From e8740685ceb3ad8637532e7ddffb84ea55d4fc27 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume.charmes@docker.com>
Date: Thu, 6 Feb 2014 14:13:03 -0800
Subject: [PATCH 001/384] Remove linux specific calls

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
---
 archive/archive.go                            | 25 +++++++++++--------
 .../{stat_darwin.go => start_unsupported.go}  |  6 ++++-
 archive/stat_linux.go                         |  7 ++++++
 3 files changed, 27 insertions(+), 11 deletions(-)
 rename archive/{stat_darwin.go => start_unsupported.go} (72%)

diff --git a/archive/archive.go b/archive/archive.go
index b1400c2210..3a1c111ea2 100644
--- a/archive/archive.go
+++ b/archive/archive.go
@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"compress/bzip2"
 	"compress/gzip"
+	"errors"
 	"fmt"
 	"github.com/dotcloud/docker/utils"
 	"io"
@@ -17,14 +18,18 @@ import (
 	"syscall"
 )
 
-type Archive io.Reader
+type (
+	Archive     io.Reader
+	Compression int
+	TarOptions  struct {
+		Includes    []string
+		Compression Compression
+	}
+)
 
-type Compression int
-
-type TarOptions struct {
-	Includes    []string
-	Compression Compression
-}
+var (
+	ErrNotImplemented = errors.New("Function not implemented")
+)
 
 const (
 	Uncompressed Compression = iota
@@ -236,14 +241,14 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader *tar.Reader)
 		return fmt.Errorf("Unhandled tar header type %d\n", hdr.Typeflag)
 	}
 
-	if err := syscall.Lchown(path, hdr.Uid, hdr.Gid); err != nil {
+	if err := os.Lchown(path, hdr.Uid, hdr.Gid); err != nil {
 		return err
 	}
 
 	// There is no LChmod, so ignore mode for symlink. Also, this
 	// must happen after chown, as that can modify the file mode
 	if hdr.Typeflag != tar.TypeSymlink {
-		if err := syscall.Chmod(path, uint32(hdr.Mode&07777)); err != nil {
+		if err := os.Chmod(path, os.FileMode(hdr.Mode&07777)); err != nil {
 			return err
 		}
 	}
@@ -251,7 +256,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader *tar.Reader)
 	ts := []syscall.Timespec{timeToTimespec(hdr.AccessTime), timeToTimespec(hdr.ModTime)}
 	// syscall.UtimesNano doesn't support a NOFOLLOW flag atm, and
 	if hdr.Typeflag != tar.TypeSymlink {
-		if err := syscall.UtimesNano(path, ts); err != nil {
+		if err := UtimesNano(path, ts); err != nil {
 			return err
 		}
 	} else {
diff --git a/archive/stat_darwin.go b/archive/start_unsupported.go
similarity index 72%
rename from archive/stat_darwin.go
rename to archive/start_unsupported.go
index 32203299dd..834eda8c65 100644
--- a/archive/stat_darwin.go
+++ b/archive/start_unsupported.go
@@ -13,5 +13,9 @@ func getLastModification(stat *syscall.Stat_t) syscall.Timespec {
 }
 
 func LUtimesNano(path string, ts []syscall.Timespec) error {
-	return nil
+	return ErrNotImplemented
+}
+
+func UtimesNano(path string, ts []syscall.Timespec) error {
+	return ErrNotImplemented
 }
diff --git a/archive/stat_linux.go b/archive/stat_linux.go
index 2f7a520ccd..f87a99c55a 100644
--- a/archive/stat_linux.go
+++ b/archive/stat_linux.go
@@ -30,3 +30,10 @@ func LUtimesNano(path string, ts []syscall.Timespec) error {
 
 	return nil
 }
+
+func UtimesNano(path string, ts []syscall.Timespec) error {
+	if err := syscall.UtimesNano(path, ts); err != nil {
+		return err
+	}
+	return nil
+}

From 547ac421995860f99d1d0803c3c1e7ea51dc681e Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume.charmes@docker.com>
Date: Fri, 7 Feb 2014 00:44:14 +0000
Subject: [PATCH 002/384] Add Freebsd client support

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
---
 pkg/term/termios_bsd.go | 67 +++++++++++++++++++++++++++++++++++++++++
 utils/signal_freebsd.go | 42 ++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)
 create mode 100644 pkg/term/termios_bsd.go
 create mode 100644 utils/signal_freebsd.go

diff --git a/pkg/term/termios_bsd.go b/pkg/term/termios_bsd.go
new file mode 100644
index 0000000000..9acf9dfe15
--- /dev/null
+++ b/pkg/term/termios_bsd.go
@@ -0,0 +1,67 @@
+package term
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+const (
+	getTermios = syscall.TIOCGETA
+	setTermios = syscall.TIOCSETA
+
+	IGNBRK = syscall.IGNBRK
+	PARMRK = syscall.PARMRK
+	INLCR  = syscall.INLCR
+	IGNCR  = syscall.IGNCR
+	ECHONL = syscall.ECHONL
+	CSIZE  = syscall.CSIZE
+	ICRNL  = syscall.ICRNL
+	ISTRIP = syscall.ISTRIP
+	PARENB = syscall.PARENB
+	ECHO   = syscall.ECHO
+	ICANON = syscall.ICANON
+	ISIG   = syscall.ISIG
+	IXON   = syscall.IXON
+	BRKINT = syscall.BRKINT
+	INPCK  = syscall.INPCK
+	OPOST  = syscall.OPOST
+	CS8    = syscall.CS8
+	IEXTEN = syscall.IEXTEN
+)
+
+type Termios struct {
+	Iflag  uint32
+	Oflag  uint32
+	Cflag  uint32
+	Lflag  uint32
+	Cc     [20]byte
+	Ispeed uint32
+	Ospeed uint32
+}
+
+// MakeRaw put the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd uintptr) (*State, error) {
+	var oldState State
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
+		return nil, err
+	}
+	//	C.makeraw()
+	//	return &oldState, nil
+
+	newState := oldState.termios
+	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
+	newState.Oflag &^= OPOST
+	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
+	newState.Cflag &^= (CSIZE | PARENB)
+	newState.Cflag |= CS8
+	newState.Cc[syscall.VMIN] = 1
+	newState.Cc[syscall.VTIME] = 0
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
+		return nil, err
+	}
+
+	return &oldState, nil
+}
diff --git a/utils/signal_freebsd.go b/utils/signal_freebsd.go
new file mode 100644
index 0000000000..65a700e894
--- /dev/null
+++ b/utils/signal_freebsd.go
@@ -0,0 +1,42 @@
+package utils
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+)
+
+func CatchAll(sigc chan os.Signal) {
+	signal.Notify(sigc,
+		syscall.SIGABRT,
+		syscall.SIGALRM,
+		syscall.SIGBUS,
+		syscall.SIGCHLD,
+		syscall.SIGCONT,
+		syscall.SIGFPE,
+		syscall.SIGHUP,
+		syscall.SIGILL,
+		syscall.SIGINT,
+		syscall.SIGIO,
+		syscall.SIGIOT,
+		syscall.SIGKILL,
+		syscall.SIGPIPE,
+		syscall.SIGPROF,
+		syscall.SIGQUIT,
+		syscall.SIGSEGV,
+		syscall.SIGSTOP,
+		syscall.SIGSYS,
+		syscall.SIGTERM,
+		syscall.SIGTRAP,
+		syscall.SIGTSTP,
+		syscall.SIGTTIN,
+		syscall.SIGTTOU,
+		syscall.SIGURG,
+		syscall.SIGUSR1,
+		syscall.SIGUSR2,
+		syscall.SIGVTALRM,
+		syscall.SIGWINCH,
+		syscall.SIGXCPU,
+		syscall.SIGXFSZ,
+	)
+}

From 3b969aad4af430372d5cac1e700f75dba8a38a13 Mon Sep 17 00:00:00 2001
From: Wes Morgan <cap10morgan@gmail.com>
Date: Thu, 30 Jan 2014 12:00:18 -0700
Subject: [PATCH 003/384] merge existing config when committing

Fixes #1141

Docker-DCO-1.1-Signed-off-by: Wes Morgan <cap10morgan@gmail.com> (github: cap10morgan)
---
 docs/sources/reference/commandline/cli.rst | 61 ++++++++++++++++------
 integration/server_test.go                 | 57 ++++++++++++++++++++
 server.go                                  | 11 ++--
 3 files changed, 110 insertions(+), 19 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 564ea8a034..1f83859c5c 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -83,7 +83,7 @@ Commands
       -v, --version=false: Print version information and quit
       --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available
 
-The Docker daemon is the persistent process that manages containers.  Docker uses the same binary for both the 
+The Docker daemon is the persistent process that manages containers.  Docker uses the same binary for both the
 daemon and client.  To run the daemon you provide the ``-d`` flag.
 
 To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``.
@@ -93,10 +93,10 @@ To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``.
 To run the daemon with debug output, use ``docker -d -D``.
 
 The docker client will also honor the ``DOCKER_HOST`` environment variable to set
-the ``-H`` flag for the client.  
+the ``-H`` flag for the client.
 
 ::
- 
+
         docker -H tcp://0.0.0.0:4243 ps
         # or
         export DOCKER_HOST="tcp://0.0.0.0:4243"
@@ -130,7 +130,7 @@ You can find examples of using systemd socket activation with docker and systemd
 
 You can detach from the container again (and leave it running) with
 ``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of
-the Docker client when it quits.  When you detach from the container's 
+the Docker client when it quits.  When you detach from the container's
 process the exit code will be returned to the client.
 
 To stop a container, use ``docker stop``.
@@ -292,7 +292,7 @@ by using the ``git://`` schema.
 
       -m, --message="": Commit message
       -a, --author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
-      --run="": Configuration to be applied when the image is launched with `docker run`.
+      --run="": Configuration changes to be applied when the image is launched with `docker run`.
                (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
 
 .. _cli_commit_examples:
@@ -304,14 +304,14 @@ Commit an existing container
 
 	$ sudo docker ps
 	ID                  IMAGE               COMMAND             CREATED             STATUS              PORTS
-	c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                             
-	197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours                             
+	c3f279d17e0a        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
+	197387f1b436        ubuntu:12.04        /bin/bash           7 days ago          Up 25 hours
 	$ docker commit c3f279d17e0a  SvenDowideit/testimage:version3
 	f5283438590d
 	$ docker images | head
 	REPOSITORY                        TAG                 ID                  CREATED             VIRTUAL SIZE
 	SvenDowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
-	
+
 Change the command that a container runs
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -333,11 +333,40 @@ run ``ls /etc``.
         apt                     host.conf        lsb-base             rc2.d
         ...
 
+Merged configs example
+......................
+
+Say you have a Dockerfile like so:
+
+.. code-block:: bash
+
+        ENV MYVAR foobar
+        RUN apt-get install openssh
+        EXPOSE 22
+        CMD ["/usr/sbin/sshd -D"]
+        ...
+
+If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the -run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit.
+
+.. code-block:: bash
+
+        $ docker build -t me/foo .
+        $ docker run -t -i me/foo /bin/bash
+        foo-container$ [make changes in the container]
+        foo-container$ exit
+        $ docker commit -run='{"Cmd": ["ls"]}' [container-id] me/bar
+        ...
+
+The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"].
+
+Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the -run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container.
+
 Full -run example
 .................
 
 The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID``
-or ``config`` when running ``docker inspect IMAGEID``.
+or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are
+not overridden in the JSON hash will be merged in.
 
 (Multiline is okay within a single quote ``'``)
 
@@ -653,7 +682,7 @@ Displaying image hierarchy
 
     Usage: docker import URL|- [REPOSITORY[:TAG]]
 
-    Create an empty filesystem image and import the contents of the tarball 
+    Create an empty filesystem image and import the contents of the tarball
     (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it.
 
 At this time, the URL must start with ``http`` and point to a single
@@ -918,7 +947,7 @@ Running ``docker ps`` showing 2 linked containers.
 
     $ docker ps
     CONTAINER ID        IMAGE                        COMMAND                CREATED              STATUS              PORTS               NAMES
-    4c01db0b339c        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds                           webapp              
+    4c01db0b339c        ubuntu:12.04                 bash                   17 seconds ago       Up 16 seconds                           webapp
     d7886598dbe2        crosbymichael/redis:latest   /redis-server --dir    33 minutes ago       Up 33 minutes       6379/tcp            redis,webapp/db
     fd2645e2e2b5        busybox:latest               top                    10 days ago          Ghost                                   insane_ptolemy
 
@@ -1022,7 +1051,7 @@ containers will not be deleted.
     Remove one or more images
 
       -f, --force=false: Force
-    
+
 Removing tagged images
 ~~~~~~~~~~~~~~~~~~~~~~
 
@@ -1101,8 +1130,8 @@ Once the container is stopped it still exists and can be started back up.  See `
 The ``docker run`` command can be used in combination with ``docker commit`` to
 :ref:`change the command that a container runs <cli_commit_examples>`.
 
-See :ref:`port_redirection` for more detailed information about the ``--expose``, 
-``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for 
+See :ref:`port_redirection` for more detailed information about the ``--expose``,
+``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for
 specific examples using ``--link``.
 
 Known Issues (run -volumes-from)
@@ -1182,8 +1211,8 @@ starting your container.
 
    $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh
 
-By bind-mounting the docker unix socket and statically linked docker binary 
-(such as that provided by https://get.docker.io), you give the container 
+By bind-mounting the docker unix socket and statically linked docker binary
+(such as that provided by https://get.docker.io), you give the container
 the full access to create and manipulate the host's docker daemon.
 
 .. code-block:: bash
diff --git a/integration/server_test.go b/integration/server_test.go
index 1247e8d2d8..915119f65c 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -219,6 +219,63 @@ func TestCommit(t *testing.T) {
 	}
 }
 
+func TestMergeConfigOnCommit(t *testing.T) {
+	eng := NewTestEngine(t)
+	runtime := mkRuntimeFromEngine(eng, t)
+	defer runtime.Nuke()
+
+	container1, _, _ := mkContainer(runtime, []string{"-e", "FOO=bar", unitTestImageID, "echo test > /tmp/foo"}, t)
+	defer runtime.Destroy(container1)
+
+	config, _, _, err := runconfig.Parse([]string{container1.ID, "cat /tmp/foo"}, nil)
+	if err != nil {
+		t.Error(err)
+	}
+
+	job := eng.Job("commit", container1.ID)
+	job.Setenv("repo", "testrepo")
+	job.Setenv("tag", "testtag")
+	job.SetenvJson("config", config)
+	var newId string
+	job.Stdout.AddString(&newId)
+	if err := job.Run(); err != nil {
+		t.Error(err)
+	}
+
+	container2, _, _ := mkContainer(runtime, []string{newId}, t)
+	defer runtime.Destroy(container2)
+
+	job = eng.Job("inspect", container1.Name, "container")
+	baseContainer, _ := job.Stdout.AddEnv()
+	if err := job.Run(); err != nil {
+		t.Error(err)
+	}
+
+	job = eng.Job("inspect", container2.Name, "container")
+	commitContainer, _ := job.Stdout.AddEnv()
+	if err := job.Run(); err != nil {
+		t.Error(err)
+	}
+
+	baseConfig := baseContainer.GetSubEnv("Config")
+	commitConfig := commitContainer.GetSubEnv("Config")
+
+	if commitConfig.Get("Env") != baseConfig.Get("Env") {
+		t.Fatalf("Env config in committed container should be %v, was %v",
+			baseConfig.Get("Env"), commitConfig.Get("Env"))
+	}
+
+	if baseConfig.Get("Cmd") != "[\"echo test \\u003e /tmp/foo\"]" {
+		t.Fatalf("Cmd in base container should be [\"echo test \\u003e /tmp/foo\"], was %s",
+			baseConfig.Get("Cmd"))
+	}
+
+	if commitConfig.Get("Cmd") != "[\"cat /tmp/foo\"]" {
+		t.Fatalf("Cmd in committed container should be [\"cat /tmp/foo\"], was %s",
+			commitConfig.Get("Cmd"))
+	}
+}
+
 func TestRestartKillWait(t *testing.T) {
 	eng := NewTestEngine(t)
 	srv := mkServerFromEngine(eng, t)
diff --git a/server.go b/server.go
index e6176e18bd..a0bfd286c5 100644
--- a/server.go
+++ b/server.go
@@ -1043,12 +1043,17 @@ func (srv *Server) ContainerCommit(job *engine.Job) engine.Status {
 	if container == nil {
 		return job.Errorf("No such container: %s", name)
 	}
-	var config runconfig.Config
-	if err := job.GetenvJson("config", &config); err != nil {
+	var config = container.Config
+	var newConfig runconfig.Config
+	if err := job.GetenvJson("config", &newConfig); err != nil {
 		return job.Error(err)
 	}
 
-	img, err := srv.runtime.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), &config)
+	if err := runconfig.Merge(&newConfig, config); err != nil {
+		return job.Error(err)
+	}
+
+	img, err := srv.runtime.Commit(container, job.Getenv("repo"), job.Getenv("tag"), job.Getenv("comment"), job.Getenv("author"), &newConfig)
 	if err != nil {
 		return job.Error(err)
 	}

From b39d02b611f1cc0af283f417b73bf0d36f26277a Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren.s.shepherd@gmail.com>
Date: Mon, 3 Mar 2014 21:53:57 -0700
Subject: [PATCH 004/384] Support hairpin NAT without going through docker
 server

Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
---
 pkg/iptables/iptables.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/iptables/iptables.go b/pkg/iptables/iptables.go
index 4cdd67ef7c..1f25952bd9 100644
--- a/pkg/iptables/iptables.go
+++ b/pkg/iptables/iptables.go
@@ -66,7 +66,6 @@ func (c *Chain) Forward(action Action, ip net.IP, port int, proto, dest_addr str
 		"-p", proto,
 		"-d", daddr,
 		"--dport", strconv.Itoa(port),
-		"!", "-i", c.Bridge,
 		"-j", "DNAT",
 		"--to-destination", net.JoinHostPort(dest_addr, strconv.Itoa(dest_port))); err != nil {
 		return err

From 2aeccdd3bb98760ab10e834c6c134bb76f664910 Mon Sep 17 00:00:00 2001
From: Alexey Kotlyarov <alexey@infoxchange.net.au>
Date: Tue, 4 Mar 2014 14:45:14 +1100
Subject: [PATCH 005/384] Create directories for tar files with relaxed
 permissions

Docker-DCO-1.1-Signed-off-by: Alexey Kotlyarov <alexey@infoxchange.net.au> (github: koterpillar)
---
 archive/archive.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/archive/archive.go b/archive/archive.go
index 72bd31a281..c15a9d153b 100644
--- a/archive/archive.go
+++ b/archive/archive.go
@@ -403,7 +403,7 @@ func Untar(archive io.Reader, dest string, options *TarOptions) error {
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = os.MkdirAll(parentPath, 600)
+				err = os.MkdirAll(parentPath, 0777)
 				if err != nil {
 					return err
 				}

From 28a545d294cac3b2e1f4266f5099bd2c5ddb342f Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Fri, 14 Feb 2014 16:56:21 +1000
Subject: [PATCH 006/384] Show some ENV / local updated baseimage tricks that
 use an apt-cacher-ng proxy to make debian based installations instant

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 .../sources/examples/apt-cacher-ng.Dockerfile |  15 +++
 docs/sources/examples/apt-cacher-ng.rst       | 104 ++++++++++++++++++
 docs/sources/examples/index.rst               |   1 +
 3 files changed, 120 insertions(+)
 create mode 100644 docs/sources/examples/apt-cacher-ng.Dockerfile
 create mode 100644 docs/sources/examples/apt-cacher-ng.rst

diff --git a/docs/sources/examples/apt-cacher-ng.Dockerfile b/docs/sources/examples/apt-cacher-ng.Dockerfile
new file mode 100644
index 0000000000..fcc326815d
--- /dev/null
+++ b/docs/sources/examples/apt-cacher-ng.Dockerfile
@@ -0,0 +1,15 @@
+#
+# BUILD		docker build -t apt-cacher .
+# RUN		docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher
+#
+# and then you can run containers with:
+# 		docker run -t -i -rm -e http_proxy http://dockerhost:3142/ debian bash
+#
+FROM		ubuntu
+MAINTAINER	SvenDowideit@docker.com
+
+VOLUME		["/var/cache/apt-cacher-ng"]
+RUN		apt-get update ; apt-get install -yq apt-cacher-ng
+
+EXPOSE 		3142
+CMD		chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*
diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst
new file mode 100644
index 0000000000..f828e4e1e7
--- /dev/null
+++ b/docs/sources/examples/apt-cacher-ng.rst
@@ -0,0 +1,104 @@
+:title: Running an apt-cacher-ng service
+:description: Installing and running an apt-cacher-ng service
+:keywords: docker, example, package installation, networking, debian, ubuntu
+
+.. _running_apt-cacher-ng_service:
+
+Apt-Cacher-ng Service
+=====================
+
+.. include:: example_header.inc
+
+
+When you have multiple Docker servers, or build unrelated Docker containers
+which can't make use of the Docker build cache, it can be useful to have a 
+caching proxy for your packages. This container makes the second download of
+any package almost instant.
+
+Use the following Dockerfile:
+
+.. literalinclude:: apt-cacher-ng.Dockerfile
+
+To build the image using:
+
+.. code-block:: bash
+
+    $ sudo docker build -rm -t eg_apt_cacher_ng .
+
+Then run it, mapping the exposed port to one on the host
+
+.. code-block:: bash
+
+    $ sudo docker run -d -p 3142:3142 -name test_apt_cacher_ng eg_apt_cacher_ng
+
+To see the logfiles that are 'tailed' in the default command, you can use: 
+
+.. code-block:: bash
+
+    $ sudo docker logs -f test_apt_cacher_ng
+
+To get your Debian based containers to use the proxy, you can do one of 3 things
+
+1. Set and environment variable: ``http_proxy=http://dockerhost:3142/``
+2. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy``
+3. Change your sources.list entries to start with ``http://dockerhost:3142/``
+
+Option 1 will work for running a container, so is good for testing, but will 
+break any non-apt http requests, like ``curl``, ``wget`` and more.:
+
+.. code-block:: bash
+
+    $ sudo docker run -rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
+
+Or you can inject the settings safely into your apt configuration in a local
+version of a common base:
+
+.. code-block:: bash
+
+    FROM ubuntu
+
+    RUN  echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy
+
+    RUN apt-get update ; apt-get install vim git
+
+    # docker build -t my_ubuntu .
+
+Option 3 is the least portable, but there will be times when you might need to
+do it - and you can do it from your Dockerfile too.
+
+Apt-cacher-ng has some tools that allow you to manage the repository, and they 
+can be used by leveraging the ``VOLUME``, and the image we built to run the 
+service:
+
+.. code-block:: bash
+
+    $ sudo docker run -rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash
+
+    $$ /usr/lib/apt-cacher-ng/distkill.pl
+    Scanning /var/cache/apt-cacher-ng, please wait...
+    Found distributions:
+    bla, taggedcount: 0
+         1. precise-security (36 index files)
+         2. wheezy (25 index files)
+         3. precise-updates (36 index files)
+         4. precise (36 index files)
+         5. wheezy-updates (18 index files)
+
+    Found architectures:
+         6. amd64 (36 index files)
+         7. i386 (24 index files)
+
+    WARNING: The removal action may wipe out whole directories containing
+             index files. Select d to see detailed list.
+
+    (Number nn: tag distribution or architecture nn; 0: exit; d: show details; r: remove tagged; q: quit): q
+
+
+Finally, clean up after your test by stopping and removing the container, and
+then removing the image.
+
+.. code-block:: bash
+
+    $ sudo docker stop test_apt_cacher_ng
+    $ sudo docker rm test_apt_cacher_ng
+    $ sudo docker rmi eg_apt_cacher_ng
diff --git a/docs/sources/examples/index.rst b/docs/sources/examples/index.rst
index cf9ed9340a..383d0760f7 100644
--- a/docs/sources/examples/index.rst
+++ b/docs/sources/examples/index.rst
@@ -26,3 +26,4 @@ to more substantial services like those which you might find in production.
    using_supervisord
    cfengine_process_management
    python_web_app
+   apt-cacher-ng

From cadd94f44c6f6e276a5b028a2935b5e352408d3b Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@home.org.au>
Date: Tue, 18 Feb 2014 12:55:14 +1000
Subject: [PATCH 007/384] implement pharvey's suggestions

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
---
 docs/sources/examples/apt-cacher-ng.rst | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst
index f828e4e1e7..0fb55720f2 100644
--- a/docs/sources/examples/apt-cacher-ng.rst
+++ b/docs/sources/examples/apt-cacher-ng.rst
@@ -37,20 +37,13 @@ To see the logfiles that are 'tailed' in the default command, you can use:
 
     $ sudo docker logs -f test_apt_cacher_ng
 
-To get your Debian based containers to use the proxy, you can do one of 3 things
+To get your Debian based containers to use the proxy, you can do one of three things
 
-1. Set and environment variable: ``http_proxy=http://dockerhost:3142/``
-2. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy``
+1. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy``
+2. Set and environment variable: ``http_proxy=http://dockerhost:3142/``
 3. Change your sources.list entries to start with ``http://dockerhost:3142/``
 
-Option 1 will work for running a container, so is good for testing, but will 
-break any non-apt http requests, like ``curl``, ``wget`` and more.:
-
-.. code-block:: bash
-
-    $ sudo docker run -rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
-
-Or you can inject the settings safely into your apt configuration in a local
+**Option 1** injects the settings safely into your apt configuration in a local
 version of a common base:
 
 .. code-block:: bash
@@ -63,7 +56,14 @@ version of a common base:
 
     # docker build -t my_ubuntu .
 
-Option 3 is the least portable, but there will be times when you might need to
+**Option 2** is good for testing, but will 
+break other HTTP clients which obey ``http_proxy``, such as ``curl``, ``wget`` and others:
+
+.. code-block:: bash
+
+    $ sudo docker run -rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
+
+**Option 3** is the least portable, but there will be times when you might need to
 do it - and you can do it from your Dockerfile too.
 
 Apt-cacher-ng has some tools that allow you to manage the repository, and they 

From 1cdd775f5d95c4da2895da85b00ffa2917bbf9b0 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 6 Mar 2014 15:12:09 +0100
Subject: [PATCH 008/384] DeviceMapper: Succeed immediately when removing
 non-existant devices

We've seen situations where removal of "ID-init" failed during
container deletion (EBUSY), after removal of "ID" has succeeded. This
caused the container delete operation to fail, and on the next delete
attempt the removal of "ID" failed immediately with "does not exist".

Ideally we should not fail the ID-init removal, but its also non-ideal
to allow a state where the container is half-removed and we cannot
make progress deleting the container. So, we silently ignore not-exist
errors on device removal.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 graphdriver/devmapper/driver.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/graphdriver/devmapper/driver.go b/graphdriver/devmapper/driver.go
index 4d414f9a75..8c5a19eea0 100644
--- a/graphdriver/devmapper/driver.go
+++ b/graphdriver/devmapper/driver.go
@@ -90,6 +90,13 @@ func (d *Driver) Create(id, parent string) error {
 }
 
 func (d *Driver) Remove(id string) error {
+	if !d.DeviceSet.HasDevice(id) {
+		// Consider removing a non-existing device a no-op
+		// This is useful to be able to progress on container removal
+		// if the underlying device has gone away due to earlier errors
+		return nil
+	}
+
 	// Sink the float from create in case no Get() call was made
 	if err := d.DeviceSet.UnmountDevice(id, UnmountSink); err != nil {
 		return err

From 3e8a02a9399618917194b37435f5eed9ff86fe2f Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 6 Mar 2014 18:14:56 +0100
Subject: [PATCH 009/384] devmapper: Add per-device lock

We currently use a global lock to protect global data (like the
Devices map) as well as device data itself and access to
(non-threadsafe) libdevmapper.

This commit also adds a per-device lock, which will allow per-device
operations to temporarily release the global lock while e.g. waiting.
The per-device lock will make sure that nothing else accesses that
device while we're operating on it.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 graphdriver/devmapper/deviceset.go | 39 +++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/graphdriver/devmapper/deviceset.go b/graphdriver/devmapper/deviceset.go
index 303e363e92..f1a0e47d03 100644
--- a/graphdriver/devmapper/deviceset.go
+++ b/graphdriver/devmapper/deviceset.go
@@ -39,6 +39,13 @@ type DevInfo struct {
 	// first get (since we need to mount to set up the device
 	// a bit first).
 	floating bool `json:"-"`
+
+	// The global DeviceSet lock guarantees that we serialize all
+	// the calls to libdevmapper (which is not threadsafe), but we
+	// sometimes release that lock while sleeping. In that case
+	// this per-device lock is still held, protecting against
+	// other accesses to the device that we're doing the wait on.
+	lock sync.Mutex `json:"-"`
 }
 
 type MetaData struct {
@@ -47,7 +54,7 @@ type MetaData struct {
 
 type DeviceSet struct {
 	MetaData
-	sync.Mutex
+	sync.Mutex       // Protects Devices map and serializes calls into libdevmapper
 	root             string
 	devicePrefix     string
 	TransactionId    uint64
@@ -569,6 +576,9 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 		return fmt.Errorf("Error adding device for '%s': can't find device for parent '%s'", hash, baseHash)
 	}
 
+	baseInfo.lock.Lock()
+	defer baseInfo.lock.Unlock()
+
 	deviceId := devices.allocateDeviceId()
 
 	if err := devices.createSnapDevice(devices.getPoolDevName(), deviceId, baseInfo.Name(), baseInfo.DeviceId); err != nil {
@@ -636,6 +646,14 @@ func (devices *DeviceSet) DeleteDevice(hash string) error {
 	devices.Lock()
 	defer devices.Unlock()
 
+	info := devices.Devices[hash]
+	if info == nil {
+		return fmt.Errorf("Unknown device %s", hash)
+	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
 	return devices.deleteDevice(hash)
 }
 
@@ -773,20 +791,26 @@ func (devices *DeviceSet) Shutdown() error {
 	defer utils.Debugf("[deviceset %s] shutdown END", devices.devicePrefix)
 
 	for _, info := range devices.Devices {
+		info.lock.Lock()
 		if info.mountCount > 0 {
 			if err := sysUnmount(info.mountPath, 0); err != nil {
 				utils.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
 			}
 		}
+		info.lock.Unlock()
 	}
 
 	for _, d := range devices.Devices {
+		d.lock.Lock()
+
 		if err := devices.waitClose(d.Hash); err != nil {
 			utils.Errorf("Warning: error waiting for device %s to unmount: %s\n", d.Hash, err)
 		}
 		if err := devices.deactivateDevice(d.Hash); err != nil {
 			utils.Debugf("Shutdown deactivate %s , error: %s\n", d.Hash, err)
 		}
+
+		d.lock.Unlock()
 	}
 
 	if err := devices.deactivatePool(); err != nil {
@@ -805,6 +829,9 @@ func (devices *DeviceSet) MountDevice(hash, path string) error {
 		return fmt.Errorf("Unknown device %s", hash)
 	}
 
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
 	if info.mountCount > 0 {
 		if path != info.mountPath {
 			return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path)
@@ -851,6 +878,9 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 		return fmt.Errorf("UnmountDevice: no such device %s\n", hash)
 	}
 
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
 	if mode == UnmountFloat {
 		if info.floating {
 			return fmt.Errorf("UnmountDevice: can't float floating reference %s\n", hash)
@@ -920,6 +950,10 @@ func (devices *DeviceSet) HasActivatedDevice(hash string) bool {
 	if info == nil {
 		return false
 	}
+
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
 	devinfo, _ := getInfo(info.Name())
 	return devinfo != nil && devinfo.Exists != 0
 }
@@ -974,6 +1008,9 @@ func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
 		return nil, fmt.Errorf("No device %s", hash)
 	}
 
+	info.lock.Lock()
+	defer info.lock.Unlock()
+
 	status := &DevStatus{
 		DeviceId:      info.DeviceId,
 		Size:          info.Size,

From 81f148be566ab2b17810ad4be61a5d8beac8330f Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 6 Mar 2014 18:25:43 +0100
Subject: [PATCH 010/384] devmapper: Increase sleep times and unlock while
 sleeping

We've seen some cases in the wild where waiting for unmount/deactivate
of devmapper devices taking a long time (several seconds). So, we increase
the sleeps to 10 seconds before we timeout. For instance:

https://github.com/dotcloud/docker/issues/4389

But, in order to not keep other processes blocked we unlock the global
dm lock while waiting to allow other devices to continue working.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 graphdriver/devmapper/deviceset.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/graphdriver/devmapper/deviceset.go b/graphdriver/devmapper/deviceset.go
index f1a0e47d03..f6b26655a3 100644
--- a/graphdriver/devmapper/deviceset.go
+++ b/graphdriver/devmapper/deviceset.go
@@ -701,7 +701,7 @@ func (devices *DeviceSet) deactivateDevice(hash string) error {
 func (devices *DeviceSet) removeDeviceAndWait(devname string) error {
 	var err error
 
-	for i := 0; i < 10; i++ {
+	for i := 0; i < 1000; i++ {
 		devices.sawBusy = false
 		err = removeDevice(devname)
 		if err == nil {
@@ -713,7 +713,9 @@ func (devices *DeviceSet) removeDeviceAndWait(devname string) error {
 
 		// If we see EBUSY it may be a transient error,
 		// sleep a bit a retry a few times.
-		time.Sleep(5 * time.Millisecond)
+		devices.Unlock()
+		time.Sleep(10 * time.Millisecond)
+		devices.Lock()
 	}
 	if err != nil {
 		return err
@@ -746,7 +748,9 @@ func (devices *DeviceSet) waitRemove(devname string) error {
 			break
 		}
 
-		time.Sleep(1 * time.Millisecond)
+		devices.Unlock()
+		time.Sleep(10 * time.Millisecond)
+		devices.Lock()
 	}
 	if i == 1000 {
 		return fmt.Errorf("Timeout while waiting for device %s to be removed", devname)

From 188dea9e0e8b968b28a288192c357343dcc5834c Mon Sep 17 00:00:00 2001
From: Walter Leibbrandt <github@wrl.co.za>
Date: Thu, 6 Mar 2014 23:33:08 +0200
Subject: [PATCH 011/384] Fixed installmirrors ref

Nested inline markup is not (yet) possible: http://stackoverflow.com/a/9645684
---
 docs/sources/installation/ubuntulinux.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 416d56765e..c459f33d3c 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -64,7 +64,7 @@ Installation
    an earlier version, you will need to follow them again.
 
 Docker is available as a Debian package, which makes installation
-easy. **See the :ref:`installmirrors` section below if you are not in
+easy. **See the** :ref:`installmirrors` **section below if you are not in
 the United States.** Other sources of the Debian packages may be
 faster for you to install.
 

From 3729ece2ea1c4aad286b7535a7c137045a9da107 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 7 Mar 2014 02:20:59 +0000
Subject: [PATCH 012/384] improve alpha sort in mflag

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/mflag/flag.go | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/pkg/mflag/flag.go b/pkg/mflag/flag.go
index 7125c030ed..8b3d61e816 100644
--- a/pkg/mflag/flag.go
+++ b/pkg/mflag/flag.go
@@ -286,9 +286,24 @@ type Flag struct {
 	DefValue string   // default value (as text); for usage message
 }
 
+type flagSlice []string
+
+func (p flagSlice) Len() int { return len(p) }
+func (p flagSlice) Less(i, j int) bool {
+	pi, pj := p[i], p[j]
+	if pi[0] == '-' {
+		pi = pi[1:]
+	}
+	if pj[0] == '-' {
+		pj = pj[1:]
+	}
+	return pi < pj
+}
+func (p flagSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
+
 // sortFlags returns the flags as a slice in lexicographical sorted order.
 func sortFlags(flags map[string]*Flag) []*Flag {
-	var list sort.StringSlice
+	var list flagSlice
 	for _, f := range flags {
 		fName := strings.TrimPrefix(f.Names[0], "#")
 		if len(f.Names) == 1 {
@@ -307,7 +322,7 @@ func sortFlags(flags map[string]*Flag) []*Flag {
 			list = append(list, fName)
 		}
 	}
-	list.Sort()
+	sort.Sort(list)
 	result := make([]*Flag, len(list))
 	for i, name := range list {
 		result[i] = flags[name]

From aceb10b1e51d1d9016b25fa5275e5a4f02772c57 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 6 Mar 2014 22:26:47 -0700
Subject: [PATCH 013/384] Resync the DCO text with upstream at
 http://developercertificate.org/

```
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
```

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 CONTRIBUTING.md | 53 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c03c5d0d9c..0e8b98122f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -126,33 +126,46 @@ For more details see [MAINTAINERS.md](hack/MAINTAINERS.md)
 The sign-off is a simple line at the end of the explanation for the
 patch, which certifies that you wrote it or otherwise have the right to
 pass it on as an open-source patch.  The rules are pretty simple: if you
-can certify the below:
+can certify the below (from
+[developercertificate.org](http://developercertificate.org/)):
 
 ```
-Docker Developer Certificate of Origin 1.1
+Developer Certificate of Origin
+Version 1.1
 
-By making a contribution to the Docker Project ("Project"), I represent and
-warrant that:
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
 
-a. The contribution was created in whole or in part by me and I have the right
-to submit the contribution on my own behalf or on behalf of a third party who
-has authorized me to submit this contribution to the Project; or
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
 
-b. The contribution is based upon previous work that, to the best of my
-knowledge, is covered under an appropriate open source license and I have the
-right and authorization to submit that work with modifications, whether
-created in whole or in part by me, under the same open source license (unless
-I am permitted to submit under a different license) that I have identified in
-the contribution; or
 
-c. The contribution was provided directly to me by some other person who
-represented and warranted (a) or (b) and I have not modified it.
+Developer's Certificate of Origin 1.1
 
-d. I understand and agree that this Project and the contribution are publicly
-known and that a record of the contribution (including all personal
-information I submit with it, including my sign-off record) is maintained
-indefinitely and may be redistributed consistent with this Project or the open
-source license(s) involved.
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
 ```
 
 then you just add a line to every git commit message:

From 0a819380c52cbfcc9d674475913267a33b249e00 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 6 Mar 2014 23:16:26 -0700
Subject: [PATCH 014/384] Clarify how to update the docs branch in the
 RELEASE-CHECKLIST with concrete instructions

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/RELEASE-CHECKLIST.md | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/hack/RELEASE-CHECKLIST.md b/hack/RELEASE-CHECKLIST.md
index 84a0ff70e1..d6c91a5e43 100644
--- a/hack/RELEASE-CHECKLIST.md
+++ b/hack/RELEASE-CHECKLIST.md
@@ -175,19 +175,23 @@ release is uploaded to get.docker.io!
 
 ### 10. Go to github to merge the `bump_$VERSION` branch into release
 
-Don't delete the leftover branch just yet, as we will need it for the next step.
-
-### 11. Go to github to merge the `bump_$VERSION` branch into docs
-
-Merging the pull request to the docs branch will automatically
-update the documentation on the "latest" revision of the docs. You
-should see the updated docs 5-10 minutes after the merge. The docs
-will appear on http://docs.docker.io/. For more information about
-documentation releases, see `docs/README.md`.
-
 Don't forget to push that pretty blue button to delete the leftover
 branch afterwards!
 
+### 11. Update the docs branch
+
+```bash
+git checkout docs
+git fetch
+git reset --hard origin/release
+git push -f origin docs
+```
+
+Updating the docs branch will automatically update the documentation on the
+"latest" revision of the docs. You should see the updated docs 5-10 minutes
+after the merge. The docs will appear on http://docs.docker.io/. For more
+information about documentation releases, see `docs/README.md`.
+
 ### 12. Create a new pull request to merge release back into master
 
 ```bash

From 661cf32e4f996385ec7791e93ea8edea80fd2e37 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 6 Mar 2014 23:26:18 -0700
Subject: [PATCH 015/384] Note within the RELEASE-CHECKLIST that "origin" is
 assumed to be upstream

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/RELEASE-CHECKLIST.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hack/RELEASE-CHECKLIST.md b/hack/RELEASE-CHECKLIST.md
index 84a0ff70e1..6e23489a42 100644
--- a/hack/RELEASE-CHECKLIST.md
+++ b/hack/RELEASE-CHECKLIST.md
@@ -6,6 +6,21 @@ So you're in charge of a Docker release? Cool. Here's what to do.
 If your experience deviates from this document, please document the changes
 to keep it up-to-date.
 
+It is important to note that this document assumes that the git remote in your
+repository that corresponds to "https://github.com/dotcloud/docker" is named
+"origin".  If yours is not (for example, if you've chosen to name it "upstream"
+or something similar instead), be sure to adjust the listed snippets for your
+local environment accordingly.  If you are not sure what your upstream remote is
+named, use a command like `git remote -v` to find out.
+
+If you don't have an upstream remote, you can add one easily using something
+like:
+
+```bash
+git remote add origin https://github.com/dotcloud/docker.git
+git remote add YOURUSER git@github.com:YOURUSER/docker.git
+```
+
 ### 1. Pull from master and create a release branch
 
 ```bash

From d61938d2b879fe0ccbf46b4a7ca8dd2eb537eee9 Mon Sep 17 00:00:00 2001
From: Tom Fotherby <tom+github@peopleperhour.com>
Date: Fri, 7 Mar 2014 16:41:11 +0000
Subject: [PATCH 016/384] Correct Docker run --host param to --hostname

---
 docs/sources/reference/commandline/cli.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 2e49cd5ca5..2404e29b29 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1096,7 +1096,7 @@ image is removed.
       --cidfile="": Write the container ID to the file
       -d, --detach=false: Detached mode: Run container in the background, print new container id
       -e, --env=[]: Set environment variables
-      -h, --host="": Container host name
+      -h, --hostname="": Container host name
       -i, --interactive=false: Keep stdin open even if not attached
       --privileged=false: Give extended privileges to this container
       -m, --memory="": Memory limit (format: <number><optional unit>, where unit = b, k, m or g)

From bc086a9cd61b2d15fbef9db3cb53c7f3650fda48 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 7 Mar 2014 20:07:17 +0000
Subject: [PATCH 017/384] fix string in docker images

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 server.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server.go b/server.go
index 024b8aa3c4..91c58f62e2 100644
--- a/server.go
+++ b/server.go
@@ -1011,7 +1011,11 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		out.Set("Id", container.ID)
 		out.SetList("Names", names[container.ID])
 		out.Set("Image", srv.runtime.repositories.ImageName(container.Image))
-		out.Set("Command", fmt.Sprintf("%s %s", container.Path, strings.Join(container.Args, " ")))
+		if len(container.Args) > 0 {
+			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, strings.Join(container.Args, " ")))
+		} else {
+			out.Set("Command", fmt.Sprintf("\"%s\"", container.Path))
+		}
 		out.SetInt64("Created", container.Created.Unix())
 		out.Set("Status", container.State.String())
 		str, err := container.NetworkSettings.PortMappingAPI().ToListString()

From 7da37fec13a0097284ffbbe05514de477cd98677 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 7 Mar 2014 23:39:03 +0000
Subject: [PATCH 018/384] handle capital

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/mflag/flag.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/mflag/flag.go b/pkg/mflag/flag.go
index 8b3d61e816..f16f641341 100644
--- a/pkg/mflag/flag.go
+++ b/pkg/mflag/flag.go
@@ -290,7 +290,7 @@ type flagSlice []string
 
 func (p flagSlice) Len() int { return len(p) }
 func (p flagSlice) Less(i, j int) bool {
-	pi, pj := p[i], p[j]
+	pi, pj := strings.ToLower(p[i]), strings.ToLower(p[j])
 	if pi[0] == '-' {
 		pi = pi[1:]
 	}

From d04f4d836c6b2a9266350a1b0e284949dcc6510a Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Sat, 8 Mar 2014 17:36:18 +0200
Subject: [PATCH 019/384] upgrade packages after debootstrap

This makes mkimage-debootstrap upgrade packages after retrieving
updated lists of packages.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 contrib/mkimage-debootstrap.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/mkimage-debootstrap.sh b/contrib/mkimage-debootstrap.sh
index bf89600973..33ba7b07cb 100755
--- a/contrib/mkimage-debootstrap.sh
+++ b/contrib/mkimage-debootstrap.sh
@@ -219,6 +219,7 @@ if [ -z "$strictDebootstrap" ]; then
 	
 	# make sure our packages lists are as up to date as we can get them
 	sudo chroot . apt-get update
+	sudo chroot . apt-get dist-upgrade -y
 fi
 
 if [ "$justTar" ]; then

From 59acb8c83d3f21ae82c540774653ccd0a46f1a1f Mon Sep 17 00:00:00 2001
From: Scott Collier <emailscottcollier@gmail.com>
Date: Sat, 8 Mar 2014 16:32:00 -0600
Subject: [PATCH 020/384] Adding the new options to the `docker ps`
 documentation.

URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)
---
 docs/sources/reference/commandline/cli.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 2e49cd5ca5..5b43e45eb4 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -933,8 +933,14 @@ new output from the container's stdout and stderr.
     List containers
 
       -a, --all=false: Show all containers. Only running containers are shown by default.
+      --before-id="": Show only container created before Id, include non-running ones.
+      -l, --latest=false: Show only the latest created container, include non-running ones.
+      -n=-1: Show n last created containers, include non-running ones.
       --no-trunc=false: Don't truncate output
       -q, --quiet=false: Only display numeric IDs
+      -s, --size=false: Display sizes, not to be used with -q
+      --since-id="": Show only containers created since Id, include non-running ones.
+
 
 Running ``docker ps`` showing 2 linked containers.
 

From c000cb64712349141596318dea2a8de2462c8f81 Mon Sep 17 00:00:00 2001
From: Johannes 'fish' Ziemke <github@freigeist.org>
Date: Thu, 27 Feb 2014 13:47:59 +0100
Subject: [PATCH 021/384] Add authenticated TLS support for API

Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
---
 api/client.go                                 |  22 ++-
 api/server.go                                 |  39 +++++-
 contrib/host-integration/manager.go           |   2 +-
 docker/docker.go                              |  70 +++++++++-
 docs/sources/examples/https.rst               | 126 ++++++++++++++++++
 docs/sources/examples/index.rst               |   1 +
 docs/sources/reference/commandline/cli.rst    |   5 +
 integration/commands_test.go                  |  44 +++---
 integration/fixtures/https/ca.pem             |  23 ++++
 integration/fixtures/https/client-cert.pem    |  73 ++++++++++
 integration/fixtures/https/client-key.pem     |  16 +++
 .../fixtures/https/client-rogue-cert.pem      |  73 ++++++++++
 .../fixtures/https/client-rogue-key.pem       |  16 +++
 integration/fixtures/https/server-cert.pem    |  76 +++++++++++
 integration/fixtures/https/server-key.pem     |  16 +++
 .../fixtures/https/server-rogue-cert.pem      |  76 +++++++++++
 .../fixtures/https/server-rogue-key.pem       |  16 +++
 integration/https_test.go                     |  82 ++++++++++++
 integration/runtime_test.go                   |  86 ++++++++++--
 19 files changed, 812 insertions(+), 50 deletions(-)
 create mode 100644 docs/sources/examples/https.rst
 create mode 100644 integration/fixtures/https/ca.pem
 create mode 100644 integration/fixtures/https/client-cert.pem
 create mode 100644 integration/fixtures/https/client-key.pem
 create mode 100644 integration/fixtures/https/client-rogue-cert.pem
 create mode 100644 integration/fixtures/https/client-rogue-key.pem
 create mode 100644 integration/fixtures/https/server-cert.pem
 create mode 100644 integration/fixtures/https/server-key.pem
 create mode 100644 integration/fixtures/https/server-rogue-cert.pem
 create mode 100644 integration/fixtures/https/server-rogue-key.pem
 create mode 100644 integration/https_test.go

diff --git a/api/client.go b/api/client.go
index 338a5b0de1..b8ac0f94c7 100644
--- a/api/client.go
+++ b/api/client.go
@@ -3,6 +3,7 @@ package api
 import (
 	"bufio"
 	"bytes"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
@@ -57,8 +58,8 @@ func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
 	return method.Interface().(func(...string) error), true
 }
 
-func ParseCommands(proto, addr string, args ...string) error {
-	cli := NewDockerCli(os.Stdin, os.Stdout, os.Stderr, proto, addr)
+func ParseCommands(proto, addr string, tlsConfig *tls.Config, args ...string) error {
+	cli := NewDockerCli(os.Stdin, os.Stdout, os.Stderr, proto, addr, tlsConfig)
 
 	if len(args) > 0 {
 		method, exists := cli.getMethod(args[0])
@@ -2026,6 +2027,13 @@ func (cli *DockerCli) CmdLoad(args ...string) error {
 	return nil
 }
 
+func (cli *DockerCli) dial() (net.Conn, error) {
+	if cli.tlsConfig != nil && cli.proto != "unix" {
+		return tls.Dial(cli.proto, cli.addr, cli.tlsConfig)
+	}
+	return net.Dial(cli.proto, cli.addr)
+}
+
 func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) {
 	params := bytes.NewBuffer(nil)
 	if data != nil {
@@ -2078,7 +2086,7 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b
 	} else if method == "POST" {
 		req.Header.Set("Content-Type", "plain/text")
 	}
-	dial, err := net.Dial(cli.proto, cli.addr)
+	dial, err := cli.dial()
 	if err != nil {
 		if strings.Contains(err.Error(), "connection refused") {
 			return nil, -1, ErrConnectionRefused
@@ -2140,7 +2148,7 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h
 		}
 	}
 
-	dial, err := net.Dial(cli.proto, cli.addr)
+	dial, err := cli.dial()
 	if err != nil {
 		if strings.Contains(err.Error(), "connection refused") {
 			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
@@ -2196,7 +2204,7 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 	req.Header.Set("Content-Type", "plain/text")
 	req.Host = cli.addr
 
-	dial, err := net.Dial(cli.proto, cli.addr)
+	dial, err := cli.dial()
 	if err != nil {
 		if strings.Contains(err.Error(), "connection refused") {
 			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
@@ -2388,7 +2396,7 @@ func readBody(stream io.ReadCloser, statusCode int, err error) ([]byte, int, err
 	return body, statusCode, nil
 }
 
-func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string) *DockerCli {
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsConfig *tls.Config) *DockerCli {
 	var (
 		isTerminal = false
 		terminalFd uintptr
@@ -2412,6 +2420,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string) *Doc
 		err:        err,
 		isTerminal: isTerminal,
 		terminalFd: terminalFd,
+		tlsConfig:  tlsConfig,
 	}
 }
 
@@ -2424,4 +2433,5 @@ type DockerCli struct {
 	err        io.Writer
 	isTerminal bool
 	terminalFd uintptr
+	tlsConfig  *tls.Config
 }
diff --git a/api/server.go b/api/server.go
index 8fc6b4f68b..d12381a70a 100644
--- a/api/server.go
+++ b/api/server.go
@@ -4,6 +4,8 @@ import (
 	"bufio"
 	"bytes"
 	"code.google.com/p/go.net/websocket"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"expvar"
@@ -1129,9 +1131,8 @@ func changeGroup(addr string, nameOrGid string) error {
 
 // ListenAndServe sets up the required http.Server and gets it listening for
 // each addr passed in and does protocol specific checking.
-func ListenAndServe(proto, addr string, eng *engine.Engine, logging, enableCors bool, dockerVersion string, socketGroup string) error {
-	r, err := createRouter(eng, logging, enableCors, dockerVersion)
-
+func ListenAndServe(proto, addr string, job *engine.Job) error {
+	r, err := createRouter(job.Eng, job.GetenvBool("Logging"), job.GetenvBool("EnableCors"), job.Getenv("Version"))
 	if err != nil {
 		return err
 	}
@@ -1151,17 +1152,43 @@ func ListenAndServe(proto, addr string, eng *engine.Engine, logging, enableCors
 		return err
 	}
 
+	if proto != "unix" && (job.GetenvBool("Tls") || job.GetenvBool("TlsVerify")) {
+		tlsCert := job.Getenv("TlsCert")
+		tlsKey := job.Getenv("TlsKey")
+		cert, err := tls.LoadX509KeyPair(tlsCert, tlsKey)
+		if err != nil {
+			return fmt.Errorf("Couldn't load X509 key pair (%s, %s): %s. Key encrypted?",
+				tlsCert, tlsKey, err)
+		}
+		tlsConfig := &tls.Config{
+			NextProtos:   []string{"http/1.1"},
+			Certificates: []tls.Certificate{cert},
+		}
+		if job.GetenvBool("TlsVerify") {
+			certPool := x509.NewCertPool()
+			file, err := ioutil.ReadFile(job.Getenv("TlsCa"))
+			if err != nil {
+				return fmt.Errorf("Couldn't read CA certificate: %s", err)
+			}
+			certPool.AppendCertsFromPEM(file)
+
+			tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
+			tlsConfig.ClientCAs = certPool
+		}
+		l = tls.NewListener(l, tlsConfig)
+	}
+
 	// Basic error and sanity checking
 	switch proto {
 	case "tcp":
-		if !strings.HasPrefix(addr, "127.0.0.1") {
+		if !strings.HasPrefix(addr, "127.0.0.1") && !job.GetenvBool("TlsVerify") {
 			log.Println("/!\\ DON'T BIND ON ANOTHER IP ADDRESS THAN 127.0.0.1 IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\")
 		}
 	case "unix":
 		if err := os.Chmod(addr, 0660); err != nil {
 			return err
 		}
-
+		socketGroup := job.Getenv("SocketGroup")
 		if socketGroup != "" {
 			if err := changeGroup(addr, socketGroup); err != nil {
 				if socketGroup == "docker" {
@@ -1197,7 +1224,7 @@ func ServeApi(job *engine.Job) engine.Status {
 		protoAddrParts := strings.SplitN(protoAddr, "://", 2)
 		go func() {
 			log.Printf("Listening for HTTP on %s (%s)\n", protoAddrParts[0], protoAddrParts[1])
-			chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job.Eng, job.GetenvBool("Logging"), job.GetenvBool("EnableCors"), job.Getenv("Version"), job.Getenv("SocketGroup"))
+			chErrors <- ListenAndServe(protoAddrParts[0], protoAddrParts[1], job)
 		}()
 	}
 
diff --git a/contrib/host-integration/manager.go b/contrib/host-integration/manager.go
index 6742ee4d7c..2798a5d06f 100644
--- a/contrib/host-integration/manager.go
+++ b/contrib/host-integration/manager.go
@@ -70,7 +70,7 @@ func main() {
 	bufErr := bytes.NewBuffer(nil)
 
 	// Instanciate the Docker CLI
-	cli := docker.NewDockerCli(nil, bufOut, bufErr, "unix", "/var/run/docker.sock")
+	cli := docker.NewDockerCli(nil, bufOut, bufErr, "unix", "/var/run/docker.sock", false, nil)
 	// Retrieve the container info
 	if err := cli.CmdInspect(flag.Arg(0)); err != nil {
 		// As of docker v0.6.3, CmdInspect always returns nil
diff --git a/docker/docker.go b/docker/docker.go
index 2aa10dbe54..0c017eca9a 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -1,7 +1,10 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"strings"
@@ -16,6 +19,16 @@ import (
 	"github.com/dotcloud/docker/utils"
 )
 
+const (
+	defaultCaFile   = "ca.pem"
+	defaultKeyFile  = "key.pem"
+	defaultCertFile = "cert.pem"
+)
+
+var (
+	dockerConfDir = os.Getenv("HOME") + "/.docker/"
+)
+
 func main() {
 	if selfPath := utils.SelfPath(); strings.Contains(selfPath, ".dockerinit") {
 		// Running in init mode
@@ -43,6 +56,11 @@ func main() {
 		flExecDriver         = flag.String([]string{"e", "-exec-driver"}, "native", "Force the docker runtime to use a specific exec driver")
 		flHosts              = opts.NewListOpts(api.ValidateHost)
 		flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available")
+		flTls                = flag.Bool([]string{"-tls"}, false, "Use TLS; implied by tls-verify flags")
+		flTlsVerify          = flag.Bool([]string{"-tlsverify"}, false, "Use TLS and verify the remote (daemon: verify client, client: verify daemon)")
+		flCa                 = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here")
+		flCert               = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file")
+		flKey                = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file")
 	)
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers")
 	flag.Var(&flHosts, []string{"H", "-host"}, "tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified")
@@ -73,6 +91,7 @@ func main() {
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}
+
 	if *flDaemon {
 		if flag.NArg() != 0 {
 			flag.Usage()
@@ -140,6 +159,12 @@ func main() {
 		job.SetenvBool("EnableCors", *flEnableCors)
 		job.Setenv("Version", dockerversion.VERSION)
 		job.Setenv("SocketGroup", *flSocketGroup)
+
+		job.SetenvBool("Tls", *flTls)
+		job.SetenvBool("TlsVerify", *flTlsVerify)
+		job.Setenv("TlsCa", *flCa)
+		job.Setenv("TlsCert", *flCert)
+		job.Setenv("TlsKey", *flKey)
 		if err := job.Run(); err != nil {
 			log.Fatal(err)
 		}
@@ -148,14 +173,53 @@ func main() {
 			log.Fatal("Please specify only one -H")
 		}
 		protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
-		if err := api.ParseCommands(protoAddrParts[0], protoAddrParts[1], flag.Args()...); err != nil {
-			if sterr, ok := err.(*utils.StatusError); ok {
+
+		var (
+			errc      error
+			tlsConfig tls.Config
+		)
+		tlsConfig.InsecureSkipVerify = true
+
+		// If we should verify the server, we need to load a trusted ca
+		if *flTlsVerify {
+			*flTls = true
+			certPool := x509.NewCertPool()
+			file, err := ioutil.ReadFile(*flCa)
+			if err != nil {
+				log.Fatalf("Couldn't read ca cert %s: %s", *flCa, err)
+			}
+			certPool.AppendCertsFromPEM(file)
+			tlsConfig.RootCAs = certPool
+			tlsConfig.InsecureSkipVerify = false
+		}
+
+		// If tls is enabled, try to load and send client certificates
+		if *flTls || *flTlsVerify {
+			_, errCert := os.Stat(*flCert)
+			_, errKey := os.Stat(*flKey)
+			if errCert == nil && errKey == nil {
+				*flTls = true
+				cert, err := tls.LoadX509KeyPair(*flCert, *flKey)
+				if err != nil {
+					log.Fatalf("Couldn't load X509 key pair: %s. Key encrypted?", err)
+				}
+				tlsConfig.Certificates = []tls.Certificate{cert}
+			}
+		}
+
+		if *flTls || *flTlsVerify {
+			errc = api.ParseCommands(protoAddrParts[0], protoAddrParts[1], &tlsConfig, flag.Args()...)
+		} else {
+			errc = api.ParseCommands(protoAddrParts[0], protoAddrParts[1], nil, flag.Args()...)
+		}
+		if errc != nil {
+			if sterr, ok := errc.(*utils.StatusError); ok {
 				if sterr.Status != "" {
 					log.Println(sterr.Status)
 				}
 				os.Exit(sterr.StatusCode)
 			}
-			log.Fatal(err)
+			log.Fatal(errc)
 		}
 	}
 }
diff --git a/docs/sources/examples/https.rst b/docs/sources/examples/https.rst
new file mode 100644
index 0000000000..7a221ed951
--- /dev/null
+++ b/docs/sources/examples/https.rst
@@ -0,0 +1,126 @@
+:title: Docker HTTPS Setup
+:description: How to setup docker with https
+:keywords: docker, example, https, daemon
+
+.. _running_docker_https:
+
+Running Docker with https
+=========================
+
+By default, Docker runs via a non-networked Unix socket. It can also optionally
+communicate using a HTTP socket.
+
+If you need Docker reachable via the network in a safe manner, you can enable
+TLS by specifying the `tlsverify` flag and pointing Docker's `tlscacert` flag to a
+trusted CA certificate.
+
+In daemon mode, it will only allow connections from clients authenticated by a
+certificate signed by that CA. In client mode, it will only connect to servers
+with a certificate signed by that CA.
+
+.. warning::
+
+  Using TLS and managing a CA is an advanced topic. Please make you self familiar
+  with openssl, x509 and tls before using it in production.
+
+Create a CA, server and client keys with OpenSSL
+------------------------------------------------
+
+First, initialize the CA serial file and generate CA private and public keys:
+
+.. code-block:: bash
+
+    $ echo 01 > ca.srl
+    $ openssl genrsa -des3 -out ca-key.pem
+    $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
+
+Now that we have a CA, you can create a server key and certificate signing request.
+Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
+to connect to Docker or just use '*' for a certificate valid for any hostname:
+
+.. code-block:: bash
+
+    $ openssl genrsa -des3 -out server-key.pem
+    $ openssl req -new -key server-key.pem -out server.csr
+
+Next we're going to sign the key with our CA:
+
+.. code-block:: bash
+
+    $ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \
+      -out server-cert.pem
+
+For client authentication, create a client key and certificate signing request:
+
+.. code-block:: bash
+
+    $ openssl genrsa -des3 -out client-key.pem
+    $ openssl req -new -key client-key.pem -out client.csr
+
+
+To make the key suitable for client authentication, create a extensions config file:
+
+.. code-block:: bash
+
+    $ echo extendedKeyUsage = clientAuth > extfile.cnf
+
+Now sign the key:
+
+.. code-block:: bash
+
+    $ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+      -out client-cert.pem -extfile extfile.cnf
+
+Finally you need to remove the passphrase from the client and server key:
+
+.. code-block:: bash
+
+    $ openssl rsa -in server-key.pem -out server-key.pem
+    $ openssl rsa -in client-key.pem -out client-key.pem
+  
+Now you can make the Docker daemon only accept connections from clients providing
+a certificate trusted by our CA:
+
+.. code-block:: bash
+
+    $ sudo docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
+      -H=0.0.0.0:4243
+
+To be able to connect to Docker and validate its certificate, you now need to provide your client keys,
+certificates and trusted CA:
+
+.. code-block:: bash
+
+   $ docker --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem \
+     -H=dns-name-of-docker-host:4243
+
+.. warning::
+
+  As shown in the example above, you don't have to run the ``docker``
+  client  with ``sudo`` or the ``docker`` group when you use
+  certificate authentication. That means anyone with the keys can
+  give any instructions to your Docker daemon, giving them root
+  access to the machine hosting the daemon. Guard these keys as you
+  would a root password!
+
+Other modes
+-----------
+If you don't want to have complete two-way authentication, you can run Docker in
+various other modes by mixing the flags.
+
+Daemon modes
+~~~~~~~~~~~~
+- tlsverify, tlscacert, tlscert, tlskey set: Authenticate clients
+- tls, tlscert, tlskey: Do not authenticate clients
+
+Client modes
+~~~~~~~~~~~~
+- tls: Authenticate server based on public/default CA pool
+- tlsverify, tlscacert: Authenticate server based on given CA
+- tls, tlscert, tlskey: Authenticate with client certificate, do not authenticate
+  server based on given CA
+- tlsverify, tlscacert, tlscert, tlskey: Authenticate with client certificate,
+  authenticate server based on given CA
+
+The client will send its client certificate if found, so you just need to drop
+your keys into `~/.docker/<ca, cert or key>.pem`
diff --git a/docs/sources/examples/index.rst b/docs/sources/examples/index.rst
index cf9ed9340a..6dcc40a1c7 100644
--- a/docs/sources/examples/index.rst
+++ b/docs/sources/examples/index.rst
@@ -26,3 +26,4 @@ to more substantial services like those which you might find in production.
    using_supervisord
    cfengine_process_management
    python_web_app
+   https
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index c7ce421d88..8b4bafc2bd 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -86,6 +86,11 @@ Commands
       -s, --storage-driver="": Force the docker runtime to use a specific storage driver
       -e, --exec-driver="native": Force the docker runtime to use a specific exec driver
       -v, --version=false: Print version information and quit
+      --tls=false: Use TLS; implied by tls-verify flags
+      --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here
+      --tlscert="~/.docker/cert.pem": Path to TLS certificate file
+      --tlskey="~/.docker/key.pem": Path to TLS key file
+      --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon)
       --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available
 
 The Docker daemon is the persistent process that manages containers.  Docker uses the same binary for both the 
diff --git a/integration/commands_test.go b/integration/commands_test.go
index 9f7a41384c..838295af4f 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -120,7 +120,7 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 func TestRunHostname(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -165,7 +165,7 @@ func TestRunHostname(t *testing.T) {
 func TestRunWorkdir(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -210,7 +210,7 @@ func TestRunWorkdir(t *testing.T) {
 func TestRunWorkdirExists(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -255,7 +255,7 @@ func TestRunExit(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -308,7 +308,7 @@ func TestRunDisconnect(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -354,7 +354,7 @@ func TestRunDisconnectTty(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -406,7 +406,7 @@ func TestRunAttachStdin(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -470,7 +470,7 @@ func TestRunDetach(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -517,7 +517,7 @@ func TestAttachDetach(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -550,7 +550,7 @@ func TestAttachDetach(t *testing.T) {
 
 	stdin, stdinPipe = io.Pipe()
 	stdout, stdoutPipe = io.Pipe()
-	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 
 	ch = make(chan struct{})
 	go func() {
@@ -598,7 +598,7 @@ func TestAttachDetachTruncatedID(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	// Discard the CmdRun output
@@ -616,7 +616,7 @@ func TestAttachDetachTruncatedID(t *testing.T) {
 
 	stdin, stdinPipe = io.Pipe()
 	stdout, stdoutPipe = io.Pipe()
-	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 
 	ch := make(chan struct{})
 	go func() {
@@ -663,7 +663,7 @@ func TestAttachDisconnect(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	go func() {
@@ -732,7 +732,7 @@ func TestAttachDisconnect(t *testing.T) {
 func TestRunAutoRemove(t *testing.T) {
 	t.Skip("Fixme. Skipping test for now, race condition")
 	stdout, stdoutPipe := io.Pipe()
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -768,7 +768,7 @@ func TestRunAutoRemove(t *testing.T) {
 
 func TestCmdLogs(t *testing.T) {
 	t.Skip("Test not impemented")
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	if err := cli.CmdRun(unitTestImageID, "sh", "-c", "ls -l"); err != nil {
@@ -786,7 +786,7 @@ func TestCmdLogs(t *testing.T) {
 // Expected behaviour: error out when attempting to bind mount non-existing source paths
 func TestRunErrorBindNonExistingSource(t *testing.T) {
 
-	cli := api.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -806,7 +806,7 @@ func TestRunErrorBindNonExistingSource(t *testing.T) {
 func TestImagesViz(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	image := buildTestImages(t, globalEngine)
@@ -856,7 +856,7 @@ func TestImagesViz(t *testing.T) {
 func TestImagesTree(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	image := buildTestImages(t, globalEngine)
@@ -939,7 +939,7 @@ func TestRunCidFile(t *testing.T) {
 	}
 	tmpCidFile := path.Join(tmpDir, "cid")
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -989,7 +989,7 @@ func TestContainerOrphaning(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	// setup a CLI and server
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 	srv := mkServerFromEngine(globalEngine, t)
 
@@ -1049,8 +1049,8 @@ func TestCmdKill(t *testing.T) {
 	var (
 		stdin, stdinPipe   = io.Pipe()
 		stdout, stdoutPipe = io.Pipe()
-		cli                = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr)
-		cli2               = api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr)
+		cli                = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+		cli2               = api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	)
 	defer cleanup(globalEngine, t)
 
diff --git a/integration/fixtures/https/ca.pem b/integration/fixtures/https/ca.pem
new file mode 100644
index 0000000000..6825d6d1bd
--- /dev/null
+++ b/integration/fixtures/https/ca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID0TCCAzqgAwIBAgIJAP2r7GqEJwSnMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
+A1UEChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMI
+Y2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWls
+QGhvc3QuZG9tYWluMB4XDTEzMTIwMzE2NTYzMFoXDTIzMTIwMTE2NTYzMFowgaIx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2Nv
+MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYD
+VQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEW
+EG1haWxAaG9zdC5kb21haW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAn
+0xDw+5y7ZptQacq66pUhRu82JP2WU6IDgo5QUtNU6/CX5PwQATe/OnYTZQFbksxp
+AU9boG0FCkgxfsgPYXEuZxVEGKI2fxfKHOZZI8mrkWmj6eWU/0cvCjGVc9rTITP5
+sNQvg+hORyVDdNp2IdsbMJayiB3AQYMFx3vSDOMTAgMBAAGjggELMIIBBzAdBgNV
+HQ4EFgQUZu7DFz09q0QBa2+ymRm9qgK1NPswgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAF8fJKKM+/oOdnNi
+zEd0M1+PmZOyqvjYQn/2ZR8UHH6Imgc/OPQKZXf0bVE1Txc/DaUNn9Isd1SuCuaE
+ic3vAIYYU7PmgeNN6vwec48V96T7jr+GAi6AVMhQEc2hHCfVtx11Xx+x6aHDZzJt
+Zxtf5lL6KSO9Y+EFwM+rju6hm5hW
+-----END CERTIFICATE-----
diff --git a/integration/fixtures/https/client-cert.pem b/integration/fixtures/https/client-cert.pem
new file mode 100644
index 0000000000..c05ed47c2c
--- /dev/null
+++ b/integration/fixtures/https/client-cert.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 14:17:54 2013 GMT
+            Not After : Dec  2 14:17:54 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ca:c9:05:d0:09:4e:3e:a4:fc:d5:14:f4:a5:e8:
+                    34:d3:6b:51:e3:f3:62:ea:a1:f0:e8:ed:c4:2a:bc:
+                    f0:4f:ca:07:df:e3:88:fa:f4:21:99:35:0e:3d:ea:
+                    b0:86:e7:c4:d2:8a:83:2b:42:b8:ec:a3:99:62:70:
+                    81:46:cc:fc:a5:1d:d2:63:e8:eb:07:25:9a:e2:25:
+                    6d:11:56:f2:1a:51:a1:b6:3e:1c:57:32:e9:7b:2c:
+                    aa:1b:cc:97:2d:89:2d:b1:c9:5e:35:28:4d:7c:fa:
+                    65:31:3e:f7:70:dd:6e:0b:3c:58:af:a8:2e:24:c0:
+                    7e:4e:78:7d:0a:9e:8f:42:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DE:42:EF:2D:98:A3:6C:A8:AA:E0:8C:71:2C:9D:64:23:A9:E2:7E:81
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         1c:44:26:ea:e1:66:25:cb:e4:8e:57:1c:f6:b9:17:22:62:40:
+         12:90:8f:3b:b2:61:7a:54:94:8f:b1:20:0b:bf:a3:51:e3:fa:
+         1c:a1:be:92:3a:d0:76:44:c0:57:83:ab:6a:e4:1a:45:49:a4:
+         af:39:0d:60:32:fc:3a:be:d7:fb:5d:99:7a:1f:87:e7:d5:ab:
+         84:a2:5e:90:d8:bf:fa:89:6d:32:26:02:5e:31:35:68:7f:31:
+         f5:6b:51:46:bc:af:70:ed:5a:09:7d:ec:b2:48:4f:fe:c5:2f:
+         56:04:ad:f6:c1:d2:2a:e4:6a:c4:87:fe:08:35:c5:38:cb:5e:
+         4a:c4
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNDE3NTRaFw0yMzEyMDIxNDE3NTRaMIGgMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEPMA0GA1UEAxMGY2xp
+ZW50MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0
+LmRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyskF0AlOPqT81RT0
+peg002tR4/Ni6qHw6O3EKrzwT8oH3+OI+vQhmTUOPeqwhufE0oqDK0K47KOZYnCB
+Rsz8pR3SY+jrByWa4iVtEVbyGlGhtj4cVzLpeyyqG8yXLYktscleNShNfPplMT73
+cN1uCzxYr6guJMB+Tnh9Cp6PQkMCAwEAAaOCAVkwggFVMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU3kLvLZijbKiq4IxxLJ1kI6nifoEwgdcGA1UdIwSBzzCBzIAUZu7DFz09
+q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
+QTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24x
+ETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMI
+Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CCQD9q+xq
+hCcEpzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcN
+AQEFBQADgYEAHEQm6uFmJcvkjlcc9rkXImJAEpCPO7JhelSUj7EgC7+jUeP6HKG+
+kjrQdkTAV4OrauQaRUmkrzkNYDL8Or7X+12Zeh+H59WrhKJekNi/+oltMiYCXjE1
+aH8x9WtRRryvcO1aCX3sskhP/sUvVgSt9sHSKuRqxIf+CDXFOMteSsQ=
+-----END CERTIFICATE-----
diff --git a/integration/fixtures/https/client-key.pem b/integration/fixtures/https/client-key.pem
new file mode 100644
index 0000000000..b5c15f8dc7
--- /dev/null
+++ b/integration/fixtures/https/client-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMrJBdAJTj6k/NUU
+9KXoNNNrUePzYuqh8OjtxCq88E/KB9/jiPr0IZk1Dj3qsIbnxNKKgytCuOyjmWJw
+gUbM/KUd0mPo6wclmuIlbRFW8hpRobY+HFcy6XssqhvMly2JLbHJXjUoTXz6ZTE+
+93Ddbgs8WK+oLiTAfk54fQqej0JDAgMBAAECgYBOFEzKp2qbMEexe9ofL2N3rDDh
+xkrl8OijpzkLA6i78BxMFn4dsnZlWUpciMrjhsYAExkiRRSS+QMMJimAq1jzQqc3
+FAQV2XGYwkd0cUn7iZGvfNnEPysjsfyYQM+m+sT0ATj4BZjVShC6kkSjTdm1leLN
+OSvcHdcu3Xxg9ufF0QJBAPYdnNt5sIndt2WECePuRVi+uF4mlxTobFY0fjn26yhC
+4RsnhhD3Vldygo9gvnkwrAZYaALGSPBewes2InxvjA8CQQDS7erKiNXpwoqz5XiU
+SVEsIIVTdWzBjGbIqMOu/hUwM5FK4j6JTBks0aTGMyh0YV9L1EzM0X79J29JahCe
+iQKNAkBKNMOGqTpBV0hko1sYDk96YobUXG5RL4L6uvkUIQ7mJMQam+AgXXL7Ctuy
+v0iu4a38e8tgisiTMP7nHHtpaXihAkAOiN54/lzfMsykANgCP9scE1GcoqbP34Dl
+qttxH4kOPT9xzY1JoLjLYdbc4YGUI3GRpBt2sajygNkmUey7P+2xAkBBsVCZFvTw
+qHvOpPS2kX5ml5xoc/QAHK9N7kR+X7XFYx82RTVSqJEK4lPb+aEWn+CjiIewO4Q5
+ksDFuNxAzbhl
+-----END PRIVATE KEY-----
diff --git a/integration/fixtures/https/client-rogue-cert.pem b/integration/fixtures/https/client-rogue-cert.pem
new file mode 100644
index 0000000000..21ae4bd579
--- /dev/null
+++ b/integration/fixtures/https/client-rogue-cert.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Feb 24 17:54:59 2014 GMT
+            Not After : Feb 22 17:54:59 2024 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e8:e2:2c:b8:d4:db:89:50:4f:47:1e:68:db:f7:
+                    e4:cc:47:41:63:75:03:37:50:7a:a8:4d:27:36:d5:
+                    15:01:08:b6:cf:56:f7:56:6d:3d:f9:e2:8d:1a:5d:
+                    bf:a0:24:5e:07:55:8e:d0:dc:f1:fa:19:87:1d:d6:
+                    b6:58:82:2e:ba:69:6d:e9:d9:c8:16:0d:1d:59:7f:
+                    f4:8e:58:10:01:3d:21:14:16:3c:ec:cd:8c:b7:0e:
+                    e6:7b:77:b4:f9:90:a5:17:01:bb:84:c6:b2:12:87:
+                    70:eb:9f:6d:4f:d0:68:8b:96:c0:e7:0b:51:b4:9d:
+                    1d:7b:6c:7b:be:89:6b:88:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9E:F8:49:D0:A2:76:30:5C:AB:2B:8A:B5:8D:C6:45:1F:A7:F8:CF:85
+            X509v3 Authority Key Identifier: 
+                keyid:DC:A5:F1:76:DB:4E:CD:8E:EF:B1:23:56:1D:92:80:99:74:3B:EA:6F
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:E7:21:1E:18:41:1B:96:83
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         48:76:c0:18:fa:0a:ee:4e:1a:ec:02:9d:d4:83:ca:94:54:a1:
+         3f:51:2f:3e:4b:95:c3:42:9b:71:a0:4b:d9:af:47:23:b9:1c:
+         fb:85:ba:76:e2:09:cb:65:bb:d2:7d:44:3d:4b:67:ba:80:83:
+         be:a8:ed:c4:b9:ea:1a:1b:c7:59:3b:d9:5c:0d:46:d8:c9:92:
+         cb:10:c5:f2:1a:38:a4:aa:07:2c:e3:84:16:79:c7:95:09:e3:
+         01:d2:15:a2:77:0b:8b:bf:94:04:e9:7f:c0:cd:e6:2e:64:cd:
+         1e:a3:32:ec:11:cc:62:ce:c7:4e:cd:ad:48:5c:b1:b8:e9:76:
+         b3:f9
+-----BEGIN CERTIFICATE-----
+MIIEDTCCA3agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2
+aWwgSW5jMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAP
+BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
+MB4XDTE0MDIyNDE3NTQ1OVoXDTI0MDIyMjE3NTQ1OVowgaAxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxG
+b3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMQ8wDQYDVQQDEwZjbGllbnQx
+ETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9t
+YWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDo4iy41NuJUE9HHmjb9+TM
+R0FjdQM3UHqoTSc21RUBCLbPVvdWbT354o0aXb+gJF4HVY7Q3PH6GYcd1rZYgi66
+aW3p2cgWDR1Zf/SOWBABPSEUFjzszYy3DuZ7d7T5kKUXAbuExrISh3Drn21P0GiL
+lsDnC1G0nR17bHu+iWuIiwIDAQABo4IBVTCCAVEwCQYDVR0TBAIwADAtBglghkgB
+hvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBSe+EnQonYwXKsrirWNxkUfp/jPhTCB0wYDVR0jBIHLMIHIgBTcpfF2207Nju+x
+I1YdkoCZdDvqb6GBpKSBoTCBnjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
+EwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2aWwgSW5jMREwDwYDVQQL
+EwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAPBgNVBCkTCGNoYW5nZW1l
+MR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluggkA5yEeGEEbloMwEwYD
+VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GB
+AEh2wBj6Cu5OGuwCndSDypRUoT9RLz5LlcNCm3GgS9mvRyO5HPuFunbiCctlu9J9
+RD1LZ7qAg76o7cS56hobx1k72VwNRtjJkssQxfIaOKSqByzjhBZ5x5UJ4wHSFaJ3
+C4u/lATpf8DN5i5kzR6jMuwRzGLOx07NrUhcsbjpdrP5
+-----END CERTIFICATE-----
diff --git a/integration/fixtures/https/client-rogue-key.pem b/integration/fixtures/https/client-rogue-key.pem
new file mode 100644
index 0000000000..53c122ab70
--- /dev/null
+++ b/integration/fixtures/https/client-rogue-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOjiLLjU24lQT0ce
+aNv35MxHQWN1AzdQeqhNJzbVFQEIts9W91ZtPfnijRpdv6AkXgdVjtDc8foZhx3W
+tliCLrppbenZyBYNHVl/9I5YEAE9IRQWPOzNjLcO5nt3tPmQpRcBu4TGshKHcOuf
+bU/QaIuWwOcLUbSdHXtse76Ja4iLAgMBAAECgYADs+TmI2xCKKa6CL++D5jxrohZ
+nnionnz0xBVFh+nHlG3jqgxQsXf0yydXLfpn/2wHTdLxezHVuiYt0UYg7iD0CglW
++IjcgMebzyjLeYqYOE5llPlMvhp2HoEMYJNb+7bRrZ1WCITbu+Su0w1cgA7Cs+Ej
+VlfvGzN+qqnDThRUYQJBAPY0sMWZJKly8QhUmUvmcXdPczzSOf6Mm7gc5LR6wzxd
+vW7syuqk50qjqVqFpN81vCV7GoDxRUWbTM9ftf7JGFkCQQDyJc/1RMygE2o+enU1
+6UBxJyclXITEYtDn8aoEpLNc7RakP1WoPUKjZOnjkcoKcIkFNkSPeCfQujrb5f3F
+MkuDAkByAI/hzzmkpK5rFxEsjfX4Mve/L/DepyjrpaVY1IdWimlO1aJX6CeY7hNa
+8QsYt/74s/nfvtg+lNyKIV1aLq9xAkB+WSSNgfyTeg3x08vc+Xxajmdqoz/TiQwg
+OoTQL3A3iK5LvZBgXLasszcnOycFE3srcQmNItEDpGiZ3QPxJTEpAkEA45EE9NMJ
+SA7EGWSFlbz4f4u4oBeiDiJRJbGGfAyVxZlpCWUjPpg9+swsWoFEOjnGYaChAMk5
+nrOdMf15T6QF7Q==
+-----END PRIVATE KEY-----
diff --git a/integration/fixtures/https/server-cert.pem b/integration/fixtures/https/server-cert.pem
new file mode 100644
index 0000000000..08abfd1a3b
--- /dev/null
+++ b/integration/fixtures/https/server-cert.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Dec  4 15:01:20 2013 GMT
+            Not After : Dec  2 15:01:20 2023 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=*/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:ff:7d:30:6f:64:4a:b1:92:b1:71:d1:c1:74:
+                    e2:1d:db:2d:11:24:e1:00:d4:00:ae:6f:c8:9e:ae:
+                    67:b3:4a:bd:f7:e6:9e:57:6d:19:4c:3c:23:94:2d:
+                    3d:d6:63:84:d8:fa:76:2b:38:12:c1:ed:20:9d:32:
+                    e0:e8:c2:bf:9a:77:70:04:3f:7f:ca:8c:2c:82:d6:
+                    3d:25:5c:02:1a:4f:64:93:03:dd:9c:42:97:5e:09:
+                    49:af:f0:c2:e1:30:08:0e:21:46:95:d1:13:59:c0:
+                    c8:76:be:94:0d:8b:43:67:21:33:b2:08:60:9d:76:
+                    a8:05:32:1e:f9:95:09:14:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                14:02:FD:FD:DD:13:38:E0:71:EA:D1:BE:C0:0E:89:1A:2D:B6:19:06
+            X509v3 Authority Key Identifier: 
+                keyid:66:EE:C3:17:3D:3D:AB:44:01:6B:6F:B2:99:19:BD:AA:02:B5:34:FB
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:FD:AB:EC:6A:84:27:04:A7
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+         40:0f:10:39:c4:b7:0f:0d:2f:bf:d2:16:cc:8e:d3:9a:fb:8b:
+         ce:4b:7b:0d:48:77:ce:f1:fe:d5:8f:ea:b1:71:ed:49:1d:9f:
+         23:3a:16:d4:70:7c:c5:29:bf:e4:90:34:d0:f0:00:24:f4:e4:
+         df:2c:c3:83:01:66:61:c9:a8:ab:29:e7:98:6d:27:89:4a:76:
+         c9:2e:19:8e:fe:6e:d5:f8:99:11:0e:97:67:4b:34:e3:1e:e3:
+         9f:35:00:a5:32:f9:b5:2c:f2:e0:c5:2e:cc:81:bd:18:dd:5c:
+         12:c8:6b:fa:0c:17:74:30:55:f6:6e:20:9a:6c:1e:09:b4:0c:
+         15:42
+-----BEGIN CERTIFICATE-----
+MIIEKjCCA5OgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv
+cnQtRnVuc3RvbjERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1l
+MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRv
+bWFpbjAeFw0xMzEyMDQxNTAxMjBaFw0yMzEyMDIxNTAxMjBaMIGbMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UE
+ChMMRm9ydC1GdW5zdG9uMREwDwYDVQQLEwhjaGFuZ2VtZTEKMAgGA1UEAxQBKjER
+MA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21h
+aW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMH/fTBvZEqxkrFx0cF04h3b
+LREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y4OjCv5p3
+cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+lA2LQ2ch
+M7IIYJ12qAUyHvmVCRR1AgMBAAGjggFzMIIBbzAJBgNVHRMEAjAAMBEGCWCGSAGG
++EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
+cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUFAL9/d0TOOBx6tG+wA6JGi22GQYw
+gdcGA1UdIwSBzzCBzIAUZu7DFz09q0QBa2+ymRm9qgK1NPuhgaikgaUwgaIxCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
+EwYDVQQKEwxGb3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
+EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
+aWxAaG9zdC5kb21haW6CCQD9q+xqhCcEpzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEAQA8QOcS3Dw0vv9IWzI7TmvuL
+zkt7DUh3zvH+1Y/qsXHtSR2fIzoW1HB8xSm/5JA00PAAJPTk3yzDgwFmYcmoqynn
+mG0niUp2yS4Zjv5u1fiZEQ6XZ0s04x7jnzUApTL5tSzy4MUuzIG9GN1cEshr+gwX
+dDBV9m4gmmweCbQMFUI=
+-----END CERTIFICATE-----
diff --git a/integration/fixtures/https/server-key.pem b/integration/fixtures/https/server-key.pem
new file mode 100644
index 0000000000..c269320ef0
--- /dev/null
+++ b/integration/fixtures/https/server-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMH/fTBvZEqxkrFx
+0cF04h3bLREk4QDUAK5vyJ6uZ7NKvffmnldtGUw8I5QtPdZjhNj6dis4EsHtIJ0y
+4OjCv5p3cAQ/f8qMLILWPSVcAhpPZJMD3ZxCl14JSa/wwuEwCA4hRpXRE1nAyHa+
+lA2LQ2chM7IIYJ12qAUyHvmVCRR1AgMBAAECgYAmwckb9RUfSwyYgLm8IYLPHiuJ
+wkllZfVg5Bo7gXJcQnFjZmJ56uTj8xvUjZlODIHM63TSO5ibv6kFXtXKCqZGd2M+
+wGbhZ0f+2GvKcwMmJERnIQjuoNaYSQLT0tM0VB9Iz0rJlZC+tzPZ+5pPqEumRdsS
+IzWNXfF42AhcbwAQYQJBAPVXtMYIJc9EZsz86ZcQiMPWUpCX5vnRmtwL8kKyR8D5
+4KfYeiowyFffSRMMcclwNHq7TgSXN+nIXM9WyzyzwikCQQDKbNA28AgZp9aT54HP
+WnbeE2pmt+uk/zl/BtxJSoK6H+69Jec+lf7EgL7HgOWYRSNot4uQWu8IhsHLTiUq
++0FtAkEAqwlRxRy4/x24bP+D+QRV0/D97j93joFJbE4Hved7jlSlAV4xDGilwlyv
+HNB4Iu5OJ6Gcaibhm+FKkmD3noHSwQJBAIpu3fokLzX0bS+bDFBU6qO3HXX/47xj
++tsfQvkwZrSI8AkU6c8IX0HdVhsz0FBRQAT2ORDQz1XCarfxykNZrwUCQQCGCBIc
+BBCWzhHlswlGidWJg3HqqO6hPPClEr3B5G87oCsdeYwiO23XT6rUnoJXfJHp6oCW
+5nCwDu5ZTP+khltg
+-----END PRIVATE KEY-----
diff --git a/integration/fixtures/https/server-rogue-cert.pem b/integration/fixtures/https/server-rogue-cert.pem
new file mode 100644
index 0000000000..28feba6656
--- /dev/null
+++ b/integration/fixtures/https/server-rogue-cert.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=CA, L=SanFrancisco, O=Evil Inc, OU=changeme, CN=changeme/name=changeme/emailAddress=mail@host.domain
+        Validity
+            Not Before: Feb 28 18:49:31 2014 GMT
+            Not After : Feb 26 18:49:31 2024 GMT
+        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=localhost/name=changeme/emailAddress=mail@host.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d1:08:58:24:60:a1:69:65:4b:76:46:8f:88:75:
+                    7c:49:3a:d8:03:cc:5b:58:c5:d1:bb:e5:f9:54:b9:
+                    75:65:df:7e:bb:fb:54:d4:b2:e9:6f:58:a2:a4:84:
+                    43:94:77:24:81:38:36:36:f0:66:65:26:e5:5b:2a:
+                    14:1c:a9:ae:57:7f:75:00:23:14:4b:61:58:e4:82:
+                    aa:15:97:94:bd:50:35:0d:5d:18:18:ed:10:6a:bb:
+                    d3:64:5a:eb:36:98:5b:58:a7:fe:67:48:c1:6c:3f:
+                    51:2f:02:65:96:54:77:9b:34:f9:a7:d2:63:54:6a:
+                    9e:02:5c:be:65:98:a4:b4:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                1F:E0:57:CA:CB:76:C9:C4:86:B9:EA:69:17:C0:F3:51:CE:95:40:EC
+            X509v3 Authority Key Identifier: 
+                keyid:DC:A5:F1:76:DB:4E:CD:8E:EF:B1:23:56:1D:92:80:99:74:3B:EA:6F
+                DirName:/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
+                serial:E7:21:1E:18:41:1B:96:83
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+         04:93:0e:28:01:94:18:f0:8c:7c:d3:0c:ad:e9:b7:46:b1:30:
+         65:ed:68:7c:8c:91:cd:1a:86:66:87:4a:4f:c0:97:bc:f7:85:
+         4b:38:79:31:b2:65:88:b1:76:16:9e:80:93:38:f4:b9:eb:65:
+         00:6d:bb:89:e0:a1:bf:95:5e:80:13:8e:01:73:d3:f1:08:73:
+         85:a5:33:75:0b:42:8a:a3:07:09:35:ef:d7:c6:58:eb:60:a3:
+         06:89:a0:53:99:e2:aa:41:90:e0:1a:d2:12:4b:48:7d:c3:9c:
+         ad:bd:0e:5e:5f:f7:09:0c:5d:7c:86:24:dd:92:d5:b3:14:06:
+         c7:9f
+-----BEGIN CERTIFICATE-----
+MIIEKjCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBnjELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xETAPBgNVBAoTCEV2
+aWwgSW5jMREwDwYDVQQLEwhjaGFuZ2VtZTERMA8GA1UEAxMIY2hhbmdlbWUxETAP
+BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
+MB4XDTE0MDIyODE4NDkzMVoXDTI0MDIyNjE4NDkzMVowgaMxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxG
+b3J0LUZ1bnN0b24xETAPBgNVBAsTCGNoYW5nZW1lMRIwEAYDVQQDEwlsb2NhbGhv
+c3QxETAPBgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3Qu
+ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRCFgkYKFpZUt2Ro+I
+dXxJOtgDzFtYxdG75flUuXVl3367+1TUsulvWKKkhEOUdySBODY28GZlJuVbKhQc
+qa5Xf3UAIxRLYVjkgqoVl5S9UDUNXRgY7RBqu9NkWus2mFtYp/5nSMFsP1EvAmWW
+VHebNPmn0mNUap4CXL5lmKS0tQIDAQABo4IBbzCCAWswCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRl
+ZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFB/gV8rLdsnEhrnqaRfA81HO
+lUDsMIHTBgNVHSMEgcswgciAFNyl8XbbTs2O77EjVh2SgJl0O+pvoYGkpIGhMIGe
+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNj
+bzERMA8GA1UEChMIRXZpbCBJbmMxETAPBgNVBAsTCGNoYW5nZW1lMREwDwYDVQQD
+EwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
+aWxAaG9zdC5kb21haW6CCQDnIR4YQRuWgzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADgYEABJMOKAGUGPCMfNMMrem3RrEw
+Ze1ofIyRzRqGZodKT8CXvPeFSzh5MbJliLF2Fp6Akzj0uetlAG27ieChv5VegBOO
+AXPT8QhzhaUzdQtCiqMHCTXv18ZY62CjBomgU5niqkGQ4BrSEktIfcOcrb0OXl/3
+CQxdfIYk3ZLVsxQGx58=
+-----END CERTIFICATE-----
diff --git a/integration/fixtures/https/server-rogue-key.pem b/integration/fixtures/https/server-rogue-key.pem
new file mode 100644
index 0000000000..10f7c65001
--- /dev/null
+++ b/integration/fixtures/https/server-rogue-key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANEIWCRgoWllS3ZG
+j4h1fEk62APMW1jF0bvl+VS5dWXffrv7VNSy6W9YoqSEQ5R3JIE4NjbwZmUm5Vsq
+FByprld/dQAjFEthWOSCqhWXlL1QNQ1dGBjtEGq702Ra6zaYW1in/mdIwWw/US8C
+ZZZUd5s0+afSY1RqngJcvmWYpLS1AgMBAAECgYAJXh9dGfuB1qlIFqduDR3RxlJR
+8UGSu+LHUeoXkuwg8aAjWoMVuSLe+5DmYIsKx0AajmNXmPRtyg1zRXJ7SltmubJ8
+6qQVDsRk6biMdkpkl6a9Gk2av40psD9/VPGxagEoop7IKYhf3AeKPvPiwVB2qFrl
+1aYMZm0aMR55pgRajQJBAOk8IsJDf0beooDZXVdv/oe4hcbM9fxO8Cn3qzoGImqD
+37LL+PCzDP7AEV3fk43SsZDeSk+LDX+h0o9nPyhzHasCQQDlb3aDgcQY9NaGLUWO
+moOCB3148eBVcAwCocu+OSkf7sbQdvXxgThBOrZl11wwRIMQqh99c2yeUwj+tELl
+3VcfAkBZTiNpCvtDIaBLge9RuZpWUXs3wec2cutWxnSTxSGMc25GQf/R+l0xdk2w
+ChmvpktDUzpU9sN2aXn8WuY+EMX9AkEApbLpUbKPUELLB958RLA819TW/lkZXjrs
+wZ3eSoR3ufM1rOqtVvyvBxUDE+wETWu9iHSFB5Ir2PA5J9JCGkbPmwJAFI1ndfBj
+iuyU93nFX0p+JE2wVHKx4dMzKCearNKiJh/lGDtUq3REGgamTNUnG8RAITUbxFs+
+Z1hrIq8xYl2LOQ==
+-----END PRIVATE KEY-----
diff --git a/integration/https_test.go b/integration/https_test.go
new file mode 100644
index 0000000000..a1c855e1a9
--- /dev/null
+++ b/integration/https_test.go
@@ -0,0 +1,82 @@
+package docker
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"github.com/dotcloud/docker/api"
+	"io/ioutil"
+	"testing"
+	"time"
+)
+
+const (
+	errBadCertificate = "remote error: bad certificate"
+	errCaUnknown      = "x509: certificate signed by unknown authority"
+)
+
+func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config {
+	certPool := x509.NewCertPool()
+	file, err := ioutil.ReadFile("fixtures/https/ca.pem")
+	if err != nil {
+		t.Fatal(err)
+	}
+	certPool.AppendCertsFromPEM(file)
+
+	cert, err := tls.LoadX509KeyPair("fixtures/https/"+certFile, "fixtures/https/"+keyFile)
+	if err != nil {
+		t.Fatalf("Couldn't load X509 key pair: %s", err)
+	}
+	tlsConfig := &tls.Config{
+		RootCAs:      certPool,
+		Certificates: []tls.Certificate{cert},
+	}
+	return tlsConfig
+}
+
+// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
+func TestHttpsInfo(t *testing.T) {
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+		testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
+
+	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
+		if err := cli.CmdInfo(); err != nil {
+			t.Fatal(err)
+		}
+	})
+}
+
+// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
+// by using a rogue client certificate and checks that it fails with the expected error.
+func TestHttpsInfoRogueCert(t *testing.T) {
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+		testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t))
+
+	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
+		err := cli.CmdInfo()
+		if err == nil {
+			t.Fatal("Expected error but got nil")
+		}
+		if err.Error() != errBadCertificate {
+			t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err)
+		}
+	})
+}
+
+// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
+// which provides a rogue server certificate and checks that it fails with the expected error
+func TestHttpsInfoRogueServerCert(t *testing.T) {
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+		testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
+
+	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
+		err := cli.CmdInfo()
+		if err == nil {
+			t.Fatal("Expected error but got nil")
+		}
+
+		if err.Error() != errCaUnknown {
+			t.Fatalf("Expected error: %s, got instead: %s", errBadCertificate, err)
+		}
+
+	})
+}
diff --git a/integration/runtime_test.go b/integration/runtime_test.go
index 6003c89b51..07d0fc285b 100644
--- a/integration/runtime_test.go
+++ b/integration/runtime_test.go
@@ -24,21 +24,26 @@ import (
 )
 
 const (
-	unitTestImageName     = "docker-test-image"
-	unitTestImageID       = "83599e29c455eb719f77d799bc7c51521b9551972f5a850d7ad265bc1b5292f6" // 1.0
-	unitTestImageIDShort  = "83599e29c455"
-	unitTestNetworkBridge = "testdockbr0"
-	unitTestStoreBase     = "/var/lib/docker/unit-tests"
-	testDaemonAddr        = "127.0.0.1:4270"
-	testDaemonProto       = "tcp"
+	unitTestImageName        = "docker-test-image"
+	unitTestImageID          = "83599e29c455eb719f77d799bc7c51521b9551972f5a850d7ad265bc1b5292f6" // 1.0
+	unitTestImageIDShort     = "83599e29c455"
+	unitTestNetworkBridge    = "testdockbr0"
+	unitTestStoreBase        = "/var/lib/docker/unit-tests"
+	testDaemonAddr           = "127.0.0.1:4270"
+	testDaemonProto          = "tcp"
+	testDaemonHttpsProto     = "tcp"
+	testDaemonHttpsAddr      = "localhost:4271"
+	testDaemonRogueHttpsAddr = "localhost:4272"
 )
 
 var (
 	// FIXME: globalRuntime is deprecated by globalEngine. All tests should be converted.
-	globalRuntime   *docker.Runtime
-	globalEngine    *engine.Engine
-	startFds        int
-	startGoroutines int
+	globalRuntime          *docker.Runtime
+	globalEngine           *engine.Engine
+	globalHttpsEngine      *engine.Engine
+	globalRogueHttpsEngine *engine.Engine
+	startFds               int
+	startGoroutines        int
 )
 
 // FIXME: nuke() is deprecated by Runtime.Nuke()
@@ -117,8 +122,10 @@ func init() {
 	// (no tests are run directly in the base)
 	setupBaseImage()
 
-	// Create the "global runtime" with a long-running daemon for integration tests
+	// Create the "global runtime" with a long-running daemons for integration tests
 	spawnGlobalDaemon()
+	spawnLegitHttpsDaemon()
+	spawnRogueHttpsDaemon()
 	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
 }
 
@@ -170,6 +177,61 @@ func spawnGlobalDaemon() {
 	}
 }
 
+func spawnLegitHttpsDaemon() {
+	if globalHttpsEngine != nil {
+		return
+	}
+	globalHttpsEngine = spawnHttpsDaemon(testDaemonHttpsAddr, "fixtures/https/ca.pem",
+		"fixtures/https/server-cert.pem", "fixtures/https/server-key.pem")
+}
+
+func spawnRogueHttpsDaemon() {
+	if globalRogueHttpsEngine != nil {
+		return
+	}
+	globalRogueHttpsEngine = spawnHttpsDaemon(testDaemonRogueHttpsAddr, "fixtures/https/ca.pem",
+		"fixtures/https/server-rogue-cert.pem", "fixtures/https/server-rogue-key.pem")
+}
+
+func spawnHttpsDaemon(addr, cacert, cert, key string) *engine.Engine {
+	t := log.New(os.Stderr, "", 0)
+	root, err := newTestDirectory(unitTestStoreBase)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// FIXME: here we don't use NewTestEngine because it calls initserver with Autorestart=false,
+	// and we want to set it to true.
+
+	eng := newTestEngine(t, true, root)
+
+	// Spawn a Daemon
+	go func() {
+		utils.Debugf("Spawning https daemon for integration tests")
+		listenURL := &url.URL{
+			Scheme: testDaemonHttpsProto,
+			Host:   addr,
+		}
+		job := eng.Job("serveapi", listenURL.String())
+		job.SetenvBool("Logging", true)
+		job.SetenvBool("Tls", true)
+		job.SetenvBool("TlsVerify", true)
+		job.Setenv("TlsCa", cacert)
+		job.Setenv("TlsCert", cert)
+		job.Setenv("TlsKey", key)
+		if err := job.Run(); err != nil {
+			log.Fatalf("Unable to spawn the test daemon: %s", err)
+		}
+	}()
+
+	// Give some time to ListenAndServer to actually start
+	time.Sleep(time.Second)
+
+	if err := eng.Job("acceptconnections").Run(); err != nil {
+		log.Fatalf("Unable to accept connections for test api: %s", err)
+	}
+	return eng
+}
+
 // FIXME: test that ImagePull(json=true) send correct json output
 
 func GetTestImage(runtime *docker.Runtime) *docker.Image {

From 694c8e7dfca16fabf63e6fdcdce4151c8440a7a3 Mon Sep 17 00:00:00 2001
From: Scott Collier <emailscottcollier@gmail.com>
Date: Sat, 8 Mar 2014 17:23:06 -0600
Subject: [PATCH 022/384] Adding options to `docker restart` documentation

URL of page is: http://docs.docker.io/en/latest/reference/commandline/cli/#restart

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)
---
 docs/sources/reference/commandline/cli.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 5b43e45eb4..6fe9b3dfea 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -991,6 +991,8 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
     Restart a running container
 
+       -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10
+
 .. _cli_rm:
 
 ``rm``

From df9b99aca0b8a65da866aa5696b9f45df3b92e50 Mon Sep 17 00:00:00 2001
From: Fabio Falci <fabiofalci@gmail.com>
Date: Sun, 9 Mar 2014 01:49:36 +0000
Subject: [PATCH 023/384] Remove manual http cookie management

Since docker uses cookiejar it doesn't need to manage cookies manually
anymore.
Managing cookie was duplicating it.

Docker-DCO-1.1-Signed-off-by: Fabio Falci <fabiofalci@gmail.com> (github: fabiofalci)
---
 registry/registry.go | 32 +++++++++-----------------------
 1 file changed, 9 insertions(+), 23 deletions(-)

diff --git a/registry/registry.go b/registry/registry.go
index 543dcea383..cc2e985c31 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -149,20 +149,6 @@ func ExpandAndVerifyRegistryUrl(hostname string) (string, error) {
 	return endpoint, nil
 }
 
-func doWithCookies(c *http.Client, req *http.Request) (*http.Response, error) {
-	for _, cookie := range c.Jar.Cookies(req.URL) {
-		req.AddCookie(cookie)
-	}
-	res, err := c.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	if len(res.Cookies()) > 0 {
-		c.Jar.SetCookies(req.URL, res.Cookies())
-	}
-	return res, err
-}
-
 func setTokenAuth(req *http.Request, token []string) {
 	if req.Header.Get("Authorization") == "" { // Don't override
 		req.Header.Set("Authorization", "Token "+strings.Join(token, ","))
@@ -177,7 +163,7 @@ func (r *Registry) GetRemoteHistory(imgID, registry string, token []string) ([]s
 		return nil, err
 	}
 	setTokenAuth(req, token)
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -212,7 +198,7 @@ func (r *Registry) LookupRemoteImage(imgID, registry string, token []string) boo
 		return false
 	}
 	setTokenAuth(req, token)
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		utils.Errorf("Error in LookupRemoteImage %s", err)
 		return false
@@ -229,7 +215,7 @@ func (r *Registry) GetRemoteImageJSON(imgID, registry string, token []string) ([
 		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
 	}
 	setTokenAuth(req, token)
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return nil, -1, fmt.Errorf("Failed to download json: %s", err)
 	}
@@ -256,7 +242,7 @@ func (r *Registry) GetRemoteImageLayer(imgID, registry string, token []string) (
 		return nil, fmt.Errorf("Error while getting from the server: %s\n", err)
 	}
 	setTokenAuth(req, token)
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -282,7 +268,7 @@ func (r *Registry) GetRemoteTags(registries []string, repository string, token [
 			return nil, err
 		}
 		setTokenAuth(req, token)
-		res, err := doWithCookies(r.client, req)
+		res, err := r.client.Do(req)
 		if err != nil {
 			return nil, err
 		}
@@ -388,7 +374,7 @@ func (r *Registry) PushImageChecksumRegistry(imgData *ImgData, registry string,
 	req.Header.Set("X-Docker-Checksum", imgData.Checksum)
 	req.Header.Set("X-Docker-Checksum-Payload", imgData.ChecksumPayload)
 
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload metadata: %s", err)
 	}
@@ -424,7 +410,7 @@ func (r *Registry) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regis
 	req.Header.Add("Content-type", "application/json")
 	setTokenAuth(req, token)
 
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload metadata: %s", err)
 	}
@@ -460,7 +446,7 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 	req.ContentLength = -1
 	req.TransferEncoding = []string{"chunked"}
 	setTokenAuth(req, token)
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return "", "", fmt.Errorf("Failed to upload layer: %s", err)
 	}
@@ -497,7 +483,7 @@ func (r *Registry) PushRegistryTag(remote, revision, tag, registry string, token
 	req.Header.Add("Content-type", "application/json")
 	setTokenAuth(req, token)
 	req.ContentLength = int64(len(revision))
-	res, err := doWithCookies(r.client, req)
+	res, err := r.client.Do(req)
 	if err != nil {
 		return err
 	}

From b24be254fa042e62e1a08af9105ac92da13a6336 Mon Sep 17 00:00:00 2001
From: Rovanion Luckey <rovanion.luckey@gmail.com>
Date: Fri, 7 Mar 2014 15:51:52 +0100
Subject: [PATCH 024/384] All caps variables in normal bash should be avoided
 not to accidentally collide with environment variables.

Docker-DCO-1.1-Signed-off-by: Rovanion Luckey <rovanion.luckey@gmail.com> (github: Rovanion)
---
 docs/sources/examples/hello_world.rst | 32 +++++++++++++--------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst
index 63362e7d7b..b8538debb9 100644
--- a/docs/sources/examples/hello_world.rst
+++ b/docs/sources/examples/hello_world.rst
@@ -52,8 +52,8 @@ This command will run a simple ``echo`` command, that will echo ``hello world``
 
 **Explanation:**
 
-- **"sudo"** execute the following commands as user *root* 
-- **"docker run"** run a command in a new container 
+- **"sudo"** execute the following commands as user *root*
+- **"docker run"** run a command in a new container
 - **"busybox"** is the image we are running the command in.
 - **"/bin/echo"** is the command we want to run in the container
 - **"hello world"** is the input for the echo command
@@ -67,9 +67,9 @@ See the example in action
 .. raw:: html
 
    <iframe width="560" height="400" frameborder="0"
-           sandbox="allow-same-origin allow-scripts" 
-   srcdoc="<body><script type=&quot;text/javascript&quot; 
-           src=&quot;https://asciinema.org/a/7658.js&quot; 
+           sandbox="allow-same-origin allow-scripts"
+   srcdoc="<body><script type=&quot;text/javascript&quot;
+           src=&quot;https://asciinema.org/a/7658.js&quot;
            id=&quot;asciicast-7658&quot; async></script></body>">
    </iframe>
 
@@ -92,7 +92,7 @@ we stop it.
 
 .. code-block:: bash
 
-    CONTAINER_ID=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done")
+    container_id=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done")
 
 We are going to run a simple hello world daemon in a new container
 made from the ``ubuntu`` image.
@@ -104,22 +104,22 @@ made from the ``ubuntu`` image.
 - **"while true; do echo hello world; sleep 1; done"** is the mini
   script we want to run, that will just print hello world once a
   second until we stop it.
-- **$CONTAINER_ID** the output of the run command will return a
+- **$container_id** the output of the run command will return a
   container id, we can use in future commands to see what is going on
   with this process.
 
 .. code-block:: bash
 
-    sudo docker logs $CONTAINER_ID
+    sudo docker logs $container_id
 
 Check the logs make sure it is working correctly.
 
 - **"docker logs**" This will return the logs for a container
-- **$CONTAINER_ID** The Id of the container we want the logs for.
+- **$container_id** The Id of the container we want the logs for.
 
 .. code-block:: bash
 
-    sudo docker attach -sig-proxy=false $CONTAINER_ID
+    sudo docker attach -sig-proxy=false $container_id
 
 Attach to the container to see the results in real-time.
 
@@ -127,7 +127,7 @@ Attach to the container to see the results in real-time.
   process to see what is going on.
 - **"-sig-proxy=false"** Do not forward signals to the container; allows
   us to exit the attachment using Control-C without stopping the container.
-- **$CONTAINER_ID** The Id of the container we want to attach too.
+- **$container_id** The Id of the container we want to attach too.
 
 Exit from the container attachment by pressing Control-C.
 
@@ -141,12 +141,12 @@ Check the process list to make sure it is running.
 
 .. code-block:: bash
 
-    sudo docker stop $CONTAINER_ID
+    sudo docker stop $container_id
 
 Stop the container, since we don't need it anymore.
 
 - **"docker stop"** This stops a container
-- **$CONTAINER_ID** The Id of the container we want to stop.
+- **$container_id** The Id of the container we want to stop.
 
 .. code-block:: bash
 
@@ -162,9 +162,9 @@ See the example in action
 .. raw:: html
 
    <iframe width="560" height="400" frameborder="0"
-           sandbox="allow-same-origin allow-scripts" 
-   srcdoc="<body><script type=&quot;text/javascript&quot; 
-           src=&quot;https://asciinema.org/a/2562.js&quot; 
+           sandbox="allow-same-origin allow-scripts"
+   srcdoc="<body><script type=&quot;text/javascript&quot;
+           src=&quot;https://asciinema.org/a/2562.js&quot;
            id=&quot;asciicast-2562&quot; async></script></body>">
    </iframe>
 

From 12bd83182dff24a800eee6e7e93beeab30b480b7 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 7 Mar 2014 15:22:23 -0800
Subject: [PATCH 025/384] Move daemon config into sub pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 config.go => daemonconfig/config.go | 8 ++++----
 runtime.go                          | 7 ++++---
 server.go                           | 5 +++--
 3 files changed, 11 insertions(+), 9 deletions(-)
 rename config.go => daemonconfig/config.go (93%)

diff --git a/config.go b/daemonconfig/config.go
similarity index 93%
rename from config.go
rename to daemonconfig/config.go
index 19aad9ed4a..0aee7e78ba 100644
--- a/config.go
+++ b/daemonconfig/config.go
@@ -1,4 +1,4 @@
-package docker
+package daemonconfig
 
 import (
 	"net"
@@ -13,7 +13,7 @@ const (
 )
 
 // FIXME: separate runtime configuration from http api configuration
-type DaemonConfig struct {
+type Config struct {
 	Pidfile                     string
 	Root                        string
 	AutoRestart                 bool
@@ -32,8 +32,8 @@ type DaemonConfig struct {
 
 // ConfigFromJob creates and returns a new DaemonConfig object
 // by parsing the contents of a job's environment.
-func DaemonConfigFromJob(job *engine.Job) *DaemonConfig {
-	config := &DaemonConfig{
+func ConfigFromJob(job *engine.Job) *Config {
+	config := &Config{
 		Pidfile:                     job.Getenv("Pidfile"),
 		Root:                        job.Getenv("Root"),
 		AutoRestart:                 job.GetenvBool("AutoRestart"),
diff --git a/runtime.go b/runtime.go
index 84f11e87b2..d1aeef4f97 100644
--- a/runtime.go
+++ b/runtime.go
@@ -4,6 +4,7 @@ import (
 	"container/list"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/execdriver"
@@ -53,7 +54,7 @@ type Runtime struct {
 	volumes        *Graph
 	srv            *Server
 	eng            *engine.Engine
-	config         *DaemonConfig
+	config         *daemonconfig.Config
 	containerGraph *graphdb.Database
 	driver         graphdriver.Driver
 	execDriver     execdriver.Driver
@@ -624,7 +625,7 @@ func (runtime *Runtime) RegisterLink(parent, child *Container, alias string) err
 }
 
 // FIXME: harmonize with NewGraph()
-func NewRuntime(config *DaemonConfig, eng *engine.Engine) (*Runtime, error) {
+func NewRuntime(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) {
 	runtime, err := NewRuntimeFromDirectory(config, eng)
 	if err != nil {
 		return nil, err
@@ -632,7 +633,7 @@ func NewRuntime(config *DaemonConfig, eng *engine.Engine) (*Runtime, error) {
 	return runtime, nil
 }
 
-func NewRuntimeFromDirectory(config *DaemonConfig, eng *engine.Engine) (*Runtime, error) {
+func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) {
 
 	// Set the default driver
 	graphdriver.DefaultDriver = config.GraphDriver
diff --git a/server.go b/server.go
index d824d78d7a..70ee7f241b 100644
--- a/server.go
+++ b/server.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/auth"
+	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/pkg/graphdb"
@@ -34,7 +35,7 @@ import (
 // The signals SIGINT, SIGQUIT and SIGTERM are intercepted for cleanup.
 func InitServer(job *engine.Job) engine.Status {
 	job.Logf("Creating server")
-	srv, err := NewServer(job.Eng, DaemonConfigFromJob(job))
+	srv, err := NewServer(job.Eng, daemonconfig.ConfigFromJob(job))
 	if err != nil {
 		return job.Error(err)
 	}
@@ -2318,7 +2319,7 @@ func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 	return job.Errorf("No such container: %s", name)
 }
 
-func NewServer(eng *engine.Engine, config *DaemonConfig) (*Server, error) {
+func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) {
 	runtime, err := NewRuntime(config, eng)
 	if err != nil {
 		return nil, err

From 82a5439835b0bff3ab3dfb169415948dae504d56 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 7 Mar 2014 17:36:47 -0800
Subject: [PATCH 026/384] Move image into sub pkg Docker-DCO-1.1-Signed-off-by:
 Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

---
 container.go                  |  3 +-
 graph.go                      | 59 ++++++++++++++++++-----------------
 image/graph.go                | 11 +++++++
 image.go => image/image.go    | 52 ++++++++----------------------
 integration/api_test.go       |  3 +-
 integration/buildfile_test.go |  3 +-
 integration/commands_test.go  |  3 +-
 integration/graph_test.go     | 39 ++++++++++++-----------
 integration/runtime_test.go   |  3 +-
 runtime.go                    |  5 +--
 server.go                     | 29 ++++++++---------
 tags.go                       |  5 +--
 tags_unit_test.go             |  3 +-
 utils/utils.go                | 29 +++++++++++++++++
 14 files changed, 136 insertions(+), 111 deletions(-)
 create mode 100644 image/graph.go
 rename image.go => image/image.go (86%)

diff --git a/container.go b/container.go
index 50332f27de..9c1a28c98a 100644
--- a/container.go
+++ b/container.go
@@ -8,6 +8,7 @@ import (
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/execdriver"
 	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/links"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/runconfig"
@@ -992,7 +993,7 @@ func (container *Container) Changes() ([]archive.Change, error) {
 	return container.runtime.Changes(container)
 }
 
-func (container *Container) GetImage() (*Image, error) {
+func (container *Container) GetImage() (*image.Image, error) {
 	if container.runtime == nil {
 		return nil, fmt.Errorf("Can't get image of unregistered container")
 	}
diff --git a/graph.go b/graph.go
index 43af2c278a..d164760d4c 100644
--- a/graph.go
+++ b/graph.go
@@ -5,6 +5,7 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
 	"io"
@@ -79,20 +80,20 @@ func (graph *Graph) Exists(id string) bool {
 }
 
 // Get returns the image with the given id, or an error if the image doesn't exist.
-func (graph *Graph) Get(name string) (*Image, error) {
+func (graph *Graph) Get(name string) (*image.Image, error) {
 	id, err := graph.idIndex.Get(name)
 	if err != nil {
 		return nil, err
 	}
 	// FIXME: return nil when the image doesn't exist, instead of an error
-	img, err := LoadImage(graph.imageRoot(id))
+	img, err := image.LoadImage(graph.ImageRoot(id))
 	if err != nil {
 		return nil, err
 	}
 	if img.ID != id {
 		return nil, fmt.Errorf("Image stored at '%s' has wrong id '%s'", id, img.ID)
 	}
-	img.graph = graph
+	img.SetGraph(graph)
 
 	if img.Size < 0 {
 		rootfs, err := graph.driver.Get(img.ID)
@@ -119,7 +120,7 @@ func (graph *Graph) Get(name string) (*Image, error) {
 		}
 
 		img.Size = size
-		if err := img.SaveSize(graph.imageRoot(id)); err != nil {
+		if err := img.SaveSize(graph.ImageRoot(id)); err != nil {
 			return nil, err
 		}
 	}
@@ -127,9 +128,9 @@ func (graph *Graph) Get(name string) (*Image, error) {
 }
 
 // Create creates a new image and registers it in the graph.
-func (graph *Graph) Create(layerData archive.ArchiveReader, container *Container, comment, author string, config *runconfig.Config) (*Image, error) {
-	img := &Image{
-		ID:            GenerateID(),
+func (graph *Graph) Create(layerData archive.ArchiveReader, container *Container, comment, author string, config *runconfig.Config) (*image.Image, error) {
+	img := &image.Image{
+		ID:            utils.GenerateRandomID(),
 		Comment:       comment,
 		Created:       time.Now().UTC(),
 		DockerVersion: dockerversion.VERSION,
@@ -151,7 +152,7 @@ func (graph *Graph) Create(layerData archive.ArchiveReader, container *Container
 
 // Register imports a pre-existing image into the graph.
 // FIXME: pass img as first argument
-func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, img *Image) (err error) {
+func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, img *image.Image) (err error) {
 	defer func() {
 		// If any error occurs, remove the new dir from the driver.
 		// Don't check for errors since the dir might not have been created.
@@ -160,7 +161,7 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i
 			graph.driver.Remove(img.ID)
 		}
 	}()
-	if err := ValidateID(img.ID); err != nil {
+	if err := utils.ValidateID(img.ID); err != nil {
 		return err
 	}
 	// (This is a convenience to save time. Race conditions are taken care of by os.Rename)
@@ -171,7 +172,7 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i
 	// Ensure that the image root does not exist on the filesystem
 	// when it is not registered in the graph.
 	// This is common when you switch from one graph driver to another
-	if err := os.RemoveAll(graph.imageRoot(img.ID)); err != nil && !os.IsNotExist(err) {
+	if err := os.RemoveAll(graph.ImageRoot(img.ID)); err != nil && !os.IsNotExist(err) {
 		return err
 	}
 
@@ -197,12 +198,12 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i
 		return fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err)
 	}
 	defer graph.driver.Put(img.ID)
-	img.graph = graph
-	if err := StoreImage(img, jsonData, layerData, tmp, rootfs); err != nil {
+	img.SetGraph(graph)
+	if err := image.StoreImage(img, jsonData, layerData, tmp, rootfs); err != nil {
 		return err
 	}
 	// Commit
-	if err := os.Rename(tmp, graph.imageRoot(img.ID)); err != nil {
+	if err := os.Rename(tmp, graph.ImageRoot(img.ID)); err != nil {
 		return err
 	}
 	graph.idIndex.Add(img.ID)
@@ -233,7 +234,7 @@ func (graph *Graph) TempLayerArchive(id string, compression archive.Compression,
 
 // Mktemp creates a temporary sub-directory inside the graph's filesystem.
 func (graph *Graph) Mktemp(id string) (string, error) {
-	dir := path.Join(graph.Root, "_tmp", GenerateID())
+	dir := path.Join(graph.Root, "_tmp", utils.GenerateRandomID())
 	if err := os.MkdirAll(dir, 0700); err != nil {
 		return "", err
 	}
@@ -320,7 +321,7 @@ func (graph *Graph) Delete(name string) error {
 		return err
 	}
 	graph.idIndex.Delete(id)
-	err = os.Rename(graph.imageRoot(id), tmp)
+	err = os.Rename(graph.ImageRoot(id), tmp)
 	if err != nil {
 		return err
 	}
@@ -331,9 +332,9 @@ func (graph *Graph) Delete(name string) error {
 }
 
 // Map returns a list of all images in the graph, addressable by ID.
-func (graph *Graph) Map() (map[string]*Image, error) {
-	images := make(map[string]*Image)
-	err := graph.walkAll(func(image *Image) {
+func (graph *Graph) Map() (map[string]*image.Image, error) {
+	images := make(map[string]*image.Image)
+	err := graph.walkAll(func(image *image.Image) {
 		images[image.ID] = image
 	})
 	if err != nil {
@@ -344,7 +345,7 @@ func (graph *Graph) Map() (map[string]*Image, error) {
 
 // walkAll iterates over each image in the graph, and passes it to a handler.
 // The walking order is undetermined.
-func (graph *Graph) walkAll(handler func(*Image)) error {
+func (graph *Graph) walkAll(handler func(*image.Image)) error {
 	files, err := ioutil.ReadDir(graph.Root)
 	if err != nil {
 		return err
@@ -364,17 +365,17 @@ func (graph *Graph) walkAll(handler func(*Image)) error {
 // If an image of id ID has 3 children images, then the value for key ID
 // will be a list of 3 images.
 // If an image has no children, it will not have an entry in the table.
-func (graph *Graph) ByParent() (map[string][]*Image, error) {
-	byParent := make(map[string][]*Image)
-	err := graph.walkAll(func(image *Image) {
-		parent, err := graph.Get(image.Parent)
+func (graph *Graph) ByParent() (map[string][]*image.Image, error) {
+	byParent := make(map[string][]*image.Image)
+	err := graph.walkAll(func(img *image.Image) {
+		parent, err := graph.Get(img.Parent)
 		if err != nil {
 			return
 		}
 		if children, exists := byParent[parent.ID]; exists {
-			byParent[parent.ID] = append(children, image)
+			byParent[parent.ID] = append(children, img)
 		} else {
-			byParent[parent.ID] = []*Image{image}
+			byParent[parent.ID] = []*image.Image{img}
 		}
 	})
 	return byParent, err
@@ -382,13 +383,13 @@ func (graph *Graph) ByParent() (map[string][]*Image, error) {
 
 // Heads returns all heads in the graph, keyed by id.
 // A head is an image which is not the parent of another image in the graph.
-func (graph *Graph) Heads() (map[string]*Image, error) {
-	heads := make(map[string]*Image)
+func (graph *Graph) Heads() (map[string]*image.Image, error) {
+	heads := make(map[string]*image.Image)
 	byParent, err := graph.ByParent()
 	if err != nil {
 		return nil, err
 	}
-	err = graph.walkAll(func(image *Image) {
+	err = graph.walkAll(func(image *image.Image) {
 		// If it's not in the byParent lookup table, then
 		// it's not a parent -> so it's a head!
 		if _, exists := byParent[image.ID]; !exists {
@@ -398,7 +399,7 @@ func (graph *Graph) Heads() (map[string]*Image, error) {
 	return heads, err
 }
 
-func (graph *Graph) imageRoot(id string) string {
+func (graph *Graph) ImageRoot(id string) string {
 	return path.Join(graph.Root, id)
 }
 
diff --git a/image/graph.go b/image/graph.go
new file mode 100644
index 0000000000..857c09edd9
--- /dev/null
+++ b/image/graph.go
@@ -0,0 +1,11 @@
+package image
+
+import (
+	"github.com/dotcloud/docker/graphdriver"
+)
+
+type Graph interface {
+	Get(id string) (*Image, error)
+	ImageRoot(id string) string
+	Driver() graphdriver.Driver
+}
diff --git a/image.go b/image/image.go
similarity index 86%
rename from image.go
rename to image/image.go
index fa5b65787c..e091879049 100644
--- a/image.go
+++ b/image/image.go
@@ -1,20 +1,16 @@
-package docker
+package image
 
 import (
-	"crypto/rand"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
-	"io"
 	"io/ioutil"
 	"os"
 	"path"
 	"strconv"
-	"strings"
 	"time"
 )
 
@@ -30,8 +26,9 @@ type Image struct {
 	Config          *runconfig.Config `json:"config,omitempty"`
 	Architecture    string            `json:"architecture,omitempty"`
 	OS              string            `json:"os,omitempty"`
-	graph           *Graph
 	Size            int64
+
+	graph Graph
 }
 
 func LoadImage(root string) (*Image, error) {
@@ -45,7 +42,7 @@ func LoadImage(root string) (*Image, error) {
 	if err := json.Unmarshal(jsonData, img); err != nil {
 		return nil, err
 	}
-	if err := ValidateID(img.ID); err != nil {
+	if err := utils.ValidateID(img.ID); err != nil {
 		return nil, err
 	}
 
@@ -72,7 +69,7 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro
 	var (
 		size   int64
 		err    error
-		driver = img.graph.driver
+		driver = img.graph.Driver()
 	)
 	if err := os.MkdirAll(layer, 0755); err != nil {
 		return err
@@ -136,6 +133,10 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro
 	return nil
 }
 
+func (img *Image) SetGraph(graph Graph) {
+	img.graph = graph
+}
+
 // SaveSize stores the current `size` value of `img` in the directory `root`.
 func (img *Image) SaveSize(root string) error {
 	if err := ioutil.WriteFile(path.Join(root, "layersize"), []byte(strconv.Itoa(int(img.Size))), 0600); err != nil {
@@ -153,7 +154,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) {
 	if img.graph == nil {
 		return nil, fmt.Errorf("Can't load storage driver for unregistered image %s", img.ID)
 	}
-	driver := img.graph.driver
+	driver := img.graph.Driver()
 	if differ, ok := driver.(graphdriver.Differ); ok {
 		return differ.Diff(img.ID)
 	}
@@ -201,33 +202,6 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) {
 	}), nil
 }
 
-func ValidateID(id string) error {
-	if id == "" {
-		return fmt.Errorf("Image id can't be empty")
-	}
-	if strings.Contains(id, ":") {
-		return fmt.Errorf("Invalid character in image id: ':'")
-	}
-	return nil
-}
-
-func GenerateID() string {
-	for {
-		id := make([]byte, 32)
-		if _, err := io.ReadFull(rand.Reader, id); err != nil {
-			panic(err) // This shouldn't happen
-		}
-		value := hex.EncodeToString(id)
-		// if we try to parse the truncated for as an int and we don't have
-		// an error then the value is all numberic and causes issues when
-		// used as a hostname. ref #3869
-		if _, err := strconv.Atoi(utils.TruncateID(value)); err == nil {
-			continue
-		}
-		return value
-	}
-}
-
 // Image includes convenience proxy functions to its graph
 // These functions will return an error if the image is not registered
 // (ie. if image.graph == nil)
@@ -274,16 +248,16 @@ func (img *Image) root() (string, error) {
 	if img.graph == nil {
 		return "", fmt.Errorf("Can't lookup root of unregistered image")
 	}
-	return img.graph.imageRoot(img.ID), nil
+	return img.graph.ImageRoot(img.ID), nil
 }
 
-func (img *Image) getParentsSize(size int64) int64 {
+func (img *Image) GetParentsSize(size int64) int64 {
 	parentImage, err := img.GetParent()
 	if err != nil || parentImage == nil {
 		return size
 	}
 	size += parentImage.Size
-	return parentImage.getParentsSize(size)
+	return parentImage.GetParentsSize(size)
 }
 
 // Depth returns the number of parents for a
diff --git a/integration/api_test.go b/integration/api_test.go
index cb92d89858..c050b4934d 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
@@ -287,7 +288,7 @@ func TestGetImagesByName(t *testing.T) {
 	}
 	assertHttpNotError(r, t)
 
-	img := &docker.Image{}
+	img := &image.Image{}
 	if err := json.Unmarshal(r.Body.Bytes(), img); err != nil {
 		t.Fatal(err)
 	}
diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index efab9707ec..e5084d4355 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -5,6 +5,7 @@ import (
 	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"net"
@@ -350,7 +351,7 @@ func TestBuild(t *testing.T) {
 	}
 }
 
-func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, useCache bool) (*docker.Image, error) {
+func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, useCache bool) (*image.Image, error) {
 	if eng == nil {
 		eng = NewTestEngine(t)
 		runtime := mkRuntimeFromEngine(eng, t)
diff --git a/integration/commands_test.go b/integration/commands_test.go
index 9f7a41384c..6d3ac86347 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/term"
 	"github.com/dotcloud/docker/utils"
 	"io"
@@ -902,7 +903,7 @@ func TestImagesTree(t *testing.T) {
 	})
 }
 
-func buildTestImages(t *testing.T, eng *engine.Engine) *docker.Image {
+func buildTestImages(t *testing.T, eng *engine.Engine) *image.Image {
 
 	var testBuilder = testContextTemplate{
 		`
diff --git a/integration/graph_test.go b/integration/graph_test.go
index ff1c0d9361..4fd612b5ac 100644
--- a/integration/graph_test.go
+++ b/integration/graph_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -67,8 +68,8 @@ func TestInterruptedRegister(t *testing.T) {
 	graph, _ := tempGraph(t)
 	defer nukeGraph(graph)
 	badArchive, w := io.Pipe() // Use a pipe reader as a fake archive which never yields data
-	image := &docker.Image{
-		ID:      docker.GenerateID(),
+	image := &image.Image{
+		ID:      utils.GenerateRandomID(),
 		Comment: "testing",
 		Created: time.Now(),
 	}
@@ -96,18 +97,18 @@ func TestGraphCreate(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	image, err := graph.Create(archive, nil, "Testing", "", nil)
+	img, err := graph.Create(archive, nil, "Testing", "", nil)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := docker.ValidateID(image.ID); err != nil {
+	if err := utils.ValidateID(img.ID); err != nil {
 		t.Fatal(err)
 	}
-	if image.Comment != "Testing" {
-		t.Fatalf("Wrong comment: should be '%s', not '%s'", "Testing", image.Comment)
+	if img.Comment != "Testing" {
+		t.Fatalf("Wrong comment: should be '%s', not '%s'", "Testing", img.Comment)
 	}
-	if image.DockerVersion != dockerversion.VERSION {
-		t.Fatalf("Wrong docker_version: should be '%s', not '%s'", dockerversion.VERSION, image.DockerVersion)
+	if img.DockerVersion != dockerversion.VERSION {
+		t.Fatalf("Wrong docker_version: should be '%s', not '%s'", dockerversion.VERSION, img.DockerVersion)
 	}
 	images, err := graph.Map()
 	if err != nil {
@@ -115,8 +116,8 @@ func TestGraphCreate(t *testing.T) {
 	} else if l := len(images); l != 1 {
 		t.Fatalf("Wrong number of images. Should be %d, not %d", 1, l)
 	}
-	if images[image.ID] == nil {
-		t.Fatalf("Could not find image with id %s", image.ID)
+	if images[img.ID] == nil {
+		t.Fatalf("Could not find image with id %s", img.ID)
 	}
 }
 
@@ -127,8 +128,8 @@ func TestRegister(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	image := &docker.Image{
-		ID:      docker.GenerateID(),
+	image := &image.Image{
+		ID:      utils.GenerateRandomID(),
 		Comment: "testing",
 		Created: time.Now(),
 	}
@@ -164,7 +165,7 @@ func TestDeletePrefix(t *testing.T) {
 	assertNImages(graph, t, 0)
 }
 
-func createTestImage(graph *docker.Graph, t *testing.T) *docker.Image {
+func createTestImage(graph *docker.Graph, t *testing.T) *image.Image {
 	archive, err := fakeTar()
 	if err != nil {
 		t.Fatal(err)
@@ -243,20 +244,20 @@ func TestByParent(t *testing.T) {
 
 	graph, _ := tempGraph(t)
 	defer nukeGraph(graph)
-	parentImage := &docker.Image{
-		ID:      docker.GenerateID(),
+	parentImage := &image.Image{
+		ID:      utils.GenerateRandomID(),
 		Comment: "parent",
 		Created: time.Now(),
 		Parent:  "",
 	}
-	childImage1 := &docker.Image{
-		ID:      docker.GenerateID(),
+	childImage1 := &image.Image{
+		ID:      utils.GenerateRandomID(),
 		Comment: "child1",
 		Created: time.Now(),
 		Parent:  parentImage.ID,
 	}
-	childImage2 := &docker.Image{
-		ID:      docker.GenerateID(),
+	childImage2 := &image.Image{
+		ID:      utils.GenerateRandomID(),
 		Comment: "child2",
 		Created: time.Now(),
 		Parent:  parentImage.ID,
diff --git a/integration/runtime_test.go b/integration/runtime_test.go
index 1e912c1bb4..a79f84365a 100644
--- a/integration/runtime_test.go
+++ b/integration/runtime_test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/sysinit"
@@ -172,7 +173,7 @@ func spawnGlobalDaemon() {
 
 // FIXME: test that ImagePull(json=true) send correct json output
 
-func GetTestImage(runtime *docker.Runtime) *docker.Image {
+func GetTestImage(runtime *docker.Runtime) *image.Image {
 	imgs, err := runtime.Graph().Map()
 	if err != nil {
 		log.Fatalf("Unable to get the test image: %s", err)
diff --git a/runtime.go b/runtime.go
index d1aeef4f97..81bc9cbded 100644
--- a/runtime.go
+++ b/runtime.go
@@ -15,6 +15,7 @@ import (
 	_ "github.com/dotcloud/docker/graphdriver/btrfs"
 	_ "github.com/dotcloud/docker/graphdriver/devmapper"
 	_ "github.com/dotcloud/docker/graphdriver/vfs"
+	"github.com/dotcloud/docker/image"
 	_ "github.com/dotcloud/docker/networkdriver/lxc"
 	"github.com/dotcloud/docker/networkdriver/portallocator"
 	"github.com/dotcloud/docker/pkg/graphdb"
@@ -396,7 +397,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 
 	// Generate id
-	id := GenerateID()
+	id := utils.GenerateRandomID()
 
 	if name == "" {
 		name, err = generateRandomName(runtime)
@@ -539,7 +540,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 
 // Commit creates a new filesystem image from the current state of a container.
 // The image can optionally be tagged into a repository
-func (runtime *Runtime) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*Image, error) {
+func (runtime *Runtime) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*image.Image, error) {
 	// FIXME: freeze the container before copying it to avoid data corruption?
 	// FIXME: this shouldn't be in commands.
 	if err := container.Mount(); err != nil {
diff --git a/server.go b/server.go
index 70ee7f241b..37402ee502 100644
--- a/server.go
+++ b/server.go
@@ -8,6 +8,7 @@ import (
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
@@ -362,8 +363,8 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) exportImage(image *Image, tempdir string) error {
-	for i := image; i != nil; {
+func (srv *Server) exportImage(img *image.Image, tempdir string) error {
+	for i := img; i != nil; {
 		// temporary directory
 		tmpImageDir := path.Join(tempdir, i.ID)
 		if err := os.Mkdir(tmpImageDir, os.ModeDir); err != nil {
@@ -580,7 +581,7 @@ func (srv *Server) recursiveLoad(address, tmpImageDir string) error {
 			utils.Debugf("Error reading embedded tar", err)
 			return err
 		}
-		img, err := NewImgJSON(imageJson)
+		img, err := image.NewImgJSON(imageJson)
 		if err != nil {
 			utils.Debugf("Error unmarshalling json", err)
 			return err
@@ -690,7 +691,7 @@ func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
 	job.Stdout.Write([]byte("digraph docker {\n"))
 
 	var (
-		parentImage *Image
+		parentImage *image.Image
 		err         error
 	)
 	for _, image := range images {
@@ -722,7 +723,7 @@ func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
 
 func (srv *Server) Images(job *engine.Job) engine.Status {
 	var (
-		allImages map[string]*Image
+		allImages map[string]*image.Image
 		err       error
 	)
 	if job.GetenvBool("all") {
@@ -757,7 +758,7 @@ func (srv *Server) Images(job *engine.Job) engine.Status {
 				out.Set("Id", image.ID)
 				out.SetInt64("Created", image.Created.Unix())
 				out.SetInt64("Size", image.Size)
-				out.SetInt64("VirtualSize", image.getParentsSize(0)+image.Size)
+				out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
 				lookup[id] = out
 			}
 
@@ -778,7 +779,7 @@ func (srv *Server) Images(job *engine.Job) engine.Status {
 			out.Set("Id", image.ID)
 			out.SetInt64("Created", image.Created.Unix())
 			out.SetInt64("Size", image.Size)
-			out.SetInt64("VirtualSize", image.getParentsSize(0)+image.Size)
+			out.SetInt64("VirtualSize", image.GetParentsSize(0)+image.Size)
 			outs.Add(out)
 		}
 	}
@@ -838,7 +839,7 @@ func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
 		return job.Errorf("Usage: %s IMAGE", job.Name)
 	}
 	name := job.Args[0]
-	image, err := srv.runtime.repositories.LookupImage(name)
+	foundImage, err := srv.runtime.repositories.LookupImage(name)
 	if err != nil {
 		return job.Error(err)
 	}
@@ -855,7 +856,7 @@ func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
 	}
 
 	outs := engine.NewTable("Created", 0)
-	err = image.WalkHistory(func(img *Image) error {
+	err = foundImage.WalkHistory(func(img *image.Image) error {
 		out := &engine.Env{}
 		out.Set("Id", img.ID)
 		out.SetInt64("Created", img.Created.Unix())
@@ -1098,7 +1099,7 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin
 				// FIXME: Keep going in case of error?
 				return err
 			}
-			img, err := NewImgJSON(imgJSON)
+			img, err := image.NewImgJSON(imgJSON)
 			if err != nil {
 				out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
 				return fmt.Errorf("Failed to parse json: %s", err)
@@ -1946,7 +1947,7 @@ func (srv *Server) canDeleteImage(imgID string) error {
 			return err
 		}
 
-		if err := parent.WalkHistory(func(p *Image) error {
+		if err := parent.WalkHistory(func(p *image.Image) error {
 			if imgID == p.ID {
 				return fmt.Errorf("Conflict, cannot delete %s because the container %s is using it", utils.TruncateID(imgID), utils.TruncateID(container.ID))
 			}
@@ -1958,7 +1959,7 @@ func (srv *Server) canDeleteImage(imgID string) error {
 	return nil
 }
 
-func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*Image, error) {
+func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) {
 
 	// Retrieve all images
 	images, err := srv.runtime.graph.Map()
@@ -1976,7 +1977,7 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*Imag
 	}
 
 	// Loop on the children of the given image and check the config
-	var match *Image
+	var match *image.Image
 	for elem := range imageMap[imgID] {
 		img, err := srv.runtime.graph.Get(elem)
 		if err != nil {
@@ -2242,7 +2243,7 @@ func (srv *Server) ContainerInspect(name string) (*Container, error) {
 	return nil, fmt.Errorf("No such container: %s", name)
 }
 
-func (srv *Server) ImageInspect(name string) (*Image, error) {
+func (srv *Server) ImageInspect(name string) (*image.Image, error) {
 	if image, err := srv.runtime.repositories.LookupImage(name); err == nil && image != nil {
 		return image, nil
 	}
diff --git a/tags.go b/tags.go
index 92c32b1ff5..27e19cd671 100644
--- a/tags.go
+++ b/tags.go
@@ -3,6 +3,7 @@ package docker
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"os"
@@ -65,7 +66,7 @@ func (store *TagStore) Reload() error {
 	return nil
 }
 
-func (store *TagStore) LookupImage(name string) (*Image, error) {
+func (store *TagStore) LookupImage(name string) (*image.Image, error) {
 	// FIXME: standardize on returning nil when the image doesn't exist, and err for everything else
 	// (so we can pass all errors here)
 	repos, tag := utils.ParseRepositoryTag(name)
@@ -195,7 +196,7 @@ func (store *TagStore) Get(repoName string) (Repository, error) {
 	return nil, nil
 }
 
-func (store *TagStore) GetImage(repoName, tagOrID string) (*Image, error) {
+func (store *TagStore) GetImage(repoName, tagOrID string) (*image.Image, error) {
 	repo, err := store.Get(repoName)
 	if err != nil {
 		return nil, err
diff --git a/tags_unit_test.go b/tags_unit_test.go
index b6236280a8..8ee913f527 100644
--- a/tags_unit_test.go
+++ b/tags_unit_test.go
@@ -2,6 +2,7 @@ package docker
 
 import (
 	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"os"
 	"path"
@@ -30,7 +31,7 @@ func mkTestTagStore(root string, t *testing.T) *TagStore {
 	if err != nil {
 		t.Fatal(err)
 	}
-	img := &Image{ID: testImageID}
+	img := &image.Image{ID: testImageID}
 	// FIXME: this fails on Darwin with:
 	// tags_unit_test.go:36: mkdir /var/folders/7g/b3ydb5gx4t94ndr_cljffbt80000gq/T/docker-test569b-tRunner-075013689/vfs/dir/foo/etc/postgres: permission denied
 	if err := graph.Register(nil, archive, img); err != nil {
diff --git a/utils/utils.go b/utils/utils.go
index 07b8f6a3d0..e4cb04f39c 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"bytes"
+	"crypto/rand"
 	"crypto/sha1"
 	"crypto/sha256"
 	"encoding/hex"
@@ -493,6 +494,34 @@ func TruncateID(id string) string {
 	return id[:shortLen]
 }
 
+// GenerateRandomID returns an unique id
+func GenerateRandomID() string {
+	for {
+		id := make([]byte, 32)
+		if _, err := io.ReadFull(rand.Reader, id); err != nil {
+			panic(err) // This shouldn't happen
+		}
+		value := hex.EncodeToString(id)
+		// if we try to parse the truncated for as an int and we don't have
+		// an error then the value is all numberic and causes issues when
+		// used as a hostname. ref #3869
+		if _, err := strconv.Atoi(TruncateID(value)); err == nil {
+			continue
+		}
+		return value
+	}
+}
+
+func ValidateID(id string) error {
+	if id == "" {
+		return fmt.Errorf("Id can't be empty")
+	}
+	if strings.Contains(id, ":") {
+		return fmt.Errorf("Invalid character in id: ':'")
+	}
+	return nil
+}
+
 // Code c/c from io.Copy() modified to handle escape sequence
 func CopyEscapable(dst io.Writer, src io.ReadCloser) (written int64, err error) {
 	buf := make([]byte, 32*1024)

From 01b6b2be73a6f40e0179e0217385eea6b41100a5 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 7 Mar 2014 18:04:38 -0800
Subject: [PATCH 027/384] Move graph and tags to graph sub pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 graph.go => graph/graph.go                   | 14 ++++-----
 tags.go => graph/tags.go                     |  2 +-
 tags_unit_test.go => graph/tags_unit_test.go | 23 ++++++++++++++-
 integration/graph_test.go                    | 24 ++++++++--------
 runtime.go                                   | 30 +++++++++++++-------
 server.go                                    | 11 +++----
 utils_test.go                                | 24 ----------------
 volumes.go                                   |  4 +--
 8 files changed, 70 insertions(+), 62 deletions(-)
 rename graph.go => graph/graph.go (97%)
 rename tags.go => graph/tags.go (99%)
 rename tags_unit_test.go => graph/tags_unit_test.go (76%)
 delete mode 100644 utils_test.go

diff --git a/graph.go b/graph/graph.go
similarity index 97%
rename from graph.go
rename to graph/graph.go
index d164760d4c..01659b549f 100644
--- a/graph.go
+++ b/graph/graph.go
@@ -1,4 +1,4 @@
-package docker
+package graph
 
 import (
 	"fmt"
@@ -128,7 +128,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) {
 }
 
 // Create creates a new image and registers it in the graph.
-func (graph *Graph) Create(layerData archive.ArchiveReader, container *Container, comment, author string, config *runconfig.Config) (*image.Image, error) {
+func (graph *Graph) Create(layerData archive.ArchiveReader, containerID, containerImage, comment, author string, containerConfig, config *runconfig.Config) (*image.Image, error) {
 	img := &image.Image{
 		ID:            utils.GenerateRandomID(),
 		Comment:       comment,
@@ -139,10 +139,10 @@ func (graph *Graph) Create(layerData archive.ArchiveReader, container *Container
 		Architecture:  runtime.GOARCH,
 		OS:            runtime.GOOS,
 	}
-	if container != nil {
-		img.Parent = container.Image
-		img.Container = container.ID
-		img.ContainerConfig = *container.Config
+	if containerID != "" {
+		img.Parent = containerImage
+		img.Container = containerID
+		img.ContainerConfig = *containerConfig
 	}
 	if err := graph.Register(nil, layerData, img); err != nil {
 		return nil, err
@@ -247,7 +247,7 @@ func (graph *Graph) Mktemp(id string) (string, error) {
 //
 // This extra layer is used by all containers as the top-most ro layer. It protects
 // the container from unwanted side-effects on the rw layer.
-func setupInitLayer(initLayer string) error {
+func SetupInitLayer(initLayer string) error {
 	for pth, typ := range map[string]string{
 		"/dev/pts":         "dir",
 		"/dev/shm":         "dir",
diff --git a/tags.go b/graph/tags.go
similarity index 99%
rename from tags.go
rename to graph/tags.go
index 27e19cd671..524e1a1f9d 100644
--- a/tags.go
+++ b/graph/tags.go
@@ -1,4 +1,4 @@
-package docker
+package graph
 
 import (
 	"encoding/json"
diff --git a/tags_unit_test.go b/graph/tags_unit_test.go
similarity index 76%
rename from tags_unit_test.go
rename to graph/tags_unit_test.go
index 8ee913f527..153f94db3d 100644
--- a/tags_unit_test.go
+++ b/graph/tags_unit_test.go
@@ -1,9 +1,13 @@
-package docker
+package graph
 
 import (
+	"bytes"
 	"github.com/dotcloud/docker/graphdriver"
+	_ "github.com/dotcloud/docker/graphdriver/vfs" // import the vfs driver so it is used in the tests
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
+	"io"
 	"os"
 	"path"
 	"testing"
@@ -14,6 +18,23 @@ const (
 	testImageID   = "foo"
 )
 
+func fakeTar() (io.Reader, error) {
+	content := []byte("Hello world!\n")
+	buf := new(bytes.Buffer)
+	tw := tar.NewWriter(buf)
+	for _, name := range []string{"/etc/postgres/postgres.conf", "/etc/passwd", "/var/log/postgres/postgres.conf"} {
+		hdr := new(tar.Header)
+		hdr.Size = int64(len(content))
+		hdr.Name = name
+		if err := tw.WriteHeader(hdr); err != nil {
+			return nil, err
+		}
+		tw.Write([]byte(content))
+	}
+	tw.Close()
+	return buf, nil
+}
+
 func mkTestTagStore(root string, t *testing.T) *TagStore {
 	driver, err := graphdriver.New(root)
 	if err != nil {
diff --git a/integration/graph_test.go b/integration/graph_test.go
index 4fd612b5ac..e575a252f3 100644
--- a/integration/graph_test.go
+++ b/integration/graph_test.go
@@ -2,9 +2,9 @@ package docker
 
 import (
 	"errors"
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
@@ -25,7 +25,7 @@ func TestMount(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	image, err := graph.Create(archive, nil, "Testing", "", nil)
+	image, err := graph.Create(archive, "", "", "Testing", "", nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -97,7 +97,7 @@ func TestGraphCreate(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	img, err := graph.Create(archive, nil, "Testing", "", nil)
+	img, err := graph.Create(archive, "", "", "Testing", "", nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -165,12 +165,12 @@ func TestDeletePrefix(t *testing.T) {
 	assertNImages(graph, t, 0)
 }
 
-func createTestImage(graph *docker.Graph, t *testing.T) *image.Image {
+func createTestImage(graph *graph.Graph, t *testing.T) *image.Image {
 	archive, err := fakeTar()
 	if err != nil {
 		t.Fatal(err)
 	}
-	img, err := graph.Create(archive, nil, "Test image", "", nil)
+	img, err := graph.Create(archive, "", "", "Test image", "", nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -185,7 +185,7 @@ func TestDelete(t *testing.T) {
 		t.Fatal(err)
 	}
 	assertNImages(graph, t, 0)
-	img, err := graph.Create(archive, nil, "Bla bla", "", nil)
+	img, err := graph.Create(archive, "", "", "Bla bla", "", nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -200,7 +200,7 @@ func TestDelete(t *testing.T) {
 		t.Fatal(err)
 	}
 	// Test 2 create (same name) / 1 delete
-	img1, err := graph.Create(archive, nil, "Testing", "", nil)
+	img1, err := graph.Create(archive, "", "", "Testing", "", nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -208,7 +208,7 @@ func TestDelete(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if _, err = graph.Create(archive, nil, "Testing", "", nil); err != nil {
+	if _, err = graph.Create(archive, "", "", "Testing", "", nil, nil); err != nil {
 		t.Fatal(err)
 	}
 	assertNImages(graph, t, 2)
@@ -280,7 +280,7 @@ func TestByParent(t *testing.T) {
  * HELPER FUNCTIONS
  */
 
-func assertNImages(graph *docker.Graph, t *testing.T, n int) {
+func assertNImages(graph *graph.Graph, t *testing.T, n int) {
 	if images, err := graph.Map(); err != nil {
 		t.Fatal(err)
 	} else if actualN := len(images); actualN != n {
@@ -288,7 +288,7 @@ func assertNImages(graph *docker.Graph, t *testing.T, n int) {
 	}
 }
 
-func tempGraph(t *testing.T) (*docker.Graph, graphdriver.Driver) {
+func tempGraph(t *testing.T) (*graph.Graph, graphdriver.Driver) {
 	tmp, err := ioutil.TempDir("", "docker-graph-")
 	if err != nil {
 		t.Fatal(err)
@@ -297,14 +297,14 @@ func tempGraph(t *testing.T) (*docker.Graph, graphdriver.Driver) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	graph, err := docker.NewGraph(tmp, driver)
+	graph, err := graph.NewGraph(tmp, driver)
 	if err != nil {
 		t.Fatal(err)
 	}
 	return graph, driver
 }
 
-func nukeGraph(graph *docker.Graph) {
+func nukeGraph(graph *graph.Graph) {
 	graph.Driver().Cleanup()
 	os.RemoveAll(graph.Root)
 }
diff --git a/runtime.go b/runtime.go
index 81bc9cbded..2608701b9b 100644
--- a/runtime.go
+++ b/runtime.go
@@ -10,6 +10,7 @@ import (
 	"github.com/dotcloud/docker/execdriver"
 	"github.com/dotcloud/docker/execdriver/lxc"
 	"github.com/dotcloud/docker/execdriver/native"
+	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/graphdriver/aufs"
 	_ "github.com/dotcloud/docker/graphdriver/btrfs"
@@ -48,11 +49,11 @@ type Runtime struct {
 	repository     string
 	sysInitPath    string
 	containers     *list.List
-	graph          *Graph
-	repositories   *TagStore
+	graph          *graph.Graph
+	repositories   *graph.TagStore
 	idIndex        *utils.TruncIndex
 	sysInfo        *sysinfo.SysInfo
-	volumes        *Graph
+	volumes        *graph.Graph
 	srv            *Server
 	eng            *engine.Engine
 	config         *daemonconfig.Config
@@ -486,7 +487,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 	defer runtime.driver.Put(initID)
 
-	if err := setupInitLayer(initPath); err != nil {
+	if err := graph.SetupInitLayer(initPath); err != nil {
 		return nil, nil, err
 	}
 
@@ -555,7 +556,16 @@ func (runtime *Runtime) Commit(container *Container, repository, tag, comment, a
 	defer rwTar.Close()
 
 	// Create a new image from the container's base layers + a new layer from container changes
-	img, err := runtime.graph.Create(rwTar, container, comment, author, config)
+	var (
+		containerID, containerImage string
+		containerConfig             *runconfig.Config
+	)
+	if container != nil {
+		containerID = container.ID
+		containerImage = container.Image
+		containerConfig = container.Config
+	}
+	img, err := runtime.graph.Create(rwTar, containerID, containerImage, comment, author, containerConfig, config)
 	if err != nil {
 		return nil, err
 	}
@@ -654,13 +664,13 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 
 	if ad, ok := driver.(*aufs.Driver); ok {
 		utils.Debugf("Migrating existing containers")
-		if err := ad.Migrate(config.Root, setupInitLayer); err != nil {
+		if err := ad.Migrate(config.Root, graph.SetupInitLayer); err != nil {
 			return nil, err
 		}
 	}
 
 	utils.Debugf("Creating images graph")
-	g, err := NewGraph(path.Join(config.Root, "graph"), driver)
+	g, err := graph.NewGraph(path.Join(config.Root, "graph"), driver)
 	if err != nil {
 		return nil, err
 	}
@@ -672,12 +682,12 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 		return nil, err
 	}
 	utils.Debugf("Creating volumes graph")
-	volumes, err := NewGraph(path.Join(config.Root, "volumes"), volumesDriver)
+	volumes, err := graph.NewGraph(path.Join(config.Root, "volumes"), volumesDriver)
 	if err != nil {
 		return nil, err
 	}
 	utils.Debugf("Creating repository list")
-	repositories, err := NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g)
+	repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g)
 	if err != nil {
 		return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
 	}
@@ -878,7 +888,7 @@ func (runtime *Runtime) Nuke() error {
 // which need direct access to runtime.graph.
 // Once the tests switch to using engine and jobs, this method
 // can go away.
-func (runtime *Runtime) Graph() *Graph {
+func (runtime *Runtime) Graph() *graph.Graph {
 	return runtime.graph
 }
 
diff --git a/server.go b/server.go
index 37402ee502..5c28b262dc 100644
--- a/server.go
+++ b/server.go
@@ -8,6 +8,7 @@ import (
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/registry"
@@ -334,7 +335,7 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status {
 		}
 
 		// write repositories
-		rootRepoMap := map[string]Repository{}
+		rootRepoMap := map[string]graph.Repository{}
 		rootRepoMap[name] = rootRepo
 		rootRepoJson, _ := json.Marshal(rootRepoMap)
 
@@ -547,7 +548,7 @@ func (srv *Server) ImageLoad(job *engine.Job) engine.Status {
 
 	repositoriesJson, err := ioutil.ReadFile(path.Join(tmpImageDir, "repo", "repositories"))
 	if err == nil {
-		repositories := map[string]Repository{}
+		repositories := map[string]graph.Repository{}
 		if err := json.Unmarshal(repositoriesJson, &repositories); err != nil {
 			return job.Error(err)
 		}
@@ -1617,7 +1618,7 @@ func (srv *Server) ImageImport(job *engine.Job) engine.Status {
 		defer progressReader.Close()
 		archive = progressReader
 	}
-	img, err := srv.runtime.graph.Create(archive, nil, "Imported from "+src, "", nil)
+	img, err := srv.runtime.graph.Create(archive, "", "", "Imported from "+src, "", nil, nil)
 	if err != nil {
 		return job.Error(err)
 	}
@@ -1664,7 +1665,7 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 		if srv.runtime.graph.IsNotExist(err) {
 			_, tag := utils.ParseRepositoryTag(config.Image)
 			if tag == "" {
-				tag = DEFAULTTAG
+				tag = graph.DEFAULTTAG
 			}
 			return job.Errorf("No such image: %s (tag: %s)", config.Image, tag)
 		}
@@ -1837,7 +1838,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 
 	repoName, tag = utils.ParseRepositoryTag(name)
 	if tag == "" {
-		tag = DEFAULTTAG
+		tag = graph.DEFAULTTAG
 	}
 
 	img, err := srv.runtime.repositories.LookupImage(name)
diff --git a/utils_test.go b/utils_test.go
deleted file mode 100644
index 31fa12b6ad..0000000000
--- a/utils_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package docker
-
-import (
-	"bytes"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-	"io"
-)
-
-func fakeTar() (io.Reader, error) {
-	content := []byte("Hello world!\n")
-	buf := new(bytes.Buffer)
-	tw := tar.NewWriter(buf)
-	for _, name := range []string{"/etc/postgres/postgres.conf", "/etc/passwd", "/var/log/postgres/postgres.conf"} {
-		hdr := new(tar.Header)
-		hdr.Size = int64(len(content))
-		hdr.Name = name
-		if err := tw.WriteHeader(hdr); err != nil {
-			return nil, err
-		}
-		tw.Write([]byte(content))
-	}
-	tw.Close()
-	return buf, nil
-}
diff --git a/volumes.go b/volumes.go
index 9f76e3698b..8684ff4e59 100644
--- a/volumes.go
+++ b/volumes.go
@@ -216,7 +216,7 @@ func createVolumes(container *Container) error {
 		return err
 	}
 
-	volumesDriver := container.runtime.volumes.driver
+	volumesDriver := container.runtime.volumes.Driver()
 	// Create the requested volumes if they don't exist
 	for volPath := range container.Config.Volumes {
 		volPath = filepath.Clean(volPath)
@@ -246,7 +246,7 @@ func createVolumes(container *Container) error {
 			// Do not pass a container as the parameter for the volume creation.
 			// The graph driver using the container's information ( Image ) to
 			// create the parent.
-			c, err := container.runtime.volumes.Create(nil, nil, "", "", nil)
+			c, err := container.runtime.volumes.Create(nil, "", "", "", "", nil, nil)
 			if err != nil {
 				return err
 			}

From 36c3614fdde079fad178390f651945fba884668a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 7 Mar 2014 18:42:29 -0800
Subject: [PATCH 028/384] Move runtime and container into sub pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 buildfile.go                                  |  17 +-
 integration/api_test.go                       |   4 +-
 integration/commands_test.go                  |  10 +-
 integration/runtime_test.go                   |  14 +-
 integration/utils_test.go                     |  15 +-
 container.go => runtime/container.go          |  40 ++--
 .../container_unit_test.go                    |   6 +-
 runtime.go => runtime/runtime.go              |  51 ++++-
 runtime/server.go                             |   9 +
 sorter.go => runtime/sorter.go                |   2 +-
 state.go => runtime/state.go                  |   2 +-
 runtime/utils.go                              |  44 +++++
 volumes.go => runtime/volumes.go              |   2 +-
 server.go                                     | 181 +++++++++---------
 utils.go                                      |  40 ----
 15 files changed, 251 insertions(+), 186 deletions(-)
 rename container.go => runtime/container.go (96%)
 rename container_unit_test.go => runtime/container_unit_test.go (96%)
 rename runtime.go => runtime/runtime.go (96%)
 create mode 100644 runtime/server.go
 rename sorter.go => runtime/sorter.go (97%)
 rename state.go => runtime/state.go (98%)
 create mode 100644 runtime/utils.go
 rename volumes.go => runtime/volumes.go (99%)

diff --git a/buildfile.go b/buildfile.go
index 6fae6a24a5..160db4d434 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -10,6 +10,7 @@ import (
 	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -34,7 +35,7 @@ type BuildFile interface {
 }
 
 type buildFile struct {
-	runtime *Runtime
+	runtime *runtime.Runtime
 	srv     *Server
 
 	image      string
@@ -74,9 +75,9 @@ func (b *buildFile) clearTmp(containers map[string]struct{}) {
 }
 
 func (b *buildFile) CmdFrom(name string) error {
-	image, err := b.runtime.repositories.LookupImage(name)
+	image, err := b.runtime.Repositories().LookupImage(name)
 	if err != nil {
-		if b.runtime.graph.IsNotExist(err) {
+		if b.runtime.Graph().IsNotExist(err) {
 			remote, tag := utils.ParseRepositoryTag(name)
 			pullRegistryAuth := b.authConfig
 			if len(b.configFile.Configs) > 0 {
@@ -96,7 +97,7 @@ func (b *buildFile) CmdFrom(name string) error {
 			if err := job.Run(); err != nil {
 				return err
 			}
-			image, err = b.runtime.repositories.LookupImage(name)
+			image, err = b.runtime.Repositories().LookupImage(name)
 			if err != nil {
 				return err
 			}
@@ -110,7 +111,7 @@ func (b *buildFile) CmdFrom(name string) error {
 		b.config = image.Config
 	}
 	if b.config.Env == nil || len(b.config.Env) == 0 {
-		b.config.Env = append(b.config.Env, "HOME=/", "PATH="+defaultPathEnv)
+		b.config.Env = append(b.config.Env, "HOME=/", "PATH="+runtime.DefaultPathEnv)
 	}
 	// Process ONBUILD triggers if they exist
 	if nTriggers := len(b.config.OnBuild); nTriggers != 0 {
@@ -371,7 +372,7 @@ func (b *buildFile) checkPathForAddition(orig string) error {
 	return nil
 }
 
-func (b *buildFile) addContext(container *Container, orig, dest string, remote bool) error {
+func (b *buildFile) addContext(container *runtime.Container, orig, dest string, remote bool) error {
 	var (
 		origPath = path.Join(b.contextPath, orig)
 		destPath = path.Join(container.BasefsPath(), dest)
@@ -604,7 +605,7 @@ func (sf *StderrFormater) Write(buf []byte) (int, error) {
 	return len(buf), err
 }
 
-func (b *buildFile) create() (*Container, error) {
+func (b *buildFile) create() (*runtime.Container, error) {
 	if b.image == "" {
 		return nil, fmt.Errorf("Please provide a source image with `from` prior to run")
 	}
@@ -625,7 +626,7 @@ func (b *buildFile) create() (*Container, error) {
 	return c, nil
 }
 
-func (b *buildFile) run(c *Container) error {
+func (b *buildFile) run(c *runtime.Container) error {
 	var errCh chan error
 
 	if b.verbose {
diff --git a/integration/api_test.go b/integration/api_test.go
index c050b4934d..bac4efea53 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -5,12 +5,12 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/utils"
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
@@ -600,7 +600,7 @@ func TestGetContainersByName(t *testing.T) {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
-	outContainer := &docker.Container{}
+	outContainer := &runtime.Container{}
 	if err := json.Unmarshal(r.Body.Bytes(), outContainer); err != nil {
 		t.Fatal(err)
 	}
diff --git a/integration/commands_test.go b/integration/commands_test.go
index 6d3ac86347..46f623bedf 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -3,11 +3,11 @@ package docker
 import (
 	"bufio"
 	"fmt"
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -36,7 +36,7 @@ func closeWrap(args ...io.Closer) error {
 	return nil
 }
 
-func setRaw(t *testing.T, c *docker.Container) *term.State {
+func setRaw(t *testing.T, c *runtime.Container) *term.State {
 	pty, err := c.GetPtyMaster()
 	if err != nil {
 		t.Fatal(err)
@@ -48,7 +48,7 @@ func setRaw(t *testing.T, c *docker.Container) *term.State {
 	return state
 }
 
-func unsetRaw(t *testing.T, c *docker.Container, state *term.State) {
+func unsetRaw(t *testing.T, c *runtime.Container, state *term.State) {
 	pty, err := c.GetPtyMaster()
 	if err != nil {
 		t.Fatal(err)
@@ -56,8 +56,8 @@ func unsetRaw(t *testing.T, c *docker.Container, state *term.State) {
 	term.RestoreTerminal(pty.Fd(), state)
 }
 
-func waitContainerStart(t *testing.T, timeout time.Duration) *docker.Container {
-	var container *docker.Container
+func waitContainerStart(t *testing.T, timeout time.Duration) *runtime.Container {
+	var container *runtime.Container
 
 	setTimeout(t, "Waiting for the container to be started timed out", timeout, func() {
 		for {
diff --git a/integration/runtime_test.go b/integration/runtime_test.go
index a79f84365a..dd478c289e 100644
--- a/integration/runtime_test.go
+++ b/integration/runtime_test.go
@@ -3,11 +3,11 @@ package docker
 import (
 	"bytes"
 	"fmt"
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/sysinit"
 	"github.com/dotcloud/docker/utils"
 	"io"
@@ -16,7 +16,7 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"runtime"
+	goruntime "runtime"
 	"strconv"
 	"strings"
 	"syscall"
@@ -36,14 +36,14 @@ const (
 
 var (
 	// FIXME: globalRuntime is deprecated by globalEngine. All tests should be converted.
-	globalRuntime   *docker.Runtime
+	globalRuntime   *runtime.Runtime
 	globalEngine    *engine.Engine
 	startFds        int
 	startGoroutines int
 )
 
 // FIXME: nuke() is deprecated by Runtime.Nuke()
-func nuke(runtime *docker.Runtime) error {
+func nuke(runtime *runtime.Runtime) error {
 	return runtime.Nuke()
 }
 
@@ -120,7 +120,7 @@ func init() {
 
 	// Create the "global runtime" with a long-running daemon for integration tests
 	spawnGlobalDaemon()
-	startFds, startGoroutines = utils.GetTotalUsedFds(), runtime.NumGoroutine()
+	startFds, startGoroutines = utils.GetTotalUsedFds(), goruntime.NumGoroutine()
 }
 
 func setupBaseImage() {
@@ -173,7 +173,7 @@ func spawnGlobalDaemon() {
 
 // FIXME: test that ImagePull(json=true) send correct json output
 
-func GetTestImage(runtime *docker.Runtime) *image.Image {
+func GetTestImage(runtime *runtime.Runtime) *image.Image {
 	imgs, err := runtime.Graph().Map()
 	if err != nil {
 		log.Fatalf("Unable to get the test image: %s", err)
@@ -357,7 +357,7 @@ func TestGet(t *testing.T) {
 
 }
 
-func startEchoServerContainer(t *testing.T, proto string) (*docker.Runtime, *docker.Container, string) {
+func startEchoServerContainer(t *testing.T, proto string) (*runtime.Runtime, *runtime.Container, string) {
 	var (
 		err     error
 		id      string
diff --git a/integration/utils_test.go b/integration/utils_test.go
index 05d73df52a..88f2cc49c3 100644
--- a/integration/utils_test.go
+++ b/integration/utils_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/dotcloud/docker/builtins"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -27,7 +28,7 @@ import (
 
 // Create a temporary runtime suitable for unit testing.
 // Call t.Fatal() at the first error.
-func mkRuntime(f utils.Fataler) *docker.Runtime {
+func mkRuntime(f utils.Fataler) *runtime.Runtime {
 	eng := newTestEngine(f, false, "")
 	return mkRuntimeFromEngine(eng, f)
 	// FIXME:
@@ -139,7 +140,7 @@ func assertHttpError(r *httptest.ResponseRecorder, t utils.Fataler) {
 	}
 }
 
-func getContainer(eng *engine.Engine, id string, t utils.Fataler) *docker.Container {
+func getContainer(eng *engine.Engine, id string, t utils.Fataler) *runtime.Container {
 	runtime := mkRuntimeFromEngine(eng, t)
 	c := runtime.Get(id)
 	if c == nil {
@@ -160,14 +161,14 @@ func mkServerFromEngine(eng *engine.Engine, t utils.Fataler) *docker.Server {
 	return srv
 }
 
-func mkRuntimeFromEngine(eng *engine.Engine, t utils.Fataler) *docker.Runtime {
+func mkRuntimeFromEngine(eng *engine.Engine, t utils.Fataler) *runtime.Runtime {
 	iRuntime := eng.Hack_GetGlobalVar("httpapi.runtime")
 	if iRuntime == nil {
 		panic("Legacy runtime field not set in engine")
 	}
-	runtime, ok := iRuntime.(*docker.Runtime)
+	runtime, ok := iRuntime.(*runtime.Runtime)
 	if !ok {
-		panic("Legacy runtime field in engine does not cast to *docker.Runtime")
+		panic("Legacy runtime field in engine does not cast to *runtime.Runtime")
 	}
 	return runtime
 }
@@ -249,7 +250,7 @@ func readFile(src string, t *testing.T) (content string) {
 // dynamically replaced by the current test image.
 // The caller is responsible for destroying the container.
 // Call t.Fatal() at the first error.
-func mkContainer(r *docker.Runtime, args []string, t *testing.T) (*docker.Container, *runconfig.HostConfig, error) {
+func mkContainer(r *runtime.Runtime, args []string, t *testing.T) (*runtime.Container, *runconfig.HostConfig, error) {
 	config, hc, _, err := runconfig.Parse(args, nil)
 	defer func() {
 		if err != nil && t != nil {
@@ -280,7 +281,7 @@ func mkContainer(r *docker.Runtime, args []string, t *testing.T) (*docker.Contai
 // and return its standard output as a string.
 // The image name (eg. the XXX in []string{"-i", "-t", "XXX", "bash"}, is dynamically replaced by the current test image.
 // If t is not nil, call t.Fatal() at the first error. Otherwise return errors normally.
-func runContainer(eng *engine.Engine, r *docker.Runtime, args []string, t *testing.T) (output string, err error) {
+func runContainer(eng *engine.Engine, r *runtime.Runtime, args []string, t *testing.T) (output string, err error) {
 	defer func() {
 		if err != nil && t != nil {
 			t.Fatal(err)
diff --git a/container.go b/runtime/container.go
similarity index 96%
rename from container.go
rename to runtime/container.go
index 9c1a28c98a..813147e508 100644
--- a/container.go
+++ b/runtime/container.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import (
 	"encoding/json"
@@ -24,7 +24,7 @@ import (
 	"time"
 )
 
-const defaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+const DefaultPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 var (
 	ErrNotATTY               = errors.New("The PTY is not a file")
@@ -174,7 +174,7 @@ func (container *Container) ToDisk() (err error) {
 	if err != nil {
 		return
 	}
-	return container.writeHostConfig()
+	return container.WriteHostConfig()
 }
 
 func (container *Container) readHostConfig() error {
@@ -193,7 +193,7 @@ func (container *Container) readHostConfig() error {
 	return json.Unmarshal(data, container.hostConfig)
 }
 
-func (container *Container) writeHostConfig() (err error) {
+func (container *Container) WriteHostConfig() (err error) {
 	data, err := json.Marshal(container.hostConfig)
 	if err != nil {
 		return
@@ -451,7 +451,7 @@ func (container *Container) Start() (err error) {
 	// Setup environment
 	env := []string{
 		"HOME=/",
-		"PATH=" + defaultPathEnv,
+		"PATH=" + DefaultPathEnv,
 		"HOSTNAME=" + container.Config.Hostname,
 	}
 
@@ -693,7 +693,7 @@ func (container *Container) allocateNetwork() error {
 			return err
 		}
 		container.Config.PortSpecs = nil
-		if err := container.writeHostConfig(); err != nil {
+		if err := container.WriteHostConfig(); err != nil {
 			return err
 		}
 	}
@@ -751,7 +751,7 @@ func (container *Container) allocateNetwork() error {
 		}
 		bindings[port] = binding
 	}
-	container.writeHostConfig()
+	container.WriteHostConfig()
 
 	container.NetworkSettings.Ports = bindings
 
@@ -850,7 +850,7 @@ func (container *Container) cleanup() {
 	}
 }
 
-func (container *Container) kill(sig int) error {
+func (container *Container) KillSig(sig int) error {
 	container.Lock()
 	defer container.Unlock()
 
@@ -866,7 +866,7 @@ func (container *Container) Kill() error {
 	}
 
 	// 1. Send SIGKILL
-	if err := container.kill(9); err != nil {
+	if err := container.KillSig(9); err != nil {
 		return err
 	}
 
@@ -891,10 +891,10 @@ func (container *Container) Stop(seconds int) error {
 	}
 
 	// 1. Send a SIGTERM
-	if err := container.kill(15); err != nil {
+	if err := container.KillSig(15); err != nil {
 		utils.Debugf("Error sending kill SIGTERM: %s", err)
 		log.Print("Failed to send SIGTERM to the process, force killing")
-		if err := container.kill(9); err != nil {
+		if err := container.KillSig(9); err != nil {
 			return err
 		}
 	}
@@ -1141,3 +1141,21 @@ func (container *Container) GetPtyMaster() (*os.File, error) {
 	}
 	return ttyConsole.Master(), nil
 }
+
+func (container *Container) HostConfig() *runconfig.HostConfig {
+	return container.hostConfig
+}
+
+func (container *Container) SetHostConfig(hostConfig *runconfig.HostConfig) {
+	container.hostConfig = hostConfig
+}
+
+func (container *Container) DisableLink(name string) {
+	if container.activeLinks != nil {
+		if link, exists := container.activeLinks[name]; exists {
+			link.Disable()
+		} else {
+			utils.Debugf("Could not find active link for %s", name)
+		}
+	}
+}
diff --git a/container_unit_test.go b/runtime/container_unit_test.go
similarity index 96%
rename from container_unit_test.go
rename to runtime/container_unit_test.go
index 3877b7f0da..fba036ca50 100644
--- a/container_unit_test.go
+++ b/runtime/container_unit_test.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import (
 	"github.com/dotcloud/docker/nat"
@@ -132,14 +132,14 @@ func TestParseNetworkOptsUdp(t *testing.T) {
 }
 
 func TestGetFullName(t *testing.T) {
-	name, err := getFullName("testing")
+	name, err := GetFullContainerName("testing")
 	if err != nil {
 		t.Fatal(err)
 	}
 	if name != "/testing" {
 		t.Fatalf("Expected /testing got %s", name)
 	}
-	if _, err := getFullName(""); err == nil {
+	if _, err := GetFullContainerName(""); err == nil {
 		t.Fatal("Error should not be nil")
 	}
 }
diff --git a/runtime.go b/runtime/runtime.go
similarity index 96%
rename from runtime.go
rename to runtime/runtime.go
index 2608701b9b..c11c309ad8 100644
--- a/runtime.go
+++ b/runtime/runtime.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import (
 	"container/list"
@@ -40,7 +40,7 @@ import (
 const MaxImageDepth = 127
 
 var (
-	defaultDns                = []string{"8.8.8.8", "8.8.4.4"}
+	DefaultDns                = []string{"8.8.8.8", "8.8.4.4"}
 	validContainerNameChars   = `[a-zA-Z0-9_.-]`
 	validContainerNamePattern = regexp.MustCompile(`^/?` + validContainerNameChars + `+$`)
 )
@@ -54,7 +54,7 @@ type Runtime struct {
 	idIndex        *utils.TruncIndex
 	sysInfo        *sysinfo.SysInfo
 	volumes        *graph.Graph
-	srv            *Server
+	srv            Server
 	eng            *engine.Engine
 	config         *daemonconfig.Config
 	containerGraph *graphdb.Database
@@ -500,8 +500,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 
 	if len(config.Dns) == 0 && len(runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		//"WARNING: Docker detected local DNS server on resolv.conf. Using default external servers: %v", defaultDns
-		runtime.config.Dns = defaultDns
+		runtime.config.Dns = DefaultDns
 	}
 
 	// If custom dns exists, then create a resolv.conf for the container
@@ -578,7 +577,7 @@ func (runtime *Runtime) Commit(container *Container, repository, tag, comment, a
 	return img, nil
 }
 
-func getFullName(name string) (string, error) {
+func GetFullContainerName(name string) (string, error) {
 	if name == "" {
 		return "", fmt.Errorf("Container name cannot be empty")
 	}
@@ -589,7 +588,7 @@ func getFullName(name string) (string, error) {
 }
 
 func (runtime *Runtime) GetByName(name string) (*Container, error) {
-	fullName, err := getFullName(name)
+	fullName, err := GetFullContainerName(name)
 	if err != nil {
 		return nil, err
 	}
@@ -605,7 +604,7 @@ func (runtime *Runtime) GetByName(name string) (*Container, error) {
 }
 
 func (runtime *Runtime) Children(name string) (map[string]*Container, error) {
-	name, err := getFullName(name)
+	name, err := GetFullContainerName(name)
 	if err != nil {
 		return nil, err
 	}
@@ -892,6 +891,42 @@ func (runtime *Runtime) Graph() *graph.Graph {
 	return runtime.graph
 }
 
+func (runtime *Runtime) Repositories() *graph.TagStore {
+	return runtime.repositories
+}
+
+func (runtime *Runtime) Config() *daemonconfig.Config {
+	return runtime.config
+}
+
+func (runtime *Runtime) SystemConfig() *sysinfo.SysInfo {
+	return runtime.sysInfo
+}
+
+func (runtime *Runtime) SystemInitPath() string {
+	return runtime.sysInitPath
+}
+
+func (runtime *Runtime) GraphDriver() graphdriver.Driver {
+	return runtime.driver
+}
+
+func (runtime *Runtime) ExecutionDriver() execdriver.Driver {
+	return runtime.execDriver
+}
+
+func (runtime *Runtime) Volumes() *graph.Graph {
+	return runtime.volumes
+}
+
+func (runtime *Runtime) ContainerGraph() *graphdb.Database {
+	return runtime.containerGraph
+}
+
+func (runtime *Runtime) SetServer(server Server) {
+	runtime.srv = server
+}
+
 // History is a convenience type for storing a list of containers,
 // ordered by creation date.
 type History []*Container
diff --git a/runtime/server.go b/runtime/server.go
new file mode 100644
index 0000000000..0d2b71dea7
--- /dev/null
+++ b/runtime/server.go
@@ -0,0 +1,9 @@
+package runtime
+
+import (
+	"github.com/dotcloud/docker/utils"
+)
+
+type Server interface {
+	LogEvent(action, id, from string) *utils.JSONMessage
+}
diff --git a/sorter.go b/runtime/sorter.go
similarity index 97%
rename from sorter.go
rename to runtime/sorter.go
index b49ac58c24..c5af772dae 100644
--- a/sorter.go
+++ b/runtime/sorter.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import "sort"
 
diff --git a/state.go b/runtime/state.go
similarity index 98%
rename from state.go
rename to runtime/state.go
index 1dc92af204..cce6912b46 100644
--- a/state.go
+++ b/runtime/state.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import (
 	"fmt"
diff --git a/runtime/utils.go b/runtime/utils.go
new file mode 100644
index 0000000000..b343b5b10e
--- /dev/null
+++ b/runtime/utils.go
@@ -0,0 +1,44 @@
+package runtime
+
+import (
+	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/pkg/namesgenerator"
+	"github.com/dotcloud/docker/runconfig"
+)
+
+func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostConfig) error {
+	if config.PortSpecs != nil {
+		ports, bindings, err := nat.ParsePortSpecs(config.PortSpecs)
+		if err != nil {
+			return err
+		}
+		config.PortSpecs = nil
+		if len(bindings) > 0 {
+			if hostConfig == nil {
+				hostConfig = &runconfig.HostConfig{}
+			}
+			hostConfig.PortBindings = bindings
+		}
+
+		if config.ExposedPorts == nil {
+			config.ExposedPorts = make(nat.PortSet, len(ports))
+		}
+		for k, v := range ports {
+			config.ExposedPorts[k] = v
+		}
+	}
+	return nil
+}
+
+type checker struct {
+	runtime *Runtime
+}
+
+func (c *checker) Exists(name string) bool {
+	return c.runtime.containerGraph.Exists("/" + name)
+}
+
+// Generate a random and unique name
+func generateRandomName(runtime *Runtime) (string, error) {
+	return namesgenerator.GenerateRandomName(&checker{runtime})
+}
diff --git a/volumes.go b/runtime/volumes.go
similarity index 99%
rename from volumes.go
rename to runtime/volumes.go
index 8684ff4e59..1a548eca47 100644
--- a/volumes.go
+++ b/runtime/volumes.go
@@ -1,4 +1,4 @@
-package docker
+package runtime
 
 import (
 	"fmt"
diff --git a/server.go b/server.go
index 5c28b262dc..85d56afdb6 100644
--- a/server.go
+++ b/server.go
@@ -13,6 +13,7 @@ import (
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -24,7 +25,7 @@ import (
 	"os/signal"
 	"path"
 	"path/filepath"
-	"runtime"
+	goruntime "runtime"
 	"strconv"
 	"strings"
 	"sync"
@@ -41,9 +42,9 @@ func InitServer(job *engine.Job) engine.Status {
 	if err != nil {
 		return job.Error(err)
 	}
-	if srv.runtime.config.Pidfile != "" {
+	if srv.runtime.Config().Pidfile != "" {
 		job.Logf("Creating pidfile")
-		if err := utils.CreatePidFile(srv.runtime.config.Pidfile); err != nil {
+		if err := utils.CreatePidFile(srv.runtime.Config().Pidfile); err != nil {
 			// FIXME: do we need fatal here instead of returning a job error?
 			log.Fatal(err)
 		}
@@ -54,7 +55,7 @@ func InitServer(job *engine.Job) engine.Status {
 	go func() {
 		sig := <-c
 		log.Printf("Received signal '%v', exiting\n", sig)
-		utils.RemovePidFile(srv.runtime.config.Pidfile)
+		utils.RemovePidFile(srv.runtime.Config().Pidfile)
 		srv.Close()
 		os.Exit(0)
 	}()
@@ -181,10 +182,10 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 			if err := container.Kill(); err != nil {
 				return job.Errorf("Cannot kill container %s: %s", name, err)
 			}
-			srv.LogEvent("kill", container.ID, srv.runtime.repositories.ImageName(container.Image))
+			srv.LogEvent("kill", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 		} else {
 			// Otherwise, just send the requested signal
-			if err := container.kill(int(sig)); err != nil {
+			if err := container.KillSig(int(sig)); err != nil {
 				return job.Errorf("Cannot kill container %s: %s", name, err)
 			}
 			// FIXME: Add event for signals
@@ -293,7 +294,7 @@ func (srv *Server) ContainerExport(job *engine.Job) engine.Status {
 			return job.Errorf("%s: %s", name, err)
 		}
 		// FIXME: factor job-specific LogEvent to engine.Job.Run()
-		srv.LogEvent("export", container.ID, srv.runtime.repositories.ImageName(container.Image))
+		srv.LogEvent("export", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 		return engine.StatusOK
 	}
 	return job.Errorf("No such container: %s", name)
@@ -318,7 +319,7 @@ func (srv *Server) ImageExport(job *engine.Job) engine.Status {
 
 	utils.Debugf("Serializing %s", name)
 
-	rootRepo, err := srv.runtime.repositories.Get(name)
+	rootRepo, err := srv.runtime.Repositories().Get(name)
 	if err != nil {
 		return job.Error(err)
 	}
@@ -494,7 +495,7 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 		return job.Error(err)
 	}
 	if repoName != "" {
-		srv.runtime.repositories.Set(repoName, tag, id, false)
+		srv.runtime.Repositories().Set(repoName, tag, id, false)
 	}
 	return engine.StatusOK
 }
@@ -555,7 +556,7 @@ func (srv *Server) ImageLoad(job *engine.Job) engine.Status {
 
 		for imageName, tagMap := range repositories {
 			for tag, address := range tagMap {
-				if err := srv.runtime.repositories.Set(imageName, tag, address, true); err != nil {
+				if err := srv.runtime.Repositories().Set(imageName, tag, address, true); err != nil {
 					return job.Error(err)
 				}
 			}
@@ -588,13 +589,13 @@ func (srv *Server) recursiveLoad(address, tmpImageDir string) error {
 			return err
 		}
 		if img.Parent != "" {
-			if !srv.runtime.graph.Exists(img.Parent) {
+			if !srv.runtime.Graph().Exists(img.Parent) {
 				if err := srv.recursiveLoad(img.Parent, tmpImageDir); err != nil {
 					return err
 				}
 			}
 		}
-		if err := srv.runtime.graph.Register(imageJson, layer, img); err != nil {
+		if err := srv.runtime.Graph().Register(imageJson, layer, img); err != nil {
 			return err
 		}
 	}
@@ -650,7 +651,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status {
 	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
 
 	out := utils.NewWriteFlusher(job.Stdout)
-	img, err := srv.runtime.repositories.LookupImage(name)
+	img, err := srv.runtime.Repositories().LookupImage(name)
 	if err != nil {
 		return job.Error(err)
 	}
@@ -661,7 +662,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status {
 	}
 	defer file.Body.Close()
 
-	config, _, _, err := runconfig.Parse([]string{img.ID, "echo", "insert", url, path}, srv.runtime.sysInfo)
+	config, _, _, err := runconfig.Parse([]string{img.ID, "echo", "insert", url, path}, srv.runtime.SystemConfig())
 	if err != nil {
 		return job.Error(err)
 	}
@@ -685,7 +686,7 @@ func (srv *Server) ImageInsert(job *engine.Job) engine.Status {
 }
 
 func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
-	images, _ := srv.runtime.graph.Map()
+	images, _ := srv.runtime.Graph().Map()
 	if images == nil {
 		return engine.StatusOK
 	}
@@ -709,7 +710,7 @@ func (srv *Server) ImagesViz(job *engine.Job) engine.Status {
 
 	reporefs := make(map[string][]string)
 
-	for name, repository := range srv.runtime.repositories.Repositories {
+	for name, repository := range srv.runtime.Repositories().Repositories {
 		for tag, id := range repository {
 			reporefs[utils.TruncateID(id)] = append(reporefs[utils.TruncateID(id)], fmt.Sprintf("%s:%s", name, tag))
 		}
@@ -728,22 +729,22 @@ func (srv *Server) Images(job *engine.Job) engine.Status {
 		err       error
 	)
 	if job.GetenvBool("all") {
-		allImages, err = srv.runtime.graph.Map()
+		allImages, err = srv.runtime.Graph().Map()
 	} else {
-		allImages, err = srv.runtime.graph.Heads()
+		allImages, err = srv.runtime.Graph().Heads()
 	}
 	if err != nil {
 		return job.Error(err)
 	}
 	lookup := make(map[string]*engine.Env)
-	for name, repository := range srv.runtime.repositories.Repositories {
+	for name, repository := range srv.runtime.Repositories().Repositories {
 		if job.Getenv("filter") != "" {
 			if match, _ := path.Match(job.Getenv("filter"), name); !match {
 				continue
 			}
 		}
 		for tag, id := range repository {
-			image, err := srv.runtime.graph.Get(id)
+			image, err := srv.runtime.Graph().Get(id)
 			if err != nil {
 				log.Printf("Warning: couldn't load %s from %s/%s: %s", id, name, tag, err)
 				continue
@@ -793,7 +794,7 @@ func (srv *Server) Images(job *engine.Job) engine.Status {
 }
 
 func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
-	images, _ := srv.runtime.graph.Map()
+	images, _ := srv.runtime.Graph().Map()
 	var imgcount int
 	if images == nil {
 		imgcount = 0
@@ -809,21 +810,21 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	initPath := utils.DockerInitPath("")
 	if initPath == "" {
 		// if that fails, we'll just return the path from the runtime
-		initPath = srv.runtime.sysInitPath
+		initPath = srv.runtime.SystemInitPath()
 	}
 
 	v := &engine.Env{}
 	v.SetInt("Containers", len(srv.runtime.List()))
 	v.SetInt("Images", imgcount)
-	v.Set("Driver", srv.runtime.driver.String())
-	v.SetJson("DriverStatus", srv.runtime.driver.Status())
-	v.SetBool("MemoryLimit", srv.runtime.sysInfo.MemoryLimit)
-	v.SetBool("SwapLimit", srv.runtime.sysInfo.SwapLimit)
-	v.SetBool("IPv4Forwarding", !srv.runtime.sysInfo.IPv4ForwardingDisabled)
+	v.Set("Driver", srv.runtime.GraphDriver().String())
+	v.SetJson("DriverStatus", srv.runtime.GraphDriver().Status())
+	v.SetBool("MemoryLimit", srv.runtime.SystemConfig().MemoryLimit)
+	v.SetBool("SwapLimit", srv.runtime.SystemConfig().SwapLimit)
+	v.SetBool("IPv4Forwarding", !srv.runtime.SystemConfig().IPv4ForwardingDisabled)
 	v.SetBool("Debug", os.Getenv("DEBUG") != "")
 	v.SetInt("NFd", utils.GetTotalUsedFds())
-	v.SetInt("NGoroutines", runtime.NumGoroutine())
-	v.Set("ExecutionDriver", srv.runtime.execDriver.Name())
+	v.SetInt("NGoroutines", goruntime.NumGoroutine())
+	v.Set("ExecutionDriver", srv.runtime.ExecutionDriver().Name())
 	v.SetInt("NEventsListener", len(srv.listeners))
 	v.Set("KernelVersion", kernelVersion)
 	v.Set("IndexServerAddress", auth.IndexServerAddress())
@@ -840,13 +841,13 @@ func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
 		return job.Errorf("Usage: %s IMAGE", job.Name)
 	}
 	name := job.Args[0]
-	foundImage, err := srv.runtime.repositories.LookupImage(name)
+	foundImage, err := srv.runtime.Repositories().LookupImage(name)
 	if err != nil {
 		return job.Error(err)
 	}
 
 	lookupMap := make(map[string][]string)
-	for name, repository := range srv.runtime.repositories.Repositories {
+	for name, repository := range srv.runtime.Repositories().Repositories {
 		for tag, id := range repository {
 			// If the ID already has a reverse lookup, do not update it unless for "latest"
 			if _, exists := lookupMap[id]; !exists {
@@ -891,7 +892,7 @@ func (srv *Server) ContainerTop(job *engine.Job) engine.Status {
 		if !container.State.IsRunning() {
 			return job.Errorf("Container %s is not running", name)
 		}
-		pids, err := srv.runtime.execDriver.GetPidsForContainer(container.ID)
+		pids, err := srv.runtime.ExecutionDriver().GetPidsForContainer(container.ID)
 		if err != nil {
 			return job.Error(err)
 		}
@@ -984,7 +985,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 	outs := engine.NewTable("Created", 0)
 
 	names := map[string][]string{}
-	srv.runtime.containerGraph.Walk("/", func(p string, e *graphdb.Entity) error {
+	srv.runtime.ContainerGraph().Walk("/", func(p string, e *graphdb.Entity) error {
 		names[e.ID()] = append(names[e.ID()], p)
 		return nil
 	}, -1)
@@ -1009,7 +1010,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		out := &engine.Env{}
 		out.Set("Id", container.ID)
 		out.SetList("Names", names[container.ID])
-		out.Set("Image", srv.runtime.repositories.ImageName(container.Image))
+		out.Set("Image", srv.runtime.Repositories().ImageName(container.Image))
 		if len(container.Args) > 0 {
 			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, strings.Join(container.Args, " ")))
 		} else {
@@ -1067,7 +1068,7 @@ func (srv *Server) ImageTag(job *engine.Job) engine.Status {
 	if len(job.Args) == 3 {
 		tag = job.Args[2]
 	}
-	if err := srv.runtime.repositories.Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
+	if err := srv.runtime.Repositories().Set(job.Args[1], tag, job.Args[0], job.GetenvBool("force")); err != nil {
 		return job.Error(err)
 	}
 	return engine.StatusOK
@@ -1092,7 +1093,7 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin
 		}
 		defer srv.poolRemove("pull", "layer:"+id)
 
-		if !srv.runtime.graph.Exists(id) {
+		if !srv.runtime.Graph().Exists(id) {
 			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
 			imgJSON, imgSize, err := r.GetRemoteImageJSON(id, endpoint, token)
 			if err != nil {
@@ -1114,7 +1115,7 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin
 				return err
 			}
 			defer layer.Close()
-			if err := srv.runtime.graph.Register(imgJSON, utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"), img); err != nil {
+			if err := srv.runtime.Graph().Register(imgJSON, utils.ProgressReader(layer, imgSize, out, sf, false, utils.TruncateID(id), "Downloading"), img); err != nil {
 				out.Write(sf.FormatProgress(utils.TruncateID(id), "Error downloading dependent layers", nil))
 				return err
 			}
@@ -1249,11 +1250,11 @@ func (srv *Server) pullRepository(r *registry.Registry, out io.Writer, localName
 		if askedTag != "" && tag != askedTag {
 			continue
 		}
-		if err := srv.runtime.repositories.Set(localName, tag, id, true); err != nil {
+		if err := srv.runtime.Repositories().Set(localName, tag, id, true); err != nil {
 			return err
 		}
 	}
-	if err := srv.runtime.repositories.Save(); err != nil {
+	if err := srv.runtime.Repositories().Save(); err != nil {
 		return err
 	}
 
@@ -1374,7 +1375,7 @@ func (srv *Server) getImageList(localRepo map[string]string) ([]string, map[stri
 
 		tagsByImage[id] = append(tagsByImage[id], tag)
 
-		for img, err := srv.runtime.graph.Get(id); img != nil; img, err = img.GetParent() {
+		for img, err := srv.runtime.Graph().Get(id); img != nil; img, err = img.GetParent() {
 			if err != nil {
 				return nil, nil, err
 			}
@@ -1481,7 +1482,7 @@ func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName
 
 func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID, ep string, token []string, sf *utils.StreamFormatter) (checksum string, err error) {
 	out = utils.NewWriteFlusher(out)
-	jsonRaw, err := ioutil.ReadFile(path.Join(srv.runtime.graph.Root, imgID, "json"))
+	jsonRaw, err := ioutil.ReadFile(path.Join(srv.runtime.Graph().Root, imgID, "json"))
 	if err != nil {
 		return "", fmt.Errorf("Cannot retrieve the path for {%s}: %s", imgID, err)
 	}
@@ -1500,7 +1501,7 @@ func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID,
 		return "", err
 	}
 
-	layerData, err := srv.runtime.graph.TempLayerArchive(imgID, archive.Uncompressed, sf, out)
+	layerData, err := srv.runtime.Graph().TempLayerArchive(imgID, archive.Uncompressed, sf, out)
 	if err != nil {
 		return "", fmt.Errorf("Failed to generate layer archive: %s", err)
 	}
@@ -1552,17 +1553,17 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 		return job.Error(err)
 	}
 
-	img, err := srv.runtime.graph.Get(localName)
+	img, err := srv.runtime.Graph().Get(localName)
 	r, err2 := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), endpoint)
 	if err2 != nil {
 		return job.Error(err2)
 	}
 
 	if err != nil {
-		reposLen := len(srv.runtime.repositories.Repositories[localName])
+		reposLen := len(srv.runtime.Repositories().Repositories[localName])
 		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
 		// If it fails, try to get the repository
-		if localRepo, exists := srv.runtime.repositories.Repositories[localName]; exists {
+		if localRepo, exists := srv.runtime.Repositories().Repositories[localName]; exists {
 			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, sf); err != nil {
 				return job.Error(err)
 			}
@@ -1618,13 +1619,13 @@ func (srv *Server) ImageImport(job *engine.Job) engine.Status {
 		defer progressReader.Close()
 		archive = progressReader
 	}
-	img, err := srv.runtime.graph.Create(archive, "", "", "Imported from "+src, "", nil, nil)
+	img, err := srv.runtime.Graph().Create(archive, "", "", "Imported from "+src, "", nil, nil)
 	if err != nil {
 		return job.Error(err)
 	}
 	// Optionally register the image at REPO/TAG
 	if repo != "" {
-		if err := srv.runtime.repositories.Set(repo, tag, img.ID, true); err != nil {
+		if err := srv.runtime.Repositories().Set(repo, tag, img.ID, true); err != nil {
 			return job.Error(err)
 		}
 	}
@@ -1643,11 +1644,11 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 	if config.Memory != 0 && config.Memory < 524288 {
 		return job.Errorf("Minimum memory limit allowed is 512k")
 	}
-	if config.Memory > 0 && !srv.runtime.sysInfo.MemoryLimit {
+	if config.Memory > 0 && !srv.runtime.SystemConfig().MemoryLimit {
 		job.Errorf("Your kernel does not support memory limit capabilities. Limitation discarded.\n")
 		config.Memory = 0
 	}
-	if config.Memory > 0 && !srv.runtime.sysInfo.SwapLimit {
+	if config.Memory > 0 && !srv.runtime.SystemConfig().SwapLimit {
 		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
 		config.MemorySwap = -1
 	}
@@ -1655,14 +1656,14 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 	if err != nil {
 		return job.Error(err)
 	}
-	if !config.NetworkDisabled && len(config.Dns) == 0 && len(srv.runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		job.Errorf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", defaultDns)
-		config.Dns = defaultDns
+	if !config.NetworkDisabled && len(config.Dns) == 0 && len(srv.runtime.Config().Dns) == 0 && utils.CheckLocalDns(resolvConf) {
+		job.Errorf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", runtime.DefaultDns)
+		config.Dns = runtime.DefaultDns
 	}
 
 	container, buildWarnings, err := srv.runtime.Create(config, name)
 	if err != nil {
-		if srv.runtime.graph.IsNotExist(err) {
+		if srv.runtime.Graph().IsNotExist(err) {
 			_, tag := utils.ParseRepositoryTag(config.Image)
 			if tag == "" {
 				tag = graph.DEFAULTTAG
@@ -1671,10 +1672,10 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 		}
 		return job.Error(err)
 	}
-	if !container.Config.NetworkDisabled && srv.runtime.sysInfo.IPv4ForwardingDisabled {
+	if !container.Config.NetworkDisabled && srv.runtime.SystemConfig().IPv4ForwardingDisabled {
 		job.Errorf("IPv4 forwarding is disabled.\n")
 	}
-	srv.LogEvent("create", container.ID, srv.runtime.repositories.ImageName(container.Image))
+	srv.LogEvent("create", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 	// FIXME: this is necessary because runtime.Create might return a nil container
 	// with a non-nil error. This should not happen! Once it's fixed we
 	// can remove this workaround.
@@ -1702,7 +1703,7 @@ func (srv *Server) ContainerRestart(job *engine.Job) engine.Status {
 		if err := container.Restart(int(t)); err != nil {
 			return job.Errorf("Cannot restart container %s: %s\n", name, err)
 		}
-		srv.LogEvent("restart", container.ID, srv.runtime.repositories.ImageName(container.Image))
+		srv.LogEvent("restart", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 	} else {
 		return job.Errorf("No such container: %s\n", name)
 	}
@@ -1724,7 +1725,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 		if container == nil {
 			return job.Errorf("No such link: %s", name)
 		}
-		name, err := getFullName(name)
+		name, err := runtime.GetFullContainerName(name)
 		if err != nil {
 			job.Error(err)
 		}
@@ -1732,21 +1733,17 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 		if parent == "/" {
 			return job.Errorf("Conflict, cannot remove the default name of the container")
 		}
-		pe := srv.runtime.containerGraph.Get(parent)
+		pe := srv.runtime.ContainerGraph().Get(parent)
 		if pe == nil {
 			return job.Errorf("Cannot get parent %s for name %s", parent, name)
 		}
 		parentContainer := srv.runtime.Get(pe.ID())
 
-		if parentContainer != nil && parentContainer.activeLinks != nil {
-			if link, exists := parentContainer.activeLinks[n]; exists {
-				link.Disable()
-			} else {
-				utils.Debugf("Could not find active link for %s", name)
-			}
+		if parentContainer != nil {
+			parentContainer.DisableLink(n)
 		}
 
-		if err := srv.runtime.containerGraph.Delete(name); err != nil {
+		if err := srv.runtime.ContainerGraph().Delete(name); err != nil {
 			return job.Error(err)
 		}
 		return engine.StatusOK
@@ -1765,13 +1762,13 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 		if err := srv.runtime.Destroy(container); err != nil {
 			return job.Errorf("Cannot destroy container %s: %s", name, err)
 		}
-		srv.LogEvent("destroy", container.ID, srv.runtime.repositories.ImageName(container.Image))
+		srv.LogEvent("destroy", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 
 		if removeVolume {
 			var (
 				volumes     = make(map[string]struct{})
 				binds       = make(map[string]struct{})
-				usedVolumes = make(map[string]*Container)
+				usedVolumes = make(map[string]*runtime.Container)
 			)
 
 			// the volume id is always the base of the path
@@ -1780,7 +1777,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 			}
 
 			// populate bind map so that they can be skipped and not removed
-			for _, bind := range container.hostConfig.Binds {
+			for _, bind := range container.HostConfig().Binds {
 				source := strings.Split(bind, ":")[0]
 				// TODO: refactor all volume stuff, all of it
 				// this is very important that we eval the link
@@ -1819,7 +1816,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 					log.Printf("The volume %s is used by the container %s. Impossible to remove it. Skipping.\n", volumeId, c.ID)
 					continue
 				}
-				if err := srv.runtime.volumes.Delete(volumeId); err != nil {
+				if err := srv.runtime.Volumes().Delete(volumeId); err != nil {
 					return job.Errorf("Error calling volumes.Delete(%q): %v", volumeId, err)
 				}
 			}
@@ -1841,9 +1838,9 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 		tag = graph.DEFAULTTAG
 	}
 
-	img, err := srv.runtime.repositories.LookupImage(name)
+	img, err := srv.runtime.Repositories().LookupImage(name)
 	if err != nil {
-		if r, _ := srv.runtime.repositories.Get(repoName); r != nil {
+		if r, _ := srv.runtime.Repositories().Get(repoName); r != nil {
 			return fmt.Errorf("No such image: %s:%s", repoName, tag)
 		}
 		return fmt.Errorf("No such image: %s", name)
@@ -1854,14 +1851,14 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 		tag = ""
 	}
 
-	byParents, err := srv.runtime.graph.ByParent()
+	byParents, err := srv.runtime.Graph().ByParent()
 	if err != nil {
 		return err
 	}
 
 	//If delete by id, see if the id belong only to one repository
 	if repoName == "" {
-		for _, repoAndTag := range srv.runtime.repositories.ByID()[img.ID] {
+		for _, repoAndTag := range srv.runtime.Repositories().ByID()[img.ID] {
 			parsedRepo, parsedTag := utils.ParseRepositoryTag(repoAndTag)
 			if repoName == "" || repoName == parsedRepo {
 				repoName = parsedRepo
@@ -1884,7 +1881,7 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 
 	//Untag the current image
 	for _, tag := range tags {
-		tagDeleted, err := srv.runtime.repositories.Delete(repoName, tag)
+		tagDeleted, err := srv.runtime.Repositories().Delete(repoName, tag)
 		if err != nil {
 			return err
 		}
@@ -1895,16 +1892,16 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 			srv.LogEvent("untag", img.ID, "")
 		}
 	}
-	tags = srv.runtime.repositories.ByID()[img.ID]
+	tags = srv.runtime.Repositories().ByID()[img.ID]
 	if (len(tags) <= 1 && repoName == "") || len(tags) == 0 {
 		if len(byParents[img.ID]) == 0 {
 			if err := srv.canDeleteImage(img.ID); err != nil {
 				return err
 			}
-			if err := srv.runtime.repositories.DeleteAll(img.ID); err != nil {
+			if err := srv.runtime.Repositories().DeleteAll(img.ID); err != nil {
 				return err
 			}
-			if err := srv.runtime.graph.Delete(img.ID); err != nil {
+			if err := srv.runtime.Graph().Delete(img.ID); err != nil {
 				return err
 			}
 			out := &engine.Env{}
@@ -1943,7 +1940,7 @@ func (srv *Server) ImageDelete(job *engine.Job) engine.Status {
 
 func (srv *Server) canDeleteImage(imgID string) error {
 	for _, container := range srv.runtime.List() {
-		parent, err := srv.runtime.repositories.LookupImage(container.Image)
+		parent, err := srv.runtime.Repositories().LookupImage(container.Image)
 		if err != nil {
 			return err
 		}
@@ -1963,7 +1960,7 @@ func (srv *Server) canDeleteImage(imgID string) error {
 func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) {
 
 	// Retrieve all images
-	images, err := srv.runtime.graph.Map()
+	images, err := srv.runtime.Graph().Map()
 	if err != nil {
 		return nil, err
 	}
@@ -1980,7 +1977,7 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*imag
 	// Loop on the children of the given image and check the config
 	var match *image.Image
 	for elem := range imageMap[imgID] {
-		img, err := srv.runtime.graph.Get(elem)
+		img, err := srv.runtime.Graph().Get(elem)
 		if err != nil {
 			return nil, err
 		}
@@ -1993,7 +1990,7 @@ func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*imag
 	return match, nil
 }
 
-func (srv *Server) RegisterLinks(container *Container, hostConfig *runconfig.HostConfig) error {
+func (srv *Server) RegisterLinks(container *runtime.Container, hostConfig *runconfig.HostConfig) error {
 	runtime := srv.runtime
 
 	if hostConfig != nil && hostConfig.Links != nil {
@@ -2017,7 +2014,7 @@ func (srv *Server) RegisterLinks(container *Container, hostConfig *runconfig.Hos
 		// After we load all the links into the runtime
 		// set them to nil on the hostconfig
 		hostConfig.Links = nil
-		if err := container.writeHostConfig(); err != nil {
+		if err := container.WriteHostConfig(); err != nil {
 			return err
 		}
 	}
@@ -2065,13 +2062,13 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
 		if err := srv.RegisterLinks(container, hostConfig); err != nil {
 			return job.Error(err)
 		}
-		container.hostConfig = hostConfig
+		container.SetHostConfig(hostConfig)
 		container.ToDisk()
 	}
 	if err := container.Start(); err != nil {
 		return job.Errorf("Cannot start container %s: %s", name, err)
 	}
-	srv.LogEvent("start", container.ID, runtime.repositories.ImageName(container.Image))
+	srv.LogEvent("start", container.ID, runtime.Repositories().ImageName(container.Image))
 
 	return engine.StatusOK
 }
@@ -2091,7 +2088,7 @@ func (srv *Server) ContainerStop(job *engine.Job) engine.Status {
 		if err := container.Stop(int(t)); err != nil {
 			return job.Errorf("Cannot stop container %s: %s\n", name, err)
 		}
-		srv.LogEvent("stop", container.ID, srv.runtime.repositories.ImageName(container.Image))
+		srv.LogEvent("stop", container.ID, srv.runtime.Repositories().ImageName(container.Image))
 	} else {
 		return job.Errorf("No such container: %s\n", name)
 	}
@@ -2237,7 +2234,7 @@ func (srv *Server) ContainerAttach(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) ContainerInspect(name string) (*Container, error) {
+func (srv *Server) ContainerInspect(name string) (*runtime.Container, error) {
 	if container := srv.runtime.Get(name); container != nil {
 		return container, nil
 	}
@@ -2245,7 +2242,7 @@ func (srv *Server) ContainerInspect(name string) (*Container, error) {
 }
 
 func (srv *Server) ImageInspect(name string) (*image.Image, error) {
-	if image, err := srv.runtime.repositories.LookupImage(name); err == nil && image != nil {
+	if image, err := srv.runtime.Repositories().LookupImage(name); err == nil && image != nil {
 		return image, nil
 	}
 	return nil, fmt.Errorf("No such image: %s", name)
@@ -2280,9 +2277,9 @@ func (srv *Server) JobInspect(job *engine.Job) engine.Status {
 			return job.Error(errContainer)
 		}
 		object = &struct {
-			*Container
+			*runtime.Container
 			HostConfig *runconfig.HostConfig
-		}{container, container.hostConfig}
+		}{container, container.HostConfig()}
 	default:
 		return job.Errorf("Unknown kind: %s", kind)
 	}
@@ -2322,7 +2319,7 @@ func (srv *Server) ContainerCopy(job *engine.Job) engine.Status {
 }
 
 func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error) {
-	runtime, err := NewRuntime(config, eng)
+	runtime, err := runtime.NewRuntime(config, eng)
 	if err != nil {
 		return nil, err
 	}
@@ -2335,7 +2332,7 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error)
 		listeners:   make(map[string]chan utils.JSONMessage),
 		running:     true,
 	}
-	runtime.srv = srv
+	runtime.SetServer(srv)
 	return srv, nil
 }
 
@@ -2403,7 +2400,7 @@ func (srv *Server) Close() error {
 
 type Server struct {
 	sync.RWMutex
-	runtime     *Runtime
+	runtime     *runtime.Runtime
 	pullingPool map[string]chan struct{}
 	pushingPool map[string]chan struct{}
 	events      []utils.JSONMessage
diff --git a/utils.go b/utils.go
index ef666b0de1..0fda006860 100644
--- a/utils.go
+++ b/utils.go
@@ -2,9 +2,6 @@ package docker
 
 import (
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/pkg/namesgenerator"
-	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -12,45 +9,8 @@ type Change struct {
 	archive.Change
 }
 
-func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostConfig) error {
-	if config.PortSpecs != nil {
-		ports, bindings, err := nat.ParsePortSpecs(config.PortSpecs)
-		if err != nil {
-			return err
-		}
-		config.PortSpecs = nil
-		if len(bindings) > 0 {
-			if hostConfig == nil {
-				hostConfig = &runconfig.HostConfig{}
-			}
-			hostConfig.PortBindings = bindings
-		}
-
-		if config.ExposedPorts == nil {
-			config.ExposedPorts = make(nat.PortSet, len(ports))
-		}
-		for k, v := range ports {
-			config.ExposedPorts[k] = v
-		}
-	}
-	return nil
-}
-
 // Links come in the format of
 // name:alias
 func parseLink(rawLink string) (map[string]string, error) {
 	return utils.PartParser("name:alias", rawLink)
 }
-
-type checker struct {
-	runtime *Runtime
-}
-
-func (c *checker) Exists(name string) bool {
-	return c.runtime.containerGraph.Exists("/" + name)
-}
-
-// Generate a random and unique name
-func generateRandomName(runtime *Runtime) (string, error) {
-	return namesgenerator.GenerateRandomName(&checker{runtime})
-}

From 47edf3e8bf759270c243711eaed1faa1d4d61f35 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Sun, 9 Mar 2014 23:16:15 -0700
Subject: [PATCH 029/384] Add IsRunning to server interface
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/server.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/runtime/server.go b/runtime/server.go
index 0d2b71dea7..a74c4d1200 100644
--- a/runtime/server.go
+++ b/runtime/server.go
@@ -6,4 +6,5 @@ import (
 
 type Server interface {
 	LogEvent(action, id, from string) *utils.JSONMessage
+	IsRunning() bool // returns true if the server is currently in operation
 }

From 50082f792be22b97dcc79afe666289ecefbc3864 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sun, 9 Mar 2014 23:16:42 -0600
Subject: [PATCH 030/384] Fix a few packaging bugs, including and especially a
 temporary patch to our upstart script to mount cgroups properly

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 .../init/{sysvinit => sysvinit-debian}/docker |  42 ++++--
 contrib/init/sysvinit-debian/docker.default   |  13 ++
 contrib/init/upstart/docker.conf              |  13 +-
 hack/make/ubuntu                              | 131 +++++++++---------
 4 files changed, 123 insertions(+), 76 deletions(-)
 rename contrib/init/{sysvinit => sysvinit-debian}/docker (61%)
 create mode 100644 contrib/init/sysvinit-debian/docker.default

diff --git a/contrib/init/sysvinit/docker b/contrib/init/sysvinit-debian/docker
similarity index 61%
rename from contrib/init/sysvinit/docker
rename to contrib/init/sysvinit-debian/docker
index 2d79c4d4c0..510683a459 100755
--- a/contrib/init/sysvinit/docker
+++ b/contrib/init/sysvinit-debian/docker
@@ -14,13 +14,15 @@
 #  VMs, bare metal, OpenStack clusters, public clouds and more.
 ### END INIT INFO
 
+export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
 BASE=$(basename $0)
 
+# modify these in /etc/default/$BASE (/etc/default/docker)
 DOCKER=/usr/bin/$BASE
 DOCKER_PIDFILE=/var/run/$BASE.pid
 DOCKER_OPTS=
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+DOCKER_DESC="Docker"
 
 # Get lsb functions
 . /lib/lsb/init-functions
@@ -30,8 +32,8 @@ if [ -f /etc/default/$BASE ]; then
 fi
 
 # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it)
-if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | /bin/grep -q upstart; then
-	log_failure_msg "Docker is managed via upstart, try using service $BASE $1"
+if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then
+	log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1"
 	exit 1
 fi
 
@@ -43,7 +45,7 @@ fi
 
 fail_unless_root() {
 	if [ "$(id -u)" != '0' ]; then
-		log_failure_msg "Docker must be run as root"
+		log_failure_msg "$DOCKER_DESC must be run as root"
 		exit 1
 	fi
 }
@@ -51,21 +53,37 @@ fail_unless_root() {
 case "$1" in
 	start)
 		fail_unless_root
-		log_begin_msg "Starting Docker: $BASE"
-		mount | grep cgroup >/dev/null || mount -t cgroup none /sys/fs/cgroup 2>/dev/null
+
+		if ! grep -q cgroup /proc/mounts; then
+			# rough approximation of cgroupfs-mount
+			mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+			for sys in $(cut -d'	' -f1 /proc/cgroups); do
+				mkdir -p /sys/fs/cgroup/$sys
+				if ! mount -n -t cgroup -o $sys cgroup /sys/fs/cgroup/$sys 2>/dev/null; then
+					rmdir /sys/fs/cgroup/$sys 2>/dev/null || true
+				fi
+			done
+		fi
+
+		touch /var/log/docker.log
+		chgrp docker /var/log/docker.log
+
+		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		start-stop-daemon --start --background \
+			--no-close \
 			--exec "$DOCKER" \
 			--pidfile "$DOCKER_PIDFILE" \
-			-- -d -p "$DOCKER_PIDFILE" \
-			$DOCKER_OPTS
+			-- \
+				-d -p "$DOCKER_PIDFILE" \
+				$DOCKER_OPTS \
+					> /var/log/docker.log 2>&1
 		log_end_msg $?
 		;;
 
 	stop)
 		fail_unless_root
-		log_begin_msg "Stopping Docker: $BASE"
-		start-stop-daemon --stop \
-			--pidfile "$DOCKER_PIDFILE"
+		log_begin_msg "Stopping $DOCKER_DESC: $BASE"
+		start-stop-daemon --stop --pidfile "$DOCKER_PIDFILE"
 		log_end_msg $?
 		;;
 
diff --git a/contrib/init/sysvinit-debian/docker.default b/contrib/init/sysvinit-debian/docker.default
new file mode 100644
index 0000000000..d5110b5e2f
--- /dev/null
+++ b/contrib/init/sysvinit-debian/docker.default
@@ -0,0 +1,13 @@
+# Docker Upstart and SysVinit configuration file
+
+# Customize location of Docker binary (especially for development testing).
+#DOCKER="/usr/local/bin/docker"
+
+# Use DOCKER_OPTS to modify the daemon startup options.
+#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"
+
+# If you need Docker to use an HTTP proxy, it can also be specified here.
+#export http_proxy="http://127.0.0.1:3128/"
+
+# This is also a handy place to tweak where Docker's temporary files go.
+#export TMPDIR="/mnt/bigdrive/docker-tmp"
diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf
index ee8a447c27..e2cc4536e1 100644
--- a/contrib/init/upstart/docker.conf
+++ b/contrib/init/upstart/docker.conf
@@ -1,15 +1,26 @@
 description "Docker daemon"
 
-start on filesystem and started lxc-net
+start on filesystem
 stop on runlevel [!2345]
 
 respawn
 
 script
+	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
 	DOCKER=/usr/bin/$UPSTART_JOB
 	DOCKER_OPTS=
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
+	if ! grep -q cgroup /proc/mounts; then
+		# rough approximation of cgroupfs-mount
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+		for sys in $(cut -d'	' -f1 /proc/cgroups); do
+			mkdir -p /sys/fs/cgroup/$sys
+			if ! mount -n -t cgroup -o $sys cgroup /sys/fs/cgroup/$sys 2>/dev/null; then
+				rmdir /sys/fs/cgroup/$sys 2>/dev/null || true
+			fi
+		done
+	fi
 	"$DOCKER" -d $DOCKER_OPTS
 end script
diff --git a/hack/make/ubuntu b/hack/make/ubuntu
index 602d4ac1ad..ebc12f27ec 100644
--- a/hack/make/ubuntu
+++ b/hack/make/ubuntu
@@ -29,42 +29,36 @@ bundle_ubuntu() {
 	cp contrib/udev/80-docker.rules $DIR/etc/udev/rules.d/
 
 	# Include our init scripts
-	mkdir -p $DIR/etc
-	cp -R contrib/init/upstart $DIR/etc/init
-	cp -R contrib/init/sysvinit $DIR/etc/init.d
-	mkdir -p $DIR/lib/systemd
-	cp -R contrib/init/systemd $DIR/lib/systemd/system
-
+	mkdir -p $DIR/etc/init
+	cp contrib/init/upstart/docker.conf $DIR/etc/init/
+	mkdir -p $DIR/etc/init.d
+	cp contrib/init/sysvinit-debian/docker $DIR/etc/init.d/
 	mkdir -p $DIR/etc/default
-	cat > $DIR/etc/default/docker <<'EOF'
-# Docker Upstart and SysVinit configuration file
-
-# Customize location of Docker binary (especially for development testing).
-#DOCKER="/usr/local/bin/docker"
-
-# Use DOCKER_OPTS to modify the daemon startup options.
-#DOCKER_OPTS="-dns 8.8.8.8"
-
-# If you need Docker to use an HTTP proxy, it can also be specified here.
-#export http_proxy=http://127.0.0.1:3128/
-EOF
+	cp contrib/init/sysvinit-debian/docker.default $DIR/etc/default/docker
+	mkdir -p $DIR/lib/systemd/system
+	cp contrib/init/systemd/docker.service $DIR/lib/systemd/system/
 
 	# Copy the binary
 	# This will fail if the binary bundle hasn't been built
 	mkdir -p $DIR/usr/bin
-	# Copy the binary
-	# This will fail if the binary bundle hasn't been built
 	cp $DEST/../binary/docker-$VERSION $DIR/usr/bin/docker
 
 	# Generate postinst/prerm/postrm scripts
-	cat > /tmp/postinst <<'EOF'
+	cat > $DEST/postinst <<'EOF'
 #!/bin/sh
 set -e
 set -u
 
-getent group docker > /dev/null || groupadd --system docker || true
+if [ "$1" = 'configure' ] && [ -z "$2" ]; then
+	if ! getent group docker > /dev/null; then
+		groupadd --system docker
+	fi
+fi
 
-update-rc.d docker defaults > /dev/null || true
+if ! { [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; }; then
+	# we only need to do this if upstart isn't in charge
+	update-rc.d docker defaults > /dev/null || true
+fi
 if [ -n "$2" ]; then
 	_dh_action=restart
 else
@@ -74,7 +68,7 @@ service docker $_dh_action 2>/dev/null || true
 
 #DEBHELPER#
 EOF
-	cat > /tmp/prerm <<'EOF'
+	cat > $DEST/prerm <<'EOF'
 #!/bin/sh
 set -e
 set -u
@@ -83,7 +77,7 @@ service docker stop 2>/dev/null || true
 
 #DEBHELPER#
 EOF
-	cat > /tmp/postrm <<'EOF'
+	cat > $DEST/postrm <<'EOF'
 #!/bin/sh
 set -e
 set -u
@@ -101,50 +95,61 @@ fi
 #DEBHELPER#
 EOF
 	# TODO swaths of these were borrowed from debhelper's auto-inserted stuff, because we're still using fpm - we need to use debhelper instead, and somehow reconcile Ubuntu that way
-	chmod +x /tmp/postinst /tmp/prerm
+	chmod +x $DEST/postinst $DEST/prerm $DEST/postrm
 
 	(
+		# switch directories so we create *.deb in the right folder
 		cd $DEST
+
+		# create lxc-docker-VERSION package
 		fpm -s dir -C $DIR \
-		    --name lxc-docker-$VERSION --version $PKGVERSION \
-		    --after-install /tmp/postinst \
-		    --before-remove /tmp/prerm \
-		    --after-remove /tmp/postrm \
-		    --architecture "$PACKAGE_ARCHITECTURE" \
-		    --prefix / \
-		    --depends iptables \
-		    --deb-recommends aufs-tools \
-		    --deb-recommends ca-certificates \
-		    --deb-recommends git \
-		    --deb-recommends xz-utils \
-		    --description "$PACKAGE_DESCRIPTION" \
-		    --maintainer "$PACKAGE_MAINTAINER" \
-		    --conflicts docker \
-		    --conflicts docker.io \
-		    --conflicts lxc-docker-virtual-package \
-		    --provides lxc-docker \
-		    --provides lxc-docker-virtual-package \
-		    --replaces lxc-docker \
-		    --replaces lxc-docker-virtual-package \
-		    --url "$PACKAGE_URL" \
-		    --license "$PACKAGE_LICENSE" \
-		    --config-files /etc/udev/rules.d/80-docker.rules \
-		    --config-files /etc/init/docker.conf \
-		    --config-files /etc/init.d/docker \
-		    --config-files /etc/default/docker \
-		    --deb-compression gz \
-		    -t deb .
+			--name lxc-docker-$VERSION --version $PKGVERSION \
+			--after-install $DEST/postinst \
+			--before-remove $DEST/prerm \
+			--after-remove $DEST/postrm \
+			--architecture "$PACKAGE_ARCHITECTURE" \
+			--prefix / \
+			--depends iptables \
+			--deb-recommends aufs-tools \
+			--deb-recommends ca-certificates \
+			--deb-recommends git \
+			--deb-recommends xz-utils \
+			--deb-suggests cgroup-lite \
+			--description "$PACKAGE_DESCRIPTION" \
+			--maintainer "$PACKAGE_MAINTAINER" \
+			--conflicts docker \
+			--conflicts docker.io \
+			--conflicts lxc-docker-virtual-package \
+			--provides lxc-docker \
+			--provides lxc-docker-virtual-package \
+			--replaces lxc-docker \
+			--replaces lxc-docker-virtual-package \
+			--url "$PACKAGE_URL" \
+			--license "$PACKAGE_LICENSE" \
+			--config-files /etc/udev/rules.d/80-docker.rules \
+			--config-files /etc/init/docker.conf \
+			--config-files /etc/init.d/docker \
+			--config-files /etc/default/docker \
+			--deb-compression gz \
+			-t deb .
+		# TODO replace "Suggests: cgroup-lite" with "Recommends: cgroupfs-mount | cgroup-lite" once cgroupfs-mount is available
+
+		# create empty lxc-docker wrapper package
 		fpm -s empty \
-		    --name lxc-docker --version $PKGVERSION \
-		    --architecture "$PACKAGE_ARCHITECTURE" \
-		    --depends lxc-docker-$VERSION \
-		    --description "$PACKAGE_DESCRIPTION" \
-		    --maintainer "$PACKAGE_MAINTAINER" \
-		    --url "$PACKAGE_URL" \
-		    --license "$PACKAGE_LICENSE" \
-		    --deb-compression gz \
-		    -t deb
+			--name lxc-docker --version $PKGVERSION \
+			--architecture "$PACKAGE_ARCHITECTURE" \
+			--depends lxc-docker-$VERSION \
+			--description "$PACKAGE_DESCRIPTION" \
+			--maintainer "$PACKAGE_MAINTAINER" \
+			--url "$PACKAGE_URL" \
+			--license "$PACKAGE_LICENSE" \
+			--deb-compression gz \
+			-t deb
 	)
+
+	# clean up after ourselves so we have a clean output directory
+	rm $DEST/postinst $DEST/prerm $DEST/postrm
+	rm -r $DIR
 }
 
 bundle_ubuntu

From 3e4d0857bf560296801e68b1b218654954c952e9 Mon Sep 17 00:00:00 2001
From: Andy Rothfusz <github@developersupport.net>
Date: Mon, 10 Mar 2014 12:48:07 -0700
Subject: [PATCH 031/384] Removing myself from doc maintainers due to other
 obligations eliminating time to maintain docs.

Docker-DCO-1.1-Signed-off-by: Andy Rothfusz <github@developersupport.net> (github: metalivedev)
---
 docs/MAINTAINERS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/MAINTAINERS b/docs/MAINTAINERS
index e816670419..52505fab00 100644
--- a/docs/MAINTAINERS
+++ b/docs/MAINTAINERS
@@ -1,3 +1,2 @@
-Andy Rothfusz <andy@dotcloud.com> (@metalivedev)
 James Turnbull <james@lovedthanlost.net> (@jamtur01)
 Sven Dowideit <SvenDowideit@fosiki.com> (@SvenDowideit)

From 0ebf5d0ab3a3999a7e2efe619ef194ff3817e3a3 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 10 Mar 2014 20:24:15 +0000
Subject: [PATCH 032/384] move a unit test file

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 commands_unit_test.go    | 160 ---------------------------------------
 runconfig/config_test.go | 154 +++++++++++++++++++++++++++++++++++++
 2 files changed, 154 insertions(+), 160 deletions(-)
 delete mode 100644 commands_unit_test.go

diff --git a/commands_unit_test.go b/commands_unit_test.go
deleted file mode 100644
index 60d8d60398..0000000000
--- a/commands_unit_test.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package docker
-
-import (
-	"github.com/dotcloud/docker/runconfig"
-	"strings"
-	"testing"
-)
-
-func parse(t *testing.T, args string) (*runconfig.Config, *runconfig.HostConfig, error) {
-	config, hostConfig, _, err := runconfig.Parse(strings.Split(args+" ubuntu bash", " "), nil)
-	return config, hostConfig, err
-}
-
-func mustParse(t *testing.T, args string) (*runconfig.Config, *runconfig.HostConfig) {
-	config, hostConfig, err := parse(t, args)
-	if err != nil {
-		t.Fatal(err)
-	}
-	return config, hostConfig
-}
-
-func TestParseRunLinks(t *testing.T) {
-	if _, hostConfig := mustParse(t, "-link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
-		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
-	}
-	if _, hostConfig := mustParse(t, "-link a:b -link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
-		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
-	}
-	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
-		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
-	}
-
-	if _, _, err := parse(t, "-link a"); err == nil {
-		t.Fatalf("Error parsing links. `-link a` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-link"); err == nil {
-		t.Fatalf("Error parsing links. `-link` should be an error but is not")
-	}
-}
-
-func TestParseRunAttach(t *testing.T) {
-	if config, _ := mustParse(t, "-a stdin"); !config.AttachStdin || config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-a stdin -a stdout"); !config.AttachStdin || !config.AttachStdout || config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect only Stdin and Stdout enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, "-a stdin -a stdout -a stderr"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect all attach enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-	if config, _ := mustParse(t, ""); config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
-		t.Fatalf("Error parsing attach flags. Expect Stdin disabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
-	}
-
-	if _, _, err := parse(t, "-a"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a invalid"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a invalid` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a invalid -a stdout"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -a invalid` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdout -a stderr -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -a stderr -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdin -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdin -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stdout -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stdout -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-a stderr -d"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-a stderr -d` should be an error but is not")
-	}
-	if _, _, err := parse(t, "-d -rm"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-d -rm` should be an error but is not")
-	}
-}
-
-func TestParseRunVolumes(t *testing.T) {
-	if config, hostConfig := mustParse(t, "-v /tmp"); hostConfig.Binds != nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp` should not mount-bind anything. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/tmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, "-v /tmp -v /var"); hostConfig.Binds != nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp -v /var` should not mount-bind anything. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/tmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Recevied %v", config.Volumes)
-	} else if _, exists := config.Volumes["/var"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /var` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp" {
-		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp` should mount-bind /hostTmp into /containeTmp. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp -v /hostVar:/containerVar"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp" || hostConfig.Binds[1] != "/hostVar:/containerVar" {
-		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp -v /hostVar:/containerVar` should mount-bind /hostTmp into /containeTmp and /hostVar into /hostContainer. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
-	} else if _, exists := config.Volumes["/containerVar"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp:ro -v /hostVar:/containerVar:rw"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp:ro" || hostConfig.Binds[1] != "/hostVar:/containerVar:rw" {
-		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp:ro -v /hostVar:/containerVar:rw` should mount-bind /hostTmp into /containeTmp and /hostVar into /hostContainer. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
-	} else if _, exists := config.Volumes["/containerVar"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp -v /containerVar"); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != "/hostTmp:/containerTmp" {
-		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp -v /containerVar` should mount-bind only /hostTmp into /containeTmp. Received %v", hostConfig.Binds)
-	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
-	} else if _, exists := config.Volumes["/containerVar"]; !exists {
-		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
-	}
-
-	if config, hostConfig := mustParse(t, ""); hostConfig.Binds != nil {
-		t.Fatalf("Error parsing volume flags, without volume, nothing should be mount-binded. Received %v", hostConfig.Binds)
-	} else if len(config.Volumes) != 0 {
-		t.Fatalf("Error parsing volume flags, without volume, no volume should be present. Received %v", config.Volumes)
-	}
-
-	if _, _, err := parse(t, "-v /"); err == nil {
-		t.Fatalf("Expected error, but got none")
-	}
-
-	if _, _, err := parse(t, "-v /:/"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v /:/` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v /tmp:"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp:` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v /tmp:ro"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp:ro` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v /tmp::"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp::` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v :"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v :` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v ::"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v ::` should fail but didn't")
-	}
-	if _, _, err := parse(t, "-v /tmp:/tmp:/tmp:/tmp"); err == nil {
-		t.Fatalf("Error parsing volume flags, `-v /tmp:/tmp:/tmp:/tmp` should fail but didn't")
-	}
-}
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 3ef31491fc..40d53fa2f4 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -2,9 +2,163 @@ package runconfig
 
 import (
 	"github.com/dotcloud/docker/nat"
+	"strings"
 	"testing"
 )
 
+func parse(t *testing.T, args string) (*Config, *HostConfig, error) {
+	config, hostConfig, _, err := Parse(strings.Split(args+" ubuntu bash", " "), nil)
+	return config, hostConfig, err
+}
+
+func mustParse(t *testing.T, args string) (*Config, *HostConfig) {
+	config, hostConfig, err := parse(t, args)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return config, hostConfig
+}
+
+func TestParseRunLinks(t *testing.T) {
+	if _, hostConfig := mustParse(t, "-link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
+		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
+	}
+	if _, hostConfig := mustParse(t, "-link a:b -link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
+		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
+	}
+	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
+		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
+	}
+
+	if _, _, err := parse(t, "-link a"); err == nil {
+		t.Fatalf("Error parsing links. `-link a` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-link"); err == nil {
+		t.Fatalf("Error parsing links. `-link` should be an error but is not")
+	}
+}
+
+func TestParseRunAttach(t *testing.T) {
+	if config, _ := mustParse(t, "-a stdin"); !config.AttachStdin || config.AttachStdout || config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect only Stdin enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, "-a stdin -a stdout"); !config.AttachStdin || !config.AttachStdout || config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect only Stdin and Stdout enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, "-a stdin -a stdout -a stderr"); !config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect all attach enabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+	if config, _ := mustParse(t, ""); config.AttachStdin || !config.AttachStdout || !config.AttachStderr {
+		t.Fatalf("Error parsing attach flags. Expect Stdin disabled. Received: in: %v, out: %v, err: %v", config.AttachStdin, config.AttachStdout, config.AttachStderr)
+	}
+
+	if _, _, err := parse(t, "-a"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a invalid"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a invalid` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a invalid -a stdout"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -a invalid` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdout -a stderr -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -a stderr -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdin -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdin -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stdout -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stdout -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-a stderr -d"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-a stderr -d` should be an error but is not")
+	}
+	if _, _, err := parse(t, "-d -rm"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-d -rm` should be an error but is not")
+	}
+}
+
+func TestParseRunVolumes(t *testing.T) {
+	if config, hostConfig := mustParse(t, "-v /tmp"); hostConfig.Binds != nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp` should not mount-bind anything. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/tmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, "-v /tmp -v /var"); hostConfig.Binds != nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp -v /var` should not mount-bind anything. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/tmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Recevied %v", config.Volumes)
+	} else if _, exists := config.Volumes["/var"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /var` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp" {
+		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp` should mount-bind /hostTmp into /containeTmp. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /tmp` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp -v /hostVar:/containerVar"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp" || hostConfig.Binds[1] != "/hostVar:/containerVar" {
+		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp -v /hostVar:/containerVar` should mount-bind /hostTmp into /containeTmp and /hostVar into /hostContainer. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
+	} else if _, exists := config.Volumes["/containerVar"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp:ro -v /hostVar:/containerVar:rw"); hostConfig.Binds == nil || hostConfig.Binds[0] != "/hostTmp:/containerTmp:ro" || hostConfig.Binds[1] != "/hostVar:/containerVar:rw" {
+		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp:ro -v /hostVar:/containerVar:rw` should mount-bind /hostTmp into /containeTmp and /hostVar into /hostContainer. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
+	} else if _, exists := config.Volumes["/containerVar"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, "-v /hostTmp:/containerTmp -v /containerVar"); hostConfig.Binds == nil || len(hostConfig.Binds) > 1 || hostConfig.Binds[0] != "/hostTmp:/containerTmp" {
+		t.Fatalf("Error parsing volume flags, `-v /hostTmp:/containerTmp -v /containerVar` should mount-bind only /hostTmp into /containeTmp. Received %v", hostConfig.Binds)
+	} else if _, exists := config.Volumes["/containerTmp"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerTmp` is missing from volumes. Received %v", config.Volumes)
+	} else if _, exists := config.Volumes["/containerVar"]; !exists {
+		t.Fatalf("Error parsing volume flags, `-v /containerVar` is missing from volumes. Received %v", config.Volumes)
+	}
+
+	if config, hostConfig := mustParse(t, ""); hostConfig.Binds != nil {
+		t.Fatalf("Error parsing volume flags, without volume, nothing should be mount-binded. Received %v", hostConfig.Binds)
+	} else if len(config.Volumes) != 0 {
+		t.Fatalf("Error parsing volume flags, without volume, no volume should be present. Received %v", config.Volumes)
+	}
+
+	if _, _, err := parse(t, "-v /"); err == nil {
+		t.Fatalf("Expected error, but got none")
+	}
+
+	if _, _, err := parse(t, "-v /:/"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v /:/` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v /tmp:"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp:` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v /tmp:ro"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp:ro` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v /tmp::"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp::` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v :"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v :` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v ::"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v ::` should fail but didn't")
+	}
+	if _, _, err := parse(t, "-v /tmp:/tmp:/tmp:/tmp"); err == nil {
+		t.Fatalf("Error parsing volume flags, `-v /tmp:/tmp:/tmp:/tmp` should fail but didn't")
+	}
+}
+
 func TestCompare(t *testing.T) {
 	volumes1 := make(map[string]struct{})
 	volumes1["/test1"] = struct{}{}

From d648708d02134c3dc6788ad21325224d849b3b8f Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 10 Mar 2014 21:06:27 +0000
Subject: [PATCH 033/384] remove utils.go

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/opts/opts.go | 12 +-----------
 server.go        |  2 +-
 utils.go         | 16 ----------------
 3 files changed, 2 insertions(+), 28 deletions(-)
 delete mode 100644 utils.go

diff --git a/pkg/opts/opts.go b/pkg/opts/opts.go
index a1b8752bad..4f5897c796 100644
--- a/pkg/opts/opts.go
+++ b/pkg/opts/opts.go
@@ -92,22 +92,12 @@ func ValidateAttach(val string) (string, error) {
 }
 
 func ValidateLink(val string) (string, error) {
-	if _, err := parseLink(val); err != nil {
+	if _, err := utils.PartParser("name:alias", val); err != nil {
 		return val, err
 	}
 	return val, nil
 }
 
-// FIXME: this is a duplicate of docker.utils.parseLink.
-// 	it can't be moved to a separate links/ package because
-//	links depends on Container which is defined in the core.
-//
-// Links come in the format of
-// name:alias
-func parseLink(rawLink string) (map[string]string, error) {
-	return utils.PartParser("name:alias", rawLink)
-}
-
 func ValidatePath(val string) (string, error) {
 	var containerPath string
 
diff --git a/server.go b/server.go
index 85d56afdb6..52f5f14c0a 100644
--- a/server.go
+++ b/server.go
@@ -1995,7 +1995,7 @@ func (srv *Server) RegisterLinks(container *runtime.Container, hostConfig *runco
 
 	if hostConfig != nil && hostConfig.Links != nil {
 		for _, l := range hostConfig.Links {
-			parts, err := parseLink(l)
+			parts, err := utils.PartParser("name:alias", l)
 			if err != nil {
 				return err
 			}
diff --git a/utils.go b/utils.go
deleted file mode 100644
index 0fda006860..0000000000
--- a/utils.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package docker
-
-import (
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/utils"
-)
-
-type Change struct {
-	archive.Change
-}
-
-// Links come in the format of
-// name:alias
-func parseLink(rawLink string) (map[string]string, error) {
-	return utils.PartParser("name:alias", rawLink)
-}

From d7646f934a268bf071a16439880ba2bba608426e Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 10 Mar 2014 14:08:26 -0700
Subject: [PATCH 034/384] Change version to v0.9.0
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index ac39a106c4..c70836ca5c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.0
+0.9.0-dev

From fde5f573d39020476c08ed25fac0a6306f7b18cc Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 10 Mar 2014 21:10:23 +0000
Subject: [PATCH 035/384] move opts out of pkg because it's related to docker

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 docker/docker.go                | 2 +-
 {pkg/opts => opts}/opts.go      | 0
 {pkg/opts => opts}/opts_test.go | 0
 runconfig/parse.go              | 2 +-
 4 files changed, 2 insertions(+), 2 deletions(-)
 rename {pkg/opts => opts}/opts.go (100%)
 rename {pkg/opts => opts}/opts_test.go (100%)

diff --git a/docker/docker.go b/docker/docker.go
index 2aa10dbe54..b783c6da02 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -10,8 +10,8 @@ import (
 	"github.com/dotcloud/docker/builtins"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/opts"
 	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/pkg/opts"
 	"github.com/dotcloud/docker/sysinit"
 	"github.com/dotcloud/docker/utils"
 )
diff --git a/pkg/opts/opts.go b/opts/opts.go
similarity index 100%
rename from pkg/opts/opts.go
rename to opts/opts.go
diff --git a/pkg/opts/opts_test.go b/opts/opts_test.go
similarity index 100%
rename from pkg/opts/opts_test.go
rename to opts/opts_test.go
diff --git a/runconfig/parse.go b/runconfig/parse.go
index fb08c068b2..d481da8d3b 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -3,8 +3,8 @@ package runconfig
 import (
 	"fmt"
 	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/opts"
 	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/pkg/opts"
 	"github.com/dotcloud/docker/pkg/sysinfo"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"

From 6f70ed3a742162c4cf374a2c2bbd094eed3b043b Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 10 Mar 2014 21:23:29 +0000
Subject: [PATCH 036/384] remove useless lock move job to server and remove
 version.go

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 builtins/builtins.go |  1 -
 server.go            | 34 +++++++++++++++++++++++++---------
 version.go           | 32 --------------------------------
 3 files changed, 25 insertions(+), 42 deletions(-)
 delete mode 100644 version.go

diff --git a/builtins/builtins.go b/builtins/builtins.go
index 5b146cd20f..ba3f41b1ca 100644
--- a/builtins/builtins.go
+++ b/builtins/builtins.go
@@ -36,5 +36,4 @@ func remote(eng *engine.Engine) {
 func daemon(eng *engine.Engine) {
 	eng.Register("initserver", docker.InitServer)
 	eng.Register("init_networkdriver", lxc.InitDriver)
-	eng.Register("version", docker.GetVersion)
 }
diff --git a/server.go b/server.go
index 52f5f14c0a..1619a16e52 100644
--- a/server.go
+++ b/server.go
@@ -85,6 +85,7 @@ func InitServer(job *engine.Job) engine.Status {
 		"search":           srv.ImagesSearch,
 		"changes":          srv.ContainerChanges,
 		"top":              srv.ContainerTop,
+		"version":          srv.DockerVersion,
 		"load":             srv.ImageLoad,
 		"build":            srv.Build,
 		"pull":             srv.ImagePull,
@@ -836,6 +837,22 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
+func (srv *Server) DockerVersion(job *engine.Job) engine.Status {
+	v := &engine.Env{}
+	v.Set("Version", dockerversion.VERSION)
+	v.Set("GitCommit", dockerversion.GITCOMMIT)
+	v.Set("GoVersion", goruntime.Version())
+	v.Set("Os", goruntime.GOOS)
+	v.Set("Arch", goruntime.GOARCH)
+	if kernelVersion, err := utils.GetKernelVersion(); err == nil {
+		v.Set("KernelVersion", kernelVersion.String())
+	}
+	if _, err := v.WriteTo(job.Stdout); err != nil {
+		return job.Error(err)
+	}
+	return engine.StatusOK
+}
+
 func (srv *Server) ImageHistory(job *engine.Job) engine.Status {
 	if n := len(job.Args); n != 1 {
 		return job.Errorf("Usage: %s IMAGE", job.Name)
@@ -2337,16 +2354,15 @@ func NewServer(eng *engine.Engine, config *daemonconfig.Config) (*Server, error)
 }
 
 func (srv *Server) HTTPRequestFactory(metaHeaders map[string][]string) *utils.HTTPRequestFactory {
-	srv.Lock()
-	defer srv.Unlock()
-	v := dockerVersion()
 	httpVersion := make([]utils.VersionInfo, 0, 4)
-	httpVersion = append(httpVersion, &simpleVersionInfo{"docker", v.Get("Version")})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"go", v.Get("GoVersion")})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", v.Get("GitCommit")})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", v.Get("KernelVersion")})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"os", v.Get("Os")})
-	httpVersion = append(httpVersion, &simpleVersionInfo{"arch", v.Get("Arch")})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"docker", dockerversion.VERSION})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"go", goruntime.Version()})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"git-commit", dockerversion.GITCOMMIT})
+	if kernelVersion, err := utils.GetKernelVersion(); err == nil {
+		httpVersion = append(httpVersion, &simpleVersionInfo{"kernel", kernelVersion.String()})
+	}
+	httpVersion = append(httpVersion, &simpleVersionInfo{"os", goruntime.GOOS})
+	httpVersion = append(httpVersion, &simpleVersionInfo{"arch", goruntime.GOARCH})
 	ud := utils.NewHTTPUserAgentDecorator(httpVersion...)
 	md := &utils.HTTPMetaHeadersDecorator{
 		Headers: metaHeaders,
diff --git a/version.go b/version.go
deleted file mode 100644
index d88def9619..0000000000
--- a/version.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package docker
-
-import (
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/utils"
-	"runtime"
-)
-
-func GetVersion(job *engine.Job) engine.Status {
-	if _, err := dockerVersion().WriteTo(job.Stdout); err != nil {
-		job.Errorf("%s", err)
-		return engine.StatusErr
-	}
-	return engine.StatusOK
-}
-
-// dockerVersion returns detailed version information in the form of a queriable
-// environment.
-func dockerVersion() *engine.Env {
-	v := &engine.Env{}
-	v.Set("Version", dockerversion.VERSION)
-	v.Set("GitCommit", dockerversion.GITCOMMIT)
-	v.Set("GoVersion", runtime.Version())
-	v.Set("Os", runtime.GOOS)
-	v.Set("Arch", runtime.GOARCH)
-	// FIXME:utils.GetKernelVersion should only be needed here
-	if kernelVersion, err := utils.GetKernelVersion(); err == nil {
-		v.Set("KernelVersion", kernelVersion.String())
-	}
-	return v
-}

From 802407a099705a91017fbaa1b6820f145f580d86 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 13:21:30 -0700
Subject: [PATCH 037/384] Update vendor for kr/pty

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
---
 vendor/src/github.com/kr/pty/doc.go           |  5 ++
 vendor/src/github.com/kr/pty/pty_freebsd.go   | 53 +++++++++++++++++++
 .../src/github.com/kr/pty/pty_unsupported.go  | 27 ++++++++++
 3 files changed, 85 insertions(+)
 create mode 100644 vendor/src/github.com/kr/pty/pty_freebsd.go
 create mode 100644 vendor/src/github.com/kr/pty/pty_unsupported.go

diff --git a/vendor/src/github.com/kr/pty/doc.go b/vendor/src/github.com/kr/pty/doc.go
index 491c060b28..190cfbea92 100644
--- a/vendor/src/github.com/kr/pty/doc.go
+++ b/vendor/src/github.com/kr/pty/doc.go
@@ -2,9 +2,14 @@
 package pty
 
 import (
+	"errors"
 	"os"
 )
 
+// ErrUnsupported is returned if a function is not
+// available on the current platform.
+var ErrUnsupported = errors.New("unsupported")
+
 // Opens a pty and its corresponding tty.
 func Open() (pty, tty *os.File, err error) {
 	return open()
diff --git a/vendor/src/github.com/kr/pty/pty_freebsd.go b/vendor/src/github.com/kr/pty/pty_freebsd.go
new file mode 100644
index 0000000000..13b64d722e
--- /dev/null
+++ b/vendor/src/github.com/kr/pty/pty_freebsd.go
@@ -0,0 +1,53 @@
+package pty
+
+import (
+	"os"
+	"strconv"
+	"syscall"
+	"unsafe"
+)
+
+const (
+	sys_TIOCGPTN   = 0x4004740F
+	sys_TIOCSPTLCK = 0x40045431
+)
+
+func open() (pty, tty *os.File, err error) {
+	p, err := os.OpenFile("/dev/ptmx", os.O_RDWR, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	sname, err := ptsname(p)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	t, err := os.OpenFile(sname, os.O_RDWR|syscall.O_NOCTTY, 0)
+	if err != nil {
+		return nil, nil, err
+	}
+	return p, t, nil
+}
+
+func ptsname(f *os.File) (string, error) {
+	var n int
+	err := ioctl(f.Fd(), sys_TIOCGPTN, &n)
+	if err != nil {
+		return "", err
+	}
+	return "/dev/pts/" + strconv.Itoa(n), nil
+}
+
+func ioctl(fd uintptr, cmd uintptr, data *int) error {
+	_, _, e := syscall.Syscall(
+		syscall.SYS_IOCTL,
+		fd,
+		cmd,
+		uintptr(unsafe.Pointer(data)),
+	)
+	if e != 0 {
+		return syscall.ENOTTY
+	}
+	return nil
+}
diff --git a/vendor/src/github.com/kr/pty/pty_unsupported.go b/vendor/src/github.com/kr/pty/pty_unsupported.go
new file mode 100644
index 0000000000..d4958b3583
--- /dev/null
+++ b/vendor/src/github.com/kr/pty/pty_unsupported.go
@@ -0,0 +1,27 @@
+// +build !linux,!darwin,!freebsd
+
+package pty
+
+import (
+	"os"
+)
+
+func open() (pty, tty *os.File, err error) {
+	return nil, nil, ErrUnsupported
+}
+
+func ptsname(f *os.File) (string, error) {
+	return "", ErrUnsupported
+}
+
+func grantpt(f *os.File) error {
+	return ErrUnsupported
+}
+
+func unlockpt(f *os.File) error {
+	return ErrUnsupported
+}
+
+func ioctl(fd, cmd, ptr uintptr) error {
+	return ErrUnsupported
+}

From 6ccfb7fb9af207a9999c60e57d1c9486ca949a5e Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 13:25:00 -0700
Subject: [PATCH 038/384] Update bsd specs

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)
---
 Dockerfile                                            | 2 +-
 archive/{start_unsupported.go => stat_unsupported.go} | 4 ++--
 pkg/term/{termios_bsd.go => termios_freebsd.go}       | 0
 3 files changed, 3 insertions(+), 3 deletions(-)
 rename archive/{start_unsupported.go => stat_unsupported.go} (87%)
 rename pkg/term/{termios_bsd.go => termios_freebsd.go} (100%)

diff --git a/Dockerfile b/Dockerfile
index 9929a10f3c..7fad3d56a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -68,7 +68,7 @@ ENV	GOPATH	/go:/go/src/github.com/dotcloud/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
 
 # Compile Go for cross compilation
-ENV	DOCKER_CROSSPLATFORMS	linux/386 linux/arm darwin/amd64 darwin/386
+ENV	DOCKER_CROSSPLATFORMS	linux/386 linux/arm darwin/amd64 darwin/386 freebsd/amd64 freebsd/386 freebsd/arm
 # (set an explicit GOARM of 5 for maximum compatibility)
 ENV	GOARM	5
 RUN	cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'
diff --git a/archive/start_unsupported.go b/archive/stat_unsupported.go
similarity index 87%
rename from archive/start_unsupported.go
rename to archive/stat_unsupported.go
index 834eda8c65..004fa0f0a4 100644
--- a/archive/start_unsupported.go
+++ b/archive/stat_unsupported.go
@@ -5,11 +5,11 @@ package archive
 import "syscall"
 
 func getLastAccess(stat *syscall.Stat_t) syscall.Timespec {
-	return stat.Atimespec
+	return syscall.Timespec{}
 }
 
 func getLastModification(stat *syscall.Stat_t) syscall.Timespec {
-	return stat.Mtimespec
+	return syscall.Timespec{}
 }
 
 func LUtimesNano(path string, ts []syscall.Timespec) error {
diff --git a/pkg/term/termios_bsd.go b/pkg/term/termios_freebsd.go
similarity index 100%
rename from pkg/term/termios_bsd.go
rename to pkg/term/termios_freebsd.go

From 3c25302a0b9fae2c3fff9262b2ae9fa5f6f04db7 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 15:34:38 -0700
Subject: [PATCH 039/384] Update vendor.sh with new kr/pty revision

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 hack/vendor.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/vendor.sh b/hack/vendor.sh
index 184cb750a5..ac996dde12 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -39,7 +39,7 @@ clone() {
 	echo done
 }
 
-clone git github.com/kr/pty 3b1f6487b
+clone git github.com/kr/pty 98c7b80083
 
 clone git github.com/gorilla/context 708054d61e5
 

From 03211ecce07ab64f5263232e1aa3c6248530c5b4 Mon Sep 17 00:00:00 2001
From: srid <github@srid.name>
Date: Mon, 10 Mar 2014 16:50:29 -0700
Subject: [PATCH 040/384] nsinit: prefix errors with their source

Docker-DCO-1.1-Signed-off-by: Sridhar Ratnakumar <github@srid.name> (github: srid)
---
 pkg/libcontainer/nsinit/nsinit/main.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go
index 61921c59a3..916be6624e 100644
--- a/pkg/libcontainer/nsinit/nsinit/main.go
+++ b/pkg/libcontainer/nsinit/nsinit/main.go
@@ -33,11 +33,11 @@ func main() {
 	}
 	container, err := loadContainer()
 	if err != nil {
-		log.Fatal(err)
+		log.Fatalf("Unable to load container: %s", err)
 	}
 	ns, err := newNsInit()
 	if err != nil {
-		log.Fatal(err)
+		log.Fatalf("Unable to initialize nsinit: %s", err)
 	}
 
 	switch flag.Arg(0) {
@@ -46,7 +46,7 @@ func main() {
 		nspid, err := readPid()
 		if err != nil {
 			if !os.IsNotExist(err) {
-				log.Fatal(err)
+				log.Fatalf("Unable to read pid: %s", err)
 			}
 		}
 		if nspid > 0 {
@@ -56,7 +56,7 @@ func main() {
 			exitCode, err = ns.Exec(container, term, flag.Args()[1:])
 		}
 		if err != nil {
-			log.Fatal(err)
+			log.Fatalf("Failed to exec: %s", err)
 		}
 		os.Exit(exitCode)
 	case "init": // this is executed inside of the namespace to setup the container
@@ -69,10 +69,10 @@ func main() {
 		}
 		syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(pipeFd))
 		if err != nil {
-			log.Fatal(err)
+			log.Fatalf("Unable to create sync pipe: %s", err)
 		}
 		if err := ns.Init(container, cwd, console, syncPipe, flag.Args()[1:]); err != nil {
-			log.Fatal(err)
+			log.Fatalf("Unable to initialize for container: %s", err)
 		}
 	default:
 		log.Fatalf("command not supported for nsinit %s", flag.Arg(0))

From 8d88ea0c15b7ce7fd2b0b695c498a7ffa0f2bc87 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 17:16:58 -0700
Subject: [PATCH 041/384] Merge auth package within registry

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go                   | 27 +++++++++++++--------------
 api/server.go                   | 22 +++++++++++-----------
 auth/MAINTAINERS                |  3 ---
 buildfile.go                    |  7 +++----
 integration/auth_test.go        | 12 ++++++------
 {auth => registry}/auth.go      |  2 +-
 {auth => registry}/auth_test.go |  2 +-
 registry/registry.go            | 19 +++++++++----------
 registry/registry_test.go       |  5 ++---
 server.go                       | 23 +++++++++++------------
 10 files changed, 57 insertions(+), 65 deletions(-)
 delete mode 100644 auth/MAINTAINERS
 rename {auth => registry}/auth.go (99%)
 rename {auth => registry}/auth_test.go (99%)

diff --git a/api/client.go b/api/client.go
index 10075ae613..59ff17fe44 100644
--- a/api/client.go
+++ b/api/client.go
@@ -8,7 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/nat"
@@ -229,7 +228,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 
 // 'docker login': login / register a user to registry service.
 func (cli *DockerCli) CmdLogin(args ...string) error {
-	cmd := cli.Subcmd("login", "[OPTIONS] [SERVER]", "Register or Login to a docker registry server, if no server is specified \""+auth.IndexServerAddress()+"\" is the default.")
+	cmd := cli.Subcmd("login", "[OPTIONS] [SERVER]", "Register or Login to a docker registry server, if no server is specified \""+registry.IndexServerAddress()+"\" is the default.")
 
 	var username, password, email string
 
@@ -240,7 +239,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	if err != nil {
 		return nil
 	}
-	serverAddress := auth.IndexServerAddress()
+	serverAddress := registry.IndexServerAddress()
 	if len(cmd.Args()) > 0 {
 		serverAddress = cmd.Arg(0)
 	}
@@ -266,7 +265,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	cli.LoadConfigFile()
 	authconfig, ok := cli.configFile.Configs[serverAddress]
 	if !ok {
-		authconfig = auth.AuthConfig{}
+		authconfig = registry.AuthConfig{}
 	}
 
 	if username == "" {
@@ -311,7 +310,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	stream, statusCode, err := cli.call("POST", "/auth", cli.configFile.Configs[serverAddress], false)
 	if statusCode == 401 {
 		delete(cli.configFile.Configs, serverAddress)
-		auth.SaveConfig(cli.configFile)
+		registry.SaveConfig(cli.configFile)
 		return err
 	}
 	if err != nil {
@@ -320,10 +319,10 @@ func (cli *DockerCli) CmdLogin(args ...string) error {
 	var out2 engine.Env
 	err = out2.Decode(stream)
 	if err != nil {
-		cli.configFile, _ = auth.LoadConfig(os.Getenv("HOME"))
+		cli.configFile, _ = registry.LoadConfig(os.Getenv("HOME"))
 		return err
 	}
-	auth.SaveConfig(cli.configFile)
+	registry.SaveConfig(cli.configFile)
 	if out2.Get("Status") != "" {
 		fmt.Fprintf(cli.out, "%s\n", out2.Get("Status"))
 	}
@@ -1008,7 +1007,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 	// Custom repositories can have different rules, and we must also
 	// allow pushing by image ID.
 	if len(strings.SplitN(name, "/", 2)) == 1 {
-		username := cli.configFile.Configs[auth.IndexServerAddress()].Username
+		username := cli.configFile.Configs[registry.IndexServerAddress()].Username
 		if username == "" {
 			username = "<user>"
 		}
@@ -1016,7 +1015,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 	}
 
 	v := url.Values{}
-	push := func(authConfig auth.AuthConfig) error {
+	push := func(authConfig registry.AuthConfig) error {
 		buf, err := json.Marshal(authConfig)
 		if err != nil {
 			return err
@@ -1075,7 +1074,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 	v.Set("fromImage", remote)
 	v.Set("tag", *tag)
 
-	pull := func(authConfig auth.AuthConfig) error {
+	pull := func(authConfig registry.AuthConfig) error {
 		buf, err := json.Marshal(authConfig)
 		if err != nil {
 			return err
@@ -2058,8 +2057,8 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b
 	if passAuthInfo {
 		cli.LoadConfigFile()
 		// Resolve the Auth config relevant for this server
-		authConfig := cli.configFile.ResolveAuthConfig(auth.IndexServerAddress())
-		getHeaders := func(authConfig auth.AuthConfig) (map[string][]string, error) {
+		authConfig := cli.configFile.ResolveAuthConfig(registry.IndexServerAddress())
+		getHeaders := func(authConfig registry.AuthConfig) (map[string][]string, error) {
 			buf, err := json.Marshal(authConfig)
 			if err != nil {
 				return nil, err
@@ -2340,7 +2339,7 @@ func (cli *DockerCli) Subcmd(name, signature, description string) *flag.FlagSet
 }
 
 func (cli *DockerCli) LoadConfigFile() (err error) {
-	cli.configFile, err = auth.LoadConfig(os.Getenv("HOME"))
+	cli.configFile, err = registry.LoadConfig(os.Getenv("HOME"))
 	if err != nil {
 		fmt.Fprintf(cli.err, "WARNING: %s\n", err)
 	}
@@ -2422,7 +2421,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string) *Doc
 type DockerCli struct {
 	proto      string
 	addr       string
-	configFile *auth.ConfigFile
+	configFile *registry.ConfigFile
 	in         io.ReadCloser
 	out        io.Writer
 	err        io.Writer
diff --git a/api/server.go b/api/server.go
index 6fafe60f9f..048c989540 100644
--- a/api/server.go
+++ b/api/server.go
@@ -8,12 +8,12 @@ import (
 	"encoding/json"
 	"expvar"
 	"fmt"
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/pkg/listenbuffer"
 	"github.com/dotcloud/docker/pkg/systemd"
 	"github.com/dotcloud/docker/pkg/user"
 	"github.com/dotcloud/docker/pkg/version"
+	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/utils"
 	"github.com/gorilla/mux"
 	"io"
@@ -381,13 +381,13 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon
 		job   *engine.Job
 	)
 	authEncoded := r.Header.Get("X-Registry-Auth")
-	authConfig := &auth.AuthConfig{}
+	authConfig := &registry.AuthConfig{}
 	if authEncoded != "" {
 		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
 			// for a pull it is not an error if no auth was given
 			// to increase compatibility with the existing api it is defaulting to be empty
-			authConfig = &auth.AuthConfig{}
+			authConfig = &registry.AuthConfig{}
 		}
 	}
 	if image != "" { //pull
@@ -429,7 +429,7 @@ func getImagesSearch(eng *engine.Engine, version version.Version, w http.Respons
 	}
 	var (
 		authEncoded = r.Header.Get("X-Registry-Auth")
-		authConfig  = &auth.AuthConfig{}
+		authConfig  = &registry.AuthConfig{}
 		metaHeaders = map[string][]string{}
 	)
 
@@ -438,7 +438,7 @@ func getImagesSearch(eng *engine.Engine, version version.Version, w http.Respons
 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
 			// for a search it is not an error if no auth was given
 			// to increase compatibility with the existing api it is defaulting to be empty
-			authConfig = &auth.AuthConfig{}
+			authConfig = &registry.AuthConfig{}
 		}
 	}
 	for k, v := range r.Header {
@@ -494,7 +494,7 @@ func postImagesPush(eng *engine.Engine, version version.Version, w http.Response
 	if err := parseForm(r); err != nil {
 		return err
 	}
-	authConfig := &auth.AuthConfig{}
+	authConfig := &registry.AuthConfig{}
 
 	authEncoded := r.Header.Get("X-Registry-Auth")
 	if authEncoded != "" {
@@ -502,7 +502,7 @@ func postImagesPush(eng *engine.Engine, version version.Version, w http.Response
 		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
 			// to increase compatibility to existing api it is defaulting to be empty
-			authConfig = &auth.AuthConfig{}
+			authConfig = &registry.AuthConfig{}
 		}
 	} else {
 		// the old format is supported for compatibility if there was no authConfig header
@@ -823,9 +823,9 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite
 	}
 	var (
 		authEncoded       = r.Header.Get("X-Registry-Auth")
-		authConfig        = &auth.AuthConfig{}
+		authConfig        = &registry.AuthConfig{}
 		configFileEncoded = r.Header.Get("X-Registry-Config")
-		configFile        = &auth.ConfigFile{}
+		configFile        = &registry.ConfigFile{}
 		job               = eng.Job("build")
 	)
 
@@ -838,7 +838,7 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite
 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {
 			// for a pull it is not an error if no auth was given
 			// to increase compatibility with the existing api it is defaulting to be empty
-			authConfig = &auth.AuthConfig{}
+			authConfig = &registry.AuthConfig{}
 		}
 	}
 
@@ -847,7 +847,7 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite
 		if err := json.NewDecoder(configFileJson).Decode(configFile); err != nil {
 			// for a pull it is not an error if no auth was given
 			// to increase compatibility with the existing api it is defaulting to be empty
-			configFile = &auth.ConfigFile{}
+			configFile = &registry.ConfigFile{}
 		}
 	}
 
diff --git a/auth/MAINTAINERS b/auth/MAINTAINERS
deleted file mode 100644
index bf3984f5f9..0000000000
--- a/auth/MAINTAINERS
+++ /dev/null
@@ -1,3 +0,0 @@
-Sam Alba <sam@dotcloud.com> (@samalba)
-Joffrey Fuhrer <joffrey@dotcloud.com> (@shin-)
-Ken Cochrane <ken@dotcloud.com> (@kencochrane)
diff --git a/buildfile.go b/buildfile.go
index 160db4d434..959b085685 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime"
@@ -49,8 +48,8 @@ type buildFile struct {
 	utilizeCache bool
 	rm           bool
 
-	authConfig *auth.AuthConfig
-	configFile *auth.ConfigFile
+	authConfig *registry.AuthConfig
+	configFile *registry.ConfigFile
 
 	tmpContainers map[string]struct{}
 	tmpImages     map[string]struct{}
@@ -793,7 +792,7 @@ func (b *buildFile) BuildStep(name, expression string) error {
 	return nil
 }
 
-func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *auth.AuthConfig, authConfigFile *auth.ConfigFile) BuildFile {
+func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
 	return &buildFile{
 		runtime:       srv.runtime,
 		srv:           srv,
diff --git a/integration/auth_test.go b/integration/auth_test.go
index c5bdabace2..1d9d450573 100644
--- a/integration/auth_test.go
+++ b/integration/auth_test.go
@@ -4,7 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
-	"github.com/dotcloud/docker/auth"
+	"github.com/dotcloud/docker/registry"
 	"os"
 	"strings"
 	"testing"
@@ -18,13 +18,13 @@ import (
 func TestLogin(t *testing.T) {
 	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
 	defer os.Setenv("DOCKER_INDEX_URL", "")
-	authConfig := &auth.AuthConfig{
+	authConfig := &registry.AuthConfig{
 		Username:      "unittester",
 		Password:      "surlautrerivejetattendrai",
 		Email:         "noise+unittester@docker.com",
 		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",
 	}
-	status, err := auth.Login(authConfig, nil)
+	status, err := registry.Login(authConfig, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -41,13 +41,13 @@ func TestCreateAccount(t *testing.T) {
 	}
 	token := hex.EncodeToString(tokenBuffer)[:12]
 	username := "ut" + token
-	authConfig := &auth.AuthConfig{
+	authConfig := &registry.AuthConfig{
 		Username:      username,
 		Password:      "test42",
 		Email:         fmt.Sprintf("docker-ut+%s@example.com", token),
 		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",
 	}
-	status, err := auth.Login(authConfig, nil)
+	status, err := registry.Login(authConfig, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -59,7 +59,7 @@ func TestCreateAccount(t *testing.T) {
 		t.Fatalf("Expected status: \"%s\", found \"%s\" instead.", expectedStatus, status)
 	}
 
-	status, err = auth.Login(authConfig, nil)
+	status, err = registry.Login(authConfig, nil)
 	if err == nil {
 		t.Fatalf("Expected error but found nil instead")
 	}
diff --git a/auth/auth.go b/registry/auth.go
similarity index 99%
rename from auth/auth.go
rename to registry/auth.go
index 4417dd0f7a..4fdd51fda4 100644
--- a/auth/auth.go
+++ b/registry/auth.go
@@ -1,4 +1,4 @@
-package auth
+package registry
 
 import (
 	"encoding/base64"
diff --git a/auth/auth_test.go b/registry/auth_test.go
similarity index 99%
rename from auth/auth_test.go
rename to registry/auth_test.go
index 2335072609..3cb1a9ac4b 100644
--- a/auth/auth_test.go
+++ b/registry/auth_test.go
@@ -1,4 +1,4 @@
-package auth
+package registry
 
 import (
 	"io/ioutil"
diff --git a/registry/registry.go b/registry/registry.go
index cc2e985c31..dbf5d539ff 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -27,7 +26,7 @@ var (
 )
 
 func pingRegistryEndpoint(endpoint string) (bool, error) {
-	if endpoint == auth.IndexServerAddress() {
+	if endpoint == IndexServerAddress() {
 		// Skip the check, we now this one is valid
 		// (and we never want to fallback to http in case of error)
 		return false, nil
@@ -103,7 +102,7 @@ func ResolveRepositoryName(reposName string) (string, string, error) {
 		nameParts[0] != "localhost" {
 		// This is a Docker Index repos (ex: samalba/hipache or ubuntu)
 		err := validateRepositoryName(reposName)
-		return auth.IndexServerAddress(), reposName, err
+		return IndexServerAddress(), reposName, err
 	}
 	if len(nameParts) < 2 {
 		// There is a dot in repos name (and no registry address)
@@ -601,7 +600,7 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat
 
 func (r *Registry) SearchRepositories(term string) (*SearchResults, error) {
 	utils.Debugf("Index server: %s", r.indexEndpoint)
-	u := auth.IndexServerAddress() + "search?q=" + url.QueryEscape(term)
+	u := IndexServerAddress() + "search?q=" + url.QueryEscape(term)
 	req, err := r.reqFactory.NewRequest("GET", u, nil)
 	if err != nil {
 		return nil, err
@@ -627,12 +626,12 @@ func (r *Registry) SearchRepositories(term string) (*SearchResults, error) {
 	return result, err
 }
 
-func (r *Registry) GetAuthConfig(withPasswd bool) *auth.AuthConfig {
+func (r *Registry) GetAuthConfig(withPasswd bool) *AuthConfig {
 	password := ""
 	if withPasswd {
 		password = r.authConfig.Password
 	}
-	return &auth.AuthConfig{
+	return &AuthConfig{
 		Username: r.authConfig.Username,
 		Password: password,
 		Email:    r.authConfig.Email,
@@ -668,12 +667,12 @@ type ImgData struct {
 
 type Registry struct {
 	client        *http.Client
-	authConfig    *auth.AuthConfig
+	authConfig    *AuthConfig
 	reqFactory    *utils.HTTPRequestFactory
 	indexEndpoint string
 }
 
-func NewRegistry(authConfig *auth.AuthConfig, factory *utils.HTTPRequestFactory, indexEndpoint string) (r *Registry, err error) {
+func NewRegistry(authConfig *AuthConfig, factory *utils.HTTPRequestFactory, indexEndpoint string) (r *Registry, err error) {
 	httpTransport := &http.Transport{
 		DisableKeepAlives: true,
 		Proxy:             http.ProxyFromEnvironment,
@@ -693,13 +692,13 @@ func NewRegistry(authConfig *auth.AuthConfig, factory *utils.HTTPRequestFactory,
 
 	// If we're working with a standalone private registry over HTTPS, send Basic Auth headers
 	// alongside our requests.
-	if indexEndpoint != auth.IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") {
+	if indexEndpoint != IndexServerAddress() && strings.HasPrefix(indexEndpoint, "https://") {
 		standalone, err := pingRegistryEndpoint(indexEndpoint)
 		if err != nil {
 			return nil, err
 		}
 		if standalone {
-			utils.Debugf("Endpoint %s is eligible for private registry auth. Enabling decorator.", indexEndpoint)
+			utils.Debugf("Endpoint %s is eligible for private registry registry. Enabling decorator.", indexEndpoint)
 			dec := utils.NewHTTPAuthDecorator(authConfig.Username, authConfig.Password)
 			factory.AddDecorator(dec)
 		}
diff --git a/registry/registry_test.go b/registry/registry_test.go
index 82a27a166f..f21814c791 100644
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@@ -1,7 +1,6 @@
 package registry
 
 import (
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/utils"
 	"strings"
 	"testing"
@@ -14,7 +13,7 @@ var (
 )
 
 func spawnTestRegistry(t *testing.T) *Registry {
-	authConfig := &auth.AuthConfig{}
+	authConfig := &AuthConfig{}
 	r, err := NewRegistry(authConfig, utils.NewHTTPRequestFactory(), makeURL("/v1/"))
 	if err != nil {
 		t.Fatal(err)
@@ -137,7 +136,7 @@ func TestResolveRepositoryName(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	assertEqual(t, ep, auth.IndexServerAddress(), "Expected endpoint to be index server address")
+	assertEqual(t, ep, IndexServerAddress(), "Expected endpoint to be index server address")
 	assertEqual(t, repo, "fooo/bar", "Expected resolved repo to be foo/bar")
 
 	u := makeURL("")[7:]
diff --git a/server.go b/server.go
index 52f5f14c0a..0cf78eefa3 100644
--- a/server.go
+++ b/server.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/auth"
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
@@ -199,19 +198,19 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 func (srv *Server) Auth(job *engine.Job) engine.Status {
 	var (
 		err        error
-		authConfig = &auth.AuthConfig{}
+		authConfig = &registry.AuthConfig{}
 	)
 
 	job.GetenvJson("authConfig", authConfig)
 	// TODO: this is only done here because auth and registry need to be merged into one pkg
-	if addr := authConfig.ServerAddress; addr != "" && addr != auth.IndexServerAddress() {
+	if addr := authConfig.ServerAddress; addr != "" && addr != registry.IndexServerAddress() {
 		addr, err = registry.ExpandAndVerifyRegistryUrl(addr)
 		if err != nil {
 			return job.Error(err)
 		}
 		authConfig.ServerAddress = addr
 	}
-	status, err := auth.Login(authConfig, srv.HTTPRequestFactory(nil))
+	status, err := registry.Login(authConfig, srv.HTTPRequestFactory(nil))
 	if err != nil {
 		return job.Error(err)
 	}
@@ -431,8 +430,8 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 		suppressOutput = job.GetenvBool("q")
 		noCache        = job.GetenvBool("nocache")
 		rm             = job.GetenvBool("rm")
-		authConfig     = &auth.AuthConfig{}
-		configFile     = &auth.ConfigFile{}
+		authConfig     = &registry.AuthConfig{}
+		configFile     = &registry.ConfigFile{}
 		tag            string
 		context        io.ReadCloser
 	)
@@ -611,12 +610,12 @@ func (srv *Server) ImagesSearch(job *engine.Job) engine.Status {
 	var (
 		term        = job.Args[0]
 		metaHeaders = map[string][]string{}
-		authConfig  = &auth.AuthConfig{}
+		authConfig  = &registry.AuthConfig{}
 	)
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("metaHeaders", metaHeaders)
 
-	r, err := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), auth.IndexServerAddress())
+	r, err := registry.NewRegistry(authConfig, srv.HTTPRequestFactory(metaHeaders), registry.IndexServerAddress())
 	if err != nil {
 		return job.Error(err)
 	}
@@ -827,7 +826,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 	v.Set("ExecutionDriver", srv.runtime.ExecutionDriver().Name())
 	v.SetInt("NEventsListener", len(srv.listeners))
 	v.Set("KernelVersion", kernelVersion)
-	v.Set("IndexServerAddress", auth.IndexServerAddress())
+	v.Set("IndexServerAddress", registry.IndexServerAddress())
 	v.Set("InitSha1", dockerversion.INITSHA1)
 	v.Set("InitPath", initPath)
 	if _, err := v.WriteTo(job.Stdout); err != nil {
@@ -1312,7 +1311,7 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status {
 		localName   = job.Args[0]
 		tag         string
 		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &auth.AuthConfig{}
+		authConfig  = &registry.AuthConfig{}
 		metaHeaders map[string][]string
 	)
 	if len(job.Args) > 1 {
@@ -1350,7 +1349,7 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status {
 		return job.Error(err)
 	}
 
-	if endpoint == auth.IndexServerAddress() {
+	if endpoint == registry.IndexServerAddress() {
 		// If pull "index.docker.io/foo/bar", it's stored locally under "foo/bar"
 		localName = remoteName
 	}
@@ -1531,7 +1530,7 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 	var (
 		localName   = job.Args[0]
 		sf          = utils.NewStreamFormatter(job.GetenvBool("json"))
-		authConfig  = &auth.AuthConfig{}
+		authConfig  = &registry.AuthConfig{}
 		metaHeaders map[string][]string
 	)
 

From c5632622391921160687f3e0155bdfe3d3cfc07d Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 13:38:17 -0700
Subject: [PATCH 042/384] Move signal to pkg

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go                                 | 13 +--
 {utils => pkg/signal}/signal.go               |  2 +-
 {utils => pkg/signal}/signal_darwin.go        |  2 +-
 .../signal/signal_freebsd.go                  |  7 +-
 pkg/signal/signal_linux.go                    | 87 +++++++++++++++++++
 5 files changed, 97 insertions(+), 14 deletions(-)
 rename {utils => pkg/signal}/signal.go (87%)
 rename {utils => pkg/signal}/signal_darwin.go (97%)
 rename utils/signal_linux.go => pkg/signal/signal_freebsd.go (85%)
 create mode 100644 pkg/signal/signal_linux.go

diff --git a/api/client.go b/api/client.go
index 10075ae613..5e110d49f5 100644
--- a/api/client.go
+++ b/api/client.go
@@ -13,6 +13,7 @@ import (
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/nat"
 	flag "github.com/dotcloud/docker/pkg/mflag"
+	"github.com/dotcloud/docker/pkg/signal"
 	"github.com/dotcloud/docker/pkg/term"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
@@ -24,7 +25,7 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"os"
-	"os/signal"
+	gosignal "os/signal"
 	"path"
 	"reflect"
 	"regexp"
@@ -533,7 +534,7 @@ func (cli *DockerCli) CmdRestart(args ...string) error {
 
 func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
 	sigc := make(chan os.Signal, 1)
-	utils.CatchAll(sigc)
+	signal.CatchAll(sigc)
 	go func() {
 		for s := range sigc {
 			if s == syscall.SIGCHLD {
@@ -581,7 +582,7 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 
 		if !container.Config.Tty {
 			sigc := cli.forwardAllSignals(cmd.Arg(0))
-			defer utils.StopCatch(sigc)
+			defer signal.StopCatch(sigc)
 		}
 
 		var in io.ReadCloser
@@ -1614,7 +1615,7 @@ func (cli *DockerCli) CmdAttach(args ...string) error {
 
 	if *proxy && !container.Config.Tty {
 		sigc := cli.forwardAllSignals(cmd.Arg(0))
-		defer utils.StopCatch(sigc)
+		defer signal.StopCatch(sigc)
 	}
 
 	if err := cli.hijack("POST", "/containers/"+cmd.Arg(0)+"/attach?"+v.Encode(), container.Config.Tty, in, cli.out, cli.err, nil); err != nil {
@@ -1818,7 +1819,7 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 
 	if sigProxy {
 		sigc := cli.forwardAllSignals(runResult.Get("Id"))
-		defer utils.StopCatch(sigc)
+		defer signal.StopCatch(sigc)
 	}
 
 	var (
@@ -2320,7 +2321,7 @@ func (cli *DockerCli) monitorTtySize(id string) error {
 	cli.resizeTty(id)
 
 	sigchan := make(chan os.Signal, 1)
-	signal.Notify(sigchan, syscall.SIGWINCH)
+	gosignal.Notify(sigchan, syscall.SIGWINCH)
 	go func() {
 		for _ = range sigchan {
 			cli.resizeTty(id)
diff --git a/utils/signal.go b/pkg/signal/signal.go
similarity index 87%
rename from utils/signal.go
rename to pkg/signal/signal.go
index 0cac7d113f..6f9874bd01 100644
--- a/utils/signal.go
+++ b/pkg/signal/signal.go
@@ -1,4 +1,4 @@
-package utils
+package signal
 
 import (
 	"os"
diff --git a/utils/signal_darwin.go b/pkg/signal/signal_darwin.go
similarity index 97%
rename from utils/signal_darwin.go
rename to pkg/signal/signal_darwin.go
index 28730db8e5..22a60ae18d 100644
--- a/utils/signal_darwin.go
+++ b/pkg/signal/signal_darwin.go
@@ -1,4 +1,4 @@
-package utils
+package signal
 
 import (
 	"os"
diff --git a/utils/signal_linux.go b/pkg/signal/signal_freebsd.go
similarity index 85%
rename from utils/signal_linux.go
rename to pkg/signal/signal_freebsd.go
index 26cfd56967..d27782217f 100644
--- a/utils/signal_linux.go
+++ b/pkg/signal/signal_freebsd.go
@@ -1,4 +1,4 @@
-package utils
+package signal
 
 import (
 	"os"
@@ -12,7 +12,6 @@ func CatchAll(sigc chan os.Signal) {
 		syscall.SIGALRM,
 		syscall.SIGBUS,
 		syscall.SIGCHLD,
-		syscall.SIGCLD,
 		syscall.SIGCONT,
 		syscall.SIGFPE,
 		syscall.SIGHUP,
@@ -22,12 +21,9 @@ func CatchAll(sigc chan os.Signal) {
 		syscall.SIGIOT,
 		syscall.SIGKILL,
 		syscall.SIGPIPE,
-		syscall.SIGPOLL,
 		syscall.SIGPROF,
-		syscall.SIGPWR,
 		syscall.SIGQUIT,
 		syscall.SIGSEGV,
-		syscall.SIGSTKFLT,
 		syscall.SIGSTOP,
 		syscall.SIGSYS,
 		syscall.SIGTERM,
@@ -35,7 +31,6 @@ func CatchAll(sigc chan os.Signal) {
 		syscall.SIGTSTP,
 		syscall.SIGTTIN,
 		syscall.SIGTTOU,
-		syscall.SIGUNUSED,
 		syscall.SIGURG,
 		syscall.SIGUSR1,
 		syscall.SIGUSR2,
diff --git a/pkg/signal/signal_linux.go b/pkg/signal/signal_linux.go
new file mode 100644
index 0000000000..b6b25d518b
--- /dev/null
+++ b/pkg/signal/signal_linux.go
@@ -0,0 +1,87 @@
+package signal
+
+import (
+	"os"
+	"os/signal"
+	"syscall"
+)
+
+var signalMap = map[string]syscall.Signal{}
+
+/*
+	syscall.SIGABRT,
+	syscall.SIGALRM,
+	syscall.SIGBUS,
+	syscall.SIGCHLD,
+	syscall.SIGCLD,
+	syscall.SIGCONT,
+	syscall.SIGFPE,
+	syscall.SIGHUP,
+	syscall.SIGILL,
+	syscall.SIGINT,
+	syscall.SIGIO,
+	syscall.SIGIOT,
+	syscall.SIGKILL,
+	syscall.SIGPIPE,
+	syscall.SIGPOLL,
+	syscall.SIGPROF,
+	syscall.SIGPWR,
+	syscall.SIGQUIT,
+	syscall.SIGSEGV,
+	syscall.SIGSTKFLT,
+	syscall.SIGSTOP,
+	syscall.SIGSYS,
+	syscall.SIGTERM,
+	syscall.SIGTRAP,
+	syscall.SIGTSTP,
+	syscall.SIGTTIN,
+	syscall.SIGTTOU,
+	syscall.SIGUNUSED,
+	syscall.SIGURG,
+	syscall.SIGUSR1,
+	syscall.SIGUSR2,
+	syscall.SIGVTALRM,
+	syscall.SIGWINCH,
+	syscall.SIGXCPU,
+	syscall.SIGXFSZ,
+*/
+
+func CatchAll(sigc chan os.Signal) {
+	signal.Notify(sigc,
+		syscall.SIGABRT,
+		syscall.SIGALRM,
+		syscall.SIGBUS,
+		syscall.SIGCHLD,
+		syscall.SIGCLD,
+		syscall.SIGCONT,
+		syscall.SIGFPE,
+		syscall.SIGHUP,
+		syscall.SIGILL,
+		syscall.SIGINT,
+		syscall.SIGIO,
+		syscall.SIGIOT,
+		syscall.SIGKILL,
+		syscall.SIGPIPE,
+		syscall.SIGPOLL,
+		syscall.SIGPROF,
+		syscall.SIGPWR,
+		syscall.SIGQUIT,
+		syscall.SIGSEGV,
+		syscall.SIGSTKFLT,
+		syscall.SIGSTOP,
+		syscall.SIGSYS,
+		syscall.SIGTERM,
+		syscall.SIGTRAP,
+		syscall.SIGTSTP,
+		syscall.SIGTTIN,
+		syscall.SIGTTOU,
+		syscall.SIGUNUSED,
+		syscall.SIGURG,
+		syscall.SIGUSR1,
+		syscall.SIGUSR2,
+		syscall.SIGVTALRM,
+		syscall.SIGWINCH,
+		syscall.SIGXCPU,
+		syscall.SIGXFSZ,
+	)
+}

From 10dc16dcd3aa82be256e5072a25dcf18af8e3844 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 13:50:16 -0700
Subject: [PATCH 043/384] Create portable signalMap

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 pkg/signal/signal.go             |   8 +++
 pkg/signal/signal_darwin.go      |  70 +++++++++----------
 pkg/signal/signal_freebsd.go     |  68 +++++++++---------
 pkg/signal/signal_linux.go       | 116 ++++++++++---------------------
 pkg/signal/signal_unsupported.go |   9 +++
 5 files changed, 121 insertions(+), 150 deletions(-)
 create mode 100644 pkg/signal/signal_unsupported.go

diff --git a/pkg/signal/signal.go b/pkg/signal/signal.go
index 6f9874bd01..a673222628 100644
--- a/pkg/signal/signal.go
+++ b/pkg/signal/signal.go
@@ -5,6 +5,14 @@ import (
 	"os/signal"
 )
 
+func CatchAll(sigc chan os.Signal) {
+	handledSigs := []os.Signal{}
+	for _, s := range signalMap {
+		handledSigs = append(handledSigs, s)
+	}
+	signal.Notify(sigc, handledSigs...)
+}
+
 func StopCatch(sigc chan os.Signal) {
 	signal.Stop(sigc)
 	close(sigc)
diff --git a/pkg/signal/signal_darwin.go b/pkg/signal/signal_darwin.go
index 22a60ae18d..b290a8b53d 100644
--- a/pkg/signal/signal_darwin.go
+++ b/pkg/signal/signal_darwin.go
@@ -1,44 +1,40 @@
 package signal
 
 import (
-	"os"
-	"os/signal"
 	"syscall"
 )
 
-func CatchAll(sigc chan os.Signal) {
-	signal.Notify(sigc,
-		syscall.SIGABRT,
-		syscall.SIGALRM,
-		syscall.SIGBUS,
-		syscall.SIGCHLD,
-		syscall.SIGCONT,
-		syscall.SIGEMT,
-		syscall.SIGFPE,
-		syscall.SIGHUP,
-		syscall.SIGILL,
-		syscall.SIGINFO,
-		syscall.SIGINT,
-		syscall.SIGIO,
-		syscall.SIGIOT,
-		syscall.SIGKILL,
-		syscall.SIGPIPE,
-		syscall.SIGPROF,
-		syscall.SIGQUIT,
-		syscall.SIGSEGV,
-		syscall.SIGSTOP,
-		syscall.SIGSYS,
-		syscall.SIGTERM,
-		syscall.SIGTRAP,
-		syscall.SIGTSTP,
-		syscall.SIGTTIN,
-		syscall.SIGTTOU,
-		syscall.SIGURG,
-		syscall.SIGUSR1,
-		syscall.SIGUSR2,
-		syscall.SIGVTALRM,
-		syscall.SIGWINCH,
-		syscall.SIGXCPU,
-		syscall.SIGXFSZ,
-	)
+var signalMap = map[string]syscall.Signal{
+	"ABRT": syscall.SIGABRT,
+	"ALRM": syscall.SIGALRM,
+	"BUG": syscall.SIGBUS,
+	"CHLD": syscall.SIGCHLD,
+	"CONT": syscall.SIGCONT,
+	"EMT": syscall.SIGEMT,
+	"FPE": syscall.SIGFPE,
+	"HUP": syscall.SIGHUP,
+	"ILL": syscall.SIGILL,
+	"INFO": syscall.SIGINFO,
+	"INT": syscall.SIGINT,
+	"IO": syscall.SIGIO,
+	"IOT": syscall.SIGIOT,
+	"KILL": syscall.SIGKILL,
+	"PIPE": syscall.SIGPIPE,
+	"PROF": syscall.SIGPROF,
+	"QUIT": syscall.SIGQUIT,
+	"SEGV": syscall.SIGSEGV,
+	"STOP": syscall.SIGSTOP,
+	"SYS": syscall.SIGSYS,
+	"TERM": syscall.SIGTERM,
+	"TRAP": syscall.SIGTRAP,
+	"TSTP": syscall.SIGTSTP,
+	"TTIN": syscall.SIGTTIN,
+	"TTOU": syscall.SIGTTOU,
+	"URG": syscall.SIGURG,
+	"USR1": syscall.SIGUSR1,
+	"USR2": syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH": syscall.SIGWINCH,
+	"XCPU": syscall.SIGXCPU,
+	"XFSZ": syscall.SIGXFSZ,
 }
diff --git a/pkg/signal/signal_freebsd.go b/pkg/signal/signal_freebsd.go
index d27782217f..b7e3ff4f7c 100644
--- a/pkg/signal/signal_freebsd.go
+++ b/pkg/signal/signal_freebsd.go
@@ -6,37 +6,39 @@ import (
 	"syscall"
 )
 
-func CatchAll(sigc chan os.Signal) {
-	signal.Notify(sigc,
-		syscall.SIGABRT,
-		syscall.SIGALRM,
-		syscall.SIGBUS,
-		syscall.SIGCHLD,
-		syscall.SIGCONT,
-		syscall.SIGFPE,
-		syscall.SIGHUP,
-		syscall.SIGILL,
-		syscall.SIGINT,
-		syscall.SIGIO,
-		syscall.SIGIOT,
-		syscall.SIGKILL,
-		syscall.SIGPIPE,
-		syscall.SIGPROF,
-		syscall.SIGQUIT,
-		syscall.SIGSEGV,
-		syscall.SIGSTOP,
-		syscall.SIGSYS,
-		syscall.SIGTERM,
-		syscall.SIGTRAP,
-		syscall.SIGTSTP,
-		syscall.SIGTTIN,
-		syscall.SIGTTOU,
-		syscall.SIGURG,
-		syscall.SIGUSR1,
-		syscall.SIGUSR2,
-		syscall.SIGVTALRM,
-		syscall.SIGWINCH,
-		syscall.SIGXCPU,
-		syscall.SIGXFSZ,
-	)
+var signalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUF":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CONT":   syscall.SIGCONT,
+	"EMT":    syscall.SIGEMT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INFO":   syscall.SIGINFO,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"LWP":    syscall.SIGLWP,
+	"PIPE":   syscall.SIGPIPE,
+	"PROF":   syscall.SIGPROF,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"THR":    syscall.SIGTHR,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
 }
diff --git a/pkg/signal/signal_linux.go b/pkg/signal/signal_linux.go
index b6b25d518b..cd8cb83e42 100644
--- a/pkg/signal/signal_linux.go
+++ b/pkg/signal/signal_linux.go
@@ -1,87 +1,43 @@
 package signal
 
 import (
-	"os"
-	"os/signal"
 	"syscall"
 )
 
-var signalMap = map[string]syscall.Signal{}
-
-/*
-	syscall.SIGABRT,
-	syscall.SIGALRM,
-	syscall.SIGBUS,
-	syscall.SIGCHLD,
-	syscall.SIGCLD,
-	syscall.SIGCONT,
-	syscall.SIGFPE,
-	syscall.SIGHUP,
-	syscall.SIGILL,
-	syscall.SIGINT,
-	syscall.SIGIO,
-	syscall.SIGIOT,
-	syscall.SIGKILL,
-	syscall.SIGPIPE,
-	syscall.SIGPOLL,
-	syscall.SIGPROF,
-	syscall.SIGPWR,
-	syscall.SIGQUIT,
-	syscall.SIGSEGV,
-	syscall.SIGSTKFLT,
-	syscall.SIGSTOP,
-	syscall.SIGSYS,
-	syscall.SIGTERM,
-	syscall.SIGTRAP,
-	syscall.SIGTSTP,
-	syscall.SIGTTIN,
-	syscall.SIGTTOU,
-	syscall.SIGUNUSED,
-	syscall.SIGURG,
-	syscall.SIGUSR1,
-	syscall.SIGUSR2,
-	syscall.SIGVTALRM,
-	syscall.SIGWINCH,
-	syscall.SIGXCPU,
-	syscall.SIGXFSZ,
-*/
-
-func CatchAll(sigc chan os.Signal) {
-	signal.Notify(sigc,
-		syscall.SIGABRT,
-		syscall.SIGALRM,
-		syscall.SIGBUS,
-		syscall.SIGCHLD,
-		syscall.SIGCLD,
-		syscall.SIGCONT,
-		syscall.SIGFPE,
-		syscall.SIGHUP,
-		syscall.SIGILL,
-		syscall.SIGINT,
-		syscall.SIGIO,
-		syscall.SIGIOT,
-		syscall.SIGKILL,
-		syscall.SIGPIPE,
-		syscall.SIGPOLL,
-		syscall.SIGPROF,
-		syscall.SIGPWR,
-		syscall.SIGQUIT,
-		syscall.SIGSEGV,
-		syscall.SIGSTKFLT,
-		syscall.SIGSTOP,
-		syscall.SIGSYS,
-		syscall.SIGTERM,
-		syscall.SIGTRAP,
-		syscall.SIGTSTP,
-		syscall.SIGTTIN,
-		syscall.SIGTTOU,
-		syscall.SIGUNUSED,
-		syscall.SIGURG,
-		syscall.SIGUSR1,
-		syscall.SIGUSR2,
-		syscall.SIGVTALRM,
-		syscall.SIGWINCH,
-		syscall.SIGXCPU,
-		syscall.SIGXFSZ,
-	)
+var signalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUS":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CLD":    syscall.SIGCLD,
+	"CONT":   syscall.SIGCONT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"PIPE":   syscall.SIGPIPE,
+	"POLL":   syscall.SIGPOLL,
+	"PROF":   syscall.SIGPROF,
+	"PWR":    syscall.SIGPWR,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STKFLT": syscall.SIGSTKFLT,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"UNUSED": syscall.SIGUNUSED,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
+	"VTALRM": syscall.SIGVTALRM,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
 }
diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go
new file mode 100644
index 0000000000..2c49a0b0f6
--- /dev/null
+++ b/pkg/signal/signal_unsupported.go
@@ -0,0 +1,9 @@
+// +build !linux,!darwin,!freebsd
+
+package signal
+
+import (
+	"syscall"
+)
+
+var signalMap = map[string]syscall.Signal{}

From 157f24ca77a38f7c5c2b22322a2a353d5098a21e Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 14:22:27 -0700
Subject: [PATCH 044/384] Make docker use the signal pkg with strings

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go                    | 12 +++++-
 pkg/signal/signal.go             |  2 +-
 pkg/signal/signal_darwin.go      | 64 ++++++++++++++++----------------
 pkg/signal/signal_freebsd.go     |  2 +-
 pkg/signal/signal_linux.go       |  2 +-
 pkg/signal/signal_unsupported.go |  2 +-
 server.go                        | 63 ++++++++++---------------------
 7 files changed, 66 insertions(+), 81 deletions(-)

diff --git a/api/client.go b/api/client.go
index 5e110d49f5..35ce5c6969 100644
--- a/api/client.go
+++ b/api/client.go
@@ -540,7 +540,17 @@ func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
 			if s == syscall.SIGCHLD {
 				continue
 			}
-			if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/kill?signal=%d", cid, s), nil, false)); err != nil {
+			var sig string
+			for sigStr, sigN := range signal.SignalMap {
+				if sigN == s {
+					sig = sigStr
+					break
+				}
+			}
+			if sig == "" {
+				utils.Errorf("Unsupported signal: %d. Discarding.", s)
+			}
+			if _, _, err := readBody(cli.call("POST", fmt.Sprintf("/containers/%s/kill?signal=%s", cid, sig), nil, false)); err != nil {
 				utils.Debugf("Error sending signal: %s", err)
 			}
 		}
diff --git a/pkg/signal/signal.go b/pkg/signal/signal.go
index a673222628..63337542d7 100644
--- a/pkg/signal/signal.go
+++ b/pkg/signal/signal.go
@@ -7,7 +7,7 @@ import (
 
 func CatchAll(sigc chan os.Signal) {
 	handledSigs := []os.Signal{}
-	for _, s := range signalMap {
+	for _, s := range SignalMap {
 		handledSigs = append(handledSigs, s)
 	}
 	signal.Notify(sigc, handledSigs...)
diff --git a/pkg/signal/signal_darwin.go b/pkg/signal/signal_darwin.go
index b290a8b53d..fcd3a8f2c9 100644
--- a/pkg/signal/signal_darwin.go
+++ b/pkg/signal/signal_darwin.go
@@ -4,37 +4,37 @@ import (
 	"syscall"
 )
 
-var signalMap = map[string]syscall.Signal{
-	"ABRT": syscall.SIGABRT,
-	"ALRM": syscall.SIGALRM,
-	"BUG": syscall.SIGBUS,
-	"CHLD": syscall.SIGCHLD,
-	"CONT": syscall.SIGCONT,
-	"EMT": syscall.SIGEMT,
-	"FPE": syscall.SIGFPE,
-	"HUP": syscall.SIGHUP,
-	"ILL": syscall.SIGILL,
-	"INFO": syscall.SIGINFO,
-	"INT": syscall.SIGINT,
-	"IO": syscall.SIGIO,
-	"IOT": syscall.SIGIOT,
-	"KILL": syscall.SIGKILL,
-	"PIPE": syscall.SIGPIPE,
-	"PROF": syscall.SIGPROF,
-	"QUIT": syscall.SIGQUIT,
-	"SEGV": syscall.SIGSEGV,
-	"STOP": syscall.SIGSTOP,
-	"SYS": syscall.SIGSYS,
-	"TERM": syscall.SIGTERM,
-	"TRAP": syscall.SIGTRAP,
-	"TSTP": syscall.SIGTSTP,
-	"TTIN": syscall.SIGTTIN,
-	"TTOU": syscall.SIGTTOU,
-	"URG": syscall.SIGURG,
-	"USR1": syscall.SIGUSR1,
-	"USR2": syscall.SIGUSR2,
+var SignalMap = map[string]syscall.Signal{
+	"ABRT":   syscall.SIGABRT,
+	"ALRM":   syscall.SIGALRM,
+	"BUG":    syscall.SIGBUS,
+	"CHLD":   syscall.SIGCHLD,
+	"CONT":   syscall.SIGCONT,
+	"EMT":    syscall.SIGEMT,
+	"FPE":    syscall.SIGFPE,
+	"HUP":    syscall.SIGHUP,
+	"ILL":    syscall.SIGILL,
+	"INFO":   syscall.SIGINFO,
+	"INT":    syscall.SIGINT,
+	"IO":     syscall.SIGIO,
+	"IOT":    syscall.SIGIOT,
+	"KILL":   syscall.SIGKILL,
+	"PIPE":   syscall.SIGPIPE,
+	"PROF":   syscall.SIGPROF,
+	"QUIT":   syscall.SIGQUIT,
+	"SEGV":   syscall.SIGSEGV,
+	"STOP":   syscall.SIGSTOP,
+	"SYS":    syscall.SIGSYS,
+	"TERM":   syscall.SIGTERM,
+	"TRAP":   syscall.SIGTRAP,
+	"TSTP":   syscall.SIGTSTP,
+	"TTIN":   syscall.SIGTTIN,
+	"TTOU":   syscall.SIGTTOU,
+	"URG":    syscall.SIGURG,
+	"USR1":   syscall.SIGUSR1,
+	"USR2":   syscall.SIGUSR2,
 	"VTALRM": syscall.SIGVTALRM,
-	"WINCH": syscall.SIGWINCH,
-	"XCPU": syscall.SIGXCPU,
-	"XFSZ": syscall.SIGXFSZ,
+	"WINCH":  syscall.SIGWINCH,
+	"XCPU":   syscall.SIGXCPU,
+	"XFSZ":   syscall.SIGXFSZ,
 }
diff --git a/pkg/signal/signal_freebsd.go b/pkg/signal/signal_freebsd.go
index b7e3ff4f7c..da042d7e72 100644
--- a/pkg/signal/signal_freebsd.go
+++ b/pkg/signal/signal_freebsd.go
@@ -6,7 +6,7 @@ import (
 	"syscall"
 )
 
-var signalMap = map[string]syscall.Signal{
+var SignalMap = map[string]syscall.Signal{
 	"ABRT":   syscall.SIGABRT,
 	"ALRM":   syscall.SIGALRM,
 	"BUF":    syscall.SIGBUS,
diff --git a/pkg/signal/signal_linux.go b/pkg/signal/signal_linux.go
index cd8cb83e42..a62f79d4af 100644
--- a/pkg/signal/signal_linux.go
+++ b/pkg/signal/signal_linux.go
@@ -4,7 +4,7 @@ import (
 	"syscall"
 )
 
-var signalMap = map[string]syscall.Signal{
+var SignalMap = map[string]syscall.Signal{
 	"ABRT":   syscall.SIGABRT,
 	"ALRM":   syscall.SIGALRM,
 	"BUS":    syscall.SIGBUS,
diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go
index 2c49a0b0f6..99f9465970 100644
--- a/pkg/signal/signal_unsupported.go
+++ b/pkg/signal/signal_unsupported.go
@@ -6,4 +6,4 @@ import (
 	"syscall"
 )
 
-var signalMap = map[string]syscall.Signal{}
+var SignalMap = map[string]syscall.Signal{}
diff --git a/server.go b/server.go
index d824d78d7a..610b3ccfba 100644
--- a/server.go
+++ b/server.go
@@ -8,6 +8,7 @@ import (
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/pkg/graphdb"
+	"github.com/dotcloud/docker/pkg/signal"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
@@ -18,7 +19,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
-	"os/signal"
+	gosignal "os/signal"
 	"path"
 	"path/filepath"
 	"runtime"
@@ -47,7 +48,7 @@ func InitServer(job *engine.Job) engine.Status {
 	}
 	job.Logf("Setting up signal traps")
 	c := make(chan os.Signal, 1)
-	signal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
+	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
 	go func() {
 		sig := <-c
 		log.Printf("Received signal '%v', exiting\n", sig)
@@ -122,56 +123,30 @@ func (v *simpleVersionInfo) Version() string {
 // for the container to exit.
 // If a signal is given, then just send it to the container and return.
 func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
-	signalMap := map[string]syscall.Signal{
-		"HUP":  syscall.SIGHUP,
-		"INT":  syscall.SIGINT,
-		"QUIT": syscall.SIGQUIT,
-		"ILL":  syscall.SIGILL,
-		"TRAP": syscall.SIGTRAP,
-		"ABRT": syscall.SIGABRT,
-		"BUS":  syscall.SIGBUS,
-		"FPE":  syscall.SIGFPE,
-		"KILL": syscall.SIGKILL,
-		"USR1": syscall.SIGUSR1,
-		"SEGV": syscall.SIGSEGV,
-		"USR2": syscall.SIGUSR2,
-		"PIPE": syscall.SIGPIPE,
-		"ALRM": syscall.SIGALRM,
-		"TERM": syscall.SIGTERM,
-		//"STKFLT": syscall.SIGSTKFLT,
-		"CHLD":   syscall.SIGCHLD,
-		"CONT":   syscall.SIGCONT,
-		"STOP":   syscall.SIGSTOP,
-		"TSTP":   syscall.SIGTSTP,
-		"TTIN":   syscall.SIGTTIN,
-		"TTOU":   syscall.SIGTTOU,
-		"URG":    syscall.SIGURG,
-		"XCPU":   syscall.SIGXCPU,
-		"XFSZ":   syscall.SIGXFSZ,
-		"VTALRM": syscall.SIGVTALRM,
-		"PROF":   syscall.SIGPROF,
-		"WINCH":  syscall.SIGWINCH,
-		"IO":     syscall.SIGIO,
-		//"PWR":    syscall.SIGPWR,
-		"SYS": syscall.SIGSYS,
-	}
-
 	if n := len(job.Args); n < 1 || n > 2 {
 		return job.Errorf("Usage: %s CONTAINER [SIGNAL]", job.Name)
 	}
-	name := job.Args[0]
-	var sig uint64
+	var (
+		name = job.Args[0]
+		sig  uint64
+		err  error
+	)
+
+	// If we have a signal, look at it. Otherwise, do nothing
 	if len(job.Args) == 2 && job.Args[1] != "" {
-		sig = uint64(signalMap[job.Args[1]])
-		if sig == 0 {
-			var err error
-			// The largest legal signal is 31, so let's parse on 5 bits
-			sig, err = strconv.ParseUint(job.Args[1], 10, 5)
-			if err != nil {
+		// Check if we passed the singal as a number:
+		// The largest legal signal is 31, so let's parse on 5 bits
+		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
+		if err != nil {
+			// The signal is not a number, treat it as a string
+			sig = uint64(signal.SignalMap[job.Args[1]])
+			if sig == 0 {
 				return job.Errorf("Invalid signal: %s", job.Args[1])
 			}
+
 		}
 	}
+
 	if container := srv.runtime.Get(name); container != nil {
 		// If no signal is passed, or SIGKILL, perform regular Kill (SIGKILL + wait())
 		if sig == 0 || syscall.Signal(sig) == syscall.SIGKILL {

From 8301fc8e56503d5a0ea2316a0778faf4cf5f5f1e Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 26 Feb 2014 23:20:58 +0000
Subject: [PATCH 045/384] move git clone from daemon to client

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)

add a little doc
---
 api/client.go                              | 26 ++++++++++++++++++----
 docs/sources/reference/commandline/cli.rst | 16 ++++++++-----
 utils/utils.go                             |  2 +-
 3 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/api/client.go b/api/client.go
index 7f8921d9e1..6dabeac835 100644
--- a/api/client.go
+++ b/api/client.go
@@ -24,6 +24,7 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"os"
+	"os/exec"
 	gosignal "os/signal"
 	"path"
 	"reflect"
@@ -168,17 +169,34 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 			return err
 		}
 		context, err = archive.Generate("Dockerfile", string(dockerfile))
-	} else if utils.IsURL(cmd.Arg(0)) || utils.IsGIT(cmd.Arg(0)) {
+	} else if utils.IsURL(cmd.Arg(0)) && !utils.IsGIT(cmd.Arg(0)) {
 		isRemote = true
 	} else {
-		if _, err := os.Stat(cmd.Arg(0)); err != nil {
+		root := cmd.Arg(0)
+		if utils.IsGIT(root) {
+			remoteURL := cmd.Arg(0)
+			if !strings.HasPrefix(remoteURL, "git://") && !strings.HasPrefix(remoteURL, "git@") && !utils.IsURL(remoteURL) {
+				remoteURL = "https://" + remoteURL
+			}
+
+			root, err = ioutil.TempDir("", "docker-build-git")
+			if err != nil {
+				return err
+			}
+			defer os.RemoveAll(root)
+
+			if output, err := exec.Command("git", "clone", "--recursive", remoteURL, root).CombinedOutput(); err != nil {
+				return fmt.Errorf("Error trying to use git: %s (%s)", err, output)
+			}
+		}
+		if _, err := os.Stat(root); err != nil {
 			return err
 		}
-		filename := path.Join(cmd.Arg(0), "Dockerfile")
+		filename := path.Join(root, "Dockerfile")
 		if _, err = os.Stat(filename); os.IsNotExist(err) {
 			return fmt.Errorf("no Dockerfile found in %s", cmd.Arg(0))
 		}
-		context, err = archive.Tar(cmd.Arg(0), archive.Uncompressed)
+		context, err = archive.Tar(root, archive.Uncompressed)
 	}
 	var body io.Reader
 	// Setup an upload progress bar
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 2404e29b29..6fe2e2943e 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -202,12 +202,16 @@ Examples:
       --no-cache: Do not use the cache when building the image.
       --rm=true: Remove intermediate containers after a successful build
 
-The files at ``PATH`` or ``URL`` are called the "context" of the build. The
-build process may refer to any of the files in the context, for example when
-using an :ref:`ADD <dockerfile_add>` instruction.  When a single ``Dockerfile``
-is given as ``URL``, then no context is set.  When a Git repository is set as
-``URL``, then the repository is used as the context. Git repositories are
-cloned with their submodules (`git clone --recursive`).
+The files at ``PATH`` or ``URL`` are called the "context" of the build.
+The build process may refer to any of the files in the context, for example when
+using an :ref:`ADD <dockerfile_add>` instruction.
+When a single ``Dockerfile`` is given as ``URL``, then no context is set.
+
+When a Git repository is set as ``URL``, then the repository is used as the context. 
+The Git repository is cloned with its submodules (`git clone --recursive`).
+A fresh git clone occurs in a temporary directory on your local host, and then this 
+is sent to the Docker daemon as the context. 
+This way, your local user credentials and vpn's etc can be used to access private repositories
 
 .. _cli_build_examples:
 
diff --git a/utils/utils.go b/utils/utils.go
index e4cb04f39c..57a8200a7c 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -714,7 +714,7 @@ func IsURL(str string) bool {
 }
 
 func IsGIT(str string) bool {
-	return strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "github.com/")
+	return strings.HasPrefix(str, "git://") || strings.HasPrefix(str, "github.com/") || strings.HasPrefix(str, "git@github.com:") || (strings.HasSuffix(str, ".git") && IsURL(str))
 }
 
 // GetResolvConf opens and read the content of /etc/resolv.conf.

From 0d6275b298ebb9161c2f55d4b4ac0f87603a11cd Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 5 Mar 2014 01:54:08 +0000
Subject: [PATCH 046/384] if client has no git, use server

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/client.go b/api/client.go
index 6dabeac835..4854c19013 100644
--- a/api/client.go
+++ b/api/client.go
@@ -161,6 +161,8 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		err      error
 	)
 
+	_, err = exec.LookPath("git")
+	hasGit := err == nil
 	if cmd.Arg(0) == "-" {
 		// As a special case, 'docker build -' will build from an empty context with the
 		// contents of stdin as a Dockerfile
@@ -169,7 +171,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 			return err
 		}
 		context, err = archive.Generate("Dockerfile", string(dockerfile))
-	} else if utils.IsURL(cmd.Arg(0)) && !utils.IsGIT(cmd.Arg(0)) {
+	} else if utils.IsURL(cmd.Arg(0)) && (!utils.IsGIT(cmd.Arg(0)) || !hasGit) {
 		isRemote = true
 	} else {
 		root := cmd.Arg(0)

From 18ea183ea0abd18cde0d17e57fc0fa9b19cfab08 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Mon, 10 Mar 2014 21:51:19 -0500
Subject: [PATCH 047/384] spelling correction

s/singal/signal/

Docker-DCO-1.1-Signed-off-by: Dolph Mathews <dolph.mathews@gmail.com> (github: dolph)
---
 server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.go b/server.go
index f557c02b64..48bb6f9805 100644
--- a/server.go
+++ b/server.go
@@ -138,7 +138,7 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 
 	// If we have a signal, look at it. Otherwise, do nothing
 	if len(job.Args) == 2 && job.Args[1] != "" {
-		// Check if we passed the singal as a number:
+		// Check if we passed the signal as a number:
 		// The largest legal signal is 31, so let's parse on 5 bits
 		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
 		if err != nil {

From 915d967f556bc7bb3faea34db8a06ea64fd5de92 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 10 Mar 2014 20:26:45 -0700
Subject: [PATCH 048/384] Update email + add self to pkg/signal

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 MAINTAINERS                             | 2 +-
 contrib/host-integration/Dockerfile.dev | 2 +-
 contrib/host-integration/Dockerfile.min | 2 +-
 docs/sources/reference/builder.rst      | 2 +-
 execdriver/MAINTAINERS                  | 2 +-
 pkg/libcontainer/MAINTAINERS            | 2 +-
 pkg/netlink/MAINTAINERS                 | 2 +-
 pkg/signal/MAINTAINERS                  | 2 ++
 pkg/term/MAINTAINERS                    | 2 +-
 9 files changed, 10 insertions(+), 8 deletions(-)
 create mode 100644 pkg/signal/MAINTAINERS

diff --git a/MAINTAINERS b/MAINTAINERS
index 49d14ba0bd..d1f4d15491 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1,5 +1,5 @@
 Solomon Hykes <solomon@dotcloud.com> (@shykes)
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
 Victor Vieux <vieux@docker.com> (@vieux)
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
 .travis.yml: Tianon Gravi <admwiggin@gmail.com> (@tianon)
diff --git a/contrib/host-integration/Dockerfile.dev b/contrib/host-integration/Dockerfile.dev
index 161416e750..800216532f 100644
--- a/contrib/host-integration/Dockerfile.dev
+++ b/contrib/host-integration/Dockerfile.dev
@@ -6,7 +6,7 @@
 #
 
 FROM		ubuntu:12.10
-MAINTAINER	Guillaume J. Charmes <guillaume@dotcloud.com>
+MAINTAINER	Guillaume J. Charmes <guillaume@docker.com>
 
 RUN		apt-get update && apt-get install -y wget git mercurial
 
diff --git a/contrib/host-integration/Dockerfile.min b/contrib/host-integration/Dockerfile.min
index 1a7b3a9d82..60bb89b986 100644
--- a/contrib/host-integration/Dockerfile.min
+++ b/contrib/host-integration/Dockerfile.min
@@ -1,4 +1,4 @@
 FROM		busybox
-MAINTAINER	Guillaume J. Charmes <guillaume@dotcloud.com>
+MAINTAINER	Guillaume J. Charmes <guillaume@docker.com>
 ADD		manager	  /usr/bin/
 ENTRYPOINT	["/usr/bin/manager"]
diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 9f7a816801..3c48939c82 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -481,7 +481,7 @@ For example you might add something like this:
     # VERSION               0.0.1
 
     FROM      ubuntu
-    MAINTAINER Guillaume J. Charmes <guillaume@dotcloud.com>
+    MAINTAINER Guillaume J. Charmes <guillaume@docker.com>
 
     # make sure the package repository is up to date
     RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
diff --git a/execdriver/MAINTAINERS b/execdriver/MAINTAINERS
index e53d933d47..1cb551364d 100644
--- a/execdriver/MAINTAINERS
+++ b/execdriver/MAINTAINERS
@@ -1,2 +1,2 @@
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
diff --git a/pkg/libcontainer/MAINTAINERS b/pkg/libcontainer/MAINTAINERS
index e53d933d47..1cb551364d 100644
--- a/pkg/libcontainer/MAINTAINERS
+++ b/pkg/libcontainer/MAINTAINERS
@@ -1,2 +1,2 @@
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
diff --git a/pkg/netlink/MAINTAINERS b/pkg/netlink/MAINTAINERS
index e53d933d47..1cb551364d 100644
--- a/pkg/netlink/MAINTAINERS
+++ b/pkg/netlink/MAINTAINERS
@@ -1,2 +1,2 @@
 Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
diff --git a/pkg/signal/MAINTAINERS b/pkg/signal/MAINTAINERS
new file mode 100644
index 0000000000..3300331598
--- /dev/null
+++ b/pkg/signal/MAINTAINERS
@@ -0,0 +1,2 @@
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
+
diff --git a/pkg/term/MAINTAINERS b/pkg/term/MAINTAINERS
index 48d4d91b2a..15b8ac3729 100644
--- a/pkg/term/MAINTAINERS
+++ b/pkg/term/MAINTAINERS
@@ -1,2 +1,2 @@
-Guillaume Charmes <guillaume@dotcloud.com> (@creack)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)
 Solomon Hykes <solomon@dotcloud.com> (@shykes)

From b21f8872cc684c95a2e30cec9f7c744a78a819f8 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 11 Mar 2014 01:21:59 -0600
Subject: [PATCH 049/384] Fix init script cgroup mounting workarounds to be
 more similar to cgroupfs-mount and thus work properly

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/init/sysvinit-debian/docker | 34 ++++++++++++++++++++---------
 contrib/init/upstart/docker.conf    | 33 +++++++++++++++++++---------
 2 files changed, 47 insertions(+), 20 deletions(-)

diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker
index 510683a459..62e8f5f0a5 100755
--- a/contrib/init/sysvinit-debian/docker
+++ b/contrib/init/sysvinit-debian/docker
@@ -50,20 +50,34 @@ fail_unless_root() {
 	fi
 }
 
+cgroupfs_mount() {
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		return
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+}
+
 case "$1" in
 	start)
 		fail_unless_root
 
-		if ! grep -q cgroup /proc/mounts; then
-			# rough approximation of cgroupfs-mount
-			mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
-			for sys in $(cut -d'	' -f1 /proc/cgroups); do
-				mkdir -p /sys/fs/cgroup/$sys
-				if ! mount -n -t cgroup -o $sys cgroup /sys/fs/cgroup/$sys 2>/dev/null; then
-					rmdir /sys/fs/cgroup/$sys 2>/dev/null || true
-				fi
-			done
-		fi
+		cgroupfs_mount
 
 		touch /var/log/docker.log
 		chgrp docker /var/log/docker.log
diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf
index e2cc4536e1..047f21c092 100644
--- a/contrib/init/upstart/docker.conf
+++ b/contrib/init/upstart/docker.conf
@@ -5,6 +5,29 @@ stop on runlevel [!2345]
 
 respawn
 
+pre-start script
+	# see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount
+	if grep -v '^#' /etc/fstab | grep -q cgroup \
+		|| [ ! -e /proc/cgroups ] \
+		|| [ ! -d /sys/fs/cgroup ]; then
+		exit 0
+	fi
+	if ! mountpoint -q /sys/fs/cgroup; then
+		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
+	fi
+	(
+		cd /sys/fs/cgroup
+		for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do
+			mkdir -p $sys
+			if ! mountpoint -q $sys; then
+				if ! mount -n -t cgroup -o $sys cgroup $sys; then
+					rmdir $sys || true
+				fi
+			fi
+		done
+	)
+end script
+
 script
 	# modify these in /etc/default/$UPSTART_JOB (/etc/default/docker)
 	DOCKER=/usr/bin/$UPSTART_JOB
@@ -12,15 +35,5 @@ script
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
-	if ! grep -q cgroup /proc/mounts; then
-		# rough approximation of cgroupfs-mount
-		mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
-		for sys in $(cut -d'	' -f1 /proc/cgroups); do
-			mkdir -p /sys/fs/cgroup/$sys
-			if ! mount -n -t cgroup -o $sys cgroup /sys/fs/cgroup/$sys 2>/dev/null; then
-				rmdir /sys/fs/cgroup/$sys 2>/dev/null || true
-			fi
-		done
-	fi
 	"$DOCKER" -d $DOCKER_OPTS
 end script

From 76dc670f413de64361a8bb3efa3381331e796b21 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 11 Mar 2014 01:40:31 -0600
Subject: [PATCH 050/384] Add variable for DOCKER_LOGFILE to sysvinit and use
 append instead of overwrite in opening the logfile

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/init/sysvinit-debian/docker | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/contrib/init/sysvinit-debian/docker b/contrib/init/sysvinit-debian/docker
index 62e8f5f0a5..67f0d2807f 100755
--- a/contrib/init/sysvinit-debian/docker
+++ b/contrib/init/sysvinit-debian/docker
@@ -21,6 +21,7 @@ BASE=$(basename $0)
 # modify these in /etc/default/$BASE (/etc/default/docker)
 DOCKER=/usr/bin/$BASE
 DOCKER_PIDFILE=/var/run/$BASE.pid
+DOCKER_LOGFILE=/var/log/$BASE.log
 DOCKER_OPTS=
 DOCKER_DESC="Docker"
 
@@ -79,8 +80,8 @@ case "$1" in
 
 		cgroupfs_mount
 
-		touch /var/log/docker.log
-		chgrp docker /var/log/docker.log
+		touch "$DOCKER_LOGFILE"
+		chgrp docker "$DOCKER_LOGFILE"
 
 		log_begin_msg "Starting $DOCKER_DESC: $BASE"
 		start-stop-daemon --start --background \
@@ -90,7 +91,7 @@ case "$1" in
 			-- \
 				-d -p "$DOCKER_PIDFILE" \
 				$DOCKER_OPTS \
-					> /var/log/docker.log 2>&1
+					>> "$DOCKER_LOGFILE" 2>&1
 		log_end_msg $?
 		;;
 

From b348ee0fd0e4f8d2cb453a08f2b0d174550a339d Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Tue, 11 Mar 2014 20:28:26 +1000
Subject: [PATCH 051/384] add Net::Docker CPAN module

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/reference/api/remote_api_client_libraries.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/api/remote_api_client_libraries.rst b/docs/sources/reference/api/remote_api_client_libraries.rst
index 9bab343bf5..e58c7ced39 100644
--- a/docs/sources/reference/api/remote_api_client_libraries.rst
+++ b/docs/sources/reference/api/remote_api_client_libraries.rst
@@ -45,3 +45,5 @@ and we will add the libraries here.
 +----------------------+----------------+--------------------------------------------+----------+
 | PHP                  | Docker-PHP     | http://stage1.github.io/docker-php/        | Active   |
 +----------------------+----------------+--------------------------------------------+----------+
+| Perl                 | Net::Docker    | https://metacpan.org/pod/Net::Docker       | Active   |
++----------------------+----------------+--------------------------------------------+----------+

From b2cd89056f5c49746ee668946ce4e1771f3ce368 Mon Sep 17 00:00:00 2001
From: Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
Date: Tue, 11 Mar 2014 22:45:47 +0900
Subject: [PATCH 052/384] Like signal_linux.go, we don't have import os and
 os/signal

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
---
 pkg/signal/signal_freebsd.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkg/signal/signal_freebsd.go b/pkg/signal/signal_freebsd.go
index da042d7e72..102e918486 100644
--- a/pkg/signal/signal_freebsd.go
+++ b/pkg/signal/signal_freebsd.go
@@ -1,8 +1,6 @@
 package signal
 
 import (
-	"os"
-	"os/signal"
 	"syscall"
 )
 

From 07c35b41a5a93f31111d47afcb1e6d2926b492a0 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 5 Mar 2014 10:40:55 +0100
Subject: [PATCH 053/384] Move execdriver construction into
 execdriver/execdrivers

This can't be in execdriver (dependency loop) but should not be
hardcoded inside runtime.go either. So we put it in a subpackage.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 execdriver/execdrivers/execdrivers.go | 23 +++++++++++++++++++++++
 runtime/runtime.go                    | 20 +++-----------------
 2 files changed, 26 insertions(+), 17 deletions(-)
 create mode 100644 execdriver/execdrivers/execdrivers.go

diff --git a/execdriver/execdrivers/execdrivers.go b/execdriver/execdrivers/execdrivers.go
new file mode 100644
index 0000000000..95b2fc634d
--- /dev/null
+++ b/execdriver/execdrivers/execdrivers.go
@@ -0,0 +1,23 @@
+package execdrivers
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/execdriver/lxc"
+	"github.com/dotcloud/docker/execdriver/native"
+	"github.com/dotcloud/docker/pkg/sysinfo"
+	"path"
+)
+
+func NewDriver(name, root string, sysInfo *sysinfo.SysInfo) (execdriver.Driver, error) {
+	switch name {
+	case "lxc":
+		// we want to five the lxc driver the full docker root because it needs
+		// to access and write config and template files in /var/lib/docker/containers/*
+		// to be backwards compatible
+		return lxc.NewDriver(root, sysInfo.AppArmor)
+	case "native":
+		return native.NewDriver(path.Join(root, "execdriver", "native"))
+	}
+	return nil, fmt.Errorf("unknown exec driver %s", name)
+}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index c11c309ad8..72245a4555 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -8,8 +8,8 @@ import (
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/execdriver/execdrivers"
 	"github.com/dotcloud/docker/execdriver/lxc"
-	"github.com/dotcloud/docker/execdriver/native"
 	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/graphdriver/aufs"
@@ -732,22 +732,8 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 		sysInitPath = localCopy
 	}
 
-	var (
-		ed      execdriver.Driver
-		sysInfo = sysinfo.New(false)
-	)
-
-	switch config.ExecDriver {
-	case "lxc":
-		// we want to five the lxc driver the full docker root because it needs
-		// to access and write config and template files in /var/lib/docker/containers/*
-		// to be backwards compatible
-		ed, err = lxc.NewDriver(config.Root, sysInfo.AppArmor)
-	case "native":
-		ed, err = native.NewDriver(path.Join(config.Root, "execdriver", "native"))
-	default:
-		return nil, fmt.Errorf("unknown exec driver %s", config.ExecDriver)
-	}
+	sysInfo := sysinfo.New(false)
+	ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInfo)
 	if err != nil {
 		return nil, err
 	}

From 15e52ccaadea996b409e2f62bcbdb1a088619e35 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 5 Mar 2014 20:45:18 -0800
Subject: [PATCH 054/384] Add deprecation warning for -t on pull

Closes #3410
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 api/client.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/client.go b/api/client.go
index 338a5b0de1..4d3b49d96e 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1041,8 +1041,8 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 }
 
 func (cli *DockerCli) CmdPull(args ...string) error {
-	cmd := cli.Subcmd("pull", "NAME", "Pull an image or a repository from the registry")
-	tag := cmd.String([]string{"t", "-tag"}, "", "Download tagged image in repository")
+	cmd := cli.Subcmd("pull", "NAME[:TAG]", "Pull an image or a repository from the registry")
+	tag := cmd.String([]string{"#t", "#-tag"}, "", "Download tagged image in repository")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}

From 721562f29685ebf3f3698113cf0ce8000c02e606 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 11 Mar 2014 11:39:28 -0700
Subject: [PATCH 055/384] Remove goroutine leak upon error

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 execdriver/lxc/driver.go | 3 +++
 server.go                | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/execdriver/lxc/driver.go b/execdriver/lxc/driver.go
index 765a52ee43..b398cb1a37 100644
--- a/execdriver/lxc/driver.go
+++ b/execdriver/lxc/driver.go
@@ -168,6 +168,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 	// Poll lxc for RUNNING status
 	pid, err := d.waitForStart(c, waitLock)
 	if err != nil {
+		if c.Process != nil {
+			c.Process.Kill()
+		}
 		return -1, err
 	}
 	c.ContainerPid = pid
diff --git a/server.go b/server.go
index 48bb6f9805..d6a4036faf 100644
--- a/server.go
+++ b/server.go
@@ -2384,7 +2384,13 @@ func (srv *Server) IsRunning() bool {
 }
 
 func (srv *Server) Close() error {
+	if srv == nil {
+		return nil
+	}
 	srv.SetRunning(false)
+	if srv.runtime == nil {
+		return nil
+	}
 	return srv.runtime.Close()
 }
 

From fd0737df2c8ec8f0a4b4d8f20b2ad6e4c96adbd3 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 11 Mar 2014 12:08:32 -0700
Subject: [PATCH 056/384] Update parseLxcInfo to comply with new lxc1.0 format

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 execdriver/lxc/info.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/execdriver/lxc/info.go b/execdriver/lxc/info.go
index 3b2ea0d07f..27b4c58604 100644
--- a/execdriver/lxc/info.go
+++ b/execdriver/lxc/info.go
@@ -36,7 +36,7 @@ func parseLxcInfo(raw string) (*lxcInfo, error) {
 		if len(parts) < 2 {
 			continue
 		}
-		switch strings.TrimSpace(parts[0]) {
+		switch strings.ToLower(strings.TrimSpace(parts[0])) {
 		case "state":
 			info.Running = strings.TrimSpace(parts[1]) == "RUNNING"
 		case "pid":

From 95e5910ab23e3ef7b0154f64e1c6ae01bc647ab3 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 11 Mar 2014 17:10:05 -0700
Subject: [PATCH 057/384] Fix attach exit on darwin

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/api/client.go b/api/client.go
index 599d82b39a..3dc64e6d55 100644
--- a/api/client.go
+++ b/api/client.go
@@ -28,7 +28,7 @@ import (
 	"path"
 	"reflect"
 	"regexp"
-	"runtime"
+	goruntime "runtime"
 	"strconv"
 	"strings"
 	"syscall"
@@ -367,7 +367,7 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	if dockerversion.VERSION != "" {
 		fmt.Fprintf(cli.out, "Client version: %s\n", dockerversion.VERSION)
 	}
-	fmt.Fprintf(cli.out, "Go version (client): %s\n", runtime.Version())
+	fmt.Fprintf(cli.out, "Go version (client): %s\n", goruntime.Version())
 	if dockerversion.GITCOMMIT != "" {
 		fmt.Fprintf(cli.out, "Git commit (client): %s\n", dockerversion.GITCOMMIT)
 	}
@@ -2249,7 +2249,12 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 					if setRawTerminal && cli.isTerminal {
 						term.RestoreTerminal(cli.terminalFd, oldState)
 					}
-					in.Close()
+					// For some reason this Close call blocks on darwin..
+					// As the client exists right after, simply discard the close
+					// until we find a better solution.
+					if goruntime.GOOS != "darwin" {
+						in.Close()
+					}
 				}
 			}()
 

From baa70e975186bb0ee8a4b16b9374cb6e794f8975 Mon Sep 17 00:00:00 2001
From: Scott Collier <emailscottcollier@gmail.com>
Date: Sat, 8 Mar 2014 16:32:00 -0600
Subject: [PATCH 058/384] Adding the new options to the `docker ps`
 documentation.

URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)

Adding the new options to the `docker ps` documentation.

URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)

Adding CLI options to the commandline reference documentation.

URLs of pages are:
http://docs.docker.io/en/latest/reference/commandline/cli/

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)

changing indention

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)
---
 docs/sources/reference/commandline/cli.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 6fe9b3dfea..07789cf4bd 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -80,7 +80,9 @@ Commands
       -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime
       --icc=true: Enable inter-container communication
       --ip="0.0.0.0": Default IP address to use when binding container ports
+      --ip-forward=true: Disable enabling of net.ipv4.ip_forward
       --iptables=true: Disable docker's addition of iptables rules
+      --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available
       -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file
       -r, --restart=true: Restart previously running containers
       -s, --storage-driver="": Force the docker runtime to use a specific storage driver
@@ -967,6 +969,8 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
     Pull an image or a repository from the registry
 
+      -t, --tag="": Download tagged image in repository
+
 
 .. _cli_push:
 
@@ -1005,6 +1009,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
     Remove one or more containers
         -l, --link="": Remove the link instead of the actual container
         -f, --force=false: Force removal of running container
+        -v, --volumes=false: Remove the volumes associated to the container
 
 Known Issues (rm)
 ~~~~~~~~~~~~~~~~~

