lu
z+_ayZ2|S}QZ$KB+wcBse+G!tdLhZ(yV$Jc|XrJ98UyC~%Vd`fAtsk#NO11T9DEt0j
zyiVgZ;v9|B7d-w+gDC$2P9W8Lscz_eu6v2$&U5~G$|tf<|G|@hdzN;}@+R1G+*QK-
zVE=>UIO;mcQ9?ZGIpsNwo*~W-zFsoZx=B7sGsejWt;mBuhc30^USo>*ir`{*<F=}C
ziAnL^>lH)e=}E*VVSnqD_uyCU8kCpJ35bb3*ODdCofhwAuNY>YK&uaYb3<G*M&hIB
zSAcaj@%y(8=7g3hp03+3yHP`{w1a(|35Z~0rwXZ<&|5n+Vgft^?5z=9dV^w6%HION
zI`?OaH4LR&i}ZUDt&TwKN%?~VzZU_q^!&XD?N{e^DXoY-wI0Gqdb-D+^k1DDaW6|X
z7(IG}a-Vnh&0GA*%kvih<^M8oR_5rJ0p7fQ@P=;3&t$l5tR+F5e}eJ}pHlvB^!|4o
zJ;#sbx}Q>hILBr`zlY)Y)b(%l{<op~SkZW+YyzzZBzx>_t@xQZ(j%POnQ-4h^4|qM
zUu1H?d$-bgWDrj8LR)SU)^0bRXkUQa3qI3ix?@DYvlxtDwF=yH3fyrz7q~x_Drc*z
zIU2vmV^wyvOy>Jj5?1tKk2EOHv}AVOr^2ls=#u~5PnZ5n`2B{?Gq~;Gfla`jFmSzt
zwg1P^bPLW{JPr@;ku@mWeO{_ZX_n7=5Y_{yL^I9f><;ahkVs~oH$d_m`3$UpwG|SK
z<MZF+pOOTVVhHN^5tb(V(eMAc4+;mgdwFps4E+a!PW*=RzvGsJDgXX%$b6sw+~)kF
z=2~#xi0@Xq%ZnHhX2;>1I>I}`?H+trD#uY*i0^WIv&}rl7gRYN(#wJ6978Kn$ReM$
zBTD=A1dcnoF$;&|_72|K3dzG6We^}O@~cQwP`-?Bvd?8&Mh&BSJ$cOF?2ioXQrqPW
zZWYR{4yY%n2gCl!z4-ygI=FqPh{EY@1H9=5NDFUSPz)XXw%Oes6^Le*;Z!iBV`BqF
zyT;&~fKzA@ca1)W4#5WNv1R4s@BCHCLzv%(XnyzgtCGVw%5Xdezj;#z8rs=>q<JVf
zq+bLw6Mq_KeR1@^%nL_NK6}&8$7ioMk3_7gLC`PdK{nq52W(M3`$>R<dqCMkk*D7D
zyZ3x0NBFf-K;Hk`o(bB?ue=s}#W)%PH?5X2oHJlw@C5Wjx3WpRUVY{W(7l%Roo`os
zmXF9}q&Y*Lfjh<VxO0TN!c?1d+-J37HsXFA{iWDw3iw0>mUQg1@%VL^GQ@c)s-VBI
z;SId8VbAi?TQn5^7D;czOQH9A$Wt-q<~ZnmGJ|ZVogRJ}mVbXI_>Z|3+)hpg*Ga79
zppD%lP7Cp7og13oV7ALHQyg+O*)`+|r0@fWynz%k@gY-?A}%y!B~sk29NdZ2fb@@8
z%RWbYi)cXWB}mbF@Q;zA_2BtP(Ry$aQnVg)94T54dIl+?@PpPP1(rd%;N=UA3t$NX
zZeST?Kng68e?|%{kq;q7>&TVdGxVM1g5KCIBo|m}^ww_aD6>a(ls834u-+!}RCq>w
zdKV<yPW`1b39PP%Xl^PW^W3C3!Ejw4Fhv8i^5A#Q$~Mf(woA>*;d5yWKcy(a7|!K_
z@|WKueYV%1h6m`=Y0N*rKl;OtP_I9E-B16M-+}(WzDN3O6+hV=pikrf)%QrB?_Yfq
z82?Xb{1vuC-;4eYyPD-682?Xb{Lg%k^ka$svB3Br!}xa?zCZaVaqQ?=VEm6^{5#;8
zK?>iC{F9#N{s+eY7{<Q?zXbKY(dQdG#{%Pj4CCJs@;%Zop#J*;<L{&K5B(nL$1(lD
z`1@%5@taxQ<qz91Tw4RM%F>RDY`^5zd;zlk1<31n<KQvU-Kx=ax@ymZhc`;I{Wjil
zVeO&Q{%P82f8sHwP4|n~_WSbX0(e1)1^8?y-=mYslaC7Q2n%c-5#Wl}U%O2p!r%&e
zMYhvA791zru~NH&KE?`3@6r8_);iyyCh{D}JFsCt`FHGEyS#%;o8}#4boUNKL@q+F
zIao*i-a&yB;LQ>);Jdhj|0G+C#M@)Cg`%0kX|lyYJbnuv8}PgwsSTdE1*s&vjGtn?
z{vY%H@e4h8|L@E2j$i5RgLi9ycX$pYSK~VH0uRJERr4W?!ARkO1iy|H9!T)kE0OcZ
z%X;wo#Fg-hb8Hi7C2IlXNRkfoYLX1yrb#mN98!2dp)--97h$82!V?Nzg%rIA-HQ~x
z2sw}5{EsDm^qU^NxZ?_YfxTC+UW@=&qz`u@g+7E_jTF5IiA73d@jg=Y!uT{&^uo9n
zDSBbdzM@_{1nTq~>}=n0PjQd^pz`kjy`ML<kmmZ)CD`>H^3V69*MSS~_qWy#jbt7u
z7RdJIsCIsaeZ}{)*2TX?^p6Dkf8<S2#-2<6mGcPwe=dX~7Khte7jE_Mx@i|~w<*V|
z^=bOuFxQ33Ee#!{(W~3AKZ@sb_9IX8KB!Q)fp}Nb9@}jnln0xIoe%AU;`g%dlC`9L
zPzLrvwAblw=~B+#og0mPP%Nx0?UCsHZQ^Q~j(r8~^txeRs$<7O5H|tXSFkN+?C##!
z>3p&*H`*<7;<~Uyr&a7MH2eJ>yvK#~#C{R)gnf2z-Whv8c#l2Q6MLV$NB8DESHdcC
z>iix(-K(cBu|&U%>U4|;Bo=!B`_e9n*>$R2`_dTnX?ku9NzAIfSA_BCH};?Q1N)qd
zu*1gYTG6k@^Sk;@sr)jO@Fu3={oa(A%Bl0!{iZVPGF1AM)@8L<AB&h{{lGr>5`7q;
z_r=g(ZH|rXsc#o)GsPmOU#T|7ynC6x5ca{B(B?t97KikA?!-LS4{GR3AM^gZ<_Os=
z%#oN?{lI>SzMOkX>&v<SysQ@Zsg1b|HL@}n_k}EIKWtd^XZ;v;^rff$)%%d4>DafQ
z^>@BR%a`d3&6kM2HTqkxPHiVs>qp;W=Jlg*7i%<0?z^<WKRcr?(-(Tz`x3MB+|62F
z&aLXV<o?nRYFBKRqqp`0`z8AF?RkA%PW8JlOZq|W%KLIToBSQ)^6dk9U+(U2U!p#^
zd|wPV^w#M9YH-xOm)BrJcJJBQZ{BVF;N8$C@BNq`QNu5fUA%Us*iHSJ4^Le&_SgEs
zd&3oDzqKFO3$GaavVLG6(;K^{_h(+z(z8MO^Amddl%D>lp31$-AG+*n2766wr)hFe
zjlRgMwX>HIODnTY@Gpt=$KThn582lb?1OWAVb}Z8sHekeA7i?Pb~t~_kx!j{lFu%_
zOXG>U6~DzoH_p0zXNy(aZP0E)JJZqoX6?~8#=c44ZQP2z%+PLonGM*>fHK8|Ovid+
zxAn%pkk=bXEoZ1hdnXl=%eB#d;AD=T&geI_pZ9~>^xR(5`i*@}Kd=w(ja}=*iMRFi
zPyHPiQ&LZAeU3|6ZtRtf%aD(I>YP3<T{~DBm)X7h(qBmp+0_s1(Y>+j60+)Ps-8;y
zrt0hm)w14H`;9%lAJ{9d6#L*a{lK2z8@nc<j{E!Dhrx8`ziX~%^f~I6(BO_GI<*3S
z%2fMdVFuIhW_MBT+rqqdrJ6i=N>A*4T9`L_ORm2X8}xNQu*+AB{a`<^yRI1f5Bq`r
zy588e(N(VLw}j}I&%2FopYp$iPAM@uwO~CB)6%b0Jw3@QbU)S^oZ(-diz}Y{gKp{v
z_A9oQk)QNqR$jtde)S)^q@L8%dfZzK{ND255Zv1;!tdtoY&wR!TOPWbh5y!&A|^aS
zzww28Tl~Hq-Q6;EySp`8yZMPzsB6vRu#y|-ZU}i6|Gbf6r(yx#dov^IEGf_6w_2X+
zz-hB~7c=Ndf_gWIe35W|59yurln>=I;@7?)ibS~&st45H6J!vdCcbl&G4LI(cRpYY
z9B+Q@50~W31kM`OUlQz~)x^bXFZRVH-^UKzj~zUkenqeuZ`(Lb@MX-x{P2E(H?Z+m
z64^C)NPJ_A@0fk5{r=5+MP6aTTMu}LK!oEwZKMb_KTBsR_@9a4ICa1c8s?##d03Zg
z#R)_LP9+KziXPMbtc5vNljiA+6))pPDE*cd{mvEM>&LIn;_YTUTam}Ffgi;GO9oD}
z2*Go_UYCvXaPXP(h)qP|8`~5lW&zHu^GqkPQ?;9BU;dcJ%kXIQE4T^t1m4NKzsE26
zH5xXN2N*N~adNs(hI=~5;nW)c`z#W<_e2WUk3s%*E)7TD3^kwP8E?g*&aiHlqej{3
zz#Ud-18&pdZCpWj)XaYZ3~m{Lm)abY@)_vwa=4WvTf>p3ch7LQ9rw#|PK`ToHk_Q{
zH`4K}y(xPKzbQ-qJJX6Xk}`h1fv`|(c%`2dxxJ$K5sZQNAg)qEpU>jAdK1+%30t58
z$9v#)sqYqnF5UM-tUfU}W5MU3Pwzy`(s7TZGa}rmjt187=Ar8T9PmZh(FV6HAsKpa
z`8fK<XSW^U{64pt-{;=LXD>KuEjps?#QUf8&Z-S6=%)YHj5DFrbdRnh40mdaP^#bd
z!o0H4nE?Lx+G(8dp6<HYWAmTxen>hL+2R0J(xbPRLAnQpk@JgvRtVV0=L6&L_7vaj
zD#8uRTswS0dyRIoivQFN-f=eKK#k9&%V`dN+u%6|-kxp27jn3!2)2Rr2KlLGervdW
zt)^!hjL#OJH68D?+iak0rr#^TsZ;JkhsarI+rwuc(^T|T*~#`n!ky(tk&H1<Fh7%P
zg0`RPRH;YeC)9(t_<mz3|IW`_UsAbo8kHZQ_kVVC&+Ytt=#d7k&xhXh**e^Gp3V1D
z`8_1<PV`%UBKQ!#6Zh6@j4O)Uz66@5>3QJ&{QMlAQ~3Eye%_I5auZ)a;<Dd!+2eR#
z$ImSF1Ngr-ouy%6xz+U*rBYS3OIlrCRVo!rb@k=0;#Cz+X;n1}OP%Y>OPo?_Rdtn9
zs;hC9l&>y#mX3=M^UCX7X{F`0&JvfiR4R1LV;pt$H8s_>RI<tGvP6goizITo;bA(}
z^;M-2ump=1T<2IKp%;?=5n{g6wV}FpZ4cU|P8So25c8|0^~DwC8abUae=UA($K`TX
z*0{>6)<~{u4a4f%>Po4;%DEAY6H|H{*QOe$5Oa&mD^Ld5it6H0X~ANN!OMzk0a#wQ
z7JXb`&vV!pT{nBhP5S3X@I6DaZd~2#6Ctb_nOT#kOr4fJy?9kgsdIIA{IyQtFI>Dp
zT3=mJU+DxJbtSdsHLmK~i=gr=q$Sn0<^B$o6uXKms@HV&oCifOl~$7^A?2=~Fs1U!