From f0eb227548427f6fc829f2b270ad83d22bd90c69 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 12 Mar 2014 00:51:46 +0000
Subject: [PATCH 059/384] improve deprecation message

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/mflag/example/example.go |  3 ++-
 pkg/mflag/flag.go            | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/pkg/mflag/example/example.go b/pkg/mflag/example/example.go
index ed940e8d70..ce9dd30e4c 100644
--- a/pkg/mflag/example/example.go
+++ b/pkg/mflag/example/example.go
@@ -13,7 +13,8 @@ var (
 
 func init() {
 	flag.Bool([]string{"#hp", "#-halp"}, false, "display the halp")
-	flag.BoolVar(&b, []string{"b"}, false, "a simple bool")
+	flag.BoolVar(&b, []string{"b", "#bal", "#bol", "-bal"}, false, "a simple bool")
+	flag.BoolVar(&b, []string{"g", "#gil"}, false, "a simple bool")
 	flag.BoolVar(&b2, []string{"#-bool"}, false, "a simple bool")
 	flag.IntVar(&i, []string{"-integer", "-number"}, -1, "a simple integer")
 	flag.StringVar(&str, []string{"s", "#hidden", "-string"}, "", "a simple string") //-s -hidden and --string will work, but -hidden won't be in the usage
diff --git a/pkg/mflag/flag.go b/pkg/mflag/flag.go
index f16f641341..fc732d23a0 100644
--- a/pkg/mflag/flag.go
+++ b/pkg/mflag/flag.go
@@ -820,9 +820,20 @@ func (f *FlagSet) parseOne() (bool, string, error) {
 		f.actual = make(map[string]*Flag)
 	}
 	f.actual[name] = flag
-	for _, n := range flag.Names {
+	for i, n := range flag.Names {
 		if n == fmt.Sprintf("#%s", name) {
-			fmt.Fprintf(f.out(), "Warning: '-%s' is deprecated, it will be removed soon. See usage.\n", name)
+			replacement := ""
+			for j := i; j < len(flag.Names); j++ {
+				if flag.Names[j][0] != '#' {
+					replacement = flag.Names[j]
+					break
+				}
+			}
+			if replacement != "" {
+				fmt.Fprintf(f.out(), "Warning: '-%s' is deprecated, it will be replaced by '-%s' soon. See usage.\n", name, replacement)
+			} else {
+				fmt.Fprintf(f.out(), "Warning: '-%s' is deprecated, it will be removed soon. See usage.\n", name)
+			}
 		}
 	}
 	return true, "", nil

From 7178b285a334ae202c9b6022a4917fd51733f1d1 Mon Sep 17 00:00:00 2001
From: Scott Collier <emailscottcollier@gmail.com>
Date: Sat, 8 Mar 2014 18:07:19 -0600
Subject: [PATCH 060/384] Adding CLI options to the commandline reference
 documentation.

Fixing bad DCO sig

URLs of pages are:
http://docs.docker.io/en/latest/reference/commandline/cli/

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)
---
 docs/sources/reference/commandline/cli.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 07789cf4bd..b00d5c0b95 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -969,7 +969,9 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
     Pull an image or a repository from the registry
 
+<<<<<<< HEAD
       -t, --tag="": Download tagged image in repository
+>>>>>>> b47d9c5... Adding CLI options to the commandline reference documentation.
 
 
 .. _cli_push:

From fbf74eb079f6a96e006e703cb36c434206757fe6 Mon Sep 17 00:00:00 2001
From: Scott Collier <emailscottcollier@gmail.com>
Date: Tue, 11 Mar 2014 20:00:16 -0500
Subject: [PATCH 061/384] Removing HEAD tag from last commit

Docker-DCO-1.1-Signed-off-by: Scott Collier <emailscottcollier@gmail.com> (github: scollier)
---
 docs/sources/reference/commandline/cli.rst | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index b00d5c0b95..07789cf4bd 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -969,9 +969,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
     Pull an image or a repository from the registry
 
-<<<<<<< HEAD
       -t, --tag="": Download tagged image in repository
->>>>>>> b47d9c5... Adding CLI options to the commandline reference documentation.
 
 
 .. _cli_push:

From b7ae9984fb541e8b53d09016e78ff352ce310c25 Mon Sep 17 00:00:00 2001
From: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
Date: Wed, 12 Mar 2014 13:44:01 +0900
Subject: [PATCH 062/384] Update daemon docs and help messages for --iptables
 and --ip-forward

Fix docs and help messages of --iptables and --ip-forward to describe the true case behaviour

Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
---
 docker/docker.go                           | 4 ++--
 docs/sources/reference/commandline/cli.rst | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/docker.go b/docker/docker.go
index b783c6da02..cc4d40f3ac 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -35,8 +35,8 @@ func main() {
 		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group")
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
 		flDns                = opts.NewListOpts(opts.ValidateIp4Address)
-		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Disable docker's addition of iptables rules")
-		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Disable enabling of net.ipv4.ip_forward")
+		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
+		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
 		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
 		flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
 		flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the docker runtime to use a specific storage driver")
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index da4472ed85..692f63f447 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -80,8 +80,8 @@ Commands
       -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime
       --icc=true: Enable inter-container communication
       --ip="0.0.0.0": Default IP address to use when binding container ports
-      --ip-forward=true: Disable enabling of net.ipv4.ip_forward
-      --iptables=true: Disable docker's addition of iptables rules
+      --ip-forward=true: Enable net.ipv4.ip_forward
+      --iptables=true: Enable Docker's addition of iptables rules
       --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available
       -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file
       -r, --restart=true: Restart previously running containers

From e1c48fa56007e1db028f7f83bfbf79c3d05feccd Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 12 Mar 2014 01:17:38 -0600
Subject: [PATCH 063/384] Clean up the "go test" output from "make test" to be
 much more readable/scannable

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/make.sh b/hack/make.sh
index 63edca4d4c..d7f8aaeed2 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -125,7 +125,7 @@ go_test_dir() {
 		testcover=( -cover -coverprofile "$coverprofile" $coverpkg )
 	fi
 	(
-		set -x
+		echo '+ go test' $TESTFLAGS "github.com/dotcloud/docker${dir#.}"
 		cd "$dir"
 		go test ${testcover[@]} -ldflags "$LDFLAGS" "${BUILDFLAGS[@]}" $TESTFLAGS
 	)

From 99b6364790e59a70d57949792fa31014637c93ee Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 12 Mar 2014 01:18:12 -0600
Subject: [PATCH 064/384] Exclude more "definitely not unit tested Go source
 code" directories from hack/make/test

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hack/make.sh b/hack/make.sh
index d7f8aaeed2..994da8d9ad 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -136,7 +136,15 @@ go_test_dir() {
 # output, one per line.
 find_dirs() {
 	find -not \( \
-		\( -wholename './vendor' -o -wholename './integration' -o -wholename './contrib' -o -wholename './pkg/mflag/example' \) \
+		\( \
+			-wholename './vendor' \
+			-o -wholename './integration' \
+			-o -wholename './contrib' \
+			-o -wholename './pkg/mflag/example' \
+			-o -wholename './.git' \
+			-o -wholename './bundles' \
+			-o -wholename './docs' \
+		\) \
 		-prune \
 	\) -name "$1" -print0 | xargs -0n1 dirname | sort -u
 }

From 8bf63d532622e22070b92ee71dcb972ace4b9b40 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Wed, 12 Mar 2014 22:02:24 +1000
Subject: [PATCH 065/384] fixes suggested by James

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/examples/apt-cacher-ng.Dockerfile |  8 ++++----
 docs/sources/examples/apt-cacher-ng.rst        | 12 +++++-------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/docs/sources/examples/apt-cacher-ng.Dockerfile b/docs/sources/examples/apt-cacher-ng.Dockerfile
index fcc326815d..a189d28d86 100644
--- a/docs/sources/examples/apt-cacher-ng.Dockerfile
+++ b/docs/sources/examples/apt-cacher-ng.Dockerfile
@@ -1,9 +1,9 @@
 #
-# BUILD		docker build -t apt-cacher .
-# RUN		docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher
+# Build: docker build -t apt-cacher .
+# Run: docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher
 #
 # and then you can run containers with:
-# 		docker run -t -i -rm -e http_proxy http://dockerhost:3142/ debian bash
+#	docker run -t -i -rm -e http_proxy http://dockerhost:3142/ debian bash
 #
 FROM		ubuntu
 MAINTAINER	SvenDowideit@docker.com
@@ -11,5 +11,5 @@ MAINTAINER	SvenDowideit@docker.com
 VOLUME		["/var/cache/apt-cacher-ng"]
 RUN		apt-get update ; apt-get install -yq apt-cacher-ng
 
-EXPOSE 		3142
+EXPOSE		3142
 CMD		chmod 777 /var/cache/apt-cacher-ng ; /etc/init.d/apt-cacher-ng start ; tail -f /var/log/apt-cacher-ng/*
diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst
index 0fb55720f2..ed22c33d05 100644
--- a/docs/sources/examples/apt-cacher-ng.rst
+++ b/docs/sources/examples/apt-cacher-ng.rst
@@ -37,11 +37,11 @@ To see the logfiles that are 'tailed' in the default command, you can use:
 
     $ sudo docker logs -f test_apt_cacher_ng
 
-To get your Debian based containers to use the proxy, you can do one of three things
+To get your Debian-based containers to use the proxy, you can do one of three things
 
 1. Add an apt Proxy setting ``echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/conf.d/01proxy``
-2. Set and environment variable: ``http_proxy=http://dockerhost:3142/``
-3. Change your sources.list entries to start with ``http://dockerhost:3142/``
+2. Set an environment variable: ``http_proxy=http://dockerhost:3142/``
+3. Change your ``sources.list`` entries to start with ``http://dockerhost:3142/``
 
 **Option 1** injects the settings safely into your apt configuration in a local
 version of a common base:
@@ -49,9 +49,7 @@ version of a common base:
 .. code-block:: bash
 
     FROM ubuntu
-
     RUN  echo 'Acquire::http { Proxy "http://dockerhost:3142"; };' >> /etc/apt/apt.conf.d/01proxy
-
     RUN apt-get update ; apt-get install vim git
 
     # docker build -t my_ubuntu .
@@ -64,10 +62,10 @@ break other HTTP clients which obey ``http_proxy``, such as ``curl``, ``wget`` a
     $ sudo docker run -rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
 
 **Option 3** is the least portable, but there will be times when you might need to
-do it - and you can do it from your Dockerfile too.
+do it and you can do it from your ``Dockerfile`` too.
 
 Apt-cacher-ng has some tools that allow you to manage the repository, and they 
-can be used by leveraging the ``VOLUME``, and the image we built to run the 
+can be used by leveraging the ``VOLUME`` instruction, and the image we built to run the 
 service:
 
 .. code-block:: bash

From 2cfcf42d50b469abfb0e13245726371d445b76e4 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 28 Feb 2014 18:42:20 +0200
Subject: [PATCH 066/384] retry to retrieve metadata on failure during pull

This makes Docker retry to retrieve the JSON metadata for the layers.
Docker will make 5 attempts to retrieve the metadata before failing and
it will increase the delay between attempts after each failed attempt.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 server.go | 36 ++++++++++++++++++++++++++----------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/server.go b/server.go
index d6a4036faf..4876f31bae 100644
--- a/server.go
+++ b/server.go
@@ -1086,16 +1086,32 @@ func (srv *Server) pullImage(r *registry.Registry, out io.Writer, imgID, endpoin
 
 		if !srv.runtime.Graph().Exists(id) {
 			out.Write(sf.FormatProgress(utils.TruncateID(id), "Pulling metadata", nil))
-			imgJSON, imgSize, err := r.GetRemoteImageJSON(id, endpoint, token)
-			if err != nil {
-				out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-				// FIXME: Keep going in case of error?
-				return err
-			}
-			img, err := image.NewImgJSON(imgJSON)
-			if err != nil {
-				out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
-				return fmt.Errorf("Failed to parse json: %s", err)
+			var (
+				imgJSON []byte
+				imgSize int
+				err     error
+				img     *image.Image
+			)
+			retries := 5
+			for j := 1; j <= retries; j++ {
+				imgJSON, imgSize, err = r.GetRemoteImageJSON(id, endpoint, token)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return err
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				}
+				img, err = image.NewImgJSON(imgJSON)
+				if err != nil && j == retries {
+					out.Write(sf.FormatProgress(utils.TruncateID(id), "Error pulling dependent layers", nil))
+					return fmt.Errorf("Failed to parse json: %s", err)
+				} else if err != nil {
+					time.Sleep(time.Duration(j) * 500 * time.Millisecond)
+					continue
+				} else {
+					break
+				}
 			}
 
 			// Get the layer

From 2a5e1abaa93b0081446420cae9d6d7d3892b6d75 Mon Sep 17 00:00:00 2001
From: David Gageot <david@gageot.net>
Date: Wed, 12 Mar 2014 15:42:10 +0100
Subject: [PATCH 067/384] Update port_redirection.rst

Fix flags
---
 docs/sources/use/port_redirection.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/use/port_redirection.rst b/docs/sources/use/port_redirection.rst
index 38d6b98841..ba244adadb 100644
--- a/docs/sources/use/port_redirection.rst
+++ b/docs/sources/use/port_redirection.rst
@@ -128,7 +128,7 @@ The ``client`` then links to the ``server``:
 .. code-block:: bash
 
     # Link
-    docker run -name client -link server:linked-server <image> <cmd>
+    docker run --name client --link server:linked-server <image> <cmd>
 
 ``client`` locally refers to ``server`` as ``linked-server``. The
 following environment variables, among others, are available on

From a56d1b93a1a16ac482b5e30773664f2538949c53 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 12 Mar 2014 17:58:53 +0200
Subject: [PATCH 068/384] don't leave empty cidFile behind

This makes `--cidfile` clean up empty container ID files. These are
left behind when creating the container fails.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 api/client.go                | 16 +++++++++++++++-
 integration/commands_test.go | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/api/client.go b/api/client.go
index 599d82b39a..adaf2dfd4e 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1763,7 +1763,21 @@ func (cli *DockerCli) CmdRun(args ...string) error {
 		if containerIDFile, err = os.Create(hostConfig.ContainerIDFile); err != nil {
 			return fmt.Errorf("Failed to create the container ID file: %s", err)
 		}
-		defer containerIDFile.Close()
+		defer func() {
+			containerIDFile.Close()
+			var (
+				cidFileInfo os.FileInfo
+				err         error
+			)
+			if cidFileInfo, err = os.Stat(hostConfig.ContainerIDFile); err != nil {
+				return
+			}
+			if cidFileInfo.Size() == 0 {
+				if err := os.Remove(hostConfig.ContainerIDFile); err != nil {
+					fmt.Printf("failed to remove CID file '%s': %s \n", hostConfig.ContainerIDFile, err)
+				}
+			}
+		}()
 	}
 
 	containerValues := url.Values{}
diff --git a/integration/commands_test.go b/integration/commands_test.go
index 46f623bedf..d226cd7133 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -931,7 +931,7 @@ run    [ "$(ls -d /var/run/sshd)" = "/var/run/sshd" ]
 // #2098 - Docker cidFiles only contain short version of the containerId
 //sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test"
 // TestRunCidFile tests that run --cidfile returns the longid
-func TestRunCidFile(t *testing.T) {
+func TestRunCidFileCheckIDLength(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
 	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
@@ -980,6 +980,35 @@ func TestRunCidFile(t *testing.T) {
 
 }
 
+// Ensure that CIDFile gets deleted if it's empty
+// Perform this test by making `docker run` fail
+func TestRunCidFileCleanupIfEmpty(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "TestRunCidFile")
+	if err != nil {
+		t.Fatal(err)
+	}
+	tmpCidFile := path.Join(tmpDir, "cid")
+
+	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr)
+	defer cleanup(globalEngine, t)
+
+	c := make(chan struct{})
+	go func() {
+		defer close(c)
+		if err := cli.CmdRun("--cidfile", tmpCidFile, unitTestImageID); err == nil {
+			t.Fatal("running without a command should haveve failed")
+		}
+		if _, err := os.Stat(tmpCidFile); err == nil {
+			t.Fatalf("empty CIDFile '%s' should've been deleted", tmpCidFile)
+		}
+	}()
+	defer os.RemoveAll(tmpDir)
+
+	setTimeout(t, "CmdRun timed out", 5*time.Second, func() {
+		<-c
+	})
+}
+
 func TestContainerOrphaning(t *testing.T) {
 
 	// setup a temporary directory

From 6a325f1c7a243689ecf01f257ac7afb95fea7ec2 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Wed, 12 Mar 2014 11:13:24 -0700
Subject: [PATCH 069/384] Fix issue when /etc/apparmor.d does not exists

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 pkg/libcontainer/apparmor/setup.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go
index e07759cc64..4e1c95143a 100644
--- a/pkg/libcontainer/apparmor/setup.go
+++ b/pkg/libcontainer/apparmor/setup.go
@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
 )
 
 const DefaultProfilePath = "/etc/apparmor.d/docker"
@@ -85,6 +86,11 @@ func InstallDefaultProfile() error {
 		return nil
 	}
 
+	// Make sure /etc/apparmor.d exists
+	if err := os.MkdirAll(path.Dir(DefaultProfilePath), 0755); err != nil {
+		return err
+	}
+
 	if err := ioutil.WriteFile(DefaultProfilePath, []byte(DefaultProfile), 0644); err != nil {
 		return err
 	}

From 471aa870f57e66128b08ec28e908fb1faacdfd40 Mon Sep 17 00:00:00 2001
From: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
Date: Wed, 12 Mar 2014 14:52:39 +0900
Subject: [PATCH 070/384] Remove duplicated description of --mtu

commit baa70e975186bb0ee8a4b16b9374cb6e794f8975 duplicates
the description of --mtu.
This patch removes the duplicated description.

Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
---
 docs/sources/reference/commandline/cli.rst | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 0e3f30ede2..d146c18a15 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -82,7 +82,6 @@ Commands
       --ip="0.0.0.0": Default IP address to use when binding container ports
       --ip-forward=true: Enable net.ipv4.ip_forward
       --iptables=true: Enable Docker's addition of iptables rules
-      --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available
       -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file
       -r, --restart=true: Restart previously running containers
       -s, --storage-driver="": Force the docker runtime to use a specific storage driver

From 841fcad0ba03ff71a27ad2892fab3fdc83d071d8 Mon Sep 17 00:00:00 2001
From: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
Date: Thu, 13 Mar 2014 15:19:42 +0900
Subject: [PATCH 071/384] Add missing options -t and -v to images subcommand
 doc

Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
---
 docs/sources/reference/commandline/cli.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index d146c18a15..e65bd930ae 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -608,8 +608,8 @@ To see how the ``docker:latest`` image was built:
       -a, --all=false: Show all images (by default filter out the intermediate images used to build)
       --no-trunc=false: Don't truncate output
       -q, --quiet=false: Only show numeric IDs
-      --tree=false: Output graph in tree format
-      --viz=false: Output graph in graphviz format
+      -t, --tree=false: Output graph in tree format
+      -v, --viz=false: Output graph in graphviz format
 
 Listing the most recently created images
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From 73596b00e053fedbf42f7abb87728e7176e5a95c Mon Sep 17 00:00:00 2001
From: Phillip Alexander <git@phillipalexander.io>
Date: Wed, 12 Mar 2014 20:01:27 -0700
Subject: [PATCH 072/384] Fix boilerplate text in Apache license

This commit updates the Apache license boilerplate with actual information. The Apache license appendix (designed to be removed before publication) states:

```
APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!)...
```

Additionally, the copyright year was not included. Copyright notices must reflect the current year. This commit updates the listed year to 2014.

see: http://www.copyright.gov/circs/circ01.pdf for more info

Docker-DCO-1.1-Signed-off-by: Phillip Alexander <git@phillipalexander.io> (github: phillipalexander)
---
 LICENSE | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/LICENSE b/LICENSE
index d645695673..27448585ad 100644
--- a/LICENSE
+++ b/LICENSE
@@ -176,18 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2014 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

From 9a0d7fe0182da541cc99eab9a4930616792e95c3 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Thu, 13 Mar 2014 17:40:34 +0000
Subject: [PATCH 073/384] use mock for search

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 registry/registry.go           | 2 +-
 registry/registry_mock_test.go | 7 ++++++-
 registry/registry_test.go      | 6 ++++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/registry/registry.go b/registry/registry.go
index dbf5d539ff..346132bcc5 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -600,7 +600,7 @@ func (r *Registry) PushImageJSONIndex(remote string, imgList []*ImgData, validat
 
 func (r *Registry) SearchRepositories(term string) (*SearchResults, error) {
 	utils.Debugf("Index server: %s", r.indexEndpoint)
-	u := IndexServerAddress() + "search?q=" + url.QueryEscape(term)
+	u := r.indexEndpoint + "search?q=" + url.QueryEscape(term)
 	req, err := r.reqFactory.NewRequest("GET", u, nil)
 	if err != nil {
 		return nil, err
diff --git a/registry/registry_mock_test.go b/registry/registry_mock_test.go
index 6eb94b63cc..dd5da6bd50 100644
--- a/registry/registry_mock_test.go
+++ b/registry/registry_mock_test.go
@@ -321,7 +321,12 @@ func handlerAuth(w http.ResponseWriter, r *http.Request) {
 }
 
 func handlerSearch(w http.ResponseWriter, r *http.Request) {
-	writeResponse(w, "{}", 200)
+	result := &SearchResults{
+		Query:      "fakequery",
+		NumResults: 1,
+		Results:    []SearchResult{{Name: "fakeimage", StarCount: 42}},
+	}
+	writeResponse(w, result, 200)
 }
 
 func TestPing(t *testing.T) {
diff --git a/registry/registry_test.go b/registry/registry_test.go
index f21814c791..ebfb99b4c3 100644
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@@ -186,14 +186,16 @@ func TestPushImageJSONIndex(t *testing.T) {
 
 func TestSearchRepositories(t *testing.T) {
 	r := spawnTestRegistry(t)
-	results, err := r.SearchRepositories("supercalifragilisticepsialidocious")
+	results, err := r.SearchRepositories("fakequery")
 	if err != nil {
 		t.Fatal(err)
 	}
 	if results == nil {
 		t.Fatal("Expected non-nil SearchResults object")
 	}
-	assertEqual(t, results.NumResults, 0, "Expected 0 search results")
+	assertEqual(t, results.NumResults, 1, "Expected 1 search results")
+	assertEqual(t, results.Query, "fakequery", "Expected 'fakequery' as query")
+	assertEqual(t, results.Results[0].StarCount, 42, "Expected 'fakeimage' a ot hae 42 stars")
 }
 
 func TestValidRepositoryName(t *testing.T) {

From 44fe8cbbd174b5d85d4a063ed270f6b9d2279b70 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 13 Mar 2014 11:46:02 -0600
Subject: [PATCH 074/384] Update to double-dash everywhere

These were found using `git grep -nE '[^-a-zA-Z0-9<>]-[a-zA-Z0-9]{2}'` (fair warning: _many_ false positives there).

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 Dockerfile                                    |  6 +-
 api/client.go                                 |  2 +-
 contrib/completion/fish/docker.fish           |  4 +-
 contrib/completion/zsh/_docker                |  2 +-
 contrib/desktop-integration/data/Dockerfile   |  6 +-
 .../desktop-integration/iceweasel/Dockerfile  |  8 +-
 contrib/init/sysvinit-debian/docker.default   |  2 +-
 contrib/mkseccomp.pl                          |  2 +-
 .../sources/examples/apt-cacher-ng.Dockerfile |  4 +-
 docs/sources/examples/apt-cacher-ng.rst       |  8 +-
 docs/sources/examples/hello_world.rst         |  4 +-
 docs/sources/examples/postgresql_service.rst  | 10 +--
 docs/sources/examples/python_web_app.rst      |  2 +-
 .../examples/running_redis_service.rst        |  2 +-
 docs/sources/examples/running_ssh_service.rst |  4 +-
 docs/sources/installation/ubuntulinux.rst     |  4 +-
 .../reference/api/docker_remote_api.rst       |  2 +-
 .../reference/api/docker_remote_api_v1.10.rst |  4 +-
 .../reference/api/docker_remote_api_v1.2.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.3.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.4.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.5.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.6.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.7.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.8.rst  |  4 +-
 .../reference/api/docker_remote_api_v1.9.rst  |  4 +-
 docs/sources/reference/builder.rst            |  4 +-
 docs/sources/reference/commandline/cli.rst    | 42 +++++-----
 docs/sources/reference/run.rst                | 80 +++++++++----------
 .../use/ambassador_pattern_linking.rst        | 28 +++----
 docs/sources/use/basics.rst                   |  2 +-
 docs/sources/use/networking.rst               |  4 +-
 docs/sources/use/port_redirection.rst         |  4 +-
 docs/sources/use/working_with_links_names.rst | 16 ++--
 docs/sources/use/working_with_volumes.rst     | 18 ++---
 docs/sources/use/workingwithrepository.rst    |  2 +-
 hack/RELEASE-CHECKLIST.md                     |  4 +-
 hack/dind                                     |  4 +-
 hack/infrastructure/docker-ci/Dockerfile      |  4 +-
 hack/infrastructure/docker-ci/README.rst      |  4 +-
 .../docker-ci/dockertest/nightlyrelease       |  2 +-
 .../docker-ci/dockertest/project              |  2 +-
 .../docker-ci/testbuilder/Dockerfile          |  4 +-
 .../docker-ci/testbuilder/docker-registry.sh  |  6 +-
 .../docker-ci/testbuilder/docker.sh           |  8 +-
 hack/release.sh                               |  2 +-
 integration/commands_test.go                  |  2 +-
 integration/container_test.go                 |  4 +-
 integration/server_test.go                    |  2 +-
 runconfig/config_test.go                      | 16 ++--
 runconfig/parse.go                            |  4 +-
 51 files changed, 188 insertions(+), 188 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7fad3d56a1..42438e3946 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,13 +6,13 @@
 # docker build -t docker .
 #
 # # Mount your source in an interactive container for quick testing:
-# docker run -v `pwd`:/go/src/github.com/dotcloud/docker -privileged -i -t docker bash
+# docker run -v `pwd`:/go/src/github.com/dotcloud/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run -privileged docker hack/make.sh test
+# docker run --privileged docker hack/make.sh test
 #
 # # Publish a release:
-# docker run -privileged \
+# docker run --privileged \
 #  -e AWS_S3_BUCKET=baz \
 #  -e AWS_ACCESS_KEY=foo \
 #  -e AWS_SECRET_KEY=bar \
diff --git a/api/client.go b/api/client.go
index 6049a892c1..3c605d4af9 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1409,7 +1409,7 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 	cmd := cli.Subcmd("commit", "[OPTIONS] CONTAINER [REPOSITORY[:TAG]]", "Create a new image from a container's changes")
 	flComment := cmd.String([]string{"m", "-message"}, "", "Commit message")
 	flAuthor := cmd.String([]string{"a", "#author", "-author"}, "", "Author (eg. \"John Hannibal Smith <hannibal@a-team.com>\"")
-	flConfig := cmd.String([]string{"#run", "-run"}, "", "Config automatically applied when the image is run. "+`(ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')`)
+	flConfig := cmd.String([]string{"#run", "-run"}, "", "Config automatically applied when the image is run. "+`(ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')`)
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish
index 2629533aac..b0c5f38a96 100644
--- a/contrib/completion/fish/docker.fish
+++ b/contrib/completion/fish/docker.fish
@@ -79,7 +79,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d '
 complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith <hannibal@a-team.com>"'
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: --run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
 
 # cp
@@ -202,7 +202,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expo
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number><optional unit>, where unit = b, k, m or g)'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'
diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker
index 8b50bac01b..a379fd40f8 100755
--- a/contrib/completion/zsh/_docker
+++ b/contrib/completion/zsh/_docker
@@ -174,7 +174,7 @@ __docker_subcommand () {
         (ps)
             _arguments '-a[Show all containers. Only running containers are shown by default]' \
                 '-h[Show help]' \
-                '-before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \
+                '--before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \
             '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)'
             ;;
         (tag)
diff --git a/contrib/desktop-integration/data/Dockerfile b/contrib/desktop-integration/data/Dockerfile
index a9843a52ad..76846af912 100644
--- a/contrib/desktop-integration/data/Dockerfile
+++ b/contrib/desktop-integration/data/Dockerfile
@@ -9,13 +9,13 @@
 #   wget http://raw.github.com/dotcloud/docker/master/contrib/desktop-integration/data/Dockerfile
 #
 #   # Build data image
-#   docker build -t data -rm .
+#   docker build -t data .
 #
 #   # Create a data container. (eg: iceweasel-data)
-#   docker run -name iceweasel-data data true
+#   docker run --name iceweasel-data data true
 #
 #   # List data from it
-#   docker run -volumes-from iceweasel-data busybox ls -al /data
+#   docker run --volumes-from iceweasel-data busybox ls -al /data
 
 docker-version 0.6.5
 
diff --git a/contrib/desktop-integration/iceweasel/Dockerfile b/contrib/desktop-integration/iceweasel/Dockerfile
index 721cc6d2cf..f9f58c9ca5 100644
--- a/contrib/desktop-integration/iceweasel/Dockerfile
+++ b/contrib/desktop-integration/iceweasel/Dockerfile
@@ -10,16 +10,16 @@
 #   wget http://raw.github.com/dotcloud/docker/master/contrib/desktop-integration/iceweasel/Dockerfile
 #
 #   # Build iceweasel image
-#   docker build -t iceweasel -rm .
+#   docker build -t iceweasel .
 #
 #   # Run stateful data-on-host iceweasel. For ephemeral, remove -v /data/iceweasel:/data
 #   docker run -v /data/iceweasel:/data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#     -v /dev/snd:/dev/snd -lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
+#     -v /dev/snd:/dev/snd --lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
 #     -e DISPLAY=unix$DISPLAY iceweasel
 #
 #   # To run stateful dockerized data containers
-#   docker run -volumes-from iceweasel-data -v /tmp/.X11-unix:/tmp/.X11-unix \
-#     -v /dev/snd:/dev/snd -lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
+#   docker run --volumes-from iceweasel-data -v /tmp/.X11-unix:/tmp/.X11-unix \
+#     -v /dev/snd:/dev/snd --lxc-conf='lxc.cgroup.devices.allow = c 116:* rwm' \
 #     -e DISPLAY=unix$DISPLAY iceweasel
 
 docker-version 0.6.5
diff --git a/contrib/init/sysvinit-debian/docker.default b/contrib/init/sysvinit-debian/docker.default
index d5110b5e2f..14e660175b 100644
--- a/contrib/init/sysvinit-debian/docker.default
+++ b/contrib/init/sysvinit-debian/docker.default
@@ -4,7 +4,7 @@
 #DOCKER="/usr/local/bin/docker"
 
 # Use DOCKER_OPTS to modify the daemon startup options.
-#DOCKER_OPTS="-dns 8.8.8.8 -dns 8.8.4.4"
+#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
 
 # If you need Docker to use an HTTP proxy, it can also be specified here.
 #export http_proxy="http://127.0.0.1:3128/"
diff --git a/contrib/mkseccomp.pl b/contrib/mkseccomp.pl
index 5c583cc3d3..28d0645af0 100755
--- a/contrib/mkseccomp.pl
+++ b/contrib/mkseccomp.pl
@@ -10,7 +10,7 @@
 # can configure the list of syscalls.  When run, this script produces output
 # which, when stored in a file, can be passed to docker as follows:
 #
-# docker run -lxc-conf="lxc.seccomp=$file" <rest of arguments>
+# docker run --lxc-conf="lxc.seccomp=$file" <rest of arguments>
 #
 # The included sample file shows how to cut about a quarter of all syscalls,
 # which affecting most applications.
diff --git a/docs/sources/examples/apt-cacher-ng.Dockerfile b/docs/sources/examples/apt-cacher-ng.Dockerfile
index a189d28d86..3b7862bb58 100644
--- a/docs/sources/examples/apt-cacher-ng.Dockerfile
+++ b/docs/sources/examples/apt-cacher-ng.Dockerfile
@@ -1,9 +1,9 @@
 #
 # Build: docker build -t apt-cacher .
-# Run: docker run -d -p 3142:3142 -name apt-cacher-run apt-cacher
+# Run: docker run -d -p 3142:3142 --name apt-cacher-run apt-cacher
 #
 # and then you can run containers with:
-#	docker run -t -i -rm -e http_proxy http://dockerhost:3142/ debian bash
+#	docker run -t -i --rm -e http_proxy http://dockerhost:3142/ debian bash
 #
 FROM		ubuntu
 MAINTAINER	SvenDowideit@docker.com
diff --git a/docs/sources/examples/apt-cacher-ng.rst b/docs/sources/examples/apt-cacher-ng.rst
index ed22c33d05..dd844d4ef1 100644
--- a/docs/sources/examples/apt-cacher-ng.rst
+++ b/docs/sources/examples/apt-cacher-ng.rst
@@ -23,13 +23,13 @@ To build the image using:
 
 .. code-block:: bash
 
-    $ sudo docker build -rm -t eg_apt_cacher_ng .
+    $ sudo docker build -t eg_apt_cacher_ng .
 
 Then run it, mapping the exposed port to one on the host
 
 .. code-block:: bash
 
-    $ sudo docker run -d -p 3142:3142 -name test_apt_cacher_ng eg_apt_cacher_ng
+    $ sudo docker run -d -p 3142:3142 --name test_apt_cacher_ng eg_apt_cacher_ng
 
 To see the logfiles that are 'tailed' in the default command, you can use: 
 
@@ -59,7 +59,7 @@ break other HTTP clients which obey ``http_proxy``, such as ``curl``, ``wget`` a
 
 .. code-block:: bash
 
-    $ sudo docker run -rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
+    $ sudo docker run --rm -t -i -e http_proxy=http://dockerhost:3142/ debian bash
 
 **Option 3** is the least portable, but there will be times when you might need to
 do it and you can do it from your ``Dockerfile`` too.
@@ -70,7 +70,7 @@ service:
 
 .. code-block:: bash
 
-    $ sudo docker run -rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash
+    $ sudo docker run --rm -t -i --volumes-from test_apt_cacher_ng eg_apt_cacher_ng bash
 
     $$ /usr/lib/apt-cacher-ng/distkill.pl
     Scanning /var/cache/apt-cacher-ng, please wait...
diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst
index b8538debb9..507056da85 100644
--- a/docs/sources/examples/hello_world.rst
+++ b/docs/sources/examples/hello_world.rst
@@ -119,13 +119,13 @@ Check the logs make sure it is working correctly.
 
 .. code-block:: bash
 
-    sudo docker attach -sig-proxy=false $container_id
+    sudo docker attach --sig-proxy=false $container_id
 
 Attach to the container to see the results in real-time.
 
 - **"docker attach**" This will allow us to attach to a background
   process to see what is going on.
-- **"-sig-proxy=false"** Do not forward signals to the container; allows
+- **"--sig-proxy=false"** Do not forward signals to the container; allows
   us to exit the attachment using Control-C without stopping the container.
 - **$container_id** The Id of the container we want to attach too.
 
diff --git a/docs/sources/examples/postgresql_service.rst b/docs/sources/examples/postgresql_service.rst
index 5a2323471b..66b0fd7aa5 100644
--- a/docs/sources/examples/postgresql_service.rst
+++ b/docs/sources/examples/postgresql_service.rst
@@ -37,24 +37,24 @@ And run the PostgreSQL server container (in the foreground):
 
 .. code-block:: bash
 
-    $ sudo docker run -rm -P -name pg_test eg_postgresql
+    $ sudo docker run --rm -P -name pg_test eg_postgresql
 
 There are  2 ways to connect to the PostgreSQL server. We can use 
 :ref:`working_with_links_names`, or we can access it from our host (or the network).
 
-.. note:: The ``-rm`` removes the container and its image when the container 
+.. note:: The ``--rm`` removes the container and its image when the container 
           exists successfully.
 
 Using container linking
 ^^^^^^^^^^^^^^^^^^^^^^^
 
 Containers can be linked to another container's ports directly using 
-``-link remote_name:local_alias`` in the client's ``docker run``. This will
+``--link remote_name:local_alias`` in the client's ``docker run``. This will
 set a number of environment variables that can then be used to connect:
 
 .. code-block:: bash
 
-    $ sudo docker run -rm -t -i -link pg_test:pg eg_postgresql bash
+    $ sudo docker run --rm -t -i --link pg_test:pg eg_postgresql bash
 
     postgres@7ef98b1b7243:/$ psql -h $PG_PORT_5432_TCP_ADDR -p $PG_PORT_5432_TCP_PORT -d docker -U docker --password
 
@@ -104,7 +104,7 @@ configuration and data:
 
 .. code-block:: bash
 
-    docker run -rm --volumes-from pg_test -t -i busybox sh
+    docker run --rm --volumes-from pg_test -t -i busybox sh
 
     / # ls
     bin      etc      lib      linuxrc  mnt      proc     run      sys      usr
diff --git a/docs/sources/examples/python_web_app.rst b/docs/sources/examples/python_web_app.rst
index 5b8e3f6b4b..33c038f9ab 100644
--- a/docs/sources/examples/python_web_app.rst
+++ b/docs/sources/examples/python_web_app.rst
@@ -51,7 +51,7 @@ try things out, and then exit when you're done.
 
 .. code-block:: bash
 
-    $ sudo docker run -i -t -name pybuilder_run shykes/pybuilder bash
+    $ sudo docker run -i -t --name pybuilder_run shykes/pybuilder bash
 
     $$ URL=http://github.com/shykes/helloflask/archive/master.tar.gz
     $$ /usr/local/bin/buildapp $URL
diff --git a/docs/sources/examples/running_redis_service.rst b/docs/sources/examples/running_redis_service.rst
index c9424867a4..50f1471f17 100644
--- a/docs/sources/examples/running_redis_service.rst
+++ b/docs/sources/examples/running_redis_service.rst
@@ -49,7 +49,7 @@ use a container link to provide access to our Redis database.
 Create your web application container
 -------------------------------------
 
-Next we can create a container for our application. We're going to use the ``-link`` 
+Next we can create a container for our application. We're going to use the ``--link`` 
 flag to create a link to the ``redis`` container we've just created with an alias of 
 ``db``. This will create a secure tunnel to the ``redis`` container and expose the 
 Redis instance running inside that container to only this container.
diff --git a/docs/sources/examples/running_ssh_service.rst b/docs/sources/examples/running_ssh_service.rst
index d27799bee7..4161275019 100644
--- a/docs/sources/examples/running_ssh_service.rst
+++ b/docs/sources/examples/running_ssh_service.rst
@@ -19,14 +19,14 @@ Build the image using:
 
 .. code-block:: bash
 
-    $ sudo docker build -rm -t eg_sshd .
+    $ sudo docker build -t eg_sshd .
 
 Then run it. You can then use ``docker port`` to find out what host port the container's
 port 22 is mapped to:
 
 .. code-block:: bash
 
-    $ sudo docker run -d -P -name test_sshd eg_sshd
+    $ sudo docker run -d -P --name test_sshd eg_sshd
     $ sudo docker port test_sshd 22
     0.0.0.0:49154
 
diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index c459f33d3c..6e79fb8cbc 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -309,9 +309,9 @@ daemon for the containers:
    sudo nano /etc/default/docker
    ---
    # Add:
-   DOCKER_OPTS="-dns 8.8.8.8"
+   DOCKER_OPTS="--dns 8.8.8.8"
    # 8.8.8.8 could be replaced with a local DNS server, such as 192.168.1.1
-   # multiple DNS servers can be specified: -dns 8.8.8.8 -dns 192.168.1.1
+   # multiple DNS servers can be specified: --dns 8.8.8.8 --dns 192.168.1.1
 
 The Docker daemon has to be restarted:
 
diff --git a/docs/sources/reference/api/docker_remote_api.rst b/docs/sources/reference/api/docker_remote_api.rst
index e1071bf085..93558fa974 100644
--- a/docs/sources/reference/api/docker_remote_api.rst
+++ b/docs/sources/reference/api/docker_remote_api.rst
@@ -203,7 +203,7 @@ What's new
 
 .. http:get:: /images/viz
 
-   This URI no longer exists.  The ``images -viz`` output is now generated in
+   This URI no longer exists.  The ``images --viz`` output is now generated in
    the client, using the ``/images/json`` data.
 
 v1.6
diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.rst b/docs/sources/reference/api/docker_remote_api_v1.10.rst
index ed63525e7e..20af253f0e 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.10.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.10.rst
@@ -1276,8 +1276,8 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
diff --git a/docs/sources/reference/api/docker_remote_api_v1.2.rst b/docs/sources/reference/api/docker_remote_api_v1.2.rst
index 1ae2db696f..80f76a3de9 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.2.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.2.rst
@@ -1045,7 +1045,7 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
     
-    docker -d -H="tcp://192.168.1.9:4243" -api-enable-cors
+    docker -d -H="tcp://192.168.1.9:4243" --api-enable-cors
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.3.rst b/docs/sources/reference/api/docker_remote_api_v1.3.rst
index cb4c54642d..2b17a37a4d 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.3.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.3.rst
@@ -1124,7 +1124,7 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
     
-    docker -d -H="192.168.1.9:4243" -api-enable-cors
+    docker -d -H="192.168.1.9:4243" --api-enable-cors
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.4.rst b/docs/sources/reference/api/docker_remote_api_v1.4.rst
index 39c8839653..ff5aaa7a74 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.4.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.4.rst
@@ -1168,9 +1168,9 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.5.rst b/docs/sources/reference/api/docker_remote_api_v1.5.rst
index 0cdbaf747a..d4440e4423 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.5.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.5.rst
@@ -1137,8 +1137,8 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
- docker -d -H="192.168.1.9:4243" -api-enable-cors
+ docker -d -H="192.168.1.9:4243" --api-enable-cors
diff --git a/docs/sources/reference/api/docker_remote_api_v1.6.rst b/docs/sources/reference/api/docker_remote_api_v1.6.rst
index a9ddfb2c13..cfc37084b8 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.6.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.6.rst
@@ -1274,9 +1274,9 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.7.rst b/docs/sources/reference/api/docker_remote_api_v1.7.rst
index cacd7ab6f7..1bafaddfc5 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.7.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.7.rst
@@ -1254,9 +1254,9 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.8.rst b/docs/sources/reference/api/docker_remote_api_v1.8.rst
index b752f2f8a4..16492dde76 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.8.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.8.rst
@@ -1287,8 +1287,8 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.rst b/docs/sources/reference/api/docker_remote_api_v1.9.rst
index 9430ff370d..27812457bb 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.9.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.9.rst
@@ -1288,8 +1288,8 @@ In this version of the API, /attach, uses hijacking to transport stdin, stdout a
 3.3 CORS Requests
 -----------------
 
-To enable cross origin requests to the remote api add the flag "-api-enable-cors" when running docker in daemon mode.
+To enable cross origin requests to the remote api add the flag "--api-enable-cors" when running docker in daemon mode.
 
 .. code-block:: bash
 
-   docker -d -H="192.168.1.9:4243" -api-enable-cors
+   docker -d -H="192.168.1.9:4243" --api-enable-cors
diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 3c48939c82..0d8d750a04 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -193,7 +193,7 @@ well.
 
 When used in the shell or exec formats, the ``CMD`` instruction sets
 the command to be executed when running the image.  This is
-functionally equivalent to running ``docker commit -run '{"Cmd":
+functionally equivalent to running ``docker commit --run '{"Cmd":
 <command>}'`` outside the builder.
 
 If you use the *shell* form of the CMD, then the ``<command>`` will
@@ -235,7 +235,7 @@ override the default specified in CMD.
     ``EXPOSE <port> [<port>...]``
 
 The ``EXPOSE`` instruction exposes ports for use within links. This is
-functionally equivalent to running ``docker commit -run '{"PortSpecs":
+functionally equivalent to running ``docker commit --run '{"PortSpecs":
 ["<port>", "<port2>"]}'`` outside the builder. Refer to
 :ref:`port_redirection` for detailed information.
 
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index e65bd930ae..83f05947c2 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -52,7 +52,7 @@ Sometimes this can use a more complex value string, as for ``-v``::
 Strings and Integers
 ~~~~~~~~~~~~~~~~~~~~
 
-Options like ``-name=""`` expect a string, and they can only be
+Options like ``--name=""`` expect a string, and they can only be
 specified once. Options like ``-c=0`` expect an integer, and they can
 only be specified once.
 
@@ -94,7 +94,7 @@ daemon and client.  To run the daemon you provide the ``-d`` flag.
 
 To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``.
 
-To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``.
+To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``.
 
 To run the daemon with debug output, use ``docker -d -D``.
 
@@ -305,7 +305,7 @@ by using the ``git://`` schema.
       -m, --message="": Commit message
       -a, --author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
       --run="": Configuration changes to be applied when the image is launched with `docker run`.
-               (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
+               (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
 
 .. _cli_commit_examples:
 
@@ -335,9 +335,9 @@ run ``ls /etc``.
 
 .. code-block:: bash
 
-        $ docker run -t -name test ubuntu ls
+        $ docker run -t --name test ubuntu ls
         bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
-        $ docker commit -run='{"Cmd": ["ls","/etc"]}' test test2
+        $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2
         933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb
         $ docker run -t test2
         adduser.conf            gshadow          login.defs           rc0.d
@@ -358,7 +358,7 @@ Say you have a Dockerfile like so:
         CMD ["/usr/sbin/sshd -D"]
         ...
 
-If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the -run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit.
+If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit.
 
 .. code-block:: bash
 
@@ -366,14 +366,14 @@ If you run that, make some changes, and then commit, Docker will merge the envir
         $ docker run -t -i me/foo /bin/bash
         foo-container$ [make changes in the container]
         foo-container$ exit
-        $ docker commit -run='{"Cmd": ["ls"]}' [container-id] me/bar
+        $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar
         ...
 
 The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"].
 
-Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the -run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container.
+Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container.
 
-Full -run example
+Full --run example
 .................
 
 The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID``
@@ -384,7 +384,7 @@ not overridden in the JSON hash will be merged in.
 
 .. code-block:: bash
 
-  $ sudo docker commit -run='
+  $ sudo docker commit --run='
   {
       "Entrypoint" : null,
       "Privileged" : false,
@@ -516,16 +516,16 @@ Show events in the past from a specified time
 
 .. code-block:: bash
 
-    $ sudo docker events -since 1378216169
+    $ sudo docker events --since 1378216169
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
 
-    $ sudo docker events -since '2013-09-03'
+    $ sudo docker events --since '2013-09-03'
     [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
 
-    $ sudo docker events -since '2013-09-03 15:49:29 +0200 CEST'
+    $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST'
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die
     [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop
 
@@ -829,7 +829,7 @@ text output:
 
 .. code-block:: bash
 
-    $ sudo docker inspect -format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
+    $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID
 
 Find a Specific Port Mapping
 ............................
@@ -844,7 +844,7 @@ we ask for the ``HostPort`` field to get the public address.
 
 .. code-block:: bash
 
-    $ sudo docker inspect -format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
+    $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID
 
 Get config
 ..........
@@ -856,7 +856,7 @@ to convert config object into JSON
 
 .. code-block:: bash
 
-    $ sudo docker inspect -format='{{json .config}}' $INSTANCE_ID
+    $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID
 
 
 .. _cli_kill:
@@ -1151,7 +1151,7 @@ image is removed.
       --volumes-from="": Mount all volumes from the given container(s)
       --entrypoint="": Overwrite the default entrypoint set by the image
       -w, --workdir="": Working directory inside the container
-      --lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
+      --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
       --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
       --expose=[]: Expose a port from the container without publishing it to your host
       --link="": Add link to another container (name:alias)
@@ -1171,7 +1171,7 @@ See :ref:`port_redirection` for more detailed information about the ``--expose``
 ``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for
 specific examples using ``--link``.
 
-Known Issues (run -volumes-from)
+Known Issues (run --volumes-from)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 * :issue:`2702`: "lxc-start: Permission denied - failed to mount"
@@ -1199,7 +1199,7 @@ error. Docker will close this file when ``docker run`` exits.
 
 This will *not* work, because by default, most potentially dangerous
 kernel capabilities are dropped; including ``cap_sys_admin`` (which is
-required to mount filesystems). However, the ``-privileged`` flag will
+required to mount filesystems). However, the ``--privileged`` flag will
 allow it to run:
 
 .. code-block:: bash
@@ -1211,7 +1211,7 @@ allow it to run:
    none            1.9G     0  1.9G   0% /mnt
 
 
-The ``-privileged`` flag gives *all* capabilities to the container,
+The ``--privileged`` flag gives *all* capabilities to the container,
 and it also lifts all the limitations enforced by the ``device``
 cgroup controller. In other words, the container can then do almost
 everything that the host can do. This flag exists to allow special
@@ -1313,7 +1313,7 @@ This example shows 5 containers that might be set up to test a web application c
 2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it;
 3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``;
 4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate;
-5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``-rm`` option means that when the container exits, the container's layer is removed.
+5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed.
 
 
 .. _cli_save:
diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst
index d8de280671..8637ac3071 100644
--- a/docs/sources/reference/run.rst
+++ b/docs/sources/reference/run.rst
@@ -80,7 +80,7 @@ through network connections or shared volumes because the container is
 no longer listening to the commandline where you executed ``docker
 run``. You can reattach to a detached container with ``docker``
 :ref:`cli_attach`. If you choose to run a container in the detached
-mode, then you cannot use the ``-rm`` option.
+mode, then you cannot use the ``--rm`` option.
 
 Foreground
 ..........
@@ -92,10 +92,10 @@ error. It can even pretend to be a TTY (this is what most commandline
 executables expect) and pass along signals. All of that is
 configurable::
 
-   -a=[]          : Attach to ``stdin``, ``stdout`` and/or ``stderr``
-   -t=false       : Allocate a pseudo-tty
-   -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
-   -i=false       : Keep STDIN open even if not attached
+   -a=[]           : Attach to ``stdin``, ``stdout`` and/or ``stderr``
+   -t=false        : Allocate a pseudo-tty
+   --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
+   -i=false        : Keep STDIN open even if not attached
 
 If you do not specify ``-a`` then Docker will `attach everything
 (stdin,stdout,stderr)
@@ -112,7 +112,7 @@ as well as persistent standard input (``stdin``), so you'll use ``-i
 Container Identification
 ------------------------
 
-Name (-name)
+Name (--name)
 ............
 
 The operator can identify a container in three ways:
@@ -122,7 +122,7 @@ The operator can identify a container in three ways:
 * Name ("evil_ptolemy")
 
 The UUID identifiers come from the Docker daemon, and if you do not
-assign a name to the container with ``-name`` then the daemon will
+assign a name to the container with ``--name`` then the daemon will
 also generate a random string name too. The name can become a handy
 way to add meaning to a container since you can use this name when
 defining :ref:`links <working_with_links_names>` (or any other place
@@ -137,7 +137,7 @@ container ID out to a file of your choosing. This is similar to how
 some programs might write out their process ID to a file (you've seen
 them as PID files)::
 
-      -cidfile="": Write the container ID to the file
+      --cidfile="": Write the container ID to the file
 
 Network Settings
 ----------------
@@ -145,7 +145,7 @@ Network Settings
 ::
 
    -n=true   : Enable networking for this container
-   -dns=[]   : Set custom dns servers for the container
+   --dns=[]  : Set custom dns servers for the container
 
 By default, all containers have networking enabled and they can make
 any outgoing connections. The operator can completely disable
@@ -154,9 +154,9 @@ networking. In cases like this, you would perform I/O through files or
 STDIN/STDOUT only.
 
 Your container will use the same DNS servers as the host by default,
-but you can override this with ``-dns``.
+but you can override this with ``--dns``.
 
-Clean Up (-rm)
+Clean Up (--rm)
 --------------
 
 By default a container's file system persists even after the container
@@ -165,9 +165,9 @@ final state) and you retain all your data by default. But if you are
 running short-term **foreground** processes, these container file
 systems can really pile up. If instead you'd like Docker to
 **automatically clean up the container and remove the file system when
-the container exits**, you can add the ``-rm`` flag::
+the container exits**, you can add the ``--rm`` flag::
 
-   -rm=false: Automatically remove the container when it exits (incompatible with -d)
+   --rm=false: Automatically remove the container when it exits (incompatible with -d)
 
 
 Runtime Constraints on CPU and Memory
@@ -193,8 +193,8 @@ Runtime Privilege and LXC Configuration
 
 ::
 
-   -privileged=false: Give extended privileges to this container
-   -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
+   --privileged=false: Give extended privileges to this container
+   --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
 
 By default, Docker containers are "unprivileged" and cannot, for
 example, run a Docker daemon inside a Docker container. This is
@@ -203,16 +203,16 @@ but a "privileged" container is given access to all devices (see
 lxc-template.go_ and documentation on `cgroups devices
 <https://www.kernel.org/doc/Documentation/cgroups/devices.txt>`_).
 
-When the operator executes ``docker run -privileged``, Docker will
+When the operator executes ``docker run --privileged``, Docker will
 enable to access to all devices on the host as well as set some
 configuration in AppArmor to allow the container nearly all the same
 access to the host as processes running outside containers on the
-host. Additional information about running with ``-privileged`` is
+host. Additional information about running with ``--privileged`` is
 available on the `Docker Blog
 <http://blog.docker.io/2013/09/docker-can-now-run-within-docker/>`_.
 
 An operator can also specify LXC options using one or more
-``-lxc-conf`` parameters. These can be new parameters or override
+``--lxc-conf`` parameters. These can be new parameters or override
 existing parameters from the lxc-template.go_. Note that in the
 future, a given host's Docker daemon may not use LXC, so this is an
 implementation-specific configuration meant for operators already
@@ -260,7 +260,7 @@ ENTRYPOINT (Default Command to Execute at Runtime
 
 ::
 
-   -entrypoint="": Overwrite the default entrypoint set by the image
+   --entrypoint="": Overwrite the default entrypoint set by the image
 
 The ENTRYPOINT of an image is similar to a ``COMMAND`` because it
 specifies what executable to run when the container starts, but it is
@@ -274,12 +274,12 @@ runtime by using a string to specify the new ``ENTRYPOINT``. Here is an
 example of how to run a shell in a container that has been set up to
 automatically run something else (like ``/usr/bin/redis-server``)::
 
-  docker run -i -t -entrypoint /bin/bash example/redis
+  docker run -i -t --entrypoint /bin/bash example/redis
 
 or two examples of how to pass more parameters to that ENTRYPOINT::
 
-  docker run -i -t -entrypoint /bin/bash example/redis -c ls -l
-  docker run -i -t -entrypoint /usr/bin/redis-cli example/redis --help
+  docker run -i -t --entrypoint /bin/bash example/redis -c ls -l
+  docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help
 
 
 EXPOSE (Incoming Ports)
@@ -290,16 +290,16 @@ providing the ``EXPOSE`` instruction to give a hint to the operator
 about what incoming ports might provide services. The following
 options work with or override the ``Dockerfile``'s exposed defaults::
 
-   -expose=[]: Expose a port from the container 
+   --expose=[]: Expose a port from the container 
                without publishing it to your host
-   -P=false  : Publish all exposed ports to the host interfaces
-   -p=[]     : Publish a container's port to the host (format: 
-               ip:hostPort:containerPort | ip::containerPort | 
-               hostPort:containerPort) 
-               (use 'docker port' to see the actual mapping)
-   -link=""  : Add link to another container (name:alias)
+   -P=false   : Publish all exposed ports to the host interfaces
+   -p=[]      : Publish a container's port to the host (format: 
+                ip:hostPort:containerPort | ip::containerPort | 
+                hostPort:containerPort) 
+                (use 'docker port' to see the actual mapping)
+   --link=""  : Add link to another container (name:alias)
 
-As mentioned previously, ``EXPOSE`` (and ``-expose``) make a port
+As mentioned previously, ``EXPOSE`` (and ``--expose``) make a port
 available **in** a container for incoming connections. The port number
 on the inside of the container (where the service listens) does not
 need to be the same number as the port exposed on the outside of the
@@ -308,16 +308,16 @@ have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in
 the ``Dockerfile``), but outside the container the port might be 42800.
 
 To help a new client container reach the server container's internal
-port operator ``-expose``'d by the operator or ``EXPOSE``'d by the
+port operator ``--expose``'d by the operator or ``EXPOSE``'d by the
 developer, the operator has three choices: start the server container
-with ``-P`` or ``-p,`` or start the client container with ``-link``.
+with ``-P`` or ``-p,`` or start the client container with ``--link``.
 
 If the operator uses ``-P`` or ``-p`` then Docker will make the
 exposed port accessible on the host and the ports will be available to
 any client that can reach the host. To find the map between the host
 ports and the exposed ports, use ``docker port``)
 
-If the operator uses ``-link`` when starting the new client container,
+If the operator uses ``--link`` when starting the new client container,
 then the client container can access the exposed port via a private
 networking interface. Docker will set some environment variables in
 the client container to help indicate which interface and port to use.
@@ -329,7 +329,7 @@ The operator can **set any environment variable** in the container by
 using one or more ``-e`` flags, even overriding those already defined by the
 developer with a Dockefile ``ENV``::
 
-   $ docker run -e "deep=purple" -rm ubuntu /bin/bash -c export
+   $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export
    declare -x HOME="/"
    declare -x HOSTNAME="85bc26a0e200"
    declare -x OLDPWD
@@ -341,13 +341,13 @@ developer with a Dockefile ``ENV``::
 
 Similarly the operator can set the **hostname** with ``-h``.
 
-``-link name:alias`` also sets environment variables, using the
+``--link name:alias`` also sets environment variables, using the
 *alias* string to define environment variables within the container
 that give the IP and PORT information for connecting to the service
 container. Let's imagine we have a container running Redis::
 
    # Start the service container, named redis-name
-   $ docker run -d -name redis-name dockerfiles/redis
+   $ docker run -d --name redis-name dockerfiles/redis
    4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3
 
    # The redis-name container exposed port 6379
@@ -361,12 +361,12 @@ container. Let's imagine we have a container running Redis::
 
 
 Yet we can get information about the Redis container's exposed ports
-with ``-link``. Choose an alias that will form a valid environment
+with ``--link``. Choose an alias that will form a valid environment
 variable!
 
 ::
 
-   $ docker run -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c export
+   $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export
    declare -x HOME="/"
    declare -x HOSTNAME="acda7f7b1cdc"
    declare -x OLDPWD
@@ -383,7 +383,7 @@ variable!
 
 And we can use that information to connect from another container as a client::
 
-   $ docker run -i -t -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT'
+   $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT'
    172.17.0.32:6379>
 
 VOLUME (Shared Filesystems)
@@ -393,7 +393,7 @@ VOLUME (Shared Filesystems)
 
    -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. 
           If "container-dir" is missing, then docker creates a new volume.
-   -volumes-from="": Mount all volumes from the given container(s)
+   --volumes-from="": Mount all volumes from the given container(s)
 
 The volumes commands are complex enough to have their own
 documentation in section :ref:`volume_def`. A developer can define one
diff --git a/docs/sources/use/ambassador_pattern_linking.rst b/docs/sources/use/ambassador_pattern_linking.rst
index e7cdbd7c96..bbd5816768 100644
--- a/docs/sources/use/ambassador_pattern_linking.rst
+++ b/docs/sources/use/ambassador_pattern_linking.rst
@@ -43,26 +43,26 @@ Start actual redis server on one Docker host
 
 .. code-block:: bash
 
-	big-server $ docker run -d -name redis crosbymichael/redis
+	big-server $ docker run -d --name redis crosbymichael/redis
 
 Then add an ambassador linked to the redis server, mapping a port to the outside world
 
 .. code-block:: bash
 
-	big-server $ docker run -d -link redis:redis -name redis_ambassador -p 6379:6379 svendowideit/ambassador
+	big-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador
 
 On the other host, you can set up another ambassador setting environment variables for each remote port we want to proxy to the ``big-server``
 
 .. code-block:: bash
 
-	client-server $ docker run -d -name redis_ambassador -expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador
+	client-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador
 
 Then on the ``client-server`` host, you can use a redis client container to talk 
 to the remote redis server, just by linking to the local redis ambassador.
 
 .. code-block:: bash
 
-	client-server $ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli
+	client-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli
 	redis 172.17.0.160:6379> ping
 	PONG
 
@@ -79,19 +79,19 @@ On the docker host (192.168.1.52) that redis will run on:
 .. code-block:: bash
 
 	# start actual redis server
-	$ docker run -d -name redis crosbymichael/redis
+	$ docker run -d --name redis crosbymichael/redis
 
 	# get a redis-cli container for connection testing	
 	$ docker pull relateiq/redis-cli
 
 	# test the redis server by talking to it directly
-	$ docker run -t -i -rm -link redis:redis relateiq/redis-cli
+	$ docker run -t -i --rm --link redis:redis relateiq/redis-cli
 	redis 172.17.0.136:6379> ping
 	PONG
 	^D
 	
 	# add redis ambassador
-	$ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 busybox sh
+	$ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 busybox sh
 	
 in the redis_ambassador container, you can see the linked redis containers's env
 
@@ -119,7 +119,7 @@ This environment is used by the ambassador socat script to expose redis to the w
 
 	$ docker rm redis_ambassador
 	$ sudo ./contrib/mkimage-unittest.sh
-	$ docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 docker-ut sh
+	$ docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 docker-ut sh
 	
 	$ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:172.17.0.136:6379
 	
@@ -127,7 +127,7 @@ then ping the redis server via the ambassador
 
 .. code-block::bash
 
-	$ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli
+	$ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli
 	redis 172.17.0.160:6379> ping
 	PONG
 
@@ -136,7 +136,7 @@ Now goto a different server
 .. code-block:: bash
 
 	$ sudo ./contrib/mkimage-unittest.sh
-	$ docker run -t -i  -expose 6379 -name redis_ambassador docker-ut sh
+	$ docker run -t -i  --expose 6379 --name redis_ambassador docker-ut sh
 	
 	$ socat TCP4-LISTEN:6379,fork,reuseaddr TCP4:192.168.1.52:6379
 
@@ -145,7 +145,7 @@ and get the redis-cli image so we can talk over the ambassador bridge
 .. code-block:: bash
 
 	$ docker pull relateiq/redis-cli
-	$ docker run -i -t -rm -link redis_ambassador:redis relateiq/redis-cli
+	$ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cli
 	redis 172.17.0.160:6379> ping
 	PONG
 
@@ -157,7 +157,7 @@ When you start the container, it uses a small ``sed`` script to parse out the (p
 link environment variables to set up the port forwarding. On the remote host, you need to set the 
 variable using the ``-e`` command line option.
 
-``-expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`` will forward the 
+``--expose 1234 -e REDIS_PORT_1234_TCP=tcp://192.168.1.52:6379`` will forward the 
 local ``1234`` port to the remote IP and port - in this case ``192.168.1.52:6379``.
 
 
@@ -171,9 +171,9 @@ local ``1234`` port to the remote IP and port - in this case ``192.168.1.52:6379
 	#   docker build -t SvenDowideit/ambassador .
 	#   docker tag SvenDowideit/ambassador ambassador
 	# then to run it (on the host that has the real backend on it)
-	#   docker run -t -i -link redis:redis -name redis_ambassador -p 6379:6379 ambassador
+	#   docker run -t -i --link redis:redis --name redis_ambassador -p 6379:6379 ambassador
 	# on the remote host, you can set up another ambassador
-	#    docker run -t -i -name redis_ambassador -expose 6379 sh
+	#    docker run -t -i --name redis_ambassador --expose 6379 sh
 
 	FROM	docker-ut
 	MAINTAINER	SvenDowideit@home.org.au
diff --git a/docs/sources/use/basics.rst b/docs/sources/use/basics.rst
index 24c22bba39..447366f55a 100644
--- a/docs/sources/use/basics.rst
+++ b/docs/sources/use/basics.rst
@@ -39,7 +39,7 @@ Repository to a local image cache.
    12 character hash ``539c0211cd76: Download complete`` which is the
    short form of the image ID. These short image IDs are the first 12
    characters of the full image ID - which can be found using ``docker
-   inspect`` or ``docker images -notrunc=true``
+   inspect`` or ``docker images --no-trunc=true``
 
 Running an interactive shell
 ----------------------------
diff --git a/docs/sources/use/networking.rst b/docs/sources/use/networking.rst
index c00c608550..59c63ed674 100644
--- a/docs/sources/use/networking.rst
+++ b/docs/sources/use/networking.rst
@@ -121,8 +121,8 @@ Container intercommunication
 The value of the Docker daemon's ``icc`` parameter determines whether
 containers can communicate with each other over the bridge network.
 
-- The default, ``-icc=true`` allows containers to communicate with each other.
-- ``-icc=false`` means containers are isolated from each other.
+- The default, ``--icc=true`` allows containers to communicate with each other.
+- ``--icc=false`` means containers are isolated from each other.
 
 Docker uses ``iptables`` under the hood to either accept or
 drop communication between containers.
diff --git a/docs/sources/use/port_redirection.rst b/docs/sources/use/port_redirection.rst
index ba244adadb..cf5c2100a9 100644
--- a/docs/sources/use/port_redirection.rst
+++ b/docs/sources/use/port_redirection.rst
@@ -114,14 +114,14 @@ exposure, is possible because ``client`` is started after ``server``
 has been started.
 
 Here is a full example. On ``server``, the port of interest is
-exposed. The exposure is done either through the ``-expose`` parameter
+exposed. The exposure is done either through the ``--expose`` parameter
 to the ``docker run`` command, or the ``EXPOSE`` build command in a
 Dockerfile:
 
 .. code-block:: bash
 
     # Expose port 80
-    docker run -expose 80 --name server <image> <cmd>
+    docker run --expose 80 --name server <image> <cmd>
 
 The ``client`` then links to the ``server``:
 
diff --git a/docs/sources/use/working_with_links_names.rst b/docs/sources/use/working_with_links_names.rst
index 1b0e9f6914..dc370c01c9 100644
--- a/docs/sources/use/working_with_links_names.rst
+++ b/docs/sources/use/working_with_links_names.rst
@@ -19,14 +19,14 @@ Container Naming
 
 .. versionadded:: v0.6.5
 
-You can now name your container by using the ``-name`` flag. If no
+You can now name your container by using the ``--name`` flag. If no
 name is provided, Docker will automatically generate a name. You can
 see this name using the ``docker ps`` command.
 
 .. code-block:: bash
 
-    # format is "sudo docker run -name <container_name> <image_name> <command>"
-    $ sudo docker run -name test ubuntu /bin/bash
+    # format is "sudo docker run --name <container_name> <image_name> <command>"
+    $ sudo docker run --name test ubuntu /bin/bash
 
     # the flag "-a" Show all containers. Only running containers are shown by default.
     $ sudo docker ps -a
@@ -41,9 +41,9 @@ Links: service discovery for docker
 .. versionadded:: v0.6.5
 
 Links allow containers to discover and securely communicate with each
-other by using the flag ``-link name:alias``. Inter-container
+other by using the flag ``--link name:alias``. Inter-container
 communication can be disabled with the daemon flag
-``-icc=false``. With this flag set to ``false``, Container A cannot
+``--icc=false``. With this flag set to ``false``, Container A cannot
 access Container B unless explicitly allowed via a link. This is a
 huge win for securing your containers.  When two containers are linked
 together Docker creates a parent child relationship between the
@@ -63,7 +63,7 @@ based on that image and run it as a daemon.
 
 .. code-block:: bash
 
-    $ sudo docker run -d -name redis crosbymichael/redis
+    $ sudo docker run -d --name redis crosbymichael/redis
 
 We can issue all the commands that you would expect using the name
 ``redis``; start, stop, attach, using the name for our container. The
@@ -77,9 +77,9 @@ we need to establish a link.
 
 .. code-block:: bash
 
-    $ sudo docker run -t -i -link redis:db -name webapp ubuntu bash
+    $ sudo docker run -t -i --link redis:db --name webapp ubuntu bash
 
-When you specified ``-link redis:db`` you are telling Docker to link
+When you specified ``--link redis:db`` you are telling Docker to link
 the container named ``redis`` into this new container with the alias
 ``db``. Environment variables are prefixed with the alias so that the
 parent container can access network and environment information from
diff --git a/docs/sources/use/working_with_volumes.rst b/docs/sources/use/working_with_volumes.rst
index 755be009e3..02f4e71b13 100644
--- a/docs/sources/use/working_with_volumes.rst
+++ b/docs/sources/use/working_with_volumes.rst
@@ -42,14 +42,14 @@ two new volumes::
 This command will create the new container with two new volumes that 
 exits instantly (``true`` is pretty much the smallest, simplest program 
 that you can run). Once created you can mount its volumes in any other 
-container using the ``-volumes-from`` option; irrespective of whether the
+container using the ``--volumes-from`` option; irrespective of whether the
 container is running or not. 
 
 Or, you can use the VOLUME instruction in a Dockerfile to add one or more new
 volumes to any container created from that image::
 
   # BUILD-USING:        docker build -t data .
-  # RUN-USING:          docker run -name DATA data 
+  # RUN-USING:          docker run --name DATA data 
   FROM          busybox
   VOLUME        ["/var/volume1", "/var/volume2"]
   CMD           ["/bin/true"]
@@ -63,19 +63,19 @@ Data Volume Container, and then to mount the data from it.
 
 Create a named container with volumes to share (``/var/volume1`` and ``/var/volume2``)::
 
-  $ docker run -v /var/volume1 -v /var/volume2 -name DATA busybox true
+  $ docker run -v /var/volume1 -v /var/volume2 --name DATA busybox true
 
 Then mount those data volumes into your application containers::
 
-  $ docker run -t -i -rm -volumes-from DATA -name client1 ubuntu bash
+  $ docker run -t -i --rm --volumes-from DATA --name client1 ubuntu bash
 
-You can use multiple ``-volumes-from`` parameters to bring together multiple 
+You can use multiple ``--volumes-from`` parameters to bring together multiple 
 data volumes from multiple containers. 
 
 Interestingly, you can mount the volumes that came from the ``DATA`` container in 
 yet another container via the ``client1`` middleman container::
 
-  $ docker run -t -i -rm -volumes-from client1 -name client2 ubuntu bash
+  $ docker run -t -i --rm --volumes-from client1 --name client2 ubuntu bash
 
 This allows you to abstract the actual data source from users of that data, 
 similar to :ref:`ambassador_pattern_linking <ambassador_pattern_linking>`.
@@ -131,7 +131,7 @@ data-container's volume. For example::
 
     $ sudo docker run -rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data
 
-* ``-rm`` - remove the container when it exits
+* ``--rm`` - remove the container when it exits
 * ``--volumes-from DATA`` - attach to the volumes shared by the ``DATA`` container
 * ``-v $(pwd):/backup`` - bind mount the current directory into the container; to write the tar file to
 * ``busybox`` - a small simpler image - good for quick maintenance
@@ -142,11 +142,11 @@ Then to restore to the same container, or another that you've made elsewhere::
     # create a new data container
     $ sudo docker run -v /data -name DATA2 busybox true
     # untar the backup files into the new container's data volume
-    $ sudo docker run -rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar
+    $ sudo docker run --rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar
     data/
     data/sven.txt
     # compare to the original container
-    $ sudo docker run -rm --volumes-from DATA -v `pwd`:/backup busybox ls /data
+    $ sudo docker run --rm --volumes-from DATA -v `pwd`:/backup busybox ls /data
     sven.txt
 
 
diff --git a/docs/sources/use/workingwithrepository.rst b/docs/sources/use/workingwithrepository.rst
index cbde932cde..c126361f8c 100644
--- a/docs/sources/use/workingwithrepository.rst
+++ b/docs/sources/use/workingwithrepository.rst
@@ -74,7 +74,7 @@ name or description:
 
     Search the docker index for images
 
-      -notrunc=false: Don't truncate output
+      --no-trunc=false: Don't truncate output
     $ sudo docker search centos
     Found 25 results matching your query ("centos")
     NAME                             DESCRIPTION
diff --git a/hack/RELEASE-CHECKLIST.md b/hack/RELEASE-CHECKLIST.md
index 6ef5d9cf58..2920e52917 100644
--- a/hack/RELEASE-CHECKLIST.md
+++ b/hack/RELEASE-CHECKLIST.md
@@ -139,7 +139,7 @@ docker run \
        -e AWS_ACCESS_KEY \
        -e AWS_SECRET_KEY \
        -e GPG_PASSPHRASE \
-       -i -t -privileged \
+       -i -t --privileged \
        docker \
        hack/release.sh
 ```
@@ -173,7 +173,7 @@ docker run \
        -e AWS_ACCESS_KEY \
        -e AWS_SECRET_KEY \
        -e GPG_PASSPHRASE \
-       -i -t -privileged \
+       -i -t --privileged \
        docker \
        hack/release.sh
 ```
diff --git a/hack/dind b/hack/dind
index eff656b0e0..94147f5324 100755
--- a/hack/dind
+++ b/hack/dind
@@ -5,7 +5,7 @@
 # See the blog post: http://blog.docker.io/2013/09/docker-can-now-run-within-docker/
 #
 # This script should be executed inside a docker container in privilieged mode
-# ('docker run -privileged', introduced in docker 0.6).
+# ('docker run --privileged', introduced in docker 0.6).
 
 # Usage: dind CMD [ARG...]
 
@@ -17,7 +17,7 @@ CGROUP=/sys/fs/cgroup
 
 mountpoint -q $CGROUP || 
 	mount -n -t tmpfs -o uid=0,gid=0,mode=0755 cgroup $CGROUP || {
-		echo "Could not make a tmpfs mount. Did you use -privileged?"
+		echo "Could not make a tmpfs mount. Did you use --privileged?"
 		exit 1
 	}
 
diff --git a/hack/infrastructure/docker-ci/Dockerfile b/hack/infrastructure/docker-ci/Dockerfile
index fd795f4d45..789c794f54 100644
--- a/hack/infrastructure/docker-ci/Dockerfile
+++ b/hack/infrastructure/docker-ci/Dockerfile
@@ -1,8 +1,8 @@
 # DOCKER-VERSION: 0.7.6
 # AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
 # DESCRIPTION:    docker-ci continuous integration service
-# TO_BUILD:       docker build -rm -t docker-ci/docker-ci .
-# TO_RUN:         docker run -rm -i -t -p 8000:80 -p 2222:22 -v /run:/var/socket \
+# TO_BUILD:       docker build -t docker-ci/docker-ci .
+# TO_RUN:         docker run --rm -i -t -p 8000:80 -p 2222:22 -v /run:/var/socket \
 #                     -v /data/docker-ci:/data/docker-ci docker-ci/docker-ci
 
 from ubuntu:12.04
diff --git a/hack/infrastructure/docker-ci/README.rst b/hack/infrastructure/docker-ci/README.rst
index 3e429ffdd5..07c1ffcec0 100644
--- a/hack/infrastructure/docker-ci/README.rst
+++ b/hack/infrastructure/docker-ci/README.rst
@@ -57,8 +57,8 @@ Production deployment
   export EMAIL_RCP=[EMAIL_FOR_BUILD_ERRORS]
 
   # Build docker-ci and testbuilder docker images
-  docker -H $DOCKER_PROD build -rm -t docker-ci/docker-ci .
-  (cd testbuilder; docker -H $DOCKER_PROD build -rm -t docker-ci/testbuilder .)
+  docker -H $DOCKER_PROD build -t docker-ci/docker-ci .
+  (cd testbuilder; docker -H $DOCKER_PROD build --rm -t docker-ci/testbuilder .)
 
   # Run docker-ci container ( assuming no previous container running )
   (cd dcr/prod; dcr docker-ci.yml start)
diff --git a/hack/infrastructure/docker-ci/dockertest/nightlyrelease b/hack/infrastructure/docker-ci/dockertest/nightlyrelease
index 475b088065..cface6c125 100755
--- a/hack/infrastructure/docker-ci/dockertest/nightlyrelease
+++ b/hack/infrastructure/docker-ci/dockertest/nightlyrelease
@@ -6,7 +6,7 @@ else
     AWS_S3_BUCKET='get-staging.docker.io'
 fi
 
-docker run -rm -privileged -v /run:/var/socket \
+docker run --rm --privileged -v /run:/var/socket \
     -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY \
     -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE \
     -e DOCKER_RELEASE=1 -e DEPLOYMENT=$DEPLOYMENT docker-ci/testbuilder docker
diff --git a/hack/infrastructure/docker-ci/dockertest/project b/hack/infrastructure/docker-ci/dockertest/project
index 160f2d5d59..8131ab533a 100755
--- a/hack/infrastructure/docker-ci/dockertest/project
+++ b/hack/infrastructure/docker-ci/dockertest/project
@@ -3,6 +3,6 @@ set -x
 
 PROJECT_NAME=$(basename $0)
 
-docker run -rm -u sysadmin -e DEPLOYMENT=$DEPLOYMENT -v /run:/var/socket \
+docker run --rm -u sysadmin -e DEPLOYMENT=$DEPLOYMENT -v /run:/var/socket \
     -v /home/docker-ci/coverage/$PROJECT_NAME:/data docker-ci/testbuilder $PROJECT_NAME $1 $2 $3
 
diff --git a/hack/infrastructure/docker-ci/testbuilder/Dockerfile b/hack/infrastructure/docker-ci/testbuilder/Dockerfile
index a008da6843..8fa9b4c797 100644
--- a/hack/infrastructure/docker-ci/testbuilder/Dockerfile
+++ b/hack/infrastructure/docker-ci/testbuilder/Dockerfile
@@ -1,5 +1,5 @@
-# TO_BUILD:      docker build -rm -no-cache -t docker-ci/testbuilder .
-# TO_RUN:        docker run -rm -u sysadmin \
+# TO_BUILD:      docker build --no-cache -t docker-ci/testbuilder .
+# TO_RUN:        docker run --rm -u sysadmin \
 #                -v /run:/var/socket docker-ci/testbuilder docker-registry
 #
 
diff --git a/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh b/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
index 72087462ad..a73704c50b 100755
--- a/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
+++ b/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
@@ -5,8 +5,8 @@ PROJECT_PATH=$1
 
 # Build the docker project
 cd /data/$PROJECT_PATH
-sg docker -c "docker build -q -rm -t registry ."
-cd test; sg docker -c "docker build -q -rm -t docker-registry-test ."
+sg docker -c "docker build -q -t registry ."
+cd test; sg docker -c "docker build -q -t docker-registry-test ."
 
 # Run the tests
-sg docker -c "docker run -rm -v /home/docker-ci/coverage/docker-registry:/data docker-registry-test"
+sg docker -c "docker run --rm -v /home/docker-ci/coverage/docker-registry:/data docker-registry-test"
diff --git a/hack/infrastructure/docker-ci/testbuilder/docker.sh b/hack/infrastructure/docker-ci/testbuilder/docker.sh
index b365dd7eaf..c8f3c18eb9 100755
--- a/hack/infrastructure/docker-ci/testbuilder/docker.sh
+++ b/hack/infrastructure/docker-ci/testbuilder/docker.sh
@@ -5,14 +5,14 @@ PROJECT_PATH=$1
 
 # Build the docker project
 cd /data/$PROJECT_PATH
-sg docker -c "docker build -q -rm -t docker ."
+sg docker -c "docker build -q -t docker ."
 
 if [ "$DOCKER_RELEASE" == "1" ]; then
     # Do nightly release
-    echo sg docker -c "docker run -rm -privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY= -e AWS_SECRET_KEY= -e GPG_PASSPHRASE= docker hack/release.sh"
+    echo sg docker -c "docker run --rm --privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY= -e AWS_SECRET_KEY= -e GPG_PASSPHRASE= docker hack/release.sh"
     set +x
-    sg docker -c "docker run -rm -privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE docker hack/release.sh"
+    sg docker -c "docker run --rm --privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE docker hack/release.sh"
 else
     # Run the tests
-    sg docker -c "docker run -rm -privileged -v /home/docker-ci/coverage/docker:/data docker ./hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh"
+    sg docker -c "docker run --rm --privileged -v /home/docker-ci/coverage/docker:/data docker ./hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh"
 fi
diff --git a/hack/release.sh b/hack/release.sh
index 50913dd395..c380d2239a 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -31,7 +31,7 @@ docker run -e AWS_S3_BUCKET=get-staging.docker.io \
            -e AWS_ACCESS_KEY=AKI1234... \
            -e AWS_SECRET_KEY=sEs4mE... \
            -e GPG_PASSPHRASE=m0resEs4mE... \
-           -i -t -privileged \
+           -i -t --privileged \
            docker ./hack/release.sh
 EOF
 	exit 1
diff --git a/integration/commands_test.go b/integration/commands_test.go
index d226cd7133..dba15842c7 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -739,7 +739,7 @@ func TestRunAutoRemove(t *testing.T) {
 	c := make(chan struct{})
 	go func() {
 		defer close(c)
-		if err := cli.CmdRun("-rm", unitTestImageID, "hostname"); err != nil {
+		if err := cli.CmdRun("--rm", unitTestImageID, "hostname"); err != nil {
 			t.Fatal(err)
 		}
 	}()
diff --git a/integration/container_test.go b/integration/container_test.go
index 4efb95a2a1..c32a8bcff7 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1580,7 +1580,7 @@ func TestPrivilegedCanMknod(t *testing.T) {
 	eng := NewTestEngine(t)
 	runtime := mkRuntimeFromEngine(eng, t)
 	defer runtime.Nuke()
-	if output, err := runContainer(eng, runtime, []string{"-privileged", "_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" {
+	if output, err := runContainer(eng, runtime, []string{"--privileged", "_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" {
 		t.Fatalf("Could not mknod into privileged container %s %v", output, err)
 	}
 }
@@ -1589,7 +1589,7 @@ func TestPrivilegedCanMount(t *testing.T) {
 	eng := NewTestEngine(t)
 	runtime := mkRuntimeFromEngine(eng, t)
 	defer runtime.Nuke()
-	if output, _ := runContainer(eng, runtime, []string{"-privileged", "_", "sh", "-c", "mount -t tmpfs none /tmp && echo ok"}, t); output != "ok\n" {
+	if output, _ := runContainer(eng, runtime, []string{"--privileged", "_", "sh", "-c", "mount -t tmpfs none /tmp && echo ok"}, t); output != "ok\n" {
 		t.Fatal("Could not mount into privileged container")
 	}
 }
diff --git a/integration/server_test.go b/integration/server_test.go
index e9781777e1..54ee9a77a9 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -203,7 +203,7 @@ func TestCreateRmRunning(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()
 
-	config, hostConfig, _, err := runconfig.Parse([]string{"-name", "foo", unitTestImageID, "sleep 300"}, nil)
+	config, hostConfig, _, err := runconfig.Parse([]string{"--name", "foo", unitTestImageID, "sleep 300"}, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 40d53fa2f4..46e4691b93 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -20,21 +20,21 @@ func mustParse(t *testing.T, args string) (*Config, *HostConfig) {
 }
 
 func TestParseRunLinks(t *testing.T) {
-	if _, hostConfig := mustParse(t, "-link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
+	if _, hostConfig := mustParse(t, "--link a:b"); len(hostConfig.Links) == 0 || hostConfig.Links[0] != "a:b" {
 		t.Fatalf("Error parsing links. Expected []string{\"a:b\"}, received: %v", hostConfig.Links)
 	}
-	if _, hostConfig := mustParse(t, "-link a:b -link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
+	if _, hostConfig := mustParse(t, "--link a:b --link c:d"); len(hostConfig.Links) < 2 || hostConfig.Links[0] != "a:b" || hostConfig.Links[1] != "c:d" {
 		t.Fatalf("Error parsing links. Expected []string{\"a:b\", \"c:d\"}, received: %v", hostConfig.Links)
 	}
 	if _, hostConfig := mustParse(t, ""); len(hostConfig.Links) != 0 {
 		t.Fatalf("Error parsing links. No link expected, received: %v", hostConfig.Links)
 	}
 
-	if _, _, err := parse(t, "-link a"); err == nil {
-		t.Fatalf("Error parsing links. `-link a` should be an error but is not")
+	if _, _, err := parse(t, "--link a"); err == nil {
+		t.Fatalf("Error parsing links. `--link a` should be an error but is not")
 	}
-	if _, _, err := parse(t, "-link"); err == nil {
-		t.Fatalf("Error parsing links. `-link` should be an error but is not")
+	if _, _, err := parse(t, "--link"); err == nil {
+		t.Fatalf("Error parsing links. `--link` should be an error but is not")
 	}
 }
 
@@ -73,8 +73,8 @@ func TestParseRunAttach(t *testing.T) {
 	if _, _, err := parse(t, "-a stderr -d"); err == nil {
 		t.Fatalf("Error parsing attach flags, `-a stderr -d` should be an error but is not")
 	}
-	if _, _, err := parse(t, "-d -rm"); err == nil {
-		t.Fatalf("Error parsing attach flags, `-d -rm` should be an error but is not")
+	if _, _, err := parse(t, "-d --rm"); err == nil {
+		t.Fatalf("Error parsing attach flags, `-d --rm` should be an error but is not")
 	}
 }
 
diff --git a/runconfig/parse.go b/runconfig/parse.go
index d481da8d3b..2138f4e68c 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -15,7 +15,7 @@ import (
 var (
 	ErrInvalidWorikingDirectory = fmt.Errorf("The working directory is invalid. It needs to be an absolute path.")
 	ErrConflictAttachDetach     = fmt.Errorf("Conflicting options: -a and -d")
-	ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: -rm and -d")
+	ErrConflictDetachAutoRemove = fmt.Errorf("Conflicting options: --rm and -d")
 )
 
 //FIXME Only used in tests
@@ -74,7 +74,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host")
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
-	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options -lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err

From 029aac96396f5a9d76adf5e4675d27321273dfbd Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Thu, 13 Mar 2014 11:11:02 -0700
Subject: [PATCH 075/384] Use BSD raw mode on darwin. Fixes nano, tmux and
 others

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 pkg/term/termios_darwin.go  | 39 ++++++++++++++++++++++++-------------
 pkg/term/termios_freebsd.go |  2 --
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/pkg/term/termios_darwin.go b/pkg/term/termios_darwin.go
index 24e79de4b2..11cd70d10b 100644
--- a/pkg/term/termios_darwin.go
+++ b/pkg/term/termios_darwin.go
@@ -9,16 +9,24 @@ const (
 	getTermios = syscall.TIOCGETA
 	setTermios = syscall.TIOCSETA
 
-	ECHO   = 0x00000008
-	ONLCR  = 0x2
-	ISTRIP = 0x20
-	INLCR  = 0x40
-	ISIG   = 0x80
-	IGNCR  = 0x80
-	ICANON = 0x100
-	ICRNL  = 0x100
-	IXOFF  = 0x400
-	IXON   = 0x200
+	IGNBRK = syscall.IGNBRK
+	PARMRK = syscall.PARMRK
+	INLCR  = syscall.INLCR
+	IGNCR  = syscall.IGNCR
+	ECHONL = syscall.ECHONL
+	CSIZE  = syscall.CSIZE
+	ICRNL  = syscall.ICRNL
+	ISTRIP = syscall.ISTRIP
+	PARENB = syscall.PARENB
+	ECHO   = syscall.ECHO
+	ICANON = syscall.ICANON
+	ISIG   = syscall.ISIG
+	IXON   = syscall.IXON
+	BRKINT = syscall.BRKINT
+	INPCK  = syscall.INPCK
+	OPOST  = syscall.OPOST
+	CS8    = syscall.CS8
+	IEXTEN = syscall.IEXTEN
 )
 
 type Termios struct {
@@ -41,10 +49,13 @@ func MakeRaw(fd uintptr) (*State, error) {
 	}
 
 	newState := oldState.termios
-	newState.Iflag &^= (ISTRIP | INLCR | IGNCR | IXON | IXOFF)
-	newState.Iflag |= ICRNL
-	newState.Oflag |= ONLCR
-	newState.Lflag &^= (ECHO | ICANON | ISIG)
+	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)
+	newState.Oflag &^= OPOST
+	newState.Lflag &^= (ECHO | ECHONL | ICANON | ISIG | IEXTEN)
+	newState.Cflag &^= (CSIZE | PARENB)
+	newState.Cflag |= CS8
+	newState.Cc[syscall.VMIN] = 1
+	newState.Cc[syscall.VTIME] = 0
 
 	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(setTermios), uintptr(unsafe.Pointer(&newState))); err != 0 {
 		return nil, err
diff --git a/pkg/term/termios_freebsd.go b/pkg/term/termios_freebsd.go
index 9acf9dfe15..ed3659572c 100644
--- a/pkg/term/termios_freebsd.go
+++ b/pkg/term/termios_freebsd.go
@@ -47,8 +47,6 @@ func MakeRaw(fd uintptr) (*State, error) {
 	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(getTermios), uintptr(unsafe.Pointer(&oldState.termios))); err != 0 {
 		return nil, err
 	}
-	//	C.makeraw()
-	//	return &oldState, nil
 
 	newState := oldState.termios
 	newState.Iflag &^= (IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR | ICRNL | IXON)

From 636959e20ae368e470a5c2420aae4528245b2cf6 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 3 Mar 2014 19:19:00 +0100
Subject: [PATCH 076/384] Move .dockerenv parsing to lxc driver

This is not needed for e.g. the native driver

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 execdriver/lxc/driver.go |  4 ++++
 execdriver/lxc/init.go   | 30 ++++++++++++++++++++++++++++++
 sysinit/sysinit.go       | 30 ------------------------------
 3 files changed, 34 insertions(+), 30 deletions(-)

diff --git a/execdriver/lxc/driver.go b/execdriver/lxc/driver.go
index b398cb1a37..9abec8ac3f 100644
--- a/execdriver/lxc/driver.go
+++ b/execdriver/lxc/driver.go
@@ -21,6 +21,10 @@ const DriverName = "lxc"
 
 func init() {
 	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
+		if err := setupEnv(args); err != nil {
+			return err
+		}
+
 		if err := setupHostname(args); err != nil {
 			return err
 		}
diff --git a/execdriver/lxc/init.go b/execdriver/lxc/init.go
index e138915212..0f134088a3 100644
--- a/execdriver/lxc/init.go
+++ b/execdriver/lxc/init.go
@@ -1,17 +1,47 @@
 package lxc
 
 import (
+	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/execdriver"
 	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/pkg/user"
 	"github.com/syndtr/gocapability/capability"
+	"io/ioutil"
 	"net"
 	"os"
 	"strings"
 	"syscall"
 )
 
+// Clear environment pollution introduced by lxc-start
+func setupEnv(args *execdriver.InitArgs) error {
+	// Get env
+	var env []string
+	content, err := ioutil.ReadFile(".dockerenv")
+	if err != nil {
+		return fmt.Errorf("Unable to load environment variables: %v", err)
+	}
+	if err := json.Unmarshal(content, &env); err != nil {
+		return fmt.Errorf("Unable to unmarshal environment variables: %v", err)
+	}
+	// Propagate the plugin-specific container env variable
+	env = append(env, "container="+os.Getenv("container"))
+
+	args.Env = env
+
+	os.Clearenv()
+	for _, kv := range args.Env {
+		parts := strings.SplitN(kv, "=", 2)
+		if len(parts) == 1 {
+			parts = append(parts, "")
+		}
+		os.Setenv(parts[0], parts[1])
+	}
+
+	return nil
+}
+
 func setupHostname(args *execdriver.InitArgs) error {
 	hostname := getEnv(args, "HOSTNAME")
 	if hostname == "" {
diff --git a/sysinit/sysinit.go b/sysinit/sysinit.go
index c84c05982c..56508b105d 100644
--- a/sysinit/sysinit.go
+++ b/sysinit/sysinit.go
@@ -1,33 +1,16 @@
 package sysinit
 
 import (
-	"encoding/json"
 	"flag"
 	"fmt"
 	"github.com/dotcloud/docker/execdriver"
 	_ "github.com/dotcloud/docker/execdriver/lxc"
 	_ "github.com/dotcloud/docker/execdriver/native"
-	"io/ioutil"
 	"log"
 	"os"
-	"strings"
 )
 
-// Clear environment pollution introduced by lxc-start
-func setupEnv(args *execdriver.InitArgs) {
-	os.Clearenv()
-	for _, kv := range args.Env {
-		parts := strings.SplitN(kv, "=", 2)
-		if len(parts) == 1 {
-			parts = append(parts, "")
-		}
-		os.Setenv(parts[0], parts[1])
-	}
-}
-
 func executeProgram(args *execdriver.InitArgs) error {
-	setupEnv(args)
-
 	dockerInitFct, err := execdriver.GetInitFunc(args.Driver)
 	if err != nil {
 		panic(err)
@@ -59,25 +42,12 @@ func SysInit() {
 	)
 	flag.Parse()
 
-	// Get env
-	var env []string
-	content, err := ioutil.ReadFile(".dockerenv")
-	if err != nil {
-		log.Fatalf("Unable to load environment variables: %v", err)
-	}
-	if err := json.Unmarshal(content, &env); err != nil {
-		log.Fatalf("Unable to unmarshal environment variables: %v", err)
-	}
-	// Propagate the plugin-specific container env variable
-	env = append(env, "container="+os.Getenv("container"))
-
 	args := &execdriver.InitArgs{
 		User:       *user,
 		Gateway:    *gateway,
 		Ip:         *ip,
 		WorkDir:    *workDir,
 		Privileged: *privileged,
-		Env:        env,
 		Args:       flag.Args(),
 		Mtu:        *mtu,
 		Driver:     *driver,

From 6c266c4b42eeabe2d433a994753d86637fe52a0b Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 3 Mar 2014 16:15:29 +0100
Subject: [PATCH 077/384] Move all bind-mounts in the container inside the
 namespace

This moves the bind mounts like /.dockerinit, /etc/hostname, volumes,
etc into the container namespace, by setting them up using lxc.

This is useful to avoid littering the global namespace with a lot of
mounts that are internal to each container and are not generally
needed on the outside. In particular, it seems that having a lot of
mounts is problematic wrt scaling to a lot of containers on systems
where the root filesystem is mounted --rshared.

Note that the "private" option is only supported by the native driver, as
lxc doesn't support setting this. This is not a huge problem, but it does
mean that some mounts are unnecessarily shared inside the container if you're
using the lxc driver.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 execdriver/driver.go                  |  8 ++++
 execdriver/execdrivers/execdrivers.go |  4 +-
 execdriver/lxc/lxc_template.go        |  8 ++++
 execdriver/native/default_template.go |  4 ++
 execdriver/native/driver.go           | 10 ++--
 pkg/libcontainer/container.go         | 10 ++++
 pkg/libcontainer/nsinit/init.go       |  2 +-
 pkg/libcontainer/nsinit/mount.go      | 20 +++++++-
 runtime/container.go                  |  6 +--
 runtime/runtime.go                    |  2 +-
 runtime/volumes.go                    | 68 +++++++--------------------
 11 files changed, 78 insertions(+), 64 deletions(-)

diff --git a/execdriver/driver.go b/execdriver/driver.go
index ec8f48f52d..ff37b6bc5b 100644
--- a/execdriver/driver.go
+++ b/execdriver/driver.go
@@ -97,6 +97,13 @@ type Resources struct {
 	CpuShares  int64 `json:"cpu_shares"`
 }
 
+type Mount struct {
+	Source      string `json:"source"`
+	Destination string `json:"destination"`
+	Writable    bool   `json:"writable"`
+	Private     bool   `json:"private"`
+}
+
 // Process wrapps an os/exec.Cmd to add more metadata
 type Command struct {
 	exec.Cmd `json:"-"`
@@ -114,6 +121,7 @@ type Command struct {
 	Network    *Network   `json:"network"` // if network is nil then networking is disabled
 	Config     []string   `json:"config"`  //  generic values that specific drivers can consume
 	Resources  *Resources `json:"resources"`
+	Mounts     []Mount    `json:"mounts"`
 
 	Terminal     Terminal `json:"-"`             // standard or tty terminal
 	Console      string   `json:"-"`             // dev/console path
diff --git a/execdriver/execdrivers/execdrivers.go b/execdriver/execdrivers/execdrivers.go
index 95b2fc634d..7486d649c1 100644
--- a/execdriver/execdrivers/execdrivers.go
+++ b/execdriver/execdrivers/execdrivers.go
@@ -9,7 +9,7 @@ import (
 	"path"
 )
 
-func NewDriver(name, root string, sysInfo *sysinfo.SysInfo) (execdriver.Driver, error) {
+func NewDriver(name, root, initPath string, sysInfo *sysinfo.SysInfo) (execdriver.Driver, error) {
 	switch name {
 	case "lxc":
 		// we want to five the lxc driver the full docker root because it needs
@@ -17,7 +17,7 @@ func NewDriver(name, root string, sysInfo *sysinfo.SysInfo) (execdriver.Driver,
 		// to be backwards compatible
 		return lxc.NewDriver(root, sysInfo.AppArmor)
 	case "native":
-		return native.NewDriver(path.Join(root, "execdriver", "native"))
+		return native.NewDriver(path.Join(root, "execdriver", "native"), initPath)
 	}
 	return nil, fmt.Errorf("unknown exec driver %s", name)
 }
diff --git a/execdriver/lxc/lxc_template.go b/execdriver/lxc/lxc_template.go
index 1181396a18..84cd4e442e 100644
--- a/execdriver/lxc/lxc_template.go
+++ b/execdriver/lxc/lxc_template.go
@@ -88,6 +88,14 @@ lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bi
 lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,nosuid,noexec 0 0
 lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0
 
+{{range $value := .Mounts}}
+{{if $value.Writable}}
+lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none bind,rw 0 0
+{{else}}
+lxc.mount.entry = {{$value.Source}} {{escapeFstabSpaces $ROOTFS}}/{{escapeFstabSpaces $value.Destination}} none bind,ro 0 0
+{{end}}
+{{end}}
+
 {{if .Privileged}}
 {{if .AppArmor}}
 lxc.aa_profile = unconfined
diff --git a/execdriver/native/default_template.go b/execdriver/native/default_template.go
index 6e7d597b7b..2798f3b084 100644
--- a/execdriver/native/default_template.go
+++ b/execdriver/native/default_template.go
@@ -48,6 +48,10 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 	// check to see if we are running in ramdisk to disable pivot root
 	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
 
+	for _, m := range c.Mounts {
+		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
+	}
+
 	return container
 }
 
diff --git a/execdriver/native/driver.go b/execdriver/native/driver.go
index 452e802523..f6c7242620 100644
--- a/execdriver/native/driver.go
+++ b/execdriver/native/driver.go
@@ -55,10 +55,11 @@ func init() {
 }
 
 type driver struct {
-	root string
+	root     string
+	initPath string
 }
 
-func NewDriver(root string) (*driver, error) {
+func NewDriver(root, initPath string) (*driver, error) {
 	if err := os.MkdirAll(root, 0700); err != nil {
 		return nil, err
 	}
@@ -66,7 +67,8 @@ func NewDriver(root string) (*driver, error) {
 		return nil, err
 	}
 	return &driver{
-		root: root,
+		root:     root,
+		initPath: initPath,
 	}, nil
 }
 
@@ -210,7 +212,7 @@ func (d *dockerCommandFactory) Create(container *libcontainer.Container, console
 	// we need to join the rootfs because nsinit will setup the rootfs and chroot
 	initPath := filepath.Join(d.c.Rootfs, d.c.InitPath)
 
-	d.c.Path = initPath
+	d.c.Path = d.driver.initPath
 	d.c.Args = append([]string{
 		initPath,
 		"-driver", DriverName,
diff --git a/pkg/libcontainer/container.go b/pkg/libcontainer/container.go
index a777da58a4..14b4b65db7 100644
--- a/pkg/libcontainer/container.go
+++ b/pkg/libcontainer/container.go
@@ -23,6 +23,7 @@ type Container struct {
 	Networks     []*Network      `json:"networks,omitempty"`      // nil for host's network stack
 	Cgroups      *cgroups.Cgroup `json:"cgroups,omitempty"`       // cgroups
 	Context      Context         `json:"context,omitempty"`       // generic context for specific options (apparmor, selinux)
+	Mounts       []Mount         `json:"mounts,omitempty"`
 }
 
 // Network defines configuration for a container's networking stack
@@ -36,3 +37,12 @@ type Network struct {
 	Gateway string  `json:"gateway,omitempty"`
 	Mtu     int     `json:"mtu,omitempty"`
 }
+
+// Bind mounts from the host system to the container
+//
+type Mount struct {
+	Source      string `json:"source"`      // Source path, in the host namespace
+	Destination string `json:"destination"` // Destination path, in the container
+	Writable    bool   `json:"writable"`
+	Private     bool   `json:"private"`
+}
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 336fc1eaaf..5d47b95057 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -51,7 +51,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
-	if err := setupNewMountNamespace(rootfs, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
+	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
 	if err := setupNetwork(container, context); err != nil {
diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 83577cfa8c..562ae25a59 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -4,6 +4,7 @@ package nsinit
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
 	"io/ioutil"
 	"os"
@@ -19,7 +20,7 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD
 //
 // There is no need to unmount the new mounts because as soon as the mount namespace
 // is no longer in use, the mounts will be removed automatically
-func setupNewMountNamespace(rootfs, console string, readonly, noPivotRoot bool) error {
+func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, console string, readonly, noPivotRoot bool) error {
 	flag := syscall.MS_PRIVATE
 	if noPivotRoot {
 		flag = syscall.MS_SLAVE
@@ -38,6 +39,23 @@ func setupNewMountNamespace(rootfs, console string, readonly, noPivotRoot bool)
 	if err := mountSystem(rootfs); err != nil {
 		return fmt.Errorf("mount system %s", err)
 	}
+
+	for _, m := range bindMounts {
+		flags := syscall.MS_BIND | syscall.MS_REC
+		if !m.Writable {
+			flags = flags | syscall.MS_RDONLY
+		}
+		dest := filepath.Join(rootfs, m.Destination)
+		if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
+			return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err)
+		}
+		if m.Private {
+			if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
+				return fmt.Errorf("mounting %s private %s", dest, err)
+			}
+		}
+	}
+
 	if err := copyDevNodes(rootfs); err != nil {
 		return fmt.Errorf("copy dev nodes %s", err)
 	}
diff --git a/runtime/container.go b/runtime/container.go
index 813147e508..2a98149f27 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -529,13 +529,13 @@ func (container *Container) Start() (err error) {
 		return err
 	}
 
+	populateCommand(container)
+	container.command.Env = env
+
 	if err := mountVolumesForContainer(container, envPath); err != nil {
 		return err
 	}
 
-	populateCommand(container)
-	container.command.Env = env
-
 	// Setup logging of stdout and stderr to disk
 	if err := container.runtime.LogToDisk(container.stdout, container.logPath("json"), "stdout"); err != nil {
 		return err
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 72245a4555..28e7bbd1e4 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -733,7 +733,7 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 	}
 
 	sysInfo := sysinfo.New(false)
-	ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInfo)
+	ed, err := execdrivers.NewDriver(config.ExecDriver, config.Root, sysInitPath, sysInfo)
 	if err != nil {
 		return nil, err
 	}
diff --git a/runtime/volumes.go b/runtime/volumes.go
index 1a548eca47..81a305f72c 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -3,6 +3,7 @@ package runtime
 import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/execdriver"
 	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
@@ -55,70 +56,33 @@ func mountVolumesForContainer(container *Container, envPath string) error {
 		return err
 	}
 
-	// Mount docker specific files into the containers root fs
-	if err := mount.Mount(runtime.sysInitPath, filepath.Join(root, "/.dockerinit"), "none", "bind,ro"); err != nil {
-		return err
-	}
-	if err := mount.Mount(envPath, filepath.Join(root, "/.dockerenv"), "none", "bind,ro"); err != nil {
-		return err
-	}
-	if err := mount.Mount(container.ResolvConfPath, filepath.Join(root, "/etc/resolv.conf"), "none", "bind,ro"); err != nil {
-		return err
+	mounts := []execdriver.Mount{
+		{runtime.sysInitPath, "/.dockerinit", false, true},
+		{envPath, "/.dockerenv", false, true},
+		{container.ResolvConfPath, "/etc/resolv.conf", false, true},
 	}
 
 	if container.HostnamePath != "" && container.HostsPath != "" {
-		if err := mount.Mount(container.HostnamePath, filepath.Join(root, "/etc/hostname"), "none", "bind,ro"); err != nil {
-			return err
-		}
-		if err := mount.Mount(container.HostsPath, filepath.Join(root, "/etc/hosts"), "none", "bind,ro"); err != nil {
-			return err
-		}
+		mounts = append(mounts, execdriver.Mount{container.HostnamePath, "/etc/hostname", false, true})
+		mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", false, true})
 	}
 
 	// Mount user specified volumes
+	// Note, these are not private because you may want propagation of (un)mounts from host
+	// volumes. For instance if you use -v /usr:/usr and the host later mounts /usr/share you
+	// want this new mount in the container
 	for r, v := range container.Volumes {
-		mountAs := "ro"
-		if container.VolumesRW[r] {
-			mountAs = "rw"
-		}
-
-		r = filepath.Join(root, r)
-		if p, err := utils.FollowSymlinkInScope(r, root); err != nil {
-			return err
-		} else {
-			r = p
-		}
-
-		if err := mount.Mount(v, r, "none", fmt.Sprintf("bind,%s", mountAs)); err != nil {
-			return err
-		}
+		mounts = append(mounts, execdriver.Mount{v, r, container.VolumesRW[r], false})
 	}
+
+	container.command.Mounts = mounts
+
 	return nil
 }
 
 func unmountVolumesForContainer(container *Container) {
-	var (
-		root   = container.RootfsPath()
-		mounts = []string{
-			root,
-			filepath.Join(root, "/.dockerinit"),
-			filepath.Join(root, "/.dockerenv"),
-			filepath.Join(root, "/etc/resolv.conf"),
-		}
-	)
-
-	if container.HostnamePath != "" && container.HostsPath != "" {
-		mounts = append(mounts, filepath.Join(root, "/etc/hostname"), filepath.Join(root, "/etc/hosts"))
-	}
-
-	for r := range container.Volumes {
-		mounts = append(mounts, filepath.Join(root, r))
-	}
-
-	for i := len(mounts) - 1; i >= 0; i-- {
-		if lastError := mount.Unmount(mounts[i]); lastError != nil {
-			log.Printf("Failed to umount %v: %v", mounts[i], lastError)
-		}
+	if err := mount.Unmount(container.RootfsPath()); err != nil {
+		log.Printf("Failed to umount container: %v", err)
 	}
 }
 

From bf1b27dfcc6c4e049706d7d104e1abc5c330815d Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 4 Mar 2014 10:16:09 +0100
Subject: [PATCH 078/384] Don't use separate bind mount for container

Since we're not not mounting anything but the base filesystem outside
the container we no longer need the separate bind mount at
/var/lib/docker/container/$id/root in order to see the base filesystem
without extra mounts. So, we drop this and mount (again) the container
root directly at the real basefs mountpoint.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 buildfile.go              |  2 +-
 integration/utils_test.go |  2 +-
 runtime/container.go      | 10 +---------
 runtime/runtime.go        |  2 --
 runtime/volumes.go        | 32 ++------------------------------
 5 files changed, 5 insertions(+), 43 deletions(-)

diff --git a/buildfile.go b/buildfile.go
index 959b085685..e4b3d28e9c 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -374,7 +374,7 @@ func (b *buildFile) checkPathForAddition(orig string) error {
 func (b *buildFile) addContext(container *runtime.Container, orig, dest string, remote bool) error {
 	var (
 		origPath = path.Join(b.contextPath, orig)
-		destPath = path.Join(container.BasefsPath(), dest)
+		destPath = path.Join(container.RootfsPath(), dest)
 	)
 	// Preserve the trailing '/'
 	if strings.HasSuffix(dest, "/") {
diff --git a/integration/utils_test.go b/integration/utils_test.go
index 88f2cc49c3..53b4674df7 100644
--- a/integration/utils_test.go
+++ b/integration/utils_test.go
@@ -71,7 +71,7 @@ func containerFileExists(eng *engine.Engine, id, dir string, t utils.Fataler) bo
 		t.Fatal(err)
 	}
 	defer c.Unmount()
-	if _, err := os.Stat(path.Join(c.BasefsPath(), dir)); err != nil {
+	if _, err := os.Stat(path.Join(c.RootfsPath(), dir)); err != nil {
 		if os.IsNotExist(err) {
 			return false
 		}
diff --git a/runtime/container.go b/runtime/container.go
index 2a98149f27..ee545db201 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -532,7 +532,7 @@ func (container *Container) Start() (err error) {
 	populateCommand(container)
 	container.command.Env = env
 
-	if err := mountVolumesForContainer(container, envPath); err != nil {
+	if err := setupMountsForContainer(container, envPath); err != nil {
 		return err
 	}
 
@@ -843,8 +843,6 @@ func (container *Container) cleanup() {
 		}
 	}
 
-	unmountVolumesForContainer(container)
-
 	if err := container.Unmount(); err != nil {
 		log.Printf("%v: Failed to umount filesystem: %v", container.ID, err)
 	}
@@ -1039,12 +1037,6 @@ func (container *Container) EnvConfigPath() (string, error) {
 // This method must be exported to be used from the lxc template
 // This directory is only usable when the container is running
 func (container *Container) RootfsPath() string {
-	return path.Join(container.root, "root")
-}
-
-// This is the stand-alone version of the root fs, without any additional mounts.
-// This directory is usable whenever the container is mounted (and not unmounted)
-func (container *Container) BasefsPath() string {
 	return container.basefs
 }
 
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 28e7bbd1e4..b364d1d270 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -174,7 +174,6 @@ func (runtime *Runtime) Register(container *Container) error {
 				runtime.execDriver.Kill(command, 9)
 			}
 			// ensure that the filesystem is also unmounted
-			unmountVolumesForContainer(container)
 			if err := container.Unmount(); err != nil {
 				utils.Debugf("ghost unmount error %s", err)
 			}
@@ -185,7 +184,6 @@ func (runtime *Runtime) Register(container *Container) error {
 			utils.Debugf("Container %s was supposed to be running but is not.", container.ID)
 			if runtime.config.AutoRestart {
 				utils.Debugf("Restarting")
-				unmountVolumesForContainer(container)
 				if err := container.Unmount(); err != nil {
 					utils.Debugf("restart unmount error %s", err)
 				}
diff --git a/runtime/volumes.go b/runtime/volumes.go
index 81a305f72c..9cb66aae44 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -4,10 +4,8 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/execdriver"
-	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -35,29 +33,9 @@ func prepareVolumesForContainer(container *Container) error {
 	return nil
 }
 
-func mountVolumesForContainer(container *Container, envPath string) error {
-	// Setup the root fs as a bind mount of the base fs
-	var (
-		root    = container.RootfsPath()
-		runtime = container.runtime
-	)
-	if err := os.MkdirAll(root, 0755); err != nil && !os.IsExist(err) {
-		return nil
-	}
-
-	// Create a bind mount of the base fs as a place where we can add mounts
-	// without affecting the ability to access the base fs
-	if err := mount.Mount(container.basefs, root, "none", "bind,rw"); err != nil {
-		return err
-	}
-
-	// Make sure the root fs is private so the mounts here don't propagate to basefs
-	if err := mount.ForceMount(root, root, "none", "private"); err != nil {
-		return err
-	}
-
+func setupMountsForContainer(container *Container, envPath string) error {
 	mounts := []execdriver.Mount{
-		{runtime.sysInitPath, "/.dockerinit", false, true},
+		{container.runtime.sysInitPath, "/.dockerinit", false, true},
 		{envPath, "/.dockerenv", false, true},
 		{container.ResolvConfPath, "/etc/resolv.conf", false, true},
 	}
@@ -80,12 +58,6 @@ func mountVolumesForContainer(container *Container, envPath string) error {
 	return nil
 }
 
-func unmountVolumesForContainer(container *Container) {
-	if err := mount.Unmount(container.RootfsPath()); err != nil {
-		log.Printf("Failed to umount container: %v", err)
-	}
-}
-
 func applyVolumesFrom(container *Container) error {
 	if container.Config.VolumesFrom != "" {
 		for _, containerSpec := range strings.Split(container.Config.VolumesFrom, ",") {

From 6fc83eefd9e8d78044a51250d2ad185513fddd27 Mon Sep 17 00:00:00 2001
From: Charlie Lewis <charliel@lab41.org>
Date: Thu, 13 Mar 2014 11:15:52 -0700
Subject: [PATCH 079/384] add a breakathon for testing

Docker-DCO-1.1-Signed-off-by: Charlie Lewis <charliel@lab41.org> (github: cglewis)
---
 hack/RELEASE-CHECKLIST.md | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/hack/RELEASE-CHECKLIST.md b/hack/RELEASE-CHECKLIST.md
index 6ef5d9cf58..1eb1646f25 100644
--- a/hack/RELEASE-CHECKLIST.md
+++ b/hack/RELEASE-CHECKLIST.md
@@ -178,7 +178,23 @@ docker run \
        hack/release.sh
 ```
 
-### 9. Apply tag
+### 9. Breakathon
+
+Spend several days along with the community explicitly investing time and
+resources to try and break Docker in every possible way, documenting any
+findings pertinent to the release.  This time should be spent testing and
+finding ways in which the release might have caused various features or upgrade
+environments to have issues, not coding.  During this time, the release is in
+code freeze, and any additional code changes will be pushed out to the next
+release.
+
+It should include various levels of breaking Docker, beyond just using Docker
+by the book.
+
+Any issues found may still remain issues for this release, but they should be
+documented and give appropriate warnings.
+
+### 10. Apply tag
 
 ```bash
 git tag -a $VERSION -m $VERSION bump_$VERSION
@@ -188,12 +204,12 @@ git push origin $VERSION
 It's very important that we don't make the tag until after the official
 release is uploaded to get.docker.io!
 
-### 10. Go to github to merge the `bump_$VERSION` branch into release
+### 11. Go to github to merge the `bump_$VERSION` branch into release
 
 Don't forget to push that pretty blue button to delete the leftover
 branch afterwards!
 
-### 11. Update the docs branch
+### 12. Update the docs branch
 
 ```bash
 git checkout docs
@@ -207,7 +223,7 @@ Updating the docs branch will automatically update the documentation on the
 after the merge. The docs will appear on http://docs.docker.io/. For more
 information about documentation releases, see `docs/README.md`.
 
-### 12. Create a new pull request to merge release back into master
+### 13. Create a new pull request to merge release back into master
 
 ```bash
 git checkout master
@@ -225,7 +241,7 @@ echo "https://github.com/dotcloud/docker/compare/master...merge_release_$VERSION
 Again, get two maintainers to validate, then merge, then push that pretty
 blue button to delete your branch.
 
-### 13. Rejoice and Evangelize!
+### 14. Rejoice and Evangelize!
 
 Congratulations! You're done.
 

From ab26c16b32420011b0aee3de1a3bce5a0afd6f4d Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Thu, 13 Mar 2014 13:58:09 -0700
Subject: [PATCH 080/384] Fix EXPOSE cache miss issue

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 buildfile.go       | 21 ++++++++++++++++++---
 runconfig/merge.go |  1 +
 runtime/runtime.go |  1 -
 server.go          |  1 -
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/buildfile.go b/buildfile.go
index 959b085685..dc9039f8d1 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/registry"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime"
@@ -304,8 +305,22 @@ func (b *buildFile) CmdEntrypoint(args string) error {
 }
 
 func (b *buildFile) CmdExpose(args string) error {
-	ports := strings.Split(args, " ")
-	b.config.PortSpecs = append(ports, b.config.PortSpecs...)
+	portsTab := strings.Split(args, " ")
+
+	if b.config.ExposedPorts == nil {
+		b.config.ExposedPorts = make(nat.PortSet)
+	}
+	ports, _, err := nat.ParsePortSpecs(append(portsTab, b.config.PortSpecs...))
+	if err != nil {
+		return err
+	}
+	for port := range ports {
+		if _, exists := b.config.ExposedPorts[port]; !exists {
+			b.config.ExposedPorts[port] = struct{}{}
+		}
+	}
+	b.config.PortSpecs = nil
+
 	return b.commit("", b.config.Cmd, fmt.Sprintf("EXPOSE %v", ports))
 }
 
@@ -686,12 +701,12 @@ func (b *buildFile) commit(id string, autoCmd []string, comment string) error {
 		b.tmpContainers[container.ID] = struct{}{}
 		fmt.Fprintf(b.outStream, " ---> Running in %s\n", utils.TruncateID(container.ID))
 		id = container.ID
+
 		if err := container.Mount(); err != nil {
 			return err
 		}
 		defer container.Unmount()
 	}
-
 	container := b.runtime.Get(id)
 	if container == nil {
 		return fmt.Errorf("An error occured while creating the container")
diff --git a/runconfig/merge.go b/runconfig/merge.go
index a8d677baa8..3b91aa2af0 100644
--- a/runconfig/merge.go
+++ b/runconfig/merge.go
@@ -64,6 +64,7 @@ func Merge(userConf, imageConf *Config) error {
 			}
 		}
 	}
+
 	if !userConf.Tty {
 		userConf.Tty = imageConf.Tty
 	}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 72245a4555..e54acd15d3 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -542,7 +542,6 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 // The image can optionally be tagged into a repository
 func (runtime *Runtime) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*image.Image, error) {
 	// FIXME: freeze the container before copying it to avoid data corruption?
-	// FIXME: this shouldn't be in commands.
 	if err := container.Mount(); err != nil {
 		return nil, err
 	}
diff --git a/server.go b/server.go
index d4d6a39158..75fa633e8f 100644
--- a/server.go
+++ b/server.go
@@ -1970,7 +1970,6 @@ func (srv *Server) canDeleteImage(imgID string) error {
 }
 
 func (srv *Server) ImageGetCached(imgID string, config *runconfig.Config) (*image.Image, error) {
-
 	// Retrieve all images
 	images, err := srv.runtime.Graph().Map()
 	if err != nil {

From 747275d30c4d4eb25ca798394cc04db00912adb2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 13 Mar 2014 14:31:09 -0700
Subject: [PATCH 081/384] Always symlink /dev/ptmx for libcontainer
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/mount.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 83577cfa8c..072188ecd8 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -46,10 +46,8 @@ func setupNewMountNamespace(rootfs, console string, readonly, noPivotRoot bool)
 	if err := setupDev(rootfs); err != nil {
 		return err
 	}
-	if console != "" {
-		if err := setupPtmx(rootfs, console); err != nil {
-			return err
-		}
+	if err := setupPtmx(rootfs, console); err != nil {
+		return err
 	}
 	if err := system.Chdir(rootfs); err != nil {
 		return fmt.Errorf("chdir into %s %s", rootfs, err)
@@ -245,8 +243,10 @@ func setupPtmx(rootfs, console string) error {
 	if err := os.Symlink("pts/ptmx", ptmx); err != nil {
 		return fmt.Errorf("symlink dev ptmx %s", err)
 	}
-	if err := setupConsole(rootfs, console); err != nil {
-		return err
+	if console != "" {
+		if err := setupConsole(rootfs, console); err != nil {
+			return err
+		}
 	}
 	return nil
 }

From 3fa99b35b05d9159d6f7f4c7465dec747da2c4e1 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 12 Mar 2014 18:04:14 -0700
Subject: [PATCH 082/384] Don't kill by pid for other drivers

Closes #4575
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 runtime/runtime.go | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index b364d1d270..16117b9788 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -160,22 +160,16 @@ func (runtime *Runtime) Register(container *Container) error {
 		if container.State.IsGhost() {
 			utils.Debugf("killing ghost %s", container.ID)
 
-			existingPid := container.State.Pid
 			container.State.SetGhost(false)
 			container.State.SetStopped(0)
 
+			// We only have to handle this for lxc because the other drivers will ensure that
+			// no ghost processes are left when docker dies
 			if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") {
 				lxc.KillLxc(container.ID, 9)
-			} else {
-				command := &execdriver.Command{
-					ID: container.ID,
+				if err := container.Unmount(); err != nil {
+					utils.Debugf("ghost unmount error %s", err)
 				}
-				command.Process = &os.Process{Pid: existingPid}
-				runtime.execDriver.Kill(command, 9)
-			}
-			// ensure that the filesystem is also unmounted
-			if err := container.Unmount(); err != nil {
-				utils.Debugf("ghost unmount error %s", err)
 			}
 		}
 

From cbd2a30cd6185d1469f82f8b6693d6158c93d54a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 13 Mar 2014 15:18:08 -0700
Subject: [PATCH 083/384] Update libcontainer readme and todo list
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/README.md | 119 ++++++++++++++++++++++---------------
 pkg/libcontainer/TODO.md   |   8 +--
 2 files changed, 72 insertions(+), 55 deletions(-)

diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md
index d6e4dedd63..2c85111b97 100644
--- a/pkg/libcontainer/README.md
+++ b/pkg/libcontainer/README.md
@@ -16,54 +16,77 @@ process are specified in this file.  The configuration is used for each process
 Sample `container.json` file:
 ```json
 {
-    "hostname": "koye",
-    "tty": true,
-    "environment": [
-        "HOME=/",
-        "PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin",
-        "container=docker",
-        "TERM=xterm-256color"
-    ],
-    "namespaces": [
-        "NEWIPC",
-        "NEWNS",
-        "NEWPID",
-        "NEWUTS",
-        "NEWNET"
-    ],
-    "capabilities": [
-        "SETPCAP",
-        "SYS_MODULE",
-        "SYS_RAWIO",
-        "SYS_PACCT",
-        "SYS_ADMIN",
-        "SYS_NICE",
-        "SYS_RESOURCE",
-        "SYS_TIME",
-        "SYS_TTY_CONFIG",
-        "MKNOD",
-        "AUDIT_WRITE",
-        "AUDIT_CONTROL",
-        "MAC_OVERRIDE",
-        "MAC_ADMIN",
-        "NET_ADMIN"
-    ],
-    "networks": [{
-            "type": "veth",
-            "context": {
-                "bridge": "docker0",
-                "prefix": "dock"
-            },
-            "address": "172.17.0.100/16",
-            "gateway": "172.17.42.1",
-            "mtu": 1500
-        }
-    ],
-    "cgroups": {
-        "name": "docker-koye",
-        "parent": "docker",
-        "memory": 5248000
-    }
+   "hostname" : "koye",
+   "networks" : [
+      {
+         "gateway" : "172.17.42.1",
+         "context" : {
+            "bridge" : "docker0",
+            "prefix" : "veth"
+         },
+         "address" : "172.17.0.2/16",
+         "type" : "veth",
+         "mtu" : 1500
+      }
+   ],
+   "cgroups" : {
+      "parent" : "docker",
+      "name" : "11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620"
+   },
+   "tty" : true,
+   "environment" : [
+      "HOME=/",
+      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+      "HOSTNAME=11bb30683fb0",
+      "TERM=xterm"
+   ],
+   "capabilities" : [
+      "SETPCAP",
+      "SYS_MODULE",
+      "SYS_RAWIO",
+      "SYS_PACCT",
+      "SYS_ADMIN",
+      "SYS_NICE",
+      "SYS_RESOURCE",
+      "SYS_TIME",
+      "SYS_TTY_CONFIG",
+      "MKNOD",
+      "AUDIT_WRITE",
+      "AUDIT_CONTROL",
+      "MAC_OVERRIDE",
+      "MAC_ADMIN",
+      "NET_ADMIN"
+   ],
+   "context" : {
+      "apparmor_profile" : "docker-default"
+   },
+   "mounts" : [
+      {
+         "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/resolv.conf",
+         "writable" : false,
+         "destination" : "/etc/resolv.conf",
+         "private" : true
+      },
+      {
+         "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hostname",
+         "writable" : false,
+         "destination" : "/etc/hostname",
+         "private" : true
+      },
+      {
+         "source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hosts",
+         "writable" : false,
+         "destination" : "/etc/hosts",
+         "private" : true
+      }
+   ],
+   "namespaces" : [
+      "NEWNS",
+      "NEWUTS",
+      "NEWIPC",
+      "NEWPID",
+      "NEWNET"
+   ]
 }
 ```
 
diff --git a/pkg/libcontainer/TODO.md b/pkg/libcontainer/TODO.md
index f18c0b4c51..87224db85d 100644
--- a/pkg/libcontainer/TODO.md
+++ b/pkg/libcontainer/TODO.md
@@ -1,17 +1,11 @@
 #### goals
 * small and simple - line count is not everything but less code is better
-* clean lines between what we do in the pkg 
 * provide primitives for working with namespaces not cater to every option
 * extend via configuration not by features - host networking, no networking, veth network can be accomplished via adjusting the container.json, nothing to do with code
 
 #### tasks
-* proper tty for a new process in an existing container
-* use exec or raw syscalls for new process in existing container
-* setup proper user in namespace if specified
-* implement hook or clean interface for cgroups
+* reexec or raw syscalls for new process in existing container
 * example configs for different setups (host networking, boot init)
 * improve pkg documentation with comments
 * testing - this is hard in a low level pkg but we could do some, maybe
-* pivot root
 * selinux
-* apparmor

From 03f0ec35ae31420dd6a56883535056087b1a75dd Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Thu, 13 Mar 2014 22:26:42 +0000
Subject: [PATCH 084/384] as you could have multiple messages per line with
 streams, don't \r

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 utils/jsonmessage.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/jsonmessage.go b/utils/jsonmessage.go
index 9050dda746..f84cc42c78 100644
--- a/utils/jsonmessage.go
+++ b/utils/jsonmessage.go
@@ -85,7 +85,7 @@ func (jm *JSONMessage) Display(out io.Writer, isTerminal bool) error {
 		return jm.Error
 	}
 	var endl string
-	if isTerminal {
+	if isTerminal && jm.Stream == "" {
 		// <ESC>[2K = erase entire current line
 		fmt.Fprintf(out, "%c[2K\r", 27)
 		endl = "\r"

From 6411ee6d24d256e15909ea68b845b354dc51c4ed Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Thu, 13 Mar 2014 16:19:28 -0700
Subject: [PATCH 085/384] Have the exec driver and kernel version in non-debug
 mode in `docker info`

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/client.go b/api/client.go
index 6049a892c1..e6a74a3b53 100644
--- a/api/client.go
+++ b/api/client.go
@@ -432,7 +432,7 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 
 	fmt.Fprintf(cli.out, "Containers: %d\n", remoteInfo.GetInt("Containers"))
 	fmt.Fprintf(cli.out, "Images: %d\n", remoteInfo.GetInt("Images"))
-	fmt.Fprintf(cli.out, "Driver: %s\n", remoteInfo.Get("Driver"))
+	fmt.Fprintf(cli.out, "Storage Driver: %s\n", remoteInfo.Get("Driver"))
 	var driverStatus [][2]string
 	if err := remoteInfo.GetJson("DriverStatus", &driverStatus); err != nil {
 		return err
@@ -440,14 +440,15 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 	for _, pair := range driverStatus {
 		fmt.Fprintf(cli.out, " %s: %s\n", pair[0], pair[1])
 	}
+	fmt.Fprintf(cli.out, "Execution Driver: %s\n", remoteInfo.Get("ExecutionDriver"))
+	fmt.Fprintf(cli.out, "Kernel Version: %s\n", remoteInfo.Get("KernelVersion"))
+
 	if remoteInfo.GetBool("Debug") || os.Getenv("DEBUG") != "" {
 		fmt.Fprintf(cli.out, "Debug mode (server): %v\n", remoteInfo.GetBool("Debug"))
 		fmt.Fprintf(cli.out, "Debug mode (client): %v\n", os.Getenv("DEBUG") != "")
 		fmt.Fprintf(cli.out, "Fds: %d\n", remoteInfo.GetInt("NFd"))
 		fmt.Fprintf(cli.out, "Goroutines: %d\n", remoteInfo.GetInt("NGoroutines"))
-		fmt.Fprintf(cli.out, "Execution Driver: %s\n", remoteInfo.Get("ExecutionDriver"))
 		fmt.Fprintf(cli.out, "EventsListeners: %d\n", remoteInfo.GetInt("NEventsListener"))
-		fmt.Fprintf(cli.out, "Kernel Version: %s\n", remoteInfo.Get("KernelVersion"))
 
 		if initSha1 := remoteInfo.Get("InitSha1"); initSha1 != "" {
 			fmt.Fprintf(cli.out, "Init SHA1: %s\n", initSha1)

From 7b89af2a08b65fac064603cb3b5eb8e091e2c076 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Thu, 13 Mar 2014 14:03:03 -0700
Subject: [PATCH 086/384] Add unit test for expose cache

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 integration/buildfile_test.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index e5084d4355..f4ed61aaff 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
+	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"net"
@@ -492,7 +493,7 @@ func TestBuildExpose(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if img.Config.PortSpecs[0] != "4243" {
+	if _, exists := img.Config.ExposedPorts[nat.NewPort("tcp", "4243")]; !exists {
 		t.Fail()
 	}
 }
@@ -594,6 +595,17 @@ func TestBuildImageWithCache(t *testing.T) {
 	checkCacheBehavior(t, template, true)
 }
 
+func TestBuildExposeWithCache(t *testing.T) {
+	template := testContextTemplate{`
+        from {IMAGE}
+        maintainer dockerio
+	expose 80
+	run echo hello
+        `,
+		nil, nil}
+	checkCacheBehavior(t, template, true)
+}
+
 func TestBuildImageWithoutCache(t *testing.T) {
 	template := testContextTemplate{`
         from {IMAGE}
@@ -877,7 +889,7 @@ func TestBuildInheritance(t *testing.T) {
 	}
 
 	// from parent
-	if img.Config.PortSpecs[0] != "4243" {
+	if _, exists := img.Config.ExposedPorts[nat.NewPort("tcp", "4243")]; !exists {
 		t.Fail()
 	}
 }

From c349c9d14a1c4bf04f35f3f5c62b0bb92614bc81 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 00:47:13 +0000
Subject: [PATCH 087/384] create the cli obj before calling parseCommand

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client.go    | 4 +---
 docker/docker.go | 3 ++-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/api/client.go b/api/client.go
index 858c2bcf25..715f58ab06 100644
--- a/api/client.go
+++ b/api/client.go
@@ -57,9 +57,7 @@ func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
 	return method.Interface().(func(...string) error), true
 }
 
-func ParseCommands(proto, addr string, args ...string) error {
-	cli := NewDockerCli(os.Stdin, os.Stdout, os.Stderr, proto, addr)
-
+func (cli *DockerCli) ParseCommands(args ...string) error {
 	if len(args) > 0 {
 		method, exists := cli.getMethod(args[0])
 		if !exists {
diff --git a/docker/docker.go b/docker/docker.go
index cc4d40f3ac..749857a640 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -148,7 +148,8 @@ func main() {
 			log.Fatal("Please specify only one -H")
 		}
 		protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
-		if err := api.ParseCommands(protoAddrParts[0], protoAddrParts[1], flag.Args()...); err != nil {
+		cli := api.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1])
+		if err := cli.ParseCommands(flag.Args()...); err != nil {
 			if sterr, ok := err.(*utils.StatusError); ok {
 				if sterr.Status != "" {
 					log.Println(sterr.Status)

From f6efcf20943e656ca977f1fd0ae5197f5757dff4 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 13 Mar 2014 22:35:09 -0600
Subject: [PATCH 088/384] Fix sphinx header underline warnings I introduced...

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/reference/commandline/cli.rst | 4 ++--
 docs/sources/reference/run.rst             | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 83f05947c2..2371ed1b5f 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -374,7 +374,7 @@ The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', a
 Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container.
 
 Full --run example
-.................
+..................
 
 The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID``
 or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are
@@ -1172,7 +1172,7 @@ See :ref:`port_redirection` for more detailed information about the ``--expose``
 specific examples using ``--link``.
 
 Known Issues (run --volumes-from)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 * :issue:`2702`: "lxc-start: Permission denied - failed to mount"
   could indicate a permissions problem with AppArmor. Please see the
diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst
index 8637ac3071..0b4f7eebf4 100644
--- a/docs/sources/reference/run.rst
+++ b/docs/sources/reference/run.rst
@@ -113,7 +113,7 @@ Container Identification
 ------------------------
 
 Name (--name)
-............
+.............
 
 The operator can identify a container in three ways:
 
@@ -157,7 +157,7 @@ Your container will use the same DNS servers as the host by default,
 but you can override this with ``--dns``.
 
 Clean Up (--rm)
---------------
+---------------
 
 By default a container's file system persists even after the container
 exits. This makes debugging a lot easier (since you can inspect the

From ae47f709ca6a6c29b769191ceabb10e59a0408b1 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 13 Mar 2014 22:35:31 -0600
Subject: [PATCH 089/384] Make sphinx warnings fatal in Travis

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 8a43d9a462..b8e4d43fcc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,6 +25,6 @@ before_script:
 script:
   - hack/travis/dco.py
   - hack/travis/gofmt.py
-  - make -sC docs SPHINXOPTS=-q docs man
+  - make -sC docs SPHINXOPTS=-qW docs man
 
 # vim:set sw=2 ts=2:

From 5239aa1f11c32f3befc25fb2fa8a0ecf75ec4bf6 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 11 Mar 2014 10:40:06 -0700
Subject: [PATCH 090/384] Move server and buildfile into server pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 builtins/builtins.go                          |  4 +--
 buildfile.go => server/buildfile.go           | 30 +------------------
 server.go => server/server.go                 |  6 ++--
 .../server_unit_test.go                       |  2 +-
 utils/streamformatter.go                      | 29 ++++++++++++++++++
 5 files changed, 36 insertions(+), 35 deletions(-)
 rename buildfile.go => server/buildfile.go (96%)
 rename server.go => server/server.go (99%)
 rename server_unit_test.go => server/server_unit_test.go (99%)

diff --git a/builtins/builtins.go b/builtins/builtins.go
index ba3f41b1ca..eb4a0be874 100644
--- a/builtins/builtins.go
+++ b/builtins/builtins.go
@@ -3,9 +3,9 @@ package builtins
 import (
 	"github.com/dotcloud/docker/engine"
 
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/networkdriver/lxc"
+	"github.com/dotcloud/docker/server"
 )
 
 func Register(eng *engine.Engine) {
@@ -34,6 +34,6 @@ func remote(eng *engine.Engine) {
 // These components should be broken off into plugins of their own.
 //
 func daemon(eng *engine.Engine) {
-	eng.Register("initserver", docker.InitServer)
+	eng.Register("initserver", server.InitServer)
 	eng.Register("init_networkdriver", lxc.InitDriver)
 }
diff --git a/buildfile.go b/server/buildfile.go
similarity index 96%
rename from buildfile.go
rename to server/buildfile.go
index da72be60fb..af6702cc1d 100644
--- a/buildfile.go
+++ b/server/buildfile.go
@@ -1,4 +1,4 @@
-package docker
+package server
 
 import (
 	"crypto/sha256"
@@ -591,34 +591,6 @@ func (b *buildFile) CmdAdd(args string) error {
 	return nil
 }
 
-type StdoutFormater struct {
-	io.Writer
-	*utils.StreamFormatter
-}
-
-func (sf *StdoutFormater) Write(buf []byte) (int, error) {
-	formattedBuf := sf.StreamFormatter.FormatStream(string(buf))
-	n, err := sf.Writer.Write(formattedBuf)
-	if n != len(formattedBuf) {
-		return n, io.ErrShortWrite
-	}
-	return len(buf), err
-}
-
-type StderrFormater struct {
-	io.Writer
-	*utils.StreamFormatter
-}
-
-func (sf *StderrFormater) Write(buf []byte) (int, error) {
-	formattedBuf := sf.StreamFormatter.FormatStream("\033[91m" + string(buf) + "\033[0m")
-	n, err := sf.Writer.Write(formattedBuf)
-	if n != len(formattedBuf) {
-		return n, io.ErrShortWrite
-	}
-	return len(buf), err
-}
-
 func (b *buildFile) create() (*runtime.Container, error) {
 	if b.image == "" {
 		return nil, fmt.Errorf("Please provide a source image with `from` prior to run")
diff --git a/server.go b/server/server.go
similarity index 99%
rename from server.go
rename to server/server.go
index 75fa633e8f..eb9a3a396b 100644
--- a/server.go
+++ b/server/server.go
@@ -1,4 +1,4 @@
-package docker
+package server
 
 import (
 	"encoding/json"
@@ -456,11 +456,11 @@ func (srv *Server) Build(job *engine.Job) engine.Status {
 
 	sf := utils.NewStreamFormatter(job.GetenvBool("json"))
 	b := NewBuildFile(srv,
-		&StdoutFormater{
+		&utils.StdoutFormater{
 			Writer:          job.Stdout,
 			StreamFormatter: sf,
 		},
-		&StderrFormater{
+		&utils.StderrFormater{
 			Writer:          job.Stdout,
 			StreamFormatter: sf,
 		},
diff --git a/server_unit_test.go b/server/server_unit_test.go
similarity index 99%
rename from server_unit_test.go
rename to server/server_unit_test.go
index 6a90ca5892..b471c5c581 100644
--- a/server_unit_test.go
+++ b/server/server_unit_test.go
@@ -1,4 +1,4 @@
-package docker
+package server
 
 import (
 	"github.com/dotcloud/docker/utils"
diff --git a/utils/streamformatter.go b/utils/streamformatter.go
index 8876fa5cb7..d2758d3ca6 100644
--- a/utils/streamformatter.go
+++ b/utils/streamformatter.go
@@ -3,6 +3,7 @@ package utils
 import (
 	"encoding/json"
 	"fmt"
+	"io"
 )
 
 type StreamFormatter struct {
@@ -90,3 +91,31 @@ func (sf *StreamFormatter) Used() bool {
 func (sf *StreamFormatter) Json() bool {
 	return sf.json
 }
+
+type StdoutFormater struct {
+	io.Writer
+	*StreamFormatter
+}
+
+func (sf *StdoutFormater) Write(buf []byte) (int, error) {
+	formattedBuf := sf.StreamFormatter.FormatStream(string(buf))
+	n, err := sf.Writer.Write(formattedBuf)
+	if n != len(formattedBuf) {
+		return n, io.ErrShortWrite
+	}
+	return len(buf), err
+}
+
+type StderrFormater struct {
+	io.Writer
+	*StreamFormatter
+}
+
+func (sf *StderrFormater) Write(buf []byte) (int, error) {
+	formattedBuf := sf.StreamFormatter.FormatStream("\033[91m" + string(buf) + "\033[0m")
+	n, err := sf.Writer.Write(formattedBuf)
+	if n != len(formattedBuf) {
+		return n, io.ErrShortWrite
+	}
+	return len(buf), err
+}

From 8cf0b80a7843633018b66a35d9a55f30814a56b6 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 11 Mar 2014 10:44:23 -0700
Subject: [PATCH 091/384] Update integration tests for server pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration/buildfile_test.go | 12 ++++++------
 integration/server_test.go    |  4 ++--
 integration/utils_test.go     |  8 ++++----
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index f4ed61aaff..7f6e69ece3 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -2,11 +2,11 @@ package docker
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/server"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"net"
@@ -384,7 +384,7 @@ func buildImage(context testContextTemplate, t *testing.T, eng *engine.Engine, u
 	}
 	dockerfile := constructDockerfile(context.dockerfile, ip, port)
 
-	buildfile := docker.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, useCache, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
+	buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, useCache, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
 	id, err := buildfile.Build(context.Archive(dockerfile, t))
 	if err != nil {
 		return nil, err
@@ -799,7 +799,7 @@ func TestForbiddenContextPath(t *testing.T) {
 	}
 	dockerfile := constructDockerfile(context.dockerfile, ip, port)
 
-	buildfile := docker.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
+	buildfile := server.NewBuildFile(srv, ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
 	_, err = buildfile.Build(context.Archive(dockerfile, t))
 
 	if err == nil {
@@ -845,7 +845,7 @@ func TestBuildADDFileNotFound(t *testing.T) {
 	}
 	dockerfile := constructDockerfile(context.dockerfile, ip, port)
 
-	buildfile := docker.NewBuildFile(mkServerFromEngine(eng, t), ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
+	buildfile := server.NewBuildFile(mkServerFromEngine(eng, t), ioutil.Discard, ioutil.Discard, false, true, false, ioutil.Discard, utils.NewStreamFormatter(false), nil, nil)
 	_, err = buildfile.Build(context.Archive(dockerfile, t))
 
 	if err == nil {
@@ -917,8 +917,8 @@ func TestBuildFails(t *testing.T) {
 func TestBuildFailsDockerfileEmpty(t *testing.T) {
 	_, err := buildImage(testContextTemplate{``, nil, nil}, t, nil, true)
 
-	if err != docker.ErrDockerfileEmpty {
-		t.Fatal("Expected: %v, got: %v", docker.ErrDockerfileEmpty, err)
+	if err != server.ErrDockerfileEmpty {
+		t.Fatal("Expected: %v, got: %v", server.ErrDockerfileEmpty, err)
 	}
 }
 
diff --git a/integration/server_test.go b/integration/server_test.go
index 54ee9a77a9..49bd15e36f 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -1,9 +1,9 @@
 package docker
 
 import (
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/server"
 	"strings"
 	"testing"
 	"time"
@@ -739,7 +739,7 @@ func TestListContainers(t *testing.T) {
 	}
 }
 
-func assertContainerList(srv *docker.Server, all bool, limit int, since, before string, expected []string) bool {
+func assertContainerList(srv *server.Server, all bool, limit int, since, before string, expected []string) bool {
 	job := srv.Eng.Job("containers")
 	job.SetenvBool("all", all)
 	job.SetenvInt("limit", limit)
diff --git a/integration/utils_test.go b/integration/utils_test.go
index 53b4674df7..8ad6ccb123 100644
--- a/integration/utils_test.go
+++ b/integration/utils_test.go
@@ -14,11 +14,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/dotcloud/docker"
 	"github.com/dotcloud/docker/builtins"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime"
+	"github.com/dotcloud/docker/server"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -149,14 +149,14 @@ func getContainer(eng *engine.Engine, id string, t utils.Fataler) *runtime.Conta
 	return c
 }
 
-func mkServerFromEngine(eng *engine.Engine, t utils.Fataler) *docker.Server {
+func mkServerFromEngine(eng *engine.Engine, t utils.Fataler) *server.Server {
 	iSrv := eng.Hack_GetGlobalVar("httpapi.server")
 	if iSrv == nil {
 		panic("Legacy server field not set in engine")
 	}
-	srv, ok := iSrv.(*docker.Server)
+	srv, ok := iSrv.(*server.Server)
 	if !ok {
-		panic("Legacy server field in engine does not cast to *docker.Server")
+		panic("Legacy server field in engine does not cast to *server.Server")
 	}
 	return srv
 }

From 7294392c729de4c5884eb967f192b34a1d8857a7 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 13 Mar 2014 10:35:16 -0700
Subject: [PATCH 092/384] Add initial logging to libcontainer
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 execdriver/native/driver.go            |  9 +++--
 pkg/libcontainer/nsinit/command.go     |  3 +-
 pkg/libcontainer/nsinit/exec.go        | 16 +++++++--
 pkg/libcontainer/nsinit/execin.go      |  3 ++
 pkg/libcontainer/nsinit/init.go        | 11 ++++--
 pkg/libcontainer/nsinit/nsinit.go      |  5 ++-
 pkg/libcontainer/nsinit/nsinit/main.go | 48 +++++++++++++++++++-------
 7 files changed, 74 insertions(+), 21 deletions(-)

diff --git a/execdriver/native/driver.go b/execdriver/native/driver.go
index f6c7242620..989f2ff376 100644
--- a/execdriver/native/driver.go
+++ b/execdriver/native/driver.go
@@ -10,6 +10,7 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 	"github.com/dotcloud/docker/pkg/system"
 	"io/ioutil"
+	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -27,7 +28,8 @@ func init() {
 	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
 		var (
 			container *libcontainer.Container
-			ns        = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root})
+			logger    = log.New(ioutil.Discard, "[nsinit] ", log.LstdFlags)
+			ns        = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root}, logger)
 		)
 		f, err := os.Open(filepath.Join(args.Root, "container.json"))
 		if err != nil {
@@ -85,8 +87,9 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 			c:        c,
 			dsw:      &nsinit.DefaultStateWriter{filepath.Join(d.root, c.ID)},
 		}
-		ns   = nsinit.NewNsInit(factory, stateWriter)
-		args = append([]string{c.Entrypoint}, c.Arguments...)
+		logger = log.New(ioutil.Discard, "[nsinit] ", log.LstdFlags)
+		ns     = nsinit.NewNsInit(factory, stateWriter, logger)
+		args   = append([]string{c.Entrypoint}, c.Arguments...)
 	)
 	if err := d.createContainerRoot(c.ID); err != nil {
 		return -1, err
diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
index 5546065b6d..1d7c591ee5 100644
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@@ -1,6 +1,7 @@
 package nsinit
 
 import (
+	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
 	"os"
@@ -25,7 +26,7 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 	// get our binary name from arg0 so we can always reexec ourself
 	command := exec.Command(os.Args[0], append([]string{
 		"-console", console,
-		"-pipe", "3",
+		"-pipe", fmt.Sprint(pipe.Fd()),
 		"-root", c.Root,
 		"init"}, args...)...)
 
diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go
index 4963f126e9..074492ae31 100644
--- a/pkg/libcontainer/nsinit/exec.go
+++ b/pkg/libcontainer/nsinit/exec.go
@@ -28,6 +28,7 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	}
 
 	if container.Tty {
+		ns.logger.Println("creating master and console")
 		master, console, err = system.CreateMasterAndConsole()
 		if err != nil {
 			return -1, err
@@ -36,31 +37,40 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	}
 
 	command := ns.commandFactory.Create(container, console, syncPipe.child, args)
+	ns.logger.Println("attach terminal to command")
 	if err := term.Attach(command); err != nil {
 		return -1, err
 	}
 	defer term.Close()
 
+	ns.logger.Println("starting command")
 	if err := command.Start(); err != nil {
 		return -1, err
 	}
+	ns.logger.Printf("writting pid %d to file\n", command.Process.Pid)
 	if err := ns.stateWriter.WritePid(command.Process.Pid); err != nil {
 		command.Process.Kill()
 		return -1, err
 	}
-	defer ns.stateWriter.DeletePid()
+	defer func() {
+		ns.logger.Println("removing pid file")
+		ns.stateWriter.DeletePid()
+	}()
 
 	// Do this before syncing with child so that no children
 	// can escape the cgroup
+	ns.logger.Println("setting cgroups")
 	if err := ns.SetupCgroups(container, command.Process.Pid); err != nil {
 		command.Process.Kill()
 		return -1, err
 	}
+	ns.logger.Println("setting up network")
 	if err := ns.InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil {
 		command.Process.Kill()
 		return -1, err
 	}
 
+	ns.logger.Println("closing sync pipe with child")
 	// Sync with child
 	syncPipe.Close()
 
@@ -69,7 +79,9 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 			return -1, err
 		}
 	}
-	return command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus(), nil
+	status := command.ProcessState.Sys().(syscall.WaitStatus).ExitStatus()
+	ns.logger.Printf("process exited with status %d\n", status)
+	return status, err
 }
 
 func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) error {
diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go
index 488fe0e248..39df4761a0 100644
--- a/pkg/libcontainer/nsinit/execin.go
+++ b/pkg/libcontainer/nsinit/execin.go
@@ -14,6 +14,7 @@ import (
 
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
 func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
+	ns.logger.Println("unshare namespaces")
 	for _, ns := range container.Namespaces {
 		if err := system.Unshare(ns.Value); err != nil {
 			return -1, err
@@ -33,6 +34,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 	// foreach namespace fd, use setns to join an existing container's namespaces
 	for _, fd := range fds {
 		if fd > 0 {
+			ns.logger.Printf("setns on %d\n", fd)
 			if err := system.Setns(fd, 0); err != nil {
 				closeFds()
 				return -1, fmt.Errorf("setns %s", err)
@@ -44,6 +46,7 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 	// if the container has a new pid and mount namespace we need to
 	// remount proc and sys to pick up the changes
 	if container.Namespaces.Contains("NEWNS") && container.Namespaces.Contains("NEWPID") {
+		ns.logger.Println("forking to remount /proc and /sys")
 		pid, err := system.Fork()
 		if err != nil {
 			return -1, err
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 5d47b95057..6b05905133 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -29,9 +29,11 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 		syncPipe.Close()
 		return err
 	}
+	ns.logger.Println("received context from parent")
 	syncPipe.Close()
 
 	if console != "" {
+		ns.logger.Printf("setting up %s as console\n", console)
 		slave, err := system.OpenTerminal(console, syscall.O_RDWR)
 		if err != nil {
 			return fmt.Errorf("open terminal %s", err)
@@ -51,6 +53,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
+	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
@@ -64,9 +67,13 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 		return fmt.Errorf("finalize namespace %s", err)
 	}
 
-	if err := apparmor.ApplyProfile(os.Getpid(), container.Context["apparmor_profile"]); err != nil {
-		return err
+	if profile := container.Context["apparmor_profile"]; profile != "" {
+		ns.logger.Printf("setting apparmor prifile %s\n", profile)
+		if err := apparmor.ApplyProfile(os.Getpid(), profile); err != nil {
+			return err
+		}
 	}
+	ns.logger.Printf("execing %s\n", args[0])
 	return system.Execv(args[0], args[0:], container.Env)
 }
 
diff --git a/pkg/libcontainer/nsinit/nsinit.go b/pkg/libcontainer/nsinit/nsinit.go
index f09a130aa2..c308692af6 100644
--- a/pkg/libcontainer/nsinit/nsinit.go
+++ b/pkg/libcontainer/nsinit/nsinit.go
@@ -2,6 +2,7 @@ package nsinit
 
 import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"log"
 )
 
 // NsInit is an interface with the public facing methods to provide high level
@@ -16,11 +17,13 @@ type linuxNs struct {
 	root           string
 	commandFactory CommandFactory
 	stateWriter    StateWriter
+	logger         *log.Logger
 }
 
-func NewNsInit(command CommandFactory, state StateWriter) NsInit {
+func NewNsInit(command CommandFactory, state StateWriter, logger *log.Logger) NsInit {
 	return &linuxNs{
 		commandFactory: command,
 		stateWriter:    state,
+		logger:         logger,
 	}
 }
diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go
index 916be6624e..df32d0b49e 100644
--- a/pkg/libcontainer/nsinit/nsinit/main.go
+++ b/pkg/libcontainer/nsinit/nsinit/main.go
@@ -5,6 +5,7 @@ import (
 	"flag"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
+	"io"
 	"io/ioutil"
 	"log"
 	"os"
@@ -13,14 +14,15 @@ import (
 )
 
 var (
-	root, console string
-	pipeFd        int
+	root, console, logs string
+	pipeFd              int
 )
 
 func registerFlags() {
 	flag.StringVar(&console, "console", "", "console (pty slave) path")
 	flag.IntVar(&pipeFd, "pipe", 0, "sync pipe fd")
 	flag.StringVar(&root, "root", ".", "root for storing configuration data")
+	flag.StringVar(&logs, "log", "none", "set stderr or a filepath to enable logging")
 
 	flag.Parse()
 }
@@ -35,7 +37,12 @@ func main() {
 	if err != nil {
 		log.Fatalf("Unable to load container: %s", err)
 	}
-	ns, err := newNsInit()
+	l, err := getLogger("[exec] ")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	ns, err := newNsInit(l)
 	if err != nil {
 		log.Fatalf("Unable to initialize nsinit: %s", err)
 	}
@@ -46,7 +53,7 @@ func main() {
 		nspid, err := readPid()
 		if err != nil {
 			if !os.IsNotExist(err) {
-				log.Fatalf("Unable to read pid: %s", err)
+				l.Fatalf("Unable to read pid: %s", err)
 			}
 		}
 		if nspid > 0 {
@@ -56,26 +63,26 @@ func main() {
 			exitCode, err = ns.Exec(container, term, flag.Args()[1:])
 		}
 		if err != nil {
-			log.Fatalf("Failed to exec: %s", err)
+			l.Fatalf("Failed to exec: %s", err)
 		}
 		os.Exit(exitCode)
 	case "init": // this is executed inside of the namespace to setup the container
 		cwd, err := os.Getwd()
 		if err != nil {
-			log.Fatal(err)
+			l.Fatal(err)
 		}
 		if flag.NArg() < 2 {
-			log.Fatalf("wrong number of argments %d", flag.NArg())
+			l.Fatalf("wrong number of argments %d", flag.NArg())
 		}
 		syncPipe, err := nsinit.NewSyncPipeFromFd(0, uintptr(pipeFd))
 		if err != nil {
-			log.Fatalf("Unable to create sync pipe: %s", err)
+			l.Fatalf("Unable to create sync pipe: %s", err)
 		}
 		if err := ns.Init(container, cwd, console, syncPipe, flag.Args()[1:]); err != nil {
-			log.Fatalf("Unable to initialize for container: %s", err)
+			l.Fatalf("Unable to initialize for container: %s", err)
 		}
 	default:
-		log.Fatalf("command not supported for nsinit %s", flag.Arg(0))
+		l.Fatalf("command not supported for nsinit %s", flag.Arg(0))
 	}
 }
 
@@ -105,6 +112,23 @@ func readPid() (int, error) {
 	return pid, nil
 }
 
-func newNsInit() (nsinit.NsInit, error) {
-	return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{root}, &nsinit.DefaultStateWriter{root}), nil
+func newNsInit(l *log.Logger) (nsinit.NsInit, error) {
+	return nsinit.NewNsInit(&nsinit.DefaultCommandFactory{root}, &nsinit.DefaultStateWriter{root}, l), nil
+}
+
+func getLogger(prefix string) (*log.Logger, error) {
+	var w io.Writer
+	switch logs {
+	case "", "none":
+		w = ioutil.Discard
+	case "stderr":
+		w = os.Stderr
+	default: // we have a filepath
+		f, err := os.OpenFile(logs, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0755)
+		if err != nil {
+			return nil, err
+		}
+		w = f
+	}
+	return log.New(w, prefix, log.LstdFlags), nil
 }

From 0e863a584a6edfa1c3ec383c586b646663b66bc7 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 13 Mar 2014 10:43:15 -0700
Subject: [PATCH 093/384] Add stderr log ouput if in debug
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 execdriver/native/driver.go        | 20 +++++++++++++++-----
 pkg/libcontainer/nsinit/command.go |  3 +--
 pkg/libcontainer/nsinit/exec.go    |  1 +
 pkg/libcontainer/nsinit/init.go    |  3 ++-
 4 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/execdriver/native/driver.go b/execdriver/native/driver.go
index 989f2ff376..9b49fd156f 100644
--- a/execdriver/native/driver.go
+++ b/execdriver/native/driver.go
@@ -9,6 +9,7 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 	"github.com/dotcloud/docker/pkg/system"
+	"io"
 	"io/ioutil"
 	"log"
 	"os"
@@ -28,8 +29,7 @@ func init() {
 	execdriver.RegisterInitFunc(DriverName, func(args *execdriver.InitArgs) error {
 		var (
 			container *libcontainer.Container
-			logger    = log.New(ioutil.Discard, "[nsinit] ", log.LstdFlags)
-			ns        = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root}, logger)
+			ns        = nsinit.NewNsInit(&nsinit.DefaultCommandFactory{}, &nsinit.DefaultStateWriter{args.Root}, createLogger(""))
 		)
 		f, err := os.Open(filepath.Join(args.Root, "container.json"))
 		if err != nil {
@@ -87,9 +87,8 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 			c:        c,
 			dsw:      &nsinit.DefaultStateWriter{filepath.Join(d.root, c.ID)},
 		}
-		logger = log.New(ioutil.Discard, "[nsinit] ", log.LstdFlags)
-		ns     = nsinit.NewNsInit(factory, stateWriter, logger)
-		args   = append([]string{c.Entrypoint}, c.Arguments...)
+		ns   = nsinit.NewNsInit(factory, stateWriter, createLogger(os.Getenv("DEBUG")))
+		args = append([]string{c.Entrypoint}, c.Arguments...)
 	)
 	if err := d.createContainerRoot(c.ID); err != nil {
 		return -1, err
@@ -254,3 +253,14 @@ func (d *dockerStateWriter) WritePid(pid int) error {
 func (d *dockerStateWriter) DeletePid() error {
 	return d.dsw.DeletePid()
 }
+
+func createLogger(debug string) *log.Logger {
+	var w io.Writer
+	// if we are in debug mode set the logger to stderr
+	if debug != "" {
+		w = os.Stderr
+	} else {
+		w = ioutil.Discard
+	}
+	return log.New(w, "[libcontainer] ", log.LstdFlags)
+}
diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
index 1d7c591ee5..5546065b6d 100644
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@@ -1,7 +1,6 @@
 package nsinit
 
 import (
-	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
 	"os"
@@ -26,7 +25,7 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 	// get our binary name from arg0 so we can always reexec ourself
 	command := exec.Command(os.Args[0], append([]string{
 		"-console", console,
-		"-pipe", fmt.Sprint(pipe.Fd()),
+		"-pipe", "3",
 		"-root", c.Root,
 		"init"}, args...)...)
 
diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go
index 074492ae31..61286cc13c 100644
--- a/pkg/libcontainer/nsinit/exec.go
+++ b/pkg/libcontainer/nsinit/exec.go
@@ -26,6 +26,7 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	if err != nil {
 		return -1, err
 	}
+	ns.logger.Printf("created sync pipe parent fd %d child fd %d\n", syncPipe.parent.Fd(), syncPipe.child.Fd())
 
 	if container.Tty {
 		ns.logger.Println("creating master and console")
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 6b05905133..e165de3a8f 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -24,6 +24,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	}
 
 	// We always read this as it is a way to sync with the parent as well
+	ns.logger.Printf("reading from sync pipe fd %d\n", syncPipe.child.Fd())
 	context, err := syncPipe.ReadFromParent()
 	if err != nil {
 		syncPipe.Close()
@@ -68,7 +69,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	}
 
 	if profile := container.Context["apparmor_profile"]; profile != "" {
-		ns.logger.Printf("setting apparmor prifile %s\n", profile)
+		ns.logger.Printf("setting apparmor profile %s\n", profile)
 		if err := apparmor.ApplyProfile(os.Getpid(), profile); err != nil {
 			return err
 		}

From a41f6d936754f66d1786fa5b840278443da8d93c Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 17:35:41 +0000
Subject: [PATCH 094/384] update godoc and add MAINTAINERS for mflags

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/mflag/MAINTAINERS |  1 +
 pkg/mflag/flag.go     | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 pkg/mflag/MAINTAINERS

diff --git a/pkg/mflag/MAINTAINERS b/pkg/mflag/MAINTAINERS
new file mode 100644
index 0000000000..ceeb0cfd18
--- /dev/null
+++ b/pkg/mflag/MAINTAINERS
@@ -0,0 +1 @@
+Victor Vieux <victor.vieux@docker.com> (@vieux)
diff --git a/pkg/mflag/flag.go b/pkg/mflag/flag.go
index fc732d23a0..ed6fad3b46 100644
--- a/pkg/mflag/flag.go
+++ b/pkg/mflag/flag.go
@@ -10,7 +10,7 @@
 	Define flags using flag.String(), Bool(), Int(), etc.
 
 	This declares an integer flag, -f or --flagname, stored in the pointer ip, with type *int.
-		import "flag"
+		import "flag /github.com/dotcloud/docker/pkg/mflag"
 		var ip = flag.Int([]string{"f", "-flagname"}, 1234, "help message for flagname")
 	If you like, you can bind the flag to a variable using the Var() functions.
 		var flagvar int
@@ -23,6 +23,18 @@
 		flag.Var(&flagVal, []string{"name"}, "help message for flagname")
 	For such flags, the default value is just the initial value of the variable.
 
+	You can also add "deprecated" flags, they are still usable, bur are not shown
+	in the usage and will display a warning when you try to use them:
+		var ip = flag.Int([]string{"f", "#flagname", "-flagname"}, 1234, "help message for flagname")
+	this will display: `Warning: '-flagname' is deprecated, it will be replaced by '--flagname' soon. See usage.` and
+		var ip = flag.Int([]string{"f", "#flagname"}, 1234, "help message for flagname")
+	will display: `Warning: '-t' is deprecated, it will be removed soon. See usage.`
+
+	You can also group one letter flags, bif you declare
+		var v = flag.Bool([]string{"v", "-verbose"}, false, "help message for verbose")
+		var s = flag.Bool([]string{"s", "-slow"}, false, "help message for slow")
+	you will be able to use the -vs or -sv
+
 	After all flags are defined, call
 		flag.Parse()
 	to parse the command line into the defined flags.

From 123ebf905367f1da0d9480153d08912d58b721fc Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 18:16:14 +0000
Subject: [PATCH 095/384] update TestCreateRmRunning

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 integration/server_test.go | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/integration/server_test.go b/integration/server_test.go
index 54ee9a77a9..d5abff264e 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -210,8 +210,15 @@ func TestCreateRmRunning(t *testing.T) {
 
 	id := createTestContainer(eng, config, t)
 
-	job := eng.Job("containers")
-	job.SetenvBool("all", true)
+	job := eng.Job("start", id)
+	if err := job.ImportEnv(hostConfig); err != nil {
+		t.Fatal(err)
+	}
+	if err := job.Run(); err != nil {
+		t.Fatal(err)
+	}
+
+	job = eng.Job("containers")
 	outs, err := job.Stdout.AddListTable()
 	if err != nil {
 		t.Fatal(err)
@@ -224,19 +231,24 @@ func TestCreateRmRunning(t *testing.T) {
 		t.Errorf("Expected 1 container, %v found", len(outs.Data))
 	}
 
-	job = eng.Job("start", id)
-	if err := job.ImportEnv(hostConfig); err != nil {
+	// Test cannot remove running container
+	job = eng.Job("container_delete", id)
+	job.SetenvBool("forceRemove", false)
+	if err := job.Run(); err == nil {
+		t.Fatal("Expected container delete to fail")
+	}
+
+	job = eng.Job("containers")
+	outs, err = job.Stdout.AddListTable()
+	if err != nil {
 		t.Fatal(err)
 	}
 	if err := job.Run(); err != nil {
 		t.Fatal(err)
 	}
 
-	// Test cannot remove running container
-	job = eng.Job("container_delete", id)
-	job.SetenvBool("forceRemove", false)
-	if err := job.Run(); err == nil {
-		t.Fatal("Expected container delete to fail")
+	if len(outs.Data) != 1 {
+		t.Errorf("Expected 1 container, %v found", len(outs.Data))
 	}
 
 	// Test can force removal of running container

From 50b12708e35c300d93e8f8e8d21f79101fc185d3 Mon Sep 17 00:00:00 2001
From: Andy Rothfusz <github@developersupport.net>
Date: Fri, 14 Mar 2014 14:37:09 -0700
Subject: [PATCH 096/384] Updating base svg to remove references to aufs and
 lxc. Exported new png's from layers. Docker-DCO-1.1-Signed-off-by: Andy
 Rothfusz <github@developersupport.net> (github: metalivedev)

---
 .../images/docker-filesystems-busyboxrw.png   | Bin 121141 -> 113106 bytes
 .../images/docker-filesystems-debian.png      | Bin 77822 -> 64585 bytes
 .../images/docker-filesystems-debianrw.png    | Bin 94218 -> 80992 bytes
 .../images/docker-filesystems-generic.png     | Bin 78384 -> 67894 bytes
 .../images/docker-filesystems-multilayer.png  | Bin 127744 -> 104199 bytes
 .../images/docker-filesystems-multiroot.png   | Bin 72247 -> 63920 bytes
 .../terms/images/docker-filesystems.svg       |  73 ++----------------
 7 files changed, 6 insertions(+), 67 deletions(-)

diff --git a/docs/sources/terms/images/docker-filesystems-busyboxrw.png b/docs/sources/terms/images/docker-filesystems-busyboxrw.png
index ad41c940e4767ed22b89923af94f564f8094b7e6..9ff8487b897c617371105e795d4514bd8cee7332 100644
GIT binary patch
delta 59052
zcmYg%1yfv27bXzg-JQW5f)gOX;O_34;1>Mi8r%bcFt`)kAxLlt7Tg_zyYIZ;)>duR
z?H_Qv`<(MwH`XCdUm?~C#Q`0C+f0);0jkT8HAnfToi#^?(G61S_wP``B;;t)@bAOl
zPphg-2nFvH-sN29;L9OL!ovjzIo8JgT3A37SaEdNUISHB7Ooz4i+7QnR5w&uj5aw;
z1{k;LkjB~A7Ol?RjXiZu^17G)^LJB`&NCp0iVs4Il?Z}IM|VIAbOD-?*RtI;6WYlL
z_{e>p_F<8~FK{k3c-6>8Hz(KIz7z7}SGyRiv8UpX{_E;)M<IeI(tNHY9upK~LPv%|
zi-D99Qm{!~SN3Iba;ldYVYdN`RK;Nd|7&l|7}82N#$QgnMY6caDbLs=+AMo*o|*mf
z**QXuZ+J>Yh}Q^2N)*8Sd-(%?_O?<tkdpdtRJoclOgK&(vc7yWa+#z@m^MkPCP}}i
zvC{HWExD3NJ=0WO6mCs`qVViLxhK-N#N{##jhqUDf!24Xsg)vDtn0oeSk50#huRPj
z%!fNa6*>UEP7B1^q*fmAMlJAgATu*;=TJVh&GS<eltitsm!v>^*GWB07%8TD-IltW
ziD@KmLQ?%5pWAJh%s}rtZcUbi!!x<T;CSx@yD(k?Ej2Y7M}E3*O`U6^-Akb4_>D)k
z6ZNp3&;v-J+^&LB_V`b<VENx0mvmS%Q|YD4x}miwzI+%<7AqU{v@Cwc{#2R=yWlnC
z1J)*l;&^L=eq114HvoGbm01lt0tXB+m?F_mLaD$tSC-Li11=xn=nLV@UAY*+sd^ux
zk}t_GHZ7O_qz36oX({-t<EqmLfLallAv;<C-^;-CYSU%kuCMo(P`YgX)IGUVc0By2
z8TY=&4gW=<`F$d67k*@Txt<<sO1$P0p>Fe39rx?KNdV>tA7#-_QFqGIqe1E|A>@f4
zZ?!oq2HZ_2<`H5yLn^>pPo^f(V^5teoD?B7Y;_S4IwaFE8W>O7%fv)y!u@rjmib^H
zEep&0lDN|NYugn8?TvGyovK<g9dD6>&7)R$+c(iqiXqKcL7Kl1qz3sgmOQfwDZb(L
zI?AWfFaq#>G17k8wmb1Gk&=2TiG?#20z=6lcqLnPi`LAh(B0^iN(e~T|GqFLIdr`G
zTBZQUjaw22!L2XZ5L?U-vNNTe{&+kmV+W)R9T2B-ww~n`8{~Z>n?eiu8Xpv!xFN0s
z{pB?lCqGt+E$*njFYU4VqM4Qg0jMxl7sT|e044pG`3k0!ap^l}nl=D!ck-3<f@V8B
z`)|vl-UEHf6%!nXhUCu(%%3=A;u0+nf*vLyd0d^@3MZ|&{6;UHc+wI79*X0QMxyA`
z<)B#)xS2W<9omS25@nsT3TBWvd8z=M3eG6J<{%fFMVq2K+>%lv=;tZtaPV}gUH#El
zpm->ZZ%U^q7eU-cKN<Nmq<m{zFtDiqur#x!6Q4eU9bRY5r6@F-msKIKercA{z&R|w
zUs`7HkL2*n4%>K#pNbxqNf#`UNH7cvG4Zu_kiV7i*Q(IBM^?EH-6`1vp@O%6RbhVc
z=l!r6DA+kM3Z4F|blsx^L2A-?{YNE-4v;KQ6<ZUeem^QeX$eYV4|VCI;dGa3&|>!W
z%XlH@3(GQ9=zyf_omk-(N%2r|O`#sA(>NP~uZJ+l{_4<@DiIfQ1r&~5e?#784gD7v
zG}D6y=fPIcN82m}n=T-lOBAC1fIa@_gb_Xno1Et6x`O;Am`yQk*F)XH57K}15l9WI
zi%O1HkSA2vNUq2Nx2_tlE%jifA8rmd>wOAnXO-_6(inajN&EJYuh{4NLkJEo`G0l%
zhepD!eI2Xky@Ye5V}&2Rn6M>5y8H9*g#T8-Z&D_oL-k9qY8iV+S~nMwq|jw%;4}eL
zE;}O}i22jC{wM0_lfO7D5rAlLEYG=fMxFHd5|$kwi(t%>97ZrK#aUh0`RP4-qo#{w
z(ioCx9noKQ`UXFCgT9Z~VZVO(XO+$I%y4R!RgBxZd`#@barx%`F$m>@{;u6!#2_6D
z`UD<fYu2^2+zrCuVwu}DQVd)E5Uv$A{qQY&iK01f7*p900hJg9L>jmQM^k!D_2D2~
z_9kajrLQE5j-!Xazsgp;K8JiyU&8-F501DXNPa3B?fYGo(&#ScjEl{shVs8kUSn|b
zv#Y>;dc30TTxdqBeAb9xcM%wLZXs)IOxhwyNNTnu`1B8yBqb6}z9hf6C7x7Dx(YpR
zLJZ-PCk*0Dxh8p_aI;pRnP#ahRoXD)#Ynqvh?Pd&M6uEf_u_JC49SChp#zt{hI+r}
zvmkq1OMG7`Pk0**&y0<o5?QhoXlM;t(3qS|iDLP^{Y}K6p~n<T>9B=&N3k4RlgPH=
zP6Qu`avCS`XB*R0X`X0Y=b_cQ?_b{$uSO@+u~%QO?p8MdhnbX40yi#l!56#d13q=U
zK&1`gF8pQ?EbIpy<iw!hkERiSmODSmtGpp%8u$$4WWK4ZjJ+{^GUOd#rJ{3QR+!bJ
zOX_QnB3}b9CL>L;%KADQ)N{uo-5m?T=NLCM6<;sL{VtFrDJSz1%#gk?TVj>PBjZO9
z$w_$#VrMi5R&i4)K1We5$E~fY1nOC66iKd1had8_e&xVg^LqD)qKTd`=-FN{l2qG&
z?yZHFMIKIq>WXWUCWWVsNw2A~fuO*kZXqN;&)#h@ofXP{zMWS48dVAc^OaVF-I>r<
zMj3kkag;Ur(o>P@o!*0hv&cNGUDYd*3J+h1^UR12K#R5rp@NE)da>3GO~~~m^1r3N
zl+A4NfOXm2`E_Yp;(o}fSJq3j>3Z@YG}6z}z@1C6PLLP@9T~Jt>vs9y@!1Gyy|t!>
zRFr1=4D^qFwy(;Pd-{R1i1qkeNAFEEsgo>`EWwPJP%6fXn@vpB$~iUX_#eg~;otIP
z0A4O}_^-gmbI;Enxt~MI5@Vk)QCQWmgK>l;gFIwzY#1a>K5I+hYNxA7p_Unp*BSGZ
zyWUTr@n<Kr9}w<DnmJ+kdkdqVS><LLFi)}L<SvxAYq<C7+~zi<aX>(-d}sv**c`+z
zQ@H;-Oj$G?&T`T&y<s7DI1qtINh0w0`Lyu$n@G|&w}Q@VXon-~l)(`S)vDtCfr&yM
zfE@6L3p#y^J)g<HP9N2~Il(TfFK27o2w-A6iH7WWOxz^b_6Z$;L+xsC=P+24cZKXg
z&|aL>R7t!4hp<u)tsLEw)#~UILGdISZ>zBQ_SRX>#?lYQel`h~I+n0kW?)PeA;(cP
z)@bwxds4#?pW~EH8Xhj%W(T^>r(|3EV_o4LST4~(v0DGUzB|)~1=rqz+I$eIKtf9E
zmudwthy8@1PJ{wV6zCqcQ5O>Cp$^FkSLef~hb2PzUq^1pQ$YK>h(lc_IOTs-^GbcA
z3t$UP$qbJsq%`l+H|zm;VF{fd?-$5YyUw|M!HybVQ>|UaQ4a(_gAD$c$Vn0JdcPm_
z!_ImuLaP%zFvd=+&Y$`>AJ49WRCylVHX(wJVv%g~G2p=U`?L|KpXImSuS=p4gjj!?
z)s_`>Q0YnV`C3<h_8+r<LvrK#C$>?m%!Prz3My`Y??c#HXPX2VroSr^+B%-Fi*YGO
z{fxTg!y_t&?d{e+KB>F(&(Y&2Md?uJol4rnwL=`l?y;*JlGrwUWQDY%t3I6?#80Q4
zn#iD_aP_{P`oDjses|q%+v78ADISUdgl(p5xOX2JmYPAZ_&aR#5h?@(lZ=kmpT+)L
zR-NCsGV-VaVAQQ)Z#yjEjLzSms)+NIN@h`Qs+cd3U&d!#=)*o50w1Mf#Pb{#HFP(U
zXKsK7iiuxLl|MS&@Y(x{&35r^#1G<i&9`Hv@469{8Ee_IH;YVef8)m;HiCD;CqlvB
zk0l_=$O$g^!nSb-u3UI#{WOM+j2r(p+sqhTlu`hlnvtnwm}P=0tp^%zOYGtEbpv?V
z$5!%peYAJ}o4-8yyG=j4mktcLn%U8;@M>=6>X#!+{-ZCa^~9m4@ahQ+f}{x9a#i;J
zP~rR)Mqh4}B`qJQ=Z4k`(ZG#L4!ZgdMcUU`?WUo!flSr4{2bwV0H)Zj^1>_XSWDA>
z*A>v!VD>$q=6dEA%KjghU5fWcK1g*qCEjy*JI*HYe?7jcy}&A@i%Sk)%5o`GfZ?9*
zg$@Yxb5h`@6Unn(W~Sm><Lq8wXPb&So?7cd(hQ|L9GI%4e$VK9VDQUU_hYRz4Cx5q
zn<^0DHdr2-GV3)9Z=2%rlq&d2Qi)Od4`Ufn2o!88g|YGVzu^B_IzBvUw23SWOQd8>
z&R80f6QIH7X4tWL;T;2ZvKGS!*BS0S^0)5Cf=?xS5CYqJ_mY(P2MxoiiS^-3Ta9)n
z6bT;dY1B1A@4+;r3Tw@2TOHO*m|lcXsM>BqbPkrU*i=w<HC%L`)_D%N>K(qV3IXJ(
z72qbQ;9zn8h>PCx{^YvUug9)#!RUJ9&U_1OITl%c^EWl9MU+DTk*P2#^zEMIZ(iO(
z!6>*Qx6tg0r{Q<Of8hOcdY#$l@Qj#VyLai!Gx_z$zR4SVEaFt@&x0#6g|9G4DUnJ4
zsu6j-m{`imLS<u)WK3Km3Vg`dfOnsX@RsT+Pj;Y#UEVr)j2=o-Y|F<=*?-UiFk{l*
z!LBWsLv^Jl_i!{*>B-{B)|>W6kO7uyDL-vN*+O$Nl&I_8dzy`F7YZ(1y<D)9BAfww
zKAsfnPGmlRHn<vuGo9Q@{xPZG?ttI_2_Y76tQT73Fwwvpp%)X--Ms~dZB@M$LEz|w
z<B(lY1*rJsmPtVaW1~GPIiea;_+FLw>YX|+m&AVq|8TpF7N3h?Famf{@m~{4tonfH
zCm{8JT}sT-bTfc3O2qoE6fPM<7R~)qx%t0EXNVYHkq2>^;b};TMENeNG#oR?q<=wd
z<4Rw(ZHq@HK-LMk?X-%W)JN<Hhkc8WZpAp0`t10xE{~N}PbeIuP+?ETle>`Ux=6GT
z|1R4kM45F+sDY%U6~~3xxL8e>o%e+&PBCH+hf<B`)tH;hiD6oR426cUp|*vbgL%tc
zd(`NK3q!48O~}~Z-1Rw#S1JZvZMyqMlg;fjDwtoE;TaW>)oX8Ib9)Ni6I^-gfRY$~
zc9cK(nLK)1+4Ia}R3BVSu9HDFUhfekax#vSlXobgMTM3PEvg)`NU!MUcR`b{aGwVI
zUd|%eIb$8mboCq+{m*VN)YMSlUa7z4e#58kJd{6k`NeY3J?KK{GK(GO?p)w{>Ij8C
zQ%5CC3qZqHwLY4L-*osj&qxETZ^8QSOD%&wsPi2e<#}~O4o<#9XARvKFMGHgHTZ%b
zIk&&)qUKb7F)@t>{@L@@YbUneuaHhSW0)c=;bP%#)i8gQ4ku}B{mMkP;p}-*1#yEN
z&cc|-sUhn8uozoVDk*5y`*VQX*N{Yuj~gjO@h=dgAaUmEz~!OT2Pzg>ll(Keg3Yd7
zq|fH284B|*cBRW*5b=(kU%z!de>|uZl{Z4p-y*$tEdQOX$8{JexOl{l1$ue1(^W0L
zhcI0rt!6LP$KcY5L%f=h(UAoU(9hpSVD}Mfx*42gRYQH6qb8kOkzT#??nSkOL@yL+
z!~hrr(v8S3eKjVh*^Q?@TCl?r6?X3@TGM_DHHTQLKab4dI~XaHzET^^aL4F=_;^vy
zSc^Iu{a{hpMmAU+9CeKCB$mtHo<Bg^cFHiSHw9PI#vKoxPcFMoYu|1iLNG?7I)37`
zUN9Bgb2rGD`!@DBjPf0QLS>H0m5mkrzyXAXlHy*Gl%-*e21&QyAC%qwelM*pceuOU
zRtb|VfQ0+ZDo8&DUu{2~UTY_hoUJ`WsJrSe#Rbt@@sdfVF1+vC=5bToJ>V5N+B{ZN
z`b*^%W!M|zZBo@=vR|rHDwtsM_JLX+mqwd*Hjas#ooH~JLjm#2qb`ZSfP3S(OA#PL
zqX2pB@-ZJ~|H`BypKG%tn+gSIIou&{!muR?>pZ*;l5Wc#&DMm}lOIxF>lrb7BZ!iv
z4wBeVX39JoK4XlLB#O~hyr1wVi{o8Kj8~qjKx0~|%~X5&IJ<|3UlW+THK%Gpkm}iB
zPapBs`bRX*Kop*Q_Nri*!;$f=dxJce%tw-w(2gS+b?|K{Dayh*-1OhH9rCq!lFu}t
zzLt+Xo_+Ym-OOW!N6*20Y->bpnhnOx27CJGeDFB(E&Z+4_d^kmH*8`WDW-XZfJG9S
zdcLUcj*QhbUO8<}dGEKc#qizdn&#slBb_<x7krJZJn+Gr5!^g?6Enn1alcl>WfCC$
zWL}dD3XpI2a`eWjdLyTZ6|qdr<MUrTT%gVQG4g-a76`Ubi>c654?i%TUrs@*D0m9n
zfZ=w?HAKFNG`lbzF!K>yY6NQD&M5_3@P5yJRBv7IN)JVzWT}&!v34#xtZNS0R%>vg
zK{zJD6Z=WkSd<HyQ&n$xWUhS1-7MyF;=jn>7Cg4-_e5#Tk;`61ZhTL@<fD;jRcR*{
zJ<YOIJ~(B-iz9nzBevO3qt{IAIA0NVbXPFwIdWxHtTm#P$5AIx9t$9jET<z!_wgKh
zujI?=E-#<{Sq2Xjv@bGh;}OK5^Y<N=YzM6zc2S^Js)W!H$lLt*^;_N&28J3&UizaJ
z%3^T%J=t<GGMs~oL@Z`JYY5C$?;^X~3w2K|3m$3+jA|BG#4)gL+U84W>|qpn+!y5}
zC<>I3Z`jZ4)|11dUju@&Q)m?`H3{g~l;myIlc9Vrq|_o~&)x>Qkt*TAmwBQa{>7_k
z{$!$T0Z%_j7rH;_&n+|<t+258KgpMpqKLO4ndpNEWxIOLh3bg9xJ=omM<RQ4slxIt
zQ#ka9ATaXabo+0vbjrL=@bmdDFYfr&e(C2I0i{1v@T(q(0PyEm`u?E>{f78FDgT4}
zTtiQlU9B-`Su*YahG2x$(08O_9Cr@rox6zHZ1}4}tFDpu@+1D8h)HnV=&;Z^sgvf1
zrfn|BEE!>5Id@}ml#$~P_7%}hbA~n@5U%5oZ=LSxb?h{xw5``naJ@-|=M%mLxl-v_
zaxw8rAyVo<c&Yj<HO2?Lbd+=zQFBjtSO(G9l~UBX2Q}jHXQG+Z9dcQ0c<&?8j;X!o
zngwz@LK2EOg!7+@1Y$ylCv|d|L-8v#A%`pqY=da(qMqt*b*ma*<_%fkA)p^;P};w7
zeX(4E_+_N=93jfN%FisL<-2PYHZIKBTY2rj@M=P!L;R@$n~Iu+5xS9q9iXgtZut#n
zH;D4ZK9Bz2N+yxWQU7x0+pW^}4z6Qc?9ACR`QDKH>!39loS@|o#Ju>1Qqt1nfzmiz
zGVT=iP4$l_H*55fj4Q#(oF%mD|2{lD0{qY_{V08wSs;Vbw=zz07F%ZFhn7%=;YQ4>
zCk1%1)jIwR;>R_scsI!Mm#5!-`Yn>Z;)hSXRuj8}3;VlDwMiANVw!#nXBGwu?E*G-
zz1N5P8lpT2m+P;#0S;M+RVdt|lrsa)!iC5s<(pt{C-C7=@+^&D2zAfQHc^GcYunVG
zoswuqBtak19<%?o2H*BZU{4uMiPoM!`5>U|zQ*H7)Qklw>_k%EYI8d8MLv+EmVi^C
z8aI^itd>i~!fAfpn!-w`Q23ceVT3kUu+bCm0b2)%{4>f3?08uQ*P1^+Q%Q<{ureq%
zRvc~k44V-Wr^sy79(De+lc`D>zuH)Cb18hGHQdD7ivOfBrH(_)T9a|wh3Qab&IQ0;
zjDjk`>Qb2x^!=<6I2Bn+5C^%t5}$KVz3$ZW)5cOptb$_(?QkB=3ajEtjVyITIsNKX
z-0F;=zx-`%b?w=Hg4qWrl4d~}Jh>?xJX-yq^E<)FCAsiX)*w@n&X39UM+x!H_aS{m
z6u}!qU#&O3A)cVb>h%`ss~YU=*#WdEblpg?D{9b7W<bpUyaA47Y!aGnZXd$^${wmZ
zq2V)0zn|bf7aj!FpsZ<%0~`i#SU?|QlgX9+3+rl70-I3(lDpB5M(}<9tMo9e8d&$T
z=6AO0!$76j^C0!VeeA|{-BNobm#bhD^oN~ZVsokx4nM`HK4FpI@5%(8MUz=^3zsa<
z|Cw@3pvvih3^-c9r7Kn={xF;2K{Yj&xIdswZL&d~XNS0~(*DbVgWf#pOTs@sNX_}D
z22#)>-Q3$YCVKe48Wg3H;hdiO>Oszaa*TEKzqoPMp$`oR?L{~!#F`wM0@5~1Y;nv|
zm&l4<BiJ73OF3h};IW<@>km)&?vk&p(jmvFhReCrJ?xrMSn`DKl#7)v)?lsomDRtZ
z?FCKzv`qKFJ5K#!obPFcnCFs%Fjw$nS6ZY}Fdd;VRxf;uDOCoXt!?WcyOPL&r}5tf
z%wG+9O4k!@UM?2GEQd=$l3)4KI1*?1Zi+im%}QSMP6UX?o$;EfQxJYTzJDV0wxc6=
zL;%ArzjYletUs;YIknxb`2pUyl;9o-25f5Rd^L?045SWt%3s~$KN=5e@PRA5s*HN`
zJfc30AnJEiM|k$g(yLv4bJBZAZE>rF>VdxgNq=}A6bu+lQ6ygXh?t@E3)Myn8k*Hw
zUR&dV7X^V2dAIKI5c9o^M5Y>g9o{7Gf!fov(nI)4<B&Rcj43=n`Gx`JiKHx1J)1}T
z|HSEtjN*<?V%I2vq!-*S&};7N+!L?Q?ix=gKMP>fi@nt>g2W6CS8MoOYSR?JE=4ZB
zynP<<+>S@^J*n`t;$!kZA#(&cco@w=ZVX^)i;%sIm{Nek*;^EzPO;6T@#cb+{3G_p
zp?e3$si{TXGe%@42mJciPtggJTA7AqQSnzOrm27AQ~wEWo{#Ud>rml3JHE31J{6_S
zkh5xa!*k*OPdS-kY?fQ`BBYMIi!$tnv+zD)O{1H>tGH&NEu#r@b|7dLSjX_m?FP1x
zUf*>EM&5UD(uAd>Feb!Q%vi6YgH6r)8H`mNrgvd>oQ*$jR;c2AsHK1r$q6;l02}Vw
zSwNX|q+hN0S|<*Fhr~`C#*p$LmvZ)!MY#PO?#$rl|12Bq;igP45qc*@NZn>^oHW@+
z<NF(;`0pK)Y9Reh7YB2DG>gDKz_UM+@@#EZBH5QwjG9^4NZ`q#l{4^>wxKR8!IPSG
zZNrDkg~A;1&+@;-;IEd!oBBHpM&CSK2aJ;jAkDq?L*rV%)OL5+{u>gH|Ad&O2P-1U
zmz0yjdD>;RX6m&WurLF=iQq8LXEKy1mk$2?$u&6{x>YGE|F~c-k&LzhbgT3TmHZ}S
z5^v&ctvd8})9G`rx+L=cZY$t_S226S&8Z)7kh#;OSRE9Co7A?p{D3tYR<i=?J(k3|
z@5f3pk0!$TiQ*ouoH-hm=TBTz6&<P@fLvgww)Z^_z7n9cA06ExUyUb;#nCZap$;dZ
zvns}l<H~25jr@lpug69QM29<Nc$EZp_2vjyz*?y18d9G!ZerL+77YKbz9szW?O9n*
zG_>CqP;=R$a))VK$5t-XslxvSEK)EXdEN^Po~CW)GoP6rrWFuJmqH7>KltjbPpT72
z-ScYkVxHm5&b#O_25$br1vmdSx%Er@$a!+`)045^(B>ek!)c`^(Bf-F9q((=hZE_{
z*0|szJ%n!R;8E=rlv!3+=dp+gpOf(B35Q79#~2OXt(c6iSWH^65^k#mJ?*-8mJeLK
zlP6-6n?!_lMSoLp(k}TlykRaGbnW%J{mU8o0@lL(Wm`3h^(4b&z9iE7qx&;VrLp9}
zjqVibZNVT0%cV63P?nly!dNH3f~I;^1sN2I*Cc<hiZK_vhq}2Liv`9b!0PU$VU@Hh
zjKRWoCzdg4(YuL+Ih<R1!>6n{4w_XSjUgmVFiyCGeA|i1Vwp#*qGDCGC0*|2^Tb6-
zA%xb{IBhdbOr7Z5doUq{4jJyBK<>KbRp>5%JE@Tp*@zpk(G(3uwo^>vSfY|T|J+-S
zT~oX?!^k<hS^Ix<1hb}35VXBpH?}!nu*o1a?pSMM9a5<X`=X3nGk7QNbvwbk@k|Tt
zOZM*t_-+FDaN}cGhR6&zu}nh^#ZiFQ;(L=%b*=0Co(@18j8L8K$|D?TkG_KS)3p4k
z?K#(G{2Y*tp19}hy@zGoEdDqXYY^1HCt&g6!O$)KwAZnE(3M;!omr_SJxfg4(m)w=
z3O1uNDcGB>b9bm|V9PK$99gG>u%d}jHC1lQ@B2VvISTAn&Q_7|@?}`OqHLYupQ_Si
z`WlRij5*Zhe;0`q@6L<YUd%d=WBA_>s=VeRvQz_THgJjpQS{{BJk68PX#f78MyHGE
z=W@5Tl0VAaMuzh2gu$kTXScNRR|cZx;1T~8_qN^=+ln2`4NPDrV%J%4tUPIW>Ie6!
z+Z`T5IXcz1>hlfX?C#3uhv#g>^W#mnt1Xl4vktSLohBWM50Jiza~*x+2*clf?F@aH
z8b1NYzNC7ua@c*EU##puLQS8KbS=G3mxO4)=>}Qd{LJvbH4KN*zpTAKmmha#V#8}5
zye)Zi7_5|2K!6V`(AghII;)!#;sxQ6nGX3EJ=|dQ{<OdB*lC(i?~AZ@88}fBsouBD
zOL)G@AouaXaYf@OTNzK=CioA1Y3I9|m;hL(qGuc8&Kg8>$!zcuyNwLtJkpF`*k+&9
z($4GX!fJ=p$EU_8pVH6=4;O>cI{ucM<X8&QQhpZQTZAtm<@2r=jQBDUpzJ7asK-!U
zHj`T`okmB)W~i+{hKtULi?Wk-9tzVJ40h_iT-J4X?U>ke85;mE-~%@Cy@NL8VF1#7
z_TW_JD3(c`k5`7WQY7D9*w7Rx@Ggc})_cP%t}Knmhh_*3X)=qS;?&UMd`u<7OLNSt
z#p(7-?r22Rr@@;7o@Nn5cq=;ZHh7p?@5R`(Zr~uv5aI(-P(NSNki<Z;uWrv>xNmLw
zU`=XtC#J41chVW@0n2lQ>*{wM2V4jE!){G_-iyx&kx=~Tt%$m|K@Rx7f33xX+;!F9
zvibPiZ$RP^Eujc4(ei0CuR9_mFXHJ9Q}r26p<<&+_0C^>A8pyxTJNW{6S9fOC-=g+
z-8hEmgfXqsA*zjvD5ZOM3K>b!Gb2WlmW&uq36M~GfRm|QgHOnBS==ikHz20e#TWZL
z5G~R1Mlz@+x5}B5P&S!XIvs~-pZR#W6-S)JIGH+iM!Y-rwFl2V!gN<oBAZ!-w^G6$
zGj%7?b#Dj@4!>IaV_HFXZ7>ykv$sb|U$mF5-lvRT^BkH!>+g$}(Fk=)tQ@tI5+^s;
zcNtk7D3^1@p8V@pcY{6o*MV=G{YX8XR~)BMk!jg6@G^N|O-B94jjb@xxL2z5=3f*^
zZ*)$v_I(nUO&8bhEjZzpy^+y`ezJJJ-;RhG=+)Bde6*2XxIzsnb^EV!qx8BnMgmm4
z%NuSV%j`OR`|Iz!F1_?_?>s)Q{^adH87bL#_r~m?n|++WS-Y^tT?w2<$3FHMpOv)!
zS}q|XNL1#GUe<RGo>sVU9n9F=&kLUyC_Y<WqjhTJdfwnzI2o^PXhgoNLW7GoAHX&3
zmZ4z)>vi;*{nANUe*K~Ojg{9q?DuzGy41Z~Mhno4sB}v<sw}|PvRyUo#RLvjYpFP?
za-_!~uA^c0h$_jQPy`ZU=UNCA%ECOPn36q+6!9dJ?ZnY!5AJ@wby<)IMy#19E$3jP
zQOwm3QKYT&IW7)j!J$LDLPiV1y8oKRFU;)UEq{hm5as=E6w<O8Jp!s)tB1mBDToG(
z=n5xlrNyLKl0o?+xaG+mbE)-o#IhOkE21WQ#jdD#qRb}k-GG53ub}BxvFq?%TkKCW
zF9<<bQ@`1v6H(u7PS-G-Fv!d)&hBTM4ZK}&s9TTyf5-+?OS>^Up8Ut*J&u)jQAb-u
z$CgH__t!0LRke<zyoR_O8TZwjhPd+MqoJ#b$>^2%6xoe7EM(YZ16by2Y+eeeAVc+r
zc6yKce9>hEWT$pJtK<rL^_g?dQ}5az=_>k?N;b16X~S~)IJvcpKe@W-x|vai{ecm@
z_I-3sf2HbpTL(vN6^MubwmhGh>`mm(ncNApa>`Ba8`u0X=i=@4IV5~p$?3uLd!1<3
zs4ObC2L1=te&ncde+Knw(^zs-f4La!zl$tH6kq10fc8{EMBdHaB`f>zI&}5b=pEnm
zU!4wknp)~KM|MRXlm1-_Uj+HR`?dqq3RcM|6H2)Rsbc7|-n0U-&Gb^Hv>uEUOWY$)
z3OR3$iOA<q^j28cwz@dqH}t(IvY9M=p4qbYP^w97@hk2n=u1m|G4jguXl*cnC^tuw
zsTiac0F3@WExdTl)96u@(~z0BoGWf55e^7NpW6B^bTWkac(z&F-m((L)L<_3K++t;
zru+;3$HHl`+TE|#odY%V3*?^;t@5%rRSlBR&N7kDa^R&NHv*}!|KLH*tf44NeRB8r
z@f1QT!HY8T)_ewnlBcJhJEta*+IlKi*T;6bfG@k(Cy`mtGrZ>NcX@9Z<cleR8$QiF
z+v1U6fRL)}o&Z~(P-@SSU2UD&_@$P}X+aaAaM$Wm56_0Nd7t3pu-Q~Zqb;6NCVkTr
zP4xF@zTP!<N&iX{>ZZ;%;@5q!x_T?j5ZdsHFkhr$iKL=rR1yO8Y#ysrz`0{-1$<(_
zdtS*`3Fq5WM-^HAHbd2{Hf*Xo+J5I|h|JN0H#G}RF-K)^fyTT-jCITzbGd*~?vQ`Z
z=|n-v-(lY9GD|YyD%W;P?-kd9w3!g>S^SSoDJEg5n-{V3v;yXWnat5Mo%GtZ)+6s1
z=RrKeI#eEZ0@B3WmHD`NIaOR$<;PTjm2T)L2JpV+Q{mV>PqbI(8-$#E9xPz&!TWIk
z9$YxFAGX6$WoVetzVgJGVvJFJr?;u=Jk#Q(b+(=z*g9gN)|L9R+?}Sr2BoWM!E8W`
zs6D$@0vob(X$~1U8t+S?D1e21k%tn|I^I`}mgD7yN>iCp2+|+^svrJCYHk2(j9Rv;
z+T*iSYR5ft)wa!y=r-b(ltx4|J;`22<1x2$2VU;8=Uz|4?5|66JoC{}3w}D~pzAug
z>FLDhXI;~viuHGzHP~oF=6GQ+LLH3Ypa#%g_mQz=sptdQ#f|f;GJ5sX!O3|u)vv+s
z^%tR>NPKClHSQ0QUz8$?TlxS9yX4nr$Ic08LZae#*!@NkjvMEY`M48)Xp$W2c3?Xq
zXEY%P9ZflF*@SlbW~WRczM^s2le_4=H(~2V*#CsLUR+0Qb&Lpn)RG*fQU#tAsrI2z
z7|$7+^x9fK)ZDR<la>ZD{*#C}&`0(7-xG+@Zzi99UX)7p;+~r80&$7=W8`t_MXTa@
z$|9|D<0#Ar#WN-DSB869;6gh^jYrlY&jBIB?<}HihuF&MrK%2|_tTQRRWTMK=h2MH
zfp=bUtPyvoKJ{jieP3#HIlrY>m{#*V%m_!~Iev&l(An)fN!hrK=DHWHRmT+UhPpBm
zcXB*R-KfQ;;XcnWKxEzv8k<k%Ru0#|Zm4?DGyCZ9dL4NuBz>=qEK0eJoN;;XAo-U|
z-}m#H_2?S3QR#}I%@2p#aX)#(VD#Tam3&eb{w}5B6Sj8ZQ&+#M$i<<e58WI;Q$qdj
z{n-uZhSSjE2n(<5d8OzjVb%7(w^~Y%IleVLo)m&Gv0PP?074y~5#Kk6u&t2WZhD1A
z&NGy<skL}j{(j<!vpJa)_q!fEYt6RQi}0odyZQN;I+ZLtA%h2;Y#<fEp&%67mbDhE
z?|9PKKdg!SxA@0VqDV{-q;NiZ(7A=d9DW7Khs_l#pSF@~P}+f%o>KcGLG-q4@4*%~
zu=i7_*%UVnKm<mSdW%oT*#4e9y70h25v^kCUU-xrTuI5*SLl&KRylb=C|3HAtK}%D
z-_;@*KN`({zhr@@AHr!`eV(g`uZ8m3GO-6`GhIJtw_*~mC#I^})VBUczq{d^6L%0h
zJ--<sJjQG<{5!#;BVyI!8&>MoQI;Ot#Lm9)4-Xkg3|iCV#$UT5@V+CmGkU;}i=_nB
z*`is`@kw7@qEM~N4uqIOgA}j^4Bc6KZ4boOQtg!c6Hn4uFGu0$uQk1<-K<Tr!YJ55
zwr{lXiUVriTN%S=cTiX4eWl+eljv>z&b&Qbe?`!2yeh}Nj1nOnyfpQe@|V88b%GP)
z?^Qrp0Ocd5=+h6m%)qnmU+i}tK<++Dkr2;WCtJpy3F1u^CR$U!e(mbUWDTg4MJrRB
zqo0D8_T5Uv1%3rm`r+ck?R4E=Rl_s(O=vod2XC0cK^yPgb{X1LaIIXk@=E-sYX;#Y
zt*$1uE?&H#kA9$X;AiEQjLugg)^H)xawlM>db#sk{ZK-wbca_FWApN}f6@4wOwtrL
z6V{r5_8zZ0AL`@qwNf%QV`U<q4i{Twi@Bwq({FcWVt!nYoIEypiqMI8(+ig#ub0Vz
zs_#6rnCB<fTRyjuhGtgL%Dtc8wFkg$^kV6@u&rBi{iF?`{9V&l=r*ae8{)uRM}7~y
z#xelQJAYEKdudZP&dZqb-6@)tgDzM8Jt4s7Fe6^O(U=86KDj(pK|j!~<Mu|cI8FDp
zs)C{d6BE1a-);QPM|5zFm{f-ituk+QiQ_-Em08x-vscJHjG!xW?xV6V+TXA&$PH);
z(KHb4YcA?>27ULsCbqeg`D6lJ3IHRIA*Y1#@%c}H+7~|j)Sf$WhQOwxk1fDMr9bNH
zh4^sI+q3fK<;|}*1uAdxN#@ZMpSLliHF3Q70f*eh9J8q=c)*ClRxYXc22ZlX)_14Z
zRo>M>&G*6Vx@Doerqp2aiqwfy3hfDR9#(Tu&Z=pMeUu<QC#(9~NU~i8DuD1YD1bqr
zGLcM2y69u`&$hDnq775KoMcLv1JX~^e<bhw*}|d1PrV5?m*ZglD1ke1HETIp0EG=!
z*{~4as4F)+(yAL5n=bl@l&r`?S=}MAXg!{oIFU@c$II*TV4oD3`4mS6chTC9_N=ai
zw*{EJIn;^`G<rsxxxj2^4xoO)ZRPXyKL$26&5gFC-r-NTf80;QiCmKK{u7Z3yhK-C
zjB~J_kr>lIj6{cHC6kGK)SttaoFa!jHDj-KBZ$;Q?Ul_>i=GHq&VogHp6_BeZ)On`
zRK$$jkwjm*E%Lj)<R2%m@uf45F@EdDg&B%r#=f!O&T2+C(~CRb0S2|7G~neTSIbdT
zIzHYeX(q3Ww{bE{C{YAHgjerhj8RGN?(F9gREY|_iD$Yh-|Yudax<B3PAs;r2$5k5
z=!@2a_f4~LpI@zMWY&ba$4+K?NtRtEC_BkfCnL76IoMbD!30v5DeXoyGUUs6L?sVr
zYo5|;Ls`G;hoCMP;ARMo@+cF+25BSowzA;8hP;Q01XK{3a67qQb;i!-oP_t?rf6>~
z97dHrHs0L+Uh!i{#iP<ZTA4;f=%X~|F?nD7)b%g+-5g{^_kG)b{D5NJFJ07OagL0(
zB5cb8wZ?&0F{9hdVL>mmY*Vi@6u>%M271IYgV#$gtzsCU6^*45D(>uZf0V5a0yzli
zE4v!ev^dBjL;XrxP;`1@BJC24-*FG0T2%J=`ee3f>v;a$fe@RERkYnt-zRUTi484E
zY!?n_Qdi;)dz`3BLtsUIIX%PP@E+!9X`iX0lA)#)zNj%eIpb9Y>gL-~xHFG?3j7iC
z=b?zLQv!5logazWo;BUfjCJ~dRIjbMW9OT~+6%(zb{eARpRHrYQbiC^5?q1GLeB#c
z3VpTQvQ247w6e+JIjZna1gq%`+Wh&e<Z4Rq^@_38tCVZ~=u&k})!;yB<+N!D6WR|4
zMuLCrewrzU$j%Qw+{Ac&Qowi0#ozm@*!v>>ya>!(___lhPG)98#yvYgUd~Q*lz4O4
zfIRlFNPuklT5<6m!8|P86qJUfVxy6RBT7-z9@Oy1pILFyBqm+ulaQn{7Q&<A`tMBL
z9_GCwQ%<&=d7IG1gfuN)nci9t|Kz%ylfk@z8&9G$x-1qs(j5!TudbTqj6{l^M-lXs
zfyB8T2ibt^(M~irleN5QgB#khYIUZV781fg9O>^^@7n!OShAj@h5~S?3db>wg{F7?
zMlmEm?cK5vaj$R|rOFu1gPW7P$>c+7%ds)6y|BoT*_N!Y`gRFx1fs5P&@8hIs%Tk^
z#0`)W6e}iAeGuWVBmPVHh~wGz^)KoH%7a3WE2f*R-D)5ae2j8wwD95OpWiwtD!8Hf
z@LaLHbj7u=c*AN_OjK~Dj~|{7wk16}j<3#Fq;g>n^Wl<pnbz`eylC(hSo3Yj{qF<0
zztkPsJO7HpM)5WBH%ZjkcE0P~Q9xpBmS<LxF3bP&nTSz*l9TYnz;M3j;^q7wkeBkb
zXB`#SsN{V?g)M?ozs|B}JmDTeSh2##nb5xXi;R&S+U7R$b+?|k2D~ED%2#-V`o}eU
zR~cCHjN9~uMip%4`Kjh{wq`uR*3|{Zqkg$eq@^WKI>$x%ce=i<P>hWDvjzNL$i?-M
z1}q4|U>yk@5c#Jo1oa1a6@XaGJNBP?ZOg^<G_RBy(3JX@uHLzVWPp60APr&0ZTeD3
zY4q2>J^N)ckUXSL!ooXCQtsqw-B&jh>XB$8;J!5tZSB5b(kX(fNtx?U!bTOH1)m+#
zMibVP^>b<#_NnC=1mfn~zH^dkv*fe5@SJMoF5igKQ$sx8oVMF~0T^oYrJ-c$_n;Iq
zoe7`gjbXu+?*5HMV~(~obhI%qWh<jBXq_z!K02N<Qg0|>L%SlctUAI<Am_?0^EVTp
z^x|+V?4_pk%Og^^OEhF?WaeQ@T%+k9jRoGiwC3u~K^omm0{1rQ{gk_lL!L{Y!6jhf
zrz&+|pr^%)d5Q}x(v)RU7$C1*-|ozpkx-YV5dePjBa;kEDQC}R?o5HPnV?^t;*n*#
zG3GZlEAX=GaxqyQkm~)%W6ob!0AAkP_WpU+8_t9!5pth`)@iF~f*(iZDkEF&V)6!7
z#n!WxzDVDwmJ=D0GsW_it8Z~hQ?llBS7nrhINcQA=YD{vBj0_VjNy(@!$1)1eccE5
z`_DjtT_<_i*;mVLQj{&%6hdRYog=8h6VHICQO~Y}uYWYOLtLsG!HJJKxY0Ghz<MXr
zK+@ZFUq^$Rms#av@7Z*e5oW&#dL+io#E?&pvg1i&6Qb=j-^R({<iPf!=xzmXyTpzr
zuVU)PB?1qJ%A`Itt~al_z&FwMQJQ6snfe-$6+xX}o)k+S+`6=i7Ao|f)ly0M#cGiJ
z&SQy2sCvoOcl2`h+tql<BipNwMjTSO2%E?L`uc7Btr9AFuDI)&#UnbCygSQfTbhG|
zn?Qnw#a#B12r_-%jdj3opHpIfc%l}46Hq|A1en<>Bw$hbIr7c6adEW^{wJ1&`LqO%
zj%=83z1t|6>{C>|cB0|;iomAM*6G>t89wp#Q)q%agq~I3aaAsiJOM_TJ6#uyd_%Oy
z7i?PlqqME75M1v;+y3WB)xZ+eA<b?@sCZpvu>MHxe|LE8lY$nOw9As$#*?5b^8~nX
z|GzMSF^Wh+wrHpR{`_b1z!o@}^g-`Idh=>3ASU+T%=f8@CNUJ*p6Opve&%82rM?U4
zEeJG94fw9fkIzR~V_}(6hl*(FSv|8UgsoLw;A&Jb4%6r`ITwRGq-Je$w?!`$W|Hv#
zi@YRKMT|zu`vbo5zgsR%o=-b<a=HZctp!s-NqE99Sy84{O~So!uw5@9<Nrvr)>q3t
zi3x{rp;4j{h%w?*w$Z29wzc&b0rJx>rH^U!=+1}?bB|x{<n^xG?gjs%`jIKIKs01o
ze-JmQp04Zq?6q;QyH*s;oh!MQg2NEH?jvH;zI{pF?FSgKaM^VP;=)%n{g<KnBi;Wz
z`+pjIl7b4W7tZfHuHiAzsHlCPJx9tvNA2w33U$N|Z5pStztXX5Rzq4(eaE&^6@~Mo
zG7k?hERW5G`_8Y=Hrwu`^a;qtVZ<Lm{#UNtqp<R@knoxCxb6>};M9f^EyZURrB4Uu
zt8<6@02Ef9S8y^IdTR`PweO)5|L40_{jU2B>wZrhDdOgc#6l_jcV@+VF_HQ#N5+lA
z`OT8irH8dGei`l3j?V^}6@%A%-JbyTV2``)x}jsPt*x`nrT8K{?C21W;_AdU$?LXi
z!N}8E_DS0LLi)|=%2;e6Wt`ZQB>F7{dj>7AxS)18AIXX2HPZ(S>2^goiI2&JGlBZm
zLI+S7O$ep^#7)HLfun+1e*2%a?zq<elAtg}mE%jNgzgoeSllG0ob(a{%WeYgGR1-{
z7qed3wx(b7zAS78f3Y)OnP$LBXPQh~aHXw>5t=^YDOMsTz4xI-`bM6+@abySE7F+R
zxibbmV%NfJ|AQZ@TyDU5)=u+hw%6LfdwLbNdCTK@9OCE#2?TTT7rVCC4bW0zg33CA
z0{4<z<zMjD8-w4Wy@fpkmouptq|$-%%nBW8(D0H*$0PHStdXSVDn>(GwPH-f8kbLX
zi^V^~hY6nwWPz1tjPwsIk|;FHEW(C&UJk1II1R<f*nr>FaO#s%Swm3ECu1FUgCUqp
zP57bDqXV^W3|^JtL{y=yYe_4&f4=lf_&uoIU!H|$wo4G3Vs1wQyI0|#&92NtOPUY-
z0avnh-=;Wj0+zF~SeJ((-W>0Pg*CRwnYkTme4G=l2qHozd0L`Efm6K_sHXGj`*GBf
zLdFyB#~@!x)%qcA5ORfD5-VZTBAXjHO^T)xfv|OTD!sNJB8mW9R5SB@W62-+fVIK7
zWPg>C#@|lX@8Su7DOX&h$4d6>Qm<2Z)k`(AbI!!9g*b3&&sEb8i1%*gztiEwdY5eP
zZ%4!l&_qHxlSN@W%P>+2+Q%;M=Dux1hu`UnM!EE59px}ydH+~Qmz1N(EV>GqVbQ!6
zM1Rh0riH2)&|8j}MQ8t(HxkjHRdsJ`WIJWA1Lc?D(trU5(&WjZV@uo4(Ew<mjod^2
z!>+@YrEgK@NsH@Ou1I8L!F80}-?00+Q<~=2sxGG;3EPTPoA(f;A%P{Ps!AC&*`dYy
z;G7R+wWuTiVUE2rUCVu&%%TG&a9rk%_olj?FbA7!K)PrSK6PLbUGog2-qKHf-ZAD|
z1Dr}#5RhtJOGcuVf=^vWkf=Qg66d6XYYsrYb->+>g~`@sKo~+xVBnR(JjJi4zk8#I
zP#$`{pVWkAIx@8gwnpcBBSH};9i|@6!m9-3zETukuC;NwN92VNAG*T#U%Woq>N^a5
z@_Ji*?ePpds8!~6pXTnbW>7|F<F!vZ))pe41peoJq7DgHRxsxp&iU8~`Bo3dmhOb%
z;})A5V>?PTZ6|Z3RDkCy2&1rQjwsjcuAp8F=KI*5&Lhc|W1eu;F^y;&Z&b4M&{J(L
zsE9graGp@Zf?H0@0!LG1yLo^Xmur*sV)f_}<IU|zBZK)~h;3oltz&L?ZSinIeFH#H
zD%Tiv+;?{~x?lMEkD#}X9OXlw|L<s>j3~ssfF-L%6WJX<?^%5L6`qfKCwTY~1Ya7-
zo5<B+>l}z?@XWI+Bi(x;or+pQ{bwI9k{2i8G0(Sm34v8Rcb;6a<)mmxRP98-K8V=(
zTR?YE&{Yx?KcbUg#%%1hZx**lIRgH{3%y8c0_-InpO{+1!KLgssT_V$$-4=EguMvI
zd8--48X^(yMa0oYsm@3-Grp;<rRPt>4u6t$iuiRs>&RUL2MOmz0%4XTq%%?#Ojb<B
z80rUeJ|oH~6PWI2MD^d!`Xq&8c?dT%;CS5UVR?3TqeYcTNh(p`ZmsY4EdejWlMdYX
zH6?~gpy-QGZ7~=7Fp^G+Hjk6SWqrXudRuuM?f8k%J==GKw_i~;bm)@N^SJ~$qW5eJ
zI#^^Q!PSU!2x`Q`Y*|*!p5CIRZaJ8BY@UUHNbdQ$yO2NI-~f+9;LoMKXh)Y`G9oe)
zbW{J7URj$`<4YGKB9GCJ0)V3j>lLlg$$dN;Gla2nL|PKnT={fft@U@ysCYBV^15fF
z^nm%ET2@HuiaO1OEw|D#5fZbbp@}sz5#lb?j}U8z8E*P3KDCD{u-Q64u+1K?&|zIU
z#*SxoR9>&!OOH|`oEDfDe@tthNTtm@hV!M|T24V65BhxcDsJD=1Q0oDZi_xy>>nJX
zv1r<Uoa)Wupx%%KL4DzOSn{}`E1EU^<>LKGwr_BXl*NLT8d}`M1VihOxDSS=k~O78
z(4?6~N=?u3ES<PFvHw5A^KMh++f&tCB;IP}(;4-{gV~VX*tl5|Y{0OXJh_AI@HkY%
z!83qt&0DF(3ifL^z{V^Fv-X0(oq39um?GOA!35`^$Iz6JmHQCL$#wLpcXlr9f#rO}
z<U4|)XV<e8IyfYn;5=BLa3;d*YQ4=eQ0j<9!VOKZq_rphT?=G{c2qB2`SVI~E4PXg
zQC*<`VQV0=851&`sAXXcP7wd<=F_O-Yh&N06}eUa+)=_`AbQg*SXr@MQI0?xx7*hu
zM^a3drHx35Si?HT{iy^zRlE5cNh$t!TXj5`3v$2W8eX4jFGS4D%h<Gy`^90axHPcC
zJw)2DS6VYAEqU!vj*GgL_mxZZv25&)6Sz*@Dzcbg9Ydp|T+KQDaMBeyvS#PAB{Z-w
z;vfCd=jF*4m}0-bMPqnd*utIxHx{&?)=rbRIEIvZp&x^T#i=*^8UH(p?7B}a+oMp&
zW~$|ggp^23!u!r<Bytvae3TLTj)VXWP+XiA$IJFdQ1+a+Or0;J+HSl1m8d=(e3lTv
z`|^}!P<!pIQM-fhwJOk<ys7)aKqZEC@%#6f7$hLtP+$IZ*<1ACMX^S4-Bf2|WI5$-
zQ^X<IZm^7;W2F;@@+~|QsWmDwIIFL3jGXefm-$V#4xt0@!wTL>SgK%31-{sO-jTu)
zbZ2LUCe*=Jd@BBG>uINveh=1FS^@Y*Fr<?OFNST&=D(*^)It-OClNyj-cHTR?&MnF
zF@V;8n>4&aR>8!==aIU_l=(nZ)lE1|+dPBpbZ~TM(7-tUw-G*y&HPA*XXV)M0uDdn
zaeFA|kxmi5<TILgUdCm&>S`%xA6aSIozyF&oU1d&EmmG}K_2E%CwP52x_-J@UcXi$
zVKnE=W~dzgfEh>i$<@a{w$IYgVa?9t0hr!pp~_nn@9x|Gvh05bj-|MPD&Gn{D+b<o
zpcWgDF^d%}ED_It$U$6<FY}Hc`dz;)3$>iX?quZtC@hWYt#h-YQ-P)g{|gIt*uaf@
z&d&%t@mF&qGK}H!;$;oZ>ZE-d&o)@Jb3AIRIg7A1R0CQ*C;oWj4HTp;1ke(H^0wv9
zXrJNsT~bf41e`uL-LGMtM$DmYB#-in7stX6aA)!2?`cI}#HBqM=lZPfr2q*yQy`8q
zomO|7FxMiVmyF>ls!ZYH>Jq~p1#F%E4R3o)61?s3I48GsXlz8(kK8%@DdQU(AZ0Wa
zU&>Wru(i!gus2)GX(Ck)C=Izqkrj?dUn7|-GeDTb=6F*?#S7K8RL}loipoLyKWqCI
zl<iAP$sY;Bb1EXLD>GEKX6j7i&J$UlED)z-dtg*q*z}dK$#!rYEf4H}*whV;l2VbQ
z>7FTU;)Fl-U9s3s+M)IfB(5Ifp<XxqwtarHuT1#QBPttGRoPw(^u!po1kkRC$&WcA
zz#D!24?;f|*pRQ>IOf~|X^%vd1%XqcJN#5d4WF1c?J%ca45LriW4;?oU(J5D%MGN^
z`KW)porZ;@``f*4;lu`)q3pz<tn42nrWXOVGGo8vr#X;z5Wclw^T?*!hBC$Dgd+7)
zqZNYKwP~-$ecK&i4Hyv#NAu&rALI|67jNP^ljcQ2!OXR92!bKT>pC4bgeKZv>b;mK
zYj0_t`yZ_nJ;4YS!}i)C$0;ytH-nT3vP@c{D-%io`A^ROa;x>DxhXDhxGB0=LJiry
z6W&hHZ2n%UQu)wpv)zoN0p23fNip4}ID_^zH1w8x03hGE{_S&<X4SM;IRg~7u8DTa
zkkCH!fQ7cao3?#@C?V6E+iiu>SlI6tV$l7_{1_!ngg}J1+bqc^t}xE;+nya$#<vYA
z&<z`m<fF3Em;Vn>-{6&5_x>Fw+qUf{*JRgZ+qUb}WNWe}O}6dHoNPDQ)_XtSwSMnE
zaIbUr+55Uay7o;oy3VRGYNND)p=8(ed<-A$uORC7ghHlTkwV^wH4u`#kTSqwXaoz}
zn*QH_Jn$^XiBkPZs`vSAwYloI{SIVl4P!xNeP(9?`p;%+Sq%Z%(J^3#+Xos{TK)>{
zqPOco0k1S66dJDnE?L5X)upI1k&E`@Mk~7MCVv9#gypky0^asu2JOqiBDsFQ`C&Wn
zBjoM=RF7f_q_^3&{ak7>YF8bs6~BDp?Q@UF0+<sM=G=D<T1G~rN)zaG!quzb^?0fK
zQ%uRzkvm&C`Z#ovgl?1(ywM_$#khpnImT+|IGTPbwT#%y!s>pPK-ZjNaLK34<UJhn
zq`YAuvg8XUCCzaU*Y9qcFuP@&JygXEdM-2<;*ctCZuJDB^``ad9G0!Cq=c00!+Y$*
zfKOk`%PASe(zWF{Iq776^xlT+U4!sXJ-fOdnaU7HVwT%`TTb}tpdL|6#<j^O{^J<N
zZ`NwC3343i2*2lw#{KNe2Huyf^sp7Wf1_}AtUm>QTgNoi#FAd;{(eZ5jA_HZA9ojK
zTIIB55?t)7$L4pb&R>u8QxnH)Auf`Y7GSv*0u>kvP=RS>#TCZ*Gd*a-*EdUrGSC40
z28&MWQ@6@zZR1}`=x{{>4Khu--&$w5V0myJ^nhj#p01qjc0}igGQSQO`Dmx0!o?2n
zjBMV$+aqvyZ@<e&fkk?y-BGq#E)^$z8=Zc1P(;r0R8$uhTfdi%i4w?QF~|`Eyf;Ca
zQ@NrxVRx<B%xyl#W$Nqjd-U7k(5LwWx`DlJG!Ya8H-)f@VTo2By)PSK=KQ;i%Qja*
zJ)EkjiLH&2djk!Hh)jHw!xp;BJ_Vpj_@R~&^<Si4#C&T<kjg-JJHRozOoPjLuDxAR
zW$7c42emWeIOI{@X7J*hw+Vg%e$;Q?UxwXh6-p@L2O9MsxY{@yOD->`Z%63LwuGv)
z*rgJs4_lwq*?O>8eh&b`j@K;;$F9^$4z4`27B@?tIXjFw#GsS4D|u;YB>A)VhrS7G
z2S*a+p%O?3pJu6dN=*OC_|E0mDq&{VY2P_<o{VL&G@`BF;<F3N(DVS>rp}a$bd0RQ
zSIXufgAEoTTQ_;*n1OWL<iE@=4z|RB(^|>SdET#sg`q}9zrdMhuAk~lNy&zRi(Vo1
zLqLJsiXkXLDFw=HP?k%&3r>Y-Usa^-EF8_XSe6HZ#dKk62r~6UZoP+^S*;(YjM~T=
zL>XO$&+1D}c$tl%0M{}KKR%CYb~5>=?7$3YD7S|;s68i~rV_xMB~T;<QghiaoY~1#
zw`>}`!V{TA6!Y0pHH<z&Xm4r6Wwe;(T4=OtC%3y$I8|{|GI-?=1~>}UupV}u+nLir
z`d4sjt5^dvoGPPGLFT{nDUTs-M$)eQm0t44?5lqkSs<MRSlQY);U`DEEaboxVpFAR
zDcOz@B9%j*RTSH;xBIcLoJw*sk|#~|wQ~Ch4&t)=uMKB?bPM)y@l;9!e(LLmA!bmE
zHiN4srsJsAD_95&=U(pYGz@vt=PUX&7>HxA;D6(4r3|8$({|;AFQ9KTW>Fog^+iPL
zv}W{kXR8zjApX)1aZe(^+*K6x7}z(M<P9iom4BZ<zUOu=oj9BhQSxr}y_89-VPf<4
z?ukC9wmn+uhp>$f(Q3CBy<GhR0l{qXpF(C#&fv7-*J>y9C$Wpr;0~ma!4^MzW2T~r
zg2Nl=%J$jH$*9E@wOv4)U>xm~=kK$D22GGWf0F=Tv&=7flmh2TKy!x3n-9*c?q1s;
z`$Ern*$pC%_U<$yH}DdnmTNX>R!?V!+hHj82QAJzPv@EzVF+ouaayHOgUeAujX&JK
zTxjnu8g_%Sp4w<k>gAHb4q)8HZSM>L<mH30$pz~?bh7<!+Vx@+F`chUlbA;%6U5cm
zI~f2P{f+9y5__#1+Lz^QRL$(ZhLPCbh}|<q?vI5NC!<8)si$)WZj|Z<-d*hpWQHHp
zQ|eF4=Jc!Dgf-VtQl8Wh-8&-EDWd~&3@v&}36!opV4$SN^P4EnKp0){j@&IJHOhl{
zHNEoyZic6j-A#+aJA(-0T5;LN#MP5Xig|<SycQzz%dy{*xcmQ!c@3l6A0)^RM2P&P
z|9@JjX#rfD08q&f-NhujV0A-;j@jWR3`5QU<M@M%xEwx?Yg${^7r2Ay87AlaxXTyi
zTc@IQ^M1{}Pbnz#ms>&C3s_32NKAI!6kW}I6_|G2n)#K0N}S?S;Xt0)=^=m|Dia=J
z-!Aw)cXlf;E*Qr3^~PL7A^YDZl&lJrN}#l!R3Cf)C~$H+YsC2{r!Y}z$IRV`sPSp+
z#_JLvjauu{^!`LN9Rp%81AgRrU=b^}@z{7@_Ua)hucPlCVb|T)qnDJP$2F`kDw5TL
zX@7*|(V0p{l#k_Um&kd|Rlm`)O29G$1$=zQrx&Qb%}iVmNNfaj#a`Kc{JJWqjfCl|
z3f<{8fQpbCXbCq&gox(ydfL%l2K2^-Rua&ZKXz!K7p4t)PFnjf+Vh(H#-7~Ih53f_
zD68333^U4T#~aR9H@ccVK(|2KZ%kxbme1v-tY#n^CJCE0Q(jyW4=$ej<`vu-`fnv}
zXNo~^xIu7<Vsu*gV!8elnowl=?Xv%5FG~j!knL+#?K-G`PMf6NsKv#CeB5>BNR!y9
z7$VUZv&XuZ?*A8&L|9no{z7308VRh`|GAz(lU7DS8l2o&a4HP(kb(Jkv;uWv`sN$L
zjt<rhCWL47*hn|mRY1k^B~pv(hO&k(VI(w1yo0Xrhg;Fmxy`c5KV3u0cK(5AnqBN0
z05jm6`Orj&0P2#<`QjZtO+~P#bpr(r^7L<9R4O<JGzBiIMmNSoR(h>)lw{~maulEJ
zlWqW)4cC=NjA?2-%-iZraBfARi9W^>*dG4L`IJezrN~>SGEt0%1}kwlXQFW7Ub3SS
z5hs0l@%Qgck7Dv34T?#bhg5Dc8(5RK0BpM3Os~@Y?ngtxg4NZ-eBCiTXh|qzVeUSA
zlPew2zq61V&BxI$>a(KbQ<W1@C$~-I8=OlQhX0WOkt;pq7DiQa88qA&6Uo!*;C^~t
zBor2w6VFr0jj5cC4j!3u2_JU3q<GHbUSaCTJp<IY1*L2#yG#a9%Cfv?zKaPE%N+_p
zCe?A)rk>BhW*iFW^!sJQF>cy3(Vxg56e196=-XS!-;eCopH}N_@b*CFO!r~EGyJ&I
zvswE)*lDib{s=A_y`>2!|Je^x;YgyEku`}n<>|yHwCQb5S&45b<&u+_wK*skMQy!i
z0<<*qj9%dE3>M17t8`Z@1HwQRwYE;JNJM?SY;^f_{a<KxIRh@mO)hq`tS4R)EionT
zuMzRUG(o8#M-n?AUb|bFSetIh5m!z`)zBBA<MfOFO;0llWi)H(_qZ}ZjJQ$FEY!$H
zw4l?xpB4y4Cq#KIsv$yI!-|Wz*hP^R7tLL|9-4gdOFgr<TxR#<VF)k@5a->xzDmVa
zZm}O|_m=SoSg<?<Y%a9xngN?O!y>=4y?F-|xj)eY=$7ehBkkoT?EPDiWV*z(nt$8;
zrIWtoU}s`uwN&)6-qTL-G54QLr0X_Kt%v9H%g1aI$wcqsx2w-wYe<eCmATUqaUodo
zIt_?>HAbF1H+qCZ!2-^v4r@0pdlN-=eS86H(t8DEM=#1HE_@b59H{mo7Zn9s%ZtG=
z)@Pr-*`2mUxAhj~fi3@6)o2aGMFt8?oCM0ep3uXf#L=7<q|F+i2-88<*6Aso5RJWD
z^fP(nzQW!W6K)3%#AR7e^{f@GdKX_#IAY&lsVN~@U{~qn8G%N|C0EGbMz9gh4f$mr
zjb>(=gl6*FX=6(_p*_Fehll$;Uc%|o{Ntm__u1MsER&`#(OTN%`N^Vbhy&Z9E)tG0
zc?>GsPmchSB+3#a>crZBjv8sbnxEq@?iiw+0tn%t>y+j*uoS|F(CoT#L)k3Yc^l%x
zP@=7^0e#scWxv2CsG2VOXtO$jo^zY^vK_j}PCQOOLxs0&123zBy}43NR}R_Suz`s4
z*+y;JL8;9c{6CAH-<89WZk6y$xtWq=0g2j!`b6pAC%|3poHh&c&wOZbUUZ-sXa_jr
z<B;@O+Ws1FdEKP|j^_|{yE3N(KD47yWPT(9Sg4~6b0tcj0-T)lFD;Q|I*q9322fSL
z-}a`(FTyKEa#3V8f;c=Xoz8RKwpwx5+HnRE!|<9K-E@C~X8*hwTIkfUksafF4dY<f
zk-oBs<`zV*#Sa#Ho#xAFJM();Ay%;n*%QHAHQxxjAt<hMC2jI2H5YTbG1pKu)VOK_
z7kl;FP$S6(Vs(}H%mSRwdu5T)C<>U9nLa9%-KCX#^MVvvECjrtz2bkp6X!>2ii>)}
z8gua>F7Z}8H=fGT)hMIGyzK=lbym>Fn`l_cNt3#k6maED7QYZi$K4ssRJNv{)1HXi
zC5Yefxg0^g1%PSf#h>?E{t<RG;6ot+6fejn);oAcZ6h&BlQfHz@;(kWIy|7O2Ml_J
z3qx^_?<mwjBp-6=_!qNCBOd{H!BZ737C274=(T6nmg{-UK{v<1)mT)d;8OKl@$P0k
zM`a$IAmBXNP03s$s+hil_-84cm&Rxet+j~u4NpNdCM3M~&XoE$F`7oV{<tkrcGf$F
z69QGM2nn714i78x-mk+ffa!0v_aM$uXg;R~lLUdp+MNia`4PEqQyX!-<~=zwWn0(c
zPt%fm%p@Rvne()VA4CUJnBlqJ8=RI}D}rI9oJGP>LzXs@V67~@d@M`pNIp$&G-jOc
zIk(EBEc3#sZS~cOl&W0K`EnPatl_#@s;0yivi_UI>+9iQ(1!jx1oPFnAE!0|+Kq_%
zkQ!ZX;kT1ha4TKe1~I#N%V&4s&?3YjDpHz~7BRmnIGm>Z!U_f{l<aU9i6syAcILZu
z(oe+AnGSeAT|9{DNclv7MQ0juS?BriCc0>E4SzLlVQ&wwqv8JjP3Hl4xH7w@3s$d4
zVY-JuO>Z^K21y23*d6w=G#h>)71#G6Q1*gPrwKt+C5YnUx;?pqIbi_{?v1o%a&Dqe
z$G(!1=Mjg?_GBI*U~YDKS#(H^v}EN(Q0&w$;OH{+)a3Ywxgljz+igU;&W?tLnZPZQ
zdS?68k3w<uU`$eU^#DM>E$K)p_ewvRIz#{<_6?36HZsB>Bj$Uj4Xeb6(xCZ)C<P#v
zJVYG%z5m*HjN57fi2T_5lir<oU_n{(mFx`gYYn&T6%0na`Y1nC-znYZ#wYyD`;ZL=
z;|Er@2xL@0lw6o#L+Yak3K<Pf{8CksbqC?_p7_2yQzy-x3&5`Vrt9I$pUbao0RScv
z!axbPMmMQqx38xA8$*jYHxd+wbt^t&^*YKLF%d>!x{r7Spo27Ed-~j7A2*p6D}V&k
z1x>#{r_3FW9WU<3kSLj6%b!VAA^}@yKvOOo*se=lz<#@_E9y4SBwY~4l33({NSzqV
zc@4JSV2WAx2weTr2uJ3;m>uYfPVW2;f)#bqhJRuv);rSvh9k2bMzgSrOAT*YZS{~h
zy$wv~FMNGao!%3@1c$VU6iDb;8kF%1<DnLz5S7^c6MrjG5z0HjRAbGVz%8~utgazQ
z*f_JD)yE6In}#O@$`y9yUzd=JnN4DjpDs;_WIXO|0`Zg*iQ_0?OCfz+Mho8Gu~zWR
zx?<bt>o3SFyR3d$VMFGO+gKTlL88z=-h%~H*OZ*^(#BB3#)e#e6>oUxOnfkR!<;N2
zQ-Vg)LCWrSG&#V7q<TLOC!wa%_UCe=Kh1O}>NMUi(TAQ||2m|mXi`q(p(6=a|13J5
zZX=a@2QX`gi6@n>e2~Pf!K9sgjafD7&~w?1NWH%nE{*>clbItIHcsN9d%x&l6bQ&J
z2HuCptpBpE7+A+dg{UV>$f<R7E4LK7Vz)MXJx7o|KB2Y}bl1>ya@82t3gmS}xN?w=
zl}n`uuP3ysY)n4&Pz{D>K<jUBS*OxV&#b6X03trsq4BccnDEX%;JdIv(b<+;l%edA
z_2fk+L=BB@aB9g*bdByjwV6a3({*7SELYp-#)7zGDMrgBlT=Z^u+IAgw%D)^mci+r
zK@`>LY-v9)Jh(zn$vV*5BuHP)*z6)A%-d|g`+;`A7)t<?G^HaS%_Y3t21Uz);gS`=
ziCLkSF(nqhyLYs|#TQALIAS=BUh@2JoJE@uS32WyQ*~?m+0=ODRiB8bThJP(F#EmL
zeN@K}?5B&1)|95R_532lvJF2CKv&XW%{ZM3;{u9+1yAv}<YD%nASnAHt7TJH;!!PP
zPQwG7KluHPbuefP*{d<J?dxu;1Q~$LhiHmrH#Ydf;2o>L?uB~~ONstMZz>^?FHGHv
zcHL&bHbKKxN-;*q))e{QcelvKa=B0vD2VRL5j%u}@FvA8QZPx9zUF-9_G+H~x<?1K
zIHfuhM4k4ZxqHKM*JREN^$_HdUxgKOWZm32x40c9D7cm?b<+j~q%t1!L6B)gcY+J%
z;R+&FLk**x3qzYUpJl#<X{QM6`g>zcC@(sx;)7F>dWM}s9^Qo>)?+fg5)~Y;hg3wu
zXl%ag%D#cZ*uWA-yC!Cf;F5&8*$}U-6kbEh<&G|S$TSOSl1DKYsMFCjIG%BsD-khT
zUyha%%~ta4{hEdyA(n!cu>rPaa1l`=Om597&}M%vSz{Upo%D;9V5!G77mF`Y5bHaj
zkJ?TKr(F$y)ACph*tSU3YkTtgr+ky*k~j{kVoF6|iIlKi2GjeKS#7?1(C@k})Z_vJ
z50XJ0JFo4^9Yl?nIFIsDdixCEd)$4UiQ6gAHjQDi4GS$y+AD4T^gyV@2*&H0gcM&(
zj~l%!%`v9f5n6top%PSxxM-Ss!W4oIrqabikzV-`RtpS^@gKHy4@?JI$#4VhXUT!P
zLQo@%ERYm>D*BP?dF!LaD`tKbW=L>its_4kuUpXeuJ<l3pi7TUDyKw{?l;pLTS9G|
zXFF%qFaEPHpov1s2O#6qNkw%fMvoLnMTY}OLRW?*?$u)(@i=b2_XPZW-iB<cRv@pF
zfJc=n7`a~5o#6LN7qnfvS=#Qyjpa_$m6v4G>h?rxe8bOlYspQFV0o77pBdT}@7`WJ
zfhe+qN;JAaw8nziZx4Q;wIr&Yhu%u5*4!ym4NS*tlY>XK1V#=Kgu7AREBao>O|1OK
z)olx@Z{hkMY-<@tq?vnQ`8uoe#qd!4IvERgLH)|Z^KpMy3`5G1fHz<`q{ZONGuCJU
znF2ilc-uW<7>sy5gEV4dmTqwYks7~%TR~O1J>8B~iVszq_^wX@V(m7jybxn~q>a~a
znSt<)4%I??K=+YZk-YA|W|XGfC4*7^)w;iNXJDn<MB)so->|>GuJ(ZB9}if0i`y9=
z7LI|?l?K~RYLiXUfp-_oU4+!KA+bckDNu6m_^2`zrG>-=ZlVrece_NE;<U?L+4CjV
z9JN~YU*k+;X{$a`SecaZqBE?9AL7sd<8*+E*0aWpDtQO4&XUb9FK(ovhU2GJy&FH4
zNb?tC$c8v6*UM0=I(A%%rh)GcQb94IZlDg!E<lMM358Mn03pAO(sK3|Id^>Dxz)}!
z>3i>Tx=NYUnqcaKo;GLtPdPQ4PvT?OgE?8a9TLO$+vgvr59M8yWoNL?t+|`0LLuNf
zi+5C)(2b2x;9uuZ)mUnpQqEdlCYVg#ii>bcvk~31xuZ)Bsk;g*Moa}v%WHo&wlbaO
znSFo3p#6q~RX1xUwJU{|5B;36oQmur=+h9TiK|%oeKGZrx}{aqbBo|kH|aPY+Aa>a
z7&7`!usjDPR7E-zE^acuNibtab_c8!F$;0xBORR1@1)tU6+I;sNt;25CsDq2n!&Lc
zcJHr+A$eb`9qhl`kRsZ^r4aND2b214h7d^?2Gsz;kC_o4sZs8`j{ztwBl=p6h7uuB
z^wNFoi)$f0Atj2dB178XGVc)k+f3hY(t;e|26R#M$D-Ei_^+1GwA@ycC;$j}hAkLY
zyN<|NehTaFq5~z0I?vQJvy$np!kM8oNMFK(!WDzzkf@U*tzbmUt+2nJTWJu^`L;Rt
zf$+`l8Kg6s)fUq08fLX}P&I{Q0(W5)U6go|Xaa<IlG)SC3%lu~12eJkRK&C}4Ie%I
zgCxw?-r1^|T7t$4d%@%#Mu1PSQ<Y^0VbXAn{j<*0+78_1niiLcAFWGtl1a{bk|3YG
zGOwR5S-%Jnj$ng}=8VADbKy<$)UScWa_OJ2VC@!~;3Xq$WM0874wd+ZTf5&F8Cp_M
zmcWr&eb6}1P#~3@&Mk@Kde$8DogXo~okl!NlA#}hNZoPHt2bOC1h}GQ5LQBu)OQfV
zsM0uPUd{UXBRdp+*8It-{wQrnA?atlU0)I<uf%woWnZ0X<K>3#dk7sL{Ne|aVHeD)
z<&VBNe<_vkzZwrda@EPTzK^zfHAa>B13Cxs+9$Tf*2=Jo0pR9Xyg0+^>uFSQG{Il*
zsv&T?gR1lgfA!eMNdR7rr2<6VP+ebf%LJ&Bu6@b92~Uh7$Ri^o!i?7nyk6sBby#8!
z*CDSvXTLzh^cSje<7yKi2OyiC$X=5rE>rLzN?wHc+!|F8T_=Kst{NJJg3nHG6+dYe
zB#_9pE_tgYWbAB2dSE-RyhXZCH-Qh)W!t|qSuNOF$S@=e4xry4YJ8e|6Qa=*c5XVk
z6a^noGRDVm$aFV#PFZm(mw;8;!F=25+s5DBGKgFmd+d`-_nsg0RW1D2&Hf{JNu54M
zM!Z)Y66r`><*fzw5C$JE8V(_bGrcwqCw&ovuM^3ZulEFbrn_-OIZ>Lj4kT7oYj9Z(
ztS9g81~UmA19R8c31o=6O;P;^;~hXEx(s;&lNNf*-_L1bHvCw>wN^G1hl;_5&1aN9
z0T5IbA}z)R67+R$MD(ICUngVVb@J;A6iy`Mkw<o&P1aN{`!dU%SZJ?@0i@D&4EiH%
z4$^vvq`UoxV6>(XSZ)7rTF)1V^_zz&DVIS1*jGzF!1!RTE*nNDx7vQ%2OFBgQ@rjv
zDRGAOYTj04kB1Reyux5jWu}$3C=qa`L=VS}slBU&MfbC!Ay^t1kABhbP-&6F`LBdJ
zlif@QQEJcFG`+PsQ=nXK6gu7>hJ=?RTILCYz2l3<YV@Det3E8R@yM+rUX8+9%`EVx
zLG}Uzsv-E*Sq|O~iwPklr(D0~J;+4tjxZ@@!o!jOLu0Q0p|Q^7D}ny{*uF2&kY5Bt
zw@}ib&P8HU93=#)-Y~v4cE4l?MZO|^5kxZ%q8_x9GHdjoP25Dt#0hUM&X>06$daK%
zhsvt%ee&;5(nYFLluG%nVEz97Xw_671V|*cCxXsurP*X|P8$r0i_xvc2QDjEVc+j5
zJNEu5b0;Gr&R2*`fQ(%PU3LoMWP0h`h)IO9eE$K%FfTM(gVcU3BPf7^HWBN??u+me
zTAwLE6x8brDnNhSOsYCyZCNB$DP1{9(iUdQ8)1BCJ_jzk0*%2F&z`0+_q=`s--7pQ
zMFM5pKw{cAGUF14MCskb5qpqYqPSYdXv>K&t6rmcL?(81Co{Mu97zd9_9-r{@<sh*
zsYLeuWrCO^Od%S3Xp@v2F;y|p9^sciP`U!m$=nI?vjY~hik7g3(t`~FwNNG^A%;DV
zO#A9S<N|BR{!?K#x9Ke#7yc_?3K9lh!NM+Cum4u#GHgZp+?XkUu4MR6^u|y?Uv#qW
z<o`9|jI8aIhJifDm=hUC7xmgttIk7@{Hy1K*mDtjzI5i8+~a259)tT$5&#~V<jI{O
zK_^cIa|0T=XstI0@nk-7yhIW7j88)H7mx%NqG|cc?d7M)1}%k{q=0jR?hgB#ID7(T
zpRf1ec?&e_Ess1uy-wZF^eR7`Jnp(HHOvE7k)<2a5CK29oHR+7?cZ?0Z~|^RyY<rx
zVCq|-yr?_;h<y6|U=B|0XV{YtJ;6L9>4z}Y#oh(N(>qutU%dWbXi!Z!7VzU~i^c?z
zZc6m8WKa>566`h~fFF5(|5LlMSS}3A@aFcaHtqwOS|x%$wAj>-Na24lRXc;o%a1kp
zw~koBGe_h@??}UX;NZq6+9C$mifm^0q2LQU;Wo9`^`%jE?I!*|Osf+J+mM1DW5n@|
zR`7z=wTwW!QFqI(d#1do)Pq(S0aQ@?U{&M$i^LY=WEXCL{!64#tVT*}Z)|W?lz~o>
zQ=4M+o{0?W&%OAcr7A-pRw%t51CmBCqct-*<+s|BD=ep2i)=LuC@4%F-P|frk?#2i
zr2H$zK6j%f5w<?y@>vFjz9H72q(c=7DLw@lQn(Z~tpn((ey0h`QWZgeBnHn{F`Vak
zPk97Xo&*5UDo^s1d;H_P3J@aWvpI~<Q6iUl##NZ{Ekym@eAa~w+1x)*ePOtiB`V&C
zN~DT{fL0LJQo}OY{Sx(<`PCD&nn`A&Ab1#6VpOKW$m8=9>Gp`jah*q=IxCq<jMFY1
zsv|X;^IkG9aFfCq=I?R-mfMph<~q`k#jPK}CNLO)P=nM5KYP7CMWP}zMg~aY>f%Vw
zV=m^Z#`OkeO?82al$EM%tE0IR!Q(^H&+(C*lih)d=8D>nB-ASOC1cJ=?uspxh-L<^
zJ7VJblbN7Df<CRD&ge4i6rgXsFjJ~ZgYSMa7$W4)(`c`IhGZZV-bNw5I6V9rOdpE@
zc#zg`UaeT29{K$(b9@bR-pe@XMog3w^g7<zW8d|-$+eo+@xnJ)#l&*gDb*KI<1ar-
zVYaM+1ZjG2BF<Y&7|;uWN!n!5HMOp}KH{CtXP}Q&Z8pq>+p^Sc-X>XbkOPfm#cu@W
z(<OkF-03}{)J3^4YuWz=%m;)tH%@^iQ%9#yzPDAPC{1+mkkB#ek6#06k;?rGs^~p6
zYB4H-X0lL_|M-KqbFx(!>FBbEJ{;ipPQG1SqZXi&F|2(XwHs~Wjy!!n4`fxGN(2AR
z9V!}yThy(d?_}|>0}go|{ruZ;SCV~M4OGzM_K~2;lq^!Lq*&cp%CUeOtxy2qk|29?
zNZ#R1RhGK7RBb-CSXFd=ufDbYW{i79CjSOayz*?j&1fKG^2h8(Xe5)t`BipEPqUT5
zTpmiSLijRBZ%^X0Lq$M_w9E6%8<{ua&Bytq+p1>l1YvwlI~s*!GU{6ugo(7^cKPel
zQ@hhSoL?8R4pTFW&<!TTpI^m*+%a!J=YJHEm`;SUEK~mDV}jQykmTbHBS!~s&Fsep
z!_MhRtrKHNDCI>UUPENx-B-*589$r4ZGUWJ3>49_(f;2W<lg$VM@429{Q=iaj_Sj^
zHx2N+r-uyH+Dlo318J;g{G3lxty5)*RGQ4)udj|TQ<)N}dX5)RjFEu&f4bw+4|pz{
z+N&pLp|f?oSjl2%L3#*{H*iDE;Huj`tB5WI(Q9Db{Z%$7-Cj?OoGD0KN8zMH=Yt$V
zNEcE8r~h62L^+a@m)C^=Bqq!yheoG#**_SBv#&@f7g21EQZ=vnLW&mZ^=vLBrX`xR
zb}kZXdC96J*vVv(0g!ny#FN|R<0G2oKi8IM6N}71jIvY1Z@q;j8WNIDqr3A3T8X58
z{^QDD5O)0_GdOMoEH4&9IOQX3DR2u}BvxD5o?0(9(u^(*@~-TzWq37uCcxXJMwC2K
z_)+xN0l8I=e4_@Qg41X5OY^4zs$sa_w%&|UaDPF8%Xwr4pz-R1ZjU+e%4HcXpTdgO
zcX)iRFz(o6eiw%HvrPN%d-P9f6>t|={Tm&2zbV23a`LC&-zjnh{BV7P32=<WVQ4i~
zzu+CxWnKjz-_6u!!LqA$Af}E*a`!uARa7=13~o9Ma~V&r6<LjWDy=#zsJYr4C|#sT
zQ=Wu~N975c1I5>y2y9Enf5d2*p-bzI_%J8Q=?SKkDI1>XZ~f=lz)xBFpWdDRP6=cv
z)*QVrR#|UWr0FhECl*Qmw@%GoUfyh6q=Bbt%xtBmQsfkBKNu9x0(&=<TOb?H5sn)u
z-vX^S2`db^K)4#suTHV`gzy|ZfNovEQW@;*ld%oZBumt4c*l>~fc%6)NDkD2GEzHV
zu68Z1k6ej^pkJw2%I&Q>nyIM29cHq_Cf$KEd_5iOCb$|m;CU5!cLyD%w$-L%9xGHI
zCF?etL>>^4Oj^qAl!&^TPNcBYuMg2S{bR(rszw(Bz5Ir9W`I=H9fl$d6OS42kUgO`
zWe<EdjmJxnc+29D!Z`GYjn9-ixzvc0qs45Ys3PkUOA#24W1*R}{AxOQ&gYW&9WD4U
zsK$7T<MOf0`xma`q(mjKb9Wu`$vp3!mmshoi+%<K+~>@F1a+OLl8VSvJe=hyuS*=(
zni=`LlWbz~%N$W3AP(b$95=(eDnf%(8Gw;orF8>}MZ>7A2V0ik6Pq_wmPx))=#fSb
zaJJX^`*;4hRk+&G3>g8_?uoD8If<b*YOO|2D0FK@)Z)9hzD#1T;*jtnV3}<Hfbx4k
z$^!v!N;naC)KP-rufm@bNvb6y`Xa^gu-iLKAk!Up`3p0#!W+2jet0Cm1Z~0PDPX+A
z@8S5?Z0L*({|Qb~BcFNC6Pza7_1LTMSR+PWcktjkyKDOU8|W*2IOEL>O{iA!z_b_+
zcGb{A5_VGQv}EsCx8nW|0I0tR`Zs`#3|8DGgp;XIE}X&ja3;L>_h+9u%9rUZsfRb0
z2zhcD+IlFtn?LLU_cpo0-lCT%fbjkSLQ2nBno@5(DD**nbse9;gyzxVgJLyDWYeth
zB$O2SBV&6C!L}u>*LQcnOP2WP(UdhxR@$ZRj-vGr7TT`C3ra5lF<y+ULFuMSj{Nzw
z78O|s3Gt)1y{r7EFyb=#Y8^<V@ii>Dh|W{Ll@AxZ2#?Uq9xAD-^4uB(@DggR()|fP
zgy_RQ7p`Q|;!?N#hxw84|7&5Rwo#RV(wkOq>=tH=-TrSp?&UrSWW66vGZoMi1W@^k
zdOzI6SMMTy0rr{pFK<f(Hv0_$LfgViM5aT$S^-n;uc`y8G+`b%Ep-7O+f_w^)#AGm
zy3<2PTXHC>nS;6KR_Xu*v>MLibOr9q$_?qC)UQ2bPJF$9lF_!tlM(j>p97N+dvQ>C
zjb~*d7IZSIQIlo#j3n3f&d$M5xS$WK#jOR%;6leChl&t~`00Hqh)pc4I6f`hf?<XW
zXZyQX^Rn*`uTccWk0&k)U!CPuyjA-8Mh`vL$?l`<z(u)Vljs0$=LXlSoA@cZGFiz%
zo!vkZB~3C4=+4X%_LB=2uspRuLdDE8sPL$oXS;SmrH$~K#c#phwP%&3t?8o~iu<8w
zADF8@V;)-)=vQ2z@ZTxcuZT;{%B<Y^%A2kFSir&O&*z5T5q?S=xPt11G-l)bAptfF
zw93hb=fYPnVnl%B17>R>%oO}WUypq+AH?(-8!%rTMa{?|4=9jkEE^84S$sD*DnF|F
zbJajj?&wggW$leX(X7}b{6ouMFom2LdLKe)Ye6zOdEK2&f~#wIG^5t%C|DLwRaT5Q
z6_jSr;3@OIS0t-3As;EdvnQ7vDlPR$$-;cM`;(ZJP9P)x<zB2Jr9=i@M&%0ntsR8_
zr?-#)vf(27ZPb$WJzflLZa-i>m2v#6rVbmwO>z1pPY%jH{$;BT5(4`RhpsBSG*B#g
z+{S(Wam|rFyu0dOKUufBqh?ij3D+Ea@Y1a6P$m@_t!T5w&*$r{yGkoWN9M)0dJ#f9
zng_<F0YeiJIvx_%z`tkYd4_#G*_YGa6eH&#(~jW9*|%c3zvhFm>@Tk!j>hPt1W`X9
z&?AZ5_=r@S?RHwYY_IN`U9tUqSnjG&fcsDy50!EQj-L&rHdP4M#+u4!M-Q8|>v_KD
zn|V}WOZo><hzVaIpN6$EpnLkNg_8y`%xk%=fC!XV$3gvfR#nbu*XH)VeDa>%toynl
zsRIGl5~@lY7Ix9iFW1g2;uD>mAH&^GSJPQ(0j`HLzN?)7?YysK45a8Xg!>bDplk6-
zERM?6<q3oYJQDIpVZoz~wt8mX<g6Ak1d_Mw{o%i@=mrRbxL(!!@js%72<$2Ys(Ml2
z@|1jOyF!+=%y~Diq$oz%4i0S?J{E!mW$9e^#^;t1BFsJ<!&5@~R|^bCx!4%v?TN=h
zb2=2_WZdmU(7mp7x=!4)w}WbeHXeN);s@D4x2JOF0`Y;?QiBpPPW%+U0T~>BKZZ%@
zz86RN;?N}ir*4rur=sXI8qJO-&jWUwdj7#zX|-O2e)>orOrGadub3ezU~n?)-ShOc
zXtPdl)vbo?SqI*?uGQpX_~ZWCP>DR_3r1E=(rO0|f;ft@EEE#T+b6eEmq*)7*PAxi
zPB~+{A<Aqt8K;dimAI9kxWBplT?eI#z%7V_bsCte3YxuMU*;adNpRadssKz95K;!Q
zA&`{q6NlUPU%}R$pHlm`*Ksx6GSh>W&Hrz6s4eKsnrWas(!Nh6_vzI~=i)NjdSEPL
ziXC$IL_5|kYEK3fhY8dF)?df;uk7U%Ag(9A@fiF_pZ03%jB8Qdl`p2OD#2w&`3Jv8
zAd<*)BVvFPL#^db_n-xc{$H4Y_+%o8&6iPBK5}y)*hjye)#FrSv%!;0hCHzq3WN=l
zzTAx0n@_B^#5W$FoB8SqLIvygvE=o2k+xJb(al;7B0^DiLzoC%*BDAKzhx37JklMC
z$eLmO$I?Z_x#HHbTb>f87#{d2(S0Wbpz~_bs#Hl8fjfqSuz1<XSFoi#zP$K`&)=x<
zD}VWV!X~VDH>soJtvbfekKO`Q`T1+UB}2_PHoRQI#%jnFOUB|7po;7f3$FKwM2e#$
z{P%$3+gZ#+9FJ$l|0=cr37#RM5w6nyK(s^&POx;)H&iip7?3?fjNpAbwFeT*4Hzv(
z9)jP1RQsRyS`X!<<5Qx=J^6namt7XxOl`3+T0tC|kj<f{wcMfF!Oe>R*&{r(YNv#+
zU{#sA!^{3SqxJD|yV&X=O6e7gM-zN>m*UJnr)sds0^;)9@WIsz{{0Fr2%TJyr94{?
zK=UEvhin=wSAw=4Kj?=knSY57MKSVt!~pT#FS3FoGpI<XzoSV9-2bZjCm7?qB505^
zkZPMMmLjsz$fdXrq@`54@>PC`AS$d=eH>caSlX!>m?B#9qaq*`2x68@TFO&DVtQz?
z7Tme~&03J^ZXszw@|2(1dMO__d7qA5?ddY?$TWpZWp<6_iuzC<8n^7KueI>o?FWzx
zpH`z09h%aD?;V9@Ix|;%m(2=J((|>HkTS6d{lA*6CtX1-s0A{^+D;Z0zQTIb)01rl
zfQ5f;bG2qZ(4H85-4oY9cKK7ppBIUSy48sQa5irKS^oj`z(8sN4x!B5;W`|EX5E%I
z8@Y%*nkBU@__W3CyfqAI(S#bO0@!qB=`QbYdV@P-kxU4GUGdv%$)!<z>&$>zIG-$A
zrVzk~hA9odEyg4c?Vll1269Juzf;In>-jxCZr$Z@MKiX!w0Q=hM-E#5_pC{Q;K?)%
zSA%f%hZAMpeH*r{530CxIulVv>=Tf=*61s<2^5lngzZeLbz=vp7lN|DPppJndWik+
zrM045s#7v8c}G!X>X!D(R5Ana2|riZIgb-csf%U@Vl0$};-)pa5lvphog1k$L&g7i
zwYv*{$E$1}Vic+7{~r0B{W!ttUIqT+r>GUCyZ~u-750~?D@olsi;-TMLMaZf751AH
z`hyP%S;{1@|4w|8_&+y*kJ^59a4?qOTGsRk{dEPhpXqekG1OOszSpY0F@ci1cwG<N
z8yop={L0p!M2yAb*Twjps=zPwn`tr{BI}A;n2Z8YNQd7R@M<p#eB%g6axe&~Z>)ZE
zV?iD{CvyD$d*p1j{t7jMskB2tI2_PNF7mM97SNMMG7w{0F!px`IDe|5qXW?e;UHz#
zW+z+(b?cP7yNBQ2H3l)8wL$D$w(THMG?Mb$NF-w<W#nis1I{fnk;&GdSoxQ0sTk<s
zduVEmGd*OOMX|rcGrJ5|vTbSm@mo#VBE_1ps7m^8kLJ~ZU~d5;jYh}n%+Wt5sI%*c
zL!&CjwXv!g#vUqw7;8pk{kYbLFAl;j0;v##{_9@Uiu7rDO}PVYX(Qg`QtRH}TaM^V
zpev^bI#Z`2kGQGGlzd80_G??`R#(va@_+pe%+p+7)9IRygqM!2G|`~iE`RzOJ8nK6
zV$~JJ9ko(Xd2NRv2QS|nCdV3(_taUM|M%3p$K5vb@#J6;Xab3oOQfJK7MWGLT1ytK
znElHki~EE?JfyFFYp0^T*1t|#O9}k#Q9J}PGsAPv#n2nQWa7FuO~6j>yM$yP2#)M#
zzj(wQiu{Bqis^Ybm7sUq$_r<FY|0$ebfJu61NW^#AXwvbHF|Kiy#}9ZnHoyNL7Oqo
zsI`vcgrxw2Hwm(R9XsZxqT`=X38{aus-Mvl_JH0cB8?ay6Z;QxboRfCY=6SI%^<yi
zE1736W?DENCk!3tAC6y3qftO5=9$m^$$K0d)Q*$XK;j4JMV{@hjQ%s8f|95}AnOK<
z8bI+s9XQ@^Dbn`92EqI-hY*$}?Yz!43{oIIo98=(mCnQq{gpU>TWnmVm(oVVy64Y_
zbq_kfRuP_~HxH5P+_S~hPV}W~b`>@Llj+dv3Zvns<pyFQV%B{~FPg~1P#8y?1|->s
zjatBbgXl{*?~#>xbVKj~2<z0yO+}1_;ZuinT`6@8?FFcZddV<P35PgTZ0}*!tpW6t
zn9PQ`iMC5~AfzMEb)XIzNy!DGHy~BZWTHSKBs6rk;u~bH@b?T{BtDpdRnZ~78E@8o
z`uz`yKTfxJZ~5fNn<{3kFZ7C~cHvGGcI{IWPhJrfpqsRpvx!^b!X3q^vXa01LJS&(
zG(-&_5KaIgQUfn?b$OpNiod!jfgL?x@{r*uSJ9BtL>fUiX2>czop4cV%wU;DF1oh2
zWp>@9KHbKD`o83f-I}?<o9gJmdI+k$+tjS==q+rtuAZLS6cb@Hac4*(zp)q7>C!-9
z{w4LYn}h&!8pU$}GAQf<_qwx%@Bo@e#b%UFL!%hU74FGlqNGc-L?LkjT!!QJ4Z<ix
z|AX*JF-0=TVaFXF&UCB^Xn6s$YDHr!tF!h_CN%S>Ur78>0y5US6@AsFZQCwOAxy9-
zZ9>D8#&y5IM$nJ^&{$lf)vf)hsHOR1h_wMv3JcZOPmA*7GI8+Fm$P>0TL@#Ng!kmp
z#~YC}7iEqfTY4oHa&dFu;>zAi3pb$JcJv=>3&QXF5D9zno2R8y5bs^~;ClWdZ9%g0
zf^F>-;Bm68AZMVcXT>#BlrHUP=p?&r@mNX=J+HJLN+-pr9%k2l<tsM)DhCe=>g^Bo
zFVN3TK}E%Ue7F$`r1u}Fia4fI8W8Grq+(%EqvDbIFbN6>oaq5k37uu2)J<X$SkzCt
zfww{_ZGKB+gn(D1<k3U<0aPS{quy$)nHOEFJ322O-s?>9qQ|hgs0;)ttOOXg_=QzP
z`U7;Ce}~#}=9b2Kg3)5wTG_R^VY-?kKW|BL`Dk;g0=C2+8kJ|`RO^{M4I`A>&yIh6
z%MWRq>8u6`#gIU=&id>;Z7voyXJCKExg&;Qu7t=^N^0`4JI>JOao|aTN$tyz(x|u1
z8JG3Ta?rJv3BQD-1mNAf?`O``un4gq6IwH#T6Mr1S&$GQ$ryFsI!fDOp1u3duuVP&
z^g(+q8-sj()&qGYMycJc@$G_t(|V@YA0fFlWZU;qiwCg5Op7N0?)5f1y&dgW8?C>w
zGs`7GByxaYHGF~0QZ*wo;y#hDM^ZkE(I)Lbb;ySr*UMeI(#+u(_~t_R2<^aS+a^4<
z0T<!1U%3_z4g>A4{Yhd4n50w<K~e%at=aB9tG<x%3L!Nnb7|uWXqrh>yPprq>L<Gt
zEqSQ6U;q?*yM`aG{31xxJ=^Pt_FTdHPIRgUEu`#rfjPxUPc}_4IO;9hhR;~fk;xP?
zm;CEyt6yUoZ=#LEdF7sd1rXaHn<9Q@A9UzaNum*)u%_$B*a+(TA~zku7;pGk7L9_U
zq=fHzIh8({Rs1Avo-R-QP^~xmui4%(5~a(41lTB1%3BBu3TklOANh|=F#OlXRY?75
z6wN@k;fME4spHi)bj&5VFn91cO_CXsb133s1D?$2i76T-3MLk6;V8NE+$!B_BQtn0
zrYmvu^x&qXJ+e4&U@j_7G044Acad60K^r(7L;N8ZpTF6;Ph_S@m+g)ED*myteg!Or
zqs|~@VtJllGYg;_E*UmPpeW@W?5`XBP)Hj>ga;Web&rYshf$xwU$j2MB>H-*$YWn0
zA)Pc1UgHs5p$1o?M(;~ZJc{FTFg<)58Nn%Rv_Ba^$iEr0@{*E1{=#TY-RchIt#$In
zGZ+u#eJx-!J(;g@pSYicE^(331ODvsdp_+&vuHh>)`&|*8vcYr!0rq<o-1}13q$11
znHWzlQZ_?K1zFm&R-A8j0fO-$YftHa)?Rj%o&Y>#mdJv|j5Vp5J2}&&Ox#@{o3A)m
z|Dwj%3Kl<$zp3Y^bk)Ce0ob*V1_2U63mN9-wB%p2y`P)m59337y3>G!K$PTn<GT7?
ze^Lv$pIE4tkg)c6&5)Tm4MM34r~DGi1x)dxp$&^c(-<D>OQDTyRaTomJKgiem8Ui3
zQsM(WIG{+y>`QYek-Q+e!T2G9+**`Ig+}xc+=U~IcuJ*+r0tH)pR>*1*mg$|4Jf}J
zCCQ-C#SYWQ);_Y7DGY)2H6?y}agFh$)IMj+<16lYI$G#uirC#F>h5O>xPxUP+zu%-
zn6mu;a?4ftIbp~{YcvNIBr@}Cc(G>&-Pv5p)W#9m0HuI{KtaIMPB_>5%RPVIf6M0d
zzn#RB(O_wL(HBg(-kuUE{Pv63tksi?a21v$02w3&astQmp4ce$PrXks1(pH(%;_Yw
zipzI8&hBfP67p&jbYDj9OKKUUv-Rk7&Cb+Cz%nthG%b-No%^3@=RsO&GsKMmL^T6F
zsxw@|rn-@*@>z1e>Z9?a`#nbAa6UQNDlv>Bob5`cV=b>z8)5CQCR8Gs#1fbHvRVtS
zX}h1J$iUhshI(mZE^9+ualvc_J0g5-<3BFC-`&$86PFXb;HHmJ*xxvOs#r}x4(FU#
z#Pq=Csq^Ky9=NtI_=~2iKn(EO=5%JG_Jy75YU^tj%Y2mOJtdnSQke6r_`v}2vs~Km
z@dz}tJ5N<S$z2uV_0~RN3Q4EEY^u&OtJ#82dtjs8Ju)xPkUW!s$`KwU&XLPdsa5Ny
zNzf?HfCSz9@%!&+wKnK}>PXEKFoi_68D2?iD8IRaUWI!Pr%<1Ytuj=^cxN^oGMu)b
zjiV2Er93LSa~GM&TI|C@<W_l%bGlg?aUy^?c4ydxm(Xo16kG$22e`bhiZSp{(Ep6E
z0)-P2-Wb<2k*O6$@UDbi3=h4n-jb!7=4|T@zrPuu@<viK*Qajy5=oxdN5sci5Bd%D
zU9fiH`8^Wf`N53wuRv=FP*=V6$&u+0vK>S`AvUw*v|jcRfsVYrM(jr&i%|W+q+AcL
z>pwyJOiYq8)WX@3hfsv)Hq&9v-GRS<0S=eJ2sAllBECkED3r*C|Ft6a_PfjJq+SvD
zG`hm>z6L4QD&e~_1RA}gzT8EO6Rbvu(E8#6@}4~dST`LqmDI_i7G9aITL_`grJE<g
zp^<U>tgBYS<H1Oh2>6KlcX|N&XjPUIAI+zwxv&X##ZD^F?p^8Ko9fe`@e=rGyo<Rl
zyFz#WXt4Hdzk`LijI_~K1zi&j?HFCCY7MYO<Y*a4MkU*DTpotG6Xox%!Qto|_>3bi
z*uccne^Zi3mF<(4!I}RDZy+AgceCm`XlXFXyv*Wi(H>7Q{E5v(?umBnpM&4#d5+%`
za1&|O7F9NwM*Dr&MOk^K)d1-7DJx=>p?m-dGvqSGF)v3XheQI>FB70UUK|WUzULU3
zNwrj!*?A0GkBz~PHqj{C|8_!VpN^n~im><L(i)teJSqS-<^5o02(YlhBP<j*F*F_R
zS9ZmFy839VRVwPPIQMhF3O$E~y%fo5)5N|Q1iV*!*%3cgCoav66#;_+hO_e$3-N{z
z@cESsy)Ek7c^cc7MefxU6Q{ba27;uwHmq)X%;n5<O)qHHsII&qqa=fntM2@KPi&1O
zz-WK9>1U<R0>~$!#4qgYU2Jp3TWjNJVTnYkNK4ZkWa)XUcl!KzkM{TT+bzYAqpbVi
ziw=1`KV3b>5yb%7^<Pkw_#v@rJlpLBg^1&nQhzp}k59v)q2ogxnP$gE(UmhaW1-eg
z1f|Q@O70k>B!J%;lSEYfJA7Yh?$`4nTsxq*<V$3?=NDt$Yjr0r$UwP?<j(pAuKa`&
zJ(I*U-TG47l~u|^Yi(SDG^3YNy7QwgTdaj~u{}>c&~X!RSMVYiNoffQWKaJ!O>JA}
z`_gS?+(|-CSb64OGa5QeN&nUTs9&jriQ}v6e+KLMTxi`|^R>b4;e}z*Ak})COK6>b
zd#%H2qvmb6W6%3T=;>0;=W3U)Cyc5PdZa0+2zK_HvA6wGsu<kBq&3KXmWrRV-xlFq
z-G8sUxCg3VZXJtps>Lnn84x=>pdxEzXVHpX>Z`LMzaPR<Qi69mS(Fy@$Z)N7WUkoU
zmT*<DWWR~F8dP1H35I;~V0wHR5(;AncAaUnTXB2|WZq;hp_<MS)w6^@rl@21cON0i