z;x!m7bh)}#vQpcgW9qDO)o#)nOVw4xSlaZdQ>{{^v$VVz=z8NL&TDFc6|K6lp2ve<
zjY3zg6ZBlQ^(C(QTBo$Wyt<;;RbE}yCnim2&<y`T+fO-A2K+UyGO41xvfL#(H<mb^
zrB2cnVu8D^_pSUEka5<sGDh@STN2RgRoy{*_pJ-51;0I&XSHUC+~O)yQx;_zM$U;*
zf(&mV9fxGgOQiBDNw3Jkz-n2Em5PB_o$8!xDj{fTHEWp=H`G=`F*VUciR+z&GruT5
zS1S|TQUfNHWa>GNMT@0k7xZm;uMc?b#$}xg1D>%;lMqn{%NNyW_Ne9_mDf~gh2XSa
zDuu3TT9Gc%oTZ5bMJ}$dz)+CNqzggFYl>?tX&%-)r8QvF<*b!lWyMvH&BpS|`bw#)
zzH$}Hs#j~cscE^hPAaabsNUc#?a4XOk*+JQk(Q9j3DmJE>RBh{6AJ+dO+NnCi+MT;
zmKWFfrM?Q|Q&Lu61&dNqU9wiHgW?F$RhplBZJtzIT3V~MEvc?Tx9eGXwIR?El~k8H
zbwoYzFRfZzRlT7~(&n>1ysQbi*DV(F^5zLr(>lxrNnF2R-s1d4vsd)&gT|MY#(Yg}
zu|9_7RjaEZ?fR;U;#E#EQoxkX_K(%1u6zyYAPJ}tkh*Shl}-&mM_^x^CzaP}mK}Bg
z+S{XydQN%`4MnZ144}oeC1rv%x=U6>Mk5JpLcPGKy2_kVMjcI%lIq&hbj+H0n4#VE
z4YV@#YEoYfT?SF>i44fQfu{F^b`Nmit4iY$>}J>d;<#t4?wnq)8RU5+<}Ow<MPZe;
z&}j1=oz^WkkB8QwK4I#h_}twd^6-x_<VVBOM_r~^T1WGZdsA0Z=EN$I+HDxd(`Vd7
ztd&?%^$ws{+PIN%)a)XRclX}ubamW|a~BsvQ3*G633zU>FPdLC|LPgQ>eu7zau!Jy
z#ha?@U4FftC>7V$)mIX8eofX!(otItg{}0@-2B>F=n+j00_|DpANPRubSx41SgJSm
zg41NMrruds2c2gPUgNB;bdv31j{R&>*Sn87c^cz2VU)lURXM?`R90M5<E)a#Lpkvw
zEvEFDKOBCG(mB9LWuLtJRtKej(mrp#_0DG<zkB=R4uEwC!`(llx*)jxE8(ypEu++?
zfAC*P=1EHyEGk^GKw9j`&n=u=m}_5BxL`gJ==FiTfe8Y_5?NIzf#bzl)2;cAZeWH6
z|APU$ul4x-eEMwcl?Dj|mv0au>HnV}sayM5sS|D+6L_|yj2|~MJ#A8;VB+YTu9_2g
zS~(-xHg@)?bj{USQ&z6m+`P7;vZ}gfU9BIo&Q-sD!^Taw_@8^F_MF_j{JB>b6zb*I
zTs!Z&`3oEi7y029FIjs14MoeAYtLOimiA0?h+xH=0WS}0Re2Tk21a~!`I`D#w&D?v
z3TJU0+3xD<I_HcC(c@W4^)GN6$}9A>5Jm|eDZHoZs?xe~Xb~=jiwOUMs4d{hLeydO
z(n?A;XckRdtFVejM0C~UV<mKg4e%7GPX~ZlA^Zz#gpdwA(d=7%`Y$FUkE*C~)n?Xb
zWzLY0!J+`?w77N+)+|Rp&C)LadVP5<46;58$o>ZWoi$Fs$<?Pw4}tWCT#XeRPFtO{
zs@zrA4ND!cT&nIO3fC{}DRsXUA|$Az<*Ym14RCPDVFcwmTKLMU>s(szwZC{P{|x1j
zs<}!3xbyI@CV${hvokfA8NjO9Xd$ZL;X11@%H+a`iEwvoA+b5|)X}k;YN`=rnNl;X
z<Al&8msVF&S3ZMEZ>lV=+5{X`X}36QtD!0Itgsr?I@iGvVeo`-(Ga+jrLyuhWkSqb
zI$zJ$I%%^bRn%A23AU~<KAP*u<p8WB-YC^pS;o`dhQld=e!yd<!DN>Fc8&b-ZpAYo
z%KDlaSk9%z`STa&YhCRNBESQ=OBZ7(uUc1MjvCD$Eu6n_Y2l(}U2=jmP+9B}3-hmA
zD&^*-VT;ClGokfQFY)iWU_$$#5YW+^YT%aE^#Q@_68rddJT6j6aZPbaxvMXJd4vM>
zJoXj%8;oxjzGMq~J+pa)siwMcBtiVAHyrHoe9g_~%`VwyeY%k33nwj**s$npr!L1;
z6>F)_xolx(=t@UErBqp72f4w2^4I0&<*>KeRimwL-9|)P)4)YH;>GK+Uto^F26p1r
z#XRP9kdKpHXwnznwANvF$Ga}9w|>at+S+1l$6z(U4GbE&c9{JErw~H$uXBD6hfJ70
z=mC$0%E&3kIxOnoG3c8ZX+t^oW+f%FF(djcEeRMT$w}@2teaF<hyA()iz=0HmU3u(
zQxz-%%3QS-Y4ugu>}h-Q!YXVhYU^uU(jx!N&0)tq4>KFKSi)y+eU;{m=AyAQLr5zY
zV}iPF1ilpo#TCd%D{^7=YpDbuJD}G?xugI*aKkdEIh<AGtPnh7=qk`Lbrt9sy9$Vg
zW+>7azmu@!aj+y%KzQpBGr`JKs`COmWb*=?*ejem=iGDNfx8%&L)&n3uNL!SgzdNX
z#5lTGp+0JqB^^D<grXtX%v4u(Z*yIBDQ%fqGAoFQw55=JT7DJtw<4#$4kWsI<}cU#
z#gEboZjxK(ELlsi8UpOp5qTkE#EmYQE_MK?dxU9BH89M6{tBzGm!Mcu+B|2~8dn)%
z4z$onX(bd2LZh?*eg7zsf?Qn6)B><fb~R>_#zmkUILfP_34!+LLrG2XY)yY^YMtwE
z!jzcJeWRU{_LN_;7EWq$U8%H~7a!t4N?l#)k}@Z!t=i;rviERlsI1H`D3Y3n1@@z~
zoVqB@tteho$NHUHS(>)Uc{93Ba^YUA*9I5GWX?7HqVY>xQ141}6k~zi6zI*0e8ALD
zG{Rp5EIsA504AcgUegsCi^`e`MBUQzsw*KG)*y!y3quv*V7tg=x(!KNQd?ZIHf?UD
zHV2_5Y1OOKayL~Fw+m{>1*)!1yRMFB+WczpOdH3vxfH!(JaZ9<OT%z$aXxBw19=E(
zg;izca7*;w6;@&-O3Le;q_6tCMfd$sY21eK<!ZV_W;Cs5Kj)U$B5cV$NSjv;hCnO7
zYP|;KfWbotS;pOI5fnbK8s(++#T61<Ed+MxGh3^1lx?b$@@mW1JEg)ruJG3&<RO)8
z!q!r=rrp|5)QF3vG4LxGNXMpG<4KjUz7)sn)&{zjh5(rp2Bpfi!kRYiMn9dNHQ8wy
zQ*P9;)nJ<@6>A2QqZk3MwUtWuli5e}W2<DqN#HAunD52`J%Zl=?<=f+Iv3SsT(TyU
zYUT!_uh2V9_aVF7+znV?`IDmxb+*7C^)x-hJ;uIM`*imYsigaJDJEnZ0$Vero)i`l
z&$Q5%=>8oE2K(0t(bWRg8Cn=j_bt<<LO7@t8=-(Oyd*5Dn>egRx;3YJ+n&@I(?yg}
zni)`q{*n;fik9S3GBEvZ=G^Ekspl9TH3ci!*B}<tt+y9(oO!Wq0`gYjM42!E*<twC
za9ZiV|NdJ7|CYeNCGc+v{BKL3TJ8K=!x@yV<JMw<yzS+ZP`$oJulKK-N&53ZJvHlT
zoSym<m~r|9OPpvMWy-ec&ja+--`<~caW#HgoHAGwc(aY?vpPKOwf_%3&+q9IX>fyH
zeBUw77){!<QPMf%N9K`pf$nNx!r;*}VgzTpApPb4PWvSR3b$yw&@b>y0R?9rM3q0T
z1NF>8^o`>?L5mhU=Fi6eU%NJc86~+3^71KNIB)JEq=-)~u`gM=n6lR|mKNnNc5tZ>
zSLf!=kW#OnzjU0Got~MVA!S-KvaQptQ>4^I2&5FiC*tz7EQAKr>&kG9jq490y__Nu
zH6k7HJZJivs`~U*_2m`tEK3DHl@-^OiS*J<Rdt&xwbWHB(rcX+#Z)NLUCxazJXe#?
z#`VRO<t1oZjZ&>_6@n}2*lE$e>{9ahpOw>`_iHc@2x4D427ikGzuWWUho{mQe096v
zZy2OcD1RzadNwDwJn$I<JMfME<foslJqPUAWIT6o)7@TJQRlZ?{`NI`dp#9yJd-W-
zcgWwK>=V(VxFCJ>djF$86@L4uL3PQCo^AO0dGoiIP=-&i#EE7f{V-J2o&Gg=_RCYZ
z&%s9s2<?w>B5p6x(!gJTdn$0?>u;~q|52(2=}*nNJhf8%?cTl!&pKVd9Q=0kXM403
z1`|?!E#VS>dnzx+*H2#;*bA>Slz2){S;ktC_SfH@($)C(YVXxyJ$lNqSUt~)zdb!r
z9M}J>({H14e70-l!K*fF&;GxXKSSv{eEsyT-75m^@vm8XmIvUe9eo3e(i3hw=`DS3
M(UQPlKRxmP0I&8R5dZ)H
literal 42608
zcmeHwdw7(^_5Zw^&4n1?O$cEL2yY-r0w!z{kN~2)*`SFaEH@3sOG2`cXl^DOZfZ>t
z6|B~fg4NpAl|o-cs|#8MZ^TMld$Empzg6n0RikBt5h9oD?{m()yV-=q@YL_`zwYyF
zX5P7+bLPyMbIzQZcXP{}d6$?>iU@roL=y5wLA2K>x5;$7e71>P5hHA3s2GCsD10Mj
zJ<8;#SE{tg;$Vv2LPX$emgOdyh~6nM$WJgOy679kXH@r2?sv+PV5-t1^&?vG`PDv|
zKGrLZko_X+TV*}>BccZAr*K1{Fj5{LjV(AnqukUh6{!+WC^eV4KUs*fXrugW6BYdy
zp|OFlzws#r5@0YD%9P5A6;mq9E|{8GUz3@|wFDy(--t`+FBLz0vGw+cmb|}U%WU8N
zTV7ci@zFIYG;j2wlz78@#UEvmXwvXZA1aTWKjn$HH+^_R@lE&rWbjSDc<nu|`HnvT
zXpB4Ja9Fdbc)|Qc(VfQl2&EW;@;Gj14ziuwC3Tl;Tn%zIBBO-LBN~lzF<RVEQClfo
zD@wCV>Ptms&6?7hI+sA%ieM8;A3tn7NqnLHkAK#qJVf8){vPEa`X2A>S*{t6-rxWX
z_@VM(MwTlcqx~MQkulomw94l_ExpRi+G_k(k=la#i+-!03|Q@r{%2Y~5hDI}`kVGr
z3ou{w!$XPwXH?Om32}ATezRCXbqTZekwWM*M2tfz7I{iztUgL8`t-mFv`A}d5@P9L
zZWmAOd;$e#JzYfIYKn;QsjaHmupekzJb-yf9~B6+#fytYoKy7(>XnpmV5~>zZjr99
z6{5upXwMg^UZJOnh@DA+ZxbhO)<k?#f|JV90|Dw|QWM6Z$6S5AP?prTTJ#%4g#K~h
zQ=)tJPq@VcK9%V3S=Bhvq+cXV`bLq2G=P5h=($2Eu&HAToa*Qzp<0~Qlt!B^WuwiR
za=TNcZ1QPpm1tsG)-2IlEkqAdLG<{n1Xt4I)2!8E3*l4#1d28)YLVvUQKel;{JgrT
zKvjh$WhXSLJ|;ICG?eROW;7vPtdB{FM!JC7&3>hAoUn?){5Q_0`8^^P{Pqw9v;T5v
zIL(PY$1lL&7r@yVd%Ry9QvDBmh0kUcqN!~O)_a`K)*2%k9g+Tr^MooK`ABW5qR+xy
zjl%dR20ml{loGx1vv}?(cL9~=@eG=H=4TJ$5uIquCYoqOZ8^xrQR&RTGK^*1;`5e9
zA(p&J`QcM&?g6vTXGI~+|7eFz{ac>hDp*=322LEfmgjjSw;!cvg077sGsv;je^UAQ
zuZfT1hm;@Ou6G3fLU3C!$O}K@k=u)fW1&?%ztBc9qZzP|p{@}eW8NoLpx-};&I|uR
zaMVBeRHDfzR5Sg(p$XjW2(*SEKYb?Tz~e#4h8(FZM`KuyqVzE&M}c2TxXgvckQvN`
zfk|r>qLF1Ui6}_afbVvusG2FdiSyTSel_K7cT!%larsqTejVp;=6o5qS<7uQqxsX~
z7bbHWl`l;Pe@uf{?mtIl?>C7Y@Nc9(3+v1QEf|NAe9TJ%N(a3aP$3z1HD2hK22N66
z5uI<<gx+!b=v%14%Eur?;oiNfXcK-RCfsZCM{#Zn*G%%M%06fjYIVt>XvJ&v$mJd@
zxktcnZlj#+k&GUlMvpA?@EbkGcH`K3I*22>i+fJkDuOVgyI?_-MxYCRB6>ZeJXp`E
z)N{~q8fm7*KeMa;M=|~t`rFV=Dy=L$t<yI_lX!$!e#g!igkm|DR%nsdBrLf*C!(DV
z?aWCjPAW;*JJlxkVtsD1iqX&@5#Zzy{h~ksY3vrozXx&{ufGdvek$+*v=(}|JB4|F
zq8Qg!)2<40bO+7bdGm|3T9(h;{Wi@5Z1QRN&l6Va`C=Go+bgz=OoCj!2Pg{lmym)`
ze9)L;i=jt`NIeqxlJ$r?@FMkrlzmF;C%~G0ScP0;fhUZ*w@Gkl?iR-tX{yjILO3<C
z*%!1*KoTC9tcfnuU|=;W490)eiRdIv;=KeC==<_GP;R^yx6j?f7ACy8;<T}Hdd
z{Z46TW^D$iw+GvfTZyN=1bbXcf$*51>vF|lpN+=UmVkWR&T9kyMCWFwh)bTcf3!$!