zXS<ZCmr8!0a+=f<hOoX{KsM@8x=4ULNVSQuc>r_EQP$WqLCbV&@&pHtQ->)9pUcEf
z1dQb2-_FCmj9xGqUuG<a<&E4@_4=#QU4f6UZ@5x6kMrimMn{^rukZLcU6MG6P48nF
z8yg#d<&%-U@fv}#<W;=6Cl*=ZH#$!5CexIu^mGrLlP5Vb=j$PtK4_dB+2<6{A2uQ)
z0`Z$jWQmIpzir5ZsMHwM$#$?i$J`AX(MX%)X}IcJUHlVJu$!6#-V?@Huh%|O+pq$2
zme89OBe`Ou+a-;7b^{`66Bn!{u&C+cmTrmUX!HAM4>PBPP_du`4~Oy<WR^(2l4W<Z
ztd9t3Gs%;h<j*R1x|j#7)&|7|L+3Ba0m+l|V^z^O&uywS+>_anqqJ_4q3~E!>+SBg
zdTGr1*;n4l(z}u%Lx&*@nW$Z+a5f$6!C_fsE0qauy+^n$jY<ZrYdF>vgq3)24^;iT
z-qeg4Y}D|u-Ju$EBRr@$jysJ++)wT2ytJ|_F1k@6PgUb}45mxjw{=y_!GxlL_@OYa
zZZ&sOkzCqUSwDeap$fkYk_#5SabO(L5vrie8RCqq@0RCW*yM$&VHR_Wi=zjS7M7i4
z-u(Owz9BZ!K&|*0i$dPFm2p!UyV>7Awl%2vzti1Cl}!;UKgU4s(`m%?$)(M?_J8qv
zLw_2emGLMjEYSLD|6ehJLvaAs!AKP{IgM3I6my7BQEO$RWFr|sNAxC2qe^Fk*YjeX
zrOoxI8xr+x8(jGQY&7P3VFYY4Mq?SsMIUhd{1~4<Uo-9UID&H1MZzlSn<8Bz=}@L#
z-c(0S!I^|;$P!~qapE&4Sj<FN)YRZ8L&Rmsshyx~d;wSf#)b)8*8%soeNpSfvTY$7
zl}v&RIu|6}_H|Gi1$G0gt`yDxI-X!Pa>6e@qk`@eJNA3qDQ=3Cw8r)Qv^{0A|E*2s
z^6Xwjx3<(3pXk<hR+auSzYdaZ+j$IQ{q109Y=T|d?BF8Px2KFYrw!zyn%XSUvmZ^!
zTw4GA$8U?R?NV%%#SF+~>k0d&vJvssx?kwYv-ON@`af={dR}h6H|c|jV7dgzK$L<<
zjl|-0*^dx#J)D?O5`K3})~Miuu+wk<8BnF`x-%HLZ;(p~ZZ?q=io6w2@v<7((cky`
znVik-TsF!g$Um<y)bUqJ4%zA$@{hHK=W=03TgdG6<XObcRDip7o7L9&S7o5uc*VyD
zvpJL4sM3JxbYh^@68kNqp4JGxw(;ooZl4@(J&~fY(~GXxp0e$vD_2Wy^k+#_TgX56
zFkiCT7t!^#vhM;6ApGwlf!!R2a?ax=7=<=e?X*)bWrg|Xto&w>PEwj1oXjl-Erj>~
z$olH2ESKo(m+qF7?gl|hx=WGnZlt?;=#*4S5ClO$8l<~HO6gEa=?3ZghP!@Wto8lr
zx~}W<&YU@CpS|~)5&b|joDN(|=ylLmilD5fCA~f4tF?xM-@YC<{IK@+_B{8^v5(ch
zryG1jts+DAkF<tXKj@PzK`JMxwI01jUAZ64!rYySM*`g>A!+8X;dj07taF3DPX)tb
z=Z3KL+~Jg7MJ_$<i)m~rPLaR!b#AM(s!U1Ycc+di2@WpIH|L2NLE-%lK~W9+-&QPN
zBFH}B9DI}KW>sUbDLbc~ot9f0ls)`9Fj8(!Y-Hb~UWhIs!>jiNgD49(2Cn~_$TOLz
zW|GuXA2<*diepQ&iW&rf`Pck^RQt2Iq{h?-m5*yhUi)+HE;Nkq(BkDRz8be(A1^jI
zCpyoR&Hw&uocs4o4gy<i6idiP<aTwk&Qh*lw@~ua_9f%zWN355%(TS|(MVyXP)xBV
z`I)`8-2EvI-Nq=La>ATd7&F345!47q^o!gAu}pZpDs9a|zS127Kx3E*qomlv<>R7o
zJ%N{*M_w;pm(>eVdnz;gW+hM-Nmd92_zsGtSnM<=JhdyKlyFxrMuPtNqYmJ1-<~fp
zNX#5Cqji~F8kdur_tE>NkM-LOPe{qbPn7DL<M5p0V)1;%M|&JjSK;K<)w0_=@B7O&
zjL^fF6o+PyZ7CuS{pW%E3w68ie0@^{5CJRi$^&9n^eMkXMmCLfqzz1<(r|SEn?m>M
zVwog<A_n5BQ~Tzi$LPHDGSRH(=sZT$_Lv^CeG!p?iK(@aUJTPu{M_9WV_{jW$h?2r
zpi;~rMOErOyv)zgb!ICgmSB~I>iN142u)6zgnF)==k@zaeQhd=6XrzJLLVJEJ_J3l
zugyjiypRy3V$A!6Q!QBC6nZC+cO`Xc-A2OSAp05msoJhW5wuhjL9`qc$Dhg3&JeTt
z{rJz@>n%Dj4x{U@J8Grc<vjw<OSk2cVaONn`~$(GrdNwHYfrSkYWm_odGb&G;|ou0
zyXR!@K&4`M$M~#KgXsVfiQ(de9_^F%aN3BdPf{d>aQ<XpPF4FYi9UNMj&;v5J$rux
zm*c)1lq!JWQE3X@xW`^aPu!<*cZHv*y7tXxbC`4M>jY;LQYUIvP$EnX+BAXoE%UgF
zkot<Jvjuy@oc>@nD0*<I3M*Ulj~X-k3yy>I#FEJUR^(U25|a^C=lS+Cme0GEc2^GJ
z;oR<NJPeRN>U5F{pUOo5D=|P#9;DCUUpqqrFWZz;-bYt)r`=t%y=%XUv`Or(`jDHu
ze45IpqoUX3w!UF$obwk;23X8mb=w23(q!X^UR|7>1){mEkC0wB*!A=yVHgY9D5w(~
z-CWr8=ZL;9*T#BY?GJe&p*56Ml!p7KmHxCdQ?|J*5SijaR9@)yYF5vGA|2z{5z7zh
z7YSw=MS18el%kTov|+NOEQ@+Sjh`o3rXhs#I8E?^s@bv4$UyH-0q++^2)jzo)_8RF
z>x!INb8YURj=rC-9HWJ4$Xn?2+t96*F2$TgqYeeoT)z#dd;ktYB+^DxIFr{OWSU>b
z2xidtxf~yv$<^8QETyuUXo-?Nx2=L6`s1Gx*w2)0o8REY^a>S})Y30KxBanlzrWbP
zG*xNRF`p+LwUqES+H`ELntZ-Gj7vU2^CMSMfkVK=7poN$$n|D{kMZAjPkHIgvlT{y
z5m7WCC3So~lIGj2z!nY+z{!{&X>v4TkpKjD{g~DZ_QH$$Z<a#emDRN6_s}5Ra=GkJ
zA1WgcTNxAVOXn9ArSqP2ouY2)7v+R^g=(xlcuRQB1@v8?c^IElOsx&~53kv`0Xx*;
zq)SEs>PBvj_+l#XU1LAoP|31tYc5Nq?4V+xnVscAZZ7)^I^$L&8OPh*5g3~~CF<)j
zVGT<3iV48ffIqS^nl*cS2F;qdx3#tPz>QIgy<FBVpKJ2-bmMxJBH^|^K7OfHx+UOB
zyUk<$_RP=r3Fb0d1QWXC+Cl#8XVu25krTmcUtEK7&$LvSnl`%>IY|c#lESy26a7|k
z6A9iIXLAQSvbFTas)~lv8_)B#IC-$?BF%)uRqc#;>NBMZe{pvZwnC|5$Gguym`+*&
zCFMyXQ5$e$xasQdjEUuOiUmv*exCf#ovjp`I2-Mbg3Vp?DobZg8la#L{Ep3=3w8Do
zu%RoWfwoQY3B?PKM%Ue$a@RuT^mf#>*x~my(j>E`#N(91-<{qRnvZ@MnX8NQYV%uN
zC2e`w8pHURk_u@`MxLv_kh9}cWu!!#exrqH1qG4e*n8*wLpM9_R)m8;FQxu2`A<Ht
z+Q9Vhk?(gJgO_9dgeV=|_kyUqTruOX4q4MSfrg1xE}IioZsj5MtifcO1N8+H`2;4T
zt{d{3aiV?GH~DitlkfU}x9|eT#v=j9hmlGzoX2I%4MCSKUjiRQxpHGl`7(KJu$Sr`
z7jsWHMi(<%OW!H5KmM@ier-9T{^#rz00Nlf;3P5!e-`#W35+8mU#RD3N@r3;<Pf`g
zD};ihUhZn~ob{Auz#<gWfE{0YS24ck?yD-}ktcVS+3*0H=?LXBQ%vr=422eci>EG|
z4oEUkB_UIub&g;Lf~(~w+orfW_Qt1<h@xqeTq;zE^2vpGrRmW6mc9xqj?PoGk(i-i
zM@_*4#|GmFxrfe&dbFSBaoR<H+BQb7{)f|=@Kj1kpKS5wt?{%^a3JDc*Ds%$Yxdlw
z(5W>3XqYDzVdL6rMC-~1L{P(if#m?m{c2~rw1bFUmm77ZZ?fp+)?}183ijXiIQk4@
zaHlSq>=Ll(KblSBcoKBuIPIuyf?MCV>{v54?!u>iN_FhefsP$U)gXE9n&ipu@i5!W
zimx2ZOeu^{ZTdTQ!v(unrE_KRo)*g>g=dh$;;eO})zj^+7WLBaqiq`xP51z`i9WzD
z?_`H&bxP>UmP7dUMFx|Q7mAoZyh&L^X;(EE5q$o>!uaE}EP+WN+5gyCN8Q@(9xi&F
zDQb($i;PMAe8bssrc94&f4<gc?JX(qIpgUGJ-!xbyBeQ}i+5~U3?$r5K60EdK90ev
zyzl(3>un`h?(c@$L=<TU|3Zi3#aE}KV%`<Mse6Epmbxbf<sIYTQFt8kkLm6ihf^6a
zX6~J{xU5qk*+`vPEr0+&<EX3j7>W6cYOCQyL|Be#s6UT?;`=ziaEK*+{`zy&5S6}8
zhvDcKwjToh)O9*ms=MvY_?V*i5%tRZi&mRlMj!InbWY~ys=v;QLn%|kL;H)QKfhox
zH2}hH`ZGY{24L_<q|kCGg$AInm|jk>St;S5dS{Dy?o5UMYI0vjLJc|!&h<OD+$dI)
z31?Vka8qmxbK3sjUV;>jGH~M+sOcAZ(ps;rLwf-2r-rBZr<=NG6K~CO7>qL2?>?yt
za&Urr;BMf;HauArH&<92-EfU!96FTrEMH@snRj!?GtwX?EZ2o&?R?{|e)e9Owx<Il
zQHJ5quBZ86n`QmnYW9URa7x+U;vn7@wdXqco=!NAk^8;Ql9PMz!F;KxF2WTWmif#S
zR*Ql~dt10wH=HAS6V?-j^T2O6Q4sd{;~;t!uvPS=pw6L-1EliS>36f^#G5*~U=Gl=
zRC?NT<_IPOa7mxCP_7?C-Gfc>V*!oFp<Q7lI@?7uX?4hdrd*{$?5fnlJygfI8j|0I
ztS8-4e|BZd&+ny`;qe~+4TZ198lWE<DO#UKX|KIPAKudU`l=VRdSY?uCkj2!bau5p
zo$Bh`Npm!o>8!l@bWUy-=cxKj=V&-P^WabaaffW&pix2eE-|a3c7oH=NHo8rV4J@H
z3<T8Cc2TZVv&(AtH>n8p`55U`1$Cmw&B|U5y4fGRzq?_w9{q5J*LjyEK)O)=6v!&^
z#e;$$b{SZ5DiDyl-7lP=@0#Ubudm0bSJS2)J=a1p6PK%hUA$(iP;ZI7CAEkP_IA@d
z$n`Z9S3Sslh1BbnCNs2+l2*E9U2vmyVqSInpwEx;)|tA@S=2+7HH(C2`KWrgMsy?t
z*PS7L6Qjkb_KU(HlDmP_x=8-C^NcIaRuN^j(+%$*z}{p9-H|jwUK|Yjw<1dFT;r6Y
z=K9O+x4Z#@$<IC_f(>c*zr8$0`!kRzo&xw>g|!IK1vIFZ=~gEVr*plwo3B~t1gM&a
zH2zlDpC4hdj&3Uy<Hm!2C=@6yw}Mvae{{-ebwc2)jRii0zk8i5E|Z{8OhDsYPfs8G
zV}8nZ@tg=39vTpNOHS$7fo`tS%KwMCFEBZ_RQ+B4Sh?DopLK4q(xgo3J2EPwh`?OQ
zmGr7+1kA5y`w1JY{6<7$`brw%4R>aC2F2hdmfWaj_tm1`JB%oPI5<0A+ue^yc_u$%
zml$-s*ySeU#ff5Th9m5SDn-2i_U7I1K)SF2Gpo>S!dZk&iW_Ko*R;WA)%o{CV!Z<i
z;{kJJBbDuTE)RjN==Ff@H+L5GlsAJ$Rn!F9m0u1IJKk|hN9tB~ynUkM7k3MHx<+c5
z0hp<wcrydy;`hV%{FE=YZgQ^ezq1ZzzuQ^dYcXp&ECh;=Gf$T}A)K3*Tqwg+HlQ*?
zGl7IH`n)+WT$PnL#cF<WrI3E%4@uo$J$JWlmcYzk)_x}S!?vz<vWmt60sgW|KC!^4
zfL_nX??DVY+v)56`8fuY_{E>{hNWiDjgd?f=>BT+&*Q<O?*gUERrnDky8%jG{LO4d
zpf0G}m_L8AU!A^2hHjsEhlZv={=WFcM=Is|BXez8^(IjK65ToJ)&AxW2F5`b9o1hq
z7;&MevG2ZJjzCkKu&Cyqo%8(o{xmVIPcGJH7pzEwp&I5C^?O>VxbpitH_qKygiQAo
zvwI!#Yn0zNUoQP29;Ow`A|UH*R>|+Hnnb^}tRqoKjF9_3z8naP@~yG{PP^BmFjcA7
zQ|z_h=<|;mj0=cew;Z+`1nx|g%!9g{bT^!$84t|GmKJ@ngjvL(Uj3e(6?n4peS7ks
z^JHW^29as(c%iFeY@yY~!HB3w^jEB>3s^k2ru^Rw9rj(UhD&Z{+OE-DJKtzyssysI
z(i(m5j*?x0(*2IyjcyLrv{iB<df1;HhO>3KoQJGee}?m@J7-IRr*E>;C24QafO99t
zLXRV=<e85MGaQz6Ir?&4|DR)Lt?xg_j=1;*r{)?F<#JO`0au6R&|I~QY&1>n?bYeB
zAas9w2~h09)hnR0az5rews<nWX6WX8A39ED)p~)2ON!T(U2Q>ncC{(eybHfeuUPYW
zc6Xc4tE`8*M{6^$mwwBFX;4+@VRhH8!yJ#8EWS8;#1770SgJ#C!-H+(iQ=ZUpYxNv
zIBLY718ikC=ckLVwLByd7Rh7-hyC>@sq{JWT&oRtRp;h=v){;ybx`m3VGzH{HAGYj
zypXK=1mN}}taNtiEv5gLB02r*dPBybm^fr<K7O)(JJl|#1CIdrWA{w$?&iY8cda+3
zNw3yARSRdxKCEm}NgdIk-a$_k{M<i*H|LJTl#~aa8%Ji>^>1Wn@9(ZY>D2<Bq!%e8
z43jHcu#4*M=JXQE@obcP4;Lg1bAR3a17{`9yEgz?cN}^@#;8L5Thh<jR{x214sqh=
z_@kfdK3s{oSoLAsZ+iA%aI-5RAB7OY@Vrcj2}xsiZChU6E~X7p`v2&FJa1}W9MC^U
zw<aeL@bAa8<F)+cx!nG~RBITF6E&vFH#j|W?nSN06*}F4ngBL8!9YdT-P_zOTJr_Q
zdZ)+vTl1}{lF9f_pFWu=r?PsYQM1#BvxI>gh;_Jfkc79!lM7g5Q`rVg4C(=5cwQaF
z7}~S47_a(<=k}@l*}``?wwUhay`QHPy8~*-&l>VKVztH-VAYNtC#N-n4j~RbO6VgT
z{`ah2qtFnCSbqEixG)mIeB?nexWnd!X6*Ms>z>$OGu4+(ZXCO@ZV^>APF_9ry4veo
zNpv=YTIz~Q$x_8K^zxd`Tsnm}Ile*A%h7xmUOVd-VwF(Pu5XTSd+zUL&eH?`09cew
zCyD=xY1PURP35QHZTs2oUyE7Y@}m7NO^xoyw2;?m)&TH9xVbS1d+oVkqoFlPtcFeL
zJdsc+&;RtP6ARqx`3;ak%8!2ob~LvPZmh{okPix);7pvN{+P*Y_OJrSIQEgPD%ni)
z1@~z3?8Qpo%|pdS=_>ZtGLN=K<DUTG=Sa;B#XfDt?;Cpe+$X>JD0h8VgW)C0)pV{w
zK@$~g;+Vm^&OXZJ^~-P*h~M76OHS=8p0BN*9mn~+Ig;!XFXOhvMBlm7u)Gqqg)3Ot
zn*FoQ|6(gV95L=}cNRleL_y(B5-xm7$$qvXJ~k$%dIvxxc-UVs4|AO;ZhCXEJUD!n
z;N(@HZB{$4>tNn(Zz-sGq+<HuV@v?myQSp7nN`C+!z~9@)Xd`?3J|swj&CEq-TAj%
zncGItdJ&<SV9+N-$POcDhUshs`KDw(M`D8G<$||w4GtfPz0hMPy58P09UslgsCJ^5
zbGZJ~)V}7{bkyPk=Z}e*WH^JOY;4@_b8+xH0f$ngvACc>#%AK3Ut&-cU7a@cj`5XJ
zu86Oj6R0}}JUl$)utsQ~jDKfm%~y|?QC*z5q<H1fV!(8LgRv@kbyI|{bawE_pZ(xs
zKmI#GGiv+&*$JDctZ6nQ_fFJ9g)8Zj819MVylij`*N;C*EAe*^yQn@RDA*6*cS~p-
z@$5R)y_c$+$CojJzSuw9bDu%~!t+X4{u1{7*j7dTnU}{rIGXx>4r^#}PFI&xA90*c
zzH|L3sAi&6r*g2jS7w-yO}kg2Nkoc15+1eWtloL~e(maX^9D467uc|g<&LPU!;U}i
zGf897w+8yp6r(tezB*W<!mPbRoKQke$7Sp-FGcmABhO%$+y)JN2^D~nH=n@G=C`-<
z*P=MP2Qq0%{Hg7b)sNJwo2rQ!Z+zXlqV^qW2|WYz<Ffpbx}c)+C>;Ow5gD5H%<dP*
z%`t9Qm(Di^2F1k~)nl(Qm-_qHE_0!^A3M{xbS8?Uf7}F*sv8EDA~2H4dWK2S(a~jR
zW@d;FmOBp1K7Ep?r7Vzy@?cUs;a>X-gppBEi=<>^*H!ZloUmUWUj2-sqB0R$6Zs#e
z^w#4s&veT1=fvrSp6YHPV~Wr;Wri8ONafnB{s3b}pPLKd%Qrvm7HYe{*-id<e`AkM
z9h&ME(s2j7Qzkq-d&6+$*UnIjI~Pbr;vd;?A^$`DS)F!y)y|3}<RAu7mP40$YY6yB
zscFda?(Ta=jkuMRA~0CUE9s#NW#3a|5JoGGHYkz9!=#{;`=@4SJ5+mYt6y{FK34z-
z^<xe6a4&yxxGeso)%Vl`=98Wg4Pj!fHbUY`%Ji+AQPICg)`zR7$FSqs>>AJM2}yj(
zGPV(Wqpv<ahlEI1`r%F2binCLg#Y&q3EJ3Q*C|i!_;qu9Wzum;?W5r)-Ebkca*Mwb
za4wsJWI7Ks{pQi$f}yF4P7aL-&+kmV<GSET1uwLQbcsKh4y3YO9v9`(n^=;n*ny{g
zEBmFnxbBI~VM%!~_0NI~3`g~~VTE}#OH4;W>iNY`v98PC!Q@&XG&H@W*i)321MZj?
z@&*RN0xw=%53cpa$v3yOJS48V>FK=A?Vr54sP>!XwDs6M-%n3^@p<!;q@d@6SSy!d
zr=x%X{eY$+<No=FhAF!<Q`1ES39XmIThoMaTnH;c@JGxMvpANz@?GO!HW36mShZf?
z3{x^fxhS}is~ppr^Pj(zRxE~!?V^rZA2&x<QW^@Md&62y|DL1IJ-~cShKSIGe0|>v
zJn!|9mX4Xx&iwY*GC<)aVrN!7=?h1)R^VGCO(J`LdCfQGxSWtUG<0hphK%Lsdb;t-
zn<Y(Fp<I%ex?rrPp`l}Ud)v3bZt}}KEa`Fs!g{$e)|dK@scU`0ZQ(k+&)n=J6sfA+
z4M})!|7V$2U!6c7xv2^6k9C;K7LD_Ef?$<iYoW%|C@o5{;D>XTfP>R@9ayEi-@uoL
zyANq*S_Sk2H#TBg7>(^PLBW#q@I-^^&cCOvuZ}~zQ4HjerHfuiMdX^4qfx=AD~nOB
zAT6zzdQJESoJLZ)KR<VwS5r%iCqFnb^z|KyxFOzvhJ{LuOu#7{y8gGV@k9*u3g^yA
zdI#JP5@kbAPfz}1ditXakP1SwC)Cp>yTW_|HnFu27b5t{$R;?Gr>YJRkXNEBxo!;&
zUB<qD?UqE`zUtI>UOA%cbPMR?oJ%=@&Q3}bUWMc?>I67hGA%{=eKJE%DsqN9WHxnj
zme43)yOVzBd&9i&RiVB9yGY=$0ol2r)=?l)9MZm7PnGEaHZwDeV!a?uaormvcW3AO
zN+AY@Ct`0TZimwa8v=zVmQPyV^MKTfae8vn%sASNS`u%I96p8N<m4oVjg9RE#Xl7o
zLkZp@=Bl!rVgKdgfk;>KIVD;qetNPe69tFcY>Yf49+Pe|xFjKXjMO+6OYu7woN>_Q
z$%mlV#;=nr1KTlor{!0qb99wU`J~i?Wu1bT7&`A+ocSe_X1>=k1@v0N*eZ|TRImql
z?93A^{{B@p(w(mzi6aS~Y_xqCfV`PmSi4ihP^zITx1dW^ZS65n507u3k0hf_!O?De
z1{&oH78aHn1QhH5I9Q*oY}IltinW}a0>rfH{7Hs(&VfJe_D(?McT3cg_yhY<=Ax^_
zgGJ{=X=tJ&Aqs;KwY8|}iTI~#k;8@ToX}i~vuU}VYcY%y?#x*NiwX<~H{){oY@_b7
z<vL2lbeF?)!gs~`+lr0;8{5vye|8RnuJCW*(@<xu3mF)aQq$ADNIlhG>XM9Dk4JXA
zBOr-{i|aF&izho16cU=Zo+waE^$4N~SB24>B~(^cwv?Ce&x8L;2-i6rg=1D$8rMQe
zIl&np9g`A^UQaGQW^V~Gujp!UB4lGD1&N?$ES38_uMjL|g|+m<KidudXb}wOh$LQA
zg6whWKot$OUfRElynJcAm2voe7yVucYnsa@^iA9^^UfEjKdMo(jRSn~b($DQKXeUF
zfRHwpLE+#SBGy9?EG+y)kSU{Ks0y16ym7IeX0;4jdF2gA2zqF7dit!frRBzxC0$;j
zTpqv(Wn^UJ7&J6A?S+K}HCR$^Rveu{L$}-S7nWAhSFPH#eBddMuJ%%$<AL@-RiOKK
z-~BRQ$z5!vc9WEf$24F$RoVEe6nKD=k~DO)e1y|#rIY*4>{R8>EgPwrMG1uQdl#SK
zZn;GSc`7(0sE{yMO;tT~sXw0k>|gkKm01c`4RR_G@gzPwo{VS^rbb}kFK^HFalf}z
z;$ni&o*f4#B#g=1&B`knNq~<v07dOrXJ@Cfu=hbLJrk1-JS_3>SIF^OQlGz@O#3I%
zBv_QfL`4V7QA^)b;S-5ojUf{?!iA|EB}}E(k3-iGRpz<L>|yhWc*1P1)%acPh2>l)
zyJM#}UX`~9SHUzgrq3wdz(=H!L-<^DRxvs@rYP4qBD2a|s>tySnq#uQ5Dj%H`6Ki^
zZZ4ek^Mk(CI{W00IoL2&Ev?a$fB!_*_V)JJ)=yANG;}jFGldI{5NX!ZK7Qm7elu0<
zTU}iZ-C9)3z08E~>A07&NY$_DNsX3ub$yoL^g9+sOe~dBfx8x^%A5R$o>6ySYRu3I
z1(o5L86$UP!{vb1Z!Al~`-|Nc<zTN+e=+oZFLD=V5+54Vvlh&!KlZW9$p5X^)Gkm{
z!_7T~wO0JyoMq>KD*h@XScsAF%&AFz?xXOL5EMw3HJ+R9#Zou3yJBj{%_n<M^cn^u
zitBrsBO<f~nuCTyLoymq{L$bf<UGZ9jD>l5d7JzWb1R&5bUkpv{y8~w#ienZIFt%4
zBD8WRCnvf#W+6RdVp|g$M=D3dmBEzt!PPiPddx?7)jMU_-yZhj9zOaE%^tPgng`n@
zK*2w!V^^iqM(w+OhH>XaE4(5SLCj1xVpeM6i|Ml4g8tZOX^DHTzI-VHC%6GI&RPPI
zZE!T=a|uhr-7$)IKyhiQ&E@6gocbko!8OQj&jmrcK>yPpZ;<ri!vfjL$9ZuT6Dnlr
zK1L4R{7v4gH}N`&RDY6U(0G<G#6Ce^GV!Y{o*dmsED_r%9>>G+Fa4z;{iR0{ZOnB4
z%>E7X-(}&4GoGt#cCe&fS;w{yA9>mMI9TEux_+^xH2hOaI{)3=<+7>rZR>|*ex2e1
zsP-a9N1fMy1`3Uo%1?NxVF}jOgTrIUuqs{lii(PZHb8Kq>FO$=;vpg7PC%yR1`SR}
z07DMAH5u~5z8%crm5z)aTjYv?M4=E|S<5?SV4!1bsjE^dWGV!Ac_u$J-OC;9E?9Mk
zz0#t3%ZtQ^CqX+IJVe~y%4ksE6d=oiNlA(nyf58(?Axbuw*H~cF%D_5;ZKxt8=|=C
zIAU|lpORcE?ZpM9miPKJ5EmOp#mza*)J2CQ1&97Og_eM;lZd4@|Jg7K{cr^;@QI%y
zqN3PdXYo6l>FewB2G8o4@2vHuIvF#bVWba7+#UQra`!|^@4>r#o4{D*O#8ziw46fF
z(3n>`Rc?)<h!K7;-qzGpuas}TW^|nmIq1PS<%6~=d^S4LUJlF`>I=<P)7I)^x3Kv4
zlvl2%PjOz9m^d5-$t)s1{+n`gv(5c|W1~GWx|=&3%z-~k*#CS_SU!;wE5*$&e2VRf
z1S(t=FcKzHQc^xxkVGQED4<)s($UeppXFKKl<Dx3vOdP&_4oVWk+UC(Wg)R2pk!<x
zy>Oo;2CKFv1~&|e26yfI@>13n+WQJ&6F2_D7yO5NsjHao>x+bRTjN05Kk|`ne(g=n
zVnRYR8b%Kf28LZaEnib+W}~H9$mae1tvwLUuU*b|v_P^gH{8~eQ@E3X3s2&KgM-@v
zI*LKk$B(}eS11}v8qATtaO%PHXN}q0qT+wfH??qhI|W_(gj}Sqhm7`wh)2Q4o|%Te
zBrh_ZW)#SW+m$d@z?YHJCVI#cBAA>hv-|N7f0H8`_qUjtonHVPS#`XfO_ZWGf3^1m
z%Ee%9T3lA8mH{y#{@>adfVH`b1p(I!Qsb?r*wcwRZ|AawIt<4bUhlo^WTYssuh)8^
zv5$kJ-|>Aqq%}-0bWM%9g8NcjT=|OIk&}|17(XQ293n2;RO@aDTVrlG&cpk@@PVIw
z{jqzXfS&zVwe&)vf~J?>i|q3QSsw}5gZ^T@<1%oKj7n-~@S4OH;;A3<{i3?URYwyL
zXm|=>l5j~u!FwE-bB_4HhF-19pS3<n=|&;x+Uls$^%2Kf-`%%#wn-@J1$SAQR#D(4
zF-O41NT_Xh)|7S{rho5|PY=2?-PuNy*3dwwvLai1)=D#5*`xV7kxI<c(ozu6vKM}5
zJE;^AI8wcd))J^C-Hon)zC?wGA0>8g^I4*5@BNCgE;mrFWv7+w>+2J&v4Su{otMg<
z2aoM^?QWHqFs`n(YXoM(`DP*PK`=vKEEl#bQpu;UUa>DU5jZ~QV=yqJcx=LBG0;DC
z*uDFvjMp-PL*?@G7daj<e%S*BP@&27PozbQ*M7kdr0Ar`n8&XO1z6xF1Oa7?4`h8*
zm@y(skFE~!g@|aO5k!`Z>+9=V*6^*@jEc&mq98eMm+jLHjWJas`!zb<Gd<bPrJK&V
z+E(k7(C#SxQf*z&BkKERmym9G27sW*dNBtPaBwn4b4GEfK=)h-<i}H=<F!6JbgFO#
zqS0Vn+VJjfsrrP3gdiUupV<?8gn_qRHPF4JhNq`pnjAf}XAqB>#RexVhcFDKIMDU%
z6qoW+%NBMv*>qORx8l-9=f|RZ%$E0jQhY~mkR85mWxZBi$%S51`_q4l`P=?4y}#aq
z`|}90R#q<!+Vn9Al}!3uyj`C2_GJA~y{}XG_=4f;`uasZIHM`jnP@a?n!^u1^aWn3
zs;VmhXS{&+=c;@3R8%SuVNy=Zk&kuTV>j*FFdhEXpQ2ossaay>1_wzx**^4($&-+2
zV~NV1V4e3*(8~rIF`d6y?CC9yM14A<Vd6?u98NP!OnlvjLq&y8P;Ju%-#9<Fa$TZP
zWn6>Eb?}?uN)%x9!SBOyc~aZvB*<`1PTaYoSrCXED=TFI$A!N{L_}VZ-6%8@(!A8+
z(adyo(%SO!HbI7l<PW-Kcp6_!t7FjKzu#4RhkEkLkdwH`d%wGUIGxSWQc#<qD$RvX
z+HAUzG)dSs*b3(Sxry3=loT_Q2gwh*g{v<svy6Keny9EK`0Wj0&BR1|V@3X#NRD()
zNk}bxIqtDzN+To7XtY#(mCnMqT~Z?0;m)*{Bfe>}J5i{7JDMfH^|iD#U8(xH6e=ij
zxXC5pPhx@B|Mq~iDe@TlFqiR3g8t^_RQ?*eGlHzqerJH$4i1d|k%{Q8@CH>&bbRjQ
z!C9fG<0Y7{^={QDPctGU2lW*q^24S|_$?-u(PpO+hDt?xxU~969~|Wsm%aVMp$~((
zi3N7|*w4!NnFKB%bOY9GcMtPa$o+Cv8tj@Sh&RqefXrU6h9xb8z@ySk|2yn>5W~R2
z`aKJjWN%o~{Q<>DI@iFqQH!dk!VT$D{B_1xRiGD7tEjMDEP*s4ZVZtHuMoHVVB8%j
zPu?rE_ct>h5L8{0aZkp~&Ppe#i29qiWIavO)0L1^RIEW#N^bZ_Q6m;4Gr2KZy}hTm
z*W^oJ@G<+7s0TBQdM(-Z?sP{Pc9oP79VjQ~ve-eDt!_N_V`3s!Q9+@Ko1Z@+$;~%B
zX&gZGzrwb*w$PJyzq9X7tKAXpAcGEbV+LerSNYDc%ZU0j0`wT}d3!8B=i_4<R><%^
zOVe=py#b~}8<K}GqM!&$arsMGs?%V|34vhz^hGAdM2&?!Nv>Et7L$rZxfX}vBBNa9
z;W8bF;Wy>_X8S)s+s>wXb4Ir2(+1U6Nr0r%8y*4WeUrI-Kg_}s@{$6Z8iZ8?IeC@M
zeE@yC9}+AnJ)Mi6kIxewG-{ga>T60(GE##&%)z+o2-uV&BzuR4P!;f~k;0DnpW!VM
zb9DEGp~zm-O6)|@5HPN2O2Di+OpLAQdT6{PsQGvhVSfov{e0gFAqa}02*S7X@Y~H`
zLUL(ob8COYvGw)wE35e%|NKSdj0&?NBC=ho_)UBPx~s@nxe06CQoTX-7pn$4CzyjR
zje@!ydhm%oQC%#HQPZ_H<He867@z%2Yx3jTDuJ~vi2Qf(TbKz@7)Mhj8i%#I?2*Ik
z-FJT#Ge$nf^)kP}E}@w)s6#);fhbJ}FON;DbqNo|mEa<C;s1T~RZbwwSLbx$#3XUV
znG<``D)LHF5zX(ZK=;%n!9q`@V*8*zt+?=0NlMDcvIK4Xu@`@pjoKs^kIT}{Q`Sr(
z(MXORFrL%*$a|@u-`Ibai;rdJ;Glp9FPpG1Gyf<<p{XN5!j*b6*W?au-c}m7`F#V(
z7Vr@ygh=n2+*gB6=o<~Md8_l1)6)l#+1SXNT@gMkEWqcwqM<Y|!e^1G(n%wC)+w0&
z(lad*Pf}AoCe;%XdTUSx^S`_04(P{JOxNB0)e%5iC@Xup-muIXD5s`JYIJ?p1L|hp
z@-PcWxdt3P-wQH-Vu-W1?$5wg(fHZ^;)SP@Qfyz1)v$S?Atj9rDk$K1VR&?M1x$>L
zlq8^bSO8f5KJER=T36UyyDi=l<HU!o$YR+n{<*+o+It~i{2dMh?M4$#bX{b4BW##F
z<*_yLPHCr%X)|5b{R?NIg;`w(e&qWTjPs@D2os&Mq<|2pZi*Lz{yh~YDu4d`Ye0qG
zVm&h}ZqgR3n!ceS(|NFqlCtaF6pJni*_x3dIZQ%QGVjOC%z0TyM@Ojxf*@Rc(sd{}
z_2z#M4ubARGI@*Mzkh!MN4+!8>yX2TA*P~YYK!6)RshTj3D;L<L(7oP!k|kk@sAtS
z6{B(Ost)KLmBbj1s0nVB3Q?rfT+;r?bnoOmva8;)_|Sy8c48taEt`F+_G*4!AwEG)
zoZ_RiSm{zTpOTDVOrnOq{w{)on<f1@3CT)-iH7NS>l74h@=IFKi%)cR1_ynWR-llE
z3&(v1!0W=|)Rg9KZqW5M1MCSQ(b~TXBW{y+a%lT-Ss8RL3<Mh^U5|u^*9?2rJfR!^
zyygEk6F_W1cX$~Aa3m16kJ`WkpW+zueJk8cPZ&HtqWEOHfq;XjTQ~aCr(iBtvP{gZ
z(GYY|edl(Qre7-)?FSM9PkEiCq-j9o=!Ae0bgFm8@2F}>|LIi#!<$peBxoW9-%vP+
zTw6J9MS6a(IweK@K8Ap4FEB9h_pZMJLqU5!Oe#A3^6JV6bc;gE#cH2vVF1ly{vqWB
zDPLou5Rc`N)juB>uWIqe5oNQp+<J=ePZ*iR7k0R-OV{%nDfr50Ni4AxuQia$#D1op
zV}?pRA^!Z__GeyLuRZi0nV5|&+^}OT7wOE~O=@N!Q7dTUl`V4+xghQdI=YtF05_%>
zJwu*uFN1E~vtau0D2t0$-y>1~`rBMWUXQIGRbXB1!RM}iNkFBk!w2Vz-WC9m<3|QT
z)bF1U0_>`(NwC!lqfEd-;=Bmi4--Gc?H%KswM|sp*cfC>XBsFTg)t`z*G!4%^&0`*
z-j{1LRDER&T%4tS{yGF-rO)QQmX?{VbtGhHbSzzIoWiB9B$7xe`>ExIcvdMkZq>rs
zWPNi<#5XjjCran)B?t(Iw{KSh*AQc64MVlE;1v|r@G2G-y88!F?O0kl-#=1b!a$@`
zbar-zu4Axh&R~yU{Zdjg<mr<qfB%h(KQs;w4W+_5KN~cdidY~6WRm9PD--*|&d#i(
zh>2fUKfgNIN<m1rGtEGvA*|Jyw9fG<UKCumG3>>8uqSTi@!ITP!YAC0qhuNW{-2jK
zo`G+U1?+tH;jJ&M6F{k>oAyAG7E?GFv{Ie;x-fTmXs{FHRgZ&3ot3-LUxtmkdR=d}
z)xl~bz&Z#Txs~kI=(^`@#;fcP41alfAog&BlsPh(OqW|wP_UQ9WA$AaP$H-$q#$P`
zr-<KQ($VtpOzcEa1t}l~m%YW*EjLL7EDo)BLqd5S4d0u=a5O;*T-a|Vh>Voc8t#+}
zK|B{RG+f+KtISCb;oaEji#BMm)W-yLA9QDDk4luq##m}Vi28|`7-eNx7#s}XCs=Th
z#en%z8poEHCF++l-4L<Qa(Ts{VBoOAFDE}CMdQyh$~&g+;r7{DM>?Ia#ar3vU(PP)
z^WmPM5M}j<&(^O(feIR{aGm)11smNMc$SXcB4cBf#(;k=!KBS^+Td#+p41z1usH<^
zMn-M_wkL~hX3O;c(ELX|04|MtX1WhBYlTLX$u;vpq!@@Nm>WDY<Kf<;=U$Zci^rrY
zg7-@gPMr<Tc>DhfRX>b6j8`IWu8RwxMiTI^&()g3;nUHozRyie+MUgtFT%mBcf479
z0B_XY!ow~#hw`4xZ*QwQFB0+OIyS1rB=mO?vaQ%UC1lsEXMN=`Ft2VB(w>|9<a={2
zHOp#?rX8e$E&e0gz{8e#<lmX=Y+r=<?lZ5wxhO?N#hZadDwDGf5-Ej`Q{49uJ#|4E
zFCSkZ5gA!?<*O|ILpbWY-@+NBq+LN5PETU0(z2$+0jn}+>Nsj|IrllL(<a;GgpAbb
z9H}Nk{C2BF#s)Sl8Z0!{IoS}JyFF1!^-@&S%=XRo=;-8G{7qL_<L(+fXA}Y{DXB<v
z5Jg`^gznL}IAQyqJr*S<QC2+k`Vg^_`@4#=bZG(w94x}u_YpH`M@B{m-jl;R(~`Tk
zn%s{s`r@{P{k|!9x+y7labrSgL`4ONV&~^`U})4QS9K`aim!lKoQhLhyUM5*S<lW6
z2Gi1-E(4+&rKhK78_P@=8jZT_<}9ANGQeC<+Jo+{dx2yYW!MP0NJb5>*Ek!tM%zeA
z>RLG^RJ8dkx5&`Sax8r7asnpofJ@wZgZh=pD6Xe=Pg3ED;96fTKO`W(MTYU1U*b*P
z7@9sHbnX*6k4I612Cdo_P%%HJ%C6vdqED=JV9rF$ougPE+We*4US*+=e;*o_mQ;-C
z__t*bHq`cKHAF{wbGh=hoTFxP^6KLG&A*WQ{`l#8n^6`PxX#@dR2OSV+2?z!0$270
z1)AmF=yWGP=?v$Z2<Ay!?RXzqvJcN$2D`dK_`C5YV2{8jO~~iS^au<>5s6v!zm3@5
z-rjL0z&{%Aj>xFDM6)i}r8%oxkZJbArhID=6x0Z<ZlMm`-LQ=$1&;jTh^h%h)qMpE
z+Scd&V@(V<ARSz5mYUmLxKP8e;ru(63c4<_MlSF9OU5VFAQ^`HaKd1oD?R`c$H-D^
z)5IpBmS$4!JGvud(39s=ia#>c4<Bm2vVN)1kC1%Fh-R3>R5noqTLTSj&ac)Xak9p7
zs8~(ae){XeVfjl*C(d6u6jDbv1Bs<2C4s<BKM?^e=T<Y9!Qn~zF=?iF>KJE_sE(0w
z<LEt$2D~miQO~-Y>-t~CTTy39{N<_I^SJ_j#<8p@-mb1xex86cybKSx3>R!4mg3#U
zq*$TO5~fEn{?ejrRa#9J>9oPA59&BLz+wz&eXStzsYMu_RfyYsGLu)g2@<zl|9iyB
zjLPHYwq?*)VuG%uWU_aBX{fDF29blnHJdE57%o&M5%E3oj=+JT;$R|n3P;45kqol2
zn)ff%aX;t1sklHVXJbbF;^%jJ1f-n|QeNv{adC0Ag-4PKJyM{{n=*$s$8$T}50~0D
zK{tv~Q(LQrPfKUUV}t!qyP|ihFYf6`q%p0oFI|ria1Qj(k*p?CYWZwfWB#~cuKFf!
z`U2T@UboTPoz(bLB8!?@>j-D#u@`-$h`ZPNmXE#FE-YL9qY&7%skwLw?p0Lg0`3DM
zGKWq?3BjEu0PaI=kvLH)u}X!9f8Cl)hX+wx(>3Z}mIO99{a9|qBTL;w!k68M!f~mt
z=^hS--Sd@qg+241WDFVZZI=g0=2uxcp4%y)?m&z9+8Z3T9}UhXUGfl~)DGYExs(Ej
zfO&89zuw;7I{<?H;DcE>Si1TUP^y0az&*q#0C^KCLDJOJIvyW-H@Ca@cE&0zReWF-
zo{16x;K!Cjs3m#zw~y&pgsPwNE|=i*Ot-$-RUMt$yR3c&d7DYVQOcO{5ak?n+{b^d
z*KZ1i$c>5nLkO6(ua-_mcT!0!N-_Ru6txQna2s+Sv^1N~w));4{nXVWM1HspBjo4j
zgDAy}f3=`Y>eXJZhK*XgZ;oWT3xl=+6;L>2oakVS@D2_RmTbmzL<_+Qgu&Fz%;uik
z6FC_-_nI`kBCA)?*B5lzC!5jJ)m#`nau%1^#dSHB?HiAR5HUFslz)drfBP@<|DQJ3
zmv=6eo%HKC`N&8TJ_UGBq|U#hB2{dhgCiophUZ%pR_RGw_QZrzx+x1Q+h@ho4bvFz
zKYAHD)ub5dJzdFXyQ|I4RIw+gaIi-%og*P(8B-zu`|wCOxSUe(YS!eojpLCK^Z}DX
z2m=We7-c`ZP-#4|K@r<Y0;*@*t5>h;$hb{Am0`@R?7a{R5WKJNybE+Dq=TP}NHeMQ
zZU@6gbn7u|;M=DdE#XfML&_>ue2llz5OpTzsx-!P<_<O@L4&4>`)6CBP7jorZl`7B
zxW3TjRKokJ+OV>0@&|erNkMY#>$jA5qdjzj<SK>ARZmh=lg}hC<3-RajaSzyj0h{D
zP>^YNpkoVIu;1>?W#F<H`&>Ikyp~o(Py=@kXb?X7`JuLq3jc@&+d|Bt@4?H%bCOYC
z&+n<n@ThPVa02dOhVbdrtW#j-VucR|8i48N3eE$Q7RLPv1r8pYQL;I};~vdbPcN1I
z`oFz#^txujLaZ4{ub4l0|E%sL6Pp47!4`)C9m~-XXt6aDqwAPG!K-c&3mITj%AW@_
zGqcfYg#VYeAe`@;JmNu!aijeTfq@x<f}d`ZXrwwcNQ6j99~WP+*6}HX{N=HZQi%sS
zxUY1=?UX5@u6~9|DNxh_V(b#QX4t_0)fP55JQT9O3_(4>Ba?KesN`6!SWX8lLgMH9
zJ(AAOw?Eoie&lMX=?nnM*TL0I3edaHv~_O)B<le{l2Sh5s4~#+ff7(lVb+IB84i}c
z9b#|J9bOvN$gKD`THT0;3%$tdS=DStR92Lg-GZI0Es27k97%<OS?p3dUaU6fvw`UW
z%~nRW=I5&(63kdoQSD7l_Qd&Lz+jI?7&<z-!`Vuc+#gd@BbEOJk#Ubfr?P_Rf4(Ga
z>~>o#tHL^PGPVl~3*8cLZ*fV<&_C}l9>0q=N>;oB&vpy%HF?AUyUbz7@%A72ka0eB
z_3kOH(#H-JO@}!URKO!h&<!!s`4_B*d+S#b&VzAq*3(8q&VT$)WgcJF?APIBGB!)I
z;p~2q0AeV_EQ8gi1~k_q3FMNs^^VVu(oI-@IZu?4et2%rsJY+$T}e4?vckycOz%(M
z`Tk<j_2s4DH(*MticQ3qBIEu5M^ixgNWnzM#?}B|qXs_A60)-F1kxh;d~@A|7*c`R
zj*t&`!tZ9Jp3$t1%NXIfzV1dO4Aa%kS?V5nwIDI<a{UN^(5|9hRDFk+RCIkt>ErXs
zJy*<jv8ndQ;S+{nm#>0I%CbfjNKH-ALD%2Ddq3(O(&n^`?8b)M4oa{502JjF6%D#f
zN={xaGj4+xPS=Oii<kp&rM^l5+TKqJ0L|y@?0X|%EI`!iKW1&V2ce(WW^G+sKj>Ba
zzv0`fx!twyhqG_frN_Imgz9Aq&1)v@y-_t5<-iI>#=?4Xvlo7SO$(G2z}#yTc&AZy
z8B8BHuQwJJrslBD1Rj~fBnHoRQ-j19UO;5V1Bstyqp;y^#NViI+*}B@T4Rxqj;a}I
zBEo+B_@Ur;byAp`nW>kdi^2qSdw}mtY(_>#x}~J0FY4?jH$-6tZGjlPbaZov^F0qW
z5~#skWP1GnzNGa<v{KD^Pt5dFF}=>$s5HKX7%vPBe-!BP{-fkmD)5f|hFBU)3O(vq
zlI2=#;lG=DDo?@PE^989`}$A*ZmgvjD)*f~F!XSvdU!`|@6AX1ogl)f+1L!;I5_Ox
z@6Ffpg8O1vh=x1Csuh_%#7HZM0&!67^7?F-02I^z;nSQ1Uzksp=|u<8e1b!y!7@z0
zzpGxDA=-VNEirKLy9;t@GOeC}1e-%@YL~t{n#t*WXip_bB3C`7D%bAX<ljnwZ3hrc
za@%I$KIo-V_oKp^l^H|jcP0fM%#i)6rVIGeDx)U+F(M*nj*a!VKxSZ)k(Jd0PWsd!
z4Vv)ia6nL;Wt5jYR&{hdNP2pnVZwZ}lE7{GL@N_ep7hH5pwATiH0nn{t9$MIJLR%5
z_WSp(g${A(ok03965vvSA_ZJgm>>CH{q;_J5I8S~brYJGXdfoi!NFcTE%oN5vbk=q
z$!6c*IO}p5#qRy{C@wBBtIo_+7)6f&co|f_?tlYBnRE(eb|6s$hKFdD>2*%FhK>$Y
zw5)(iL;G2y3bka@@8aMi!PBSybDf>0Z`0FfRXNj#-D+#4x9)Bpk#T}ii&Be>R1ygu
z+(j4)9sv>Z*-ZJ**YfgT&$!94Yj}B*PByUo;z{79(>P><qPV-@FWHMVpCRPWH*kFb
zW1qmW(;F2<Cnk~&y;d=%jC=X&=Ql_eBiX)8N#BiU?CypOU+ifqkRz+X1Z?_;=XO$E
zVYup!&k>{)5L^L6x(G}o@>-gjZZK*wT6jkHjg_74Nz+C{yL5T7;<w(1E=~j3dj`!<
zo|(1Y4J*CMQfgvd!c<U~K?Erya(732mx50Sq1(E)+U4dP{ZL&^qi3fFiuzdxJ-nG_
zM(tT&8|#ak<8!7I4;UOCCO-VtbUFcMB`6-xW;-#EGA4rGQi{G1Wnr;<_+~fB_`A)&
z0kTs>8+LsN5;?yZVCCfn>Z#fSLkjZW%norts^9nJAj77`kOi6O5NHIPsQDO?S>L=N
zDXBCm&%_8OmVkXqg(4$WKaL=^e-6MI6gW>n<wbypku5Cfx?gew%HWY^{0*L}%<w(^
zdUwG*coUA8y;zMfl$?BP58M&X0fB)ZQ{TVeVj>JrA_Er8B;+lSHkQCTnSrUz4?3!<
zpGXLaB47FWabKRkemgsx?&Vtm#|%K&6@@Tscw*lMw6SFnkNg32(=Ng;u<Y?AVxM*N
zw7n%PFzqQ5M5RGQ8L8!dj&R8y9AIG*$y{V*cYg3lFl)AaQL<lgb6xz22NKBXuH96z
zT5?IrwiO-S=L|BcBp}=V#AlZxV>UASJylRZUkZjXq7Wq1B;iytGrMjtmXnWH!+^{J
zZhiuLuk>9-gY{wUccDqgn+TjDQU4Wlt25b4n9qYsF8IBf)0Y>S!|PJUYItGopNk@^
zy7B{%W$;H4kbIv$#Tb^2Tk-vi+OYuy2^nCD(p9?z`UwI6JY?K@dV0Uw0~bdZ7Oq2E
zTLYfKL~zhUfye_qo*%%!eufC?bW+lRc>P)CXs|Vsn`maGToI{~%X!jLnJW^5LP?pr
zG(J4iJ6dZa8^qPKF6F<a%FN0ZcRTOa%}>kzFkzyu8P3$+K27;r6UaN4bBh*--4P1$
ztLvCZND<w@G?d-qe^C(^8Vb+RL>nFrBzGy)G)^P%Bqx<~Nns%&gaGpu5~{kpao)T6
zg99wHN-ZMl@`VgcJwd}n4kTjaAR)Fl7X4^^cJJ!hSK0B9VB>x8sroDHb@bfUp_K&8
zDO(H+mX!J~EFlCAXcQ~UY&zUhuM?qygVPpoSuxv?;r0CFloW;Bk|S(98;JzRx!_Y_
zFU^c0yr}mA&Q*|i7rf8n{PDv)CJFb7m7815dcJHNey=eASdsv>pu)kJSy)`d!onyT
zoPO`ng7k|H!@0XX+5}43-XYiej)GB2dS=WpAThwv=|1?iYBc;E|8g(x<^mW|61v_o
zN@}a9Y&|214AGf4j+Tp!)opjC`ch#S1K2X@I!KFc<X08kaCv!`d2RB$<SubDW!?2a
ziS{V&BGX5)Z=o6hM8HTfmwuI!3x}|2XEoK~4+)q|?QEkj&|0(eih+Z1Z|>O*$Qwq<
zsS`ZhQlPg2r0WTig~gv}0ALL4ZEfk{B((iru+LWX{d8PZP0C{1KT+V&R@X#?mfbh2
zG+yI?(sXIkxlTy<vtF4vBp1!i8zrs}zv<^PSjA*AiunFlS>|=+96{vVpSpR$kz5`B
z`W}VG?3rPOYF2kC?Fi-|3jslpBXGEMROlWXS!gpHpV{x_h*OE#j0KyKz&ev?q;om~
zZ)V<%WeW|NKg|F+<?$;ab;&p)4sa8_znAs;_te?{w6qoIjP<R}Snu%Tv<YR26$vLX
zPFt%fzdwHkg>YndtH`}510f;%GXdhpbXrk9!eknn$9kdfu|<9BgNcw^Q>f#9e~m%W
z;$8V~9xXBwaCJT#hg=gp?3_`jzm57jrkCl2MJb+H{qBPd9*z)ZsDvYFI_|HHEYQ`}
z4Kab~xazQB`RG|@I`5<R(EEIE{+)o+uSWep2>4Qi0swr6Yl3+equ0_>Qs*Ent`YtN
z0ku}cF4l*}PlyQ>K@cko9xNcqyPtBYWTgN@Ie^O!?yiy-G}4GcoP)n9Fngj~uWtLG
zHh+bf1i4MIz#sm92U&9+7Yi}`Fex5uSZjPdq2F6Fz0k9GF=}=qj2bt$3`@)KS2pAM
zpbJ^%%b`BzGBLmS^`FxlAof1<XLNFJQC}%4&I391TLYgMHBC6`qb69O^x?yYD?B{B
z0nlw94p`SVVfL&vhavFqZbLNJ>&l>j6tD~N;3u}Wbu=>07UR7nC;!wEB>MitbG%C-
z6-6{kKVM1NS6BcI;QEO~nz{V>X9wIgFAZwtipK$GN(@V4>kdKZYeU=(l#+^Ic+0x8
zQ`PQIOn`}He~Y@5l22<W<b!*Y&Lw|sU_7R(rZ&{(bDaM%Dk@3`ipQ1%^%s!rsCeIj
ztCI?(tDB_e=4&RHLVV%?KLUbbP2GCs857oP{Wq)+m5ZMHvA|#l&eTDc^4FZ@wz%xq
zx!gV{mdX4^1K|-g>!VNqP5um#OQe(v{BnjP4uhSzyM<F0F<MJ}M;J^6t+)SuKr1%(
zeZ>VD8zVa=WL<01vpf_7_(AKD40*s0@)Izr1aKwOf@MPoXpcr}7hKuk<={}Z|99ve
z0zjC6b6NFTL%h!sz)}496U-qfJQ@@{wr6pW7wgSFw~1;_O@&_@n$B;W=F0vGFurF9
zn%bN1p4BCiK$k(K#!SEY?Jw~?kuqpy6)qAQzN^Tg?Pg|W4lb?Z1Ms@f1bY@#R|nwO
z`21)RHK)kNm68EgJ6u{G6qKm{4+C`eEE)d|!YFXEFU$+!i^8#3;p#Z*s7k+BE*^>M
zm1#x8>PtjG$@gvXqKzj$-opD(ZyS;zH5LR5*592;(t$LeI3kDll$_(2fo;m3Ys6df
z^18KmZ1Io;UXQP5VrGvfKwe-1><GvNi{!f2`zbs;9O1Kkq6+b1XE?4p*5e{g^Z5PS
z`Ukl1yT=ej@?qK+oSQSfS?lx3eNPW`-1pp4A_N|(-bWMMcmlbbR@Sr(tmtj>3Ad2-
z;FaO`ECG<g3G9&n`lp%x7W7144GFn5!2#;MeIj{?;b*yNKNBtV(-RlFLt}E|7NYrW
zkoUfPN!#Av51bns+SZQ80U(Yq7=-%Y7GSgR`3Oqk`}}-!IGBuBU~GJ?b=T~?-a=ur
ze(|>gL=fdaA5l2Dm|?*<BqtVx8EF=NkYSvZg#p}|rfrsJC$+V*AK<QX7<65^jA5`x
z>^5CrpJ8uKo3^e4*mtw9mE$-b>_l;yK-X$(Y;2Skf4Ds@dMx`=Z&2$*7{UVt9_xOI
zM$!MO?K|VKeBb{sWE6!@K1qs{NM>2tGb19KY#BwAy>2cU5sJtvt0HBU71=VglTG#>
zA@jz~@3{JXAN*hcNB;-^@AdNH0nYop&g(pn@qWLL<GKT6hr<li^Lf+#OE;F5zyMrE
z!-|-@Y=spZJ0({1W9Y!s&qKv8;$ngTwR(#Cqg7WMd~djr<4`-RnU5*}vaNB)9X=;X
z!nTBwCja?!-W%1_72bCzy3!+~<39C@Wokyg4&xLO^6(&t9^Qf8DAy8`l6b+JNk3}w
zl%@E11NdrL+raE>E|9o8545-co{!}=+z1T|n@%AmMQcC_qoS(Hhx=oR&FAq)FIrtd
z0)eP}qLy^!Pu4{_*-i*ct^~-~x(FC$XVdKM<LUdn2`gxPzEgVVU7wDt<v)YOnMy=W
z$c|M1Xr=NT7(fuA*KJ8aNdJPfbR@+7HcZ1D+a`jx1Nl~Y>$4rjXMvhZY-(yk+u`r8
zTUz)>4i&F~eCf7^PK?`A`I{s4^(<Qh{4UJbjx5*@hHMNJzNEAC-SNX<)N<4KIC5}-
zj}HG>J(3cmcmt$q{8w`lz>ZGdFV7TxLq9Y9*!*-}itXmt@@%dWeM3xfcX+2ImiuR}
z(N`xEQ1=&ODX~(H9O{itOHEn%>E7zNTqC#Pmy+h@=2&9s&!2b?60ee|{~n0}>Z$e0
z(0Qh*-zTIu+GdeRd~#pq+n6T`LEaHQI5SC`6TeGKR%?U96VI}pKJ%@vMrLZ2NW1dL
zVqOHb+roU!<f{3LQ3K<SeS&#r1{6Di(812kY>e^We_daqAb3gRdCNc}8`A$^xMZ#9
z%^UO9{=B=h?5wPX9XHj3>t6|;7W5IN61I<;Q;&RV$rr;_a|I;Z?-u)h6nd`PlKN-o
zpG>~vw$xO$B_wnTC;*Vj?M)0g1dy5cGNZV)><^VD{xQj~j@eLB%8Pp)K`scYXXk>|
z9D8v8=`4yV=)hZeu0U158<jX7yag}pmpUwGlh3|Wcu!-0X@GwZoMToM2<hZc1Yew7
z`TcxVG2*kutlB;5Gpx)1JUtS)i+^)onEv9%MrKj*h1mi`^JNP4N;JD;M}5$!{aFMv
zIt+GwZ&RMPyZ6AZ2Hp1SHZo8zR-w@+b0N?Kfdk?fp3UX^if_EEVJ8+sN=)DPwp@H9
z9-tUGIXP21yG5G36RH#}|NJ$Ev>-%0DtPT$XuQDvE`R8kRJ0%e>ex@KmerPW&v<ZN
zQ}vw}A1g7{@)4`o9J?}vJ8%{hN+FSUQy>Gh<jHF4`4VRFrWMo^WQ`0A;oW_Wyee@J
zDQXtk@#>AJuG>H0%8uibanhzcO!j&$6u;hQI+vD1_%%rp1^QwL(JSXJcI6tE6_1RJ
z&<h9%9IL-}nI%x^^fD2A4}bsO+E-q_ZVh@@jacOA8$B@}TORXk^YRMu#cK{u(_U2u
zr;qcv?uAk@5JM?W=H_$o_?8(Nlfzrfrh(LLl0Ki;S{YPL3*IYyBS#)JTk8=2`h_14
zsJFh`ohZWh^$`)g-YxruW92C)f~e}|2FQUF6rL0~O*h+(kB_r+K+d*s5&)k-rQsj%
z6a!*;O%I$J!Wk%~e0I}f&oD>Wlaa+A3_XlTH}_U9YzLn&GQ`iUzv=16nfzYwBtn`q
zGviBb|0TQiid9o@;~~tpAsueHq!*&YR>7+>03FypNbInJ6B#x$6GDN1=&A!?YczD(
zI}1&0wYXwsj<U#y&Z&FKhG=gr4+)F$@U*)@k6Td)NDm>G$sblrl%A{bM)fP~=tW)T
zFD(C~Ea<~T4#K|G{zmd=FJE?Id1+Mvj+z3%#?JdcR~J{R<dknri*XXvflzix6b%}p
z=l!!C)71PO1N%F#^3fPx2B-QMVsR*Hn0Us)X;=y+)%h!0G6-_IKv`Z!+YWp=$`VU-
zlqKy{D#RQw&?}0HjSxEj@^S!XEHXO!-C1T@qG%E4)G9B*_t5|9J};T3u=v{M4f6qo
zg`@&&^VWTQXM&XJ)b^vVMgpMVY2o66_a@iysiyN^swXAwufmCFzI})96Wv}86F~`^
z#_acXE=~RtyB?pwA}a6_y#?CLn#RV)kI+X)U=fv}_}Dk6?j{@3JwG>xQ@wdJA3u6{
zKz|H@5|~H*#nfV_cpLVnz&0z&Z{X<()%j3v6ZtyfD9C>R2v2ER(bm-h%-N_YPUe@p
zYtUi33h|1>>c&(sHAn*I9u5XVOb~Vn2c85G7LM=0bc$FhB^w)C9Gt2S6iXHbj$p>Q
z=t)LKM&I{nc6H7xS56_)bw4xuuRF6r?M#~S8QQK{AL*zI7b59sHO3S6a&t>ie7@3(
z4&bvH)XcXvxpueL%Ue~kR4UHVhkL!29FhJ+d(muSE(DmOzPU=!#By--S6PsP54n9u
zlNgx;0@6qoRSoZfPBf-HKyuM&s%SuH-F*d|*iB_viG`u!6;6QZFZ(5Z<Z%0>|5%+_
z3i87X{(lA{emKv*bsnuW9bOmlIdg-QRJKY5B2=olutM9`5KkttCy+B0?yV_4-X;%c
zj+pN4-Ldar60jdJn%YJw0qe*u;CE|F3PX2hJBU`TC4d|rKl{%=PJbo#f|78QyDk1M
z%5!j>`vd~7p}zk0W`IRVr1haKF?a@|kr9afaFk&|kdVLz39@a8#m-DGlZby6uSp;n
z4aCE^lGE^?OCh1J&LCrQ7H^f(Srrv7><kKiD0YBKcg15k^gSU$>TP3(RM>`zxsQ@+
zU8Pma*cVjl|E@As47I|%==5J_&W(W#J3AgN0I}5*OPja}ogi$|KY(|(i6kVzq$o7M
z{B=HXnE0mpOlx?=lu~1!ki|km0ySia^ylD4dX+DkZ{OygK#`sJm#ms1ph15;?sU}?
z?*zx`>BhiH4KRx>HALPs9f}i+eF);|iJ$mY<}N1bu{!oPD(W9Si+UR1w=j8+W)>*^
z9hoI@b7mG6P6oQVU+55jA0MpVrnAf)NUo3ap0n#LTJLd=6&SHLR6>iauzo0^|CS_#
z8Zt>w$lue)!=Z;@E7iC!_cWhxd1uO=31t3eMIKkhPcY923ogNDTUuDWorYd%7Oc7y
z@O(6}=i~Yf+dUP&guzniwDKK^Oo)9_Vb?p>zqNe%ve-<F5_2tI6Jg^h$B!R#k{+L{
z+h+sV)fE6d|BD>bEua<CD@UoR<nP>U7EVE#nIkyKPap^owwGdWO`Bo`oD$xryy>~5
zAx1?Iz%*nr!Ubw+opk|RGN1;403Z#eb6tQMOh9%u1g%qsRlpRJAnv(FH4O>;YYPQD
zUGk;Palpvq%R!5R_<^QgwxYm3j%WWFIyX8f_6Hnyux^g5gEd>}@v{^FJq2>^i=`<j
zVqi*%+y3<uBa`;I(JIsf!zZ97ak3upiNJ1_zbnuV)dF&VGf~@~1rh|OdaJ&D)VJ1v
zl9DdY^(9+ZPobwX&^veL36)kvtn3%%K1AmLbzJy_iU<)$H~z@_x_zmh)qMBP@!qEG
z6mItjgNO)diA&G)P=drObTLD%<{QwJ6B7s$8X8Kf`24JhH&oXP8(ek0%^nz88jfX{
zYF)sRM1+TnL%yFl1felVIkBop)7{+=TJsdBwuS`z*q3nC^lh<w_t)agkCsuV;d(*;
zk&4i(-ojT1G+!$BA{`R6i_~+Ieq5P%b<lPBPST&CC_3855@cj0jtg}0`34a{h*x;*
zZRPYprK!AFZWw@EG{90uih_>$?qgqH-!Hbdwh2h&KlH(XFIVGN%@6W2<nxc%OVX#U
z%>6(DNA*YGwcNg`Kv)Mt87R8XV^p0KM(=1bsnE}5_ypobq?$rP;*ITx=YOSPZdAQ0
zaepF6A^mqe00E5puX4|y1V(1KbFv8R&f6LJ%%pXVjE3KUZj3Asl$N#QV}I5r`>&yr
zQFrG$S(LRjv?jOrKHS7#<1)9AhNWlYHf%WD1lfQG6DmTyEf-9~bh>HO`<mIlN2`9>
zmoqV_p{&PsFi(_#&Q$YJ!N2h1c2+a6I=s@-(vKDlFTuStVE64+3;9oMR@S1UmDRKn
z65>rbgSI6f@8GxDQLzm1I6Blvf{3~-k_9z9TZ3J81CNKicy@LCbn&A%)!tmEP|7ME
z)8|2eh<)A961^E3`lzS(ln|8nsZUQ+VMCIWla~R7WSoUDU}?!1B=%9y#l=OEjh%gn
zicx5Z19?eDKl!cFr$5i~=m=%rK!VbVur>unZf@Y5Cu(bh4u&z<?z@7*?R&%VXbu={
zea|tZf%}g3q-z5TjGVFa?8KLM7t!9kt?^e`zJLEN1V!myrWn|wB%#>o4EK78m-mxh
zdwaV%OeG0S@dp~(GoiP@8$Zsw+R*;$62MsuKwrvBc>0&n^L9di+c#3eBb_vduLUVn
zMyi7SqoQuBRLbiZ-Sz`X;CONtCu*I6X-?6tt*z&xqN2=pIB8jm`{yxrx8}q7#YJ|w
z41q-37DVV~W@{a0)s{^1h@mQITha0IYZjVa&u2^$2t^h3lrzv382_dJtr0Z$Pzvy@
zjE866AYyH@ksMQwrmo6Ru#5&{d&ML=CMF1zZUzMfz59#DqJgAj6CDivG#-S~!WO$#
zfx;r9RU!AVd{o{DNbYfn(QEB`&vSAgM^ZC0UxA#(vu<EuK(Be4R#vG3i-fz*pJrgF
zuWM{HJlL6x$OF-G(zAfq!nGil5V7*PsC3-yv~(atBnFxk>2PAik`GS&&ozF>>1rZ*
zNz{wA;R0!x#|Ea-peT33gi=<`Fa4mROAf&Qjz|v~SP=CeOkm^!-lV0~`E1O+sD<9U
zML9V+8L_dk&19qHPeVFybB$J>BPc$9>Gt$^l*0D!Cfp&Duv&^jcQktwaPtt_mmWXE
z`eKdJ3FN(Fh<`=-PG5IV4?k*TWCTKEzVj*<Zoo&7V5*Qvvc|eP)_v%$(0fkIO_j*6
zwNPLQbWM%!OVTnX$%QRh>+%C6#QVimi}N{#`#dw;f&#YXJTl(`{LTI*SYUp{oM%)I
z`}_NAp=OvxUL13qXVRcMC7l!q4+~$scp?0{ZHBno9u*dTkSKEU6O$Au3|)0yw;Wxr
zP@bO_@Y<+WKgrgutxP;UJ2f`^{M>c(2dyi~BVgtW%iLF(#Gw<GPu>YN3YO!TK29mX
z+T46?3PNomOng9rFl%Y$InQe*78J@WYrKFdzm`uVn(xeE1VuM|DYPX7^aP)f(M8qN
zRO^W_5_>+|z{6>s4e`TN7y#34gJXLKeJ0vzF_=Xb>4Zl>Ap<Re{{S%^!EIWJi!Ufx
zzxTvk-(<GqA{QSGR&|B%QJ+(8i_+7s^E-MHaB%8#MTK=jY9`ifi8<LcZhJz9fcoS}
zLBT0l;rr8}_NbXG1&e7a<ewBA&d_d28hVz={l|ndhUJivJrZ#`a`uGc;B*he+ctFd
z^n)R`-c?!{2{PL?$a%x5Y(Q-)eBr`{=UNa-(tO9DJeCxO|HCLs0{%)BT>E%2?{5FK
zhfGm-EdbS})lgF)Q*%H^sP=LUHT2!8rJ-hLBq%U&sW>n1C?;fwosETqG(?GsiTgap
zr7lJW1|syxgh^F{X@Sk;;6TA&?n^Jr$M=|S(=$e3Zl7sy{S@C?t5K7XC@<+4(!y#a
z4JvV8^*lUEk{~CmtfRaTNJH$m1=~R>9U96WqF4V@IIQLG@4p)hmaM!;Q1<t5%@t?o
z!Uuh7gO_?mr!&lekeG}LB7NJeM%Uu8cPdBJHA?9?=<FUrJ=Z7y0EqTo<|3UY8;&<(
ztsHKqQNS9+U|Br{o(xp39e{)Mb6&noM=ULW@3K&P;!!C*z58*xoK|Q?#@&d=L_oO-
z+6K-n52;u#1)G@g_57R+re<JB=mLp{XF2F51VE2N@$nqCk3(oSHaDZ;;@;bsKM9&a
zJpS|0*OO&>xpf&4%<0A^Ie^iK{K?OUFxx+B!U91cfigOIvZ*Q5{hP!(!TYR90on7J
znf+-KseN=+&O%;3aI@<0U{5tW;3UAXM`1rx&_-c^(MZK&zW26+A_RXH2n8jDUtTVc
zzr%2(o2RCh_H6`|%V&-9h;QHz?Q`xCYN_?nrPE~L%)DRn7@o*<_GIxTNib@tCnJa@
zl=uKtHnjy3(gN;-(Gddq4FmQ^XAhT9;+yxVCiRb7Yw4*vKAYT84;RuBawl<hYj67;
z`axcBQU9GTKUp{JJC30DbLk0@RoC9!)=<l#sWT;i@+vDmTj?_Af-I>Q4@XnSuf5ud
z-1*!rmy}@UmA(|QR>_os!x3D{uh}m{g9JB6r23)7nuqv$8xs*yaZ5!d%yp?h57kmj
zktCEcn=r2LOy*Z@y>d8C$?rVKtLwg%ZGAY+8<o}{XVTTL9PPX5?NMP;A?*DnQ}VEU
zugEX;{0(-tD{NOah<tIWW9hqI)9*7{T=z%G&jQeH;|@)59h)Lql6=efkg+F^h>4LZ
z86~BVZO{yV1wT#-uRKYLa`}vw=qu;tiR#|5-4d@g`jEM+fg9$x2-NKT)R(g4R#hL|
zF{?EY%kAa-XX^J3#j#@x@%%Pwm9^tdmn4x?n@PRT$QW7L`}fJXtpOW#Fq`78KopxN
zhtY3BQ^H-j2igBbN4vJ9%2=y!aH`7%u-+fzE}rY?kou(fK*%8bU=JPby-{q)IMep?
zYczYAX;^r8_5j$ohR8@7UuFixi%3lxJ|QSLxL8kHI~#CSuQxrmn>V{g{E06OJ;>ZY
zh)dngEMvyqMpczMO{I2~BGeM+ig#8$D+c4@GQv5uN+<7D`w=aJ{?#-1#JSy&9mH=W
zV8suqzU2b_!Xi<}$%acp0s_Nq#^~kIlE5RkeAjM}9zT0;tDN~O!zj_!Z^g6i_iLfe
zy`G+Xl@O@u79bOtg{b5t6Vlm&t*fwxyu7>$=v>_(2$Kw}pIFD^b_LiK;a#?@edw@I
z;9<w&rmed}?kP4_m&V5G$0S3sTn16zW7Usu)uH6bhT0JdWTz%mC+h?qJ^d#NO3HO5
z&7_v}!oVZbHdavS)w1L%G1A8qcZ!{DVKRnunsBgwM$lH<3LxGKWxsrTr#ulqMrl99
zF9l=|p0;*&qfehc6|v0I#~B+N4@SkL7k<>5&i#1R+a#j9XW-++_Gq8s)2Es4Us;uF
z(3+YYPTlMsGmxtpk`VT#<q*F^+VjYm&1>O@JOjW4cn6SEJH)c;S*4pii|Au#6l$8C
z=6TE9og|r4oa}WoC`->B<)N0?xE(aKY?2rm`Dg^2&+9;h2q6LCp+M=c-|3))72#1n
zXK&y9y|r7s%=oygt91vzj-FyLdQ2~;Yr-b^2Q0I4l&q}m9oRPoxoK&Zj2W=N#Wd#;
zv(zN0U~Ot|_m#SSy+kKU?VLoW<?CDCUmOIzUvadjh^CWjWn_8~yzn?l<v$YptF@-R
zeSN$MeCD!;Jp9PqI|>?vPalUXA6j<fWfF0+jA1SMQg{y{_&e8~(f2&ULa!t`XwEG!
z?|Mw%<OY$)Glyc<`>SI$Z6YEfcE>0wrGz}0km?9*7#TCO)SD_Q>zEb}47Moid|3Xq
zOZ5$z<sX`sJbiT*U2JQnz7Hn7=1l2ehpphfl-KwiTLI`Ic-XMygCK_&q>*ZQe(Toj
zT3TAs3@9zFqi$5Lkl=lTo1wAkX>+z((F5xanOnWO1RuOp1!35^bYrtGD$Vd=#bz@I
z+eQGSHhlAa9YM%gU?fW@$4>%KRQS@R^z-M>r)otthlReRW6a`hZf;F>*XqXM(?`N1
z`VO8kmZ?j;efN&qwB*tFa(sOJf#WCxB8~n-M2tu%*xD{AXZ-wXxwAUH8RhadPlM8?
zy*tx$y?e0BVyk>KZFx}8-XLFor8SWQJH;GaT-o=bdz%3sk1tbACP(;)uwj&d`Y8K3
zZzKkQZjx?R52rFbB%S=W_gab(uOwFVKDu4sP%uht{^GDKx#{ueJG)dCnv-LEF!wIP
z<eE1#QhgRq!iF?7N_Y;EcdKIPB6&mE_CwZB*fM}DEZno>_a5o6wRh-!PfEG*JB)Xs
zOr=lkE||GEkoD@};PpG+x3JkTV6)M-w4CZ$SXjtDdXjAkD$pcT`m)r89&~1{tvTuF
z!hEVkUFXoquE`1QgSAc5t|EP|N{HCd5~JLIH8eDsqGyQ^FNF9A;#C4v!r99_JSMcK
zPW7@X|9*8Q{Z>*Yw}AnSe$6|Xb$+lXtNE6?9`LlKUif_0`*WRd;vjY}#=+Zd(%Cvl
zkd5=$oe{&Z$)FpV{_*2SF!!mjPgz;03f{orri#+-q!z0MAsd5)nV|=w`OX=v-))P$
zCMPGilSQ1Zr=jYnlHc_#lG+H*JeB@?N5?4iA}RLjOqFSiniBQY1Y47)?(8(Rj;H$7
zHQb%H={$39lk?Mu>E?fxyUw`}|ImjPTwG#ed;D^Z2;y}dyQ>8DWRD4S2okz<VACX7
zu=6?i*&}aeXxTRVldxs&8euO+(%iqYzrwI<Q!64P#n-D(&(tU89N5yHNLs|t<S9br
zXOj8h!@a%c7)~jQ6DJ&E(ryOJeHVJYb&76h`IR1zY42dSc8<!eo}w9R<*v`>wUv(7
z&!W&KZ@|3D_%zaq+Q13#47-(ZZ5qy}iMZ2L(<j#XJI)0o-UQbQLAzLSdft(4yK~$e
z8oPB*Mf1=qRu0(acF>L|C?+N*Yo%g)WCWikkNAzl`J9_3CLz(ebEi}UVpQJCmp{lw
zJ&%dK!Xczf9v1d+hfr1KqMT*oYrr_ut~0c)ZdtX6=9VqM>pb#Ye!RU=u{a-sAV0zS
zbt*z8IH?L!U2CxIIjqKO9vf~>`Tu)9e?Ii;xG3g+#b-i3N!;T$wlwr69_ETSZqyHo
zt&|sRzJCTroe_KBEdM#3?4VgPl$Mr`V~wHzmjk9_%5;4-Y_#!bCz_faXQJugRXS++
z$-Uv1`>0RNyo>ewj11=O4lg*KVAiFXU&hAjj=PBR2U9a26tNmRJm~gk;4kz#z!iPj
z-|rJV@w@+x@Wh0+>r@CU2Or;Oe)zN@$o~3(;4a=nC6H9!i?D4Xj!{!TbQevsTXOS$
z@z;s|<~BrMJ}CIO(4UvGPmrp@E3CA>N`FR4pZSj9Wit$uDeCFz3H#aAbtT-G8kx)D
zVv4Y-9Jq)e2Rb@Bf*ugBs|yMVorqx#>&b*Y{mWGIkTCZ{)Mw*^sF*0LvW$$(Ifyle
zAXZdQC_aO9(qn5I(Z9T<2yI&$c5#v|=;7{bawd<|_h9jz0Rhi=F@zull43I=X{mgO
zW%Iv%`{rKz?VInP0(}xPs(b3{>Z2ZDr6NM85x*+T{SscbS$jjdr-Vk7%OPRA3^ULE
z0Ra`(E5yi#J@yptntam3Wd761-oL+EZvnJ?Sk0{u6EVoqMQNE4<RVN9E-E=c><1qe
zSPulL=7ax*s}?pWT>qtCqW`6F|6hl_3%B<F?@rfw851An*1tP7jxCw;4K?{(Su_9t
E0i@;L0RR91

delta 67150
zcmXtf1zTKQ6C@A_?iwVx1h?Ss65QS026ry*K?avV7&N%MOYjgZXmFR{ZaeR{yU%ma
z54hdubXQkZ&s@E4sz<El{|ZcO7nV=GyoszZFL_ghga;yqe6Q3xj$F2{`orqg6!&V+
z+p)g3=3jAo+I{DBb_%JwS+;M|N5I39#!}^35*NE=386`um{<aUfT__58ZJEwvEZwq
zuFLG5ot=p+OY6&*+<jk>{11|r`za07kEusu9`J^`@NhKW0aJtXFrY*FeC;Hs{qNth
z^4;?lQB1Ledy(mqCI>PFNLuIL<I$C_ymFf$rGNt|{o!9Fo)c&%&s$tC3~+FM@s2bx
z+#ltT6MnuMDOs}<l|{9{)50NVk6-*fN;IUkgxTuCRB6Ci&#U}VVu8h8!Lmeq{7X)u
zx{1ygUt{((;@>2O?4E$(EX|LV#skP$GPiUZb-9ERHlFMOjU}x-RT0WGwzky{h85O=
zCx_G7fE)Yi2}Ej~Qlayf<<PW&`c&91d=(=NJQFa_IC=I4u{;$wc=&VW=QGYB`-g=A
zMe&~&wdK>Sd;iaoONv73jec4z3fPx0DUwQKm?*Csx!@uT%|C$Kj#EAY#hg!4{ca-o
z?omHgD!x;=Cb?z*b2-6ty40zU`L^|}fES%t&}fzq9xN<B2)T*dC++JyDUw@kd*|;K
zp6}#;jxo{bX)75_>gq>*=~Zj`71e;YcuqC5mmz&CQ;Cc~WJJpq7(Fq!L`jFqDusG2
zBj!@a!tTjDOO+0IbRLD>Ys-Z|*wNUq=VKGfV!!C7Avthn&)lR;5i(HXBgKXB+d&48
zWKuQvVlc^PBTHx+i6QD+ao}i_2g*?v1zg(F$BILy^ppBDa@N^_4q~#U#sVP~H<u4J
zi}`uDe-H`Aezl481P3>WQ;5MmBF1F43Qs<u7j{Nc^8&zonA08XG2=(UhngDkm=>(R
z9We)MN}4RsWHFT6(m8(?vzGn_!@()PTbhGr`wMLx??*8noNu@8b67HJ2r=aagOSQI
zY-Fh~!So6J+0tc##*{PX??-*W^+H*r^PICK408(vsyYOn-w<<AScwFx?XVV{^gV2q
zQCeuVB0B*rG#2brEwbd53Q`m^B?+){%^HOw7>k`uI%d~=86%xu*)0|vaIu-fs(``W
zF+)QCH7O1|mLZ8eeHC)PgiD*~+&E`a!zuBUEhRG?EHN7RraAvOmm6)2X9>ON;qY&D
z|NXMI>xu>}I9j~1cHC%UCWN%>Py@!6K2g0Hcvidg?vBNAp=)>HnhwnQ5pWC0qkW`b
zZT$JGpOIPcn=Cdc87KC0bKF<CfuR1$;qTj2^59yCv1g$lca>)fXioL^owEsQO_!X<
znO{-Kc4qqIZ%z(o5l^r}pc6;L=J!r)P^>Opra+___N-BM%5UpXnix+&?_;X0bdHuR
zz%5Nz8Pm*o!+g&%4wllz)xswqzF?wN_8%HNEnwhqq^vcMWFnKx(^I?5(JHz9EkNzT
zN5?4;iKqCF-o}3KZ^MA!`6YVmA~L+3*xUCOxE<<Q(=Wo$3nt=6uisXg$$F<-g5Y49
z9{8-r$%{>g?NghrAy3dW_e6}@yotF1=b5)WEEQ#2n&e8o2=R^|!bvdwvPdAs3e(&F
zOR}{Ye@wZ6xo3)8I_9sSUQ4D*qu5SQ+UbE64g-T2TlS#f{zh!hS$pbu5<E*6_}ur#
zSl=x^oD#H6%GY*oUW8)BGl$!zJBw1ngl{1IC^gwVK(*APVz!CJS;3{%<^>=$sgkLU
zItp&l;QD|`=Fzj|%RldfYBe!MyO-2SwyJ4hsmEyVm~`y-qFB+7L-vr6<gk&Ff?vfu
zU`EgUL}6xOgfR?sZsY<y1{te&7Qd43Lyzp&&+4}`g?J~r5i`qDJH0$qh|OvbtK{;3
z;vt@^j^-9NX81a{k3n#(09xZ8T;q{-SSs`<BwjLH)OHUVWG3}sV}WR&8wUL&y6teP
zB}^Y5%t|8(+XdprpYIOj!(bygHS8@*j7p%jY@`=L;ZME6eGv+i;#WR~eHS@Q&4|W~
zMbNf%EhTq@Fue4`?HVDLxnKmx5}WqNEla6}8BRFEk1;}WkyD5ia3>w}(QA4D8v&&s
zY(SL0S`Rmg7Qua$6L)joPnN!%3Zj*cbkzbs6^{@6tV(Hg7jePC`fc*RY*S3rId|Aq
z;5<EEQ3)@$kW}`&CHw{P4m-D!G~Lh?kCPXgJ}JyCB2yuHWAV3!#YzKIdcx&hO5@BQ
zK+AU|zeSTBQvkVbN*8CzMvYIS&B{-0<&kQtGWGQdx__l`(ma<i5BO^B5FGWD*IpMu
z`pR1Z7}QL7M~LHJzEyL0f<7ky_vaq2j_jU}vqkeHA6=%U>A%y(ZC)(n)Ghvtc1b4r
zW67=6ZCaTXsD?92r_f31J?>SHVd_DvfYH)A<DJnq1N<!X<8waROoH2H+>CR#vRNa7
zUINs9*mrR4)c>p3YiI?-UH0<E>+do25sFFk@6-~eo*3*6xQdxR7MdQT%q_}OMS0=y
zH>Si6VL~v8H=FDx`<clWOZTxrUen9joHoz~BtEA8w|3xxMiCK*oI4iUpcXefPY@mX
zVF3riLPry&>jTznpWOc1!9j798(h4S`8}?3PM;O@1L`jvLV3SWZy9B0a0a&3lq}uw
zY(5Rj`)FY(Y4WE!%7+j#EJ?-e78$lY$I8oMH1;Oy^tKN`z<BfDgRna9aLlAv%fp-n
zFPC48iw7IvSz||(^}6lx5g{}b6k!{pW&rfj^0Md#>cWmjq?t@yIEemt;&EI`JcdLW
zRv$U-6{$A|I*`cMq=&$wg_xv!(BJ#XJicj)_nR%rF>WMAa&0v-^RMd5zB+L=#GD`%
zTvl1w<OO#DJK#=!{gtKmpD&gFAL@Lecr#rz*5skud&A@|HLvOhUQz?y3Iza%LY&87
zJ^1R~FdX$H6)!SJ%_x1Pm>PWKJ~HeK_Iyqjl5dq3>?ch<3G`1z4xh)p^nk@pLAFIl
zfjx+UDp4qZ)A^<ydu5ofxnHqVi<FOf#Xp5fd4nbQer<smFx)(Ig1vaFX|J^6|9a0U
zi>`2){k=Ku*#vTu$4RF-KwRCH66x?yN_mjM-~tn+xmwJ@jv~MkbCcSi0eGdnhLyA<
z6O8-g+Q2d9@N29MVMpdGZ|S7-34OpNJ9w63L9riWzaRsR!kDF;M4M*V{kL4d0~?i-
zvHV)!q;4I7=7*n}qjL+NzT}Wtt1FrP8CvJ>YZ6z9)eH8p)IxgE05bDY_*Q%f+S0`h
zIIWT$mLXM)Y%~P@2znE9G*dHwYCJ|>OnsgMOqYzK&U$R?URvYKB=zu|KQg(Wk*1Xg
zaOSpDGN<8S$)9W4CrTk_L8Q3i3hgNr;8;=MU~ztnM&~P_{#nANIOLm_Ag+F;K-U4V
z_?Kjs#uGJaA7~r*fbH<aZt?pAlGL7ac0Vm6g?P;!kSNLl7tJtTz!rP*&zJshNB2Q<
zQi`Q7hSEb5Y?OK&;eRN%?J7P>@1xly{v0@6BH4`WIzaw*8NlXmQQm*u4i}kvJKLhV
zqM(IB`vLEB)8D$mV-|fFH};dYvsxu~bhN)TB^}(p1a0*;$$&vJ;;!%3ae{3us2s%s
zW!aZgXpP**EoX8{XYqvp&|FYe3+C(_)zzUMG41q3pq4acV9I<SMr#YC=o7M&OgjUm
zWNIp*t+m>J|19=+2uuZEfro?MU%ep>(Dm;J&3CBwS+Y6$Oi7?>tAMB;xH}&L|2rdo
zxicC0-vQ7SXXBnlc;YE-fFs*3+bg-u5Y}|bXJ-N#t5bgAeN=?c*oqO)pP~8Qg68`H
zXe9eJz)(#kVoSp!NpG=>zb|rdt7A40Cw15LUTL_FCC6;n`1YseS36HyyzpOP(%+87
z>XncZL3jezUk{MkQ%q?nbeiZlPBz<3>0H000NOQU(_r`&{3^`|N)8LG(aUvxc-Y4_
z(w70MyMWEUCY~M>3-{WgAy-p5j#Vzn&AhB~B#9Hsaw<<8+EcIIpkPRfunl`<e=r7H
zUlDD&;gXcRnXX%0KSUiT8XSD}O)MDx8ok3fOg4z2x;D=cPV|j5;3TK^6hAY_=`L^|
z=(6h*kd!<q4a5Cacrhku+j)s$NiBXjM$fR?h*ovTP!Rc&%HkhhZ<T18x)2S2>)J3~
z;l@XgU`fHxvsprY>P|8p`BLVj1Z~z<2uwZUQbSn!h>3+&)*k<O3Vop6I=<5hf0|m5
zU4La{*7R8{;!%zBMiLVLvFxVi1bqci2;^%ngR%Axh~cR#n`D|W-b9jxCH!JUN?#V5
z8#u%4W&rKtQrXh~zDqE~>@<(uIJr#`#;v{vqdt4IO;VFMB{ZRkvqR9j-P*>!WiVb_
zNkU5GY-1(3Q`=pbCVj^n$xcWiG!U<D){Qu@_CQ)TPILWJc-8$ALAb`Lfi#dTmI|LM
z`rka_;&WnSZno3l2W#j`67Xihe)a-d@NR#7SZg%BNkNfg%~ehPIleBry?Z9k<Efx6
zB0pVH3<Ysm_Cj(?ia_Z}agRl+7OKNKG(?DKf(xa8T~xtU&;TVzzDOyPO4JLIj4T$E
zl{ur4QkIh-6ze7Ix!MA}m3mUPcLI&Lh`&?l!eT91f23#eNLu+BVQWRan9}v5#t(Rk
zrAy!R6C#Z^H$EqmqN->RvS=qeFIV*YQlYQNNfaUe#Dp!4Iu1@Ayo81e{M#Jq8<F~V
zb~Mj6W;fcHr1Y^}q*zj6*_O=}Hr;23ipiK(ANj8}srRd-X)6HzH{nf|WE@(NYSi?U
za&TtzN)>}VZ}1t70<mBm_!4fC8BI!FO!U9mr8Mz4R<+lIl;rhB@WOXktl0<c)-iOf
zPxZ5u<MCJ2bT;irH3S;M1cJT69Or%Lk!?nc)e)Ay_z4XY2DX4}G<3#MYkuaKm=SMG
z$dPtDVZH{$sej$r<$tDGpq%s2oN)3X*FPSG0)hI_G@UQ?osrFb+tKJBbNoY2`D!m{
z7h7{X!*W2`DsUKujCe;5|6w54(ImM3m!tk3ruRQ5E%&UcKMjTw5M&I{N(WTiFIAA2
zz{dXJDrI6}P9O(a%QcMLRFL{*OFKK&jqHs?ngE+f4ul!f&L+QegP-zSbnC}UXpytw
zQV<mat^^`{3m>QAjKPBw2_-PmS8hf#;MI3(I3P1zC<2__-%w5lV9u9J#QyTNzWuFz
zu&QHuL8)+xIqT~F7(2GPP9CnNp$=C>FMN2)sw*9MNAwFWfp}{tcZH9CpND3p$Z}o-
z4{$P6D7&Co9vw)nzDF!(dJWOz{2mxAtS5YFnD3PjIk>=RAc;y6Z0CkmW(ZZ&ln>Yd
zLBTLbETbEFV;k%rW{IT>#%YTVxn^311cfieMeI(Y&=MRFsdIhR((Y4HW+-NFJ>WTb
zES*^D=ZdF=6y?a*%qOG56jn~RCk7e?^wf|K_!H106YMevJ%$aC9{&U1<w8-?&VE>?
zrpYV*7(*M~(sWF>{EZ*5w9Fn&V^k(IGdYUhq7(il(fro@pcIkH;L3F=U#Wpb`}*Bq
zL#UL21BKdNHm)}~m`g$Qt%ek2eE#UL<u#|7=^uChobJDoco#D@i!g%QgSQ2|`(BJ4
z<iq=Xw7aHvoF|K)WY`+}b9AZ2&F!{oLpQbil3SW29m}3C_>V{GOqz;n`z3PamV$XV
z(T~Iax*wuj0^vD{Ruj&)bw7V~jB;u>j#N0u7kiHQ7`DZ=l>8+zdr_xyaTF8rg`aIC
zQirft$(SGQ65liprAkc|O6TSQSpDMYF%R+AW06*3oU9`4$6XxgYWV7Y_sy(K!8?;7
z@NX!}$XqcF*^RU;`rv-+`NkowyJsvkHvAT{WE!MTujj4tq?-JGleh2hAI(!dqeyYm
zYpL=K=r0bJ7`H2a6)ph0a$qUBG$c<-g)ienuI_Q*5VBV-x-S=oPF#k-VG$Os8n7N(
zyF(z0S6V5?g+i?WZDqfR`hai2v%@Y~9|T02oc^uUqbBWt9D82cMl^jv{Xuyxmk@sF
zvAojsxQ`}RldPru%ZG&CrW2hs2duNN(HVqY5c#fba`=-G6o^;k4KkM7y38tIe3S%m
zsbiBVz#JW}SW9z)r~3-FX7Lb|t#_SAGV)sg!ieQ{-{5A_@ps6UBR@D$(hMxZLaQ}?
zN!O=|!R-Fm&&+Ei%o>eGpY(6_&_2Us%eM};Ro{<9IC-*(%%m9S69Cr9Bx(hmCOa~g
zv$*9{x#j)Y@g?v*=Ne`=uu(2-O^a?{EIm@CHY2Aw?|#h_%|!J5jgV=943c<F(JDZ)
z@8#$<Qgz3wWhzn_KC#Wkhk~G?c#MShuw0QKX>+mc3Jv+R1EYoQ9})A(T@s*RBAzL>
z$jGqTgBtT%A=1-TU;(h@C0&FqJT53wcN82K54XYBD>$rgnekXM=yPSz>j;K;#vzff
zM=j5Yjh2@(=-uFHn`MD!p~Y@6sV>)(W2-$}Kfz|gIb5F@`&7tI4tk}MEPX#aeYUWx
z`W9U1!I2Morl>RuZ@$u!K!5s;E0Bi3nSwa_C5Nt_*Iog59A8OCiW%Uv16B*<Y*tpP
ze{Vy!rsq#m%41NZ334_kW?jYpfz}fcv=RG~6KH0AGkld{U?^bZrNlMY!yVrwp1(S2
zz{B#;7f2%x<BJC)Y_1Zt1!0-$rXeGU2bWItlkte^nKe{Q4|zx>{Oq6`Ulo)sWL|!m
zGGVri#&H39C*^Tz|NMXw3MEB_44=>xoz*n!#!<PsuxMdRC4dK&k024;J2>btGr21A
zo#56<QR_1gD{f0H%6bq^xomIZzYraQ*r8-L_5h5t5Vi^2xW=)*^La$Gk<3)oKM@RK
zGs#xjCF^pt*Cc(O490h)Lk{`>At(D2c-o3LX<+mSK<41IrmNbvP9fr~e$xJ?!H>_i
zv?haZx2RHdLE$zWVmFu@r=}?mu_vnX#FbCi+7~I??!DD99pJpY?TK8O3qIvTW4ntS
zDz*LcgN4%M*aekW#V2$07k-Q-NtyLjZn2|cbflcf-`HRf4Q;1;UiyBL6`clzI%h*w
z6QH!m`z$9p6=@Y(oFb=xDjqC9Ma2tc^(gUV8{USvX+IBR!^7qYV7k;koHFq|<w(oO
zDq#nls7I*$QWs<azjLE*i8B?5!x_Jjz*8|w&5brVs(!B+0R;)ydH?qsKF#%Fv=MZ}
zTvU19o#D02*5FIPZM>M^r+58c3I*<L@(H%yN$u{)-t{IDmb!_trV>=<QH*k{<j7t%
z`UXo*w-2RO8p+)+l1RjNKBCdqh=dubN*rfq4gQ>@Qxkl}Bg|wiNRNzP`l@>6D!^t<
ztM-?niq4oTTlX(bZgutRuz~66)rf%(jxdzjyp+Vjeb4xXghj(7XZRq5xE`<waf(A|
zOolf&71gdwr_4)v6?N1@m~=0ycQOle_+T2*?hWBYrzG%K=di0G-nH$!oEiqY?%_iV
z{e_M##<^{kVmB``S%YRNrTMhbnflzB#-!4Vy!!r&+Q%MUyQ>9s9$E9PHlaqmZg!o`
z!i;h~#JhLO==@cj``diZK;%`rT}Nvd7VU+zRLpUEA1d{C+z=RKzCdml*!emtHGbXI
z$2eJ0p=yCiYcEr>x%lvx6)uF4Zl_ucr@f0?C)~csm@5G3<vPhO%a4UcqXxk+mWR2(
zXHueH_U?Nlk6NcS?2rS2={})<TC(2YG2NbFz*vcL(S_;QxAF@Zpg#GaF~2a99d%qz
z6P;FDFvfCdqgv&v_qf&>dDF;2RfSYyL8&~>szejY1^?jes?LlJ_{3t!hFs<3p>OH^
z`3}T0y)9uHoWYrw@rhG&(1CJ|DqO=GZje*G<{LDR{5P^sya9ciaS37|%VAECQkc&S
zRl0}W9}R*w-|P`!hvDQW6)zq%S_F~kqCV4GF;y7ou7rA_9Qfy>S&V0GJI}7w?N~`x
zF}2KtjftnN#t}vSYT(kCM2}mZzA5egqp)hrrCPt6qfya^QI+Pu{%2i+zjiE;`2Zw%
zx!%KV9jXNKiQIQ~H}FwxV){8lPM%S}yFxs_A&f*4YUBg5m(rn{Lhq+uceg5occdV@
z;0n989ebEq9@gUf`G@et6B#>)5}#9v*ag<XUrZ1vp-$rhYXmZ7I{Gy)MSP3vEb_-U
znN40d8SZ)}q){sod;V*JFYBRh`pDX1WA1ZUPMv`=6>K4s)&FRi9~{0QShG=OlF$V4
zoRk+I;1tykp^^39U8-w@9LUJbVa15J)e7Z;a@716bq0QQWpr%hJU<`DyJ3gKqsh+b
z)ridV2pJl-Dt(;a2|3ouIUw7ag2{#v^a@qth|4nDhNJ&joEb|A1uS?UfkE_Em%1VM
z4##ZV?~Lqr!GnQ16{~!7SY$8A(&>ZlJz)$0hZ8S#MbUOoLXS&i6i;umwkl2S%UMVD
zb=O(oSqU_lcTqNHYVg-K(CHZTc%K$+@x;|azDny{xP~T|LoX)qEB4-`6mzQ@5MNE#
z>{H2zMOb+`i^NxnVHz&~(@`-@h|H2wU1T+r27~A9mkid)rws5RROpP@@|<cq(*e3K
z9^&)e@z5J;<1MYo>Xwmd$|Jo3WtE1_Ce2gHDq=paOV+c9+vQCZg>cT&F+sU$_DZ4C
z(;+!ANX%-+Iqk*Wb<JA-DAQf~VUyYe7j7h0j}gDzC&qBdH_6ZLrw$*s?%O^_oo%nD
zl^sOWcp9ODEvJx~uqa?M1rqFjrvtUN(?jR2hdu+_ltgNO9?Gi{O*WB2VN~)hoIr2p
zDON6ggC3OkB@1!^0g?T=?P4CeD)*3Z42b2EYm|$KOWo0TABQUw4zFSCHcQUow4C6$
z<o}hu2imRXLKyx=gVjfTtN{m;58OiTJ>tgFG{WKMUs<+p_c{uCuXLV)UZ8j33@iVR
zF8nv=<{-AKXFDXW-~cs#ad13FsgpFgpJn`0(2X6G0){n>y81m{Zb$O}_%P>_L~p0y
z8#XLo3t_iewJ)<J)tYAZUk4jqiEliI@TA>XO8#QRtbofL@6D-~-utj91x8qu{^P=v
z*W!axNz0*`>mV}VqJX}g=W|j~UJRyO493Ewu))8${57O1(oKugkyu`zHB>{{OxSB~
z!6MOZT~jFUBA-ELWaz46S$9wcot_%B*fse-kN;QgL^@QErZ0}fqgp@Jt6I-11o)+o
z6@~Pj-AVMq20emDB}qt$x3lIG49_&niNnd>7q!B?9s}^X?)F_FmxcZsE7=Lf)}NpM
zFajY9u3iJ)Jqqg|ufX$B@ybpeJ17i{xId1CzrEFdxgS%a>SV<WQF&&^PxrybCJ~KV
zyyr)I8;w$1&gKKnN3kosw_IP6>u=vr=IQyemh6;SM`VWZ6GJsq#L#*<32D1RvTI~5
zDSU_%tP31?*?S*tGff;e5K|EBK1go`f!C6}__FO!V_Tw!DlEQriHR(n2Br;rwtMlV
zSgB1Oy4JTbEq_Qe4kx^2QYUDulFv!UAZUv)BT}asl$8w_pQ$B=hrPu=#%K$0_%Zsk
zkhL9Q2)os~Xrik@D>Ch7ef=yu3`5k|+1;kAe;%NQbDbkQ#uN;&h#7hukg&ctFSKZS
zH~1wjt#F)&Vk6+W2KV<m5sw-(qe-B$;bg*2>CChh?L1rlnHEdJsY;uvxHS(_w8g!S
zTZN#e;(H8yxT4Z4a?BvfXiO~BV{$;k(5~mY-B@@KHQV9|`lcjmdSd^yVhWq7YB9Kv
zQUF<YH&p%>suy<MS{{PKuCZZzhXsDq0hB@k7X`MEtxX+1OX=u%j|*6Hi~%_$!isJz
z3Ss@H{QhlEvZQufz3Kj~y5pFSnkj}H8oSHiZ_IWNzgQTwmMC-D&1|73+UV{Oh|4FG
zW|xdec)*JX2mZY3a0;rOu(m0Tvy+tmxC-!y@2xEnr|pNxj$C$Ocndq@@Jf$t)^|vt
zF&y-m9~u@2p8qX=pXlUfH$8M*RS|kJCw^WXvvqU-I{a(R_kFGjl!>4S+uPe)tC8tf
zQ$z5zKz-hH03FkBPOamuE2{9^t&}AE8^@!Fx{Ee22_EdU^psZOw|hV%Wn8WE0|T%#
zt1wf~1y{GSfS(#_QuAJluF7kAC$*q!4he`f3L76~7OEU5&1dT8$TqH9xmZ$Sk2~_$
zJJsE%TT+JN*9?_c4dK#)?~P?SitHtV`AU6${Av~|*q+H_#_;%5ZaL~OaAelh&(k4n
z`2^GX!&_MQtQ~?rS*Ouc`Wky23S<q=pqtA_SsUr@ghqd6Kp8m4;h0#()&no^^TEZf
zc5l~B^7I(mHPnm_d6}wGuJS8w&NgUXLaR@Y-9SArsr8?+9Xk-`rrRAZT{#+gcFFmM
zKu%9(!^3mV<HhkN^VQbJoU=~Tx+?Kb#Rtg1uS;z`(ny1!eI0at2X1vvz{_TXS2^rH
zWgipE_irZ8M>>VxCyOFN`l{iUH}x3-e+(jE^qy<)&*i6F7^<;aWbdqA9iJ-Y^bz30
z3$=%blF#brIk;#@NQ_5<iXU!n`s?gwR_B@*()%8ZK|`miyv<J*`H9b08KgnJl*p*8
z9~$GBhCj_M>~Yj9Y<G5k1Xf+w`hc|}wsKlMB(!k{B^0X|WoMJJI|$>Zl`N833R6yD
zT>c%?hlJU#cZ5DwTEcw8ASt0gQWFix%DndH)~;x0x&ArJLCv*a3^nNU8l}>xKQS9<
z=}q9EF<~R`ES-nJ41`EK=U=YqIKFoN*;Abul3v6Eteg9Xt;@onfQOvn<jiqQ<9c7O
zQl&3Z^LODRvot|>u|%>y8(v>Og;}CVsA6H{aXAUBwk&RBk+HgJOn9|A|MSipe;;Q*
zd_&#PBKRJDhsviN9;VjzFfQz)&rV$q1OcL;cD;-v@fFdwx+ib3mB00`6|v!+h?<_<
zSy$8-Sk6lvSO1-_6F^`9?ADa$z342*2eR*D717t0NP$)R*P1*q-B*pE&BveqLt>Ap
ziB>2{g-;v#J&_stkxy?JD$j6Z6`Rc}-hk*n>WZ<I?GLFSBx6By_tyE{uXHhq6RKs5
zC;JuAj`!|lGU`HShV=NY83}A+H2f`r&MtDzzM(&5ajpp6vVk&CJN9`HYLe59Sa54z
zl?x_;ESO3vJsE5N)A5fsY|#%!V2acQ-k!MbUR?J`lU+H9oKMPJm14dhQ+Ja+_eL<`
z@T#@M(+X>9L&#Ygd^`#VE?SwGo0v8nGJbTrl+WxUpjJrMH<!ze?4O@qrtI=0I*sK9
zieP*DnpRD=>;cFZu%NTmIDh`@Ii8&SPRqLeB8K0OTx3huf@2WSu@9wCWLn<eE3{Tn
zYpaPX?5Uyq?rv1iKcc5wG69ih#|;WREowIqVse;Zna{t(MnkvHlQ&oF?&z$9X>orl
zWQF3+m|UWYfvLtnWL!q8)jlX9=lT6!O>MBmm@%iP1He&Ut1aK$Lr^wJSD>FN?9x5B
z_1gmh138VzzkAN-=Z5pg$ceyhmMv}60nC4)Mr&w_263SEc8Vk-ea4F$2Rw82aOoBF
zJr|C)Q%r%~2Tu1WhgE)R3Ex*=Dw+C8$?%Rc(DhKL;B>ZqlsY$3gy72Bvi4XoB_UX%
z!{_K<CvY9E`_-YKQ9+I{oa&Qz9U3J~%xwcGT!j4jj3qt9;^2S6Y~61);kec0h;Os$
zfzK4Zy;LnO^1A1f`z(7dE&N$n#J*cFF*U|N+^+6_)qGyS&%$cn-fC@(n){GG5+x@K
zrh$q<TIwy?ZeH-)WhgN@!=tO*+M9XwLk@R<PKD!p0)<s>o*QFt4uXk<mi`3-66U2{
z^ToVb-X-ZM_=z9*EZPfbh%6vg3_hj*G!kV7y!z|}vXa9^GfS=F`jYg}88@g4<NuOP
z`Hf#Q72IEL8oySaos3-lnu=LXz>V5$$3%h!8^eC8!r>wt#_T13L;ZJ;@_f+^Xy&B$
zxEP1<d2Lg&El`}=9qA~xlSs6%Bx}L4+bP?3h(5WR+Sr?Z4F3(ockj37n*L1Q`L-?{
zy;Ue0ks`bKEkB~KkUxJEb#zsTKQV`1vSRc6B%KDeIeYc8M*tszGb0hpyokmxFB%&Q
z^}!KRR71eueV>F!S?R9Dx_nj*<am8zL9?D2ZyKFOvHAdM#~r<64)b56D=C9W%&jRL
z<~;<YRf8PQBZprYWmic)CYG_+VkuBBy=neOGNepvJ{T&Nx<{T`vfdgIk}f!ztTL@_
zb@Oun+<YA(U^}U^yWkWkK?k?`NA}|nq&B`7dVK@6HOfGgTI7k8Wzv8`!GJn*FLtvu
zT4bd(q)%He6*poC2LwV-?E`h%8B0x^+vV-AS&3hCU@mlNq*zBy{;UKX3#7$q^}Jer
z8>-P+A$2@7&Cl6Y(NDuX%Y-@0MGEuZ3?j$+O$MDJM`A7XNIkg|K8naBLp7}L#Eqcv
zXCsHv^(KOfR`8zP!ZaYXtABFsRd&2a?`(u9@<zhfDR|ZE?h-N#V4%J+i_BawQGl5v
zCsy>o7f7~0QnIbqcA&_O$IR9JoKkRNV+g4afuK9w$q<QZINnL(2;vAL`}3e))Y*40
z-X2li=Mzdx@4|hjpm9G=6>|Ot$0AQDv*+@;?XX2a3xQK7VFtMW9gh_8(zVo4%1_pI
zU@vTSBoQzY3kC79#6O<4L&~Hw+iTw^D12l3l>Vu^v}_IJ%lYKmE|B<7pMHv_B*E#R
zk?!Pn({&hMM>$SH)c~%*(GPnja+u9HZnbFBw1igqF4dzion_Y2C1vD5*Rz+>Ihy@v
zmL!b`zoMDF=RP1h@=GRz<kc25kCf$#kK@{P1|cO~kmfb=;JUfzmM;3WAF-ocWnhrd
zw)(`D^6hK&o$jWN%WSKc<<xpkP}_{TSV3x2xjSV;3vze!i0OkdVMko87#3vbvH&u4
zG&!J7RtO6lC=V4=-MId#w;r!FRvIXb_apx1VJ&q##{w>66;yK)HC~@3Q@iewsw`}#
zg<js{gv~~_(0;J)X}aQY>BP-@_Pp(FyzaX!z%{)ZH|L?248E>~o0-XceAY1uu2_Gk
zQH_N<Qm`EXoi_xPf*Xr&dyb4G%7h+BE^b_2mC&l64qWe75;wNj&mKvCNybufo@J&F
z3zmp$^aEy_)|4`@&B``n1ru6@k^$#4NDqWNwbq2OeR3t?uK7k`8B(Yj$$0Z=9{Y^r
z=f>3P*~Qg!H~e`HLUF57>i;osly))A<z?@~;vzJZc{FL$MhlE~#Dm)pu@v<e|01aD
z^?Dg@MJlb<CetvC&Mr<fT&ycH^N_mA>Gunt0OgxF`B_yQ^_|E24R)mjKYS?>{(AU%
zItPvCmPg|`$&Upfv{m!jR7gh1@{&R9P;O#aFiiAKtu@sg5k)SFM$gu&U59G(gkAPr
zyzl?r97)f*-HfNv0s6<F&Z?){-Xn?DK&n*{*!OveJY%r?ywF#1KrA0=r_<M1!Jc>u
z?Eh{6LWVFkvI$EX-6&90TYW!7<YW}+%ugEv@9JVQws+czjd-w}TXFvraXeikZ1JH%
zZYbxlZpWfH&Wjp#!CBGIQSYbfiGmySG~MOeDs-gieE9aMAjMYc^h`%gfia>s34gK0
zh|i)p4m00zWybYyx5Ep+Y^s#i+GjvG(OW6%XX`+y5;B1!myeGUSX>%qAz|8Qy?8pe
z>(M5$`(D`F6>S`As!%Qn^KASSw1QAjwmA94iwBfMvx&BVn^EZ=iUik)7N*-@!jH@`
zP+`hI747VkheZM9+hc08>qmt%B*$L97TM*4?~{t=;v-7rDwi=u^_?5K`hdaO0wEOM
z#FU3s!>_QVt*x4tF_)oO$SNBi-g(nW5^9adR*^Iz%!(cXB(6raq=dt+{A=$`3@oV>
z&v(c1*W6=58T-f=mY;pvCVA6!4KI@O_}l046jucbdb&#<BbA0pySqosPbo95m-YVG
zN1^Fp63!>^&bv-G7bD~b!U52J;$9xv`_v70_6kR@BQ!J`fr+!!l@*(<4?&24%FM;~
zuQfk(FJV|x*1ovE2*t-zeoJ)U4}?So&BOV;>1@`l<F8PY!6WrH0NA0$_DDh(<8yZ%
z6~UGye}rA(KR)Rl9izc+X^9>EEG7sTpht#<qr$o<>Db&ni@mK*0JQr>Far_u0##|g
z^xUm)r2DsvOkIUv3T53Hr%(B_g+*#dJ>=j{tXrS&>wq;0nI=d`wh|7LgPaF^V&~tD
zU!Mf{+v**cR^6q7G#mA@Mm2Gp%VR<=t|NQ_-J%sb=cn^l#W<Vficd*3$g;Viq&;*!
zO?0aR#&2<HTSDksKugTASK=Ns3N<5kjnUz#6OX8gS;KzO$N`Zm%vlcARTe+7bfBdl
zoqQ6Z_6RByQMzP*EeA92aT^^v3G(ukN_x?)xXo~l51(nr>;BdsWfFVD`&;!3p{D^B
zcE|+XVN=Lok&mFwsBxq8Q=UxKG=9u&9iy2xn@BhDW;{I%AmB|prN_y`RsqE<SqXGM
zM-bPRu<}#VD(K$}9NaIw7r!>F-zsXKTc5R|AK1Ue&9pB+$>foK*UAbnO^50jS;06k
z@;_EbO)#Y7aAB6mn$Gz#ZPgo43xFXNMN)a8Yd~;#Mw|8nJBG3KAjl|%cq(eFpRq=>
z_q09@Cj&~sMTj&dQ4~Q3B4s_qv11!g<hY_MGYqRe0op<cZ}<6g3&3j$=;3h#u)^rf
z-`B(&=>%j%&hlYpEqJCJ73x6_V9{y?_ExFQ#|z3eE*7`V)*?P02H^m9KZ%od1I?-@
zU-Xu!f{4JF<KQ0_Gz|tj+B>L<zZ`XxtmGTDfQV3vUgH#U?Ga2S$jtW@T_a86kINgE
z88>u@7LY(YIgSAHlKx?vGJZCs%;xQ--B^CK1^oH1YZwhtb91>dyRDh&Vb1(S=}hl;
z3%bZoG?#qv@|Ixp^WRaA2>@@W+ZzSwwV=}R12>o7e<xOl0Y@13<8ZC>2rzDgTmB?3
zkfHA=viI4}3!9+q6X-9}rsZdc5&pY=)YcKGWvus5jThtJE9)=B*RX9x^4<GT#L+~u
zQivaWf$c}A`7!3-N<5Sdze;tm%kv}CeuR*ju00K%`#r+Z)?ih)y~}$wsrzlxz;|WS
zj!HFg_kO!VwwHxGN*cgNK02gXR?ml0*#wo#+^{pwE#>`EE=hrdJ9Br5CrZdz8c`-e
z1y{a8SBPr-4-YodOjDC@m?b8&H*NW{XbhUI?%E>Wzd|LI2&NqWJS_aA=>hbjlUtOL
z+@Iz^e|T~mWHF=q-8cD!6;WH1)P|CtcUX0zv4?L5hwNTEyvdSz-AXQ?+Pg3iw@NTY
zrIR8JW9pd<sve8%p+FCXd5W}^qa;?ZbzCr5j6--mTj&*SK_+CX{h*DK|BdA;#EvtW
z8J}(eVZco;du#viM@{YLHqsUBskVQt3}yA<N8i|x%q&)ZEMbg$aX4nIcWzzYYg3wv
ze%5Gw^B7v^9iV-;*^K<Hr*s4dpw!w5)7YFkChLB*#z#h8QPR>N)j?ui!473euSJrF
zSg{mE^YrEkfNltJ=$`Mc=v16NZ9lhTqLQl7=~u3aU??>3r6I!SqW*`Bd8JULE9TI>
zXPO_ZmI;J{+xPex-_NV6sz*XyjsIC593Lzi6S`CP9!a7xbEKXi%)rY0bdJb-)YnvE
z-3)w=vWnpjOsZ=pimy?d<=%0W*MTdh(*x)Ih30uQfmmxb!E^CnoUWK?-W{oj_3nmA
z2__szr?cjN9p_?V6iNRirRjisvJ8{<nJ^VbzO-Fxx6oZvL;&$NzcI6if3)xz=h@FU
zcbPLHhd#3H1`Jxq1OPAZ&b(C<?<bEIQ+G19n7=tIa)VNz2TgFKP?Xn`%S(S8b`5#<
z$~7D8@X!vy$tF{l_y1=sv3|pkLHNGkS~T(kQ9O|tl-YV>YkPLc8Hj1UUy1(_tnw=<
zlXnJi78p#y2zvLur>t4{V#a`ZWvJeX+cD^sAjU!V&bf_35x}X>&OWuZb#L?T9vXj|
z(XTKL*K0zd#pWG{TOM*V9TLf?F{0HV!fs>R3X5+mV3KVOaLE#vn_M&ArHXtiZk&le
zZa>gI@}`!@(#D4rocuF;35gJN3TmC$x{-114l-jlsL+y%IF?1;bhVpY5}pbU&clMb
z5xQ;qnKRi@fr>*S*}Nwvp*una%P25x*l!6ll;#?U=@Vmoy?u7+WZ^EDcU!7nlbaE7
zAR`D<^syC-?CeoU=q`y~to=tY9$uWctuSl2!~;bc87g_V$;7wHfMo-ADyh&stbD@a
z`TK3-Ov8uXIi63GF$}`j&XbV2{fJ_Sk;Aw>Uo&PN@ZxU29?D!-myXQ#`p%r*^pC+%
z=eX~$B=xk8Jp#~zq0e^s5LXUZ=vpDvq?5?Twrz|hMFKkOtXe@Xmx|-k8Y(TlovvKT
zC`F8PH20wTcISQ!B*d@XrOBAs&!jjbN1)jZOHsFxreFxGlw3Vra^^R9Ri|?xD2*Bk
zPN)!QJOHhm$I*5;>Vvn=Tt_Kl&VFgM`dJ<&Zns0~P4$&!M565YGmV6t{6lHv(HOx*
z+67qZ{%<X7O9$W@anIzz9+pNQ-~54S&X@|B5l7*Fmop?7q6UYT+bx!a`{Q>4a^O*=
z?MBx9ahY_*GL&4oR?R(c5f$WUTce(p)@pzqMlPGDo(3CzbSEm!eNDiJ3ighT$H%KQ
z&bhcB&fN(2g8?P<o$;iL<UAoG@!>-0zKsbrb%d66)Rw^55}mwayS{hf&D90aIkdB%
zN`f9kt?eLDlQ}SYF`Rc=6A*s<j-54}8HE0Pz|YsN(`v@@Dq7doLFvK5T>b&k3y3{Q
zx}Lybfp_uqKRUifOS&G5?df7ZwMn^{69gVfW7nzZ<UwasW@BmQx-U$;eaXD)<|W^Y
zuG(H770;j72lwCZ`2+TV@T*0H{@<Kw{;X^pdE;gau5mUz^bZ4L@S=LeHo6gGP8OS0
z7VV<ScODDcZn5hb_}B+FG=er?0o_PmkAHpxJ8KdOsHMn>BD%dq?X8$qQDNs~u8xM(
z@>FIs5Y#xszYQakvx8#x)kCpVil<qmFE?Z75&Z>3t1TmzLn2W;l8b~UJi1%B4S1|o
zqgpRuc9tAVwgFgoN_iY?B|0#*Y!SU9-^u0B169p7Z;LIdy{lg5_-6Sgz$w}#Ur0ey
zy|#X(l49d6u#@fVck3BNGR)9gEt$i*r(h{R@uO(UlYw)NK#}{WAf{$Vwe35u%Dgvc
z(uHEBmKYL@2yEH`jC;q6y9LKro8qC@y?+C6SKL11wmx?>)71o6Ad&wb99LpxZ#;?V
zPjsRvFZc5$#Lb5uHDgUc&Q%&8MYYk4Lz;vjrShXRlsXvvIW=@+pbh1+$zenTKN|Z%
zY*6bsW+PyhT1n|9m7Er~?Uqn1t%Hj&Yg+u^XpFdvroP_8(Jax;{1uNb`lJ&(6*sm)
zmXCc!E)qe;NTKq=N-HAPXdieScK)}NYhQ^KOGdLi;AjjkadI6X`u}DE5l`9^KI_YC
zx^E^mUiX`BL~0+l$uh#*f>uAV)~k5S2rfL*kise=Qg23JmqU)s47Lcu*{5d)<sYvq
z*w|CdF^ZwKU~3!=6}_G2M}juSRH^S&Z2rBOG%?+Nq8Z!f=x{;?jxND9Y&?42Ba~+1
zW<;#yj2FP+60rr7|9QuqzN_E5W!kPPSjza|+J-8qY0MrI75@Gfm8ZepD#*LykFzd?
z;(1IKBdRy?iG$k@ro#YWd>z#K#EGDl&ffVU)8lyEh~9Mbcx&61>BNrvN36nWRj~PQ
zktV=pH|w~)k*4xidw^@Qj{uwCev5=v+iy)i0T;;U7Hib~%l-aR<-&=JV#Dx1uYQB#
z4QP|WbGT>veg>DD)hGC%ZsAAS4_a`B%Fb_PsCiqx?jW)8OLy$v<1vTgEbC!7m3c`a
zef*E8A<Ti<o~YwBO#FF}qv-Qa%K7B*5Hn&Cd^Eu?Jf7FvP;NCGm5TIxt<3A+1CJG4
zQ^4k>!KRMMm!|WgxDT_zvO$Xvokoa3Z{+8bz%AzSJlEg><JV~&y8tg4E`!8@*_r{B
zjGqr{5FQ!rADs^NnH92kJ3aO$Xdxaq+w~*I>^NIznQIBfwpcNt9wpUD?Go4R)qGLa
zwJcLq3q`btGnH{z{7TqyDcDw93U)l2(xQA?5uZPtN?bDtqf2!t+KY*Ui)MrLszo-=
zPm2klQ$JBN5n9l=ZkGSP?VJbK+8=CWhS+jEX^pVGl2fR!Eajx12v~OGt<WyvX1st>
zm^LQfy8a`ZA>Ov%R%htYQ_ChY7K4O3VE9*$INK$Ni0^%=o^nX@7R|5bc%r`9xpc*%
zMedq=?F##&$mIo|XYI69u)Nm(+_SB)$zK`DuVzQ%g-Xf^u4y*cjZi?&@Sit;_g-SF
z+&g8lE$;>OHT)U4oYh1l5;N1|hpvFlXsM{TAAQ;yU@Q3X`hHnvzEnz5C6im$kmI&0
zz@|qloaEnM6h(6Ug7739e6lM4m6p;fB>h?V=$@_zspY^DEqyV=rs^_m7E722JGh-D
zD|20bl9h$txWqpEGdU;!13~leU2aGL4|ft1MilWC;jWSZ>O=qM+QX#2*&NUAp0ckl
z!Ye-y7}M_NpuKwVgR+o^qf7e0p`#mCY_u2S04i!KO)}~Xu6L!z5T|t0FHb4Y;@Q9$
z3NhgyP_>8=CtRy+j1YCjkf04RR)F;fs)1D7D(ai7<wf@REZ}`mN>knahj>o-ul8XS
zCCBKid22gR4)d>7YEPr#^Vs7^7Q<YD(l77)dQw7U?0b5}MojmoqN(I)>CV~LE98Nn
zIZ2XGdj`jhR@zS3Y&eBU<M`&qB##9nE$dXWrm+!xhq4C&x+^YDWagQzLjUtAkBXzK
z&u(yv+GwVb>Q+e|&O$;G!|z;HmN@@dW_jCkDY;}ICUS@C@^Nu`!)@I>WggLRMuk7)
zK9fgo!fTaJKT{GOKKBe>Wjok?s_YZ{5j~&x+Hf6hBFJ&`9Uie$DrUJjs_Y1KYY)1-
zR~O4@o5z#5_esZM-zKa0Ku)VF^TuaW%~pVp*)@<rG#7^=sF=EE0MZcXFTd{;n_Um5
zToVjvTGo+#P|d-iIK)p%n<^5iAw_EmMDcRL+l+(B(Jq1?K}{^-l)*T`YM{M)Ba2L!
zdbyv{pwo`Z)Fs;*U+8~)_x?W+e}+)SCl~+W`{mjrdqdQ>P@+RG_`!?Ur+r<=5qsyi
zrS4wO@Pk?<4)+<6!RnGPXv|zz$;Vp!q*DM@3p-j^+z5YV#iu-jd0%UOzv@rXWjhgg
z;1UxfEGMz%Z7{b+h4g#{K{O`i(Z@B@E2tQA%Ny6*m2KX7%ozbSNXA(EqL8GA{nKKH
za;Q@W=ZQ6pIOSA~aFoUVn+K?0|5+!$SU!TXeK?#bWo~)-C)N+$D(9gN$gE##8vw$W
za`h*tVRtvf`^D>3{Qg)WWa06EpBLI0(eLvEmn{!J%I^64%%#h%avJZQZsSL$do`0b
zld8eiI}*;~nk`jEUG+n{6gBw=&%`glOH=R|=i62Uz+Y2$s$~9^<gei9+FybDQbbyL
z{?M(wtN#T4YjPBYjlGV|l8$I6z$aue6j7CzwXog~>0yYrj0HWFEifAD0RJsuO*c7P
zL(fr^gK#e>iaP%Bj1(gyPjxN5cn0=|y=+i=-}SW<M-3b#q5+WxqwHOJ@yEicim6xw
zy%4tN_cF@ZCWPrRgSXed$q1Mpd@Xd?9{2f}&_{+E{V7cH%Lme}_5HqVAW&e+k>|dq
z)Bwu&xW3a80ojEg3X`>aoTjem@r~2k$YX0IB!unRyc@oaN14&42BQ_Q^RbTZS?hN)
z%63RszyB<)N;=A#W%()4N2ts#7o(oJsT2^*J3n{l4`3c1;&cqE8{3Pi0<Dq|l4zrt
z1f=xKmQ;MZ1Q`-~jEnOEP9988RQ%ib38;1u`pPjW3Fu<rzgg9`6yyxR8Na#50W&ss
zAfA#_TCJ^1Vr$AgvzZNJX1Td@42u<wA*t2Z&>0r&Pz7{O(wg<V*TfAQ5U2T!6J;6v
z9G_d*sSa1fG4^D<5+PfV?*GnSuAWQ(Pjeic8bqh-|9g*QYNZqK8g%i*U2%^|{17(e
zIDAtW&SfOl8zJ}K0t-2q=6zeKVaz-zX<+IVfk5<&oo;cFJq4p`>n<%yOJ}&T)_*p$
zK{}(5lq%Vv4b}U_mJOgM`{-{zH(`lM&T?tj%ya?5I3dX)7sYF{BR>rS|I7kn(bCZ)
zPiIUfXcUgf8_-h-fa!cfHD~`zNI{?AfuRPk+oS17F3j@uVr)9M5c#79{Yq;iO<3Tn
z<sjf;lqeP+w|wIr7fT7o;Z~35({tpUUhoc~tFn6t86rqJO**}fIp<Hf($y$DhtUW)
zPj}~$GPr;O={!D}RR(6+BkGK;;bFlm3KuyETc<))A7G0NL*QX?%}8P_rwO_l<ckPM
z@bF;EWG@;^-MdqYgP09`#mpp)@iZojGnKk%+eWeZH0#DbW3B8sOuM;A^F{5&XWu8L
zxhSTjgppRbfd3FOa=vGVvyg~0`Zw0Ha0Eli2|`@tqg9YcI-9?Zg<<kz;pgK3Mi>h1
zd%Ww@V?erPV}&jA*`h)63zXceZXX!C+GxIjEORs>BD_K$%>Q;OTo~;)64(X=MTbYz
zra*2`(C+O7aRZS}hf4Gh->Nrlv}iIvaMj7{{Dy*d87rqfj%t5$w2xWD_pgh*Ts`?!
z2#P92@QTK+`+>7eAA;r!cf(u3f2V(xc>uw!X=!ua^ohmYz@cZ>(>RKuum6!qKokqs
zDPLG5vNv1sFhIE{&Pruz`m>guD>9<aNVlmW?ZH4v<W4F#32ds~)E{LnmBq&}zLEp3
z=yzouiu&r1HK>%8>1?IH6ZySbs!_*EGFf`%%ZNi23eE5mR7HqS*!NoErWey11ep7I
ztJPZl!gpxXZ7@Qg(n1riXi6n@@x9tMMLNF(HO}wKO-Lu3YJZzB7#?xt+p6yv$c<!{
zm*V~*Y%<{a(#$d~u@_g-4nA=*c#W5SRAX78wOgh^i%L4d(c0{(`PFIC^P+T?<cf1!
zZ`Yr_diwjmk04{1S5T;VY42+aD`3)YxVz2uxaWQU%$jr7Wn0%(@Kh^?oT-6$mWQ+u
z|6L=3nPNkN4!V)Bk68ZReI5EmcDs-uLK%wZ8Qj#gR8>Q@7)Kfg<A&g^&!}>938ihX
ze$egl{+prR`z&*7Dw3t;@|h~%StgPyrEhmPe`_64i7`AeaIS%$n6lvjRL-{c+jnn2
zGBVfwD3#qYWwcJP{?zxk)?UQW&G&ZLBl$ZYT|-pwi9JVmoq7H^SItVm<rxQ6_8{$N
zM(<zI?9H9u&p7!X;WUQlZob4BBKOA<k+MxuJD7LYPAg5iL5(9ei569$Hyo%RE1GE;
z8~^|Lu}<12h8*O8G-N#t<gj@D<Zg<}Q7P_-T0d*>J|dyw^C1~=%6qv~-zo(cZqIyM
z2KjGM8&;zf<)h)B31=1bwjRxy6TX@ui!UrPTJr=jUJf2ZC|O0$FnWlk;4URlBFN~P
z0x3ZY+XN&SrSF$e2SCyZun&1NxxqD}E}TG=WIvvhl~DwMpuIbAio0<eWA4mEv0+a0
zU!cjGEH<lMwmaV{xI52@&{4^0dLEE==OvM3ucH60NO-IhoIK-Xml{f5H6GXgx13Pp
zR@(~oP!2fr=CI4VEGVd0i3WXdfUy%`b)K!DJA^Bu8E-=;elNW?S8&z|4>3~I-jIBw
zWsa!v2TcAAdlsZP;)(}<j74)Hrn@L{MbHJ0Db~<u^$cyi3FA-`gEIwmw+FbW<16_P
zmF5#7EDjonBBY(;SoI%1e?XC7uaB>k9Hod%4E&#Q)yOM9_=zy5)9*K>Gm79gzb8(9
zb`@tG<J~$`x3p8*Gj7aD7<tRooo~2`_JIJ@bK`oL<JeVSc7284KE=$MB$bjgSB|Fc
z#B47m9Pj!@D?}w8gDFMC&`g;)PxzO(U@ynS>uSjj((Du8`D_=Buk$Pmbr1E`N{^?7
zXWF#|LMG5HQgd(T{$30c<m9uqEUwT<MZNtWrrt5I&gY97jcwa#Y};;ZqhaI5cw*aV
zlE!MB292FGZfx6j@}B<g`@i>oJ?G0jGkecod#yDyX!XDJ=r9b}G<bCl`50fI!vX@L
zBSEzo_}(RnxcQ9Qdq-Mie?tF{czgaM{y*YvUUKPLh7NR8aamfawEW%sA2OcNyle)<
zdCj<ZikhAv52Fwg8?D!x7}GiiY%EV@9(qD_GlxW)j8{t#6Bb7r^CrpTe7DrIn&hvb
zRWzA=&py0y6+NQx(hdzpXj@R=ff;HHHGY=%R~$ZFbZmAhyXFebKn59^7ME{OGl94s
zR9=?RJu)P=`D7Gq_7Q_JmXi2-{v|lKnK-RVa;6LwvfF>WG=)>78iv{*<0SoycNDGA
zpe*X|6GofUvcB@uFZ;?<usWuUSy@)jrrw`ACSJ5MP$LNx-VGm=+g~;-0hhqV=@MTg
zxEtY$GrWz94}>SP(dy1+UNqx9S7hqt_>M)Vf2{Ns-=+3p#FsW*fR;Fs`cpgtxQh*r
zYtOf=Z<#er&MhAVv7-g$3%Bo<>4c=LvKiYa#}tt(G{f!Y1>*K;tBJWzjo9b<7PS`5
z3}F`?wldX$*I5)b%WU8<0G7oD?f;E?T$mlp?iPF<r6IohM^n%HNi0)U?pgvSEE-_Q
z_S)m;AS1CPNX5~kF%BhGdT~@yqZ9Te(r-a?tKT1I&oEMDlI$HZck)!;e{X^&G`jSs
zQ3{Z3SMW|+?Kn|e3Yb0c;VurF5Gbk0BR}`1lGY3y!>ySB3hOr&85gP9SM!#utd*RI
z_Z?Fo`}iZh%q4t}uN$|VH{gC`L;t4fn=_|05aJGU==*yH4{~fgb{l8WMadfIRbFlB
zs)nU}-#2ey`YN>Kkhrp~ze}%z6-2(Kvm2%nSz7{y(|Qm9BFX$8lg1~c6GaUZQJa-h
zp2oh$M!lW`fH2{^V9?I*!;+cYA=71MpKJq=)A8lyM$kp?xH<l$WL%X>osZdHbIfrd
z`si|FQvcQ7eE<7MvOaNKbLQ)vp%t$}DdF<B?2zdj{EV$HtUxK=*m(q1<WsV>?A8q;
zlL6H}%D68wsVzD_p(7!!>kCz=?k|_m3svWyAQuhbsHIO7=LUy3Mj@zyUroZ?3vn>J
z@BWMc*OKv1L<p6Vqh7tY@qD4R_HsjKLL?z;bmPM2a@)nm$<Gl~94HV`?Yyl4u`b1+
zZ9i#_Qh?OzRq=6d^zzs>bEQF36l~A{fgulPEAZl7oSxHRCQ5^=m`sWFvG1^&(o(Q~
z4+wuOqV4&(S#TOBw&Dh>fyB7nW=<9;5wMaCXeofDL?2bef8b3_v9bQ8+qgE2MOLbU
z568gj=$qoTQ%J>>PQ8*ewqbj@4x2?6_h$^R;(7~TwIbT*lGhM-j4CojOrbYlH@t`r
zhg4PR*8Sl3HX}~L`qWpGM4!)|-;&2`w16cLA5uq*9`P`Jgpik!pR{4<B+ZgQ9cdj-
z?ySo#=2G?v>DPgB5lH26>Oq7#6`VS6VV2`am7q|-s3A^$Jf=u5tYWT*(vDBS*QcAd
z?Up#PH(I9^e`O|K^{6o&!fqgbCoo77O)mZp65~`;Uu)CL%@)_fVAeTdI)B5>1H@tF
z!TsFhh_JVn1zkp88hk-4#YTnd->o}t^N6vM$q;3)7N1G@^cp5^FR#4lvl82b)?SDc
z`4FAo_P&$LgAfqRmjCS4rW6cLOM)$5Nd~usi1Z%G1V7;RLZPv=QAEL`jP%8)?G$8D
z2*h09ko#%I1~etg%{5TM2+zj=K?mm1^}1Xz8(yf7XX5s=9h2kB?zeJ3ga%%#K<kxb
z`F}Ju!sNUr#nk0eS2r^0@wnqo<K;@t7$Yt-4{4JMb|jl-hc&bv>S{xORhO?EE@?f5
zUWG=i^cvXLKQ}L0uaX*(gtXGF&Soh^NA;d<8Teigd0BMh$(dY=JAD8Lg$8!XTFn=e
zBMP`$KDuh&V5>yJz^&reoUgByb6edM58tmq9UqB-o$F#l2C*JQUQXd<-Ka)m1Fz8z
zVqCQ%ly6^P0=;@bx|Tz0E}7h(6WCAw&Fd#<<}l=B*xvMg&^f)sNCVAn&?%@3-^E==
z!WXRoohAkK)v@bG(bNW$SzRO)iwz8v|8aTGM-4-p@1!VR=(v&p`|Y0i*9^EWA)s_T
zP<-fA`iO^wheB-L(y$eb9|Nx*#u4V<$BkFr7l!2F;So+T@GB)vKItO9+2(UnGPja?
z@Pmh8hir25LAz*n?u+20>js*R4qW^nFO76rsv6?>K9j#<rr8e4DOT4Hr8_lU7`{*J
z41@8?>&Wtdq0|Co4P^4`dq<9ww*V8?{=C9O<1LF{05a!C@9R^pCWT^c&(QH)s1qzy
z1SNLDO*kV1fj_><q08lU;6__-EaJACk9#*6J#PbSPuGrVzwNLt+53%rQpmU5%cYfV
z^9SVV++VNXy@a90Bu?~edg4xCu8ZP}{P2;_MvpJ=8ry^HF@F?m+Sq>;_X12*nSz_7
z^)+-;Ebg%3mu*+$OQ9Jm#YF`XIFcsR4OO5X?cgpKt`zKv^{XRrs@B9{>Yqy#8<Y<a
z^!%5w#tYQFg{yv2YkS}MWn7ECf(1{@TBHPOPs6+~vQ(R7;e<D{TRSb-Tu%MoIy$$U
zX2!)8j?B1ObTgbRGxVMi;soaSwrkw6#wqlEW~Bxo<=!vIQPp5>sj|M|DT>%`aQ4yq
zdF$PuDHL~$f(5Y{e;y>3|BLZ&0^<wGgP#;4j?4;GsY-ZW6kD`Hg@cpZB)?c((0kSt
zpDlFOtFNhO>2G5o(~v;x`>*?zEuGm;VLVpn%YO3+!BrlRIpn~b0o2C^Zt-9){0|ow
z6b$5JeYbb~%kXsayd@ivGNuSc<7=;pn<s}`{8TyVA=c<^=#Cuy?Y_;3X5tMol6v6X
zbPD8E$JDpdR)b4-)iel1n`VK_T|^$6G}Z@QT^1)oWNvpp-cN}anmKUN?+?DI6t4YD
zE-KNLW1{qs#>4<m22c*4s>EKqv{pF@+65cGwm=+^5L~*4liGSEFl9>4M#JGX2}N<?
zB85mr+J;YCSGbmG3$(jkim|Dleahp|ZK6voLb!!tE9ANgsQshWw>Fa;X4t0IrCz$b
z_MK{+LMW4(F5H9vGJfQ(1s4jq$J7QV+=sgYuiaL5a~z#I0GcMjB^ew>L-_s%74ycG
zqH5ULz6<){Yz?QPiRblX7+oI5)k2ay@O}NBU286D5Y<Kc`buJOf>_B9N6U2Lo_qP}
zs_vPBGrOjAWECzgH-<`{y7RXfI*)Wm4Q0;uM02x14AQKs!ob^~5E~fD@gQ8XXfu#D
zo&%95^!mn02mB3!7Ek#FkEWSdTzXfL)^7W~#m=M~=gRe6U5R)pS<Ls<!$^4zKQSc-
zt*6ThIb^7PykGO|Qz~)TY~Y*F*2A-!uk1P_w?SB#tLY}U+tpUdoLYwzqO|=Q{XjUC
z*f2r_Rod{d?C48<dR!!TnV?kCd6A|_2zGM+j(v3hD-hw*xwB=@_QPQ<%<UxU`O1j?
z)N^*V;p@BzhX}J?&%L1AO5b)JMSMSc$wTwc3OwY?2jv7ImXw;aMK&tApn2phEKE}E
zyzUfA)|(8tN)A)oIeu4C7zZA9Uu~*!1?xjS)lvP-u?^)adAoAMsn|E3*!C!HHOj7R
zLsM|^RUl)z>Gh14gHFFT4w~@sht6`V$gQdu6G!}UB)8}!wkqS-lg~7cFCQed=LCn1
z3BTXJ|8EE5jKT$3b=lZ>b2S8g;Xz4UcUKWOY<=ZtLgnycV2pa@_m^9A3|EfIks#cm
zZ&=9bI`{d6AU5nTm+h2IH<+OB?r9+vuvL_^;gm#mus@#7$CwMp54$moi91CepS)jm
zx2(S&*F?h1qAuYFvpdLlx6`4a!Fl>6ROhEQ9L|@d-;qeV`QkZ`@#f;0HU$=U8*!u(
zNxN8o7%}F9yD%e9QeE{s9V8>d4r)xMZ7A<7rDsf4p$J)|O(QZDC$<aoot=5~fYkXx
zI^piWK@0241-j#tj;#cMt*0%8u{83A7OqGsE(yU=3l+V)gY-y)Hmij`XB95ORU%7r
zSR%3^)~xBkE2ejaa%|Cc9{ShcU&+*1-i>!E+*3y3DUbUCl_k6Lu}G76Vx!}K4ACFf
zj&(kMLPP8Rk;-s%^>P7<oA1(EfGAa+r;ks#h|fJ^@Idmj^|W}S9dzR{B<U?$D`_<a
z=-LNO?1{y?-d`S9z)eAw8%qQ}5~i)q(flX<+Si-%8ae|M6#JMD9cO13+|}Q3UeVO&
zycp@*#laJM{X^3NX4ZbwHlr${$*C7TD^9P~fk;M)jZ9Vf>d;KOzQk>=0BIgHi|9HM
zL6p^u(^h_B_GFBKuXT}5Q)4p4l`b|@={f$Q=Ti3*taR2`Y>_26kNlI}<;@gmEdx7v
zkm^!@6zFn|*`GN~|4GxS76~QSr(AOFi&+0;sYK>5o!En!m4?<pJU|qIoFr=`bKV{x
zat~r-nwWiQUT^jaXEu9)T{=BZFCJPirbGxy423Wxe53UaJF89pSLiW9=Kf(B5s6<k
z)dJ2PD8~@}N_NzuSQk;M=uTH~DV{^ucGY=oBJLJ=M!IZu2g{m2zP%1Phy3E$oKdaj
zOY7g$7=z}>>Rk+Dec^p|!(*mH0ALEyC~L$`msKg%Q4kq6n6X!ZGK}z47C1zcDwtd8
z7i_eEFsap+OO@Ne*mdIZTO2ucVp#;v?nUWygG}6!Ia-Pm$00XJf$EiNKY@6{nXI<t
z9)_y}E--*N!t$I=2-PU74<a_e$liafF?^Lmf~K~%b|zJJT{2gu+c@0h9A2SWlp4R@
zvUp8dM77>_Zg&m%zWYnM^GyEh<<(80ONaNV!7qfuJC;k>W|LK`T6g|$_*DBe7z)2=
zoJ?{aRn(e=EGF{bxxn;sbrI0~I1Pjy-d7V5h8YGla)iLuSjpaZczdU-s`=um<VFsm
z{VIF4HBC<366vltq((Er?HD#zk0_6Hq$OTl_<aSx3g~YD44Z?wMkI{<#m&~g>Py7X
znRXr`D+8*uLkApA0*bQZowzzlYJXG-03@>wk14qk)}srqMKe=1VQKrtjgg<>MEoYZ
zYtN>Mka5gp;JRDRTseFsZjuU?Raw<3c*qiqOeqRXC*U(&@Wf9SqkNv8|NiuFtl)Ou
zLY9f7f}s-ys49H9E#TJtpF+vk+FbW$=~kd|<9n4!5w0$$C(VYJbypiHhMgXVoNSvt
zCwPP!U%1a}R+?dcBePin2E0g#Q5M`XmZI%gZ<Y5@3WHxMNc(ed(zwRELQ3*_tM^##
z67VEpJzY@6b48!W;)rFE3amL*YJNPzp#*lt_cj&+PTE`NU+b?s-mwPHIoREeu`X}}
z&$YBV$(TD|w4z^_nl0RsL)q<Go+aTv#8wK-A<$;x;I1BKSX-*&SSqcTK*`ad{bNRS
zV3pv{-nTv>bRbn0GG+yPe0zo>M70!KlUj6*2~{=I>w$@!{}`7-^&nmLFTZ!;urxsz
z>G=}C7B$=2rd}!mD||S|@GlVx6CfnbaFvyn!zS}4*M5+N`Ch{-pKml9Ha>_X>a9Ow
zS}(2mAA9*8u5JxwQlRdhyE&uhvE{-~MX)9|U)>luxdtx<kJs36Zl<%n-_Tc*I5$ph
zW>2$$CkZ1qJ`o7EZw8-JNLb7n?=RHk1p@UK0|1d+1%-z<o&lkM6+FX4bj5HS*(g^@
z#c)=1?Q=n{neN>;`qF$|8;@0Dq*=(vj{LZ$=mJ(eaz>0!L)`J>8<^$vIW@-0uy%Z|
z7MsmmKg!X`L%Kajkylpgk^Rc8LYL~Lg}`iY|CRECF+X#~J*tvr)6y?cWNj>s5kR^7
z?zjn%BY9m?dqxnmj+lPt`Nw*7we0o%rSWMC_8Y&K*C#o>U5^YZBbWWjN#krDSL+pS
znzvg_^sTKl!~zP_0gGvjxpRTCjcGPS13N*#{sbR!-d4m;d$M*eM*~)oywWmr4zfQL
zGM+@O<X6SNvo8UK2vp3#oUN|%eSlteYKfClRM-&NUS5J2|CA(p0$DE|gY<wjiZ79m
zmQf#%@uzPy0e+{t&Xap(8MR}{Bfw0*=UnJR%`}6OT~j^482U(Z{a1{}5!u5yLg0Oe
zur!A+G31gRBkUr=?9K}^KXLQCB$9`5N(u5}54WK3Gx${#Sz`OqchJEUHvkp3va5R9
z`jb&HLJkZ{KW#^F*9ldUBn5OtzbXAfdEaU<tS-A3J41=`(2wTdZ+O=_I``Gt&^dro
zhM&DS-4)7rkxwKWS|d<&XPdR(YqsahenHm`fXZmfj4oH2)g&SxVs}pE_RWu*IAU7t
z+Up=$)S3)LoW>LsvH6r?7yy%?C&IgSGsS7DzNrc+9)~pgGoh{%dsb9y;gP|5ER2*}
z9g32zueQX{#0d<uP<_XgKep1(M=<opNB+92q})26TLZ7J{o}|n(yC_>^;YAMyNXsg
zVSG7^z4BBwgbTU7iygIBQEyyc(YU3fQ~4I-IV<lJkyP*r58+hsCBQhYaqZ@zD*f!w
z^3KhBYPLzXqK+?`6m=~=K{WgNP2TD^r{M(D#8_m1%tMB#MTt(gF4Z%?jwcMf@|Is~
zBqbDj{P?S}l|)fDumI_;6@;1BQ|&M%3?}#!fw-oC{0~`gN2ih1k7MJ+S4R)3c;gCX
zMIUQZXCG8O{wcjw%3J^`sj+*;>9CC^3gaVsvq5tjN{AyIn&5QI-FmHGap<<Bwt?`r
zoMIqc65?```gQ~1VzPlnxPE_Pd;$0v_u#OSzap1Iw}6)1#&U3Qcx82_$e+yP_~B|5
zRAbm+_{{~^SD*B_Dfs?vJMSnW{*~JF7A8XgORyu~l0ipA!4I%6r;j66r(+b)TQ<fe
zK3cr`TRxUkq>hv$6SCBq3j-G$GQmKWL(9pM__s~2V|JKUn4~@ANJa|!sKo5sr};lT
z1SQ05?0ZgFTsIQUQ4a0NlWV>B^o6)FUdA%X+YYbobXl8dcZgS~HaY=}d{tK0;6glk
z_@RE)s=?@#s@}lMTwFW8WVB{<lG%g=MIxLy<<<oy>q$mgd&O2d9j5*BUE$X%y^-HM
zk^Ka8qEwN+ED|t-RR$xeGo|=f1Gpi=K9;TB)@Z?dK3ZbYEL(lKX&e~v#iDe0EwTo~
zxb%h0qEVVy@cVIZ&|~qA{nI3SAXRaBv+eKQvF0)s84VD2o&wR2UjNcNdC`M9XL|O9
zt+Df{qF6Qg2*Py5Z4uvs%;Oo3KV^C<|EGX(uBGag5jc<g-R<VK1f@(6GEtj(zXEO0
zYn0{OX3n6rsDns&4+w(bQ-uvHxf1jWYa4pD*h&2=w71!^PIaeFm)!O)xGg~bc1^CT
zq|w*6k_`+B`KUG6uYkH0Ni$f`2Que7iGp#spP7yREgmD_OFERTjOwXOuXUpOngvS?
zgb*-oyXQoqDwBFvwm6OIv5ma8PY`=klby2EP)y$~+q|3@h4H!za)Fzvg4f-wkjFZ`
zGXLy=A{{0(2%q{bmTb1YbBvkc0%b`OOdI702^6PZwD?I6o<(D6bz-}vjFIcru5zkS
zw1r_T{qi*s{_@To`DK}0h$CLg^#b~^k>C~vlx7Ugg(fuQ{8{N(_#_yS{W0h|e&B;=
z!7J|mQZ{b<>vnTdmVVDvC+k!ohdqSkw%YM82c?erswbaIlO`r(2SSU-LzI{cNIOeW
zU?H$cZXdpQC;sv=Zg>^U`UZKI;rwyofB{@D2aXMipM{>AAa%Mdee!Fbx`a}|Co9pv
z)`)3Isy;<v&SB!2rr#j(^k8xF&@~e!w5mDNv^uA;Mlr^R_P97%_Tt*O&(<Eg9;b#A
z>{W@{?fXrjs<KCf7yP4BOFtJSHzT6i0DGYErwQ>4_*}KZ9@p4$68u@HQW$!FoA&ag
zy4a_}fCYU(64fmcZ$h=m$Ji8!P>bhl%UMt*Z9afl_7_h09F^~y&x0ZsrW14$>m~ot
zv0Q`2)cE2Y-YY8NzA}PU6`D?C-etTp{qi)?d?>mZBIzD_IB=z4mj!a|d!GUTn==|2
zU+59yGcQs)z6}Xl1yqwMZpuCn$-nJIVdp4%PbE~-FnC=oS)sJIg7B~&RWOtUF@r6k
zGIc)-mZuw`EG`uXkrk+HA{tObE*E`f-m@sM8UB75Mtfy1&nS?kDu)6^m0Va`n}Edr
z*p{giYw&Nko$0l<rf8I(!IVJu)?4*dMa`aKSfRDsr90#SkKT_)uXpno41I8yD>%Gu
zSwZ!J{j}o7{aDX0FW&T}Ur`d@-^d237}Z#qV@3}Ym;5?V{y(JKGK}47@g)U^1bVA`
zdqx^3H>$*}+WL3D&XX<1%;2F}9Lx!Rli_5!kGO@kSp~5(fSlsfCb3f>?wOLjp^On}
z=pck!rDeywoShP65Q;eCb!p;)m9V9hG#igamPAFXf4-`?-jcY}=5Zs_<=>9bPyrz+
z({tQ4FaTsbN_ysT<9Bf(!gR+KZ(p5bPkE8GFv!mzpz!-M{z4Sz`J#~i7F{<hZ({mb
zfxwxCN^9l<FvqQ>LiDFv+y-@O4s_kjpA-n4bVZv9_xD$3<ljj&Z}l5O9yLq<r4f}#
zkK(U?EQ%@gmgJ0CL?5_zg)x#0kWtLe=z;4e7nHXOZvr>t9@KUZm!)#|!azwz?d_c@
zxc(_k0|5N*&kR!Z8nWx-a#WF`2xxNks-4ov`$W7z_jS3tF83D%?-R1VDJxc2u&)_R
z%k}g;-_}NUeyba>iq?f6)LtuFuW9>|pwkewuRFPv1luTWot1CjfND?MtKoqQCqbFE
zitj24dRo>@d?Z2&JSeGSD5c-Ebe^<E(go9W^lOgs8}ug!!YLS4g3H_`2g&(g1%Jpn
ztDXU$Qe|ZvB6r<r1raPsa4*1F&RV)(iWFo<Yr0C*OiZpFK2tb@g9xXj9GnjC=>lz*
z!P~RZ#IqH9*trXX;Ka2b8k&dvvW>FTY0QvPhnr!1O*Poew97?C{ks8-1Wfa3{<vC7
zfj(l9A|H05#Re+W@fqNJC4ZG@oteD;_9X!Pmv%~t@*fA}i|7`uH1mHRvTCo#Q$K^i
z4&y~!e7N08LvDEA)S2qfE(<b71i^0vQyCSU_n|UR-^IWAsvx!RITA%ueZGa!alxS>
z3J7<vcU}_`vRN!fyc6*F{BOFMCExiIitskxu3%Y=+f7W;nOA@NF1hzCy-i*Cl>tj?
zErwqvwq8eG*~Od5(G~~T(;+3>G{?1SEwi3lGa<i=EZ8Y75s3%rOw!3Fp?EMgg6xwM
zLRhX8uF9gaAzrcTaNa^tLct>Ugijmqcnllz{PNGV4%U8qd_p@9NATYCy%4b_wla-=
z|Fxs3X!crC4U2{}iLzKAvdbKJKu~btT5Z&;;I<L3bnF@!XZo_tOpT#U4jn-yb)}RZ
z$M*3)`pfkI?`p{^MDUmQ0T)5P@8CPv)GdegedaKjbD9D4Twcva4`_`vMv{$QpI%d~
zp<NV&IHnw-s2h6vr7wMi&;{=gOnJQ~U6e9XQyr%nr+p1RON@efd_w`=!`FPkLF7sO
zTNc~kl_IC^05%Ss3SWGgI}{F%`)`a$Dt{E%f9y%`=P$a2(<;BEk@=DF0>YIk{6FNV
z%Hf_E#FOYh>C{urxSv}L{Yh0M<&OCTisc9=9d?u^#(;Yf(X;tuFXD-$(oa~GR75pY
z?riXA!Kx7nitI$pQo!Y1KyGUPP^W%@klhj=8<s<_#h%YSIMTYqZgUQsR%hzB-SM*b
z29A@m+@tWjRWH+i!^$2LEYm>ead(URFdXX8%THv6BGee+t+#lCr-AkhXEk(aXrc$?
z62rR}dA@|nvPs~e9k4t~Z#+x2QkTQ>{hlxzhovb8)ystxl$wwymT=7#0k+iwUT<+~
z0sRsrp`(}TbfRj|7yH<tgSjF2Lng=Q(^19!7JF@njftV91!W1CzctV(cDED`8>y1s
znqv-QH>=$!g<lMiRnC~E%`|I%jD^T4ta^dJI7EpkScNY`4}6qTJ+-_*yf30MObqc3
zmT%^<kmkUk0yN61na}iILLmAfiT>#RX7bzlLVSLQxAS{M)Tb7I9GG8$@^|?+H3^j}
z+sb;C*hCvBJ|7Lf?^WAqI23BD8%~PYXlVBd(0jxe8WP;bk99D<#>Df+IGTyb+Keoq
zf0O!p{;?&pLX1L%&2We@G2CT&V8iE#ObQ@E^&0RIOM0FrH2H&`@onnw#4m5*#~nXY
zXeK#55M_`e!TM12<(Hb=Go!Bc$IWEQPdzSBi<n5o0SY!XCOr=inDOr;g+32>v%eTn
zgM;mHiI*59CHg*7NKhG4R7Y?*T+T_t`H;uKn|ZzsWwM@{AH=^9B+g8}KH7NxIg>CW
z<pGd=RWy7J0D5MAE0SQDs7K=D)SAea3SvFv_H^TjxMgTj1}ozkA{feBLza+oE+2>P
z_-xZZ;Uir&JfRWR<oqQ>7!;DoEXKxJ{#Vc!+;(a0*~zkMaQ{|3_a~nVtIeDD=d+E;
z7RN4XLC#s1Kw*OU@sONR$t>?ehaax&0IFDJu>Xw7I%^9dR8=R$hi~K?Lp!&iYD65G
zK$k3ac{oI-iG?4Yn!b+DyBps9hRdm)YjN;=ap;Q{O4s9pf*Om2M_Du~rhawrvVwS{
zyg_)+r{$mTi;kIlg^~y7pL0-%AAe}q{KI!iy|UmG&RM#Y(g`&>Y_>dhVKn#vBlxIB
z)t^(p7acBhm}pvMX;OR5K7V`&*RY76@$o=l1u3rwg|g!z+v+vn#<vOL6Rw?o*BkRp
zlN|TU*`A><14EHMpw!v2Sqb2%BAjLVR6)#jEtlS~5EvbA@-BC^xB&UQ5Tdq3R#{W)
zn(Ly|-gFy-MOJO`;)d5T)cFNy9UPBshJ>_v*@-{=cCDs(y-yx}gi-2seMznki@bgH
z_A=tVUb5EKaJk4<!EGHN&9wFUj*K^h`OFi}Kx^Row?`rWtU0m)%pX|=Az{qM1k6t+
z;SFnxC)I^-^MVHLwMv#&yS|<HbqUXQKYe@0Z3}n_b#{4=xpWjzou&se4aaVLwUGy5
zqR4OGn$MbH<%kY;g{-@<gmsIVg*ge3sVlVhn%zzg7rVOtk(oH4mHli!6)h)ikI)f#
zPs|af`*NQMn$J7v1Js`QSW{m|&mwk_Bs5SX9y7Ark-+4!9hVx`n(w6jCj}-<3)nzz
z9g2GQDE3Seg<)9%yioWeUcH@<JFRQ}>?4jYi*1cH*@1K$e&~UO=lRN!uAzm{6XmT@
zt|^y9RxcGw$E)pI<N6Tgp|}Csj&IHh?Mwd_l^|HGWv|GBqO!S$r7(^8%WT(25_z=z
zZv8Y|TUuW_m&uka9O^H_WHk0KxWPw`pZ-KYHk$RkykY|}B4EX|h}n9e65NxUoD}K&
z(x11X8Le+{U-s#J)pLOB#XH&a5d-FHaJN^l+vnJyt*$qB8^FyP=y8nkxBd0*B-xbz
zMj$bU6qe1sCjoYiP1n1z(tI=E*tNBFWYb1Q5AmJ@W~>!He$(@#*>H#P-LdstryMOg
z*3P;J;A0(CO1?i&>xu{<sr)e_-jXLvOrKap6&}1bGl#~i+oH3i-*5nvGEN>uv9o=)
zYPOb}jfS)L{MH%Q9)s1l=Vsa0t6mUf5o<gc^NmpWyKy=*HE{HIq!YxiaZ!R;1RFI8
z=>Dt+0v^lttv=t&tD)oIt4WgH6w=KV7$+B?)b2CC3o%H7I?{Y5G=h9@CbgXiIp)|r
z#=J6k`u;;f=;I9D>`uzMi?P^)Jdx_VPyW<4DVuriUPTL^(?{|1@&|K-2<)s2qcv-7
zL|K^ua9pw0nJY=yf9ZdwOQB9}AXV$-={3DwS%cT<K>WpS;q$waJe5rVr#C#g9C8L=
zDf-{|KEFNJfoK4TbuSseo^eFhB1ohcI0r+;)saSi&n|}7)=93wi1HX~$kX5CVGK&M
zOxA4<FK#++J^uBMwq`GGu3Rz{a<L)Oy$#xFlWRWY`}~S6b_3&JT<#kIX1Y>e`p}~W
zzt#TnC3TDG&Wct6P>_~PZR8xpfyx=xHbVhv#}(=ECi`TcXbib5@nsg-?=(#iNeIwz
z0a}&CAB{GGUXKZ4hQFOY(&WK<ug;uYaAz;T?7M=IbaO=VAF|EoDrrQSg@Y#NMH3mF
zig1gxk3tlbKxDy-chM~~6^25SVR&NO)-t9khDs?JQl;Gqzcznc#@VMbAgROqjcyes
zP*{^l#1TCi%nSSBH&0>*kLfH4?~CZ0TdcIi({H!X%GB^%+H_eWF$A>8nL{P)1dZ9C
zV(I;_OBuE9OjfAGW@8J+nD@Q(=zo5M$KIGM$Xh>AbG}2Zsz1%SBB)cxzb!C};P~y9
z8wQ+qL7y;76jIQ2U`9%^0`8=*Zo{u$jo{pd=;ZE*dYO5oI{FsB7tKA!3}pLy<MITw
z`4chC4Bfnv`5wTe&whzmL8=s)N%5nSDE=O+u|lktOwuSiXONMrpy6sZDOas<`C@st
zHafK7SL#4a^bWBfAFzJWlbhNrHj2GF%pz<=Id3Gt_&kTJZsqv24RFwPK!V0`(o+1W
z;_@tvq#g5fAYHNRC2aWZQ(8cfgD0oOO(K&HS%u7oLqG}QS#&(8ExDNqg7)QeF2Ewi
zh{XIa`_vKBxMShaFk=PW%(m*xH5_MUg@!M;>>oF9FK5D?u4K2BGaA5RHoy&Gf-X)>
zw**|2d*?rVP=F}KfcSLUaety7bt%_#?V~>+ypp|%Hoa|5QClm^_|d{>ZN6UcE(F`d
zGTUV&mqLQFic_T@cX^tMSK{vo1103s06je8gx91#=JoS8*}m}4k=={Q^kkZ=zSY*<
zPby?f51$g-nTK&0LF-mnIG0oM7p?>N$RUA*WiPVR2C8!etlBoOogZ82+F!_hUpXw4
zL)NM%h=ot#f6c6$nB|W-fez@cjE?whZ+F-l4aFDoM99m^*A*cfcteReu<2VG`6I>m
zk&R{(JF&=_z6(-?1ZTteSAAJB(p)C>U!_{ED<O*e&?yDoqc%rDUneVn9v)@zU8<C+
z%44G+A4s^g&TvC|7p4gNn7foqkHawr##aIZN80!zce$v~jD+OXh=P021U~W?PILtv
zNv2h8MkUu*R<hBfaoF7V<k>BM&D7L7a^050yM~KpKsJ-@fGDEvPGM+kO^oWh(5xq>
zybbShw}ZzAB1ZM;fa-n;hA?;BUroO6-DgEYK#e2@ZnH%HLsu!v`}350Q{fl6$GR|2
z-*?m3As;mJQGL-byu_Q!>W?-Yvsus_@w!p*W9uqscX3?xqK;S)KhGJ_m&<5`S3yn3
zY9%fuw?oRd1cfs>2q1kQ{IM|9WNh<G@4ni2(t}Cw@^T^vYhAZ@M7@?wz1hC-;&9p%
z@GPe~m6GbM=-Q0-Fn#+vHH0blnw8jx%Iy)<6vbF|##~>Q<42^&6gD5dwP0V(XKBz#
z50CAdDUxollayj{EvCBmSoZUG8<A*pRKko{atE#H_T;P9T5joiAFdsl6EmX_13fd1
zOEIPwdE0M^6E*mEh9Ws`!$9eq5W;mxAe9lDrz*{MJe$Mz1axln{QE0mimZ`q5m+K`
z?6gTOo+yh}HIawo>gH~zA6-jjzv?ejiG5;z$>eIoxwQ`Q-0oZB&6D3w-|Vg(S)rX5
zdRs(q7zaA_(K3fcpJau68>U~M%7jKZe!i#n=4xn(Qqc{JAJo1IdY=5Sl6pDe1Vod~
z;)rjYc^|z*=QEmmg?P4h0I7hjL54Iwp-}d|GML&bhHvz+MvkKD_lW}AmO}@2V?7n}
zAYcH_Wy@-|BfWfkl74JRLY>qY^*WNo8*5b4?CHu38Z?;p=e*D5Osz3-ppfd_8KQeR
zZ#zZ|s_AyjF;UTnliyy?*N_CNzfDQK^4!qtAx+YR1vfK=8&Te|YO+1#X{7zQ*y9ip
zJ`mN9mQ2C|P2+wde@ZNXQZDB_6!*kSwEhR~gar||lzG&?(ii-lwUzDbArzB*&^dAo
zM$0vn_dD!aTK84ku^j>w6syydi+2oBWO_Ui5-7owcsA{2k~Hvcy@62#*{5qT17Wv6
zmS<;`+R66D)#8QImp3VNiYs-&-=D6_S@=6(JMG{Ae^}+SB8?8qPgY{Hdbk+96J#p~
z_p6*DxvmiF*>qtGhI>&+2`rS4Lpqri)C3AtaTvwToYt~%FAjsoZ>*|}mF7*qm3t-q
zr7nIo^>}Gs_nzX^762W?aH>~ezGp4C^p-}#8L%s-V^vQFqcUAf4MzfQ^qH@3$sWNN
zBZN^{WEiDvct|)n?V0soDD|ripp4t3b*!yVZ?^LDUuUa{DZ5_Pgkl9#lZ9O^-*q~&
z#2T!2vV}X&APT{o-XTHwqZkm~J+Y@OJZ0+2lLarBfB&|N0!a49ET)Xnup?(NhOD1p
zcre@j88onxl+;JrmZ!S95`^e9Lj7eaek7;zC2ROf7LJ8tbIh+yf7ltf31ey7*qo`1
zD`F|>i@mA8LfLy5Qf9bh_o0xAqq}0U+#ZZHsBt;ua%U9zxIy)b!cn>xlBaTH|CgK6
zq{JazBE4Y1|Ghie9#dTBr>|FxbfFaC{JT<iL`=lyVzuFS5qHMc<|B4_jk4}BA)mwN
z8Rf&(HGAB4Z}@0wMDlvqOgqP=QVK>W*|ImcxF1?#kr83$Y)lx%_1SqMmZkQ+y6oQB
zq@(l^{i@Z%foUHR6{}}x&ZaNyYEaPCf)|g@0BAcm&PEeUm;=u@v(=ydEjF`VdvBhx
z3<Xm2UIlG3WrfCg5!@^z-6yo^{mG3wI~(8LeZs1ZltwBvlYwN6NJ&sdzWHSDsZ{pM
z^vtLM2F%ge7zET4d<hjPAXb{KdZr6!zy6g3Rii7zj7#j-DYyw@*>_|bHon)fz6v1H
zzDLdI@x?oX^di=#?@uZU`(Q>=tG5=&yy6R*C?Zp<1gEcv-X-tP{lRGx>&|s7`#$Zz
zbIw0=5tXMrdPQtqR~edoCBurPMFk;PlMw6!sR8qThr1`XoHhYueh<st{qgpdpStxI
zsuYPCpe}ctbDo0?Y@iBensmLj4|pn+0pDWXJ36zk6Q*ZR;s{5%x|X82;Zh5j3`aI!
z&zHbrHq`U$nNz>CQ^1>pJcp(}Sx>@<l^#<O-DV&wLHq~{4IQtMn>^DT3rvZz5%7AK
zhoY!(=GF0~0{Ow3UJ_(a*>*np*2_134s4mK`3}3Bf)fw!Am}PcYPG>c4q&-F@^ywY
zu3y!R98)e=UzdH0?yNp-K_O)h@F$$xpyYIL&~TWINYrn>7OOED=@N^SGz<PO7j%{`
zA$FMz@Ek?DbinI<#tCBBs$|{t8f$fY9tM$xYmD>qg}g6Ed@ewjUTyC#wIDh_+*&;L
zhQ8K$b7eMIX&ZlY>VN~-zjMKf=h2?LCn2a4YMEJyD)tzEd6la0zRDn9(SshdOR?9v
zuOL&H6yNL0-&b7R{jm|4UEoO#qKBBJFVH>al;&blzHEvr>ntMpSJGA>e{qdiNc$f7
z;fZP#rBxj=Va}@t4*IlHKjNzXqA#D<gX2a)ZjhG8;roBs4v3`Je6(NV=fA&*|NH>+
zhy-Gi{}INY&1>topq)$0Wi#1B1pWT>33!;T)LdiHOD3{^F<Zb#h5_+_3d8E?&p#GU
zGTD52KgM%&zP@-+^WE(2)G+BkTCVbD)1#6FAucFliiO#g6hDzkII1IRQ817#nK73s
zLKbLVcORqzOs@QlP!Yt1b?OfTd2J5edErC?%}1ZPyBYXGnCtqYZY=GrMNl8x;E~GB
zGcywhU^{D=Nd%J2T`5aKPtFA4SEA$p9A<Lq`VA0;bl932oOY7ed#VYDO@@qWk4p9a
z(T{B(h@JsPFocPDP)NCM&>|(13jTv^zi=2?4}ie0y1!Ed#Kgd6n~s}1oL*ZhxGoCd
zF<U%tO2%(&LOqV>%+Gs*8y|Nu@4zajtO_u$HJNxD$y=Kb*mH*r+C@HF?2&0J{=Uh?
z1D}2&&baK{%Su8xAoamUO9lh~l-^h8+7-bmGO;Ua7ri^avn%xYCED|J2ZbYBf>^+2
z?*iCG=Wg{d67?N`otac}-v~K7D2EhrED>|_aizca#76FN&_q2@U=l<K4qVCKGDvhS
zke**{eR{s=dUDuT1nGb|?Vy59h4Npk^%JxWV8!E08VdlzV0t-m1f>4fb^F~VN_Fvm
zudkQ)n6XpOht@dCSt%O&pShRs&&L5!VJufE40{f0TQIfoz?+gEiz;GMgv?!!JhdLi
zrxZnjiFW^a%@^tukMRY1w>=8X3k${r+rwv6;P4)^08h<r7Dh9Pa}`x7he;wCCCWCa
z8Ks0L6yeI(ac}a|yhuzb*EAIsyBGCW5oKbhM{f88LKF?N6h;0|1|9PJCU-#gYKT<N
z<6G~NZI2xKy7m9RjqK`Z6$Gu8?LP^L)0Vp(EEE#L$<>vTUVN3NMyG)WpWUiS$CYl7
zdX&e{+h4yiV(I1nA3OoOcU&C~-h}#$RVog`2_lNQV~sfiBZfZ$o(mdYLiOkSYeIaq
z2)a!;n-c&F#ZBlGt`dad8*SFJvNtYgKGU2|$EVgp?1bc~no&juvXRf8Sd4<ufv)+>
z-*jBrye6{Ia&D-I1l?GRBk_3S;|<tygyZ|RMVLkRp%6A`uZVERAS@gqDAJil!azc4
zYN<r#;{q-2G)#sEhV3K<in*<q5Q&iy=gCa?)(J4L+T?z=yHO-b;f(Mv?+PvZ5I6UB
zBs$Fo%tUI|+FQr74&q56ryBKnTso;~*xEj>5%C)=2dp_=d>_uKmffzCh1F>WtMmq@
zo^Gy26MEbOr{M(B#4ZRZWT<)rD`T*B7Y%QqHDE%)u4?BBuFNU|z+UT&4V=nMD}n?O
zfQF8?pI^KF?Ap5@Mn#_}lk@h!wqlWu42>VK`r@_=5QB&Z1~w*<2Mj)CEL>2az7(st
zP;eTSIZRhbpQxGb7iI<bZOhvow0L5`=ph$9!~j(T3w*T~NlX1d|IAm$y=4=iSAqPn
zkEiy-Y28h=Mcr^9ITCrld-Lo#=yN6T|F*wp?q^AU@gTn0`CoP-6p9(pRZQ@K9kEAM
zb}KH`t5$ovWiKd!-r14Ij;^u!n9~OPzSy=<{Gx=6#iSmF-{vv1lWsg4j6~ThmGq1|
zXR<<(SeuK`azFcB5ry?3<f*P6qG0Sw1@S|zFoU9SbKmvx;rsJ%pk-eaBmk#4R7)4F
zzj|(q-I((zZ8PvCwXi|>IKUCEcsH2NvngPLIkmen=eI`$peTeYxfU7W;olk_EG{%5
zIvIcp4eb^MoI17Cr}G-u&GnE{6o_az^KgLZ@cg?QQrv3b>QTOaD3rq|_(cFw?-kOx
z3iASf-kOtuezp=Ay2$39{;8a|yYT}Q0`Py6KW}5fB!j8eaUpp<r!<6zV5^Fz(sNT#
z-#)n(6c${LCImtZMC-R}6$CvZd){w~-A+$i8%wP8KijXUb=m8epb+%mV>6i9N11y)
zgV6wpc2=V4foLWSn@P#VR#LXEHyCKe;aw=%#tpQhB%y#VP0323oU=17FV();w^wlM
z%D<iV_5=DHT~9aa4`cB=@;(l2P{%k>%1n&fR9fkyrZyuC&crN~16_CRnBv0~TRSKl
zn!(M<)<%yD_GV3DBkS4Q+xJYVK^88TRI6+<40c4sjE-tVX*r<-RzEzjr^;7p*&)pD
zGeB1iX<`D~)Wy6XD!fi-ou+_NA_DfIpatB~Pd#sH47p_qP`~gwe<6Bh#1=cj?_^=9
zljPfUQ{BrFrRicWhp{lHmT{htGKuf&E9kMqC>f8LLB)`UTLR7qFPS)%#;>|}&|(K5
zsE;>|A5;SpbAPtn5z!FUVv(A7fge=1{HS+Gjsm6%qvG3IM!%YUF!2_#znillN;(EK
zL`{wkv3*?8>ovN48h{nuF*`n?o^XAmLs}wV{t4r#jZ5mq(amzvvraNqZm>OBu8n`*
z^13LfpEQk#V1W@I+wCGS*R)HvyqQs$nv?+7pl{%-F+xeyL=xIFMcf3sb2@C@Zfv{I
zcLGRx;RAWW9C<{Oq3;J|s>MSeZF(R&zjMk(#dG%GgroA+`T58@N+ikugHHcN20lp0
z1i)5*yM)%Nj7nRmzof?J*+bPz7m@>tn!9dzlJTe@&wkiM_E5+#yOE^6i8&B~ap`85
z@s1c$#2i0H@H7@*#Xu&n7$jLW1x&3~oSDCZuW<drVJya+Po*`>SduirM)Toh&bq8g
zTr`uUQuENK^L{wUMZ-q3TOUVM&yKk4tj1=<Jj&UUf&$&hopEv4wqE}>Im>)_0RGV!
z7Mt@!%=Bs%2NsecIfzlX_m1gr9IN(DH<MdpaacBta10$Y3orG%;e-g52oRoK9pROM
z%=W+u@?el&tcYl-U7e<8Kv#&sY8k5Vz=A}a|A)<J_u8$s+9j7uB?9#pruNHDLW53&
zYiovkYogaQH_vy?vPsavIrs@}JPuBKF%b|G--QH}Nd!0ljwGj4YB9NwH{gM9+tCtL
zh(=<37jW5)MI!^5K!N?eNu_Mw-{!EG{;!GJrdryU&(=C3gzoQ%Rh>c7Ydvc{kqcB5
z!MISLESa|}0t6$T464qGTpSWZ9J2Owym6#?SOqKsm*7v97)B8yT;BU65UJ~FPA?Mr
zQ0ezvzMie&Qlv1;@WU~l8X%6J{Mj;jbZ%H8R*J<~GBF^-8Uf4zC2=njaKp6hoT+&O
ztdCNWc{J?cRNVgB2hxk|$rm?GXY_ML6=MTIga+*OdsaS8A$Z&uw~&w)J@7`<fKXa;
zLA}?uveua5hY;QIfma!qD|!M;QrtP*6FxFb;iJFP+b1<%0<5f0+%(Q0Bj1|&R;{Ul
zush>@tMAkG8n9k#+82binnr~ULS`7HQ!>#jG4p(6ZCW)jk`&%2lOnL21>3Q3{YY>T
z#_YD7)+=dg9o}18nZx>pHVIL`Y}pRF!S(#^Gi}`>YjIgU@IXAw%lu+zZj8pL9iITY
zHgrFg=;_+ox$(>^uY66erGstX@0Z?Fvmz|A;`(4803xS_$gOMH6%!#ooW<;K`sfGr
zknshISh&|E#_uW>P@?@stb<WuO|}~dU$>?cRvhD}F-T6!MW3sS|0B*cFn&X!`$NT&
zT&0(oQ$YpfZAr|T{zeX^7(@>s>YK{2?oIStEmT@;DBbCz`0P%?1)nSeLXI#QYvLia
zG_c+PB_khYz2M-fCNAkY35oAi1MPnt4rQz<C&5yKFJIqEQ!F+qe-86=wqvKR*Y)m*
zE}!du3N~6K^uIomq6wm)MV6Z&_EfhGCm<=6UX^Yz`K|YA2gms2oV;42!*A}5#I^kn
z$G-D1h#;1*&3D5lbUx2-u-AOZ>;oBeS%MSh;C)bDcJJQKu^on-FL`i@77pf;?^w`o
zU;%^~YZi25UQU5hWs-^>+d<u7%o)KiKD0fs-yF>H2P9E#yUxxcSOhG!V`MG2cm!jb
z9!Fj?yf@wV;_o?vmsaMB%h*|IPG?Wd5$NpmMx4>8s8vtf296=f=~DhsqR~lBz|b(J
z>(ECa=6u(d>g9|j=)uMzf8NULhj>(V=>F-bkytCU>XO_XEO(#APw*1QI`52jYa!Ep
z%kh$XY<!C@*aYLjpl8oIc`}@4Y|H1{`3jr9=8L5>k2KIlj(YkYpkNBW#1xwkq7hTC
ze?r8j|F-kDSfLOW3D1c?w3$|}82Cp_s^e*dO|j(iqOWk@Ihc?gaeV0&Q6{PWE^NPL
zy|+i{|B|&{Ms*A-n9s4K${<DqQov*XUNg1iE?Q=@6g6K@{qc}?cwba6E12jUn$kVm
zHsn{81Gn*^DOcOp3Hf<RE&!)rotXz<IDBSqN>BbV9TB*DKiYrLEFlR9MoFuh*41wN
zky*lnR#gTPt_r`AI19U3Fn!=eKvJcEE50|RVg6nDyTHXskg*~|R{G}_7B}XD=QfZk
ze7PZ&;icHv$z%tsZie*FMwZl6Fjuih;T-tV^;RIS#hP5~#AWIN>U^4_qZ?5B1qbe+
zN@DbrsY|Y#F4Bq%fo!1?5_F16DY~1}u)=SjAny<&!S7{*A6w<D-y<4`Iv^=MqEE@V
zKsdIzQv0AV5YilAk^PGz9UN#lnpS7~w`j2%&coxO?4s+#U$e{qZDQyKbVVD{KPYKh
z5%9_0MXB#VuPP1H$3Xr7^>U}W&2e@I6RJfq5sP=XI9-4rr7>RyOd1>ss2QLCGRg{(
zYC9LTCZX5M;^#eBt<#grVfFZSGwF3TR<ST(9U{cAwdrmB3g7sO(LT4bf+4O&inpS2
zJBGRjf1@0Q$eokj(sou!K|{ZX0kJ#Cv4~H_T%E$ieos#ZMv8;!VRZ-N-1GElj2&zI
zHv|R-I1hk@9q|YyyHQcgFnn)zIP16QCh;bI>6{@O(KHmeQv1d~>mPhzK6(%WT@`XD
z8zq=ZIN6`jYGYaW6=l&~NhAMN&_tTURjN=K`><<nwcx?j`Oci5ql@E(H)fSm4@&89
zH3VH^<m=`cb0_J2zbU0%uLiiTAGm)RNi*^{rwG95)K&wFUEt{=dky!Ps@6LR4@A^V
z`|Ob1vi#3Qkf-<sFH*tF>4xSe3~6hhuOY{v&TOFCe!bnx`T6z;b9(iYmwEz|4o2za
z{T;RAR&O14!eQAbP!|Fhaf+&rmVXrVQBZ(9${-yeNmU2d3cPT?=`~pl+#db>4hZMG
zllt`!uXiNBw#!Lv{VmSyw8QOyL5Z<9ZvZKGT8cp|6@4X7Cb9topNV$mP}N03UN#VM
z^ON(U)9AQTAlJ^)5MXmJcrx>%N3Vt#`s%5v7Hwr)Qc^MJk6y%m0?Uk2Vr2q28IfeX
zdp4JwaDDI3=^Z;PMRL|c*k>=5fPO;;z3L?TG3Uq6D}l~4F)DfVW-V)yCg`Jlk*J0i
zOl=1+NGmotq?zplz5{`|tW|WrZ_K{W+!{``$hDG+dQZXW;*I?S#^D1GCNBXk3&k)X
zexJKi`sOq`{`Bd3+VTGD^XDA;0U3gR6V_V$Eph*gMK&#8Pft%t6nu6I;HoDW7FYI)
z+!^a%$ZqW%3|&Oys@J&LfyJGzj*Oxu-fL>I30h;2{ozBK%uw@D(-uur%#wUm7!BJo
z7w};JX*IdnQ6hER_;uu!Ql@O91exGhXZ}IF$ua7sk{|CmKdQS3s<p~+J@%h0`6$*_
zpZv?|E{ZQpk}#FgvjQx@X7a~aURU<QEAQfQ*C#7}=PlR*h=Q+O^a;~-O&GB-Ftb5(
z#7t7d(gF|`H(YlIsjnW>oi8&<9C4++3bS<+Xsx$!pVu+x>S?sF<6?{~WlF(-p<dRV
zoi9Z#W!zVvNpxn=`O}<@zIh#wacD5?SZlz0!+hjoO5Dg{&mJNGMv@Ud*S{ME9@?`E
zo&M34eBPX0um9*u`HPdr;f|99{F$n3>((fnK4#te-Mt?_eoXs4-?paot|S++{YTSJ
ztmOpIYl88*ZHk_{rk>2l8YXvnI)fAmO$M_0C$j26@5i<NVoch9E)5prmc?+6%%kZp
zksB1!5>Fr$;TX}uFvOI!XDV)_snmsU`?I>1mMrKj%`r!aYl4lmB%SEbnaUnUe}~YB
zcP~tMVo^tpes-{{ej(?F`79-r+m#dKCh%AqoZK+q9m#bu@!$ihpld#<&As%Ch)E^L
z4X&F^{mhh%eTJ--vS&8ic(gwb1dkQ;V|MWGD0;xbV5kjHIT0P8Xa`EXxKYVD>R(zS
z6nAFKrT2_%$%Qmc9lpNSFK-V>h8<aI2m<bM%RN698oVZmq}`7tK@T2{A0Hjzv)Rs;
zg}&UM>F@6BU@GV6P}E6*Xi<g3>ps-R!=>aXE;~IaBwIIrgfvFE;hEA^cm#-UP>E^O
z1DHG<d8Zi9s6bFLLP^cz;kL+ZJj-ItHaDij>xunje^R;rh87nD4Ulq$vgHW56S&fI
zM58eUlI%r<&z+4K>8z;Jaxf{V7!g3W9ztww4eg%{WG1<gYy?uCnebLHQ?PRw9@9!g
z4Gy8Lw~O<8^dLEt-Cjt7^)2HISwSSA_av3A^iic^5u|G^M`ZO)VsTzmgD8cwc?QP1
zLVosJkHJLGilyBe33mR2fb*msRY-*+Ja{orFApK(!1>WjLFko#nNw~3gNG6wlC)}T
z`Tt?+E7-CM*0o={yBnlKx}>GMyIUlrI~Ls`NGT<tw3KvrcY{cmba#A<z0bM6^8<*P
zHS^3}&x|NSz#psZMzuUw&%%J+vDoG6FwYDg1<>_2?8;)+AzW<avMW%I<H=#vC>RL?
zNccX*{#*S00lCjxeo6p@H0B({amp{YvyIKu*TZagwlfSF^X7jl&09LbVBMhBcSyp?
zUuvPK63R5?%t-&`GGEWO9R9?1@YtV}q39K959kc05qyaOx8?6oWS)*Iib<OWU*77l
z(m5`4r~uDVX=J{eTY2Mx`{V5??;8N@uSI$6hf72>&zjNk3@I`0+oX}4G96!GFF{-v
zzwu_)^2FBs_iV+SeVfw;*Sb&bHT5vnW4~FY@W3_c&|_4;nbTwT5wTp?;2M(q5vo>3
z?41yHI#PZg#e<Z%=lV!jPe+Okk9j3&DEm<>y8a`zi<CYqr_Koc3_h?r(*=}MR`s9o
zmaNiDG&HI;s!>aS`YXR_+?wPMV9$R~h_`-<C5qjj3iF+pWGhKan=d`v>>vMIYd5dX
z#>VC?D3!zjZowXGa`I!OJRaMP1W^GV`dqhOPAtL5a!fcl`ADb0KlAn(hvQ@-BVQ0O
zu>C&KdV-h7*IQI`FE20eJpxZR+y^UUfoW7!_J%F|YP(ha=@o6};4hl0cebDd#U3>*
zk2ipkV&neo*WZBXk<U#XQj{ikVyG+9wyXG6y?su-M|4T@un@bDA3><J{!&Is7;LI$
zl_uQoTd$Od78_czGSQrwfx{s!X3@v#q4TQ{rtTiA$5B^ih+w%OP_Gh2OM&Ye*AW@>
zklQ7#eLz>jF6Z2)vdSBQy^m&I{_hY*%?x6r4XvN%^5mVhe(Aq1J?HR~J*e`1ey(H+
z(_`HyGO~vonZomCu_WFG|Fbvkz$F%m^+*Tdrk5UgPIA>du9E+4blv@7XY{#64HS2x
ztkyb$NVtjPuuR8+CU?L2JUIHBBZW(63%JNPSbu56lJk0czDh(8E;PE@7esP#A1$SL
z!oUosG85cI>+y!vKVE8Zejw1P?)N;ZzFS%c!*Ul%7Z+}Y7^IcyqKmaYJTL;DJ7=w1
z%};+Hzo_Us9TJ|*R8$BQ8Jk5{;_(!r#xw=%jY>5qMY&}Irxs|#JS)f6yCuzRJstPS
z)I0NB#i+Nb>O_I#`xbR(N({3bn3O7b4zwc26U$7hC*9_$-UJAr%s`jhmSN1S<WhIq
z97|D<31N=xXIM-(+N`dp+@qhLx*BQ?J=~(dnc?^QWz7S1_LlOa3kd5zv}+{E_;(dW
zckA|{8-6ihWuy1b{lDsT&ZY7*yS#cPh#lq>vxd??{q@4sXuY|<M$h528Y=r`P+$Hz
zPklrFb;V6pTMY~Dj%AUg(5qw%QtmJWJX~rNV30^lHeBG;=si9Sg7g>MeOq^5=mQCr
z5f<9a!$$8P>K!jA`P0!*2n76<e<{o4tOCI9G?j$C@x|%o53^<u$g(=pjiB!yrfAK_
z?kHj3Oo5wk?_BM(n>~&V%aoj5awlzWtq*mr5C7Uxi-YZy<;=NLnhRK4_pStEsDGLw
zbI;B7%(S@}%CVIT?Ys5eJI}{#ty7>Ze&VDeeJG`X;Ne+t5l|SkT}vja8@;Qq%m8Y4
zrsa3~BZ5ckI^;pCquFsOx(!UO^?L8!<q+ypG-;rh^-Hawj@2&HCiA5Agtc8A${8-Z
zcg^Q58B~`2D(bVk3L5eTp9D6O^fxdw$1a-t<RaI($&NL(=v0nrVSB?=y)`7YTCDM3
zxm>xI*C@%W(fOK%TENZpA`^H=Xt6S|;=P-t;d!z`HeGJi>@|`{n-u!0rw3=gbCu41
z=V~o|bNrXDp|Oz&!po*7-md-Yuu1-%csmk~SE<e90+Z}ywbkHfT9o<<<J$CjcH+3I
zoZX=uQ7iywGRCmU#cFomrH}N%N)}OtLjM|v5EUL39)?OKD@HKD3)qd{zaXl%bl&%h
z>YX1?xc0v<YV&w3cdGn&oj};+LEBs1wL<Qc%U4swC22q#zjl4-A+1;D5QyW-@ojQ=
z8UC7PS)G)DnR51`81Ub9*~#7dP+`9-D^_Fo)$3VacYx_`K6A4-B#qsaBvaWCVZ$y?
z-!8kfk?hTL4%0S%9x#t}9M(02a#o>{FUbqC;;m>Fd$_nGelOu@tln~`^=cViTt$A$
z6@r}{&GF8&;q=5$-4R@-i=4=?Kh$Gbqa-Ayq^oVGXrAYP(<hiWq5Jv!ckhgR<?`R`
ziz`+4@=cm21c6;iEScc-X`BB;--qGUBdm@mgZfuAg3<@XQ8RIJcJ?!a3F3A(eaYis
za~Dl8Hu*R8EmZn)J7C{*^ECv)!k|LY?n|&ea(|I&FKP6oO>FDKCVoGvl;Ohf8zn|4
z=!qI%&jS0u^5BQiGBI(7l2-|DJLnDba#7={xW6zKP#89*{aLmnhOGew<to){gZmYO
zF8KxB>JX?|vpf&ai+<6rRc)+($8zzej9GbjOfMi?u=O4_j^>WNc3N*Ywx@TdJC*UD
zT##Jg0?uv})e;0nSv*TmJTSDlq3JbWR;EG`USS}!n7$|=x3s-ftnoNkPWA_%wa11#
z5Bzs|Y-jlKNlAt3K28^SYWM(2^CaM`crY3REna)u!)Y(Ji`Cocancst#Hf#azPzHf
zb}|!Tp{x7T`)>GodBz8GHnsZ4e_ICEKK;G@@aWYCy!am;G$J>2$V{WlL*?P3N=sqH
zF>VXzrpNDQhzJ7?i(NN3^ht~cyeK4V$&?y(_NZBW2~@7TNj!xPi<I&hn;2s2XI)PK
zeKA{s7;G7y#@&bF>r_lCTix*>8vQ_qo=%i7h+5tI-r4iKvW_COyylN<!cuTj?+{#`
zii^Y<KN=0WYgb_JHV|0E@7mn1hNM+)*-sty_iQ?0HGDkz(5(lCkbh~z)MrS=V}qsU
zSDgb<qZLZ6#gY!~$Fu>R3f<>^3dLLCkSn`qgswm#jrB4Ic>Y=kzFb<%*djbg5)Afx
zczxxt=sR{lm{S@{=h$=&G|(wOb&Wu0d3kU|h2PD(t-gJ@@W>KKk8gD8i(QbHectFD
z{QT}WibsWVQ!LS0d{ybJOa?umB(fXmGvtN(CzUP19YGBnkBI2ND}@;d;QRoLEBAim
zA!>AEeD>bh<CB+;PGRofiX-{QV}ofdQWt`+(!G9wrfOS#@s<`T_r<qve3s1;@MrCf
zElpGQuj|nhPl1-448{x5D_#EIiwSgwn$#g#m783q90)GmLd@qU@BY*t$@jOb$W57J
zQ#O*?w}12KnbR9X%=87mXJc%#+(?Wn+n1ZJzO|{t^r^t>-uWMQ;6LWTV`)WZ8zZ%x
zu;Dw8SWx(^bRA4uD3Qq$a7X{!<bD7I1qI!_E-5~QyH9VNBTKYOMbMCuzo}Ljw}ueM
z^%a32=In>u<Nc&e6;#OBL@NNev{?OdJn!tM=obOz4zil@0MM|0&BarTyku@q7dYQ{
z1nCCBtbI{7G?JA0T7j9I*JX^7I%#UU|NZ^raus#`ukZzGldl!}PZ!@FVmK|wVhcSv
zxhv=c1>WkjgM#47$%5K!_0743%`*m=n(9xgBwPhAIf!F2k>1mre7<*$zKetauIb-@
z145e1XFOIhduXY6lrnGw7AejB5T1(+3Q;7!aW7qz&yPgwSu?pBt2Q95JVZO_kmCV0
zbkV}zO=OPQO0xOfL1>$5Ol=dl(QH)d1y`6yBTBI`(a>_{@6+v0ePb<Zprt_A<inE{
zf!f*4OjNK!D<?1M#jnsGYo>m(A_M?5;j>ePDiqbA7}}o7W|G~4&WMdfDLhMqWWHE!
zmBDMj;8g8<b4+H^=J(HcdxR*!=I=Lj{|D@aT!~CA7@nyQLp|fbQ*Q+YKzi^wrP=iT
z3L0vxk?RRKp$WuN<4`ax`h^?f74ux@!)zAQb1CuKp!ZJ?oNa{mMPkJu1Cio^3lGid
zbB2PxsnZDPp9@u~GUg##W+}w~UdhYd23R9sgz2x3YpYy9l)PLmkP^1K|1LmhL9OOf
zW$_n8a}@NT&RU18@??fyRnVi)LrY~GqnoGtMRMz%&iv+|kbV1HsEe%LTdbv;@mS-X
zc~AH#v;7cl<!J}2D{4T?i4C_}z$;f&xKE@}S|l;Z^^i4It0Aov%~`N}QZR3})XZ!*
z!C4UYxgO)W`TMag9N39KC4fOB9#3N*ltRNs0ER!GKU0PFJjT!3aQB6yksO=U*i6ph
zu6)}<lLlLzf{{>BTPVQdS8moFu7p7@q)W&7CU}ur#>MNw0}!DQ&~yj8-5)P@tQLad
zNEceZrj6%JgN;UR$2$fI@F77O57%c#G5E21ZOc?x)&6(qx@TsiAeLqcMn6Kr^gV*d
ze?x0M+Pm4`=yOb}MZz8FKgx!7xBhT@cQy@betu5^n{9V}1=SYZU70wQmn@g1@T)qW
zhsTxOyPgpMkrJ7~fjks8sd;gIGP(j$%Lp`0c?+(UdrvmRc{&nBbNcTo*?h0}F9+X0
zauT_k?`1<Rerc$5n{_gty*yZ;EqL{wU%6#plg(fc-4Ab!!z&|x{!n3h{yrTTdbZbj
z?frT@N0DOIQa7QLa}A9MuXfpxL@zTYdoV0e{F)8CHEeJSm@U!D`t6-8YZz+ZnZ!TZ
z7e}J=bhn%1+S1Zu95gU~TW+P`QD*pc&BAItD}&CcY2vxG;<Se8CS!-wI4tapX+$|8
z1}~ycAizQ<ACnjfkFtQrEH`(A=v`8fQB%5!>y#8TE$DwkEOg4guil>h7)~DCxvFF!
zY=HryV+n#K-`>1o1bzMb><m#Ad-5LZQbNL?5H$gvus*ZL0$j>Tcvq4%9(lnPBR>1T
z7135oE#H$G!dX`Gv{*T_kH_Et2~+*3H8iJ~>q4HsioG)Q`Syu0wsO6?2vu8IEXLT2
z`_WxicYjQvoK?hc>gQ%Y6bxaFc^EE51=cQbee%KPV6JLIB7c%FgZpFk!~N9(&QI`R
zCU_9$(nO<^2`snxKV0txg0~w|f+ib}DJ1{la{bO?9#(<>4RV?H4_UJDuWS^HuDf+b
zB@AkH`b1hKBy)sXOErq)f7`9-nfT+>iai_(PL}1GMf{y^Dvv~)E})yrWSb}@d>H_;
ze6Zb>7Yb?CRtwb%Xsd7j*{lj5R_V3=9Rl^Bg}F_6pU=(_TP}&7Q%GLjzh!S2wfWY*
z3rg2l&TsYdmu*0s3%Txu{Fb+_fwW*u@l#0v)r7#rb_rkC2A8U5sttk$PVfKs6}B9t
zhD&K2aIQDtE)X!R_v=@I^Yg|AP!3i|r8lUv|H|)qyiCT}EC}}0g2$g^{`9|vR^OYX
zT!{!)7f;UwX#Q#ogjHV0vCg*!*#3S$xl;1A!elti0^t-=EibFB6b;+6?_}anZ?2DG
zb!#F|o^N3=R8%r7h)GGs`OL5x;ZxK*L~-aUt&a^0Bla|4Mty-x)9WA@&6hQp*{|sq
z9Ph(NU$7(&<l?HIN}Q}u<1Bc)za_kcVKw&#a&*+>zd2e8b??Z^$HN45UPPWV?)Z0~
z8xH-pA7%DCaWCsnYwiy&RJwX#HqPkrMjJ_uhEUemZK;D6IfyFbqI=psF0^d8F#;Cf
zNXGDd(titf>+}IdZw+j|7cIz7i4=MsncI|VlY*DG4E<eRM*XE<yA*J>KRbxWtnEiW
zo~A%E_!>e?n{4(x8P=&VCetWV&7}+^7|-T7&Tve>omTPaz9Xfw8_V2cW5w<yC2|4o
zHsG*0K53r7!*7sNbAuW>h_rJ}2a{Ti3YE*eRJFB8fvR<_(g9p1t!S6o61_4M3^c2i
zbdF2A#iV9F$G+y1P;4ynu?EMsbz^K&gDB;~{F_Lu$HtF1QbWmVM!(O4E03OhLaYM9
zORLgfWKADtzc}4`qihkPElP`zzp#|P;f0nw^EQNrWigoC$b_ldR8Z|R`C+D@j^J(H
zSFfE_4=9!c<WMH%U`9eZ^z>G8eE~ns;M;HemNz2umLayzBVRxZzyZJeL+ScH&YyXn
z|Bb!&z5E6#uIev<^kpPgnC7UaqDkM;w|>>3^(aGLQ~s~~utWQlcqwjmat)ULq>I#&
z>`xoED17;_A81%u)^|_NBizFvxH18<Zw}l|JjdRRdynN$TnMk8+*|}jrQoH@|A4D0
zIHl&o5#i<KZ}~*#67&4aVWHAYUsAFsyE_6y2H#aMNR{z3BviG)#?J0Hg=m1EANaL`
zSny+DAc+KQT~h;yDksZ~#~%9oa}^lOe0-2|D>2Pb`S8o142`E=LO~`GvPeKGsdT8D
zyxtWtZ_hmpLZ#Oq-l#K*l{P$Q12$$6I@<LBT|#Y@Z=qZB6~lf3&Tb@peb+ejl~;Re
z#nR!;C+gDSzQ-vEiR)iDZN&<?3~+96uvk0gpIH6Nq0xT^_sHmDAX4gw)1rP9snCx-
zk!8%?u7cXs(462n!e#HkX;24dY|6`F4@v01Ju%sp(?C+Cpo@nepxnS%IA>tkF4ULl
zsqJb5&ws(AP*CY7Yhnja5=Cv2ChhSKeSMK_0c4PrD|Rlf=6kSe!Gwp0ze{Nmf_~3L
z1EESr$>4Q}j*E(N{y0~*C=;ljy;Nm`)l%mu6Og@8F~Ak$Hq3K?zY0timz6LvR3yz&
zXMIVbMWm6GuM8b-#Z~RxxG*?bskvdtOQuhaNY48n-fb<BQDD~6!oD{N^B^v6TIJ1k
zWKBnnq3iv1C=xa$H*x*O&-Qn3VHrtXL_L=9PTD$T3Jw1509#t2&%kM2+RaS%PHQ$V
zijF-`)+l2*A3CTgp&b~3*Hbhd*Om9E7m8HK=Oj{KQ&l<+kE0oVC%OwcsDQRefSLc%
zvT8F^O*=>WE;uCuJ=fR*j<^6(EBi1OmDIQ%9b6!{cOfOUc2hqF(-1Jo8=9J%S4+3H
zu@HO3p)ti9b1N!dE<lAb0+cI!!v-x~peQddKbCzJz&lgP1{k<??svykrzZl#3#`vV
z-oML&N$wUPTWx>BhQb;P96)BhJ+<WSMKQ_Xb|e?L`A5y6W2}tc1p|Y%b@Z0XvlOxT
zWCaScZ}aheA=K6V^Lt&wHvcF6jdyrv3(1VhiR-aMHD8P8|8>xamdI?$5fKte1K4lf
znGQx*ovP4QP5|+XVSOM~cTh{1$e;Xg#^X8h`m_OsjfV3X^?T)=C*{@CzeVV@M8Y+s
z_MFCrFbZtYn<|g$HX3G72QN2viXI|sZX|>rp-H_v6D?Mg<t7yP%^sag;~1j?ZVV4$
z*i0!hR8$Mr_OS~F^$-ZSH@F;ET9}=kog<cN?dWqf0h%Dy!PiZ6+|bk{(&D;1mJK4P
z0;pv5nVm*g=c!q|Ft}dad4e+zMx-k|uaNm7qFFemUzbsi1F(^)MuRwk1M1t@Z3Uq3
z!AmX@ix(dsj0zXg9W+{|$6xso$ItVmuU%Stffo=tcflP`1{jdVE<=Y#$X6PIQa1ak
zJAiHpRdel?5xshJ<N8mz8M+v#Ij55HZ|y!&{>;`=&r=8dKb6U~{$yp=pZ|gi?Q`&Q
z|9BYVCeg@JC2D<UjBRG#{^%1k7ExrP#Y)NuRQ%0=9?NI=XJCat(TFu`8Sqhi(cAZQ
zJ!qeq$Tv9Y&-ROSNhvaE7V4#)a>~88j2Zy-)ESXy1^CTybDOqUquGaqm@#bcCaU@m
z$}4nJDJYPxHsQfZrNG|b-&5r0<r!vXWl?CKpCiJCQ9>c+inFt`4|qS_Uj+?*p<lIR
zCln%2i@6XH(RH+q?%`i_7ckM#!1B6fcf&&z3t*o5t>SYPecj{)FG;Akh}Oih@g6`n
za^f_dVW>G$JmQpie59!+AEyxNnDf5)Q7%XPxF+8+zWw17t8!!Wrh6GKQjUw5gaQf)
zI%(iVqw9p@wDg8RnhfKen^V4@q{}wDH%=i9e5ix_HVM7)3bZN|dOOh_y@3z@)=%9o
zxzw0uicyon+xYWeiK^GPLQwaldGbKk9^pJzgD?g7U^ZeV)B-BDmJBm<c}qcZZKxDh
z6ED1S21NKOup_O*L?(!=eoqQLIXUGlt??acR~P%lK+z$AY?0fsNlWC>biulm8XIj)
z?*@y0&ECev?l?xh{i1sGC0vlIJJsu4on2qIx&NE`=?@a>QRpJ<Vl*ymfU;v+!}5Yv
zaVUdtV018XNmUu4oq(EAgq)2+G_~P*|DQ(ZhmS;<A18QnQFfT5`}l4Lu$JDfw)#cA
zb={$S`VwmmQ^j*STM^3l*kuwU6m4du^t;Ys9h(qw_-`|ul~dOv!}pa-4=0#-MjK1r
zB=}2ziy(H_?+I;}978M}E&$|-XPspr(dM3`K1^~zGv$Y1&xKc@s1oEnTsK&Y7>cb3
zb?yUkqrM0e%YOSgjmXjbF8Wna$YxOBzmABLj?gcf)b|L)RIu=0qE_-{y4RO@VhtK9
z{RrfWa5+VRzUS@Xb-ND{!EfCA@!#tI5c0hq8C+QrDM?C`p-d*k4g@fnGM}Fw00nt@
z7ZQ-{!N7-fZdNYx*Lt$?j(rQ8>5+^&J8E(ZDrpjs9?xXF;S%sTptI4vss1hDVO_AM
z57wejS>V+Ml@qM#v@}YCDI2R)rLYRx5Y^8)39)P@Kg#dAn?0TMTJ`tc&DsKPDH%*~
zSUdB$<jPQeFvz02f%;FKmjBfCVFoZ(p)TG~cV|TPj;HA$w%{)PV4Qm4C_{5vg+|O&
zPMM7S-6T5ECi2wU1vM~8XiK&si3~?sJydbrf{^qv`PQ-JO8`c$`K?ifOOE42;Qfjl
z5u71=zC7yaGt4vk58^3WQ}&5s6Vby4HzaEkKJh5o{W*RwA%OfC7S61>m~n$b7#hOB
z$XKQGOCOIA2WNA-=A*{lei~9J6Ecz*VhYGYp9oyex8%kJ-1oPj#l-Dd=7>o)&j-J}
zA@P1oM#i5b7(w^;M>@mA_p*}cGbuWQ6CCVH=Q$Qh!-hZt42mwZMb1PQ`t=V;j;ZhL
zzrC>=VC_tDKLQRSFoMT@e(9SP=1`PjkW1D>wHvq73;BkpH+#lB-G}-bgmOuAnV>Ln
zK-ReyyP#!GR{JUPWfXWgNe^KZuL-mou<3Vx+x!ZU!>yzvhHxkp#YTF2ni?W>IK!I0
zq+R-ka?$IFLOF6Ag@&T8HL5BymO^EfKO$2?$y#wW2?M7U$*8(g93{e98?(QVep2!+
zVl>=j2iUv9z%1N8SR}@vaM#o_d*p^9Qwj6n9V?`+C5ME3Ppbg;&>)*hn;RGcaP6I)
z!$#aje4VDDbPfv<;P$k$Q6)#D3X($0zp)m0go00bv{~^jBitvtJ&#n_BK-T^gM~Ww
zGM_#0T54$It3&yYhQ!I=OhIGn(dxcg#HzA035EVVh>ve$VG~&n18@2i1e4C~n7y|2
zPG#J@oi_lcDXF^p`?~R?UGd{-h`5{_(l8mRB{5O9FVf=<dReNuCByQInv9fBUmiap
zDigI!4<ceVQW;}`N_`snw%gc;ZL1+StnUDHp59B;+);gMo^|iKdbE_Aq<?bqIc;)w
z4MpGq8705*Iq?^$SQ~`Q9H>JwgJ)Xp-o$K$6uNjJctam4HVR`C6%1w!vf!Wfe8jwt
z#_M)8$)ZB!7+4?1&HFF^$ucnEXsfF;88&-3bbO&#i3fMsXG>v39(e3P%o5n#+*}~&
z`1n|6c4p=rYHcwDp)!*bZvFjx+H4IiBeG$SV_g2+nC`rPlbC~nvW%S@cI7a=$)-_8
zI04yCtKd%UxWr?gsAa%8-<YKC!K2m~Vbijk%7Z(a@64%ZqO!NtZI7}<&i@S4fKNo!
z6h%aYd;_?BlysnE4sNpTfX$_I<^>4SJ-!VsU0y?ue@4a^+F2t6+MNWlso$gW8?I@q
zFP5d9qI}`%XhTT84dS<ZK{%v9c$C&i(n;LHS6@Al@GGKo6ZpxaL`F8U*hZEymMwL_
z+EZ0skd&GPJs*bRJl6|%C|)x68)UF2D{cM<H33gPj1_E%q5CM{YSDt{0=Rx}_4G&<
zj%5k9Ll+sx!I1Eo&!2A(41HG1p$>Wd@L(H_=B%Wh#mKL+iE8TF-^r;^>o3%l${uqS
z;sH`1TIBoN$X(sMV>gE=5^;MsDUyM)8mg*N#?fAqVmfIyk&kd45f0+y{UjwEBJYmq
zVX<BRj=Q}2`8UYA+m^sHU7VEpN>UhUiDQ^Do?U1%M6%^k-ry>&3tw!gatJ11(Aa{w
z(fXq}6dqg#N~Rw&>Qyc@rhpbd9uJSAejBMr8f$L<L@r*ttaw<*ri*j;IEJA0h}hKc
z4-klz)pplggSyOs+tYO<2M33HO`#yw(buy`KDVHtFD^D#2&i@VQ>QUBG!zCoWe_5L
zQT`T+U}i@9?YHY{+k)%an*vt-P!6sSUDpd7u^e1D1NX?ji43Jh-;KM&A%QpQiqK&s
zOSIr5Kts;3S=J$2)Jnho!SiSGJ7aBgDjmg0grj)TYDvn#UCC4^D@J#LV$k^CW<nl+
zfnVkerEaEq0Na%Z|Mf-1h49b<R4adYeWJ=(y|>YK4T-^vJNuFz#q=n6O-4cr>_G5k
zD*29O@|4zSlT(OcfKrOSLmSkON!`Ax<Ye}R9$0iUGeUD)eQ*b8lIDC#TH^*ppl^=x
zk{><xXBep%83&!Whf=tELtw>6gJ3B`nFi0dhfP`m?~A@-a0=ugwf{VgTZxZJc-Lg=
zHa>ZPgedeZiI&}@8K11l69E!bmFwinf682nNg-9?lunHsIN%~qFdkU+(dK)6Dn4ZG
zlMTbsGFg*548%`fIdv)I{OJ$h7Os_9k1!vTLAZ`ux+2|9xrqu95&HKNSag*iiVL@z
zZty^8CxpcZUsPHDdUMK7uHJ2$wPQ`YJw7KO@5G-<HbP;ZK@AqBW5A=M@n4?2b;@At
zO$V;1>7o=RqsF;FNT*nWS+^+#F>*d0^N)K>tP)W}Rsu76<&KpRR7NQgT_z?bI6=?j
zOHjlp&j}BgKJz(+73Ya~45!xAtEsJBOaLfEMe1y4OT_SFdZ7X%Q3xun&n<g!zjCC&
z2VC&3s)QsMt7%g`|I<he3{H@RmkffyLcZ1fU`fsq^$M&XryceYy#8)H@3LSY<$jh}
z5C|8^Q=uIK2~7x3#pfjzLM#k~=u=CW1#c=?Tj~<;Tr;$(d0PtJUu<maH0^hoH~@j2
z;()s$`9GM%w3EAz`_c|a-+v?zFZ0m+qBskD@#ix|_8U`y-a*M_pGH31a~uILWObdL
z=@xb<c(pE00?8qvMGRY$$>G>TsR@p&<{&Z)zBwU~ZT0*&MJw{|o%j3(_{PEXF|0UR
z=<8P>2k#lSurN0_yu7*+g%Z05cE>9XY7mY8)KiOAY*obdfBR~7{f%efmdVy?6hrLX
z#Ra?uFzi7Mm$4H%Fvy}0QG{Zt3GYr+$|TN{WoQi2elOIs&TI;mBurTp%%mGV(PAX{
zRXQ9}`9wD{iN^n|$wA#cHBpIP*^+a4@OEFlx^2U97lxpx<X^#~^jC^HU<yhf*+1$B
zsseAZRMfcVYEehXD4fU?jl>6!e73Ms8};8oJXFbv-?=MDTI(FDp10&!+&v>w%Sqh>
zwmbUk9i8`9fhx~`>Oot~xrgg6{D@~~LEVRovTvDAv@|q^Jv}@`u&}V4^_7(3z`|dP
z{95?oKrk<wBMKb9`v8n(V$yvXgbSRQE;O^UkJXt}XDNvZ>a;XJEYs6%v`ZVf%MO7@
zswP0-bHqn-@e(4>qo#)Ik4`p)>d4vbM<M=;v$;{Zx}^WZz9c0GYL0?GkV;y5KwhQL
zh_C%6KVY*Dq?VZe0X)o|N${%!PD`RM69Ht5t3iuU$=F&_RsgyO>KEg&O>XdFgpc;<
z(O<aPxbd(#iD&lbKVSz=bnifubOnAaq^WTKXn1zO7(bHJF@|V*i&b(HQLb5LyxDi#
zKZ<6TKp}&3mWGHYsjW}!cXYVM?#pY8>y0t_H5^-hJYv4W%+WerAv-%5p!T`kJ9|S*
z+v^PChAsLWRe<@m9O_qr76Sq}Prk(5HlNW|w>2_$MuJX`|Eg=1Mu)7TbQL;Z?ChPj
zzd(H-$`Yz`z%fKQyXc;u(d?|c-DzlmNdEq0bV(*+=;U{@ul4A8`hCFf@5?PrOx>qm
zL>!!@tANjWfwa$$)l8j3iVEF~o;RFd71Rn?3=v5H6_uGp^M-4FJi;wB#WRGJWJLz0
zPsw^6DS90YRqCaqAy5_)_r5*D72j;4uLBT)_$TqzWWztskq~8382&D3M+p8UY`Esw
zN>*x){n`Yz{Nm6-mCY(Ph5OsL=?+VwZ+FLXB`S>Z+6Uh7+w(4`vGzX25J&}lsFa1M
z7dRmUD9(e^IL$jFox3#qN>NQsJ}V#`PgrSi-W1(1RVf;M<;F+s+}tB_va$<~mX>ZY
zou;Q=hOEIYtyL>CxN>J!)TEp~eW;zg12F_uF3bG(nZhJ8q@<F4Q3yo6Dc~{zXCSd-
z`>-=4vdLZHxb{q;vgbiGuzEDG5(Nbd*gA@PCBhqBVd|q=#Gt?cQxS<c0`}34E=_s*
zAm9=aJ(GyH2C=fa%?8C-i`^OyNeR1<S6U%HEnFH>YL?~wSx}wnmgI-5pZ!SNpRqnh
zd>70`)RB(f(W{r7CZiSDoiE=NP6p*6HI*UHR9a+O76x}HAwJ<dQ-o}i&kuZLWV}_M
zvCyt?wur5*gotrcTFIRcr!Bm5r4#q_gKbZH028JUXPYvGL|oPre79JLwTQ2K=&gu|
z2wzA@$j$sOgBw8zO?yDx)pX(J@_P51_$}I8yO(F1KaIcFZY^9mjiqE_?(N0E12WK-
zJBQu#xWd;<sG-6nVVsc>sM!o-92h6y@0sSYi_!7*d$`9F5%lcx?}isbMERoI&I0~)
zx982Lt*2YHf7^y&a>3%mXfVir7dAGj6KkQ1_{La08K}EkZ~iI$9fGC{Van3KKsc2_
z`L}uNkKC0WeK$~BE_0P|N@b;+WW%5V?BJjV4*!PKb7<u^l0ty;R=7U$!fzX*)0d81
zdMv2v+(_}@Ny_m-Ijlm3m}!51VrH`QmR7;ke;>CAjR+b(1Pb4q+Qb$a1sSsi5H;Kx
z@1M_G{pY?vGkA4<eT|HUhF12fJ!$<1V)DQsppVGP%P(=c?M)z{!iV&m{a!!W36J}2
zy>6lY?;8wIw!AzcYf`<}elw99%oi4&YI??D)J7Wae~%asSbpfXy4p9-5Yt#~#ev0g
zqt)#)T3l`O3!0rNZrIq30MDzn79XDYg+IfYCT=Aqiz-vaA5;$8eeh6tKZP>IC7SuL
zRz6}|SrQsX$=`!#&f9(HrwqCH(j$LL6%l9;z967}b+6)t3?=jhtsypPJmKdXuX8MR
zVKf#Y44R4LXRzVkjhr7-P(s|)+zQSb@6W=#-7+DFxy%~A5+!SCb}+KgbjlEYzC9%J
zP|k_3#G$`!7xe}n&-%Y$P>ArWWDC8kZFoQmU4jMSCQmSEqI?EnxX)a%20Z};+uWiU
z7_G0U5O;hEoBTKdAwee#_GtA9cKzml&}DyR+nKom?{f~8TFo8HuzYGa5+3YKh1i&G
zGeN<xcJg?f>@4N5!@j%9elK)QrOn`c<j2Qz=1`?8l&humJ6TweHu@4!D=B@9L*1MX
zL~7IgI5Mq**Ic(OzP3m(={hYiUB3+=rkS<gBKzH`l`E8T3Oz#75g>hqkQ{nV-k^B8
zZ-Lp`z2!>8j+}wC1VuceN!3~QvyEK52(YF>`T3!;l3HO#y0Z78^6$+8M8+B$&2GBF
zWZ8yP?QCs#Ztw4Xj9a{_&i8dd4vYFa{%|l&;P-sG9^!hk(rN)!VmR0jtdReC%kufT
z*ivw!;H|!CL=FYrNLCCM9o>S*A>p?g8>#^}hJBbfibh68WiBq*-WP=AgpmhOQ0gb^
zH$ah{Ei&n!pTZ^$ddBGr^vY{LVq!*W)xIEkK51v6MzSl?;Q)>ckP3tPiCO?y;+S8B
zYNvqRftwtzOGO|a>c~g|I__Vf+!-dh(me_&1a(>B%l_$o4#Sb{``<9Z17k9M-z8Uv
zL$3TSyp~tR^EQI1D;l9IDWcMMis>RN1zjIsi<Ah2{mEoRZL5W_FjXe?U22BDj6EBB
zK92Vd?V{kB2}X__PuDsV)Ya7u`(ufyd+)-;C|@h<CeYw>W&6Fk`9V!fYt|3q<?$lI
zLa)*{da<j(Z6YBoJObVae^K@eP7mQd2)?k(2olKUZUfx*R>*!oKj~~`f@c)NXZ7e_
zosKECb0#dA75ni!Y8lL%t*8+Wty<U^bhNi`btwcSiHN2w!yAM;1d;dF;1^bsll$Ic
zxXlET0o_4-%z+LPLD@c+n@ck=-%zfCLg`aqmY70%6q)wYy;EJ_2nv42+t3x2eAa;Q
zuR?|2L7uDf<PH654(20z%Z)0pFC<)HLZVG9i8{=FzsLQGn@`Dx@xjQj@+JrPd>1C~
zX=`T(fbSa|=5};+48IEWxkD15Fdf%3GQtA91CjaQ#Kb8cWNT;3v^@^Z<CiX#IgPIR
zZTvPildd>aq?eP6^-I9W%j%1hILiaO&yM0H35U2-X4cmz1NC6q0Qk_l7nn;cjm_PW
z&hQWf4*y={%24@~F>kMlF{<>^Jj3Uq&pSs;owN*yrACI|_3F!et}>xbr`?$_->Cub
zrNiTRg5p9f6N(4@DdoP-yyO76L*=1n9E=vytHol%gC5!P`JW|H!qCp3(1jr93rQCL
zM=QPUrvQ&u&QK#&G5Jc|wb^``$}C<qkbWaqlT%B_Hl$@{wtN6>8<Uuvp#Oey3pEXm
zO^}N|%+xvjQ3e>9nF*jf@=5qiKU%(0ub<z1V-hexroc7{JDQRR^>L<*2>JZtV@QmY
zLEU$`7?ULVv;ZCs<TdBU;69(G`o|f{N#DM)Z*ae7OD7#VAd27kFcdtGam$$RuN_)^
z@6_)J^x}+WAJ8e#!Go0$jL$K@{dP{4jt99sgS=q^1_o5|yBuFOrvn-TbUt*gsy(w@
zV<pY&Dw>v1In9zf5x$4}s0BsNa52yxuO4@{dQQ{Nz{tGG=IY8H8fNxAQ7x>ZN@xui
z9~;T|-R<2bg7Q0l)7A6sTVqSy()|1{c%-B)FPHzOb(p=qVa02MK@3hj{vYP`O1zXZ
z0A4xBDae%gD~#j(=jLt`jjFTAL1Cfj-*hg$HZpCgeX%o_JTxOSwL~7hl#vEbX;xNl
zSqXCBkeg7ezk%gQ+Kgt9Jbo5z#qGscMY>pg7R*KwP)}B5oO(nEbj{Ajc9s0w!pMkZ
z*sD<agTsCD&Fyk)3{<}KWNM<YJlr#I315)S1W-%pMW#`N>1?tLTzLj2Qm~84R^R3H
z{%BF{8i9Ifm!yqk&KRIE?UGwtW!4O2LJt{~Jeka2cRC{OduynBhQcDVV9$#r7QMdR
z>ifC?JcENF5b(I;`?TEfCn_rH6L=1m^{kS^ieJ6b5dEOKI$l90ru_u~j0-{QvEU;>
zKEWYajBX7^Hu~0&WK%E0ygA02Dq3Vio2zFtmR<f+Z6QNAn#0B)@Vpi@a5dxE?(tJy
zp)xev@$}(jVrnvxkju6YwFnnZ0HfT5Aldya%J&@hg_vl)x`OS9tAqq3g1YN_k^WRv
zHuGQGa30$Uk`r^S-jM)A^5A1*6N&?ePtxYS6}dH`tx$CL(D?7g%5)EYsjICyJD^uy
zuuW#C4ei_!$j8}@y<4L-IztVC3TgAN+MJ?IcUab?_N85bgQI~Yii2{jpM!(5)0OQO
zZZY!y{=Ri6*eRLA@4Vqd%a$NkRQFo+N*6%Q&R$V5HYPh8SfPi=zC02M;=c_}%gT}r
z@ruIq8D=#OrZwcfy1sK=`V*Ft*@i#(?tC2qnFSw3=^I~Rt4RZ-^rq6R#-hf}jooHL
z(pD%frkRQg+XDIGLTY(&xD+X?fBVh$Xa;s^GNbqtos#M9LComN%0!B}<({FX<(_f8
zbokV1HmsW+AnsrO$)D1|5fT$zJleu8uP7hDZ;y`Wg@~Y+GWx(`x@~2eR8d5n#y%?G
z5gOMnir?HMF42tqwk>wOa`6X3X!wW3#L6rIyc;$R;cf7X3t9~&pMsI=<Ado!73=>D
zdhT`52NU!2FLxWgC@QY57pfrT+CK9_6m|!YwKWPiW~U2(errCdG<%gBN^EVhGp@Da
z;U_>y0P%;1h3I?k!*0KMr|3*%)CR5n1^?}jZ{bL3rnM(iVIHWE*l!|6r*~RzH8akB
z)m&U~<7~_UelPJn;O{k|rheqI#jP{Ym3?w$R0uejML{Sx?)4)f0o~hSRw$!u0E)mk
z<-rB^aTedJ8u65`fcN<1H`DRrPbv{Ke%5P?{2o}vXy^p8?o#cw#6$#pl)`%<)}Cn;
zzM1*y?jebY%D#RCw4bmKJV?C%ps?0uwDIFVt)QwfGe6!c&u;SAFR&khjQf)@c;AAN
z5-jw4HCc#wQSIU4@7;h`BO4w-BmM!?QMhGk&&wCFnk{Tfkg8ai0@BZsk*^EjJ&Q#K
z?QMHJ@G!y%YA&*%CDK=4k#t2aKQv_Xw-^UPsl)=4q#p~74@vBE7QkZ=8C|NwyN#sj
z>5GPCWg*sRKO9kfH9GsVvJ!9d?K98g1q3$yp{+_lr3}mWgq(L2$c~%PC>*kU-ng|}
z;{Fd{QdG170n=3A8GX>YOi((q`o#zKqPT|(fPrXrze6zhrbAw_qXtFG)=H-rI-y0J
z={HXg0zbY|&iWJxl{1h2RQ)^Dt4YP`nCIs2iB#>FK6P3kCZXPEn$;My<ZJ|&Mf>%u
zU2W9t@e2w#$AlH14ScN$ak;r>%HrZ(&rvw^E9Rh;#+nu*#>Q5bBSI#3c1D|B4|33&
zCxX^+R4B;S%Ole2-)5_^#FXs#u3+d+j&@ju5@>u$F3M_XOo)w6P3L`L*4w1N>Gozp
z#WDCuoZuBP_Png5!qHkdbOV_><e;+Q#Kx@&Z1|bIhiW-Itn42`7Ik%1c*@)`<@}od
z!2xYNgKzSui71GgR-lE^Rh4FQT!#GRAVt;=Z)c;uwLkvT%{k}%x&qfALa-o$I#D4W
zgb;yp+Xs<IfHa>#i-PYG7ZnwoZB$!THoGAShok>G<<aJ)fq~w#wC=L&hWBz@2y7t*
z_7Pg0H~UPEmm7cYb_BtAGQFM?aUrmju+V||G6^fF=;$jIzkWTDL6S^byTXaMFuiUo
zBWpf={5Mr!LCGH3-~`1tmW9*E%2La0*p&i;f<wi9t>4^mEYDAmz6ZD(zgODqbUHt*
zPjOjkX@Tco@J~UHi4~c&Mz!P{BqV^-_tUXqV=$O+P<SHso}8HrkBdO?$P#AGwTD-g
z4mVa4dl2rpM&{%!W34Gi2>k|A*9{T=HDnyepo1N#*3Wp7R>2)5n3{wQpOM}{#eymk
zHiT_QQfm~>$HapACpHcXha5d{$OlYh)6<BEJbw-fdJos?L5XQg0EQGWqX9yGCsSz`
zm-B2eV<hrwpn8~5JuWYU@pF4W#nh>vCE&{?CFyN`?;uPD&Q2HBuwGt>nd6SI@W|k`
z*1z<Tsxc|HR6C#pW`En+e3UD4ilQbB?3um{0(D8;7dR+>*R{a4xZIX4OT5*!4mPY(
zS$(%X$o$1_)zYF~N#Z)tcOcf^+A)|O&A~~-FxHKcj4(Kb($VagG*5&I?}JJL|1hCS
z_)Ayqa9my~!bl-wqP?)NyL$*(hR;DfK<#63cJ@l4Oagi1@k;B%dyaY>#87qBX5auD
zksB5k7EH_@E|{UA#Ti1p$Z$ex!IBi6WAe2j1S5kJ&H)t-t{*5|{#)gB>-4G`kQ>w^
zkJa0(8lURv2J7VPpb1kv-)|w2>w6qB+$t6h(LUDh*V=|5x$aK!wwnk9kTTONcKljf
zGtU{M-xZ9T48}x-&sT@W6!Cw#M={32N^i2kI?7nT(F<Gz#7tButL@D-#EDLs$aFDb
z6-BB4z3(bC0usn8(a`%y4GfBkw7y7ZxD@aXor<*h5!Lned65$#K}@T3Gs92_jQ!3w
z!ajhJlA-qJFJeX8U`ZGIZuWS4mZPqrk@Xr-MNt(dd1daO*1Oad`Z&`SN9ybF7e{t2
zt=7TXJW$Xs6@eZ+{)j5u8jhA*&e+Y{v=;#0xsl7ly+4DM>}`eDcpt5NW%riJ);7J-
z7SH49CP%UY7DLQh|C{WoCg}#zXJd(Q)9LkYLM~T2T^4-qgSlVWByTop71msDSnm@^
z<(Q=&Phn0)**b1<Pg8f41VJ}49jy!vt}p8|tJ!jm5=oh$GxYHFQAld}r(V{|=<Z@E
zX(05gN!waSG#<a1T}*Hu=LA@-fk-el<Lu-VS@KHcYhQ^xBIhelS<4pojV~@K*?|!|
z1aVHLkX~;6lUvQvGLiPDPpT<r@O3Fp5cL@v)>0_4TRd*u0jxmwbj2Xlw?@*ztbg)X
zn|SPngnAI7Nq2U(IxG&f4~^;pbns8rjN@a7DW<&*G0PEoJpnUXTcw7&nMm;P@XD5J
zQNXaxgm!e|`XYf?VQa@XRmxKASX4V^y}LjO*q@r$t0*NpGMPScB%2g`e6K@Pvbt26
zwYF8jx&I5U^S?c?&KMNX5OB(Td!zAoEi5crudc2JRak>mgFXY`cVvJEkK`Xee$dcM
zNOaFbYCBiJ>Q|V;oS2fRw&C53L5fI%fw5$LHkT!k`|$Ei&!4IgOwj&q0%eO^OS3`)
z0dfV;Ey||i#+ut9jz!(|#LL@oy$VFOxFKbXjA9vSZcxTnCRbEPBY&&6qvt<f$VXtg
zIZS-;#*=!Y1C%QB38^It|A0}MHUvCJOWllt4=~vYLAfh4U}^{C8nrd-(|zy;V_6ar
z#;r^NiFiE;BZ|vHuJAf7EuZgql%jS_32<lj$Un!b<gB&1F+Lt0!7Z+9|I%+wh>3As
zX>zywH<E)0D;@>rHG(J+Y;A3q|I|A^ID!oiHPzLC3l&7DC4ekdTH4F$NIz=#Xrfin
z<M!TsZJ{a{%&oLPg<D-;2XA(PEme%1v@E<Z>X!g(8VY)bwGLglQ$?htMMEZ3q|<lo
z8*rx@x3lt(jSq)xo^L08#mx2Pwviv&YmqHM_M`6ho|~(Y4*%HLF%<)jwHKM26ZF=-
z0nGx7TQ#POM5!-(8ro`|>2N5f6xhKc7JZtJZ<s%`4Gvc3@Ss4Imp2@4!|k@eNFV+(
zKpyWl`<+We*KCBdcIFj{iWry`g=8$FHmfBsFK^GxTpGByw?~ae!utcuiVhPI4+_*C
zVBvHdU99~4{8}`?ee(rs4Q$17GOk4i9?E_tmVU>^&7lL;hsCk1(?(YWgs!g2?s*-W
ziQDvKngRQPq%}Cn5GXy)dcRvDObB$pNmC=`2Z+nvmR!^UDKE*ZXY}vr&w!%B7sHUU
z>{O-^Q1X0*5`a<$-RywVvfPk!a~`;4Ir&!9gvsqBinB4C(^>H06~Dm({gv#onS%8j
z1iGDm{x9Um3TYe7sxSD>m6(O3q`2BYH*xW&kQFsQOlfFTeK<4Ebaufe9ImsQXFZ!O
z)oBL(T*~66_mr4SxUahuIj^*IH~_pOV-n14W`3yBC51HLk)jR{egV;ran!CB81wp+
zFKrqr7d*t=i6Tbx8=yS?p&Svt&sHyZCW0x2*ADU+a`{2{Rux&X&-HxT%ISd$^eVyK
z>xkuAyKxv_275s8I5be{XtKm%CM6w?GNzN6Xr{FBk6wP(_C4lL7g}`Cl-dn~sp6u6
zrPJ0n)!saz_a3~xMDk5zmC{xdt0*syYLY5(24%eU=P(oic~s|%j~FN@f65j?6V%XX
ziHU-OFo2|ZX<;GL`*Ls6*~sYchDJ9mbnY@J)d#7H*M0hX&&|X%B&DKqf&=*h+`~49
zp{%!BL>Mk2c&{T++7c5NsZ9HVo9?5zt+{!XE6N9l9xlprP+9ChYcNdg5GSR@!`s^4
zS}O{H0m`#Q-twE^2oZAE)|zepW1Jp1J+&Abm^jAg;7pG2TxFn0V0=zqA|(4I;Munm
z2w`z@Oa4<|K<5O?=6WXWd7nbyD+PRTuXA%N&u${t1EC;+4G7VCx--d;Ed>`&Llzdy
zO5ghLu(KT<Yf9?sN%=p2(zd>V4-zZFEqQ5w1YpH!Uwa92*o<3FGlhMxwf=`1oZa+;
zT})ETy$UcUP^Alp5rlp+?s|v_WE=hjhU*Z?K2o=@NuV{8`!bODrZcRvBEsoAP4-#w
z*l8T9&e0N_60vhoCUnORF*uCgd5UD$yQ0nHFYn0W^lJjauz<F=*LP!%_uhaK^~J>p
zNu$<iuz*_J1;I?PoujC$>Gb=_$Z$JM!#n2X!&%9kgF0u~oYEd>F3u}whdzybl?^z9
zhJ4S<Q#ZA<I{;2rgiS!<_YKl}N=**ivGzxBR2w@x9&AEF%fH@-z!O1EIo=UvjE=7F
z?i5T&2gY9;H3$Fvp=l2T2v8EEp2865A*LC9jPa!&ScG|_T$n9v1_pq%kC(#0ssVw3
z@s^p%sXVe5Fod`3@3&?9t%CKE<Q=wgVq$ueQ?4R)cR+TBgSjOl<W>!G*oJ~C3=QH?
z(r<6`J)Z6>7iv-Fo}X<#nX0bal_4*m-XNrPcS3{1o0unP1o|vF&-#DJG2GtaIK~Vm
zY~>1k5EE(jMJQ~4>AUlPfF)XZjRwdoE3eerFILaL%2z>@aIc%qN^-v3=r;~F_O((v
zJ5?}fi!>OrLSs<$-T#|Td@R{=k+m2ZF+Dj+Sdoap7u4p5cw=Kxaou92t;~XaT_8;n
zkELo803#;B<K1y_9A?LcZhLcRA@s^Wu5K7c#{1=TbjrSR{?rua*23BZo?nggJw9{T
zqnz~+j1Dn2)1{9kTSdHGJJ9`kK~y4v5B~S(+&pM#gcW))f7VP1pU-4^*{Y*IKRgK@
zXNo2qOGF@ZQfyoj^B{wOGE(O|YN-G`r6GWhpp!rz20Dhfs+SL1T3S2+I4XK-YHF3@
z;^M?Igdo+h|7^QHQb7+EAqIxMz`D9?Pl#;574ku$ip(15cl?xzp2(9x01dE~+aU4x
z63W{6<f|==?nPeHjoPg~<{E=~6g1q*6<W-0N2?}V=dmfw99HY%HG30K;QcoV7H4%1
z6ZpRPVpmP}^_77Mt*w6JzvzmJicC|!;9MIw2J?o8*I0}RAqX_WXx9!5d`4Ik7y5}^
z_m*^E;0tN~kFwZy>(O8dT|#(bBCSj8Qc|p!Cj^fG5$W+9Huu=30=lKEy`YMd)nQ>r
zcUN&0CD}l5v<*&sm<>{T3Bd8+=JrQWlHLr4Ly1;-!bS|0j{wPs_`B2H9H4-np8kYL
z$m^6E47*qm;CGFWqJgXUjHB_<_EQf`roryG0$Bzw1>5b2x_aK#<{EVcmKlt&@RIKx
z`UYs#gwQK>i4i@cB2`tn2$wcZR({ktyu9cx=#I$!Q<T_q<;M$DmJSR!0cd=jEm^3F
z=WyD_1w)fPX6#@0gnhV4%Z<7ldSjRag0zwg*Vp$z4o6&X&**CCFD#5?p{A!vKrN1*
z5jSjX?3BrckaN31YHKU{_wV0?@Q8>Utr9q78(48AFzf)12Ah!3>uw;C+L)M_xDj#+
z#tO?o(Sqt3ct##xW(rP?M+fmywxsmN1K<4;x!IuM**UWqOM2ooLMZF+_r3{+`L=YR
zC$lD|OZdD}`5t5rq69(Z4?zk%Wx-F|I;LaqI)orz&tcY(|Eml|erwAekynt=myb5I
zaBT-<Y{j8LPN99M`<G5hwI~pq0*DwbKZlZ)_Y*oC9dYU%R#=Of0s9LUl9Q8-tgWqo
ze2Eq-vVH~I3?Jx}GjBO~cxD^H-h*+-5aon#Kl;L3!^q2Vs{_@340tf*o<I&fBY`vW
zg_X5t6U^9B@fV<o$!~<RIzrwk##|q9j4$cie(_PV`ccdn59)yH8bINcJXZT7a;z{^
zEI)jYwkvga@<~U#P9PF}kSybd{r^#YLZsi9(RG3mo31(h40`3zqneKmPN$|-H!bne
z!AaGe0@uez;J^x$)IO_N;IM_2EW>oMvh;*WM66xjtlp|83(rkV3|yU_o;HG5+EfWc
z9Vzr1@EYz5MSjD=a+q0Kdf@yY7a+3L69WWf;L&YpJ+7*)1|<fE3Pxw3AfX6w>yL@l
zZ#KyzA~yfbR|H!$C4En_w4q6^`9Uef_ocTBL>>+B2%F<)o3z1XU=|ltl==T{1cR8=
z%WV@LH0^MW4YWcBEzLU%luldRQGl$Ugha;vFqiy@x|s+fI$YG<j^2TPl}g5`8RA7Q
zwEi0}>msJ0;I?0B>6+Ii0ue}8_i!4VD8l;l^8og}_m53?O<aM?V>B?4^mP+-JK9=+
z1ZX&g$`W%((&ghjkFoTiQkjJFmohIHc+^N`B_;Q4UWadf#njM2ssJrj1v)qZmY@I-
z1xh2H!~$-6H3V$NHRGd$og#L2uizAg*MUh5{(U+c0>(z=ueTztK*BK$LLL|{c$E&@
znmt1XO}`%mLfs}O!-7whNFH<TEozvvW@m~}{=eGZGOo(*>l)oONVjwdDjf<Uor0v4
zfYOMhbk~I-At}-=NJt6-(v5VdARW@({jSUZ^E~JMbk6(Xy!`y&eG8ktueH`(V~#QA
zoGpo;YaGz&ozU+(J3H@3rqYOp#%7_?iG)NK7yB(GuR;S-QtHG~VPS?fUe&?Lp3XAr
zuc@d+M56AJ2hCWG%ehtARr#)(G~H5^*wB}FAilf|fIL@A-``Vh%8&&F0!@;jV1lK^
zM_Pw(wPQ?v_|#3?P2y3G0cdEzh|&C*jV<rA-skGBe~wc0Q&+Idm4%)%te-muT&d>2
zBK9!yfkZjoJr)Dg)8|iLfQnKdYGJoQS2(SNc@X3b9C``@<P5)ml0mg&2Q-qSWEK+}
zi;XnjTwzu6n75^Mb3%d76^LV3n;RkEvIN}CU9~LgHn2^nCn>Ce-|BE<jELd`r`l`-
z_QOqD0*cAl_P!)6(FZ`VR^Qoyh)f(D9qjhc><gdp{klYDv2h;z1h~iFG}K|5wJsTW
zN)&1?qK4kMYirNkO*Q!LN#Wt|MWO)_sNZ$XA0IZM>Hfq4g6LSy{L<2&N=zXiYQ&&f
z?_G8W`{q5JG6W)0QZj2cJ~isS%I<8&yVITWi9<j=wRd4DAO2-nht3@lFFLh?^a8>#
z=S00jXn=-Z^PTIzG_%1k5|LtFXY-PN_{bT5#gW0Y_^e&;;jH^VIG&#E9*Q!XmN5{H
z9317ftW1F44q><!!%|MAV??>WiLH^J#qb@ponbEe+^d%oWdeNGC22e;-!s3G`q*gZ
zKy#f@dl6x6Z&;oMcIh<r-um7Iy%#ztD2ijtz-mfZiW#|#r~5piBQJmV@jFV`^zC$U
z6k=e=y#JJkkSp}+9U}@d0wEHJ-+^Og<+L$@zeLXUtg_iZDm^|(m&d|dba!c~`3)~~
z7>2trE%1qB3K0`aqoZObmEm5T{0c#VFqZZ2<=#2+CAqr#h|toi;?VI6Q_)Dt$j*-S
z-Wbi3l8}&yXLYs*d!hH=J^XQPW8+7<u)Bj3D34u*m4h$xVX$Oac6q8G0$sO<m%8lg
zKkRv^p7g_x;T>^#(kIF2>1Q7t&{+>o;_D#2IvkCgf%KBw)pWH)k(ZFB;@Pu6=vwB|
z)lLlUY>C^@A?F|rhb|krJr`)czE3FrcOpnpzxwluXVHB%?H9h_&Hf%p3RtcZSYG|R
zxUkY=K2k*0%Wp$+ez^tiF2sB?iE7C1`ugD52#UhDg$pT3<Y_Xl!0)LvKSE=6oGAHP
zbcKZ2As1&Elng~<`@vYlmA7Wt$VmtH8CdW9$yI9Ydt`>H6S>eDGzZ<@T<;Lxd)8?a
z!9ajH_IYZb3+erfU!@fl-jt-IE5qd$BLj#}H|xZv-Ib0H4oE+ZWPLS>q}5)S7q8vF
zEYjk-vb}Pfx*T2UdmEF5Cx;hM<agzj<$d+gJ`LjRIk+c8B}B&c4EV_xt@0NC0gtjr
zrf<&v*p{0pi+v5lnb1dT=;89wVEs=`(#S{?aaZGggm^8jh#?hq*wddsfAOnKJVu_G
zwma;luzN~fqRlQ`<wb!e1{sg%C=n%l1F@vpkavHZ*gIh8wEXd7n;~Sx-eCtmDzr6=
zoBPypkN-Y8f_a(y&4rWo-l5bfgA~cD2SI)4ksZV_hW2-`2^W|A!<X6@96ytE{orL3
zdqQrOk}}_5P4Q!R7=aKJ6x0Fx1fxGqgz8l>{sRKc*nigwt7K0c2h`woK5TNbHK_&k
zvG|Uqg^+YQ*g5Vz^z3Wa5kxCUqVUs}+=A%I)(A$N=ZWtx<DuEF`neJFWp(-L2XU5N
z#6P?g6-l~c9@|df0agukk)YZ<-Hm?{esOZlR_D6)Y4dz6Do`oeIJZ%Z-@_v_jpUwG
zhg^5(UXxV5eZBBm3QA!kxL@&fqZgmf{O>GOT?;B7gyS<wDt@gC&cqj`iQ>U`QyRvF
zfGPnJD{8jvqL+$_Y%3YZ-a{r-mz<m`_lxqT++3wf8#v{Pj^p@x9Ls{ItordQxPE7U
zwYS*!Q|lfap@QT&pOW&<zyq#*d|JcHatn=hZPjs;t>2}U#KgoiH&=%PM-HCcAO|CY
zG>m9SkuzN2Y{mBG>U;p0V&CTG=5G2Z%D3c9mhtTGHu5;{FA_~y-r7zJ99?g60d+wV
z+!;kUIBz1fh^M?d4@e$XWMsyCSt-yyX$8du=Ho@!h&53=`Wk#N_`bb|;lI5EfXzSK
zond=OTJ5-U2QYRYMIE4o3QaA+)9p}yBcrOtO>98wGxNSNfL^S;*f~YYjcQsuF+H3H
z&d7|QrXlnB+?boUsn5b;Mu^7am^C@*rAdsY=1{2$9h0bMU?mUF+0hP-;&^eapuV00
zcJ<_B`9wo*?h=rtF;7p)Q$~P5@d3J#NarzG#=BadKh=iNc4k65GBW(qS8e<;*s`*i
zx!j*V#hk7sKmD-Wu{l<7x;+ZaDxl4t`k`6^D)M`>&qxde`Sd`%=<_-J+t&d4G0F1Y
z#i5Pw`BmK-RBF_Y!_+fG&VWm*sd+VCpjFz8L7#-g@~I3*aR(=uS|U{0ADyw|;@y;7
zSRyDWi-Ueog`|8{@5}!fmc)Z1yE7AQ`Q~hqjr%Vu_rcx0uzqJ<<vRkt6DEe=@R<t~
z$i2Q<Ss3Mn<NicPA5WTJa#SO-!9ZtJ2{HUI7IjbihvyTxI%lz;rX(hINH1_BJ}EFz
zE;5K)$HKyI6;P2^JQhTSDyfolr6vlbUWlf{KTsvo3szm=m<LWLZeXW&{AtTIR#!ey
z<A?zmV83~Pkk*BTh1mcDZGS2%9jfFukg!oDN&lYhFFo<|^TPwRmu4v9YF@(Q$w`cZ
zJqj=URQ11Mq0v*Mi`_FoGAT2T`ihZNs!d!}zIyxANBH9UIDTGWrH`uZPHf}on=|NH
zAnn2e_tr>|i{cv9mrEo=Bkp>^*vD1E^V15z=V)k#`sq2bKWtp<^+PMc$AZ^R{zOJY
zidWRTCGA(J{nQX4=i%xIYsJ1NYZWyf$U%KJ=jbS3y;56UcBnR#X9?=<|59_A?7S7M
zNlTmX)|A<i)4lWR04?q1O93!{p^55fJM{R0vSCS{MPdlr@>{c|wm6QxlJd65LUx3>
zKRWKP?R3?`-=!tTvR+zgdV+jhSh>g-fNsvsJb-cm+Vf+Gp*O+lk?jDjbsES-K1cU#
zS8q6P_^Os;b={s5N5wP6ax?Q%m?j_%4G$4o2;A<yly61yZ7hO{WMUd5Rnp_EX!y`T
zo^LJabr&yJ<?D0RvLD>kob&s^8~BqH4D}yE2KuCd{%)v*`AJ@#wCznPx8b6+KwyB;
z@^rQ7p^OIc9iN*vBcMAzBoaRRoD$ZNF?^Z*lo}85<@B2>@9N5v0tJ)#<*t&W14#uI
zNz{WDpa6m{M375w!h0a$B78v*<^EHS6{@Fa;i(}n1$ahS*2NFK2?NgUiP6y`4_KQ6
z>Eg&H9#A<b@nPU@DQRdppAB>>4-0eiWu&HpHFIsH)DR#k%FhK!phR~`$NOBPcF59D
z6OfZK3x2~%V`F<`F<n<Z?>HU(K&@j88XJ@O-t3Ro!PiGFt^bPRuHircHc;vx0^U&S
zu3-uJUTAFH?YUOdmYAVFJwg0^_ta*?FNaO<e^U@4M^{)i$EfjYL_e+e77`6kG?*3i
ze7WJqnT+eKqyz|npkDW<);~vy*uj6AKQX6wW1z<ugXD5*!9F?puKTf!lN0J3=tDys
zQ9dOaZ)o_1E*Em}KPAVhUn;X<Y3?2);|YMJdoGEhVdC@}LO{W#*SPoJ*;t<0K-vI;
z_0fW<SrAPq8G~L(khsO&$3}khjsRx-=5^&f(bkFe(050<56T1Ds~yh{7W_v`p*vkz
zW;xjm(4+9T7<vkKxh+ZR?%gvgH$;jt=dXC4*c4VK9;dA{_StYgjl`t&WvY;gqd0<0
zKrjT8Wb{5!W+s96wIHxnv8SYzOpOo&K^U2tMNohm4|o*S3f)kHTBBb1Wdp9Ukn7;d
z0aLvjk{G2-)oP_J919T$kbahQ{z5C`hisqG(9l$`#sxi?C^kwi<;nbRfFW)w(%aW3
zwY0Q^57Onhe$!ZS`cce(pIZtvsB-Ba8#}Jb&$kpsw1Fg&FZuy&U*+{y-p!DbNg9HI
zUQocbAQ_cGri(U(>1z>mJQA<B<Ye8}+~AUxUB<OH_VRlEQvEBp-cJZe)OF{}?%o2k
z%}blnOf>fT`qJ*!ueush`K%x+*`|w<KJ6HA!g=(_A8?E27UseG3UPApI9K=GfCI>Z
z@2}&ebskc1QqFx|P+|!eJRE(&j6OeRyQ_E~T`4*6_<>4h^ozhU_Rjv!rUmCsyEjYE
zB+zp}8>DnP5s&2>2rS>QPywJlC{g}x=<exiN8;$upHpyfaEK7yVFSR43Y&9w=epa;
zUTZ4h65rgsUZxJ}du9{GsPbH)ak<_WXa(OUN;2jJ4i;rViuzp7>YlfEv;AUEJoBs9
zN>VaPxWITd@3Kw=j0{Yt-mhwEwCC3_tsv-eJS4?ebUzAYiMkx@c0RX0&DFLbaGs2F
zl&?>bnsBhAu3{u77{>e_z@)QLy$uo`o}|W;wZw`GjEkE_k^_g-?ed64@Mw$0zUa?<
zv$o?h=Kb%wSg}NIft`!0a+p6UsNfevAV68Bwzjse$N53FEKu<rdX9_$q@I$3;GBZ;
zE2xI4cil}(4-fC7U}nyiM7R-<p)1_GCtPFyRWXgny%{+y@u~W<F27h4AvTlzL7d*W
z2-tIXIZmu2IbQD__0vr47X|Ql?=CKq=qo7YL^X(RsiXqVKfq7WUW4ynY3)ygD&Kxd
zif>a*r$<gHB^3b$0cfA0G%<2jzYrWuM0`)ceiEPBBhtk^6ax45o?hS4Jb$3+gy2qB
zQ{(mT&P85$cmP(Yyv=$0;y7cjIF*_$KE1H~G4-o@%8p7K841wRt?X@|8eH8#O+!N$
zzupRDpYVVD4{p=&Fz*gf43t4v2M>IN4h6;U3S+dBKhSTvW0n^mCSSh1D{S$3UO=eK
z>GO5S8|6SMs?eDC_5##Zh5F&Hk0~NnA|gtrYRSC=aiu^CmHo;@DI1gs3Ak-j{w>sF
zJ7@=CY5u!T+5BCy!1vFd#a6X+GXRw8d3%n5&t*X71@VR;`vIfEv<O7|uGZOK|Ibf{
zfjl_`)Do59mz`Y@T9-o2)Jb5B@CC!?;P@ToxGLY56T^JUrQhaaVp8|;bNyQ&#bztS
zqXREtuY!Srf#@MUU=Uyf|N9qGgJWZ+va+&tIyFuf++ej4O~6BG^wjiD+6<T8IUlf;
zWpcbOX&E8})ue<mZm}AHTC{WoqL6cWIk(fnn<z(MelWTn5IajsVs%LSWt_44MdEB?
zjP$ja*Yaxx4%4IFL^}b;XLiE&>uO=I>#B&fG^%0D#U=A&958+P8ykK&a-(AfXHl^M
zw@QhbgDGBE`Z@<SURBmVH8e|=y)TgwwE7L~$2a&`SXFLo1fX0`Ir$oTr~sGAHkkIz
z!)3BpUI=l3+2`PoXaV}ER;c?$h|@oW-NPR!+fTOte1&VUllb3VP#}gyecD{GvCn@0
z!RE(ihD$b@zNwZ7xfAJKo?^VX5ux`26$ZgM9Ir!CdK4A>TZgkdzeZ7^J+#H~v;LqE
z);;W2ET{(UMSB>{bq^90;L|-T;M7Bf?pOAwya&Ab8Y|N=JN}(m!>&%>$D6+ik13x#
zI|`@rbG~!9J|nbc&_E4<;$0D2{pxGI12^GmJe&_jK!y{^$u9up-S4=#xc8t0Qv^=V
z{2bh2ux&rO1KESmA^+c5No#K}w8a|TwG4h<cmFs5xVq(nvw3`95V$8<t~`q<d`|Q3
zUExe6KJY__q(JGPd;ujBQ_Cit@pokBbgp!ChK5Z<cra7_0ifOiysHcUDA8S@wI*id
z*J7%4fKD$=8|fe!&jU?}-Aen|Z~|#mCS{_r0gCkQiNE*Y5phv1<kY;|8pKxq%>B8F
zQo!YBW`XTBOcx|lv+{R;_}5{H&Dz>p{#F6_bw^p@8(`FMdS+%fASkGI9k|;NO&wWG
z)+v10xhFelL3&{{KdC`=+`Iuf`Dl>=o$r;>8gp05<99>Iz_!TD|9&VcO5mqee9IwW
z{`~>Qd;7~%5Rf2?VUGItrgq*lp=ZUf>&@bL;v<;H;kM6gaXf(9L$JlG9AYe;X&z%D
z_5>c2c*e6g<BEv^0}W!;{cul2gyz-phSAQ+_MJr1Zj{IlskX_ol4MaDESVo|aAn{4
z__!I|9z;<~tMaH(4g`gwuP2kgi7+d|iXpw)w~gMHF6oJhlY^n;TzK;i)nNz~6=@mi
zc{(AXa`U+cjl)w4QR-BW;}$~COQM<Y!47dir%$jo@t1o2GdQKu>wxL#Rb_jy#fW@4
zy5veUHF=QulP7f_BLZ!r@2~M#YiAb+bu7$#K0_C+^9kn!3@ylDNYbRznve<ZKpJn}
zh)+4~Mxgg4F>o-WeH=)?w}0-~%x6kUn(${Tvlz#@?DMC%&weJaD;b}!>CgzdczJ?0
zC+bsEQ%rmG1enZ$Z@}4j)dEaY#Tcll)Puvr-RQn;RRVy|k^u^)TQ<AV@bFMGucs$4
zD(DpNGjG!%`DR2vFiEMdZaatW3Ar-<-I*a8Q20g-L+VnF*Ymu#w6oIc*FBWR*)Fk2
zAhWrw5&&5}4hgZur}!VezTAn5y|Z;X#+*eS$0bg4qUE>Or$j|jcz|!E^6~l2V-iSz
z_Ci&a<u`En=3SodrZY8Tycd7S0pn&%La9KU=l>WDAdHDX{{haRz{5HT0Ot@AUwNtL
zNe0;~Vzj!o_bZyGt;bl8*jb-1v@Y1qgP~JrdnZLLR`eQpDy^+XX2yOXbz_vUcy8)j
z_K4SRW`g{I^*h4lo#IcPRRUKHne7~}yI0;Q3t=>3WF^cJy7ST_28Ra;fCogXpg(o!
zn+!IDlf;i3Cn{=gYObAmJhcCm<sUEi;+x_KFl9R%8!r}v_K1zFWf+9uDdWO%=#|`y
z7lX{U;LF+h7?A#?G`MUgCLhv7^%w@?AD}oa{N~Zdp$!8^b>3MqtdkFP23WzvGat(E
z?>wJQp{D*>#x_zx)Qtg*P7$`yB;)W4T!iEH)*#e^8n7CQgW2@<-aS;%?*ULsRXdxZ
zfDyb0QVgP^NG%fKE7g`Q40;k@65<55%($@}E3LwVJ>QB(F>veaWDavr@!3^l0t?8=
z+qZHbBQX%)fLTRIQ1Alyt^XKEN%=n%A;A2=3%koCIZT00o(JvDHM(A0pU$PDi2LZ%
zg8nc;Gnq1-4}T?_R1@HdXC3)Iwi-c4J3p_YBJ!KRC(Be^U}4_W-KQjJbNZ__$n8Ag
zF1MERu$tNn?W~-(Ik(EqA(WXQ991_?$kP*0<;b$^30(s{tzcWp$6zfuRKHNwl1*20
zv+ShO-g|^g3K`MLb$~Ly(w=GR=F3y;@oCUzwhH#5U}Ix1u05wG=%$9n#)`Yl%*?ut
zJ|az%ljk2oLgbME_N+z$5CzotzpxpIeSk8o*lB<9HRhls(8D8!H|{t3?$&#h?AP=e
ziW$+*$1O%NkB^VIt^X=sscJaz84fcAtTuR^LEJlOVqC`;z*F*pRwRF~PMDKC5CvUa
zPhEY%^Sskax^wP`{O{@#a2qiDq-EOuw*GK-)?{>Ioz;-Bh{MNMkq(UgPh9{L@CZ0d
zm^OhGq5GdYirSm}WLFRDA5Ih$|0jq&K(Ya!M3d>U<r}lNahqk?d4^aR^y$!CW4y<$
zZM|o!*Y>L@#{pVlaa|3KN%l`KjKM>lH+dJXiGr~>QtQe%F}g9@oKt4TV>84kTyKx!
z?Bq14B=NNoByUxV+qk|5ITUZ-2BJko{0434ZXWZKdD;G&uFESKL<YzzKQK`8RIWF}
z5Pf+*UsIsLG*tS2uJGC31;j`Fwy%X*MWs1iX&_A`Jv%FFi}%SB71mQUuv7kRcvNJB
zIM_O#u*gkCmHY@cnINj@$O578Fi<mHr<l$hsrB9t@flFQprT8yBjPdNuM!q@>Hbs^
zw~}RSrkD`A#Kg0KF;ciN8(g8I)rIU+rKN;~XTbj)(O}a4@Qq#9(!SkLD+=OEesM$q
zCuc&*8!SO!JW6d3=P?~)Wp{Ex2bOb}XMy5I3i@ZF^w|=$q=n#Bt6m({C&fpjfCBiE
z?%_3cFQtHhs^x|EdX9hR9f?TIz7-U#(f~<e6?D5<jbY8h0U6vVCwz|)NSBnChj~H(
z5Ie$%14aC$hoB3GK?JCPXXJX23sA4?jNldEyb!~W=xf3$GtxeNZ@w<!o^&iWz~A;b
zM(qHLMR0VNfHe@9gLFk)V7H_FW-moEx~_~KjmP%X(5&MFZs5t2GWyz>ko+Vn>65RZ
z^QLiLtq=^@d2-Ynef*%pJ7NT%$!X)+wA8EEm%Du3iVV24sr<Xzfbgkstf<4(==Cx6
zks0H1C!qwz8!%wQSk&ig?Tw`+t4IqVIzR9Rg2Rj~;Rm|*kO_NV9CdzXR^SBuD;_MC
zH9K^Z2(xA6f8quR!gxJ`M!VLP%gOZH*%2L&<lcGzN)N=lssU_A^chO*kv+f2DRhV>
zCt;26c2NeD?=%PaW9+NTiRyr+Gti&Op%b;N+#JT61t}2mU4bB`djs+?OcvI9UcE{@
z4ngP7f-cJ`Pj78^`&%u0L6KwQz<SJ^M0N(8_Q!Ysn(@-MCs3eAy4@`+XEAomZ2z2S
z^$Y@p**(cnksr3EY~iI@m>(sXU$a<zRexwP)Q|$&dOyW~l%byLD8D;lP&42?H#e|S
zquXD*d+=V4sU`dieL$R1S9g!qjOLZ|wTQ!`M^P^(_3B!McIRdB@p1BT{yOKCXQ6iR
z+qC6djC@i(x6RZkdwUM_)!DzhySG}Y_;Qf+5hV`2^pTpfvhqYrYwHB4(_^4P(1Pmj
z?2%lPiSF2kES$y1mtvHHBxNZn`WNT9CLP_kDI~-w7A*z%%jXkwCj`P?zh(*Zg)TuZ
z4s2!Q%E`l@<hVztsT<urm#!uJ^SwBaItelTzU=)yeBInE7arMBOXm~Z0BvF%LasEp
zID?*hhRbi?F1|+=G2VECHEwm`8!XKz_n42Ty&WB|*7fUaJ}P%s#;2@zdN?=;*VeHl
z2<VAEeqfLal+MY?DZaSa{7yG|?kg=l)`XCh{yqxGI=|n)fA<kTP{tt%{lzOmU^m=@
zec0PeKu4;%dD^(4kk*Vr_vPBLkph}4^*U#p8!L8PCHL{Mi}bXJRq|NHYq`48ugaOs
z!Xk5XZw56!86!VTV+Ug6;}*L=5}Oa@lV0FasBQ0~O8DMJ(14MaXH)&fuLkO@%rOz2
z>ht0OHTr(XYqRwbyOH%!4c~NsddD{w^^Ggc+2KXwt7;pX@!wO7hY~XV=Fm{43|w(r
zNh{)UB%O-)Ogf7moq#c)49t{K0J*u|T#fT4J3>xDx!o4<byY_GUPX<(UKhG_fomn)
zDVK)>@w0!nYz<uK#w1)_Jt{gZEDpq6J$6OPtw+#_l=>z(^J?60gwx)dE-aOrkWM+J
z+Fc8R&Z{zwg!cw3Tz4T$k&%T|R|Eo0CH<vmN=*WiJDK>6ZY^2Q17+#nm7WR@17~pW
zL}Y^+-L)p9^TLk3h1OOzHMN(Kv?3Q#@*(t$9%%3z<_F%%>9)2uT$7FnT*8miev0?~
zcjGwDOj}U1+B(=wdl%Z<&4<hLu2w}jIjbDEU&Wr@TvzEsoXu*Y*E=&tgWu^2eJ*iN
zgj_R!IbtBy$;++$Jyao?_PW_pxFTQb&}wY&MyP!gM-aaG@oE>z-Q{Qx@NNv9Zz?ue
z)M$PM1nk*6wqEFzE%z+UdTbWy8W_weH8eCJ$<w3+%OQa+p2f|@^}P)IujE(d=KCaw
z&n70NO)U_ztm}?O)m+Qwn)4QB&r`=`G4kb==Am|UBh8eM<I`C>nScQ2SJ>C;m&JNU
zt2+@$x95>p*q1%Z{GRu(Z@j0&!=xjTPzHahKL}_K#l>!Y4U%-VzDaz9`B(-@c@n>-
zHF{QEUAsbwd}wItuUT53*OlGhogZ`iN;LZLc^E*>Z8Fk^dDTxjsYTh-kMD|jIIV&0
zJB~-i&#rEPLQFV@K*1y&>jYE6c-7U^#&IZknTWm#Saet&Te2q!9><2GSQ(dRGka(h
zFJZ7Y%oimIk?%C#gj~ArA|tY}umnnMX0Qj=e_E*LIuCBvH*|;)Txk7jR!C>9Iu{lb
zqJr}5?bn2y)~uxZ55cwwkXBdEp!hV!-h43EKr_U^aFC7>P8IYNG%PB69!*)ls~K`|
zXm7V7Up0{EKiwOWG6d?Eti{B{PC<cFO5P#T$KVZw5FVjw5jEJ)AHILztpE{6=^;D2
zwa4ld-|yrk<KY1@ldNj@)G!93P#zO77*-%5soT>Nlb6CTl16H;)Wkfa;I(Oo3;L&v
z+`@7aBOf30$sAnKv#mz~Y4yZ}ND>73Gd%U&T=)-uT1y0f=X%4NDEWxKLdP%GX_E}`
z<=tvO7(zg|>wTmeK6@z06VKH;GDPUEqk}+1$uW5yk7<#+?9O`Yv!D<WjuG}lz67d8
z6jW5X;Nq`3*__zre^E;2{bxAa?&8K%*nP)*d}{4?5mnCZjc06QY%wdy&nvZ#g6Nq&
zer>fKmzhPSNBc*D!P^Vb>Bir6CCVyiKc`zB^ZL=#_YUCqv`2QJ(b09X#-rt1qGu`W
z&YqoSJx|zO&x_epO^6Tjj);Kv&ek8epP7&3^hGx{H67#7Nskh6gEy7>NsbBbMruS(
zPR_-_QAC8OBBTtdZf~!0%d}CxroI@{veRz72~b++x<?kuV|cbFND)s$U*|#i64-nQ
zKK{CUHKui^@j}^60O#V^)0A5-G_s?H;?aDC6HD4lpQjkUx0hFrVNmkZvMH0XzjtSC
zx3;)#+HuS+EymW)wLaFk5k>&TO>Htkot>-)(4hm&OiWd$yK`c>{TNJ)YRK@RR|k#_
z6-8xb7kGjRG6D#}#@Bvm+F)K4S8Co1>Ba%Ej>S}=j6XlOt#+++`iK+d_-OAlGwiqH
z9#IMq6dfOvLLMjfmaIQUMur+*SF(z6bq@sXZj9L_@}hlwV%z<_a{V_UKY&9&9hhIa
zuD#ga*B`^Ge<*fKCn6HVA@%^H*5{VyH4XKr^ki&=`9$%|5;i$!;SBIo%EXdMNoy#8
zbFZ=L<mB{5t5|pPbn|=Tg&fmoUPP7G#bckFlh?W;kijJ>;|v%Wt)`;lwYT4)=`$;@
zg8ws=e8Ph|KQaCt0ltU>s_$a*022MBs?22wFfQIKl?4MIXjw^<yRGfH0~@ZAQdkl%
z8g^aX;3}xErrkAFC}BiKE@|t<k)4?#^)XYL!Mx-5HIbrNGwtd=S*YpDmoIad78m)C
z*GFWbis!+>-|*~+1qoTg>+8LHV_4LQZmxGBl{(j5{neCSMS(w)3!%0R%_JB>ua0E~
z0Ta{sZYCt5K+E0>05Cb__K_{?E34n!UgtBeZlP3zW0G!NM1|m<`H(97v2yBXkt%&>
zp727RUOeZ46+RL1!uCeUhs_Cts!C9A!wp@p=aTPej?Tp!n&xCLd@6fn+}eT=&-nY1
z@Axqrc95>F-J^$cK1v1#w?m~S9m2RcICo<75rk2n!6uDTTVG#~ovyMsS-m<x6q^E9
z)!M;<L--d^flNadNTCq-WuWPOg~#pX_2ts_&GqKDS88#cP2wbfSB!!ab;3_x3WHYe
zz9i%%O}2mdQ9V6-YQs^QKm<K=>8A!ozL_s8?)V|VWlt8$5Zy)KG>=fW`4jj#lM&$?
zDD4M@Q)(9Q=&x?9j|i-7g)LrPh4An_?#@+AbeQVv<Iv3m(K8Q@o_TE{q->1utgVef
z?e(K|;3(MU9Uh(+@D{vz1Q{W-Lsx{a<kzCa^B-VJ#^xFZytEO$%|eHl{IrW0zDI{L
zG6a6uq}HvXA%giH!^q~g^yf2TnpDb(o8GdwN$^uWnY)#wB!6&QSkWNL{&zsOQq<d0
zL|GGHGJC^cA><dqP8*}^@6*%M&49l$G=}#fVN{4cJ|;w%rwE2yU>lp5JbC@<RT{WC
z0bH41T?uf1`!+Z-M9tMbiz#n^UoIlz*{+2DV7~VyW&OP;kBF-i6MvVP4`DBSy$qsj
z@tNTCGBMM7uz-T-W;4^2jG&GR!jIAp<6>toX&NCG!NB<zZGXdgwftNlDY2_H2($t^
z2PH|7vXHE-t;rdE<`XP4@nE?X{&!O(pj?~kc)M~=xxc&HGBz$HY_70yudm#K8w|b=
zxRiQvePVrhK2K>a3jIAFL_+idU)5Nl&Rv1GVUl`71`qf|X)&}4-4<TSqM&GVYWs4^
zZ?HwDrbS%$#4+$+K?MahPV0=gn3#LR6BAsjQ1=&UY0I|Tm5*{9IJmfuKzZO-OyD+Z
z1N|h$qPpHN&T+gZpr8($R91HT(<DB_tOlxrFyw(Ff{?)XzMx=*W%sEyey|*S`~3ID
z_V_snKb4HbQfK`(hK#%wx^zjIX*6i~E}fb8QB^(H_(N>$u;f0#4fbxwmf$<I!XTEY
zn90dW8n|UTM>dX}v<5!Bv0rWfsoVt*$jnALk@pwaVYz+L|L_9x-!e0k>E$l2?O)=!
zt)OmGRiiq}<6|C6ph`+GA@Kv&E80ZGz_@o)hBal5;cppHCEV5(pFcNZfDs>`sJ_p(
zo|Ke!Z@NK2bh-XYS1S~>_o{|uKPu|LYNpn;k(_|QPFzJLvW!;x=-JZkmUNa2s3Px_
zd;VMpZb*L7bhwE?+`aQ$T0%n>S={0|R^7{@mc=~veK}T5uv5OQHm(I}a5f_Q)@@l+
zgFZn6`I>hc%iIfIeloWlccT~uw-G9hu=a{sd<0E&P-IRYl-xSqjO4PjBacPrM?atW
zohvS!jtieIDJdx%n~Yt6nu4M_Xu&_25(SR;Pa**SX8h;pJ0U<pzrsY6P82uKwxPbC
zo!#IJ&tE?mrDrKEmHQZe-62Bm<z=_9XB05|C)3&LO?K|ra_Rlu)$_^8y+1XY4Pl$R
zAm$?>ZlNb{Fv+(51gSKh=O~}X3Lgsaky^d&^{p&m>y}qQLhRO`>Z?gg`fb*^AKFa7
z82^|A21INC_~)^(uoQ!)zm-T|s!9l6)6kT9wd1@oee<nWSgomSGSVn6&TV3FFJJ)K
zWlP-N$f#m&EK`#W01es+!)IFwK^S)q51_$3*+^EgUE4RPub(_od|ircTk)=7@6tf_
zQ<vS%AcKI;E5`G`N(j<2TELEql7K-|z<1U2Ly#^e_#3SWf+5pGmNAMR_@Yb7$__>U
zb5YY0`K32rlaXIvjq1_XN63B1gcD?M%9`z|g#w*2ZnLFlS3e-JSDTwC(6_aN>mSUj
znie3bK+pq386Y1uTkYS|5&6|Q2oFFr^Vn0TogtKZv2*E+)0bKo*O%I$eVW%qp@h4R
zOurkT9+!4!YFDq8BE@D^;nQ?X4L_jQ{QUe_U0q$Apr$|()%R*zw=i9dt^m5BP$?@L
z)1%eQcEEZmEe;{TS>jpi;bJHjmiyv8QC#BU;FkmUGdmdi%EdnE5ldF|8U?|trbfcr
zVK&AJo?iRZlw@XJ-e6e;2+DTtJ=kpbmD{cp?jn5S;$FgC)lT(*2GbZ35us@Mi-2(K
z5qt@MUte46EY_`FtT1f$Yb62=uMnK+qT#@Q-ySRs>CdbTDF|<RiJDJWkr%t}OcK96
zIYF>0`^nd6){neRNBhKtM)~p?Dk}Z@IENF+ZjPSt=ASrL9CNc^6@#L}Z?&~`c}8;$
z-n(FA&75g_7zGw9+lSz9X~tlI(2YQ^r%IrTO~a7~&3CIKvUIo~k2aJnqvQZe&{7kV
zAovs?8!&q2R(A^!fQ#s@+m?1YKpqIY<Iz0J`qN3zOex7d0lwpkQ!#nv_H?TWWJE&}
zp8`vA_pS0v{Rlu$nXF_zm#g<AM|>$N(kll;RO*|Xn}a}$wWpgB(x~9<Sc)GV9m(6w
z)>V&;kDq)10r)8bq;HVQ@8pE}6Gy$Q=k;kE1s<BKhd!-AC<q%=G|kOakQ*;k4H;Cr
zE=w3Qjsv$HIMzqh+z2qAvQU4a;u9HNWNh?<rL(_%pSoBb+GXjyNjPHV^>UO`lM0WJ
zgM%pv;NNWbvRIdbf|j-+2ed(4M|_Hk3uGS2F{&(kB+m*7$wzzCkNxDhz@fbw9>8To
z=^S~WlJEQ@R*p&XyM#Xip{1N6E@5L6dz$^L!{mBv(k&?#4L}|*5l<J~{O=71KX_B7
z8)*8~bLNfIh!9_ZvK#<r+D&_(Z0Q(${4Ds5n2_%c*a4&T&Y<bbJSe6}=3r;<50Pd}
zq{rMlgpS(0937b+mZ<o~m<+}nNET-74-d@kj43qW6x3Xbr}ZVpkdU>E45`j4EG2qY
z0@Wdv=70_VA$PhEdFrg^_xmea3i8(MFST`=LAb|^Eu#gQNZs*#Gs*-O@%@J`y5xka
z_gVlgfSVK)Br6B(8iAlT&J;!5QjN$b`7wkQG(EG@k@neAv*NstHLx`h>Dx{F!K^<<
z4~mSF93~hNA@L>mLI3t#B*)2#wurajfujQgA=TTPuPLPz6C1Z!6@)QeShUiC{KRU!
z(6A$d=8p<6@-Fj5f)DNifAINZ0Gc1LuvlEL4Ski8VT^jAuOHEx{A6k3BQXP{G@l`r
zKMvxOdt;=Q`%mzpAJH>LVVdNq#NS?l?G2MRQOBEvG(?PZp2KsUm~;J!>i*pZyZTO#
zQ`kA|JqBno{r;skCzECqpcr)~EIfP!#ur0Wfk+>MXYXR*Q40VoLs_-^;a_*eClX@+
z^QDfZ-^F?d%)D8U?%4Jw62kU$3v2sr-yS^=;V(3_F^|9g1EQ^+UC{+sicCZc3a?))
z>erpc_B2{%mRH?{-u?C+<LB>GEa;@@OMWtNcyKV~0X)k~&VqNrZ;gO|>qGe3`XrxS
zAa;E;Vug6|N)35Hv!LXx@%GnOOKX?=V}u`ntqm8DL#T;3T|+}-K07_TjUC!lROU~t
z?l+zkXE3}4Fez%zTWi(%{%jS}0|kYYnMxJWO&+haJ-a-O8js!tp2!U^amLIi)RC(I
zzzhQgD1r{S$1lLtF!s=pkaClI_ZAE-L!LXXF3#oTY;Z=hI&Y6)*lT@f1W^PWqc2kf
z6p&J)-++=*)bSc&xwBJ##j=7bb3lN=&cb^`I=b^-Wk8KOf-J1swk?>D!da9aY^G)k
z0!9y$#N=d!Y_+^lP_&POAR#3&-2BX}Eoy@PgZJ!Om4ej_Gv6DUn5{?Bfap38llW~T
zB6b@JV)pEx@DeF>M0UWbLt#)<6g0E~1fuVzXY`EuG~lp$e0|PDgo=iCE+8bdJ2E`X
zisZY=z;Jf{$Cl9HAgiXw>Zs;q9p#I$V<qFIY)p357X*Ol^EPHdDIJkWh?<(3Nq7gk
ztqo?3SaL=NuZ6>mSh!z!xRRuU!w&^O+7Kbp17UviZ(r+1wc|ci{=*h^3`qh(l7M6Z
z@@%I+m9j?qw6x3*?!oK;SOXy=BYE~8mZe5Uc8?!Pb*4kzW+GrfiYpIju6S*h?tLP?
zf<{PKpHYSJA(#>um}zvhwG%)K)t*Z*u+3ZZ<;(lkUK=FFz}!=7PAEz#s4>ILFRwQT
z(M?9uHbYPcUK=PryV|lgmt$IcYWGFHovXK}HLAkO{=5zAykflQwHWA|eX=#z2t~kb
zlclr(3iw3*pj;>Ozhe65JBZ0hI+N^F8h$SQFhE8-$4|_&{J=mxo8v9CGVAZGO{m<Q
zs_5U$mv=IMNZr@FydcFy)TOAX=tl$rKPZK0aBz%2*tL|*A|myllb_h`l$4h469eWD
zA+WiL?MX~L9TEJ()gAYx(uuuO0S^6u)AkJ2EhS%mv3$N-^GNRRGB=)|y{T-wX~ns@
zr)MA;+Wcud=OdBl4}yRL90a~S6%sPQ#m0U;13LfUAUfp~T8XTzw(KE$2@CsDu&xOt
zDM;?MW-7tIjKLo-Bcu0|n-fytp3PeH1*EAR&=khha}fyRQf+?w#kM9u;@WHgkgA@I
zt0*mvfS*1lIyyQU*sS{{6&2S<gBen-s1gLJziY`Sq$IgLCwZN2|JbhO*;w$s3%U9F
z3}j#wHAm1!cDemQS($z380o}7TCBk)__>Ryd$M)l4vWn#fB!Lf4J`$Ufib@vgpW@!
zMFAWnKw$-)x!KEq_?@<gKjh-l0?#JU_>hhiP<Tpt3riQ1W!lDX@8i<}`_zhhuJUnY
zc=$~3o`iJPEATL+2iC!ADyyjtUkpKCWetcvN=v%CKlKt8-rM|u_31tn4B!UAHB|C$
zR(MOdia;h70|!o@jNIJLl7J>3R8TF<nEC7@Sh8<-KzPFh?zH*8pmKc`NnA}4=Wirk
z<WjAx)TgddJ^lKVD;8}~sbW`IrrzU|1ZVC%k6MecNj<yy9zX7eKwDfDX^;eM&(?ds
z@5W|iWJFAZ4R)mV?AbF4wLGU|&``QPATW?JE-uFKdooqaKx%8DY0qG>`UB^9?OkCZ
zw9QhD5dZ%E-~wUQtuB8I^SPpAdCN}stGgH}DR!3!rsoxvb3Q_2b90bEu5xOKh8ik3
zE+in`3f6BOfChGd$8o%N0ZA7*lDPF7rY$8!g0-cuJHs2<)1Y}t$&b%L_<i@427fx5
z#fEvWv|;^E0yl{-c4c=24v5fQuz@!)K=jD8<bLubUOrnb9{d|O86xD)of0tIl0E$?
zF>w5BaDLa9t8*tlfBN(x8;1<Y9uVRX6IrW6GqSl{jL<^b^%~*y_7>pqdCwibyMm#N
zKGxQSf9RkqdntG)M@ilVZ#w@uW7Is@;j=yQTyweE*_z0R3E<Ju1rqSZWkIcQ1q&zp
z2LRv4`x4$S`rW=OTHEUvIs@9)b$D0||4({MOyHpwh@gwCD$qhgKmZDk0;qHf1ghF&
zfRJMN1qcbpf*%SAd48-31?S!T&Ye4LQbBmBb|6o7P1C!4Gx|{b_JZxz+D3j^xut@V
ze2a<!gp1(5S-`-d5z}9A?R>*)eY5_cEij<#yM?)>@$zyPcaks#rM&gSgv2;>6<JxP
z*|Ry+Akd0q7|K)6#Vfa&sZoT<R@EXqbg-w;Va8}-VId6<53k`rSQQP`u(*_m(cgbe
zFReSPt-XOjw8nc6iP~km1u86xB@;!JXadO<ds%r*5WbR9-!Ldzm=R)RY>5WR(>I?b
z7Hw(iioG7LMrnW!j*FwBhO&T5CSno-foo-J@~(|_Sl7vk`BY(Ije<u0){zrJJUT~d
zf8}&;$&r{ixUKtgX51u?#1l*uI?epLG6A1XJ7DTZ0k&0Py2RjbNb@+DgsL3to15{|
zpyt0eJUl#In>`MxNyoqdhL|oZ&tKT)7uS25e2685GcJa=Z{@M+AV0-G$IH`JixyP(
zGvJ+IwRdos0;1rGH((;AaWPJP0fNssJ9A3~$3Rh8MP&koHR&L{^oQR{%F{vXVd<Hb
z`Y)U(zTaBDdY+b;4Kd0sEiO-pp3VDLH8qLbg42bL&zOlG_y`<(=gy|4FZ7(8{jJl}
zS1EGfo|9;TKGu8kfa(k;(Ms!JeU<ys41*)YY=wo(3tyi{-~VM}W0MAo!Gt?O>=@<d
z0dIz-85|c*bW~Jp;P~qMf8tP%(tqO6@vMKFbd_RSm<iylU!I?unwz@`fvUmDsVTwd
zeJh0E8G!_!kfjSWn<<NqhN35^C@A#E{woCWziR<b5(XtX5bclE+;u3BU3S{KyP~7w
z5-<^i<KvuDfQa7#Gr(Jkn4dgmVq{zaDIlZT4|soy{&x^U5ntT?lVEG~e#!Gh{F6QD
z(4#!pU1N|Sz^U)eDX(FZ?`yTZ(O=!&8x2rW&ppOWK^UNBA^%s%8GDfK<$!{K1p{C}
zgS21Y6XDaGS;^CMw_v&YY5l$@hQ-Zkmlh!|E1PQwC*#WLqTU|>Wgu-!27&-1si6D8
zvMN4)WGXPp$RG$Dk6A%fvHQDc<Q$(vc4}f=;<YG^x;2F+L4bh7?}FfYTweb8iMsko
zdunfR@azjXMzg*(GGd68&*lU<LpYjmrXRBP`4WC%0w4CjNTR|luOM${z4WXQ_(v$z
zSP);p^>7aQpv?STU3FE2A9NHEyk2?lr5Ppc>`E%5qepze!B9g~xhx?61r3o#=L}|6
zAQnvr4U)LmuNc9)`_YRt5n&m4?f=pQ2+tA_i}+)DbcBQ~<RGJsqU=j~`bd<4p&69Y
z(_<k(1EZ4hW+W@X{>Ddt-8tCMc&<u#qg#n*W&JMdd>#q$MJAL?1)o;93a)$gfzeQ~
z#s_d^$o0MYX{|#>NVu>*KM&0pWMrtKBQkDo60EGltjIaP)z%3{0g)_DN1OgXiWm6t
z@1Q+MArCLFCG}>1a4;s!Dyr7+!^c@xMyA?%XZk5F;s-BpiSal){Fne91TRAgN5aTt
zDmZb2Pqc4wu}!}LbY0Q)=g(yfyzq>CkRjMV`LduJwL)fQ=1-Mm{_U)P$2PGw$jH{%
z5AeJo;z%wsGL`_^ksOaMZomV~a^+_N=xgQ^gB0(-2b6~azaf$3jSWgdO3Ip_z@r?A
zL=WaAfX!p_y?_mDr7^u(Hqw>VrTK#uyYxpG)rq7}zk(SGkPZ?O5*3(p*PjpWR7SN&
z@Gatz4@zv^!H}F}MJ1(yk6-}-83Nem-pUeqYlC}49@bTcrl~VJSe1uKf!YV~(mAaD
z!TnxeI=V~$hesnEa|HXd_AUWIiG-Hc6AW09(iX61^x}U9Zv5(+9ux=x$lzw6(9nuq
zf2e~C4!{pQ8b}qYv;jc2`QNH-5W;T?-4INzo&=1>=CcTDcNwrzR#sN_X3Md#iwZv_
zC43v7%H-5-A|fXKkS>gcAOPSE8#}aYe}A6}bS7{ddqoYd6(M+M;|5n&p5|R&p4z?}
zFNAbN5lqiyO=i#b1xj7HP$gbiaDe;q_wnWKZ$VqyJ87b5h;rLGQ82yCsR$&H!SbOD
z;Jv_T@!NX}pmBX29UavKMG`ewi0og#elIQhF^`V}c&Gjx7u1K$n_Grhy?>8jeJj#%
zxl^kSqq8-DVA5bHn~DAr34&ke;Pmv?3e4-Rt*EF7Ma;W^!wJso_=J{)iD+MU%ZY(c
zbA*8p++!8-1<0%TVB@^}u2*{!GK_v7<Ui=};-l~zwS2e)VI|vkuE7=Yg<Fg+nVhS=
zd$KI*`piBx!uj~f0zij_w=W1_JImMU_V)JOlWpkFYuFCJEyPSj7}X6QSUx+VkEk$t
zk&=>f0vfr-A&bAU;|2$INlje5Xf8cD@gs-WZI}q4PpW?0yZmF@m<ro}H2eGeaSMbP
z2?_IP!221ZG6qwK_pz|BiUBI^LhL;jqO#iBE(IqR*hcw0%+9)^;d}x*%2t4%&eqme
z1l+5}6NX3|g>H<DmXBeyF-s2y7_f&12mc0b?5FR+coIRdu^R~sVLtoD6>~7PtR!}Y
z0JnM!iRN+`@aN}9gEI;4#n~6i$I{ZHcj0(n|DKFf*NqLd4XFS#p70TH-Dr<le;YK;
ztnfl(Z)2M>K7#g_nxkV|AYfmZh@MXZAABS%ZNxV;_<TGlcmN(W#lH_GZ(z{K#L8-!
z3|6ZVKC9wiBJp9^Mn!QRd6_Qk6%2I2CD2moAxB;(#cso;jf1XkN>57wwr$=|4@O20
z^^ZTw%HqG(VuJGq6$7KfU$FMcF#r>gA*79Y(8H-&=CW>XzDQJg9<%;qL18u)U=e8Y
z&!3KO-z~vw5dT{$Mquqszr47>BSn=s`r+wuvXy8DO0}fmXQpoY4t#h4J1jDgv;F{4
z9NWjoX9r}6w*q7e3JL{nLqq#bu@IZq36B>6VbqU*$R~=Ihlj!$tlWFVAgF3-o1dS*
z2A2r0^MnkzUHIX1_)PJB^a5}!DAhV|zWlcH3dmRX^F-|MKd_Ve1GE#Y0RwaRO9Lh#
z{@?!s{hxf(|Hbct{tw>c|HWUg0sVhJqW}MX{oh+8PD9xwTwJa_1o(O`qb!YDENSTX
FzW|!*nrZ+5

diff --git a/docs/sources/terms/images/docker-filesystems-debian.png b/docs/sources/terms/images/docker-filesystems-debian.png
index 823a215d3e9266dbbc0c3dba45b78af448aef58a..61e5ddb2e3a460588a64f855340a2734ed1890dc 100644
GIT binary patch
literal 64585
zcmeFZ`9GBL*FQe8me69UWGR*Gm3^1W8ba2wRFZX&WhToYk|JxCWUCmmXBmURC`tB=
zeFkIK*e2TyGsb)__xrv--|sKqKj8a#+#W8M@!*=*^}5b^o^zh(dAxmKs?T-e!U+%v
z#ARr3*8&7$76pNh*>bP}Kluoa@&isR0lJ0{Ie?Eaj;C*c*T?+~>;iz_A3HjjbgyT>
z0DgEr@Sbg;rSG#q*kgZJ5DW&B_3-fuaCz+KD(ma-mc5~I0R$2S8Q#79@I}tr6wG0S
zGR0slKkgEaVm@Vl+OI=MUg2iRga_HPHuf3PV<;tY!Lzb#Y{UsN<b)xII+{F5)hjTO
z_fGwF(q-~FkHhtin6F<|PEA~#p>!H+ym`~6y3D*XACArye6xIU`ugAC@M+T6>Y}8y
z^nn=@u)Ij-W4Mr`Z$PpaSxz0D6E8&`o%~KRu>hw?7Y@;*mlyAVj(%(A+%b-$mz}3{
zj!r7CLC1ho+s*&|)BoM3|22vK^_>6zphVOW>_u*agM)+Hz`iZ%N&!o~?_|LBfl}A6
zzo{xIInKe!DP?S8GNl~&_m5+e_Tk>^$L+6$yjGFNKnDX>wzhlukQNS5+y3`;s28@-
zP!n^o)$^_|Te<k6R#<}zaM{=;4W%15zNtw{ma3?#?$7+2ZHH-X{yZzl#(nX{B*BXf
zq!JInr#q5IYwr`jI6oZc*8ZAniu1$?wT$%i7$g7vm3^~Usq+#N66|{K&Q%9YHar)k
z?GP>3%9hzdDoICwn=zoxXkLvK2_Kge7Z+b_d&zv<)z$Se5{cB}6zt<Wcg|KwNXT)x
zC6vOP=@ddF7w3g|T2?u=809*#gFXcTpcOgPo2Q8$(mvcwYMq#vD4|hEq=yz3XEv<H
zIg(OCcrtFi#>rI1*TF05T+^q>KJPuf!1SHlw{LI!{rmUJ@bEBQOh0k*uvdP-+sM>Z
z)_3<Tus=s(L7-u=C$rP^!;R03m60+_$~u0mv9R#Um!hJgUB@$b#0u+PTKu|UHe;|M
z)A;eXoNEVmbR-X-VTEm7cZy9NA0Kzo4B7cDqUyhp2<%OW%abQhT+8xLfo9GE!KNYd
zshgXA3!RLo*VNR6Y)sS^Z*R_b7Brs_y!6?kDqi|&VLpf8lsqC*ha>>DxB>ysPh6d7
zGU_G}M=aUc*=<H*QU?q4eIv*dZpzTL@xgWa6DCmKJrGmm_Hd$*`j5^e5dw^eMYL>f
zZ8h=p@!hksu|a8_XJIwgq=rHjZ@o4wfv?Y-O33c4B@ee~Ca?bIvK<{AeB_l8DaJ}!
z)im{JQ{E;fUP}W-<^$+Bqmi7SFS3R6s@ip|b2qp5@$s3fcIo^w<pW!F(`03_Z%{d}
z^x8<1-QauQ%GcHMFJgH*HM>8348IFk<=wh+rLe}OGcm@)!y~lw-TB&eVsZZT8DU|k
z`2s%XHr51S%a=a@&w?dEL|ZFhx;dDr4%@gdEiL`7q_otNuJlSu$H<U!@pJb%Nd#A_
z+N*uP5pH$p*XhBEv)>o~X#M9MZfR*9x`%{Nr@g9Lpgj%G=j&r%zdmCG`V<40%Adsa
zj10DSz~x;=%k7AGl&_gu$d0==U~vXz`F|Eu&xGbS)eeS!<K-u|TcIrVd2&Jmy?P{R
z9|Y6_|2{}bPWDsK)PxW0jyYpo0b|BTN7-XGSwI5EfTW`CtPcwC!(D6K4sl2x<umm$
zZ13M}LtNYmQolx!;Vw(U&SwkiDT!OZ^rf_TF7{J+8^&VZ|2PJ$TS1{t<I<&B13kT8
zdD*_L!98M08a3}990Lghmf|jUR@`)LvqQl7sn2wCBmVQ9ShbAI%-E3KSH}&Dg$s;C
zBs+f6+>rvwQJTfVQ@AF3HRyP@TR9it{$>USD%fJPd`;986ko(H66S}h%HRYoUjWvt
z@~AsaVoGa&;eBs{pfXhZ#lJ^kfYX1qiKahM4^}fD5!qm8s5IaMyvt;Bcm?XIL<d<L
zh^?({aItAFH{cC0N-k`=aeq3Lv|H&f4C+4(EcRcu$52tw{!BCvwbB{WN_)x7t_JM+
z>tH^mFLS0-Bfrl{2CXc$^A%Wa!9t)0E4qe;=4JUCcdtvVVi7%`59ze!sel1ZL0|NG
zeV9n)IS`H&Sn7+%hX?zc@5RkF(9m_9@c#aOu91<^Wx!Wv&8>^gwf(M;cV^>em61q`
z!$h_zlr=t$V(s7PfSjG3ML43NnhKBFA}47ZXx||d<*5b7MGa8hP2jo;L*408F4yjV
z_~X0Sovuj+JRH%`pz@<kV(#;43)1a8mxshVg$vW8B`20+arPdhdP}q~#CbL7`r9{e
zt`l)cukQe0!L<LiF$)3~J%4mzl{bJLCydv5SS|?qHV?w~w-#H-8&mkjz0LU)CzI1W
z$J4QFdG=SPHHV)0&HS(ci!DM_kwX8--X&k^M$FEiI`!b}>C@(^X=x8{xc~Vy2|(kE
z_OIpziF<w{pc#2!j|G}1Cnx`mIY+b*Qm-0gp`__4#MiIaab@35^IqOvBdO}9tM(Sf
zv18--+#XoUtWSq|QYzLbEL?-j@^6WXe!6z+R*i~;M9HJy$(PW=p=;G#VtVh~;lSGW
zIG9-4SP`E-i7r${(7gyToC4(TzCIHm*?tE_PgR()F}>uMUEv|Gs_L8|`-HK7@<gSf
zH-~dmb5{|ian{<dIyyQg4<9~!?(e_#a<)B|6mqcHseDpcqhU9F8}#P{u=?eSFJHcV
zvT=qh9=Ui6Y-2JjaOdyfhtks08Efs&|K;Oro=;Dvhj69+myhe5owUMMausu%PG*TU
zN`dKVFJHbKF*i5wm}&}A_X8Y*bWR<*_6x8bRI33is6PsHY^M2vlaug`@PoY_yV_?6
zUwpmH{_hmA>h$#VOBLa|nZ`y&+q|)Ez?<-7{J0En@N8qBOvfhf7T2>(Bfmo**h?J6
zJvBAz3nQcMLu0v?z|Qw(T8-5((sYHK1yf`Q04DvafWM!;cHbad31a_iv;vG4QVYCZ
z`Q^(Gw7i+4g&72%t#vo<-R58%Q>;}6{&@ve=4F7geTAVED;rxA5Dns*V5C+C)>v+8
z{|ILdOiUo~loOGh{7fu5Xvzkf1kG0q^2|5MRth=_>2h*%Ji9B$&!(;f6<m1sSnS%g
zei<vSB<_}nKDk8Z<#zoGKBK6psLAT;>U&dY*uYWXA-m<np+|vdbs(ClK@@=SI;s4y
zEkkUlNW>%%Z;NT)quI}PcX#WyTv!tr+aDf9oxg)<kkxXy>BlW4SM37^TL-Tgk-clJ
zzgO^Hyy(Dp_N?V_t=j<H#^HGf*)1>lSpa|r99Kc6mm@*$^77Am|Lz>pNR*!be$y#T
zM1(E?_6;_V#UwX|T^<6LHk}G<crtVBfweRQ9I&E5X~BDceR8xR*0C`$>CO@KT{~Y4
zoea1>f14`cNo}V&1!UJ$g0~jJy++Fo`vwL`4h{|%oxor`RU+*4pf#@(?46{`*I{HV
ziT`9<!A^sC+VIpCtZt>`7Z3&MW)ak(6Czco+EiZw7h48U|12Gap;r(9#}D0@LZbqn
zKY#wz#KdH^UC;e)%eUuWbTk@KL8Zt3D8(fOzrH3*GqT4t*zv?CC27~dX=EFEvl?jq
zoJ%m%3s-zSWVQ-(7{UP31WIpD&#M2y-sbhHqBpUxj69glD)4{vJmgg#bv`mmoY3Ha
zr9XtvL0;62pz9DHJ-z7mmNF1qS@^bD_6d<Ql2?l-+I|Vs5x>Xl9mSh%9Iwjk-Tk=z
zGA6ku^_jK;;IzALji4L>!0bLkNYgE!t6Hg^gpPOt3a%v-HU>o1dp1CLKP04lI#uGv
zuuL*XkkgOt7aOJqt|hm$;alv~lBL!M(z%y%gU>+k)(y+tS;>&yZ8EqJUNKydA2C|*
znYgq2l-TA|B5J1AjM<Or5kljdLUy!IE5#Z}oL90EULUJRVuv@eE2`MfEftl=k8^WZ
zZf$mha$HoRSU;Jwva((}+Ki<rR!%GwaO#J)w&&)dXmI|?W6{zM!*XXxify_arW90W
zp_#LGz_@#5zXbNGvQbjA_dROszs~2_a!S~?Ly)eRcT*UnXKj>nhV!AjI*?V>y~Qev
zOx#cD=6`p<k?`$Nma2nVv)M=W#RcE1SFf%UzCCUShuhwa3}DGT&-4{Q!oLa1(+2tS
zZl+Yg1X2?(s-6K`S@BJ-hzGKc^Q}`Wd_(^mT9zAoXDwp?EU_m8+hz<a2~b`=uwwA%
zFW^7Np)@2Q4nDalAEg2s(uRAUeftTmFI(P_%${>}yegzFy+}%13cC*fCr+bJM;C_X
zW$F>u(Z~W1uVrKBLz8Z&>q45>OR~@xWi!)qd@kJrE`sZ<EkMpVhl6D!1I{wBG_<8<
zX0kW$j)Fbp-THgSn}WQy0LYw|l#&8txMuwg4L$Pa{`Ee#z==voV`Ix&L5|O373M-b
z`gw`l%HG!PSq?!-JJF0FpUzJM9aw_3q0}=2XOpxH6W@>zQzAu%(fZ1a{jw>G!PACF
z3y#ktRf$6Nq^f(C>tFNHti=VFUDlVi0vhO(`g=DPj;T~VXW>*yYMk;h`KVB`oar2%
z)fl|J<P*yyvSI7wH2u9yd_C1uP6@jjR5<tb9RuPZE0cZAwXX*Hb$5V(cCcXdAO>NE
zHq#OvP)};3QIc`CwLzm`;nuB^n%<(PozQxzF(Bb2H8wi_N?gmVd1mC*nlc(LCWM2n
zkYJ`Mm5l_b!kJWv%{6HYNr_aW`0}r<3k?s$9!kolB?>4Vw)VKng^0};ejWcsNHR=r
z+N~GUai2_;Ll8*@s>X<U{f~@>NFCbY?~6XDCFmFMKRIHpvgu)}m@SAyv@Licnn&v|
zxl25MX9|eSMnLx838dW*3@b=h*~wwlN0`5ft>7E>%j1uwSe#UQ;=Zq9W?-xanp7jY
z>9EBP=3!}Rnv(2$CFxpJV|KsO4dDxqZ$I5bVqKNNf(uJ*sV#WvcixUy7a=KIO8Aet
zbN+U}iFp!;ooZANsq?2gDv>-lBkZx_g~fVcTZK$W){4CNu7Gk$xWQ_a5P<j0ET?8J
zDh90#|BN`?&W8v1`&)2dR7rkdZOy+l!n@hfpO<WoY9AbhI1XyiU=t&2Iaje;M2qjj
zgowmfPl>4f`qr}1%>w?rTlEH^^*J2Zz~vhSxb-QVgRF!`cdg)=(=M#T>`<_HHTB6H
zBJF+&?XA>4U9L6+v2AFA<bw|!#MY_yK$|~GT_0EbI<oE`NZg<wMY#)~*jQB9|353N
zHybZjD)oLn2z~iB!18`nohw2pV#{jpE8dV8(b!^uaW7n#th0WYGfc8Tk1SW#oJvJa
zK>a0GgpQX<XLcJSB0&;r)2+TPXEaFqu)05|&j&22-sE#7yZJvt)p^z{ki-N(pu(#a
zAW>7|O$G1-y6k(|rb$nSeq^IOTG`Oj8CBrNzV(rC#;zux4mflE>?ptLINI_f$WMvo
z)Tdm#nx}@7g@*5`6;3T`L4;O#E)e=JH-Ee=d>W!JzQUeZsTqcv;p~udS-<E1=o|0F
zC$&nqUQhU#Cxt`Q+b>I7T<~igdBVGvE@=d2I2`Z7<`Ob1BgV5{zP$ato_V&)@eTK5
zGHgV~@q&`x1sa&>rff99sX>uYdlGcoxV6q%{ED#+K@7gCUN87Z*viVlxkaom`!b}*
zXMzwMd&7&@+(tt<|1Zk*n9dQ5)_q=ETl<P4grl9Ut*r+%L&<?!;Ri3$fB-6ub+R4y
zjmS<LJ*cIr)W%t$o0?}VJtl05g}sQUd{{@b+9Ab{X80h=>*y~J?G<fst=2f?_a$Wo
z=!W(+rwccXP9&v`%B5_<a;UT*b^f5BE9cw2zXXH#4@`))o7Q0>LtXaNYm|DFp@&7M
zESWBHA)LB#&$V$q>f)rB%%KA{Bz66rg8slEHd@Z8z=uK~8@9-{F|Z_jqka_Iml0(7
zFg{e<GgyGBZP!u-A_CJfj+ta3b?B=k5$#qI7GWH^xVRW3BPkhIT3P8scirZG3=OLH
ziF)zt0Xi<MQb<Tuz{<*YlL9!%N^mje1&q~J^t^`sg|PH>)0~PIsD?jkjw5{Wq=EF(
z?)8oU*BBEX(uDJhYTI-XSB*e=pShjS`?6?t+czA?k-Nh@MfyDB)rC1%$<R=8$>*!r
z?;43X$fY?z$v)s#=)u=CO@dQoRhApXMR4en!-@EBIu_Q_eEcsMjdHa59TG{Mwryo`
z1-_Zl5=lUQcD*Cfe%TC?A~^NBg97BRTtFhF{d-`5CwLt>MwNAF_yz+?;V~ewbqB&f
zd(8OoKdPc&2|TwY?ybCf13v2aN+Wr0@9#^?2<_|RP8_4GslBt-Do$hRp6wPM1EU#^
zgBfd~k9Hif>9GAn4okag<ccH4w%bk`;&3TFGbbd!PysJg!g)m^tAC?jXu>yodsL?G
zU%l6z9yJZ*T?aRhIW@)r%1*VXD5(nkB7_NU=^$GIe!cGZlpBSKkA(W)1d`(adL)Sd
zTVQWYHWGny%IK)T-t>%n@hG|Fn?~?E&kv59+@ADu9TjQV{M#G12Ao8d*K`;Bks96#
zSGCNk`B{C0(;f+)sP(u7>3T7+YP{L~?n-e<)0NP->w9$_)fF{QJbENKP1Q#yAi%A~
zp2_Svy#GEFyly~!P<DK?(>tYry|82+(cx?h`<4;N5+Ao6Sk`^+atvxHSmS7O{q}j?
zUt+P?$T6o-8JGSX)&E<lm%}W7GOu+9E!{9nd4X%I*Yx5cA;`!?Q~aoHi*7q;4zl+*
zRg$Zrcj&VuvWfu{J{GO<c`uQK?<7MguTpm7*E<fkh|u?@+VvwOYz7iqS%Gx1NneCs
ztoSmiW*xMK+oQK%M%=c+RhYUq2ED;mPp>?NKE>ZpZIU(TIr!1!%*tjj_7aFQ`>Qj>
z$JdZZYkdWmnspqnfD)rRNI-lAs(L2WoWMGha~H(a-?k22?NcVK(E+}|&3mdzaUWpN
zp7ZhXRglbx{u6v7O^HBG3~3NNn>}DgtH*mMzTUl5k)rhA!VRphKBlMe)fH0ykU%PS
z4LTJ~UUiApP`sjQEFB5tC8#9E*!G8_M2OHN<lc_g(uAyq%dX(*L8Z=ujSQvVxMih!
z<8x;`wcT3SX$L*N^#{319DWmH*uz{46HfbuUqR$G|3aQk=NrdB>_>tB@!Ze1nyq_t
z@x1^62vY~hj?S$ue^ULWCb9~07eYN1I{S*V=QRSG!=tHqVxv1lTmOEPf_vRa^2sJ_
zB5N+EWViPzCr6>K*RI7Rwh<xx%J@Bd^rzjIG5~}^6HFkOJ!*aK3n#~`eId>t>8(P?
zrKEfgU83(4Ix%Z@%;#DjpiGPXSU8UYp+j=f{VeP{P;hkt9E%Gjnw{rY<`LncI4*Z-
zLSD03*846DsP~^c`Poc7{{-<uG@C#RuU+Y_^wj@3ZbcnukqG@<{CeThG;!d4^1|^e
z(fY=@@EaAl<4DDNshwHIi$st8J2)L;1m=0YkEee9h=2J<7numKe{W?#oLi>Y`j_ph
zX@J>0a+v<mp(2yjt?%q2JC2xeIE9&=J5W+ahHG2W`)819P`@7aPe!hnK5e$L=J*`@
zws$1qyT)qyg1?=N&ZAE;ui8Yt9t-BX%kirR)uN7fjm~!GlOZT>F!00*w_Re*FlJ-I
zdEDUWN{xVoyI>&K38#F83vEaev|x{tM>0>M^_uqV)l(NqxHns8h-Gh;?BJbhWr`k^
z0D7i;kqyitF~R{bQqbYz=$G1F9!Sd92=*r+y~fA@JpC69I%_q46r^vKzI(jBe4uGh
z`s0MQ*PJI!_r39B9UuJMFJV#4TeAK35w?-`79|1w`CBk3h+kRzvCRmqlCqXq4u0Ah
zN+zWi0iR|yorO<d{P^7_MGv@GQe^*;+B721!V0dq=kKeo#d|)0N*8lMWDD1tnn<<!
zOjH;C3N%cA?JUKG`PDl5?>Z^3N_A8wtu+j<mMx?z`k(BW>wd4wO^#%K97xu0EpjFY
z>A%?h;rQ8WJK#ot*8!m93X+wTP5cJ{)WTb_8@uc@fJ&Q<8}vEoY{90=<?cItKFxm@
z%We$UGoZ^>KaOgB!L(9Yb0J=F+dK2={ML}yeFs@uSdf0b?1e?NeW8extBkMUO3st~
z+Od1sKfV)zdsOBF$)5GE*tqkfIG9cU1hZkRpT{4*`ktEy_HHYW;u6PM$oDKOkp9L{
zpC1K?-m}pl`PacBcL!Y8fSNZF6cwOrYHGRwaDOAd9dUe`l>ax|6R&Yv>2*kx#Z|;0
zc1w42PZS`LMm3c*x{HkTJ0`g8+zSH_-t+~ignSEzSgF6lQyd8K6(BT;LmjtV5oh5Q
zkA7CknhNpKTz|I8!h)k5&J6M!u{n%VO}%{?*$RsTZWw0=0b-oGcZMFu*o;BP*%Ngt
z>*PCs7<ApF$*-J}jd^WXT+Wn<zo`-dR&xBPHF#n<K2d@3oQbKvzxOQq;?%7@N+I`u
za?m>U#>U3aRV`$D48l0GXnnc`Z459ibvBO+?tBp9EOADqq&{EavvaVmugnNn&?_x<
zpQfYTj9enTY_<o;m&YAFZZG`3UGnb}Yi^&^dc7|#OJwZoNR+{p4CE7~<9A1lwX%gW
z0zNQ0L^{jst$&hsl5$aTZ4^z+Pl^u4hDIbmYsGJcB%;Gb6X*%7pUE?SoQOkX2!u0^
zU>3yrnqRLIy#2O!mb|<~k{~Wi9^;5);}CVX1Q@|f^PNc~wBPIxC*T$gV`5?keNgCK
zH_Iqp0Afrv^+sBFmMfk&b>tf}NR3M)ks1se;;+tTMove}Xhu*#25YK}6rz1Ufq?P}
zzehL?edRH(IL-4_qmFb}RJHn!zq{`|g)_b`_j?|*_bpi0O>pSu&62_gI8-}Ycgv<#
zEy(uMdr!~8U`E=r!#lWUT}cVgLl@@gwSmIQ7aG;Egp6P(pt}Z`%dt*gK0ekK>PlJG
z_EO(!OTcn}VS#?quZLDv$kvz#kCKNA2qpLCG->$}GSai!9i4@589p%`TuG86naR>E
zxBBAB;p={_N9)!6T(~z*JX+Ry0h=i?F2VV1(l#7l;q$cpR<=!zS2SNH4WHjyZ_iu2
z0I81JFF%hxoHAiJD)Z+5omeyw{3+TtD*B&AVXg!8(mCz$FlxD7EfxjAXM`>MP8kQN
zp;62ef7bDvAAq`fh%F@I-Z@Aa4g&GzB#)2mMYUKAKBm#QIlj55Ri33&Fi-wR3*gHf
zUA}a=vUY^`XHb2%oYNcM{?zF(b9>C+UJCKlv(DHJdUZq+?jahXNHEye&fte%6VeW$
z!Y{iN_V}jj5oEX;yJ6~Kt{wbQN_iYt)JKhDDM;_4j)}>`@||80I3+Bhq%^tp5UoJD
zll{xd33t%R2KyEPrsj+<8W@lXYI3~)Nz`T(QTPe~PYMAZO~z$)v|@@|NR8LV+<cJg
zX`b0rsZh+bd6KfK`E@s@#yw(Gt|p^;o8cNWH2vlsQWUG&k%$i>xjaUO5;AzAC!6f4
zV`Tsvkstgd*ujmMl8IOqAx8*Bqq`H0`*JVCx6S7}^MC@&90fjiUZtCYG~q))7d%Ny
z9s^3DXkT<449!PS4&s#({d4G)8e;d7oREY&eJx_V8LMVpk%!;<GkkUAtV#&?KZbWE
zC)a;F<v5zuiifWZm%x=ExHO9g5B^j)H&3D=Z+_<OE_vttHCnuD7Ezaw>GQtknd)}q
zlQZ5+x<*BgBf^2M+c=c)gs<E)Oc+=V`gM~QxaKKGt!nLbYM|m<*Rh3+8d3iufw7>e
zqRJ+GlZonJOi8J(q)Y~IKdx8F^)<RHY2I=`0`sJGtzl=MP{^8ZODSJc;!R$A@~i81
zWP9Pb>7kt%ptLv&+zLb>W*buf79>%Z78VM5d3mp-0ewIqZdX~N*rMsLoyO^#atgJC
zOsDhsdapODm${mMJTp28-29hZL#vn=gs)a=hN=2?dE8GY{=1c}W6(zj9(a2qG9Re%
zKejqo#d{YoVY3g=!r~QKQt-`sE*9@DP*;=VNYmWru-1Ap=U5EjU`KJ=^rmZfnvWdN
z(=-9F;3klC2?6bb=Z?~khJ^~c&vmE&;+&e4z>>g&CX&~_pQxHYi}=f;4&@c{_4V>B
z6x+wn(i1R{@=xeipt_H{l|4i6>r|4OyRYAQCe&`MG+u84|1(d95i;=0QG!lI1I4%-
z#y3A6q0ex<;EyDY&HBc$ug9!@8K_8ZZeq<vU4Ej`F`w1GHs&t)AG`F!E_A)OjQAHV
zqA^*@-uY8mMNjdek-^sHiRb-gB^knk*VhRn2b~(bp;8V$>wK%x!S&#8k4v~R@mWKG
z0)<N~sat0xyo&0eFC7yI=>bbF=En{B^{9@Q0n%Z4yJO&&%~=E{46{!WdET-!w?Nh|
zdoufwxY}jSL9k^y%mQLbzuuIrzP~RUQ@z0dED7MqG4J2M4<IvdrQC#uH-*pqO<id_
zG5cZ81-je#txfmNLw$8g0lsCpAhypA8!;WRbe?yY6_%`}y@3C*QuD-1J-hZU?%Q2l
zTF_E~RjPQhL&$sNcgPxR*z?aZ*+HC$p!o7_3nZ;~;5@$v^18%%>wIhliWfhz?RJsR
z&9Y4}Jh6RWsmG<`qz6^qqzZi#E}IcfE8*Kf3D981md@`p;8zz(-gbgB<ED9zi944R
zO5LlDXbREDnL??m=B+%Sf-d6u#?EG3KuXO!$PHrtvF|b(3SA6tuaSpErk3wM57ZBx
zbzr=4TuxhxsC0=fBxrgH#rH1_GLl<qy4(3^gl8#2XjM9SK{~xgz(AizA)LVd7@#Wc
zQz#u{`HftG!EgJ<zH(jx2(I)+8L*8XJLl!^LeeL#(~xVMZmC*#sjIpK4I8iF2E>HO
zI0e6CWqp6z;r4fHyalX0j#Ffr?LT2lh4|5{vQbP*sw`OZmZPkf&Hi|Vftb%f(vO*l
z`G{xhZY`(r#Gi@dH#~+RZoVjcuo#_=!p1V3hhFNZR>E~c$PqcjL~F21%rZbL$Yev8
zlxk<qv5P1J8-m-egozNPr1YCo^(w#Ns(}3;58_6QTnlEZ>4mDRTjI{d3tE88Z!f#}
z$yZM~FT!7g#cO9qVS9Rl{|Qo2?@c*HC9<F+WF4O&o_Ft%SsY2ty=gP#@}j0qwKz{y
zpj)aVlERnSa}BD!B_-AEWAt5^D1ym+cF;m}G0sIB%Qbs+e$KJ5ePpvzZ1Qbizzr+o
z*fbx?pLRhw*Yo~VrSXQIRAoQ@@*<=@SWw189B=XYG*)xKn5XqGX5i9<Paj~v!6Jt0
zHQ@Ttp-a8j635p4e~MFmbN$%<gEl#V_Mpa%+v=Xkki4DUD;|qEMe#7^V}(qa#%71p
ziNT*B>v*5eNPx17nx0I+&J1FAlMFH=@bb5t8y+<Em<{DcM<JXeu5e+N)+l|1OLRI0
zp(>KMPwQPwt!y@Ka?Rm`s&_bEh3|<ITWmf~SG<jT->PZdv`ZXazcKs}JX6Jal?Dau
z19!T-fPLNF));1bCRHO^lXUobq;9VrD3+Fe4ZW5P^||Z3GsUWl#r<|J&Y-(C+(rJ!
zVD*@P0|+oV`zTLg-Z6XeL0|(>Jl-sA<DfNgjE8u4{#BfX`dsbv#+U@Io_-A-vzkg*
zmyJxH7eCo{r=}`gg<{X77BZ+moyIeA&*|FOd!w%}BI@(DEJAN<ZUIS+6RyRMI_6yA
z>T4-iZ%H#E2#Y%gU;?700+fvy+jV?cWq=oHI=n>OWbDAd!|r7TmbV@2+SD~nX!!%1
zNNMnCq1$|Lbhr*D7uEf<^q}aKtVnnMUEz$^FxL*e9C){r=9cjP+)OQ7vf75E$L6y2
zw`PxfLuMCvFFX22@9ap)NLlD@uMw`c&}&8{>*@^}NgQ|?RcOWoJAxI(025XmlwZ}@
z9ft^J)XkfLt#kLo0ZTw_)P4#Wyv`6|E-%S&YI3w!TwbFjtUo2tYzV6aMOD|1lQfzw
zW^Ya4(n>&Mq0f2i&J@+jL>SxNx7zbK<s%OpU)JkkWi_^$_CQT0jB*DaVlGr&^0P6D
z*Qx~@z0TFdtO$2zhE1z|5U<FacZ@Ae=m8&oILNJFg!S?9OHA#3n5wU+7HAF7(tz6(
zHvbIw#j!{|5cbPb*ty{G7gg>)F{bXv^b*?pk9Zou{>Lx5oN_i{M0Un%{^wVRfhx{G
zbyT-tT=vqVRIm8+R~0XVWL1ami;^+=G~ZlMWWWh^QI(Pjb<qR~bsyH^A#vl-dIdP)
zn*sW=23h&OI5`HONf@Eix_R%N9IxyOudOYYOQS|xj9Zg4Olw^XOx_wMQ=PBv{)Nqr
z5)u<wSwm5Y6z7!b{h%J<q3W_7+!Mygqdi@d1O>)f&iepXU3JU4?Cks~Stz~?zi6=5
zv1xn`dQ>@rz8gBRCR6=042Hxf9#t1rerR%la)+(?=B|4Ow&Loo?G?fHsy(=7r4bVe
ztwAU0C20@(Mpr_T(Lm@#)0iMoREO5?1)y~?ZeH8M0=(Yn=bBW!`KLrj?@GhKgSTLP
z!RB+k-VsW%l!<?sJ2dZQw`py}RJJ{8>7|W9#9qy=<rMufNeRDbt93{1TaT_mKt~Yy
zzOb2yu7HL@;(v$pEjv(&<%<U&_wy9C9o4%B(>}0BT@U{!U;z?mZm~A^lo#KE*@MTw
zag?QVaG~sTnwWfm%y~i_*SmrHQ!_AlX>!T%Zr%F=#b9tDpEG_ex3<AmQ6>SPP9qXq
z$#iXFlm?Nu43UK)6yJZ?epwe}(u0#@j~y0dQORkNRp2?ooMvn^1Ly)}F~c<7I?90E
zdiwVlE<jlQ3Vj}iWsgXE?I5E`XGg0gj1o`Da$(48l=yckKB2#S1T*bU?JvDwYWY`r
z9qAWLtDUYI6R^0o23-yyYi6J(<llx(>Ege;ACGv&QvzW-<>M#@KYY#CFM`9@@HggK
zYP=L%zidW(1_If?1s!8>a-_*N4*CG#BYzDXKQgD+pJ{_elxJbbv!LmRt@#GZ+Or2A
z<?h1es_{b+b=EyY*9_Fhl<6P37+2Q^kkD35s%mZjl3!!t27C>=ZA-H~G+mvpbIGlf
z>V$?RuEC&=K-l$pG0ey>ZnmY)LCTiL8>c<pK9&JRU~ws@(DPh6$`sVb`c}+VrE6LL
z+eZsKpKazMv($PwWjG=EfyeN=5^svYoqk;1+|SD2oo?Et?^P$Gep^vglr!7G_w+R$
zKOJL}fJFyEy}ItFE&bKB4cQ||zoPZv_OY1}?~lSR=kQ)wvR;FO^^H8$$rHaVX}35|
zwRW7A266qvoW$uFeBG%ajYC#1crBv;*8buwmg-q=rcUxy`0Z^v8;kk)g>?xOY6;-i
zi8gDbnX<RmYttY4?4W{-0Ajbg^t+Sih-)EW$)*Cn*UH{e56quUbtJB#P_Yy|EeIp)
zJNE+USp?yL9_iI$!!F|C@%~Qk3DGv7ch-=FF5OS!N~#}i$ZD^!@_Cp;8e<2woj;}X
zhYYX~#E2AO8c+82zg?hY8F~Pz5E9=Xaa3}oHpLd|GjjXYO*xWkt}zjW-R>{}VbSM7
z!ifCCG$VP&W0VgOyUSxdruC;4KcF;x>HZ3?-DkaPPHt^k%+0U|>T&E?c~PlPW&xN@
z#-9lUc@2spi`@dkk;Lk$I<la89@4+wB+ut-!vpF918A|PQ=MfscSF@t+>D-co~Yt*
zU!(?L2VfiJaDpZnfr@aIm)CQUb7Z_}f%Kiu-#X(#Kcjvv9d%DqqK4Zc<tET}^!WET
zKx#pu^SdT?c+7jLt5qn0A)R9w*qj#p<kX{I53(`LARTob&~4hhzhQJ$4gPb>=&e99
zP06b1^T!LTemit?CH!0>$r#2+E<>Ag#Haa$O!}CZNM@Edwx!Cg^N)2v?*iQvs6l@r
z4x-;=J&<nQm#!qEO}kmJkwu2f|26XX^EZIxZf=qw6qLQ22VX~YW;4dyL`#+<&vwkW
z_qUX+f+9KD?)_Ei8oa!d;cqixHA8$~?&y6~_8V8Cd`x>K{H*P&fj$za7}z?Ge#oq6
zU-3H~X1h8A!~{v`u7gw&xyTh_@HLPokA=&P%NmBJqr2Fcp7o`1FHJ;tEXA4a08}a0
zoXTaKc-$W*g*I-Eey-c!v0w3P^`Y-sQ}*)}4v&pEO2|+reWtJo_6P|_c>cCm>#3M~
zxK}%ZBFK$rL)XUn=<<$T&Y0gmRrH_7eh)IYf{k4p0ruvoxebeW)=AUVg;Nfu%e|;q
zJf?X)z|fwh1Qu8_md##Bf5}hc(nQ263#iSELsW$lNOF-0776LXwTEj?=o-3^z0<=P
z4Lgjy+Ecg4$`*IkTQ7ub846z4qzDkZ8057$Z~MVLxN#C{t-;)wSHQ@(#a$osE38vH
zf8JY3CQ~cI(q3~w%>()L)T7LYoEL$v(23v&-v}AUL6K*H_k#iVv6(9<T<u~vByN{*
z8%f)tWu%XD&Qx8qzr8U|$eRw~YqfED($0YT*5pcLmbuEcwv1eIxDXh_CAPDCGVyg>
z(!~8lRz{7gm{odTgf}3w`0v6IEDi!e0RC+I&J-`H^F;Y0_%8zD4$Tzf45_FKM(q6H
zvbZ1Bas&Q1(*mS@LJR5hd8f-6u{Z=)%Ksq{Le6~cD8_}c20C;?VE-T8cKrThGBxLg
z`WF2sCX<`G=1bs(kvfcuv!F<&Ux0+o`H8wAjIIOZpcbRjc)qSY!k!fcNdGC}azKi=
znge7iqxX(a)20frvte#pHi7yczfsbDCk0(%CQMaAbf`N)_#k{OVlx*d|Mtx$Z;~7L
zysao`CQ29deP2TK&yvZz2B&U<N6_T}?Ye@STvq7ymEDHV(CNczk%>0Vy6J)GjPPxp
zp4W?tHjk1`+(e)W3I`X|EtXIGqc3}WtslK0(z}Nq2~;4r1YTo$X^|8T6gY)Wb#ZJU
zhi|}xU|c2Fy(Ll@4)!V|(0lb&kb_ose*`1cDP&$?^!aKR!T5P@t|Mvx(LZ+&EE~X@
zc|Usk{4;D|tPvfPFgs=tT~*KY%5)sn&c-Cmu*YF~mI4)Qyxq)DrPI-fKYkb)V50(#
zGqDIHCO;s8DH9O<1<uPru2lb(3y?28Xlb-86sF6x0R`Q*msaMzyT&{Rx=qW$W%0I~
z$hs%5gRZG(bI)Si%<FreZw8t0Nbew4Bn87%m+yG2N_si{akzbH6d@V#fi<ar>L_}E
z`X95Ldf~S6Lj74lyO@Qp1-PncACP0UYL7>C<nXM&89j6?CREj1;~Jf)l+eQ8w#25`
zwVNlyyjqhVl=Yoc`nBQ>g#1%oPNIB5^<*@l{WE%vwB1nuF)_Ef?gcTxbx#0F6`57+
zNJ+L^X2F<_gv!q&FPhP~4SESn6iGSUEj96P-O(ey6hKs#Kw3(d;@=^ef>0VB9V>vT
zZ-$uc5-BpWb@O-gTP1hV_d}=@3+jXAv9L<xHIIlTl-7t+KBoES>$Bn8DRnN6^XiY>
zu$Ov&crE#H3O{!Q8XCYoTC$wl(=$QV?Qx=O;GGmiXhfI~-$auG_R}C#y>8${f*VGT
zk3T1z@bN<SG@UM0K93b5yx#~voTP@xDNJx8<Or#wvdM|UX~Vsa+<<OvZINg@QjpL0
zof#BqJs)AQXKjU0SY*66iYx4lm>Mnf$bEH1$`(TsAAJ%;y&@Pm{-J#zOE@$MS=O$Y
zA04VPa8#iYmVmo2YP}@$G2{uy6V7KTuk?-2-_Z~%`!e@mtCrOPR^6EyQ7bT~tUWj?
z<<Zh6y823SMJe<&4G;-sCn0L)hDfWGY5WmBM`0@(lUCU}u&?O+JHzySYluEj|4XW2
z4?0;{Z0UxMGX`Bxl{rBm?aPsE0AX<NLU24%Omi%VB$hz)C4Lux@c-N~<Ttud>sGcy
z>qKBQ#2w*P3LB`CAGc$pG_6DH0zcNlLg$0j-Ofx6%Cp>nf8`Zk!~`7!MOvQHnaM3u
zV@u~VCLNkm5A$=uNtl>>Mq}FEsDvKrH`2MIdq<HC=$l}7V1+xEu;T>VgyZ(bMS348
zW*$pu?2@$l(wM``+oPt9l`d9K%#P3kqyXetgs*}p$Nt@$Juveg6Rm$w$#)rJ^Z3z&
zO-Qn9xd#?trnLO@iD9+=rZw;AHID=0JfJP#sm(6@@PfEh4ZSOMV|-sR-)l<=T(-<7
zU&xF`;P_7-TN@t<C@-am+KV$o5LYWIm>f=Vi2h4hn8x;yCaMd{v+|N`&@!*~zASn|
zD$;6y`V7$THLVCA^#K11yV{x_SL8s@m%T6^2ij9Eu?WhcD11*FJ5yFzd?<<_KM(6#
zx3-E=fY%(6q66mtAw_{8f|J$%<yT@^!x%mO$wP4jTf_(5eAHfIqS4*cBXnVl`BMw<
zY+ygW6guBezDCd7+0V{P8pxibW$~<U#@Xw9GFflkQxo*u+kGnNZ|m@a3NM?&cH3d!
zw-?HmU|Y0PTQ&PPucA1!Yu9M5yAG?8qp29Y?35<@VvB5Q)VS3#+{5p}oI-Z;5Ce!<
zqOj(L(5|bQlM&l}%2lC&d~=MIb<={S;m<!y9s<BL7ybkAXP$vfTJ%XJ`_ww7a^4#g
z#)`>-)d?|{5Syp?kH1KvqBc~_GD120QbIEThI9SVKj`ujGO4Y5*$ND2Y~@A#u6yMl
z4hi@-@xZ+~cM%ZjVcLY~*rNQJ8&%rV%gZra+1C``92|hlXB;f!0fA&3l|sVI1B&$i
zro{{}S^e7+5ab<@Yd6sCvXva6li@AFi!ppUD=e^YrnWW&Fa5Y8vkd-l+}_T5x4*{*
zug8WqB99K_cz2q1u61Uv36w1xIGZMq%6Nx0%x5(?kl~gBDi*YH)3cHFD5*|eeR3G*
zB@+&AZtJR6xZ+=|G17HPZL!>;q_o>;WOTIY1Sh8pzl^=Y)4?zI?i|TF9h(9r&H<9n
zB47+cLP}8)nGzw*l(PyLkm=O(tk(f&e-so73TFVIMi1$cB!UI@9NyL4#!?PDp?XWE
zDXn=|0N!jN5sB@;NF<P|$t`1=*EPwj0cCHfe{TZ{5bT^>VY7@y5GNax-p?1;k^ph+
zWtStMmI*lcDkS1~h!jG3M)fROpz<_>DDz3HMKn`@@c&YN-z!sYtUHD?9r@@b)R!P@
z=#QSd9ZK0S$+_ifG?yk}S;-A3(N{;x#`5sK82CD;T=Ta<UuOZ3{%M^VZGy0uKBQE#
zu%ZkXqPVXA^j%<&3T?Z~=}~8G%`+vf&MyleVj4=Si~-?K9yK@ZX79eDa_5f{{!%4r
zujY-#`^Sy}MU0H!&iQLsi{&{^xtn>Gt}lmloRpH*?&-~a^V`5Nc*rE=KwR70yE8Fi
zy7-Rm2fcT~6{ia-6obDX((N1lK3mH=e6@<_FZufCkV`^JinFJy%WwcV7$n9a2?xw^
z{J0&>w*F$HaoPIadHEt%d<h75_87;3czx}NLNBejF0}TcxnvLrW$rls@ob~AgRIA&
zbf|icT;CpAVHIBTZ-z*zC`lQWOU*-LaXr(Un#7Ie^^Q>RM81>>+{9jK3hHlvi{r+%
z@AB`(;BQ8tAa`f(je0TbvS<0#pPEf|bRwxIFBIyB@7>`NQmyI8FSQ)2Y?|Fb2enVZ
z%Ib^sz@t^DsgxK_<nvumK)`ooK1W`r>^t537-%sG^7HaOO#krVg&&}^76gW95LR#B
zzD=*7TQD8X?=V&(vRIQpdICf{P0>^!|2mxF1~_#_2HX{WS=IOghLl3b;xRQoE&|Tt
zn%nxTY>U2%J|0V<fEJ*<sJOfVD2GmDgm9}=_uQORi(qn(knAo5nmSTNVCIzCHze#m
zWdba}l{Rd7;>7XIt}_lyOx+h%9%M1IuN=DNTX`719hG$~EkCP%B^0)vdZlq{W2U*e
zc>zX%EALOi2rWvNFMm;xk&z+gg>Kl<Cj$l`yIoH}d#p?>TK=!a<cR>`=4*Ekq?+9(
zO56gk0p+y)em`y8ve!8uZDGF^GnE<&q$(B{wuK0lZZ?TK#8o9ip=gz>jQ`nGQz4df
z_g5o6P2sBh6K!4P+?x&cG%pFMx$p7WxUZQ-l%~}wVB};pF6(9{oG<A4^)BU#&^X#g
zieLIqH!Ek|Gol5bzyxSAH8u4gz&rOI9e{GO@tT%atKXkbxAEaS1tJya6g`JeW8`>s
zY5{{s)HaK*XZUn_bsGaVpKFKRzkJmaP>y9^Vf2YxJEw%czR=r(FSN-^KBTY%Y290b
zfqBLCX<51SB8*rc%>b7IAMIBv<~W`nGKTyu^bD;A!c~1~2U1#(jxp?KxXJX$qJK%K
z{l|^->egd~pv*g*-VT`yPvJCm!XOH>Ej04b#>)~)?s`HtnV2XoskDYbAZ<r8CH;At
zp+DCqYV}!w>7uLR;v@{vq6`S%Epx8e7_Tlsn_xI*j_HG5Ml>GtRtxGsb7BxIrJxJY
zhiHiX<IdWQuuF}CL}@Fh%W%a(-MiFN9&5gZw+phv4*{v7fUl9)lCeJb*Lz5%x0)L0
zi<<1?+}x35pp(eD*i&o_wzh}coxNO85VYH;yjq=qaM%3iO>UW*{bR?NM|^*u+7-NY
zmq(M56Bi$MwCNQN-*k?i!OND=tA<uqR^N|wOj#<=pLG9xd)D{OyLZy2W@ZF9gHEXu
zR`!`pR64vB$;n;CKNCT`vvzMIg?aRJnM~r`+SIicvL!L|eL3eyW9dK#G;~e7aDrqk
zKMiT-dj{0*!L$hzi~G%i+qT5-&PFf4V>fj<FLG+9Lm_nq4gg8$5s@Fnx-ht@MZ<#j
z1`i#fKRp+{S1ZR}H3{q{9sbq7pz!3C{OWef@4xN|O&e-Qhaq;_5pBv}TjkjF5OMWt
zYT?}6-0zVx8w$83BnWd9jTDa`Kd%3pTc~MK0JGN-2MF{9kc(p=2acm$p$J!0#I@Dz
zY%#1fR90+OGZp<-&Uk>Xy{wI?>bPP6({h{oX5C+3<=fZ%%S$0qC}Wxyz4KiJG4o(m
zZ`46Hb6BSRtct}geEl|m<Psq8kJ?&v2AfRS1sdHSMqy}<aJNYnR+d~5IiA$eod^C&
z!cDv1*%zT`09sbwcdP+OV*@cs@bvUN#x1Pz;Rc+#^NKiB>@0ldj73&zY7Ge(4eJZu
zU(6hP6&tJEV#4yNqdzI)@t;<J(Q9^Ixd-wvWD2|!!~h)hcN|h33ZVxe#VbJ`dq^lg
zU#jnebl?8B&5SHX#Xe3E^XE!lR{+_x>cbOBWO@_Ro<5|4FHJ6AwgP<JO0lK=Joa<6
zo<mUjuhxH2sg?tzjX*%v+w^xXK4`E*V6|F=Zg4Lq#vbWD*tIXlN~0L30>bJ$^}d8@
z7aDn8^H-8cgyqqsO1>5xs!1MqDcis>4yPaouApUL<mf=|%QWYBs$P?->ZK|t{a**U
z%VwaGDzDO=e^uqVB%rOwU8owvczN5x)7eZ$-$IU!>Dcl|pqk{9N0gseviW*kHq*F-
zNThC9ni0XM>6Jgn@cDnoZ5@NQ`<hmkvacGVQNA{#QLIM+XjIm@GOp&9p}&xJxP~Vn
zArYvst)Ba`oEKWzWLaz)s}Iah?gR5*y(>e-W}MU%=C5~v3g%<2lsV%>h{upy68%fP
zwVG2E^L(q&GE9ADh8t@I!$UgN)bkXV@08R}OGJ&ES{qv^b9}pFi?0ySS$&AEX!Y42
zvwjes5s_5z<jGD2*mtC0K)dR<J5)(<B`>3B!^5L#dr;rX%C00QUFs;d*YL{@Cz@nG
z1cS>~R#w{RGz#o+t#&}|XadpZ)$7;Rfuw0T3DCRc(6{p$ICpg9|7Za;#1$0M=IwRl
zfqY%i#PMd*8^D6GY)CkujZc;q`i*oRYiT*P(_|1rHXBtetDD{!s*OmUYpR=S0@XPk
znyNoRdR7W~L3AHI`b6asEb5HdI=d^PHvE}2j}~=DS7EQF=f4iJo3`cbY`cA<drA#}
z4yE_v0}DUtq&@`X>yLXfWLoOIC$Ot>5&J!m!NI|Mbm}f%(Py%uT%FWhOPv1I#(I?R
zaVFH+$KXExVm9~==(SfZ?!M!*iq+c-=W=WcjnX&xO3D`j9h8*Y0-VV+=$a}mnIzlQ
z)wKAMJ#gTx+4aa@r=8*xlEyv&+xg+F{wUNN7gz&*>S&!IDJ2Q)+^QOM&9)bq+G3Ld
zl*xa9@x)SeAko5a!Zi~D#N|wDVDz$#RY)gtTabz6aM|B*Hicj7f>T9VMfxErSY1!l
z5a{M%LTpaNtI>m-2d`RTkA-5uuYL0cK?k3KQn`Lqx3lS<8zgJ$lETBx@Kx{y+E9L}
zmr>lE_~skCD?|D%)SW?1m(J2J%?_*9<th^!u(1r8)WV|&dL*@?@69Kn!-1JC8=z^P
zzWaC3g;ar>{z(79DYw9qE1vr+a&!hQ($A4p55oGfKkaAF`*+DOySC6d!iL(1Dg5+^
z06zq#0BR2(Gd{ys*U`(YAZIBJcX@T|-n2wv_pM66D~^^xAJ8a}0;c0Wvwmsi{`~nu
zcn9Cn5n_a$jb=A9eddgGPe~L)R=zr#1r}8HS!;Pd|7#j(?{*6T<4v8iO@F@#4QSE4
zN4b<I|Liy`_~l)SY&##Mc$o{PqqR3rq)av8`jwr-drCwoMO?mw(*U)Kmri~Pw1uF*
z9IsY5d!vQGHu<{*^xp;*#{fJeWFc1j;ftq*cjE5`{Df_kuWmG3j!gv@1GNHDMtpf;
zEhWdQY@xE$0s^U6{X1At4QTB|)FKWKJ|7Jd|NQwgx<D@hx3|?J=XUklwfaZ8(taDj
zlGMc+?=_6^qjS2UtCd?}Ymf3w^nH8Z!OVC>r$gp2-YqY~@XYSwWFOR@YR|-xV1-LJ
zt{X7xzxy+<eOL`7eZvdzL9GS{Sp?6yPdiM^J5$B^*1>jJqq5*<>)`^@52pKbQ?H=#
zLck<R=F!}hcnjl@=JKPx-FOI#-P&kctwaLz)dv&B2FI4qIlcYP@buDPRFC?0p<PF^
zL~6rR>LN0aMyEzkpZbelJ{CDDsVQ5LCnl4BX&oOviiVjO4zBZPeN`8Rr$ucAIJnz>
zkZoL%bo3vwN-d10k%JSxWbD4oxr~;!*3~J50rPlSfWW5bV7Ds5QBXht7Wi-GJ3cSs
zaKHShHSZ@Femv3)z<>xuM_z8~SKEQk>=U9$Brx~`(56HJk}2}6rx&84OgeBuS}RDo
z;q>R(*`~1Ga|!TS)*z$%f$k}O_RED=re2U*nl`6Ht-zKAeXFAqt9L~w>YgQ(mX%o@
zd6@r#L8ofK(z_49RLz^2nVHhU!a`<X-Y}@YM-J0m3d~Av)E}xvW&kBG!{~%2Nq?9}
zR7#VS)Cvxv@*GLfv?7MI>OF#o2EZW>A&bX}I(a+2QrI@BFw`^9zZfwZ&}p%L;Pm2K
z7rMzoc6VdUj3<l~dI6AvbIY7skC779fwOU0<lm0onW3~6W9Ob!IMpmXMHAp?m~kpF
z<rozZ5P)vk?pL3h4qnb(6}x=d2s<<cBSbLhWx#A+SFLXe(>jQWrFC#v^anM!>avRl
zNnlNNa~y;x0%@P{e)?_`q4r+))cDSF&VitpiG(30;y!gG)Y_XH1nF{=aFwewwZ@O-
zAwOv-X*rEeKaUkYoaN!W(4BMn!@u7K3C(2O`^SNVjVbZ=-z!&*AKH8CXCF;P0K;)Z
zu)dFq@QBTL=i#57og(LNJ^fvuf4EaD1&r^Tj}I?{a3=s<vI*<m4u9Gr1dyzg9?XbD
z$91?(WZ+aZ_EqLOg_CTM+m!o4r-kt|Aj4q$khmXoFKY)Mi@@~Omn?&3>NLS?Z$>@_
zyUASVIdKB}$yjb=T)^o8DV&~TC(`d>IE9uX9@2t(=#;XiCVN4fDlOH}r`t_Ir4=RS
zz?_~A;BP;GGVIK=-Ve_`3=9lhfl2GFs>Y>{IT18e1Xxf=sPDN<9VfsomYlD64lCbo
z7J2@Jy$~k@keIY7tXWG$6;mE1KzWo?bhkIxpV|pXooc7ww{HKK7-IpoKCpNyRBnAg
za|@QcyJ1*T(lno<A4t2yvk&)Bi2&vlJ=^}xUbqp~ARK%c%qOB=WEC%v?@bByBWM{~
z0ATeSm^iZ_gl+c?D+6DPfN8Y(tgNg?9?hLUrTW6bS5OI<lMZb_CWk>1UQAc1M_F0V
z?c3T_PyI06sUew@JRfc7dA#84*Bv<2X`*xnHXobOMk19If;vv(6DoYDU;J(FzS47q
z<>u`X&G-n7wRhrw#$35|P0wcf#eCP}v|x2up7$;qI&mvKGu<#XQAAr9n0Zwcm6Gym
zONuy{UwQTFRl9(5*yd<Hea%hk=pQ*W%V5|XY>$#l`H{$n8ODMc!Qn#Z-F$mi=<297
zDUWswVtp|}P~<(p5A{zWqR|LVFt|Pu@B^y=#OzoObu)r)6=#;FH)X2A^hYgrTPE;n
zUs|G&=T;>X6O$2%;Cz(1%QjLyWBLDH1jKkU;)(R((b3ZSdh6=V&6UyGVh58EmLI1j
zG(#m3Ze~-P|Jwa+tR&n<N*Vbr+uUATVfcSpuehS3=JHg|#m!ms3e50Rrsuxeqw0|r
zyKcxk>TBQH2h8y}PcY@K`E#imHt`dZro6Z9jC5PIow!7=uy8Q#s3t|XFD#yi*~d^q
z@@cI;2~)m5JN^$-ZynTCwDk`Qf^-SeDM*KcNH+q~-5t{1E#2J>(jX<>AT8Zp(%oI}
z{@&lc?>v7vjx*|T_St)_Ppy5zil)sJX%qedj2#Is18`ny^K33`Y`nXmRVrCJnkt?Q
zK;wHn^$iI4s;=ja+L;!HPU`Es^$$VJld&~%ptHpPl5?;2ao1R8ZFE%cpkmDaeS8Ha
zLbN~O{?3xRSRobOWXttag3=FRQL%%H2YlW|<PSXxVm|!YaK)qfzUOPp=y-_+0<Ogq
z`FnGPXk7)8okK%IVgmSC@!i6SEjPsDOayzae|kqylkTr<uTDF9x?USQJO7f1r_Q5>
zeMMPNFl9Xxem|W0$!%NmpMgQXLs?f4hvO!E6p8q;#b_2ETf5Vd`jz=?xzfv7A4zi(
zwcNjy(o*yI_I7U*Fbj2pb>4^Gq6ZK4o?2C!M9f>OP5u5`$hqtFMpm!*v2w+jQvduf
zmLWB=yFG7SdD=%9c6am%#rZ4;?gpAI3nZxb=<p7<2frN_Y`?(E$2y?0eqzlBKr1|j
zH4J}bq&H*~KCf6&69tWmp2D9hiujD4H?#2Uj5{oB!&H;-tg1?Fo1(i9({2}?EC>}U
zw$?(4ib|84+ve&tTYIBd@t5*&f0l4G2A8}0g5!Zmv(@se;3hXE1ui=>3jZA%8u0Gs
z0UoxLNoQa8`qzzc1Fp{~B_tvu0g(US`BJ035SSP)ejo|pkA5xq10FH5?<Vi(smhdD
z^7FzU^>)@+hrGPVRHi3WeZ&*S0NaSku*KX8fdsZ45q?s1T%T?i_F6RG*LgwjIAn{}
zS?|N~zt(s9MWCnKig}*-{y-ss=dts*r;?67y)+$(bI6vKAm3kL{aLPMFv}O~Dt7lb
z!SvtOS4<`*{2CLVfc$(iL7dGPvs!b7GAGOXNaEqJozX^g{F17NR@*z~SF{P@wqUOJ
zH^4gd%>e6s!N$g>nJ!Uko&?cgdvLQ00^28y`Z(Vuvgcm-^S)9Ge*!)E`}iAOnqgWp
z;za4d9X#ULsdF*!r;;^pDrW3bV@XeH6^3dq<pE}p7#Dm!xiL`o$~6;Nv|hZBilND;
z*7A583C8!IsCufREO83~BkYc<td)_0pGu*0cqT`je7=M^QK6*N)^}l;`f{C}nX7}P
zW=Et1ao8WlDR`{u8MaQ&g^6hd+g~@|JgU2}>x`uK3<n28FYl}zEm~+bCzhGd>VLP2
z6b-|6xxXE2@pR94k%EPdN@?VX;N~&i+(S5N6}6BI7YR@2bc=83i-HpS_N}VH<L>t)
z7^luiq*t2&GvthIR?AH>;Qk9_aFfZPpWrjDul^5oQs}PeN8}m$XwDQB$CylFUiVm6
z$qbRb3I>++A2mmCv!h){bn_KyMCHTP+UARVey=#tEFZRySsw3s2_I$LTAdk&bSm0q
z-@?Q6go!%mWfB!$ix+2cMh|XH**Y8F#?ySZT2?=3NPf6M;Bbjv^Mm8?yrdrZ#$jCC
z{|>Qax+K8<>Ar#0LX1vF=a&WI&d$ic`D!FhkCqYeQaSLjx(BjJ4edC}QSit9EE33A
zThl64SWT(Is8um3yvfpTJ>8o|s#PD37)(Oo@kkyc7lr3@44uMZk}aM7-O$hwD;i07
z#%{M690X*#-<pkfpE5HuleUM`oJ;h3LTLh?IAFe_k@3R>ez@WgP9Jt_)nqM_V|r>0
zs8vM!sVo$L|M8B1y+)4qt+xxEXL=oe^uCo^h0&pJW)-y-3D^leaAH|{<2JW049PeV
zg>le6q**OuJ{LjxSf%}ygh5>FoD+@S-hnL_sFdo6e@T`ayRO?`C~wyUq?*L7#1x7f
zz=maG)cL-1fA#p$oA;>6xp1+=XR2I<X$Ka$`yw8Tc!_3-)4)+3f4xu!)9d~-9X3-z
zU^NRS@9nFoL<S^QMjwAk%C3PPSSlQxH{k?*7n_D7uyE#~^VVAJs6XV3KZ7f07~8#`
z?#~ZqE3B=}%u*Lhlu9qaJqrtJ{Uidi{^-!cx`Yd8{g2v|a4ZruUk}zT_dL_uVx^8(
zYEM_?UCw1`KdR6OoGs`mm0C>XiYG!fPsH+kH)JoG%yYDV&jIC?5qEW;A6IGr;WCx}
zU0!JFTc2zfyNlR(eaGYIc(dZy3M?%6^=3WE^VP-b)deF}-Y@4!=1B}2uA%G1rv(&L
z)dyMLb62B$Q+D>bJE!Zn*T<HXSG9UpdOk80+F<+7=$fadq$!kIX=(CsQ}3<)5X^~g
zlavHIj9OAsEI4YXH-S!AyYbI(Fuc4@%h*smSW|nE@a);sb;-wD1HYaRACb2c6F*x{
z1{PQ@yqZ8*D|ILv>k4AM5-Kh(E`UQNGyz@h{TL}saQ0dZ9fj=~XX2OGR|Bet#UFj7
z$tgO2+rP6=PxOq!pktsxR7zj}gCX`UeuDP!vY)EW21dU&@7J40vUzAGJh-~+u?H=a
zDY6|_SZIOu^TQBO58jgUY>xRzQs&BE?O&2`B}#i<Ni1_$dGnRFJujfgm~DX*FR|i|
zR;w=6$Lopc!1Uvc#G|9j{f52D+q-RMZ*3=Nbu0%gPFMGo;)$y%?YnU~Imq))Hn9J)
zu&Au7%JE2`y$co9CHxytC%S003=a-kHw+PKA~X~z*5?veO}b`pikWJn_P7znRr=kQ
zbGW;C{Nd)82$R*s*q+<Ee%DXdPW_|PX{@85=I5Lr6aC>&H2d6|Y{GtZo^-Z_erv(*
z(aL6D@8rWT`&mq(Gavn%gC=6)%0WkyFv5b<-k;qRmMR7%S{03VhE1^{AqbB9vxQ#O
z-y7IW1zRbl5G^XglT*@IUJA2rP1gnMp005AYnE<uF0xpHpbYx9O}!fh1>R9nft#_m
zOxv<g#Uvy)lD>w`H93{_S_n|a$(3kw=$|apZSKN+#Q=x(F4t1W#vIk#i;_dEbtP}G
zjUG8Q;c02#%I1lXyDhEOTGY<h0bf7=t4XqnYsq&7=BHXlq}6bLlF6s1<#r>lmwV$O
z#;=l~Gerf}e;Btl(^0+%n+5x+;j>9caIwOLlE&KJ!JrP`i=>65Wag|(fM8CxQ>z;U
zA-ow*+n6bm%Tb%8#X?+p+Qe)^!|x9LAi<7@6<>O1$?41(-H=(BXY<gDVkIJcy4(4B
zlNrx00J>2#Qj<}XGRfe(mGs_kqx=fHt;(u*(t*8etMBMkTODYMM<*ZLr+?{?v==Kh
z+8z_8wLO%h=VD?hb!)|uzQh;9OnUngZ|L>Wve!w`id5{sXGNTHQa{_r63F)t8ka3M
zyT9>umVo|wQFLjJck-aXJa_S(B3E~Oy8HAUf~~w)1LMdWp8!;q)ReX{J@i{tDErd%
z8!UL3yB*ixijx>`U&-Ov6KXeUax|ghc68Wo)L_T&1Wp(Y{@#q@OJ;STmLcZ(JBd%s
zpfTZmX|n&tDm<Y!vo$7MxOSmd?biFHuQ85F?RhInvo$-bs&CeQhuL8K{a=;x^g_?L
zxY&kw7-VX=?T;6r1Kyl04P1qU2jqXqA56$~XtZNbWRhWEW7}_N-q`%-3$9AY{D+x`
zSz`dV>UoZUaCVkzZd9t6b91@J&Sw6mBf@?Mk&ascLlhp}XWga*O`*-NDvZMVDgE9=
zad6Gh(Sz$UHU9azAG<gu`=s(v1}F9ko%BBahbH2P$4@;2xGXCeB)VIDtfdxuPn|TP
zk788p?ZZJRtDQTG*)5fkSn!D9{Wjkm(zz%a)%QAvmeMJ;wQol=wMY}omD1ByYu(w*
z+g>s)@#JMLJL{dTzk5D&FgFs5;01_1eILHH?Rpal`{uXvB&9DJ@sJ|*GpBJBiE&K@
zlNKDx&#ytK@fDhQeTeV+=Zd5=5_`cRZ?M0hbpH9X0rOo?*}-fh9)`eBt9y|SpV0_8
z&A@=LsK{F)JcN$S2m&aYo-(%#PS8{fBb&KKj*r2`K!WA{l*=m70hMF2ZRs3w56&lM
z<@22EYizE}5gwi~Mk@6*=q-Ve9-nJ{5^l!0r`+P>Eimd#F<au#zPBxy@1LvDL6`P#
z5R0LZ08d84AtX?R+l?X0eW-BHO6B6kM~x^y^7#JrFyt};9Zn}AZeRZqM{w}?ei#QH
zX8z){^8PHwZ#aF2S?zv9W^j5x**v<mxL?zsj#(TYCSRWQIS{c&XJIpL4pkA#bLyPm
zt_vxenkM6l{Q!W|N~;~x<3D}+)Y&_e$h<X3U}%{l8CV#FmdVRY!Ry`|!{a{J?nq}W
zlS#oqFrKeSJAd9sVsW>D#$R$oeQ}QU4<O$gtJUqVfeu6lxr(%n*u*2Xr#5vjPi&+a
ziBlySD&%5dQz?|o=MyTsH3vtA>W@zq3u{X9*?zA7{WGkcuk8MEAYuInKcw=XR?<Tm
zm3BO(+3+EHrJ`WA`!1VLG-FubBdFhu?E5F6XBlz4ipR?w`mh)0o1jNzPj`AL;cb0D
z%3)XbBv=teUWP-(`q|_1d|-?X^Ml-kZNsxUJPh=naYw#xv2kAl`ktZ^+!rUOnuD1L
zxyeF>KO-Yz0tE_X$_&^QYF*<z?zdYPqm3j)W%iH7<f6DM<wUKb5kC()d{ou97(6dP
zlSrHSMFx<=KLZvvMS7*C&x|PeCT-vWcbe<EK^^A2-V*{1Bsd~ueXU%JaIP*w!nk_x
z<udkjLMWW`F_v2vhE^U0l|4ZGNMvNG=1%$IrqbV1>r91+oNwyS_ns%IWNt0)9i#yh
z=g5#xP9F0*)#XGc3N<2Q9l^q~_J4(8;&S%y>vkWGij0J*Y=YUlr2>Ygt^$($*@xM0
zSLApHT>3xrp|55qE3I^fy;{2q_bRIGNB=VOGCnyT1*+ZbeT1L!X1F3B4|+#p#H%D%
z*m;iDQN`?1Gii<Dvu3&7S$64r?$4ef^bQfWoR~N~^;4ILv>eC!-ho85(-Av1u2@GP
zia#+&>=6x=m?x&!)1&>&^Cc!v5NbZa4RiC02emT&IYN)s`mn}P=FVsC=ernv(62eL
zapA?NFs99C3&074Y)Meowx3^r?`V_6b3-AKu2}DKeLN*ImPub*3c*b0a*b`Sx7up?
z5fd}8HMcOYr)SiY`*33~nG)uG?!T6larAP#4hQMA0JEw)9*VX0Mud6XYkGYHWX5`X
z#OS5YGOyL+6=~dn$x16%#?w<3U0Kjz9)C70XkPdLg)1>m1{8&T>>_A^>*`RO2>Fq7
zMhugdls~K2qOEzn!ufz7ou(ctjmeU3Vsh{<*3{!oXKYp6J>8+WP}lW@f~sf#+$070
zVj_e#nvj3^#_SG1PtN)@1O-aVF0Tpt)6-K-8dj^00id-mj>q9DJ0sj)x6!R>Uoa~5
z{0gww9pC=jxU-*Uo?+0D7Lt)szq=iqSmX-Bm7`67v0NSDqf<tA-4ZX~5C;g=YwztW
zlh(hJEbrb)Fls0iIF{{t!R<K`&JMtBjwl-E<t`LIC|c<}wt{azP|4t5T?$bqK{hsk
zYY+ljP)c`g^jBBocV5AWP_d%j%eCcCotbP<+w69>rL4XRpWd!_S<FT>dS^+szl;>D
zdKc#Ty#_^~=KLyOAPhUjOmhWBnO^Nrpi-$UZ9=NKRhjxao9%m}QYE^U4j5}>>zQ_3
zfwsz;8p+78u)*}^Y<a<s6B`rE%M56(r~EdOz@M6|Hs(-z>gNRnb)(PsWprv~?qt=l
z#!kx<I#dRT%JU`jQN{E8-cUay?1R>>-xX<6c^|;TSR<OT3I~3BsT(0lOuul@wbB!q
zth2=9GM3IHN<@4OCo1|Tl4P{wYy*MMGZnB{_67sEZy{<CpW};*Vc=jf2(h{+TrY|i
zi!jPKo$_o;mD7<C^*8pXyO-LnqZ<@y-vv3HY>yo;E0(FneIxNsXVUmLOQX=n&D-j>
zK3R(M>Lxe0(czlD-g;>bLK)j^{dW8NJ!X9YmQtwwE>$vHEL5vrYh&lwGrvq!N;u&w
zDJfZ`*y@ID4-F{Mndigp!%kMC$8*cfooy6JwZSr{(=Uynh%yF-*48~1Gc3S7FRok>
z)5^S`2hMxKTr<;uH7fT^C#)zG%C~B_3WiIb7LdUN^ZS7;<Ubxu6u;Q4PLeQ+Ps|RC
zF4rHIdRP3aaY*fY%%Lg#Sj6}38{Q%^4l|F2AWL|c$$awY#l*BM*P1@qZi(bQR7JqV
zCiu?alil$41y}G!+*FwZmmAVFrpt%35im_=%hF<?>Dia?zjT-B2~m1pVu)TJZ;h2}
z`4jV|A4$2Siuc^D>5jm`;kanBk-xva3S+u8I+%f8%+<^nR|{>LHZ|pLa8J^}z*uUs
z_2Y_(p`fCQE0E7|yUJG-KS>Y=Z7066HlbVOXhE?;D-BVp1b3=coHA~FVlgdoWhI@%
zDg47pyNo1i#O2#eUZc_8h{NTYkVIZy<TP$PK&||G43QysUjSh9y@Z@rtLlAgfn<)=
z!At;d%9_+ycys}5fW=MrkA^!LG=49T@wT9>w!G$2?&!ahUl#T{JA|Tg64${474UG-
zh!0M8wP^@iIN#sgcw+Uy9y&HQ{#iZkRk2=nA#dR|-ghFfPC4>|x3)Ar`}@U&NPjIQ
z67xKxKt<%`>7$zO!LXN*kZO{*lYiSOAV7!;0<F}+n|XQZI3G!wQ^L287Fk?ZxO0z@
z<V&XL^d@R7HF8g~FadO9J_uuSvF?U%?Jb=)i#(o(v>lVZqv5fExZ<tt#EWjh&HVr*
z4_<>efMTSY&p0_<CbP#BXf?n0?mEzf2?zq3orSA$C$xz7Eg4d8INAGVgI&79HNWFn
z7hFyi+TSB|b^%lUHsc>@-o2*y^wFl^*tM^&YZrE}m5(vV@E9pu1||6Gn;kq$-+V*7
zV!q%nJ7u$btay)<9XSz|Zf%OesOauGzcFj4EBX~lsjrv9Vx>8yPX;xu6HpKXeBGo{
zKf3iI16?cpt+rgp#NW^_T1{gG5;&k`^(Iw+$IEMWlLo2+gpq(vRixbP<a45;Nu!Y?
zn7Q3b`)m!G>d8n}lmYQ94K*>~;(q|tPS26cE^g$=5Q!>~dU;L`6^ZbL76I5&d1!c8
z?Q$n;DJ)dKbFQkJ*CpC<Y`jc<_T0)KXS8{tIdjK9gr=okd>_t^NxmtBX|KqA<btAj
zwRdS%fH7$GIq8`v1=&J;yT!U!0Zr>VbmqeqCTSh&m^Wv#8vpDk`OtyHtjTr~yf;^^
zcG{w()a7{;e^N+`>&Vr^G_>CQRsIzWXx}9s&wZKag4@BpW83rEYet|ZU95TN>zjpI
zpR6F`vPFWOjCJePlj2_}a|dqr^eD6a*8v6oTGxY)w-jc@pO^Wp+e18^q4WVDq(}w&
zY35{u$GnZi^+_lrPI(RO0|f+tX!5O6rH!3dcZ8MpEE2w3QUzOlQr4x#8cFdGe0C&{
zz+GdX2hMF}`51RAc4zqS_r8LRjtt&k^B3-?e;9IKiOr0&Q52RRS5RwweM?fY`x(0K
zIn@jC?K?)8;I(0)vcQ9#JgibA(Y!1K&X4sqd0!u{0i>3i4}BMbWjJosxjC>D9!x#P
zGsM8K$Eo}3>GA2pvRwn~_Gr<XgAkoxUJ&{l0zy2!R%$9EBYR`R+UCBvl!^)=p}k9R
ze!yHZ?zQ#u-@xfo*Z5_>dd>6CjFD)4kw%+S#mJfLpH>gH0zT)*o@|d&t+l^=zU~4i
zq?ec1A>|{~gB|BY2COeMKX~0MpDkB2S7kCcvy2AkYV^M<TR#*=<!9n>sdNQL)pDug
zK_`8;*~`1+Y%cuesIglg>G)={VwT|tOT?tYk9g{YyH*1uY8|3u?W7e^tqE&zg4xk=
zE`DcwM8)eDy-tx7K`}OdBa<EsBta3xN|)0SQIe`d@0X1_>@;m5*<5L&l9^w3y>mTo
zj>kitTFsxK$!I>sG_zUTncP?n;{x5*tf@gZ$4u!}igDoovH)PYKC!U%EiDnU*xL`$
z)92k_V*^RV#bpPzo}9eV^$0&{Bx7=+`9np~<b>+eQ9aO=qIyLb_n$W&PVNqpbYu$(
zZmR99CScl~SMvpjQ$-@alDhPyoyCdiD&EVa3a>h^=nYI2r}MgeJovF&D$gV8$%K1`
zpvW4{kW<Xjzd2zlNXJ)<BQ{Ze*w?gA!~cspFZ{#7TT(YC<vN;#tJDmkrdO`_s_l+2
zzCS~mmF&up5TYeXwAo5rP{0$lJU!xaSmI;59$r5cO!iO4B|t$DA|Y=ALJZI6xv=K0
z$?2XbVLU2+-G)LiQDPv<?dcJEgrEpkQu%P9r?@K!Vd-}ONT3*TWJE<pY)y^l0{ycl
z`sdK!i73A9sMm1e6LOxTfhhDE4bgf2my=J3tmYH$3!lwcKmYIv=Z{7MkaiQHQFFwd
z?~z~7gZn}xd~GCxKn*T~3x>rryNe(9GuKXPWO~syqJ&e|NtSQphnhX4W@Tf(8L81;
zb-aMDe=v_W;+qu2KgahM9OnrK{=C@fb!@<ZNAAryU_$zPb0DoEykE7pQbUt#Jp5A{
z>JrrjVA8@U;t$);o)!{`-7DiU_>TKnje@I704|<ho^=9@b*fN!YduX1s#@aSwj2qh
z6gY;wU1~`86cPnWAda9AP`m$*hGEN1PAid%01?$FI7<IB79y<FVqL!JVjTt52U~|x
zV(5B{^`WzkH+-ERu|^f-5j8#1dEMfB?6(cgic}}YV=_<LB>b+ABHnw!_@+b30282X
zx8E<mzh~53yZ9C-792Ln&7VQ}E|Fv&x|K@k#x}*A!cM}G?ba~Ef&64Mv-MT+q}aZ0
z`6`^4x2J-rTYMX;>ioMlV~1983}|85a51+x#;9VjTNTo04zg`_MsBDi(xdBLNHy7y
zqa@yj2S7R~R{`LM(sE&JYA_7ccU^rmb=^-`6jl-V>oY|dK<r{G*Cad4*M&zynck09
z>Y7h!%N3n$6Ga10>ukNUd78;XINzE^hr?)CtLXg=_)x-{E&bN3UK08H)A`3Mz(Oq4
zZq;|pH8V8|a30NcxjFo1A&D%&<y2{Xpj@uqAUl_1^rzH*2U>$`e_sh(Doc85`m)AQ
zf`FhYl0-&=j}OaQ>^@^{nE%ld3)esOYQO4yj12naDQQ~AE9AV#oazlt$mwiS<qjI|
zId9Ez*`gyY)lgY>X!T}d?OxyI0cF8QUYy})TI0&BmYfY7B~<L6_`fkpQ>6K0tG#qc
zsl|(?<;|3AUip*6$(K9m>KO$92K-!YOi<R~x_P<B-QpY-2Zw6dRMm!u(Fr8ZXN|_U
zND>mj2@#n5VrjBa5HT(vF=fUIE{CN?9wU?~mzBLR5^w~|4AtO%fUPo;wc{#|2o^GN
zW~PD7GBtm#NpQLZ8J8;&NN;cLPl!dY57%w@U+EP}=gdq5ec)t{y&6oa_PVnZPhyae
zAR$qIxR<XmRq*p5Hqg^4KyDR{%)9B2fuMJbRbJ`CMbX<7mH;Q_pR&}rtOjph_eQYX
zE>wN`M4$SFL19uHQ$e962(9pGtut8zTtFw|L)s3s){oRHPxtG~6(oZ%H+<LDOUYNo
zi@D9G%UE-5Z$&&~YvWw4@XmR;+vu*AUhVRcJF`+LY4Pj5XB7`?qR5!*|Ltm*hMRPy
z?qo>Ce@Hl?6NW`EAh$K}x;UBJkg1zzibD~IhJ(WqWO0-L;4O+l6#%*&DdYW=uox3#
zp;{XXn2^yPWoB&pP{`8*2hd_kGa_paRx(g|+zj{nGjxECth+i>md<YT<AO@&oSv5$
zC=)3Gu(eA|MYDMb$5N?l3zcNbGc$J!rGg2xjdi080Jpb7MCV`(Zr97;Tpu6EwydU-
zHX)4B-Wm6Uvv|6Yse8Vo`fzw?GM@9g%)`@ks^s1Go+43Uuv7O=PGr2jy)%3IFg;F5
zsjg3`Hpj@`W|<a~eMbLMSNHks9HJh9-~RM=VAq3>0MMtf1a(0{;mgs)4Vq4u;t+{O
z6$lqwn7xJdeeX-p$Y>>?2S-MY|Ji!Q;}l{70d%VBd8pbp3%+8orQq#dzI$G0y#gEP
z3A0tQ?Ma>>|5rk#G^fh>8oPr}(l6UPe|D9`KNK&W@4HK3p$@|eg7g*3sMI%qJ;vzk
zbDS#`_dLZ)6=Zv9rofles9(oA0xz9t3i-2NoGQ2VS9p!R`f<rSmRMy=ZZ&KX&qK~(
zHQ8yWorKc|K?oa=JEDh6z1`*$eZ80{Me)~|Bm{#qwdV8ZJ6YX*z1!?7fC6yd-i-rf
zXCbja&LoC}Ad~g`sG@!D@!`ac6)m0)3xWbx@(>{P4!ESQD~ssB{<H@h5)}@{X1^ap
zUWc!7<PA6{K;Q5ytY8{mtfi~V*jJ)`mo%EW<sk;Y<LB4ta{u{T2xqw1@6L(8hy+|*
z78aIORkiuugR`iSk)O?`Lz^N9aQX-2)Yb9ZJ+ARIULINE^2^;9>n>e(h{Oq0b$5cY
zuMXxfmz`gA_w;zG_pif;qW^;tmeoy8P5rGqjIV#Zr1!i#&fVn9bdZh7^?_h?Bscq{
zW{4H<{^v&@$~ITD8n<N!D7&?+U(lQ4CQY~fA%{!9nbj|NWd`m&eLCiZb>ifIjl9{?
zl(jMw_uC%EV=>2O)zXT<)M2cut~Umk*)Z!av0qy)bVF>Ve?OgaNPtHKtfGs_!mNq8
zK_qKFzSMf_sK(5nw4mdBDc2qzxjL|SoJ=i{w`HIYH`mj%P;E_3EiXq-{pd48#Py!e
zpE4Y%RKSFZ00@)f1Et-02UO(YypWA7I!(omyW2N$JLdoL*5u^Wf8#%4AzOLxNa`D0
zki`zxS1iPUf|>7Q{s<E<X{R=TvDx!d_*W_viUp6hU5|Em`{QMK1_EP8BohBwt1))9
z?di*8NLE}k7f+#derQ<O_yz|2c_<(n(1nscq4Y@bYeVZ@^cg&9@p-co(ecHVmW>V<
ztKNZAEi!uD?WwH$`B{;KD->#QX{q_%FaN$h&HgPf|1cR5a7;A>E#MP#i6woMB+Yfa
zwPgJh6uwJhj<@YOLcn|0`^dsp2=q0GAXH>N3%}Ho@}yD!)}HTy_=9-9d|ZK%k)>2=
zBoV}b5xv-+NAxW!Rk?HC5(j8ARK9q~xdj7<>3lDqMzKUY!)K#!vU9Xz?A}3DO=GfL
zgALg1y}-T`L?hV-#gz(;kaXSjn$_m-l%gOi(R*;X6Gzg5G`a#I8b?Bfbyf9E0v*<W
z#a)1Z<qGpLT(4+%eEk~H35SmQ#Xuw>#QPjb*K|N%##j15xYQVTvOT<^_C{_~H6O9H
zP^v4xF|#}hS^z^ZPZ!}cE+;H#VW8r@c-?(9KmPR2Ow3eGiVNRrlB7@q8t!+2t`=fo
z6!YVIJa&S6sW@#u8DBhJ8$Q~nhbH+--qkm?Iu|N@_OGzpT0&S@{TyLuEhOpQ!yX(7
zmj#v<YGcQfBu%_?Jl&`CxExAxJ$|n>C0m$pd)<uy!5pW@%M|U;uP6uz35i&*-h&O>
zi2nA^{nj7?uZwJHT0EHvsC+uVX7m}f#i$d+M+muk*ONTOFTdHoF524<-I4etkAB@2
zMa;eSx6!_T({5;JxQbEE7Xp-AI&0O-zLapOs+v&ijARZ!?V1d;YPh?*NoGnK=&TBI
za15fnhn2`iv4wvBk+Zcgs_^Fa%!AbuKc}K`?v>5W8xIcrCH0P?JNZyWFTA^uDF>UI
z)L*Nm^Zep*Zr8uj`kOvX%r!CS4Kk(l1o6ufx_HRYQll*+okcmICICyjL?dZkp<t{=
zihvx}gc}&sfK~q+|NTK>dvwP{m((YX&3=DZt}Ie4iiCHwJ%R4ddP`iKlO6qLjvYl9
zh!oTbf8S4+ErDYIYz0ux^%s0$HQ`aVz#b93IUIK&8;w-CZZl70%m+E$8aJbpgX7E{
z0+)RGfn)C%qsdg(rKZejZ1o&j*{*p!95ggdg3lnyLOu)oz@bNfhC%eM$9S^9mVsN-
zet2jimht(y=6JDwPF)fSrUIRc6dI+M6KX*0U$wCZvmHf!h1Q_g4@p$Zdoe4O>#g(l
z^<@Hioyghc66MjLqnE-}d`K<B`sN9>gC;?v%*ME>Dyv=MV9I%OG8+9Y?jsA!B*(QB
z#TUxJr^Pyq23M9@roCM#Ll}rMy86jr_miPmRb!Q6=`;k#gI-050N;P<uZ>f2=&5mc
zySDNxMf>Xl045K0R$E|TY}P$X1!%Y%6WLHw>h%SFStK(b#5c{_s$B7L`iv(F?eBNx
zhPyZdLJ*GLp!{*4`$!+AHr~z-g<&ED_*>u~bkd3j+q3ss?H8yrStffTR#pgJC;X$%
zdBmiFl=rlfmW8XTK!5!jvZykF^w-|R!PLx59EhKf#-j!5M+=;NZBi{IM|0J-xpFsU
zimjYaeUUwd#-sY=+%*{B{|$N#&EDe92E@2A^AS3C9T^f5{93bw9vJ>IWqX$!D=&>E
z#S>OXJw4NJaD04j$asP%JDPK~1U?{)aJ$`wHV>=}(+YY=Bj!|)z`^nMJ_Mf(*@VA<
z*fW+`8TQ(p8d4}KD$gft0={3YzxVtJP&*>cqUz#X<zG|By(F$VNb+otY>_YiGG$87
zp^X6ZH3Jf>k$FpuX0=a98#hp-T897B8=f=x0}3$A+h}x>(Yp4R?X{5%k;UrD<qAY!
z6%<TSsjLy;GqLIm&+biB-@05|EcF9(sj9LjFC+;EB2%g@*7;{}_5cK3Iyp>V4;+L4
z35TFsIgl{JR7huhWZ1;)NRUW8T`f^c2}fDt<~d9I9P)d*<ej!Iv;fq5V5f+U*BQ$!
zTptdUjPe?c-e0L52<ek_{Kl)a&)-y58lALBdq9S81cz@DanD|XFk&MX99Z!hi*sw!
zjVutdl-JrC<4dm%IuLWCwa&5dS3IM3hyY~r2PW0U75w4P&(JtbAxde({_c>aX3sQo
zu)|Q{*UlU5)x&NTV&guHzeWEc$vC@Ewk+H7TOWMV;^gi*%e#`!-<y1KrhIFbseRM+
z&EUpgM#jrb&IJ79W05FP(vOtDG7qK5-5D_g13Vs_UffB7)flib>mS?sK41G_kO;vR
zK3Xr-Rm3woI+$-CD5ZZuniO@uXb<9#)*xPXRg)!#mvO`q8r-r2)(nf?!e@LpeA)E&
z9MBgOCRW-yV8yC|hI~1~1wt>$7i(<c=LvL^qpMk7&(GX$r#~Q1F<%{ol#`<_^$Jnl
z!*KI>IL)7s(;sjbk;RMd=O+&yXDdqk*Fiw)XEj2+TCuUEMQ;%V3S`VzJ+r@$N~JCi
zFT59`5%0H0GJg31t@UTlhD~vhSZ{%M<5$X{Vm`6jw}6$+T8RI7DAirBY^k6_-%P}z
zkr!~ac_kdU#lDndq1JSHGP;I<`Oy^#>F-6Ciuvqs5YkX>w!i~*jXs(O;8gpke_ufs
zCsM1}<1w6eJDyP^F|#XZ(*D*4v?>mOcwT;~>eXNt%|d|6W{s%`CW#6Ypp|$m!6T=x
zWtNtEyteO$n;eCn1M@ZzVD2FvT)zVFpS_l9!!G)wE{2CvD5zRy8rAasGfLOiyye-h
z7;`%*qF^%+F_WLXPx}NLa9}+P1?Nldp5UQ<yp~!h@>Mf<sHb`MI;Mugd&@LfoUScs
zx$xFtP8oVY#Xa_e+gNO71Ml8wxuX4T#V|5?lqR=*V3_g9>Exe)&t7}IQ@@3Rpik7~
z;zJ@rfY;V3h(Us#n0QIVlj>#Ar*CAbwf4Z%;+_<sP-wSzs5Z>1U~kVEiT`yG>h(uf
zHl|ZtpmTup?5pqR9)|tsbcm~=TyFUE+o(wUL^%Bx3#6>vJdq#J)g6WxMYa>y+Nm#C
z4}MxMQ&abHyF(Y=2%HkTxJc~C0<{RFA@1)UCaYvf$YF1tAkG7%qB7f%KGa!|U7qTV
zWU>oP9H4R6=<1n<#Ff(FjHZvL3g*cdgB$`RGDTnZD{th0$88PZGdrF`lU0~0Q&W$d
z0jk5H^4^Lcz;uPw3FHj!6cA3sx%CPe%{=S*rItQ4b|PLbyEa`x(nc<#YiX>q_6Z*5
z>pM_4dr;dy8JrTZ1m;(Nx79yc`PJS{yyRce>m#9145c^x=5F=U`$b#|f$b&zr548b
z^E*w{82Mj}uo5SZx(4PFi;P;hJm%ORx}_w1z(Pvhbo%W9S&23wbZ}?H7L;~rBA&ln
z)y8tI%Js4!*4M)6_{VzgBhW}T0eL!HY)a^mN(-KtS%nvq7S}&1kOKNV!UMCB2>|vh
zUS3lr=0AE%zb2Er-~0wXNA59A+yI48ARbGRZ0(v%&1AfITNYo|^2<}<-NSp}%WWP>
z%_3k{GU>E+7@)(4azYM0!(`ii=w`PtFCIs1no7ALkqr&*%E_BD_iqu%5-LLv-+=%c
z5i%-UoCMA~j{Z-O9HEuvyc_e;%<0G%cr7BGCITRO1XeaFIbr~GeISah`CPOf&{*X4
z-vf&uh;2U=X^T~BX|F4;jH$Ki=wJ6n8g<N70l`9SZF~4|wJw4xs>V4lDk4O0!@9ld
ztbVmfGxrVA<KymFF5DKa676o3i37x|t20;ebvpd`*9%3xM)&Y=9_V_b)DKT*U1&f#
z9nC8!Fe{(7nhMSYK2FtlsoZW-bSyZabzzy)mzAkKp0qEuI7NKj=*4)sWlbWj#YeUD
z-{8vbbJ=A@puZUZRu^yZ42|95$t@Fj5d?JGqEo`4BpQ{-a=$m9OqSR;DgTK&$o=`d
zkP5z8#)0NBP`ZM<vEm-3AQ}b9JwzTYCJi`UIa;kYbb=-_2!4e@I>+fnu2d4^Tq3<`
zaFi~3>|0ETKKU&qB;L*@8!*Cr@gxz-xGi=S%A||+iF^nhK`B+K_FnuFk7qT55)c=L
z1VoX^21j$hiVPwsf-jIGn<9Tr%g!-w4kSG`GsAdr{Qmjh9#OiG7pa$G526vSja?r-
zuD(3?ft&#gnwTdlL0gcgH?Ukm0;V4&-d?LN)DVdt-H?J-lk<q(o4wE14k)P*%J`Db
zq4-%aG`OPy_z9rjjCT))<#h{3!oXBIUwj|Q;4YrDyH=_Q&EkEE2REiV?2h|k6LA{u
z;aXXIN5+rO@666<<+)1xlK-C+l(`7-=^V=CfO<8r<28`1Rz3F!q6{wwOrVhNaMjr*
z(0;PJcUW*fDNiE(%LMd6qk(h|?!Rl<%D;g{-S)tU!s+l)92r``Ru~?=lORB)-pU0K
zj1!5(O8cXQU+qg9`fEuyx;tjL9BBLX11|+S$NoItVi^mt)@(8c`IjZpuYw19zi_?=
z;&(}{*(aMNc0jQ4XgdA{Fta8A@yrIK0xmi`ms%Z>jLc|h^WScjR)7#CZ9<VEEyze`
z*W{7|PRt(95ayY}oH~nIQO?Dwub(QK#Qj>=$Pz*o0b`T`F0g!S|MoCY^T#+vfz_-3
z;w62!8kJC6tJre<9~u=f@vYVNU`7o_%)^5IzdZ6)yn{{0Q$8t3vVQx@K-79P7_WC3
zj)&~JLv(Gu*qgG^$3a4vZZ2WiET50dZ2EQ?4(-d|m(_kc6_8iBlyu}x{PM+th%GXa
z$NeXIVG^{Dv?2Hs5fUO7yudi{s<-{XF+VgkGU(bj=tJa6_sEqmzV-M6!<f!p>=`Y}
zRUD(Y#d){-@eZ$OqGP-E{W=Sr?z-$=Z86@ju%Q?2Mx*5FsnyMQ_OtxOzk8!Lq=fV1
z_ag+aJGOL-4H{9!=jO-D-JM0GvLYkO$^c~H1=$v-rwcT=I_sT@`D$*NZ=ZJWfqMnk
z9imAAVki%yjArayIQPYWKwd?vRcz^?I8VKjNg?ohxfy7iQJVRITS*}0{i()s@fX#w
zdh~$dXVb|*AlUs|sVUaBKVE723J4HH!vMr;S!157dwza#(sGUeK8nB?OJW&#BG^(H
zfA6Bvhgtulz@g+mMUz?A*4jD2l<ABXoV2|rWn?^_6hsyMPXaW1T?&)50z^mjp8I3C
z8$7ulpzL68kprQsJIY`E!V7ri%HnDx!MO)w+;9Impej*gHL#j>7lHChciveWdwNMj
za{pj|HiVaZOs7I!q+b1<Qtsd8KY8k(!uj&H`=@#kTBxd<y#oCUfHoqx%WMGejp(+!
zY=mUm(%7Poyk9a7TtTSml7uZ%nU}YbvlWua09wt5Ph>tgOxn=}^6T>LysXPh;j!EC
zv9W(*=c_qdjH9*<wJ77(=Sy)Q{+)lTr%#_OA%K;D|A|n$Y=De#;ED4gDK~p^MS%>}
z-hB1Y>j_2lQ#ir}WKT+=`YK&od?AG2>#oe{D6#&1!-E{C&c9@RAQ=bmOA|TSa=5Ua
zp-)Y>uRu~axWz62>^Q&=$Vo%qQW+cLySYt(a<u;iRGul~06|DLz;vOG0a#Up3$1A#
z!)ajG{;Ia_1$bKxm@kiY4m9N`1pl6XyR>Foq|qrB#}>LKjb<4G`wIm0BZ^-hNC2DM
zXC3Vv$B@xk<vvOw0bg#obsc|SSEiLV;5*-Hso@5a#749#U)&_2JJWvLMo_z$+n6uJ
zPlMX~bhCPAzBlnJ0y!?LGb>9%-*6XhZ4WNc<+pNq>ZKze?Ta}AVh{lisOa`V6hg0w
zk~LHzS@K5!w$mFp#?!iuM<J0@y`UU2sr-K+a5Vd;ORe3510W!I9-)Jo&sNi+e_742
zT#%K)dD~x1lJ<N!KRwoxYV8M)SUVzDI_;mu`SrF~fnKBX2hjA_j&?*Zu8%&k==L4W
zB`13fw}X^h-$viX{NDt(LL<C1Z<Swb_4yJk`Ke0I&V{o;N^x{#=<Ww)JW8zdt%-|*
zLS@Za*Tadu!z|;G%sX>eK-^^uZJ*f`3jUN&%aeB{^m_lHldnAIe>8w!M#^zt8`sJZ
zGGfM?KA6%25>(C6!n7Dvo7z%jxS<0X_xcE3<U882A|*QfdMl|eY=+8D`hNYTIE-Rf
z?-%QV3RyZ!NJl`R?tB;w5;Gv}Nw2eK1WX1)i`jCw*&n-qfaA<G`>QkG2MWIzKiH4U
z`M1Lg_gm%$I}YVy!HQx9Tg&mE=;U->!C3S@U;dMqT7-e;x3gnL5{dZN+Y`0`S9^%s
zwe4%LB9F=(gPv6@wu}o8^^=75gC;lG{EjwHf`LGz<v=WGmIeSatIlucwuiq0mJbgB
z>)$ESPIMrKScu1G3lGG`S5}iVFhnG~-vmcROs7o56Ko>FGF}~Q0QzLv<j~nU&i>>J
zA|^ROXw{Iee6m<rPYO}IwBsm2B0m+#4~oNI{aOrsd_0~y;kY9vwQk}GK(2GB-nEG8
z(`UV$91jlnFCc=#Ix8Me8?d@L@EKfPAWPU6$_2nu4I~%RwMfmcjp4cRChPtIv#?B~
zsu<4!@3m*4uM)z>8)JC?SL4G^)F8s3NJ_yw&7r8L4+#U~ve;7s4U&MWt=`|7?>;!=
zV0OnnBNi1E1eGMiu8)dWf8iB;|E|`X*X9DrLP89XAm@{}_AhOh&&OK&$IBbXWg4z-
zf0*J1i)R}?9W^=TI`&1*;T5xU(2)7~H9JA12pmB{yAS1m<C!Y<6d)Sq%m?O|@Mhqk
zfW!m)Z)c|2KYx&kI4LP9EjT^#!vyW3L;sr&G;~2X`fmCS@N@N>BaNcE;T|FYeiwi{
zmc4F?O<KWDjNTzb;yr|9Il=<c-rkhAsIXr@(dN8`rl6w<vAHINISE`;0ZH0&`45kQ
zsQEWVa{WDVW6<koT|wce*E91p+*GOc=6#1fVHe9BnklJ&rz<})`Uk$nek(Y)H<==D
zcPWq~JC^+w2{Z~2hKw4wNP>(Fv@vKv6w1YzM*HPBIxJOnHPaOk;_%B7H|jH{Q<>-<
zEbX`%=>I<%J`4*)Ow0uo!r+_Jb=6RXVGnZf$_T)_`wR~iJF;NiZuF4KnrAA}S*(gF
zGUO*h6i%S34Qi)gSs=j<m|s8=CA|t5SqG=T=JLAN``QAmrga|asuiTUt$N(*Wp1Y?
zr~W2mZ{VL;2L_a!O2u2JeJrr@z^eoP=96a63_wkFTFn!{gE5hLs7U9NSxaPqD3??V
z(k@}INW5Qov@^H}j4B`+iQBOzs>Nc#9Uc?F=QFi*;M-<B<&t>0-Dh6_H~jy9ay$@i
z+Bs?I;?R0w*st}C$>Ohle;j;XhZNm_3y%^HhAdVmA^y+$=D$DDA(*DqRk<<HScZnv
zY^$d?qkKDVnFaxfzj$0KU%mgE2?{!UgFRJ{)6w7QZ+;22th}x68*C0ma!WP*B~^_s
z*YtfLhBVjaDZF!Tn3sLGb89P}!1#k#vZ6|V;O&=R>H*AtNIy#psk|_$<jdWzpjTfk
zA!^ir4nI0Hg?naiFEa?-94`ZL`Be&-v-lxkpB---Dq}wk4v(TZJRf7esumAJhSzS#
z$O`f5N-N&;akHwSm;eSY33$>M2JNACI^|8b<C~Xf4eCg7Ff6hSiFYp4(y36L+~WN&
z3&3^*Q6kwKs2LXOMayNebp2Br9iKQM@khYLfeXl{D&VCJ;S;6M(1;FE|IK`{<liXS
zITegf6;GkpYQp|UjQZ~^gcV~3?{F-Qf|y51zS#U9d^c&Bb_Ct;kEnk+UDIItfmWE?
zF$qWd%~_xkB>u0`SPd?JsZEt@%!)xFUTy)|2~t;p6TQb%2(t4Y)lLlC0g7YDvA75e
zjd6ZlPBu3)46WPj%0>M30)D#_?d{`;vpN_Am|az#5A4La{Q&lT^UUF59gham$;ICJ
z7VHet=53qjfAo)L{h;%$Jq{zpW6K4s{!Cv7NVSEm{2Ma<OM{zL?~6Vaog7K2VXq%T
zuE3aex%wnYE+lkXfE2w6!;VRT5VdR0fy$%<lyl%`?o{f*lBAL90Nkqk+#S-$sdRdI
zwG~I=MeVSt2;M?f2mcI{&PaZ>@l~pU*>{mNMy*qVFUZEuH_(wE=>UoG5Ae5P<xU57
ziY5}$pi-HH6}6smpK+=3yZ)UPw{_^O;pEPYBI;pQIt>js$#k)5t7ZQf{}@PBL4jmK
z{a+0b@qy4=P@UyuX4Bdx<8)BN7d9*1`7=sH^jiG)BLe+a4K~Q}O<4=->KYq+8(n}y
z01BDxeO(`(=MRHDn$k7i>VB08iBWJ!B<ku2BZiK`!9i?XUwgS+`HF9ty+f%1fQZ53
zs*QB>cnyKFQ_SL_imTG~C%Cb&IZ+&^c7G-xhypbyGsA0vP-wurTAwP`<aL&|AD&uD
zk0ckJ_}=kq=zRQ#T(tZDS#CR-{fnI;64p?7t(Dth&aTs_Y)#hOo`e9lZ$G$Qso%u~
z9R^UL0r`Aj3k<Os>~0R!n5?dVO@atXDFRmj0*=6NquVge-daa`PgsQ2Nl6$%64QTv
zc&Fp32m8;~tC{00-(_2+GoT}-y@9|4$$CF=IS0ExCIg&|adZ0#Bph?)X=CWHKmta#
ze`_w0_UqL`ZLxCm7XSuwKuYjU6xG>0OItEWT%3SFYLFmvfbSR2hksml6f+`+icDgV
zfr9^?+moec*Em>%Ui61kz3bOllw+<~muZZgIXkdMwEjfElPk{{08Xaj-h{*9WDr>#
zl>u3%%XSDrP(Ym!%vby=U!2F3A6t{;T{3MZo<QR#l)@~+kl6;Zw0w-J{Hi8J+8Y3-
zc#1@QANr-1oQ##R!UI~Z+H(&M;Y{_dI%U#in+BVRWSR(=eMDk!`X`hsKj56@AqWD{
zMcRm*Kp`Txwr-M6{?S@F%Bc8%-p2XpKnH)K=WWilh}oA9Ijf()h2vJo=-Iv_buO1+
zR0hJIBQfX4Ppmz;Uy*u;G9%)ut7D)&>>;rfKqpvrK)CYKPDGv>3&Qn4rHrRhK?SK|
z8+sjWH=Q=_ty0C#zY7a%XU9O1d3iXOAU4N*s*nSOhF85Q9#N?jpF8of(s)B8kwKMT
zUjL`|hLoh_F0<|{AxbG)<~^f;9+Fk>(be`xL9;-&mIaXOvENsuoheZYjzQ3dV2b}X
zD1G*sm($lkg_&CEuk>)FVJJ1F+JI3^hY_1#VXr3fz3Es!;6SYalD8*F$uF*TiohQa
z3zjKEwCXR<*91VOr;g?U{*03O3?xzd-zajd&piVuNmXE``^zuwvSqCIuYrkwNx%iP
z%Rsy`x<+1zlFamdWb<DNi`(cYkX5@0#sD$0aT6(&FvMmyi?y8qBo;>#rjt$KlVXM9
z<px_a5lWZ;A0r6Bqj&vOE>+`pWiCV`nc?j(3z(8yF8;A>725Plu5^9D^qa$flO9F}
zLI;sVz|l>VOHFDGq4+@Y(Rm2>k4)B=`xTJQUq6=*hs;H0xLutar4bO}4S>MUp4OTr
zm@5UJX}!c_MFe#CyrqKdn?kYb!=%hFtvbm#@jSG5CCXb*6>YTfD^$JPQ!(Totj4HO
z`ud+|55<!TcH(JV9Cm;FDr!JQ1UTUR7^LE(2>!rAmdWCVkiVtz@8q;`0%^P-Z#@V8
z)RR(|KvP`v`X47C{@rjWoao=OGn*~#J1tf)ooK2BJBJ0J{vjfkKv}JSbHUVDh-M89
zYvU~(AYlxKto!2vjzPfU4oo(%s8#I$`7;q~<p(!uJ(T=DZo~o5MP5R#ME_ft)*Ya-
zypc)n7;|3zs@LsCXn^6mg&0;Kv$I|65N3&FZr&705M*4TO&uz08AZzSKLF~7P6|6X
zeX(<AH$id4hP|CQX25-!3bXy@xLYe8Mr<Fc!3G8p^(%W0?0Cp1X0Z+*B!dTT5s2~i
zsBQ$O5!3CG`tW0o{6wb@_R-?x#3BKhs{Aw>5c7kRAp&5@s^eK5@b_Z1?STooH&sFM
zx-TME5`$VD6$xdlHHO^v?9sJ+dm7~GZrYzy|Gp8orL!RB^XUI+I@y5!_GjaFeKYZ(
z9HG6BhVa|UZ=N}5KC=IxAHG-b1k8Qbxl~=JU&%*)yyY>OB{6(smZ*dUBX+3-kh6ts
zB<vPI!=KMDyS+yUK}OIt{dVPj-QyV?A0ss}-~BKHgXvPqJFwiQGv!+4@&&+M)(7gg
z9WT3T#Tmf2H7Db*K?q=<&HTHfbH(g@y%CbmP-?<~>ozuacm_)lu}~29VtiiwrXlud
z<}et!nP31G6}S7<&y6CvIZk#gJAY`;|1j$R*QY))wvS|u`beeKaG@yKC*b4Fm?yjp
zBTD?B;0>63$p7wh^Al3)4I!qumqG7XqxXw%)Dgq?+4h(7;ibj^B9U@Xqahnx!rB@z
zEin)Ry-IZkd*S(c3rCumJv*ryN38Ipb_VA-kU0S%vA9fg1r&(9rM1!d!6|c_?d<$t
z?nyfnI^1vH_kaR{`65FQb~P&Tv$dWKBnCiCWDX67>;Kfma2Yc*S|pLEZL`4gRyC7D
zlrFx&&^va7j|Gq;DP9z>|IUk0Q9ProOd`Ic)ZQ2{;y-o4STOB-kX$$ixd^U<6v%*s
zA=Ut)`QLMM3-W(PP#Xn1yPBQBz)r@q<HMITkQ{aA17#Tuf$f5A0x}U-;*+6GP7#jn
z&*DIaY^1$(vT?`*5-5a}7WJ$E1Wncq@<5{(TKJ#WE|f|u8Rh=`kb8&x0u;-tZIJB9
z&rqsRiP8ol?(}pmIyvTM!fi6HviIYsn4M9`6h1Qq(1Rlo(C4>Uf47?aiM!34?*R%C
z^OOkj$=J8d^O)^p;44=TnYTna?qts~BRO`Bgh_8ua6dWH0<ehx1yvvt1VeEb%8Agx
zC+uc9!L$f+3K$q}b>As*de1=<@=$MWF8s|w5o-s`V9^T2*jiPBe2iAT6@>jST<veM
zKX+zuSv(vtL9<!UG)MK*fvlp~AS#i~*=a|k*AuikVv%xb3Q(^BY#o{9tUZ|C7+m$D
zldtQ-Ls+Qt0|5r|^*x1Q*1o?9d%&bGXHdt|H}rk9(O>-X#p5DEL^d@wwJkU#<nDKL
z*IO(y$U8-c&O7CJht&-nV;OOI`Rmue#Q9f?$BdAZw||m0XM<C3&+aX3hK>85>mb0W
z<sRrhe!WqB!dUS*v<FE{#yzngTr;f=%m-DxpF`rp!aDUs!OYZ9l>tbP#!reyZL1T$
znzC^!P-yo8y6)@6*bk18QVPY8I|?8}9&Oen#Z20pZhWBp7Adsz0@aFrwn7FBQ4!t@
zhX63vmd=v~X!V`?&bu-$C&QH}K72z4Aq;H%ze&}`_I#Y`_QM5=G>?>0Kfe`9yV?n0
zV)0hpoLtQQ3D6wWJ<+N)o8ATAoUdTeY4bRK@j+No{qJM%o}P^IRojAMSCb#YuI!^n
zA~<Mu&tPH#W%s{}BWi;4lfZNcL?-VYNinE=<8XhvHbMmSBZ)g&C9pA92~1^DNx*zc
z%VIqf$ggahdV!>13K-RU6G_VgE+?1`j<E+9G5nHBHueiCrU6qpkasPTnaQy-#v2y3
z(@|%6xKil@knUY*Gsx4hH#b8@eGU(gs_2vu7n8gf5@_?k$qb4;#!(4tw+%fXErJMl
zG#!DqXL6ejnbsTRkGrX^WFTeub+W+d-re}So`CUx$aYw<%SSnS&`t=!<b~9#XW=JR
zU{lFSr!X5mw76a{V%fR)z7PIyyJ7%@Q%5RIWY_2Q0^GDIa_+Ve1KM&Jp5PCP-mYR#
zbi!BvbH)E{3cpktoE<H5IX`U1fyp<E$0IgiQWRp?B$TQcPYtEi9M6pxRbe?o1`@k7
zd0aDNV-FfJw@30vi{xO@m9DvEq#;u}FcxziU<Rc%YygUOwx|;_wX&KUq%HUv#73dN
zSdiKbV*exN8<Clt2L=;3Cq01A0WBRErbCl^65!-i8$6BYg13XS%e&xmzlji5AhiMF
zxv4MCKpn30d$Z2s!48z{fVWAcFWhbJNqji;YrTW&Xs@WK3e&(Puup?4E85N&*=uEB
z-ULE)LMcHm?tCB^Ls+Lh6VOX!?kC+{IN1XEYlCxI{)ve^$h9aoG!R>ZKtp4}@#t?+
z3JZ;%ani;8n}0nQJA`v>8B*pmyN6F}n(e&6UQuXQW6AANo&q_YXxKQa9d&;YPuhwz
z8bqX~U0#Zc{0^CmnQw>z<Al3B6#!Es<ML&Ka&d5#r<E@cnRi+TSJ3<UBFl5@B)8NX
zBCPPZ<2#N**!{g98hfQD7f7l8py)_-+7nEwGN9SpHJNgO2^0dOusJW!27^(2Kjp>S
z2_&VY6n2JEs*SD>=kHn9F<NT>A0-tVr+iNz&O|A_sivuU{aSK3XHj*R1&?0Gz7=vI
zhlA+;Jn+IZ_r0L$Rj6$)PIafk@utitghyozZ~<qSZ}^VFHB&~;`$hT0Rcf(D4?u5l
z&KWy)L(w2|*Jmq2V1sUP--27mC?6~JUb7;N=ZJxH$8k4;ll5Fj%#T;CU*r99$w4wC
z|KJA{2(<3ktAIQ<_(z*QuOVSkpeLMTy5)=k-}bxbS-|+UMwQDa0_6&kVo7hC^@a17
z`R0QL>S{*Rwf2-82^tI}M<oZP?nu@SMt%&8cSzB!81`kb6q*z;P+SNY$if}3=qo!r
z_{WvvQK9xSQ*O{~u>U`<zB($aEr|C6k#3Mq3F+=`MH-}~k?xT0ZbTF$q*Rbby1To(
zySwY{@4i^?z5CC-y4KahIeX8{FJ?yH8s5wuzGiuN`|-x<$F>N9k>il_v9LMr1^8R;
z@y3|SD*F@_LraR76ZUO>t7&Q~MMp=YCVu@&RY2Ck`UNg{g#zi_xx;ze%e0&A408Kf
ziySxtTX@<bgq_NHg&J8ghW-G2H>)ZwpNC5__fP8T18Jh<GW|(GEU(8}O8%^pEjFPg
z73mT;NQcVgnl!|se+PPkt7ydcgZ5P3nK~OnCBF<SpgW5>uzi~M++(0;XuDnSc3j<%
zEgp`nP*HA4`z@DMZGrX6eE~M{+xIS6nKd#I+#5Uw-{iuQxIr&CgYcb%4Dwh3{;cf6
zXwE5FJ<_}H-*0SNAOXu6m?U^nA@eXWh=T6%YJEEL@`X;@L+SX;OiW8EBxIw}@&D_`
za~fD8n;uTTKh?h(+G|N@4hWbNRT4{Bny@MJBt!d<=;K$cW4yLTP+SzVsau6u_&`^U
z7fl*9Oh_2>^R3he+&UC|<JNq2A=g>E2vt$v4g<NQvkyPrlE349KAK06rKg9H>1upf
z_;_=;9M^9?G~spj#L400lw9e~zV#zjGO+*Em%6_GzLSe3VW9?B6!vO+-aJoDwV7Ib
z@-Br8meSi}gXY*q!Os)AF&`|J$;z3S*u>=I46kWYWVX8FPG&1nERUc1Ieo#<RlgF0
zW?zl>?<1v+ETlN4urULJs3``O)IZT23=V!#&fQq$<*M|b#<14lYtq?<Y4C&T2z@at
zdR!r&GdfbK$x84e)uf@A#SeBnC<X<8O<EpxdFyM!mw?r?&E#?$?VzRLD%=cC&eQ1x
zns>7D8+R$ocNYO5PARKmDLePW_q>x0sIC{Z3k`MhG1Svmf5lj3-#znJjo9_Lu!4(P
z$S*c{d-#-=1^v0Jd)m76ZHUo&SL@S`N`Q-t-~AcQ(`+e>Wrm1j*RPF@%yK6hnSr!h
zg-+IN4<q&;HLKfUjNP%0$X?-5QNZ~%tH;L6``o%J6?ns+;Ezc{4P)6PlAGJ!)d9!9
zAX58h)OWUAvPywCdU~=`RZcF;#`ucn4T3cqs=Gk&0NTq>p9o5{gLcoikP2Pw9mQe5
zL5-<qHOM~c$KTlA%mV+y^}Y>^Jac;2-y^1@h(7l3U;OuPA<>0Q8ylOWwYt1{mj_6d
zWWsQBi*;<G<X&zEEsf!b#U(1LD$w`geTdSA5rKrnceECmoJUt&LMY_PHKnC}T4dwm
z>dGxbOTD7-kz{FtmKOZHryqI?vZSP>jcUC4ziVlo2xIlgD})67rosLxx*Z)68D(;o
zKr_O@5lDc)xQn#<{pm@#!PX{TdpiKk{*;lBlInN~2G{=E6Xzn36+?_&Z4YDhzQ3|{
zOYrA1aCAFvvpqLUOiJY1@q`Zw@RbZToDD_W5wyU}$XRa=WHneZvW?jRR#g!<1a9tR
zn;HMI@js`Ve;vU~X$uNGS?NM+@O(%v_p8fF{O}=jDhFZ0^Ga&^r*KwrR)F2!p0`gM
zsmJN-tNB?+A3i<R_sD`*hwToO3wF+oOsFin)lQArl&={gYybSws<C=CjWFq<@=@8J
zcQ}KJof2l2knkq$OF-Iyys5cq=1G5&49%O@uV3#>)$?`@r$xw?o9BT3I&!L#zXRJf
zj#S3k*?f*;J1)`OY%Phu<tP_>WTN3NlP4#`Pp)KcdcPV@Yp{NekEdHMHy@s*k^BD8
zfG#NR5I{`<7Zw^CD(mFr^cF%O>?0swWgk|7DRN8ed$=~5!{@dFnYMRQ7x)}J)E1I#
zZH4T~c_2pOx{0h<Q}<e!|HrZO_1-eMSt^gwN}dYZ&vkuMYN5iSFW0x6<W%?Hqti(4
z(8!{FCBw3x<0*H57Y2MvV(#tjXjDF6{Wbq6l9<U!pjGB0XvV6)kav&VHjmG0*yu!~
zWX?6`y5s*%@U!8?MlWo1VG|fY?>#girD#SgVs5(Pe3$_SEMvZU6_S@sAZ7Ku;mt$~
zPj6}IvOkHkI5GKhY$Q%y56z8{F&N>cW7XP-1sAYEz;J35`WuI#dpExsy-;0l3aPH-
z{<r@iLMr5bQgCu|67?DvmxNM>7J6mySw8L<nwgoknUz~YGDnI@HD>0F#i*9tu_lbl
zXC3A%kl3e7{H`tYYkpD7#FAr_52or$y`sbW8Ud`$SPnOA*f`j}x1Qf(Nj>J8xZN)-
zl5Lj;oM&fI-YBhs3P?z=oplWxdq>z1a)&_}NNLiwavku(Zx-vpYsQ9$<@RnZxtw$Q
zx7|HDQLt#Wtt7dE!q4M3?`mgfOLfX%kM+-{(mZ;S*|qHL<31N%C{)FTA;6-ON~qf=
zSwnXCEilcrwKCO8^l@cmPUKwGUlphG1?-E6r1^1D)6n!UEG)o+RHjOg9%o_n4pw5~
z>z6N-JeFg>q`?rMG`~-82#JhGyJBExL&XsFWgXe8hzTjnhsK$RVnSDSbY@nM(2*$r
z>USt*JU!yGtEhz6`VbS+)6+4t$arWIdS2`XiRZjE*$773Das1Sy*^$K&skSW#h;SS
z8O;Q3E#GZtTGU^aZeWm?sw%~uz34IMWu!OixH-Ks8KXue;ZN8;tNlwZYCOC(czN~k
z+*h+ZZdB#LIp=mK{#73NLt>J1%KB+`OoPzV)rF0E3{y$EXxxjdE4qU6qH>?>qY;B@
z^gV@z>oCl;UpMYIGcy#qLy|why>CXuz-X2-(vm`v!Ny#x=doMh14rxYS8XOdQpg7Z
zw=M=RuM0B1_`Q*E_`9=PPFNu!Ofa2tcDx@GE8uDDHyiMnMCRn6r*^ho$|X6B4aV&M
zYXTQCncYt$TC+q(SGtqDY3T8|*^!^Z-yrMk+pk32&}hOSQCfvI2WI9ThuPYnou;o(
zda!QDg~HGNWhB`?y$2bx9FMiDO}!vEKeH7{Q!|a<B|O)f02TfTcZ}KW;o@e9w8m~e
zG_8<nNQ;<;W~WFmN*w16@~;%U(TjWrM#s$_tOWt*(DFS>W@bIll@=I3Vd2KEY5q6i
z<P=DVr;;G}aR>+qM2Yx46~axBa7<`75QJJ!A)5NJk8+97P`Av_5|#j$p@}L7hnC5w
z5D-?>2nZ{|TwqL>J=`JSmIR|hi;KS`CIkljrQb^V;Zu##B_Ju;;CmIloOMPT)Y`H#
zn#11N0?DD3U)fveNlGKR@$_7KZ%8q19%DLR(VAUpomK8Y8EnMLpE}s3=<M9F&@^~n
z`StSB$kKdz%@?1RmfG<8?(&`I^G{A%O0fKHYYXacBZv`FlR}K^z-L{tHVJANkcU8G
zWK817gzvO1EOtIcN>b^-fScNEYGoxrOGjt1FkMcW?sd_UvRFS_>1LlVNkz1JTBLj8
z>?$pjUZi~}=+=eK%X?whxfqGk<Q<Tagx~h?SZilGt)YU|RiJ6o^>BN+q%}+~T(^X?
zv6Tr9812rkQGNhS-QR-ev&&ssS-vti*6b4f%{nJFkPZkQZ{Jjy4P-V17_}y`vSqO6
zh`)sOw6<uuYk|qy^BYqJm(@Y58l9C~bSpX{Jkq!g1W-d8)Kk0~_43MmCf2tzS(4$!
z<2@Q08dW!7c<&P!s%@*^TpDf`1){PhnUFh$C>Z4{4Yr8e`ll2L!ZT_Ze*d9eUYH^^
zVW^==CB%k_5AHn3Mdl65@sy=!7r_k)*de1TjECcINZcG-(@z{g(mh-t?B}uZpNb~T
z9JQEfaA#iw-2m1f8At`Q)AJcNz9mw;VU0`3er*bd0djJ`GH`ObnbXbI1P$C)hLFP_
zoPM>gdyD-^e0v82<I{|k^bwBZxhCMX+@TSU%{UMr)I_1cqLbT=R3i8FfoG6fZVkF6
zQ6HycWeyqt&Rj!`b!s51M}(GRHrVz72dC%JG>UTcp~3GCSA>U$uBR79xqL6HsECvp
z7q{b)RUmNX1^B2!>}+hw-s@d4Mh2Rao)`OJll5*nlGDYwZ)Lb-WQ{0?$OVE={2^@C
z8F%BmF7j#ID8!^BV)%iF93LXUpZt~tMBVq3>(|TB$YGq51B&KeneGwrrSE{EGx1AS
zd4F_0tfU~nuwy$qIwhEz8Ew|m^5*7<^ygx8+!*{-C=7(%(J?xm2MwN<w%La3X5&bY
z#MNo-&hS|?z0S2gk>8n3+khPW$Y`;Zl%VeJ*piMS@@}jNhWn_L5n2}tPo9I#1WIfW
znGnyfOR7VPpJ&QO^eT}L>s+$f1Ok^C`uZ^c`H3FsHT1}GZEkEJH#RmtR#a9xL!)vC
zh{`7ibCuQ%fByVI0aI{)1*Gu4L1AKMcWs4rVk`U6|4y-Mx6upB>zvkHUj8GA9Oz%3
z9*A!1$;0<KB#N!Cp%9L^C;Mo-v8i&hDVK93=rBQN<LYQRk$SebXVu_)hYJndF|k|u
z@~3gAMBK=r$$`yuAep==bkJ;FLyO>{p&?#1H;99G2NgavhBS&E9-e^143#=1^G^RJ
z1jS*tu2RLBj*hYY{NdJ2<qz-4j>=6<ea^ps37k`v2BJG9x(Jm`KJ?Min8DTT>?h@w
z(nk7Z{weBl^lE>E5D^h;#2qc97(pb?Zv7+wBl~)1lxm2oxv4$W=vz8z;s^D=s8K6H
z(`98Rj*hL}0!n3@-x5nbhRIM#1;2wIQXMpIDf{`QU7cCE7`LLSu(PMtI)@#n7dn@h
zV-b_a%<NbQHM(JRhJ*+Wk1FVqf{#d0QgGk?V$+6)Sm}7NUE2QGQ?I<X(~xZ>$KK$A
zTmY8{)F|K<#c%%8!LN=)K{=fs`z>_+^7bdF<M<p-jdM~(k^72D+1#~sr|*3k-S&cK
zzklD6yA!VD`_$Qqcy-ayKB7F7+|c0N)ZE;>3|3aZd`5|;@C~G<kjlBazjvE0HEM4-
zJ99#U#3z1f9b?wb<hI6}%)*N4Fe}G;g&hdN!0`U-ELQDxyi|I2Ch?Y=8#yOOLskU~
z8ib>kmS7K0*+Ct_cV>h#JzSbB-w+Wcc~NPN*z5p9BP}hYS29yfYR0M^_~U$AQb*$|
ztVB-fy+mmVYa6hN*Y(Xj=Zsn?@6X~qhM|f-XGxCw?TpBfLi}*>5xNyp-E}7KUX?TJ
zvf1A{H4S!Su$q{ZnV)ZY#_)dH*vzW8dKIdWI+eMV80_HnxB~NFW2>U-RTU?bQ|9X8
za&&idv+#$9BQQ@Ke9ciX?;2cZ+ncjZImO;IN*x`x>M9vxC;zh90y@^WJ-uHMg*_6+
zU#80B7zJ1HRMpp3_Q-@T^eHNJ%kuIr)VM^Hgf%zsEff(eN=cpgERoYQGE18(V+Q(o
z$Df^2DNVnZl{1-2pkd?UytjO<s-Y7Zj)ISQupjk-?D$mpP|#K4ekeUF^A{XIF+E_j
zg1BtNd2Zl84uDKlG*kl*qER<Y&DH?EunP%2d*F7Ge6K^4TWo+I35yPjjyB)LI!}U&
z`}+Uw1=x1%pr&S<oWM2N9<p_$2}a7S$U_8cgkD!Eo}x-icQ$}(8dSJKH7jqDu%*7f
zMnY`m1!FOV!S<5v59;a>u>LmlRa$nRLRJBpPD<2@;4wRkcyc1<0xXAvRpH@?X4Pjh
zp^%fOOKZ@pfG~WtyuIJx0{_Cd+Fr8O$E#`Ro)LOtkCr;6$;ms;YFys~*hWyK1tV-?
z5-#`d;essgctN~04g&<amkBLC(mCV&gS@GMvs;77=5|Y_*Y|!Qz?i)>hV6(!=J2FX
zhzeg39nI!=YW(hzTAVtiBx!W?#LYp>@{oZxUD14ZfB!A1;O7ID&Md4BUT6?fH!{i!
zud2Fwz#tcKc@*FQLqn2nmY>FRv!%{YPX~!__ypHo(|uvapyh*YOhl3QzMlLCTtGUk
zj@P?+r#b^(qv~+6zxvkw+tn^kppOrh<0`Duw+h_(%AnJ^%48ll76Q~R)?-I1YB&|m
zVv5`Lu&z+~+JGFH*53L0-eX;DZKP@2c?Urz)WW&oC~$0ME_Rdc%tEV}GYybVixM8Z
z(_9_JKc=ry_VxAgx3;!6ft3NaGrn&FG1)*Wfi<$Wp7#S|g$3kkzrsL}59f?RikRW!
zgJPLw4hB>C8r|$0WkU1Q1x>n}e3XxuGeCIhH0Hn}!wpumvqQ78yMDIdB3c+q%W4>w
zvXn&v*Ga6jns;p9d)V)HPzup^9UUjnoQJ;dYI`gIi?WOLH~aCJ8G3;8Ia2`1Q;lzL
zBRKQxn|<!#15PJuKrMw@fhAN#D5EZGc1s;U{GP-;4%=Y_(uZ_P4O`JzSxdrj!(=c;
zrLi$341s5n8bn9qw3L)S`Y7(%5zH=PUWo>z_tw~f-G#+6?qU#VCQK0c<_b^*Y{BFG
z==b5t)ReDaZAY4*FNt{^nY6a0WzH7%AM6r&TAWr9k(0}djolW{>!n5`Ba?Qu*WZ%k
z{pXWdsrLF_{Y)Us=iZ!6H#9IHasDhLtxafNm{TXP1qK~0b8)9q!)Ncl+T5fZ=|y7A
z$>BFSoUa}RE40oJM|0k;`>tY2;edjZ(gDmyCEq(d6#mg^JPITB+u6LZsyghhCE!Dt
z%!w?hRaihYJ85b0j6r>~yKfSdu2*1ZdIQ)8k^8Gv(4%NLX?fFCP%P}#Cd{U6QN`ig
z+uQ1hk1qxH($U8^2z>p!1`oFRhTEj{$>-(f(^GCnDsX5xxhp9td4C|))y?efF^qUE
zL`8Qrr3;?^uBv_kp{uZu)5gOi$ox$+;)OHeNkSGY_U6rpDcW>Y_@G*s-LZF?n$udK
zo<uALq@D%#|5q|2Pip^z3oX$6`ksmTos25>!_`sex^6X}i7_@dn|3pqv%EZAbhKwL
zxyVZ1R~)jb+1$Z`C&|#3s}ahclUjTk6Y2){fXDjJl&hU6#U)=fRonVV1v7=6&4P|@
zR|koO{4Nk#jZID&c&cPQ|2fEkWd5eDJ!`BiM{G;U{fQ(tm4_14b3@6Ag-m9}A0xg9
z2xLC5HK2`pzuMTKXc@&S*~hKlnJF^?qgyo}CMG8O=uu-R+@YCO_D6DZbR!rvr^S=1
z@WOvc*wb+EXmMw*o)@GY?+XDQyrrR`n-96`RiJL<5#%@8Q4+AIhG#W4c9<D0YmGS;
zaNUQ$r+Pb5X07=IKZOV)5tg_(l(u2z=l^KHYdS!nbujmGawr{eSOCwRyrzW*nd21v
z3)H@7KTFu>divK{@$mz=_6Ou;0~&wREKSK?NOg3udF-lM45uQn|0}AL_Hw!97^<(!
z{#S)75Y%eOV$k%El9RKp2EIr*JS7t1=mxYDwl_7c$ji*kM1!zNNg0+p(U|>62~;F9
zt|YL*Ls7{B_6&}PA|-My505O#Bo<tmx6C}LG2mpc*F?!RZaFL@*p9<b-Cvu4LHV%Z
z#jEe5q8!0In2*A4vHR8?G}NUNW7yzJ)(HF>in;hj-4Gtr**~KNK2DyvUv~p04t{qs
zy_#X22j{XJEj~V88yJS|nZ9A^A^^mppx*xP;(u&)o0j4*S#GtpK|pPp7m!A)bJ<NG
zA|vzFQCF`_Xd6MyRsj)J*=#6{U(If*f&XIP>RsH^W7%9Q3~BIAFUzR=t52U0`Ca$s
zWkT1xr@1(6I+g4S0LJT`#?QqdlX8Ty7j6UPm>IK9@bCR;N!6Yd@t<Ip?d}T%_c}8u
zfbO6Dv0YBNK*vBQX7(PLLsjj|x0J|%i4UfKKxt3&5`==Z3_1P0&qvWeeeR80!m$WM
zooSb=JInG5RzZ$B$)p&Xr6h`hA3R;p0u&=|NG1ggB_H_g7!neg8%MGEk;oAL@bGuQ
z4P@P3SX4w@<^3L0A{d~R-^Cwmv;TSDI;|%pVAE%A$*#f5$;s=L`r9i>BCW<JrN?lB
z`>m*@1!66D&4!>X?;KSr$jgL0A)r&tOyf_gs|)GP7fT`(R+hCQ+S<ZMPqX0z=fg;A
zKrVa`$m@aMlE8A^L&lb#rc0VPxwQ1M3ep~y^ngzS6dE#+x5C3C9<QIJr70O`L$A^W
zkf>Ge`sUkT1caey<qr)@3<tbm?{9-m2jtLa0|~y3Ke_G8L+HmDfJJoOpJL{J{dz6>
z-#-rRO9~x0kTxWY&Nh0>!3IXYL8?16;?QrOKP#)MKhA!V;=EXt3H|r4w6v_%T~800
zDo5YUiUC@2Lqn)wP+YpetAe7!%*;Zj%pG@pK>vNLwtew6Y|kLu*jNiV%ae^vsatx2
z$19z;9Y$KS^xM0y7VE_Q76tM!h-HjSrPK_|XKTDxVFQJQ`7vHgNlE1cs)C@-cD~9z
zvYiUC3Dg*rTn`TqbvAPqy?G4{A4wq8pG-?HN}4l&=e~8d2!?bl)C7#%+4U68_ms-v
zA2_(#PsX4Ir1Yr*Ty)Cuy*fVyFt#9w5^_dI2b;Y-T^&p<EiV=ObjX8krvR|j{^21d
zEelI#PjL6Tpxa8FEwR(Te|#pkiHVujW@zvVDb!rcauN<ss%ony)=|GSOZZHLy{;bI
z0bYaf^VjZWe0+~Nhz;o0ELDAd#SA{jwFS)*{mVN69w|ALEgl|=@yOJ<$`1p3Rv!hO
z;qlSQi>G^(O=j304tHnsi3wp_9`~mm2YQj{g+9X_3%avS&Cg2~y~Ti$?n<@Z9&UG?
z=lNMe48X`|QlS~+ukjtha0mL$WU|N0&Rre9f3ut1Iz|5!CPr0JLC&E{fdzccVT)KW
znNZJe7BvHdP9<2i67~K2cY6S|DBwb=DT0;HPEK|{nVaVtsH@W;L;l&$w=MJ`x6>;A
z65x`6M4})&JdIFFJs426_d0JGHWt}}lm!OvInuCUija}@3=eMJ31DGi$@6lweN<Dc
zIG&L8$9f_HWQUcH&x7vvE=x81^C`k-QUN$eBqSIqnV5w_rWswGHT87ca8&UBvGH^T
zhX6U1S;5FfO0D<(`@rF1y>~@w#SKasBFFX%HCS{sG@aROT!EN;(4$#UTB<CitLxPo
zhCx2j6dUt{AE&>{7AM7S1kUdhHBIaA<f}OQWk5Q}y@T@EK%5|S4L}MQOTbPOc7g*2
z1Sx4-1XH^aLeyw*SVPUsc4kX5AXE>vx<*DbjlMoX#iU$TxHcH%c2~0Rz#Y4?nGN*9
z!g~HT@q3i*y%L6+f&yi3-aE%&a8}E-YIcv~`ol1s8PdR9c=e;X%KeAFZ;YbKBxK@T
zNYKZ%pDxyW6c!S4NtUO50l`)OP-;BQVgVKxfV1k~(cRI~-T7OeN)i<8HjYkhfK39Z
z(Gw&PzRj&r5Ryu@8-%GRN%*nPzq58@BBzLViF&~H%aAZlgWtOf!;ows{BCPjrp0Gy
z9#-lP8A2w9fZ5=9bp;w(>6jNC9?uu_0#|!4WeExMB`rreuyIyFoqB=syh#Xlh4~Q^
z5_;%MNCXyoViv*6iiMj29!<d*-2Es}eDUcu(GnB2frD*!8ybAW%@Y-p7mo?&?&&+;
zGvfLDB;z`4ha}SE6P2T=2nEx(b4QI{?IQ!II-KT#t%iscb@swQwDL<$<+X~X2WRJN
z4pqi$D<YV;u`O=PA|EuKG=(dzmz$DpEhCB*KHA-QfycuFtbo3#JEVR@`5!VB1rsgK
z7ZH&f&j-Hk)_~w(sgR(cc78QAwIy^9EGZN*kmj|^Dk?~}*4H^Bpe0wPPZEokt$mz+
zN(v~s5Z{3^PD1gg)XrbEOCrM9G&Y#|g$0Vyf$B}Jsqy=3$Bt1f@}-8=+c|JN#oSgU
zqEq;=((B#u#ay@n5v?(p5^`N)!0X9U-yX(p{NOGkMWe+lDOtAM1s~!X$w=pVfaoJ9
zck#H6flO7P68|*_oCK<^J@p~tHNRrLphU=hYK4a7^An0aBcmw|jbj&B?Q$c)!EqM&
zj!|S;roxUIhB77n=Ej{6(3YM2{QQv+v7GU&dKY?B&5}^WzeMB4n`WOVTiVxCWkLap
zXS3amL7ip7dmR+y*f)p<<ThfiFstn$sQw7JX#zHHKB>-*8*E))JC?L+J8AiJXW^Kv
z%);m#&0?`)kfH~=?LmFBQt=7pANal|9JcckZkJZ5sXS<00_kl#R%`_Ys}?rV2Ld#u
zFfF@XX#cVY-VWq5fNq?SaJ5{%=5i>3{!veFm_@6U;ub#%M=A<hYR&3^Ep9a{D=X|a
zJgM*yJ<qESz(Z!q2)wMeh$t~=@17;J|0%Q@-P_Y^R1|~OwZEfGKzPZ}*N+8QRzRQ0
zSUNfeZDS=RcC>t<;zx>by1!~}+Ihx(g}VaC7{%k|xCQ~;of~oME>sZDxA)UxzNI81
zddc;BGOB<&G}+2Huq-sxTW;rua)12Ifqp3fuqD}nDxRJ--W!NlGH-*#fA*Y9pQZAi
zlvQ<YPkb1f0d$1EjFc3d8Uda-A{w};gLA+u^9qmUV-2XY#L)BTKk>UwGVJ_F_Gf`p
zB0_47sP!eyU0mGf<~SJnjq=&kJu?^cpeR=ru%7@`bZl~(E9))ZkeTUuT}rsQy1Iag
zVWjn+rMHh3M`greva_=>v4C8YN9QE!Cu3#&T2;iiqrW@ubZ3fLk=I<D4+|?`Xt55-
z#@B9hd(#LI!r@*g{^yCQt%imR4IarArbxenOO2P43Ylt{bm0$QqOc8(V0r+N3=Gk%
zS*{0}Z%`j-xy7V{p~SgL&c0;7e*cye78V}f+27Aq1JUTeACft+sp%<Ex7rTvv5sgg
z$Iq{DwvjmB%Bs08(V{EAAm8C|fDn#UBpMK+LpT1b?WfhbZ$K5RMnHNwCgRh^Zf?F1
z6P_u6+cdwj;%^xmnz-2f?;m!tZuQ#LX20R&&n!T)5(wB5nK2o}RxvOnc6Jq9TpzDm
zSs_p7(SZOo1t!wIB)7KSFf;WgHHPlLaZF-0K+oY|3B;5Emq90*QL{LY$)IVW=GQMN
zWJpIxXPLvJr~D65axS8ny%R(jhQ8tMTgfm?LIOlHTRk6v^jN^nl~z=~Y>Z$KMk=^@
zqvT*ZOa|rW_mpqU{xym49M4MjHpU&y21Vs6PU`CIaT>$90Kp<`**Ay!PuDx&b9jC0
z>9*ZFSMYq_^BEX0Ki{xrgKmccG7b)oPUzZ?3=tnsyv|juU}aE!jIPP2a9L{D*w{Rm
zkY5vvkQ5voWX|~e97vrfJniB<eAGMrHT3l($aTp!3y6=u<^H0`zmqbk4_yayx|Qsn
zwhaW`j$?6FR~0;m4avz#+&;^A*mCngc4i9jFQ$tm;{sl!a^d;D_dbQ~uCnU{ZIF5B
zzh`eT@e#<0i8sv6UqApL_gbiNR0<3VDp4gN5=Z0)$Co)FBf}smhM1Q~{lkaw7ygOS
zsNd}tBOUANKpf->&;%@`<7b(%`RX)wkZK+_52D2-lwrTUpPZaTyu1#}$bEx+e*PCd
zw-p|h935Y@nYMPivFBaQ@j}EygV0d2#QoKXZarSg+?)b-5XIyD1--YejUh3%ge%>k
z%qI|J(aAa%QSkW+$bgg@@<!?BMFyJ@tX}~OrW6YB8f14eu(IYVC9@gXd3$@8l$c0X
zfV~{HF+9k~A3|lgU_fe_Phz1Q=`YZyYA0)cMrUL#(OB*&{gsDk4*q1o{(R8*piGKB
zJn(#n0?1l8&p4=E0Jw<Wm5euwzt_Oy)GTayr?-e#UU@v&9>%wSfVz)@58j-%JFxV7
zyB$gx*|9(gSlO?%!UA4bHq?OQkt&CBcAe+{PyOR`cBb`oy-dL4_!{6uh0N?i)Fj0;
zF_1yhc)<(~v>aN+j;Tg3T_39UgA13mnR<L)NeMnBrx3kuyF~{+CV9i(ww!9JhW3^b
z)vWpsUH{>|UTh0uLh-_o%RYD4ZFCmk_8^6U`4IMcqEGI<LvKIIHJFPXT?vZZmf_)H
zd$1AOL$o%LBK%nrJfAup6BF*}*qBaya&iygK{VbX$W_~gRA7GZrM@|?j{!s+`}71Z
zEitbu327zZZdd==5+88~S!t(Gy<M}%zzE=a&BVggAxg~qnuj6soKqraoZW1QL|(fJ
zl|y3gp|otxZc*YU0_UcGI%!Wicq%mvW7XU|Y>m|bGEwL`kj%c`l##Kl00pFG5rEGv
z_y?9(J&}=-{ZCFQl7T_X$QmW)3)Nrr7>m~tr>7^MKg+a@=ccg}^7BI>GLTU~QA0!@
z5piR^tLpt!;*vKqW>AOgXSdjQU8GdFXH}!EP5GJ*v2c#T3cTVM6_rrd6<5$@W&bgF
zaQ(zV>LtAKdIS!5V=jG>QI4a7XmQ0)Zht<Ci&L^vP^?^lXr6LR$q<+cY!2ZXZ=glY
z*e}^Au)=Tt1-CsHEg`gwkqNIpJLD^p9k|>-adwu}c#jMio)jWzDDOUQRwK|Jrw6ZT
zECNSG`Tm0@0aUcwxH*LiobV`_{{Fzd0vksnuAcrULYRyDKQ!fay><T>Jet#=bP5)l
zeGkJ>BaKw{aJ^=EI6PEQ)k1`TaLDB2^SHC#9k-mt#}#OC1u$@h4%o*?e6+tW_~rkU
zEQc%p`Y+&>Nr^_Kpka7$nOyvB?1Z&x9>1~FAWsI~QcrxRsf4B)&MVixzBA$&ne|<p
zh~yeR0T4?7U6g(84>K|~iuF#ix4?WDDzVcs)2~MVbvZ<a7ARyq(Z|;~X4ip1rw4bg
zg<uAt0B)ADs<QvN*Y%p^hM##K*hl9KQr}8$R+h@eS2?7>6@XyEHJC+2^ktNk>>U*q
zV_z$eHz>Nzatr_&=XG}Whp@L?U$O!HDC&;+#e8_m+LUjy1+sr|AeK8$AFJ#@!fV?W
zBM@eFTV&qss|6Sf-~Dj}pytsrFiENSiU4Z{<}3WLnd#?<h^(UQ*8(oPuSfP&%iNAy
z0K(ZYdz>a$R8+z8w4O3N+2}3$XK8s+>m1(fN6xsokcS@PG;F`z^<%MKMdKqXBy)VX
z5On7+3b>!F_&|>-UI+l?FowMeH0u%)5?!UUHbf8?u;0m=ge3D%v7)Pm6wdqS3#6vv
zVt1YDFIm5+2Y77T3Ol3dqvajI>xWt}jQ6|;1KDgA_>%4Bf{$=*t>4SP^KS<_tuIuk
zWdS;^nHfP&35E=#?~23tGCBF$TIoV>#GW#pT3SXNVAvXJd{R08WM?P%fGt_$jb7I*
ze^@vIEq;IlfLVF8)K~xr&p_#rkPs&^+mK)17_+R6$Fej0ah5$Vcd)!ae%#~c_+T@Q
zuA7$5ZZScJOobB-EJrmqi;;lULAekCuCp1R2R;z3Sw`+BzJ2}n5<yN5YRBR1!o+F?
z8WsEK3<37om;zo@Y2?L~%wD~l*4B!cD_x?y=c54Z)q%M5;b$Qz@!H_-_^ZC&3l$m=
zqX6+5cq4jucc*5*SjW8qI2t81w8AA&B<R&aPiOE96Q12m1gepKlv{rOv{S&Ow9WOS
zFr*8p5TqL}AYp{%#-KG#+<M*y09RjNF$*AwC4QT{1=awn&ELOg%0HnTNlQIwswT;_
zzthu`=j04Z%QpVnF-r1L*q0<jO|^8UD|Ame<pT)U(1(0jtWPUL2LmxeLqgKQTl1n1
zfj;J2=wrr?jEr1?J*L}jV`HlH5X_|bmcYw>_D&#>9bwrI_Q}aP?sgyrdw5NQv*~$e
z`mni&48}P`Qf-v9J$REix=5Kiu;o(QnxIaP1@8V)*qM@=Cj@?otNFP#CqoKwLeow`
z=Ybd~1M~9!K5pzy(O;~H<8E#mwZ@Wu2pcmsF46DQHaGt;g=c8UMgV@6a%-=v1CP5X
z=>35TxgARXcdbCq4$Ek3n>EuU{LKgpw`XvmgAfB_q0ze*z&}Y&PNw<NfVG_)R$+cZ
zm@st8vo+}t(;igAMNL8QtuE(g7vvmLkWn9lmeux?^9z7svk@VBcUPThuKOdE2F<il
zIkiYv7g8V>qgLBw3E&3w4-a(_A|OzAbUAeixE-Z^KAhuz2AeREi%CetF)x9|k;1oi
zeqPrWY+*iUU|{Hg5qmEK51@3r7Aa}IBo*Ds>Leo&IH*=<Ifs&gmuYHtP6AZm(4z<p
zj(mP=aCQbw(G9~Hez$i}%Gz`t?2Ti~Ldq_1<fMkvum7BtS7iVQXxD@A+5M@k<(*Ll
zytmG-zQ_6_mRvg}21>4Uu$Lfi;x8;HtEXmi5Jc~BTTgwQt+bwYhTdY0FmQ`oLx5;_
z7mS31y1u^d<x5H|;4Ac9S33)szrJN*;d%g7M)7ztsu0xlTHVEZr`2HyAkc)h^}q!I
zDfhD6yoQ)8w%hH9LX;IMh~^dNOVp#2vH>s`O(IGb^nCN8f|g<KM2HrCNVkfDkvWEw
zcD#z&MWd*#baz}=`ZOFUEJCr-Qrbq8Ton}~tJTZyKdAukoWQ{`qFXKl!BS;q<-~cq
zy1KdE^{X$a`+S&!O-Q&~Qdsy=*2n^G)C!R56z(fWN5w}gD{S@o`R{QdK#ePdQY<Ma
zmaLRQzEeFTed9QQcTpwK8_%O-4XX*3`ntrq*^a<hXb^{CzvR#bmEk%&;MTW>LM%`O
zlg_DTdwWklHWG!@)<UeR;8-flC4o2HBW1gyQFyM(I*f2@D-iK32jDKRS@b(PeeRX@
z=6Cg_q<(p}hoVt}t(tMUd_sX1lh9x!)YspS^MlQ(tu2mR)Tz%nW^%L@JPZX5mE<Q2
zIO)i<bH}3=n2(}vN6j*!sPKOV(@~=I>UBE5-u#KrND5p0{yp65Cf*r6Y{<|sEsK(t
zRU4KbAXzFK0dSpHYCXA;pGu5>6gB`l3tl22Y*|`lYRV$_Pv~FZjYj{<QM<c)Qd!yA
zjn4{rG|!70Tr4a{8FBG|Ye@w-@sn4#nqMf~e`RJWKOW3-9s{m2gpB}|79tfEYW%fH
zL|?@FovS<COVjzPklw392Xy4N%(>iQz#1gIfX&SP8v)cD@FYuM%ls*r-<{0sMEz6P
z9m11}2Had(YJXbx9y|tg>Z{ag$UT1iIQdu}`qlegUr%PtKMqLdPCvd7GRnGT(_TJ9
zctyNSG?Z#LA8u>y3IFOH9vP`|xKMk(08+b;?3p-bTR@>drW6$b$g=WaDIUO{o?e-M
zg!VT)&PyHILur@4OCZK2VUV|VcfRaBUUKY$QbCimgrG=MCD1;1o*BhzU0S+iaJ(cF
z!1ct#LlZb2!M>TDrM%ixuTW8K%P211nJIt6(BJ2<cifES_bhT3O%U+P>)J_p`O9GH
zsP&1V1tB34n^kN7|FUfxG;c*;9xdLt52o_I0Q;7;a6@G<JDw>SDd0vCt*opzfg@O?
z4hSUgKpHSEpGCw#Y%zd`cfU@<)vzqOiz9%^EjK>}@qCVf9tPr6{;$;I)VMH3xPGbC
zb?qKV(wPNW0bszIb3$Bfqo+|(628XK{Iu2AxQ9X}p_u64hDc;4bTX;#pWLqO9n>^N
zTN`kbM~kPFEV0g80mOh-U`shgMvUrgiy6;dt#P1ybBl?CQ&3S}j^ciEk|ioDf+%sr
zR%N%Cui%OaH@cvZ%ERnBS7GUxm6g@_UQUiC3I!R{br&1>z(&nSC;*?AFG-z35F;a5
zE#kvwdGrxP8Sn5ogs;6)`k#4N?rv7r>)i<0jbH((oQJNS2as$_R|tyZ_8hn38YQ3$
zZs)6vhVCwvmDPXqNm%JY^O1gI+Z>P;o2;ijGk}A@uw2XCV;kKQoeZ@TowO$9+{l7X
z;BqfyNMV90A%g=Lyj#(TPj2S8hiWr@AMYALHkch1eY&AaT021uyn*=#uA6r@w8R2K
z1Rv|_>f8X9OYJnKyqRIQNfm8g(jdup{Su$h)=+7^N=6h3T9qdnWKGMV&p1HDhnc&u
z_!nJ;4tO8h6C!ZRtS_xLrZrp>62EnVw`1t~B*X>gl=4aJeZ#|B^L>X1ezjfb{m@LQ
zmMih$BZ<9<am~+a{+}?wGaU{lG5qX|`l4}vum164L)+}^?FHaJUeHie_v9mpBeH|+
z1()#(-!A8WdjW2N&!Gv(h2ntYmVmtTy+)tk8h(3HW@1>@(;QLs&G`OG>wZ|&fzO9%
z?*#&Ep2xbI=d<q)uy+CrF@0=25im(=fr2Tj*7?iNL^ud07EU`CC+7@2f=NY_h_-m4
z>vr4A51JngQ+~{17*Nqu1(Cf#SaW`lJblhlP>`w)n*hwsS4{fRrR`y@`9%V`fB)Xn
zGBXca-kxnn;D)`$gu{nMGg!9I2Qv#B8yh}4Iy!NdTtxMC`N-x%LWYf|NE``Y|Dwlb
zj@UomwNA|w@9XJhjs3-eWC9)LGajB6k0my+t<uGoS_0z9Fzg56cll(0;QWS#SOB4m
zfS_dyxZb(h1CoDHcd8&KZCBfytaL;utEk=Y?gOkM2DrxQa}7-mo+wTVD7z01kfL1D
z>+|)u5Pv{j)`E5L*HGE`>tQt9s5dnK!qM^Z-R%8U%Z-(jmHh_WQV%d~QUFXFm=JpZ
zEn>>D<CpA=*DiK6=oY?+lYP8E^4r@n>|g7o>l+52xz$iZz4g;P4*@E9EO3%5$}YmJ
zcbk|SQlJ9E8;G})Mm!OLX(SsC+VPncrI@?N%O(`~3QDiQTnBXz{%J=*_JxSR$okyl
z#ddYoe171YsbuVx3`6(%k&?0p_zn4=dzez30D=N50pKU2FD_iBDJ4T2V66n+X3R7a
zql2zDz~$$+Q_)ca5i0$++^XXy@*e`i0G0a5o!KA+HUf57G7Sx8tNA5*H@6)NtJe<?
z9z#<<$X>u3wx6!El~sqScE{qro#6si<-@^&VNouEprm9lslY|Q^^?yXE`S-z<N_B-