zo5d|eE7lS;5L);&j~Q#s#yDeyx<5_~(<ejHANTt~MT|&^?&!92vo6<9{-@KYfn>AY
z+8#r=wP(q4C{4tLS@*mV(H;XnY!rz!u9+TcG2}7I&)UfOU6jA*IpRg2ZkuS2L*Hv4
zQO7Y`UXf}S{uZC`?*iY_#XI(KegWN$^`TcNX?CmupISTu)`zr)TVc-6+U(PcNf&vG
zEy8>#)Bg_EL!%JQj+R<b@H+apfO}Sy%+yEPMDuRwPtxEc0;lXYe+%IzOAPJ*a;@+=
zZKVBovi5fppB%gWFXwrn{Xao^7}|d>`jYma4((4+hcXv(S<4RNQBUBJ=GZm=JDkhp
zG3W98gL@#(EUAJfA>I6wmcy8`ul4(d;yX<1sl|zBpI!(X_pk^Y@Hu0#BE~Uh=<c?B
zP&XJftM>dxcn7qy?EkWfZMzSX20w@O?DPOIVdQ2=@U7e?)n|3a;2BUMH_M5#v7e9x
z=~H;+K@$-q*1AFZ%wnNI<At&ouvN~bLf0#hkCD1AqC=SG170D%TY&X9H0l`-5}v`o
zWxo83^E%~cKg-;>;X81;11|%IO;3-9buJbp3;R<<3Rbq&UR<n&Ny5gi(~t<VeJph|
zT#Tolan^IbigEskaZZQ4KvJkYE?z$w9|PS~E6gnAq*;jSe8Rvzoebqt&R@n*u3;#N
z7-0*y&E&cZx!oAfv;Cia8MlKa=xXM6$y~?wWkx&a$1%JMsNLx=(XQB7?;*c(#{F39
zR;&b-B(3RP%$-6#$1J5aC(dv2p!6Rk=QH+z>v!UN9W+xs>FJsOv3vc0L5Y4S(*Ktx
z@^r}KjI`T}6~{tv(B20<&tuz^#wc(w2D%aQ+0p@;_Ok75TB^3j=&6Bk65@f=X~5C!
z3yY&2ibp)JI7N#Mbo>~#c0=~Q_IYiWiZQ_c8y?-=3C~(q=o?MDpw}kzSlq#}oO^^<
z4$oZfCK_Gbz09wdIp0M23wJP-ACQh|x^f$^g3=tSnOPY|?`80JmE<~xpHCVzgyVVU
zSEOYkW^Fz7%U#USOBhol=a)048pbq%Te`NHu-;PxuWVbYj)4{V^S0gUSfqbA5TQc<
z1YWc^sS~Kz*1=3!GS&e!7i5|&I%Z{SBx$1DH}(DEVxJYI=4~)}pnU|lF@sx>W7cmE
z!1H=KaD?fp>K@an!`lSr&K>ytfTIZ#9{9wkHARRqG{&DE>M_Q--F%$>F^%Y)qYQ02
z=fC992^!t0r+5z2g~h(GRydSKo<rbxnrClf;MmgQR<nLkMCsQ-Gjs$V!MH%X96^Dm
znF_4dC?~Xw)9OEn)kAeQTZ|avwE3S5O6xth2Dv}FD~vMM0q5*w$`Y8e2Pr@638t)~
z$m7{g(tB+g@$cFjh=14qP%naA^)yQR>TD8DwN~i6;1@Iz?;vHXd|q(gygym&fs|rT
z;De7Xni%gd^)WHT^ZR{HuSuAfIYHw_Wg)zQnHUkYExbCD7@VBoOso|}Q=7!7Y$yJ1
zF?mO#*U$9F1a=k5`B+y%-wh4T^N8NDZ7TJXy4AU`Q8-hI@wEzuYHoXiYKunI3alTY
z9}IYDoYP0}m|1FacXEC#k3WaTfAaI9QN^OiSloeM0M})0iHwW9C~3=HC+_-Ez#jI8
zN6+i#@dcj{+}N)PZtiWI|B7)ycL2xJJ}2q<w&6^l(j*dyI}ZjqRum83x&x~SEAhQ8
zwHtGhsZkVVLmp$HZD)20=b~DXoaIER6Qv0`=y$8WI}o70?D3_B<06@DUfYxIQT{Nx
zH#4n2W4hBhzlHKM!6(qYTz?GG=ngC@QvC<XyR>9&Qbo*WtB6TryPKP5*|YO0AvSr1
ziF?<fWlQgtkmV;uQd^e5P7HL;?cRxv+8suVgCQ(rTF&SET&Cq(re%0=g$glfiqA^2
zR%D0wpm}43IoUC4JY+!1<5Zs&!)_WiKG`89$BA|%CD8XgE7M<M=%eL2Dze%}W5r$N
z^Ae<lXR+e%)SrnC5bo(OVPxlU>qxZuDZDlt*)7u7(H+sz-G15yx4~}YVqH9eZyiy5
z;%}Di)N?Sc3AeJA^wr(a@1(DmdZ6DAO4~W@Pt<DA8$9kIoacSt3?D<epUUsPS7$#;
z6Z&Mx0sJUnnMkvHH_zaxz1@7A#`b>@+y7kl7YDKZpTYM3#0}73lL!iYSNJrnKhX;G
zZURi{nYazg)-yGmm=kP22W_DIjC;BLJjP!rDFb&64-Zh--rRj5^&aI4qihkwD`t4_
za{dPl5Bo{rCoPT{gf}!@G+7e#DdcgQk{HW*v@UoyQ=Lw~7usErwz@f1_Gx<-F;p50
z>BSOnu7Ixrh+{#^cEWJeF@2;4KePw`CK2SDK4&Tuc#h`j`{1c1iU->6C*Ig+K)$Tx
z%L2}Lg81z*f+)Q=<zf8=1^cJKt5|U@z}x7IlyQ{gp(8h7eY1U?`ZmFj;i%5^HJm?8
z6y;(+1$etbKl&ClswQ7!s}O7#M|~~#75q029@qvwU&*3gQ}-~01C*bBE9dt!v{x9~
ztrD8grbde<c#-+=4~}6Js$qR%><g{%S)JsweqmUiPU?Tt%6|F7QIg~hG>d^crUCXE
zBf6Ps;5bOk8m8gLOoJWk<Qn4aT^EvM@Tw&KIhuFd1pCucdRa#9nnbXY7kA6ZR2xH|
zPY^FC<a_}`M?3-iN}zn%P<^De$83^x(E7T-NtW#HM)>doa<YT@k*b#q3n+ko1BBt=
zOE##&&IfZ;NR(dxZ>ECcamK9WoMz1DFcqxrV<MRfj5iSI{0Hq8uKye6UE0Fiu)`c8
zd9QC4iXBShjR>z$Ny~o#%=-x1Nb~YW|8x4Jz^RdG@Nm9>rre<?3&lz410qIWsZ1su
z)7r_-Qjh4rLSvbzEa!Lp{1VeMm-Ek4e)_9S&mCyD19&FcZ8ild{9EYiQzX+O&yWcZ
z$pl$b{Tb=eTAtgxNKD#qK~$lm>kgK4$gmZAQ|g`Ej-7QNF=4nx&+j@YC48H3n)Quc
z&r|(~7YTaTpRwj3zf46rFmIr`QNyInc0B{gyeG+7O6Ad|Oh4<m=&PCj8@MO=h>sOv
zPMD)+eI~eqCw)15HOb>d@kHAwUgNCgedEJ)#KzO`n6S%&PIx}PH7+!VqZns8;hA=r
z^WzyOyt6>y_*aI`aI(&sKsp23yc1(Vv>@^YNXc$+&jG4-AYL*8`B;n(5e4Y#iI(k%
zHjT9m19i|?G>gz0@mNvChzmzRb4*ZS4}s;MfI}<iW0JEvcwCs5_estI?-4E8f2NYC
zw<tgLBhJ4{dGaUF`vLIfPc*O8d&O4nO@8&pz*F3NH}}}bz1gNk?d9Ho<lZ--_jaEL
zl8zl|*N<qYgBSzi8n9GOK;4VT3dMo0YrfdOqdC*RvpLrPn`YtHWyD31oV%)}6(<!}
zFs54x`ZS))sGEIS>jFp=O9}RZHh65aksd`FgVLdZx-&6h=O|&#BMDCzJ7_;?_xN`)
zES~?%#*k+6A%FuKXNV|*f9E)#9Z8cT-zoC!9vOL^9ykulII1y?cXd&-nJ>h>T<Vp5
z7emd4Bt#O$n@<zZHlOHioj?aiVmE(9?JY^fO{uA~BN#$FL7U38QF8r{C2k&jLw|v}
zwTbjh_UlEeDwe6OwZYz5?Egm|<=$Tqq)7JvFThGh@29pYt?p3UzjOWj+?FLX@=eN5
zLqD|jY!j^wkhcv;S0lX+eb<Egdb#fl-1kGy^ZZZy8~5GdYi+$*TA`%BjXV_UwT)Z;
zntQ=kfVy8YM%WWzTt)fK9?stez8>P|yZQNMJZIyZK~E>|ga@Qyr93V@pcXH9G5?K-
z)><!lu<ZX%EoJyseE!i9sA<l|>~{nd#+?I6e1~#b^SBk;|EchoK+zH^pH|LT$DqgU
z+%A{vF5%uwIB(;2$b<4&w5x8;A`D%vknacm1@P7ZXKFp9yol)A)XBXjU<{L`G<16b
zkOqb1WYeeAX2j5LX|SH+Ua<_z$$2y5wGiHK{!UVm^(wUdRjlRN)?0Z6oBiCUfcluf
z;CvVNdD7SFt&npwysLX|tnB}p+5ek5n|rbUH`T|z?%yW7D<B1|M>iehGV(E-3GybM
zzi%F)Xuzh8DBUhc*llSsLKBa$fgmUSDr|(X*PxL7%c)a2|5K(`XB=142&c|0YK5G)
zVs?#HVy)$tKjfB~oL|d%tUvH24{c#1<chNXfa}Y-o-Mt31?N|D+w&=3aBjB-u($d>
zRJLh6=>ne}Swjo7hHC-lL=Nxj%rm8AVjR<`r*$)9oPyGHd}k7#6IRHq1v2{}#aE*{
zxZPlGH;VE(4{&}s<)^Zb(D5Op>N3`sQl44?`Ip3xoa5x>A3D$f5F(!7-tc6L2^KxD
zRHJx}SctK_<ZD86Go5b1CQ#hZ+UCVsVeJ0faXN^TL!XE0_cw}1P?xuV5Nz-u>^8??