zCF;uR(x0SXPM;#46UKvZ984;LijRY1I$cZ#eRE{|P8+7+A2y(0g>M0j3O6cM4B8z=
z2L}f=!SRO8+kI7Ld1V8#2C$)svnx`yqu{eS3=lxL!)zpn(*l0}p_O=e0H5BmI88W8
zJ0*p$(N7cv78nSFm6g`+R%j&xMz-AX5_r~%q1qY>5R-=(b`Jd^xZY0><NrNtV<>va
z4C@_A*{qFe?yt;*Zf32vWPfTfrYPej3g+(N<K=Oru+>Cf4S0>3l9H0D{V5bF&}$}z
z17%NhfBm9Pg07o4fB-9T*AuDWN}aDTa<g}qfKZ?@X}w$b)Z=~G`iYUt-y)|E`Wo=V
zdi88zwiM84!`Bc!aEM9Kaz=Ajt4t8yzkd&bI7LQkncBwKK0WOSd-HW-@idMEAvm(~
z)huZNmat9f=fke+vxrBaZ_eB23+})6%WZ=TB$}}#;xuu(rNQ(tfAjNNXjoZmexy>p
zVMc>c0DJA){=U}%&^9(A(8MbsfUFCrrKO~7t@C^K_5b#5l3zt-lmQZ6>-ZwoY#8b-
z0RRyZ2CxFFE=ME-MMa}BDp-*Cuiruxy1KNAO5y-{5(z{XP~Nn-?0vA|<=(X6#7#<Q
zvq3@8LU?J^lSmK1Gw$2j3m^(OE>7b^*uYA;LO{3R;4{NQgwQdbS6!t&JbE5(u$nEc
ze6P=e4~=ho4HjQb4ZQRhd9n;O>daCxh&UOd-AA|Qj^oSE`?nNVHIC~)0X2F!IXc?=
zOF$%$;s&(Az=?lBBj%xQ@VTG*4am`6h;n=q0=}Fa$xJQI@6Jx}lPE_6IMbHKKZB1K
zI%{SIpeq8T!Rr>gOGoE_iie+RjlKX7CPzh8I5H`H7KQ<VgoY#1GV4d{wYGu|4eb0k
zhYC=3y20ZH6XL*2hX`SFSd(I!DSP1~6YW3L_YF8SLV$B65f9JTEjF>*UOacanV+iN
zto(H6>=WNWYFNFvcv|~xV;DwvT@XTT>=$}CbI@efkF~J{AE#arpQQcOyr-`Z?<G7u
z88lG8dLKlE7<dc~inyxE%6Yz52S2WXbS(+&)i{uB35il!1M-rT+0VohY}CJh8<`rx
zT*qTZ{}f3d?_s;!Qy&<c2)=Ie`4AR<Hl{iQCe(m278FmtI1p~V+P8aqZ31+NfOPXW
zwf$W(m7V_&Tinjh;bR42FA`E79kcYoWWkPzAtd_wseTE0WW;hD0x|GaPRwTG#YZL;
z@K@Pxah<!rKGCYhenLm5%U^7ot<n=@a&~BW&&x|U`Q3f1>$=MD8{R8NY$9<lAYvV$
zp<%fmk(f`KtaU`hsj8|j0Fv?Hyqz6RoJ$TIMnp<ObMxzm-SJ#6&>B$=q2T4jx!T&|
zyB!wITQOqg9d)Arn{Ql{Lv^sv#Zj1_ADEG(sX*0kJ)I&%ix>4$iI{kRhzs%hH5GqY
z{(USN^yaY5)x83$Z;B9$5$3^aK%Vn<i!n#5AseRiB?EZxWj%d+sl4~#dmzLpb|(!S
zAG0wG^ai|7VuARdC1AtV*0+D!Ri$onhk<}DkCC6E<ntiX{Hfwmas&yj)vTOfw=`K@
z9Z}Q++YfZK6wY<U2db**L^`vuoaof!z2xVI_*dD^<9!51ij~{*Z7MiV=RgWNX|O6Y
zI9^#zjnVIXYY+<sB?`;e*B3{N3GZ?42dBI5vxtTuUuJG7{3Io|MCMyts`fA}EWX37
z(1VJK6q!)#>1?%XJE&8c*VQ$k+i`1z68K0Zq|=>B^n9O5?*LHKeSU&%ZZ5sAJ4DXY
zMyn&n4L%|w0#(uDRwWSe<Kq+7Y=rOp0Q68k8haVn-tGtpOz^9;VOMfCNN6grWTn?N
zd}nWAKCH4D_T74a5~7342G=c4Qi9b;+JZYV&I?gpUEHlrnE#mUyNlgxAoMDrw_!;!
z0zoejlLJtT7=r@?Yv#j08~J#7H7Tj+ku;+4C5JoU;2AYln>14~(Wz*ax(u0_KVDvU
zcT&Ao*7+Dc5l3z$;!F!4LllxuMivj2G#_6#5@N%$g1_t)u0vO%z~>GSTrLWjDdi#A
zYir8nJgA_+lUR$whX#@Jr@Q^IlBC3M(v~WtZlapWsZnlm<m;csAm;MG-Lg}xA7fNG
ze@2vF#{&a^cE{In#36<$2xx66$m4Q{IyG5jN^{?kP0@?8u(CeWu(6HU1C@!n{GL`E
zb2)Q!dwX7$6b}4nwZ-V`!_v}HQJ^rQK_(_9%gnCr6eBbOA^uQ0ZLyi0cPIm)ysDKv
zy|pD8pogwGA{Wnfw|NoZl~UBLnkZ<YS^R_Mq6r`>A?J-#+!h!ZhIE`E+@2YM)9lq0
zqOGfKbzfmg$H)L1)9UY|Mexh?Q?uamPw6N&i!o|>oras#;o2Xm>*EEQ5UWU>=&{Mp
zfp3g{eE6(@&<M#$C*3w-mz5pRY9cW~L%V$vjsdJ&?%{#5YHGun1=m%fcKJ~n7)uga
z!uuLgVh4(EgFm{sRAiTxoo2VSNoZ%96?8197i8AkXcu^mzkT?qWBl4%Pw(_#h;%49
zI1%@|{VeQa2nsQmIS7*ur4>@f60pF=Edi_cow=P)Qc}^ic#0Z;Y8F~ry58Zp^<YL)
zQpqufCT+Fi&**<^#!!9REH+j&?K}g}Tp%mR-wa*%PPIS)l-&7Mj1KTl*46!S%oEXB
zdAZ|I=gX3#rOoI|G7*yVDx2FQp0X}FW(JA)0!Cx1C&8(#U%wK)o*q0z6%+=Klb&89
zW=m5Y>my3^#E=T|@bdG|>dDFNBSAicKBA$6d4&Dna$kO=$-BA-W8T_PwU4Q~&&?P<
zC9}Je;j~|VG;ne*`*doYteDy*E7C;vdFd5NbVL+hW#2~5zXp=-DjRWG-$A>qgAG%m
zh?`T7-4aGs$y~+9-39}Ug6AF!A0Hb5--gj%1mN08Ki@9%YK2uiqg<?FjxH)J1uZwn
zz1{sg7Bhqd4ha|lvjKgo?iL`47u2^D;ZxAIiBWkt1O$WAt1A%}8X9$Y$T46gL30XL
zKtP($JRHmf7srD05eeW=9;bWQIB`<(SUOS+Ks+og>^QpIHv+x~C_J7>l<owZ{7$cH
zos%m+GlQ1Pls!2tf!xExFIP`Kjb%IM+kQ8m8m`>Hc{6eyC+aJ}T3%PD|6{QZ{02qt
zFE}C$#-E#&>D&9AZKiAfziEa5LlZfs3TcU_S1WB_eojKdE_n}l1*dIA5-|S9xk_4E
zdh<M8(Cvy;z-5Qbz+MJZsvKH)TF6{nTyOvyUk@IG>;V}9BxA>gR+xG)?$ITU7Vzui
zyU7-Y{ys)V$?CaZR_EtrLa+9xe8ziDPDG!@l+<vl+uB<0<|gcRlx<G0Ld#;%aObM+
z&q^edp)DAWy!L@IIjswwFNtHxLc;UtauX)5*?!2Qj!Zp$Iz^=YigbseAqIXX<@oeL
z*EHD@gY|)<#pUSk<@zuX8-SZ*uDUz2(W|Uyj%dtw-bt93_vc~_%zUjgmRtFs%vZot
z%&h&7dJPo)VRu)Da&?8+aN_xfSW?a|z$_F65}0?D>%K;NWF+z_J_ea#d6UR@+xbv-
zPIFaKGD<0sl-ZZtV7~&=r@3D6$e<n`c>3}fH627buw@uE#DEt%%>mRv+JxJ6=)ztS
zz(jRH!WG`O^A}n)oOYtPkhA%7Ub+4@2`pp3izRvq8PTrXt1mz^*akp$hugG=^|(8~
z_{j+NH6<0;%7h(ns5E@6QQG(XK*%LPYJ!H!c0MdhNlV{*nYKXJ*Dsm*6-Qs@t#cQ!
zc9#R6;=wdvwN;yzqA9}7V*WdP%(_(v;}5szdKDEFTL4O4(9tslPG22{*LvXeKR*!z
zZS6zYJ47rRb#*Nu$nJJ^0ja2~zJ?F{iLKM)<xBfe@=Du!TEh9^M&_HF?NGwnx?}4i
zsfz$9P*=cG57j3Q0is22F1GfCv~!&zk8@u>jDo8N1m54}KjgPCstsj(`(9rj>J}UO
z5t7DqfUVGe^HugDykc@FiwLM<-DJWwDN*<!X<_Yb1ozERe+T(oK|!HCJuU6$$)g!4
zCcL1Pt(iP9#ay1OwsW$uur!jAlA5b)YDRT^Y>ur~%4l1dBa(DKh?KAJ7QVX<OOL}K
z3l3{vUL*xgG!Uzlq1|GgkS}$0qTW;sW3RThUT?I(2o>wm+!YP&buR)(j~3IwV#941
z<E!U5^<3&RR)hQUSD2QT8=uSq^}NWo&971T9UzgU0){&kmdoDyKm~ECG!MM_P4NZ+
zrrr(s&AXz~1zg`_U|@(YmYH-r{r3g%g3`cq;~9?sQ9wFgYINQOl^!w#cVn~FV^IKF
z$A0QG?dLu%`l9y7aR2EsEiU)R52K1E-vR{@hWB!-fTjb%e-qa=bCMQL{o6NpOzgmA
zcvLZ<lCOIz>SJSWDdijXGSFof))0VHbH7Uh#H26jY0>ok-?@9QPe(WVOEUzMzIp?8
zZYzb`TEd{w(>0Bn98UZJ6<Fc2LzF=U3YO{$R+<f_D8mP}!ubO)kxdFGLJ660wt$cX
z!K6ouqW$mrqNclxy;uLN`*p@GxWeV$JKY@sE=fvO9HwjFNBel1f!xVcVZ)Io5DiEC
z;<+xs<R>wO@fLDfuV*sAu7!d={$;(#m0Z9<9T?Q(f#Nc+Fb@LB`}_BIgXd*m=hBjh
zVkYk!5aoeiTfBnp>gvi7lpl))`S~d?A^e1drM$e|vTxrGrM?WL*ehTv@i1Jjv^TKf
z`;4l0f4xmjF}gh@4n7Hyj*ie^?>JszMxnops%97<yMT<k)}gHl8t?fGjRHWTk_QcC
zT0yGd)_S$JmZtJz9RHjkImE=m`nyzNsdjR{J*@OMKVRd?7&(vv@jpa`C##@P^Z@v}
zx6v^%RJ$$$QGmowX%?*_AXs_qPXa&$QzExJQ(S9(^JPD<CjV9<FV$um*>M47X268o
zF_8;T=saBTpjl9-@uR~_I0#o)thBTxJuC^SieB!)@pdBaL3OE^qpwKa<#8Nnr98u>
zs&*P5U#+xyH3TLl)Kz((+c!Uczc^YH+y?PD!GHmfuuzNZXrPCOhcG}$RbhdF5@Zll
zYMRw!=_t&dT_iJC?#WfqFrmNL7-i0D$93yN1M-6N2*nVkJt(b#MPtW#8>oWp@0H@V
z`J113uL|ITJ3BR)V;t8Z5T)0zS8A<Z*`@Ob;mlXJgJu&@OU8do>gMqB`kC^|2}<J+
z-JUxni;@GoDgxv`;&rBM9gKxh^2Wu*?P0|Zq;Q`SP$I^bVuW&QiOI<|%QG|X4`5r_
z+cGUCosrQTch7BfXjv>b{1XHq%y)|K#7e^uL^?XfvwXZz)7S#W+-Kxzk<ZWKua28{
zL_afuIMjVkvOtX|mM*pVhLK{Cn>%abFAgw$p3;kuWvs39XW+cTX~z~6tWeR|;_u4n
zl~o9V`WEw@SzTQ(J9>J0#DJeG!5uJ{hNdrrDRhuTMVnK_#l;amefksySy7XKts*2`
z1!}Y5^yfy}@IT*^ejovd#{oBYXBc1>`&Dh{lu6VFk>9<SfYp+xmD%6twLteR_8-}G
zVXCTnGGo#9@F<*Z&L}~n0*)}~>sv&@19bsAd)a$k-T9Wcab)SVy$Ir%G13~~0=^oZ
zni^7&m35pRA5SHF^@=;ME<bYX_$U^1ZkSX8)xd36!Zloq@$BKs_69V02?D^DV?Jy*
z;tfD{c;jcZU2+jI4Slk8R5aoWCzuIp3P@)5pDy(`=f^{*m#96gL$MC!u&@v-V68rU
zdaT*l3>j;axFBSQUB_p#IGMf?)|Qn$DJ%OseN$?`-1ICXBlGiHLc(h$2E@P>6etbC
z2r%n!M(~Cl3xHo%Swn;NmW2gf7i7QFu9##S3qbTsF)Hh+zce6DwNHrqgpNL9Blcnt
zpkl<iYK#Ga^Tm31EZXOXpr!WEQz7zt9*>)xfC6%{bhr)tZ4URp-zW7XU+l+`SUSjy
zMhA4ZDfsz)6!A{RiL0q`4@pm7eCh0bj^W)*DUMl0G#e<5S(Mn+<m(9rX7p!@2d%+C
zjUe5JhpVN=FVFs!10K<06`TeYbzOzsed1%lRr1i?0-)2ukDuh(i=ceYd1zu1^Z@@L
zRIbGoF8khCi^|i=Ayvy;4<;)g$yCPpby^aWIG8$=mW+T(5FekIxFL~%5l8_S0KIIH
z5#ixrlS8U_adELPuwj3LoUDO8pDDt`Zf$LO;P0l?TIM&I0FasP^Nv3fn8y(}$E*pO
zOxHY)3c6!g#ozT{h#Dkh#39<-|J?orvb~@cE+}N&o30q`h_QTq#tqa}0^WT2g4RS{
z0)$Q|2=&5amAMN`5t5XU$o2*uLn10FD%;e65B|;w9t$+`!HKs_OkAwzK3BSJJE~0H
zKerfgq9WD=qa0ZhZca_p`FRw{bC&E(7MkLOpi0u<+q`&HUJ#M}&tfa|9-hVDf(0=!
zJg>&TCLr@4{R@`x1HpmYM;Jv<$#fVq_>Id4x#2YDrDKF=HdYZ`t9-8#{l)}HCK#Y$
zy*1b#nc*kns~G!dK1XKn%ZEtY=BLOEu)FCoG0|LP+;)lN8NfjNWxu$BH%i&H0WeEy
zXPM12oaUGnu8a_|?4lSW9-id2t<Yr*k`_Z0l-uuh(~9Y;o;feUGDfqzyZ6H9ac*?{
zuxpp&N;8!XtD-VaA1EKMY?+?7h~ez!sGnyqj+aF>7{1l{-5*xFeOQ8Eaa*ENNWnoy
zrl*tAMg4rQLDBO_{Xg3K?tiSq@Bfz(LRR*6i-u$?vb%+{lM#_hLfI=j^A<u`*_+5t
zM)rtO_R6MYXJlr5&a3zP`_uOy`26tklZS`LeP6HZb*^)s=XsvzTr?^t5V(V@Rp3Dz
zMpDYCd0gv(cHC>fLq5GGrzS!piD#vYaMMNDj<KvK^D_g3-Jx8qh{slZM%SnaSqqHG
zdQ>$ixA}CZIu`oYf2Ya|&UfQIl077J*U-SV-2W--b#c=4rj|x0-di$7=SH9!8mR>Y
z5IJZny2HpQcQZJ}uU9%cmfQBn^-3sUHzwsJrsd@5Ezi!Due1c8CO*R)PjnrtMn*tF
zE#2JHBg7>mGf@V^pe&Gxgy<7H24%%Z6_c7qnyCxhxp;g6{EF?JN%{{>pOeVS?lIW1
zNlQD53+JuBY4;=Mq6v<YnO_}wd#hbp75it%xcRG?)tdV8(Q#$YPQ&vJt?0Az%38jv
z+1=@D3|bEfABL2b)m)C$4;9E(%fI!Fp^AkgJZo@}WTKAEmlHui6YIJHm3?4}b+x1E
zcrkxDU~e}mVJ?RmID&B*&%c}8K;}myR7XQ5wxS}}VB~eYbvQGlJa2PAhEj>^*cI0G
z4Fwg`v;&dD82<I~S3F{cS?yoi8@}b9tAW|Uf*yxXtxG5Iec{46gKtS8*0t`kI}_9&
zK2QZ?E1B5~`$aDrn3*MM(0PB~V}}=`oF{X)=0}3fjFNx=`N2$x<iI->K-m;UhCy_%
z&vM_o6D<;d*~YjMr1amwUwIF>%VW}G?;%|2bM{V7wXAe>TS{#&**NeUGTe8HUBA#i
zF{xuU%gRC*jT<j49Ik!%S>&Udg~}Pm`xe2I2M68mQw_{1AyTeXK=9P=9=Kr%drzNU
zA9P<$gQi@8nu@YW>c1WbLK~%}wgM6c)684KCzg2Td~jHd^80cj%SD~96D0&THT%{{
zivwrG#OZIgg)8M&TqczFQ9eThsT1q#<m9@U{Gz&Qz10)JINAn80V~j-p%k9(@9%$V
zaBwi~eu+LW3I5By-Fq(sPS8AfAU4i!5x4nE&4`@b<5#?M*(2NS_2&!WvI_Munl&Z=
zqCgvLeNU;A)h3IS{<NDfC+FiOU09FD>{M#Ehz%190YVxzteIAqb5FX`VUFV#qu~b&
zg05RRf=z=TCMu@*1^8Q^%O1CIY;U($>qUzI2X0UdgpXPfs6Fl!wc>D5EwD&ZgOAQD
zRlt@EJcWJ_BA?KHor6aY{5-7&+von?>ict!``Xd!C7b#%U63-T7aaDUzYRxQ!OL0v
zNX+fMc1YptLL>RVE2FO7!-9^heM)KOl68B$Na{IRlWEB<A^eRqKCJrXq&Eu+sJ)Lo
zk|uI;Gx_w2!J_<E$N4z6b`Sn^31nww6|h2ufuLMe9=nMT#+fPj;K7d?C^Ct`7RvC^
z1QUWI@d;xQvS}jB<l(ifmhSaYmv(EIKio0>GiqZy^5GP}VTJB|RoOsDm#nt^`rd1S
z^^`D{9M|vxyiEOI1k?V|$(Uf{;nK825QTii=S9bC90r=SrdJn&2SgsV=QP)Dk61m!
z!^2x5z{mH!eJ2s8d=g!VC<jMMv5$|>7NlNZiGBM039lF$Om}~HdLyMmF3d3K_xN<N
zGr!D1m-kPT;grPsbt#z8*t!zOSo3E(=<!fii1ro@C<Lqm1Lw1+=7|v)VMi_L=JqAb
zM@M(ijZ_!<AH*dkxNQ4)_sTo3Ul(*cKD<+_L0yraQ8L_11LI9%!`(tzC4@IRldk3m
zQn1Bml{R6q<*0p?3p>ttzk^Ir7BxTuot5`LpsR{rHQt}t!UB$hC{}YSxxGG5-1sl{
zbL(7ygoJXv6WL)P`7?|5XLsP8p}tWJUpw}^zC1`XelHvB9TUG~@-tW(l>cZ@cBgh#
z@dhbb3G{5gOA;e{W^h{~1LOe`&!0cH+W9^1o<2cFLp?x1M1{$F4Mi=s@oJ|fdMIPv
zM=GD~2`7I2Mm@8Xzc84Kmv>H}t+he!z2zwVDg|?9f7#`X3@#GirnA`$473g2t)#AA
zJ8UmDHlmpE-geNwi&`4OLsqJtTfylGPJB1u=_{J)N(l<d%9831#$u-7kiAe=Q875|
zQQ|NgLOp|96SqciZYK<*6RA7cxET)9SQ75mc~ogw*a?XX7>DK-3wqQ)rXG23Q?x*@
zl4L9>X~%Ps98fUh(MrXQ)q^P8Y5e&5?RXEp{5fhuJS~Xt-6Q4gT}S)wmDShfs<#&W
zF7IzOD__0(cxk?Wkxf7w#wZc+>CH5iJlL=TQK{$h($dm+z4vi^c;Z=%r5vLiF4q_w
z1F(4Z$JuHLmyZ7~710AOmDJ<ro_=ikVigsgZ9Z13P+sJ$aitlAS{@fo$ohJ$$%Vtk
z1T8Jp3>b*~LR+xA&s;h8M#{|#k0*0d?tk4}ARWr<5U(-etCY5V+L8>QG=w2TP=FHQ
zqz^Is_3Kv-baT00H&YD8EiyqQ8pwx%2xklp4L?${N%k)S;<2IoHEUX4CIU>N;9kXK
zcW;ASAOEYsF%1>@4Jau{+j5RLF2YL+@9m5Hv&Kaf%6$9B98W+13G@kpIR-7i4Wk-y
z{!Lz%;-xUDA)}Qy5u&ajaQ>n{C&`7$fkg}0R*+A%%yw(;m2a<%%1YW!H55Y6G=0sK
z7ABo2$O`sm0vf?PKn+>EKV;&)6{~!P4zZOvLs$=!-EQWnTU1MHm(1}~g@e2H*$C;v
z<D8QpSf^vFb~$b{?`dq*zi$?B%gbwHEiJ1c41x?ePAy3fq$|ajj*T@`k)Hm_d*_1Q
z)prH?)6=#k#SuZ2kffBAl$@*r^K}cP#8`%2!B@au`0?{6t&Npc!se>?@#tSTUw0kK
zN~eBJ`E=DCF@GpC&)*Vg&tz|M$i5dH8#6Og^1!tKWH~2%#}?U=M_iV8>zxH8n7r88
zm8<P%-?+O|Fd~0ayuE%In;ovwzIzu+zFS?zH9ez<XfCd`jC|?p3@rM1wJ;#4qsVEo
zf1weKv^Fd>^aTobB3}slP|@DhphXZCdljs_PUH<HX6Bf?km8SyRXNBGzqjav%F~U4
zH9ul%mvu}wv}o255IwF|)b@+()}&>iy;mHdSTLyjQ<hHdM#u{)xK{&8!9R1t2pYii
zFkZEypWqOGr(R3yi^x-frEtCeOjYM1@bc+IXz42&#3u&pdwlsmHp#N)YgPo+GKhCA
zOigdA@fV<(4wZ&R*STnVUW_(+*tJ8<I$~N?lO)AV`*XD>$LhW7Js({sGRjtM^yXD<
z*yZr{e@WV@%(-=%FzwUbVoW|minmTk>l_jRI`KQ@PeUr(m01t|XzaaVKsX0`o2YKy
zJZS5r__n!aHNJmZgQBk{Hj%t*wa#yIkblqosic$dz*v=QhRvkp&|4K_UHa`yhTC5y
zFn6mRs~8v==f{B}qlu>F!Dx#V;&EZh7oc5SOF^M2aQ#PH3cwFxc`B;;AAS<_^va=O
z1CH*Qn1$eA<*<-zDbERds;>pzspS^n1LtNiTy?KeWIChGeYMeI-`QhjN>gB(0J)H_
zbi0#X>Kr8pri3xYz@YK_D2uf0L9y}TK~e65wyFE3T$CIrcIwN~kfmW@sCYB&hco73
zMVDe&@8y|UTkE+D-P30unVVO1Dyy~Hh>P!nR5H%{xVCrhnr8F%!}Yzka($1ZmcBFs
z1c2sL2a|~4z5a7q>WbcPHe0aEK>59~N(u`FU&u7>wo_OksnG!?PWPCL@(TTvW%=NC
zc~4PLY%lb`z4hkC3mR$*D({Zdk=Gen;Bt`6%y+2rtQe4#=NS;{;DJV+7lSVX)q?8C
z$ZW&RJ8qH`QFIL4l2;hv6|8R)bM*gB(irpsMC@@eptn1-4-l!;jP2^7A%rSlAlQeK
zr8k^-Xr4X|jT1fD{N#xa{fjO(Nq+$0={4`)=VfEHr>CZDA2#})7`m+;fy>1M+=dAo
zf%g=A`mDN9S$TQ+XVBnB#z!FLe0=(yiNQjr&&upvB(h|^6yTql>BhB%ad7Z}<^|Ki
z!5j5Tysy)4kA8scLN`B>M4l@7s<yVSQK;<lN@Q}}x%%yx5}|j$It%*L?+9${9(nG9
zfTbmlaS!GLx{aNrpqQ|F{J33<662P&e)%f3#TW?Lh5LGYb-n&B<Om^}Q0Gsf<14o9
zJtGxy10dP?g$04X=J`1$cyjXU6chz_$&TsxqP)yQ1`D`)1`D@DbNh~tNG2<aK6Q1n
z$y}u5aO1zzV88w3%DcPyuhzIo@H+_!?|rVc1LsswaQFA}a*Zr6@1wKL#MELZ08aGZ
zW0mpPod-8uvAD26M<CZU+hHp#axFI{CEJkugtRAx@*M^IUK*MsyDkeDKr>Nq@^<IL
zlRl#FlpN_bs(Y(w6ek&buObt+<UK3pL4xeoH~LN2xL=mp`@7_JS8t;wW7F|K=qdAo
zl$55HF$LlZ3DvDvuU<+0`ufHp0}a_?n&?7O;}Q~ba<a0XftgGqJ}`yriM?H8uSH)(
z(wnyn+sY?3uFD3#<Or__4NKX(=(?mEMbE%@P#9BScrD`dS}r~J{h-<!$Yy*lt=8Q7
zF?Xn@dJmu!bgEC6JFi4}9e0ojGpX<WZE`wr%{2Z<lxo@kV7e)w4pQEUf;;7TxjX4t
z>?uZwP-0gA-AzwV?~jj-IWNu6N8vR@gDS3Lxa7)d#@vPNc{3~~ik5yxTbYC$ssXVg
zkM0dtJH=I)Q$m~~OkIpxol^_WQ|TBiz(W9f-Oi(1fUz6iKS@R$mvJz1vENl=$Ynx4
zC0s^(vG#?V>&_)z)i=IAvPW`einlw_`OP!H!;N_zthXgxIDZ4%-yq~erR66EPCB!{
zUuP#-+MSm`4yFs~b|r;G*B|&EB(kbiD2csI{uge5g@g=-43~eIX1=@j>ax+@w1Nx*
z<O<Bc5xMojIMXaa9P#=3UNmcD-J}HHS2eI_dmF`FTTkvnk8k4IdZVzF)mT_KF)|O&
z&JS)4ib8YS&{WpZKS)lkMbHdL?^JwUUEOk10GUi@XXic-ng%CQo_wD1_WXVIq+Un&
zO;!zc8ICKDzKRTe++IFOcJ?fC`>K4Fk=~Pv?`QGOC<YVoW%&6;+8;_**BpxfO^7=O
zT~y;5D$m<8RnTC0pxF#+y73zKokFN<_Py#KB!O>kg>Mc6Nrr=UOIw?}^U|OiDIyWh
zZd&C>P(y!F&TdP*DD#;wXDa7a7VxR_heh54t{Z#x*Tb)mb|&E=u`fCF=4&-3PP=Sh
zWY5Z}-#j9I`}Rt)B^`pgIGxhm1Mkll_^3-C5XX4`In`@3NrcQVF2=kws<PL^V*QH>
z3oj{2<8Ua_4a23SnWD1g58p>eIR<)r^9X%j6H_#N{z`s1SyC}xbm{Z^JccBXqocVL
z0;Di7h;OqK!1PAIynx|Vdx+Bc=3mkC?B=!0<#viORsV-mL}VOp_Vn4A_P|pSpY!ZL
z5p#G@osGURepW3$DsO`bhhwIOU}xzVBVfXQ8qGHW;j-h)L8PNsOAckTwmz3HqXl0K
z*51AIBRpll%FYS-?0ul0mQ;YnP`jOCB|$1}H_rjCwX6}~7NX8K@5DmZ^!|PM`oPyW
z<@3gN(R6fIKA4e>J$Y&;%X0!r1u~(=dc2y=)YKG@hAt^p9orv=+G57PJTl?3jdgKp
zDe39|#<Z2Ns+bsM?fXf{+fNMwbw2txm#R|gC-P%Gm}AnH<dQ?<!L2uswkmqXd^+u7
zJ=VZXOiZh5qj_&(9tZi{-GptrS1}PjX5!)`Bc&%4wsPBi@CXVgKe}{1X!1Y#<>`<j
zw%;FMiB`t1*;yxXQBg-V=&Er*IHh?`)O-Fp<uOzkZR37p@pj+LpLj+}Hd49ufLTwO
zBYpOBGo8r+9}D;uV7`KV7yA=O`=&4FZ)wIQkRgmuOw%+e%eAzOUve88ue~pOZ9@j#
zmw(a=Koun6b+FqQD+Q1J^WS3+0iYg>ii#TGR(csq8;n&jGvnE|8TK(LDBx0?$-cHY
z2-)%8GY)}`hw#YUoR~<GjBM4&<72NIq$ri(m#@c-CN(3kk6=F6RV!V7N$;wwc6PRG
zvg}+}T@<JYA)PkuPL+@C>+6$-B9(}ab`)-&4n1*2p%AZ<*LHR$yVDgz@Db(U@U}6#
zAGWUh&U>^>+Wd-LTZqq)`?kOJpI?=+iJ`sen1JMGF5R5uDOXB9b%6!c6<4&i1dy3r
zIm{P_PKouQcrkqmrwgURdG^;s==n*ZO;4N+l3wLndTxwcD?D)zpBd;G-e|vdoIRW3
zVb6rXVB)FT`zPojJz_ssJp86#=?r~_VUaP_L*dL%t>+KMP)4o?w5Ju%9QMk=Qww<x
zTp&N*9(7w4*;~9_3GTai{Nro}dy4nbvnZVlcO^g`N4#Ym0T0=>B7vKac7#qiZtyL7
zP&5*&gO1S4T)aeO-@dJfWpE!owJrpz>JCVh?3Q|YGNCq?%;A;0=D_>m!*2f=>vu|a
zIXx4TwDTrkF7RFY1Y8+*cfUi)`3~H*UI9tbI4I#e-tG8ev1)`$a`0tl78d8DZ)E-c
z^y$+&qN%OpuNFdYy71njz4Pae((PP!F3sJe-=2RFO%JyAzRf%D<>o3Tv{iO1*-rbl
z{`fQ<m6GDo-`vvj6IxbW^n^U9s0U6#{HX0cLvymJx%u$_k00*KaoM9*8`V22WT}>R
z6~aqOI$1DZtM2!2{iP|NF{N<e#)ya{V9bH>+|m+D`t&vqXN+e3{bx{odtOXz;4sN$
zLWRhusYdER!kj`^QW8`DcZ?*D*cUk`gx{O@)Q}PGXqoZFmr_<!GzGu_Dy{?ufxP0+
z@jON~Bn)I^iPE-mGK)fwzQ&2b^wWIeQ_P$CE2pTbYtt)<{BiN*o}QlHTSFK;V=mnt
zfy%+34yaXshB@4kRHq5{PmrxOMsUSjm#8dGe7tPWE+yAJSWpR)Y*GjNRG!GxIUhXB
zw<ZvT{ql9E4|*~n86A25Y<X^O4oyalP&%dG-<A-*ht=GCt`hp-yTHL@5y*9BDCz&6
z@;ODukX~7=*|#F*_T?QO-cfR((_YKTz4O0T;8ug3I!hV`rjzgtfHuMDK=;iWFf!%j
zFl0Bc5zdI(tN-Vf)nT_ZFVc4)oEJF}^+%5?so4q^wwVh?-u-aRko1x2sny^(sHf&$
z%+F$`o1J?w*Ay^3KYvbEdc3=Ptq0_}M`NXC9Tw5_kUY<z$+L=sgTqJ1^_kXa&?~eP
z`g{!~zgSw<tnT6x6&qt&UHeJpGj#-d{PZsd>R<e1uB#gd1=ceo(B4Q<$xe;O;NV~+
z>BaglDMrb+3Y$seNl@c^p!6pOF(OdF5^{5Aq=Qp+gOK74(#xwlP)X{!`_XoG+2E^D
zDWUYyoWQ0|z2oL)w|5H(`G;b;3gcQG-5kNQ#C7cKl{ECc^@C6x4kD&x-&`2T*L(hj
z^fYyk2%1^yJO$G?2MH=%{yQ#7jP$;KEd&z{yg>R@TB;4Z&HN?ITc>1i<#KdjIG?F0
zu)zP#B3|>Vk={^N9&T8Z$7ULXC1N!eChNVeZ`}B@7|E@a49*|*f(NxVYfJtoBY1hx
zTv_|*N87NJImL%>DdDdcPZ5Ef&0hAxg~f1~*mT{ZQW}%a8;s|V%OwIb`qVgVMIb%g
z-hs&7@R0fim-TR8b(V|xEIMxNx4n5uUrSyd4o7O_mMEHO13kTzlRp?`Wnpo91VV3E
zNXRG}jWFexLFA91COluIs;VlSrM>V)E8}`taA>ILB>}$XOBx#3B&lGgn=$CX2(aMB
zXQgC=+;3_3$Hr{)-IPk&c7CTdv)JTj1;IHi9vYwnO;)Ul`{CA5pP#R<vkR1}u>5LN
z)IAP%V88P`_yh!$Fsj5Zp|H^UByy&u1r7dbM@RA21@ho0n}k_dp6zy950V3Obo=HC
znNoODYm)-I4A5g2ymqI9t_>BLOn!lF?H7cgMt!~kTG}o^yq|PmttCW2M$we57*g!`
z*YTnGBQP)`uDua4+F!rY(`#5~&CC!4*!A_!&hA&a&JEIYjRfzUY#V;_-2B;BJK^!?
z+eet`m0W*(w0|2lVNBM)Z&1cWPC-iMbu;$TctJ+SEh0p(GZDpX7(ZXp@#IecsGGZ*
z3B1)40(;ZzV|5)p{-_<y&jvuSx{%LLf{%et>`UPH2D5G=NHA7g2AUmwI${M@1w}<K
z-ZHSmVDjj+)YUsNYM0@uhH2^Of`iDJgr|XYv5~3T?!i$P?{De77ZvP&XhnKcL#46H
z#Pb9qcsNZ=&U9IQ!3E&wlifY@Ge$M%>a&4Kff0frCc-{`yC&BN?1d|g9NJr)Bw&R?
z;`z34j>%CVvPjYMlP)<;0{D<0#i%fLp$150HqJ=p3&@m_tstwK8ue-Fw1w?{UVg6W
zH*4#kKCa&1-d@=aPfGgI6vRn#Wo0#-=SN#dbI^wm&U@a+`zH1C^N($SmPro``*@F<
zdY};i!3?ijyyGZ1`viD_oha(u`}$^gte^IDQex^*O;xs`&fCNwN<8G-=H^=K&g73<
zA|kk!y!}zs#;$rFv$@R7{2X%IT8yTpr~d$9DrKMhG_@E$nwaNhfWL~q3)y)GydQ$r
z`z7Q^6F&ab!$*NE16Sp1^Qw0i{Ggy^3tgFh{1<iTWeDGppWRu04o431I(U`878k4M
zpd$5=Nd|x-B}zQxDFp`y|Ai9}zq>Yl?ON)hW}TL}IHRl;{rd#5K1cVi+;B0@Mf8f7
zWus!G*RbN}(1hpCxFPh~ctM{EIXe~`Mh;;Tw-^~2snr8`sOBO+zs3tJMjnb+<K<)y
zpTe$f-0BOQpM5CI1kkGF>!<7NGN1&}g-mk66Vf|R)H8>jhL{*h`edwfUDeihjhTSJ
zj}=kYQ2*q?!m?Xn5)LeqTE)=R_)Yb|{g&V>HP&no2V`NY+7A}^6l-T^=kv_g;jjuH
z@EFR9L{K?>9Uosk0&k)Q2u*17ny&Yf{$*%*Ej}s}Tzux27o>zXqk#aWLD|cMq~_-v
zmI9byLo+&_3o_jiIGj#6`dO_Wo}SmhHY?H;L+AsL2#+5`zwQ`JLlKPXVWQ$D7WioW
zqi>hd<o3v6Z>^cK=w_C-3kyra$NwzoB>G&;adB}EZ)Ek-ad>X_+(uvsaO)*X$^&cj
zprD0?cx#P}3n15qY4u}IpRU7JBR)`J?m@HdK!1PMpSi@;J^2CXV#1(J)49E)!|Ffo
zq{XC~@T`bP;&8o5Ux7u-_^#{4@(<V7wpXYK@eu!TXfV2Q{d!<dRn@aT^+#B2(K$#B
zFk)pejrK;C_70>@Jct}jQWZZsx*GE>?)mapRkey7dhi?Q{_3hGhpN7%MNlBwboZn4
zQwnl&sdp&WP!51thZB{<L~>#<O<e;6PT_DSBoHGRPv)1|**J1i$n7pfGqZ$b{b=Lv
zA7%07lmoDn;<^2u=dDileV81uBR0+fau<4ZbBNSZWTb`8pa0z4-hS=`LJCqz%k3x7
zPsVbhsw&>P$T&JWYN{c{dxp~8{o(jWV&w7nQnMqVX2n^hTm?0oSE#8Y<5AaTp`Wi?
za3MV-qZU2dsaaXK@sLP)d0SDj*4e%sv2o*Cpgd39eD@AG#3GOW2Vn6Gy}i9hf<i(T
z%zrvz>?i{3(ee|rnW(889@Yoh#>Yp9obw}Iba%q)k6*(06SWFGK9K&e?QFIzGKoY0
z)r>SWG;r<|)gRqiottwp`nMh;bUk96Aji585*9Wt{A}ar1E{1CA!oN&gI>R3ni04Q
zdvv3UjxDS;CI*^H>R~+qYRzGU(J?%hZA|t)HwN<!<)AEmq@<+Mxw*OZ%55f(s1Yeu
zjkZ;1=i%Au=ODmWtJqNhntQmy@%&(Cd_c{+yu=>xc*`(!M@&XW#`K>RiiV<r^!Xyh
z`$jmTg9!-<DUg}?a=u0lInK%~;3vyv2&G~FsaWt}DD_q{(el-;TYa}afBtNR9;giT
z-T#Lcvz!vQnegDfa>X_5`E&V8i1O=Kf|Dc6M@vI6>KKp$9y%UuYGnq$2<r3l&f-Wa
z7?1%f%y)ofjQZc2n5n=T)34ua@WGP+i0MtiA#>pS-?Lf)XLWR#Q(D3xqqa3!CQR|s
zBb=l&`9E9))nHTbSxX><`Xf5RN)1d53OK@WFpFXx2ChA^oTz!mg`8<?HSMglyHah%
zKq#+iB>?>X@X_S){k}vA=#nBvpa#VyA}nkl9UD7jP%eHAK7j~*``jY-Kii4Hsqmro
z=TiveKqY<SY$40b5pN>XV%Q-|Z*Co9jlFgaPbbXH18Ax?Fc%a_72%`66&ptL?_=m_
zX*Y*}<8(&J0i+>p{_&MJZ@4aU%9)A%DJv^6n~-{vbQ$eDMtp$6pA3Kb(zwcUAdl<<
zpDLVG@_&2t1TtEeEbX`M^<Ib8_;PlpT;dmva4=B_GuM;hR^W904B;hu`bv6s3Zxsz
zg+xgw%PE-jBEAJ<)9sR@l(AULHUPZ+?J8$z0Qc;I!~P9&pG(9(aX6AI@$oZ8wzf%=
zDY4N3VL%Wik<q8V|BKy*+J^KGPzmzEg$T?;3pnTwwnKNg2nS6RXL)&eo-r~pW#P+t
zsZ$);+BfBWFVl)hFwA$k&UTduP<KnxRbrscnj0IZySJ8xDp2)K=0yBifOCFeh4Xa1
zdAIXl0Bdyj<;$1E<$!bWIEBxVfa9pN{}tM_`WayRlJ_p&#HCB;_}+eDf~-jc&d`>v
zon2L4{O@2~?s@c7xSjZxB75xi<jFfF7^Jp}_wSghr@VyZEG=`swL`2E$Xz&F%D5Mh
z2A_FFs-)EBhsp*f0JjSdxM;uw38TBLr<0?e^yU782bV{`e?I}k!k7^Mzx&Mq(@qKr
z9akQ&AMWc*JMaR3AGlGPm$*J?Xp=Qj?bP9Ubg(xxFe(i>Q63f~T_K|5gy7P26%-Ug
zgdTkIc>U(hcM1f1Ux<i;<C00{g!_~n^hutCS+NN6^y$jR_cHV2St#WcRTT!~=5M1#
z?S6l_q{fq(ib@a*p#IPA1^6FrWo4WV>eu?evw*FiO7ukujwjzsXC3d|o4NyW()&qB
z78=}VW=eN}Yx@`6m2abfz8?!0QHH^w!4?E@olA0g1ukV9?D31}I0Gzu1a;%_plc5N
z=(4(4yZ(u#HU4)1{E0}t5reU8YPm1O2tYwO3H?9#QGWV=zx?mngd^F`cMqxTBUI%O
O_)$?*#}+Ew^Zg%0Dq2qf

literal 77822
zcmeFZ_g7P0*ESkZ5JA8OC>XjR-9qnzNCyS!O+b2;5<0=cjf(UtRfT|*&`E&M5m6A(
z2mum$4-g_95<<@AexCOm-w)^f0cVWYVa7I$u=dJcb6)eBb6(T8kBqdL895n2AP}>z
z&I1z==nO9iL~F@F5Bwwt^3or;oDI~_eZm0ziDY>826%toU&ksC`25)Ei$>#CZYc1>
z>p@zUL8gALK_QL-E})Q*5J?YTuRv!<e-}x=0Jq#tWlj)?7o_{({*%zWjj6EEk)>wp
z*6_0#j?0;XuO$Q>)9h>?{hs$7Z9#fYG5W&cDsa1o#?qCBQVgPFfA>kR_5CkmW}=dB
zHtHDat}y6ZYQ}&Z&+|nH{U9dg-sXFq{LHmocb3vp)qMG>>-KBGzm%UllLrJ*aq(j*
z8en@dXK1nEr~d#A@tnPQdQIeuIlcH_pg9X%Vw@RxPv73q1f70r_8Kk2>D#`G>Zcd^
ze?YXrrSs1J{_6iervEjG|Mi^z|DeRnQ`n0Mv<V9f>-4H_%ao1S-*}&wm$ykrM|WOE
zMuui?Zq7v|Vt-OD^6;-+lJfTVZ<hof-tby)qy-%hn^{^OI{36PfI6GI2oSIB#UE{I
zl-)n?C2SDI+^UgHrogi9f!tizu33V?V7t83)Byj*?<q<hJNZQK8_J=7pF^v!gJ#76
zH2pX_9d$6Z$rF9(*pa{`w}0!_t<@*y=Ila0mMT`%F6kwfmXvT`lkprG+FI!ITN|r(
zsI4yG0nI9({;rkk$>D-8vF%_wW@BSx<jgr1!OV<|*f9)-B<?M3@$~7_U;_h#$4T5O
zEVhwby*QqTjoQH|(ymBwI2aUzIW<_Ldm)>XLw;?0=G4l{$^!BMk!WjTa(T{d{LPz8
z5=+M2e{d4*6%A4O>GfFO2&8UfBRrb)@gr}@>B7SWDhI&g;p8jE%C!nNZ^BwfjTu0H
zxq!Xptz=3$aLYZP|N6oUQ;Bc(n`xK4dGlrp@ND74)NAY_Fy_p=4?}6S^&EbTK8O|(
z%S2RdO$M0jlMxYMz4`h1#J#mqG3f5<ZzXQ%@s^>ku5JcAS_2eg3;@lna%x5f8-=u9
z&1%^k;6elrDo7#vIJCjSQ9#gOE$~I```s&!McO4-FRoIY^xqZxc&VTSZ7lSUl-k1k
zXJ=>2TOQqY{h3WLRy|rQG0InLZgUU^eQX9$+&>Xp>#Y6t_4z9#DH}wkvAw-L^7H4<
zt7~g(7~xkRpO%fO4_7_>#!%)4B}bKB<p_u9tW9%&-&+%T_3Bl{{K5hgc^97s9W}G?
ziJE^a9N^^S#BdWdD-484`E!daD{-yI+XIv=ajVqK+}zxtjq%!RNZb_3%9!Q_yQI-S
z33DdI`zHSNiff7$t8avpy;W*$OltZnN-vy0U$!w)X6k5djh(J_?(>Z}-s%hF=jZo~
zY;Xd}S6@;GeSD=5u&DD3*!o=#am(cPz?Grm?(XjK^73+wpJo$n@kr3{rSkW4CfJK2
z(vxu&knvj0y+q%92BEn9u)TCXKE90e=g({Z`Sa(%K5$S*VWBT+hMS%J;VqgNcK#TU
zx{|rIHRo-|?$_@X0+)+{164U%{ay4tBO`+kIGHScy|uu#p@%b{OhVIHEvAgXD*kJ~
z;d!I`5%vts%y1n81Ld58g7%e`^{RpEYSG90A3tLJlxaGTVgMFFc#R`q{&mE_<)1&{
zHpr42s*&>TpFek_?it%fgui@9@)wE9zRI><#8!BQWhH`fa=lyE@r8x)b#`|1g6!;2
zK>-2hVMDp8^qtvPteb-ApqO(2g~5I=)=dkK+WsN@!3N=tk6!)t$!KY5$<bcL(P_J^
z?+ZFkzxKSUH6g6{>2R4g5>b_s2;N`5?$y)NGjQd~m89MEF~4Cra=PW{giM?vR4mb|
zYoDUrIfHz~MskD4pSyBC*pY?Vu2<*(U6y%2etiS~zzo{NbG$I?J6sEI@i(y@Un>o4
zwrvD3Whq}NM0K(QN}WQ^M3Xa7#C9C2KMb_W3z*)l^F7y}tE5d7aet=9Q8Ni}=O9T5
z3FZS)?+1N_EfpzuY}Y2I;=~?SEE0D&l1E}wQ$L%lO}%|&f@$;`(*!>L6SZE2lAQ`)
zhaaih-T^f*0ao|7yE~TYN{PV-G<2#ZxNUo9M=2{k{XsaJEdOV?QBm})&KjYIt;f&P
z3w8`<Zt;WHiV)$80nMHQ{QP>T;B|=muaEbe4<-YLm%02}f1mEw-5FTdy~M1-yw@mC
z{&{D)Sw%PjhphH`{``5dh3VHGeptJv^6A6X6^VkIvJEjeHln9}N+C1Y_M!Dhm#<&9
zLIX$qvg_43Vmq;&ESmsU!kjMbe-St`&f2h@<u4WvQH|8?r2+EB6biWxU|&&d4nOy0
zAsDl2qfV=K$>40~5e)ILe?XxT{C8ix>~q7Y@%4)rA6)?!PtD7-z5VQa^5i-0(5DM7
zS$2@GaTWBSLICgNiA&4N|FmuQi=D}ow97$69Bfu;X=&ZDk4^Y^vFtz{aFCyuWX+V5
z%`4?!<#>7=WSXM<e1=m+2W%+mG&D3aj~_qo{qf@mUC%$vxV^tUtbR9SJfEzKt<ZF8
z14lR{2E-3OC>b|HlCp1YGWPZL4RCaHe2*jeM%`s#Xz+gwt#JSxye4Ep31o(XO&XSN
zrf*F0nwd3_M9$FCdVVe{iZ?YeVR?T;Az(}(NxAMhV6pJ(ymK+;yuj|=*x1<U+IG?U
zADGz1S5bh6FBWMheKR*RqeGI;+tHYKwzydcI5&;B)m-J=>@hoI=x?Emk}Xh_f9{4@
ztn%J7rKhJi*VfkN2q8{WI%7HPo17<`p6AlD+!!bEvw`H9Xc=MxHBO@<03+y?pC8iN
zeQ=0$0qw-EX6EMqGype|6j2y7y-@%dqtX+`r0uzK8XkWOJtf&Z?B&q0hq(J5u+GlT
zwe0Ndg|f0TvQ+!wJUB^}v|7?0MMkvi(1F%~V_5Z{^hF98<z>q{e|!HPumy-((CVW|
zEv?uPw}O^^<;Fc9(rpn@jJ6p44Rb5szQ#4=*`cXtjY9CN*RHK5CL~C#{VwV|iI-{*
zT{(?CwQj=&a48cS|7ifI+z+NBcLurtlo}I}fGPbO(*MWj1KNC_2#9-s6*_cpR97;4
zEJXOO*m%?5KGEWn;H_KV!5kbGBft|q{#~T)2L(_=4v1NeC(74ic4%qNs-y1uU>g=$
zRS!QpKp>E$SLaxTPUCHu%(zthKpEWc-aq<Vc2P}EAJ2$M)%w~fRHy{sj6hgb%$hT@
zuvEP}-S!mfpnX89Bl6#n2?GxB^<|JS0NxEBtm<8ZqgV1n=%2Z`>;Vt~b@K4=cnw4}
z#gh@|C)aymLsP)gv&xUm#eHld)}#;GaNb{>#OQznjf;!RatN6U7IT17_F`3SC1P0K
zfM`1}#dAn)O1t!@(|C<l5k3?a&cK?Q<Ub=2h&|Ioe&@<tt((`(zWJBgNX<xGi_ykE
zH@;PdS|YlSngUG3cbSKJ*vF=7&lkh;8dz)vQ)S1slLS3>{@34$fLrPV{{F<!&~Uxy
zq2;r-n&+R@m0{Jv<+Q(K-zA0pBNV;&p<!;oRYjbSZ|?g(0q3y2vj%E#e!oOFn*kV=
zR_m!3W=T0rD@jRJ|Lfvy|Hs9Bf#5wj8v}kNqTss2J85RJ_ZE5SjyVyX=~)in^D=B~
zc;39*+u<!5sgs?a>UxGNf;s*3JQkAw*FHF-!97QsXvf6oa&s`+U0q#$eK>$dUKrpF
z(zxlih#vcJJnY0F`pBhl3KbHf1lh1O2o4Tjr-IKjri8O9?_Dz+J~82?O6#U3g6o)C
zr)-MPG^0;!@lU5e2s>(j)0w(gyoom{WGYS>(`lnWbn~fL(JeGiVcE!J+%E1R=Q=b^
zmgT}L#yYP!24<({IGQf~j`pz;HZ0_Ye-H*^aceor00j}{slK3ouIG|CC_(hrErzhA
z42!!Q64vR6Q>O;Pw&f`;cy{sHv$@aFDWQe;*){xIpvuBghy5RV9tH;MW=OW&5C0n`
zhCYZ@d!M!3O2}O)zrybEXX%{16Y_+^>Z1k@AXTmgsqLXNuJ4{8o-S%z7Sj#<OhL~@
zp^wXiskamq!l>U8xEywR-q8eIZ2ifg4j|$E>UNSRsWof|9kMZ=5(%)@CV)T8nyY;h
z>$Lw}HA6xSKmC_IsP?%erfc-%@TkAkD6Uc|mYjm`SWs*<>iptFr;oohcr*t;^sM@s
zViLfU+jV)Y*Ip&WV&W=sO%y-wC;}~&CaU14)UbsIVE(DS2I*y^893O`2Kk7z%VUCZ
z!mr-f9h_Y9Z!S&`VoLcS04ty<D_O^%5Rgl>tJw^^ona-dt;(~FWA^&FDiM%x7`Tlo
z3y<mz2P>-yk`DvGMT~Z?#<?XXqyN#Fd#q}^7q+^MD}FqtyHlda)8SdqIkec1Dkf4#
zo58Q5IrONO67cMsQL?%uPuD*^8_{Z-oQfq!!w!VZcZoXX85#`m=-`c-D5%5-Uv0{y
zgglsy%}wp#g8*Sg6&=UN(W#IiVA-kg^Z!Z(egdgLkXq!Sf9dx2_M_^81}|gOxK8z0
z%DbYwCrFRx-O&pkOE<jYtf|Ls12>slpKu1o1@#h4Y*$JOD|VY2!eY}=k42@@L<hX}
zAhsM4ODzE3RFp#wjHgi0{S#=cRB^C_PTYPzX~oV2RzYk8Cw#q%%Q&Bus`suK%`a9i
zr69@1lktuTwh)`pK@6DC@_W*H6+CuGu6=8A&<;7vkYGb9lipz#iTDt7th2+zanXH-
z2lz&qNu!|n6N#wZwI2=vXPH1WXXWEs$(yLDQo~#fbZ2?642W>~{r&yjf{pDKK2H7k
zR}?43Bi}CfeCIg$#n90kV)WI}E+S)c_+A!$-WS-l(Ap<vB0eNN>|sXR;8f)P%dHw6
zCVqkH6v^fvSYA1~<c%p;$7k!FB2wD@I43X2y8#!zQtgs-?C><EjVE_@QV|>fDxw%K
zr9a@RLxxDV*^EB2bsMfN-*tpDK>#Mgd{I4y#gnv)*QJuiI!JDAZl&Dv{=Bu7mEw~X
zBJ*2z%6vt>aYb-k%jd9tVx2{OeU{#Un;u<6B=yc^)8d)vaZ;6aUy}939|I}-i+Kz}
z3g!oo3H!c2l37<T5hj@5zHg*mJA;C!Sw_{KH}NbPS@<e;bVjN+92Tf+*vJ+&9IcP7
zLql3~#BPl%ei<bM1QF&a;Q$-p{78Rx6|_8*k2?Y=<XT}y#%Lh*gp#kXr^nyQ$aN>*
zXlnHPHD8YG)oiCLusk!!@ehl+B41&bSr{ZGy2~AB<_=#C_2}${R1Dj>@Co|G6BeJ0
zC|x$UlFZ1`qoFY|co{YGO(=Xi3IFVqfaw0uKqt}u4dP;_ug9LPM;BT4wqH*c`u$r-
zVYbn}0!!0_mRXaE=Xm!(H;7+mNr#j69Lu6i$IZHDYGlC0q6Od*0W~3|(loQ)47}<}
z^+9;_;g2+7R?B)<!{I3Mez1s$$lG1dccIVTgY&=e$hYimPrV%GkV>qNU+jD;BLCIZ
z=h^$3sn7Oju#kVWLer&JO)7eCjf<J3BTkxu2aW3xwmXQqcjnBimp<pZ9Z(lP&Fwd?
z6-Xvr6H6e&chk6vE42#9SHZO{Z(xPk>MN$j6`QH;`-V7X_oQ;s;^FCJc7qIrOXG$Y
zH>Ym`|Ju90E2+l_1CaX#?V1?b^#9L{P`O`Hd=1%QXykP=5tV19Ro2$hx~hq<7&cPD
zT;_D7!+a3%DSi5P$w!WW`uxON#R1!Hgl+u2EGG@wRFl2W8T8@mrJFvMqDw^iz2S9;
z_}ZGz-G}23b`aZJGq5Bf%dIGHH!plHdTd&#R5!l`djPfkibru|EFqWz{F8Q<`p_$B
zK5oSd;jHPKQ1g}zu6AmkwdVk%2dTo`AyBZx<rOF`JOZK+&Kv|87uK!;NvnfsZqzyV
zCB8X-MQGOn;cZpe+S=+1p!4t1(NQ>bLRos!J|CXTTX1L6UTf1`TU+sSIiuK#y{x8n
z{p@ahh(!!t>L=&oPZrqCuM_V=;+f!o%<O6pPi)J|CnXES#Js~pi7$Xeb6?iyjolMj
zZI@=lDi)T;i<d6Du9xu`Byra`>rUts2>X?$n);94q^maA-)dgmm_kGn4j+qneX@(G
zwtMR1%yos6FIL-{7l<>AOs&-MtVlc3sM63$WX4t9!d6#~zbILR_br#ukur$@XKc-3
z0f_b^4K2g$xuc^aKB<o50BUbM$HCy>Ai?~}ldB7(SGPW1%;mK2a4m9!x;gZI{Q#cy
zx&Lf15+$!1K0Bhu%7|d<YEe&BKr{BOx0v|Y3K1r-bruab$=ugY(G%RR*8RlX8y+qf
zDdGYZ@v-L1$jS>ZT$ILv%a{bqJ`8Olz!QG2b}&+izX&hq0Y&A;2ay~e=y2*V(n_YU
zB&pgVGMpyL)K;=A;va(lv&4pKEp?@^J1_scZ5Y6U&l+am<_kPIKEk6Q1U;aR{(cW|
zh^NVRmIcZWWxDORSUf3}>hj_tf8O4%>y%99g75`2TXW0iq$UeeJRmzE53Gx@J}CYP
z2W$#_L(15oze-rqehr#JIBe*xh1WTWxHZz1g4YQMH?INBw*xNFQXqwb2u3xHzCLtD
zeE)q0y?Y*=RcIMflNoe2KJg%^qW_wZR>Pk#<x?d5yDjpI76yaSoIc%er%@c~H&YM^
zR8i!KC2!7+i;aB{P}Z9Fc!k@qRB0Wn?+6aUA~0)gob(s{dbGz1&>!`c!R6um2h<_W
zr^&)sXZBUdZBaNC$7elRklK#OlBwc9Nj}U?O)l_!FE7HlnM*TRyW$oy(Ja43CYt*9
zmdAHCNQJ4DFZeUWyCysvY$cmkT%|t}rB=Ub@!|zWhnM$P^oa&V`b8UX+c&O;wRXAl
z-OFl-&EB^yc8SHRBOx@a$v}L+-ZbS)p%9@&^3h76oA*?U%+lYvo-H8#ffJ4K0TW{7
z!Qe8WHsvoTBwLuf?}MDU!Mv_%E#Oll?cNZZNRy@W_Q$kZsgz*p1OZDXjP<dEdFs?<
zS%Yv5lfFF1qdVCpi9UdNY3+J(j7yq0?{THvk?kwm%#{6#U6DoTU%Tw8<`xx4I{xE_
zIL?=4_**dyqbR|0*c-kl5a%bBba<9Ko}LA<%rmh2cmKbZ7^ZzRgVuvR*Kxa!kh#}8
z1K(WGtq007jGO(LYTDkPrJubYO}^0Fok$mamd!<$p}H#Z*@8tWk$x16TN^R6Mt<3Q
zA)&0t`MlB4r{ix6B0tpL?&e^ab`Ciad|ph<_r&>?X0hrkmEHwA6AIF()c-7#`kAvA
z^Rj?)7B&jo;PD|>)@SYc-`TF$00X&QO;5gA5?T^B7MqZ51k?tG&Ton;u{8MPrz0m4
zM_#|iRbW$U_eG;@Kc_d2n`#E!Cho528tk7vg%L^BY;(eEEGLdFoM>F&Y<-d}Ye`z?
z7{VA5zSmhNj_y=0`RON41ncf?1Qgr(Z;nO)`3!(zT?&5R-e0$y0qUD4T(aJ)&u2Sd
z3<1VD2PE5vRi#4{Iy}>LfdqH8Ni*5|$4?8G|0-p><!9JRR?snAXh;UAuY~uN)D5TF
zz>tXCY$tHlvBwN#y`~ZJ!cb8Sa=1$lT3^D~$Sl6QH>T47o7cdHuuiPZRc#Xj&(T{&
z{diLWW2&wdusW$qxFwaMn)@tmG^7$~owm%#jN}km)97nHAp#{L^)n+evw3y?bKS2+
zOiOkhkiK@+$H&J*r^QNOquEBK+(rG@en$_@6z#DP8Z9c^D1T7bFI9n*6i05Ft>uXZ
zD_k;Y*_Gdt9ZkFzR#Y`KUqT$OSW}V<g=k}>Y8O<<A-eZ~zrr|YlY7dJ&;GKVC?q~H
zl`w?%u3dlm5{}`ARfBony;Gr_JbsQ&V6`bNVJk##SeiJu?597p7f5Kus*b&JCl*vI
zV5Bltqox#d!3w-(A5b?WvzQHj%HLr~X2*ht0yknl_E<N1nr(c2d*xiEbz}JfkZ`wL
z<>1f`m(fyQ`+6yx^or85zdQHtx9{=F6dG-ue`M*H!u|jqr$>3Hdq%R(@nw4xDA>X(
zp%+Vs(6942!pjIrW<|BO2-tAgE~BiAd2Br-{J7RqJ$dSf>Ck_xCxQ-1XO2Y&2w%|e
ztT5ORi~Wf+y6&%~7Xxrh*TNF+1>e@v_NFDL;xX3EH<jcr-7#5ydq3v7Kr8EK@O34C
zAMwU~)cig)lo(EE9HXzato?id<Yy>uwP@vjfVj;)7ViG$Z){P%C~a+BAjN&1pD=}K
z>3jG9_XNKhisNI7Pfg^h4P((}m92(*y1$MZ-s||qSVK;#D~g&fztxCn@>;Rsoj?rz
z@kJP^e~cosf}KA-`*jme{JKw)DlUVnk}2~jy{sA6dTDywNK)Y#M(<nzEPsOip<d#|
z%wzZ0SJ{2@>*(z~`(}>`6(7()b<O1+f{Krlm>6n;T?@vSRtvg1go96+9`H@3ehdyW
zM;t9>ofEe~i2EFDPT9r3d*=iYy-#xx@#5&Iho0Zcs=v=4*99l+_SBk~Y3*#z2$*sn
z*hI)sy*auz^_cjzS@mMiNvwKXxgeu(!^cfkDiUu-rqJ{e4)1Mk-Gc>!O|b{wDiqcG
zU68LeGdjbMdp4tTPmbiXh1)0*9{afx)hkU4WOUPv<wZ|c7D9$<q?Yx5SyWWH&FzNU
zLR~q=Kv3(DgBt4+zx;RChD$(A+93P(C+d7}Jb7_>S%`z3{ae%2CZ^C3$cIT66oGs=
zDLN1N4c~rjNt!9mu{g86J5$WXy?^4&&S7nXkr0zeUaU-IS&@sLX*pt}Xir=!xnvQc
z_Hp}H`;`}qUs-;9YD<`rQtpS)N3hoYn7rBNP3Y|_PSx<3VIea9a5&x=aeQG^UY5ds
zte->4Y;cKvVlr~vM^8U7qieSnY9iGkv6H6(qWJ~nB8eiRqKrWLo^@K`{uQz^l>b9J
zi8}#aUhWyi^r@4#Y%In!{%ZuQ@`1HwH}qYSZd$ZUY%g<?=xA0pf17;IyUHkne>+`j
zo>{>olgN!-a;)~m`*<;8>cjVYg9k_L1arB%EwNmSI<F$OEHaKq4QYL~baBbD>$u+v
zeKKVTg>&iYYy&XI?0E61*J(vT9rVH>JuB-R@Cf;$hVm5fIE0V>X&v6y#l>a4I@^{8
za-k%89oNt`-NFAJVMah8kaQ6nqlYisOny6(!_S=^zXKk7i+lldzX1CmEx>*Az)Lf|
zo{aOT@j(ubc^h**DAXKVv-tDiJTr1ZGlUukO~O7w!5STOnADOpBL%@~;iRa~PB4AH
zly8$F%qVn-Qlv{S`%Bq;20<lRow$QW?~>k$$OT>eTeZW@BTiE@zNiypkCO=5gtpd(
zqa<dQMyL%be|$;DU~5KknBzZL)vOE>2Y-7-xMVQ<j)3zz20q0KR=n!)`0;O&=i{sa
zdk-U?<?EYcAv)_!F27H_EuAEsIZkklrEQnk-0m0amxGb(zlXa$lTIXf=$iqfCuS8(
zsmkws-9D5=zZ%vbQ<<eI(uZV#vvSnTNb{6$Nh-ZUI$2RY-QQ;iA{}r~9(!t6?fa(f
zd)Fh$2>l48%~q7Db}cO}VLf%SkFmio^n2p%qn=DNOs(hOab{dem5R!Xq61#)FhpVI
zKWB44zU^o^SEa<baN6(x<gNn)ZMc7Q*6jR-zP+t_Vzj%fjSJm02hwpjRdespgSI+@
z4Hk`Yw!d5V;oAGS-i^{~{XQ0%=t85ZjnC9_)JFH{%)U>S5EV(6a?j3oEI7Ai+h|>O
z=>bPcIb&IarKpl*M#ea<pRp|Po!vNj-Kl+}X?IJlSnE$^gn1wrqt3q5w;%Uo1d5x6
zPOJm~oyBR~mi7Qb_77qQHJW<b$$R<o<=48py3?>7ygB`}X6Ek>O6}yxbyEo)zkr1>
zZ`r}RvTz1(yDTiV8}5~r*VOFxlF@b7-3rW7M*3cUHw(eByjKH?PHo2mA`u>c4%P!-
z5Jqexi=bl*#f>{KV|(O_7>Vn=R>%r#3+3s02Qt1pSQV%+yT^cDn*Q6{*cn!XIs>(9
zZy@dX0#qT}E9l<0oYo=3U|W%L(DGdku@>E4A?vwdjnu1Y?tO_)mp6P26M_UC6k9vC
zkO^!-V`G!*CXZdOw00bJx@zU&S1nC=)~$oPT=r$lLI%`k>YrQab(~~2L@rMdaYPOL
zCkNf0s%?tmG5qgGyC%t_amF7NHowBe?qW=p3lzGe6A<_Rg95^aAMV0d4mzlmbJlya
z<FD!azWk&A_6Ja^RBX-h#Lso1PwWPvKb@s4=K{POYE`q{P;^{b6aLNl6NVx8J&kxp
zq*Ba>GBFZ$77HORg-4c8oa$mzXgGAsC>uwSTlHHLf_SMJuM>*4ov?}$j51tqscc7z
ze8<);XC4C;qIrR+e~cVRL1*2MA<+Hj{PLv3cUS#f-P{T(F_BLy^9!qh{CGd;X{^7&
z)}4sG=9*3o%^+bVQ4TOMiVH0v2BWqd{JeK-jfo{gRdo^9y;kSsrIg$D1l#lk+q(Tz
zyF$>IxB2j)*DKsOUF7pmvAKKkus!|C9g{}#&*AIbE{(U!uA3L4+p4dQ_3nh+0Q;GC
zaz(%IIg%Z4?iKe~<}$2C-JwXPN0UFXZ6Z0yA^LwDGTTW8{WBAFvYpTKRZutZJ?>9_
z+y9rT=~~!6@3phCvNGg(%6cL5+a#X~Nok$_bzol}l8~{I;E>;ZCjA*a$ysqCHjp9!
zu`|h~)+T~eqYsjU#T9eoPE1LddxOx;%<{5KNF`D|wauX4S`e)A>o7{Q2Nv&J!%t+Y
zRtn@=-M*Y#{g^{XwmKQ;s359lA2IQFePX8<>$l!Nyr;_}MDeNhE2xn1oJ3EC5Xe3Q
zo?=3NRUe;L_>?J`_cHN-&;0js2knho%pd}m`j_{<2Q^pPE%i`E5?ZD^m|js058pNx
z?me_!xuWDGP(0wP5`h}Ua^ed+GN#E;!*kraEz7F-A8HDJz;MJj#$mMxO_Jxg54fKX
zALwUIi`xY!jh0FWPnMQ<W4~58@cUSL-!FxsINEoIAnWr>>G>0A?JFC^M&4={iGVAn
z;{Ll_9{E3C+RV&x`2c0|)BM&*Q6i?;6<dKg7myqM^hw^}gV4WWC1;UtGNTD&j{(@m
zr4h^`9G*9OI~~00X!yKQa&;qRI{bdl-f&5hL@=IDWhX?5WhuRzHUbv??LjW|xzN-f
z7_Qyxe%ajbvTq}VmPOyX`L)&?B7X6MICov8iA=`$^v!VV7OE9B>cS6*mujw{L@1D9
zj@C`({_@Y2w+E~>d9fq7`}%)?-5>2ivk0U`Uq*B2fZ_zqY$r!@nwcS)-cD47^b)+I
zj>96S5@~#n`x(On<#aXsbjDO}*^z>W&u#%Un?=nqf`u_Nn$j-4y;eUX2aVeurlu^n
zg)9^AW$Cxfv*4Gv%*P2=Lo#-!d0<Ef?{K7$qCJTukI(G0LH0Z{^?A`DnZAMJ1FN`e
z*CcW`6gf&vDFE5Vh5go@bLM~MS-G-wc{+sPHoRbkUv)rQI9<^BJ0h7Vger>qFGi(t
zGV>-;rUT<%g`q3ud@?nE&y^I4^XaxwBG6#9k5>||i0TpE43{ji%gROvFVlpl21{^7
zR0mOB$$lXYZAz@mr)P^(4x~{v5=wVoS2c`79{20}s4T%C_f<%lnZfqhHZ9V@Or?vT
zDF;r4tna`hWfxT)_(}|T9MJGdMttt&tNeBcKKK;sc2rl0)`y_VPTC(^8oCK~tEdef
z+k^HKv7eHX>8d1D!=a|ffl%3+c;D(8Q<CCiwIKeWuY!ke3GO`q;b61H_4LV#o1*xE
zB>2;?op&XL(zhP8tcK&aIBd*|-!D&e=!a9nD$Lw{QUa)t5jFuE;-Bi;0n!qE@^D?%
zJ}`q#pXtP<uQ0&8@F?0b1wFP|`!TS~<wT9%(o{m_fZ1cO6*#4;`Y579FcLbpn9f$e
zv0ghjP~XAuxNzWR@NkV{;?ERF>%Gpn{J~%Cr;yO8DrYTu%d%x2f?D#egM4J7PK7eR
zK$%!?r%ajL+t@hD2vKNX48(LPdkiWQ6$O2)r?>kSiQbexud2Vd@c+aS5I%6b!=VV`
zu3gIZWpe%XD{%F&UpLWzD`0aD^`BiFh@Et2v3Gj<wDT$Lv2?Pb&oOE+pdPQLd7gsz
zZ<nU9dEiUU&-{6kV5Iqb3zN(nSe&k4`|b_EPG~@2MkQYPvI!;L1Q8`)y3%{4IuQXm
z?S7%@ZT!lcat6Ztu|?;KsS#L>f;4+;{yp&8Mqi~k64R!ymXbMG<E&%&)-avko_~+i
ze_r-iVgemq1TrziK7INyc!2v)S?=z3)=5Rz-`E^Zk2z^3gIo)pn{FTY9UPt}gX1f3
zOFC;kTl&`^|4DIm?dg(9by<2qdiS)p#Qsij^Tv(CrWr-t#HwwhPkuvqRfA_@W0+5Q
zu8Bsfow%!%4`uTQGpnv~#6-&&SECFfVrQvupOI1kAB?blR73c-$LX&9LNU0pS?JDr
zVc&f3zfO;8C{s74-Fm1jg!=qKI%+D!&vz>4oP#9g<PXL;_#h7G17<lNiQ_vZnfM0T
zW_s_1DMwwi`}<2C=;hKg@XG&iqbW9;yYI1&LvP3tZfTo3U4ef*JSo(r$-A&?tyMOd
z_kG60$FWBMZq6^>?fHC-zKM+|ZMnex9tx<EsXlanJ(%{!TUgs`JD`}Y5Vw*~aT)Nm
z=Dfn`2u*6=Z&TBkQ(Ggi_(+DpWYV$^sv3fQ2C!1+;zqd6%BQwSO0%9qwk^I3I^Qz>
z^Mz7D-Tdf>G@rXc&IE-daOyNEe|M9o*wI2ai8^hc|8V{FLmh!?1u_L-vo?h_xRPq|
zH<5SXVI0$JFm}m~t>T0Az1WcpsHv0msH7#IEdzdsj&aCs>u#PoP0w7K*EVCP4W8JY
zxP3&WmT%S*<5?Y4=b!fLpcr%hm`*A!?P)Z^wS&=>A{eK}rj(tfQD2WGZ;wguh>Vj0
z9$mSpz9X5!B$C53WFPe@Jk!k}9pdXwx?_4`gDvzTL`E?CyXFth1?Z}fCI}_Z_aly!
z;1Pck_s~_|xGjacnTg;%)T5RYJ}NYC+X<gG1}|`4p|8mIsQTrvWMsynIFCB?%Lm2m
zT-L7fPaRHrDg&#VTt4?RPuyqNlhn@Vh<2H&`Siy2f`Zr1yDKPuo;=DIqh+99Vlllm
zY0Kir2Htv|V#fuWOu$UQZ{B;HQ$&1(f8k)saF7+u1T&`cxk#iYvVYk+;!W^xu6(K-
zSj?7uurbW5e#m}WSnj0Wb>{+ZGS=>agnPj=h^a}OQh8P4$ep#FnfmTI?Pv)gif-L3
z%p%#jBl{d0s=M6MD#zRI*qCE|x{YCCzV)~7x;NCX`;=uHnO~c(Ij^DhA(%s{Zf2T$
z+K)I!X=#1CU<Ej=M@2+Sda4ktm@F*Mqx9?*D9Zr3;JR79tR~C<&3eH#vBA9g_g1?D
z4+!L@4!V!i=MjZbwZae8e1>{f(g>EunvIQ+yv3}L@gTfchlI+mm?BZ0j~|<JHZrP}
znJ(|n@0R;A=EIL3iw;H)_yXZ^ojbXzxjG72=yOZjb`3M&OZbshI6kbskIp2Z&z`k3
zG@FvtKDc1LNDIOOoSUHiBrj;d8N=s3#Q{<F8nw+;o_h5BlQe-^%<7OzZ!fB{|1#eu
zj_Ps&i350~#PIvKXpBt4Ovtb~e$N5>^F7c@98+=kvkClK+WG)nGm@ygw4`%W3-dxu
z)Lf5?pBen8R>LUp#-xBDbi%b@1NZxIxckFbL7fl6^fay)kVi@&Py@jG8`LDTq<8gD
zV62yf=1RM>DU7SUtd>Q42KCd`W^!KzKg9EQt?Ej5Q85=!t&M3~|4lE+nq5;=Z%89J
zWu3bQoO-Vef=j8A*@2Djzy=3~qkn$UE{U4C(5%6Ew`2h<0jyT!8#s*^Zrcsr;o-U_
zxW^szIW+P?Uv3KvNZ#+!>%_Dh5*mIYAsKCq%7Jx_@jiNw-UR&)#tgnypc@hu%Vcl$
za};zNogk{YH;lfseV*IM0w^)yPGdijPM&_&n15dD&V*{TtX#+4^r#My!|`@z)Wcqd
z$v&-ZzMQIzy5XTIpZI3~Eq@S*x#rBvL_Q#@Y?z}6)86-=%{6?JdNh@RPE8_URP0))
zD`>L=`HtnC$D!$lIvsO->%OwipW8k|ODwkK#A|T_YIUH1-54Uq#7feTQZMbCx(hEH
z-)c|3J)_bgx1OV5WqsQWn>kt+CeZcC1pBmN;rk7dn<c0I20A=Xa~5oz6pcwezzthP
zj1QMu-tzca07o+==}^h(vB}RnQuuLO6>}@84P9tcXbLxlXSnM7GF!q7ayN7!k*o2+
z^H00jddRNVh8$(*&XDU)0DhrE-;3Q+7@m27b_4r|R{I-6t_Jtj4WtV#X!a~EgCY<L
zmD&R-uOQ-H%g-wAe1Q~3&(vK;flj<r*%lMY1U%egE@J7X?6Kd0EA9i(CxC1b;J+9=
zzAwqX|5bQTo>NrS^_~Jd1-JbEiJ2_5)-h#|o+dGQUXgtIl^Ou5Im8@n+R7tY^K#FM
zn$AK{qC^8qt4uTWy)pgTw-84Xp-`XZ_}1YFsTbYQp*!G)@K%kL+U35L&}7XSmH;&9
zln{%r%>u<2s~nu}Ddr3;)iv`4r}ahbr_s^^Rb>zed(Fa59{DvmbMvr02p0m&2=ulP
z^m1INZsAc9Y@@sc7#=(jy&z@HaWj+{!m1m$15_37<QF?S)OX%-s$_Fjnp>s8_gHw3
z`4}55DEYZvzP>KPJ$$39RvpwC77KbAXsZ5kF!x$;etO5BwFk=`ZraYA<q%xO*g_mG
zjEsW1pE>vyt`=rT8jO<Q${e$OabGq+>gy=_dj&x!U##<hr}Pun+AH$*dZGEB-{S}9
z4`<Knwb6${6jI5*L^(mHf}q*StPz}0$qd=lV=D;9Hql<SMdtpVaYFRKj}}_>!L=Qd
z=TY*g>A<dEchHLo=r}1{=l6LHpyH~}%ETp5o%xTw%Nd6J8oxMZTHBN6258nG-o2_x
zvcT6YDo)SwQnZZ_2m}TUY$YlAHs0%C+y`gP#ILVfhxo#5mWg}Rc4P{(KO@lzq~AMU
zo8S4Ji^<VKfaqaVtMbs+`p$r2TD~DrH9fqGTWb1?Ejh<dG6~LLZqGX?Xb5hUk#ev4
zcyZk%L!tYnb{6-EjWBSpYcyx4Kd5#kPS{dEre{xLDm>cTHDN^N#;13PDoURlp=0=i
z3U~&@H#s^u>nfYD9oZ-1!kL*IDZ!tf_a44)RLnijXMa$~uB#OXr}+B70g;MCCOIhp
z5gJKW<Vr<&Rt35H4YULWZ*ER3t=_X_WcinO$!lL!pUq#;E{1kIOUsjLzu!W%Dzh0z
z*qiNW^-jdJ<nlB+?R`jthqjfFcFF7<*yo>5!PJ&t<>Y0$>g173NRVzDfq0zRhh1LC
z${P3YmYU9jRQg4p+c41Rk!S^?!tAA)QRw<v(CiH@&<nqjC;AT2PSxH(8w$TkUA5Fg
z0BHH_{S?52G!~kPI<a)6Gsu!}B_U8^z<SfEeJT}hS{4$IguH5Z@m}Z_E%fhKsX5I9
zK)lwCQU+IqGuQ9~V>!P(kBu2;%FEMBPSnbZb;1|NeA;p_x(0}sdlAvkB+T865clH}
z6!N4f3mj-JstXv&4Sl@UKS7lZIesHeG4uGbdqwl2&Fy$W{)he7mhqNsU}8rwEy$l6
z;23JElsLOLGrRc+d);+9dMn||0pG@W0C992B6%~|3ZorDU_etCvR)uLMGeH4N8~x|
z9C=S%z}L$aC+NdI3k*VS)ni5rN9Ynq3?TI&&|d*shU1ld4%lxw8zppNmA0D4F;(Y4
z&8wc*)d=wjovmU6<KRv?*-j4{okAbZ+;tz~VcfSQ{I0u>o+c!W5%P2mgoiJ7?#`J!
zXrN-w1ETNypcf%IYuBEbi?<yq;Ul0BUzHPf?wde+eo8jV<^HpY_urBZ)3bC64O3m)
z`CzPR-zeWa4Sp%g$e>?Bb?ax+5tR+j(SvN)o)Oa570qw%?Vs{;^)v?FzX>f}{>)O0
z97gqaubPIYq3;2<@^)BXPT6~p-N)|2B$Xe<#%|d~s+5B#cmYw~WXKaQET>m{9&Na=
z@y7gV4d5g0+X%~w6}I}~Gbk9A9YEKS!NAIL;zeuWGd{4Ja5zmK$LXEY+tE9IxZ0wO
zdX)|b0^;I)d}al(;Jyh;Wsd{jk7|V)IlNgHpW2FA|EJNjitw(I{CSHSlmyP4K55&X
zE(99ndPx-fwTa=an@AfoHuO&s^znhWs&<$M5Grqo!k7_uiSJWPR<2UvSJeM_mcs_c
zHhNzrl*(@1l9CE>|IQk-{|-bub3Q3ETJ~|y@eH~TdT@O5vaG%E=oh!cV<v`%vMCOG
zFHL5(LMKg@cqZcxzeXEt8SU_(*CUOkK?kg`>ZFj!AB67AjD1R-YkM%8*N-uT7wfR3
zHXtwKg=ECYn$`4a^z~2379%d5R=QEEpW`>%@FlqzHS$LN`m2{sS80aijz@ZswluOL
z%7O-@+3Nj>=3LlmQm`2L8=kd0yMq}D`4{*Qi2n=tbc_6I?NSZ{Kl)P*^x}(+PxvH`
zkqu%vh)Rx_xQQOm+IeuhJoa3t640Ie9(*KD{-7F<#afSLO4y(g-V>?&D{9mu%=q~D
z=ND(rZH5ABbc<8jB^hjaCr0)m=miw0Hs{LPK_;WyTt<)B)Ys0&SqoQIY$61-fP^hx
z%{!6=acP!@mP=C|Oo%jSO{$1pWYL2De!R?1v9Yk;I)|L<<d%W0B)Pqe>4pk<!stp2
z0x5>m(8g#m@fk9(u$UK~P-GV8<1^}`+v+UfCT1=$PcJXK*x1-w{Y>%eh-W`i9q-@2
zzgcC6Vt)@zDeMFet03zDrD(#j^ZAcO0x_LR!F?{ALx#YlLlsn=bfCY#o;Qjf8`^2U
z=Al_kJoy26xNMxES}49m^j=JCL=So6Ekdlw(_TaXh=cn?KdXj6BDufZT@p62Pkb`<
z@_tN8ZNZNPK&tsg{?uXyZm4<oX=g!w``|gV0nH<AA%0Uw-vwH>3QVb#>RV!eT9yVH
zJ-3|TwhcNcq+ga`^VH_Ywul2E!+b><kF}99i&#L|xrhJbHZ0e^l@L6vyz^72Bg!6h
z3Xasss623ES$Q&|%6EOVf#-28dT@b26!uC14_hmswiMWJ_KANrglcj6zug@t7QeqV
zRNbt=Zj5}?xK;6O-F`@rSAFgG46Sy@B@;cxSD+XB#U<G2DvO_W-P`p)C*Qt*hh~$T
z{-PbdE6^LfHnJL}(bFU2`SV%=r!)Kq(>`&myf^;e&D+;K(2Cvn(*df7p@1qj9C(qa
z$HUZ-Z@s;2EZ6To>oYZ0X><Z69VEt$=zbLdF+}aTU1f=5S4T0Rt$b%9BHbM?>>U@o
zG7aec_$<bO4vqABAv!Olxck*9zCXm)JP2Q7^pcAB7vK@`2Z%Z~i=30X-BAPF504+b
zo#PLN4H9=9&2cmzqZFEOiI(t!h;J{q6#>Ean%uKD+{az4(trqp9r|Txss&F{B982Z
zOqXGEIG4P~pP~ffIlTVl$ONFK%Hi-}uu8aebk|Ed0d{fA+x)j~eGwHA!Ov#jah6pD
zMDP`9si~qi<T6@+cAB#%GJh{K@yd*%5yAUjd6Im(B#dz}imFLkyN6@@VUInGO4`V>
zr^14{P=Bp~&WokoEojAa{rZ{A<u)%F6_?&YsQ06qk%(V!?GjTkM@;Hu)5k(^iiY)_
zKb&v!v^2)5TJQxCyYN14(?>dQj5B8$86GXqcJ<#-wmeWhD%R82Yw(@83s<hytP2^F
z)J??^ScV1$^uu-r<xEd~(TiU|K>rUKy}b#{T*w%!?2VWgiqpq904E^eCVw|gbz~=c
z$dmT_#94aXtZ8p#s|2P$r0ZOP(+O!Z185L$WTGuvh%4xEKN3U*RR?2rs67&*3zP6l
z$<2;j<L!KEO+7=vB<?}Jih4a>Fuc2V{yg*O_W`M~CLXF~nTJQTgY|=F#gf;R%(LEu
z#dH;GLaNQht&7d#**yq#E~1ikG)+L4{Ssg}A5LGxYSc(W4GoRCWIjy<<!_vt?ehtj
zEbtatgGQQ*=B&Nq0G-D{kdnQrJ-?6L!q3zpwz3aEs}n1DBvoP+rL}q8^Y(#nn*DL&
z?ikUg4^BLO_|8{r3lerJa|G0I=)}r;2tq+iCwl~0rM1a`8>RUb%?8diA4)NglmuhP
z7VYdLv%-sE_^Rg%K~vxm`G(GK!G^lO$2yJ-qbRvEPYi<_W!+rz#a(CeGGIAto}(BH
z{SC#SFMlSR1GNW%$&M%f{{Ciqdi^IARV||Atd8TQoYUbV+-@4spg()@FiWhn#MDg+
zcCoFon;*8`?t=sZN+<?xEEpn?59`-29u~5Cqr)SVKu(Z;X7FdYu<Z$Hk%-2|qEpUz
zK872bNCA<7cpvfV%tuN&#OD6d_6L(8(F!RqjVA{00b>zTIWFQ6QIy4e(vo#hfBKRB
z0#^x5&p&vau?lSdGe6u8VNk&?fqthIAM})HuWMpvX7(3AM-ySgoODGGbn$x8=g;qe
z`Ja%P2x6Ppw<Mm9q69VO+18#>+GDAxY`aBng{R<J?EI~vX&>}}T4uEBM9ZV#CltvB
z98iBBjMC28b6tSn29!bHamK#sPFIR^zv&)OZ5c0QCURKMS{{FD@Ja(Oc>;+MIUK{5
z+$VUrVR~j(n;bH6slqG}j<Ub9Cb`B#nq!rDHgd}ivm)^L&YhMGtXJ?v<CtFR{w6lK
zE<0)pupJ4J6hSsX+W-et^PM>|Ui8PirD||pV8-Y!FtC?bNZD```-cT=J(5{?#vf>G
zb;{*<=H|$L-HFzHj5DY%P?&(Q3aLn`>~#!5BOT%m(|w`+EspRUufiEDUBa0A4JC1)
zqYfyPb-Ele36;(NYQlv5i(L^uD-xhV3wtNJr2#c$PF?+KUV3pgblrxue7MEPpeQHF
zY7)L@qE~I-vUEaTf}k2b26NJSHx#&JzaUB;o{kotW92r;QwVgO|M}sb6f-c_WngGH
z6*4F@_Dqd>yyFGT-Q-LQ(f)E;`POmUeP$jNIxV%wAJb3_YWdVcjpS(c>&51`G@dkL
zuUN!LZ*!su!x^rIK>d9zbl_)B&T?$hYG|%Zs)9-X4N0x9htX4@<01rxu|I1#9T1R|
z=S<IC0NnJ8SoKJgTft+!;Xss<-J?gzl1+a#?EL3q!w=)so;-H^WG-bD5OAW?bwWuk
z2IRiUz<|#IwmmAM8qg$8UIV5YC#xMg>{!)~|E>YX5)#4%<?K{=0ivbGSBB8opmpSg
zg%?NHzh`&sOrGc63tksd`K#}>f?9O0IOAb72Ys46Qr}UUDbUOcgr3CZaXyb;Z;vJM
zT(Oa}Sp%>FJf4JcPQrU3C+C0B;tI2y<n6-#7`AMe<O=Enp>nKWE56}0a@w@pvbngV
zE-C`kf4lG4#3U_ioqFj2sCyC&hyz%YIAuHs>W5WPbq*cT606!QA6bCZ$z!PM0mb5%
zey(c71_zKZZ-s-e9T4P^IGS^DdKS|jNI-uVifKJ4#)g+N%q!YR=uYu={`!lskvd-Y
zZ{OXTfxoi$fk#adL*F63ue|g`j*dxCCmH*Pw~5b#yer!w0}|n@_)<2uo*`FF6*PK8
zK*A8IwwqioDwfganPDzzU7P{LoWA8jAmEq*vj?*$6f!Du_qVnkFep<r&{NDuZTTN9
zKzFw&&|0iLD9QEhC*h5uIbcAa@m%8L^-~56RGgFE@3%Uj=^LXYv(mHq!QUGl#@bYP
zcAM41x05h36%Esyf6}1o^C-kr%PbV&@1LPI<YiKyzxiMa%d&3LvGqGotqRwMw&Q%r
zSI@mjB@Fg;XQw*zjXN4i$E(_$@{vuNOdE$UH8rGnQ}zFSZ3?SBo|^;2M$g`!ew9)E
z%vGKHF9gc~MZUDKaH+A8kx?N4eNxD8U%y^uzIOZR*x}ZK#dI{8V0a))KLiYq9XeR1
zkBW|9q`B1@_jUd_r0_e#zbJ~M54={fJy(=9x+AH_>JdBpOz4)_{b)b~L>OHQGrzLe
ze-E8R9eR#R{9I{iUEk>n*-#)S6RSi-T8`SuL1Q89MIcV?Pzg!C`_6vNTF%BdtZ=|E
z*$-^Wo|r{>-Di!)#>Of@R@*CS*Any{4bzW%&!g7f0u0B{W!VP&SY9cJ@HHz`jk5j)
zsNRv6)Mufm3UHUXqPdD-z)YwrK79;=9+b=YEI+-u-=%6va)3mu;rlePU=FuJkIfz3
z5swrsvHUXp<)Hsy390MX_SDBpPAZG!FycD!)oKKzhr?K{T6Qc}O4MuibO&vXwU<0s
zJE?7fl_)lR-!UzWri_$2s7=ZE=85(XG)DKnOCv;wEG_D!mRD4qIUwN12(MUGSNFTl
z@z`GH=C;RFSX8$mCj;~`_lA|zz(I*YoM)_G5u@b=_`lKW^njDYh~eFFf<9Iv6p{_v
z??i%*j=Z^$)U27alSzr2ZmT91aJc&cZCusJ38CLmD%1y}A2k)OI}>e0`m+G2OfRZq
zi@IOQ);srl<5yn@5!V0`d%8jL*DEda|8U)~=3QfAX8Lm)@=ssRsVqFop#gWvYd7_S
zHogSk6c-a?nrZMboiWUn-HY1l<?xG-k5__p(Q#~q0>f1n_Q1H3A@tLWK%gQ!^hIg;
zxBt1tDYd-l8MxO*<PJ=(kVKwtm?Nm^wQSPl(xqyE?w?z%N<~!GVajvcQ>!Ql>6R3h
zho)3-8J?MwUi@5<QPvZW-9hv`9`Zt8<q<B>LYJ$(VJZ>sHAEuX8AP^LweOj$9KPbY
z#lLpJ!L8x#Ye~Bx0s*;>#rawI_`ne^ZiRU&scqqnlV)cBLk4~4x?_7dByHuDfdR4n
z^z@*=bpw*P-Q%6%Y6Cqz&#u>&9~bz5Ttb+draYjqJ+Be5UbTHZ-KCtHIGt_fSHP{_
zx|dHy?9p%gBteGkM9eG-vH9Lu>O{r7p+XI=g>UNkOL{71H>$cx(|Y$)Y)-u2ZuFpg
zej83AsItH<nA?!y0wa3%anbH~=y4p0`8s+r>bGi>tt5<<vv~LZD}W#JScF-9z(nn3
zG?MKabi$NE^in5%LmmOM%iBuC*0kdxCF1*pH*ank>gx}n77~>(D!{b5TOt4Xpxd@@
zyQrRC%G6qn-;dmS($A!cny*7&Le`g1!Dr8sHk(1v?^A+p)DFyTKHguRa+}95uBOeN
zC+oKP{9U~1phnpOG<NRIU#@FEpH~D%X-g4b{<)`@r0=y1R2y~4h{C<iDHGGZ1Tt~V
zhgIdl{jhT!?A%rHRjno*c406<{A_zv!Gg7ZR{3FeW4V-sM1o~Ubks6wZ~Y#WvhFbU
zt*?&<tQfS4C@qW*Ut$AP3Qf#vbe+Ng_I040hI>te+7N|?bjet2k0B*AMeTryjoI(C
zbJ?+GkDfiUDud|fX4<6vBTRMg$jb2u2D{bmGkF}2FAoRfe>*7JuTEiqD+8X58D&?j
z>rf7sYr5ok=~7G3hGjy;^7UXNy#V(Vf9tHpXH)(MQ!R6wC^H+=B8l}eucf!@bzuZ+
zGYg9f1OgKbOi395@**x7zv<S;U0q#fz=Y_zs+P6#jg>-Zba1Ir{-h5j3?y-ywq=Z<
zI^S0EsGEmP^8}Xe9ui?lsGsH^!S!E%($Nd(_?Z-zMP1|8Tg>f~Azt)(yIU3J7bSIH
zNoD|Iup3E0O{AL^PwCLRlb_@J0VS-h*kBw!n>9$zjtDT?FbIEa6I-uT=U}aXW9(;Q
zl?}51f@%91`qg$~v_(;M^S4iQpWFQD&VHFm<~z-dHmRE-X4bZqGWuBs-UleZ1K)p1
zp+7LUdLTC)T0{m$exKVtd-hB>Je;(78s`U#l2pU@C1gH=|0Pu|x65aaL`5+>(Om^s
zl9+4q6M+(FmxFaRSw#VI114e`?F<*WiI0tgIkfxqE~{(TIkz?Jnu;h+C)zMKjqkVt
zb3j6>evT@lMr$L4pTlWwBZ=}td#XE8EQ{FTF)W=dpIvG=>u#^x3m_)}Cc~JLabx+7
zAC&=&ADe{aavyfFUS<E5$DjS?%dLd=<(xFfpqb4n;hyg~Fnu#?Z|&UEVVkikI~<gN
zZKOc=>kCH(1qE+hm-QY;oDMjOJxt*2Wf#WY1Zr&6huJF>Qd-u!P+%$ZzO7|5ZLt>-
z8DE87U^h_=QQL|Mr@nQQ%3wbp*jayf7msAsfqw9+XN^hxSZ+cZb10sDghx?_tyeH(
zDt4R)T=?Oc#)m9`bqbv0^t%%!Ka=PRw|g3Fws$(b_jKi#+y3JCrHV$TA?runSFaZH
zaX3^yA66~`j!V8?HOT#kO8Bj#>4@N+wuADP7VBJ0rGi4lvjNgxIlSyKFm<U8)HdcT
zt?Dnk4dw(t*U`~&0VJn8!1&(UhQskZ$2#yo56D-=LI6r8C9`n&Epe~lK)`q-2GF1M
z2Sjv4kjf5-_rC8$Z<d796c-$s8dKZq{vV>wDlDrn>h>Ta(hAbu-Q7q^Nq0#%NO!li
zbeEKLcY|~{(v5UCoW=iq-#HiF_~^yE_S$oeImU0Uy*ZgypJ&5wf6WGY)Y;;kC+rR~
zSWZ5VX^F27FNf(SYD%heK_|(O`#FU3Xf(t>a&m}&ATp|aifDzA3J+Z-&A-dPBO@;-
zcby6+3r#UaaTl$8gZ=|iUP-B>kkW55`TS{qQV(+xVrOZtcY8S5b9BKU>accBV+@LJ
zvAfoOu{{1%?J@*{l-Kuy!7q|W)jq0N59-KW=wU^a#z^9m%p^<pH?%4O{hTmdopM`)
zAeoe&aahzrPjeIo2Dm^#J91CtD^ie;q)X`wy)pTk*8lUt)8U05Vt;>s#(Jq?!e!>S
za)fHB23tp0*G6M&>r*KZvuVk!W|O6GUN|T(`oADVavr(7X&-EjVO1m*t}Ek2&f@pg
zza<)QoX#4_2j$QNvv>C2{oIHT@RG~#9+47~pyos4cJt9=TOOS;6$y<@H|X@j=K@EO
zFvR&=X@j*s(eD@f$5jN?|JJsUMq7KHYT~6OKShX<NGl2>g;<tIKIB)0CSxtPwzycW
z3zb+|U9n1pdZX?nBsAQdWEzRN?(U4x7Oh?s$i}ApeA98UJ4PoYEc`bhD5x%3z`O0Y
zN~wmdmX=l-olXm9&%nUGt7sccs5gcJ1hG8(r@AZ&*+8j+>de%+PcQjfw|vfS1X|qC
zD=gVBpBO74{)(OMu`ji%w7B;0`LKv*#fl$q{(Yu!N@_-q_d^Y>TK|W2*68LT@G!qV
z!f5=F)lBi$HCaSFq@*{5OBCkqHC`Bg?5UceA~O^7N5rGi*6hIQ%SHzHjGmAzlFO`H
zFN@FgiBnw@F|ammz+Y&+V*UJ-twh~;pK~alJCQYETBv6w<4-OVEdgmAI8`Bmip_4;
zRS}9RZ*2I%c1Jp4$!0oF%9Isbi8_8`y*s$B+4-byxz)WsH6})0BUdcqxE%}-uY=o9
zbQ&rvE1PmwgL{U;KKXo!V@Uk^SuDkcHrBr=&?POcfdBqZalQh<=@~)T<g+%<M;}u3
z34z@`>M9DZp%$d47y*bz9I~?ZeT!QUp6O^OA~MPTivppdqr;fTaz0PWxFz&*DsEJ}
z<3dwxn{};AzHPXQ3hKwJaECK{<8PD!n2R@lv)UbkeU{-O>xREVgU;8U?pUOt<*HTa
z?hy$_1L{|DG-?xX9x_wndd}-tcaGsnTBV2S=xj~rB4<ZOIXQWz1_xkS;KSfj^4|LR
zW)mGXIb>@m(o1Vs_yja?%9o*i5LEj{D2os4SXWcSnhOLgTcgvFM(hiiknyLZrOl|f
zUgln$o8xfk3Hf;Qqah+dq%!)=htTtF=}1ux?dC&mEhCN2&CFg{$71OkHan+%<S<ou
zz9*yDUOyy}?otiq)5w!<%^YJ*I6+d$u0ROAPf0)D+clmpegB6vdqucIj;n?obu8Gy
zzQ^+W^q_F&J3qu?ldn*pZa14HocBmYO1}$23VCBnB3eC(Xx-+L{1=&7?&*&4Xr$$)
zv&F7JR;w9Ffr}|9^Y|adA3tg#z^?Ca_VLPoSyLB!Gq$<uicTOaq~(P=)D!SlD3X9;
z>(*BA%MiQuECP&)i3ShPRGlKlzrPFncj;fYdL{>dtoXkJJQyQOM4KC1u`?+zX+X`i
z5-WDZ;X<{^jBGmhw!^<^ssbz)<3dX-D}v^xCNX;TD$*Ko8Ni}9B`N6-LGUvNqbQhi
zsCZ-1@u~=LQum!A4C%;<6cc`UBO<Ji#51-kI@v!gTa52*tH1xE^yceHFx_eh-f6y7
z=dMiQGUbEg-ypeiDi1zXV&NJX!kb(|s%)1PHa5!uiZ6O<iy;u2Ia{P;g7ZZ0uc!9i
z7dl2G*A?>_O%K)hq`wLn{wmn4H-gXh^-U9S{Ly1F_Jdyn9=kSW&tfj5%_+ju8}=-^
z2@z*w<2W*`ndeAbn~8m5f>SX^tHNRdr8$8Pi^-9CAKVQP9ArH3v=S2jRxnS23Y2?u
zo8_k3YcLD#j*Wv;u(+_WjKgf$e+P!_#4$0y3`vA;5P9m8N{Sn^bwz~bcnpFY0IDUW
zed4Q$==#VdMipX*gD!IV7fLd!FS8@HtsP6S*>gJCrv=>kdl3aE6$niW`ZF4kP$HU9
z(7IzWCzf!q5U%OR?Ol3DcO@wws}*>iZhU>q(bDv)%?JnIl<SUrwccVpK{;X{@WaGA
z?OK{o`#o?twBvV7iGQd-3mT?fab-X?uf2UiTwzGt4Kt<WVB_d}idRi)`Uc5nF+=T;
z#!TX`DKEd&=9T_;t{m0=ft@-Y4x-z9#&q#FT4`FE>H1!XJej(WZdk}#SRi~O8k%z1
zO=zQia5@f0mHnpJZ!E0!!+$?g3qS&TIdRVyPw5T*YGPs}BGTIW^!jg4?;m4m5)cyf
z2)MoxG&lck3#3kUe}BL6P$C0?v6)%&c)m<(YPInQ92VoZj_%h(LK%VzB8C!2A*0)d
zAng9;50d`P>D|<l!6A>a0Q*1;<o?xfwTk6Ng;Pg(;sSNeSx2#*_k#3-<sW<9kp<eJ
z`kp^VAzKIJr8*+VkxGuW9(=HUL;r3&frX8g{sBTH?^E;Ae$m=S{Bo)iX4FX-N`dO`
zXCCJx11p>#3Z<7ydS&V##xg=s%B1DrX@7CaX^mN`Lf7KWez;<uT${@a96K}GJ>y$n
z_~;}T=VcD+uffSyPY)<SicwwFDwW9iAM6e>JNqJS$tgqPwsMM<w&0+h=rqQEYxCgp
zIAk>^V&w0jUAXTKiG~gG-S$hlX<!#b;cs6~<o0jbY1G?96$isu<KwfM=JYBl3NffH
z%&&1-VrFy)Wlxwke8iG46@&oWS|lJaCMF|NEH|dNuW#->0)hh)_`}Y~C^uWANHGfr
zKF@;*yf9VTLBspQivT4a`E^Y-nI{Q<Lo|+aJLOoCp&GDEAm>bkRK+j61a4}I#@^=s
zUD$*>fTZeg<tl)88_jpnet$KF#4p$qJVxFHgVWokm~$v!9EdXAOIZ2c>z?ujb4a5X
znKX=;>hs$n4w9aW*yi<88xdg_J%{s8pKWCD+=7|?v8;IZ!FsL<)6aRXz(!>oA9d;0
zm(h6Xlm%=fUBeq(%n=(fpLs6t%FRf~qIK$3WSUYkys^;KypO^iXqeOO%Zd&<5576B
zd>9je<#(bj*2?27RHn8T5wjy<{@I$!aj`s^cZtuN^f_02s><qb4uhQ7ue|*8Q=Q&x
zEQ@J#;?XpsjbSVm?>jOX&077P=97)3Qq90oDIvnx0n?o|K^7PoF`3M-8j^6k{{Gb|
z3pTp#NInWhtPSor*2^QQ9COPpuJ#1N!rkG=%gws;byj~@;Jn~b;@^W69Y=OOSU0jO
zG$xj;!C(G3<{tThxe<orhh1Vpl!$+$WOBQFeO9kNB2MKu85dggMC{rIYx!TKU1MPv
z1nnN!*JZwX)uO_`rxg|4m?r~0j(Q2to@A)A+FF9>YL4DnEd``msY|-$lXr92z}Ehj
z&gc<b`+AD4d+RDjZiEv;&I>7JvD{Z2C-m{FCdA}`;^X0=CJY^q=}Q~l0>W-oSkP77
zvSX&W@-|Rb`i{>Hl(o}-dbQ>b|5noH(CKn)FW#hW+n?^r3RIpwoJdH~H6yM}$9=kf
zy25yPz7Io>j6_K1{K!C%$=vLvhlz!=2{s}Rhc#`rg$fIEj%X@-jgwP;P%Rr=ppXX^
zCSl@`JSJvzQglZIjcSAIHXOLstN)Aa825{qA!!(ejQ)I2=<xlTKXYoL$ig>6eWBe9
zzWt?Y3PNU|<ZX>?NJ#Z3VJs}HAn{1t{r6uWLqyPDCDwC48gWB^SZL#WK|6MLYJ|0T
z3F2=H&FFQWx~D>eHPI-6Vx@$<9~5Fm)C2R7u6oveKd62g_`T{z1mEJptyGT^(TDed
z?kN+x#M=Vx)gHEdclie0;*aqfyV_ekM2)y-uNWeIrZTyXwfzO8b#eBvweF@e#*!9$
z=<5>SEWB~&n&Tfzd1PerZ|9oq9wcMV%hhI4w)ISq;J3+l-?UID#OjTiueU1p9d92$
zxjZYe#s%Mo${^A88!}_FnsxP?O}Q8aSYy>I1|wHrACwR2=Lg!+5&Lc1v`2{LX0M)}
zpZKSo9XIp-2wk6E@6K!bs%vA@(ic?_m`n05D2O|=K&7Yw2XADAM%4wKAgZX5%XnvJ
z+G@IRFP4lNH<jCQkInQ0QD0<CT%l;Eg3z1Sx13I9@jdK#_+?k$W#*gOf7=4q+87%I
zo!xKHVP?X6yH+iPIvr2Q1E&u;EUDhWeF)>#eiI!=0q;$BO&`#DYk-UOCQ~+`9C^pd
zB5^!Y1A3LAU-#==Rv_abPlNoWObc`4<;|q2$eP<><{|V$e)+dfS^dx06^Q@Xea$lc
zMP=mCU5+`ITB-fyQt$IJ{pr=FX?2p<0ymo?4!E@55~jAHe9qjxJ<R$yNi~0;-rt6q
z+I36T)Lf^EHcj1tOY9dp)Va}!K1@ry$My|E5ra0%ZAAZaQ?N0C1`8AO+iDpe&~BXr
zy@7S~^xID5X-X{2`uoTNr`-jaRR>W5<Aq@-!n@5bOu6|oG!swTaL^GcY`OB)#$?>O
zIU91tGmn=GCWlK6Oj4Gg$z$cKzv6A^>r=Zpp~QcDT|2y1F&_if`O`+Z=)q<w3uT-?
zw6wQN<dNT>czGK$SL;d0<Z093ERfhK4OK^4#I6mjP};acDRXR{U&<RZcRiz^<3l72
zV-tv(we7g(xqi@!|FvGwq2<a;k@AzILcgF(6SaDoXz#TROUbd^pTL{gwdIg}JJ`J&
zGRJJTLHQ<{;wFs1hm<#{SnvDA&-W^^8)25F?*a_1C3CLDuB2I04zrpl|FNM?wqd+k
z8z)~kAW{ucsFxO&E9Pdr5@;j~DCUkj2F<~toYz?xZ~wL(?qa>kWExlAKf3Q1=NnN3
z-lX&@VXRe=l%L=<z#LsOy|(FUElngIk4h42sZjRXNEE;RX%bV3PFvcPcoh1<W5&}%
z;!w+^f?}in<~#68yF8u}*(C$|(N~LJoIa5xcBshMP^5IRwpTTsJ4rP$4&kbEwOF;<
zdRvltvg)ZdrQRa=CXH)}(>udz)kD#@I<~OnOEG!qq`?%#&J%>NaYsh&cl|`QLsq8`
zV!nY!G|biSsmXYoQZ;|Fy0pJ1yq6u|Pq1IkOcBoDpx}Z+w;~TpCjAq3|J^E$2kwuC
zk{P<o=T)XPHl%Rru(sWHL{xjV+c3&hmTKDOgOzq7X1v6&kjyS7>3a(?0|7*t&By_F
zVU``wt0IJkbJ*Cs``c!dVuoTUn~v?y=k}bJ1@D`}qOItnu^E`{&!Rf&LIer9g$(J;
z4=5LSjALBNRfX(fgzdN-E`5C47=n8oG=A*uzd!TelM+QLS1v$;5|7Zoyxb3DkHZMo
zsI{o}cydFJBp93Oi;{9c+_hfD1j5pa+p%j}THJ<|Pj9Y@Ec5vsepfcrcm_lFJDXO0
z`0|`o0^>{dSmECaz0l*-pJ~HKg_J~kj~lB%r|~v8m(OEi8K9z?&lCxlaywR(Y9@j@
zJ<r26G2H2EE+$5nk}1M2esj2<8pTh{L_~C;b|e;Yn#>WUqTK}Xee?0|M@ohWnfR+b
zk2F3CNExpg3+R%U55sN7l~kc{?ylgd%7i)oVC<)Z3O7psYwv^4-cQIz+%%qCJ!{xZ
zOEfa-7Y=A^(I0d0u~6?S?Vk@6^c3nX6DiMP`eoD;*~tWgPj>vyMfWo+llQE?c+pGV
zECq#Z;@x+ZDKCs1A45-1s4|GLaCTJE5#RP>t!c~!-j9eH(_hmsHU56WPA=QojSL-g
z(KBVOIKWt^)7RHAWPpNrH`8&W_#PRBpSoy3uAZvKIatGunu$i%S}Y`M^YP5@A=FN8
zr2jpJv$F>V9W{o;oY+W8rPGU-*Tc1@(>5jF1T+Hy0Xn^APzk4`DViYI^tY=CbZMtI
zyK8k;ZwYu3isgA3cE4sA{!YYz>I?6zwbA{@ZW&_L>bAxDd#Z5ewK}hqYA%IE?&vtM
z)|cz<swjP`WMVS?@y~fO1{|5kD=h=dsT`1;6^=B7l1nM`e}O6tXpKdEmC(~ASayNv
z$rhos^g%)Ay?)TV4c-C=YK|5bEhc06xrrE6RiBVzT+CuXKUpQNdV;_cY)Pf_BJgeR
zK&Y0QNr#qRNpb>LYdnXkHu_L()H19tizv3w^<RVT1F7bb`Mz#NMW&p@WZ<rBuc|(;
z2b*@>!>t$G^1B14wt!<^Z)!i}Kwq`X0y5#f&y^J?+=T9F(&Wsz7_uRR*)mkyyvR1_
z)QW_D87m~&!kLFYZ$#Mh3L$=Z*)y{Gp*Cla?R81PLDhwxSGWpvozeBCT4-{dT``~1
ze!X=J!1Yl(YQ<nq4hQSa<n{-FHwcODrYKoc<NOZ{0ps^eQ?J`g#nFuMk+AK7T=Bwb
zbA&-khzV2H*LLHwh7|z;fw5c%FSW^WXls!<8G%Dqc8Qly!tFV&0}6(-#hzmKYo?gC
z;CP-A^+Kf=AJ1$#jEGI}NEmHT^{tEkF&Lo}Z;Wh{r;gVG-HC?C+vb-?)DH_k(XAE@
zp-Hd5ew{WO&kCV=YJNRHP3(6*I8yO!ni`r9Lg?x?Art7(c0$6!f}&r@DNQSacki!x
zN{H>H_O@ClZpbj9*75<;?RHDGOH#VunTya}9G6f%5v2roj)@tX<K%F6rZkXv?$68A
z{!z$5FT8MfAA?iSGmjK)!h_886E=#dV)Mu0JM@x+&Ob&%+VBC38Y|)IQ+31;`%E<s
zKSA*p5s2=BXhM7wRk_$IT%)ItM4v$n!PUyZV-OpgWSWgT+lDb+OLJCJOiP{DFZb@D
zGyX%2@{C_&9$704qW)lutD0JZUQuS`e649`V*8WWxG&UWjU^WH@yZN0KP_W)Xsi1s
zixC_YxVx~Y#&A1zj+l7<`mYVx>|#P%$IrPbwdU*NZJx7<t+9$l?ozMEEr$o^QxGx*
zJ$r(|!?ms996fy|O~=bVG_Vwa{#I@n3t?AKRCtdJOT<e`dXQu^lA^BubCl0r|77d3
zd}-PH`jRShEVVBgm7=Oj5e^FKJ{(VK^=y-=h;UOn^mhdCjSOQlGBVsBHvVDBzf(r9
zDhyob#;kji<>haYxQyC5JPB!~!JfXLr-uKlH@Z)gJ;KIq;St&Nl7M%<T5y7?H=kc@
z`0wA1y@@ibx!P5koGbMgbmg2aR@3B%Ms>%%bIE60bd`<O$vA@Er2v^B(K_obkC-b;
zI=-OJ0ltb&ae2vU_g|c46M}0_^UYs9u505>Tf=!<(wF6QM06vCva@QdSrm81=28`u
z<QrUFC-R(azTQ6kkC6av3@dm`{@7xPh2wqeo4wh`;;<n?TUz4KB-?+s`B>}5w)+*m
zY~$wg%mDl+`>s`j56L0qbebEB^$g%C<f~ZGwJ~#lGcxD~1{@Z<EwL;<-^Nmr;;TUc
zyhr<&>!TcoEE7XJt{FNyCU&;%Gk+M-gkdsXPsvkwlZUHS&tL$pIozD*xVL-N98DKZ
zCXU4?gkL&5HygqRJ0A%>=|c&U$4)q&e!G9T*H@Q<iI;#46?!$PXsuV<v?=C%_oNtC
zg%2+yb<`d;T(wUzq5igy9e4Nt)jFQeUBi#o3}j6w-|jd4w1f5&th*0cL982jLT!&e
z%Y6Bs#b;~T*tA0pGHAkWnH#;Fk|N&I7vZ>RR~gFGH7F6m>AL3rl0$8p`_BjnM0e^=
z@2pNQ{m4pm*%e{~=Y{(r_3qW*)?NK$av8=HyT2#qDD?3DgMff&d$LM!^Zev`zV{KP
z-m2SXD4|3rpoNs2v||0?WTD0!4R2{_?|5H=13Aj0Gen_iYwvjZb*(wdwWzLJrm4~9
z7<6~;w}&3@HlrF`-I!gLI2WCdG;(f|QD0j~BrKs-BH~mG9MtYc#R3sIyZaiQY69j)
z+-7t-)1yOa3lo!+dZNYU`Tu1BtRvzh5N9l=`~O|YQOEN(*atT=xXHbi_g2mN20XOh
zSn(*h7VATQ7|Vwz=enn79=4KF+l$LzpsxoulKoXf3&N{*qO+LGQ8Es*<a9cTyeUzi
zuB$F?2$g7IZP5~7Ldomu=^-WK=jV4m0-|tGFw(~VqYW%{detRTp#cT9B?GzwhxWYw
z$#wkWWNWmhpJL*9QW}|BU=aeFO}RUS0_JWM{8Y2FFmGs;s2*WB!jOMKRDiwv-{Uo|
zGRty4x0u@-A&8~+3{NfkV6WJKpL0V$#Gp7Beq@%yLoP6P27WWNl-|{8O{#OT4Mj_!
zer>kJ#*#YsuvkJk?ccT2X>!(?AP-2~1+vCrVZ9~blRTZsEqOc@UUWG8a^v;1H{Hqu
zEDNK9CdVFr7di3^g(4-~)%MKIhnuMeSNoOQHGhQxl-=HZYi-_O#BTd}MhN_+)}d|t
z-G)~Q2~N+^2%M!>*Xrq3!kO@J)1?+JnZu(>iwQsDQq5PNc8Yk=51b9A<G&>MZQn$Q
zbq@#!-(K_)gtmOo9>3Vk<kcI?mpNRhfxY-Qv%j<6c}k@S>?-B#T_tEI>-mn~4DF<J
zWMl_wxwEBb$t=O-R)1C2hDmkULH0ll4+7d>NnHs3z+So^6JccblIUbRAnP@-?1T)_
zilKlQ$PWJ*LvARB*R;jIyVHBv*TmYrJDl_>e{trQ%*5P8AfLszokSyhy3i#|?0tGK
zIjuMKVb4(IXH609is9*I-R2v+1KzomTnhPNpc>9ULRM-hyHvX=6R(GUKzM&fqp$`V
zk5}bqU_AQkChN0X%D21q`E002Jnqv!4=1QDr-XesM<lF-SskJc8sOHQ?~E9J{zIOx
zw`AYmy*x){Ivvy2yMx1xP*<^DtaNAn>0v4I$Hp~S)MnS%xVTT?wfH^Ekf*?_N-bYB
zqo!0&?-!9kXEs?yc7@GGt$0P9EG@=?jNIhv^8LC8Hlh6jsZtbkpN!xAk8i0aSA!MK
zGA~~;qdWTuF7BY^*ZZ}tY+;X9Ly0o}91Rc~AC}gePUVV2k4kSCi2@yYu4iuj)dU$i
z@@PIr7wK#Q@Al+C=-lC4VS+<mV=1VksC9#e!n5!FR81FW4V5!QjzU*$^}?9rfX^>-
z69IZ!2r~__W`4ck!5wat`)whJdFM|HO*suH?@Xf5PwttMzti5(5_h<w!>~!IR_p2&
z#(l6=h*Q%>q^Zhoaf`sd#9|Jhy4XQ$jMYYCVrCkkR+W_aN`AX1|K{=WJ-=IA+}0Mb
zgn~dn-gLd+eTXbDec<^yPSWTddAj@6<ik@~SED8e`t$0`+4V08ZUCmSzQyAd1jnhv
z#p$<4u*<$X(BAjJZJE1p4(*KXT01z*GO<WW1r4W&?)pN-v~PLRqo4&}4*aByo)dUZ
zTJ`fcJKj<{^`X%_J^uDFd~ZW03$alM6N`I$-iWCfDHp?3;H2kxNrxbYsL>PBVIPud
zG@DmZtwW((?ACv8uwvo#Ks4#TG8%1^^w`&$egP#O#;EB#kIhQkUgdsK7kqw8i1#l(
z!t(GQk?zsV_1H>ce{A)Jlz4D_dCrx2Jk04@!osdcAoIIW`A4-RC8bQ-cR;MX?BFCk
z-;$`Xvx{abz3WGVyGOtu{=M9McUzEIQF_C$$3_iVD|PG1wSF>Ik}Z7q?cM=@`*f&~
zmbb+@ibFhn4Ur(TWUYI=Kcur90DW~f1qW-L3a3Q!WnZv9gbFb+GjCKQ;)H}o?rfS(
zg}C1`zGP*kch!1~vtm9Qub1tL>V12EQi3+p#>CM}+!j=NZ9n-laP`m6Rnd{h@|OWG
z8FHu#Y|&K?lUd=^mK^nnt~_shg=K89QGfG4jHhh!`c<2KhjTVM0ZzxFy5c!@A8rIM
zspt2`?JHhXCm8fqv_o)6$wEq06@>PUl4i_9yb)%V!B<~oP}H-&39RcWysbT$>vMl}
z36f2}FV{YO6`<v-o{3T>W9WPhahRCc8{3=Rh5J)QbA|GatL4<Ow})7(blMufEz-E{
z0>D2zADz?P+|W5|e~8Tx*nL5#T?3A-IvSE)pkD@w_y(I9O8$%#B><!3rC%e?FaH)7
z&Ne&!-xBZ-zpQw2sM=!_PW#q*GDzl#F?@<>YWlLa)7!7a+K3T+(WmE&LAljc%NzTS
z&hY@YKl$p*#0HK+T(LWOEl%hfNvtY)DBib`FzwYn;5ima^14o(YEHkr9DRAeM0C&2
zef<%oX{aEyqjUUAp-KE70m6-6{eP5Z5kkbE=ElNMicba4cs|36k&`!E@B5$Rh)$Qi
zpfpq`{){pi+X2@CHm-E{_XPOnik<x~w<+3orh#fNQ~T_bNiYx^N=iYlkgGzM!oxWZ
z+RNAS+~R0aVih*uLmkjCuZDE8G?3tU;G#ADN0SLeOk?g-`An{(xPL}dl>Z&XzpYgm
z;E+n(xET{rKko)@!q<!pgd{H1V($1$=dd2B*C=sMdY9kx_UY2>`Tp6xu2d&o_wVxp
z>bh&CGoJK)*5Q^Ud{;KS7C#+6M$ORTALaUkq;1O5K^n+3i?m3{5YdsPF)JLQW%30$
z@rgvo=17rkLd7$>W61ehdKYPP=Eqi)PeF{&%ZL1=wHj|X@C~FeJbX+8>I-2bsFS<C
zdK`uYokMN7|AGb;aZ05Wlg9%6xct-F+&RO})y?Ye!^>kZPhkIL0<_H0k=atqofHWM
zFck#)u8)S`KKzXR+2DPE-gk2{hHYSGBx(->^N-CsJSG$toNA2B%sDABA7{cNdhHDi
zKD~R#+vFU@!(n50u*gQADWF^EEG02fI8&lo>6c*jcT!?ZX8EA~DM7&N9@a>#E>oEX
z1EXctBi3ys^}vxH1tqx!w>^~fa<HFc<y+4|d9}wV?kFx#f_KMq@#(_b$|-?;5>qX)
zFmhp%3B_!AVP~6l=%3Xvq!gu&2!hh~ap8HU@PZD9kWA&tFG+chP7vpZq1JOTg}8?7
zp5o%4aOEh--d_yBOfViIP850_;Z9q;OXm%^38T;RS#0ozvJMC%zw+a?y^LTME}RX#
z4gE$_E+>i))bHu(wek5<BWB|G(SuPzZYqw&<0B`iA;1Ab1qpNV>gIW)y%xXo*Zv2m
zJwYHIzF%CHRACk7mughHt@3xhd2_m2>5m$Wv^_LR(bM}8{ga5AoE-EBvjC02t<RNs
z<X*4*Q%3@w$IE^JDTT4g%>kQD<k(VU&7R!5H_Rv~d08lrY_WwufYY_|e9VJ_igNpX
zlJt1FA;x?BZnL5T^*%C)DeTAbJ|$f9Y=wuw<1;K~GPr}j!bZE(0MC(ib`VRAl%LKc
zO~GA40v#QimYvQnDKu|ibzLkcZo1;5diXbi?|2A~M?JO?VsY3<>LgCjc+Eof82qGV
zP+5KBRgLXpP{Gfie1i`<sv3<Y8lAP@;+Y^>FsO>S&~iE+4^IceS2Dny_!LAD*n>o9
z9tOEkC-<F7T^(y}efea>^#5ynL*K)1X4YD8*>8xH_2$w~m+2C)z{6XMpj+-0$``{T
zBa-p5#t{fSgzuDUnn06)NGYyYa{>oI8KbRk6OF123O{3ExxYia;PG&}pBpBdFb@8x
znVz;o<{y0veYU;P+lYW>F~7)sIl^JKS`ek<M*tg|^V%IK=vkW$c-PxdQ1hl4*|dDt
z_wYD|#I7}^MP7pBuMVuXAH@&dnC$t;zetLHK9UB9BzVXJ2V=jyB6z*2sWF)AU?v#s
z=iFSp`(98X58{_(HlxqzQ-H`NM|HNat{lz!F`J8vX1ML%n_P6`OanPFvGhTN`5LW$
zh#UOm_7+(JQi0%VaS@1wDay(Zz;)>#2kjBJt$rhWoXzd(%Y37)LEC0TDo0<Qi7a<>
z^VDoFG*tKR{nU;5N)ljO<^X@(b{h^u_bmd3uyANt1l?&G*j!Bd|CH_#u>63d`CO{`
z7MD{H5Wrfn$YTse&whnci6Ko6p}MLiS)XIcyFjWVaQL^bQ~_QYRZ$Um7`+C2avS;v
zTumm(!A{5E<aZI3rNcM|M(E$#+;W}mYS)X9wiN9IOMUCn4lI_vouh~iGOG4i7p`dj
z2oxisi#jWH`$x`a@0XD#hBm?E3<`tjl(*g<kTA2|4bEA?vituwBBVw69xE0qj=UH8
z5E1mmn1-LR>xR8Ngog-z|1xRPF3*A>ReeWF_Huv{k5dk-KPSMaYzP535Z_LgEGe!_
zmZfl?RtwSnL@N>|7|-m9kjdZQ1VT88-Vo7YrlxG{?1zF%?`C10!E1vb1vn+otuJMP
zSEYrN;F8<3u@pAU)THs1nRw8?Pd1v!w#H+dv0_h~v;AOZ?2D!O#OggE$LEkEr_k*E
zz^+QKMM%enRx23@Fq*IFJi8VRWpfR$2D`y@jakp1o)0c-5RhJ8S_tsMiXorQff2UQ
zVvd%oTAHJBwCDhuqu@jgD;{V1*qdC25=+a|WL~Vyf!Id(3vvo1yp8E>VUaXGO}*rg
zfkK^ecNbV}o^HvyJivw++Zi1((lGmG8q(JjdWpq@PJ$ZC++GkM@}E`4+`BoWdggMa
ztn#!gfV<Mf_EPqD^Wk(vv%(!w`i`<a*3}m428p*3xv&1mF3B!N`R=bu|M_hdDpCIi
zvGl*qB(cA4AN$~PvLJdUxgRQ({FEC*TjBp0H&!E}v*}$+&R?NwwL{EUe16JjG&ElL
zt<WprH!l3aN$xStN6rqXRZswFPnO_^@p-hrKD|ctfFV$dhD$g$<0IX<kGlylpwr;L
zyE8dnY8glX?{$NfCO^j+@Cv`;@edbu2Sdi-?en=XdIlp5?DlJGFi%c#)!0)MMB=V@
z?N0%41N8FpBlAhX+^uo6ea$;&@wmU48>{?w2kmL${COk0;{mhfB<U-n1?*+m^Baoq
zFJ7bR-0^uKafyA%1XcFk??5}`6PQO<=J_zWJQNnW+^jg#U#N8QIg{0NG9ad{E&TFo
z+g0ezYh3;BRPPlG*>@%43or_Bz53VC(7Xw}3;N^Zq{PY|D|2(|Aq)ocjxh$B!nlEL
z2LkqRFU10V`RX@S`6wvd#L$E&+g+C+JsA8+=CN@w6z^AaRGt}p<C%2;k#x#GZKhR)
zGhoQ*9$45uXDYI3V+;JncXT3m${JPueykRW?$YKzPrr=^60;C0Kq#0kJcac;a9#Pp
zo@{%Smf=ai2*?#nk~3+4^5yxqE8B?Eq}kXJ(%1+!UnQ1|wEmg68r89_Kj<8LcJ>m7
zKkdw>Ews{>N|I_Q1gsC^O{{DZvkgATE)DyF5J`K`EU#T@sDFS0ur`NA^Zjt#w{2zR
z5|`2EADbjSN;J@Z&Cj>~N9`{e<*bsq6VVAjyLvJ56up6h271pJ35m0@VH}iPZifSv
z4fn)2V5TvdUYfp(z?T779N5&v9b-`y9fHi~#$~#vyhOfGn)P<y4phQrr1wDLX|1E<
zaJ1YknJlWIreVxAUaUk-JeIyG^yNKh^co#@5C$YP0=~d?^h|%Umy#MTR_$wXbEMVb
zt*fieGq^df*`F@bViq^AP08ecNlV9J-}*W2_-`hRsJ#7aDKk<98R;O@YnH`<fQWc^
zTfZ98>Kv7)Sa8lsPX3am=pGnu@<OFwsf^oqCjIH%+J^FZD7#tg@{8?O`6Fb1yj<n!
zbfDjKmECcELEetHc8*=Nx^V#=CVkWz)Y_JH<t+!Z?=@fc1<f{1qx($?WhJ+B&0dh5
zurTml1})$*CR-ed6nfCY^WxD^S3F|nrwZ)9|7CZ2xucLzq(|fC2U$Fb<ky2``Lko2
zdGJ?O9FC@7NbvlBgQIc2$r{g{!-jq~N4ZqN_Gm-2OuMBY2uxG(cE5JZ;_Y7j)Exm6
zOOq(T&~NeZ`0`b9<1&WiEk36p@F;%mT)De_HkX70l5F?(`RP^GAO4ecW?%rVu3UE$
zuKzZ(Shk$u)na%um*V59h{$&$&LnsuB2c+Vn6lSa1fZaxcD$dt0By1FI(vGP!uHst
zFIpC^%R)gBG@2|-0t3@JCN7lo>ouNkG*E2kUwyc<WheBB4?~YhNuz+z8urmH?%D9(
z^3Yo;kZqjEw_4v@-LUOoC&IH#%8j|5G+QoLmeZ9g3k<x*GY+*A$^F=h#%69bbg=Ww
zmgc*wC~Nuwjx)i>r5byN^e_JGKQlki>%|;}P%YZz=xqMEmCgvixjoxv$+XJ?;u6@3
z#%p^MBD&2%z&*rWX^fqRfp(9hj2|pvrc-2LX}UQO2XS&*vlAU7VMv=>eEVF<`srvo
z_y-DO9RDWC_+1a^UQ=q|{OlbZY3uRh<r^Dc;<JVT{3|9QMG~+kpsuI!+XeKPK;Lvw
zu`s{q@=A-|>{Gv659S1d?saM1U6r|9bwM5o;tpWCxBNQ@1E$2zOmP}A5;-qt5)i#V
zKVXP=O%;HH$*yZvw;Zy+veo@=ryJQdgM_lmYWjU<qrL6k@7#a60U~5Vz*4vjvX8=l
zbo%#6)B8Eu+v}dn`^Z+Gx8&)=^$Yc2)u0_wVd;9S8B+3i&)fNDs1|NjURf#hZ6*}u
zOvFt1j}VDojCMNLXW-_-BR09>HyF~|gA!QcxxU4E4A_IRKXfSQ4C%WH=+)%(!3?{f
zb{P6Cy+)4(Jo@+JX{tx(L&9$_UJB>dJ}rb?R8+;o{fo2g#k#*-4`u^`11el+sQsew
zXq04rvjPh%wtU4kn55bH!utR&27Qi1?9U(dpB<8UKdULeemLza_*H?z5uuT;Y<)eo
zoB7&1E$O@^*(N%9xLp@6OB0BarY```(HI>as6mG6Ad6(Jub>TiWv{w*-b46MmQEFL
z&-aeYwW-yFz&M{6;}u&Q^+qpL?{94@6D702hE~0Tc9)T3;aIoBNu8?pyC^B*z3)E!
zvCx%<7FSKGQi}T$pD;iGJJtErzU^J=>Ml=y^%#iUpTDhdnQC3JNukF~A%8WXL}+1{
z`Ou*5xSW1m3@58EBJ8^N`OEl9J89yO*+f1f>Z)59kP83I{O*Ox6E~Mialn}G+3aNA
z+q;L&c26Dvcm+}u^SNGzc+ZxsXR=wmf~SwDPnaR*)8@cz$+M&3U}Ws*UB&|$-Hz8I
z(|UIH+uOU34r_u5@UEW?2Opm6?8vT;4)-#sP7bz|HlSM+iVR;?y{nJvR~tO}+G%Tm
zzhPFa@=9_xdAj4KrH3t7=zh9~<3AP?zqng!1QAd_x5`LQ0AyR+B_>nOpro|a7efVC
zuOW%Y1GNS_GKsOwi;1m)rA8;Z7oU*Wib8=)T%fWgb2$xlpz^&C%B4q-h9Gm6e(%1Y
z2uK@PM3(Ym2>n4s2W>45*Dcx2OU=iORr4J^2ga&db@*{GHQZqx3uS|%=hKh*qH^_O
z^e6Gi*VA9FR0GR3QOPb`T6&KK9PjUt$$^sTZgyG+%QVM;aSZt@YOOo}E1p=(HMa1d
zh+?HqaUFn&{ST1Za@Gk0+NDSc0f9G9k9J4nyW1dfO!dAC9BF_2Np|vgc?z`vjMSJ<
zsuU~XE;h!lwm+#Hcq%d6bC!vURDdI2@Dhfr#wJQC3jgxz`p<Az&aI7B6mMA6?uF|G
zC+erTTCM^{#;ltpCKu@>9|<(``^4yRvF#@rinH>L;V!@OI?MGxc~Z3QPmURUBb#Dn
z@?p>6vCW+ij+pmNrw~+BS1IToOZJw>z~nH`ng|JWc7yX^R(VT=x`HaHl047V;f^z?
zD)XDT(Vnb1yXAeZl(4WccSGZPv*|}CI!$xDhbjY*frJz(0>;u@#ikEfj#u2l@4zW-
zx5&yHj8tmJ1G2zyK<xs$$oLP>$p^=M6i|iU9<Gi7=n#&toX}MlB!%2gCmFJD1#>4p
zRCo)tmuVGUr7V642^;!%ako9huzzqg5^cK)-XvU6d`UquH|`hD6F%TqgmNn?sFLRn
zWqn3Cz3QF(lkaCjNhDwQTF~>d%noKB0lg<)Z)0**khzoSFD>QU{tW+&qc{9_{9(rL
ziCa?AKjGV|1f`CI5~ANz#|ekabq+Zno#?I6^k}ZWa<2Ie^QSKgZvya8R{ewPYmnjx
z45#a>H)rN_3_1$sfz>-h#6;w)?fpCeO5l~#*bkL<YGh_a)PmvEzN3S=YQK+G3wbT)
zZ9sK7oXkbhx4PLf(S`$|GXC3GMGM4l^VMdk?(9}wmBKLZqHuyAXv)8-bz*g}4JBTT
zE!H*$AmT1BoqBB|n*Uu;Ug{ww9el-F3Y9Lgx#M(%gR8DD#<(h6?Vq2c8-h=tJm#Cl
z3YBXeX_`~rBV*r0{}y^Axpf!4wihNjQ~!SByJ)0&p=~Bt+`G%tBTHG0HX&ziY#r(T
z@+__05RI*(qS5!PDe+ZO|2pI&$i`=fo)()L7>#$NwU(Bz?Am|i0PH3_l`YJ++W4dW
zE|M>Jh~S-fefG$fc`Tx$A~rp{0M!KJ->i;`p(N7_`1a7NeW|9>G1gxefpd2k#_(l`
z$aQJF6Ec&_-t^zrubaCsU-nR6e^8vXc2$5x82Z^jIF=R?9U)}{7NnH85QS{gCFHb)
z%6;lJHl#_E;P~iLA5JX_N`CV3G|Ihj-ly{#Xf`kGR9Mu3NKaASVEKi@RV8lxRrd+G
zW8|@#8xr6n9Hyrw@jBDvEe$eqdP^{|vE&BDD>uRrYP((O4<D3o&SwiZt`smU)awcB
zTwQG|>+0eQcznsqB=Chn`hbtEQTSfa6^4MT5m-Y+eNmfC4uvbnu0UP4=~R)bddE1n
zx*@n9&@HxYbruDPkiRl+X7ZTWRSriQ_yR5+lT?a8uQ9x2jr$Xu?s3Swglw@s(a<w<
z4c{UC%nY;eGu81nq4VI*-kOW2#5ZTt;(-DzTB3FE=w14N#e5fqCbhBGJt3bmYaGl&
z=SY|+Qhk|rDkO<Gv(t_=!ZR7-wo$JtV0TZ-+vjheZg^cU3$>2VfJ8k=q@T!=K&7=v
z*l<=tD*&Avfd68$Q7K*z@9|E5kh;~bFw41C)>P>O$Hxtxzbq)Y+Va`sc*mvPc&3=e
zWtO%H0XyK4jH)j-dK~)oDP2zgRt$bQ`r8*6OL2GN2mOn5$JSbfO7BF2^E&FgA_1fF
z<(s&-fsnNK(6iofOcRXyU!ODHgr2YK#O+ydI<sn`U=5BXl{4ENRK4m<T21zb4+zD|
zxr$Nv(wa3PK_i2NP`3=d9UVTM27Rv%F4#5;mltECTWH;sWQn60+mj2`kEi<u4sO|h
zrb}&BnJ-ETe*h*K#p6&d@GZd~a`Nyb?s(M#neOS~lBJWIy=PDUbe7<u-BBYv7FOn*
z)i|n4Y&JMy5)wKSsV^;QuVo@sz1|Wl;^=6f&!JEUn<`yP`|hd-)~Q6jd*`HGJbo^e
zb06#Ry7Kfs=@h>KiFP3(T)N|?dZ}-iy57McetVxJ+t6_rt|Tq}fi2K??*NmxRevX+
zAwwXLC7AFQg14#Eu~3@)l~@BxN~(Rm`--*G8wLoAaF-*tcj5RW*?2tf5#O(Y=$LeO
z`IPc4fPqqKtw-{zP2lN>Kopk-LJxp$0a%?nZ7vw0b72Op5y`HG0SfT%HvIP?t<YDu
z@hspgg$S5zKhCO66suKA?b>xGFLobSy8_cj*PY2!DZhJPDYuZzbPZ2dE$tE#$*aG@
zDJZBII780@FFgY@@fwZ?|Bl*L%3FhOEXphG)`h;}@g}`Q&39{_&N#?7vD}g9v8ri2
zU(_>_Ej=6TmtWaXu))&56-sKSWEgySnJYvC2-P)TAko%Phz4{FQBKc4y9$>w=+{W^
zKkkpdM@XY4js^%)1bm(Z@O*O=ib8n3Ggv-<4uFRK=z5I%o7WQ_94Q;mgETI(NrE8T
zdS%mqW7FgPmpupmoWt$2q#ZMel{W$9132n&i#0*smR6u=5W-byn0#T7t4yZITUQjx
zV_`oB-CY#TH9WE`n&<trNu)P=5qL55)G=hn!sFw`<g_POaeH*9`rmbkT@WlRB-|`%
z)b$jVR6rq+$rvuBQ9Va)z(qJg@Wby8h|w#(Cu>iRDcWN?!(|AEC;JgBMuNVi_x!;Y
zF3#03!D3M;xQ+O<f~xmL(TL)@>^*naqkUpBnvYg?N4BRs`B=KtLzy-h=Lt;%pdR4H
zJ3zfBZ@D8MkdOeCRxCNjSE1;a*XAF!?K6`?<!1K(F=Irun*#o81!}_zqTro>MTJFx
zEArc`uI6;j=4+@tTU+;e4BtCqvr?Ya7dkh&yG?>Mi9BA&O?;?zb~IYd5v{TOtHN-j
z`LgW%8mR+V-w@AYp^`*+cR1VYV#h7nKR`tJRdY&8=c_A-vX3SwC7*4tdfNkAn?IF5
zJ)otm7aI|G6^`PjBN_|X$&6Hiv6dr=<BCEAB`*kFQ1%2Y%pZe%@%XaL{`$q2>Aag%
zSnINt*GI#X-}(-CR!mM~1cQ88ah*`@%9n_wl;nx73HjZ#<Q2@RRj<^FEJ7sfzkfo7
zgY5>&cD6x|3>q|OkXQH`1S0{xlfUZ&sZ=hXOS>YJ9Gw=|Q))2>TEv|ES~d{V7Xg*V
zjOP_(WXE+<sx^?5%(75rjrWR9BpX!fsIc09?{H>edK&p(7GQ#y`)W`Aa*eseW(XaS
zOjBB9?pG;n2J^svKAe|lu#b)|l>FkoOez_EFN!Q?RH$velmlH19GqJKDV%4%L}w%<
zxC@G5Ti&4~J;CN;2(2;+t<=&ME`RBNBlSsovicBE@xkb$#CxWj*LEhcIV2)=n?iyy
zh}$4Qcr^;z!Y~wdk;#Zr?nTSw*8cCX3fKW}@9%8CKRAtM@|P;xu}>9m{7*9tyd;3G
zt$IYR-y1(CG2J1&qbn^jooi%yC1#7HFb*|p#@!-bt@ph!hSy=Zx^msIV}a*2S0SOI
zU6q2*P~>B&;+dWPj&LE8L&;f$2@E>Jo49c1Y?hXo_dBUICx2D{`_(`GtAj-dSkWyF
z$k+i7S)U)<Jh<FBtcPFv`1sMi+;FbT{09hxnltj+_c7epJKWZ%>0<~K;rEz6(OPvh
zawvI+%A95NhMxcaAP_<)$j%J|B;Ox84Mw+nhkG~o12aEmcq6fQs$Jc%$gt}m0l%?X
zeckkuMIy;}@fnc{MIw0$dd7O6=`=OLL|-NNa3&2-YDwR0a-WqI6C-W5qz)D^%YqW4
zkahU^fkheO6?63Wb$Vrw3v_1y#<mA1vh>KX$VF2<$EbF*N=U3*0Y2Y3G$E|5?f<|G
zP;%Xi*aaAn65<>j|1dW8tblHv2L9yD{Q>SuZCEvhtQ`?&!~D<w1U3ui;|LB+UZ)bB
zXKx#w#;)Cqo$Y@YOiUamYnS^DINUW|lCfl@zu~HGZ*QY$+)z;B{mZnQBO}7YEsf2s
zN1IS7e&D`@mNQ`Z``=w{Nl0H38mVb1QKJnRkCHxK?svg(-JpvFAs$J2cgO8!Dfqi)
zkgr#ZuT7n8RO+$KJ5*oZP}8Goz<S3@Cp^AmvpDd^XCR@@+v9-af{5wt>Jx!SPe^#3
zkpMxto=$612D!T9xGC%5!vRC&;mQagGrma4&`llCe1gNSH~kDRF0N5$CLG3Y^@>#l
znxKK!!tg4rXP1tQ?kx=t4#<wBGl_(MC}XQ=Wbk_p-|DoUo20-4tYLk!ngW!f?jn1W
z^wCD(9Rp9k@dK{3%a`{zHW(!zOw5dWvnFz}xICM5NF6uz4el&Qap?mB4DnbPS$hn+
z-rk4f+>|G%(1+xva#SCs+CYRvMZNs;D<F{%jTUkUMTw1vEP6|(2AwTO>GG1O8v^Rv
z{?-65U<F^Yz=Ay5p5nsiqWc+9{lb#bQRpQP^>cO6H016=`mEnFn++HErY{mNnc17)
z>X+N8kc7u|_>G5Wqr<gj<Fas`f-M**!HJ2vwfbnB0DQhbBdNP^k||uAdu)_u>w90o
zvg89+LJt!1_GG>j*4w)jQccT}_N7F7NWfxlvQVAnl{W&0i#dRjh=N}UJ0MAp1zx7j
zTEudR0FvMrg`XE6i%L=;ThLrkFncJ|Di%>VSNIX^Q3#;KLi)jjkd!9n<HG}HyKu7;
ztFyzjRI=iK)+-$`__$NaaFaB7x79qOPBJ$dd~qUYH4TwG(tmH`KpaMiG*}ruuuJRR
zuRnam9ag>AiFtf<J%%(#yDbgg{Hu3siOGtHKxRN0`sRz&N3l>MukSQf{p<g6SxcN^
zU(>1C;to0z!!QypPUSHH_m`?#_WfcI4assDE+p%hda;Vbcl%fMRkIK3UmoB851)Rb
zqH?u)3q1d=w<qFME4KLqni=)_*V3#dae#z(>N3%yqf<5V%AZWQ#$eE&o*gcL#>imQ
z``O>V-kLkz#L6NpHBmM6Sp7AI5b(OjYG$_{ChI($F2)en@y1IHLcHRqfDKKA+-JxU
z2_1-AFD(J(htuhJxG9U!>E)TnyF@E_wV!dD%TkTpFXrsTFV%U0l4Yh6RTnu&%9}3q
z$GTVpP?6qR@3Bog`{$F&Jnz?<zY{tB>J1$w<?|i|o;-~kwmO(C0^9vNn9&$1R?)N6
zC%(sWyUbF&IcBw7tXbOq23}Vh60y_4kdM4g-U7wCTh~_yff>0IrXla)Nr-8~PXwMZ
z6EpbEPOtMVGWnHgg!_&f=I0gCy&1Sukd24eF4!y_=!Ygbyvub)%4t-0sM#zwwt6bS
z0GaK<EE*^9bbd#@j@Tv*qtJ??!3r{CvDy;*lYiZ6c3vSeU2S`8{!!_y*Nao(&L*u6
zcbzWj+}$LzmYQ2(lWu6J7XQWNO*RbCB?NC<`F}bxw3YAGIi2h9bxT<r5?$Ktb94Sf
zj|AE;b^0B`Dowm*=K}CR9lksEwxl5vTOG_83=by*e>ApueLY9l@WvWtV*`#)yhzFJ
ze4OYjK6e0^LE*c<>TdP+UUb}7_<dgWP;Xsnzxf9xGgCstoccsI^$$k-Q;_fjGh;X%
zN#xP;&>*q^DN`_YqE)UKLMlt}Y+2cVzcUf02v(aoY=b?!ozIT6zD&nxs?pvpN&7DP
z=g+P_#r*G^lX+b*jyMRY2|iW>l1O$jNzv^R+5}%@_L{O4y7Cl-_;1YBUQbJl>8$d4
zj@aGN-szT4&&(*M)8;`=he<=?*|gCE+ew;g-{f=Off86aW3F$Y4_pG8Y9DcMqK=p0
zfmCk_05T<3SDP5W6pCJzHBgIbybfP>^G^X!55kvhus$FRnQFj%=SuPTba%h(?22CA
zdQ!v*ocK^Q?(5h%3Q*_n^e2b`=a%X?oMSBWN_H!@d!glUs?5ZsjFZ6$4}xckS*wvg
z^OCJlH2=~^aEZg$Bt%9Z78V)`JH&3aaU6jIauX?!&(^&ZPN69;kma2rTtX^!zm!A(
zXTyq|BO0ol)P71g;n&sS1BPE(>b^mOv5Tp($7g6TI_QRo+rKiBD&<)UG7vD?9tCz^
z&A}vexB1<ZF-Vs}BSP2Zr4gczS1GPLq0SzkJ;72mct6yQ!n@T<#&0j2O;s5It~B&@
z^fy;mfOe>oOFdg|JWrJYe9RMrtImc1yxpkyC^>8mlCn}HfH4LMhnG$r0^ql+JtWh>
z5N&n;6VEX~<3EE=7+`F3^g6T`H?LA1Y&T5RXus*@JyU+L0}63*<Y%O%G1m^HqCS%R
zo?c}IyWTGjGNwPL0V^7O`TcC~SbMfTnna7)iFN=OcPnE828!i6uCn!7ocp^V-0~1~
z(;H-&DgCzf<`f(G2lc0RDXi$nU*w&Q1|M1oj<x9QT+-hmp5hDOXHqFrx1I_qzY^%u
z=cnWUKIweYcE2&6NYqVO<kCux>6{6}0P*^^K8Rn&(gu`&=E8%zc3oBmjPUosXlfmx
z7XT2HFptw3u<)F%(PghS%jCZ4o2Oi9<xa%8s{AJ8*R6hs;e2D)F8eiu&vOu*{<b?k
zp(Q>tdfx<3CUVb`I6tCN6|0;7LI@GjQ_4n*6EPCbRoOKceEoK0D-Qej=N?#IvGBr<
z<apdUz(^d;MMco4R6NwLR^4k=xuC-oucAKT#_|V5deRu@ppXgY`r=@Sgetob8ve4t
zv$oV10yrNSedq$nC7;asYFKS4olVONKk&R-QPOR`nf5ooJlQ12bz@;-PcAMb19L4r
zg&i?MO!#u9_%-|h^W9<D*?{KEy27T8r>2>zIQK{XZtGkC>IUH8DCd@+7XkX`G)oK6
zp5AzPj8|&I!2RaDCJVs^AMl0}uJLcK1SJ)It{lh5WQ>9tmhXmhWhJX;K-bYj!7zVY
zWTmyTyky6K4fUpZ^*r>IsFlmo*M=cTsd-xl-w`H<r*cG9+V55!Ud?go%CYb1eDdJ`
zxabr-K;WDH3y{B|QGs$Gm3}4_JCFmk4w%~fGm;_-h>}atB}s!}QHkN@=EpmOGiV%;
zF%OnvP$-&af$Hbq7YQAJa}De^t~MLpnB;dxVq#9h4ary;{QNFa1iHuO8X&a*12jwr
ztv3x0$G8+o_**^M!b^0<#=lz34mNTUAO4r<9nSWfUmQU^QLiqX`W33PLr6qK1ai+j
z!BU0oQ6EkosP9KzfgT1YI_+QmjYlro>#IPDTe($`>4J{Y7aU9e(f&Z?`SZGOMFqhn
z7PJAnu*?%{rsSTFB<x2D(a@P07UG9&Xek;RkZdL0?xbSwQhtsZ7f{?85eC~7AT<~V
zE#fyP_IFEMtyI)T??_{JfkSIZ3UH*&+cr;8`s3KxpY#8BQlbw~jbM(juU0nGE}k`U
zU>n3WKA=gGc7L$4)@>gJ^2HDQ(7`}>wBLfW6=sU&v($mGB}j)$6~4;4UdhER<)4dH
z5HeYU^A#8p0|Hk5GXQc`itQy%XKN}u^L6+DW%JoiUw`(ip`<?XNhH2ZD!q2n<Mscc
z=_|vs>bh<vq$HG-2I-dW5Tr}GyF-xfmhNtlmM-a%?(UZE?mmm>J)eI>FE8O<d+ixx
zj5+4wRGIz?+;nM)YJ&w<;%J)QorZPvC9Q01l?YPc^Uq)DpY1W7M}L~%+kH#u>wLl$
zWcfGrL2PE_o0YEa>u63=;}2rG#XsYd&}1Qk<gtuTM|G9fiwUoCy|_)o^wFo)Uc!sj
za9qX-J0ZLO&z2|vT1E8ccxx_$cd5-o<G{s4HtpYGFxuQqaqlligO8tW4I9|XOkQg=
z99D~-SEX}k_!fA|X_q%UhyAhOHDZval>`kz(u4S24Gf6?LFI|G{bVYZT6Oe7tFG?~
zGI$4%T2WC^7yfq;^3)ecbMxHXXl^fjz^jd;WlWOa<=-1%8juDkGWv`RCHgo0;2Xfs
zz`#_!00G>~v<f9NlP!vvw6FBw+CP|&H^}uU47emh!P(;CKdVKB|JmHAM|U2ung1N!
z>_<%hob|XvE~oE`{Lx!$Fo8CmRdOdL3*=;4jryp_)`zkVLj^k+5|EExwHAq?Q8Zq_
zhsC1pIR#7#h>k))oo0OYQI?T$O)dwDc0Z9w<FVawQVKE~M$(_J1`$op(H2+?nDYnn
z^0c&cckV|Ewl0|}ot<~?0MQc`HNj^FT0G)v<8h-gB5^T6!EE3Ey8w)z`<^~jIXRO5
z7$qnJI537c^x+DUH_(QZX=}S?ny6h2Br!HK86)z82-FKmVV%ZPQkd3sD7TrQ=cpMi
z5WyI@age^I2Sz=;_k@gFaQZGiGz4^En>GIL3Y8vo%HAmZzly?Ft(ONtEsAD;`b%a9
zh;sinDHK#W-`SQ>S7fPzUIS=cfbRgH%wJCcNEpm`DM)zn0o-^7#vS^288m~yeRoZ%
z>=Uy;o(=^nDI@$)uk)Y9SPTdzx1m@Ku4kVr85i6N|BPo#<HCgD2xorr8)!D!S!;1~
z=Q2T#-Wdg_@CpKM_Fv+$hM4Dl){TpbqU3(ncXoj?aZ^O3A)>}r&J7=f0EnWV9yF2P
zLH+DdT&W5IV;N;>+@ff(f$j?z@#$)ro&$eS_;mN;sJ>$4hI>6hx_`!NybKIJ5yIzg
z89mF}+#?y6BCvg*!8gUFNdBLt3qa;J778LW$SLJ!l2TGH#&1@u0r@yns_LVjM}3|K
zpb&tJ4Xrb@O*J)Jd;wasFom6wrJyjwiy|ew<)*s6n-2u29ZPaKy9)&<3Ol0(!7VKr
z#;K{GJg`5Wj~(HZNC2f>J?4jYKewA8a4<lkhW4@ve<qt@Xw-`V14FrKTQplD9-BZ{
zX)zx|etrEqPc^iYbot2nQl|?6MgWEv&||33FYy>5%ll&)X-o=S;o*S=1_+5{BI%+5
zSikfxwv&=lP2LhgG&z|(G45_`#9CMmm1?+i*nD~!T~P}VZg9}MB~TZ5kMRz-Nu#n!
z`0M8{a)_31&pwKF|2<azCMEU$B52uX&Yw;q*oQKE)1Ck0Hm<98)@4iipro_G2`d8g
z$%0$y&K&`&Z&ekOvO>W`rS<9|y!MyhMa3Jt`x3v(8SF|+?{M(aF0(aWd~UFJnV^R#
z;EjJ`6LTRD=tR;~y1Fn72iUfB`0q_Mu|xGn2n(s64ZY|0di<y2%)vN5-UWU=1xJu8
zpVz6<ipc6@3f|wVE%4w+ijiio_C>P*r)~$ko%6Xx?qRo9kGqaAz0O@;d&-$u3X1v4
zVfX=+!j3-}G#~XX1`~us>(}>^w|Ut|Gk0dXL;oDDq_?9{$n#*uRqkWbiuqyE*>WN3
z=j5pIy0K+gS#^n_az%@MeY!r{Gd2+V@`X=BfJi0g;-m-CC1LI>Q!|m8O_@??;B5H?
z6_J3tr_#h&R0xwp>-wB(f^=HnP1JiLnF*)j9FjJ#r;fP+>P2n8Y)b8XMBLGgt(p1i
zl1xUD!f16V7Ca~4P}p{NeNCpA#4toVgqK+xYULaHt}B;Z-;g3|hw!k9+PdBfiFiwd
z(^2Bh3ljoY7x9<dR#&n_rWkPO{vnuoV!^1pSTrKhsAQD#&CW|V-JuH2_GT<Kf6y@t
z^rnkSmYNdnL?hS#I5X<RNZuR05ADWVXpD!gvpPE|Qi`Kg5YekN4A3W&WU^T1l4)wH
z_B__?m^^KN-`it*yemha&LckC>VeH+EESQExCP@_s@Az8of;Ig*ITSuPC$-EuKTT0
zA6bN)h$srP11(A*K%BM{S9Xib!P)tV%LIjhRAA!GTu&EiJ1gJK@!HM3LyX%^shUtu
z?RP5WM*D=Wv}qQr)r_8_#cHo3b)H%)X>-Gm*GQUp|E419t4c)D?MO#7rEgK{od}v`
zgajrsqq{!F(S^=O5!)v^GsE>os?u(EwR+TBuZ{$=TQjkUNJ$~KLqI^oLX)~_=jMJ*
zM!@*3U7j&DSDp*`h`E4`JNd`M?YcxKGBs3EUM}csv-@L`92lhIbLSvWNSNQ2$iT#x
zmM)yHAPzk|bap+_PMH-I6}7V;CE!_JW&}VxM2@IQVWFPYW?U*R?#`&}zcKBlvG<ek
zXuqd^efjSkh#0c1S6hdN_lTfvVWm@8u>Wmr82m0Q4VSdtb_=dB9rIo{8mO2WrfWaz
zt+QgZzWt#%JslhpB%mhjA8s;A9+hCPRv)F{b^~d1wXDCs=?akoTJ4`?lIS-bws4iI
zLot;G4Q^W!16WGzA$E%FL;5wigVZ)C*Jo0z5UvfsKWNYfBsy)xL{Q9bNR-KcQP4=m
zOy|<$b+Ju&fPF0d8R*ZrypTcxGz||+jjpbW@uVcv2h%yW!zsxz!&hz(3E>eDW^B&A
zIfbRtvXYXnDA>Mb8QK9mN~B=!_He$!hxcGsQZjfm>uWNTlvXY6VzaDm47W;omE{0B
zpVvJpZ@xzTXY!3+g*q+nufF@bWgF|yPk7obINsn`jM7)C1Tuu?AU^bc?(aW^RQ#=m
z27I!!KYe=hd$mXjRqFu@wOWu4A0JOki%PqZrTFluVQsG;NmlkA5Dg!o{7Sq&02^u2
z^~|e-*T~}+kMZ2!AH>%H@nY|<+@kkak@7Nen#Kz$<RG%a1Ew`kTOtQsgS-@0Y!*F8
zB)cz1F4`irn9SCXw|L@wZv=$|>s_9CKvaNTAE+NtDV10zmo{B!<(=N2kxu++)o;7?
z!`^Xw`|iS0z5cV$rMWFQzDlPJ5oGICnHvbG&vmsUXSU>IMn<%~;W+@NANt6bRx$Ri
z;rQL@m63j%Ct^iqyZ%x=^oo=hf^{Z;ugwIhyUw$YzJ`!ws1=FGScwWloZT1eNN;a}
z`}aR9-ZDv9T3S}A@8hJT#6`<lm`xU|#8?QnxkLQg8OuUXjMGpXP5R=~;r}7Ddr9*9
zEKy`uPC;)7iD*)t8~Z{(Rb^23kF)n-79Vy<P>I|2)H6t_QI9hMhZXe3-*Z$`OmF6V
zi~fX&#~fe~Nl<w`MofJ7?Txj&`{{^qn*k#u<Llc1H8LV~I2*|)om!=TZ*P^sFWYsp
zY8yG3`&~m53@25ZV+1G_=es<e=(KVCaiB@~zEI&fk|rfSNF8DhbdlDR<Ws0ri1{Lx
zQix5n<tEJyoP?W~lKt=8;gNeB|Gp8iKcScAQ&d#iV=;uYi^R*yYiNjahlAUc`w9J(
zNGOP`1&Jz|bBp2In;<*U^2uhGn2R%bv0-v))TK$U4(K<>I!*aw&UR4o=F|EI@id63
zj8GU#)45n*AAS9bb)}d&+89Rko@6^t-qx4<xj^ZjpgKG73$xNFv9hN8G4s3ddZ|2F
zU@ak+`6?|<mkRZ47cKgQn&R$y>)i`JPv1~9$=>qs56C&9b_>ht--1nr&4c3NOqWY>
zQzHnB+Gk3q%%>=a-9C|g;%IbZ_gknn+T(xuadPj_kn33;f`f#kd$5~y{GiR_+C^z#
z5OKIbmgp^DwRKajGlb8b@I0J)v3vcU$V#-Kp^&P2d3le^ont>Gg%d9iJb&Z&3CPe)
zU)}9$<e7?PSA_(f*SFqwk$nt~jRQ9-J12W=W;##vQ%!aeYG)}$oz(|4{3p>eD~H|1
zL}ZVLs`+-GcY!Dr9^c^L1Fjrj*qKU_S$qbWA0G+o7HuBTp<5-d<UvXUHyT{pe926{
zdDN9v32i2W(A%p}3zLx_M?=_gaq)%P<pk1;bp^r&GU(DdQq_8c39os!0N4OIO_E!I
zs&n7Z#onH!V0oGI=vc-_(BE{vfw{EFAxFdyW`0FytX32Sfbr7*0#WuF8P;#CXNJ=U
zOGB~loQ84ysiTZoft{UY5`X4KSsDDju6d2Q|Jm;N?hfP~0Cyp}Pj`5i;SJxN5hC{=
zd27C$@bBF@jb>7Cz8qbc5Xm&M*`zx~$B>Or&5-lZhK>68pg;NX{}AEg_-x;UxQ&cI
z@D6)co9ZOPS4hWni~wdB+7Dr#&`{)k=vo8&5+DBT1}a+m{+9aP#blKvR)BOym<+uc
z-18(=!rLb$aH}VNx!56K(1p}SAm2GS$jK{{a}aqG@wdIa+?{?YOAp%&0!YsI(IQWy
zM=D(?rd*Sa0at43WV3<jl!ACs(RArx^Kh!m%{kcvoAvhk*@hXLtJlN1e~#Pr50F3*
zFsKBJ%e2gvOEqd)-9qEyej6CZ9Yd35EG9BAPY;CnFV=3s$Ie2@$Q-J+q=<>15D7G-
zu<o(yK^he)4Yv0|GfC_g$S$@0ATH>9-<JmmA0!YE#2_nH2G6_l0QIl4SOvtUtin<{
zUQ8WNGB;WR@U-Wtm7MpFq$}E92-Cga{4OeDvYw^q^Su3wXJOF_{g$ky?}2uy2@ap`
zS0w%}x|FN5)jvsH&51P+7(xC5*TR?>RHcI{z0;rYQ{NX@QX$cU3S?r*(W&G<3GZpT
z$jK=gf#nhQOsvBE_yN{!fHJy2{gM)Q+v3*SsZr-lF=?2Fsb87&0A_Dqwx$0#*qcta
zaHkIs{Z_0t4!MadRgEqjOkgyeAdP5fw4LcBktX~QbRhg=wG|)uK~tIQ3QRg4{Z_A|
zS2CX+VNwtPsn0H0RaC^q@r6$T2F3X7`lvy~k%JLSHcj`cMD3@?3q7xLt|FDIbeb3|
zNe*6^6cO_hk0W9o22Cz}9$2Gph#W{7HTWL&y$|AtR6!ImP@$F+@WcGljsE10guLDD
z2RmgpBjq~GE)JO;-vO)NP^6Rx-?u6_E}u8|<DSKdUfXbZs_+q6b}EPf4e8~3prn;9
z8$_eJpE><*a8QVMpvuM&<SL)cWLEQ!@of8}#l&Y4(d<u`_M0C+k&%VLB6qp$O&~^Q
zmF9F-EjMkMU&~1GNlOnXl}T}8S0Z?qXY$#AP;#u<)U#|cyD5SErlZwsC#jgGS5u2h
zCl4Wgc-YLuGAtq&i;htk3Gt(`_2@SZjplOg?#bbB+?|mR7|GYn6QW*Tuft($>D)dX
z;%fsn77BUFbVXBT(p%~^@@XpC9i1Jjme!-Vgqc#|P&OXKH2Jb7GmQ?(1d`D_*Vo3C
zExcbmJtqtnTwO0go(M?iE|7dHO>}e0N(nc6ci}>nQ=yVCh25r5Aam5;UIA@OEC~52
zida8;W566$l24n@5i!W^FC!su$}loAPn#S27f4`WT9_=TCeYjJF+MgWm54BuDfl!~
zI&X794$E%U<uRC$8(y)-ue;;UQG-TnA~1Q(iMH#OS-%|dfVJkdU!-Nezt3Vi?h9N7
zDZ9L7wE6BI>?}tKLK5kvP3$iC<uh2AFA11_hEm9!?(a<^F0Zb1kqY&Tnxjw67HExT
z{5hCM^9B)EGBz5P-TIuyMn3})<h;4h)&v^Bic2jJ*`AF#$FthFpKpwsie~b+5)Dp`
zd3WU4H+nqo9x8TrZ3#@dO=1>O=<-mkvqon**Ah_qC>AP(R$<U&Yg7<{B5GIcd1iVt
zHlcuwV5c+^WhatwC#0ZYiK+SgNB3lGEEvxQ#wPyZ$#Rb?t=%^3UC{ha<~TU^*lb~#
z#>T%9-l4gmg4<ow8OYh}S~G>NC@f6o`gnWR3+!*NC<8mu`uzWU-J_1Z``m*<y7kL4
zI3NUSV3175@{v;U@lM4zk8xihVj29m`}Ff9CryTuO5nIhb@|NEjoH{}Q#n4IY?_<;
zt#+PA|7eClwDAscsOI~fne}4_&)KCzbXAc7Blv3^8%yr!>6$$Y>+t=Yp|kx1+cDsj
zo|ZVxAa`oN;|d)fnvNGL)b_-rzP|ViAsAt7jN*w?-+8(v5{7(#qslLgMNI?*T;i|<
z1?jZayYHieMvCY1TtZ=sii<i#5|Flgo8l7j46<IhxC=PA1xZ2Mv(w#k9gqg^-mSDa
z`xK<&nndD7AJ63nqrUz6e_DV*;28qxuJDZiA^5B5!R{|`;Nx;~pqfaqxFKWapwp6Y
zLyN`Jn0u`TH@bqCnrwvby$VW7qz;~+_CA}wzl)*j$LPa#hlkU>S!!sGrov`nVY%eB
z+YYk;n{X7YA<=IwKKw5vNTJ<dJly0NDM)iWiHOQZW|K*t?~ms|hbZHq-gVt7q55os
zA7ZXtTYB#1WQc(0W7}+btoG#+ZvK_GF>kv*&MwVu)@L?0E97#8(;*tr+kVH#U$8&u
zdC$##PO;+>Bm7n5>yNct8)U#@9+-^Aq`jP8)7kY#<VgU{S9M*1<3`UsriNAipDg0)
znNow}xyn5mK>|0oNw>Zz+7Mc*{k!w=EHM0Vxi1`*nW<R1pM#f|Lb%eb*B?i9s97D*
zN+LSZKgBW~e_a(%%?MPT0n*97v)!SZXO~?E>)nX#qZFX{y&wVOYzRwRVxgd}pntg`
zJd&2G`Yz-ByH6|uP)Pn8y?O6cK1BzKXf;hZ-2Om7r-~^(gQG;Yv7}8z!C&udbeJfD
zQ&O7#O{I{JS6NpldoMyuMC2Fc4QCj1i-M|_ymY&5XJllAQ)i7L(5+rm?|M#Zoxzu<
zU#c#!<OeNa2&1euIauKRW(1$>=SS1A#u}D@=AR(x4x$ilPjB?n;_#*ruC|gj3(y7>
z6Z|;f-{r$|jr4a<R&2RDMA0r-8&SK>xJRgnsbZQwm@x_}rDMfq8(M1KBfUIOS#mo3
z2O7eko=+*;S9~Z0pXWP#MM~8{`@^(_)-Ui9&SE|tB1}*J$gK|zkcOy-*3_NRi~T(X
z>P>G!xyl$aY!*+RgpHoFf7{YB4GlKalgz`U)P19o)66DSZb$0(h=ekAtsZ$NqWxJV
zC1G++jvs3*0y)?c3IIHO(DBwvyZ-N@A^Ni|_l@<+&<u2!OF!z8re;vY^Gk<tO}_LV
zr!iu8RVAK+z!`L#*JxRToeP74gi3?$7Q4wv+I)FV4#}Y_TyF4xr|GV)9#{13OCuC2
z@V@{(5Yfm3$x6^?J_r}jlZ?wX9ield%;>7f%hU1ENUx#cyQ>R|Hv}UiQx?-9!IFvj
z)bq(2h2L^uMiLq9R))jBzr!M@n+JKS^I%;H@nK%*;rUlwL~CH*>glP3X7KdlAB%ri
zp;!e#WeO&Fc+~ilO11%3LYvCPDn!Plok(x<Fo3aez1too9y@UvdplV;{tII8=1^}x
zirDtWO+-|*x^E-`iGYApd4>cv7?d|(@kvNLM>2-9N;PckY{aWoHYI<2#>L0C0aKzY
z%F362{zxguGqh_;NGO)8MD7EVlBto1$miz?!%a{tt7!}7!Bq{Wo%S6sbI_>?c9rW)
z7?9DZ^Z@%8M2p#xgpbfw0dsSz^v8?6XW_Vc@-yb<=Fu<D4<~D98@+9PYp2lX?|p}U
z3IvQz%@~hAKmB26hy8b)C;1rHM~UNbOxr@ww-<E;73@?oypJCRbuc3y8|i$k-PrZ`
zfh4zbTX^C6c-YF?n(J~ewwY6X*JSPyWzNyt&DONyfzQv6M$gJ?u8n7UQ%G7X9W$M~
z`r^?=lR?KAsEs*e+~1UBu+o4m!~-y)5qwTxr9fm$dwWGy7isP83Uejp<7G(z*=)A<
z-b~YMgAGzDcFxK<@%;RL6f%Z8cNgGjz6wWV4vv-U%-8C_g#!MWz5COT2`;)aq1iAn
zA2n1fz*N&xOG|RK4T;wMW!5)(dMfj&BBg`~uct$`Aslw&<uuNT%^clIeMGH_H*Q#1
z#CLrg&@CQ=Rars+7a;8ytude0ZUt7Gg`oe+#To~U*!H&ld&mZ0Tb+V<dUnP*H8s<-
zb$?~Qe8A(yXM&6;AgqK@Aeoq391OrYL^h^Rnfc^0iS!WvZthtfTU_OGYz&OKIH?{T
zx|o4gIUg(xxm%ficL;~&Y6b;jqdW;UQ_LNS$UhPim!zLurE7b`_4pCa<Rv~TC~LJ8
z&;?fZ<fy@v8ilA&B4NKuD=YOORo*y4!Jdx|O6qNxnOjVn-2MP)#HZ!F2i!Y!^e%os
z*o(Dc+=dgz67~2y85wkXb(VJ|l7v2ld=&=M)FXu4<TnFto@eWGQkgQ6$-;4Ar{k-H
znXo9QE~nlmHzyb8{jtz6Zk%6oluMINHsi=5jz<Z3^|MOpo=;Z9BhB`A#|)+@Q|wPN
zN_64`R*2ci1MHfd>?Y>b7G4U=$_N;(S9t0^kcf~@rcn|_v4J{>h>RIt%w7@QDwTcX
zWgDrMMwyg@-QrX?W3{PwAV-u+u9jBr!v{pGiJy@7_m&(U>d_2e24?^1iiqET10Yc0
zbS`{(CQo!@1yoWvj{n_nIW;CPM*uOt2?WLvwB?m)VsZH<qMlk>AblFJ+US?DFuuEc
zOtvvLwq+$Q2=u+bR|U>b0I#c-YGkKniPOMhIDZ@`X$|~&dUT)yetVCDDhS$nQ!|U4
zyc|E}=SS16(MZSV$KBmMxgt%@0mTwAfS6UWxI8}};nD!jggTce|2r(Y0e1=tf5{8u
z1a>|?ORZW&hJMH(o+;~<w90B@Dk(NDF0Pb1K0cl%uS}DeuCABmCQGVdc{!y#P){Hd
z@N2IH3q)lSMxarwU;OjAOe$*R!iPo4cWCqcz11$S;`0-_*|i%P7S`7glhk~=Xv^;Y
z(u^GmDSQqOQJN@{gp>$U9*5nE=k)GkXNx(;yNjgQ5o5G$Yml?m0L-u9nbJfXrdyg1
z1gezJc|N%&^f9dPc%;O~Qb6hQxw3!)sH>-^%3_{L=6D6E3!Au%-+@|k`{nEi7o|+6
zw?YI76q2Q<XA0}j)5Rr!>UNy6CzxI2l$G;ALyK5hljqvviVz`l_A}sTh4Hl|$d{QN
zz4UVVh(h1Lo6YBi3Mz+p3JRUsJMHu|*ntW<A>p%OT!(O|e7@k@*YlhY!6?)$#@wP-
zQQk$kN$w0(<G0RO8s58OVNI@dWewM;Q&vR`S?@U80D)HNI2{f{NolCG6r01<z9@Vj
zn+!Zg0HdDv^alR>E5P>_=A4r<2z&(|rXe+_oSa;iW<2#PoQ>S#nx#?k3z8&~*;CWd
zBycuQa)LuxLgEh#b53kLhI%rKK6;;ves&ILiver~J$(>aHZu+mP8$}3w!7}>zxKj|
zig$2*J|ORi6)F|ajNP29;=W-yS%}Y?EGXDj&LFVL;Ovy(=2lNl`fP5s6uEeh&0Oz(
z`0>K&L?&D6>hk(~NIaELyVR6?6E|li0CV3Y;PHrIWA|>g6sv4hI?%j%qLBLAwZPSR
zk=u3H?w9AmK<9R;+f}0W+t?uISdW4N*=mmHM#xGI3d$7`FQ}o$0oCcD`EOn<#eA(h
zC&bArjr*Yl(EC}Q8}74xPg!FuOXuuNnXkUP-;0GLk$mmiS@&lPL^=beEXTYhSj~TB
z7o`+3^1p?tvfo!c?r)&X$}I^SzT5*9Dy71O@!L^CKEvzZa<<$hP@tvtm18y@Yc}Ym
z4WlKNi;i|jKv=i?_C6C5>W=h|o0=K{?2}WRp86L3NcW^IjU-J+H=tDXwP7H>x@(Mq
zjVnc|+IVg6n4Yd1RESd+vk_KoZ0HiAFHr)=-6wZ;jzbyJ6+;hZPxn`ZZmzBb2?cc$
z0s;g8@)8J1P1Ok2>kL4`2<`sl?JFFj%j`s7!+iGd?djHrsEE_9z}ZBe8d>x{Z-W~<
zcLHs@?YUtih3hxY3Qt~@2tt$mYGz@k-!kZE_`{8RlP-6s#0N6z5<lpfKKa6fNikNA
zBx(T5ne;|L@8F9@bWMyzOvF<gnI4M*xZJBN2)cJbrMPEPshCo+L^Ysi2o5yt;MLi1
zxVEe+E(8Uq-c&7J=i$){9LDdtq>uDZH-xX~MtG!b$}AS^XEBvK<)`goY-8(8t9dnc
zEG#xU)u=KzbpOTx7|^!o8~ee$wr&6!BtL-5ctrz9z(7{Bec{r+13;Y(HvgC@mMTyz
zUl@_;`1&OS1zo7<9<zznSoYi4?NM2k*yqfy5mt-2Ix{pmre|r4gXvDgM`sD+(-wIm
zrw^biD*V34(FAtQFq7!Cy0<BpX*Ph>ZJwT-co}~Q1Hfe_B?8Xer9y$o37(*>m7PcS
zxYso^Ni1agDR;DZ0ZxYwi{Z72lLe`i*`AUN2}#ZK_J^;<tW0XpG#bUOG1$TB_JBA_
z6%oD_T*uCe!zy7r(m9{pVlne8FQ>B>xNW52eygJgpUi8fGzYB8*~@TR`z^QB=1A9X
zBgxI(h(eHde8x05TJbp_Ooc`bnI{1H3MkHoRBI&65$`C@j<+P6>9slz)`cPY-H8CO
zwc6$>mu0TB4-7XzefipH0wlHCXgu3+_+6|JDe8Em27AEVf_$@LAxpW}%ROt3>-EqX
z%%<}t0#?5GVlB(Tm`|gK$X>$eE1chbeGPB^JejRDTLyZJQOq5Cm*Cqc4fBXZ0{g4W
zB(Q8j$H>rSe~g%IC^J()u0r+hJV_==V9WCQ=|dlvJMjD}@Po=U!ZZRg_;GA<@<I$b
zfb10ZH7xh*o0!awb$90(SX!2#3ILqsBd-^q(*Dfwm@}yOjW$Zuk{0L2etWn9`10d&
zB}tY}>u2j78ESE5@os&_jV4F3xz)@yW)le`PmJNxY7;d*i+6wX?RLf{XA?6HRGQep
zu`+@={KIjQWrM}*!{C?2I`N1|usZ^CxygiQR|@rf5A6XAK2B5`Or&TVVPHs=mV7)L
z<>$myks$$(>@b?7zC^RX09|ns6)b=htb2Z{{Ky;t>5q`-yj+yb%voujnJuV938JwX
zxO2l?_P@ZRF&*5~Bm~ZN&vY6;mh0uL=G8$^mV!aj2Q$A75@WiH=Ua!%f2g!>C~0Vz
znGzF{s8CO6R8;xC<7D!C#t}@?X(nZC^vIQaJkZKbqV{=ae<I;*FnWh|eH?%6YHDWY
zZ#`GhUIVuEp0^Mqz!|>TDpV+_?SCbV2-CS75O(LQcUnk9BNP!)P-Y+Rp12bu2*^J1
zq!nEq6lma!0V32fKcA9{3Sj?%pb1*j)8lEf3p8;$9&5HxnPO#ec0a&;X=sGh<uQc2
zS5rKGfA_$?gNzUP%PJHTJ-TEB00_w6m*50qBk-xTD)k$C9i42~otRqT@IfK@8?Sg<
zO_-044hNVN`^}WXJKsdeLO|FYk2syIZ?6lkWeeM-`^q^Ip$2~jbr%5?Oq8rb><$WH
zz8N(ZF7Dt(APVR4zJ#J8dc66}SJq_h(3VuTGb&2TV!=^#(788zJ*5-_*G1C<<&5RF
z$f6V+7^8vQq6AWT`E29P0DDIE9RSued)~7Q2ke3BK4Yb+xBuxuPC=zWKOCnad-iuk
z^aoI<Ne~gHzQz-Po?eWvW`Z8iC|O=z=B%d|)=g3pv|MnBhpwikW_mo1w0_2;J-_sY
ziSKTOoG(Ct?2Xvk3&(vE^!1ZXC??&pi<{fYZ}~h4Rpda5(?F6#Z_t0$)Hu9za=KAI
zYaz~~R@6Q8eH&LQPo}Wpd3PIalg^EXh9*=9xW&~XjGd*WTTo1R|IwtOdHteOy%zef
zV>behB&nN$fx#Zbe0Xw&A-pv6KUm%I3Sv+In(pmZ3@xYEjb^L?P;rv|`@lEBSS4qj
z`oG6pgYa=w!_>+}=*-GxxdS?uA2D%IJB}R=IKY|O+yBwLL8nxN3uQFeooVxeglYzD
z5{2rQk$1cMd*fxmrX@95PDZ4em<-b0<F#){e0h+y+R8^Y8W^+Q6jOIP5NXAuhd@Mv
z*ZW#$g^ddLTfP{xn%%Nb>6rq13-o3YXym7TiyE#{!b<U=^qv^$5Hu&EiMk1Xd`jI&
zWwW{a_hs+I^7-+uGc7GmliTSyt!||P`keN)_QhhiS{gf8ZEM>CorFDcnSJk24@|6H
zCsR#K1IRk5CL^Sr+O-lGn1mcrXWm<X2l|3^_`S%*SYBg;Y8&4hv_$&u-wFkWC%h-e
zGPr25q)06w5v#J8zUgZCJDMo=9N_sBBGT%v_Gu>>8x%5UOKpU8(y4Iokm3o-K`UB4
zQzl&gV+}8i-sH^dCZcpO!KQms;n*!Ck-Gc6h6ecb0b-;bo?}GElFC>Z!l2FwL1&22
zUh4qW@7YB!3cwZ7Hg`n(c197d5&%X`4xnm)Si7a<DKHT5c9`u=*tckhyWg2k*U-G8
z*u-}&{qVK)8a=JUsm%7)Upzd(4lGHB{s$554JT&~$$Y6bfJeS0PGJO_ngi4QETM7n
zysmFVCujS|T8>;C@2StaP=mj&vwdG!a&&S^d<mBk5P*0E`WinoGaon~FExmqH4$T&
zPw5VU>qn`<CbZ#!0<V{!XXFcGM)c)HSV~GNU;q!&!{g3+lz{L4POia9i+ZL+9Kim4
z4CB8ELB!SZ^+g@R!1&<fpIa&KXz~>kpg2$aQ(5j;`(eranK1zY6L$P<UM9bDZCYIF
ztik|yyKJ)q4gP8e><4i^UK9;8oYoN+556WRpX21pzQmGb;A?P81pLRD;-_L-6pSJz
zgQOPTItHDd;cl`?#@G8f+3shykOgH#ttfWZ2w){pw)T*bK0iZ0JX~CNzdP1yqo*tA
zhXc6opTmi_z^!PKcCyLtidsf8p>KJPP!^C>yFd~Gn0PA6$=G=Or8XBdH_1W7)$+2e
z_H$mh-)Um<JnU#7+JNCP5N%Qf%9@M^6Fx=~NJm><GNAUke)4=;-@U)m<aSq0G2P$Y
zbziMC=sgA}?cNVyfoH*2vT-?$%c1CZP0iKcOnxu(FH4>M-oa>lJh}n_=6?KuBaxDn
z6m0W+`}dc-3n*nNuNY3fE&`5#N4WkBZG)R2SV~jD%t$=OUZ^AA{z;fpBM(8gxjE?e
z2{#qY%uW_#y}u#n70do%P-jaPzEC5{<!H|WMN00W{PHN2=mV9vV<_2lo;~UM@8RZ9
zt<raKXH+t>u&@~Pb)U971GaPxIY+k?3g#Luu_5{&rSg83We{W$6DOzCSxx4@^6m;K
zTjS&7JS}cm<&uf@9(PrmOx;v+<z@;)fk-)DLNTedNiahjemrtC&6aNXh51$SP`;wu
zMv`2~$>YC--?3Eb&5i-)z(}FM*gOpMjwL`lBina*>}0FIQ>65D;F2r8R1OMA8z>c8
zT!FM93WMk7Tpxg_?uqU_As}{w-G5exi*+ZO$bsaiSg!>Ec0S+*c)_Y3GOhFCmERw7
zc7}6)oUQK>(11J-BETs#3;JX<iQMd1RK~;UK1QsxG@t|wlbf0}#rx*{U~N*^Wy>0j
zrfWT)9)shfKfJjvR+;=IEgudu&s0o2nLpm(<@MT39~8(k?$3R|6`zRV;Ov*=Y4J!+
zA51t?Hpb8>|Dkt?#gLyx+J28491*b%_!GC8(m{KDVw56t^TQTf;kA};pw?{gxMKpB
zcKf)-0x(Az$Bcl737a3w`oqdbPG-jh;CMj7Z~$%(a@O*{c2MwYf68($N*xJTKIaS6
z`C#D;8H3(x+eKu&QlrP0m>kWm0ZR^dj>+vvwQhi+sxiAc`o35{#gOfRCpyi%cS9QW
zaEpN%(7R9rSScx2DOuT*)Z*d;D-x2N5-%vU_hN6qyp<&CR8?2!W6)~6Y_i)KQ39Vp
z`EK)M^eqYs0y=fvF^mJyMo`Zd3IRquhG)qA;WC&R76rhA!Ws$+4Fo;crCNhPq`jHa
z^d*%oE-`6P7$DAui)?Sy?GHrG3?&9Zu;n=1gcf*GF8y30=Z8|RUFivEevo@)`vcut
zluLhq%L&kA++@2%LNqlo4ruj(C@19K2Jx(|vy;>5l5%z=Ela!Fcvnnf{+T=uu$byi
zY|HmoLI77jKQm}p-ewlmA|YwKIVnH2VXgV|`&%haDOmY6TA{~cx`HSD{rgIrXL>%Q
zD$i=G``Z0{bsCp*R8rDM&`rg4seC0xmCLp_1MtS=$lS+hvA8nME`3HFKF`g)7B@`}
z&osb}YVtXRI5B9yf4-mqEG^)IWo`~4cjliSr0Qz7mqW3z34{`?by}ljB|~u<N(eUr
zVLJyD`h|Y5c^NE#)=HY6ANN{d$y(Y+*#uQU2`+a+9SR|&O%p*+Pmc;XdHY|Ah4SYO
z!JslD?m!L_$OjJrtV&|@AmDW+jUO@_Yh)!c9u-l6Knk<Y<TWr~ZG8jW_&}JrV>zj0
zWo*}xzn5#4dd*Nk{3i7$EYzCk6{WB+M-WgorJRYGh$%dnRbWqMid|h>17Hxex8BRM
zWFVhMz1tpYXm7aWkL9tw$-Sv^9WHINV^YAOM>N*|80r?@_oYJ(Hl4^vnp7!!Bnd~{
zBI6)>lNe9K>9iRnnA)~MrBsHuD3hstTTgXH!;{8*eC&L<)E{WrY$-3KAo(t~-EWWC
z@*|+X3%GjC*x7j;k2)BDz)BRL-c+FCc>4}3|5q!Y>-{}Ct)}X|6G&+GmzTEyRBre2
zaYsg22WPCw;Yhn&E=K_LWpkd_mSyjMoPrkP4vn02w^wd*>{oRSE8Xz0oRY#|`z~~q
z?<pbw4;>KOnAWlV5issu!64Q0)xj)^^p-M&kLA|M5iQ2IkJQxEngIX)yHI06Gm_3-
z=cK3@R|IryJZ)Z?YhZoIVqZFezL9d0!UaXtmYu+xH(SL@2FDTjKxYUd+}-mP&Fck`
z{Py1B`7W?8C<xl1M*{I)K2?&|PP!RE*^&t*(`~kd7@&_p55H|z{>A|bX-G6YTkB-y
zP@_6vus4Dj1WKD{o)!Qf025b3)!eV}&uWcvD?$MkMrZmUU6qZUJ*~FwD13W=-yK3_
zzZBP3P#9e4|CSd9d2?jC_|*Vt(KbQG|K&0GAOHz(u{zL`jqUPJh1fR<DsEArq6(v<
zJ#Dpp8=1}x;*M<qT0IdzzwhIte2YkKZrr~cHX8VsyV%L&<4b(TPa4~j5hujNLzx`W
z5A0TAFIw^O@xZ-^@CX)3kU1V&j_Blk_uNPmA0PhZ4C)OTS)Qtb!ldNL$cTy^2MdG`
z>1H!p++V`ZdYcXHR)B{kXJxH%2U+xK>sbsgm`&bNxd;ux`GZNb1pEHU&1X>f>`8b`
zj-<=Q$N7Vb*!~?xwtI~^3z$Yu;prQI8zkqZ8jdFtk6yA+ZQ*iAVFlN-yy7z${|@jt
zS%Gh6Ll*|Xd`U%(bT(0f5<0E?&+&_$>L06oMdGfy**Q6!yN6-o%Z+JQr+o<=wj{6R
zLVpB42N$<Otvs23I4&-l-$e`=0<Ns~*H0gi)c^b)?}tyEEMUZDfde2*!|~GxoRCSt
zU0KaWY&=}&sb&L^*mSOnEMjD&K8-JYtKKFqK`u^#bUxm_%Wh|(#xk8Dqpwd4b75X@
zB^UmtOh=R!6R;7cz&WQH8NUO#po2C5>hA6cm;U8B^a8lKZwl$?yj;Z7s3^bd4-~Kx
z788I*4~dA7xlHGFa-3gSa0Ojn?;A~C8{hsG*E1r&;?72Y1V*D_9D!E+_pHfPkbbsX
zF)e^tLnABnPmpFYRMAs7XOET^SU;JboHbeK2@gw2{gXZZGK_1+ne+)BIKKfA=v+$D
z>GPJPe`F@=R*|yNb?tX4?V6DFn1!=UJw4jmI+JgUwLB^U%+}g@a>dG)e6Hw=Z{MMl
zleq!@Fk`79C#sUk_se|M>%3UYY#F2Lwv<HQJi{p&M-pJFnEohG(BtuE>>~$)e}jm_
zpHW&MQ@M3(0|SNy`q4d|E+ES@c>1q7(-Ua3OpX@P_+1t636!S$g1j7$^#6uoqu)Xe
zp}vi=eR*`*PD!=X$=3Xxn~QFtr)RUhHJFGCmUGkBC%@ZNf32e=lUOZgasp8Z%P7^V
z42k{%KpS&zuEOEj9aLcwH_of1`Qi(<l>fl{Dw(RM;JOJ9Dt1pX3d;5vx|<jZ2yuI9
z*5E)f{WvBf*)&Ygm|SvlE*yMbUT`#+NQ<>b4S}$J1yWxm_2sc{*Pslfr7MqCGp$kk
zd)ttJ@UAf_wfbU-6Gk>E%B;W|r0pe}4Y-6jjBWH3b@f*=`g?(_0kel|kq1E)^zD6>
z?gXi2SooGi?rXlE&J_ojXn5P8ch}m0#AzZ{gYuW|bk)@9Tutb4jk(R={$SJKz{oFK
z17WKb5UE>(RP>^wX#y)7y|d*Uvgsj%Z7=5<>t_ljs+GD74CV0$Go?+*oon#_pTNTg
zUJq@A{GNwAhJ8^A5)u-XZwgTG{;mv#?d*MafVw?DBLPA`Tbh-wR3uO5E9&`+RU=YG
zBPRiQN&58<6bioaOPpvH7UnGGafT&2dU~3dr~mqDzu&farf*w_2fq=ADg_umdK62u
zYdWuFUx6$(0dosw@$a$e4qsLZnK6fd0&!#r#*xh}dlrUWRlpxQo(KKu`|q8>!0x%q
zLk_2i<EQ)n<+eCH9exk}o(jEWY9mGTfq?;_r+@}8A<$*lEv@hawM5cX8-KC!NSwxX
zoqIerVokL{Z-brX>FKYNpbzLYYD~;)ChtJMKXlFsP+6hOo^UmOr!srFg8$J^-c<DT
zA7=_<w;16z5mz!YhFIBm#<vFFyuMhf8XB4BXJ_-8S%Utjc*wE>0`#w!YETWN1Te~4
z?l6H${(oA4@|oG$7et#Lzv@6lz0rYq+d&(c`+Ipxd@^WZQWPqxcs`Frwe&<fq-b!f
z%3w(w>|nMAnJ4Fy;UyEqoG3xXemgr66Aqx-Msp0nSTQ=yefIRv^D0=<iSdq$qEc$`
zSc61!yZq}hh-ntA=J>0$c<`Usv)<iWr~FAA03&!%@Uumi8|%e$!(T)I+GgC*?81@G
z@g=tQJ2THnQzAn$r#`e^R)bKV2&hBJ8PvN{gaUtmDuAm0pH6wAs^s!prK>~0{9-jA
zi`npb2YzESo6b~{G;&rvB;tUM2v82gRc9UqJb#OXVDUsE$-kcS<tOv=d*n;$ZMXYP
zfo-UR+n9Z7g8W{_7n}WuDa?Ul;uB`Ny6>IAj${n5+_5eFzZ>|D7>H~!ixdk{ug|vz
z!}Ig=6Tg0nR>i{|l*7WxzdGn`V$n?Ie+&I@?NF-So|NcJdZLwT_rXiH{VRRVa`<MM
zcv>!LVj9cQ61Gq<VbIP>i?}0ihO-M}?*dnMlKdyW28pGeb8eorr-PX@CRkU-kVGoK
zr~T=nl}06MyjRRA6_Y+UGWtVZxn}=$lI^=ZB&6gz7iPd1_n#u%kyu;zB&Tk?9H;C1
z4MHmcIp=Vekd*cxF{{1#sL@Qd&t|BT0mx+EWZDSS5Q~+&rv?xLuMRk!4=_hwo_cRz
zTdWpt{}6QX8|M%~6<L%(BwR{!-Cw7bethn_mM1G=%*?URFU7wL#~r%hww;~FhPp@<
znk*q3QZ*=KKDWsdW=ObFfy@e^OG_CZm-DU$sbnVK@<5<Y1__`l{`+FB7N5)crmL3L
z^0y$G=oCKPH^(wE@B}MHXKqg^rxg|GxC5~ytyrBmcXk<M3Qo`K?NEEOR7c*qUu~s#
zCn_hR&UkA*+^P&(J+2X9X=s4nE|1g89r0{mrK**(s$6(wBB|t;dS?LbLS3ZX#da2j
zSr0N`^Y(-S^$jeg1lXvYwnWTX&AYhR+4IXale1uz+Ul&aO^kc|H0r8|8pDWDgI~Mk
z#nH5^(1wPk8(;<4aayLu`NzQ`z{pwn(+ALh|LXOIkkV<00S5Jz8;5F#;ECiEnkA4z
z1-}An>6MJQU@#tNJQ47@4<DSK@%hre94(yjtSHKe2P<!H51pO<0_2hT-8q%LjL%YM
zT_oZBXHTB8h={KeQ}~jJ^hdxHal;6JXpO0_m(K8GJM34YMPN#gaCUX2H3`-l%j}G1
zT7N{tr&|Ds_^X62EQf>)wINakD8H}V?{=Af{93Y81U3@iwX`|}h35Bn`wqV^=6Vpf
zb#&CbU+%szB)FW)CD`aiN`K*FsX;B7LiO$of@_6=E%;as;9yXBbdOK7#;aiVQh0fp
z-KAK<Cve1XQZ{{{q8e{BkqzT=+}yoBk|*h$9nH|2ZsnC;s10XkdVEKi0Sb=qjZOtF
zy%BixHKDw??D@ri_C-x8fw-`zYXY@cJeFyBw~UgdrX~+T*Nx3G>L4R%wQauH^aDzB
z^R3CA{2wx3nB-R-JeZ>h7%?^$SZY%l3q%1fA!l;yxTu>avfxkdmp6$6js=11c@lEq
z)i-B16I?uA-a_pYL#Z4eFG*p2C+p<2=N1iE0hz_xOJEHoNG3sP&*!t`4}wO|cusw}
zIvHJolAK&H0f5-fz#ib27I{BNFT_{nok4v=gG&auzt5*@ophehkA-*p<0Q|(|Ke{~
zusy+Nf%`Y<Z2}MpgnVJ1Tzo&2rl<GxjJj8*i|;`D%}htP2L`~w7|GV(03`T<bi-H}
zfOPN8GE%X~7AX71FEq#kHAcB)9Nl2O|2vSkw{Az$<%8E%A_*@}dyvervGeZl4c#;h
zodQrxKJEN~M2&Q9bq8k+I6ph#PyMbNOPsFL#iA!!La!9jq~10hXu^}!G$#9p5NDBa
zU-RtlZ_0+_@bKVvj|a!H48CCwSlARXS8H1+<ydmSXc7Uv$kxjIt4trz9EL!us92({
zm36i`J5APBMvp<37ZnVD_o!xWddtm&2Yz~>EtgYJ5E7O?deJE^$}Y+m0sRd|3}s$d
z1R#>yUWp|BcNhmV-LFKFa#@<u1;QqBD>U>!E^C5vL&yEWc$%B%%e_grE8sC^k%s=h
zZ|fD4i<qdfm<8ID=Rt1AL(}!GEhT0^u^okCZGfDSv;7~=@n%ngZ+(wR_YDOwuXYoI
z^J#4@N#*06KQJVWQZ(ZEDlZ`*Ptz_@!5y=!Ss?|f&!rE&MTVlr8Xh)RXN*LkQ3v^B
zuAk}%`s;*uS#}Zi_j=h!bz9N<GcN>8s*aDMqK)dR6?S{_8Ln<<`1r$so#1G7V%T`?
zEiKbt&ldE<*qq;Sc<Jco0c?~glM(mO&I>fm$zal;%Fd)`C?)UnOZ3nLkR<$Zum^mF
zdWiAQVEFS31Hnwb*Gkgr>E6iZ=Zh#vUawq|IWmoCI_S^AM95D`LnVlic$&bypYVza
zl>6|H4M9MM*x0aE=~!w{EC>{f10y5HbAQYxt5!8d1c=^!a20^IeOn-#d94aocq0Qo
zAI`g1TU+XQIW-hGHabgzxBp|^kE|(pUdDm`OH<N02=TS7y}F^!FGXak!6W@66pMAQ
zF^*pkvL=P??Z3i0c0RK{bXc*JZ=vz@>4yhFgzW67)`q44VC!BFNA!Bs%}UqOOn-Q7
z;Ytj}jZ4(KU(;{0Z-JD=D{7FH&Sm3%vVwS{K$!yQ^0f**zo|q~0>I9wvD%S`9vuY_
ziICN$bpe^vJ-hYD`QBt+f1uS`2cqo{-TmWb!Sge$)A`ZJcoI=t({2Q_bGb_W?mFw0
zW;JqBLP)Pqudky;MMZ`43s_fc#A-g}3}MrPgKIKkxOaQ@(|ByEO!*bLt3!4`3Wx56
zl}#4J7N-)D;3lGq?|6(VoR*b^SI*M!&eaK|AZg-O%}4CFJ6SQ@iJ(~dS@AWy=W$8Z
zHy#xri3a|lAO?)Awc+hE?`t`X%W+!H%Jh@Ns1T#9Y-qkdT7K`n&h6a>Y_Z9(zWmGc
zZT>%>*ku;8#RMB<<h|CDl0evM(eV46*eD?9Ks=c6HxmjxzuORfGgb5FGq9eUx3Zc#
znPZ%#CxxSg0eCUst&G~eA#V9R5xs$oI?m6p(`T{H`ebH&{Ej<34*J>owPI7r%F6oS
zcC|nK1c0mM@}eS~xBooOJ~@(;JE!xeW-(f@SPku?QGBkh%sTk%Gql(cTZV}#uco8M
zfC`2)3e6`2(WM~0+#krFxWwTTq#&c}p(WWM;H5-FYI3u({%q2c-TiZ3mxe<^Wj)-<
zC%1R`rYx70nnz|KllCh#EP73df#DtpyVCvsvTdgC{V%hJYYuTz<9F!Pq&FV2$4l+`
zq9`-KNjNG~2UCQSFx~Y=rt;+zYje4#-b`OKwmItPush&(#Gf9Rt3*-EvVWIk3yRXv
zY`Z#-70D9D895rfeU{?8zpt{K`^+;_7N78_T&jK*UtWF^6O2Z|Hws{7=qmKrnkznx
zkpH<Gl&*=`I5_u$OF}QU8X7awnHj|Fro0{=L%=)ul>g<Mxcm;jwI$^u9`eholCvkf
zi+|_mWN1=Wipwr;BG489X%5QY@X3N${3iLMg*VVGUYYtR17NnWP(Q|!3Tu-9d*w2_
zv^Z3$IXbILjE;>hK>-#;U$c(hik_YmR~I=OXka5Dpyq6j@qk^ih?dNB#qO?Y#PQ1T
zzw0BLG>+)RnCa;>0a8>wtMBPqZYP>e*S(~~0Od<&cBFmM`17x_j{W_O_2f_&bYN%T
z9-BTij=DM+RS{5r1>WbEo74>Td@{RWCBYz#?OKO_8AwiZ#f62*wFJ%H0tBL<in65x
z%Aj$l<E42{vk6iZBcrX4-ZZ_D2G-^SLc!*W#zEFA$P%049~ht>AHl{JcwruRM}diG
z?>Fc)3NS&;gzgulW@^@3jSfEbFt=Sc-LWx{m;$~7FFbMHT?znVJDe@iOQ^1%>iY~p
zGN3#VSk0Giu)8ux7EQ7<H8;}(yJ5ITGV-dE)vEY)`ab|hw;PS(<8m?9wI9q{x{z^{
zFlmz;_S*5)!K)nf1M1CAvxuc7?ZNg?d#<NPnX9V=7J_-LW&dT1+a6fy$F(=NHh`eL
z+%i~hC?WI~UGiTlJ1v+AG{9vO+lsfCDY<)mdbp7k4abRptZnlCOBe(M2%E0PqZv=T
zYrx|MY}WE6Dsyii?+GZq*fH7n$xZct3*Ka)U{UbhID_viuc$Cw?lO9in^5q5`%32S
z&8F@QiB}bAsEPRZ%94*qk!eG`i@ElW3RS9@5V{fxUk^jv8HrEm@_4!oE))vTHLy%0
zzB%Og7X&(zx*x=;%(|{lFFi>4NcaPN1iTyoC|ufC4EYCax|17Uo&oxq&Mf+6+>r30
z)-p?UI0bLMMWeA;t=83noRgE$a{N<>*w2r)A%EGe=PXTn7b*?%JkcOSDA>qhWU;U?
zQE<L`=QgVd36bdEoo_Xj0~AjHc+SpUy}vDfowDHZ@$qRtp^(ksP*YQLp{AnhhD_u8
z;Z3!@-3<0{3K@jN#l7k)y7DB^@XA+<;_V$=CJ*P~WAH#1?~$x@dl{z-0jPhWh27_o
z-asT~V^YdgYCyA0vRUOymuvs@yo<41I(s4n^@}h`G=!EmUAqKwbPQ^#w3MpHBL`4^
z$rJm4s*kZ=i`zI7r~8Ee7cE6jT(M^ITTnqe_acM7LVC6Zw704(E=;e}TrXhXi5T&`
z5;`E3@r#v>T=8Vt*})84xpz=i#zk+$c$23`ExndRZtiGFg%1Qt0=-d8ESeF<p+k%|
zXvlh|$D_ObV9qXkkchGnetEB-dfmkcV`8S++s1f`OqFWf6lP|wqFPuS)R`^O6P=2F
z0-T9Uh*Gh#i&lfJkpp;(+5|N3rf6wsG*wDt7XQ*Qp0yC2q0=daG}5WRvDuQ**dB?`
zxBxS~fRdj$LF3;ni1#)<*q^BPaNE0KA5CljKA8`_F>N-32uP^ixjO5rv-^Ty-to?!
z!tuHu50A;9S)(#63Hz17K)9VFT75ppsD8ccBStDni)jahqpo0xY33{Z=Bh|bzV!U=
zn$OdE_wFDZexJ|}fj1+PiLbyCOwISfdzTA<XOj7R7Bc>Cb}r&$J0SHjm{tb7UbdQ~
zunny?vJ$Z{OEs#;W)e<fv<QzN-+ugT0P}LZDtl!-Y|GJ6k2>mL&})0p6%2iXEx6I7
z9~>OAo*RoMSz2<td+<)6)&0)%`&@-yum3x&B}GMO8aAIctk>{rr&zAddpKRJg6n#<
z@1RDC8r)r3i8o&x4%Ag^51Nb}#9A<jQJx;a8kF4eWMt@z-(0J+jqd>}1-4ndE`<Hz
zBKwzhThmGMW9?R2C(AQXYdr7^RC2$L6}<j8!Mv_Nwr<a)!t>z3FxUVnyD$%zC8zJN
zeCkCGJTz*@iakAmwltyh!!{lm>)}dCS-0Ir6goNtDr1?Ok3fC;uhNbJ^sad-elSCL
zoG}2leAPb)F+RZ|ZS7|8h8>PWfl(4>77<%_@Y>d3M_mn@Kdv;l_so54@`1Xe{80OC
za_q13r70c{55O%`mpr)DhD`uqOvY>MDjYiTy$eoY4nmIf1h5Zle|?-A>%~?RaaqkT
zDL;SyG4Bll6=Qvh_Wm~X{e-m-PiSc9AQ`xEqEN8Nf52XXX_uFCvdR0KUiV8=S7iK@
zT;Q)g#l+MBgpk^jaek1iZ4{rA^G`1mbiZikG@L~dgEOH!Ca6qun9Q#PdoDr->Qg90
z4ZlKXLP7cDBB)0FhR27yyM#wEG4Xu9{Q?HN&F0F|mxB94A8u^o<AygGz6q4MRr#Gy
z7p?tU_nn=uK2)m-`E_#w|L~mdUt4>qS`*?mTau-ZoLIMszK?@*Sy!25vD$j5-jsmm
zc7vJ@fxYoMPvY|2{Aa1qGEX87^uqF6g9hJfY4ZjWMeB6GC@O*GNJ&^pDV`ydZ|!Cq
ziEyQLE4q%oj$X6xw9HUllgGyQ3mSRuAPHIV?e!JSJ96oD5c?)zrNNYf`qhzSV7uRV
z9Odd3`PBKAP?G?}0^&!3Vz3+w=VPBZ1w|oZtw2w3NZ4jvHS^B(Ve~W4tAwXqtI4sv
zu+U5Zr|uoxBP-kq8>CCh_He2fXdAS^&W?q>4*z#Z2H82nK%dn9(DAm1URA&*cwbQ@
zsmd4$bYAc>q?3yk-!+c48U*bX6&och*7w*wdB8;4c5ourdlRC%j+unJCda(pC1jf?
z!ZSki{&?MfwyZ#C*y_JM0e~S8Nb^<Qd49rX0(JZb1s=82O)QJ~YKCj6x{djX_7c1G
zHW);LZuS~A1zW3uMdVP8#rX8(;NE9DXf0k|;3p(p{>ATyc4J&IRUhBrU=tRDb7BCy
zwByAs*l8dw@ag|C^_5{&Zc(=z=?-a0k#3~Bq+3cQ1w=sUE|Ko;mhKXe?vU=3?(WXJ
z_W7Rg-s_+9$a&6T@AqA6&N0Urb51I%55f)%puLVl^URGEO1tNxF8X8Ui)M`vFZk+>
zW$~s9(mx8*Fv!UW<F+;SM$GZKaqGVck@Twj@cYZPGQb$;pZ>mhQ6IWcNzOzODZ8+^
zD0F==x1N)mi-&On>eRf%B%A&zu3rMq{B$aHY!f_IQqo(LnxC`?P(OXzO_b~JM?Q+m
zheKU+RH9+}AP!{qoZh9|o0Wr|L~{ig4g`O2qrZQuQ%MHgKlsXyOdq26NX9ES8W>E$
ziO2=xF-wGPyoX^CGMR3lovrurJ(4*MyF-c83I|%TeX2~7nmvVzuMV@5CD(41S5MOf
z__(j*yF+$AG;(i8kjBuEYou@*_7A6_JzOvAq`AM5wpWiGeU3r~{p!3;U(k!C!eeR3
z=jZ1Q%gV}>#Lp-xA_YMeaMC;azqR5k?r%3pYyELL_{^W50<qou3`pIee$EOf)*cD}
z(Ml^IKrhHvj_2kIknUc>M7;yY8LY02H`qMQ3P9XmTzua|+wx46QCq8?&YgQ}lCo*S
z2YjGznk6z^wRP>rYLPm1u&?ExKy>ABU>Lw4&+{zS6ivPE_<@LFpp%aQTDZ2qdGRS+
z-d%q1Sb@BqDa)0_7-(S#HYHMT9RTxvoyN1jC}Qvn$jkpjW6=1#aCbRdqAi9j(fKVx
z7F$yK-LKcG+b?Cv%a4~$J(pW_7XDyXYKO|a!2u=R{J)VAE0dWrU6Cz&ckq_+Ky<!Y
z=LMZry$ufgjs?ZV(qI^#Lr7m<o({h&r^Nbh0$qEXY)nNuyF|l2#UdE*i9G$@>iA6y
zdEDM)`}i<RJNt}AaiD@&goqx@fasb=G@*-=Te#(N_(-!`p<c{C`HJXl$+;?p4~_9j
z!^5$KIz)kQITm(yWT3bYH0J=^_q+OFA*nPyJv5!~Wtz_9Obj*(O^lZ*9+0iun{14x
zM^b3xJXy3$2qj2Jld3!f@Xl_I)D-MFy<fk-3w*c?kpR=b90v(o;1OXnv$M}1M}JAA
z2nh;44M6d|tq}C>N`E#qJYAZZaryv?9eoINBEahMj}QEY;xDM$LvfC^(<R~MX<%ei
zQ%S%`Cqw3s6#`>NP|JtecxCp*J!oyR;qx=5_e6X%_k<bEnz9E7nG3}fQ0IDAOCqnF
z#54DWQ<5_J<XY7KBn~64bbj{ywlyegV0;r1hX**2hvG0az;f(xeZ>+O$;dxGSuMyN
zw~I|NTWD~IA6Y$Lf${nGr`Pb}Ym4j>59j%Ienhj-TTHSXr4;TDWD<^8q(t<w2Dv^2
zOG|_M69J3?7_v@6{Ei3C=K#DG|EsaMra#1ngM$M#-Acqe0Pe1UFnhl}oYttXp}~dH
z20|Il^`0LH<VnQ;+PnRLE#p@@tG@SoW#NGrF8zmSAi)~PpuR#x4DO5VNnL0bkbOZB
z9!9N_MV+DZEWPj!`FQt>S&&~Tb4?0&ch`J!B`Sg3dc%)HVxXqW-@e<j(Q*JF?mHOz
zetEinLB^+cm-z@9v=IJS1a$6<{iuoh1w;?D6b^WxP?*j9Hcg+~d_f1KZyFy2lerr)
za$&YwC%`QyVN=|uy;psoy??R_<uN~$>&f1=o^i0Ns(QnflRP}##yo}){PuisZjlfD
zjEYN#<$5q%iH?Xt!W#qSGB@b|djh7Q50h1|)w8+8{r0Q{0{Zf`EiDFs`5hG4(*8ZT
zL6Y`I%NaO9a=+9VKLsbuqCeho$tueUfB*h1fi;1_;I`Fcz(;aZ984vVl$HDa)Vq`x
zAkkcF19={v4U){YSDNP`r9YH*v$~hUr8b-JpU8U0pUZ?-WieKi<@bgGOxkB=h~w^8
z%A&g$etS&bbF7W<HuUjUXU47h%NEbb`6OklTl#j3l@hfx<A`$p#IM>fiheV_!-+rr
z4w9cC)`wj|3`V{}?tzmzIl;=cnJE+fl3iUDU)QC07wS}hMH$MdU`_g?ckXruq__qt
z7X5A#M7ug@pM8ETFHGpb+hjLdvED@SC8jW?q-8|SvzQij>c^Gz4}hgZH}17C|C~|I
znpdt3vnof<UyT4pdAxxXc5iQw7`A-HPS<P2fMkw+E#b4<^6l#G<|`~Jn*Q-Ajbfe<
z#|!JbcWkV>thV-S{ZI<eJqi*M8)PM_Riw7CnCfBfZOhPmVZ<EUh{)khSNAUK9hB11
zR*^}~@;tJHxE<!0L19n$No%;`g$G!F^!3?Rqn>E$NlVe4$NS03G7fC3C4=H*;unHK
ze8XdEs$pnCLhJ@$8FFslAA$%{pX6W^GESc_A&QjjGzfQgTNF9zxvsB#8q&!yKuf{(
z1Kt-|WQ^l^KR+tz*POg{2ioYdw8}lLT4e^STSH%GI_$oftEs6=zKAs6*xqQHSRm=G
z{U(OdSd<wWI#}M;CYpdsz_MVqwuvnn^6mvzmf{?s!S7E_tOZ<LZgC+p%8Gtd4Gz2}
zW*?}<nw0tvan*&rHJ)bG2YVw(mdiN5pj}>$Je&7{`TEZiqM{Jpr-zvJ`vLMcVs;ah
zUW+%mx$K5d599ku3WBI;CANw-hK7De2j~uh0o}&0>G>OmHTw6m60%-jr3r<UIyy!g
zJqv9ao3xvsf7ww?3#P+pH?)Y0iSrx!_)()}Ci$fpC1q%eFe&0ldbjKQ_bucewocY<
zB-GRkS7%vr+}Em_J=5>=D>^z}RGpo<r<L=4j*X2Z!NL$0ba`Qij^2bsH$<O5_H_`T
zbcEinuDWm%K92051Zga0VtO~RYQDt=2gVz~rUw0Zx-|teoVW8ik`(UJ1`@EJ4v4rv
ze#}~qq;w#2n~bH`2HiX?eEgdAX2<LXkQ@O=NvV&-y`)%>9X@LcUtd2}9d-5GP|FYS
zB`k}LTK_mp9<WPVemrU%@|%9OpxWujgXEHqSj417{j_3dpCWrK3Rx&&I+&V}_^gim
z)t(<Af+UDKh5Oe`rkHz5HjO%!gtGEYT|Fg_z^mo8^-9ktce)6&upeou3>RKzVO`X3
zR3bB$GwotYUDo3(0+F5$rcj0MuDZP_CD_c477)znh`_Z7|L}p5l_$YfsZ1KPz-rzX
zY<oEKXxS?9-SAS6Oi4nv5)kl(e@vJLjnnznKs47=QBy1WSFh_$!9W3nH1>s$pTA`k
zXqvn~p4=C!t2yUlec=vtTS(3|OT4!H(H-vm6tXASEq2ukLdh|0Wcz~4$G)m0vB6xI
z>2+_<l%L*jk1#X~!uk1*+O3GXyIf<K#R<nLmF2#`_d*F;Kb-$lepMyndMy>8ly-8z
ztt{F6Lz$EhM&*~9X3{|@+BZ;T4Cc!Js<b2p`$~%RVG|ZgOQQ(!G#b9qygUZeYRGhT
zcP#(;n}ra}xVc**p&%O$pKT_x{Sa=7AbU3&$7sMt=zRac$0;4r11gILBTKzaUR?_@
z0xYk+i`}|j;h80@J35BXeRr2TLe>;jZ#g2<;{3obW|Nbnc=P(jYSl9`s>DZ4{IkVI
zp0D251HBP8vt4kzh0ir#BctQG-C<!16jG+MqEB!A#E7xgmf#WBv*Pg1>}(+rd;YX~
z=hHPr=?F59`7U{?K+Rl-CrxT37J3GTEy;K9NRvc<JW&yc^?c??IuUX}p_!i#j0i0`
zud@XkVA!8O^EQ4nH57vpBqcE?p?WJs+Wqd`<a!mA_LOFucsFTe@(Xb8I+rN>hKBPT
zwIHIp`sBp>(;Bj8Cb6+A{*40MBPm+zbqjw-`r7R<_z=N=4em2?@8Lhy$ONrpmpW>C
z<}f@Onu=ye^v-@Rj;3x);~lpno$S)wN+NPzuc!kNJBgdSRoE-w!%y(Ir=WWS7uWjS
z(>3>--Q>wVG=m*Bn^v)-qSA=n`NsNT?6;{8JUKfywl?6Y9ZPj&;mKd);HcbhlPBKZ
z7=Y{bo#O`b7Xt~hVQjoIS*FX|Y(aqM{<p91(fRJ8kP2BC$@^IbB8~+C0G#~p{+>K4
zI=cUbmoKY+g+(9EO}gNRU)7c#k6h-sc!Yv2Hn5mwy2U51w`z@>R{sCJHC5M*x;!Hl
z^#Dg=bR0D`uCm<nXq?N-1gGPIaz9DQ%z8suw2~6umgDP@yM%h>(BLBW?XBIze=;|B
zHB09waxK!B2iA@~t+YxHGk@7c$ji32M(^&ee1*PyTvK|Bi_fmFc?bPA<=GMZg-PC_
zA_04>*YtJNg+X3kvHQ#S?<Hvh1jq-ZJhzpB<^SsifDsdWu)4K9xW4S}>JIt$kpKL>
z8O>^Tv2nJ%Fz95(0Fv8C=IZMDGb$>o7ZHsxa-zDJDsVaojsmVduc+vbk&?3A=4_*n
z6>Q%u&Z#3LNK37d)*@I2Yiv0JA_I}C!$KjkN17!68VQ6gE!DTr5nEc+GskMAG0h3q
zUJ>9`cs)mtc2iSZ2yv?mLxMIU5nnT~=-rbedCiPvPty7?^!E*xTqgJTP7qJ5sAgLO
z$5si~TOa%0aER9hxk!c4t?f7MicIsQHGCyWb=*7*4Cph!I1phK8QZZ}04=-uu(0gL
zlXNW+BeG(8WLHFl27PrlHz#`<yZm1{L(@dazs!^w4$s$MZFZ`5OlRhV(fl&a&F}nv
z?^t&{=OgaO64}(`-VcJ#0VxTIxP^;=7}lle3oP$~uHN45t9rX_rQnc|ZJ4&16R?JH
zv<)a(x8tPl{T+Tgxdk#pEeC7fm+$k}^mTRX4*y9DEjL@~@9m#aJ2z_V390GL-PIwJ
z^$V{e@@j1|Je$THkHLbNwUYSYx&PquEtv;1;^EOE?YDxGre;|A#Mf#XbWyMIl&!wK
zJ?kbL*uA?u_1!h#EB!pT(Kl;l;3e+3GW!vlhG=15uz9SCw~+b~1J`W${jFg@82Uzo
z!}>rXmm%0l&;7RZ1s<LtGFnbc1Y*Q1#Fxs-OiPupYE@O}E#dJw%<-!pL|70zMMZb_
zGdKtZ1x1^7qvPR_a)xl)4xo(I)1Kc1atA{XLHk0z-TUa67|aMl_BA1u<li=1Z7|wp