z&lih0BmUxfZrfC$;4CeltO;U%Q&ARyJ)kvDs0#9v6UG6v8|Odi;(!sSOF*1XMFjK(
zz}<s3dy!6V)*zq2ij%WbX!{VgZSe?kM-|Z@@pH79)W@n|9eKxc9^=MtnVAB6jb67f
z-*{C-tm8cEiVg?!Xwe%H9>J^PI;y)Pw-5L%lXtK+9lj(CzMbJOV3=8)FXa5yG?N{}
z82%Jm)praIVUeeAG&>WP(P%fq5~mAjbHrWlq`#++LjuUYKS(k6=nh^JRC{Bn9ZTeC
z-x=+A|9)x}o$o;=a1sY-t;lUN;)eJ5ZO}KE&?(#WlU=OKqvOESy$8mo6l2x0-i?kn
z&Ix}-v6b7Q!2^M>pMUE{{|^5S3(b<jA!}$41-f_!ZvQ#)An~Pc4rQV@&W>6CXTQ#Q
z*8kb8|G(Z)gqRI+Y09nS3E#ecnTI)2K`o<R0v#ssX9m(3P&bZBhwaldIa<Rz-W==&
z0skjlb1_lc)yOjds|%_ZfkRE;<UQ@h#7U~jX6^R%9BviOtuF4>3J?<>#u(h<Wvc&%
zJ=g>fjS3Rn5%>d_vR==I&Hx^c>PB79d~*j@`m{a3N;C;NPrZimUdxoufc1%M3hA8e
zYq*r-|Jkwy$A7bVH)<M3T)FMYfhmoN;KPp**@Hxoe!LAH7dSnno6{L58PXue#Vf%S
z!Fgz&K;Y;r%P2Z#Xu1sUt+4&e<~XOqk%nxRpQBG>KeB_dJY(PO7qnZ!tX~FgG4_q<
zR)Kj(6qwJqegMx`gZ7>!RP2?^*y*<?EJZE*T#+|24=-Kn?T#K~>>?@^_6MgN;XFsZ
zve;4_U60-Vv--2x?N8<%?KnsWQGW>blI>!`x!@;z#2t;u2^wL>4;ju~l+SvD^S5&z
z(ulrJ$u+cgk@lc^bF*bHo`1)^nd?dw_jrqYvwx9wBlpfiJKSr)scsUr*qMIl93eCj
z-Ol><Lw`B@r^SGLh}(0VcTNJ%p@C*wz>3o=5!Y<8(khD}+kv$bNw+je>UWy<j}RXa
z-0VLeItK+<3pn-qtFu+aIBBMdR~mXLx5lFf+GRc0_F;PrY7l*I_q8#8TF+U}Gi*9Z
zwBczlutfQ+xSL>h;M5)(IqUg_n782B&&0sjJ8>6)C=PghfQxv53NWPS>C`$JbYZoj
zb_=!Z#u?a5<My@ExEb$eNXKXz%cH+2vb72u$aZRK97@ejtE%ETcCRMvILp;GX<{_@
zWa|BQ;at=SS}SogL_)aH2Cm`Bj5HQ0&TE|lP~woc5i~$b37!fQ2mIF=dM#x4vI=4G
zipj=--&<kl;$Y{l<JiJRQKK&d{~tzF^mkU+YT_92^wEpa)~p{8u^72MZ;v(vJ2?gW
zGdjK6qeqJg*dGi@9)+D~lubokMrbCRSBq&*)?$%ArwFGXpe!Lo8TjTu7ckSIS1^mP
z<e#w~e^{6R@gcUTDWGdO+Ke)2A?)tJOL~DAoM+dDpeES?Dj|LQ2|J#*NeWPMfbQh<
zg1ry1c(kMOJn|OW{FXR_NUGQ-G+M8*6w7cVA|KE9DCizhHl#!$J_c48d<>l<TYn4g
zXlNtPk_jrE=w~<6>Ng^1z^4&EFn+T!elJ1^qxEM3tYeQnfR&H9Hg==LY0R~i*XScZ
zg})TzvjgZEyC!2)e71~p<<PuZD`;Lp0ok8lL$U?V`3_>%9v<4MTj1R^fx_iBwF$G+
zWHM%CWKilzl8-DwPn_>Um(gAs9C4&H4b4mO27R>?&=WB@ROLB?1br*#4PMbWik;G@
zJARrq2=rK6JVHF7*;PMoyHMO6+EMigNX}z8sr{q<S?nM0hhK#_10t$ZXl~$_(W<%t
zeOlrB$bN$$MWIM3=EMg6*eG7O_b9dQnrpy?9=19Ck6{)6i0^Ho?mwTup@`dC(=Z;o
zT{Iaz<*Ife((zbuzl-w)iXQzI9Bam&cNFZH59uv{bT{sCQB?3fT5tM#+|VE@uWuVc
z_W%$bzzu-BEI(VkuJ?$V|9B0IIPIeKgqQ+iQ@F3<6%)1|_dmtCDHsK2!v6;z33{FW
zoH(zq!?zskIt6NmcCx&yvm*Y3Q9f$7qJ5!=#5g9B<{P$(%RQKZ^DrwmtRy3nO|=ml
zeO9o@EYD`zhKXo+o`XapR@gAmJ(T^>6ppc`?v3*ABm9`95Uuydgwu*!4g#9IBe0ZC
zhXPB&#}CbjTMmeU73QUY!u8M#99aR)i_qgDT4jjMhamUlLWl$9xHYE%_RYj)KuD+Y
z;yh|1X!M9dKGjM(DLK%J*%}S)FqGHX#K1QsCp6-OpF*EmFo#oVj;53|cj93gIW{w8
zEk6TJD`|6q@tE7dCfr6c3n#pJJL5BBl!f9P`0u#A#!#Q6ey7>~Pl4Zs{J#Nn54c`u
zSph!aj0&Sn>z04=90BvdTQ_=lcqxu|NFNC=9W?FvRYBH=?gIOVtGC%8(HjLvK&C8U
zsLvrjKxKTpOdkbpq~KYR+K8U*ueNfO+<v{j*$=(Nt*c3rC|(9UL^<i?JV!#SV(2kM
z$~n^YAj%VVjtF!@2HF$yq2)d7yKEH06Q=Uq7n8IA|4)1i!J#HcB;Bj@$kl&A;5g(z
zHg77PV{kLi<T2?LtgTl7FMI}Y<*IFv5%i~Z#$H7HU%{gUyLFESc>|Y7^3YpJ7-xU8
zRXCM<XovePwE8cIH<@oUlo>oOci>(wLu3VzX|*8Q<YiyybgR#{2i_y;owk}iPGbk4
z*vENz4;SBr+4zH=g*_7PoLN%IPxJnB=Xr<@<yjIo+k|PeDxyavCMO_`0F-!^ERyY6
zbVAt&bodvj%>xH0t%IK9eF8LG5k{~9-|f(6d?K5<T7O5dR)dxsOVpog<&oUTH%d2R
zo%~Y_f{ae%y5FPk49r>tQbc5M^YLabXa6q;F%|S@|1YzU^Skx;K*J-Lr>6sNGF(I$
z(B@a@pGLXUc4z|H9p58uDz!<wh1;-g$z<Q~)a_^BwR0Oj+0Riq?@suDEG}a?mrJh4
z=$|DyCm+h2OJ0pPD-ZrHdvmGLU1Y;DQ@K1H=RS}kA3PM%7`%tY^%kxlDeIS@o@P?E
z=(cB>n^_-%!_so(S^XZIjqiYd-wxWFVWU=Je$CCA{~>VNQ{ZXJB75S4FU^)Okw?zD
z{?t&)XJ9u6PO<-gK9A?i*Kj+Pw7^Ul?ZNQu=Hj;9`SLUqnj3wgV`murG@=bOdW;|N
zF5ZXnVu%+%iIL=pCK`dy?_UeQ4@1t(f^>+tuJwET9_SShZtP97(v3Y8C$6Jehjwlg
z{)b^<=$73sx}}M38}>(t__h>|FMumPfBRa<cbA?9Y3{&%q>x{k843Q7)GWeXvNVx|
zn@PDM(FZS3m~Tyu#5pQ*sfg(Urt~SH(Qw1r;PWFKH(sca$7}I<HAsxlgFz+vRGjc{
z(Fef`xC44438&X8MJ@`27G+bs@PaX|xGAQYaTo4c=*YpoSzrQgMp22Z1qV^?bf__w
zIpO6yFYOA*I-5g{D^fMwhahN}f4jVqWlOZ;+=XGsGi<^ZQ(#qx&=~@}-XYXWp0Xfa
zh_wKZ9UK7t1*&GE8hBi$HX0xJCg+3J>E1{`{CL<AGkB^|9nE9+{ve|y)Job1ZVR5p
zv3*zs51%N7l>pCEQJz4&1g(I@v!JTr+cH&)fmDuiQfk4O6^)TO#&;j!K{z#)cZQg4
zIr4EB6(G@Ue%DOiDscJ-?IhPqx1W_kewG{^Sz$BZ88CyJlJ2P#Te+x|d<xK>LS7N5
zrAXBleDm5i(l~sLUQNU-tA(eRFD4Qu-2QZnY}(6uV3EZL=AMnX*A1ECUkoFkVC+v3
z8==+469$H~Bk%!eok-pQxD`dGxt<siLu)XwDj8=~@Qzs9lD48zVN7phUOG^!$Tb&U
zO0$LeV*k7C*95OfwZ-_XP(<b;r!5XzR|Pds+CQ)faHJU03~bmfkZl}_n&;UkHk0RD
z<ixJ00J8s{P?N~(odirv@ns#@<=&!rheGrHn`yngNb|5}?MjRv2f8q8cWPp+al4Z=
zSC4xG=NA&kXYVE&oSOH1(h#$s)zcMtd#bdhh}@C>n0+5SpN~nC&VEE+25Ks#XL`Dk
zqXMySDBi4A-UZLT6>~5+IQx<YaI2NLC3O$&=ble#jm0T@YTzqaONBjC!#{0H01<=P
z?`aI_mpIJ8yWMg$`5RE2%PS<c+3bI;NYl>e@oytPRQZ^-u$gFZYVrAy;xtg71Ky>O
zcgOq23hZIX0%<sVgrvZ#LMy_HMubZFH&Uz&<#nXEgQZL&4osdv?Y~edej?W<%>&?$
zv)fXv;0MDy)k*wN?!n0ypwfxHy~+Os&1|06|1@mE6S6P*C4inn&=MKy`!4q_1ocmd
zF-z2ke&NJ-|5y=^Q`+u+@xgvXyf<6tZM45)npBY-b2IdEVsX7QjnM*FEJpP+MT
zrl{8cINn{^2U)wLK=tpjss2C8m1xQGK~9Bv=LPHo??WUxS%r_Gs-&I$2gMfb+es_r
zf@^=otz*`m_8hjU7Li(n`?Up{|Bu6#U==|RL!;w;3i~)K-PB5jex5^jjbXb04O`7r
znjxEJ1wU1+E84TzteT1I%;1?~vuRYP3B(YfFL^%I7~rS#I<n(zHHgziHtl@qF3|40
zjAwfoxKse{O79?pxCHCd)QZak;FXQep(T%&dBLL{qKtP;X(}l2|B>#xA>AYIo7uen
zgZMrknz?Miz7(*{!I?XG8t^v;_(owWqK7!8Kc8e~(q)`KkMe0VDgT)tl6)z~W@3$N
zvqI}yNv5LUrL&JTzAH!{_vJXzB*YH^lTYK*k{Hh4<XFPSkWaB6mbw`t%WlKY5?(=w
z!bgch!G6a0R|vv!-e*kWI|awzAPOgb&X6C(n$3mo<n!q04yqZ?yNct#r+hlc_KrWt
zJzBZP?Vw%fb{>Yz`-JotIKPYAJ;&|p(2j2gjlYZQe$Mdj;QUr@w~O0dgLWkhk9R@G
zZ|8P6*#p&$+-@tkyA18(BnKcH5tu;}WP@T%#8LRjT^R;P$QQ;MbXqmxv}shEg4!{L
zp8hTQ7cCHt^jBLvLb*8#_Kmc~GtB~4=2`T`tr1991a6AQllQgLqKG1)nJwBT*rFwL
z{sJ!u5_ZYX;Udtc@osyZu)xy%NF?xE2dVG@^DzT)<S9B*tRgSPGmQ30c#q^ni&ZE$
zZ9`2Zu#RsQS}1<d9I(dXdk%V2BsRhDBq@S)9zi0h&C7BIb@hoh8Vme|os)%){i#N*
z#5DMepaYWkB-^E1{JF+>OGx9VZ^a(a4^HjFx}+OHserzn`JX}cvwn)Z@^5SOW|?wR
z9(h~10e24hfc}@!LqNBuwk?JS6bJ1()Nz~t?Yu@c2CLkGH>lo*CVX3@=Gj#2WpT%?
z2|K+PF_LS^mZZ;t-Z_lk3#qry*{X_0;L?E$wX+sspE3k+5XHg%Ak`7+*Ykue+OZ6&
z(-xzTC2cJ_NT;KPU!)$m2fHqtP;NYex!B+nHoUpUct)VUQ=~2t*m0-fW{HN_KAoPw
z%91tAr?m^n%QC=mA|6X~g}aT|>u_`pw`*+ejaU)4v=@N49R%^bYH;({)O*}{B#XzU
zq7TKPlHlLdetHu5_mCa-A&yPZN5UUQbPC=B-N|qVcwL=ml`tu4_o<Jdr34t-;1IO?
zMGHei<caR-Q0+JHzX)1WZ)k(4_R|9n@R_KSob)vj7qFAPC2<gR2J~@TEpgki*{}O*
zTLs>D_?cg)UBJvc^BSE|vR7V{GtyUU8-iJ`r9O^3{Q4o`jKg1^AJkc}8h%EQ&}*>K
z3NQ&8dJi|+*=!?46Ivv;ZRI((F|>TNu{qCmq$AawqcK8~1k6y_?6?Ct#E~=`#*#%m
zPl5gj3=YQa$Y(*n*YTwj=}YjPhVORFpbhq1d$kCEi`(Z3)|Xx6Z)M;+7nZ|Bd^(xK
zHepat4+SkINpFSbq^pY8OXz<7#CL$z@>ZmOuYa#4sX4*FH_z&SA`iEqaf6yHt$F9z
zKmhjichK%Ru-Yw1>5kPwq?JfpkwzeW9jOWF$B4IKbvTRthmrGOH5Frbm5NoTtbYmX
zYajAhb?fiI9bv3BP?v}O8K1eOU1)du_d>r%(P#o|eRLPK3Fr0aKyp>Gvltn8fc1}^
z6k=_#u;in%&x-Xzb@VK2y8S}vf>!7PFRZzmQVtsT9hj1m3yb(1u-}R=ar}3X^uKZ|
zGtL_C1I7bIXfZ5-wMZi1#v=z!f-zv_+OfWPOv_LTZGlpZ8u{l$qFwcqf1<1(j#7*f
zrO*iQO>V>;wdeSD_Xf)&!}ox@5tfHWJp<Ug@qHE}kEK0t<j>w3<Ui&=M)%3^j*<XZ
zjxl`rbhN6GZ^208gyjZkxaKs}Ho-4W^|iKZ^q09#@jkOtYfr;?JAro}pe4g!se?S`
zpqzF=l}Ig^+tYGR@g`FmTk!~#pYK%LNBe4d?jW=0wbPt*J%%?Qc}|*WPNJ};>8?6k
z^z(3L2k&z>qD*%tJZpc8r6&<Bo`r6>4Lb8Mq}NMP5y<>q;P@lZD|CKvJ4MhidmggT
z@*I>nKOFJ%fDL2CIEvKx`!J5@(0Y1L`91GuvTy6WK2J&!czp6S=@vRIZUkM^inNqX
zPP`vhpzhgdQ$3<U+jBeKvoq=O*w4Eo{`CC#J@fU{i1%>zZQkQVZU;lF0kxPn&gUQx
znYDY`ZFX=OPmlpT3FI*EdWS-B7-ij3P)dC?<VWIMT3J(uxwF|ZW0-$HfPaaeXhpr!
zMW;SP$+wR~1U?6PaHR128c9Owo&)XS7#GV8`jKR@)DhgZU)X9r@F<Bd`0Ej=Z=KVw
zwyT&!L1RRk1MOdoHK?{1p!dsY2TFjIy-g3iQd5l6+Ma}G1v5Pl7Pk`5Md*o@+<sNF
zr(JC}wI}!*+nwk&(u6m*Ne=Wh^wZkQ*(<TOSCTF}&%)!PJ@{OFmqCURwS^qqk2h~%
zQ4_Fg8p%ewl_a(k8^t`tY~gXR-$A~PpS6P+yA*l=FJ$1IuH}b@x7$=YiHrgN@?noL
z)<YPh6LMljRI9BlO!Ka6SM!SL-Dae{-fiZdG$&%h`$W~zzkp*{JDfkr<?Pd){0O4}
z4w}8yn+}Y%B93axMWiS~?w3qo@T#@Yj$Fe@zll6eW%Z5Zt3b=4CvJepP>e)R5+k`J
zmDW`92%NOf7h5bh&>jBa36SXVjP-t^z_%DWVWeJ&m@s0-1ltC@f%n13+n^6}D87#U
z2yU$ShBe}KI=mfk#$DD3NP(CR`$QvoE0X5^(AaicBjjukX+Rm#j3V2Q+2B3g2|7)q
zvlkQ6O9^-9xh$2?C>pP4EqpyM#;oik=~BsBO08E+?>Zm27_+ibsY)QfAZAH1&H<{)
z>rmK-9RuwJ9$R>XO`K1ly!0nNdLPs%^lk;!9FN49S8$HriCY2A{Nh%Mv2-BPJqCPt
zcm1bt4t8xon`@2n2=bI5Gs@}@@qVS;uWqG%f$}))tFroa?Ec{6E>Ynn$u}-%pac?x
zl0=k5VjLs4Ewri7X5$U-a}LR1>SjpaQ2Rr+_~)~*rf`FwJ==+*jYpS-dEnS)`$M`V
z25<K4DR!!R$_%QM5LFv7W{pO9s*tIwq#Y|x&Xm>bXf3aHLjnf#IFqqQQm|GK#TrR(
z2u`*q*NSbllXC~!!{B;(v@-#hcTlI!<z3J|(m|`I6d}6h)b`xh2gDtLcMe>PnvLSg
zB6ZJwIKxqKhVvMxzK``UX*|Rr$&T<&l(Zf_Yk0=q0OPH6dfL+<+pUoHU9k0@_6tGR
zTu`F6jVHSV-4P3&Le|BCm7zeVjE0?r*WPZ024h_X%CM_Zut$W2v9{-OWad|_BcWlM
z)pk0&nn65HEhoO6Y+(HhIrXrddcx(D?M~_%YIj1>M=E9dfvzTdycaTx^IKph8QxRN
z-Y?mys3L27fz!ID%x61_HQQEmw3fVIN0w88O!4j1(Y#;tKSdObf0rQpIsUKl9`Rr6
zvB$cVsbg9H_K)b7k1-8hLLSi=?0MZ?xF_6o7fA)`7ExP`_lkaw|BvSr6+iF)G`|1g
zZ$$e~dg;VYsS`*46*{q#<Z<+?QYW%LB##3pXry<*)x%=Y_tTBz3wWFt@=9mj=)Zs^
z=nU<3>LBiEKg7Jbn)-Zu3248ZpK+57&llmjiN~Br*0bR+40$M(jN>zRKga*Ib1|!A
zEs4M2)2VsfCykzubaHFHt#afjm$N^3<jVqBZnoG5Po;A?M?#Jq=Jqdh-*+iL_CK6|
z-LUEhPmRD#Jk9nMwhvmd<MbkqtVoU8ar(;e_uO$?>NWWWyN@IL6shi24?k85#n$lN
zKgHJI4e1sW<T|BH_C`#Z?WvYV<;@}mKP-|$vI6fpr99Zi*sq7ZXAk^8?GHXQO`q^%
z!r_|-gkMV3NJ=#LhbiSf@Lj~?*(fZ{LsRnLG3V=J@CxomkqmvI>0?Z!4avG?<*6x-
z;5dx7Wq>Bzy8~aKO-gth<1NO~`WUhz@aW;O^r*)@34+5g5NYUHCx(YV_r<rPcmqFd
zUXqM)kWLbkPFPi(bipe$=14yKRQ&jW@v8->%ipZ2!8kwP@4ybJ09vUT-(Ta)k)xw8
z`UK&^bAmpEckSs&>GWY3%Oh*&4_DC15q#S;V`uUp^dvM6dR>O^4194D4(sNzGuudS
z&A-dns;aO)X`;041A(|Z_AQU1EEvoG5pJ&1P1Qwrs$vj+Az=$N#xB?&m11RppMi*<
zSFW_9e<ECga!Vfe0_3gnZC}K`=@d4f>W)5z-a2|KC?#J3XQC*5g#LcLsYq+(6?$|5
z+Z>9BD`(OTEuzC~IAhGPB7tOz*x=?5Vc>f`i;Q^;zDGg(-`DV^GsfRBwefA2!&^j*
zDG(S*cSO!XO$wl^(BH-_9OC!6mx4PQelOxptnYWFZT{*tjEl||E=QkP3@uqtq4Rt(
zn4Y?P-~;WTN8zm<qU?2olu}J~|HL~;fg|1LQz;MA?wo4c57G@utZJOx_b+cGS@KpI
zogTuE<6Ci5ib&SEkO?)#hF^nGTVWnx;Xh+~9=H;5H+3AHCTzkP2PpWb!Jh;EBFrHg
zr&NXLXawbZx!*0ID8@?^&Dv)2Qk*Ah+t59Ec;-_J$t|Yn0KJieQww#E13q~suj>o3
z56v|0te&T5lE;DPH2P%?AZ#>xZxAVM+?#(}gLmLOn&5d6<|7;f`VR;FhxJU>7g2bo
zn~HBECA;`K(iEh4$ACUP^=sf#mM>bjO8B~^u?B9AA1BL*Lz189AG&9#eG=r4-``_)
z#v59C7<eUk_L2cVAm;@U1-eZ{f9Wic^aamX&vJ*BlGj&x5BwoH!P{5i+Nf{*7xxA4
zJMcUDY9GWO8hJe=gYD<(I^+_tcgYu7I5k7OvXyieq!8SoNaILDN5+s3C}HDN)%j{I
ze7wS72~MK(0A~W%So^Ng)3CZ}M*q(98M>#ZO(3c)ET{g7POo-8AZ@3aJh~A+UAGmT
zYs}9@m>=^)6jx59)i~lXwQc(k<;QwC{~6^+oud5vducWwDhRdyGq>RPzsBmE=XmHS
zj!nG(07Kcu<$nMjlcWYAO>~^!q8YoRyX5_i+`5umKSqDM9*11wydFNQm3(A7ZoFX6
zkV0|zJcky%cX*;3#>r26X)1VfV?D+`7;h3{AWfF6C92bm5zGV!pbO|ejHZYtyQV2d
z9hGkk9OFIcL|Dy0;xKs+%PC-!$B-ReVs)A=cDhl68#YREVlubz*+P(}>X!vtpSL^l
zo^+rM5|9Ep$DAAI@S%9%*kzcnBI&DxLpwn06QB*hzXDxg#-7uIb$+`bJ&oUh!rqjA
zONy*{C7>ztj2CrIdLtU`9LNW6c~LvO)1=?ex63wQ|JRJ2-!5pMnK-?m-M*4n<i)SS
z5GK^7OKkcBXfH8d!tZay;g<yHU5=@=Ge)~%vK^wW9(ekL#0|hX0yhz?c_Y0F-qZLe
zo+o1-EadScmID1pGn>S}*YL%Qlpk}P=J$(dDWA-5CA>%a|0zW41-*fa{G;55_w8Ts
z$<P?~IKN<TIGJtLdvrfX##ck{F^tOqKP_*a<A2isq=l^7Px0M|@9&n{a0-49H_?ff
zD#m{!)51HAFB+JZ%~by0#YF;Vn*~DI85OuCu>dnXBFVfnR^&NR?ricu*BtOaV@U=F
zpVaRQ1SqPsH%Ft}E=`-7aNiX^NOC&gH9jc*ns7g4jBhl)JJpiBcbb>lc{X`)D~8_C
zr1&6vKj2sqICc;DF7R0R?dQPrORaQQKCqvuPGG7vrn;W<$xL-7<=_1n+}H_88;NKF
zW(GS{kyMJ`tvdt@Qz$%GId9tY5&uHOtHq1DVyr3p4Wkz!15O)7c_wg_#|e38bd2-A
zm<PYi5s4J<?C_h<!QU{V8RUCdpT7$p9HQ|P1)slWNtdG_jTah8qQLKu88K;*lpLaH
z7y3$ys6SCO;tYz0hf$;uC7N&yM~W586itR!rC(J7Mdxyy<MS;&D7w=!=}d}@IpCW~
z#!VwTn?=5Vo|4#N#ZC&pw+OGa*IAlwF$<e&rI=q9QWNkh4cKo86P}{>UMs9&H=Ynf
z_o=CfFZ6ZOiL4&qaXLwu<-HyFl_vvfdM?V1w@vp>WvSv{J-fHj|M1>yerC#Xug3{V
z!EOomD0DAc+mGmbCvG%&_|2TH7{N~5`r`YlVw%n4-wyfRfv5=IhQ!VDu-jvaAJHs+
z=4Y9Dk@NiipM`gl?>s5Bjb$><(`J%KX?N1Qu+Y;E@OUj`_d%wJS9>Dw!9V*8!+L;W
z9i+U4Z#};A6UZuV)^*><&|Lb-lbvr}+rF!Pm$72E(cMYp3wa%vV(sm+d)s&E>y%BF
zNhqgZt5|MdBW15kvE=EQ;M_)$N>(GH5i!_3bi&x~<=+xuFAe8?c)vQLE-6dTB6}RM
z8j<f^<p1F`&xCk%HO}iyx;y%EMDU4@Lb_pPnS@w4JuyZa%jv%u*xUiU;~r=Ou1%t8