zx}T1tD>?Z|ixm|a7Y4VDzpM@X`-5kB*9dyIJalVe$A7)24Xm-ydR#fUCa|+HVq&2b
zBR%gocDgL(o%~^ejgQwoK9phz%<NCZLJeyU5RUP21~}!K!X{V__whFed@eY@<5~Q?
zydd*nVZ=AfK*{dz%Govu#?uoak12-6)UJ&I1wI;S@LNYm#b(Kt=;(O=({>+Tu*K<%
zxw&{na<D~>DhW55BLQp2S{L#K6Tty@jy&Mh)1z@71O?mZ=wTrCTIyY2cz8<q?2&9y
zP{OLh<Ne3{iLt*t-2BXbe(*uv+M@eR4*PgMBGT#?5b%$b-=3}nnzFwmAd4bpA&7~I
zwS<R<Z%ax_qQI;?o^P{hYHjaMcq+MKl7${BDPdvbm0l&2ZNg$XMmsAa@3j38lfWi`
zK?+j}Kx!<0n@@_Y)F`y*devpg^QWIc(>XCA2KJA~{R&tWum<YpVO>7R7zd~C+TSQ>
z%D+k%)?Ibhwxj%)3*bzN!S3o$7>R%vbc#!tg08sc3=BvuF294c{_2AyVH6UFH@w)2
z=^!NZ*Sel+D%(o`K*SLZBY}0je6{nHb6oDx{jHepJNW!>-wSmM!xtM2!)mx{(|LcA
z`5^N2^M5R=jrM&S9Kpm7A)s2@l!thMxm$fA&kyU@Phc83z$)t!RCL}HbpW<`7jy&L
z%sTk<9S;w$^+hhvY*}7j#bPybQmf~bi;jtg#(|^VdLq*jNWF9sucU>xir`qE<i%On
zstP}U;M0|oMMhz~^r0j7I#DCt0W%EhoGuyC7aIJ81`^hp?*k=VZZ}<7k&sc>M}$2J
zdLIKY{3^4lX3n{4mwXV7G8zSHXXnJi7Z-&A?2b?27CZj&EOD_tqSz$<v^QD9I1P3U
ztH~gdu;}~u^vCUt{b9{9F)2)$9zHuu%+L0L%~$R`>_HDL%tNMWZAL}+8}16?t#Dwh
zniI1ZFf;plJP$uHkif33QKLFN7Hj*K<79LI^^bCzxUIc?S`QsPgZUI6MXQ?H%4Y*F
zc|=UL#!eyE3z^WsK;9-W#?PsyDUBi!LG;cG3yuI}+ayX#$^;S;lDkhIKNjH;5TG_U
z{UDD5D10bgi10)2t1{32{))2;Ul1FeiLoFwF+qAh2<<CvFbqLWbro15vx>+Ti!g@I
zA~AhThn6}6r%7k^ulbUaCc|ZR4Hn=jHeured8|&(o;>z!3_XQQ!a@x;cY{FhnKj9$
z)XpdlrDmDr6xH|n;<>g|oprn=DLj~<-`*(V_uF2zL1w%#DWA0pLltmsEEE+Awoy@0
z%oqABkb=g>Di)gR#Vcr;7=m{hwLW|2(fH2Z@|P|~_`>m8Ed(-MVfSa+ZD*QVhPU=a
zY@3mQcM8WCw`hs3&4e#rrrXISEgg$X01JVGhnKJYHn;Z2Vy3Jp$O=x3leh|297_<$
z;qSpBpPcU_=|V3d6#Lg!Buh<1;2iy3uf$PL0zkI&qzxw3<qlW+c*!p=-_%cZ-OXLF
z=C|r6+OxBEQAHEWfmkcL#810~ntoK;ItUanWMmq8rm?YYCNnHesK{bcA3siUO~y`)
z55{qE*f+VnoB*Etw%x<??NLG@VvOgfff<hBAyp#;a-vpG!^Sce&7o8PAM9aZ6vn4}
zg!T0mrpC<Pw)c*7N!Ae(s<b1jxW?|C{gM#W$~D3zn7K22Cm)lZiq?C%ziMJ34^QrK
zcM)`dwi$vBKt<MW6vUUp`3)7-`?IZ~SJwdI_X7W(7YqbMf5Vcp@avI`85bQ@8=JrO
zM`#~&&*~TASKw6)O@G<aIw<)LES6{t!>-n>Y01hW>wz}E)0(aVIvo)Y;*_nSPG(F@
zHbS($nrZ8GDgdV98Xem~YhUMVhVWY=w1p;n<ny?=RktVim*o{Ej0_ANKbb#O0CR7X
z%M}_EJ}M_MI#r%>FPW7U6C0<mGqZ=)#~6KjdTVYrQ5u0v0*e`p!#O_wxz-=+-C?f;
z!)B6gMYR=Z$n@%8$TKr{f$A3G>+2irbi8y3IG*Bj4h{}##U@E_ivJSmZ;$({W>i$v
z-!Tb5hw-|I#RYjIWI|I@=TO+Xm<fW7M-WhwsuMO7|6DD^$5J+3IdD9$z67&+g`_#>
zz(n&~+(0!cvw{r(*%i+nEblU%U+Lwg`m*xlrKZXU);8^yJUm6gAH+O`b*_&C;)@uT
zgx#jQ7{9rMlM4pkO8Bp|w2E9l3K?`EeG_rQ;CH*ul3*5jSvpqwk~Z@8oOa&nAn@?$
zh}U@=!%@EhuDj9*27>*osixv9Gt6IbvS)YqJA2!I7I||Uw0Z5^+&Ei+HpO8)b|mkw
zIHlV>B4V5{@bG@#(409sHHDrvv8#X|;@2jhP$40aE$(!BM_25nv412@Z9+O_p(eaj
zkm}UVMD8`ohLE3z6Nmhg?aSQ-O8dLp7LX!x`vrtc+x4@hJMa4Ag2T|>zpqr(B6u}9
z`B9gu(|^V7h-8bNzWsiZKDNS&rtxwgQG$S=#L3<l*fbQII`X2Tl7qpxW&6k&pRuv*
zot`6tH%v7CQ`6Hs^Th;N%PqO#q&7aPIty7bqe%)hM=s7QE91E`Hy6kd3MM8UV@pfV
zT~KnSudS_>-jlo$s}?Oi{_p$I(&lfsx3?>i3OGK%LjdTjaJseCvA12@mGX*dk(0y1
z!Y$!~AuS+8i-l+5qW^IqCnuG6X7KDWB!O4*lYwFO=pa;)n_Jt&93}H2FxofgP49kd
zZ*S-EAkp5-f$1!9s!lG8Cktb+Y}SlQLZVZ1=5Hi9aBag5jb*QzTZX$kn$%+0+G-mb
z{ya1t$pXzW&~JOWGEU7#gjP~nE7dC(M!IXy|D;y|c?S<4Xh<%yCMCZFBO4Uvci10y
zV&{<SXn=@G_CO6_Y|rTEiN#CS2#P@SNN^u-BxPmk!Nh`ohovT$2mo(G`iwiSH)In*
zmApETz#kzXFO7)Es@oCR7h};}>kc{FI$bCB$>`5@V$}M!R*Pn}`H1P@;jy=0n4Fvl
zHp$$f6L|-nZ`&OltLkVYVY<0}`&3t<$HzGoS5U``|BASyeVM!nn9^qco?LxrBIL(4
zB_&CA4I1j${$o|?zNdchuMV5&pv#<HR`x5HTN3eyC$|3P$?EW|s_JBN1hYSe_Pqdk
z96G3Z#9zM-+*l>llt&XyL__diShSG=kbL&JB{(n;cYb!(8Ti~bstO9|<}N7$zl1_z
zoGBnCQ9+x-ohm(jArnOA<_sQ`dM83IRl|5uU=4Es$O_Y*hV_}0v~ORQlM9zzjrYrL
zN0aia69*5xxv-t-yWWAxWjA7IYBHXnVbW>DU%bEcxxGEtZv7#W!!QINyVan*v%fyr
z?z1rTuj8-d?u$-XL?}vm+9W1&t!ohXxUm*QLHfFe#~pSY6vU>Y6%dt26Ft|90Pp9=
z4$KIkLh%C=Pj;9yne2?5-7gvBP*B0o_sq+&K^XGz$LI#Jx2*TOS=wk!c9u2x#ysKV
zh%wFkV7}DDE%4b)17|^@$9@7uAdNJ@C0`-yy%EaFGBVbwyf$l$pu}aMXX$xIOA93q
zz)>dtw$u+ZOeNB4ULF<^n$v=hg}X5uk&X5z3`wAWz|P&u%8}NbILto?6<^e0y2QLU
z(DgaJxc*}i6n3<N(w1CUfs12sc+j^#3S0Bx_(x!2o|`)$R+5k>riv@w0sB|=oHDUv
zA38DWHCJPiSZPb`J8+##dBVa=D3Pz^m+CDZHq+NXpk>DNF(!UIFj7^`+v|P4L1}(K
zY}Fb`Ru()93(FC>eoNk^nOS6F)p&0plz|8v`}?n~uMXzkgWKu?IoVtk0A-2jO0K+M
zLj9&+PBkasq))c`UK&3>4V@;RQQPrx4Hjb!TF)W+P7EXTURyh8>~r7!c=iDuMx%38
zekf1TYikvbM>^kTrrtS9Nr6OR$QB%8Xz}?)m})lG-3g_Jn$urUe}G0n&f0H<Rj+0~
zn&jnDh7EYbxqSE_6CT{5!jhccZ@=sPnT+9-T~0390}_o(6y(FtU+1xhJ4ImD6^MNt
z6CDi(JJ}N-y(jgiAclh?=$}IwBF}ENwr8ur_3;BD_X;k(w#s{Rz6MZ#oBKK@?V@fU
zKA@3`kcCF$IM2@6G#zb%(UV5uq>cNd$Z7u|IZa0%_n+em&1z)#N|Q1pv9|Vh+jpl+
zQNqxc1>F$BKn$riRW3F+cAjpBv5Skt-Z@kxP1}8Ij8vP-?-z%UuMu7Ji4i|02q67g
zfgi$yU_VKiQLnkj$V>$rU~zsu2V&RgF;3Jl20PPPkEYs*$_0nmtl!womgxkMA1oT#
z*qjRT@caP_AH`aXXM89=(g40zk_v2{KjLz8yFY*Z`n4bA<muLqu()s)aJI`^SUC6y
zD#UCGAL_6mSniMf55wuD){FZq22h&al?kjDimTkKl6apRt;y9Np-6z$R^1(9czhgj
zYPYS4><DtNH~>HaX{2B)T9_6lS!P{9;C2m{sX7&yYszlFzzfNht$iY3{oGQ;@xY=3
zZrk(-So~Na`hke7tZed!03SSj$)7&~s~}4V8;F8;ZR0XGzh)u|xwOM_-^Jk=coeif
z<6=Ssv!%SOnbWpEFyVW?p~(vDrP3Z^hXg&}U?aveiA6TL%`M|u03E<829$=ZAFBf=
zt7ro8L*4B~vBJJ~2jkfQwXZgYR#^{ln)xj*e0<hiT-^ir*OkEK!+%H-`)7ZaJ(ZJ3
z8Z73B)zF}1qz$;3RCng*^-{_fGds}E>FVt?+a5+aewCS}X2OJ@;33+799zB30f7lv
z$!iWp1C*%dZq(}W5e5jfd#4g2B7s2nkTo|S<=`k99cs?qpDreFY-o55IP%m#HSaoR
z%IW@&1e}8z=*|a(j%322l-W{TmmKw1XJb@gSzd96QbueE)7C3OQImPjGP{tEFQ2oe
zvDfxLt=6w)y@pHY^Lh90kJf!ldAYt(N7g&8@HBA58Eb0;pKqe_5yFO;k(&WR|D%-J
z<`Y6t_#@!Wn>V%*qyk%fz}6K@qemu&<u2+74t-Qma4<)Pu!pM|z`A<k;^N&9EZ1YQ
z(5XoP+aF!S7WJeMJ{=xb_D|y4^OMF*P6B%6b*hLv;Xizqu2tqwMF$iQ8vhiTTkS;6
zXLaf22NAq{%k^#Mx^w%vz+;B`e-)~$BMI@kr&5`N#uM2quFkxlmYTn^GNMAj5<S1l
za13s+c|h9M7QFp0V;LewQ=vq&HRgDD?ty_J5<`EH+&tXbfIX0#$lX06sD1H#8wNsU
zI@G~0AOQNQ(I6)bY!&m@CeL?%v9sD2nwncTuAWL5P2av7Hk#wDiFm?6((m?SIkTmF
z*^ign<vzW-77`jb^U;1uqu~5__>V^b#~n*@Ukn<eUw^9o78Dp7T73xI+Ako+Pj~SD
z6jQ9hPOpv4jY*3Gm;;XT7y=ew-&pmq8ONjPup%`LQcEj*i=rHjgh~sGjYM2h^a*PD
zlg-0V>D%9r0Dqmwq=VG^iYK$ymCJWlKuCY7H2{=!Y&;y|s&55?<KvTq6+eE|=CJ~6
zqOxIPHMQ?E%2=*$?>=Y6YyQ5=X=cyq>0W)?*gEu*oE*|NTKK-QYZ4du0(%xN_t}lt
zByqR4smj&N4mg6MqB19THEfMRiKDmBggnq4a@y4!AU90LW{&&B=Nh}u#gQzAA)_h=
z<9=|sT5SmHnH$?f6dfHsm%s`dF~NwVPl^q^-V`_CAU}`!g7QZW0FiaeuU~g)0UraA
ziy$N_E?(~pA-E*d*Hpp~NKGqD(Ne-M(?#WP-V=e(+LX(*T?~vI5cT`_5ZzT?!^6SC
zMAz0H_G*9Xppx%pOr%$Q6gJ7jLnglk{?y+SRZ$2&9b@O>SY=^Cpm&pC;`doE>h+%0
z_5B%$Tq`g=rvx+$3n%^tB=;UxYOOKgYELTv^tPJ}L}Fq8>}V2fLPHWQr<BM%KW@eI
z%##{SMTXqyDyjyTT-g8pJ0Ov%({cHyfR49R9}_fk8vkZolyy1^#fy*Ewz7%{-*m*W
z=-frp)N|y<8|ADns9@7(`sf>=r#D&FJ6ZT%{|#tnQ%K=1-P$1Zrug^<8b{w6SXw@@
zFfk35foic35}6*YHXnQ327`O1q7)PJBoVNdArZifK;+|(*;`j{$JY|E|Ei}U_T^Sq
zho-6_<#@}F@-xAF-S~xrZ`!5$%jWVkFGPFGbPd7YFDAe>GqJGrz!M~lOZoq?;<-ys
zRG>*68ms{FmoFT=>d#!@D_0N{`c-2GtrKQ<_RTTe(^8?uzXAg6ix)4D(2+#JtBpUL
zd%yYR2bg7;IktO~)^Y2rs`-(4qrnLgg1fQR(c2DF>*^YajESi7@vmWYEw`g?6Vj$^
zjPpm@>>M~I{1ATcZaNmJm87>fPQxTQRj(wtW5JVlo}2IJ9>q#BGlM|P%ytKXN0$8Z
z>Z)ZTGv+1SSPqn;9`g0}7H<bVBa8M94n8~f{4w31SFgH5W`7k1l^?tcYanKK;o#QR
zR+quiBH_d72@hA_o#_YiML~IeDS!8&Dzl|{{IQJ<o}=8;!31JHnMluWBvv8`pLcuQ
znWiUb(1q4%L(9>Z^cKcnEkcG5sQBiRlGu1SyMoOous)Tw8%s2RND3`WMmk~99Ay`e
zd=LyLPS;2O)RxtJ(6i8TJV2p)tan~p_tBG+i`<>B>8}y*=)l4w$PXvehzC1Tl@=S<
zH4G@2YN}68`tgbc?ZD}(SX?AUMMI}l3+M?$yTX<RvRhZn4@?Uop#^@M7u4O|Sl9&H
zE`pZt{QWyVk7bQ#8y)CIfZ!1T)lI|5MTDE%X=sqLK2T^>AY~=l*xI_b0Q*}6n0VQ+
zySvM=yuMxu=<9Q>GT)xNO9$a%A<JQs(7WYltji~%u75QW5g+9;g5w)+3kvf^n_n?#
zzN~&IslJCYk3c0tgwPciiGR?*YsptyjsE@CL45;|_k?df_@!*eN=kEI34JG42P5;n
z@@dQJ>nT}j5oIeYM>F0ccJ_pKThh|XR6V!c?6zc(>s%d6JAR?L)akWc%=}{P+kSx4
z0SBZWZ!ie^^-(8cmu~<SH8*~U(?P+NE2sxHOib<EnHhyh_4S&?Pjcla?GAHt*{#;4
zLXF7>ii@jA81+p}n_BDw?p(+?Y+ftJRoBI3#K3|d3bJZ>Hi5BTt*l_~m*K|Ws8T1?
z7>Ym?pn`~TN`O|&IWQcf3^>s}#Iwf$ym&dIl-^ZFEg#wTPEXRo7i_!vdUNv82QzaG
zLk2scx2+D8=dZs;mD$_pe=670DEm-hj>nytqU9X^eyU_zPDY#Xd^QX%pIJ}g@Qa_2
z2MU0YE7eY{%fv)2Zl^Eg!DzdmrJo8{B(gl*zNRF$U7T%l6S(K}^ip-r5Zq4ThJtQ+
zCT?C{Q56}ajC5f?uShJQDVI44s@j~Q@R4l-;Hi2(x?}&)YyhJGMyV9c{odDAJTQ_$
z@)~E*0fa`!=g%r{IlR;T-Zl4Z^3F`;v&~HAcw++eulD}E8}6%D`{Lf1-d{iccZX&{
z(Mzt=>iJjzBzA5{m$X!eq&zBkxm?Zx-^OfV{+3Uw<DQMqmT2m1c>UFo%PO^e0zmBZ
z#q*Q2kWz4X&%JH0{`?DBGqVy7uG0CxqZ2RB0X>-!Af48$6d2w!UvFnvk}VPUj0fm$
zkU%O&W(cykhc^@TCzBuLWPh&TUDkd6j@~#`%%^G2I8bQ7L1@5{L<pqqE^6vx(wIJD
zZ@nR#zX$rQ5Xg^<<A@<kOKq^1CCtc%YP}aTb+(0+pdbDORw~T9&kr@RAh&zwInQNo
zuFl{K0*{f=MwQP@IH^FMi1SI??qJee%v)}3F)U`Oe|M$eAETflZQ>;k4hfA?>J2gE
zKW&GUv=Vd((jz0IbC)Oj!hJnRiR|!xAy}_bgYzXW4NdsSOGZv!ONRFu|K<C`8b(0<
ztKT))ZK7!HfBoK1Oq5I}5)Kgg3%XL3&2L{24sF&?SU6+%D?Rh`jsAyG3rY+`f;>|T
z9G_oyPnryvmy}I^#KXf~*|<9VYeFD+6BX$-<5V<~z%md)#BL-NwjNJitR=0XOWKpK
zBxX38$zO6O!bI~jqPf|y#uyo@twSOs<Nb%zg+P)SVVBMoUJ`MIgX-<Z&!l6!_IdH~
z(~kuO1yrC{H+3Ha1kXJv755QIUw`@2(a}*ph#KcGD?qxKE&KITAc1v81k(qWKP|jf
zDk6`pk(}Q*u%aTE;M8y_SscG!<T<A$-1$6jet&-8ufa`M(B%5`EP*e9oKeq8WCFqT
z!Q8n%Rc9<NA*(Km&qrb+d^|j;o#1O2X$a3qI!rEd2O;}+;-|~Aju#RVfivTu^0>|`
zD%$?Y4Y88DxM{fw{my~=d^j(5dfaM3lAx-lc8JYX>3B#nRY`UE6T*XHYgb(6*WMPT
zn6mQSGyvoYNZZNogyG)q2Me#R;)PJO)VbzYv`$Akwx2dOHavwrA7)QyD~%}K(?Tf%
z@dKbR!+Y?5O0KHX;NX75OncL{*j(xoFp!U5>3qW1<-DLAkiG_BA{NOXtMco*1q6jn
z*hs{gven){R#SQcEjoOwq1Bwm6$7rd8UUWY=i*#(UPr)>wJ;{^vo!t+Cdz3L6OoBn
zLjdb|y3&Kb7r5+&O$80={9nFA?vCe<J(CQ{s%sN2EwzG6iQw_+(>Few7eLxnr>0jT
zL__dbNLIHvMMCgV{hu!%3EFdJ_Cud9kO}zIeeVfzyjjcjU?9d|UpT;{Oh9(T86Ve)
z7z*RLJ~C|0qk;Z^Gwo-LfYIIw7&9Y)%spK`z#xWI`T|;V!Z!e}^8eLlSioEXj5O<D
zEV6r=Y1c*{Ui28Kc=Q&U@0Zu*W@hL~YyFKrNoZ&kmdgi+SSYZ8Tw2vZ+hr4`9$s4y
zg;?B;QLD>uP1VBC$d?-Y;QRY|w>Nw(j*b$GbKs6A@(bM&Zd*JIfuZ*@JUkNoAm|x4
zETa1}<<?>&%1GRyy~5bo&$Zb~6&3Za1@u=%iY%s;+6L@NJ3Q{rrRVJOaz*H(k{~T1
zV8R5J|9%_iqo&t0k^!(rV#QZ%1wlc!iUkZ>5o3VGV+5Sm4qBhp1lWM#R?*{fFRnQ|
z+vriC7zb|bKfdc@0Uo1fS9fpkKMX=P3KY8UJ=;|l1Q=Fx-b{|B8+SO^c->8LjEsW4
zbo63mjjxq;BRp;Hg{S6zj{zxf?=&Wb2iyJ8wZ?*ZKLiG1lOZx=_PtaCil^*%u$WkM
zL`6(YAh}^^BLV{Jfqw8Pv$9X)X#x@>3nc$W(%&r`b|%~QDbhTxOV94_cOL)6-m70O
zEOdU}!FHvmH>_<DzI*`kG<){=hzt>pz_U-v_#7HS_B@sLT6DAyBE>PekoaJu(@uVt
z+GY*qOWM!>=6<UzS0i^g>=3ENX#M;NRkN=n$Y3CV{UE%%yZa;j<LO`;sJenJN>W&o
zA^$N#?NAA3BtxXN4vceV6%%X!3_${Op?b{CoiA5l^tV*NmQ<iRmY(Q1e(-uvA6XzT
zJDR*iMfb)xDQ?U0?c2`Ad}Thp<=;9ktJ;ohoT{oBtxw*!^>(wyM(-&NUSbmj<W;g?
zIlCF{#L{1~9M9vJ<mRt?*Yh1*USdC=8u`hoD7(A28FT!q|Nf~)052{Mo?<~qe;p&x
z7tS*`XOg%MQ1&;Zd@nw@xP&J1{qElfdhJfn_F~CkH7Ch(75w(~p#-)-;NyCPNOWgs
z=V3`{ss6bG2LR0IP{7P+@a-GP>E-~zKj;LW7ouC``W3ekH>DE)>jl^*2aPL@^TO~=
zql+!1FA113$xKZr%Z)`?1!&)MaWRs>8nF>p{HubmByr>oEh(*BoFk$FBPG=A?VG1(
z=fjeONd<Iu3wz&cmHQVpxYlHJ{BiViaj{;i1FcCf3XYYD1t{oP7&_jHh(ISJoHe`I
z3DK~^AZ7bAXh(B!02hduI=UYrgaRac5gZ&gkM3Zp+vA(HEk*6G=4&q-4{Ctk+u7FE
z_S_kOnGejdJ-X)<-W2oyl>>~FQ2pczY(N9kBAx&QM}s);Y$LAwp`Nb3dkoi~_{v!V
zUXchOz0YU#C$Y;L;#W8GFlC64Wn~pKwaQO)fIR@iav?Ayu80pA2}#tX1MXYRpMbff
zw+p4Y%#7Dg%2qxCWSiX{H(uliRntHkdHwnGB!-N(3YP8Lx9pay;^{q1jP0M^yDV}H
zM&pbYBNHQp6T?HCiLg`-?_1x!TLlF1&c${HiId0;Jrx&TnZN%Dm`@IB5s0Xm809JW
zQnmQ__}?4hNX4*pC}EJqsyV>ltvWk84jLQ}lTjdM%dMT_`sAh<WI2}jd)`v{MhBrp
z6&EL7ppJ(S1Eb$y2k@qAi2drYBQi7NH8${a$JmtmIWGJfuDvwNdmQt?4fu!#`eJrY
zXY|z}XMYD!!4Xnn(ArCSB}m#{WQe#C@$@(*ri5WdE|@v}K~L@*Q#c_Jr3fwJTdh*_
zik?USp(tBg*z}tS_4N|c%W!aUnb^6xuROragt;=^M*JxbI58|Z2=urW=VWH8fML_7
zJfx&)6#Qw!#+BN2hr2<C#KeFqZCP5ki%}ooVi9&ph>Y&Q(9)^~-3lG&L8_|Ov$dt|
zjU6vb^)n1R4M1#Ew6xq2wx$5^6BO{DJ36B-Hc>%6+IwC}V+o6eAEGgj-0XiE*ApRa
zs7J;^DyaSI{0=I_5ff3;Qo#y6-=TKqDQ%jCEyyV=`49M`15g!)<9NHZ1UBsaxIOFs
z0zUoav$P*YAh#bh3kKKM)d^x^U^qrcMco2jV}1SfxXPsN-~dfZR<^m900+NEQ$V0-
zj`UB^fWsW$?tHUAEs3zsCe6uV3@xvzQRlg{<oU&F-^-?Yr}D9FJSaa6hRL-A0C5GB
zVq`8ZKb63%d$<*h_;B@B^An_FW33>5+!q-F;LTB+ODBS0oild6(_zP|MsZ|ZIz}G`
zDX<QD=YR2AFsRgaJ~%{||NdRFasUSv85u7nIoTCp)VtKsP=&{5N=l@xA+wY@f4DJ!
zFx%7wY9<7O`xIJS&bPqMQQ32lP7Nc-jk0s88?FyOm7hv0r3L@&3|I%Vq#ayESf}D~
z!Fc1n#YUTj!IF-1pp!-(&%K<$XD*r`4$Moy!iLeOrIl>;Kuu!NWwY;(rP0L<X&0R?
z*N1k5JQ0hKfvA2ih`{p`UWG-a&=4^vp^Ah5=@fB1IvVTxlxj`bGe_?wc!0KccGav}
zRmtSwUszi%3wI@?6#saBVh3DlLT*lu%!(M6WLgv{Ac3e@bn2{^f!PL(&M^ik{GDVQ
zK;bjW83@Jc(uu&w39Z<Hr($sG(qV`c#tWEZ5`Vk9#BGm|@p_$@j_e7tjB$eaxssYh
zbf8%(e(`Vo!Q@m<`Y`!LOrPXuNjRX9s59b;t>B9|iGtT-e|=QS5pNuT!Dj8SX)%Hi
z2w+6u5;5<?VYtD<$7h*u1-)5d+_!V&iVsEL-D~JQrHr9blv7qvuuo(&?6828M6Z1Y
zWTinwI+@xmp4VPBOJDia;Sb-XMy>DO^}}03Du(2;^qmH52CWW^E!|xwO$b?LO{f_D
zn`_<99@|QOnd%yfrAq5i674=cz0SZge4m9y&;hf&gsEIcN$h8_(iTZC-2hA>wUciO
z@OA=x;QOnX(G`s>bQt(M00GG+Y=<C(i??4btfaQS4yE4Q2S_K>)zu$}2?$J$jEyh+
ztX^WnjpacB?|dep5SICYC~d~hUg-|GIlE%6wJ={Bj$;ht5aAJ^;2BQydFl!RHxpgI
zvy-t&DtiK&*MTskwR+o>N|IV#y|Mo>$X``WC-nTw7d)II7z4jt>i;gOGe~L`T8ij1
zx;iHu6cE7n8RnLT1&)sLmqv7BkUf>HA0eu+KnkhZwsSvfvQkrjbF}l>&6NlFyHH8G
zleg?=U)LfkfwhV>qHI(Y1cHqnC2nD1F%lUWDGxM`oN-vdok~FI!tBYZsTeR)_B$A2
za)k{+IX}1Q?|2cvKfS6YB+R!ZcMHi$CW#bry%YyAHys|K<N08Yp*$ow#HcameVlD$
zhF(k8_Dl|pon1nFtnX(>uH33u$HEc;;x6NF(t8{1PbdJ3*<OG<2w1-L)T9q-j^cn8
z^6l<ot0EKPszYb$cO*_OLf*JeB%Ec^$9SfaF5to>;&}5~Sa?ZOUq8eC;ti7bF|@S&
zo|u_QakSieY<F|AirUf9@eYFZbU_bgd2f2c5K<CSNFzo19a5k4hE6M#&dze<Dj616
zT*!q!w!-7McNZ#D*>4X=#wGN|=E|S)-2a`Lg-3NJ6Ij`h6+AyLzPbcpf5FCS+eHUI
z1{ny~l+$ITBgf30->EvPQl8d2#G5csiq74efC-u6WRQqteCnO8y;&+H1H;FaogL>R
zpttB{Wo1D%i$DY@6H8G677EPP)$yjlz#>S(ids5y>o^{IFUB+f9sc`uw7$65TSFKk
ztEf<N_2?rN+IB`Nz#w={$%%_?X!!7fLe<nvR+iVuJb0+6NG2$(^dz~!7Y+)9h8rB5
zuUBB+0Jg%nSLz3Ox?ua^L_SRHRbEn7wh!0z^sLh%agT+$+VZDWO!70GuRr^Y#U*u8
z^RLy3e0oVEjlhP8rlb#XX{r9u)eIybYtaD3p7~@64!ZCgYU(*A{T9KNb^=i>$rLH*
z_kcjakr@QMnA_1(^FMhNl?pfrfb$`x0OR4249?Wo?P{n9L+A%bq=7lTW=3gdyd%~R
zl~Hip<3M|nKxR_jQVOAL{$D2u2TdL)nHTkg3gI&?KOP7_?CuhBS>P+9vw#Z0vY{RZ
z0__i&9>zH5{?=xop&>KSX9#@n+HN;&Ad6M~c+6t>W>Z{(DdS=N9-fhh3YKSfx%ifk
z?<*}cI*cdxT}e~k+UEsZJD)HRMAqfk(ZJ1oFzO9YtA~~-?KJ!d0Jr`Vhkhvruq-M3
z=Hd3-5Eu?5A%7K=1Hz)P!=LV1fi>cWqc=EBfF1Bykf~!Y;2;Ub*t{cds&o6Z#jdD8
zG4%`f@<!q-U7V39XE-<+aA^VokIBi-8=LPIy--7f#9EZe!;f9|_E7;xVwc@|5`Y;+
zf(IXTbqK9mJQ)}?%D|2V&YEI1d?cHYZe!axT)mf;j-pCQi7FP^pb+`(>CwDZBHOV&
z!dqca|6(LPH(V^7Oo;#C{`$D~Be2~_-vG$q{@>dv+5uee7_j*dTh3Oj`UA8F3-K=3
z4>;}cyHV*a65p(`SSCZz)SO*CKuaPnx(Q9<4!gTE6BP|JLP16~60c9u2GN?F>mV8H
zq4P7xDHJ&}>4m=P4gZy?b8BoPD_a5rRib=UdTQw31lBPyx61zRT={6*s1ob1uxl=0
za~m*8v=3`0E-ys0$AA)>m~W)5fRMeU+ikIb90f?puZ~WqEMU{^M5Pho5XRtbVO;^z
zlXQ5S<)!(9@w0-AjLb$uV`D}W@U}R#D9d2MsiFcf1gFZ($XLt+NH+VO@!SDSh|K*H
zDZa(@%E2!QItHea>zhs*g*GY1Vsrgxx2tb^`?Dh%QMkHxV(F`Kwn%E`e@Q8CdMEl(
z(&OXtiWHHNP(FhYe={?H3Z#dvo0j~R7Jv%`X){`XTp%rHWsSQ1#iG;LLwuj)o*_)g
z>Bv+yK5?2BK*sJ4Ht5KcV}Z&V5T}FVGhk%7)5S_v6fNtTuzMTK_wNhM)-eD1e!{ps
zA8smuM{N$O!U`<Yg3z@Bt&zP8RLk|6&wzFr4jr$`lBQ%@rOgEA>}(K_N0TM&UT}TG
zwYYIfBuHqxDNH2du>xL>!_#^MN<?dKjLy7&JkZ5PKmB14qy^UXmzYq$Kb#FcefTl(
zNv(Ger9>W#!pN=n+6j?|ba#MYAeKGGwmceHd<~=|1jxpTiptMr=?ak3ib)J(W24$v
z12EZjl_QR+okLJjZHD@gF)U_YKe~ZvMo*t)ce>X75^OBsx#cGUxHJM9d*QTnbagWp
zTYoHnkdoTsfxPMMUezZh)p4}>HGIe8+d6P*ctc1W3|I{fw^GU6ltp!6dna1+`1n)>
zkHu0eeVM*~aTS?@X(|m6l3w3mTZJYIrR3-A@BFbk1u+OMjRPLV2f^kt9UPMvkh7}a
z_2~iR0u&}Ne}T=7M7seuBSWNo#(5#w^Bx~+pu8EUHlHy99_n8~K|xn<zYNNJk9~&)
zCpPH?u&9`|;)f4>j5IVoCP34t<RlL3Hs)Ae-}2X$kEdW~C=%OBEh)pmW@q0!<$Lu?
zvc;wIbiRMnwGX?*f2Kx@^@4~Wmmkb${BAldTBSqjmF!y)GtzsK=&tAZQp5(#<ed47
zA$sP51YBERn(ajU<uFCg&tXIQO0<-*EkTy+ygxAn4n7&u007QC;v*tPRLRLR+7QxG
zDUiGof!_eh+mwuq?ApWKJsgn5UtmRbB;kO*xZ<>hHu8vXJ|U||HZLVLxehQw;{HBW
ztb|5Mf3pb6+4*e)eij2zn+Y2lK6ec!O`^Lw#0~X7$jGz-asA>I`wP-Whjp`-z)_Xz
z<4NSj`h`b`7lv*F_@JSGNU;#IhovimQBhaHMm<X~I8KOmIUn;5jr3#wY2E4O6eCnT
z>eVV&Ya|2D)0vo@{Fv8lJm&%-C6NLt3j=xzB-0d<Iq8Mi*~bh)XPTj?SuQD1iVt)v
zvwC`dI<QN8di6NFee-ktm7su;QC)KK>(zbGzo2H%$->8{;ha%j!lXYVHd%H>cHK6y
zpX-<Kw8efa2%<O`$NLi?`5FYiO^^FKJiuHD9(qk~BTXN^&p%;*<LfHudZa@Lig-%w
zDE=_57;i9QU)Ub0OiJpn9BbHHe*2wBusMNw1`GvTT)+2)hDK3-3~V@6R_HMX&w1(F
zLY<AQr)P`yMheet-mjk~pZ=`<0As{WFo@H_FYm978vPNb{`qtpuK`N|+3mfA+Q($0
zUPl}+P7$DwAT>KcYd*q~qW%dtD*fgcA>C^YMo@(o<SfdrUPJ|&n0(U6JCgQbk7qK-
z=xKyVCJ2jn7_T(*ZOqSaZ|!v0c%+Aqmmv_45R!SUmW;rB{{VCjN^rk2A^~8h*i+Qi
z72*R=)^TU_SBBU4?;ToZCW9JFQqMTXp^xNeLatChD~U+l7Op!)G=lg}0t>yse=+FK
z^)VIC+n3o}gRAvt@4G?>BEK%D7ny620^1yj7zXvu>|lwXPoFUUthNBfA|iSR;D{^E
zJNyukg`plmGs|$JPqixT0VO2|<sgah$3Ovk{D0Tz#18;2GC^nSDKMQ_LR-5I39<y_
z2O|du!TP?8qKucoD(PstjUu}{^=o365Qt;?Thz{NMYmX*f#s|qVfPG!dUG_2RX=NF
z^cNQbLLaD8Kem#Q;p6}PvYZOrroY}}c;t_+Goq2f(F7DKcBe;IU`n3ZedM}5*+3rT
z;ym$QOpH;=e@npp@q&V%e_jL3dWt!Ii341&(0UoJT?-hLf`URqe(x@~{@{dcd@*UC
z>w>!in~fUZw}<>%?`c06B$9DD(B5}Y)6q13O)L${^Uq7oonBE?l)#0ee5`nXg-#^m
zDGJ)C!pjMu0^<@H_kRLoetJS&LO@Fxx+Xb494OuD(#!LdcHrylHC$aes}}|pQWt+C
z($-o@TWaD%fLC|eEP`Cb(caF^ZM+}^-0}k2|30D<6g@#}pJY&UqN1S0L)y+WDZXjE
z@7xc#6rmiq7^TqGsq<>jma=hg1|}wLi!YkTE`be&EMgCZ<*bmUm=PEXs+wvKsJkg{
zMh{?cHF;Fb=B9#m%@^Y0iDmhSASKW}J%Wx*4JWvLApc!in0Jg!#ci|i@9A2z4RUdv
z`s?0?f#>L8Z|@DJTiB|rs#e-iQF>D#2~)`KfTx)VW)6BxPfUcQ^E>Q~-`w1Ya7;`X
ze*YQ>wQ5=2U%6hs+j+wp@k2Sa4K#n*fZ1y95g`(eQV9Oa$-aC83E4ujqE<L1=HUi-
z1o*ExDIkXejwSC!Bm2ruChOgt_Q0kz_LHibcNd_eq3lq^_6^kbWX)X8K;8}rh8{c%
z3rS!97ZBy4m-`GLJ?K<ciaA@eUFv`q@Ar?7kF3D*LR${Sq;O-R|Aiu-z5j(h2cVl`
z7R*8V0zA7v4fOTh(a^i^9`Aqg+8Q_akQZcm1Jk7YN9Hk=j-#b_;LZYQJWc=Sb)ybM
zEiobB6Rq-ER06@&cM{0F(;gfb6%|NExq22RfHSVt26hCX9wD{ZBg4=tXBA`u){lZN
zaCIVo#v*(k6a*b678bZ$Tk*s66m4KX4JyC;&B*{l8Z=^JLk*FEQZ`_}6`P00V;~qy
zz$`B-yZi8#k7&zc+F&c1dUOe}t>~jvKfk&I-P#DRB>!OJoZUf27}2Xlzm<ZTF(g7c
zqhqEoXwL<7Rsh?yb~O^<l)MA$oYQ9X@=B7nK-EN|SC1pB-=b39XMc!NnkFzNp<20g
zZXFG97ckFj?of@Fe)@9^dgdE40k<?t5d*zE9MQlcE}6Xx`cm{HCA)0Ce?N2sd9v?w
zrS(83tN<q$_T{R?d)A1r6aX1PIS7O>vM}Hpbs(k!iYb8Yynmdm{8qAOA}MDbubA)&
ziO;BSAP@vME$XhB1QcO#`Dx6}+BZ7jFUZ-wS<lt4Koz@{oUDFA349n}v`S|fxGU*z
z+7W?@fIJ5S2$(Ta;PMBGwuMMRVd3u6(_^EAtq#f4)L6UsR57$qaO9CPaI2K**8Ll4
z^vFOgCO;%It(tS|`$AyU?=Pp5c+K44vs&M-w4;plUGKtvfBDkhDzk+H-0hXDT<X_)
zPfiU*z(pntCIgWHKA+h<QWn{pA{pzJSs6<*MnzL|I5;fK0gMsuiv_(I>>#FZ0nAV#
z9bsT#;wN%{VYWw&<Df1~Lf1diTihlJj6E~O^!gt#K=Vm2P(9gA7x@F_<)-a&pXphc
zx<Kl(eqMXWP%a5%*9onXHeAv)1k~V++uPNmW+9M<<+q_cASY*2C8$lV|H}oEZ=oJ<
zisab*{OxA&QT_ITzHV%4`X?kL&?_h&A0ISgm6ci6G!q8KuR5q;q09zN-g9xXx$LSb
zfSKXjHlVW3F*d2}nQu@Mz-GcPo==O;dT{40(G9UuRh_hJj*A243)5x>v#AX&ITS%A
zCM-OBDWMra>E8f`SRO0@dfi9{Csu8~!2?>h6fOH>=|uoHaM&C6iU0uub+1(X_5oYv
zWEADh_cpNw8GdAwcYt<i2p<s<Fb4bmNh2LGs@)%j0V&);7~yjE->Y`80Mz|3sZ|76
zp}@9MVEF1BovIP@27NGow8Fv_I!%cv!cfDzqJl!1zn@<k74%Gehk>HzuiOuhk5<qL
zlhuid+QJaYCKn&DNp!6&LF+wh*oxY%FhvkHHs}l~upKh8vJz}@jmx*8HZeZA@5RI=
zIQ9IIo)YyFj9gXetz#It0RziVW^PW|z(U$(RQwaJ@*IWvKUUV-tz>$&wRH3>2#^cl
zqyh^C=N)^)Ni%MQL3WmW3vI`tNX7#r1g!wntOcTH1|$=-5z-D0*%&;!0*~SE!UXA)
z%x~95z>DI_$f)Jad~#t1aG;$Kln?{LlT2}Ec;a)V5tOU{<N3(jQpWL}cpBK{rVuf+
zJbJ?gBlKT^5-dQgtPME3Y*tqxa!x{ngM(#FpzR;psgAr%OAVez&wqjMHx(V&!nd+g
zJUu;~{vQi+!u<yB6JS9$rc3km$W&huqk|mfOo|J)JDdhJGyvq}txLcvo@b#2$<=Ks
z7QpEa0-p@xMUIRt$V^Sofiq&Y;H8kjqLR$^bDitQ#eRU8QO^k{%OB4-Z`v$}h;Mj#
zy;RkRP0>hr*%$yX<2sS27=_M34}CsR5r`t08AP}pDAfUanR+3jAR(qY9r=Py+fb?l
zoRrjx2!m!6G)YxYVX2WMSpLRHuT<|Bnjb!h0e1uBWMQPdBdRo6rvEPl;z>huR!suB
zmn#w#2K5^8p=hxAk1#me|JP&xK=hx--X1jZjDSs6y10Oy<DUPF1U?86H06$!07URs
zzsY&k@bhO|jsFOXbVT@eZCz4BOmgnavq1A$2Vrs{CriKW=bdHp<bSm=bfs{3_vwx1
zzfE9dm@v^9_2Cg-Up>0n@BbrUn8>qvY`K$z8sLNRpa%G4VlYwc9nG6Jvmj0jH;mzf
z3TaFM$_fVJ8$u5cP|DnaAa*1RiHwT(m+<%Jt#x8On={c1%Ip1H8F_xs)AH_};Yxuj
zi9kj~vd}Bg;Qk+vZOvsl$4f3D9(i^6sdOeE_~w$csUQYRJz?n4>Uu;m?V^#50vKTa
zy_J6J3kZ<jP!A3dM?_pNc7p%MnvUcR`S0e4fi$j;OGf7T<#4`+2ObD`kdu{pE?}R>
z%IJ59qDj`At1L?9&%jI*B!WO|_G0$U`-@*VV-^FXw`4D2x5HjV#YFvlqLMOb`x~{u
z+(Z`r{~5$TfV1$5`@l#|EqW*zk8zFI9R`4IW~BdqwG9R-KQ5U2ERV>?S5FQ(0r~D8
zh+B;{T*0%Xxj}hTEk@FG|EIm{{-?Ts|8I2DkWo>YcZf>am316KIwT`|97<%5aExqe
z=j13#=uX)y_X*ker{c(r93w;-hhy(?jL-G<d3?u@-#_5%;lU4hd%woDp4W9fuUJ9r
zsfmV3M2yiTU2w{}%~^pRdWMi$Kp%!39epaLluqq!VP&n~+T=%l94~vrdsJWI|ElKh
zwm>34DQv}w>h#S3C@9*kF4zJ3+)8fe28clKjHI-j-26u<R|o~K8%?D6|6(RcS>16K
zn%{N*u556Nz_&kk<%DjwGO=ViSoDoXKATE9G(tnOi&VY0mp3vEyk!-%q$<?^CF0-!
z7ok+Dk){jSHwS%ea5?*`eNh1BVywX077EJfC7k}1Z*v$Vf`12Ivibn9Q%qmg?XGmF
z6oM^2bB=dg%KENkL4irn)ifU;T{W5(K%_{YL;@$DO2Xa~YIpDabJ2h^K-vbac143U
zpcvHfbP`AGD>KB+-Lf75K;EZFV83UcpVq*v2cSucTIhNQObQ6u>9Ey$wIhpGsysZ;
zn}9H!c2wR;HNDOGG;4HZE`|8nZ`@c+J3dYGiT>Z3Y&iou`VFzyd@5L=MoGr4nUC%R
zj`0RjAQDpI@G6F75^(J`n(MPTBnxdfD8%>eofp5A`Jz4%JQ7B5pNHU9C9j|$wQt9z
z_#lTywrSLle&g*JFRvM304Q!`iU3Te$an7gD$uJ4#vSA1Ee*vWgRNVe$4(uK1efqc
zQ{xaF6K!fbhqbkh1%?5ICd&%mawn&=Lfbiy09vyN@QJLdR%?&f8+uHb`Y{q17?=#x
zCF=I0Dd=5o4LdSt=7<_9sD__JCorE!3~fyA>?06ltji8$+lZ+gd~)w%=37Pt6X@dm
zjMcb_m1fIQ4)W3xyo3g(%i8iNzkuLe%}C=~b<2x@8GAt5A%Orzl*3=+?Zg2PZB05W
z`Ftnp_;Bl;D(bR8pY3@sbaF^O^mr3AG$Ng~ERK}8IorQ1lFe{+R#=+feeMr!?U0~N
zzM`3dw@~zMQ{$DCDpcp<JQ(153L0<Al;>-6!8oHQ3MBd2DT2^Mk|%$&CGg5ixe<vS
z?8sRZEh*#5?@ZHv1VyeS_h-+aV_DQ8=XzywfXFh@HMC-IYrC7PTV<DxT_FsdN2V9l
z8xBJ14AR8sFU`(D(K(<cC>>t$gsjJp541gd_QZ;<0uGTSydx$#d-m=XQB>^ih0^k?
z|B3MK-a+|GE-*7E1qXSgMx}{Fv=4jY=XLmWAyHV+-Te>sf2t_i!^5{l%?oVyxB}w{
z_zin^?tnhfN)Thwn5?VNj(sO4bD?l_^Ye?o>OUVf$ilmC@EV(zt{HFpty`!~bhQzH
zCQ$F@Htx7LZ}xw@)FN_0^IAdngQsp?S++#z7FPpx?rUahx=9_|Cjy2r{Svw@9(Tdu
z$SWvx4E+<y@(^Y~q?#KWi>z+62x{Glxi<B)>d3ik7p_Vd=^GzW<T{$2{V{Z1p}I2c
z3E=#@ckfNxu8(^n7Y^}2h@jxy#;86We3+MZcs%|v;NWunj<6mskKH@2X|t@X?Aj_6
zwteoe2-s#tcJjo|_lKOE>RY+3>~13nCnruz!=%}RK2jW5IUIp(3w{pvoe`qeR+6Kb
z2fAv%QZfx-NznZWUUr%HuTO(8cgP%yw!s%?-#H0!e+Xz!sH$#!sIJ~R1DW4l5ezl8
z?h@}~YE{A1jz+g4I*HO2Eg134=!nAZ&zT0aE|OwHV@sWqy!^+b{8#(GtN7EOEzkba
z%tYs4d4Br}%J7Hc&a*Qtt*vW-1-UpeKAy1$!N$iIg;P%@lZ!Nbu3ft-UFi7Rhiw>y
zQX}&_e99W>?PG0e;W~7{^{-kcs1k`PyUU6nC}Tk&8UoIa#Gg=SJz)gHUnW^!t!_{C
zhZ<7-(<pPTN^FOk1#Sh4EN0Xl3ZTf|OcI!Av0C}bT}4PqVbU=9+uzx*>t5w|=7ge>
z`iB`7F0A)CUp{@9WiH8msO_8K;gDV2Mo$<2VokbtXm~u?cl%p+dBv1ja2QtTXCby#
zhPHBa>-OuJwM`C0{lH2D5&`83d@adJ@p7<p;k`iqTvO5S*%<plL2!FsulWVmj%9m5
zV)0{X`O?^%n-^m{X1^J3>e>HADY!c0?R@omS}bj(xN3RqEwR(Rw`3|F9N<?%6+i^U
zrpUw;p<<S2G3V&%InBnYIvb%$%8``h;pcwS^iE7E<qDbRe*`<TF;sFNyVdq~&PP?+
zVBvyh@9)n}WF?>+O|~^ND~W<|$btJ$WERt^x^TH4E)Vty@G@%vbVN{2`H@UYD;2-|
zv?}e>WYFqM&ya;DX3eSj#On^!KpGPZP<@;4-M4Qbe5Pt;uYM{UVtasz840J<J>mD2
zmy<JFq*Es{#8R-KR$h<!Gh4A+7M_WXlR;BIR$fP$zDUXEyxF2K5|)&fEYQ4fzv<jo
z@5-}Y_j5Fem;;iP{ar^uVEEaEcOg%|VBihkMny%rP7xTl-vXn_RYOCWcj;x8E_w-B
z-ZOap*H}AF2ICc`sDEwxq=oqu!SS@!yLlCZLyXaRM@)N7%`tv@0iIfSXV-Hf<&I@5
z$g1a%$>c5ugK?fujv1bgZfCfNq~rv-qoacu5)#69JbQA?Nc-NM69EfO<ji8d0enS9
z3^%vO+^_zs3Zco~uBUFoKZ`Wy-n{XcyGHJ@y4jqx<N}RBe7{+cA8gFKkg%xt?`7b$
z?KT#_8zkb49W<lOT3%)T@jYWa*dxDZ;YSQ~_L<t5XLcs=7Au_BBb_$Ot*cqfaL1=&
zyaPfui`9~qu1?Tey%^<P5lk#npjXd;j#2s5_J{=u<3<02h_tkH=v?jLm-~26TMR%5
z?SxYf8;nSciZ*?k;<2pyU7^1`z3GeA8OG)e_}*RCl0t$q>f7<8w3|^;ssxYH-u$Sk
zULLGxasyEyPAn)WsQAm5FYXw^WH*HqvuH@BNO2&m+NU}0Ii&W8B7ePgadv)RJ^N|j
zL8!b`8La3^<ySI}^QuZ`goZXJFUOmr0C@NUKhAhI&ocO0-^bURLQ;u(lK602$M7}1
zUbk~zUQb>q;56dJzmEP(_)sNboYX!vWE%9lkWGMziHQ~f2Du0tYx8$5d4V@GGg6}t
z{W7*OF)`zy;H;}EE3J-?+h2)=HTo-H2PT8=mRXoBN3V`you6LsETD#KUkpC2*5_He
z?DaEmZHQ7@d#|)Kpb_8~`9}{Qwm;xRoCgB;@*;gPK)RKj1YuhbKn{u0_{!B6Lv+(B
zd561OqKX#rX>X}R)r_XpF{9WdKAiE25N2_phLI8`ctGS4)%UfBZE<h0l++cw6lLnN
zmA$>aHXi@8E){coKI8^6hM?D}VwgtjvazwL3<kq*X_iYpjtheHh_aYgdO+$fswHMC
z*KQmuDzZ4bzQiZQM=x6SuCV!0aV`3Q_+{ruM8HDMN{ETMEBcLn3x+$T%rOlQy*&mi
z!GH*0vNJM9kBu)A=byyh|F+tNj}KUxc4}or-uB_V&t1Jmm(0J-@aSo5?8WmdI2#6e
zdU|FMiJZTf5J7f{KM`+EaJLnnB_?LxiHVsiwm9txcR|p_B?;r1e5z)p_}GRo99-G>
zxYZHvHeO*cDPC58-@vU$vareB=S0R{?B+sdBS2PIl$4YjLqkIaNhY?I+1>YdJBmv*
zj{7BH3i~T;EVFCl#mC9-#LA{OYVNWhHMX*~tvUe?Z{^no1PO>lm=MmR%6?gIb8_g>
za15Hfk7}p<l#7*=EQ=0GG~kV{Emso0_Wa06CaSfoz@v;E)5X40D49M`<|#Y_y`PT~
z?}dNkLI#6&?M4E-VG14L=8YS9D3wW-m}x=+{mHC%XtifbpH#K>VhWvnbE&0KTGDN#
zp=7&}+^S~nUfO$DM@!2_CP)Yw6gsAk{DVN9N-?2gv!9lFd-{%8vBKGtXJn0h;^K0$
z3(nn6%}$2F=DPaS-ve7_cHv9U#j+u`+n)<m=VXYaJd%SEb=n2c`;mm{zBLzJ-3A>s
zHMJ)szx8@<&?U~T31^%P<ZENTXBON4)*8vPl`QQ&gPW$k4&Pb@qm}SjP^H8z@hIYF
z4C^^^T2&P;a_?bIA=QtUNqqc#&-e~!!rxBp=nwX`_P)GU5@~Tdw=k#EGf@of#D}@W
z9;Rkyoj1i>S&%?3P{`u5^Yg}#VsN@};S($Pyu3K&lJJ`URuROUQzzS^=7yfXN|l0l
z0nHx<3WeA`wH!cseAKsgG892tMPOsJAf8q+H!_Ml!o}r{CwX>KU0g0dPN@4b=46}F
zvoM`KT6b|1s;Pp*=_a-nA(kY+?ah^e`uci{B7kjA$3rt2JGwJpgP|zP3P#uo9Xv>;
zI+2TYjWq}*s5rZChmmRh2YDz&x3IvE!2HxrpvzwWa{n{n(jnLrC$ii^X4sKGA0SK-
z1P3sxnUI)D061iYBxYNfPyICh{W<JU-Cb5PZBs<Q)YAp#rmfqr`zg7)is7oOtNr1=
z7_>As^*PR~A`yGw20QC)Y-}Xy>FS!*tkZK<^38JfNXza$X=6{hQq*pJnGC|}1sTO{
z3GilYT9<rC39ejh*Rum3?+m|M$m&`03KP<#5rL?yJcA(51S0swU-yKoPvOo|sSh7L
zHnF;%W|frGl)A!swzEsp;a|+5t3TY<mw!yPjD62+U4jY0Bd<f|ajB>*h>NNNQn;6$
zz0wkoPgMm4T!qR4p=@!j+&@@U)#iD6I!JfL6=CIftM6raLI@08Is67t7j0+*Z#*zk
z+*7^`M%bART^9{5r2n515;w~V3%ydrdL&OBQt?SUC-EQAG$8p+jOwRTD3T*fUH%K}
z{<!vNPPIUfnV(gSoq3k=Ua&vvDsWipY%+dhhB^>P{mm_UQJ@6WMCSMGrr{g47qzm=
z|8DQ_IL=sc!(Y0;H(>gim}S11IfOnx!5Joju+Qgb4<X1D2i!ryOHNLs1^fBW<yFp9
zGw8>&=Q~a|3!T5B(%wEysMz0c3|6q%m*zS$+2i`rN0YQzFG}p-1?W*9hg)m^CJPzD
zXgGBar;aQmJ9BgM8Ws2M_wl5T_KtV{j}E)xZ@hDrww1f_`9Ub-5SEY^J2I+U9!j5U
zkSv^3_JzT3_V$DNnimm7Sq!YEa@OSJ<P;8v6K1TgD(D)!7{#S&UU*jOpGzqS8d~?y
zPnFkk8*OUKUk}E$I}kC1^sKD0Dv(a0<?a|JB!v}SQ1_iZ2c<wrYNOdW)kJZn^oio%
z2I1{0@=o<WOLR<CXIy^;k1$_OJYyM0azFRV7qtQD>FJU{pV=)Nev%upS47`M5iIx!
zjpn6$=~DOL)KtF+PG@0(heseUT1hEja|?AkI<OlW6F<YO^#j7<s_bgQU~Gx%+B8I4
z%AJLx%*bUOI421-aPkEno(Et>O-X*Ae|=-LwOR2UeEZ7Zzh(@xFJRgv#5wDVpz4Y7
z<!lNxg<#J}N#UnvW(ERV>sXL-cJyW9pl-4hnitZwwY5FSJ?>X<r|MhGOuXO63M<aW
z4^V(Bbl8&oOh~wJw5~U0Zgq%gclzW>++!jU`|ITr5>XHVhjit{xpO5S-@Ownf*OOw
z<EXF0d-+wy^M%puqF=%T1wOOi4VGx{WuEi!>XItKoWt1pk`zUs>-n!=+mUHqVCm%1
zmpO^W){H_tX$rw>&yMvhdv#tCtf!+6ajSVC+;`-m+6!4t{=-rxdJ9u6fxjO}<TNxk
z9;VdQ@$y$dg45DcfP<n+)<F=}+`PQJt{1Wn_=5cWP(#$wy8Glv8zFwZhJ!zYtP`76
zoUTn8hV4H9Itin!y#6657fzZRPTKa;jT^&-keOJI>YXat=pImA>bS}SNywia@Wo8D
zlnE(kt&aKwv8@O7yK>XfF?4KVf^nW$OYh9L_6-TysDtv~LJ2hlN&U2EH{xe>?AS3;
zAbFNIA*F`Qe{BE_v>$AQ6ghwiQ9chVFPBMdOb3R{#j$~!?K9+3<iGyG3#u#691|jg
zy4eWwj|`Xy`1s8AC;E+DGXni4!~Xw2{6B8OHe0xPW@@E$rxUtyIPEK11sCk2{tXQy
Bl~4cx

diff --git a/docs/sources/terms/images/docker-filesystems-debianrw.png b/docs/sources/terms/images/docker-filesystems-debianrw.png
index 97c69a9944ea01844f7c2639c7483c0bff52d09e..cacba4947b07599d4ebb2d66d675493f67e31ddf 100644
GIT binary patch
delta 64238
zcmYhibyOAo7cUIb-JR0XDBayD(w)+cG=p>_B3%MXhjfE<cXx+$H=H{>zxTcCu65ua
z&RWdO{_ed$HIeIZ>vyn!oFxDcPraQ5h{&FmkL>E`s?RC3N$|ICnA|@!ZWvhdf;AX$
zoBUbq*KR`Uf3u7yy|Ew|WPNKchW-A?uIkol(_XHw&TaHGPNu7hc1i9C^}@GYLCgGK
zM&4e3tY2Hx>FF~WAt%FrXf!j+W|>yYV_hoLbh%$ld76zYFD|D|{2y$f*yCMji!yA>
zs-@O6$J+@{Tm~B0@HA@`?l6)O<M%ls5-HxO-TV)voE~UxlOa~u?!iM}w)`Ppq;tb^
z!dWG{q-+K2;bVFw0$-rNyR|%xT77T`CF04`B$H%$CUw6=F60aT=!)1y0O@3ha9ssD
zSZ(Fwr1}=IZ)F)z2Q8@rv#gO1Jm~a(xu`TxBrEVguZbgtjY)M^<27Oy$rRvmwR2XH
z+8&Y+bh#QNHFDyewJ{!$>~xVtd*WE%Hn_rgC(N?`E`k=Ct+S{z6*~OLk0yfS+P)Ei
zEcYoRrRhp+#09g65yxJgTyiOiR-$HytE{^QZ-#R5C$k!bl*ybVAS}c1&1zvXA{3!%
ztC^UYyAux~w#<*^T)L)<L)R-rvzXMd9z{j3nDjmqM<ce4+5+>ZBvpJ34E@WXl#6^`
zfP-py%7<g*fX|1-L5+p!`KcdJ{VV2vrItzq1~J%+Rhq%Li&3TV(%I}bZSabjJ_Ukb
z?5bkZ;#U}?mILuIfmCRlinkG27t*|KkL>x<&--c3NrTyIvc^;LEknZgbfQ$sZ$)Ek
zo{=e+(eb{yS%s{OTdts2JIJuCMd|WmxDO#0mWUSd2W(U)vkyPhd#kBX;aKJ>W%&7a
z&T*o-AIfj6&9`%v0TOHn=qtJRBrv@{mp(r7)I8|AWg`R$0TeatR>T{TFp|r)+VIgf
zHNUa1jR?C(jKi}|IrN7a8Rsu04;B3k9#pQWO$zyFqI*)&^(!D4<@H%oafZ|Ib>+(Z
z`HiRSrPKxA{Qliew$)S?lHj`I7;%<=go1t6hL4Gf3xf|%rqO*Xrh$_cX=XiQ``w&1
z5C&$mH3o^51wd_LPYo-<AbYmu@>fzvsF@83ENq_3vom5*+^!8v$Z~K^>@xq_Mjaey
zw$972zxZOCC`<Ewiu9c*jlFa@8f`8VKYv<m@mJzm_RtaT529VWGnNv2hSNWe36veG
zl~S}?(FiXi)zT5+NA|2WH^L*(SiGGJ@IAtE$&ti1YynY@G_{Z67*OhQU*(KSZUm7j
zAOaRVakLF)WbsY%s4=@IGWs0QRE(4-03_l8(iT{xCvveTxRl#2Q4-@V$}bu~)2dux
zXhq<M!TLaMv!FbYUu!|zP^`vyWBPRGb+;{bHQE}km=?orDg79M)vk5NQ&%p@S5t!a
z5~F722T0c(ts%l8+8ae(#)zyNv?4;O*ZboxUn>l+Agt>=QBc+5X)jK0V&l-ln^Bo{
zSz!m(mYsebK=tYgzHxwy!%-JY-rXzwmy5k=`_trQ$@v`G_<#%cu(0}1Y(}8_o%u91
zq4_uLYCH*tcuf1oo^?k|d%H?5>omf*N4BzrEx@%IAw8)?gtzP`jp$I;BSymy*uBO>
zqPIQ~urP#Gq@6=K*6)NUy=kIN*`*<DBt5sCR@mZWl>V%oMlfH|jJEWuQ=IM%BmG}`
z<JszWzY)eYv-ETqQy015-YO!-u6FT{`q0G7(qM}sW6G(!k%@~*air$G+l+*7!X_YT
zasW`_-t_()vqeUL>6PUzJxI$B?liqnIXfdiqAuvhD42gg!H9ubRMI(J>v&;nP3--b
zUbm<;b>R3@WFUU)A2l*Kxz^M82ma|JY7!0G{?lmiEWTNq#awQLUb?%)8FHf2{nMf#
z{Og251cB1mlP&C&FIgG5W9u#VOKaEgX9LnyY9icgpsb^3YqQT3^j&xkUdjkH$0QbX
z-(1%+gnco48p~b}YX9l+Pr>}6$0~13po*Zd<nJF#=!4i9hQ!CIJ06!1Aa4${#@}qb
z=~^UkOAC9sDea=*RMPR2Ga}it+|CEr{ikUrs}tRtP+T4CqH#`Vl(25?xn4q4Bn|-E
zamLo)xhPD6*XW+>#3LKVppW~-H<J9mn%7W0PL@V|c3a1)&0DcGRQ2)+$L(c{;9tUc
z9G(K_7&Q|rnsR*D<XxJG<rzAh6l+AY<|j_Y<C?5}T*e-?aIg_yj%^17A!*Vi`{Eh@
z#G^g&+aww`DPs>QY?9ouhDM6+*8mD^;TrmhDogfAMs?c-!efn{KbG9cZ%9#O)SiEU
zbsLzVh6{%cC>@UeGhmJ!`bOBbtHPl!y;m6}Z8U{!yy|l1wR&(c@GQ9R_q{K1ouRn6
zpQYv!f<tXaL~Wh0%je_lw^Ju>P~LLZ6#ml~Ii*4EPzpB)DApM;l_>E5Oq@u)oU*;f
zdBLi6>y?{!Gg3y{{Ja^9qZ8RH?Y%#k!hO1P9El}J5BQzJ()SW^tCo9B7(8o+33YH1
zLpVDuvtWpfru-vliR0xF<7~Bhe+3>h)rDyB&%2S>9P;_lsxNO3vQmINxw!URQA7Hx
z^5+R}42eS#^k*x$<S_~0?#z%8ateL*lOjk6<M59hSf;?oI;^6ypBJfoDL!bMg&%v<
zv6axmq{}oWZm3vD#cTJzPAKkdX>F|iVXhqhe(x!d|BdfhptI)qR`f5)Sh177cLA?2
zGe%y%;wRM7RI=NDjU5d69u|us{j!O4<<=3_>U7nF?^a^7;Fh)l9Z&q$ImrNq&g?+>
zUk{kIY{DU1P3GqtM)kpI5TAgvjn)B#PiWw1rn8+zv+fBibdhxB`{F2Tu;V0f-lSLP
z!hq~{oXj3~OFF$<;~DX~n?yba$U^lG4x_I5^x2=bUM-S*(7(RE@1Uj74pb1Xu@XYa
zi{V8moBM-Le+CrB^s1yaOAC>~!xRf8t1dWP$r4WeJkR}29l6Vg81UU%#cQ}>p=F?_
zb=TQMUM=1VZRp$iG;n9?yX_F2LTP=s$#NBdad`HD{hCO=Yk6)QMp)3uFMO*Bf#aGu
zqs7SWd+giWI}H(C@xu?KWn)fI(`2?Br3RGU;q~Me5PTro(GF`h+TnTP!x6)dPwq<$
zT_Ya6dT0BDM??RbRmFKO@^sq+C)Q^!9d%Z!)BL`z#2{IFIK1}uu=TbwSPVP*YPCeh
z4LSAzQ>$&bh&pX4stMFsr%nH-%I(X`GQGgd)^^P0_L!3~mhN_Yv=_7?Rc3Bdt<|92
z+s&6VsSE(zWvS{FirX6dP5pCcUfu06L6@Ca6InCs*b>l+mE$4`={Oa&@bq6<e&<S!
zXUTNy#BgX>3@|MAIB7~%b5CL-iyQpbme5pgj&>eR5sZrLYnS*{M`bZnv77oRrZ$k~
zuQa)ZcDWiJg<)2ZrQMeiWIz0=G;h@51{x;kCnnIfB(GQQ(qM2WG(x}HGvG!uyam&j
zRR^7o9U<xRo(e9UMtOb?lkwTbzm4ldR7R(1mCL2tt-bV0J&}+AhW(w6mBg5=HJzp%
z5d%DR6MhG$dCMKAHrLN>_sDvk6dw$^MVVV^IB9hZ*&m<qFh}$-;+-y|lIZsR*%*-J
z^Hc!9jLx;JBlU@2O)M9|H{~(r=bZ;dcvK<L+Hc=c)GJlYv0RUV#_NG!&s4QC$<Qu>
z;}3Dtha$voWbQuiLb*^>zm(%ayFJ#?EY-0P?PvPrc~H>Y9L_ikopn45oR#T`_s$n>
zuf0tDx^j>(<jC}Y@<4|i!FO`Su<{>!ecJ^-(<mzp%}{mflV{#+Kb$$j-a257{o^l(
z2*y=52uR&NlY{%vnB91oE&s+*q^JFcsno0>(jJf21V1h!UK>Sci-(gm)M+{!8tEL@
z7V<vryRhHfv*9vDOTgpGURrIYPN<Ty>&J=O8X8ekSQx6)E*lt`4UQQ8I&={jE@~jX
z*l0!heCo8PCvVsG=gEEcx?XGe6GE0$?H>JcGT*TcvqY~M$p<{M<Xs7R-Ex=U^Cqc_
zhPh)!qa9VW+$yXR7t*oHQLtE4d{n=n;=8>zLI~)B?t&|qrvf(Cg^%t-c#$JH)S@;H
zF*r(}V9VABsmw-YPKB6>4?aT&eFdJvvbvg|+8JUcMcnoE8Ibd{26mlTh{X%@%K{|f
zWWVIT!N$R``Qos6dFKCYWCOXQ1be|I31;Xohj|uYZ~9R^VWJT0vxaYsmj{IIr3Ku7
zRjhZc*V#`vfZMXoq`!M#Ux2?N1M=eEb1RrW6pktjxZXJcttpiI*t@0!z?o>evTe&Q
zk3bGAk5De`{kPWVq_*dKT+d*M;>Gjauy70AeY@yC!7|-;;pY2X77-U-oz_GEh&wIm
zMz1_3_zZ2OcynPl7mL+MOR4WDwTAw@Cq_&>?rk=C*8#Ki@2Xot+!soc%3P%lb8ZPD
zV|8d#D)fK?ZBiK#^`gxW)YD1?<GjI@F3{--R_0A%|13il@lWHN>s{{TufrdZ?X+M@
zn~3>a$tXm}$cnaWKjN+1ubR*?@a&`<@YD;*%U=&;*3|E-Prvi+V6&$>wLXw^YFKE8
zD%05ZdZZs)k_h0Xq<Q{C(}>l!)riuF&FGX&%!BOT-D*>TsDz#e0B7YUA!;a1y*&+S
ze)%T5J6_m8&E7f#Gu>2tP*WMKyB?BvfuSVbs5FTX9xC_yvF6C(%W`@Cd~Ev_jxPuC
zpJD=}&Av<_eS@bj4E=S(TGrOcU>yytU>Ey4tLK?DoRt{{J6`ABg;bl$IY>olh?Y{1
zVaxrC=@*3P9*Eon^c}~x6J26Iq@e@s(cezHJ5S8_YG$BIsEvmz;-3bgZ+u`=XfwX_
z>aO{1%=B+o-i@?eEm|rzy;<*H5r!6dcl`m%k=9C34uru;0|}7AsTys9-4g(?jrRFH
z^{tma3mUbl9A{HVxz4@8WL%PR+Jom8sb?3SDSda3AtLh&DE}Tbht_euvBq&r7HV-Z
zEJ-e1QykB6BPfpd_#G~|I9yazFaM6`C95!Z=H1N)a+1#^S27U$i!2*{E3pj67q*U8
zJ=I~&BLd&#Xrw6)yf3szrMWjV1wD;g$x?a)iyb&PC84A+d_02U#+UL>w)k5{)x0ka
zMSY^k<USl_fT)HIdX9rpOjQ|;QX=*4j#bW}38z^0MnqllW>%jY>wlfaAq!0vVaA<4
zHClAlkm<Rs9Bqjb8%RY8Cq+1TYx;CH#(qm%GqH!2%1hEZ0Qa>>fkIIT!9<ZmnTu6)
zvPRt+t$Y{$N*j(Q=3n#67Vt}?WByYaT_F7~bR~eAId4axPEhF}L`Yfl8D;l{8t1V#
z=gp?~qt5c_3(?A4fY-V<2>64F9<dao`3<M%XhTM8!^`Q1SH9Bio@h%Ar%jZ`3~9Zm
zK$RxdT4RG%bf`=@*mkBj$Y7Fot?DaSeYco)<RwQ?-*J3c_%d=UX+cj-B19^V@euKe
zA{Thjs{i<ueyfM)w{hXOEpk?Rra?H;jWYz}A8p{XwRYxyfu6>iA9&xoN$P7&$I{cg
z(CbIgbY|YI*YN~fSKcFZiZ<K|ug<x*K+|D<FpXnoSm|k`OHARz863!hqG%uyCs_#D
zrZ88`h_Ii88yG8rM<#zH!4qlvG5%uDAPwN8PF2v}-el83+U?2)H?G&+`SdDWaNY0%
z&Bl4-$0iJ?T4`QaQRlZelHapVV0z%xd)n?KHjD$(BoGRPe7}`03zEY1%tN{N6cjQE
zOPvZSev%5!f`+H=9Toa_(K+c^`;)`F6po470IqvQKcGA2--wg~xJ5mB^r7C50gvbl
z1Z$zY#U1Tlc&lt8l=_t-O^#Kb5lS6ZsN{1;DaAq*JxLKKmo&PyrjNBBp^F|LRh-)&
z_wMGtDlzf;j(tKV_m7RPW>aV!L)wyE^7@DsA=-^__je0-Cb2Z50r9LXEzDw_ki&~n
zS~J$FGIH0pn>AV~(<g_AJMNLV8yL&Y6a7RSut<;vWk7$q%+%lf$Wyq$7d-ey{eGM4
zj)%4Hc_V7RqM^BmwnT@|T)DOQ9tWQ(bhH%-xQ@4~zTo1_M$fm7!0O=&3vTaBO3i=s
zQ?f(~KO8@k*zg`LvPXJD0_aqo*B}+acF-XuWh$mBma{I#-6(!Pc$zKt3#bbmZ!6n}
z23(;7`-j2j^-&z;98S315D~g!QVuqmt*djVga{35>=_pBcwX`nmu(N>o6DqEWG)wi
zOZoi@l^kQuhj^AXbj;}M42l#5|Ib7I>sqeqxmn{%i`O|OPyyvW#zT1P8<dq8#QpN7
z2B~_SEaV;Aq@HcZBp}2(y}W(@<jug}#1q0ssb7aeWuhnquX=XodY(kN^ec6H^?^pC
zy#?-cE}PB(>QGFiX$&SZ&|-Z4$00lZEoF^|!iOLyg*U%m5|Y1n%WTb++)q)1FlXsJ
z&xd+LQcsP6lGRCFNqn;Q#`;u_pKc<Fm2De8CvV-T9`-Tu7T{dd<O)BK&KJsZH91&D
zY5kY7AWL{K*pU`d;D!a3c%X3yiF8gFbFF*2j3Pv(RsKFB^%XJ~Lk%>od;j2^%E8r3
zvho|OiAtyE-(gG?MGTXImyyWC{6w_CQupiM2IVTA>p<)AyXa>bS`i|os8fy7){(UM
zl-=JUaZf$~-jFy)T923H9NuDWd{a9F7rZFb@D~x3<JBK`jiaYD`2oKr)Y$PnWL8?$
zQu^wXNc|G?Tu+17_l1tS>zU-i=J+KM-@Zf3l2^#SE9hJz2z6-~1m_qTRmK3FojmyL
zQ^>j$CsY9?W5Qwi_s_mPs?iIH{Wxq*MD@f&j56@BJ;T4LXty;cW1RyxH2=%s9joR?
z{pB9r-1nm`4fmIk*gUm74(<`PMnq9f1$eN%%4*P?a`d8UDjha=M@DkCnjgp{ZH6Yg
z-qt+uXH-06c&$M+2ImAAudJd}3gg$Uh<_psi1}TQS{<r!a<u&8T}@&qltfAFU@+91
z+Y|%bA}ZY9N-E-u3(Q7f_2rFOZ=_UapdjdcaKu&5Ps^kqU+=x2WCJVx*MDPV)1CNP
zKh+0=c5k<@$md+HGwkM9MiVZz?W~e@wyku&1mTzg*XFZQNIp{hrgPNv=~2cHOCQKV
z&wdUiIA`qrQG+<*4;%)p$iEZ#0A><zOo5c)Z#$UO-eSHgX!*ZxrCsM#uMY*z9Q9d)
z(Tz!b$V2td{VGw3R91!Bd-#1_s^Z(R1`K0kMoLJpC$7$uib?C33EAo1@~0_|e1GkU
zdXiURsGv|_`OK{0#^mn7?CwcpUKbnCjgoZI)L1Vq{+pB-llLd3G(&KDgh>_PsSq7I
z4diylkFT8SNQ&|L%Mj^*uX!*xNoCa*YMD#PJ;+l7=v5nRW<__hzQZ75Tw=-cpke*8
z`EH*DmV`LUC)}PyOVo{pTzszP4fb+%#CmxQ6exS;oqet_>3>Jra7a?@??<vxwZiFp
zfz8Jwl=KDGIXxmc<Qt-Q+*1PJoUM1{SVwwq&Q#5{ajq(fXrK_xg#J_e!yi;-0}J_1
zEAit=J$<W3p@<)+3@@37NOPq5`!5iw^I4Rw7A}QP$cmf#@5dg|-2n(u7Ta2%^GcAl
z(V){Wq<LwaZ4c~wVkPxClDtFH73d194V(9w?;1Ql)FDkJz%z3SNb-vTg$xtSKk})T
zC}AyXa&h?o1UW67{K991gjSqa=wU+^-+TIguaFxVrG4C7N{AytC-+H|Q2V(AwXsFW
zt6bwz%mNt(pL@jiQWQ9hsQat}t1B?;{q&4ahR$XlH%&PrD{{z<B!u7-kYw7}%Sdd|
zP3}%b*oPkp7Q?F}6w`p1ReRCFWLZz4?@QIF_nB(PUa;I1Ha7$H<gJv7?rH@H&yu+d
z*u{Bja5M)H_8RtC9!)t_`-rIi@M?bHg<@;Q=DnzTXjQvZ+~>_}Pr5)5|04Te3GTSE
zieiKz+G&T{PYz#IEa6kd@8)>Q$QMf<&+>|!xiuV6&YC17<OAWgk-6b2gZ4U`>R%jT
z?nut;wL=^CDD5h3BJ=4d+wtIr@lh>FW;YVf{hzI)-fR~RjN0o2bcaj+)j`9Lv-%KK
zhc9Kr#C}cs;|tHoTtJ1na6UQAltThC<bn21)9))VLe-f_wO`$b@TgWw1eNlLN`3ic
zD|zjF<YoQA?gy~g)ycamo+uF>i(gE-(8x}S56cTb>G{8<`|uVne0zSMkMQJyW%&w6
z`-yef4-efTPJ|38q>zOzuWl1F^@h|1IcngKfa=_^jKK$rR$CFO1WS<MYt?*{R2$Z;
zVr$V!aZNWq5rTz0{Qd;lFf<X4)x=U<2}waBTV4R{vd7!(e;zW_DgKbIz_IPH8Hmf7
znS(aA`jL%^@pkwf2xlUK&zT>1puj!7%KUBQy%Q=?g5{>c3sGCG5qUEdhu+VhC=Iqa
zq5E563~BBY(qdTUyeX60YnIWL&d}MJQK#uU=E^OiHD9^xKTNrEq%y73yI%24w?1ab
zqQ(JUl%`?<ee&ywYli_CHbWsfx?Gq=Wq+4lofbz9MLgdM>++I$^GZ4$+W3|bY#3FC
z|GjbVESNzw+cSLCI*%sP1H;mN5_C&kU|YyJkj8epPp^O7bPz^w-innDPBg}$zIm0g
z<m5qeR)bMzm*QU1V6ThrYV<WRyXSEjm~a;?=LbKE_)M{#R3Kd=9Q<PHdkR@^hfu!X
z^{t5@$R%)-s+{kC+@Sc__M;KP@N}5GnF`@vrKN~>z1*6wxP#7L-3(;?K{Y*cIfDR2
zNII~9S&91X*MOo@xFj3w%(7&O#;-bkQZ|vs=fQe!tayG77ABt?7VB9N>{H-k?5yJX
z{jn`MR<YO}Y^Rv>IoVZh)(*6BRYZ}jjGoZ>Y<;7L$VV?wpq`#7r+%yN7Y-I|p8O>W
z5rP62OnCN~rd0Ia{gjQ-I?Ma5rYS=tdozsZ$|j#iOdXdL3;{_!k5uOb)Zaf1r<a`B
z;WPMDSWX%e4jfJO<Sa4a6M&$@^6B&M9tpU*q>uOAGw1RqX3+-TuZ;I_zGz-LGxLU!
zMT4(KR+}cSIm7e7KvLX#l&78{UT_s~qe75+Wl`VpL2Nkrf||+fFe-nyiFUWiRVe41
zON@M1B;1e<!o-2mkv=u;Xgqf2N2snjirj0m2<~&LnhqTG8z4fU{N-&HoFh(Ai8#g`
zVsaEmM{n*)A<+V?hXW=-WThOxF6@}NTB6kvBw!o&%8iDR5~*FZ3H96GT@6!~9-+<E
z`223{`Yv!2`HkdJC0WE<tH5rANaTv=N&6AUjD4tA)n|VYG(~l6iW+vi6Z)1pm#@;;
zm57kudMgvu4!FGyU8Wj-mJUZS&9kp|>1l+2K0gxywLrH_*`N>iwIrWyIU6R^PYpCS
zQ#364T26SOMLZ8d-5IvNLa8z0Q3Q~>^kT;#jL|d-^B4#N`@3(Rfdtekh9uKX^T|LV
zK4hKHm9<ydy7RtMY+7gyv17tCu`6V4>6`A~v|%775ULN!C<WB*WNBo=!5JD$U4Yp3
z0inDFLw+}+xWD)JISPrvl+)a&jq;+-w0I)2o%FaSSF(dq_x;#6HRm5DdW{0IG7D7;
zZv-Q={o@YS))YXJ=bS^-Gwp*20;nRd8|VuPZ0kjLHb|swOrdt65^JCt-ZxNLv{s=8
zgpV1E;FzuvS5w$4V>7<rcvcP=dh-U8pK&RKI})V9ZTwzRR*H^6g9{#`TDR8Ikered
zmL`e5+87KPS$)iV>t@9>tM>UfzEI^&@xC|e#MPDTc-UKwW=&hSPo!bxX8lZ^%}>>q
zDpEG+>X4U9b0asBrnwkUnt}Rb<i*nnc)U=xW!g_Fj=PuUjdi?tQe2F0m$&CTsKfqI
zMqB7J`H62?jZKChT6bFLE$;)mqw7-Uf6waQ>zO+*giqmBSVlh%^{VL1_2@1bQ+qPR
zcu7U+Erx=kgp!jK`{dVL#NR;S;}6Xj(vzY;L%7=>YBHf`B|#TaEStRn1*CYR<y>a(
zZt2~_MRGYqJD%`-|C^u4>3dEGLUi0bB%^<C)X*Y=(`$`;7%Bh3$~Ig;#V;b`R@1(#
zpizUC<38^VmNS0jCl&@WK^9_f8Oh^*Owan{j#kzYv0-kl$D#Ar1X@T15yePi@~Y?u
zC$CiPKvLqYUe2Q+Xr{^m;^$Tq88d{7go*{`=6Q=%<DDiG<#<C<NC;E(DIT1bDDze9
z?uRmW<K&>OL6|380Lm|sedVGYsRNDYY6pg%RFz8s69ZxYgm7I?b4KFUdKts!jyw0{
z)OY^OOA2Txx^ZH!zLMzp8U#@5h-EW)_{$;^bVw2On<BipA1FsVFQ}Cz{A|HDI_UEL
z2p!~d<~!TD4*HQz&hNa{JV2Zp5uFO36m9u#<c0|l?fP8t69MLK&X1P-6WTmmE6y$O
zvS_#LVE4nJ!MDBtlhyYH%sWdssL*A)#8@}HZ~I$0t?5NxyZ$zi3qm4wRyx}U_guzY
z22frKZK0w9xOS}2%DIhHDR^*yt7*_MELJ~R7gMFty=N12cx(K=s=I$d8ZUC*XOg@l
z3hVO>mX{o^p5-Rhk}+&LR==VrFLHBaX^fMqAU=A;qy4a?T5i!1=w_xgT`M)l98M*3
zxSy)@@+J2PVH15G&fisuQ$3&GnP+QE2(ONOh=Y6uX4k2J(GP_>=*$vyrsSOHODRQ!
z0tMD3RJuF!hLKh7iG?n~-%CiT{PbzQ6_mPw<24$Clpb|k2w{j)^!2g2F<ewcZ+9El
zb$ZQ3F2%Z={y43Q`~GIN#eo2Hj`Ieh^F*UBxIU5pJv+Z76b6XwryC{d41-tsusA<6
z9{|duEGnwEo9gF%q;ty@6g-Q=!Q`2Nzr%upOVCZ250b80fUP+w?NAkEZ$WOjp%m$W
z?pKK&WwoPvoh({v1@w1_tMZMa$XjKnVP5K5jp&gRh!pQT53z0|e-%Xrzgb5X^<&X~
zA415XGhS<Ts4lQAESaGpGd=jb(KewMVC9ielhUAKq}kl}HnnqbFqsZs-N(n{D(;Ci
zeUCF=52wDC6JbWIWX!&)bMbc6Bbyr1CPG70qv1nNl<;}O;DMtScy@LZfqTRgp*##c
zee;d$uy@)vR)eoDDg37RhX(qDZerbFya_>`GeRs*o{Ju_1k0--C?^0KOWQ#A6o7jL
z;5$4MG5eAT18}*$E&)yqvLhQo(@DwksR=U5CRlaMs#+sb23!QKea0Mv9`m^DX@88I
zdGcBP&V8?ids+RQ^dF&4>a*d}d_<|rZ6>Jl55esri%%KP{=#MYQKL7NfcBIiJ#a=l
zzzU0FR!gl?DdTH}xxXngA&{FnblrRE+<N|aXBPPzFRphWFc(oQJ|3?uGF&lsS_4aH
zqSJyi0$4&C(TT~4NvN-Zrw8Zb+X6V~@90ukA_S4(vtu#te@FAjgGooJ*u3rg{q)nh
z$!lqNA15szcSNq}sb<2E>{xofsf)gJ0lnM~x(7Sm#iV+gxhKGLzFZ<Tc9{$BlosD7
zjbKPmG3g3?KUU*^x|a#4d+~Yo4}MiR35;q-IBdr~)+r$fSIK}jn6oY{$;l~)ubv6b
z`$GuMw}TfJ!du6$Dn>N#9pD#(Q7V<1D2s%K1f5Xx4TBOGDVx@!$j?mrPlG`Nd-+sY
zrk9AIH`@b%>{SFaNrtD}gBq2B5*HlPW-+vZ#K>UI{^trT(08p~w<q3h6|;hT`8dIw
zxACLH96q6cTQ>1imLxCDVl|XLS8my%l@MDK>*Rjzw|=3Cn*Dx#+IXnd{%A65i9tUf
z(2gcF`sdrZ^T__?Kn@gsE-6F`OkVUry8<o_0+4YHP1uRdBuN!~-phS#{aMTqg8&~a
zQRu^s%+?1kfiyY|^lXB-p#_)3t}G0gJh1?nUc~I!|8@X9G&s?eg>m7eGnpJ_EZ9%E
zw9oPpe?(zlJr?r+NlvSJHs8YoC6L}Xgl)bAU0SC(XoO+h*4&E$&OaIEdzEmqSplA6
z*>3f5vU~F^S2!-f_ghoDP{?z!57NnM@MY~9v@wZ@(CQ%u)o<NfA2BsmSL{45vn_A4
z+|F-$;o#RQjojJ3ve0t+zQC`tt;yJa!eZxKg#4gZ`slTYqzg?ktr5A5rZ>$rsmox@
zK-qf$-)&{UH5IGbW)vN$6f!{*421W{|0;jOHRW&q?@&f;Hu|uLF?DRir@-WBGRkSe
zfrCm*ZJ_lK67f!h1@qBM?SL_O-s<<@hPwb#L9q*A^tg}qw4g9PaV_1e5&=3!uZ&?k
z|0k0^ghBtAvh=Q^Fw#zk2+*D4)SpRgC}yg(v`kRfmeh0*wz*0$69Vc9?K?vxdzHcz
zWj?r;fu6CA@>?QxOZCe=iVgo$wh{65_xUvSM%I<MZa(Dlc_{nZRLvkb5I`GRKi7tj
zqd!Gx@4cJ}^W1G!cADcM`w)05InGejqN72xc#zlkBorT>5-_`tZQ79pH;Y<nAUM=T
z|6)&Ni5e?Nb<%Wo2!s<2v|hu``O{vAd_*O%Qn5?;Y;wRAJia;t0xX!n(`J<Su2~)L
z&Bdc^HE!*2chBvAkF=7;6qEX^z<3uk%J}brg8r#25iG+i5><Z#(*FW@X&lAIPs=xs
zc;ee75Sn|Gr!4P5p=(0)lRiV$@VuXh>IQJ3V~_}w4qL#gD<3nJlcY6FR*?t)_UGYH
z2}p}VY{uxfhNI4;ai+G|mWt?!a4czr@MBf}%9D4LNXNA31~DB=RhU-Bb3N;V!&l*#
zoZd)%Ag%@$*8>vJtr1oEQ{m#Ka{cdvm8>a~4jH@*bo>K8tSq(fVX`S1uQV)@CBNk3
z9M&EA6%Y^?-W;1IvaB#WO!5ac^M{K-k5%pzg>cSENH&;z=zi}>dQ$?VR9)mwYlPPo
zyJ^IFYw5fFDs@R=9`^`7b4Delhi&?=8wv<tyFthsHSkmjjYk;Ts0|^zol#Qmhb*t8
z!TsBVL5%o+{T*tmiuu$C?kiN&?os0cw*cLH5Q(ep1uhU%9O{Ci-zRR~^9mi*fV7>T
z`^k<GYUMHG2Os0sHJG_^6NrRxB}+VV>%RLqPsXg-JLZBnY_mDra&om)=X_LVGZyve
zs0#|)NOpQr&ri19m4}DHBEJT1-;=#|R_NFZT$6Gafg^ad1<IhH<E678>i|W%2o`$I
z$uqpg5c0HriMl3V3#$pairx;x$vfD-fXdwK(%L$%*F`I<>;iJQjHdZ2<K2<XI*Z?h
zk<1XzfxQi9zVn8Rl;Na8>sHLJ4Ix62I~?B|3@Wqy9Hkb_)<T5H1^J0F!@lPiBQ;by
zFsNi4nV-Z%mk2EsnwAMD{HhE5TgNruo4w||=U)sm;YiHSSXx{Rr0Sgw9q}s9oj{a)
z#9Q|Vo&dlV32N2^r^5zD&*sv{X^alc=73|vYcfsfay62q8O^I_o=$(<Zq2Qxb#Q|!
zW3a_>#10ph7hl;T``dpddIy5mi(}(6N$2KTdBWMfXB40qqbD034(3zxal!7m7-;VH
zzhmx2CQJgNP44@w{6eFCUB69m(*ID<lPpglj%ZBIj=UB*c3x)a=8f{r7^=m=L~za>
zHT6q;rVHvO%wK+E&T<S$sN<!)UDudwYy5!Z^JLtg*p%o=KPd5Q8qkfB1x<SBLeFh%
z=jDyhG(cN+WZ?54#n1VwKQTfWuI*SX^$tBHq)a`9%eXitx*+0t%@@d$pYkzSrzQV)
z7i-*L9ekVn-vu)Ph{<a(zb~aU%)7MCRjS<$^4jXs9u{qw>rhEUdcf)X^JF!=$%oqe
z3;E(5%6RXXqzaBP0m@rNT2Z^Lf-SvsfbW$@`&@2~EY>TN=xfONqjND8D3z%@bH)sQ
z_LrT=fG8BZX(Pn-eanpU*x5sZ&L#e93RjKBtocOJ)~nU@t;GkBQ9lPY3$^<M+YlN0
z$hY->bei=?%T($bT09fYE|I7G(i7frE`8eR|DU@aSwZ{Xc2xqa0bCqQa{UcP={`Oq
z-@wtis!M6XrCq=L*a%?ESUgtl;cYT7cPg@khB%sPKXEUvN8~b2dYDhrum9&-+?q1j
zIY8CL5Qw?Nr*%!YUZGr^+}rnM9}a|rs81=@TVS{qVQcA+B4P(OVTVx3?#5ajzQLTT
z)h9GnjrYAOc_zTWK69fl1iN3&q*&!p4f0MLRZN+W<iS0VPNszcFR7{Ug%#viW+bkx
zb#fmP@>74)a97%Z_e55rmMivyL$}PO5PqMFMr~(*QU)ISbqQ?ONFiem)Mt;jZX{(#
zI=3l^;A+Gh9B!%D#v_gvyJTqW%vT+6<Kid$>z7&qYDnFuT&@Dkt#H_AK)vISg$X%(
zS||NW{Kan&!c?M?N*FH@ABcD%^(4uSD#g(%NlwBDgCGn1qrlU&3ZW$v?iU<;ZE~Kv
z_|Fq(I|#5}?Eg+WnwK;;i}=AE2B;yK7_%c|g!Rbx!ttoKpBWVUd+=nwa2iD~!g0o>
zF9ISW^5EXUecHd@Hg0DKeNuMw@yjbTtbL!RRa7Fn(1h(i#5moW-u<b9!M@mK8<#d;
z<C=t48cpGK-BHEAk#r$8d4=BLOQY`M;mnV+(O+XWOFXtpJj^&#{}AAAFfep#8-#95
zwVR~eA}@x!MkqF6w%WS7dPleTK*E5o+c7AXz{gCH&F2G&VHjz%gH?)=t=<n1mWwus
zZS<aztKjHEcMikEdHokVbyo5FAu~@+|A}I#b9-&+v%g<1@`c`3Ne$2b8c><V`fN<Z
z9}m*UPlCQ!v+<uz7>?w-=-IH!8M_3HIa9%yiO*BbRG+C~tkMt&_m-6fSpfon6~9Zy
zunFe;PiUk}!7^%bNoy4U8+Ynpn~{=G2(w9NjJ6P^Sqf$hUy;Dw#$qSNhd4&zmtC};
z7j)%d)`kt`=J~ohgB6XpmoX5+aK9G3a)9|SbGT{eys?1j3W=X*Yeu;RB!8MT_)>sI
zqudgq^6%RNZ8ZQF*GD)B>+>c{rphV?z(ywl_uLtUMbcr*`E?@LXO)ETLLlC~2P62-
z>Wg4vXMy4Gr?yKZvU#!nzp;1fq08bIr;mQ=OX)wFkU6M44qr?4I>H^){>kd>FdQWn
zx?B;(FQe1FBK`;(+E)e|^PuYq89UoBGMQw)15UQai}oT6HI@ecKa@*9eBf$?wd<}#
zSm<t0(4nIcRE=NVLrk$#LcSb(zH)r_Z!ID^GZs|rz5T^MZ7*NIdNYVV_gU-Ke!P=u
zJ2ua7ep?H=%rE;C^A#<6urS<j|J33_ctB(C*5jRCp(!EhJt!5s4^lMZvJfi*DbBl6
z+iMVnPd@$+Qr)ejLuwwSN|{4gc%<)2Nb%D#D`5JNHsY6jF~9yd`@ScEM{ZKs3hV9x
zhanXqc@0HN#M36#4i8Q`i`ro(tebER&Jmf~{fF^im6;B|PZa#3UmS!%?Lix=YZ79t
zeIu;fK4FFPIS(x@z_jk02QcPXsgxFR`8ykDxtf;M29*zv5LqP;S@uUM(cG5z^X>HW
z)*dJ-_3%Gr{MxI1;J0~kqUhZuHy>%qnb}GO#fzmw5+vX1H(Wzsz5ee1SbFD<*D2Um
z_UpczktJ~MIJQpn_kS6&lY|uQ8Qbu)yw^g2VHKNgqmOcr*Z^{;00f1cXZhw5r!_4v
z?`ITysnO*(MDC2oNJReVTwCIkG{$8v4ebxrPPn)UnaOcYW@rboT>G)&uRbEEJ=q_9
zvNJ2leG~+fJH6V|$4l7(S@1n}J<cP~)4~u~4V5*yf;Au-H2k5&eR$L_he^c|zI=nM
zQzR%pmXQHd{JYEB2wiWdTS@W^W4T6JNX4=-;sp3Bi{DBmQg@-lNYm44TI`V@zx!Xu
z%YA*-$iQ}%aK=dSdyFs~m@s4S{Grfe57FGfxxWxP<Lc%)_aQ#>AqI`NFrju#88Iw6
zExb@R!=689Xf-*XF~O98H%8Zc&nG0oR3IU!6veUQ`gAXRnsj&E;Ij#lAbJhrS9@F0
zIWQ5SJgb&+DV1pERWn$*(_c(ljJ$$C11od;wLtS)`9JMb9Th~JWPR!FK_A%gw`5h^
zLHs2Epz#Qz8$HW>lDct>0mb^Tq7q(3gC3LjN3q=uYiLF}4tL0{4F!Zd0)Thg8CFI<
zsD?<j`$i4YSI~ZRO#!9N^S#%^=hdOdQqmi8q`Z^WfU0}jX|lsKFTOy33UVzJ4Rjwv
zD%d}elpp@M|BVY8vLNuunC1NoF);H*J6oJ`I{nb+C`1;+g2LJ$w_I0>D{kHcyd{lv
z+;oo`kdv+^k`d#G1p>uU@gCWIue4BIjlhUYVt@C-ex`S3!zJ%m@YwyHs&;j5yFvlA
z_Z(e2bLDpQ$3%}j%f+da0$wIHZoinOGR}}>iKw<yakt<grD9Te>MP<j@T4_*$Yf^y
zuVXY{l{(>WR#Ksp?Y{PhxI*G>T=GZTqZL#(AvmDg0S{@9ei2pBGq-`SB-q4n)mGI2
zAK)iN{ph+6RU3x!Jux8+WVm|xg-npBri=Fd)==zJ&$nQ}lm10N_Cs%HIj-P?_z;Oy
zXJPYf)NFC)zY;LAk7ERK1H%GIJ&pGG0{0y`D!!bWE3riI;Ir_xmV48X$;|nmO_Q7f
zM}DdgQk&<p+Tq_6PWW%;#@**@^p{V3@JF9VD=Dgl{x8Y_d3SOD1KSqh29Bk+^3aDS
z;$dzQK2R>(Bgj2j33fiEyHbIKa=(&qo&B}YFSTZ(&YC~%o`}Jq+`&t}Av&57r=Ot3
z|KjYDiDrL!dC_D5G6foXG+kIwEExz-*P;{JxqW1zx6%ODIE@$>nSL}G3hgrt)bdB7
zXixF<Jr_8p7A1Cl@1L7bZ2W}k%(TX&c!;tV3jf(R;pdpl&evAcAC895;8mqScWrvG
z``$a&eBGL$8v!GGH&^W9GM%|il@@RZ<?akzGTI=<2I5~Qbk>g)RuEr9X&{8`Gdzn2
zPv`$EFK7L{*&Q)AmL=q~wG}7QHevN6nF@R0U+9w&o3#<H#;>UKva?l+9<#?f@dafy
zT0VpQX%q*4`RGf7hn&L5BYlGZJXZ~k_2U1>bB*tBb;t8Iq&Lx}5ZKcD{0-1NU{q_<
znGIzOi*jQB)>6%d^AIN=9(!YToFGfnC;gW`P+w~#s5M=8MSsrSVyVvFuik!X_BQo%
zR^#-BQ$rX!S<~a=8pQu!4}p>X>H#$90l$m;Z$wlzZ?r>Tjau)#mky>B0=n6Cj1Oiu
z>uiNU4=u?bN(}JDF_Hj;+CsfirEy{d#X;qh&~}K!_XazZ?Inc!iTTw>^Pq5hqq0pH
z9<1h3j%O0kJXZjQH8VX8-W8KZQu#ZW2IlSktWz2Qy=StqRV8sZyF2;tZ}{w~idRH}
zDe(z(m3~{&++~JJ41|(%?mhq9_>)-lxV;yuEb?Nc%^DgSfQEzN4`a&@-8d>gZjKhF
z);7P=f_D({+RD^lD(7nq7^q1sS7A>fI=-!bXc->c_vmYk53#{MFO-bbQLA6U)JK=k
zrix7GTbm&aH9hAPMIUr<-I&jl71|QymK%hx{$`5@vj(6<5<DUo{Za30m30x~XS<}K
z3He0oDIi{!oPr&`$|d&lfEHU$_u$a@+E@F!(W>4CT1stywwXt3<qHXcVZzg+$ogfa
z{|uuhn}Phl@3cp2wI~5jymrh?OovaS0;g{Ndzl{ji+0>b*}{J4hF=ye4k^60<5|eQ
z7=mZH0SvPK+G^NGzuP|D+;r_r1D8!g7&C%C;9KAca5G~a>-;uCoT3XT-*TSWaGo)#
z(ssthH5p^;cCsSqy@eoVKL_=vSide#f-eG<d)U<2_(fZKTDd2S0Uuo%{{52#EtQIn
zO#K~IjeQPn#8@%299zg#7lbN4gV74hgoZ7ZK6<BeO~bl>cyRLwg>AbojGT&|jSbl0
z#!rty+RNw)b{&QOS=^E_qmW$X{qN%}vtH=ZyB1gB?6ErQsr;98Zu<ksp%FxPY+%4S
zmXy!s*6(&j>%IMAP4SJ88mPRqypB2NZQPF3<iDFh*NZ*oSs?8eA-X3v@mL(3)YtgW
zQF<dF24zcu(D5>Dr3b(9FCMx9)Lri=7aG05kZ9$b&<c^xvuhbEKN;`^o)~WPNoPl;
zk2XVU+$<6+ZFH^4UB{h=F4#7@J5IPX@A)3$@K@2nf9#^xXjG$Jrt@u9m0UtY13rdy
zVB~gfEak(P;AS%8(R4(rmO;;ONxAqOXB}`EQy9x^Fql+pixk$i-&77v&&=$w8n$>I
zZT3X<5y$kZ?u}+Ljq&YejHn2ncc+bJ3LxkKw6Dq%C0If;B7Pl2OqMqSb5RwvBLk<X
zbI*w7{+OEnbj4KZNqyO~TxcFjTqkKZ%tWcL6eAP#s%(W0%CGlt1po7@#>DFjUb@dy
zB7)WGlXLA@0J+1RvnB&D(&u}9z2B7NIcXKR+Lfyj>#Vw5Z8i&vI<YYU7_)vzw5~l+
z@tXZ?td=)ib51J;9wwaWOBP6x#qXWE5#eJAJFY#}V&=9?o+I&oNHft`_}sq1L=RI!
zKquXQShTHh_dBkg%l~X?>HT<f?6WSgc0aoKc+%_$$TTxcgCag6h)fqFI9Wb`DWMZb
zBWgHVTf%6k-k!}b#_5DR&3CQAsT7EwLZ6P7lt5TFe;H!E0<uClM`P_P?!|9%udHwz
zOluYKF;Dh+l!^)c;TjOEuq9sg_E;8OEge)Fr{zODqq!}Ur77TQ=842FK~wntl3maV
z*j2KhlvX!vZG`<>t#=G#W1;?#Fff(R;kC#K#W*;~pi>n*qmcB+p$D0GnF?xd>)hOK
z{*TFeC>ja8@b$F1uD^eq>vn&<0EOrJ*YEGt^QXVuiGz)t{>qG^YbNn$%G$vcy^nF<
z;#T!9N0b$WPO^4vxeKEgnUvXET0tO1mnN{fiWKyJh!(!Qa`xTr9RF(6>vW5KxRr4_
z16lLodwWM`<S^Cx3h4#Sz$Ssj<gPd{|7@_su9stECwZc+HUpx2dbSf{hD;3FY>Dd}
zd>#$l5OTlAi%fx&^+2WyL1h$0CFi+veYfM<*B`5RL_Hq6@brax2Vgz`KjP<Mldge5
zX1#GoAQB2bbBgi%RB?mmFD%*o?g#nw*}g9JhK7cB!CAqQE@_}?@XJi?Q@nDkbt7jk
z1<R~r!@9Kdk}lO^brSGqL)90@v6Te;<P9(@9)kJM5)4!D9W2!B_CW3feJXH%cv!z!
z|NdwYTII!e5L*jamymKyU?FoBxwxHxUe6Ud9V0I|u(oNj@k1{(TumNr#%u6-#;TT5
z`F*(Sg|9Fd(EFTq&6m{B;6tOyN4`zuHJ-OUS~)fA)SJSUBs1rj4`73JgF*}u&u{g)
z{Q}t&fh;^{L!S1AOG`^bU!EUN+g~0I=T^P;GMiP-0Bi6>kX_h_O`cy-u)xaNhp;nd
zhihh3Wu7I6ZS+-yzx!0c7}OiJR3-w3$~s%-zDt{gN{HE@Q~auHiB^<h1!p}-=L>1G
z^OAgHSN$j@OYlSEj6_%3e|sfTulF5BYVr{uOpq9X0#Ent2TRKOJ&L$$Fh1BPe{VQp
zS_^nXd+M_|5H}aL?|eld<TL3!*D(@^x2XSM(TkctoB}Pnu-fYU;qd{F>C9UYij$Mm
zybLT&|6;9enBc>Hp01df*l`MnS)Ituycuntbc{=Ozw0+yWrY9Y7A!GJ_D51@4JwM>
z*UMUx*X!9T9exmxC!_XOXWYMdw;emcZ8%C~W5wU5o^yRr8L@Vnom?;Nv8&wxWtS|i
zaBpM1C(O`Vl<qn(gn%nm6WH?#zD@1QK_GX3?h~BjJG0lRK8qZZDd0NcKIeR#>5)s^
zPL_;d;B%d8TVbg0(uEe>Wl~paK*Ce)2-ziZQ<9kCtgWi5GCo;ugmc{kMuocUxDlE?
zPW`POuKuNGc^?$H6A=-yBu9Wq0_*bl4vm_xaezgB`IbBgY9h`A)$u6qbkk#_Sp<A-
zRt6|dK#~e^p6V&{r5N_X!*9#veE(tpR?Xd*g3AJ-f0T)`U4aKzs>eV*v1u?q69pz0
z^e_5EL!V(YK+B(x(G4&l9Ml>KiBWhvePOO!-P0NDI<^xlL!M(h=6LJIpEuEecD_X<
z>@Qd^d<NxEkia#R)N?6QJU9f62p_ZyR^l40gjU5~Ht^DUbaWId76gCXdOfQ*rw=?|
zKdPL8$7>B4tc9CkY7DEf(DlFiLs@jrw0=*|v3i*R&U`>!rQx3($Ee3bAN%bN%~pH9
zHE0qzYiQA(er6ZX&Ou_6Nfv&Os7l2*1I9)M2vqr1wvlTCav83U*0K*znxZaQ8@G8`
z&bGU<61p0zKf9hBEkJ?TAZn6ULA%xM-Jw<))%qng!}ay`0xd0Vmx8=}=$glxUwmh0
zXBrX?9bo74bl#_cfJQv+B(5S(#V7STxa?|vGfv#$xH%5B_K^jaOZep>MTdO>n){&B
znVn8FHtT%ytj2WjzAQgNhciz9JddChjXLfw)1rzeC5!)aHdpqbPdKP|@0W4x<g`kg
z>@<|YXTD%zQT<Nn;pVr@TARM}5KC~N7zoS&B@oN}U^N&#Dbt&9&y=MxWng1t0}pmw
zq%ioqx>Pg%H^T1!A11K<DHBI-QT=&r^$h%mLzQk>m4O14HO%Ys2ul*?7#mhzzRiGg
z%+3`R(<+>&Z;O5Q;UE9ZyZr3K!8Np0_~3SX`nLYAyG#MRQlYThaD1SID@sz&7KIQM
zJ~WnW$R0zedz`~8cIu6apQ7c5JUSK2>Ft5#^E`@;(jt@VDvKYiI-O}2Lxp9<Z~mU%
z>eV@}t$qeKnqQXR&4R-5mu8>-Z*P50TP{Z@naUe-cNTiF2dtxC;c#CXZ3}W!l5W5!
zvS17daw@t>v4gE;4-l`qO#N1Hc=kr54Ww&sG;Q$O&D!Q)NbQ8Sn;UGkSYJ*&?njU7
z^9DPx`V^J@g{N2>gRLi$YFG5?dt0eV6cmu)-+(xxL7%nnVrNK()u_#PJJVy8=p8F-
zd77Zt#Vmc6r>Q%L30vszIBC8oz`xSvxLi@`Buok=kuqS){cehMLK^CiGm+pu@qAS}
z#hy092@*5bZ8MtHni)v?<z#*y{&8)^BqK={Yp{@L?6I+!^xAXo>%y2S^10or>7Pmv
z4uYTfJWko>+D8Wa<j<Y-qr30<WTlNP0IVmk+rDbS?W#}3l+S6aNBM~5<@Lc#$<cQO
z)`hcvY9P+;y}troj2w+j(9^$UQi}IS;sKmx0nENkZ-t@i5<AB#f*`lTgi6P^4}1DZ
zmqrA@c=NSw`xdCQ%K2=S;--?(8i^W6MWr)Fif4-jHM}5*tRLxAgB7HWsnjlu7C2<?
z&2-22faXd}JU71q`*))lM;*yeINN?GiRBrnvs;)v^=N-w+2P~kE8pk}J8c7TiNfd6
zjD-sxU8?(}S3~a(^D-Q~sFrJyk@}TN%`2X4XXlHpzW1RXXRr<Hbn$SL8pxO+M*EJ1
z-oaxOWz!d1TlUgcy|?S~@;lk(^7%F)KG8h`|D83;y_D2&!zQw&zB61?d9~{lknefZ
zpU-8B7$y!@@f8gEUe9QmwLKh^a7gEIEH}FD4T7k`&g-D4KwiM(WZ9)rfr_u^zb5U5
z$kx5DtL=FAf)<7yr$LVSZ@(zzR@W8UrF8j4q0%tusWKS^21pjo!TZ|Ps&|6Ae~mfc
zn|8uF_?(G>Fm++G?mLhG1JVo;JHqEMw5_I7fTDe@?;(+?r(um&f%ng645$sKdC&E~
zUs)a7?k$sf)_h%crKLmb9oO2xgw)00wd?M%wUE?D@RGi1nSPIznZpLON#eFaxcn@<
z#vF9fI$ospSSG<$vsU>kja!}1b}fedu^}g2oH^LdZ1Mp1sz@BxFZ3MZLod`xOGbLT
zUB@go8~5I*dhM&`8ra^u5bK+MYMnbAnQw63`Wr*SgZ^|s29)pZ?#{*#bJ^@=@VUy5
z2|pgC;dmlr%Qe4(<gIgV8b;a$zKA|OY|19|%e7z<|K&<skk5YK`dZ!<%LUTJ2mVIl
zj5oH@0Q_gg^j@+!L2;A4(LU?=?^{Z0$*jXo4>pzteq2rYmG)cG@_B*ghfVI1R9J2X
zS~j+}m-wvuye1o+AvlV3>V*o)ta$1L$}3mX>MCUeLqjOp`<LHjV{!lMv%b`Z>;>(B
zQsrflJ;u8i$Bme^&OWxtzPfUo`-WBTyA|MA)fvkFOn}f?^RY|^RJ0a@7F|FIfN(G~
zk;S2y0r@!;b))%qxhr+5fT93SUKt-(!(zNY9+jByJIP5Sf};eCZ8BS2+@nwpAOe-6
z+Ft{f#(}N<$)!Ho$p1cYcvw*d^74FZ1g<07_S@FeTEmYCvdVA%2M^$|0PZZ`#2wk?
z3Vy;BExbhZYCH%3kHbwO4P-a=*7saS&wwc>?O#WS5c)MtOV?N7GCnxyk4aIAd9AHq
zN$5q!)Bj=WEyJ>EqWxh(5G9pRX%LX^?vj>H>F(~{0s<nP(jna?-O@;RcXxy2J3Qw-
z|Lc5Ezrf|aXV$Fw)!Mgbj*d4c`vSzTQrJ%!^^&Qgg2UnFy!Ji#K#*ogkybOFji0I2
zr7KUu-efUuqxC|4TR87!d|X<Z4!8R`w4H*+e`nkK?G;8cZBxJ}`(IBq?u4Zl{i+g2
zSwO#c-b)OO4cqC+>vf?Vk1DSIEAW$>rmYvw<X=sSYhQ)Pn^CWqRoUArkv{F#fewmi
zgKGVbR%P#PjX4E7PH0FnOAt4K+c$6F0KBvd2^q8c^KHSOd!<{ed!^*)L1mE9!7Mm|
z)uFf}tSHiB;{^o;zHVomSp7-tHc>N{sLp$n2gm=m(pq-N`TzC0H!RT2RgsdzKk4X^
zY$06>O^kN@%<3>f--x&0T{T?DE;bL9b=-St;Jk_urE$;wXVB~(|M)`lR(#I_XcSSG
zt!r;FiX=DxtTYu{FJ_y_LUb+vjOiLqx=?izL590cR~OVdGA?^q(pG;)+lKzYlumc|
zy$S&roB+dnmZQZc5Vxjpo<0L=OCtj}cY`-Lo43}DCta-IY@Rh^c;ZBjy?-jbp&NRP
zD+5|JKG{`99lzR{UzPhFtT!ySOK;!1z%>mcE&3J`#$c2}ppABC?0sOVGEB|u5><bY
zn~6*4jlpKFy<Z9JrKjSO364pYG33Nc=Cx4a2{~;|<vo#a*;6g)I68xo)6q%OQdj3H
z`u*E++7FHIJtYN29yY)CT^Qm0wip?SXh<G^<Q5TU(|-zN*4bCM`!YA9)x9FklhV?W
zqq^9%HfR&ecIQfOvRL<Tz%K&1IzrS#jtZyoxb{R5hQqt{?j;EIl)F9VZx#pOIAUT0
zdc<6kEzeY)f|CjgBp)+`pTK`ShtsZ|`tk`09%?1;>}BR2SA9uzbee3<Vw1f3DV$^&
z(t^iTj>plWruUfiH(_G7;x8D4R}Btl#*SJLD1!G?R8&9s{;fy<k_CT%4(>$X9?9&^
zNMJUx_FN4jXHzd$Irx+o_&*W*FrzcXm+&24BK{$kc1v?v{PoSK+8#K3?l5!>xLjB0
zuvr;ckMqO5zuZS_2Q1of2jF|!QdX~R?qR&|Vb*(Oi2*speF^`BoHeJ<q#<yI=6zx5
zYELDt?^e(llLkN&>LzUIZhz#tp+LwKbZ4x<LwymB*9({qHjg`tpJ)gXGxsfAu>vfx
zwBB>teIOy1c~VpUC~Hv9R>jfiU5sXrEB)B9^bu&SFz60j<aXZQzMpp((n?NA(c(Ak
ziD+_}w-eh@R@G8=_Jw4HPicjL(AiyKEWhf#r5z+G!4cu^;ZhuLjg?78veohBII|_#
z?M8O#LrB`Qy=FMtsQOX)a@liBDHzbM)b$@#<PX$p-rp_0WoJ$N9KyMVYz<xO-5}#Q
zdQQ6F4S#r3Z8O`!PDVDatg3iqzv5h%=kfqu4ssXuo>{e<K<I2Q5r25B3So8@6VbKO
z9yYm5)Rz})Jrq?dbMKe656REXnrmErlDAuaHoyEyP()rHPDJ2U?^Smp%(rjPh`;h}
z+1bW7@~p`e9%~;tEKT7LMPIw3udY_~OMDh5T0hnkLM41bYB5tFBg4^9CqFb0`a(KM
zp<Eq|9-|A2?nC<rW=l=n2MsO=M7z7n(g!{M5wBBov(i-xjbu}K%6aWpzwHHKkZY35
zB*$-VZ(o-w7pnZ+8c2GlUTG}7@JIpYi}xD#lbkKjkH{Z?bmR-|ZY+>2?kB}ZBcr(7
zo6mEDC>tA)Ke9;ETZcElP+m;Nh4B&4g-a!C&A)%WPtOY#_4r6m6pXl>o7SUY>wjAg
z5#9}ccWpB-4r(x&+s?OxT-H7{>v@%=$as~-C#{CALx}V&;xv|etbZ)pI5m~Ud;$?k
zN=o<}T@T5G`BaYj!R$FMbHKZyGzVf9C4(!EwNs;KqobpkjEsy%>{hc%&SN>!R<txU
z3I)oA&bg4uQ0ms^U<$6a{s(Jv_&VXc&^PPhsxvRy|74w0mJ%x@D(l12Bq0tl^N{9m
z#68?7x4Fp}(x?o@-^i7y8@m)m8MPMUe|wSD9jyU#%7g7&Es;xJT<=$9b-0NH=ersx
zNrn}JaO5M^#`!izV`h4JrjFUbcqm6{XH>nLQc)4A!+z6Nyf;<nbkD_DV;vb6_u^}Q
z0ygXJWOhj*b(N+j1N{f~<*7gIUwBMV*-1ViI;O?X)yz~|<IhbNxA)KE)u<HPUR~xG
z1)_32CLtmcFgrLT);5fFEZ{GCgx5~1g}&#+!u)iXDfTQYD@#qY*>h$G;A9zaYadvd
znEZs~TD<RjdZWn$9S>$Nyon)XK}La>uYL5yy%8<miKp}za!JXerST2&<j6#yPsL%&
z2+Upt?rp7H#_mrIgt^mJYFn@q`90%AJGj|6WWKxM!@H4nZ?eJfUrKM0Lw^a^864=6
zm5QHxDUqMX74dgt+|J3U<F^@$)tKmB?X(AU^^()^`?7E#2R`N}dxgO-RQCS9=2hnM
zHG0CDIP6{R-3Zi4fBw}~b_|uac6RSIx;`XF`}iayBY*n%Q?XQ@MBUA8<#0nJdv_uf
zCzy!((x`8Fp@Ds|$s<#xu+HuuQ-)aBYxi@Cm0X#~n^k!8D)qO7ggU37xU2z{a$<%U
z8Rg@sRp}-d7Vbx%q@Du(&L5Qi_ndGdXv6|=0c01PpOOdMn>1PTMu_g4{Hv7EeyIri
z<1k#{ax_X%p+mORUdh!s5xaC>N{#k?Q_Cr|2!)=Hb|Q$U>5aU+cEyi>7n&Ol>qC^*
zDDHD6mW5f^Q-&AF&A~Nl)cP!-`3yq+sE*iov{cs~*7ErAdYD+cUea1FJKGMFt+i%z
ze+dfiwcdm0?A5m5m7rhVLb~7}();gQl$7%=inUH%=CMDH$8ulsdnLw7#mQw_Ykl-O
zhOsWzcxSE&`zqmcKy)Ru%-|q$GK0@nZ*MXZ>Lh06QoT3+vup)3bbNd*?{+8vWrN*v
zdbn+ToMocDeeG^@Ajt*mRO~e-@waDh-Up&SXKwk~+t#ljIpS`s;l5OzW*FUIgMU|p
zOu!$3*gqDN?s`yKpv<--Pxkk#mRT<WGZWr8mDxhFxXd@5E#oHd9nyVu_@-P*`21fv
zpNJ?@=Nn10)l#@=vekE6$NNK|90G!ni?dAgfkdwEhx@<uMH<b?Ta*DFtw~YI{fE$l
z-WC6&+}}=rZ4%MtvE1;s$*F)ke|WIJl~xN}e#K_S)-uI67x`P8q7n!Qn27%8M*6;*
zbYgn?Li$3m>?NASr+rw~qMsseR{f11LjV3u;I=1i5)08i?Iy&fq4R<C7;1iJxy@Cx
z*v!3+ka?z)ZQ)PA`757LQd*jo*Y#Kz<LNZK0HpvQu1OpeJXQWX5>C8JU)KMXBLU^B
zIITjxv(tT#5H&Li`8<Vpba?(TCJO5QDFpvI-h~Mz$Hgc=@{?*TXJfQZ65KQ*Npo#B
z<_Hi`Xr}VTA@&L1WkZ2@ToJv7N(I^}Fl*gob!p!DN#v+_x))PAxE~aXHIdLvc07(U
zR0?;-YixWD;TcZ+&|F_*v<E#$IIWTq)6ww^M9GW`M*5hO<36OAo&5$MOJqHknkOi{
zyRYko1ukx%YJOCyD_mE`=Q{h}dy6R%!hx=FdF^cqMBu>$y`g+<!p{Rl7yg%wTB5=`
zh+j&%V*;-cZ26Oto--rubS;^<UOEHX?zurd6$b||PL6x?GNNp4w&fizO0M<;Q!^fH
zTKLz}E2G0ny4Np%yeMF)#rzNyCe=3Tfv@(HLa?Dk3!B-4tvXwB!@SV<vnmrKV}?w7
z0E^`a?3D3<=`d9E#pfXQ4d_~%kLMWtw3<DaEe}G)eO`q1b`D!iws+S&2lT2Gd8_N6
zu*h?H2Hs&3P{sbxc}uH5SMP*V37_y;G~a&XdvFlt`Zk=%8?aCRGPU?^&0ay?be!T%
zi&=l0X^>N+@8@^vZ13@S>XWK$#O!}L;^=3Kn8usB6+p&{O!rlENJ}B#2*>X4d0ULU
zA8$<h=|nygy?!5#P(wCiXAY^H1y6z2#lddg(X%slrmV4ixYn-2|M*$c(lT|*)n6zh
z-P!L2cqU&_T8-7wEQyRSV^o-ki}&Y>?#KlFec4i+*ze;D|5-ISQbyE*+tv2A3k4MA
z@$m!Xwa$cX?+;t283wBM<4*%n&pQ=H*`@XyW#w2h0bR>WvD9BGEwS^5#%?_(ET>;D
z?Tppg9pWXm+?Kq~#K2VU(26E{jLC;%hI~^o^tQ}7s<o&@OLu8l5yzd?Pj)ehrC*`_
z%FvuRKY~Asg!}Y!WM_(L@haD_Y->PVv<>=I7_>r-zLtGwtCfrbhlF3kQt6exrhANy
zxT(T<MEUyV>Cl;Behx_o;V-&Pjz-5idq-T32tkaGrnD48DA|AGjCKei29s$90)Ef<
zT-JH@nw+J0#&MfjOlk{W4-)Jk^D2wV<Hv_^2Xfg8{S*BX?ct&6wLQ19_$t#k8`O~M
z;8=67gv9)h?-4X1IuCBlAACJr4%cr!b^RHQ8r|rVuh-<n`};E&)VPzTmYuzGSN}YZ
z?8&RqSMznzM|}4&9pB&vsw$KVhD|m<?^c__w1zrtAyV@Qz7Yclcg5EH<yf=dNieC+
zee#W|(%)r6Cr^a))ToDtZI%3l^dabYU-n(p#cQIQ<gc2DgPy<i3=q<+V3DY=?OEm<
zX}olj@EOF(Ia&q+Lzmj#&1E!}g<-x#4C%3za7^Z=sZ-x+?VnEuFeK#cjQX|I6qSrj
z(PCv_)e<yxiJVV<16mfEL-RFkf+kvKh)|YZ@Y}muJCbf#*y$QK=C(joBZvwUN~!D)
zXYT3_wDv<7D=-l2Q!NQG@JBSXRLWJ!e>&?aN$hnPSe+?(6xLcTg9G1R>Ko{TYr8L5
zOd%>dC@h4OiwXT}QxY4D!VirLE~mV;T}gaZ)!q7fh0fkrbsv%(bp+r35fc8w<H2@y
zxHzF%>15mLva6JMeNFTiDzR21az%N%>co~7u_uzpid~;S_-Y@Cmna9Fj1Gt-qWf0+
zny_{Lq*Rw-XG*Q!Mn@@iy;di<njRWmDA{~`?!YC1zi_d#W3WTbNYI=}G|?HN@v_)s
zn_Y+Kwc$`SN4}0&kM{QoEf3=8UT};%(t|KgfB@DiTv=Xe&<AxBj#&*8d8^k(Fn8OF
z?|AlRBA|&Y<})xxJd-b+n6LLv0Z`6BU*9*hnAWK8CwtE<Qv$M!jm>;hliTGvrP$Ts
zMr*ZIGOruDGTSeye5HzuaQ^9=Zo;ohbMl)TlpO#K>sv2viUc^~8)Pa`)x9MctU9)J
zzPo29N{JgUfOK?7#CL1!6-pGc@l@O!zK8wLA35Lor1_cOj-{sJ*Iuoi>-j+vbvuBq
zpkJ=&eSz&$@$q0^(Z;-6M~H6m<+T`Vcw_VMYWBQ$_gidygc0Yn80^%3vYlw(SUr3P
zYTGMm$Yzg-)4uptp){PN_#Hhfi|6%e?=X8bnf$03^zFgoB^>OINo%%lzDalN>m4O!
z1U6^q-$#onBg`fWe+CD|1#=XORcPaiw4{a?o9<3K-^~YyO>#brk7S0JE~WBiiao6$
zP4Q`5vl}f>@_@w@y65)mS9S@wRB=>VI9sBjEIQ!moM~z3YyE;t0SdI@QgcUVm%Ztg
zH7aDiG?-mEa}K!&QPGCpx*TG<r@hh2A|-bqCjEv)Oq^)poGoc4Bav8RC55j#Rdc%Y
z5ZxXA&vWy$3?X+8XNp36{IFinYc5pW03%}7K}<{=02@qQPgX@XyWgqGN}0*Unq$r9
z6uY->5@t^!OiEplVDEA3XJ*4*OpTRU>p%nEO(wFVIwo7Gu|}SrH+!?8m4{<?43^jG
zyJEl4sQLRm3x27z{XlCiXR585vO)1#w%U9sKKDKCa7_`$LWIAVpMTG55jT?j%l^+o
zci`KDIR_e|XOE${uXx>A<`iKgZa&`KbiOOP-63~J!4)liLsC{*Gi8w$(H{8EWJ3}f
zB$zr}y}Diz4uglY1-}^~^Pym>M7l5xe}~QVHRx{x_Xz!8y%Lzt2^f7BNkosg+nx`m
za<tW9kaM`4lDgO|^tr*1kVOA2uc~bS)Au6~6l6Tp&*N*xHhS*4$CGxn7)n)CG(tii
zE~j6DV>u#xUUV&4&8}_iXPb7qw~(_EJ>jz+Lnif0pv%~;l~ET5{>>6dhX*GT2WUmg
zbYuQ`!3=+q8UtF>IY)!OW}M(4YsBSF={0I=9?pKe#feB#{~?oR#4$2FNliL-jqFQi
zKz^Y*9UIVvpOss76H%TkAzEDuI2zHgsAQDk<?9Mn^P7a{VOUhd2FJS4ixAwv`K;}G
z9A-w=&Pu6wJPnR3BYp_`bB)+w5m~EVmPW@%w5I+2S?LWd;D&~^l>=!D`cfMGPx(sd
zwFU@}MVb--aMXoK#m04ANd2t!-a&^R@0br47th~w#efTObH~BBqirNIjMrnd+(h;n
z=w2KitKUc^Wl~vop`F0bbh+xq>f;U$nW;&*ta}sf&7ZL?rQ*iN-6&!ufr>7D{ud`^
zyGQ(RzOlFX`%3~|*NB7q@~gx0e^*O0ceh6|j<&4}bGTrMajMK?^Sd^rbvH({Ej62P
zvK8{{Hdj}Cj@El)idBk_VKEvR8^1j2!~Od+I?BY!$H(UY9SS9)-$8-xNf}El+iWts
zw|W$P%FlnQyv`xBskaN<FI}pSny7!rq+x43MSJhWl%pG4oOmCf7<&GWXqLm}y|s={
zpVMhgn80yPx{9!2{JG8E-J4!cS%l5EZ&_@n!cH8vHfQwm8EkDG4Tn2|kP|r~0b)N{
zs*M!pc8NNNXbK|(m{?<%TLr*7Nxxk7l8@Vr!iCGEnC`B$^|lHCtwwmi$>T*3H7#vu
zyT_%i>kvV~WKnNSIRD^J+LOH)N*w~Aik%!T;C}TO8PVkOh?`@#w%xmNvR<kcbTl+<
zwh-*^AIMj){5Y{Uo&gq`W1>(@OI5YVUK|O4F(^afV)sk`t8sJI?yIA%qcmvq^xv8K
zRyV(U$Kb`@Or19`TXpsC%hO*++au$78tgi0xn(n#TWLjV72g1-NVHJioyZ(I-%+v|
zPJc~;(P;J(=EJbAiOCg>s78DGdhT)e2Z<2mB!oj=l$!FXh<*6)nkR|RdY40@ZtzOJ
z`9coC{SF`6M|JiTk<(5(J|$VGUfgh&W}<Pcwq=n8e32reC?VzX9rgl59Q6enQ$h&9
z6U?roq_ZwZ)>+SxP=9uX+L_JAQxbZ0jCkF0G<vWD#%Jh(Q6ed|=4s2Y<>!aQQ<C)N
z&E3t$&$|jM4W9#f(CTSK765g+bvc6UsXzE?fE6QWidtVcR5CNmYPwON%D$2$Go!*H
zv$P^Bmv3O3u$ambiluttR2tQ5__P>RKi`>z;T!DS9$_R2lQaR5V!FW$<Ce`Pr>cg%
zJy)i)cV<SH5!-L=_Ui1S(Jf*3yQFH7_>tLI-cpV<vFJxv#W%2@BH*cUA>2d{H#^h4
z$s*_PXx8oQN3Dag;7z?s?2$V29)E(gMpZ?*P+#2I&kVs#xA0XylTiFq#k_NL!3iTF
zAqf>re;sESR!md8MX3xEkee4*6uP#f?A+bW$3yC~l8Va`9!d>K<z((ApXq$#ASEST
zuVAl$-sa<jcXCC}!4R>Y1!X0_V;};{8i&uta1kvVQco|QuTc6;;>`IVq#2T_t+F0S
zrf*qqiX^$fDOD+aHQVqry~)GuV574vUon4UHR`NGXnofo$&=CI?TEa5qQ#`M^La8)
z!sbFfG1R`N3Fja9n#kAE&7=*s%k!ETsVj`^LxaIKb?&ksL6qxzh)tHNVvyS2f4s+b
z#Fi54IVmH9Y4xF7w{vSe{7w@;U7+D1Qo1b4caaxc*jB#ThS>T1-`Tc`r*?R;JjvTu
zq|1z(mA<3Cc9E^XsG2D4Q6i$a?D!->j-PvFQc~0R!e2<x&v@WHv&Gv%YirS0r4+hm
zMj~@1T4r-q)VbmK2GB_|=Zl?^R16?HIBPX9fyyeFDA8KJ#Zv84$&1K!EB)~ZT+X3}
zv#quGZYM-gGlyliH;!~BrkJMY)-qd+2BzG)&vJgrXQqDzdzy~r;NbA~{vSD`ygbc&
z{?yvrt4dVF*^f@NM|=b~&4o>SZZh%le{Ku2y@?njN2MW839$u-RC0-Xw#|D~d(OMd
zmh+=tLtRCtEidL&_w5SR-*owD&&r*?!Z5e>!`6q!DtxYfNPf8QVKCiJIOBp9v?JTV
zPJR_*&i$*ZcETv#vh&9^Dz4}fqru{AZgEYC&ek3p-|}h#Gbh?0Ibey`=R57KuQ2lD
zvL$_vRFfeI&(m*&n?plWIOM1V>)_`aA1|g@&S>t^?uSzOHvZ030`8L6Ya2n0`5T|%
zSz07XdBp^Yg8&i3Goi09?Xx_q%<md)2-^@)kJk_g4XI?FX9aj9{gk4V_uKq>C3jC_
ztJ6I%No7BTvW41iNhsHoU9wS{r=-z>6A_Y2&<k<h1gwuw++!IPim$F=rHK8h))|u(
z{PoBG*_%eUyb0U;<QRRYmArFiL4?h?xZk_OK6c*TF~w>l;(~9r-hNK$8~FYmcA<TK
zG|Kup!YDLf>p6Gy7T){zQX}m8HaaF=TtWW>nbgmmod1-Nr{*`{eqn3dzd{`Mc2(a1
z;w-bm#hofz(Q`&ywC@FIkq?hQRemg&+3<ATv-IaXB}uZSfiy5E`e?QvXvBmq-PE+h
zWrlva;h4pZ1PA~1H4$u+*<!}?mNcGTesD{=ZS)l_Udj?k@X|XM`$Q62xRf!$4bm=;
zO6)i}%YNCb8MVRRL(b7D)p%xtlbZ`Yqm-vQ^XTrAYv!77qH7AT&suugR3g4hBf)>#
zl$~-2;BewN?J*gi8uD<vuqk})^mF06`M&XZOITAieU9Uc<FqSRWjw&%MK=lVZ`6au
z;x{iPhEnaWHl<OIW-_r2Ol)MOO-!hiiht0E<Bk4rmY^=1%y@GXicd-coHH!J-~W8^
z53GOCE40J;6=y?I_EN32(K-ipkD7I?D#^}7o0jY+j>~E<e?<t`jZVv*FB5B1n(~72
zz_Hhr7S(u>*|-{<uWBPUe-NCgQELq4xyKfMoJ`u_j&NWF>i1@<2?v(*Z;@$2%Fk!e
z6BGSD)1`cLy@n*41fo)n`Kwb?VLPaV`_wAvV1AjH7$qruDV^cWLW&>{Ki3c=q9~wH
zB%7*#4fUR{IA#8r0vN9Q@6=CuW@FvRZtEo*F6sG&FB?Zg<zJsYXw^l58y2OxJG;`P
z&hfIy@Mx}<ksyU@<?ukuQa0Uuy!db5LIbDM`b!v%8pz)A@qs4y?3JBeG9u!tlAIi|
zNJ6X;A=FQZfQFNud9xUb`=!~ISR!aA_ZG{1GHWOVd)(ae*>h|kB0_N0^<dc7C0}`8
z`v4lshs_zq&2DXo?|8`2e;E+wr(32o$coP?Ura!=@Vo_ju^Bg9O}MWeeXsV87uUiF
z^KDQ#R28ncD?>RV_aUi18Xfz`U>fe!iYO7odzX?H8Vde&Zml=@-M$uQn;{9zfn4yz
z+{-8Jfyt<dA1)Vp0Z8gt9Ek+`k69<QG*1-W3zXolg}J0-#oTL~3v+<b<90UX3Hwxv
zzB>h>&(|h<35$Wf^dFX^`xbC|_Df{E2vU_L5iOV~F!~;@&w_~vKQLF7>DJ&(N>29X
zw+lU3Ap6a0JHIsD_dkH<2v5f+g8*M{csTzV1xt#HYjkhH#cVvoPrf5uAOZulgH!*|
z6#OO28KI7+3&996=;R~;Ax~LB@83xAunE<9d_<k-hZ-dpAK57>_EVXX86+rzOF9d6
z^TzAz`4qcTme|hT*I2C;57DVYOn`tpzh~vzZl){AJ?vu2B5Y8r=1hHmbB@FKO8}|w
z@$N*dx>)1qhWkV!tJ!2V?Eo*Y*>Djy=yC9Gg$02O^NLP7F&)5wu2|}CO_<1f85!#M
z6=3_NS{Mzshbzeu{e2rCb{l)cBki!mnf6$ucNOXdEu^cfA|L3q*K0t<18k(=awL<I
zH<m6~UN2wuyW&rwDt)8-#RodJxYiWznHKQ!EqYCg{b8n+nQSSaVtl6ys$k<m(p__R
z^@{9Jl!cEnSyiR<KiEm{WsZ%B9@r3(g$7=rs5xCTz&t+uP3(k%<(pj(I*2x~@2cKk
zKEMbs1+sZLHppyztHV;tr>--ydSJY-52F0sFH+gkhrLg3vwbZR>*t>run#AmgAuV_
zwDj)f4|MaY7<H_Dw3Y6x7;1bqwJ)I72RQioGqKpi6FH+17#Wj!Tp7kfFMxRPq&qDY
zD66TdkLD>;Lr=u+tlBCx&OA${P(ELY0(lruwnR?u%t+7)kfmp}9(!+92h+CPBoPaK
zv(OY5+gUC0NVPfn7bs(Mc=J5(4ku^(7?A04W#6%sR;HLMXR*_cj*s0NfJHrBrVkGY
zR5pM_R-T@w!;N)<eBtF~^ojv|nW7^m;}pM0NFdH?h@brOi2SZUL5Le$o&qx@l{MH0
z<KuhJ1K?h~9f*(2H_Hynrv&=%6VdFarA2AZ6^PJzQl~LXAMQ_fm(s96FGOIo>bn^~
zSkbz+#@Sbc&*UGN?d7RK_97%$h;_Gqh8!Q;kQiMsn9dN1lP#hZC1Ytg!&B$=7D~HN
zcQzy!*vA{y3C5%ml;1e<%8%zUB<$cH=2ZF^Ef1vU48@$`*}s3qVR97z42BJP-^b2H
zMgo43=#|87vhy(&2-QH2<p2&HQA*hFqY*#Abc}a;Qgjq_8g(CmIKkl>aYinC%0dhS
zB>4n?cwp<8f=VqJNR)?4?F@>FiqEQ4{i&4gt<p4dJl)*G@g$BSN!;#^i3MR`@D?fq
zE6HU{@glXiR_<>tZ_i|_0lpyH-#48oCn4bDV>vl)EqZ_PJx{5L>v>nGL2IoYkF+=u
z@DgP3I0SlD+Ic(*vIB+%rl)5|foG<I&kg>;z<sVUpOcjZl{p@2f}7IfQ}$=N?o1aO
zu25{@AcdK6QbafrxG$cbcfNm6h2&UFXDT)#{{E!r{xUONwmDr6uExZ~K9jXBJCUC?
zUVlp%?no$9S&wkDDYF|Lt8fzCjcj1<+L2%0sk-0a6X(UZ{WFMDb-$U2(pny8IGc|#
zVVK8OqKD)ms7h55-lOxley8)8@F8;Ip8A;oTCe_mwhMJqyMJ!09}U|8F23fiBo;(1
zBgiM;{1r)1!Ah*74j^19E{@@R8=ZirTe`Pz|A}X_Fn~60sZkSF3_VB)X=;Y8Y2mQv
zWR}ufH8^)xXA#`{{*Jg_e>L}b6HMFkSfY9+PzMS50FMOh#7LtSH%^Up%2pGKAaD-4
zFTq4s3x94H0olbx^qyr|*?%rU?d|n&h1aeATs|M*V}DJC?D<H)owc=T@^~d?nQ(=O
zSG0}xA>wj#TUuI`mse$X{GCD#3j;fp?md<RZ*QNakbk{#HuOZG5@?*X=Bl8~E$$<^
z*;ZI?emLvt*3F~l=R|yb50yfwVshVJlN0&EwvUg;zynRkV+-}HJ7h)g^XExHa%Ty)
zRG`<lU?*5Gor~zf4tSmtm|ooMz^*Uze}V6b9d<m4#F(iwGWxygl^S(%3+q!J)cg?`
zFDU(W>GR`Hw4BL#5YK!PDl|#Hwhu~a;%#5@`U%cmna!E;lREb1T@}*(|L-lO@!f{x
zq^7$5yBVzzM(Dr5RDPo0W&=3RR?`uMNh-?fI8%TA)V_V&)x~O&_obA;k6ikfbgoPf
zV#cdXa3k<}{U?Mzfs)f@!LY*xDO+74%F-(jcL_++o+<EZf8{upH$Fabb+P~pRP+<W
z%JLJgcKGoD(O*dMKfbr~DDBDt*c>Mzy3lmKBI!p%om&%q{Xa!R{M`*MHY8#wk0t7z
zHcQ?~I~_y46S3N3xr&`LGutOG;oL-ka_6I%qc0M7d+V^-^Cs@!zsRU_b(|<BEU3CP
z!ukQBKPvHxGUQsdQq=E!ERrONY)@CQ^884LC;w4>W}?clzI^!p+ZQ4VhN#rm{O6-)
zVxI@^KLSK0nI@lkjL+8pvJLwM@G$C8a6Z)t`hBl=4*g22!2zIU`BlY{{4XUcRx@>#
z$w^no-A}-?nOCpwS9$$OtEsOADpax4onwoUG-_T8t#yqY%8||lx6YGH5Z2u6KbhO!
zH=B65&@k5Q;R1|<*Y4{t#qRDo-HwTZWGhO+L*<~`Uo#K~qE+rk%i5aFzkgDiJUxG;
zG?i**q=yw!1Lbdr-x?3F-JU{K&UbkI{>!@7Vxm#6---QM>sEu*zSz+awdTRD50_|p
zUiFgm3=sXmD^$t=IESNVeC$G=h(hQ)CXLSv;apuagR#<<(<S;A(*fQbArwm5LO1eu
ztDCjY63YUUm_<@;$MOL>q<(klkH|Y0XQc5PC|AEmTS}?n_ks`PZdsuVW(2*Jzeya5
z%xXHe16{vAD3n2qGUMj8?z;f&+EHrBBa~YI>F!TW*`ga2K><)@27~<NbbTy|$7RIb
z&GQILprVYA2agx2h68QVQmxz<ILE*1C9r)z5)gRSi3V4>5@#q;aXRe37t_9^93k&S
zNjGkCuWi93f!8~_J$~>iN#+KEQ#UZq_t44m<Z~ezpLd#t6Xu!qe*XRe71KlEKt)Nk
zsJ^^BPv(lv;p6kSw~xd9gcv7)y9)P7*YW0avUpk$#y|5eWFZ}ga+u{q6g8d~n(A%a
z{}g^Gd1GJXk2~59%@!>c&WKA!yWdox_1t8SPTv&k?a?Q61`5dGxnh!F#RMMueGB9Y
z?Aw6s%_mBSzMGAiE>;&u!m<!B)#24l7TZ}YB$}OVVPL)%XpN%<$aHk~`#De^A2h0d
zJgO9f)A9TyJY-BjsaOF#Z?IC0Jq89wqMQ3ugU3dCYfH=$L-Ozdcd$^nBb16?y6-hb
zry<&DK5^`7bhNjdxP|MQt<akaJsLr0vsLr;sS|J2GvuE9<K%_;ys5l5fGpS1O%J^?
z2nyfMqu@(p^s`u5NwhGIi*v+h4`aK(!O{pe^I66MYm(lkMoxtNq{XL&;dCBYOjQsP
zMGMb0N6p20)!o^+UImQ*Tyv@^U_I08e%z@E;DC99DWag$`j156$3!TE1ac8Ssk9R5
zp1)vl?8EHu?{^II!Uzfu-Dtf$fU}(Wb0Nj${tVlPX`^q%W?#)66<^)bnr6bB_2*#f
z2I$aY_xH@a8B?9q9y(|?Hkum0hYQ6ufE4*)HFphW9WEBPu$(V1fpzz(lFe#+doLIu
z;krZ{%hZnUvw!^w5Wv!-Jjsec#`ZqeZ45x`u87CF55{=y!}cU(Qy{~f{=j`lf7;1?
zbi7_3XT81|w|t9w?k=_qqi_1F^w0U_O(+(~zr@sfku|0B1d0NtnZx4jVv?Lj2;wM{
zoR?Os%2wTr(n%rpHXx*c&EU<m*yN6dyOI(5J@_3bw0blY$?H+;wHBc5pgnV2@8L1l
z(M}Tl>Z^M3W=|^bUA1MxqQ&kXV1|KyaE`|ngX83&H)Rb6u*Gr`8vi;lKk~G{?DiS{
z-d;>8S?khM&G}3$7SI0l=`**J&kz^Q&BqJ7AMv?9EyvLoY1T3n;;)|>UT@*PR73Dv
zg8VM;E03lkRjDQdxTMLtseRJ(&S+p{4t{>?zE1)bYRE*TQYiXZZm`2;n;r>E!$<m&
zwCw(<h4Z(?&yh<S%d0})W##q`;8oZI(J}P>h*SMJ3$YKdqsm>zKGM+8nr-d`iRH@t
zHk}Fs@bLOz&c>-eVIwYP-O#y2X9xl!<CA_zARM>~qA@xCp0Ks%I|>gPO<d9CKEVy#
z&5Aj4)#_D$kUkSp2!Myeq@2Cj6=~3JQoH}RwZBkCY~dw7@1@3v<XjvzUw~7KYYkpQ
z2dKyoI;z<7E9MRzd*i<u>GQK)FNWx}-ZPt^k{uj`Vj7-&*qLF@x!i-gfvuLgKb8K4
z`GsuaCuUjM%zafgB|Cfl?e$*d6rKc-w&C188hQgkbZOkVRp0r^IKQCNK0NfS+ZQj)
zqI6PIZ!WbwrXD^1Lue4XX0PyC;PTdLjNihh38&`f9y7UdG_S44;U(~CjR$m*A}S<-
zJv`Fe+mp@i!%v~gHxPW}3Ip_v<su-GP#8Y<&SthGErt&3H|^O4l@l4#SfI;UOQ1l6
z2En4+7de7wvX1YB|8Cd=!-@%XAe;tVx#X4%wJ#cqql?Y0@Z!PF2k*f!WG#zz^4T(b
z$WuxRn&-F)$L(&vy?T0#ktUD2*Ej_eaOvrtVxotOjgSNYh^`mAM!$Jw@i<zi&Nhvh
z*lqLVd=|%YMwU_D<-)d6Kdt%~%$%Hlou))!Z!kjVrus+oy<8NIX{0z@p%L!i4J~he
zY8cwbKlmw8+ij*h4&;zFw&1))9lEWD6|{DX`~Wggx59>MVeR;RaoKxcVUQD8UPafG
zrSm}io>kWP4Uhi<o&Nqj+ivrNomn#zf}Nt*&H~rqbZlSuP@eviBfi6`57z{;f5dcQ
z>0Y<jz`Dsy5oihnz$MeTpCR$O)_nz5r$14|F<{8T%0eo<H`;8ZiTjkD6knET7y)oe
zkyPL&pR64&B=dVG+ZYdh<UFYw9DvLur>k&K@5!AMkGNiZK2;meXMkyW^y7ak^cnL!
z3Du}@^NQpp+>PB?6wskABb2VPo+~mlCsv!ayYll>abqvT9fL2N>i9+=9PniJ&P^2?
z+?TdQr4JyJglqCR1O%H59*_O;XYtzU8m~9#hCTWs9|O7@+4XRS&>O<HP+Z(oT<u}4
z+rY>Q$d0_V9zXrZavgT|zYMS{Iyi8J5=b}rJZEHOr$2rV=ld%Fh^hL17KJKz&in5*
zREzc7PdBof7K5&5Fw`0Zb}tz3giR-CZEzDb{?v*jlzw?<wI?dbxVdA%(M0Hb^~X=+
zzaw41!8rm7gX`h|vdDV2gxXI_v(4^IqlJK?|2SFvjezqHxOm0g?|lN_f)i|4pc)Py
z!&I7BQc7ygP?w1O`SbGM6;WKJSNlO4g(^K4Wtm<Wa)nBsS39};eI;F`UqRR|W3SZ*
zIf*M)AzSL*wfBEoBBujKLdH_8W=3lz1bK>vb<7SzC9MV^H$wGvV)2^|x>vcKY5s2Z
zuXHqfeSv}&T3+c$Kik?=c>X6b^t5H?@gX)5-TEKrqs1#YkTk*jkgcYL7`M3B+BF&X
zq~012;z@o_ii7P0pb2cqutCpj5dEw5JjBcO^X0(8?AWL@k?<(C&HyPvSLef!qhn}g
zI*z6noQ@|d50k`>kzL&KCL%eeqj>;~2f8tXJlSxG279BYSHAMnvryGw2C=IHgRPqj
z(FMhi(Gmg3mB#WJ=51-Fg)x%NY5ZxtkN3I%Za+l#nyzk$)JQ~^(d#t-_k>(ePe{w$
zeDh=7Wa!#)oWfeWF3PDD%GPyl;r_it%gRKf#dwsIpdrEfaj`v1n*df&`+I2Ir|$e`
zJL|#-AR+>c-1n>oFGAI;SroqdhEQN4J_Y2m?F<51Zt0$|H8~ZckvWxQcGM5$Lj6Z|
zC}7m+FG$e1z6c|f?dS}Cx=eiz=G^Y&Jj8AQw`RM)#7%;{Z$tZ7&4)*(egf9|<bwM?
zd>8F*pG$IHsDD%IkSl*_F<yYRc7F%5XFl?mw`+lf*SA|~64KHWnuQBlubOgXbM*%j
zMS}#1C{Uj|+@zYiM&<evROfbp6a4Wr(aMMgouD}@-XdJLi_lQeum_^rW@fY{W%nIC
zjq5Gsnu@%ICPk?tzru-1uUG<JK8R*~{OwhbbVvC1uWzwctbi=r6I@5BHZgu|yduc;
z^?iy?0D3lL*l@#DV>7=DgqjWTrxUCM*UimnwS_7W##lPU82(d1&t_SpQh76D{GOBH
z<54KrvoIylbk{M}C8PbMH8{?KBrG*61D?;-WcJ%uT2mw^r(kbwiH)&YAvZfagBWU$
zEYdq;$(h3C^-o9G%y|o0LGt>bUNKf{l9of$&5PBG0J(4Hc0PuH20@?7Kg2_H!D)F%
zaQTShw<*xwM#L^R=rltWMO!8i5t(PZ^Ly<s5-`_+{sFVaYTC6;XfXTN8--7BT_PoN
z!~c_LCFS+#0=)RrYUWQ}G`W-dVDql>$(Tvn$oN?FlZRSh&`pEi9y(Ce=2yw`{&!_f
zuHM<^e}SsEw0SCpaf7Tt;|g9{?F>m_4y1+d+QM2MR?UQjnhmH`^U*Vn2eX933EW@(
zy0hn^_zq<|Y@IUr`Kk9Z8Es!2Hn8kYk5Djz*ydA|$_6uap<!*NiMxeftFOdquj0Wz
zJltPr(ND`lcbt5<%<6$%s}bq)f!N9XUE=~zQ1ob_&>b-w?%XyqaI_013p&$ZVF1hp
zdQ9-UzHy}z&DvHFFCIidaJZVJjmgi?qJ&~8biA5eeH8LZfwBWIImN;DcfU*$RHMK8
zIyoVmRqcg)VPWy{n<HdH&%i~u26`-@ldo|xNG5_oK?6an*da!e3}oh(JA9slpOEU@
zYi_Qsviw4kGM-dz7A^9Xw4>7w*rq@Xe=Yz*f|@#rQ6CQvmBvR$=9;0;*j@dJox?7R
zD*$gMb9yHOHeXl$shV2($CK^@I!NZ-V`!tj|B%UGztWb0nSpT4D-6?x!gq*v?v$^$
zKY=`HOM02#YfKdNYD>=br*N$b8(R^lb5U7)FT0tUnJ1$e`a7A_alW47rtzLK`;<GI
z_&dx|CEYXi$YUtMugo_7e0CgpQfw0{oo8w+8DCn*I-3;AujmS2lO~m>oWS+p_y60b
z&~1+&Q&ySj6;1#wJq%n84HEb-o^pi~`wv@SYGAqz$lY$KQToFdAQho(G4Tr|rmFU)
za#ikcfNxtfEQ?j*A84^FvZ^CXHsK2b4UXF*ey9+y$0ijkO$(3rb%fr*tP!u-r0?gC
znP29>3)J`trZxvI5})=8#D_Qu0e6geeYn`SNIW>Wn0n~<f>HMmT&CJ?S7%p+>5b!H
z;5XBf1VG|hJvs0LP`wI^V=GB)+h4FjSNP9PPEOLW>^Xctd;^9FicR7(HxW%snlmvd
zboJq2ZU!xay4B+)a`JO$c-;XCxSpimdyP?v?)>|R_oWVbLK&^u5*VUGi6UN+XeF`0
zZN0Xg=b%gFG#K~VczW2$eo{$rbdf}2vOsipx91IPwe^OYz}H3Cq94&1_#T&8Km;<P
z-fXuOmTkUW#{dF{OUc%RlamqD`t6mgtH;*v`6fs`X!3c)nFIwjx}LxSO=A!RS7EHP
zlfq1fl9H0<;%u#F5xh0R321m=mco&MIRO3g5}rWV?h^=_v2|c)EQfZ3=tA>SUG(v?
zZZptbvvOsb(d4py9tmw-k<L>P7rOoOO_9lZ0=9Z>+2qg(*y*<*j`?yScz0y{zORf1
zp9Jd&XcD-mwpX7E#Kwt&Sj8vpx<7zBJd=pwm?)MqaB%^^L-_uqbV$@}rW}RoVhKJF
z>`5pYBSAFab(s+o5J;RZ2Wml>+@kqDZYhp7Q+ut;wTVWXo?>njQMq8<Y;ogk>kESu
z6;`3L!Oi0X6sWN`=|13K>)5f-O)l%Pi4ZH<ITZZ1+-sr!^V|NCgV~X@6c-A`x{474
z^p}fp9X6lZH2kE_Hj7>%>USTtoK002eZj^4$nVeJ64B99hSs|94*A5eSd(>UPh06>
z3LO)bolcxmWeZg*-~|^0fP5gS9+JcyXurDo$tIN-^6CTHDIzyA3Q(6pfjWQ$6AHD8
zuAUj?1oLk*VMR1Fs;NBrWk$7`>ESvZey*#%ZodW>){76o+MMDND^|hq-o*sz?sCsI
z*u*NU;Gd=RwA_xZ{a^8G*7Oa|SRZASFbQRod$tNyc2eSuET8Nlur7aN%vBa9Vi%#Y
z9Qi8kCZP~OFCLzBjsSL6cqv@|#z#KE1{VvcK<zJz=ujY+^jS*+6P9ynBo1~7(*uTf
zq;D(&I)UIe-^&Fgw4+@-DiChd&P9C^zO-trMG=n&R)L9TfVlF?Mcb}O&IjldAo3p2
zRjjUO(D5P?m<AEMBF_6n5HX!hDJN(czjwx80fu5a{Y#{I^e;f>z1P+Y=Or*B{@Jlu
z!BZujb&)VQT{z!`8=T95)Fa-%+_#~Yjo6eco2y-@;{X23iEx(gtKY<M-v!#|J_<aG
zijMxm;LgHMr#;S>=Y;m24-M}u&ORcj<6Du)ZWqY1-HR*!>BNAdybdQ60SBLpqmcm8
zl;}XbPpmZG&EJ;*&z+l(k}49y3lo8K6Q#T_I++y6qoKx1idcR|21+ZJVxqkt0CRPE
z!XP!2VKr64!GV*jBd4y812Py-LSop_QfUnl12cQBV5RZX^Mj<M(twCxqX7(z=Y1Oj
zPY^VvbrplV%Wl<I<CaIx$O23nn#;2_ZO7l6>Ol(G$0<OBN#Vl!v8HDCl;`}9l)K`>
z_fY==H-Dww+V`o+;^}eZ`Y?a*v9^M5c7DuoLSMHxwPOHUr+SvkJHn|1qTo*v0B#R9
zCtNlb8Bd#6OWx;i8rUp*uDHk`e7xiRQGXSDuHiBfq|XEW6(JH{C%)71?+H3Oj+YO$
z^p6&z7nho(z#~6py~Z%S6EtP~a-^T8W~{iJ{tSwD_DTc=;mtNB0m-lSHF^}7UI!w+
zbQ(Gs%_yUb{AV%`E-By3!;S4`FHIyQX2<RL`1rDa=VmmBy@C)G7u64uv0RME6~UN<
zY%;Cx&`jwTZ-4VS&H1M|!Ba95XVDm_5Ni()cjqVFjl-Kf1{P?~js1og<S;YQsfYzC
zqE3+q34E7%ZEwxP+W#sSd^;-BJICh5sdGhFC*pBG{u-&R&Bg7%_37{B!HGr%=~7C2
zY<|8b3euVoWJ;k&O#Cf{FNKm!j1U-rq3Tt?ysi#wJv?v+oc}$faPKeG$38t7K4?t5
zbwWPbv9X&?>cwo=`AW{7&E{AGJiJJrX(2prck$qgTt6>2z-h~2V9dBr7jzAM?~~0j
z(a#RB?|+r)_nK&@2w3yZMOwj<8i+ETi4emnhUw@?t<MG)u>dKM0`0UV%j<116?C@o
zto6(!Ea>UG{{52&3rYh2&$;q84Z7ZJM>}Jg>KKm+ZEJ&%Ld{hv461jJ1=<2wd?7Vc
z3ZPAIP*sCU`@J_AI;pKK>M;v#+_^nn2|(lInRNc60e5|Udvvlt+DQR<WP>aopuKjs
zx6T7Yt{_hyY`w6}<;~-4)c2k&tOf>bz${45r3=1{=+B!lZ+6|nAKbaI8EJhk>V-J*
zqn4y^j!t0JfS5&qiUPvSbjbVsvAuUDAtRc6Z6rTB5*E|Y@Pd8m_-crM%RLq3dW*On
z^PYX^OYNan<@jv@y$f_X8k~^u14wrf$mHCX@$&P(1q#aRTrX+5FAvtHAMQVGof>AP
z|J%B@lZ>VN%J;dn+<r%atwcMN$qz}N*Tuz?TsBAZVi&&oaSqT!SgWT577?8IB~MWB
zT682yP@Nm|EesQ<<NKF>TSAm;m}#4dHS%AxD2eZCV<3H}i{Fkn8PB;rJUnmC^*S1k
z^dpJkMRYwuBJ8oo@YQ39X2M?G(&Md71_#wbt!IL8gNuXf)uHBsR0wg_|Aq<X8>*~B
zLDhkL227oh{MR?eo0AuNct|gaOqcjdlKE}QeD50N>O@ggZg1ah6U;r_MPo_D8A={O
zg-SJaUZ9Bu<ZVzfJc(Aq|1)pl=&*Bc7AKR`RY|V?BZjspW6JP21<ttZD7`4UM&j#y
z6EQ0ykJsxc$9FMFK)eHox2r!v_~7Ou6f<2w2lZgKbBfSYz+NG0(ZQVEw3U5tQcqhP
zet;+_vQ?{r<F^AjIL)ILVG!66M?#+XlIJhp7u()r*_D^$&9$Vh!N5FW!SQ$XiWn$C
zU~kfj)#P=X1VBR@deTTLsGTWvQnkl&R%WZMeD*2D|6g+grNVy+{1eFY0;_L)d>?@$
zCNSg3&qSx4g^2~urv90P%r|DAsN?U=acjq?$`Ht{k5jm#5NaQnzdG#%onliqHMvj`
z-i45m4~(D+)krHBPJo5fZU2D<(tRqWoH@qEzYk`ymR8#H_jc7=-x!ktDeI4rP%RFK
zHkUD!`1@}ZOp>t!thjbIQHZqepxtEaGh{NbDx(y$nHXD4%M0p7<m&K`_#g3?5U7=>
zqCpY*x*nDWawY9^H5Rg3w)U~R!n;*0*19t%9}!<y;d~er>>;SNMUJUYn^jlWSOfm@
zG^YcFR&_jdSrd}g@hPr9MQXU&%YDdf^>A=LTdJJ?1AHfdBQwARZmY|af3oHcw))$^
zWD{%%jmat@@2a_4{5XWoM-x)0r`OT7U6MU20!Dd&&Paq`@4{ZI*Lu(GqQ>FH^>Zj?
zOp}?FJ$Ecm{x?3y>q<`+UCecY|8p?sqi^mw&&0w%3jJjF4yI#R1!m-csh!b^G&)f@
zp?K#y@$K@7SBkKaJtv@(@7bKFin$ya0E_m81d3HE^*RwJJ#T3N0%_U=X;R(8C^FF+
zmx)d=F7)*AeHxs1?m5++w_D@CRDxSx21YEGAKZUnIA?1yg}VbpCD#Jcf}r#7*J9z~
zid2!*m=vEs%k^wb$5DxZ_oL*ifCM23UutGcz6jr%8O!zL^k4%T3M-nwA%qBTb$ihc
zYM>}|I$t{??Ef6#MR0PX;SIXcua*TbpJRR;HexwXqvXoif;Xc2h99j^RFcwLp56#X
z2_1Lmer71<>Jz8BZU&jirbQ*kd`eW1P*+bp&sO^7{tpCfbCeR8IASOb##eXte$t(+
z`NDtm57=dev_D3Vxb(m88cgsDk{H=paG>W(#M1HZeZw1E3YH7(gvojcc1)>e-PcTN
zzC56E+@34mv0IZKWT!{>8nT?6{+i2@m`1wY7Xmih|6I_oVM!m8kzeZm3nVnR$ud?%
zzZr_?_|Axn{Z<vmeye_6-w9+owlbb$fceLH^(y_MG(s7tJsiqb_P}m5LVG?AwKFH?
z4?^@Nr2axa!ZQ^dDtQ74_8YcEaxmZ}AK6zMe-)c0v4CxkLU8n?^S5*cyJbnAw}^uB
z`DZ%A1dKWJW3|(EfSlEubzy)uvctLvG`f=K2uzNBF(0C}Rn+cI?yv6d|3dUx#(CX^
z3$={@2^q!e{_hi(vHs6}6=2Yg#$RSML3I#{{8#noXhot6n~XrG#8*;Ye`W+CSNi#;
z)V1RuV1(7?e@9psX+ZDfo+>pNvuUxr?FxmR5eBo0RmRdlugL)!XAoJ>GfekJ0%I>l
z5Eyq0wU{(z_wV@%+RS}-c<$8kis+tX2^wRK&DqBO3=k1Tk2pd0?Ht65h@;7Ii}Us5
z^@h4a?;36Oa!?O8Qj)isy|}89*l0U?;7UmV0K^5KpXDWtz8d%(QaLgk=aD3{2z9@s
zxC*$j%I2iy-w~O!YI4&Cg&i9}3VpGtMV6MPWBC~1crr?!Rj@~b<GdM)FLk{$Cb~3N
zqC}aj^WzQ3+2(^3OtYm!CJD(uw~-G`NR7pomdE&f$<3K!2C4;0saLF|;0R6LpJVLB
z(NATe?+AmCh}&afDPs0jP&ud5Ifc$Z%HQ^BwE@<K(d->oD;#Tli2DOIRf*qI|M`Cq
z0lpoK7$oqUW4ipF`QB$ZTuqPcrc-fD`|?M@v!DiqjN2^VQ`d!j7LdG}MZsavzi~{g
zGBW@==4bG{XCPpz^pk@PILE#?gM&Z_c)}37b#)uPLRUZ`c$%L`C{lIO1K{F{SQy&o
zcead_FsXOlL?#3}nZA(kqQg2Oyzob9{pp6IUkv)ZVddWe{TBfS$C-M4XSIJ7>%zy+
ztxYaAm?C-AViDN?rw{pV?EX8WNo5kb4fU@hJ5PSul>4>LhuiKQ8BEj-EEo=qXtKT6
z41?bQp#aCjr8MGbh}^)~*f@)5$+ASJz9TD@7l|9W81$fY<v>(mga0XZvgmivBTZMy
z=lJcxz6agMg44Uh3JlET!TVcg(?4*1m_ENY%7*0@aan(WQJF1s?SmI6u8(`A`IhOJ
zHGiIHElnb$-+!|lARFa~#}*PM9H?(?w44?V>j(YcdcnK2nr^j`iZdPhLcj4+c+v0j
zxqxxH@fQ)nub*^c6^aI5Y^upwn;VN_xVUr;q)36_RVc=iM#m)o!*Vx#=bBgx2o*~6
z@|YfMhy-6AIK(nx0dxB4LjzI8J(L}Y!XS|R6e9rFb!NRs)8GSCtntr&Fj*6PPga@k
z-F)3S9$V3L4rw+iIhgnj2eG0Y4d89nUL8v3j%1cQ*;1^(gunUle`;LQJB2^ZFNxj4
z1*bqo*4%KqmE<uAEAE-wC7cXlL?V3Gr=9=E83@PRcZX&F{R#t5IHv(7OCL9q+|Cdo
z?hs89RSMvo#{;McNLWw>7WFRc5eUM9?m!P>Q*!hs^bs<8AbXhum>n2w8{cL>19m#V
z)E)E9DY^du0RFdqdxX^CQ<N^3uXOj@mYDnDhFTFn#A2@cDGJT>$Gdj=iJ1NGx%5;}
zRQ$qVjI7G+2ptRvDbl|`VN~kxmiWpD|6LtLRVW*?@OUjEXPk4s{?jW!t@P%TIj7%7
z`YyAlFn5PBx~z-)mF%qVe+J|juP?3>h~MbW&OKO&1oKUQo3^*X*A3Q4xZZIr-S!$X
z;Z&OnZh@H8@yQ6aH1+N*>*V7NwGX%Rdcp7<7|MXEwHii&z@7Ql13Fs?1X@xW&yb7t
z_;-4h(k}47KNnSIxI2R$yJwG@|He40GzmU;mrawIaKAugWD?Yt_#SFB&`pTp_P|2~
z_nnCOe;SX1>wJq>(qkz8U$B7{gy{@0X?hI0Y}2z_-p>tQMu;&+ZNFSVc!lPK8Vmiu
zu}WZh&z9M}wEtABz*ywv0iGqP)amnQX>2Yd#FU%!UgZNYAC7)yy)^kf3V70kX*?22
z0Uy@pbqy?}ZVwlB=1U2ya9Min?f`0-ewfk$a`!J6!bnw+6^@+5=U(046kP~FK`Nq5
zS1&eJ7)k|6VNRVrXxw`EYiG;7N|t3HGkUE9`I6V^t037_(-KaVlFv_)?^J;@2<-R#
ze>{C<SXNos^&<k(p>&6Ugp`zYBOxg*B`w{}p*sZ?q(e{|0qIWZZlt@V``gdF@B7Uk
zubH{#n)95q_Z@4kd)?R!zwOLdc^54ZzyJKX9XUNc-5E^wB@+eyT|rwDJoK|gv<Z6f
zQT_Dk7p0*(!u4CQe5{p=5NQU9PE<9c{VGSbq6N%;1J%;km-18okBJ2xXy~({%m!t6
zjluktb>PGsfO<{WCrSXy!X!`w_!yWmSbe9A1IP=<msl_W>&k;qxjkLM@S9G4hpbRe
zp7wN01tjCO%lkVpQxv~@w<q^G8_d^^ySRL}1%EiW3^**NzL8TfDbJt;V~78$2AOA_
zcRCnE?k(b~Fr>6V{|8oO)DV&v*P5vn-~qOExX5W!ur?DFEu+Tk;?inayu`HZqC}_a
z<0)|Bo&3yZAbj!Af@sI`zn|Lq@?tY%rt$+4lZ_=!jJn}v=x|-VFFJ{i-+UcQnrkX%
z5Z=oV+i<Bdy#EK&FeF8f(uC)mokI6_CsmptIeh+$!w2cvgpDVFyf{4Hl>t<R$G1hR
z4wO9a+j9S$-hN<@!2MxuKK$8pt7jWCh95pg)K~MS-JIow*L%hARw_Mv%2(q9+I!nI
z9WAY<l@jGDCKo-upBjY(fcc;P%oM!eC$ca1c{DfQ^!f6!F%6r+MoSDi7=al2j0u$r
z_rI@+1C;@Z^FRX*5H4mDzv8@Wd{t4F*;nIGxjlugc5Ilfl?@+#Xh<Gd^vUPY0_>KG
zA~0m_h8qTC#kD`f6N7gyI0(5GU{d=(Z3s36fL#>Th=eFV)^6+f;~=bQBc#q^x8B=7
z<PBy4NjI1j#UK))fPgcZW3`fSEzZ-nyhUGlyGQa!v)0o^dMN#Eieg$6iM+}tXr&Ym
zCL)0Xw>DkC@~_}^422#{#dPRo%>;njfe&5Lsn}SP^+{xzj?p9->0IGhLS8#`k~t;%
zozSW@Xng7JM{;h1(q4kmNpQsW_V!is^8Nv`RWJ=|T0;hMH6BDHBQsn5%o~f<KdasF
zeDSI~*6Mzd5f5z^lOpOO3|DJ*8c*(h!0pM_f!_W5GCxu_D<N2FYO3wQT=gNFmzURq
zlwUwK0UWLff-!!3F6_~kPb>4(=g#x|u?eUBMX(X2XtLZ)?4LrI%1@BM0b0Sx*Bt;k
zf(M#)+wIz#sbDlR|9WzbywZ8HNj6^|2nHE<_U@E{5d=U0M&KEvQ)3)e*f|VIEq_BN
z$o=y22v}Jl;eEC}kdmnYVuN$r*$!~|Pt!F^ROyfvQ{UtZ`<!}?rhoY&4fJL}Hie3X
z!S&|Y+vwll(eH51dt68j0x}BtfW%S^`Hy!@qE8J6>RrF@ULGepJ9B*$L}<?fiT8F9
zvc5Z(8BH8LL{?K98wZ|bwr3|NW2LCEOU3Y_7uW+t@ZcI5dB67HR9aoFpfvo5wa_iG
z_|x#}+wNOiq@H#G)u9-*M@Nzu&kO;C5}87pV?K}#FfmWam!v%ohp;=Z$_hSf1-c5)
zAuGTPfm$p}dZ7-9Nbi`Mg)1?ZUSSC|4zIC&!^6W-MXcxF42V0wP%WH*Tcik)@;Z($
z8rb2kFKzYs9j|Wl*i(Ue@p}Kes>AV~wjzaKPk7*y@CHXZkt{+GOV3RQzZ#I(Gy}_s
zGRR?oB(eAO3E`Peb(dQ&UT-7yz|%zyiut-uN}wZRmSECL<9D&$o2#}9EG{nQJHuHE
z`=53Z4;#yRzGsK6X*m6tktPZ9mH(7sT(bi2h>YL=x4KAmTIx$=Q@UskB<AuJbbOW|
z==-g~iIY99^e-eb#K_563-mWap6s3*3XM0i4S(J@JBMG$#12kCLj~Mc|Hi(&4E{2i
z5Dz+<e?YPfm^$f09bAA^T*r_EA091ht#cx60f>r(!|}W$96>3I6A^GjOVu??(P6*u
zuNdI?#ZW>5_Y~8_Pl*iTSN0#L%UUi7@yLLMKnoadJ3bkLNSLi&y{aIj^f?{b06xol
zFV~I`J5m1k80!PQOq?I|Fp-XKP>U6HOEf>bOF+fTCJP6&+fUZ^raZ%wYhS;dtu_a>
z3zC^g0h@%NP<V9sp9_9aYr*9@pkm(yKFcX@oK2n|Mw5JI_WHZAKYKjlwrFH&s_qBH
zZz}<FmfKqI*8&gs0%HkodT^aCh<?b5Nq)iU3^c^DvWgq04;5~U$L|gyvKE6)GB4A-
z;<^D{S+Do_`?9jCmRYs}19NpfTfJe*mgdjpo~l}m<Yi@z+ayz)488J&hHGziHtk~$
zTQ{%VZz=A)Qx7+92sAhE?!1K$p^G$u8fX=H#rAKJ=2=Nsnbm`DR5HK1#mOR2Dc!gN
zZ(x$2^LdzNCAy*a{QTneY$JS}BHn&O2MceY6NB_)U?=<F1sn}4I5|13(IjZUQGN2m
zdH?*8C0LHdY*g+2`qRhHg0~@Gu#W!uo}qPX?k@OO5BXibp}N^j`(nujk?>z^Jz8Dw
z<Iqr2V)sXH$wNXvVqsM@Jo(e}rxo;a{rYv4`gY<ekweMJmsZCga+{!`6Yl1-1I+py
znXCfV+>I}1M~vL~e{F4RC<wYv{9USk+mwIk#)?W8tQET$lv9!!9m{{?d5u^4^y!h^
zhYxAUUhjzb%`o<2DDdTEpo^)YjMa>2()jyhS~mr0u}7~oN;;0V$C`g$N^!lkCP1IM
zy~T0ZBdRV7&CN9lE-v1`TJQV%uw+joc1tEJio*KIk4rD(6{n%i#|Se0jQ3*}&3iM{
ziv{>yJKIL#!NG5MIBq^A1XhKFc$1571poR*qA*$13SvmGMqPDHCIrK_{oAp-IizyA
zj{fiDpECFZt;t(V%HuUygGp7G3Dfof3;6mZ6!j_4<m9%dzoT>2xrIts+lueo>Lq2w
z`UtoIU<Yq#>PJCg`@xoq|2YzF(1oll-@#r~O%hRhDRFLbH20S;2+X7dCY;CAjHvMU
zP(aTi`*0awDhKJG(b2PF<(T%Bxi9ehGaw{eT9#FpiGp`F&*2~|tMI;oh`*~VZYfJZ
zh<cXuZ&Pq}6*s4qP~7nNxI#ok1V0-cos@=9m?teNN-H<8hDItiXg-j88kfhsd~Q=?
zI}`Bl(<e{8Aw%|Iw<ANAg&JHRWGp;;=K#&4b@ch-A_&Lp>Q~FAZGP6Hv1n2bPteT>
za<j6&5H+!9KhUcWAq059h0@g5f;xV#I+sA{i-WECMgh-{AG76$(h+>x$bFU(u%>7K
zdGqP%NFxhe9Cowg&f7ZC3X%=Z{XTAZN=?ri^V-ZztL!8G(36QPmG{bino1cfKB`ZD
ziTJc_DnS`>3CZDmN*UnA%LjgX22#88_5`|dzEXFPcEzxqwzglqrsjszbS0_-2gf|0
zr8B=YDanV?PjqoMhP2WFo-FjwRQ~=A6ZCkR`fbNlRaJG}>*7GD9!$VzOc^ntP{bhy
zEsX+mowu^Gme{aawfr{cZmgb&r3AZ`DX@|Pig0>@{qL4uv(d+^U#kq})ZZ^^7eF3n
zOhaSe)`>*S$cT_pFVpPHzSuzgSURTYg3K*DXW7;?xM3&*iD;&J4G(YFZJ6qmoD=a5
z8CyEG$p`%6znQN^plif@o4KQ)?$D>s$d8#__gadiB1xPLjNI?`h>J8z)^?+$cU||P
zGRI9t3#HT-9X&e*1w|d3{R(R)W-BN8N|*0X%+=NLJ32e5S*ahDe-o*tlz$^CtwEsY
zc`EufT_|{TICj9KZD90id~54`F&`HR=Hu?@_DX!_%+ZpxmP1*trpl?(WgFArJ)LGH
zV6b~i!^!zCfCvdmCTt`8IThm6)yd`@l$?^1;>brv0(((y8;#Gyv$g2QtB>fyM~3yD
z*G_tVqHxjY8x!NpXk6p&Ht)VKW-3S#10Se2{+S|@2}gl*-t657EY-bj7D;l8F;8CV
zUa|^!-LJ{I@6WVPaR<;a(go|^-Q+ATwGs(_#Pg+OU;0Yk+8o-xyp&za7W4Wwbo_qj
z_fU)frPGb;>E!6jjc;3GN*ZP#u$$g^4Gknei6sffbak~@5MMO8si~)J=|flN)+>3G
zdDG&bRBKDl59}0;OoB4m3k&SmJ5b-B9WURfP``Ysx3RNBVrXrhD(&Dd`AXs`PIin^
zhOn$c61$NR;KwcuW>BT2wQ4M(1m)k<IBlA$@1w}Ox_XMvxFV%<jFMuoT<dDZ<Rl9S
zQAfL>2dVc87$8D-<d45gBp}RbD8g9qyyz0Ov56w$#cJf@KE6EABXh97v^;5>wcsLg
z&U@QF8cpg^fbiwt0lCJ`u9`3GikVJb9fMMU08&Wudjxz8^n`i$+n+#t3%|Y(rau@E
zzj9&fueKIT!4k3fB<mmX&(YRN(6>@mwQZ4t;$=bn`sYk4vdRhx?P8lWn>yFv*6Xva
znI0bqWm#5HAt<(r+wr4NA~BEkbVW~3Pb6N56qoVyN7PMLz->)JF<tO={D9fmBhf}<
znWA465~YtG|G<j=k<XR^iO{wzkaHLr%?mYRaBvW@Xa}rAcTx_{<I80;HJ-;bigk7W
z-cM>OC}50j3<Un!nNWVGa<#lWe}7N<6#)Sezd%&BugCD{hsvdK8zRQoh(B3u+U^Vs
z0YWU9Kk!F<!FJ;@vr*d7(aGU7Lc^j}C6|jvl4|eJO3cRARAR&q5nZZDRwtp3w(C|e
z{qhlT{PnBGxcHrVR<r9%pqpY#{HP<jT3Apd*%41$<FJ9@HX)&*@%wbCHSqrW`Wmy;
zNfAdx^eN6t=%-Jg*39~o%8yPqhYCc`sN0Dn30f@%NV4|W=t;V}bDz5lyk0i-76ds)
z5zC6@C5O=@3mR<>q+u$B6rhyW2A&6e+7svK$|wwsfqwSx`P+IQ_DNFW<@E%H04((-
z;Lwb0X=VH=i&{E{6gWl2v%P+Obao^vX-G9>9=)bp)z(&J#bMlv5Z0#eh!q;B*Y}n7
zVB>95X_|#03|)85?4te%guQd?X+JRAR%@*K>sL~pH}tyFd=N3m-#h|k<oJH()uoOu
zE!(SSFwvY5zS-GXC18`yszOFGf&k*!B^{`gR9ahGjhoUjx2KCqC--Io2OB+A$Vo<E
z*mm=N8IkD16SLnY@{DEnoL!_!3FeDymih=UJv?dV7c(}cT_c#7*tHu;z?UpM>GDkf
z?V1KL^t=^grlX4*o9Z@^kZ|6fIr&;T^hU8O+~)?Q2F{_+DYKRqEtf+gS+8tJ)-f^A
zo4i~9S&r?fQ)Pb5qc6gu!25a6aP}G8*_*T7<J)D4gQTPyzOI*Aeh&2Xan>Qa+`0w5
z{~Uw7Jg9$b(CT`4T&?8D#9jk$!&=L`HX7&~3#eBFYuyghM;km&2sSo1s}TyS4~R;%
z{F65}-v0XdR3*C8gocwHXS1<E`Mq)r`JsS2JByHDW^RF;k@L9R!zFHaTABkh=ci4p
zS=YU=@1(rq=CfSG7F^cal_;ne2dG@EXXpDPbvC*$ein#}$)eIpN%erT#7u{zX$@LK
zsjQZa^}S=C8OEs_%YSg(9Z%UDav1*;URtUtr$b_#r`QQz%qh8GP1f?{oP)VJ2z>8L
ztv*kT8*VTA1LtW}zJe|leI2y!VqFITrk&<bbzCIUgQ?+v^751~{}4!IZ+qNaa(EXN
ztHdQd&h(s+(A4A==HpAcFmOhshG5{9UVgB!;5!CJ?h?%<A<nyVgoPJ-V)cV*j4@Fb
zVV~N>5j{MpIjLYp-}3LB`N>z!2RrD!yoRL=>oL@yQi^opK6%pgTh-;}&MnDqCg5^f
zD^<kfS1ZShf*&o0#~-3n*&mTC)ZHDqsDJ)^dAqIVBK|2oX7AM5+x-Mt2|D;IWhvy<
z4)Y7jeJ-t(j3A*lX23(@?R>)%!_WWEyX>J5ORvswbZ;gJ9Ai`ND$i~mO4N%(<G!}w
zvnG92IW*RMrJVe{JXp?CR-TmTKv!3ki;L2V;F86ykzw5`v|<65Y<7O}VXzYc$8!mG
z03>K{x$yDu&>9;X@0?vA7bixnSPTC*2;xWky`PzP02+%fCnsm(zr)LL@{)z!<KEkm
zy*&IT@l(Lq%{le`waY;gc+@XiT81&TuY==N*v@<L$=qC}r8y6UYIGPGvzGe4A}_eL
z^u$kZ?9FHLt}D<#W1|$2hKF!tV-F^^TiVAmF&$)1P8by2J5XrpvOQl7E(Ml|l2Y#E
zPG&zkf1rOBK-9rSM~)>y`YHXRi4eeRsns@C!(_c5KOUi=eSB)_`8bv$I5vfpiJ7_9
zIPK;f9*>8&#zNbAP>kHk37?3NlHzTwKl-76mc(T_+UV!!XN4CkU1<ou_Kpp3D7(g{
z5L^=ew+p>;exWflD_&)z%hXPTxCA1UcWT;k)})#>$QRZ#^@I}Av3cyAA32g0g05~>
zEA!0*pP}oA$-i0ZFV;mkG)YTIiw2*(qq}S6I8ERME6bW!46Be=+weG^@!6@bduA%g
zwcy{>EbZ&%Tk({FFjjZA9SHo0MV)$ZP9btZqJM%KyDRDrM%4E@zk&{%s20b*n=6qu
z*k`p4PzJ9{yYqoMamTxPg5SA?1s(mA`Y!!j+OL%lLGJELzFI_X3bL|{i{LN2jxgM|
z2PA165iyW%#cuEJ1Z?JO9Be&2YVlxi`u-UGnJgYoex0y09EQAN&liS@DdkrW2{euK
zXU<h=vT1pGW;cc)2al)}=Ker2Z)mV@ozwjxBn*OXyBJKj#y4c(!?L<K!iUoLVry3?
zFBq9tc0E5&7IT26L?MG0``5pJBHnt^j-2A&KDgk64XJnCQ$|bwSF-ZDvtMHp2Y?^V
zwFSE@3_|3y{@XuQFj<-e*)2rW_I*LM78Y}-pp0$Q{XK5kz?h$l*r;9z=3x>&x$~b(
z&h>d+ESVbze)?A7!$lJP%D5|P4w%>Q{)~>IDu_o6vS6oAK-JUJ%h?33r}7&ZlOwH;
z%*>TEPl!?)Kq3!H7Yr{;V5rqAv*aQP+1>dNT4+^aZPHV?7li?(I=ggMMG_);UfvYO
z=+!MrzDsP`yo>)esw(;932jIBlb@8rM=r%tMJ#5l`WUoMCmHlKrr*DZ@k12UO-*lB
zPbe10@+6*AZcpR(78EFJsDY;>NmN&_g_sI|ih*cnN=Mgoe~S7#IobVloF6GbNucP4
zxcJYVKMOUbvLQc-*--2<U0$*;um4X>(A+fWL59l6sKE28ee1Q;H$7A%gcmQF#E+VM
z!b;TzC8VV24)<m%d;^g&nJ)i)M;!S9ZZAqyXsC=EDQU`#y1M!bjH>iUnCX`<L_EHN
z6Ir+jabMG-VQy|6A;Aud){)`iMjGgLCMYmF1E{GZzR~M=?Lg0eP~Mz<$?b%Ge6|vI
ztD(7V+5Twj+~)n!v6x_nZazq`0ml*e!@L~+xryUShsQ^gFN1)CnlO*X3)Fc{F8;JR
z?+Olh0Ico%$~y~|{VsoHE2}6IZEN(JZ`MQ(d_-<+9A!|6!YLw)6P~y0Va;;8zpn!6
zR7A+;kIf(>BXe}ekk`L;us}S<1StstOlZHzD=ZW^T&Q<TYmTv0N<khY7x2A)muSH+
z+~A2s$-vN1G{GjS0m_M@BKD?WyT-`K@KzNW8E@|sX+x)&G>*q}7yHkqy>H<;3VbZ^
z&C*NdbeM{D+fDX$6p~*(!9a#qzh2Z3kVGVfq2xArO%2B}@*1wa;q&z3z4l>dW?lv*
zk!=VlCKBvNEVwX$5=(7hAZr@q`ZLZV)1RSkZFBSI<4hFUd3j%+J$<?|m#>s@z3=uM
zg&MSj)Ob8RKx2NmC=%HDfdeL5>ta<@RxSoP4wuh_HTwdGmi@vpsHe=PJ7&5T67dAk
zuaU|4hYGDQ46H6j%_&dr>Kh1j6(#0_%74wXD{~R!H-~6D=17UFnl_t96(t_av#``O
zs`#$A?@on<hl%#D_aV$=OCeop6yv;S7PG^UAt%T6{%4Z5kqjI^{qA=rEas}La=OI1
z(t~!V95yl_Wqs(x-cK>V0$dzuU~KF}xHAj4LkV0doNuS6&Oc=n=#$}!(!LLGxi|y<
z<h_lv4jTOybX1<CAc>4f)zgPgSH-k@N-9Y7<q4LkO3Osbw@(qjI8z0D$;@LZq_iz9
z12>+2e_F~yfKDwe463!I-4@R&{l>Dv*>9ziJD?ncZ1wAcz{_v?L{Y%KF_VU4U_j>N
zC@!T<>{jG6l%CY+E95&i`Z19xtV=WTYpAG<j9_f^dQ6q&7`=d?;C!`iwJqjNumn!D
z-*c*<VH>cTDXhBsLXs!t?GxBp40-wNAePV*j7)wmanT5LH2c4O=<)vkE+oW??CdSl
zx^o23LeG)BB9{00AsDH4GMxH&*;P8YP~ZNNUD@O}r|+LXt)SwNM0#@K?HdRhlb!im
z_QhZ8U(+TY7MsJvCzxq*aeEZx3zd4J%~I1Te%IEZoKb)dwH%sa_5QiN4}<mE%o=Xg
zxonl@(2jdO8}}q44hKKt-Q@E$4CKHn6X?$;3qr!L?hz8SDCzJ}h9@g4>-fs7U+eM;
z^q-m6%3D#Lkw%rC+&?=;qrBx5Ll&ES+}&4^-4w*-(DF!m41fP*glFOP1pzV_=Z-s_
zo64&RyCcJCcMmbemPU3G_@EcrbR#KH0UUcre=1<oIG9IW*dE(;8FDMthnBYkpSTlH
z#u6SMM~@~1Yd-z-i4T_;6;y1&oDe`k?57)uw<$#&yG_>CIegaTqLMfspBkiAQ-3Q7
zNF_t$<6AN<{y?}tSN(v8i@Thkm8GI+WP#Yq3$Ac9(Em7}2BQ;7JHZ=V=e<cxtMfgv
zP5nmD{NQAMJw85ig&f<ub;zqfzf&*o9Kn_F9Tlsmb0;7SZO6hov-O_Jk|&%de;sh1
zCV<XUhP(u_78+I;_#)na{w!bBwdP10EgURZ%#|Al9;AU*FTJyK*~429{6WntQ2+OY
zTN0Gkx9fW>iDqfZKYxO7)UvA+o}LthNYAQ`uu$tn4T=4(;<3VJ)f114L}#*+%X&qG
zG5O214@f!r1oQZ~0)7y}f5`zb+?DI<>Ox0HL(_Q#lTg42Vb=VRmrT5sORZ7SYE*&y
zjNtq&ZTq6<MacJjhFO;#Nl+VuEL-ET{WL~EV9FA!n;G0oLzgAkH8v@I(AG|AWet(O
z7j(Y#uhvP>fEG0BbOZ!RHXnP(s9p3;o-?d!gCEk}y$Zh1*|oq%D7-#=`wg+;r7ogA
zXKhUx4ps`!#P)NgoG}j1b8Ch7b$E^u5eSWx)H?qvel6MA#ZFa4kT~y*Grk0{gELs%
z$jpclO+^v}kOxyUuvK#V`fOLC34#~AQ`m+3`y+}$>3dHxHB~f1hSl<$Y)trEtzBr_
z32xVZ7yNok=;PyXJxq;9cr-;DHE3wK(H5-r%jj{gR1xtSqo!u6uzOsoRY)v(WOHij
zr7&q*WOe|8NnYNHnhwdY(b2f%FCqP>&fp)=Fbk#KIQ@zJO)ik_l_9(Z=HK|b6f;<l
zY#glVpV@x-0)pR0I(hbp#W0Bg0l*@IB2e(a)rKP$`W7z&7Uq@JRUW}`o;@=z(W~c~
z@9iz{?aN1`76&O%nTdu*+z0G-qz9XhI7QDAI<CMQ6@;2v(nFqRQ?m(>nx7wb7atw*
zM`M_$d;@R_K?IbOqoE@9=oXtoGOUy>NnPDrZ>~;H0PMW)ve(n2meLd<Y-n`o`I}yf
z9B9Mu><2z>-NiO-M^Dok9Ya1pqpZAyhb1FuuL10Yg^G$ACi~|0;^9Bc$e)LtAB9fk
zx_54Y++Sb+N5NUeuuluD|9v$Ux#v0FtPko)TnZHb2-4MU@VQPDnEWpPHSx!fAFn=s
z{Ae-}Xh8seQdki1o*#^gj9lf3-4Xz$>MXoeoy*XZ<`P@9F?qoj>oPe>RG1IX9DNG%
z?ci#3NJ<_p5PP4l{n4_qL^b8+rk3h%-a;pYclTP}?;f6hjceIye(2&dHU_*d^bI}{
zE^&VDLL&TodlU(IcPeLdI15i&nhO~;(R1*O(;j$3C9a@Q^buegMt}%W%H<Obz<B}g
z1x@?VP$}qUQ=<F&`sf~s>L_B#-(RDHF{F2)(kNo{RaSiaI}!b}(HH_QZHm0r1PeVl
zKT23!I$9qMtzH!tFfv1I*Z{O*ADGrM(ZD%0XvUgz*;UrAhz`<(w^_&n0&m{Pp)qof
zz{`yq>&2MVB9;R!W_9(gQtd$C))3Zz@d+nAwUX;{dYbC06a7Hz;$T7KJ=k3*DkkQC
zl^~CrElUGZv1)H$-}Y*EY{m&#vq)jkjl8>MSX;%dQw1&Mxenk*{^|Jq%H00`Xc-(0
z?og~wIObCqPYs&~BtSRVY1L~ka|BvVqrfzB0K-00HMy;Qiih}hf9|Tu7GN*aK3mEa
zZ^i#I&>0PdV7~Fa`658i$Q)_e_eIQWl7+palQAmB0)vc)l=tytT-Pm}>d;R$HSQB&
zxg*4;rKQ!72Y;a?@E7`LVWBY;5KUt0>Yw>wJ<LoWfTSb@2y<L4f^hH%@!&aE<zcGF
zer0cF+R%6`o0RyM7K<bza$ENT`BiPLpaBCteaO$Qt|Vi#5cmP)Xfs%~=hLz=^n<K~
z7S<;+MebW{+1TF5$)Zwoeq4jhOj`%r5ZFH2NSK6$8>NP$0_Xt7sI85bLrWsB;mGOj
zdMFK++^>UOdcI!!vsI#CIU7%K7H-fmyh_jx4i5fMS62tv60iJY7whrUZLK<=`X1*%
zdc<8dN6y>#?~jf)-X0|7CgOduoe!Il|Efxug!1AgW9tm9436_Z=sD9zeyWoI5K_R2
zW#{CTxoGkUCR!d^K*8=#$0Xfx*>8!bHFCPNPf!x?m6tDf+trv4kGL+)WsMGrzrIeg
zHbX|j$B&?WPVzWqpvwj9oZ<IQ(p^>%7teMCXF-fvv&37*!5wkr1^hZSfMW8($;~aJ
z^+P!kEHk?ViovgUlW<ylQy@Vb^qhkgOL%Y)ln0=8H!94b1-*|N5%HO0MTJA}1U|rd
zm&&fZ-V}gQ+znRUkXAgdKn3qp6aq{>trGCh_OK{JOrEjK^_x{V3{Mg)KYBEeFAUq_
z_2fF$C>FQE-3mWBKQ;yiIgdvj9p8nH7WsHSKor6n8a?h82I(V!IG7q484&{*I{f-`
zfam2x-QM0-ea4{pJ}EtYaQ`3oNDm5q3J>=m-sc^q4%5~hK_N6P?W-x$AsSDxxPExK
zIvp*aS%Er0(%YJ4amsan0$qAzV>nru90OSbWyELqKAQB>>*^o!0EgwdwY94~4x}s@
zO}o^CdwH-J+uQq4knegh_N0P^Ww<uJ4-*>7zc|DNsDb|9`X_T`?7z@xp94l{L|C}S
z`<Cyb)ju)uT`+(VUcY+v>K@AjSMn8r0<&ey%gTs$R##v7!y(U1;De%NV;)MOqXUl#
zvY@gPS4x)z7AD{|#}GlhSaTrGPIOeSbB(XoyE%Z+aH!w7ax*)*KPzU}iVy|Hu*mCO
z@x`4d04A<6kQ!diX29dlI@cb`;k~EzNRsaTRC}9!%PdK7RRr^o-*(uKL63a3ij78F
zs1cVCC?ASVd+^WnfOG{adG8;EbCXi}4$RS_+sVtD&@nhc-N+b3N1Xip*9}_e!i&<C
z)&L>+mfF!F`P#?lP73S<V**&<SQcPXqcloGh<=icS+AR!QnxJJfwvx#m&b0k9F6hX
znkQRA+#Z~fj90IAxn<^J$T<`=3EQ2WhoNb902ZJ;|9w0Ep3i13q(*1clSEwmEv5`D
zO=ji~=tbNW;=cBKGO}u0DGg74Hw8r%T+c#H<E=!-%#m$8X-$B>wY7F2&Q!@6KK5I!
zvNDm<_R~^V4-<4jQ^{9!fXrp(<-gX})TE|~K)$_ftPEjh(a)(Q6RMoIM>(jesdK<<
z!-Vm>9L8{aor?xKquEaWZT3cmw@;p@VUPfQex_d)NFoBp$e@la&2AuT%~zyeIx+%q
z?35RUtfeIe5l28u+>a{DlikRBC6Fy`gF;tN{U7%fRs}2Kz`=G!US9vf8D-1E#rDCr
z>_NH2phP_Sly4s@<KtVN@{9FcU*dXg3_XFp_*rP2+a$~iN;;qNa>F==e-J|aza4z<
zqN1bMFQWx`oVSKIRa8`{0e+4{6A1qqt~cj4>quZLDa(r&%CG`??LqA-wClXQ%*d7m
zX>s=zpz*Netp;Ix&SfV^@8DpI6~Sxw=R3fzc?${JZ}$_kCu1HOP1ed_JMYgt11Cx9
zW-x7}+)A@jRU@RP2I7O~ZdTTq`Js&X^Lrsx5$~3hQ0(I+U{KF%Zp4R+9}G|d6dPat
z_09GFf_sfy>`h_{Sk%-%Uz=3s&S4^1_F?gB5epxi9@@gy2}f5Cibsa<a>mukvg;<+
zL>9LP!2N0*_lQc;ga__C;y!<Vd3JQfXKZK~C+6S|AyRX~FFHDCfD>%zYdF?+KfbB<
zy(=>tqNto0zMS|j`K+s`pbexa9PdkZxrm6GRj{h99V94=@44_IQyvb$rl#5pFh%Sr
zBiiOP3gr<ItGGV&_R7^*&xNFXW%bu{3JCzsOHU$W(r;^Gyom|M$Y=v%yT!K7eh7n=
zg9F5(Tp#aa1b8UAJKf&J*^Cvre^cYUt;+Y=0XOIc$e<(El9G}?*mQsQgEcCW$gt<n
z>B<e;krlr2Vgp2G=Lm(Gsdq>w?ki#T<HxN9KMR%e$2k5B;}G!hWb&$hXHfZkxrH0E
zw-EVNDP5U7qD6s=z2!@z7h^4S0pJIR<?)~Vh4PJ|*r9(xlX@{{m)J3m!&s`{>a?%J
zr{5^&^5U(kx)f3yHl?(JAr;^t6ctM@d*W&D!Q!=nY<TjNg<sn=u+XwUDmM1;;%v34
zJ;VrT{on1B$EI26a0>ed0d$^X!t)a|BOTJ%+Z4kx6I2)fa42k=S<`<04=OR^+lO1L
z?h-u*8qQxThr}zZfvbv&FG_!QA;b2)PW|9~509Z}P8ZFa!wjMJa+|p_2AY5!<!`BO
zsHjKfzomU$d0>9hISyS>#3wJFKVRbnt#r^EfCG%MTwPtc%vM?^I7mqaKZo`704VOa
z4N*?MjEe;%N$ZYF_ypX>=gqzY<Z2pf?FNd9L@yBNlz(=ZaN=$pVvAs7<85rJkt;Ty
zQSx96`uavYmI{oF*w0m=UwL@UbFA~&WCFIP(%FTS4%z7X;@B9F813|2iQwU)dVg^S
zQSb+WI?hQ`2oJ!%0Qd)fNb`KH8hTV=W?>MxV-@Q9`ihjiw(}tDb^KQx?R=>HjIYDU
ztVT>Sg2HFbW2@f~CaN?9Zdv`^y#R}lkghjv`=@N0)Yr}^gx=oD+A3l$eBQc1b(myq
z%R27$T*xN^;;|8zF22X){P!=Z=>wAV);4!au}|s2Vz)K}gI1b|68NZXDNrc(a=jNX
znv>I`ccq?y9$apnsW8uB#EPc+h5-tqf%N)%FKk_1-N1qZCI^_ZvTEBeP`nNwul~e}
zwm`%;HLY=9L2Oe@TWK1}8?hjI?JM|ue{O1pl-SJNWC^$^)KHN0`g~&E;dk8*XkT6y
zXSPX6{)Q%ij^5yV9wk5z(Np_}M-oa*O%pvGDAMeT)UCEZZh5qafs)CO7q6kO8W5SD
zUgLF4<EEgZQr<E&G^C`fD{#p0^(o>p1TJnR3cLd1=jT6JY=(wjMsj<0VX(~n#{5O2
zMW2AvaLB`nN7zmF>Q$2MtRx`ym{?hYPR{ph#t;ikEx~kHGqkV}JQ`L8+PMeo*`UiL
zqJtrnXvOXyGZh?`+p0a`7ANf?ay1T*;~5l}*bEE`ByhFCD-6vjei_m1{YbfShXZUt
zulM!!o%-*UJqNGsW$(d4{Y`Cs{g7d~76wdNMY9`?l++@INX*4TlGY<53B?YaHX+}B
z@&q+ysHJY9K1;xdAH;szvpcWbDic)U2TlHWCd7b>6sfj(b~(wwlYpuzFAq?VKs`07
zXz84+<`Py=(geuWyCO7Z{O|ynMpBEYHNOM650Z-74jimCbt|pw4}*ySLfb?_L`<dN
zceWT4l9a;1gI|c1-28m`w{R+08j_YK&Ag88LZqclvYti!L(oK?PZwVAiSJud(j)g4
zAU#vVEv#;C&VXG(qqP$33=Y=f^c6(=n7$K1!{Oi%MI=A~8jyA>YCN1HS0{<3c-kKY
z6I|sfUkKomotQ>X)LY-|t=8}IHH0K+k?o;Bv7~YvYJ5oVU0q)=vLHe*Kvezq_ZQnc
zUhTF6OrIE+2M8rPMQ5NZJ~=xhA2O@hh7ISbF%<o-mWjQ;gCD!+{RK?#k1u47;%Pw<
z^AQX$H4fw_^KzP0Xbq2zic1y$`UT?c$R)on4K-tUj9z`V6VPo;G>bT!_v6S(`~kjs
zZB|1RiC+@!q3&@3w-EneBu`9orlXtiUjo$B?v7_nlkT3X<PmRPFuo84Q$_A%cZ<o6
z+}u^EfL*<@{P>aJZcR0S%3TtaTT=203W;M=QwE6%2{{PwcuU80>+qbw*8w!(#4>Jl
z?h6r0u~01P>%AFpe;I&yqp|qqmNS1RE?R8+1~gEkv8!C1>2f$nc%oU-VFwmRf&V}%
zIQT{H(38kNK{dJ0pEunri6a2+(qigof^wmJ=VBcaXno>S&I}+vP<+FCF|lV1zkBk&
zmv0VIA0OxyIlFx4$Lkep^mt|t5Fc<NVE>_vgK1u?!&wq;|D9EQa8?l^zs^X)SX4|*
z^3G*@3)t{a8SJ9+>QJEm1l1x}c2q3o^6pANcNHnIoP4|YiCO>q%CNScpipgfq{7e4
zxSG3G1R+_*T`ksNncsH{-Lae8=hJr6eu;2~_Y+`vKibBqAR`-AE<M4Ty1P3DN{&7<
z@}F42oSj!!D9+9uPz6{nV!X4nGegLxFSt;sS^8mzhW3918Y-*j`*XeEjT?X-?FVf9
z-5Z_Sr=EFv1J|g0$Hj!$6fNB|wTiS7fCMR@_=5^qtz34_<sUEDLV=+u0De9xAJT&F
zFVr2I^H63a-l$~rT3Z{4i&`Q>v1^S1+aIM@2EkU}Dp1ie&smg*6<FBW<u-Z*em_5d
z7b+g!tyxNAc&Ptw+`2nwY<o{Cl0d4ywzl)XGpY;DXxIa&A=t0FqDcecwB^)z$BvNK
z@NYE+(8`eDh7NQ^$KfD)deVq6gbMs^RHD@K@Dy*9c!HMmEJimz{;2GC*H;|_sFZ4W
z%Q<Rnto<oE`j2Wmw&7YRx1kcxtJ)SUT>0@Jw=-%%l$9UKxUr$EtYVqS_bs5WJ9gFS
zBNG8|T_TsuVd@`{YWdsvroksgU=lzw{YOVfV_+}#%kS)50T$;VMB*&s5)e#o42e9v
z2cywUk71uwRg;>H9@7((R`)<cD=)PHg2I~4=WlO!2u^4fgJOpPD{EY0VlJO}D^vea
zH{e$#Lxb$)M|nEf$;p#!{zkDzSEd0$#j0O4CMyzhK&Odg_e~5565xz7OR|m=3U%|!
zBtn$|UVJ6srV1W1yxE)BJS|mOTg}hE)v&C8V4!qwq5k5SjTNFp5r@GaQiQ{(Ehrh-
zG~6}$&f8tu7gd(~%cbzV3z1T$;(hhZe15^<X7oFFzUcmea_3d)h@58)QHgkn?jF?F
zZAk1^jq#i68UBxrew(6SV^XjLZ8foh8v4@1Ju{nL1<_B@=i2Zblo0dPb~&9R<AA%%
z{8fY@tqWCyYd*YgZoV4TDD-J%wbqziz*V8yaXkV8Yo&uVv0|vg_~FmjytKbxT<)?v
zS&NU4{|QD#%Mki~uG;uCiWpoJ<)wv4!XpPq@zDf^d5+geNJZ7<{)3g4c+&J_86rO7
z!{N{1K;%DR=ze`y!0iwV6hQ1B=4+(Gppx0MVP*G&ztP#>d@*5}vrR%~#RjoWv$N3z
zGHUphc9dIOBp5u_ARA`Y5t2lll$87^kX0teKz17V#*GW#+b-u|fjF`P^bu6<%KuYH
zq^f-Q@ZqA=SfVSYlT%(ERN8r*TmdxLpjO}ZxrqbrbmUfxwXg17-MS$VaMXyB?d|!<
z8od7@R@2hLk)E~9^(>GQL71(yox*DGj_C|5H|E%i6%n<{&Bjz(U0JGhVg5BbR%;9}
z&!qB?_#ujEvosMhiEEpyM$TNlXy{o#a{^tP@47C?9${g{eMtzs|HdsI7U$`aoP1PW
z(cT>UFsC;Ggv`+R)|LeXBC8zGZiW#=0(7+X2`_JT`uX{J1y}~#@kkVKczr;xQi+>!
z{xo~lJR0MrkRYJf-WWMY=YVbroaSiHp>elELvW^nwOuE9Lfoge=W1%evHHo%z~1}8
zSd;wR7UQ#zcpDoCKmI<g>6j$AlaAf6N*{A|g_NxqNXEXf5lSZ|!ijLFWdzo}MQpRT
z`CdSZw*fA<gxlV9{2Mrekqr<Rs>{T$Um18nr+`E$?7j4*lSIfE`HSr$7BT2lC1_u$
zCT7F}Mcv9yt<wWHrwKc|=^$CrTw}eIV7MIyC>N)Vjr@adE^0UJw=j^qh=?Jhm6gso
z73EC6wyu-c-1roQnmJ1kOke&m12wuKRqoZL-kPy#@FWRIlJ!TXEq2C)l=w#mq@>>N
zpn94t)~${O?V5Sw=g(In<B~W*qVW(uYJgI2Z*M<?Qo1{UG=vkug@aM?uwbNMVjSJx
z`xLa(z5uTe1(115cw|tNKeti_&?~VbA&MHvqXU`_PiDGOT|;99h*CM+I#7T%1)B`(
z2_VA2Oj>}cGLBh^-dy&l*oJ-u_ag1~x5ByWYr}GHF=5K5>*y3gp(osw6$NM?26Ay}
zLkFb$XDZ5gc{b=NS5{Wk>s|NxFOHTa3_f||1X)lqQz4E(us?tPsH){DXeY(Tk0AeG
z9pZO5c+WCjQ$AAt9VdJB>h9*q!Bx69g?F9<-^In+$uVFu3>Qy&@|4WgUNo%QEluuy
zV+e--eVxl0|KTv%<;*P2{Xf%6RrSscR#uC}MggY2Ui+QH=6LrDR!?lo82p>_W5LDv
zm%78o!&F;D5Ggvx$K^gnS^v^#OjZ4+wHTl!-dzCI$72%{lWDvVX`GG+YWS1FNJvQ5
zft!|KoyADD1%KM$24F)lP+AN^LflUh@iZ)dUSm>Xbyt`l=T~v#sjEMN)oN=`|FXc<
z82F~Xxx|0$11PxRv2jUIJI}AdZFIDDx5J^&Hy72@YqTQF=&?CDS-B-KE}>XiJ{LQ6
zL{CRY+1;Ea!LkUDHvPRe{0WN+nApD^p`ievt!gZPxy<kp?^Rq}+>gqtD$E+_p-Dtm
z7)AV){kP3rp1cbV;>h^hWKKGp-b6-JBO@arV4n6p5*-c4>6ivcqer}!M2CqnpaO~K
zB*f9u5?}u|au^Mg4O?<G$SWX5c8cq}@~~cBF14rd5((RqfzIRymU`}dOhg+{NZap%
zrG_i;r}Y3a@H_-l*>>*B3d&EHt4jxO(8yY0lZmDbrtNyiNay&so2_0I>uw2K;Jlly
zTD2U!F*4d3&UwPmqgwGs4C=i-dKAiI+tJRfS+f~%eZGIQ0k(n4JY25EzK>|9MOk^$
zgN7o85|)=|HUhA3?5*wX1;9>_0j*7(ad(-|-v)kNhp;bFa?;37QzgN=T11ukZwq}B
zdX|?aKQkx2HiRkG)~b+azk##=oxtYqVrQbK^ykj=mu#`GQ+T0v&KD>;#@(u9)Ms+&
z=nlMGc;N3GHHGgNm;NMBvoeNHIXDOo&EXCCm1(m`dU+WiW=p*(y}Dy!WYk_>TXP0a
zJm>#EkRg>M5fEgHx6~aOz5PEefw#9eXx`k9;{pQ2sbRSd9)bHO8`Nvl9Az_WiydF&
zpzm)<i|#flr!$13(;p+le)z7sUAH_U!k~zn?)%CZ6GxJvs#f0B0^8l_7X#uBn5cp{
zf?EH8(X*!rHjf|w3eZ}eygD(|cxM<<dxdR4`;sBl_A&Ajs1JrtekJwOfA%wJ@QG}U
zB%r=MGAgqw7zBn;jdDs#Zts6v&v-?&L$oLXPe3t)LQN#(>1-<}*Xv78o)!u)g?4~?
z5WBf)z0{9VVq|<5Dx<tr-Q;7mx({+btMcLSBbf3#Wf-6f%ADH}8<ga-K?GBIr|g%u
zv7sesOQtUZVZi``Mr3M%vWrg0J~NI74m6$&qfYwYhH$WJQbJE+HNO;6vz)>LU8LYp
zUr~|uQ*%)*1$tIW5v*=H`M9g)$1qVjxq|tzv9TLKa)_A-(28-9|M#?LsHnBxJL5lB
zf$aY~>}X?K?bg&Htj7;_;A@&~N+N88aIV*Yk`PT=duKc<?Awt6HZ|;KOM#*~pHF<*
zP#vt%y>TVNB85VLNZnR;;oi9WgQg)B2Cr>U!>6YcMm!OKU0plUip#7l!vRpu2N?ES
zrO$JfV(K2RhaAe16ylXcNA;US0>e>D$V9Ld2ju?6QA?!ffB*hEIVmYFpC56g1D=wD
z6buX=)TE_D`haB905*}9qqH~k_(tSG(pG~2v<DF0(`SU;QFQW46uADfU0sIb*4&<s
zhZGn9i>d!^S~2_Et#<(PRb?d(F<!?4|5z~uSqu7-<+-{l+bpK9ppZTZ9S8y4Xwm7J
zk(Ei1JzJ@P{>kBLH_kIcnIUQk-z%N<-!>}RDy>d}+1|)O+Umha?V-!oA0zg@O&Ajs
zCqtvOGBK%9F)>)wg%pS*T<{b}@@E2U8K|kNy9Pou4cJ5@4bRZG;OR1UP}sicvN3VL
z7etOCLCU<2vzbnQH9R#c{v(636PHJ!W2PeM=l9^TCs>()vV?(J(EoEuiI&$E4nOcr
zbqI>yO|5vf0><A;0{&v4h_-GHi9n4Ti`}s!#yvQ1ZnK+lLfge$KQb|0%?Hp$puTbZ
zKy#lgLOJsHufanJA9zp&pzXEi;N+yKDniXh1+A<YS2kend=(TGUGMKM79WuOMpr(N
zP1inSCFRLH>LY|FyU8Zt$R}VA69DK{{x>F>byL$Lz{j6dRvn+VLXRV8*OUNSA5~Sg
zT<639elZM&#>Av$VH&&-mNar(6M<jW1j<=^hUdA1TI!~BG)n2W+b$2no<X2W6Y+UF
zyE|pC*F=UZ6O;LA=%rS6qTf69cT3s%4DY|P$tZgA!$g5%w_|GRLQ7H-(c^;z&HxOA
ziR^eFG$=oW{x*^tT3UK2zJK3<23sl7Yv0hWz=7`g!P%e@b?QLjOBV=T*U+%|o{a$O
z`P18G_Uu^^54)(VG;$~I{d~P<sUeRCr)yHOLp8BnZ;#<*ol6;@=$B*@fP(f#%&%j>
zaZqUb_yEovY=w&OxncKR7KgR8_w-Qe!v!5sKQ`r2%9lwu5d)3)QBH${_B^j7z<c-G
z$qmp{!2KwBdB3f;m&}U|y0_+Z?3F0uR~ssxp4UypugpwT$tlHf0)W~rAhQQlN(uVS
zzWcy><0~HQMNeN~MKBW9!E7-2An>ms4R~_fbL%~9>~0n(r!aXr1lV6e2n%{fPCgBQ
zg5GcY3fVLa%;><wT?_O(iEf857--QHv?@{RCB!q0tyxr+W=SO`yJOwKyN4~g+Oxw9
zTP}~2nw=Qnd7YS9GrKtk3&<>$b+j%QUaJ~3Bc~}oY(!y%wzme#e>D_wW3>gwf7s?1
zBs>_q*yJm(rN5x0LXUp3u*sAaGS6!ki|d=Yq*Jr88Q>8SxnBaJ5;qZ91}CTmekWe!
z78Uh-|62>cfXh@t`Hc?yATCip(*k4rHtk9(&X;RyYSds$J})kjCFH_X9dER^-UluN
z(&63BPb}Q^@88SxtI$qlqQ!yy7gkX37&|-`sBX^=<&|nZ+WsbI@KOpKtpGi}<uZF}
zFvF{?q7!l1_jRNSf|7t)TpE5RwOSqw)^wZsLdwXNHF2)$an7Xw?rF8%a+4z+T*>vW
z!bh###fqh>x?4_D^T%YO`$p%*Z^O?7_zurVjJ$vZcP}am$LWB~ZNm8W@)#S;fP?KI
zQ0nDLI|rf|7aYJv!8Nq9x;X_%%nh)WNkM|uCMTEaHjyy^b76e%y><F;Y!hI(X|nZ^
zYZVEx1_+`<V-<Dr%b%H}DW0VagoIXcn_-cK0dRC)V#24gs(fLQvTN>l*5`tcIo)(<
z;`0l*;Qv3(LI6aVE35|6rXH^$0v#RS6SL;2G9!>IE<at}kxK`^eyw~sjtWx-=$|1k
zFCUwBz{ODdBN(Wdoi_*CV_unOelP6POa-GaWLTl~NRjI5!958K#}}vDJq4B+j4b%y
zzw>SGVGLDS!6nBaPrYNQ0Ru5vnVFd{vi_!0p~%HwyC722aB*=#y#|e*E+z|gF70=>
zw_W8k*4F^)KRN{%3c#D(-o6F(k)&w#H|dazoNW8q3H+Ju?TKiNsS>GBRz0`?8fZ<?
zgkoOl>+|hzheznF>k9yc7Gtth=Bw{rkT0Zi;WCG>+(_aqz(=IV&7C#>d!M%y|7)CI
zVibnk?#Khg+&>VkldtFwFg$>CzUUuV_bst{xM!dJg#@-n6l<n}q7ODfmn9+y#lW6C
zu}u(>B~JDn_!9~0lB0@pF(ZA7|6uPt#WYXw0>;*;$iyn)qG}Y})q?}y#rb(bhsh%C
zNJl59&mwdT?T#ZfTR?kZzb@B%@$p$UWOUgPPL!Jy*mr+lW50$X7a19UzWn%$QbvqF
zt;~n7^#VY6`1I1JG&H1btP5ER32B~V;(VXOYJvZ>n2}lmw({xI)@$b%!cFe};3H9=
zv_I*;+byMR($~?a_%0>2c=sM0*S~_^VJU!)<#;V6wN<Pioy9%(Zzoba!7m5`B3hMq
zcy9QG;PNJpPwWaE#wOwu0@1_c3#-qRnyRYTPl<@OcmXlBG2@d!6=pa5@8rbh2UY-8
z*r9HXeU`1e`z0kf2FNfHA+HYu=|b~QixD5eq^_>`yp~`kNJ#$bV@t7s-kzPW)iO3k
z;%{88x5*H8hXJ|z?z<)Elg$L0XQ77CR;49Et&G~I&#6(>O6i76m&c1ji){rzS*nbC
z@e=Xz{ksfXSOv)dn!cE3ci0w8#Ak#+&!TfWunEF^cQ+v$>>VKk(a-$QZD!4Tdsg2L
zgC-0SUEPCjQ1!rBA8Arz)LXA_pbJr)o6XLp_xL_yk(&GpGXKl(@y{em)DCoSJ@AYc
zRx>@Vh5zhX0syvy|B0SygugD-5VPAJCAi3oy{tXGID{i|4Ar&{-MJ<vW!AeITQ9Yg
zOJA$~Z47J#o5>mI9J-(9=CT9$I*NmHMPu`$>_5&|@Ra}Q*1Pgx92L5{zPC4Zoa+dG
z!ORLtH;?2P9V{KSzkbjz`!7k<9C~M1V_?Ro#QTFe?ly})0*l*wufXPz+db=4C)cjX
zx$0Wu#t_W*`C{GX`nN^Ya*+`@dn*B#KOSOSeiRgJAR{4Nfilyl`IJx$XMn`xLL7(2
z_H=8c7T8$Y0;oO~W)Flud=-#L(HDqC%uEgqp6u4@qcP;=myK+qJ#wU%E#H$3Ir;n<