zOJn;c-K|arY@6;LnuZkiWym*35$_uEd!*R64!H-Z8R=C>ai41lZVt9@=H8ppyBZ!d
zdJjH=6uk#OhZMaBZ$^sVgRek}-h;;@1*Jp(fD}-MHiL#c8Ooi2G8(Xnh9abZGIRn`
zK#6+;DSF4@Jxh8M;3)P_>Mp)}n}R(1>VXq>>(Lm}^Ubl?A7bs>HPk(<2)aK@qyP7Z
z;OdWww{+fy+sK{Z%?QLx>YC{HqM%dSOQ2J1nC|Xh#l*R+BeJ~&x`ZOfB^)`1%>wSw
z3LbMWL-zt&8s{DXp1XJs5uQRR&3X{e!+1*@xQM3z8sGJdWo-ywJ@DPl_+t9Nr+#mI
zHpXWQ;hP0~KVf``0-iBG%lF1Nobknk@I?UMJ&e!N2R`ll;yd>X!uM%w5Z|YN1->SD
zF>1Tk2R^z{^}Xir+yjj7z7RgdaoX==d})2)BOmhn;p00apOP=e^7-j<;CqPqiFhkY
zd&+0-_r_Pj<4X(S8xMTj$)4bL&6)UY-y7dWgzpo75Z@<lz_f$MXX^uB!S}{DjPdOY
z;d=u3b~3(#KJYoeFTT;AF}}tSz8it>H;m8O2fm{3jqiEJR}jMI06vP<sPOc7{-A|p
zq~0`in3Z*=gS{SWE9p$um9@ACLprloAwOTg5jt~(^m<0$$2gKgIO6pJ`0t5`|Jypq
zCf9W23c~{*xelk~B7T{^*%XI2Z(g=<f;UL^6TVmcGJ^B*(Y9m}k4OY=jZ(A(Cth?q
z(Q;_`(U>OkhAez~igQBHTSq$HdZv!AGjx1i@6$oD|07uke*6NRa*`(s93JLH3gh1k
z{D?%#yPK#(%o<pyOZ=djbc=;(hKKau)4=ame|!_!HO9IISi?_9TYF)B`~L!~h40LL
zY!6|*5H~g67OCC5r7>ambC~AE;IFlo_}fz+h_56MlD{_^Hq`iKY0HB=q9GwH9RDBA
z5rB^)iq!T;;a_$pXW?c-Jia+TRi%BV)k=R=id^Dkb{BRJ<g0BUSiaAspAdVTd<OOv
z7Q!D`DBshuJCEX5nVf>#uZOIVl;nk4Dq84`9_&4{uzQYmMA$@Lgj4R`I|5%8*xGmN
zcAJ3L^?Tip_U`C=bh}FFRoz}n>~m-1r7*pG9%7l-Oy14e(6boyEJj<L{=%2TsR!su
z!D*5^>MK135j%I(GkOX|)uQguQxr;<z*A~Onu64(yCeUDR73h~7`;VjO>ZvqZsvbY
zuNCyNcNaMiDSX7pk<!aEe~J`7qWKA=@Da_8Vf0zfmcEa8cZIu3|0O@+-NFNhZ|ud4
zl8*_Fnd2nKBHlp?zck`ENI`i-JyQ6m5jLctJYq0XP;Pp+oAN>YtKg0S{8f^KkABRY
zg%A7RNdhRx4g!?p*QKN01tp-|v=S-i+LVJ7ltV6<a^)4Ipj`PmQc$j}LJG<ie%DN{
zpy)Yg!*lF!RtI-AAK@2v+aIO3RQN_yq4*4|%kY3{FHaf+ahQG3BGTu!HlC?3$k!H*
z#jqbv?Bjn7s>tUy^u>tR^vy~gX&mC%zm5Vv`!@gj3g?}>pc4e$z5*UU?ee9q!kGor
zfv6QUg`tVr<A)acZjYbVSU7f$@BHiO5LWtqK`(0}KSS>9ft5THoRN~2`d(OFJl2~+
zSl8&){Qm%A_39M*e*kpP3U7p*x{CLi7uaps*DaIx3OX;R-Q}qTkc#bCY4?$YjkuEG
zEg>1T+m6P_*~U5LD53O_Q`Fg^>9`MhGo&jQQ7>+JhOX><(*Zr17XjU9=q5=IdePl+
zjj(n`>K&brNQ{H{w`k758m6I>UK>~=c0Jr%LmSX<3Q?Mc^_101|6}Tt?xPqssH+dP
zRIK6p->#>2t#+7eMV=Y@e=cMJ`qqFxC)B4u=+~SDbVonXlLv%O?~)EgyV^JOn70Ok
zKD=#U=%+vE2l}G}LVw~cpzrPn`i};LzWywrujvQ+6(Q*1`Z{bK45wY-0PEm%MDKMV
zWhQ1p2zoy<lX!Gs+E2CiLp%Lmxm=n3L4WQnp#QRO=+WN}2>rIRfPP&+(AN(LebHG!
zpWYAjf%%?%7SPT8Kp&9r!~Qie^pmgl4Lz!x@BK*Ru=@s<$dgz1Es;@w5Ai)5dYA?t
zw!)yjF4VH8-iMAnIjJAoUkdf<4|>MH&`%ui2l{;jK~Fe#7SIp&1HEcM=)XS;=v(@M
zKA@gSxOL!JJu$AIS;g<}eYYk^m}}7f9hUFgBmK}$XPV!sXA*{;1@!0oh93FGK+xmg
zI}7NW`+>fDK<GQp0{RvGK)+=`=#^&yeSAOA*<WLCsUQ6wKXqW}o&J8Hr-x_{U#nr3
zPdzrUM0WnDZ;3Q_|7J!w^e{c6zGOh}PtRa4-Z|e90beX^FD~t>`Nw_I9uEDUvw%LT
zH+1rQ<N0L&y%+S36W1Boy7f*!^Pqlo7W42%-}7MJ5*kZ?&`%Bw{o9CspkEV$9zG9Y
zvz$P`1v!9!^YyHLX1QDMghLOThxjiH+W9=Ek6i?;$=5Lsv!{p0ZCByHcXa+q@;{;@
zG=_dS6i>gvPh<FXsO1@c{n2N7V=<t&hx+sf{o=ELen&sh5l8%P-5DQq7SNaU1HF44
z^h3LP=q#Y8^aH(UAllX7e(F2;-u|C{pyPc(gEQf>6DFDJl7S_&{mH&1({!{?=wXtH
z|9T>2<~t;_{YQP%ZaOd!^r4@h1@!s-K)-81=-#t{KB^z+_5q<c3=G}>SwGN+3<#Zm
zU5D1{cktc+yWY^HM)>AQnI5~EqPlv=HzSO4r;&EZHLd(<Kq|JL1r_^xQ(-{gIw16-
zvw(hEKhW3p2|a9G3{4z(UHIqry)KkXLeTrs7(;^I)_1IFzoj4AyZ2q;YdUPz4apgp
zGe`FJhAwCOSi8ah?)_JPSnfUxEHC!PBBA5=PlI}?KMn=G-S6Pgk(%Dn<rq4*8tDNe
z{et3gddIiJ<@2{TnI4~Rq$`Z{ZrSemKKXp?&qmr|q|Gutd8<snool44jr1X-K3}es
zBW3dWxIxG9FXVIQaDyHL&$m8VeqxA`&M;D=|A~8y=VxTU6Q9WElLp?d_42vvQX|E?
zt2ExzuNcoS%YI$k<nyUynV$5?@{?ZU`DU4(-e9B)jC8bYcj|NbeCjD9HTZDKX*{1R
z(=KDYf#CBObUO+6d_wnAhun<&Nkz>c`#rdWw9B%W?r#{kkW$5^P7m%TSrpu{@^8PF
ze(9>`J*8CoZ;Y*UTd`4GW})}%=$Bady|Ax7;5*DQ<YNvQMUl}zU4=;T!}R9=Q47vN
zA8+pz#yO~oZ=An*6Sa-GoZ7y*n(|S1az7iQl7FXX(+{|=oZHRd{0eTjn%kX^b`Kll
z3*F}&@_aMyT{a7$;A_G+0^>cr^#INWVuZy8B=pN5{PrV996>)v-oLuJoBqLH6Z}7(
zD)I<*=Wj${Ta<{g;8qWAndAR0;$6G9iHgDBa;wiB_-{tMrqYF)XH_-w0`-Z?jdZUN
zcvJ7S;oqa#L}GKahygwLZAlT^Y!&A;<ID*8czhF@b8*|pBra?Qjd&i3Z*sFLM%grB
z#Wx$@srcsNI}^9vqHs4d5{C*yY&QH_0Y-pZRB}voi<!?<zZxDkp5HU2TN8HU#PJ!7
zgJ)^*-??=2HsKYavJbiJ7J6gvhMT}Kdgoi11nwC55rxMpX^+M2Q=E4=YyAgtBkWO}
z7vQuOGmVpCoP-<}sdUDz9L0NcI9qKg#$cTEX4DOP_||GF+It{BNn#Uh<Wo3Nj=_6M
z@&vjB?*_)odhn3m!9_VBqy4rRjqcpO0jPM|V&nV6C-`0;z1gVZCNbVb3;66KoMKyy
zit*srpv-)3BVk{^^?=h{<aNg2zfA?4UjL)`6&(ebamoP<t@xE3yo-y|l~_&Sjk6(q
zu2W06a6j|grrzi5^lJ){{%_?uJJQ~7;ZjdN!5zGa`1wXO-U{UR=ib13%wUO`<i$sK
z4a{;xdOA*s?D$0yJL2*zKY<fmlZwCls1;Tn-Vc{|#0AgX>+iP!K-6yu!|QKS9{()>
z`9FAYdzR+r%e|`qOOg(7qM%zssLhx3+q43=>OMo8&zKq;(=`KU{}3u*6f}Cf&9=|6
z5WAO!Hc1!$-!<3p9Y2vr|Lsc5DQW~iI|7LgD}HONqwAI;i0RHtz-JrY=Fxgk&Tq}V
zehX9XWXk#X-_3V3<qq8X!~e7ibS}evKm4bdlVS7i4#eWT-k44L4J2SpAvkf5a^DH}
zHsXC|jO{fWZbRbM6W*<NlE%RsaP-SOR?-xXnuf|Ut-8jot*odn(@M1Zh6;Ddib|KZ
zq6UR!uGJN#E-kIPrrM>|*Sbn8R#v#m(qqNEih6fOSw)?z)a@$M3Z3&9MtwtVZA~4O
ztaG_jVnu9<Ci24IFrJ!*>atkydeMT*ol7*(s~I05=DXZ$YU-}<fxFD*W+bs<evP)e
zq_RSyGbjtz;+)Ivc2(87E2>v%?ivYUWnE2`)==$Q3&M#gqmO%CtqcFCxTK;IWoTPj
zQ&OfaSgdjL@{&3<tf;>pV_aa*ciI<SK70AK#^-9#JyWx;UD@k{e<P5UoilaX1=Dk9
zl&mN%bFCCTKP|@NP$N~4Mi_ZYg5^k|VxTVY?Oi{H3Jt`ogmU|@sA1S=4Dt$8y`>n;
zMOsd&&G-m0XP&lX!J@(?3$(?~IgY|h3LW+(g$w3~0SM1JN~&qH>Rez=IsUlngjkPh
z#vIjXl+mh6R#lX071hD&yiiMx8O)8Cwe_x5Rjz7C7;{{RE9+`7NhqmXM-$rMBA9cE
z<~U>-<1rf3^e_#1&P9v05;u7NgI=HTndGL0ix+6CYbqP6T$u3s(z=RTcMYiTo^Nh7
zr&3!|Q&$lbmC_P-NoCEd-mNMyN(es0r>0J`5}iHQhaAL85^1fbS_A5g85dk&)v8=&
z6(v{zz2OmUwRM1sp@$Kd&kLyrh3+~R@VV<6O5F{0E^T#1O=XF@qNch}NOJw58~!<W
z5Ob&u@N3=WT4hC5g<Es2Ep@rdT(s_p1YX<5*eccojjN6qc5I)ur6C=$BD`tuv2_DY
zVJVSol}iooYRo9G#gT8dW{Geat9OIZSt}%EBsCDYGwQQ@REvlI{MKty9xG}qWfkPC
zK`X;tN>rH|X&+JvSdt|Tm0$!(U8WF(qPC>2N(!L13Nqn#)oJeXl4?ly+KQ@%Dy_Pq
zY6Z$_R!Z2^wZc`el~h*NtZ|j$7q7zB2;tE#FR9g*kn#-Gu~O|>r_CV}LM^0p2YWAO
zaTP4>ToYU~E3mps%Nwep8!Kx{uh;4^Z9=vyt*OQk8(2)_Vlg_E)|9!7PCZ~Pt-ijx
zW=*vw*M_kWdChiXnd6w7ua%UQVHPf5Eav6U6C@<{kVH*fv0&cfIg4g5?>PoZmz7rR
zs=5+mCM&8})_~g$)s-bHT%>LRDU&rhtB3lERir_PL4{~(Xa=q_u;B+G?2GfYih60I
zunI{Dg_jYfBn8kfsCAd4X-QpaxgdSi%_~A9QDQCAC@`z;a+j7>PfD(|rmid#QaKOn
zBYakYE8D0h<s-pmNtq)ZNQ!}g0eD!`%(KAVqdBOr&R~v*S*X4!?%6Ax(krCGn@4Q!
zCN*1p^5$#pSo76#F-o0{p&R;<XGIRH&o=cCe;#xXt^{Wq1E+})Scbq6PK|7lEna&4
zBh<Y1#=r4*X+5n&9%X%LxeMAkO*SJ@)+W&>{d^5uffUUEMI7e&B$Xw#73q$!RcBCQ
zz+UWFTnM2i*pM;6xzfI9e&PH}X98+a<}c4%q*a!zt7&it<@tQAq`tnPiiitJc$Oed
z@2snVAXf!f^qjgn$QLanYTC2%44dd&BIdvuS=Xzb<iV;2SA9L!0!#5KS51|RbP`h>
zB$I|7E(_#KO_Izgg@&qjfmE%$q_);otxe*d)T7P?qfuS2q4naN8P+*Yw&+SDC-|el
zxmb(;`A45%$`3=2i`86CE{1~b4W;-D?G$T7Wajt$Xkq;?Oq+bud7<Z&)Jf^HGBc)x
z3eKN!?L`-do{DFVw@sWqE>pTxtI8{kn(MBwtg5c5y`e7HvfkaWdd=E(>x0j|QhS~w
zf6gVB78Dxgm(87b`TPaWg^Pmi7B5+P#g#?NejuN_eL49|oQUP=p9yagmZYK@vj?@i
zvSL+39qZj#XQiv8p0sUEO}%SotmyHqr3KB;nu<!pQbA=1K?<a%x~x7OJz}&N{Jgti
zuB2ZvUWj_kV@7G|8mYXbC4r5LjqR?P13Tpc8K5atpNR%yxd@uQSfL$!V5e{K@qf@*
z@EIf%{!4x%JqPd|teUwj_@@P#MtZ1q*JU^4WY5%)fr^LITvE3R7RWh=)>gOQzq+Ch
z8qttl(xxHbVU;VWKn=m}!NA@vSHd2{0jk$lRJiNIpwt6Oe|2YIxME??Sqkb70)jd+
zPT_dhz#Sy#3z+N4jFs2ayJ_sf58gfRq&!mM6@B6;Pansqe{Oi|sj2VDVnFTrd~0rY
zbg&9(qs%LTE~D@kq!$}`N`j4t8fCN>pf>n~aLY&e7wvf8Fcy#0=a!imoz(e4RKsg^
zRYN+-F%sv)g{{NPU5uR!7+hOJHG=e7T9!3k2swip^`-R{GpY32s*>t;V&R<2muimu
z3~btXw?<H_GuFH6Y9RB_$gnzft{b4(AcjJ?NjTi&wepHp<wDF`I^W3FxoCT+RW?-D
z3)a?9W^$Xs<!D$>)KV&~Il~FJ32=TO>F|q5%$Ufao`lltK|3b7p>`(R25s@2`HSbs
z!S~UkqWXr03OHnPS5i2C;nKoI%epxOr=qIF-ABKW%wJmz*R{Tn7Hpl^|E_2LYNaK$
zC8ZVab$zr&oxurm4w*Lww}U%e7>GXl@eGCF!sfvgQ5kRH!>kB#r*O&wjn$Z8FAXNH
zsJxzFJ6NC1G(?4sa#ck=#tvU9Sm(&kW6x6y)kupLHXYKAfr>EXC9ARXV~U6j;}bCC
z9Xr+Tz3yz}4cl`@s-dnJU)EJY1@<@jc?D66ni8JvdhpoAPC7{nZ}97}d*fXdEVnRP
zmekdiV7moPhA~1Zlk*6T6m&a-9uuivLj*z|5|xo_3@a|`;co=@s%t8+-zqJ|7~Fl9
zmWC9g<|1bTT3M^FM?3=~)3j2~QVyN3t%hbonY*qsqoEobI2p4jti~p#uA$bgEefvO
zJl+oEV`amJX!u;xP%WKO2Rdsrg|>V#mZSS>z*}BWQi+VV+yQG<M<w{!(Rww6QVX>Q
zY*>^Gr>mM=9cs@Ix(f_Q-3123?gGLg)j|ftcM+6)4km>P2yO#nO0cM91}(rtx;I3L
zz0ze+&LihtwVPo%<tCa(wU~`4w$$>8VRVy1W0aUR13dABqD9y?)l`S~xxA)~w!zGq
z<wQirQt&=wPBqiFJg=c1D7r@$EH}o*kJ@tX;wX2OUQcZ$0PMaInIdFFjlr32a?sB3
zCo>ppXqtoc6;@-1Lb0}td9LbJ?s9@0>LF3d5(<@}Q$`4Xa27~F&MakYp|*^6C0385
zB2*3-71fZ0P=Ab}w6<inl%Lu<*XnDrBxdv2$X}OFb4ss=i(67(rY&aULlkIfE34dE
z_SB3O>)bB(dirmblil5lxF(@M6O~oa5VcDxOIFphd^@VjG8Vb6!_bK@Jc`wFa#2jm
zUCI~DU&ew4cZRbBhJIaWG|T6pO)W*Jf<=JRlV1y<7U~+Ltk7Ik)m9=ZnUP;p1<tSp
zIbARl)dYhzESDKNBx6ZkN$K?&msH6$2r<d1S()KjS4q?^s3q5}rY__1dR}SsYd|w?
zM>8&=pc2Em1cAy7Ot*}KQm-q?Q^_c-F0X)lWQ?w`3Nuk!QSTyoHP$VLA8eJueHflY
z$`UE$jGp7Xq@oUCT^>Qkyc!S$Tyv^d%T`V(JPeR|9FB`x;RCHvQPxmWslnw#u#Y~o
zWsS3ZUA>lHSFzfq73OnAum*t?t#lnWtWukX^`V#}7i;Iii{M5EG^vfJR6+YvY%Z)1
zWGe$fFBcR_wR^cWWBS!WJUwf2GqR>#Z9uEVCQmDo3X|g{A*!X#GyHq@6@$>KxZxDg
zl|jUZQ9zHNH$?k#YY@*FHCg@EWK&I8w6dXE%077KaIEPzpfH8-_3*<rNPE~!xTC%O
z)BrWcCm2&^zcRdC85U{=!e}$Ko|qTWSjd!@8eSeT47=i3(cJ^pSu*Hm_?($qAslFm
z#84oe{E^DabsR(^nY%c=Z%=Ft=?qLL%?^pk*`g5Ki%fMHDW0?K=3472ZQzI@bp<Kd
zry=qaHrg{N&OVbjlG(H`kU8m-8~Ohw|Kq^_IPgCX{Eq|wpE*zy==w&YFy$JkWb89!
z21S%nUu)C{t?MY``5Ys)80l~$4JJmMCPFg`I0%D$i}4)XrUv^5Q?9PTj~i14o!EZk
z`CFr35RUQqf0aD8uTMx3jYjdEX3m&Z`E1s@J&W*MXt+i<#baay#S+6?2Fw4Ko)rf;
z783O3&Z<YBjUsYz#YE)bD`7?CASNd&@ii@4?3_Qls7RYTXBj1q1^II*T{!QOMM#BM
zyu`j_>0-)Wu~=I)XR(t@g}Bt=n5m^*I)7=pHZ?OhbDEZI&6;MtAUj7(TZAA>0emDb
z&&Zj97-D99InJ<gk3?ivP{^WIWFpMx%3M|5kh!9vq7trVnc%1LlKOIyS+=gaeqEJJ
z-E|_f&Q)1Lg(B1KT8rNzt*ap?j_XURDoW9{2BorW1)?yS*pkr(4kP^jA6oOlIp7JQ
z`(E-BOhflIg4lxX>3JBw!T4>kzp<c9Mk-Q+9gS43JNa-P^uRHrJlH>1K8N(!R6K|G
z3D*}^)CKicuz#)5-$+Fho=F!52Ndj2`iXD__X$RQ@G+Q*pngPC{)CU;hLRv{!TuVz
z5)nqq`Z3sss>1PKhUXwWLqA6xrbZy^Fel<BnRNdR_NNjjzQO(m{#y=H1;XNoIT0g+
ze2|ab`02R_UjuKD4?(^8t9`PAq9QeH36})%Q+Wx#LHq{89)Fozi3g38c`S?M-(Y`A
zSK`~Nzt?E%F;Y{oz4094A3f7L57ry_Tc{kL?Xo;##U}Y2{Hp~sl-_`E5Wh9NBGe!M
c%C%>Cs6F+gZ%9yjw%b0<cwXPLJk($OKXa~UMgRZ+
--
2.21.0
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix Thomas Huth
@ 2019-05-10 13:55 ` Jason J. Herne
0 siblings, 0 replies; 12+ messages in thread
From: Jason J. Herne @ 2019-05-10 13:55 UTC (permalink / raw)
To: Thomas Huth, cohuck, qemu-s390x; +Cc: borntraeger, qemu-devel, armbru
On 5/8/19 5:48 AM, Thomas Huth wrote:
> Firmware now skips the unsupported signature entries instead of
> aborting the boot process.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> pc-bios/s390-ccw.img | Bin 42608 -> 42608 bytes
> 1 file changed, 0 insertions(+), 0 deletions(-)
>
> diff --git a/pc-bios/s390-ccw.img b/pc-bios/s390-ccw.img
> index ba054828d35d72fd1ed5521a48f43f593a1c291f..a0234bf748e10fdfaab27b8a751bee1db1865256 100644
> GIT binary patch
> literal 42608
> zcmeHwd3==B)&HGjvJe7HRwfC{GbBJ*5+(^t*kmRPCW<g@8lb)sl7U3BkxW=zYO1NC
...
I've tested this build with signature entries in the bootmap and everything appears to work.
--
-- Jason J. Herne (jjherne@linux.ibm.com)
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
` (2 preceding siblings ...)
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix Thomas Huth
@ 2019-05-10 13:59 ` Christian Borntraeger
2019-05-13 15:05 ` Cornelia Huck
4 siblings, 0 replies; 12+ messages in thread
From: Christian Borntraeger @ 2019-05-10 13:59 UTC (permalink / raw)
To: Thomas Huth, cohuck, qemu-s390x; +Cc: jjherne, qemu-devel, armbru
Shall we actually CC stable that feature?
On 08.05.19 11:48, Thomas Huth wrote:
> This pull request is not for master.
>
>
> Hi Cornelia,
>
> the following changes since commit a6f6d24757a73f7176989134b97284a1a7df11e5:
>
> Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190507-pull-request' into staging (2019-05-07 21:39:28 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/huth/qemu.git tags/s390-ccw-bios-2019-05-08
>
> for you to fetch changes up to f7a339a5ba48a8a5c5bf4f1fdb1463bf8ac5f5bb:
>
> pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix (2019-05-08 11:26:01 +0200)
>
> ----------------------------------------------------------------
> Skip unsupported bootmap signature entries instead of aborting the boot process
> ----------------------------------------------------------------
>
> Jason J. Herne (1):
> s390-bios: Skip bootmap signature entries
>
> Markus Armbruster (1):
> pc-bios/s390-ccw: Clean up harmless misuse of isdigit()
>
> Thomas Huth (1):
> pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix
>
> pc-bios/s390-ccw.img | Bin 42608 -> 42608 bytes
> pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
> pc-bios/s390-ccw/bootmap.h | 10 ++++++----
> pc-bios/s390-ccw/libc.c | 2 +-
> pc-bios/s390-ccw/menu.c | 2 +-
> 5 files changed, 25 insertions(+), 8 deletions(-)
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries Thomas Huth
@ 2019-05-10 13:59 ` Christian Borntraeger
2019-05-11 6:15 ` [Qemu-devel] [qemu-s390x] " Thomas Huth
0 siblings, 1 reply; 12+ messages in thread
From: Christian Borntraeger @ 2019-05-10 13:59 UTC (permalink / raw)
To: Thomas Huth, cohuck, qemu-s390x; +Cc: jjherne, qemu-devel, armbru
Shall we cc stable this?
On 08.05.19 11:48, Thomas Huth wrote:
> From: "Jason J. Herne" <jjherne@linux.ibm.com>
>
> Newer versions of zipl have the ability to write signature entries to the boot
> script for secure boot. We don't yet support secure boot, but we need to skip
> over signature entries while reading the boot script in order to maintain our
> ability to boot guest operating systems that have a secure bootloader.
>
> Signed-off-by: Jason J. Herne <jjherne@linux.ibm.com>
> Reviewed-by: Farhan Ali <alifm@linux.ibm.com>
> Message-Id: <1556543381-12671-1-git-send-email-jjherne@linux.ibm.com>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
> pc-bios/s390-ccw/bootmap.h | 10 ++++++----
> 2 files changed, 23 insertions(+), 6 deletions(-)
>
> diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
> index 7aef65ab67..d13b7cbd15 100644
> --- a/pc-bios/s390-ccw/bootmap.c
> +++ b/pc-bios/s390-ccw/bootmap.c
> @@ -254,7 +254,14 @@ static void run_eckd_boot_script(block_number_t bmt_block_nr,
> memset(sec, FREE_SPACE_FILLER, sizeof(sec));
> read_block(block_nr, sec, "Cannot read Boot Map Script");
>
> - for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD; i++) {
> + for (i = 0; bms->entry[i].type == BOOT_SCRIPT_LOAD ||
> + bms->entry[i].type == BOOT_SCRIPT_SIGNATURE; i++) {
> +
> + /* We don't support secure boot yet, so we skip signature entries */
> + if (bms->entry[i].type == BOOT_SCRIPT_SIGNATURE) {
> + continue;
> + }
> +
> address = bms->entry[i].address.load_address;
> block_nr = eckd_block_num(&bms->entry[i].blkptr.xeckd.bptr.chs);
>
> @@ -489,7 +496,15 @@ static void zipl_run(ScsiBlockPtr *pte)
>
> /* Load image(s) into RAM */
> entry = (ComponentEntry *)(&header[1]);
> - while (entry->component_type == ZIPL_COMP_ENTRY_LOAD) {
> + while (entry->component_type == ZIPL_COMP_ENTRY_LOAD ||
> + entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
> +
> + /* We don't support secure boot yet, so we skip signature entries */
> + if (entry->component_type == ZIPL_COMP_ENTRY_SIGNATURE) {
> + entry++;
> + continue;
> + }
> +
> zipl_load_segment(entry);
>
> entry++;
> diff --git a/pc-bios/s390-ccw/bootmap.h b/pc-bios/s390-ccw/bootmap.h
> index a085212077..94f53a5f1e 100644
> --- a/pc-bios/s390-ccw/bootmap.h
> +++ b/pc-bios/s390-ccw/bootmap.h
> @@ -98,8 +98,9 @@ typedef struct ScsiMbr {
> #define ZIPL_COMP_HEADER_IPL 0x00
> #define ZIPL_COMP_HEADER_DUMP 0x01
>
> -#define ZIPL_COMP_ENTRY_LOAD 0x02
> -#define ZIPL_COMP_ENTRY_EXEC 0x01
> +#define ZIPL_COMP_ENTRY_EXEC 0x01
> +#define ZIPL_COMP_ENTRY_LOAD 0x02
> +#define ZIPL_COMP_ENTRY_SIGNATURE 0x03
>
> typedef struct XEckdMbr {
> uint8_t magic[4]; /* == "xIPL" */
> @@ -117,8 +118,9 @@ typedef struct BootMapScriptEntry {
> BootMapPointer blkptr;
> uint8_t pad[7];
> uint8_t type; /* == BOOT_SCRIPT_* */
> -#define BOOT_SCRIPT_EXEC 0x01
> -#define BOOT_SCRIPT_LOAD 0x02
> +#define BOOT_SCRIPT_EXEC 0x01
> +#define BOOT_SCRIPT_LOAD 0x02
> +#define BOOT_SCRIPT_SIGNATURE 0x03
> union {
> uint64_t load_address;
> uint64_t load_psw;
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [qemu-s390x] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-10 13:59 ` Christian Borntraeger
@ 2019-05-11 6:15 ` Thomas Huth
2019-05-13 7:42 ` Cornelia Huck
0 siblings, 1 reply; 12+ messages in thread
From: Thomas Huth @ 2019-05-11 6:15 UTC (permalink / raw)
To: Christian Borntraeger, cohuck, qemu-s390x; +Cc: jjherne, qemu-devel, armbru
On 10/05/2019 15.59, Christian Borntraeger wrote:
> Shall we cc stable this?
I think I'd rather not do it unless someone really speaks up that they
urgently need it. If we could use the binary from the master branch, I'd
say go for it, but in this case we'd need to build a separate
s390-ccw.img for this (without the DASD passthrough patches), and since
the stable branch does not get that much testing attention from all the
s390x developers, you'd end up with a firmware binary in the stable
branch that is not very well tested... This does not sound very
appealing to me.
Thomas
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [qemu-s390x] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-11 6:15 ` [Qemu-devel] [qemu-s390x] " Thomas Huth
@ 2019-05-13 7:42 ` Cornelia Huck
2019-05-13 7:44 ` Christian Borntraeger
0 siblings, 1 reply; 12+ messages in thread
From: Cornelia Huck @ 2019-05-13 7:42 UTC (permalink / raw)
To: Thomas Huth
Cc: jjherne, Christian Borntraeger, qemu-s390x, qemu-devel, armbru
On Sat, 11 May 2019 08:15:21 +0200
Thomas Huth <thuth@redhat.com> wrote:
> On 10/05/2019 15.59, Christian Borntraeger wrote:
> > Shall we cc stable this?
>
> I think I'd rather not do it unless someone really speaks up that they
> urgently need it. If we could use the binary from the master branch, I'd
> say go for it, but in this case we'd need to build a separate
> s390-ccw.img for this (without the DASD passthrough patches), and since
> the stable branch does not get that much testing attention from all the
> s390x developers, you'd end up with a firmware binary in the stable
> branch that is not very well tested... This does not sound very
> appealing to me.
FWIW, I have rebuilt the bios for the stable tree in the past, when a
bios patch had been picked. In this case, however, I would need to rely
on someone else to sanity-check the binary.
How likely are folks to run -stable QEMU with a bootmap containing
signatures? It would be one more QEMU version with toleration for this,
but I expect distros to pick up this one anyway?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [qemu-s390x] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-13 7:42 ` Cornelia Huck
@ 2019-05-13 7:44 ` Christian Borntraeger
2019-05-13 7:51 ` Cornelia Huck
0 siblings, 1 reply; 12+ messages in thread
From: Christian Borntraeger @ 2019-05-13 7:44 UTC (permalink / raw)
To: Cornelia Huck, Thomas Huth; +Cc: jjherne, qemu-s390x, qemu-devel, armbru
On 13.05.19 09:42, Cornelia Huck wrote:
> On Sat, 11 May 2019 08:15:21 +0200
> Thomas Huth <thuth@redhat.com> wrote:
>
>> On 10/05/2019 15.59, Christian Borntraeger wrote:
>>> Shall we cc stable this?
>>
>> I think I'd rather not do it unless someone really speaks up that they
>> urgently need it. If we could use the binary from the master branch, I'd
>> say go for it, but in this case we'd need to build a separate
>> s390-ccw.img for this (without the DASD passthrough patches), and since
>> the stable branch does not get that much testing attention from all the
>> s390x developers, you'd end up with a firmware binary in the stable
>> branch that is not very well tested... This does not sound very
>> appealing to me.
>
> FWIW, I have rebuilt the bios for the stable tree in the past, when a
> bios patch had been picked. In this case, however, I would need to rely
> on someone else to sanity-check the binary.
>
> How likely are folks to run -stable QEMU with a bootmap containing
> signatures? It would be one more QEMU version with toleration for this,
> but I expect distros to pick up this one anyway?
Yes, I will try to push this into distros. I usually try to push things also
to stable, but this might be more important for the kernel.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [qemu-s390x] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries
2019-05-13 7:44 ` Christian Borntraeger
@ 2019-05-13 7:51 ` Cornelia Huck
0 siblings, 0 replies; 12+ messages in thread
From: Cornelia Huck @ 2019-05-13 7:51 UTC (permalink / raw)
To: Christian Borntraeger
Cc: jjherne, armbru, Thomas Huth, qemu-s390x, qemu-devel
On Mon, 13 May 2019 09:44:37 +0200
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> On 13.05.19 09:42, Cornelia Huck wrote:
> > On Sat, 11 May 2019 08:15:21 +0200
> > Thomas Huth <thuth@redhat.com> wrote:
> >
> >> On 10/05/2019 15.59, Christian Borntraeger wrote:
> >>> Shall we cc stable this?
> >>
> >> I think I'd rather not do it unless someone really speaks up that they
> >> urgently need it. If we could use the binary from the master branch, I'd
> >> say go for it, but in this case we'd need to build a separate
> >> s390-ccw.img for this (without the DASD passthrough patches), and since
> >> the stable branch does not get that much testing attention from all the
> >> s390x developers, you'd end up with a firmware binary in the stable
> >> branch that is not very well tested... This does not sound very
> >> appealing to me.
> >
> > FWIW, I have rebuilt the bios for the stable tree in the past, when a
> > bios patch had been picked. In this case, however, I would need to rely
> > on someone else to sanity-check the binary.
> >
> > How likely are folks to run -stable QEMU with a bootmap containing
> > signatures? It would be one more QEMU version with toleration for this,
> > but I expect distros to pick up this one anyway?
>
> Yes, I will try to push this into distros. I usually try to push things also
> to stable, but this might be more important for the kernel.
>
Yes, while the QEMU stable branch is useful, the kernel stable
backports cover a lot more.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
` (3 preceding siblings ...)
2019-05-10 13:59 ` [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Christian Borntraeger
@ 2019-05-13 15:05 ` Cornelia Huck
4 siblings, 0 replies; 12+ messages in thread
From: Cornelia Huck @ 2019-05-13 15:05 UTC (permalink / raw)
To: Thomas Huth; +Cc: jjherne, borntraeger, qemu-s390x, qemu-devel, armbru
On Wed, 8 May 2019 11:48:54 +0200
Thomas Huth <thuth@redhat.com> wrote:
> This pull request is not for master.
>
>
> Hi Cornelia,
>
> the following changes since commit a6f6d24757a73f7176989134b97284a1a7df11e5:
>
> Merge remote-tracking branch 'remotes/kraxel/tags/vga-20190507-pull-request' into staging (2019-05-07 21:39:28 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/huth/qemu.git tags/s390-ccw-bios-2019-05-08
>
> for you to fetch changes up to f7a339a5ba48a8a5c5bf4f1fdb1463bf8ac5f5bb:
>
> pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix (2019-05-08 11:26:01 +0200)
>
> ----------------------------------------------------------------
> Skip unsupported bootmap signature entries instead of aborting the boot process
> ----------------------------------------------------------------
>
> Jason J. Herne (1):
> s390-bios: Skip bootmap signature entries
>
> Markus Armbruster (1):
> pc-bios/s390-ccw: Clean up harmless misuse of isdigit()
>
> Thomas Huth (1):
> pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix
>
> pc-bios/s390-ccw.img | Bin 42608 -> 42608 bytes
> pc-bios/s390-ccw/bootmap.c | 19 +++++++++++++++++--
> pc-bios/s390-ccw/bootmap.h | 10 ++++++----
> pc-bios/s390-ccw/libc.c | 2 +-
> pc-bios/s390-ccw/menu.c | 2 +-
> 5 files changed, 25 insertions(+), 8 deletions(-)
Thanks, pulled.
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2019-05-13 15:07 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-08 9:48 [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 1/3] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() Thomas Huth
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 2/3] s390-bios: Skip bootmap signature entries Thomas Huth
2019-05-10 13:59 ` Christian Borntraeger
2019-05-11 6:15 ` [Qemu-devel] [qemu-s390x] " Thomas Huth
2019-05-13 7:42 ` Cornelia Huck
2019-05-13 7:44 ` Christian Borntraeger
2019-05-13 7:51 ` Cornelia Huck
2019-05-08 9:48 ` [Qemu-devel] [PULL SUBSYSTEM s390x 3/3] pc-bios/s390: Update firmware image with "Skip bootmap signature entries" fix Thomas Huth
2019-05-10 13:55 ` Jason J. Herne
2019-05-10 13:59 ` [Qemu-devel] [PULL SUBSYSTEM s390x 0/3] s390-ccw-bios: Skip bootmap signature entries Christian Borntraeger
2019-05-13 15:05 ` Cornelia Huck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.