z=$w>_G~_Ww<Gs4{oc3^ggVM$JewrpB7K~Jo&DG)4T}{*n|58&uda={J`MtU14Q8_7
zRsM;uP|-c@EHX0Cp1KDnU}L33>xzj@zk-B8zoh;yDEvE}MqM46;FUWC=>K#jBy9hQ
z0SzqBmrVh6pI6*-O2iRIc+~$E2HGnWJG(=8nQ00;qNjeOi;0PgPt>ze{T4?Q$g>(Z
z2aS@yuS3xouU?gVv?3H;Nzt|g>ThqR>`@o3%*vleFHslmcNochxKM^bXtLFmxU^VS
zc@ti|6Ocx3+d+$y#F3b2*UP&z3iR+!8c=_}{A`hbiqy=ic`RSQe(|FqpsPE=+~e)$
z6@Ph|7N3QYKQJH%`2h_^Bxw26_4?+4Q*1?3)>l{&WLx98-ws2+e-su%O#rL%Wn(K9
zKxiZu!+DDZuQ^ahrluYe<KveFErv4*0X3ly#jFC4f{G7F)vH`$Fj$&mx4VP{JW2QK
zL}M6CadB4aHs1rLJrtyXYaJc<puqW5o~uNNVPQ3|LQ!$nJXjb4k!P>%uXeww@g)Z^
zL0?*0`SF%YSa_rpv#bv`XeA-N1p|Uuz=mW#7$QjmkrL9(j9_>2?LWFfXm93Zz<ni6
z!2RTi8fbJuH#A+1jb2<tRrsUlWWK@Oai7E*v_5TTI{_Nb{ArCKj{le{HSjvy9t(BW
zrb7vM*GdzXw*|5?@VFJcG66z6X*fa$287!Q9zSMTXd=%67Sa5I;z4ivdO!TFb4g-1
z$GTmZx4-Dcx95Y%fL?3K)|o3xv&hf8P=jxICE(vL&I6ZyFy#v89EI(vf=ATg^0)R1
z^R3xt5x2cvxo*B^&ww4$Qy9DPM8RPRk9S&NyID^6QfqSqWy+shBLo^chEQ+er*Syg
zv4<LEU{@G17e9FpCML(-kO(#P%Yl>Bh8JL{HZupJP4Dh<?1raXm+euyW`N*+K|3`A
z3E2|F@G$z1+oRtpHwRKSi*j;a@iH?0)Rk4i6?EGZoj=>vI=@&1gj_biq<GMe-!_ph
zUKbw<!ciO2QsD;`$k2h{_s0o;CzufcJg!AF`CR6|lDFERx*M#o^;gVqUpX>@U=w=1
z8Qopkg?aROFAWBLiU;RwMN&icobCg^jsje0H&nL_NKfO>uep`VMPj2nZ}OEm>~7BO
zgr^K-p6K0N$lTa2xPObJ#HOXi-P#K4{r3C|9OCWory(aNr$oJl{}wo<6GpEfCl}%K
zaDVq|aB#4ZjEu~TGg$#Tt|`<!zCJc)ss7bwC|pnTY`_4}?}odpfnES4cXN_(_2l>4
z$#a6o=%Dn!*o!E<Zo##+C_?Ty*j5_hzJ*oS4j{K$^N>3Iw!T`H>wGYtVhX?Qo4U6~
zlGGpoc;nJ|YWLO5oj5i{5FpHmI8A$bGc=V|{KW^7sl*`0o<CwO=|b+>g~uO4vB)`T
zXla$I?G~HfXY$gbWY18UgKI-P-QeLgn!;<BD&TgIiUvdS@UYiurg-AEFRslo<M`Iw
zssmV%xh}yjRsl{w%)@R`{zpd2l2K5jRQh(kZ$2BV@>>wRCAtuoIM#i*hcoPgLw}SI
z+O8p4d=?K=Q;_mj_Y)XI(pDAUpn!M=qW7ru70~%Oqq;h6*e75k2e#@|n7y5jBxH+8
zSPP^I%b<pLKhNMuUr<nxn$=_xsxdne3k-~vbZ*R49Iv!K24%OTN^$=7DM8)BPGKyY
zK2?2Q5jPkK$*tt79vWQTvPi^(@C?WIX1oWkst^x{dUt(0%{av##72j`rrBW=Zy!U?
z@Ah?pqKoJwkp8=!NyGtdtG(gA&gI-(&M(lBWM*Z>U$1ncn+pikBf?9oFf)Gu;g0lA
z&&<#X`rf)5fcsbhquLx}n0{#xlYoUa&x?*IHm<I%f7jCFlpzdFyYCUfO?BUjei%v%
z42VGEa&f-=mQeaqOGNw8HrSE}ih_9iRb<}5SupqC(hB5>piyBoGZVK`?p?MAT^ZtU
zr_GgtoShtUfO_{2r0|9c`dpvB1OH=YhyzIs2N4E{F3E~qAdLnR{6boKdioI%Nd~}w
z+_?x*f`EQ}e&qyS7E1h>&5~%*@o7+JJnhza{r_w2yW^>jzyIGxc3Gjwx=Lka70HUO
zO)@jGm8=kDUEV@m3CYULEGwgsl95eD*&;Km>=ClQ=l1!nzrVk4|J1`n@B6;5anAFc
z^E}TZ0hRZ=?pH?Te1c0QoPRwK4;~;5s-N)hxO3=ogcP}`9H|7GOnmB8ZGrxuEl9Z>
zD=-O}+{3wpXba4xo8?zBo4#XH>(<AY{J@>`-7DO>bIpF--b@GEYbek}ne&m#ub__!
z%k|XD+k3ReYyDN_+qd^Q5TKbijZw2;zSffn@J0i<W0Fni-dIz#!vO1kHE`DmMrrGr
zL{bMtILZqj+|qjHPvjPLZ6%u@vhC^<*Uebw$IZNenxC?^_KIN{l|*Oq=TJ!ZTHOh*
z8@bg2spZ@hcJmG@ug?>xiwplbia+Z!6N^2s5yaJXH7`ZVgG|PIqea=sC}9u7O%dQM
zxL(RFU&@u3n5eisRwHL&WhMHjJ6oM+$WdHydrn)r`T;e8z?|#j0ce>b>+~7!h9B(9
z3=C-?+yL{vmF=WYF;hSG@=`h6GT&g6VSVz(WL<__DD=n;epGv>l}hENpkU6!Ie*}h
z;xsfGnj5f7vkhlX7Z3I`zv=DWj##z5-`zd_&PU?8!;gI1uGHns%uEvKp;MWZr^8l7
zG0_Fw<=)%dD<mf;=X@R?FGTDgsj517&+%#4+3WtgJ)4PKtR`l6c%cQcq^q4~nIW%B
z=u4@+qN`pXKgyM>s%imsV{ze}fl~puh|+uJ4Q+03cHCN1Q!{iM_rJ=fbbrus<gyzX
zFsNpEIT;ujVxh0(5%jNJ)_hJIz{UEc0FD=RMt*)$Qext-S4Bl~mw0*aaJ|cWGP67r
z93tUtRhGgIqDR;Vcr5kW#*F5+p;4b?4}yGucc%|^sLuE#-C+J9;Hk$lS5a1wh?3H#
z@dqT2kq)^r@O3;lddFjS+neksi><P!5fKp*F6&$Tr<Ul}#s=2TlA93umaNYX>^khF
z7W}l?HZ&Qq!wo_g4DhNmyV_b>o}FbPm8T#jIR7IbJy)%;E-o&0a0_PRV`EioR8`R0
zen~frw|0!YtS7bEIld7?Bl)<4)4t|fN$)6!@#ft$FR-qkceeud9jc{RF4S(kM87)B
z-Kd_O>OD=1_PTA7<iz^#P2M7t>wEjr-rlMn1~o^_hd_R_Vre-N*ne(QQ86(E#bsqO
zHMpHM58@hbc{)MXp#ViX!I(#nP<bVL`@HqqM<k3yX&D7H&5H{bHC9K~-oDF)w#XUS
z_Z#}Un)AQemLaX#%fCb6;!-PVJA0*-{Kmf6qP0`_p7);gyCFvv6?N;oB;NKbiH0~+
zqVzn<pFo|QDD@PngQ>zzBQ@w@7L3=ng~9_VHx0oXF>63e_dpS9PWuoJeKcgzN&Rg-
zmaWzcj4GHou0MdT`OgQPCwahorgs;z6B>Hu?8|S3Crd^ze-Pr73ie4)m)pYu?8^95
zwUZhT{=cgw3MySwyWfjEov_=RnkZ1FI24r!cK!COL=p%R4L&S_3Qd*2q_06%69=A9
zRs<ChnFU5yOB{ayS5N@h0{PnZ_J#W9NX``R&0m|x5MZ2*f3PP1<1~WL*u#O9O3Z<4
zl05Q(k*%~WYG>kFN|!36g&>RFbF-kfhfM;26aD}v{@2HKSG+L!GJ&hlLcl8mZte|B
zkcjo}JO%kqTM-c)i?PK!bm&=3)Wq*Z=b3T0BMlDqWWZfQ-#zD{0gh%^71*H3Iqjvf
zjx_l|GiXGT6g2yE*=UXkY7760VHAk})2B4M2m8ARgxU^JpPNYi$)SedQ()xjxy}nM
zC7?UuC)-*1(W+~2N2S6w)4L#Tyt2sG?>94Wjzk>MUwQx(*KxE!c2~b-%Y8aKdv&(j
zm(V%uTUM5yQy4MCCO)pk!U9$D<I~fw{En-?95|l^k7rXEz=P|mJ|W2M#>Qv5dZdAo
zHRRRSd3g%ZD(_<amei=V&nvjJ)IA|SexTK1pwN^q^Df&7IDFJ_8v=5y*JnCZi%_$w
z`#a`79;__4KNJ(~C0br>@Re88Y&-YfEEBgr_$onp<L;f3P=(-$=hXcs0Xh#ax+=P;
zYL7^`5Mf8?Na?k25V?{l+USz$Ju|d1pYf8zM>GGT5f<YbIMkJCm)_c354$y*l%8&R
z1^GGq(*pD~2e*fvf%($wE^S}S*M_#y!N_=KBSWr{X5|CwitFn$bM`iRQyv%?Tgea_
zQ$4r*JwdERLroz}+)3DB-}{q{MXj7{kL_2kor1P#Ox8JhUfsL8+hONKN#1s}s-|k5
zW}XUz?xKq`VIx5Q_)_qO9>j)80o&8CUYz?5H1b<-3JS9L*k0i0oDHv{_&Lsv&CM@G
zW>p{EfI8P)T3VWia4oD@wu^{eyQLTNYD$}gr^TiM^!%73*+Q&2IG`2s`JqOUK0ofg
zjcT~h`TL?`uKZV6ovRLIH_UxBS64}i<onc%3T8U4Mauf7?hetHm(zt}D_EId^@<7@
z>FcLBGoeHK97iN2RSMB+(@$U6oX3@EX=(mWhFu9aiiVESQ$LD{@_DtC$~RoQpxUPR
z4PbFOFf=&|w}?XVW&uZn@Tm@fjN`$|4FJ#f3^l?rS{c%)`^sYW3DY?t{vKFeu0Iz{
zpH!*GNxOZIiNgkP$Hi@TG?V+19nD+yi8?r-BbA@;m_-Nb>!YG#f+WU#S@uI{ye4cb
zSx=@fD|4oEoh9GW(K*hMX%=Tu^^=1xN`*AETwF;rg{s-Ka^<hoGBnC2W;Hfi4sEYe
z0A}E#fG=4GS$=CVQBi|%cBwyRRkSMDEQFa3<DCxLb<Af^pLTp(UVe-|tWi{+&ZX`P
zwVNO+@a#Ct>v_*C%WjkRbWC(B?P7~}I>vuaAL-#lgUo*SU-B!;%OGZn<W$aoxcC)a
zv3T6fNJ{i*`2Drh43-5|RSIKXJ%cBZ8#xV+s5Yxee}7JqIy9^s%=7iBNRbSLrQh@;
zbq3P+vHex@evPEyWS>YMrF?@oR9nz9Hr;|o@ihN_AdJDBDe<R^f(+e{u8`p1LI;S0
zFCaFrvL__i*iISNm{s?`OiT?)NLV{u`qOW6_eVO(>F?i#Om!YCwx5)4>u9V|iZrnA
zc>oi?T7cZOe3Xr>zS@`R@AY_zQ3N?I=bg23c~gXBEzAFuaV0YxO4s$e$5*Pfw9(d^
zg%+z7t`x&H=CZ$6cV=HIXTN@3#36bACrMcl7si_imQUwJNr|gG)TaJ^%T!jzV=?l)
z(Vs!ye^1nsxI6m!MfS*xwQ06mC#tqM9Q}5W9+P^Q2DN4?U!e@|^_>v4d$Q=7`X0=R
zJ)c_g(Ld&#_Epk^f=-{Ssi$Oc=s^oTg{V==(s6C9kt!wb$4K$L8I7I$72;0ck8khn
zIBl%2Q|ru+W3g%$MBJEcFE6jhf8ocDeR+L6h>E(3e{?KU#KK_uhA(w*#RKt+K~<Gf
zvfEwg&zfSn59pNF+ojRQ#X-YQFl}IN@J*7=)ETT|dU&<0_qofvM93og(ftwJ`L+%y
z8uWQn8o*A8OI_x&_`<yNu24xy*n7FkxJrvYR7Awk(Ju5IIc=M*j8ep@lU}o(DP`9}
zj&*1c)nc(_wZsb8GMK3HHF;xW<5D0wZNw3dm!(r>-j|p)5`)O+=My88Suy8U5?bmb
zY0dr`wsy=ag07Q_28uo8zGh~8KQ#{A1#GEWhkx&FN`vuoCwwIS+2LWDh_$d!J=t9e
z2ZQ{rDiu3z`eOx#L|a4ew4be4*p@mBToB^oswG5quYdVo#bkIB-sHjkpDj^SP^}&7
z2TcnGq~gJj=&AM&`h~?e^LKj@eFHr%J}%@9jLDEfU*a-)J)9dGuF{b{cGeI&FA%hx
zr|+`6Bn8bj=Pr@x#Gf(D9Vj9}t~^|hF#0`U{V6(HEzbPMCl{j5xVSZivkaj@CDzTs
zuV1|?++C@sb^HDAE$aBSLUTGbG&RL)_SVz~Ch9|yOsjDpoMDU0FPJ@@`+5UcbC>?R
z$1gN%9-nnx=tW8e1M3rTur!B%OtQ87)G9pb1;3X@y|mwy4&dVY+dz5B)uTCcq{ff-
z<^YWf$Q-RI9Uh#pvn6+8Pcg2VQdFa&cD=i4e@og`;h+Ha1@#6=!eb|d(`NW*L-DM1
zaEkL-7(z(_n#oq&{u1}4=HPEWYytYAv#&*^UF1@u$Mx&mHXC;}l}|sQGy6orUpK~y
zDLKLEyOZ5rRL#VGG;?dz$5I45K|o|azfPg4&&<vt?(g}g_7~|Zh7TlzxA>1lk{5<o
zxXl)OtXdssI*uR>RweBtBYW*oJMGGKyaBt@1iQ0o4~&5G{r&y?5bvV)kS2N~5k^H-
z+}TR`Ej|6k-mvrCzVbJ(c%BE3XlW|8_2tir-KG1^cH-RTkC2lmTfVf_)oN$j?|H#l
zAQpFS8VV%m_W8vXbj-A}ZsG8Nc3<|uFn86=ozWY9fmHs+POgC#e_K}wh(%lo32J%y
z;8*YbMEbRmKO4UXidN7g=4UYWE*0cK_+Kfhsi_N4cJV>?H*cDUVs$7HmVm(3^#Sv#
z?gTM7!F+!{9i0Tzjl_)Mjv-#O9OmZVhQ6+F%7sx<)iLn%C$FwX#nTFcEKzaU<LLPK
z?r9Rw1BQYZX<Pzti)-mUJhI1(Om5cKjXPR$3vpVN7~Zi)tr?R+uqA3b5YNif2_~=&
z8c#=nP@#FSRdeX%3)gIEM^e(I<bAWPx$hAZW#zI1YSG+~mE<#qP`1WjaV2)T@~}Xk
zyQN5WB3Cz(W6c)4#`x5)CqMabrtUZv0VVCAN2?2GV1$|n#6~AjI<v5x#wrr|>%^b!
z@6SX>Zh02n3U#owT(boSM;pN*^UKc0Mz3HE!D9L9h!yyUh>jr$o2x2TUJuKcT~uW5
z2MiT<053l1mpDP5{Jgx<y1jjRPNv86Va(}cwT}`bRP5>47y>{zg{HhXr*HI$vKG@b
z5Ue0|{PDzvlXJ&u3i+yJ&S~D28oq@FAI;Y_kf-CKAa1Y{u@OC42Q8YRZ%hb+F38vC
zDl0WSO1*YZ<3Aif^^^p3(fIkirC-Gv#J+jsRGgG#QmRJIi_sw=*yu2jrE9*Pa^;d`
zZ;tjDAnqF7hj)0BUu%3uL9TimyjcX*k_y)*BWZe*ZZRfb;w5Sr)`89<H&$j}5**4T
z56{G5Gv}I=5OTF3`!T^^N2ahRLcQh6E~D0ko=@@5iQg|*2VNA>K6v+sjI0=XABwhq
z-<)-|*MUZ({V(xyZjmbQ@BLT;#<M4|b>i}DZeTE%ra0j3lK!^?W|i~XJ0GQT8k{JR
znb`}}!SYd7#bwQA9;Q|mH3egw^xtEwK@U@;27a*vKsg5@fJ;ZHQ_pkC06;hfT6g?D
zyWZzHksJCl`3w`wLPCT~`qIegb88P{mF#w!S<_DC9OK#loG@c!V|{2Pzf2g>6$>ZK
z>`XHFkh0+lSL>gpc0H5T2Y=Dup&vecSQPE)UP%f+TAe6;a%K!I+SsS-EtVO=9cT-R
zzm!{bpGW-ToQ5aAB#4Q)^q$MUr-&vz%{qO`uzD}S)-?R7@MtTg%-@aN_pYgN@v)D6
z)#JFh{}%P>LlplElJQ<APn?L!C#=QM$+0zT7Cj`okL2d&{ywYm0u^3p2xa7iF{@Ey
zGadM&w9N(C>Z^%SQLlJ(1Z7Og+tk(Q7>@_t@%Hxoy}#wK-+9*OD%MIw7Mg?2afdP+
z#$|cd-8FhKvD_}h;z3KpXUA@0zV$cZRilO5o0M*6Z|_C%T(0oG1a(=C$n#Np--m}e
zO^Pi(KZvDK!S*7>C|o(EMc{(==IXvK90JKFY444k+r|pS$pr-#k`ByG8p+!ul_zps
zE8qln{|fI7YwuWv*3n=i6aIY;n1$8Pe#PQRnEIPL7*cu9B@I<CRZ0TRf%VyWClMZQ
zdCA!<<$AYwl-%-I$iQTy%9HR|x!*(YW>cUVxc?XZ`!{)$E8`~X;hnRXa5iyA!-r7a
z{-q_ie~}sCYx^=$X3xZY9bBkR?yIS&=cxyZaxl+;2?24N34Em#?&cevzbS&lWr0|e
z%Kk5Doqzvg7HS`{q7M(|w7qujj=nu3z|L;Dyj1vnjhlkFb7#l0wZe66E&a_KQv!QP
z7!?<PDDj1y{?ZWvE^M#GDcG`Y0<BNNdGr%0!f?SnI56R)0uFbPJ^c8_h78v{C8dg%
z%679YeA48?=Rmcp_xihkS~}Vk6hExhykwc4<|beV(ZZT9U)qR~y{_@kF5fFzIMGf0
zswIA}NlPWNevOyMIB(w6GtfhjQPlhQn_h^F2Y`z?nnOU>tmoi1+us0=u2^?Zk7;;#
zxHEE<;5RQzSr0*lwWG7&U0SCudMGk|s(DJ&ddk+1xztyxO-=2%-%Y@%TrD=9hG8d5
zG9gkpFMxgjeynhHmPA8CxTE7}G%zBPBG_a74!=-{p6vAWu}0^&S5+z>9<7}+iUg$s
zZ)Ig=pYnS@KE53#2ft8jcom=X8Ez{DHMP{-<mB6%%F3@#A%&2#pDn6s`rwafHfP4u
zhu$#O3sV35`R;HoV|B75<2wn*TA|%P=~a)2{F~q7<eXLYG>yv~$dQ(hJ~wmE0n&Dv
z7!)a8?mn`QhS21$iv1Y#WAl~UyOF!a$M+jbzlowp{2cnz^446t=6YUhbwf(*mfzlL
zvkBkH7<|qnYa;FpG6!HEwL+PTAJj)<i4mxb8cH~G7#!}2aZFF!UE%1<0yw8}gAQ(x
z@LZS>SD~y*+Pie_g}4ik%Oj2<<8@IyT>?X>ca*{6FbVRurziHwRHZ!=X#!2=YfU&#
zCb`S~k71V2c_ATz_vKALk|c-_D4tD&(I56X*xT{-_VyMnd(4fow;-&NJdmWKO+R^l
z`_kGvpN7TclKNAB{`|t){>h-2Eg<C7DZqSzO;5dMytd4$EGEX0@m19ux#$3sl+zzo
zB31p#x;Ai>S!Oj6_nfO96Y=s=p+$vDuV2+Y=speLC*ItC5V9yH9?PSql8|4uDLVom
zoksX*?H7<14~O*l$IZEK*QmfTb6P#Fl96T>xT?A-Qk3Ntz?CK}!2&|EbL&NDpXd4x
zL<>qGg{DMEJbFD<Z>~yfl#!GE5ugj9{k_1_i-Z^fS($E6;2Y9A@OYcYN4os|G1C|>
z@agb-A_Ur<v!PF5l#zpD=}mtA7b98>rr4iOn<s<d9HB*;9s1;@3bV8Ik07sU*#qDL
z-IIP0cG0ds`nJB%$DO^ZE;(`prcde4rI@1OPk*v~GcWh}X{JWi58bVGpQJbbj+1O~
zT)t5<{@__cOb`>}*~vkWUTNjndb%}+%9-)S7A9Y`(@AV2p`*WqA>7-!0>cuF_?0W(
znt&G|-7O`?7{;sBbb*B>=H}Qr&3}q?8@qFvvj-y;AN{34V*T;;a)wasoD6!G4jG?Z
zojP~nT+XUnf~u;agab3j^o)YK37fTTN1md0qrSeuWJ9@=OG#Pdey<*K6<ohM=o}XF
zU%c3>m65^L3wKtGaA#w@|122c0M2O|7#O5uqEvV(h>4|TM7p{eTGbX9x%y6QG_ue+
z*vV|o7HuvGng?gk$)eBBzT=%fb7sZ;Vcb~uYC{T}MDge-hhiW3aYGo%0!KkVX`4z_
zOQrTc8yo4pVX}1Ze(UktM*|=WG<(Iej&wTWHwI&`@b4U~udLuHC@GD`AY7M5T2wR}
zoyTw_&K@2+C9kv0E;-2-g|2>0M~;sfj&5Z}{(Ov)#h}FePEPcb^PwPaX8A6V#6T+{
z0AM&$Ye7x@ShQCO)CnWJJZn2TulotOgfR;~A=G9Tf3`*+2<=><*N$!mKpQ^lPeih&
ztE)Q@eo9hQ=QIN))V?lP*fIK*l?Pu;2sxH(0(R-=mhY#Q=-Y-*I{hJne3~e#cyPF-
zi|V?%L(;3rBxD;;u`?PC=YAWO(fBm_L27l?5aw_Ncq|A1C$=Z3txNLo)OUcKs_vOU
z2Kp*1_}X)^CFtRSZgq8a5)9xpqCj#X<2zd6dikT<Yg{NzZd}HeH&W|R<t_hSk$Oa3
z6}oXsAZVYB))K}|HlVC1FGJ``W2xPX3YQ7$c(hMR5rXw1^T<Bk*O;^GkpBQdjdVz1
z#aV+sQ~tnbJl@O|&fJC?h+P_%>+zZHuQqd<llep1#Iw-&@#8Vy5OONVhrFBgp^bCj
zDkZ?6*sZQoq03>*HO+Imy6M9ikN1X>K%t=Ip<pnI?mAV?YJBi!Qg4n_o*S)NGm3;x
z5ou#M<Qy=_HPD;$8Geqbc}fz#s5|h6tVc&jZ{7j@lIqe@Jqd1c=7^b@ZJ2w!H#~By
zXEi6$vc^y4lRG8EY?%Y(oagpr7)?xY&;>L?PMenh`t{f6Lbqe%W5!>Ekk|S8PK%*Z
z;Os68LI^i%Ss#3RVAmgu)g-kgEbDDMyYsPX+57|#M10lGRis?NIOulIYaWTD8o4}$
zO`1n_FC`X+S^Ot=ucr2Yx~=Z+yRI1<6FFQ`LLi`aZg02P%0QO)!bp{mhamV^?H^z!
zU<w5$ic3JCeW0=Nc2NWxaa|I*6^gIzGDpMljAt*h7qyBl4A9n2b^K^s;M9%<+zbGn
z(!<B+ryPy~xeH~bQOH6_c>4H|J6z_V|Hl6avQdda0AF~4{rLvByZBxgNy|w?(DszD
zKDU{1?aeBBJz7$t8&+glK<>Uf{6P$&#Z@lBqlEbHa_K|Cdy0y=!ZsZY85w{ZAK|Zs
z{Cvj&8f%jAadG8K(OR-Qx{Hrs+qFkX6tJ4X5G4ul@wGX?x!4~W8L2KPD2Tar*^7a)
zq~t}p1<@#{D7J?_>2$rU@3XCOBI5VX%9GjZP;Cx`B$ycqdEV_khzz!iOv9*~Bfp?8
z%bdp!v^Y6AyNF20e&(NnlqO@{Nw6mOL0o?lP{@2g=vC4nEk4_H{0oaEb`uIQ$C>P|
zm}S0h=b#%ex@{P*mGXSdYP9uh@u*whX<1Q*PG;t{HAr6CfR>>pa6Xm<II-Bg&u~*U
zpI2A=?UXqTlxsnta8-c$3yN^{cF`WYbEkryF>~HC+`#FN>nAhQtEs}UvxibvSYO3F
z?bS@>!73MS@va1(8W~d{)J`Ob*&Yl6&)q2Y*mZ1g1LUr>qh}^3@1N)6vwuLa!9@RT
z@WMi|&$Jq#Q+VI0te-S3glj0kd`*CPN{pYs-T3`6l)=e~=`l%RNJ#zA$f@}2siX+L
z(JG;=>_H3U$0R^K>@cd0j2DAJ2#XJ0l9`hrdF7>%B)(`3ypVLDAw|Fl1b%w@7tp!s
zeXwXgm+Low(K!MnZY_$Tt#D)M&0E(eYir|+zn<`?r?1(XesphL+uGXt1yUI4Z74iD
z!`6i?2%q!)m1Yt~K|!G(*5?8(BC4Y!Jk~@e3q;nuJhh%x)}zxiavbk=7A0ciBH>Af
zHiRIS5Mo60YEo&as0=o&$z!w3z&2pDP6}IG^|QDC^)ZS^Ih7?8s{l&M(2u|JJBacb
z?^%Z{9Ovi1y+o~kkDwn0MNnC_eA*Lp{cnc%=jP@vfp3lIcag?q@P@+4&LP{~TBenB
z8Lxd6CuqV<eDzmH(hG@ury>@=ACc$nasNcNIImj_UFQ?`oQtCNFN(;^!<#+&ZOgfQ
zexSQMFA)-HtJ~Y#f-*jT1Ppw*Fc{)m8F<C6+g4W31!GaQn~|)S>@{p`vRpxP{7=OP
z?!Oy$?YG{NrhI(R<K93v+j`!RHe2VEi>tiVW~dbkY2MDFn!-4m9Y7g}-Pskc69Ice
z4n<XQ^e0YK5cJ5h?J4Eq`HgUhGvX;IC@z2WTAyJjpa$d_9UC>dm{`#EU;8V@fqD=%
zqSNBy0LOn6oP-2ZVO)t2hukq+YHF{Yukh}B6Cs=tw`%-+r3lueo{-wgLe$mObHVEF
zELAS^BLBxMiQVCnkTQW?3W{+UxB*Q-ZBMB5V&X{<2$q_pB<0mJzEf^}BBvd{=Nt(+
z>6Un(s?{bo4@Q)MVZ`rne=DDlJsFRWfq);I#TAMT5VP&v7BDGyEQ<JNpd>wxxoK$9
zpFEK>@5!obphFA*eow^rO52me@5bMz!zETSL&(WqyvT8Ml&7Qf+7?c34!;K19zh_D
zG6B2lv9mU93W~wgd~EPJ_KMKO^j@Wh8;{~ylO`vvR)M_EJ5uet8-BJ+_LK<m!<vI9
z22R8FqKS2)I=ZVpgCz*k!|7N1%ylZpF9cBOtCxNX3VJbn3327(!CJ`_(V>j#*>%)M
z+<<B}zwk6BAJud@aq?t#s<hXALMI)+zPK<weIF%QcD%j3mX;PXJNx4N+#EW0HcEw$
zXdHKgZstWIMqC=4NH4Dp_e8?lD&*K}U1zWFHFsXWJ$;RiG<kEg@%if1^z=0olgi1O
z!~G&H4UMN~|LqN=6!7?8<MHNxp)Wyj)Cu@=&Jey-&dA{KOz-YYxasO@xVv0kXBNE3
zuARO1_AP>RBuX^1pkrvHR!2J*L;liOIfq*I;QsD%1tX^r+7GRDKfiwcx(_g0nlk~P
zLqASKL9fkDh^5WpNDM>3N&*Qs8bo1#Z`|TeFk9bQ`Kmmc-9L@OY;2boe}sKzX6EDP
z4A2NBK%4m>N;qbjnYz_buJC2KaBJ`j+}2)C)P)wFDg(6hZZ>eY4Fv@PzT>OexJ*Y!
zVZT3)kavAG@7a|TDZ}+^WxSJp!K@hRZouxm^BDCyD{}gDgYwOr@r{A_oTv%H+sOb;
zjqkdK#zt{zsk9)Z8==gA>*8o<mpFD_OOP!i9wz2Nt)c<290aF83r#>l{(Kf<zhlKX
z0JGN##)GdI?u(ney!>zQbxGt1Xu!X4wkCmgFl~MP?0L_lqg64-3z9F>D@!=~7yRw|
zGB~)c1RV}xDJiCT!Bh0GNZ@Dbb6cROyWZX1-46{Bx1cui&jv}{Yrr`;sK8JR_9A%@
zd`GcgBiIc^K=eUZ2l)r>AuBk>#LWEgM#d!d(NMg~CSWYQUi<K{)HXcuAI2g@&P&|0
zNQK1v;^<NNCVi}y%}8}PAwYmZu|LrZoVb<G4|4TBb~iQ66#jc78B0jK=#apvaD<=#
zf{}W_wuk)PAPSkfvBiaFu~F%8v-I_~ANhAAm2~$r(=Lqw<9L3a$r-r8J}xfBa<($y
zg9QmIWbZ!N5X!^B!6D`T;DI{P_)NCCi?CRIZXo$3c1<3bog8|*zn|j!2gU#{#DC?R
zGN);4d%L@sgoN|=j;Da88VR@j4uEu>TvYGlTY!&1b~e8Cw4>%QVp_}=^Usp>W<YZz
zEOBjKYjl(#M3@A0SqkijH$+54%9l<>!m8lGK&y}d;H|5#_l>(?`VqttDv6N`FJ;0c
zU%kT9&_I<j7AU>-Z&#-PWK%+(5Ax+*vbzh<!Gv7`y>N6lu~Qkm^S@V;hh&wC8uU_J
z5*1ZD;$OFiD*#DDV`XK~zi_x>R>dbI*q9FbRf%>z&)k+dkTm^#gUDm2E*H0sjmcfD
zU&Z59Gzq(Pu>g|FvCu!68W9oU2QDfWp*wj353f{#`&000sxJ(Zqs0wvRF=Ew))!lu
zU|LQ;5g8fZ@X%1z9zzc$EEXX=hV`kr-_9A?3l}=yz)XV#<QYi)!tz+HFV|$2Rv7lI
z+GiJJkyhWkXDH#u`|nCS4VQPw;kH+lI5}TNvqr!dV<i~vUjGwtYnvMzosy)z)+kF1
z1xWmL$!Y68x6_~!LZ;pB(%Gk*8Z1h(&vbG~pL@AUXobQW8-M47LQ3a1cUcUkn+5``
z46>HKzDvBKqW7I%Ur*s6zG|RE<_FEJ9FR;QK#WmpAlpyWzP;`8Qikn_B-Gi!@VNyB
z1oZnr)yN*eBE8)SYPhB(ePCSbprtN+2A!FCtq6d$#pZIkkHn0T5%+Y{QO)N3Zylf*
z2Nj=|%t)<nCU6Ka^eZ7ICT5d_{8)PrcxR0Lf7Yl1@N+6b6>$vU5Do$FZe3k=2`6z6
z3kqhhric*0nqZM>BEet-6B|i`FhUZl5C_)qaucj5VUdnf5Z;PM7@YhksQ=0l_CxzW
zVbsb{1^v2{<Flye8Q&aTZM&?Z5>94lB_sb(Qf#dLT^*fnGHdH8;_zS|SfCIBVxWgE
zZpjZ2rwIxgm!2c`kJ<JlSfJ*ug-2Wz_8o*4*_6Y5p>n{-lc;heuui2sIwPJwz4d!y
zf<C=p7>n(_ORyl9M4{ye_be)^#QtlV`~b*>70^_IMgm4k%EtCi-kJKoV&Th4NmKV#
zDEyn>ag6!xF18ZD*#_uu+z{l(LuSGXuDyL0F$oE+Gf0!h7Z%<-kBs0$9}$vj`+Iug
zGic_>Eyvwy7RSSB7QnTTU3j?YEeHG^n49V#l;>!H!Fb>P_cB(Dyc!k!v1&I7n2;HP
zU$*Q45k?UQ<~0u4f`O6?N671k>WByG>JWs0%0L?DXoc%kQygTT#XFN2z?3ciJJph~
zn=30W%g`vZ)Pwf-7b5<HD=vf*&`w&~m6{qTJSU+CCo5S5t{QEIFBDb%F`fZPXaE{h
z7Ym2!;W<-;=a|v|zqggdU)jscaBAGYEF$7udsk7PRHjz4KeXUXcD*ED@$9c39X)7)
zuGaU2a!=`K9V5if1VoN*P}zZjyRD(oo+{}!v+ZDKr%!a%#)1pH@nqWvH>#SmLj2Th
z=r&PmXXiN~-w`pIqepwDCMR#Dq@)z(@ygKuCv}M}N`rA4=8<7xZi}N;yD|vm37g)Y
z6f3^{4HLs$<5}6X!=qe0*v&xs?b|<4B5B)s>M;K%TC{XgSoqvcUvF6GSitf0RT(ri
zG;Qz+<==;fjy!3!I*9;YBivO8a1OWkUV`}gj{>8?8k{6w8|T(ji7}j*pooa;^xn>T
zQN9GcP*oll%Cun@*#p2t@^f>iPrnecu5Rt@T%tfATOSxq8}F>M3`MPb<{!}@0BVST
zdHKV~nVD0T<m4eqiRzkIY!QZV;dvY2Kk3TJ)o=sOPu)r|tMWbrBr_0a`0-IEWe84~
z-8h2){2qaJY)e8+JOY33Mp~D+ySul+0&SUp@^lpffI^>3ML<4@=U{>XJs1yG(0;Dj
zf2ih(dTz^_nwloOa-*mJmLE>IK9u03Vf5WSsC%JR*dC+*`zaa%%z;ow!1oe>IpI%l
z@c-{W(Eq6i{WqV3{ttbR|K`WzZT@GL@qc~%%puXmchg4p#sbp_{83fBjxAKM2>36b
C5;Ro+

delta 77568
zcmY&<Wl&XZxHci(jifZvAl=ePOG=k?hct`sMv#z3IwhqxjevA_cXz|Lc+Y%i=FIH<
zhhgAZ&s|sCYxVX`#422sqc~vhPO>#uKazUH(7f+-(s~0^Kxh)kPV;?KjFlqijrcnX
zOn23`$sa9oLDZtyFhOLVNWG0~0g;<AjK}phuH_o@Z2}ih?)9IV6KrHzZuw$OFyxv)
z)O=u^^R4)Ea?l2kfQsBiK_!RcMT9%@OiBw?=LMMfDAe)cq7v3Q$RGjSlZ+uPEVn|L
zW{mqqaWW)u$d1stX7h<dYf>Ll<SlaE73c?6#|R+|sRuT=U}=k!=KL0FT=v56<8n@n
z)ihv^`Jw7CIa5AWXW&Oo$_ineFH1L?9x74~RhAPGUur_OLeHBd={>!Jurs;CwPqvC
z2c-rT>eK#fq$9i<MgI<5MN&OSQ^~r0_iqI9`rg$Fca0$^hz<%gm8gW8^!vdua`JX8
zjGl{@_Ij$Q%dnvzK$AZ+mqHiaj{SP`%~s5QeEt_FSGM#*{XdN|b3Lga@#e;4Y#jO&
z;bAzc4ZcNR&^y(?=GqQKTP*xG4XbY{NJ^>CC6XZiPP3jze@He0>>%E6FzfKgpNeYQ
zXa@F36|EaS%+IWoOCXTsCAnGr8d!6j+OU&LqJmhr42%J_s4(AUs1wjvyDN363ptT@
z;e)IACMuvB8!A7fM0#4J@pY|UxXY*YTU|~~(RbJ$NXq22{v}du>?-mgW_LYGKc5}z
z=eLsjCKk~MH^j;Tz)lKxtqW}-@wQ!H76kda45`a)jo5cXzH(*aWpU!XGb+S<C%xbc
zhq>>EEW=;hNoG-FA3E2NmwY15oDth(i#MsBtw!2?x`#rz{e;q5#Iq(#kgJgC?A<xT
ziRSuXwYI`rB~%WGv+g4aQQi>;_U0^ne&DGM(RQgM4iq8>YB4Q{av}nQ^y;+Wqh)75
zhu^ZIt{bsQR5XxAevyRp%CyL^ERq8>MMwhDx;nLf?qxquz5IHPE*ztZ)PA|HlkMZY
zA@_H^<owP0U^m~ujeq5rOSYcg%>XCb9{Tm~?X0_nsJkpB9=00Saj}JxwSFSCGZx7%
zL6)tWgC)f%5Zo`Q=5sr{!gwa6kTI%FfSP?g7xvq^oGpHaOxE+ykUDxI+<h#za7+hI
zcD7evR;dJK{LgI}XiCcuVm9<faHC^mE^26#aUtxc^{LQA4HaC(P1iXEhkg!D>9(CM
z`<C4)no;u-Y!>=%HOSIxHWu+c8QP0D5uQD8!3|hFfQ6JSg)o$SD?FV~<@^P`_a*uF
zCBe-08Dhj4bz_;7X7Y+yWK0!k$ETeU&c_=Xc_H{Xk()jICsJ+OZrE`o80tNrrpu4b
zx6KY`ZYqP{!nw<BOLN+Yei@VZ#%2b`W=WsShn{}tv)C|m{YiM{5d@e#SbgtmURYfr
z44k%C0|uX?v$Ix*uXqg}U^D9?q1mnoMLYB$-HXnc$22F{73J;Y$@o8t=-CN3-V#eC
zVwTxHp~{>6Wu$Gi7ii2#L2lxLNGT8`VcJtgqbx^-V?e298EN(X3<e`oMpc+g*7Gj#
zdrCQ>Q)H0EATzu{o`p$dW@14&R_AhWV~37C(8s$*|EXI%x5Sv!#mMa}a}5(-2fk@U
zoOiV^ZVOW%T|sUSdaR2AH<10@ZI0d-A3TC5{Fzsd2l1KxJ@!cxP0+xN%H_pO%(II%
zdgNK7z-Rd~{xk+@$CJj@U4h(-7HRBo2}<aEsCZ7v845yW+(f<v$_k5YM)vBQgWhal
z#U9mNs6e^h9yL^~q{8wO8#V3Ao0!8MVNdNthX`hz^7D6VO$_o&4|I?p1vw9`xk&?Q
zsf&ug=q=)dqxb1$_I)sTCUeZlmx{E-eKr3*Nw2O{$Fx@{%+h9(i=dgezzx<M!tOuc
zIYWs_UpsDQI`5r_z8D`aSKdi)U1WOzlIdFJC~*?C$FM;L>*LKT7&d)X--HLQu`P-u
z`C1S*nt_m;mx$$Zk+tF<+0jBLyUW=XFkMZ-MFy3U#e#9Yka)&NVxN#4G{VqnlT{TG
zNJ9H{-S?Mm#mk@w@zYTjhO9KX89IG2=c!z-g1-qe!3E*c^z^+=w8m`RJu+p0dga~v
zXAC&Uwo7YWdlA^C7~AzbT%kt-$Cd)Jc!!j-;+nA*w3K_)yzRNZ-TT6k3A&sH0y*jt
zD#ka_it(WdjoYzAErHPSa_c2{cxb8!8A_(eN$d38T9dFV!&j!6fI=sH6Q+3+Ce^W|
zJyr>C(8fJE_h3`l_V(oC3I-xTx=d{U<pZH)QgNM4R7{DJ)(4ybsJ<?CH4z#xa88F{
zr9r=A{6J;OkqYw>GP8JFntoJp_5r5g!}e|6p*Pp+RZ0Lf<Rc0^TGO(iB#CIWA~1GE
zos*;eVU#E%hymS@*vBmYNemH<+1OM4q8U-#0VfwlnTzp@jRo2jAqgN&zGzOy0sRu=
zTAf@<KZYEZOH}kU7@KI|tg+#J$AkO0c`_73km2_$h4~1w;S*)i8j^iQ1mo9a{vpH_
zMfqE@SRT&SsAAO19c;@5r)TWPph6!M+wNMkK4pw!(Jv50SNloGSbm>@%DYMw&l`UW
zAL(qgpMJh&0fPs$E~Wr^65tIbwAy7j(#3C#oK~9L{!AKV%~<4Z#j-6d&Rg*PtU%&(
z7e!7T!?=Eaa6r+uAX{3o_a%dOx<<EBjVbhTLa^!ZZ9SXq!{X{q_iqN0A4~7i$%nd%
z-s9lGTAS@G3Gop2Tvo_8W4<jO@8)6_wjD6Vr}`x@T4R{bPkaNcyQLvwO5Um}BWaQs
zT;I_-=>A|5_9jkNx#&YcB%S-=Ejs1*byVxO*-D&-cNl{-^$(Mgf=PAsA2_k4!3?3f
zqBqcv7w#t%wu+HIWT>%a`>5c;-uRXM`#0L^ws<{^QrW^?+Ll8hQg!GfXE=v|Uw)%p
ztFn`Q^>%Fi4H=ga@R<L{t9!zTEqmS>Df#FlMkpIvD!n#8rNyy06n*OT_r9pqp>(EW
zE;pe9T)gn<D%5nDE`*Ujsbi^d<b>Xl710~7>KH*-Rmd9Wuov9YNl)t~EXj;eSn<f{
z<`ZS23+kV~%KI^FZAiSulN3z0Z!1~XeXv-RJCQQFP1o%_z`ZuK%Z@4374x}`XMM#Y
zLC1)#=ZW}9I^r=phKRL9^k@)5aacxcJ>RprbZJrMgjrFZz25JIc(|gtx~j;5Q=;am
z6abAY9zZ}nZj6U6&A}^nR%tRqW02+6#qsmxF{$03^wQf5tBv&F)K=TyxO%PeoQyLI
zVFqDj!}|&V`hWU<6|5ASk!%Z@VSbiJ9YzV3^wKbCB}6ui2zmZ8|I@vki~r1?5sx|G
zTCj82Dyo=4PHK!Lq=q4(E<VH%YM-Hp&veV>FX2v9aZR!N<pP*IpEaJWGMmV8lgd(O
zsD)N|U+PkB*}m;XyDsw0_A2!8Zy%cR5F)|{5iY9$^G-=!>ainB-s^f%^3scf!tRfj
z#Ha7$WvJ<>KKscS2em|ZjI-iz>U^mA`<{uGk%!#%MPu?wXRPL8R4Ox=`!VXfnQ>3D
zzcE{`wUK-mZA5cN2{cWmT-i|PqMO#Za1$LRTbidRWqygDMJ7CAXd0__TK0orHa$I(
z8<0l}IG2y5J_=)f%zbE0L5Rw|y*Y`LoGd$07Iwq;Wb^YnTi9H@cOUm%n>QJR;v=(w
z?aM_YL1~I<s=)=DAbs<6BvjMWLW1o=GU{c8&zKiF*2C3a3)yYEf908-mQ?TU-sZ})
zi0s}{NQ-gP<0d)D-5gqw6*hjxwV=#}0CpbmYhtRiQ<p6DTJ5D{1?g~sR)4~Ef5ivi
z#8D~Y*b7@V7TS=_@E>cz^~p=1{nO{NjlxJ<JQ_Rv*ob%wlrQTDM93fM*GK#s-6QIO
zw+gauE3RN{A4b+ZA5zV1&6BZICv?>|b+xhIslfQg-x$^T=T+(D#gtQxhz|WN*w+La
zR3FpbjMr5zxIf<<DxFp6$v?v?<;`CtUJw3s<VrTesg6#Msn)s3!C}_q6LZ(4^jO?*
zDyVcSf>)Uf)8LEQ(J}|;TRaKgYp?`w7M)c;E*dep@fh>gl6(15!~_`2Pa5Bz!=jdo
zND;HeoHkyJJ;a0s-G6B}eD@MM0<3<yGr*N@$>OJF!G%*jF?DXlN1{-h&=94Bp%&1G
z4v#?K65u&<b#HrQtphycs%nV12K~RD@^XwoxP^<0`z<D`Y8bx7c(}cAUpM`ELHx~f
zi;hPAf?{C0Xf^KZ+Sli|4E|x;Q;FIRoM6JadgP5#2)v$nx}(tiXuri00MEIiG$R4`
zaYlkp&G_C;0N-_3(>K((KF)1IDeZ|w^s(%SU`6am4icULSg%tZmK7Y|Wns@&lbMY8
zZ!VwH7YHL6YjTB67s-^g6pyfR+EaD>7INoirgLzh(<Afx7>42JkaAc|pz^X!j$~&L
zSvMm}@s5eRdN;PfS%*Uc;H3~XGEGxg+YN$obpFOmlBJI)Kqsk|=8|!qrH?}(!Ho5k
zYGJgdaK>HRrbH>sYJnHW=C@YFPT1deiN0^(l`xRy6Z+5cM?k;C(;$RKO+Do6t?6$w
zpTar2`m+iDy)(Lb<*l%KjXJHZzwe_o`QT%spQ8R7ZBAgPqy|Dd3}u`aLc}Td8Df+*
z9fRb(&|^A{IY{}61U@Odeb08=6L&u+sjZ&qFr>O@Dg7&WQj%}N5I;?7@<U&C3Q>lz
zCSB2wlm8<Zb)B0f+K{9yWgFUH(S45sQeRPD^EdY8x=0fg^PYso2<&n{E$J+pgmIj|
zf-l-c!p{W$83(|aIP~`*sCMp9%>5=U&iZP+!U<*ES|in-oow;lfA%!2vn_V)w(mzj
zHPvCi4YkHKi8t9k*6`dHPYOM)xFdN`zcD1_h2Jj?g5)B7G1rT@C>M#ecOhN8vRp7<
zG-#1NGVqPsE`fWeRi6%`A{QSs6`PVTs^{dMAr5*pp%nnJ)Dyx>`y%irxtO5$f{ju=
zI_hi(t86xl>7AP78<=^Ho~-H-3A}Q}v6Zu3-UUC_bMwRzwTX`?tKLs9h=&Uy#`VUK
zRRL4^wD9680Sa@xI@T8{T`$)!`AKE4g6v~fG6H}9tQkG(Xm02<yjf|Ysoqg&g;zcO
zdtnJz^4S?6bluVZPD*20LZZSdjiQd8hjbqu)u4`dV>eR=&a?2%?ss6ALgs7~1q#QH
zoYuebv8OTfB1bsj;u_Jfgq{UL+FJ-ldo!iMC|%N`z<{JL#S^0=#rUU{ykEX$;W*Jj
zI`L>8UL0q^Nl5H->N8B9YF!#)W)VU+hqqG=peMi7?QsAt($TuWhCxEQQi+Bach8g6
zdv$Fv+8UjL5K9LftEPC8^>i0)NQ&!y-qnrV^;}#$vNt}C(daIFJ2c<eLW9z7*zI`r
zB-Xx(A6cwur#Zf^%bu1fB#fpwHf=g0r@aXO%`W@CVFfQKBg*Dd8B=JLO4lc4-(cwz
zaAv<^t$rCiaFh7bKGCUZ#EB!vbo0RW?IhBE;zz%LMN<m$_C=WWX+df&E~z>3h2Cyw
zB9=AW#o9_6+05e%+s)fgV~d4}ZxV~;?4vw-)}1Xay$`D~QEQplT+xI`3f4A&1ok^I
z8&wt=Up+46)4walw_{)5U>u6Fr~Uou0Wkk*cu_iE8JsR5A>+yPG(S*}2{;yWKuvvj
z&c|=n^aJc|GKz#?a~q#<uF_&tKa3T^L%uEM^NyRR3jI4U)TN>vg{G|O6VSAebJ<2E
zp>BHn){xEka6a8`ggI6n1$!)yS?lc{!@G)Y7-}<ldlqeQhzgc&L&te6H}tmwo7}bc
zMBX|xt9R=@Vt5FY544d#c5#^oN0EkNisvs>Y*Kgi-CEQcn+zE7;+lX*jEaUA?1yE@
zS3K$CRK*VQkvPZehR?^&oxJnkGSz~*Ft1_s9Rws@X&C8fVOp%WP2LJB%4bF-BvEOX
zQQi@a1y>halV3_)G&ZO_vhX7V62G8}e2&>iT{%Wt16rDa$g~XcDjSTXSc5?Oi%+`b
zg0W8#%{qc#xfnzL?P+oW9mYMQb*wqR$RoHJ?M*KB4Abz*Rdk)TZW(P-Eg7Ib<!hVz
z%ZwGD{aVS@vcY{m9U(++j@$?pXO0ZK&Sl6=`(E$~tAru%@%ak~6cCSrm6+ojE`oPq
z|9*n^Md$900WbaW@WiBL0PD($x*#?*O}^|?Vv${Sc=wsbs|fK>sRKrYn(lSpjDK*U
z^uFP#@<sB##xB#Nz8{6wo3Sh^&&jEWk7S0GHe#RifGhHXbT-~FUY3#6h7)8fq(vXo
z%m0zFFNc$Jo5|Y-Xh(Kt0^`S8-+M#n{9eLDH`?b43kb~&uX{6Bpeu7+9;<pasB`Ll
zCp!+Kg>gIDYNw3LB;H#nh+*Q$8t_oh^#QSgT9ioGmqON?y3JrHi@cZrcyX9~i5R_S
zAtJ!Hx?O<_Np^<6pp|YfMMAqtFis~ZCcwUn<4|*X!dqtwcvnK4daX4a{2G-46SFRg
zB1Qyj+T-z_+lDgQo#Z|T-3L({91sTJ3ZHRoIkR@R-ezdP$xOq|<mIQL|C;?RaiChD
zC%72@UbFa(7(F!yFVR6z_P}4eY8nL$xYM#U>0?_ZLlR!vyB-Ib$Fkfb+v%uVPF7}@
zOOa9w{0Lx-se;N$zhf!A_@VE`5OS`M8V@n=5YkzP%-rd9<5s!QBNwb^7I|@_T-;tK
zm{dBs91#<c_(=b}{U-T3_+1#z4LoEA=^3H~lmr<tIv+I+*A9%U@j6bflsybtr@kUo
z?clA_Gxeep;zPpMB44u6QiHfX(C7WCW!?14fxO{v?lbT2_}W!b3iC<E#xy<aEc4h&
zj@vXt2AbbfiiN7DXy$#tGVP~oU=lV<ya^M?fU*>ZD?OV4=rU^3_TK60#E>E9a!syz
zZvp)e%axzoR@if-wY>w70`e^V$fyynxOl0`rQ^F#3pU(!It?+I)!_5o?e!wz#(E$#
zKrklz7ewFIk5Rm2UWzDvQQNw_f16IF*uR#{xxz%V{A7KE0V91#u*9@Xw{|nI=*G*(
zBl2nKA{K|gg=cH>7yXwS`%e$rA2>)m-SrKqgjduo(lFoK{g8PY9+tJNzbV%XAVZDg
zyO`hZV<X%sK2DC>rtlaW;o+x#7txRU1wd!dCFmZRH2idL!>Ng;4rzm3*-jGMg{nW>
zG5U)qLNHhrzPWTE0BRYu#CJF{*G@Ke`db!Z`LPXZTUB2>vK<}A#!Rh}U)xmM+^Z}k
zAStvKlGR>^(eZ=4!<@D2I$?HDn>VVa1jbw)uD;BMB)G?PYct1AFSyAS&lB+FsqL>p
zip@f*xA_;?t9&`g^BM93U+RLJ8wYMorL6;2AngeI!W8$LoX20oIkK}Rs<zqiU)c?q
zHWp0BH1!H)e!JRCK^2y8)KzXM{!8i5Rj8?=Ya{v{ajK$*H=1fs_uOJ%y(}JY;hgL|
zsgDrXxpB~uD6mdRo-!OO<qiS+dXgto#u~2UGi3=xJvopu=W2bZLRHZF`l-`G>}Xn(
zsn+M%eZcL_N=0;#RgALB%S(<sQIO+u8Vv&+ts`^lj!!z+7Ex~qPSzTaJ8JE}^3K1p
z$wNAC4)cyKC_V_^ZQ`|uNY^@Wr4HlHHsCGfr^>?Or;$=-yi@xwgAaUCjkm=N;P^a-
zME01bJeQe|&#+R!dS<JI|FF#AVw_MZJ2Xu5kg$*#ON?9#8OWg@HHkZQM9q9RFEEu1
zn1d5q;(SOF8MA-PgtKE#Gpz5~mhD7R>poM9N$QlFd)3ya-H>DLFF}E;$&eB1%M)G5
z-HQ~lEBD%a=TR@zPrx0%W2Ll{S26{Ju|x>tWtwZ~*!v(J&ZtB(gX|P5##F8-CJ0%k
z`^Ct@sLZ}LA$xv3@^4iQKlfaTB}4PW1rM~cO)Bow`ji%J0Em8(eJ`27CLxLecV@5c
zZ#xjYx6;5I)HNi27L%+NK40$my?0l6ilU6FfK~y^8cz}na2v4wvd+?6h~*va&QspL
z=!IBs!6iAdv9}TdV}=4>gLd$@7zE$>lF&~7On2&;M010>R?FZcb!t;3wIe(0@IbU7
z+nl~_+pY5(O0}}XvOzZ3euJaMTDY&ljy>lS*5%y66D<8SD%8IxsW^{kuH1Xx=a$;H
z+@FrHj7aQ(oB;|65ck9!>Js9j!H^(Ww&=eKW_(X^FcRa!o*2Q+z6d-|xXCSO7y2RM
z0w%1Xfgh~~2aC#i<qL#De}Yi;5PcF9LS~pnPlWwmmBzebJZ5Sv+?u4rNIU%PMcR}H
z^sWX+zA2zlGbNTv{f(*;g;_x8H?9S`MgRfW<p)JJnl+zXW-aDB_Sz7BC{(07q-xC0
zpPifd=?;iD>n~7oKK(~SFmp_SeevvDVuFk!J<ZRN*C?1ZaL7&mrQCL5!eno#z7W{r
z;^st%zgKv+?X|#1xjocvF({{YK8MRiE3-^bt%&T`^(9X=8Ob?5GM6xRpM=FigRucv
zpYtBep7e{D2|}!<L>ud2oKJErdF<U^{>)mex$Ne=^FOi%Sy`0*lJTPe4`P-EOmBsc
z@j7h#Y&k0&2G<R3oyOLw*P=1Dek)E^U&cIw30nk!k*gk4@nnjb{n{2jQ^JMin^b-6
zI@IYg8T^!TgI)H_Ic*+Ou~AXk1?U-s_8a%8XaxyDFvaIsqD~&Mo*$GtH-@Fty|Fw$
zy5UAfw~#+lZ0V#T#B_kycnoL1{^gniY=RL_5ho`5jQB1cxH)#mzfNEc9jML4B|eBI
z(0<^eAo+q=^5;yW)WP--ufDI-Lz3H(ai^=Xw#M~Oo$;S97O%J1@Ei%$o_MGg!LQ*U
z!ga3;tlA0<!nT{@sK&?Cd9GVpIG^}7o`VidajBlPc+ovu$CE&n(4{8UGr=Va`|1UE
z`sc6ve9CI$i)dnH5-PYx-w;k4yRA!zEUhEnu+Y}?1dGQ*wa4AgAJ_?Fm4bDkY=HKs
zXEzhRmXlJ-x!IxhVg|s+*jmy5v}K~%#}FJ&*nHK)ZO1=-Hc=hTCve2BUE*Z17AHei
z>9%fHL`Nd;-1<lIZ1c?DWP^|XHA~}b{cztU#F*czojGW9?o@W{REjD*##oJ><bhbk
z3Z0x%fQKA}AsX#f>prLkzJAjH=lo{mScszH9Nlr_JwhWu&?ehhfxL7=qsG$vhB(qQ
z*US`WwoaA_H!snpmhD(Fmmz-l#cvb$(xsd6og+lF2^AA;66?AVUOg>T3gNVNq39<H
z51D-uoP(4TWEh<&aFW4N(YKt~l^+_EnFw3$*h6@hC_j)2^O)|`?XkEOoh#RjJZqgM
zv2=n^!~<xjKa+5&wbiI-oc3eIe>Sh$@vp$KbD@Q}8P`jh_;_CU_$2X~sefr65eQj9
z$b?suh6ZVys@=NhjlG3F&-O=?F{1rbrUxizNIW6VZx!zYNLa&rv-#>6J{`mu#~tIt
z1lpghxS~rBNth(e8hra_9z?1rT8VrVhz<d#!GP>*2X*=mPOd#cr-;=B=e2={Y}2-)
z2pfGeo!Q;AkkSHVO$EH^sDFRySG*_nh?U)JMcr_-6<RQD*Wq^O&X9wxM)GcXPL!WE
zTR}$*8)XQwpsnlF{)@uU1V-G8czl80&3Yx`OjtzlyeSq*xnEGsp`6#-YD-O7X02jC
z`cx`7-1V}ywl7lgdR+XY3#8$Tn0M$X6C&%<H!E)&n^9J8d|$VP63R4|bM|?|d<=Cm
ztLr&(l#VX1su(`Ty4~=4P08UtOj#uigcicjb=GxK<~@$P{2?urV2;~fe{S4HL^~0Z
zyY6Yo@zQNv_JxN6iy_f#ht+stt^m+QY>II`<kNzWl@mDEEM}HoQVICo`o`5hjUkkA
zeM^Q;G}5ydPWmO@)~-46l@L;sg2<Pjd<rVjJhE?1i0$R8)?;$x14+k@<HiCcv_u@C
zN@d5|9}4Onl&r)@wH<;uRjsJvHlnToO*ST9Sld}#6}&wj>{p+}<>>-|X(<(vuI?o`
z-G<IP121i3rxK@xL7YA9G?@i=D$b$k3yMZ9OoF0c5CaD2#)z`(B%FU*$BQ$?u~$pE
zb+gMptI_P|efVuw;I4WDZM;@#Z4s@AN+-7v(GP=;vg;wH<xZSfp!6$$?0tzseOc`?
z^3s8nb&(u)L|?>qSuZf!YsgPSMLd-pjE@}tt=xj;6MdX;M@tR6PJ422aUYae=nZxW
zLl@y0UvS2hnxGS0M8EuSv`E46pT6~GG@^9xl(sJR8`9;+TiY@xcik)ZC6G$vr&|<8
zM8v#VV+N@LwyZQrp*L^G%gGndKQumLX+4AKb-0Y{^#vsqaL`EJC}X1QI&N1{me){Z
z+27tOO8=2Za3zs07<$_H*0A3qdE5qa{=n&bkL}qWYv1+xEZ?f#cP^uG`AMh7v3X3T
zDd!xPQZ+}`EbygN9g5H?U5$TSU6gVJ;l}pYcJV{;(*c#Kd~*;ehK84f<z}Za6P`yP
z&V0|~nr`p_KKd*we-A2=5v?`98&{L$R4~<V)DvqrH4TriLBfmJH6O?7h%_>vQt^<*
z)iLvqw`B_$LNx6aA_-oSoR*@0mx%(`Gh_QtLWQ#U5cDxqJTI00C_K@z8t?PPMLDy?
zdQfu=r-*~Rq+mUMu-d?r&d3}Ojr<9xygKvok5Ud`#s^B;Q67Ka*lZM-9HteNN5~|Z
zn7<#m=E@zwlCN+IyL5~f&HN1lpH4Pm_W-uI8#0DKs8<1Ly!h|SS86)=8oc3V4Z*hM
zcT#s1w`}iMhc-(3z>fvT20dn;H(C+`yZ0qi$cVlKu`|nBKS7>bG{Vr^NY4c4L6b=#
z;6>t)uaE1duQ!_eLymNT;a(0@PDvMGq$hRj@xmhwRC2s(VrHyj2S)+cI~5lQ!A)m_
z1FJWRiHZ`a0EU2fnk$VT-n24PKXM>p#1Z)3z+K2#Kb})PKAU|1X;c{{S)M{l9^Zv|
z{C*Pp560_7);U>L%;#4R4k@dtBmrTF;e<_O<mu@;gzPzVf|R*Zby_O&W{(dIM*AXy
zzVdlUs8WlA!tHn0A2wHRLa77mtwyL!_H6_QMRKq0MZymY4I%3frh2EOP@qSVa{n_=
zJ?4lex0T^*l6bAguW~2T*&d6<4xH|y#pGUPxz}zt-T`(yzB5!3SlBEeL<fM6Tn-x1
z4+yI!d54Rt?7WFtxAoO@dox~DD~K6olIucw=AZZpms-?0DLYye?V;vkbg>SwD7Vrz
zTTUKhP2PUBJt69hA=B8VT^qK?@2{7h04Kv6WS^0u2GXdW{s+lILmFgEW~SbI28R0n
zn$u*aFePa5TIVUqH8pTmDfHG$vATABjQ5K&E(JZuZ%TEn`2P4NhTJ}##wgk|bA%ke
zQubQM^W^DW2@E*)&DwXO<2m%}H)1Lh!TE5ge8IOjwsfVkN&j?y`=yBp1yvW(y)`$O
zwt+m7Kc_leVLdL$v2WtWy^I=EDWt^TyMWllwp8WDXDWXHD+W;G`?*(2Qo_*r0{)yV
za5GHzb*}zo0}a!kf~H&TzuY=#R)V7q!mi8eP<lwsMQ2=z4y-K7N;_=o)<9aBY2fE+
zNZbp%u$s7oq?8iOy+`?~^;nH?V337^CQLqZ*zra7Lo4BVv*A8F)XV}XnDk0k&*+^z
zM=J*-0**D&BCLCAstO&*Gc$e_Ic8hRmo=K8`MsupOB;P*K;>>oS1j|-g7+(1Y6mq3
z-)EX6IxOUfYbL*YqOob$vP=R!0?SKn<;_eBZBx?<Y$YfqHj~hWIHwgX(6#K*Y4TIP
z^NrH;#QCPN@whW$se1|^(IL~3_aZvv#JQjZ)O{V>+Vj{I#wcR=wBGKgjOlt}wzf5^
z67YE<e_-uuwZg4lcdKfrYgGnwHQTYXkm|Lg^~=8EjzkPefA*aSY1g;^066?M7MLx{
zH{SXs=*M{lhftvM!HXPO4Hd$=+*@@?TKf@awBX-IVoqpWxP_p%>&H%Fl9b5-$G~5@
zi=T`|cN2k=PftjPnoDwqBltfnAIYE=x>Kw50nGPPO(U=o0ckkoL&T&r#CUiii(=rf
zMLv~yfv!-_S<TF;_ZgYCm}Glg)ysS7wEXj0oZ3hIqEg&H#PwmC`E|<e*#=QlSCL~)
zRt2QxkA8%3>BxDqh**(H4tj7_K*7`Q_)M&S*_Rnr_1}I}H^U&X#Q=9~j3p{^6TD_#
za8ygQ-`zjtPO2kTk9|t&+Hk`Dq`t*Qm~#>q=HV?!T}%7vKLo)+0rvRKf@}fZ7n8>O
zk6Kp-DtL4C{MWw=EGIQJKO5+UbA3qv*-81^=|Y9dE#_*`xK@?`D-&SD;UFFQSJ#_M
zR>T)<DxWSsWZ)ZgkOARF@gGb{UiAGXsXBV(L63y8YeCt3e8b(0Iyf4x6{1Le@&M@t
zy}rc@1DdLb(&4uqUX(I24E7p$;kEa>Du5C%6KyuvG)lGMAdGd$EKBm%8Xmxn^#NX*
z%t%x3{vwR1UkL5ZG{A~?NB%wp#f7@QxQ6}et(3!x28;j?l;J*C3fP~G-f|cBIIG`)
zMCOe2*H9}7k~(@;GnSD0|J}#I?tkwOCWI<%9#VlGEg3>R3dQfsC2GKbWJ&Z-GjvxD
z>?{hhBd8dcl(wJFLD-nQ;cUA(J5{%{fg9}bz20?w7r>FZL%dn#=+5+~2YaTBvFD*}
z^Chjxcv=3AST&MXKb8AbSiGinnNstvIurMAGkv+~f7VDmmZf)6aiFdzb$l9nV9k#2
zBDX9|L^6wsBx^%c+O<mmZgDgKO18b(k#D+VLn6+wK)e<p4L<pJ<Av0`Uv$?6w3_O<
z!zQn(ezq$lRB*ZL>YEh0QSEe10<XB;_X^{)hW_^^<S~t;ih(g@avak4r6jZ{m*h0w
zB!P5@{w)6$!~2leXOGnvUu}l?6O#wBF8hz@<L6R~@#5xJJhHiNh4#B_uF})fPQ(W`
z8L{t&^z7<AU}t)>&!;#89X8R?uFUScZyAU)Zl{@{!Loc6LAvQ@-qbctQn}+rqV<?c
zVZe_P{VXcq)c@(S;U<tKqb?Dh(#RFd_*8F8;#E3-Vf>t)JPIrPC@^gz@<QZz7{b4X
zVR>F7FFlk+mJdo*ffW<Ccf=sQP+$}l&5z#^xh>pg4GJiF0NTVrPs+7#{<}K5QY%|*
zVYw6T4Ss;hsQZ}bwDv;UD}ke?;{zd|qMpqchqa;gYTLS^h_XlO{++c7xAh7)V-6k4
zf-5mp>1$)}myy#w5v163f9^ZV%UpeWGe$`fFT5EqK%70LDkd}JeS&tT3<InuE|<U$
z2V1yj(gUDMK@f6L@uc=~Mg^B*xbtc%d$c0RF_0=NMDhhI30r*s(jIDM8XKyNiZ*Zx
zzJ7B1rhS<ily3hD?wsd4e;Wa)%nrFX@l4WPKGyh5j9oKG3+1S7`&gTaVXnIKCi#f{
z$CL6!L4|}TFekBRW17K8E9=F+NSMTnkMI;w)%)g`*7d5SQx#SbG8$^#VTB}-=UfrL
zPnZr>=x`ib#9v|1L!|KY7$s~e74B;OcDBbX3gdg)7<8sP!)`h+`R$WHH-ew*sMfy7
zt-x}5X?3(9)s+-24%(ndH@_9br;(3{Q#ha%g%y3F50|~ZCfDOAor(40!GL_t2mxY^
z2Rpf+1^>ZH)h#yRl{%H-=Q*j$mswT6N<BWJf*vh5aru`2X%g|?6QC$@K15lFS@8(1
z>x=Q71yem<LC(aj##Jvbr#>xY-ioOn^;KZo!2{R0qQD&u&u?V&-6*59`eB*0?JPuM
zDWCjiX@|R;_df^@3RB-~1Jdbr_8HuhnlyKOlVv}->lAxNIT^C<p(UMPQq=aU&@;j)
z1PDg<N7i8^xcqvM&4{(iZn=HJ!Cgd;o9E1eb#d#Wyz{~t<XFWw;&w(g-~Rm6A-6xf
zG**u(FIB#=S3n-MQB9(nz~YI;AY*NNU6Bai<ox&=4IGd{umG5`R9?YKrf2EK=bzs|
zX2iGrTh)G$wr6UF<y9ems3XL0jWOy^w-Bd`ERlH`lXYvaVf}+Pw9}zHy9i~IP9Lz@
z$t7LnwMGDnl+DAC=|n7Pf5LQ<vu~j4($j1ij2Qp|*5;XieGMi;O%*wD%4o{!9JIsP
zj(5_gzyZrYAh0h|H-WxMYH5YMPir;<oC7=p6=bK8Wyy!SWhTSD+{e1$JeN;1OHSDB
zE&-njq92Kklp8f}l_bt3nq_pxAl=~0fvEgiCxy&lowVJ#9HBHk#uDx{Kf;1Dpq2gl
zH$M7C8AIO}^%&*_MMWd_)EM1KW=55UG6_~-HwLT~Q0_p`!3VkQd+)=n_bUThlQ@H`
zj<;@Qd21U4puo1dcqub3K@GBWU4!WABJ)Cnd!#O#;7+n!w85iJ?t3O8h&%bqv4R$S
zl%1>F3>~WxDJLxpDyr1lT9sCR<0?E6eyhUN$w|Rr7D1Rwv)}eNm4_eXII~Z90Gx;?
zH{UF400jg^NPmf`M6*0<TYaBFxxP|rsUF^S1)qJ2Q7pZLgirF!QXRH8Or`6;f|7Z~
zM^Y)}4$EBY)z*QSl#If-CWch*#Jb>zP=WRkP7*W;*))C_-EN)`ZbO2&_jNl}S;S73
z7k`q`oGia={e7wtMcDv650u=KeZlI|k{3eA{iD}N(DHHl#y9%x(K@D2J&PBYhU0lU
z#&*7k9`Jc{vp=GP_ikB%5s_q3b~&m~qCRXcjq|Rbe;<{pi*94(cUnX!OE3RD6Ke31
zB`EodseesDh^BGAPqK{7`gX51IavMm>pes0V0d#ISypq7M-tFwfv;KuA4|}gSEM<Z
z75iVmD|`>ealQ{>Bm%3DU>Q~61DT>3e3ZXeU)aFkTpr0tjk~tl!5l--f%_V-()I_$
zIsJd@^D4k~&~L*3Z9suQ$F*L|oz{?ym*}D4xbvz4krOrPgiftZ#FDtH`0`5~f#k>P
z9h0}N0Bz<t+~(7&Ec;uARUG}OT}1snq$pb53xlq>mEbbQHr8(GnvLTB%$J)CrPI}!
zHyFO8Uj1=8GS5Cr^?zDri%T)7oEj=WE;Vp{1>p&HQp|Vtm`*Y<FCi-ZM~43st^YJQ
zAI`~6FTfw;8D7<_%Z)6UrB&$?_)?cqM$&l6(zw~&Stfi!W28S5<gX2a+>AO-ertA}
zvTBvK{hSQKm1U%?$H3FuREtFOyq!Kt$zkT$9E2xM@9zcbjKRQWx?=BJ0+nVvqza6e
z@TY-hNj5_q5P6^Z)J3#-0a?F;86rC3mBv{0e?6`Zj#736y*1aDe|`c0(Yl>Nk?@os
zCN%pq2dX<x5^tmj7(#n!yAM{8#N0Qz$tB*sPTBDMuVBi#plTDgJraJ}?%KNPoWjV|
zrqz-3AKM9&zA|F(bz3{=lp&>9y-{(s5Sa?aNXST60;>(bz3Nd9m2p{|m<`_+TqU4L
zRQ`v5etbt-|DIqS@Lt<_b8QzHP9&}f9nv{b1cOasJ$*F^xu<r0dF0#n?E;st>GoX9
zb7Im&7DKBW3BC|4kM5tz`-F^bOby*aw1d;O+666a297|SU_`c}GVX1hgx|a2B&l8c
zS&a`DuIV~bscip){H@9>P6RhqKAZ!eW&5yE+jU+L>;Qtr>kAwo?mnrHJVsiO?NG{D
zhh;g+UABM<%SNjbhbc9qp?{sAH1JJd7`z{_`-C3TOQdrWgW}U{uTmekFMrdFg5ior
zl%!DG9n!9)@;?odnMI|enpl;qbb-C|P3aU*H28Oo_KaLgLp1KE*5~ApstJ~mIuq@_
zjPysqls>G<-no0Qx+3)l)#}yyH%VFzu7V<vHX4o2-gcK9E}FEOzMfl#`u(dU&gXrO
zL4OSAY$q~i?sP~P#dgGT##^O#E79hT&=Os(;C(Cweo6+fO-5L|Rg{B@+mO3<SWUDp
ziRMo~ASz|T`bZnT<v)9)|F8e!v}6OI{E}skI76~_s%LKWmLIy74Fm<EGwe6yveWD-
z7m`UPU-Jj5k9JE)N|1#Rdf=o-Itn$e6km^%po;ollscpD022Cv6>CFA$<-6hUjRVk
z5k!_-!BdZiT>!=U|J^G=ZKe_)aGUr%sUSBN=@qHcW@3&=-eCzu7}vkzts?J7ZE%vD
z+UwzX4NaO8N<w^_ZQrl1VeV%t(Ca`Xo;<}ruu8Y@^ysaKC3R&IU_g`bviu^Kd_4%Z
z><%dK<oj^y&C;yf25I`j-Uz!s4j0x`f9-(d3Gb_)5(_K42jNz=f*=b!U%v(S2DpK$
zq8yfEECPgJyo4AnM_QN^;$#XUw8~}SxRKIfIz!f6JUq#U34HxQ-C8X&`d{jd5#-!%
zQr>I+3D=xvAemLg?R&wglSTZ9URaEBwro<DVUTdw22N?y^-<a2e@dOiIP$Ah7qZ(q
zcJ#^Dcdt3uDo%Cw`37{M^xa|1Rv55{m4Mo}?z^U-dW_U{|EQVW#B}XMkD0xF`q3(u
zgp!dC0~C+znUpnO2wbm#u?JK-!8^)YtO>=(Iui4!;HCGsXU@#_xac{@%k<i%-+ons
z3YcO`aS4fs-ny+itW?%?5?%Oa(D-;X11Pd;J9(CSQfEltK%aJ7pI-VX-+Md)cMdXP
zadIbCFJ8O+HecS8-3X!W_%=WF9U?j*uMLp5Z{4)d2j?>UK8u_Mnwlymlr_c0_0Y`H
zqkje%|Gq#`xv}kNv`4w81Az=1itV_~rM+0Qwt(_aJo<Eq#L|}t&+OtK;$6hD<Vs(*
z*uG@H(5q|_azZP1sq}#?HV_{OIifM<Sf8GfWxewj9z^121P_|<8qN*Sv7lmYmxBbw
zX2yy@Hp^qM-i7~+a+_3xmH$aYw)GHX=`)r-x*KJSed<{(*r*hBKE(L0Fq`m$q1HKm
z2<vkow>#xL=m){}WsynkI>@N;)R&7bwL<^erY|MwX<b*3@uf-xuqSA+`;oHu<1k5o
zWktr#<4#UZZOLZ}-re&#Z`=4@j!E+nM?1X-B?-H~kgJ3kNfpVa#yRAZM_IuJK;Zik
zwtB)uFpJOXHeEOG$`*N8$=?dJ>K}CuDfcDF`=tz3U%zh9gKLX)O4LsF27#F~k}1=D
zBlo>;^OKrBeXrC2YI6oul;~HLmgmxtVEeiyrKM}HWvLUc*KQ)-&2U{9tt4yk%(&{!
zRhvk^kP3Xe1on#yS)6%ED%QF}Pwtj)+B7};X?}cf@Pq;{ZU9{A%6Gn<UOHU?{2M-c
zLrjkLXhd^UnAo1I&SqP&wp&pLS3><*>%$wWq3umz;qw3_>5s2VdQo*-gu*`1T|1yT
z>4E>BIf>5aPcV+&NinH+AW68I8C_gT!a|pMkE@O@i3Q<N=@|2pStu|C&pK?rf=|KE
z&5TEx4<}EH^Av*q_451s!^M_VX6qSj)HkE9dXD@VF?fs`QF_(JJz9BVgbXY!75o?f
zJ~RL#*Rv+STD@+r>)Z{&C;0SgR{2N}L@F!<bNpWGOkZt<gq^rm1YX1ludESEzKl7H
zkV||uJ<~azlXEb&KiqPlm$AJwvSN&hvmBu)tV%&`hIM_SoV<!0ZN8!t1Q!iboWWOA
z!d0vomFt-Z)}n@-__T|iO!?RQHv)S<0vf}P!d~GL3CSV+TFp??-n8@O+M+7Bo|i|1
z>J3Z1k~7pV4<|RCbB$(b)<0MaUFJB@50}wI>2W!dlagG04$2#v+ODQ`CTzLW8w?=6
zp>0>?_O{-)YoQIU^RD3KY(#+Mba(^wwl;vUo}HNk#mhNR*y3AF5a`*du>?{rMi`!S
zQ@EjBNZou$kMH^A@fl+RC=c&~3DHk_Z<n)HCje|R9$0X4UUrhvU2EqCiBr0IKUhsJ
zr7K&Z)3uURI!$iay3lCyso{B|;RTrdb>9^}y*!10co<n*i?CmA8^y%qa;1dR)a<L{
zwIqS#0tO(XsINa@%fw9#Bo6b1%I^Gx6;=1(10T@*=zOb8ryAyms{2lhex>bTGBa$0
z%^b(+4CJ{kGcj?4M9A|p^WnI;(zG|~tvab!4#+3mLG2~~;_v%_53Ip7FaEFs?I+N3
zQUd7i*hC`>fw}FwH9dLTi2q)AnA}N!CRHm0_>zNrAw_&nVTZt?APHQL7IfDSa&Svj
zy!JV7jCSNBG51zu1MT~|EqWb|>|@;@%Y$nreX1wav$X?j^kL>ss3eRnq~Jf^%suzB
zsMc;^E6)*(C@DdGE0mUg0?BeT&-9qISD*cbLZI)8_xf!rsJ<wzlyEh@bE+>lP@=~b
zn{oYBQNiK{^e514{9yXRv24K!-~8=J+hdq-$HwQdx^LR`Xr62IUI2_?BJ}H^8$2x*
z^RqCTtyA%4wN&)gY&@2BxC*SgR|QGNZ;tEV{{aTaDK(S+ztmtJ9xi%ME)lD^*-JF+
z<oxGW*|>P^3&b4Jl8AwQ@pmhA`H!v*prj96>a(>FovFKxl)||r#VU4^_gi1iaE<{X
zm(Oi$)fx(YDjj@St(dPPyK}{#kb~nUl)Sk`io)z7hCu0P<I^G)UEpTPebJ7)LR-=@
zU+i<eJvmg4@?V$J)sExJmh(?Hn))7J&CJXS3W1kr1jy5oeI?|i?V;^BE-@aEq0R^Z
zGZdXtVenr&`&p%1MIuZ-7pfHR2KE_mqj=Q0-nru9Ka5);JBI6%oc&SX!@JH}y8`^K
z&Kb~7!ucONNu+715PZ!IYj4A#Qe3D}s9&(snkW-q^PlK)*?`I@Gauq9^-VdLkX&Be
zk@%$wg9*=>g`GClY->PSP2)yR=<XZ@D9qB9GNV;B|7W-#^%hF)dy>j;o43|Km`%D$
z)H$0Zpeh!QhG%OnCsq~GxzT*r!|7@tAH8>W$MW2SPTOH=CJGcvk1lbNWT<VWkTGQi
zEPpYV^ofq?Z#Z|&9K?>i_fg&DBRsxMl1X@3*E7;yA-^%ST4Mu-2b_K;ZJC-bIO5_b
zrY45oPa#iMYGe~!il#eZtvT*AwD!Emm00?N|5X}kKT}N~ot*5)2iGK!{Xvgm{n?OI
zmj*{eOQTh`3-oty_^D8xMK!Q{T%C+GoHPcaRJ5G)W*AyUG`sDrTUTy@UrChExi(AH
zfB)KiCTMFN07AW)sr~)^mS7YDMeRn1HR{BE+{5Koue-~=i3Y*v+l_;Z^K&t}OG@g5
z36j?|jLeO2*=J__h4rLWZPp3L6VZ2#J(gK_Zh{DBlI~8V3w{U{%#5^I={vQ25WD(D
zOl}WpYT0+NU*V0;MRU?8*S7=HN#OfCN;+F%KtxP7L^dhUI?FvN?*vh$1H@BwtZQ*>
z-z!rQ1ZDyX>KZ+gmxeF-oExt~MW`3ncopg9zNrQJ8=3TR*c@uvwVVhO>9KH^Y4^;3
z9i;zK9~JSN11g{++j6DNN9g6M61aK<TZgNWhK9yQyFV<3F7R}9aME%yEJSz9L7f0h
zp#Ra1a}kE^Lx%pWLlHGVmy1_uL-2S-aoaCvj67955Es7gcrXGkm9f1f<*TIR82Y7A
zg%&ZhQcc9mf$XB*M!>4yyoe?%=Y|9|z9e`pZ$}x!##(>t^x<?;x`ZSeZ8sbRS10+_
zLkey4`f<Z?3aqQv?<Y9S8rB2>%|Kg^LSE#(4w<{(SRyTH*2TfQ--q7{hSGX!ztlj{
zFEp^4nXNQh;gK~E`}OwrmR%jpVCX=6pQ^}TZu_)9e*AdU=(zDs`1~&wjY)5mW5!?W
zI2lER|CkbUw1UDVWuqP)ZL8<9T(0M7CEaS92-(Zci3JIqLywQcosjWIfc=DKwu(A=
zF!z8zdRQA|eJSPKB*Bui7sx6Y$6=(MRlYg1^}oOuUBWb~idJ{|w4#Q<6sHprZU94c
zC+|L>ol|A4$<lVrU(tG@sJ6jl;xXE)MBa3>*Y%5M5u8)T3-?#-A0CD)+r(x#ITchH
z85vQwhtf6K?3Y_U`~%FKv&}~`L(PYO{@Dtr%bbmij~{bNl>vDY*Gd#%L`}y7t~^u<
z9bvxn6zDybdb!X$=l0&Ai<{Y+jdkV7DPl7!aQ}W1ddJ$8%abT&2LGP{QCM*J4m2P(
z-46V7i$EInS(ER#vyn12qQfcg->NJ>6c8Wx1y!Jk-vMbJRUUkAbTZ|w>$Or`j{hv4
zop!mLJPl<knsXAp<#VK@qEp<QMj&h7a`|o76QT7i0}d)Ef6?|9ubX4xX19~$i^G}`
z{qGqWOT4Ck<9r&HJr9}=Dk0D9NNuR$o5ZiW_%PiEBj^J=8Hk>_6Ppp`MttiE33P(Y
zk7b7mV8i(5NkpvSa-?i8pfFKXS&`q?#Ni<lh;@$^>&4e}mH5#QyT4e<hwHmH`mYPg
z3S|`f2(c4?*gwY=&Acb$a<LOgnclO`PP}fzB*PgW5d2`9-Bg=i8yBnjMjF>`t3K4P
zoE(bg{CrbWS=s)-;OJ!4)zZ@XU^$*o8Y>LkTkOSAh!ZL8N`mc?{#Eyo)+xabcN-OA
zz9Dl%ZbC;x!Xd;sxigD}<^Hm|SlVqeVg{D`?oi4NET(!91<uAtKm3Jo0R!2c&(3dz
zJ@w_4CtS~*A?Lz;_;=}|yws1b*1|X;=NivK!{2ycPyFZWvF`7~-@oU+>pwjJ6Qux9
z(YS>l;18uUUGWRVH=n?hk6a(^HYxIwaDV?Xiwyna|1T5#An*Z^jU>76?b;WO(y5hF
z&C1`eF!}y07HH|QsvG#m9G;K%y30YR-DHxPO8PSI1JmLY0Ry*`V+^?!zTepsg~U7D
zBpO>K)8*W|+#~{VI^OHUa^rUvL`+^vQTB>9U0<4^z&%o1k<hZAIBvcPCOd!i$BgUj
zsx7Q-p#wYGPtP{~9EFOQ-Znb+?Y&X*kvIEbQlR+t-(>OPSswXXS+UVk1m1TRo!%xq
z#-j2PnD(8EFW-(A=j?ZeGoCVi@An1|zcpLWRvA4UgIx$1XRK(<-J0vg?zfD3O_jbh
znik}yWNkk+(g0AYNkum*v9mVo8B<<lWD)!~9V5~v;q?1#-ri{A^Vt=+eR(p~B-x2`
z)eyRtv-7oisW_kkYnl}+l{8cv<BsKcIYX}Pg0#)&;i$;TL87_8f5g1^*AEV=@!$34
z57#Mfrhv2MduRx`-b~W{y=UJ*5~Fmb?jNVi47cUCEFeZs<9FS^?j!TEu?2gM;C~%6
z5&m@w#O8`hC1a8+oJ{ZWKYCPHP(jVMz>ooOHgiL<6J!xyu!G$*Lh!DK)ieo-(XNp}
zxAeO#5>MGd0xRZv=#|eJQD2wZ;6oIJ0i(kAmT-EZdc?uI;9n49CLUncU{oCzh!r67
z3}X@UA}dT36x!o4MSKcDU0ZNl^k3OAah8>}Sv+aW5P(Ju?F#7%#c=c3$#81|uTx-W
z-iF&gOW0?CrS)=L0Yl{R6n}%qbUa1EiRtf(Z~qxZ7t0%&31m>lTVIDYlztC9KJwoJ
zC;nrTjwiryQq`*Z8M$XHG^v|z_@-%I8`1JhsZ8!m2f5@oIZD0z_UPCS@-_qmUnaP}
z{b4nqO}~Lv>59i}S3-~cdcOM;AgjiFL|BoIUbfq~j$^H?CdFa;%Oc#QnnrKJ+)TOF
zN1u$8PrFy1whQ&P#8tKnKs_|%<>`cVq`$wIoX=@9v-za0`LYv*)#eU?Io`Vqlw6#=
z!|FXa%l%r;AVUpLo~^s~!W#*jI}0B|+;*uOS83zn#`Qow{k;r5qQG>-SjmD$R~hlz
zKU|!sWzSFU!gi0A&SzM^is*iNAThm&GCBMr-|fah?$k7hu<Dxu4s@PwhBMO#?|$g@
z4&AIMNok~I)ocdE8K`xaF;*B(<7s9e@Hf}ngnx~-`O*-h%obL0@JUZkZ+QHdTpzPu
zlgrOB3sexQ);Z1BS}tU|uZNFU=rz~t9w*2sI)ZbkHg*<BD8G#7;qS@HF?{?p5J*WX
zgm+<J$s#&Gcmx4(cdX+e*9nO~m7zM<Hup?Vp1&;O*@s8K8WW9!#{2P;&hqskqtV=h
z*rfcQqNg1uKJI~UC}Y)j@uwcOejOI3lliiX*Q<db_HOF2rJ+NJ$YpcrMud+c>~LLq
zAQP_q5nZYo=?EE2c62z=hZ4()J6r7tT+#<&fF0PSf%~YaC{(4F=O+w(kF6wPut*m?
zBl0DjA}BPC6NaT{)?cb=V>XxmusjJHlw%6*>)pF7dK87k2qa64zdc-mw|`MVl~+dV
zY<8S_G8~DGe5&w~Jl&j(1bKi_H70Z7!e~UIDq_szCe~EKMqnZIG;09Y#oFny2G7ZO
z4c!XRv<A-t*}}J^7wM^<w~-gV(WTAuVu4Bu#pqk8)2PU=){iQ=aTk1>&SOv3;&HLv
zA@XuJa<#a)*u-wqdzdERX16zIo~7pu!}^hO5A${K3upG;uD=&BIy9Gqk(l{^G<{`2
zRb3M<h%`t^NOvjS?Mrt_NQ*QGN;ezn?oR100qI7%8)+n^yWuXrd+!ha8E3D(X6C6m
z7<TM^>r&#sS_CxWyRz~|?K@ApM`s#hA8V`bsDLIY^Y!Qj@jDNa-MM4<u+;HO-9&w{
ztd99s`@|Y_y}*iD<ngM_!41oAD5Y=Sq_G(xI1Aph`s+1;vWz4C8q(-!bUCfbardue
zoGY9pmFEK?7WD$p7joiPIeU$&Iy$L!=HuBip?FLwV1L<XsnM|{N!ar?fiA=4v!1@b
z{*E|g5GZa}^W3pL7LifYhQwiiaz9@1X?9$BAyzyn`sII58k@w<K)8N5P`1TveR3yo
z)aXsG7Pk|;+2J!pLL{(7*uV=Wj*PikE%m8;dU@HLAhkvM2YEVhEx&i+G9%DQk}>w+
zSVKm;;1{v12!4Q_nMr6WV@RjBVb}GD&=vG;YbY7?aT+?*kYaY@bMt^O(qZ(gMc;y|
z=!>_SJv|Sk!rx%LKe3wsX@j6hd;^cF-cXiSm;V5rabIo!j#%FIczdz(aOkYVQY1r7
z2m3$8Edft5IJV*^@kvF=D~U^Wi97(;Q_1kF4>1m2AJ8+MoIc^?Fu;1bzZHZYQ&>~w
zs0*;&xw{6G$OSZObkI|=A?r?gmo;RHnQA-o3c1_AKp4{|Zn{)xQ~2$5a%I(p9Ub**
z%-Kas*Pl9C8HSq)|ApOEj|TcC-_6ZX^Szx-<C9mZM)C)0EMsF6TkwEvY;Is9G>Jf~
z&5kBRa{LdNKpZ?@=2#uNpa66+GS>|(CJ~V~r~SFACQ`SZtQeVC+J5YUja+d+WVR<i
zl0EUWx$>n9EkSA?hIxgodk9rKr<_R9s&iC7#X6yN9gWVIr|z~Z_ccwPj!9IB%kScL
zjF@QcPzFLQ{NarV8$VApDcoAb6Qa@*6#`!k^?S>=s*y?Me3aTyHTOHL)?)Dxw@zs-
zzJ1nL2d|klh!Scn>3Iml!!p?Y1xUS;V7meUGLB7~aM+s;wV5>-rI|HQ;w3f($g*lb
z8eF>^E5elgB6W3j__OU%mLw7A@pbh)F`#C>(PyI~(4Z1@I~nfOr1#58MiJ$?DaCTv
zeBGZXe&UBXRAG?=$yad<t_YHvJ=?HODz3iDVUi=i^D4QqUq<+NOsISJZEu@8It}fe
z8(i_=>dzw{d@_~Bi@@(jt9$57WF@WIF5)o%tUeiuI}k4>H|r@<gz+Kv$ba=zO~`dz
zWM=CqHYO#WpZ&MB<aV`nn)-E1hi7?iw}AF$>oY3>M8IbFf{Iptb*sVNqO`(nDbWDj
zISo=_wD;tgtVi?J1y|q+R_<=LGu!9|1ey#1slNN#eA45{v*K~~h~x1lW|H7}AdmL2
ztQ$z_R5l-8+b>I=1exNU%hVIqL%=$<c#FE?T|yRzQ$gJus0?#ygBzRsLYM#&P8za?
z7BpuiLKQRDip~VF`SwD%k)jCucwa#71ead%i<hw$fhuNQbN0XQYNyy4EJ*b5vx;cW
zB)GU2PZdmbOlc=ghu1FyNh#Y3cX-otHykJj*H-uEtBnlf5U&oy!*7@B-MEA+@Vx^9
z0`?~+Cb07I@~B8Xjyt{q<}%zJjMD}^jz@Z_v0F|R2H?1&$4sJvXCV=5gjZ-s)Y0s1
z8y&!f+;AS#bsiYL=)os?VwkR={Q5%w4?Z68`e{GiOifJ_KOocaeQ`GVrO#(rmDfa+
zA?U0cU#hM?1+!J9c5}9I#wLkR;uy(f)24LmtEk0gt9}W}&i*VRfu(jEchn0-zv_bN
zg4q(bs!D6HKWs7k=3PCyeCOHVndfpA)P`6P@m?x&vA52X#VM%?J=zBcdFk6t+_kPy
zbE@b5u_-|{Qc4Z;eY5;$N{N}z-D%lyJ_#ftq_Nk^#vj<(xN*@BMp}L}RG&A@!bg6V
z7{hW>_Gsh!^y$-kdnqZ}=0|>JsKss9!sk{jOZnT4>wKhknPi#9howI$2ns3Wu`d?w
z3JhauIloN!W#Q0e_w|vVP8GdtSlL0vS1y^RkC(l9xVy4CSZ-;WIb3R53JVXPB;>Mm
zxXMe^4{-sAh*Dl&UTyP1m|9;q7e+k$OT)Jp>=WHa$*@W4xRJ4EQ&J+H5E@ZJ$B4nF
zzITOIZ(l^2Nt}=JHHPfVjIdXTL0cH_ZKOi?zTTn;FTI-1(~}OyK0U8ewiNKBezJ-@
zLZzwuZ51-&mv(}$@OL;pw6)+naj`b;qnl*oH6I5jwkX<xo9J77)+u%(Diz*07TH;X
z#?a%CD(qCDR%~lmAjeub4^*hS`TOCqfR?7}ewe4>VNsd|2USjv_|LDr_-c+<BO`MH
ze1`h9mVCpiFWSfYf_^bG*Erf5{_}yS?&%G+EAxiwgoATEe_vP)uGSla2D`le__vxV
z9#0QfzQr14w>9b|8f?PC!iH3mVf7!nt*NO){9k)Z$1xSyy_@*=#}qnRXPiJGeWKPc
z)G^5}ik{3Pd#BHIex9g+hsuwMUdL$CA<%mDH7LcJ0VbLrdHaQ*%BKMiR#wamBE_Zl
zM$&HmK)AiN4kn~Igcd1WFOqna5rp?dJW*CRR`rbvYZY(QvED>}pQP5b*R$o2H5M4T
z7PI`>lNBH-S#$I!UK0;u&Mj(b@!BdtRFkDiq@v;@BOLe}h~b)&)EC<=o<U1}Oil5<
z`}&?XVH6t&S;#4D%%~TJf@xuH<Q1ZsnKqxmWWJHqzlA^lZqlVUx+exg^x+UEtbVX^
zgg1Ebl{iyVa>mt6sZCkd?)S&iO)IAHt~soCBNx2kFr~MeF1{Fprl+|qfd*+foWeDE
zFGfM3@=_IsQpHIy1Xp1#ne%Jr!(6v+lNGfUy-fN~wR<b`mlYL$yCl`A3ttVsOR|iJ
zzR!N~%}(UYjpV*Jk2PGEe&C<*p9U4vnE$x^D@;Yz3b$Z3Y&fZD@J5^R8^e!ZGN8#3
zVSSQ|OUo5U5_w6{3Tb<?5Y7Ez_ZWDM5J6HB*uNVXcJAO&_l4peYg9Fz;xYK#*-8`M
z+If^)1Gt~dbq!ZmL<Mtgx&j>RoC{)`1P*ld*x05gct2#zS6Yw1SioZ<U~^>LwXhKP
z^Ec^#&<_oH@xDlHz{tqR>g!Tt?d43Fj(bv4QtqEWf0o|}x<JSCzeDk*2nl5eWrEi!
zJU>&*N||zX)}Cd13>cNtSGy%3y)_flj!=k6%cD(3-<F83))F$?6(d<#{P%I%THMz<
z$>7o>gvdKL@BNr!w2&<cJ)twrK%i7rb^{ONOKm3~(yl>g;l$3>mH73lJ63{Y*^W2d
zsR-Hcj{oru&&okA%Oc7JRhRb4mQEx2ZVL783U_<3f?hDNI)=wX>*-gNS*pQLD^U-f
zuB|}<b{wdviw17NMW}enIi|y+y$tN^^;jgs!zG#xt{03|JYTcb7-3n9RsHiXFG1yu
zFOFmVMfnNShW)008x`M<ioa3*2*-U7Pk_h9c)KTDjSb@NnV-hxQBrC=KP)?OXH>aV
zW8=>EO(h~(TwERI362aMM3L<D^^tZtNAjMUQj0Atq;Gou*&Iy7sI94y|FYD0aiLXh
z>VJ8(^5n(Wh8`^I4GL^0Ag<u}E-?GCrOJ0s$m5pxDk*{FCt2!NpZB?k*1I_yJ;v)s
z_~=QflxdHj%Kjz!_K)qL^_D<`WuKg<kX}Td&WYhah_cvu+au~hXaQ&cHEha<%R7*H
z)8l?l6cEDYcQv`9#qH^8%I@CXbRC<~JDbx+mnhP3D`uU27ep5+j;xta@5@asJh3Qk
zqlGhqXa%)|ab8<ntl4{vyShlZIQfyi&dVf(SXo(r<i+CPtho3_ETN8S|6Xd60>HtK
zSZJW=2f1oYXt^p|)L@nMGV$FnYuhg?88-U*Nm_BEN9inhOpIr%R4m}GrJY}G=eCKk
z!@+6SS_PH_BHECWa++s%sC^J+`8Yqf%I83zAr_deQPO~iEAjC?jN$k1;sJrN(HRkt
zc3A=qHMJTB8k)l^@Wai?sWw&gfo^1Y_+b6+sEte?5bvo|FEVUg4A6nbnBG`m>Ury$
zljx}YiU|&G*g;e&k(eLYuUMPY7^i+*HNC9wbbF6t_jP2~C!?A{kErwhr!NNP(OPWq
z@v>yqaom^?W4y8tKN&UNNF><?8DykYef`~7g_<Vh(~VoMi<bva^GUcl5=&S_2IWp!
zmc)^=DQk`e-9tYWmIncWxyVs>pmL7WT7}Lmt_VwFr#<4Gf7Q*~Xtw0*@=N=|{oI0(
zRn~4z&N%$<j%C{CM0_!}6|EtL6zH2*M~jA61`w9rxw%GztgSLbyl!a7I;5@k+MVa?
zR#TqbE|)nboK$4KL@Kw0!F#FPynMSS#hc4FCF+cnO6ioRQw$o=3B1C=LGsPz0<ZId
zcKKNhW}h+pJ~45n{kKn3=exOix!<^{sY{X{wx&y9=wG9BE!2ITU21l<Um8y3x#DJL
zAJ~~GTWA2}`+#Y?j$Gw?6!ZcU`5~%~RNoXvU0x!1##d+EH4;md_G(p9<?!_SyE&^S
z<0;QSyqb@tHdJ_}!5F{SRm-qvnL^^sjtAH8ds#C4TC6_pd>M~oyoig-2y>t?a2J;L
zfMQV!St|5V|2X*1*ocm3B*tVE^&bxtiIy?ON>yRj<23i+du3D=*+6jP-BO<{${t+u
zMCm&%P~P*qg=D6C?){K(A6}`WN?qG$8?Ri>PrW=VEM2Upmn|J3#mP$`d@k{brN)zi
zYza;q4ex4?SC6+hX55d*a27?43#$qWGN4aF)kjBd7Kb~1QNcJTgxvCGvn*&vI5>iV
zuS`Jg^Ea8|8W}+;bv6ob&CH5*bf^*se<x;9ARr+0p`*JdB=yzGCDwcGV)JC@^h+y^
z@;`xB6-uY@d8a#g$n8ideOOMEhafd&qCpCS|7r&|2<?+;gT}}A?=_y3B_#vKqp76$
zVZbbj{@=V6La@Wq-S|Bv`jVV4RcJHdc!C<Ma$gS>TJWNGp)k>q4i=?y4?^;rqE^u`
zERqni6({e;SN-{~Nx$y}OXjQTQt`jGfx;37A1HaQzIq>#eRdXZ@&26>%vX<&{hyTY
zR$iNdTH(jA!A(|kw_jq{(ZiJ2mE~{I-hS2d5wapTM?8O1)<UUnA>&HxV`bgoS|oj=
z`OYfjv=aId=x-Nm54((0)L&^<d%Rp^bocqnOVINj;eeRuZ`wcvWA-=bDV&BIH5SdB
zqD^57!Ciq`chj1UNfueU!C}TXsb4`|?+P^U-~BLce&ELVY{X}K{jI2cvUh>#=;SXr
z|Ddes=$Y-JI9Z$C?r#qhG#S*?pG*zEH~7Ol5<y&yx5mMCz4?kHZm)=?LFb_sn*8yJ
zf#Ul!N=cwC^M7eB>9%HctMEPL;*_ke92FU3)eAP%my!1K+7VaQYNPX{sO2TmFHBhY
zAc+ia*uI;;{%v^9M4g#WY!N8_N_3r?i1tmja^{kGeq?wXECp6$x&)gfi}bg&`YF1%
zkbBWI<u{?*ua`calZln9W>w_qa|n*9?KMhSmgp*YE?WePt?zu4Q*ZM!eYw@jRGQg4
z?0aj7W{v8R-gA30_y~`l%>Os-k5hRe5bepv=6fPn<7{2=t}yN!o7zhfe6enO^d!wP
z+0n;`<i=01)0VGu$Pfo=bo<A~q7tkZCZL($@CAzL=95Jql9%4nsfUGY-TsZdzdq^R
zzdci$Dqg=EyLqQSRA@0N>j1$uq)9qCasI4+JAQ+`87P~#zO5u|2=21hXH@p&Fha+F
zm}EpcBh|5mLDH~6;=4P1FNmAk1C;!I)Ry(MOa8E$8g^`R+xnH5t&K0;w~{c7c0-*-
zm0O>>M4hJJ6`P67P_L!N_E8c#Up*z<xh`LQR1QuO=eA&=oHY3a^DBaKa6I4Y7rvZg
z(N@e4wV>Y~_GT&zM^BNw`n3V{I&R<O&RrKH@V=iO^R3s)r|^crY>Y3hBa#PWtl9DE
zwvqcx=lW3+rNB}or=H5&=eW^YIyynhdap0`{c4UHV0dd}u0Im=NfhbiQxvL`B;B?x
zVt2-;Bi4zJVR_NFT}zOnp`m><pN){Q--;`)YabpA6@hMpuX)iY`m`w%2Q9|)(XI7#
z&1dsaBS`q;QaQ_XnYS-6gg=cXv6bq#ro}!!{^oC!YV$H-uK<|PMz5(Sd<QZoU2co~
zE+6n+H{$zu*yrL$Lo59JMSl2C?QhL={*P+0acCDEA|;yDHk-2S6F(nXQfjS3uhRH*
z1>6&?S3EvMfa5NdE};#cFq(wfdO-3uYtN{~Y?gcHL@0oi)86?LH(Bdt-V4&j5hfYJ
zp9U{6AM%aK1{)5QhABo<W1%$IP+FWW`3#z%+iwbKCx|%c#hj?kKSl|T2@!itC05Sb
z0*c_@-K)n9C+qw>Y;>*&mhbh)@kU$LrgL*LW;g8H7DnrQ5a<5%bVP~y(;7bf?EI9|
zf{C4K6uYL)`Sb(tc_LC{Xp}Wm)W1;<dt{6s8d%@o%jfoKPtB<QbRL2zPxM**H(v#y
zq5behL_2n6qt2gH6<3lfWa-wWw{schcO+m1m$pEOr6#MHcdAq`b#rgF`rEw=sffqN
zY%4H_27-z{SS(dhnQm#jQSBlF1bTfvYryAzN?juSls1U<$7H`%`={ScribWK0J@yR
zO5BFAjieMR^55;JWhf|OYdKxu_eft-Qi^J|B8lZpkyu%yBWN4aa&&ZHwt<(Sn|&i=
z{I|^vW5web7Vv=Th-sUtAj7jQ!=v>V?X}frgH~?XxWv!+fW*n#KV_^&$*)sIC6su9
zSXQIgxod3pXC~qyrm2rU4$25~t~r*sc`R%LL5x6-A!LY52ENaWF;n3?k;?i-=Z5!x
z`)N<V)RLx{7HDKWsO@t0Ch|85j+b<m1z8?A*zjA>`;{biGZsGCHhYrI)iO5CFSU5{
z-&+1QM?mCllz2(T2dBH&sN9y^H}rccKqryQfNFC3en{oy4GUT=q0<9nvxGcT$i4|o
zdnL-X2O5O+U#Aoe*PDOb{!WL=ACzcJP5LjSu^iHbG`@+byecLjn(SX9$&?5k5TB@x
zPA9RtI@-Sa+Ge5|F@a-!OvoMPKbS!AHUe9lZ*1nb{}JE~bEA>I3%{OWM!Doka~hvl
zT9Lj!8UY8wtgvU{LM27*ziFxhm2~aA_5Z%SbB1gdR~6;aoIiiA2LKw3y5P`o2|cy8
z*o55t+;4Zcjy48uuiC$t>A<S2&*YlOY4h`qPxK?Z)6o&m&l{4@lG`&y|GueY6*j2!
zc6UB9B`Gnr4!_!;cQ`&3&6iul493TMel0?O+|1_qjpa^mACSfLaf{VQvAfqri!g_w
z4tOT8kKAvwG4#tEg^=AfsUYGmKJw>udBP()>K#fvwYAIbM-L%6Z<c~kJF?8ktUdCB
zk;Ji#f=G#D3ZB=Yk2S_f0`z#7dbehgvHju!e?2OZu(cCaN6wB-v)JJ&cXqk3|6Gl{
zqJMAvAq3_9KOQ(LBcx^Y7AbsvRf0+dC@ygL4mrY_VOe*fKDYw^JKafV1=TrBx5Z&g
zRKGFkwMOS*Z(PvcsBV3zuB_Rpy;?SE-x+^y&}pw`MnX5oeG%!^8PObHdlyby+UU2)
zx@i*vwdbQ+Nr1vqBY(p$dD^bwNgTj1Vlsqjj@w~h9WC}J$I_|bVmdIqMuD744Mrm_
z_F%^s49^5nPXODU)2WjlRVmN;`WgjZlai_daF@fj#~0$ia$Wakv|wdGS^VQPSMH8~
z)LD!OUW?_k4{D7{x8>yK$Z3njSPH;kNm%vv^Lw73Wclh6B)2U@-&hd5bYE6yBn}!U
z)PA|cYQz|<@Vj`&wz3I%?~~Yi8(Yg(+UfSrp)EF7XKGgCh3FEAO#V9v+M_`d>k1ro
z4rtAw!5j3XvxLxtvx}CHwmeX0E<XKb&nkx(wPyO-Q))qk<?TSG$}h8G51UOUZG)tT
z=+pagc$p%FwbolPgA#_XfknV5Hg=96i+HA-ZmO2)q~<M?tbZS*9B|#4ryQ+5?d_jO
z(}M8Ic%a!;t#-<=C^KP>`|AjP+mqthcewlJFK@1FR%UpG1zDqlTin>b0KObX8eXK;
zKfqHVF8TA|Y6Y3kEw1}|@j;5qa;7^=uc@>mK~XX9kcq8AJ07Sllg`)Q*8i^aHhv|O
zaynRFPkwQqnUMpjGB!ZliVb&R=9FAC{y}5Pl%itQ5n3~a(eX69i#do)>1mI#O?OJ9
zB3qNLXS}$?Y4PbXM1&LW`yX$^$RaKH-k8a%*#LQoGW7iXd~pFkQ7M?6Uav13FJO;+
z?y|+j!zFfytbcw5%UOrBa9d9e?^jpaq^4-BmBY+6u_N@v^k=(GDU+?UQbDJGYWiqv
zq_|MM@}G6qsan*#V)1^9G0H3ZGt1Re)kj<PvhKD#29c1KSE&i1UzYlADECyf8!`O<
zx_|0b%8o0XmA2I_3ur&6bWXqCw_+T3!)kyynzEXMT8SHU6#>f4AIhxY$t%qMc6QpC
zr^({;a1R|X{q(PFZ+}t!lH3Ew3*<+_MIQU2PX4}Ox1~(b(9m9@JD+2F)Ne`Q=tb2$
zalb#N=<xD-d3OU#i8G!nfvS6VZV2jOs<f;_QxdiG%NGKETS_qy831*W#%JpTB#dvD
z8#0H>&06R1=V3$b-j)doNlD2k$IC60a$DFCnF#GhL-oV$QEL~#fQ_!M<7HnB{y6M^
zTpQe$m6LSiH(=4~T+?e(7FvM;1?ljHGssI=_~Xo!sEMj*HZXj^!2@q-rr(i#>&4I&
zra(&$K3<!KK9OKg`z6`WJJwU~L;**Zdc+M$3WWk0K6XNXSN{#dOsY@)ySW*`kcmRo
z9NG!ft#;JHBsE==h77E<)}(bIy%i(s{o`vIM|~Uz91m}#pg#^c$?+{#5+XraSkxl@
zBR|kn^eg=?LM1JKV!9&<k;{vO{?KS~LnGt}h!z$mAkb(QF#;-A{ncKedz+V_+p#z3
z%4<y~avCh6`WZB|Ki2}u=4vb<+=HdXovmFNO^is7jv&#jcIe9H`MCEInQ`6q8S`RF
z@LB9G)+HWqcj*=dh2C)55Fa!;FpS>~1wRwaH-bsRz7pIl%-jhabc#VgHa28hOht?l
z5J2%fzwu{<tW^Cicrk_G(|ruBDgXaj0*%Z-(X3TyxlCu#YuVQhwEDxv`i|ipb5bD}
z<yFVOhf78aWKiWnq)4HSb$Dt4-BNS2`S!n*lHN^;PZy_~U$mO={3&&eyQ*|}n$3o@
zf0bF^D9Eq-ul>Faj;6=W&(CK-Mn-P1!jD5yL9qKm6y_pEzq2zT@FSwkyi&+Odda~s
zv?UcvJe9i=wLw<29x$>?_=KC!K2@522`g=wCPXWL#EyPK?GU=COz<WFK9US+`;vR9
z-9F8xLdY%p`brmOu_eWGu^r}C5nEQDh0&5rSA@mu*9g4v;7fd;s$k@F_e<kH>%VC<
zJ~CpIT1|fjjXW%a&A0CZ80SCzbKEbZ(&8WkX|d?&|AN{?C>|e6J)S(Zop;{XwR-N(
zl@ZZBJj^%Rkl0=w?i%aM=EWG@UD<zm@*?E1>ajX%(PY$GZ=Rbf3*8>ea(P99(%!OA
z*Wj{+R#&d~7trs;MyK$F*^0zQ{M?W#w(wN09GSuAjuxR;qVcThYKUt^fm{j%xK%%$
z;t!1yKCc~2=;0hkWqSnI&8ss<YJa{aSSXd-P^FAePe_nJ*aQV|e^j9Y_DcIM1P#v<
zcnbywtzN=f%iooJ_U04$3Vb8->k?up@2P)Q0%0nIX^546lcDrU{3X@j#Mipj`l^CG
zc*NcWeP@7!#;LGR_ze~MLUM=p<(Z>ir3xG#BVjUz#d-?b_?{%zbJYl@URkMDG8;X8
zAKg!U*RkvM&dFTDXKn7wKJUvDsbh&Kc@atUM^ox~EDQE*VFalUbf!+f#R-n|`}Dr>
zYxD~Y_GGkYHIl=g7PR%L$(Mt#dM^*26{Oi^&%}0LL_Uy{G=yMb;h8(tWofoWMS1bD
zRkzL>fu6^b>De<X;G8fo1SVZnMUhUKs_oOE9zc!uXMea3b=wqWWl<ROuuZlSMJY1g
zz6KMxSfhm2CmfH-d?FkEf{<&X$Sq!;HU~&i;Ouxwh=)$=mMP1Ts9MaFGQNG<(|BdG
zAgQUOL<<dNgs1!Zj%?*(M3C`!Ysw{T{G%$?Y7-U%g4oPbQ{vwtYJIimE<<LDhv#s4
zyt)%Xa<hp^w&+t~fE!Z~n;6m>Jh9GAptz4~z_-gGnUs&)lcmrAhne@HJZ;3QTmgZa
zi|@|X5LWsF$-%83*~G9T_4!}}jQRY3#(O~jQRPj$WLds2VPE@rs3q=wMonrNS8m$2
zsLV)yT2EiqNUU!x<_a*|u8<4shppkac63ebpTAh9sF%mZq{)MO3)|Z2cYPNdlcswP
z?+^r@S?*|g$m_|oWf@<*NX_)qM1z@9%Ss!4T9cE>npx(_R<4Y8xMs=pOA_AqW8Wb-
zhl}G+_xtml&JOQxyX`i>{?Xvp=(dx*{0y7DoE*Yvio`Z79IH#moi6nN#%?SP_#SJo
zYl^l&zp<hIqE*<$&b5R8C<(@UQs3hs*clq{#2F?2ZYB)V|8dj2y427joGog9_riP<
z?sJToYksA79#Fv%#}l%u*Xqt#FT@~<w`nr>LI=7(X&7IHIIKA>m+FlhO@8plm)8Qn
z6T$wyK2~t}_w=@QDI*C4uHtW8Z^0yMV%EF9JZhWACL92TcqNKJ=E}y!kt6l=*nBt4
z^X_4n4)nVaVHre%zRhz|&LH(B=d-m@kq;%y(2v=|ms8AZS2O@7Yl#IML(Av8f_-a=
zDk}BR_N$6Wf)1;$026pJ$(|lGw+r>hI!^&T1oRjmj9_+&0dMKoAyrjunP2AKf00Kc
zQ%se-f4I9rgg<y)z6n>*aXgFaEX0B$M&)8vW_}so!i;w^ZDk=$$E0;_{q9C=YUt^*
zZGYC7y|PgM+|%Avh_nA~3Z%)Rd&@&NU23=?Sorw`oIVx}t$^2n*Tb!=`JVo{BQ+z!
z$(48oxY<I8cM#44<<_)c{eP<2eQq=~3HkwAc|LxDpY)JlL`_jg!=s$wlF~{jH+gwB
z_ePpsPZd4Q!;b=O{N~?5UBkCqhjCxI;H+pY{jLBu%Ug$kT$XBE&{fHhp!=!cQ35m5
zG?yYVU#I_Mf$LsL#m<KQW7}P9hVW)JJSy+*QKtIZC-THeqYde1T7}M1ZREV)G}Ix%
z0A;?G(bLiK;&+LP>I%GhJgBqhDu5LwF<-#QrnWp69WN{ie`%v1HY^_NZp-VAhUfBq
z@qK-Q*~AZjCm~oqsG5|4&_gW5&T%x?2}rEQrxVmwaHU?Ydqg-4@Z|BqQlms(p|?+M
zZ{WWRh_6TnE{lpf-*95_61+jZD4n=Q6eq=>PYOwaRVi8fr={{47mMDD&b)nY>h<h$
z%ZXM^(4Pwf80SmX)3yEi#h?i0Np~RGv45JP*S|brsJ*v=Bv$Ki-y$7f(A>;(#AFKP
zxDBUp+J9>w>40t0C^Mfa#+|7Rnd@fsyRPSbM(zoYdoCZxdUV)aW1`xD`NZZrLfkWw
zqW*6${$;#q2ajChvudq%+6DBOh>VQ$Og@|ve%y2C&~DUFa8~9D+siFCe>Y?vAJ-6n
zmFcHL1`Ch<RBNtP&Lr|~O3rq9@N26t@RdS(;SYZPa+*Hm-{O-kIhBRkCM+<4QLU9c
z+^!`QU80>wkz&KIZHf^8P5$A8>5+8q7o&^3CHs9f_J$<u<H5c#b-e7$by6cad=GDP
zzY1+QLUmUEbiev-^i9O>D``0J>3~BLmd*vCUL~R&Tisxs{cAcp?Rt9bEfY0%bNp{I
zfyrXAbRLxoe{Z>hOzP@j5Ct<PHm2VFFGBC-(I}yjg^2_QBH}+To3N@P1|VCpadYQ`
zL8mS+-))bBvk?#=SZ^PwGh1Q*cL0|;LrAC4Sx!c!L=EgV_~2Rp8B-ZmSlVlQNPs|A
z;f;jkugrMQ0!5d$NB#@o!|mx(Q?t9WdEv<H#79@O^aN=dnB1iCrSZFQK6x)BuEipM
zE`TNw$39Ah(oz|Xf5_7KkLT+ed`vYWHC<T^+WR59xUf8Pl=n6JuvLZ8Pf2->PB5n%
z(N43`g#^ajp1tCD#L9FuC};idY!K@?*Lb1VCfZcBZv<)QokXhYdxgaogjq`QShxQ&
zcyA@6Db)5vJtZpRH47;*03vpAap!P7)RmXrxqQf;>=+K`YHbC0_+<3ow0H)8-kH0u
zpnX87*$9&B%H_fCOdX3&Mn*h0-1O9P#`N7K7AdCpN(9MEGX6LgflLB2NXbPRbM3$X
zHaQ3HOFfQ+X2|%m@ue={bbcLo^^(QjzY}OOsL<jF7*3ZvyX41=ijJa($6c*R7B}f`
zZ};YDyNfUj4sI5)z;-Uz8x+~uXZyH{>?zrmBq4F-@Y>({?Z;NK$7`f8g{)qrxw`Vz
zst9dDt4*|b8A8k+X`&!U2;r%te*B^_Y)G4sZ{SZ9tg5;sY0M_-(cy?WRg2p@ZK+~e
zV-`Ml<GlYuFY_*{{xa}T%)uV2C4BWj^8#ZQwz0ufromqQB}u_6D`rh`mv_95heK2T
zs1{lX%dnAT!W(MJm;gYjl({*UT25zM3?{@kMr+f?u5IlG156nWt*zZRIWZOZ_}Vj(
z)@C_9+yb?9ptjHlon)F37t7EP*qA4ibeUtN>LsP0x_`Oa>ow!HP$UlSE>_b4fJaTk
zm;3_`@pz%icd|EfPtZ5(?S$%wLBVTY+}GXsq4?YEYNh%mcw+icx>Jk$9?dm4K$K@I
z8y7Dj!K1|!5*WwAdgp$?l|e(jLHa`@xaYK;g!Rj>Z%!lgR4TeDyq$=t-J;7QMXNBm
zCWvdF%9n`xygbCjT;sUWca)E9oNI|;rHfyCt1)f_j5Sn51wEQ_*Brqy!Y{VIxcVBx
z_KKO+((sZmfS>)JnsIynrYJ)FY~TH+=PmgSLz*z<3#c+pGT2|a&QL5sKJD447_7<i
z=(<{|w*TAX(M!Z*C0Rf!w6lMxn5vl0%2}M&$^f*@)wwJ<zznPsnQb3k+rJ6F3%jnb
ze=%xd`E?X%anDG>t|6_7#|HD;D$I8PS{W!Q+j4L1vsrY>Z#&_=Kna3)1(NeotEUAt
zpRbUoU6_)RyvAmXL@E}5NroTzlp#d?ry+I_3u{xTRu@nhP1D(k29IQ=tzoJyJ14E5
zMgH(`rb9nU>Ud7^bMF<`f4{%wl-=<&wf<ANHOF@UcoXQD2}Mu}DfN(ZAwS*|zbXy1
z{rcaPVO~in4>!)mv6xxcucPWnBEk+R>~qos*O%yr>y!WyH5sLvCjI|lrOVNzWglm0
z7`gRvy2~NA;yxJT&tFh{O}*vboO9?#0?SEaSF=p=^Q&9YGQ2!>idM`w?_N-#177)j
zuST;a+^lRe1iz9#n-Q)X(&hda;XCFw;!<ZvDO^BjoEVvo9}#jJ1I`W95>Hq(ZK=kH
zYe$mw_f6j>r~9(9ka4!MYLojJZQ@8e6%!Y3ylQY!1D|5Lz_wL=`D{H~PQHTCRE<UV
z?;dQIRTu!k(l9Wj^nzZW9_-D|H(TPSYL;c29{h2*IL~cL#JA>mp6S0E$JgNIMoSe;
zHjJgS2V~0!gJiusOAHdv5Z1Fv#%j<ViMu&_!{ymHQb9t7-%Dq|y~SR}$;sYnv@Y%z
zNfKIBR5WtLK%t@yu&8K(OY=QDDNEZ>@zX<OmrmW*ile&=eyb~-Q^j`%vJGc;7UsXp
zK2pxW6g~0SxL?0W<8;DoT9oxS$J8vbb9Xk5iHmyr_}}Z--q1&FGm!+@N=9zmx{hu^
z=U>3}NNT}$dO*`0{jWAfxs3rWqew@+*bfoY38@n!BohZy)+Pskrx*6&#B*Gp)J=Iv
z;(3~EMMQ*wDr$6diF;T)Ri2)RiS)Yh2mQa=<UkvM?SxSUL7=bT1Y+2)9~-_mmU2TU
z6wmDNh0gfw5)(k=;nl%ne=wC4uk$Ij5)Mvuzp)w{TUJ93l{LR(C-8%{YrjS&1K;XU
zy+S4D^WgTMsj|T_nOFjT3vAG3sQX4E+aK=u?AOH;C{^`=q(3@>PBhnG2&c}(WP30f
z2uy2-otbdPo}N56jN9D*Vrj$9PYiP-F(B}tJqt(RgW<UC6UZo`?ov!);Y}Bh1KAZQ
zraK#l5&jW0HXlBG&}wyI1MgbvzdWE~*oXyAIR8^Co}mvcE%NhAc=lV8Ss#2cl71Q^
zlidIVjNJMT_$*6?V|gO-F8KdAndife*^^pCr&da)vrp;(fD!ZE%7*S4nY4`m+yApg
z8k<5bNKlj2hZY3d$w#LrMs_{LCBsgE27?kS)JYMz_@BnulM-0<a88eDO<4=AIAKYt
z0^ZYHAr3)E*vaWT)e_usnsvYOkB-;Epa(~Jd07?NA}T^|i_XPJ;m<%;+h44YCL!XE
zA~2|&-v$No+z6l*jneiiPxo6F_sJXxDpqG{kZ!N0Q<}Tj&iwN9H_{_d#j-Y~Chql!
z2uu3yUO^@+2m=6o1YQaM)xOMKxt^TIQH*MisRBX->2Uja4lquokF&&HUf*Jq5=cuf
z4_(-2(9+sHQ?4&dA;Coq>F(#x)(vxun>u54A5@%>p!Mn;u<Jq&GhTecfrcnd<}`i@
zyBGwDm=~;E99^9g*rArwm4zDN#iL|8v&9mDHcRG9RYu9i5uj>;1H>S}^QDibXm6^T
z&ey;*K862PB@Ok!i{~cK0m9AK$5$)CP4<C#9|}%cxw)Ty;JEvTnYA%|u2LuNJ%Qvw
z-|jEjz_Fg-Z+iOMw{im)C1?0~tq2{y$YgU-K}l}-sS%*8>LJAsth#s|i0vm!pHIGi
zK{;@HznwUsVRv<jtMb{gr)?*|j*9A!<8J3$RQ!ojbqdw)&9J<9TpTcXR3;1Tzb$Y(
zJze0B<1@eJ7Y0^7aP-%EBZae}oF)O%<z<K6B_bmx-{N}rt2rP!fJ6ZEOtyNSn%yQ?
zE=Us@1+eoOiyE1Z<hrl4_6>CSje~QkFzkA^05)=|6-oI-SHHtO6Ty_(qg}ot1_t7V
zwoIT{7?~UURhPU4;?2&#wf`LV*wGRk!*rQP|JA<Xu+P7S+JeJ2bfuBDMaB5YNJpx>
zecYeW(9x5hb_;;0QM|3yC1N#mybyxh!0zRwsEC%#5h(fUm0M<{pSVo)3(R2l-h3}l
zuj7kNhxagV@tG*O_>}P8M+58}{QIfzrn6Zo(=JD0!TU*M-L{>Zg5*nFPV{xB%t3{^
zvVmN=zyB6QVj9dYUWV6#J8fk;xVM#CCFI~H!<oKEbY)0cZ?UJ(AB~_uE%N=ii*f-=
zr)EXGr6>Fiw=4Vd-`>Pwj{$E`(P#uhDX=+GIQE+;UJG^hF58Ohhq(JH*~;`k2Wp0f
zhMzH*XLF0~;Y41$H~H47$)i?vK$n0s_ye*+&~upZdMBL6d@L6^$86|FWSw)vjYCp$
z>ZH}`dpC4qX>ChJLs(dFpY2Zjurh=g>Jb%zV6;<Z<VPydGjO%i3##W?wj3TTndrYG
z?Axqyu*(LC8kW239~wpVUN`J!VxmDv$ZInfdmytHdwtDDYibG*<1QBrUnAtqveNt{
ztYrUEqLz^B^W0(sufw?Ng^FnQ3krC0Y`3lkcV{mVTc5JF`_49zr?j@qYpoZho@AF#
zv;#jK8Zf7(j+Z$D<#(#Z=N_q=1vLeg<nT7xu;Vk)Gf}X-6+I0%n)m;5?RBJD{V?TY
zPSPEaej`;DFt|2KG!Pl8PlpZ}Gj|p+e^maAzZ>FXeYSP|PP_XpD&DuPZsdEXeezFF
zUaF@y-hy;|3=AbheT^DrrC!mdW!hL+gacdZB}ja3HOgE?6VFCbtH&Nw#QyTI*&a$X
z-YiuQEv;5eJBq*0WJkwK!7B!a(r$$^Rg?JChx^?EPOE8@y6p~Wtv={ZxEacnGaIGk
zVEqC31NcWLYE0zPxpW87(9A8rDt&Nw4-m$Ofl<*eP;#t1Gc@#QHOB&0zzDy_@IXjM
zwb|tOV2Lif88&v~dmw$Ck5s<lAmBDaFc?Xf`$&pQ^q!!?Qy7<6&u~Chg;HIc79y8N
zyn4!bsx>_jPoA2DwuQ-om|j)Z)ESZK-=8MFN%!G<smkDD?{JC5k%NJj%j>s<16{8~
zv$q~;;NajuTx7VLXZeSHB&l1<kH@Gt1gnd+Z%6c+PJ1TuUf$fS0l@&kd4EPqAt3oe
zv!!b*Tvk9pRp_L8AP6c}XMBw!;cxerhm$iGg!j@Hp{3-zwLk!Ju~zrwfYG7Fya6B0
zaCCP!5I<E{o2QfCToL;r82=a?<ipc_*RK_5du#gs=NJHZfWYzc3QQL32@t2Hhb~nb
zyaqW{5V1JkU2Fi!j3IuF-&1jq!om(@Y}pgC@^aF~s<vK(GWXjb>+NV{lrm2{Hu@K#
zMmw4(@4mm4g=FUh%v0sEIlRUyB>7%QED9qBgRt3)#l1-5erf%GuH?K}f=?-!;B6$4
zyJT|&8HL#2a602<BU(4ckKPZYggLCe!T$HQ`*p}%QH4r1?So{5@uF3QN?u4rvm7ID
zPk#Qh60_`!fCbPE(DRQMTGLDLQK2iC38`bl4+XEN^j-Zs{`ROBf=C&H9pAH)zqj5A
z^qt<{9A?i1eQcIz_LZmpVRv`s&8)%v{a%IEY3q`pkgc8Vc(IHQXqM*NijUWqI^kC;
z!bgAWfo}#t0L(bq##lK?dZTkeWE~H<UU*O8d(m{r$R7M(Neg@+pP$^@fUTYrav($^
z<FJ;AD?DLirxez=?NUGDJadsmonPM$I^h#qZW)zGw{593OT?j`lcm)MMl@G-7w@<@
zHw9GTLq2Y25F6!FF8SRlAOtT=_|_*1`3Q-oME(oOYC5_}39Wj@Vq@HrvcBJVUUW1T
z5dDv}YLFK2ASTWT&+)3CRfgSDMPW(&TqSjX+h@w$(#3pf6$tpO2{Xh3)EY^wljSA<
zubR*Cx2!Ix_1kwC1A`ZrN82;CR{j~9QOy;AOp!D?4${2<QZn*fTjq*J`IL)-0_Zqq
z7dQ8}zwyscE=`Z?Z8>XM#G(VSqoOlLW{;Y?ptW=X6%*Ni1IG1e#L^HM**ohm1Fiv}
znj}CqF}_sLsa>DVkvdsvO`j%%(hOd)Gr>PT65exnCh=s=4#M9##>F8p{V<Wra-mV-
zLpp(9Sy}5pOF6H34Ky`@$Po35fu%uZa+zREFKG{q!<8{!HQHE}m6?P@16TjY97zbI
zzvBY|huy#3V~IFiDyef%sJm6yin2)JHCYw}hH46KnE3$nX8hH`#-Som=52T9W6uC<
z{Po#ilB;?>CMBjbLm_pp+5#uyV1dJYkrxC+k#p=uV9K>x)1cY%VVW<iJ6i!);4UuA
z{JN*5rBDfYMr;1r+ffwf5HY)7ZKl`2_u<sDtHAD+K(ei_WiHXO;_%c%n?pWDl=qC!
ziK9&1`O)yO-)0@21XDBC!_NNy<zZ)zDjQ@CX^4w8fF#r5!!4WRnrN|(mId*h0SzBR
z@H~~|H#%BLmMg2tBAn;J9oy8Tf2gVdY$-36YK5h8g#xD+LOQ>oX`f9jtTscnURP3(
z!TK+>f`uK<S9Ix*qeTAeGqM%0!8+(E+=TBwZ2wPvv;oLe)DXw?qLUC4aGSkSNKZQ#
zCPPN{qy*CfH>OA~fz@K1QaFXpH`EaRCHyRv;jZ+~4sz_WubWd|o5d*Bw_Bu_2Sc9C
z(JfJ|!wv;d!WfyXe^dce;mKsTZj!Xq4%IDxm}8FDhcy?MZC9}dGQsi1$mhg9u$^f~
z)8*WGND#JJ=uNk_)argRp22kInJM)&-!g*3Pu%rnq;w?W-Y_8}1M=G1+QZ$;+uLV~
z1bDoE2uz&gadhl6Ed@XuFwLEV47yhk*;WaSoZSV!)@(`d7-+1+sHADK(#HRL9K42T
zEV<e8&9xTycj@f@^#abP7$^etJ^`&b{(;hplWpsi9Nv5@|DArYRlpqH`&#B7Nf&qD
zi2YkE&*yEy>XhNy#K9O}8;9$K_VIYaX>z8pv=T1*CPnMF2ao8kGOOAAC#WwvES(Rh
z>q%Oyq5RtJujJ*!0}l~&{ap%!G_GIh8M<C{!V_{@_?U#N-bWN~JSSi%aOl{L*Tu2_
z{zV3|XPailj1B@L3($t-GXylhcJyurAtelFjvf#n%{FUuAq=PZ54L|NXeQru!N&eW
z{`{gcQXKysKeT$LK>}WB75MMSH?>H&P4iw{miy;Cq3~Qhevn{!FB3)7nQdVB(2Gd~
zN42$a#1KVKbSNI$8o=>5AJeDo)Z>90O@uEIJe`~~|FgsYlUg1MNt3hLACQTxnfwpo
zSR@1(Ouju4zpdt2ovau8@(sKw*eVDl8GshdiLaQs)f*`S<^Q$k$}ji4-5ILRX2&MO
zm+BkO*~In$ESdfDKQ;XfZgdX&GxoL>-zMi9ml0y-48B;$p}x7K)(`n(_EYp>Vc}e9
zOcW=dpI;b_>C#UVPMi4{eeibkq9^*N<5zrq=c`Q7Q=w~E6Mee%Tsjbn?%Xr#6j<f|
zVa&tM4Z&wB*^zNn%uR&HC-h?Y#Y~sURoXcn&Ta%`R~U_*pC+fay4(^dlK4cy9k1s1
zWC5-TGH?LYh^?%3U2t|hApoQi=CX-<8%a8xMIwNNinKZuj6=P>bWHye=fj76?b`Lu
z-AVrhOon(_#oIgki50RB92{%S!Y-^M<>e58Ifc|6B|vJ|TfP``I?9m-Z;Z^%rJq!C
z2t?euL6qR#*&U6L=YScAkFy7^#DkpJ-5|?fE(`3fgai{|MC9O*kmsmH5)g<l0m4@-
zFP|#a(foRK;kAj|44Pa#_>1eS9rsZ8;mUJ}Wg@+w3@N8$;<OF&V_1VOGi9N&C;lRt
zZ_Jn=$K|TB{M06SIo1L9=K?bziiMJqM%+IHyCjriy#e7}v3ic#)1$mzeN^#8cAh*N
z2anm<TooFj0A8M|%+!2!8VU-fAbk*^Qp#JqI?ww6SBd(a?wv1-)hkB2?ymT1?CHEf
zIOs!E+qk`IOe|kLWKD!vXWcc>6OaLiu)21ja5lrws$bUrl2ot{wAFJrrDS>9mv6R4
z3-tf~95pX_jnb;u829k>n0ny~NV>!E@u&8o<d3^2M|pnY63;V3R^AjYt2r&KddusE
zhCxQggVmLthgokxWc4#rGZ$tf2CifP*IweiX^&}kZ#QJ$%*q@`Pik5F@mt{Ce;dfk
z8_`<jDyV<1u)YT>Fg#{5^4r#d#i7H*rlC?8v<*ArKea}uiw!k<6B0@|aecwM%+COv
zc%ja$bFU&cEv`E~iQx5{Hz54{kH;oVofHa4skP#;{KF}!kSclZk9uvrG6LX-%YEfH
zsoU#%i1*jyC6Nwv7apLHI?=n3D(s8+q2NE?pI)JE1z@HMA%Zo&QPP&hiu97VlXy(o
zAf4^juma)=e=9P*D5<EZ_CAKbA|YTmdv%e@H91I3P0a}Ryg~AreK=;I+ID1WF^vW2
zVMLnc$NlHK)LV{B8YMuM;cZ1k81>GofWBKWq#0W^duL$ZetMw8#7eqLsw!ed+h2uM
zSa@CPa6uWB@M1e67`r5?k1}v!s;JAG&4_@*lOF+h4)?AtD7k@en1rO3G;=qc?O~V)
z83Sc~^_TUtye#L$#q#V$1AF7z`Zo$Vp=SUjbbD2xeeti+1(lxy3@IW=vmChK;^<aZ
zAOZaW(0F6*do%#OUCcIRdxp}U{SMw{EBp}RP)9w(?Nx7}tvP_NN7?D%Z%^)A*Z==v
z0_Q<Iulwu2x-{+=`}+j^&df~w4rBj244erAo?z@8w`E@yEXzb9p06XtK;`-6&eQgI
z1mzY$d7GqB(Fi)N{$fzaj{lfhSd{ZLd@T{O)~8?}8Mhb`5W0VFZ-(Vi<K$jdEyET~
zxnRruqc7kT5I={*ak$Lip+yye*jUI9pMg8ozm%?cct}l0gSE3a*m1A`LWsGN{qyn_
zA!H)AK@o?CATL1xRGm}4fW6ckqn-^8h@htCXSVhB2-vFX=>HABur<u3pHtK#6bk07
zCLXi#-R;Hx<Czi|1PN|7j)a__PMci;l9ev;F029N_W5T0x8P9L4~?as0E&t>#U^3T
zb9T@a27rhInnFkvY=7uo`}cYb;y$v$#A@fiJ@?Qe&id*$kKqx2(!DTLbD(mY>eY(>
zsuW-G0Q-im1Z64EI}e@r%EywWl3_X4MMWR?AF3^UpXBy?+Su`WS9?jNOhvM<UxgGZ
z?Xvp%R#nAcVr6Bep(3vx4yV$yvnw;cre|-Pm{g&E4L0P4N;L8SU;8*)><^aI!7hfe
z(613epoj-Z(x~-M!a`t>yPy*V%vKr#IWxp7`e2~}i$rgS4-k(3C)NQ9EpgUZ$1?&7
zKQz{@_i*V9o;>*E<o^i_aLP-62n)7hWe|CI{^76hSeqDiO#vzM>R$;l_~ny8mA7Z6
z&Yg?tOW?9(J*=H2;B+e0e}pOw8oLY5wxG>_XKb~VpW4rN9Z1-77iD8<s2Ndz`uX``
z47y`u<N7k|HHL+Ug#6^FuKc9;?OXI;k<*hk4{4+}5|M}^(p<FAP}L&i`JrU-G(oLv
z@@@UjzDmQvi51pO272{R(FHQs=UCS+%`RWm;JNi!9$G>MU%Ib-jp>hB$&$2w82t-L
zh!<f#NM<3DGm2j)ng1w$4xynxt7Ra;mtP>GK{{p0b@%v~O4a0Se=_t2m<x_>p1_0t
zyEXirQ4O6bvsiBA0?CX)p^|Sj?Cd25)D&MCEGWQHkGYSLyJ3*(mQGYooL;Yq^<3>I
zi%jYwff1%C<i-kmQW`(xJo67o^<V9Ph;L6pA?_DocV*gvVhg|o8nIAH^kl)Fges3P
zbA-~?(3-Bf`3##F6_p^Z{Ew@8+b0W)O`qeH=422<hI=n6+9|auND_?V_c~iHE~ykv
z8lJv`5eW#(O>K{|9=gPGbV^%~WjZ&A>B29}BEN5cB&fxF2gy+ko8S5{a?89PdPt?5
z#PUMQpfM+AOdPb`AN$U5wmqp`jK~rPQWM7!kr)6pFju>SYgH~GVavpbvcl9kH1VFf
zz_!}7!3SFa5wQh<2DBq^Fn#ABZy`ty(*`E;<=G^G_wU}{Cr5v3pUs}|{rw#d7gnIj
z6zM^2U;K$Jr%Hpt1>Aq!V=3z?nYI+Ye?UID>Rs*+2G2h^Jo&-sGG9MOa>{B72}oWr
zF6XPTDrO^5=lgGVcXtcpWS_SslXG(P2hvoZWm<DASj1PxCNn1NZ-7jDIx$tGR_pei
zqX`?^<asqKE=k_CBSg(d9TO<>kVlglMl=P52j5rHex=MU(jTfmM{c~oNCHL!zE8GG
zvj@b`d)K@+j3fAm%99;JtY4xpgb+^D+gJ1<FTjrJ`t!*;JGwB67+{}Zv!NVZ>gTL1
zR@~hD!sPOBc*IiEWTO~jOWbAOrron(x}6~;<8>JZgt@;!DcBZ;L^*Fw7n|MU9p7pk
zFAT)jSgw#pZV&I7&@AWzr5igP-|>)`Y$QX$Q%7g({s;nj>*8tGnOe)Wtxff8_XLD^
z+22Z;9-ZakMD{YQ0vG%JtC|MC^9{vXMrB0TCEnkL(t}ZC;_}uKftn>EU7(toK4=NL
z@5p?sxy8dS?+T$1B?NymzF%0~DkCz<=l`|7r!T)-L8Bt98;VJzVHSz}9~?SCYSLJq
z^H&c%=G=%H-tm;&0;T624_75B)OgkY_&(`!kic}EW|Ws#kPs2OI&|2dc^;<;H^f8l
z-nm$GBk2>e`5=OH@I@$i)LMWWExDrC*1!tb8PpX>Hc=#nA=uoqJJH0W?yyr2><`W2
zv!m|r<K?h79*w5qGbUQMTba`(H`bd2x_PDwX=wzvJw%)~)5XMQfX&@J>yX&7T0S%t
z)UeXDaCC~stKGpKS2H><0Vjbp*$%l&UC^B>0vP17OnN7lDs6DCd&n-!V#Cnh;y}TX
z<oo1)B;J9}T(9Cm;MZb4hK<8)!oD3wNa6T5<>Q)Ii+~Y+;8a}PJA8Z0`Lb6_jpJ4B
z&VQO3Kdba0M1y3G(a=zGSTf(UU6yTNd}RY@0jiJ`SZKZ<qX3yAzhr;-rMt`DEe0Zg
z8tdbVoA(dHiGUPe)xB*NlK`a*G)?B8+#I$29aBUMsN!GWS#EjGp=E3;Zx&A%Vu@`J
zWyP0RfozxP`tScNMHBn7>lJpsMiBRh4<^n#Y=x1UYI5i1<{q!bG3YjZ%R2r~53$3K
zM!Ce82C=~<A*oG9k4#!&=TDYeyFZSo@RglQH2UUrvF0-vh}|B6eh+28eq_fkRA&ru
z*ohjH`VSv0KvWiL#}`kRe3+iVj+d3t{qhd9dwx`x|G}?c&rjlZeiZ4*^l%LiKy~Mf
z7rgb>M7<a!6O9bbK*Ix;O|}uZ1z<tdmJRI`q)e|t0L3-tN5fGOZ_VLcG_Lk#Y#hyY
zSLd|{G){TA)S3>=;c!Bi(F}#&R?k5R+tQy@Tv>9j1L9z#>Dd_L8B3nTiqw8Sjf(6F
zxH&Y)>f+%8KPJKYPxpb<>~&vnpr6lTh_7>S%F|;-dk~+f#;@EssbdNi&a2Pj!Rqyy
z$4ukii(^sT>HH@HKJasO)+L!Y4~Rg!8?%Sn!S?|y>;AJ+ulv;l9!%H$D!(lB|B&^S
zQB^iyyrLi>h|&$xjdX{Cbax}2($esN2na}bcXxM4HwZ{5-QAscc>n9J`{90)wZH>s
z&OEb!wfDRdRXMpGHp<RJ$HpJ@olz&6Ymu63abLNfZvs`){&GX61pACOhh?y8b<=pz
zY@&h;MBJW~dG%O*he`lR0V&o_y$mLpuS0Fy{}+gW@&`vdCoktMutZ!wleE!mJ%z(H
z1Sm$J($aXf;d|Z#QAf59@UP#v9FeGvq)lJn{@`)&pNz(k9+3F3<0OroHk2Uj7#fmK
z3v{&0<BZ!MZ)0|B62FTWe*mc@BZWESzHb@AuC})vyJ>@O8F6`I*Yf0CH{<lm3)ISr
z^Ry@lF3;C{FBiyK-mfQEsJ^#{aS4HUr3hMta*)Nn6r+}g6cA=n>lm@Qn`M1px`Yvr
zmeVNFHXnU7ehRotpB#;CVd!G$xSbpP#@37e%dH&|@oW8bGZ5j`s)rf%rd-N^N@Nxa
z5G9>TOV9AQ-hjA!OF!dcn?rywuhSAZ>FP?c<u3jSG4@Ul(eE~BmQ1;-7Lo|)R6+g#
zuo-)$CG)x7#mj9DuPWQxs<u;dvSm+i{dSQ~{!tM9hn`*WrAX#`+TTc$nVA`?1@`Re
zbym}%E%+R^99%eIZ^;JiOelJ5Z1l8mFN{}%F!vtrFN+1@=u^8ocbr88d$TVygwswE
z@<saPi<bX#KZS%4aJTUSl7JHo{poxGx+}^HwAAFH?hXxfim=LBZW;C3PGti}IN4ZM
z_RHF)B)F47Y^o$V#e9A5sTB(hAL!C<9lAcU1z~Y+Vk}XxH}J|blxeG2Q0Nxj!@yfQ
zBY5v!N<?Jb_)ibSu|Ptodq$(G-tmCIi`U84@lcltJ9>H8SF!*irzulRClZ&C9RJtC
zGCpx_(T^6o_c!L8R~LjNSUx|y&y(pK?-8|ehzP$b`;TOc7ASB0MI1pE$|NJD{qiib
zzuxr}hu4{LP}ei23eMQ~K%_GdJwt{w{tjkFGKd;8@jDm7DLTq}n8AN1+zdC@d+RCs
z#`FE6JVZ&zXxwH^+`wjWqbx0mY38%Bp^`}pSHi~^GMcqUfLnUob_z5)GlAqL9m_;|
zUtga!0w-s$!_0e-Fk^CHF98vI;CC2I@gCYP58-}8B_h8XduNT!%Bnb3y*(+xbg9we
z!3_qReToo<tB6U$U#K!s$df>C8T#<?<43?2AxR&}f}s=`JExaR0}T$>JqxXFF)y8*
z+>(+QLEM}E`r0(LtM~LFTcT^BJ_3>#A)()U)gtyQzFS^ca5xW5GhJC|%?>zl*U^1m
zX6@qxNB|+kU)}7+uTg)97!w4MNs#Y->fgfNZ3ZRC9$>f@8d~F*<WXR=X(~e)AltM$
z)9U$&@gOQHa;CzIpLeRPx4}{kyuscY=R=klwm2a2&$RMC$&347Mg!=Rd5XXj^7Z97
zY!0aS6zfmqf{6}D=;{nlj&o7#6{(u5-V5Mcj3x*x6~sw>{CM~zI0h;dC^wM1SkBCR
zRw^R`c^$Ir*(#_wr7zla)W!YGOtY!}{q-<sflhz(+d>VE3j1kB##El}6V3&aZHZJ$
z;~J#b_i!J0_50|LQV~_oHq+@N0-C13o3$5^g%>wu%z=(VFdgDa9Kb5k+BN@%_UT<z
zfBeHnQnl5Df7yap66m`s8NGk#M7?%f75#ZWH#Rr90Hp#OLE4q*=hfl-;BS8SdiT@Z
zo>N(Pcn2P?ct8}HZHI7f!U!~SLv|B@a+w8Mkbp}@0s!ffZ~)iAX7BcDZ@>7oc4EF1
z;0X!03bQpY2?QN~l*Q8bQ>a<#)G-P#xV!)vmVv!iG$5@1SF5v>sZaK2Y8;&?51<1b
zu#IiqO5?ol+F`~g#<{-k;V^>46yvl0t_)B2sh2M+AIsX*AJ^jmx3NbRm-!|GW~{u#
zxx}hRoeqh}5c!?W=R5I0dQ|V3)3^K;A9!eM{m2RLGxjzq6%3y0)R$l^`V@Al-N+13
zq3N~i!%<srOXrM~9A1+B@`AjqbZdfwKlQ~3*1N~m=y`SnYX6iZb&-qrZi$N0-LM3F
z2Kd^zTyAXr5)#R%DC_n{<lv0n9JoIHbkP_c4IFHbMyD?c&7<J;J$N7i&`ebsnxInD
zv!qdFi_0aC78xE+Z3=Q5nO*tHw8$t9(05H9Ui5lXRJ9Q(We`c|xzpjx_Q^Q{H72H(
zQKji-HWOr~5ZunN!`8tH;4H;4@&)<XY__MeX9{Mk#GNE;1&3;){5E~(C@2E!`|-52
z1f)|y%B;E4_8q(BV=rbq?OPByUkw0Y-{9Eb+iRl9on#P_a&g~L#$wV7RpI8q7&Kx5
z-2`^0(Aksw3j!;oYg-B-o1o-9;ZoqEzG~R?dj-<kx^k>oxPc@5?jT1zT5O0IMr3z=
z=empxJ@Cbircp7fIxxjhJ~dGT#cYe;Hhsk1>0q&;v)5tc&DRU7DP}T5!yDOD=`e+?
zd_|-eqM#*U{>j*+5Y16G_-vI7?Z)4q{@vaBf$(hQU}4?Bg^L6u_aycc_(L4Fhj0_Q
zxYj08%eIDYt_*WqE{UY_q~A4?e7P&yTxwZf8b_sUef8DqT%Z>_vKLi^)phHGi-+E-
ze1Z=QU?I3bzbgfqFYqKZ_6&7=L-o4y87@+-u<k}umNbso{0<MtYzU2!U_r-z3+p<s
zItm<2lX;vsK$|yMj}GW?fpk$!#EjZOEF=?Ts-;r|(<m9VcFb!V3V@%t31V5vSw=L>
z0;zNn5py75@Lep-1+>S26^c08Qc!i$wl@1Q2l`#uEyh5jjFnb(I_LnHG#?Y%bdYwt
zi5|tGU&;nEwWe~zr5W>jf4p^(N&V@H%lk)4TpZ(R)&VthAs<WgGn6Fu&dCl^x@U+p
zExfy79}e|9?L$IZ?0hdlmreg_FCZ3_ZRc2kA8nhS@N@uaR_@_0Y6hS4>L^C-2XsX8
zm>zWtFz#8>bEeU#Aq1&!q%TI`gVBoU@`A0Xp(n4-GXT|eZf`bToHvz%bbDI~D1!<>
zMTn6+&XG@ddnnT^$@LFGnd0Cu{>zsVC{6j)5(m)T<}Iq=nuof2#3nhPTNkf@0CE~n
z4A4x5;wl(W6aW4@y_nWxHGc3=^}N6Z!I@8~PthMB!A`g@2~mPT<2;gl4`cy?q(D*_
zbjQmF+T!)n3o!fS!!=)e)c+F~B~E665)gUv_=R4<Twy(8*>96~L{>KW)oaRwgZbi<
zB2X{bMin-TfQV~<pq<L+g^VDv$PW5VEhLeAspO{qxsPFf#pm3h5)_oZxjydXJzV2d
zRHFTSS+)c{q5{_(mMo^fue`b5K_y>3MS%2%kL~mSViRTbn%`4eT2d*mR*nFJAGuF!
zsX`96-|aZ!ul6RXHE?#;57t3Ipq%k3At74L$C+WEq^6|&;o5Z|wAX=^(<OxAn|ui0
z=^=~?#%vsV>gaahyO$}%yG}1y@`u&corOV*gK_pWWCewVis|BSk+7L$GcrHXXg72D
z1!D%^wyHA+#nAfIhK6>m(CgLE(p~N???sStG3gF%u0?v`b{R0k*I6w;3@6<+SzvZc
z#i^>(CuEofq7B*GuS5sH?{18&o8k%Jtjws75OH^Oqf>1Gl6BwvQ^CSjL-zA#B0ID<
zTOUE4;MFX7zN62h|J)ywj+U7P2F9oQO{zC6i?jjmf(z|*L8q_fG?xQN6Gpyl=g7@P
zEIn><$9_~Ri=1n69>&AN#aF6UE}#$OE;64hB@FpjW4QRY#swGwlYQ^+=<0de`}ggP
zH9~l3C`Jf|M-Oc;30%^?wPy>G1wzd9N-u+d`EFAlo4g4pu23HWuY5dH8**8uXKMB{
zJ|5@e^B0JS$kG?h;-CD+F=^#nbomP^^bp~$7^>NsGt8Tu_H^rBJF87+XTAw^Io^7k
z<#yI?e`PCOQc^V>!^glApQKc!FN`%id%Siq&sG)|8oJSUFz@2(@>#%^<Q@_Y8&Op1
zOzx9#cIFsLOKZ<)QNKQkmx~w5d5IE@li=;`4ch0t?s?Q^KOn3jC$gE3k4{h5HP@Ch
zmi8wcQgjr4co7uCIIQS=3EN9N-`wB4+^H}<Nlr`pT!o#TBbhr&NOK$*gR%#+FS`CX
z2M0#&!kPUoKu3?ISD1UHga#Q@#8Vjd+Han$M>7>#V{GQ@3IzYLE-vcgpXp`w<i%M_
z7qzOu(VYvF;vv!trfZOd`=X<x>A2T7)*n?hC%7cHZtB7{5%7BbIE8mspsv*iMunnZ
z{M_w4U%SdA*T~_1v02|Y%P<jT;n-|<XT0-oVyZ8Emd)qzWmilID`^P1X}ZkxvhnM<
zBB?92ZX=sg9K#^TA-b{s?Eq%1OhQLq7;#ST*(<Cr$2*su+AqQ4@`OWn+B0=w!bNH?
zj=(tP;t4IRzOM+pB+qdvxp8&9k=QLWGc!Lbi@-iR*Q$}sw0zVyP|eTE3&={s@0N@)
zh-u-UZfUMRSpT$$h)xYznZ=(ok-mBxC~{Y2O}O|`*bay7hxeM12(exO)F@PxI%Y$Q
zaW%LT(+1mn-aE&GqNl`^qoAOWp*Wm~9RJ?OpF916kCO~5IDylvSuqmTyL?REI+?dO
z#9`CBo~6`YrAV<(0zI+TQmm%&>jXuHR;HB(fsS^)-2nkUHls8|(vnCZ*x5N-rT-$J
z_DdF+Ev*i6PiOX&m?|p8y&+j%ryD~!0?9|^?;8$Yot+vQqzRl=Rs6D;tA|~XhLCJh
z`8(~#$?tUU^bEA5!~#mmM8}4PkpB>j{UakG2^WBUXXS&8j*p*I9NQRM%aLO|srffP
zfuezO@6_~}8!|5Rky)bQ&loOipISKy*b7Ys`*>?CXUNFvc31CDo%TO+a#LVc;4l(=
zw_{lG5FuUT)ESHs`P7l(P;O33kB6M+oR{c<L9HGCVAx}Owk$kF#79j|jI>l!#w5VK
z<xEdW>5m;oRI%9Y7wCC2R%EWEDxEe0*5=36z1D$UA`XPVy0hN>Q>BPnuf`&A`tjjB
z*jKCe^L#Ff<>pX-baioNzG@xgDTlQPSwzQYi>{uoa?5$19xcriUD>wix%SQQH&(aj
zh9Y&=<7>h)Iw_&P@T`|d`kI=WNc{ocLX4lpg<x5}tB?N+k4#Wn@VNHoaz5i3PNL!_
zPV=6$8YhQ-@q1E9KU-S(Q-l=4NhM#P%1{fa6$tUjE2+u3eduE1Do5&J^L21vC7607
zzf1ECKp)zLcaLo!bf+oQD6j;%Eg5|6hug3gwK5j76%jTzwo2|LL2Ory?CAdK(X{Ks
zb{LaT0*O)45L*xwQz9bzE+ImvD4d=7ako@w7IIlbcvWkap_(OXzJQMV_E&^X6V7L=
zp>gP8`Jl$qUgF*alO2z(ed;&!{3Snh6|O)@NwCnM#0cY)JaDMj7SHQM@0rB8xm=<p
zG#6^`;NW25?lNY4Wy@Am6GM>W?JZ>TCiXQfi-?CqjU-Ev9N6Hld;2I|6gYuV(O^?S
znOT`*f2Q-SNNX|+(K<_dIc?C;3Gc;9t!obFlP+4^tNMTWoCdt6@RUbD@%ifX$jMTi
zz~(c^es_gc_s?#Z9JWQ~TromiB(T!Bf`BJ_q{Yox$_1ip=>N&EGR;()Dlq(KB2Pg<
zCC9DBjqS^HC>9~FB6$eQus?&=c)76@lseZkm>PoL;QHWEh`RCn_wVGBqa{!}u8}a(
zjq_xy5B|pBq2L*Td$T}{-%76~G5zvz;;UZQ;Ud>?%HS{v&w&EqM;mU;UQtm|oF<rN
zXl;#n^Vy=t!moepH^u<WN$2zD&x4jn-5b&SuvP>KBLBfOTr5K4r#5N)QuffpZl0V_
zvg4N(p2H3b$@G$<!O<gI0XR5?HPnZ8-0h|Ia9q}SUL%B2V{P}GX3yuZTQWZI;=D&k
zrZa-VaX--en+n+ODr<*HNjnzC?XC?=4UVKd1q9u=v)^6G<(Xlfsl|W>@R!3$N}#}k
zNOoUQSy)gZ?K>YI*xTDj=yCM+(th8FTnuz{q1w!^fDh727qkt9fWZsnksE|O=?RjG
zDkauB8$fRQhs`w8WR8v<N+?zJ`*wG8lwh{y$r(^ex7FADy8X1Hs!C?Hz}_Mx%W|Y5
zIi72D3@q?{Sz)_7rLBL`xHy}zU!;akvrPy~tyM*7f=&s^H)^s|h*E|tbO?B@EnJ@t
zycQ-2ASDN<DQPR;y9UZLmqS$VOD4S&Rz3o7@^4pMozTr19{&&_9Z)XlKqn^t`26|9
z7A&lgj!udz2uLj7yKf*94s0$hWn*6_`!r#v`(mC|zG%6VDC<Y`cpW6g;~^_Nlc&t2
z0?ts26o>~o`Mpo0Op=L`_w(aP^YQN;-NAX(DRfL0J3D8@tp1@J8yJ!S%m2#K1QER+
zbrYkn+B^q+lQ>=JCXAA?z=`F~X>EJhg9298Y@!4|g`PfNxymHyGP*!LqF^wV*=3wO
zw6VdiXM$CR`0bC~Pe(JgC}CgzQ5%?vPt<-XfHdnERV=1QSd@f7?Pm>C7ZY`LJ0wy9
zg8+_ezi^8>aWP|u5}TeEYkY@pDfw0FjU<LBWwR3_BGAat`;a+9iMl<zk<339l$H_|
ztcAnc1H3>Q{?0&Y3kLDzbag#T?AaQVc0AL&cYJM78qaW|MA<d1gpi}+l@PsFO(7cu
zbFD?KSV_JM^0*g%uZk0RVipC_*)w}ZI-!3{nY`-K-i*Q@_~Fk)L_W3q(%G5#*bwDx
z%j=elzXcQHWELaH6wuvxqW#4`!9_jX+i5hibsBE%Y*$!KGd3i)pht;mB~`}IDXEGU
zKVKT`4V!BLUBPN)_M1B@4UsRrk8GetuAPk@1y0TZm4c5{Qc`~t<I}0OKS@cy6&CiN
z{m0rhg$1PgBLKE<W~)R#<=+21dq?68L^WHp-q$3uiuLyUf0YYVf@y0kl^Rq_Fg9c2
z(w3L$YwI>^%4~9beCk`nF(>j^2m5Iz3~3_81O&jhsAd-R+@z=5y@?FL{qN;Ud5#6?
zh-(C`u<)xKkN}er#)V`Y<34n<);}+aEJXtUzuid5Q(8<}v9_9%CFWBPPcZm9Yj$m^
zy^7Zvjhy88B=Rp!G@RqsJU+vheaC|KJDN$G`NVy&H9mK~<O8kfe-Um^dH3Q`shqvf
zk<I?faQn2LhWy*Fhn!)&@=E{aWE6nQs2D(#bI?cRt+jPwp=V;whq>wnijI}lcVz1l
ztiq$ed>d@<xR}!T`p53~rDa&7J+eg~KKhyc%Yy&ne)eo>zDRA{Xzd{c|4uSFo~qMQ
zPj6~8sdwX3u-Q~A|I@x)EY_$*t)?w3WV84aBwC_*%uoLlIu#4EAD>Ubj{Jn-itq}h
z`?dqFnMpgGhz?*O70|IH-5s>GIT{9Vm0M)nISO+2x_Mx)>+0@cgJEy|-a17cav7iY
z#mP!nt0xF?Yv~)BU_5f#*d}u^{~As4kHty}K*{p+gWKuo5GfU*$8tCyd-u9Tmw_El
zMM)``ND%V6s{qpj`IYTmo^!u>2lKY?%{bwk1XKm^G{mg-!sJh-!=U`F){pXi(Hc1C
zxhnYiBzufNqgt89Ed)0TQ-2eWUM!@eqsQMEooXdY8|6zMuetzQD7*Ks*YXwCQ}E|x
z$ku6aHcVGbaXUGr5kC~y2PZ7AYym1Z^|WH)YlgnQ0#9ST(?v0xkHcbP%r7UW>a7`O
zEyMo){DLA@5F8LqO3ano;YiJ-kTm+Bj7X!>%9k?`*K5`OjMVFXWxPMirJ?Dx{U5JP
zOx{*LHDfB*FF-S>HA)FQzgWHJV3uHhI}A?Tz!*$QRn=zC2LdK%=Me${`uPeOR39%d
z2=*rDj+Yc|IM5&C|Aq+y$No$RgOvfL@rnSAboxNb#8$U4+9@|zQfuZK3omH3D{!vG
zOXmj4D=d`U1zk*npP#u#()45Y5qi8vHkzJmXpW`9rPph1UfiC@n?KncO>;v}Z`TVB
z_eL=KF=LcCmNwr+#gJt2w*W$Sd-)QBM&Vl=Dlw&e^>}0-RZm$Y0(qD?d571zMMs;b
z;YGX8RhwJPS*EGL`x0KZT^QAg^zd)QNQQ>18%F|&axD{9)YE?^vSg-9k!!2SZ0u91
zG(?O<U^l}ESH~{)o84~M`mZl-7T!DWsTWR`4!?JIx8Sr+{!+1SBpCxSjnY$5ZG;jg
z9gwd@grV}oqmE?uMP?>Yq3#b4nc0|#mbbMjm+bfw<Rk*PVbTvS_EN9%Umz13|2@a|
zC+31BhL+j>FPpzi!naGmS70Z0+;;dObB<Dp(qo;14St9;w=NzGkOt%ZB{6txs=mm2
z=l6-n$|dz&8}?>HuhhV<5Y=gX!Yn74jL9X(2-L6btmxxj6Rnj;MOD*&)Y0L$7>K3`
z*x%oeYJK|(p^xOh>h$0%qDslxdabRZ64SH)7e>B9m7z45>(?%oT)uh{)|*Qbm^TSN
zD${2t%wUo!JSyo+ylQKPkawIJMR~m^!T~PVTW^C!p|FkH=`uv7H^Iw6RC9NzjVJ-B
zhVSGkRcr*{yf10$Jzuuwv_3D+ER;NN{EBO3DK+em!pdpGgLr!a7X|_zt<FsPdac>6
zEr<8F(zTVD3Pq~ODSQd`fkx?%qEE9CNY&IH2${bTFSZSOE&|}|a=nI#8J#Y#TrGn5
z@+UDAc3y8c*JkG%b#S14d?Lvjh;(sjdOnn}r`Z&%3#P`@INNOBD%j^278*>}GKhZp
zM;aQk-rwRr#|Ne2Z;qZ);`+5EkF?-(R<gs`X;i{GtEpvXJ+|2@l$a~I{lpdiZAIUU
zA<y^jaG}ECKzpG-dR(Pc`}!R0%S&KhBSK9?&&~gLz=nmsrl3;}Kkyb2`(!si`0B^$
z!w*i<pK?N}^DT6qSJROmOQzX-Wc(gSmz%^=QeO90Fy48=ug*1V3|7W-3M8F2lxZjP
zeFk%+k{z5)cRTzfq&PB3m%^2j1NDjB&8D%H$A4eGxyC2b4yCJbi*iEo$S~-Jww}5p
z{88nmP$`QVT$i5@=E@Gs2mZY54xVfDzy(u4aQVy?6TQ$N9sq+sUmwg%6Y{AaK%-k*
zW`I*yEKDew8}oxL#3L#?$;`6S3#N+CRl)&2&gT9}AmDrXuitO$Q1G|7&ED`Amqe+o
zOTCW^Li)4&Ckx<F<ccb2RanTI4Y$F0RWvqEp61&g3l$&88;wZCzB%5FJ5vuFh+$6S
zia4pUG?hYrt|4q?MUQ=Pus-9DqDW(jf)dgPfl0?>SI4VqbliMC+TTf7--W-c{`ys;
z+J<<ao&l!b;h0pAoFzy!g-4<+SdPc&R%nILs>%)Cs4Xgr?fM6_Ino_GM9lmV&(gZ9
z-c-)%`f99It!!=hcZa~QT&TU4e=bJYcm9xuKpoNHwxe~ufRY$5F|m4UGLUd{WZ7vO
z?OrrQQSt<)+-<5DnS%KEhoK?2`_+5jzjda*Sy>$emiBb(MXJW@sr(p>y4nZsce<@c
zBQq8D>;b0iJg%n@i|vYtQ!=j@s-@-R+EoMc?TKFro$6Sd3SDiP?yyY){6;mvN<YB)
z324f%&fWlSe2%dOH72CBrN~TB#EiGErbm*0W!f1gZwy6H5?=>n8TSE`v#AlOUyPCJ
zY8XEj1s6>XB>n{oRf;ZF_W#vM`K<|)wER!ifc}43W4bhFS2ynZl)D8I1R#)0ubEm$
z=4W82NqWRv*XkO(R+qQWfb>(&%9<s*+B4+nq<Xdc!&JIA)B_1g@<O{H2-9w+mO%~2
zF-KI{i2PLSXS<r{$$P}Fnw?SjcDw|~(&{gmh}#*M5G3Zeq#<%Ng<M67o1Zv76@h^U
z&()qe-QR+8qNTrT4&(|@s@z@^(a-1H;$Pzs3<<t~KY2K}Y&fI=V%TX)3XOWUIF@Lv
zz_*1q)7wIoWL`JrgP6yU-9h>wA;(~hrNGh=;Qh?waIyFD!83KCsW-Sc3>{~W#uqFc
z^WrSG6ah4!#_!ShQA_LjLTe1s#MDIAZN38A_7sCg8@11zFdzk{&igChgM+Idf#u9<
zu+Z#!07hwx=W;6uk$m|MD<ULmf))-6-yG)`(xr1tE45;ATkENIAHF8{xEQfe`DSU{
zOj1&unQX*sBus<*0;M1iM8($c-``7)2V|BOKoTXCGA`#=6_b91?FN(7pqdXvURNcB
z`S@@l<91NFhOCQZvhnkt?Ccs^8FZuvqB~><YHa1n{j4evFGA$zUt>~6D5@|7;R)wh
ziA(<gKfBWoxK!|->c-?-y{<dJKOG;11F!D!33YTF&(6mBldw~oLAz2CHvfwkl29yz
z)OHXijZVhLSjy4GRxji3pSapGy@#g1NI%6N?iJgbFASahod&8<>@tJKvxtD3;Ure4
zDSE$tQ86*G)1K+Lyvu`Q<;Zy0X3r!B3WX=yfG3dbv)W6?_ZH#eve#}!1bhH-L`u_>
z*`4h^)dv&sA=>IYwBh0HaZIz&!IDt<&^M71%^DB66rT0coE*%et}$49Zh+%Sa_m-n
z?$h|)RT;?;#rY~N)Q<PGTayj{)v=EMf-wvv-!*b@SZMR;ueF@66!ALlDNrg-=EHpk
zuxUkk#XAm;*c5Q>iNQ1@$q0hoe1DV%%Oj8#8=!r>b<4?g04|Y;Awh}*orVrccXux;
zTK*_(aEF2gn_2s3Ev>@oqP(Ro3^{c(YD<&RjdAD^Tu#1{BLyINY-|cIozWjIK6+#(
zRMgTm{y{QgVsk`cQLrBoa_E%P9lL{`_|HI%g+i^pv0tfent<bvucsUR^U0}z5#Sc7
zP1Jw2^y^NihDL~adnyZ*))xYS;L&TpB@c4UDHd67qKK%kR=4kOn=j5O$f<vXefZ#k
z^qLZUWs{MSASpXJIZ3URgVY1kC<{Z#_jlKrIIhXZtE9ZV%}lz{Jv536899D%gzzXI
zsiH)GJ|Cc><VjTeSGT&p6QoYcla-Tm?tZ+|eG3o0CWvo*-Q?{}fPnbJJ6f~G0>$<6
zAmyFVDWeV!i>F(V_4@X5&-O%dbyZeP0ZrCM&wYJK60@(ASQravt{@*!mb0GEG}|6u
z8x>)w38-SdohpU<-0$-uI@V5mp~{UtRjc;dm~#iLbinK3BR(2tp#7UKN)3X#!fc7P
zGYie+yZ6l|yx5%{ybssv8Vf(Tzcu7`G(&T~oofd`a;DLP+vjirEWISVC5zRG(GJI#
z#AW6uT_bU}>iXn3>p7WJP-!X=`_6QpXs7?A)tI*=yG43#X=(wp;7hm)#~tN^fd=Y~
z%)+4Iv+Z~kobUqIs&A&KMDN`vsT&BPDHtHSkL2UBnk{4qgR>+YfFpsI@TW9f@lR_W
zeMg9i>DSoEvxA41FYyrTRhHpX8~WOqP9@W7eL%xt3mczsxKN|&=;SCob_KBVotiIF
zYWVm_*;$Y{$>z%A9_~NWQA&}G`)V-LC9Ju*`E~z<76l0j>eK%2o`>dJuFCa0{eN^D
zycK%r@T*ARjr*J6a`gP_ZuvzP$n1h$S{x~Uo;p(#ye}2|nctOV9*sYLPp>X?us4)>
zqT8<nSD7j(Fto?~#!;8g#e1SZ3UTC<sL1;aOEqxJ$mam%0?b@mYF_P&Q2#fpP^g%L
zJbZuDgR&8Z6S1TYHCX(K2QBMxL0H3M@jy?(s<J;ZY939NaAH?sl_LWAeq0lqN3ndN
z?w&5&<F>~q{iDp&bE3KRM}~gmK-~^V^uBk$bsQXNY-+5u`}NInK8u>IraE7-iGv-V
zE&W3<mU596r-s;3^_$>sAf2Jd<w&iomKEui5s~G|Kv@<kJlm;Ebk_uE9rXD4se;mJ
z+zx;W#<M|QjfrQE<W9vJoeLrOfsw~Hh3aKQxvRZOq`rqS&$)xasVi$eKafDko1KR1
zda`z1W4}Jo;(2p+tOnQ=^q&&oot{n-a<TtU>-P3mO3?V<<&IxXicapp8_^oe-nj5L
z5Qkp9x7WiR-|?~jNcg*GYQ5BTptjXJ?N^&?gV~v-Q&Y(0b)!egz(OIqy^_yT$Rgk5
z)6t%(GC|>SbF*r(r})+2^>vpNEBLy%KM+WpdF~5-S)z7_JAcS~OZNA+IBY*R_72hu
zc625z<e~mzDbfIFsi#DX)$k8(0W-9g_M|Eufuef&3LC-gF%{7FJD|cM0pYsL)!`?I
zHcFOg&NVoN3<qOTSn9?Tfd4+F)5J0}6>C5tmFs%nq*jLWCo5naKYW#$T0NYyr-#jQ
zF||=tbUSwR96I&yzPLcNc$mmkiDN{rsvE`HbaVyfK+7UDj_3>pLXK~6+SfBSay?o4
zFg2Q%CZteq)?oi+fUH|x+`sMPxg!!Z3GjW9W`t#o$7y}nJ~+5rj@F5G<@*-xjgL`9
zRh8w|&dy(O*s8*%i}y$VOchL{{km&n);ukjTCP7u4;sqMCQAu_D=7Rt81pF~O-raV
zgpVOF$_Coeu@2Pu2JKDzQ37iYOIy&!MgnVbc@5m>)!8Z>3|eyj={%<|z~eF`AT*zC
zac}Ic-T&?D&1n-!K-}~hh5@v@xr`-{pRI~rlxlQ#XNl#ow-j1f#G~SM{eT`6G_?mr
z3GfFKIs@!<8Y07J@^dLfWn@B1J#P)zO^|`UDSq6j0<oIfdmQS1@+*`-F|(XV|MV)c
z#zt;+s^oXfM1uear9TjNS8Mfs=PGMJWs84}BlP$?%ON`b*VOvpY?Ym1<AH*Tim}ma
z24*F4fjFirkH2gJo>wINxq9U!{5>IAx=l_RnYk3<_adJ}?F~*%Mh<7m=Fi7||GsYU
zx_7H1g81F~F8!%V!eNxb80f#EPjHNn$7v5|CQB@=DFBtY^y+j|Zl8Fu)$X|OEveT-
zw#EI;wkkXewepYJjg9>L{B+aL-ayX;9)_#iEr*=VVy<f(qnU;I@z#dSgM-71cB7-u
zNX7~c!fS_%$^0&Fyc-!b<<%>B=&*vh>-C`*&t!NU)0Mk}wu%0A&L%AOUy)WH{s|_v
zFHSVYbaiwzGqaNRohm`}xQzvv#O`3k`C#c_M-rd|`{Zv5P9$i7z&W6uzda`ltK}Fa
z;uD`xW(0*79I&=S!y)<k)U<z!1Kn6!u-rMU*9<|p%P*A%5PO%)9ZWUZloe<xmVvLu
z8TBg)3bIt3tO|n!5KjTe+qN?A2YlD%d`%(|Wdcacd=2h#=(iUcKq%_QW49M6Qy?TG
z12`vMNPvR@?2$S~ofV)Og=p3cu;j2AAOD@kcDJ;g)6u!6nLQsH|NYBoPyHnr_NLz*
z^zr04;OOSpi>VO8K`3f>8s<%)$O;yN=G^)5@vLr+WQ;9E0M$_d*`7B-cK=w0u$GI9
zOLfp83XMj_b3<(Ubm<t{1iZ`B0MwtmlYzjYlvK?Zx>qgX+C3Nn@B$`#T~p&1_yTvT
zlHyq{!1C&(v-tS<QhNQ?L*FT+%o1S)pB4F|1P1*O5|e|%jETU#W;Ym{4Gsydc830F
ziNzh8cdkwhda~it=BmFVDH1B|DO4T|I?I8x<;2Zx2bL9(uZDwuwe)AIhCO37HjA(?
zUBEt-EB}^^KgRh!{Yw~;V`X`IF&Mch343#0@wFQXu>Z8V0U2Ns=Z^M8JgNG8l8i9O
zuOJj-k?B%gG=zM`BCM+EvQdQxD%^DkafDEG%A>JfF*j*o>eSxfPD~9*T9D9%-v-{@
zCmG^%+HbeRY#&+yINX^6uKonqBt|zal*8IHJe4)<=`uaet$%f8=irO;ccqTK9X&56
z^gCH<A{)j>Lh<wDsJL}=B{8uM7ooIc@Ac2&5pUbP?!?2*0QLRd=H>Z}l2Io}p*OUD
z!F{CD7Z}bGcy3vwWEB=;&we=gq%lR@p#c70!sl8kGQ!H*B_g(3V?%s^&xuBaMai$5
z_2Gp{iB9l`U*9Bu$~FL8Iv8s__@vcc@^?$d8kLtYlr%YgB1h8)vJrGiUKAXZ`6J^U
zFx)%SKYsw$+tu+sFY)u|0K8J2O;Gu{Nhud<M9E@dRRdZuJYKMgO1#qSXx^w>rkcuE
zy)*6yzBL(sw?OR+Fmi?SL@x4tQk(oc@Fz%p?Y|YZUcDSmqfcP*qsx=M*Hcs@&ny5#
zF#M4}FvXw=`#^KOgS^f&%S%G>UFcHeXo3H#%^e0iJB1%OdBAAIC#hw-qoX4e7?h^?
z-G~0l`3k<w;P#Vd=>+7EO9r;+gsCY+ylfxXdu(QAW?Wha1fY7i%{N^y9m=gYel1Y1
zqBJg4epe=v<>eUg+T-<W+4pL|npKVLk(^C=tI-8jRGbwk1=#;7Vl{d2kc?(x;=f$|
z$LTMQH=P7Vd)NEDnjoxWxjNp*hv&5JvOLr^ATN5LrKPQAW$zyO{Whje-R&4S&rg;K
z6`F>zYrcF5UgzF^!`E%JgVNH3(06)1&*M=E#3wHHpEyR)^rugvC(P8;jPDQ;z?<`i
zI7ibQF8{KdbIXX1jZJ17Z;q%V<3^e!EbP;%+3Hq`9P~W6NJcYA^``P~f3}wON=Pl<
zTLO4sMoY`|%1efUA@*=VW?dw5g*#zpMjceJQD)9MSo?W)t=cYdogI>C78D^gg?_w?
zEjCrMx|1P1E}|qSclZxr0_Pg@3237#vJ?I4)l)HZbO4e!sc^vS{l`_1X8z&MwasZq
znsReKDF5Xs;PNoR{EN&?9MdzLSi0WG7x38+a4=<hRbTqiM28Y7oaMx&rICR~342X(
zE;XQ6{~oOSaz!2I+cwCM)%5k3p&{>j&TSYpKm4W`I`hfeFXI(iS=$g5^EUq3sG#Ek
z(Bx%ntLZp-O5j`Edk-+_>c1W&pT+y<Qu<QLcG=Iorx4BcU`*lb2b&o|dc%~K;tT~D
zDAvQ1&0mu^jCU%H6Wpku(hdD7ye@jpeI-(HYmqdvfo?KM2HaLSD4Nyc$9O<h2CCo8
z`dXJeF1)d;yaJ?>qc9ljSY7@E)Xa=KOEcn{c%L+&Nu29fm<IbmbpM#^oL0rkt6D;;
zm^)n{9fJ1+4z_px#NZ?dsU8jeOVV-JJdruUr9%tsBII>yZgoCfsFHjwv&1C&Wc~tS
zfY5!e*;T1=O|3<NOms9!?3Y3JIKQg6&@)b1C~ZSb9cP0~EVCeog8%YiU5YX(DJ!RB
zm<1KJAu^m5{`C@{O{%uTVBwehn`7S(qN2}c%5-IXIV9Nej0THe$|Z^BwR*ZbT{4!X
z^8LyehPNV@kXl(I=R97UVsN6@>cLM?vGV-}SE1J&?;i=fYeUY%lbB^~z2{^<;Arp;
z6#}?^ufaoOxkWxr_+vfTwoip*<WCW>n_>@`2UJUcc89+M4G`gx+zIOR8{j(xe_Q!|
zENh#AB&e9-_SJ&JO1#7$rQmlujO)7cZe-k%&El2mSi0lwH*&Grffx;FOFnm)xGLzh
zH?+d!Vh{Fl(N8kE-D*Xo&~*F|k|5bUrsE?Rt+8ydJIg<d_wo6q#>rWyBPuGY@%WOG
zBpm4*Qml}FMQyE@YN2vL9k?vI1dWie<bs*R`!qFmjZU6q9%TnWQRPylfJB)@a@Y9l
zn`5#(R00wnS|mdUhX$ga3osiF?BDgorVmLR(NXb(fFIbp?5aM~bcFULD~u!uK}F_T
z+e3aTW7K+CFAw!vjpom`=Xju0;z-m>w-QZ-3{jK@gFbT%7PjmXKR7>R6xZ`Du(co7
z!0DFEZ~wh0PfiI8syidkv4YUS0ij%?lLXp|Nw9)lkGCS`tWR+>N+aIR-(09%)&J$;
zQ3msTR8x2-AkdqP$7T}>@-&BFc)Ah{eJXGo9rlNCWr?_iz!L?SmgEW@DS#Qeg%~}Q
zlpyr;fgCNz@-^7X;3RgjzhneLyJ1@uYn*KA+WzV0-QBTo^UVziyX4-U_nw|D@aLiu
z4*c63W##jy*As*&fzHZquP)dJ=4O@eLW^lp@UO-B%^gvY%gd{>4y(;SHvA#(1F*mj
zk2jVRmFSsW6A>jPr5dAdbA6jpf8<F+AQFPnyN=gCgmMEzLvv-4I9iAVJg8%a%*Ptp
z$xKE?^<Yqb+N25?TO2MtD?U2wD%WmcJFH-5rw~%SQ7CpaH^|JoMnn5p{WI8x4<aKZ
zc+bHJPr^t4Gb3_5vS4>gfir<6YEckkDVIQh=6`?7wC{et0#r(RB2LC%Uxjn!@(j}i
zwq0_#qkb&5aj)zQD5$9wys8x^&y+~wkk)HB31ef4jtg%W(pD>7+gt8L`tlH(XEa-B
z#s5`uc{R5StS|Tevd?BHVY6HhG)T!_{nhb3Ay+sU3z`wdX;bKsZ13Fbuqk^t!7XNw
z!JzOhlR_%8?em8dY})T1GCr;`smtFu1LJLs_5IRx81Z*lxMM(;feK{zu=U%qO%&Wl
z^;`d60xS2&_Fs>~_#1NZ;pxO;!cxJqU}o0%I2wR@6rxn&n0I#%gkcak=P1Zh71D)#
zm~Jl*7ge6_c2~B>eAB1;urQ(s<Cl?}+XL>}x-0{i>aNT+IJk>``c!bMUEf~ieu*Ps
zsahE_xBX7l#E+XDdafY=_wu=XsV4h|^<rpaE+t?XHhQf`*PZYJ@bFa|Y0!_KKg8dg
z6nCXF)iiXmOm`K1hPo+Fj~Yye@iIxtw&&WQ(hH=q$?*>RN$S5Bd;JUSmi3Nj)Zle?
zH%IhU+XPIYiU|GXmF{cPZABnV4sCP?H@NR7e(XhcxeN{a^$UYmQ#oTbSA^)x7wO{S
zt%Wwhx-#wMu~5Rf$STL3%`oEn61~yi^G(}^hQg?HMX)(gbfv>td2LVE08-ju-0@t6
zuT~tRF_+IP06u0G1^-xz(9$A$*;GZQ33}NMbowrki5d-h^dE!De~nIMe|YnCyRE3O
zkhbLZEMwjq#w;(A1Zho|NVoBOQWlwD8w4-(=@Z4&+}vGeaPS}|MF2QZVApv+Al@<m
z#OFNdE`rp`Vq=)}9vHgVjmpYvi~;Sv3vYgB^8H(Pkc3p@nz{Ys@qLqHPOEvIY`)aM
zM-kGuH*iQ#YmA47FBJu^fvZ1jM3vKkMotsyKB!hEn_@DIrhQ4rmkgvg{lzNN=Vd6L
z-h%2&XZ0nD`iC**^($<Xv%72hxu!UaNTPTMK-t&z^`Aiuz?6@_iXt>w+|S~VdZj0C
zC?jKZfwF}DYEMtsQl(K~M^6+s$hiP%z}C^J=X{bz8Xj3lOH8cPy)D3Rx!HyJ#lPD1
znS~ab*!(~dQao^Db5`)H(mYvxertjpBaC$n2`3=W&$YU-Yi$Nov9Lt?IXS6wK;|9u
zmeW9)0MZQ}06fLM@XWZZqT&J%LS7#CLAz~_D=c3N*{-RT^T+ZA<Cw~@B2j&kgMg7p
zjls{~0zj_KVRcQ-xw48%2u!{G9aq%wP<`63Kl=C2;o>VzP)HVE|L~XA@X?>G?AHY;
zwZO>9kAswWl||(=*GYYpB+&6C9tLe!H3~isJE!?4!}i_jar^h5(AGA4hgnU_+1c0U
zgRzl_1t|tpO9u8zv=V?;(@kEp3giS0E1S`0hK8v$=?R>5<M}Fd9E9B8_P@a)MMd&M
zdpKb>i>iI<xWCG!ai1EwQ;XDa`5h>`*Y~i2soJrVz=}IwLAD8n5lVdx=mb9m%&^he
zD5_bHJ)C=R3z-N~TT_EiTo|$GZ8C6U#<HBgj1Y2@dWIER7<CEqI*;4*AfMdBm;^qT
zXmCCtaA06)pi*E|R!|76sjTF=U+E4;`2(6R=7!+x>7ODQ6hn#ZyUV`tsH)M_3Zw{2
zQsM}&tgL1r7DxbK{~Y(`GPDVD9c~QUNp|*};c^=OlkWk35`x+2(VzQc-TR}w$s2PM
zyM)P^X>r4;WM4rNis<NsA*nt-9ldhF{yjbPmuE&x(KK7)(mPLXKyd?it>^8D3hDJ#
z9nk(HO{JuqlKBVQ5z$%p&lo^jkk^{vU1a4)$T*`U%Xiir2AqyaN!t@j`={X)W20ek
zQIz_I2Bd1FDnP&m(=xyB7ARTqxJ9>eaM)AvbNhK9sWM2RjHd8zs}^D1rlbVMx?JI?
zmJVH=?^b}hGY0l&Lx^hvt<d$i!O4R9hg+sL3L?Qz!B{BA7Z<wQYio|e{mY05*@4iL
zC5;O%3~3|gcUxm|Ia-PW#k1mB-o;_>LdQ4L?e||_JV}9?fB)LkEp#QJfR|*MJzX>+
zS2lJQQj}s`c}u1AEoP2;B15>~cfLYog_mD|!>@@bP~BD@cT^I~C@7v&pi~2^DN=6y
zXvcE{IfGcx#AWC#voKc_n+~FzA`p~~d$?DKp^oQ2JI<(!csrOYL#BEne^!?PTxeCp
z-pczujmGnBGUrD{dyng@2wX5ByD(Zo0RW(JhojHhaw(aHqp9}pk3g$7R$Oc?PUKdy
zo?Wz8DSY2G61s0XTDdS01r9FxYLUR9?`aHxPO%Pd)&pO>1rOphnV)MI|CDm~DVW9R
z*Yn)^M#Way6#B3aLfls_uFTWpkpXdxFzJPbc&v_FV^OWGtx2@X`A14m%h%`kw0hih
zYNgFjH?aTlL&Cg)wd=`*NFD!gmcSP{&nA}xG4_LYFR!l^NC+ul{U}grXkr9Bqcl?D
z7$B4gDj11Uc=84Z|Mh_<Jrz+ZR@|A|z`)>Y`fnmimC16g1*VgU$q*sOPrc>sMH<v_
za*}RiNfql9!O^aR`Qw>p4NZes!mXWM)}u5?-D@j+l9z&m1FOszep|PW@c_+ywe2lH
zpb777h(>zDCc0+0I#-)LkH005iM}C%Vp+diAtPZKon(G0=5`6Ewde5;?luTLoTp<L
zltjfWQZtQj;pZJqGhK}!`w7PSn1DoD+4uRjNx+r>mHiSMa_Igj0PMzI{WG(V6o-a?
zT~Eg?2QW+keA=HXsj{+$Sx39rMo*%YGuce$7LkmU6&CJH=XE|PR&VvVh8Td>K@!dg
zoGcQpe8n8et6*#<j`*Y`J&ZsR1CRp{)7D9t%0so8ur+?b!TA9U=j(|G?=DV>+nn^n
zM+P|bhDj&R$R<j=$VhGb@oFWi0jWEo=8HXv%H89ce@WcJ0l7Fzl3i44fw$UTk9Yk7
zR8+du8Q59s+v5Pp4?}wlTG<^i5p7VF-SS5_TwJ?daJ57jO`d$AhwD@1?qt4+wfW=2
zSZ{z`Y%JjNMKen*A7V6X)E$mUqOchvwcI!WNym~-?5chzj1W0dCKh|5Qe+@t_U85O
zl-<&X%u_b>*kNNVSBnz~gE9Hw7{d>Qd0y{MD|L;@FGGg#ZP4gUDnG8N{=54}wTZFx
z!5?pjj?c0a3e0nzW?}6)IKdg{Ri?`qai&;USlBZ&GeZE~T~$bJkLSSYq55bCJZ(Zc
ztvc%#aJ6jU*PELg{Wof)?4X$x6hU;p=0WfrVgh+i$%<Mo^hy`G4YYeDO3z=P-d^VD
zL3!0LBGLLmw`;E?7!a^k`=vkhdShFO;3dk6gRO1iX>aeFGB1kVVA5O7HHMIWq(XM9
zzRVVPTy`6xmysrWV{&Qn0!9cNl$5Y0QTA%G*&xWu)zHN1xjul*pMTTl+R63m)d83h
z0QcJ%8I(^zqi3CN*isl6)>}t6PmCdd=k1PP3|cJooq)el>ts9!Ql8<>K+Il?Tg<-c
z$mcrScZ5U3RphwhKLHi}A|pLxyM}<GRja%;v%J`P42F#&oBfM5J<hcUqCjP}Q7D*0
z23#jHIU>IinsA4!o8=d~pp$O+cZ7IgqhWz!&K)@Ds;z!!esYc`NcDz<{NH*A!Bzq>
zFH0WW!OqU_ezE6rFxTME{QGyNr{%Og2xRqe@hI{|+`9NBvi}~63K+S+9po2V|6B9>
z&omXl%?zQTLko>6f3Z&h?2r-*y?ZoBfG1YL#lD!qSQA#F`z6T$1CSpmIpRUg@IbLb
z($XTBpHp--w)23H5yE53`eQ!_DoKP^;ztA_m4NxAfJcT}{i9@O@i;%D@%>wq6<A@H
z9I>o-bp#Zer<mg~ujA6uNXp(q`8%B)mBr4EcotidT;LTXve8V090YyTQd28@R_lK6
z)^GsC_9U5LEW5>jNl+}~CpA*DaNM9cMw#RBoNXgWAExWx9j*<M3vUx7CU1TB3(T4X
zI}+H|1y;^()T))_;0(xfilW4E-ldEa5_S6#5^D0NSOYXLh%W{MIQI2t$hLq523!!f
z+Lp(2?pJ^pos)?jsn<wq$`<A3V)0wg)f-lsjy|~Oyo7ted9tj{>zkU~Q@HF_7LK6h
z&Jr-WCFA~NS@@x%I(xAz&~ay4?&etvr=CD8F^@=wqsLOArNy}C7|BJk?(l6K(~}G`
z8bL-QpN#;bJ96>|<VkEGD<;(zDv{yJQ-fAKIpPUc)k_Ch-#rZ4;x6hqy-s`Kk{E3s
zXFuSl%ajKDsKE#K?;mLsYc%v3Q==bvyNRwR;vvYF;5QfpTlc)ml(|SPELGV5{m_E$
ztUfIqAPw~XuXD2e;H-D2R~sCtfS+JLkB^V;+gtlZoBL~!-RswE5oZf)uusJr7&=zA
zj?wO>t33@4KX-onYRJlhIp8`O$7|p>m$eFDQsjgOBHo`#Ko(|Kx0`a4lYbPH)Wn2^
zU$CQuJVGU<p^g48KS@Q)i)Tio{hKb<U+f7H>A#}~^XsuEj#p_E8th|->B3pB2ylM<
zYj$mpo-JU~s@-c+%9GuvQO*zd2#I?BoSOjT`Q&MJ8Xd3Sym?dJ43wqZg@pxnGBVPc
zS{G&kKuIm21wJG!x|iXlYh<Y-_cwMPy{}vS`~mz6m^j<+*QL7k&SqSF7peF>QWH`2
z+kAw`=0_v6H>YpOsHt503eAnW07W?hfg5k(kr8t$lE{~i>|ei{cY3Z&N3xEGJw~<J
z>Vv0eyn7&sP%7@Et2Y4P?Tar9Llyk)IEPE#6;NPcWv4Qd>-jk@7&ZtZI)EqQV#_6m
z-~Qq!e;*EN)L5kwRnJgj&iluRAp;Iul14W-`ZNxPPplnXAVAHUp~eK@r34tNQ_0ow
zXeeJ!@)GWqqDudO0u?I3XJ0@<C@Kq|eHx7I_UM46mBKiOeb5GSz1rOTv38ScBlHFk
zJS<~VQ)kD&)#kG{jASI?e&9N#=iJ}GTDtOZbAOp09}jxwvbI0Gmdf8?du8hnddQ;!
z>|S9@ri`IyB}#{hej^OWAWHNa<Ri$|{1&s7yysEri4SbDR&+{v(DLvs_3COV$zR$o
zJsYvctU$59HT25Pf%I6^--!-VQ)FA{JGyno`a9eGr{S?%)E|88pL+^bo~m&ojmtoG
zS56ew6ISj8gwR&dFVoz{#J}_ATv3n6^+(W8qd!9lPnlX4{Fu4uz|r-=vo8zD>l1lW
zQK<Ld;Bc3g+9!3IzOSt^Ek(5n(uswxEd^nYuVoo@2ibtDjawjTaRJx|k*D(8``Os|
z`~c*01}!G@j|o=X*f{`hA3t729853JDan;d*jf9Y8>{+l^+ld^Ms;@dyBxysXi5Fn
z!O5MxJlG<k-<jiO5G7d?uY4|YzvXDE(Pk*s!uN8Q%$~bs^=~m~A%AO){qm?@?Cn3=
z7+oC@8V(OvK)Z{NW$Y~9xr_@it*wV<%Y7oZ-{?Il;6<jx1^~=m<t+I`&9gCcm?ZlO
zHy-k?ZujpgWIb$=uYnemP9A5Izv1sZZjNA{$q*6_fzcbaO}yv4j(ruc5T6Hq0QTE8
zzq|Ta8L?Lw5llMBXs<6Vl|O<z$eX}rX%Dhw6p)V~(NpSG!OYyeTerd9coA^?%YvdJ
zF_<gudhe71ng!DlBeNmA5d5l}D?55CtF7@i!BeNb^x&8n<teqPU=bZ*;ljUX0&r37
zz%Y_*lU4ji5%r9m@mHjb(6`741qOxI=IS+iit8np6&VB+boRZ?Y)VI0c@?Fsq8fI{
zGL$&4>Sx6A3mY3ZeB26;o3pm5zBlQhuZ&BI+~gFKn&i?GP^q3=cju{*1mW^F2uqZj
zn9%(~y5f<P-GfojWU4O$*8**{-{axPN5b=#rPAHmJTo7l>wpiw@w?j+MY=8WF|#3<
zSFG1do4u7_W;59MnkQN{7JuSE|FM@8rEKz*^b?*nqIqIUWVnJ}cc*G)x(sw6!Aji4
zf5uc-(`|lphTQN0AA|P$`qppcyG>$RiJj)v5ESF2&gI7@q|pQNGFu$RDDUiz@2M{E
zB2rrTAmsy7@3o^`X{c7HgYUiMe5knh0mNr%Riq;s*1si_btdULLg2y2urZ=$Rtyda
zSzq&c5f5&(YAPzSf1ykY(2nEbbQl2e<ItHI+qyDJ@Kf_#sSdK$^y}V0bk}zpIw~(o
zBM=5NgjpRAL1)8bJo%FzI0WWTv@&QO_4UI4xUDlcu?XtS5OySFe$GHhNFhcO{->*_
z$KGU`5lce@T4p-_H9j`>L%ZHK;~!`zyEL=3%qxLsA_*US(&Pz(Q&V-%z(e6IoygX&
zq@u$9a_OYPa3(3~R45ZK26rW?&KKQPv1{;|U=t+x;p1C5a2Pm}lRWz*758#w2wqQ6
zR&z?L!CHr;6h^>K`#3w>8!kNkL=c;T<QRia2M@Ysw~Sw3A!TRz3CeWHE3C05b0urN
zhRijDm;ey;08>~EZWCC6ohE*<NylwqXiyJA=vl)<<;3rw5mO|5z>3{FF#gUvU3z@@
z<E@DJT$%$ua4Wfn6MW6@Z$P3nk`ZIlYBqA){bCHD^0V=Z&KS(*W`_X1{%C(B>R50g
zQJDshEr}SoDr|smx>)0Mw#oT0HWZJY_WFx6jE~@dnegMGRQ}ul$TJQe-b-Qa>u*^h
zC|Vn%qmwTr)adA5&ip%FU+snMT}2PqTVC#O3>>`3%Fcs*l@6@n@iNZggeW7Gy2_tO
zVQtcx@1&ZaW0CK}yn`?LoD%@;gy41K;*O-yF$CV89Fr-*qXNB!T=-xXLV`oW?y+9}
z$YI=mcCc{1D~-?cJz~De;o?ZY;ZFg^uS=UnmamU3yVDxHrlH?5`vt%t73s@FcJ5}&
zI7hWA>GK_Fdnc2b%ug7x2+Y*M;Em22nfCszFwF5ne;!1|LHUwNO%1|A#Su!+ZdQ|$
zqBFQYS#M$ldtOgUN^0i(%~cV|2KZ?EWMnKK_J$GjqT;djNdY+vYiaV~Ub>=s?Hb@<
zJSAWlt65qC$1rip1?bn=MT7XJqq5;^AX0PCU)%wX##iaamj~mbmvybJ#c9lBA7+&k
zXjS5C^<R7$f`$-o@3?2{S8oN8FlfH1lD=r112u$z6cbZ3DY5cqh8Y|=*&qK8S#KFu
zRTp*(Z@N=bI#ohSx<gt)y1SGH>DV+#Hwcmv4-Fzncegas-QE4o{l4d1=g0ToOZHl8
z&O62!_qgFJ0G?|!Upqv}4LnoCv_DF}(XHnMicI6vtHZ<!9d7;W7SR0u1=a)XJQmAa
z!%a#wbLs>DI6MU6PfwWW9SkKF`i1?<be4%3ulDt+Wzm<<%NvE3X6Mk*CBHR~ujVo*
zIB<zK=n(Pg0M&9g0`kemoeOmidbZyhs{3icdku{r4z9_*(vxMn*WX%OpW|~RLtEt5
zUBMy2hlNn}Qow!RpKT77U=Xp~kgg3BT422lnlDy&BCBIyY$2x4q-9W0`STuwx_sgD
zIcU0_4ZN<PCmig`cRp*O55Mto^?iI^{;_`b_yh!Bb@mIXMonN~#u$)S6rR@~d6xVL
z2rBVMEB?bTt;iCo8ts>(F*QdV7V@YBMrBFhsX*WZ^(c5|YtT1<sX<+QhFB=sWg3rp
zVBxE)2x3)P=^ZgjFwYCdWD;p81UcJgQ=vc=x9WWB1aBNNbar`e3Dat)C}qAjYf5^4
z8U#pq-;W*;noD*5SmczkF4H%PG~Ay31=!Qm;-8qk;j}mW9d-Chg;l2Y9uMvT*O)n{
z`c++0?;ShlzUK!bpSF+U_z8KOJ?H>f`RaUow6UZJO~VEr$_5Lx`~Mj<Lp^T*syCDV
z{kuN?|2Dj#f9%Y4vP5o#RU;i_w|yV;3=M$}=-Xlg2k?ZdWi|M*($FO*t;3)NfxVU3
zI&!d8K``ZQKZUM0n#S4_j`9Jv>{m4c*neYkeWWMi%A#ueCIJ3@ID60EI3%wt<r-ff
z>hiyy$6LdxQx(wB`kyjM<T+=!MgNVpFObhn6q1@)hSrwbHS_{C5alR^U@DIpD)^G@
z&Kt7Phl_)~D=V1Y7eLt$=FYglD+kjmePbm3r<?0C(-vaWyd|g5$CqR;UL4$AZwE@v
zN=PbTB>es9cyf{FI8*L)eQ3s=1?<)0E>cMe-bl<q@#rANC{l4vUU!MXkM}?y$mC;a
zH~HV+&g|@L^T)eOg_d?Du@yE6*;XVc*7EXl;!tdgyGrQu)3mX%vFEWtlaUUvJ&LCM
z5JMvwpD2?bsv|9(Sn(-P6Mr*1+wB-tzTk~eGlLfHjFlayJ3DwQQH?SzJ)i%*BRZOw
z!6Sugo^QZ<GgW2WST#5deC`|sfKRRMu64v5FMl?(QS7X>-TbJSx!f3<o@c{o-{S4G
zm_U(OqJf2?sR?9i#@EH_h^<~SH-GF|e%F`-5%5E!1r}kF-cl|LP@(Nun@XlEHP6+%
zvi4pd&<G%K_5ifeaeaaRbG_<!`J~rS&3aCT!6X;}Dxb_83L1z1N=kkffcn2d06^|t
z&zIIqpox~GqOt?Rrd9p^->~?Pz^EvjA|tPHdO1i8gC0N-%*ROs`SSN37}`WY$puBn
zpq$l4f1q89_wU`A7_fWul;L&Qi;)o(QXBus7lfq!a>T?VM@vxFN00we1Gygl6W-d|
z^8dW>milCdx@jJD<4YQ^{ZseosC`X+y+<!Ny}Uq$O?0SVjhuD9O$roH-Sow(q{ahj
z+(W->8R_E`?Ilf3j|^HAzpAM<C{(WPa`_6eQ3<aB5*pW%`cKDn@~xm-!OjA<<0I86
z)tCMxqkbM}PH0F_Wm``Okd=!42+#s#DyfjIPWbvOawf~`gm+(Nq5=Eo=meBKJhp4S
z*T;x0UcFYTs$ha;XsE{eFE6{YYpT5Xa+_aOwS_T{5#+5xiW39UoTY~ch^zJ!Ck6d>
zl#31dlZf;Ha^F-fbXvV}G+}7H2IYAOjQ?{1V<!wuheL8CApEX>dog}&nwuN6Aqm&y
za}h>SZF#Q!OBOLKo!i>=7^wUQmL-UA`;0dtAC2Jr71vf*S8Kek?JOxMGO{3SR3c{K
z!AP$b7w{Vb3j@88FgSfC7%$8yO<XQ7tA5oaMHl53r>#(W$X8O^ZJTw(Gl0oJsFvqJ
zSq0nM=;)#zg4d=-sTye0)4>?|{W3zYt`Cgw;~9!ZXeboQOA;f}8Uz-RF^w)y*FlGj
zqu&4A`<TwVJC%pVY%vroum2Q9lKiIgz-3>n#*J-?9)A>y9%Hwx@oyoWn5{tO@E=T^
zp60D)J0A2#&~@y28S4D?ERGxs`dEo)8OE^iu$8ei?$Ve1Drw$8P#4lzU(b&L8=*b}
z!rV40$&|PHB8Z5HEcUaNtCC^Nnojz^!*1!MPxu2}4q#*T?U}-<n3Rg4OU>UKO;O$}
zB*h<n&6`1yA_Cgr@4s!d1Cn|%GBbaipU9qO-aN$!H8iMr{7c+|rr0K@Y<89F9~e~8
zPR*_%C&-CAtzd_-c${yVo=g_82!0K_E7O5<T*7!hT#k{;5OBAdFIa#iDPG=PYJ&*@
zE-)@o7jJGz*gb(+yljpP0@jW}H6x0iUS7U!2pCSXTNJR-D9v`iJ)5IUpbd)-m-vu7
z@+wxuV6n0HVF}t?U+KnXQbiIcOK-Q>P!j_Z+W_$V^j3ED1|2jZNNhLjd_H%-3lkD1
zTt9pmM)i~7wdb5$_z@u!ZD!RZ(H$`X9j6Z&Nu^nI0kboCKN0u8#VFw~$H=?v8QEH<
ztfYbrC{>W%OI6`#{`!<jF0!dnSf<vt^ZIB}t)d^g%b?Z&2_O{(rTT-4#KiKN<(OTh
zq;?Kp^MI0Pq25!yACD;|IYXeTdobcJmt}5B;GHL@#FH8RN$J|&?t~VP-B5$adEWRa
zZ1AG;C!H!V5s-MhtPdo)(#mG?RB<5OICP^=N0WBW#Nt9g+tWfJ<nEAAShx+9$5w)h
zQTNgTkq?w!Lqp^E;o%`!y~5y;zYPpQPe0$YDZEmYHKI@bv_>(Q@SjmXJ@vPQ1fZ4X
zDt(XP%J9!;XQ5RT$oFD>pC9)%-{!}%bRYZC&p(TwnX4|MV42+YL|tUCi|gbfI#``=
znf1m-C$*2){1A(hj?!wfr{ZzmqKC3`K3I-XOJDAsYLbx_7Zt(ou;56>&+C&_tGsdN
z#Dvca4KB%}s{mw1n6K#sAajfS67TQxt^AZ`VJ;l<?2qX@+LV&6xD=#s5{>c$w?#yT
z_NO8SQE=qlgay9tIIJ%=x|Ph=+TL><;(-GUI^C6+_n_Ll+M6o5--3>0G%A4!GxRnf
zdSgugzUs53SkU9@;9`FA`?J+nf5M8p4U-^sutFj=CoS#VMn_M(e=cV}$1B%E`FIEz
zwn2-x>VGx!jOX^L!>d6@*VNov;jrKX2Zcal6+j5q8{96L02lw^_WhQVrVD`gfDT8?
z=YT|5COT2Xs?{5M7UXX`zsBx)VQ6diUji>%XMtinAQ%5#?ZjET)<fizStEA+;Iw&s
zPwuZH59bmbiHH#8eYYpyz1!jR=5rPj{%m29ocGMk`{D&5gY3yb`!SX1>>qcI{hpZZ
z^sd)DhArO4GBK3;tsrGifDbN4tw{s>-a_lWG0>+y=v0aM=0MUp!VS^O0ViGE>EYCN
zkomaY6#zb8b-9H=New+oXHKQ5%MM77<UCc*cJ@pfz3bKBm{*3$j$SblqoZNc%d4a%
z{Xn!|yH!_HV<!_4YQHVW5csQ_dyC`HH^<*k;`Y{HBd`_P5m>*o`i=u&ZDZC$BpMWg
z$!*ZS6L5-Cr%HN(pf!miR|V!hV+z(ef4;vOz<&RBkA$@9%d_ufb+#qV!#uAACe?^v
zt*yt^3LI`qU+wSzgZJV{)BVlu%o6+h^>?gaUi$<YZ|Y15@eDQ<vKRnN8(sEYFF^}u
z4f0v$t*r~3e=8>JUNetPOh6-AoVQ1!<q{Y@VBk7LPr#GF%h{PyueH3=!^}$z-z$h9
z`Siv;Ba->+E|>))<59fxX_B%R@{d1bmd!_0uy|s+++)~Z{##@yx@+fmUGF^ptK8lD
zc&U42DDrt>AwGld59sc`I{%b!_7u}QKLln693_TX=lpFppGcda(8n~q#Rf<21eNAF
z|J!VF7FQQ__h)&VukQv6l?p9?O1m4@;Tmd4Qka@r94#x2$|Z~qZwhl2;eqo`PyOZu
zXm|d2oX=WWE7VD;vqPUA41vb~2gv4^qE|;kEL$~E2sds8!ta4n@y)M6IWtjLgZs2x
z)VTo_iXWxgxlkmzh=F+SM27eSujGSY(tizT!>@cSmPFIGek*dTPWVF0_nVh2ws=R+
z9pqcRGPhff8@Zc=B=%U)#bg72nGYskA1^gKD{E*xVMBmRXQlox#86usdHOI-*_@1k
zHJM6us&sVV3V!bz1&82n`20|jEadlmCfe22HMTb@3cYP<J%K9~p_4glmIkZ$BnuV$
zTQi4y63BSv^%BxE^z#J0)G0<+E9b(nFiISfeucxvRHjXPPbvZt66>HbpWnQx)UU@6
z`6*44sN|q!n4h0#l%Hwv?YQQjl%529U~go5v}teUWQW9tOqS4(AMBqb5oVg3Js8pj
zt-h=+1OHc!<$o`S6O-Nx7}|CX4E`j?6%i5gL}aF*5Nb@$QXMg3pPeXFy2io5aoY!M
zy9yRtOsqiEfI%#BA&}l^Q;GTt-HeJpUkEy`f$Nq&+~l!^xg_inu*t)-Gx<{{xc7+H
ziGB;{K_^B=80`MdyY9jVZw<#K#<sbkAVQ%3Tn^FE<m5KCHWFX|)K!KnNeY)Q`p}6^
z)xLK#W0+s=T-qXHmm!Qn-Ma4Kp^^}P!Y$M^`O}avE;BxWH6$bq4GSr-U+TKWhr_xX
z{Xds|#$Wsc9oA+$n@Ch{Zh3_TYu0K6$sfPN4?jIteICuE6*k(Vo0E=;P5Q2#?@T}r
z^>~q(mq_rWrYbofP4PEh1_v|iU6K4tc>_T&qI+B0IIyS1>tm6vu2qGW|68B?aPO9X
zEHO@E;j&5}d-zdM5SQ-Q%6<Z384V0Mix%bNe5!J842q?F4WYqGuC6}k0=!E08`XlL
z53;gWSHc1>b+?8)H*U{!8f~<LeQCI$sfv+V!ely<Az~T^Ej!kj$iG9dyED$WPj{!7
z!6L_MDK;EOG_>FQ{|K{|Ti#1lDdn#Z6!`(E|5}}10%N|xmCXH>)xTUM!0mk-yFT`i
z`3NB>N>r!jeuGv5bVYVoHajfZ@ZY7Q<P8J;gbogHU%X6fwc#N<&JyX~s&|HRxLtmU
z%;c{gU&oLD=jFxraOc<?RR_Cekp%%SA{HVH5WR!#o}Wlceg;BIOXbN6OW0CPOh|x7
z-jTy-jb<=5kmc8Wee=)lFnltPKCd7T_NPmmgk)vq#DA?o<KvaBrZESYnAFo&9@kbS
z4-8r<znwnUSXnKUk`|;wQ^l+=b_9|l*_c?qNcEjhFH;rT*v5TNMur%1en0rmWw`_n
z-SYZNgO@ay@{bQ?@?n0HQ&STXl9JaSzjJQF1-7qL&e_~hibP)C-G!l}6`j<{L!bJ2
zpL2Qt*jT!15H<byF+fho&w*FZ&)?LGBvUD0<`<kRNNtWp4FUVN8ztj2(+1}C;UKnj
zbl_E~(DtV!rGySrQfl#gIDKD7r{!YBQo7wB2Pbr;G79U*OsTkrv~>P9USd-K{8oh_
z&OHY4Scx)SXUT$eNK0>w=DbdE`t8->&fp`LW-us<jR2$Su-HJjhL1mXcW;lG&JIUc
zsMsD`W%?I-19gDewJv&H_fQ@FQ`bJhqa=?EUhgsP3_xmHku3g1r+B|jrFD0ceVxjI
z#d!m<0(WLSKHkB-6PX-<#l+sP-@JKr2XrVG5>-$bB@%TI<mBX}4hqQ8<|s1Wk8plF
zqghp84CIDVKrQdLo%!Qb1r-~+yZbHYk$#=>2K2Hc-xXsSGoO)xhWpKPpQCnfwmZc?
zQp|V2VQHx5>*Uyq&*SZ(?$QjtiprRNEhb}at@rZvz2zoY(G?Vu{N4Hd=FUY5daJVQ
z5tP4B%R1dqXEf0s_{_~YG!&GcM0oM^MCKo}zw8rM7lg<IT$^Wu(9{J+0r_fN{4?+m
zbTm_aSE!qztJgHYMI`do2Z?uXy&n|y$e+`Bapt{!I3$IB4g6m*fz8$s^7AfKlC6`>
z{hp_GcW*7DRn+f69|th%WHdB1C=FkC<29;F=<<AXAwjt1;(^GI;nC5qlpH2q7|4O`
z{e#2ZMZ#W{V12N6L^M%9Ilc;1WsH{#A+}Yw3OY!1Q`dMdkhOe%xry|$45*n7CA<l<
z;fYQR@f%8;yz6^I&{3#qywAk)%*_X%5#Uai{={5=%gG*(PZ(@2xH<j3Hwj4R10iSR
zp5$a@t0i(s?9DpL^hkQBxoTlDi>h9)oSZ^uM?YG+zW(3D`)xu7<OJxqPpXA$eNkjP
ze=D;3dbeLO(;?`7P-M40G4clA2ugv8j0~dJAO<n}-&vAzT0VI#stxWj`isOask#bn
zgqY#<xZz<W6_9_P&NdZfUcD;Z-fYUiRY4>0!&Qlli5a~Fg$`AGQqnNQkL`HLxGWmG
zJWGHf{%D1+P$@JG+8}UzN~)>JLcxumzBLkjKV8<etuElY;iF%NXrFG<EQ8Lhl||hy
z+5YMQ@?5MJ{9HO<J8yFKaO<70T#?D=Pnhs(y&X)Hjc8M|GUN}<kYY+lAybPzeK<$8
zwdFHx!35XJV0Vp8Ts)P_1hMveDs?&;-!w5SFXdRzutP2GzQ$1m@A2A@VBg#tAC~JY
zf0>Y`H%$&6w&?60$5*ZSeX`SowRG)x-5yxAG>8HEo%ib&!^PedE^?AAo%d`1xV3io
zXm|e7LHxih$l&bk%>Z~{98gNDFW)LjynKx=hPrAxo+r1wzP9Fiy*sfj9Gg|``1Rg(
zmV`_b+F-^K*xyBq5kbp){<**Z=3(nYT)J=4#|(Ev;sd{TV1)~(lT$v<h!3<J!rSvJ
z>g8#)2ZM9t9TCM|YmKbDg6Y*j(yYsq(9_;>>y8T~9v?p(QEBr{3&Ob9jf0KISJZXO
z(Gc*%Hqzb|aq~)z|N52s*#y2&A%)$2P0BzWS{TY}XY^$>lW%WDc|w7ps0SULeYpxj
z#(t@bPhUSQMa8j9Xs_9`eRcAU7L`z#YjD6~@z=XHIK}BPzpTPnS{@z{2%(Eh=~uVj
zwG6?WykZ^J{r{}Bu>Qj{9*?1#y&e_i`)nRee#9{*`uuRd55R45*P{het<FKZy!LDe
zG$@u6G#G<3b91+KiHT}FkS6FI!PdWj5<dS%mF|xgt1L!=JF-HG=ZE<YI8<J_rc%VO
zE3MfyGJcStb~B0a`Kj;A(TJ^!nLLO8jDI$Ionk}?4aq75f`jCs{Rca)z1@5JEv4Vi
z_cV!Sd&42!Mk3v4@;6RGrM0kynu<^xTjTZJZ*PUY;QN%8F8}?(nfU#C1-dDZRiXSl
zQC+QaV4A4+cqzCxhlT)YA@0k36<zJ&GEO0v<%#C;l6upCx7*`Gc3FOK=han{ei2Zt
z7*%CZJb^hY+eWvFWS2>GEC#g4Z&_5OmLpOp5nz!a2S-&C^y#)27*<@%{Dc1fOcx-n
z9E2<W2_hlOzXis!2?+_!E6U5CkosENU8^ho9>WP`pDs%}*1urC42n8B@=oZU2Sv+p
zd!R=Q5>tD`bNrYyqD`@u@<&+WI52sn24SK@4dq{>Bi+#t(HI%c3X}6D5BE;tHDxV}
zoFxqW`1qS@NtC5^;OYwPSeVmZxh>X(y=vfvT|!Qt-F0Y}l^hSBPRML@)A~$vFj4r@
zAjhi4YVoB4D~p2wHRPk^h?r$N{O`kAJoMqTQ#&19CT7!L{&2Na{P5R<DID2}jH$U-
zSGUe2m}DV`&rcC*cDSsC*^oypG9$+=%m$p7YT%H_?aIm3L5~lk_Cs;#-m;WRm~L!t
zOzxA%8ZNhXPIVy`x*e<>V*jz7=V9dIbH4_p;d1i1tAs3Jwg`0)s+f*W8U-${!@vIi
zqUxxq;ol1jdf$lMj%hb8tyz|uNPU>yJE!DSU(^~HfH;X0Q=yNLJ{+R+$BuojB_l;D
zGd&}UYM~$qx_RX1@SHVlvF*nDcKb$gRWI)MhS^fI?2}Od5_K>_(#lN5>DrP0()z)W
z;_UbD?bCx8wvAs`1#4Nd=*%BH<0g540YrcXAd}<bv^YID-`!vLS`ZVr<fra4AqT=;
z8Z>7wl@LeHRBQ`pWhAL@eKb%HL&FFh9!Pp0AT0M8`Z-d&5+dp1LeoAxQ*`VrCDUns
z>y+mZqr4>GOCF-3abw+wo6}>wxhdYHHFtRD*SSi)(t)Js;3{ok_ZA|irzd1TRjlqy
z#$)sP`;9be5zlV~i7;G^QY}1Sw`{UpuHR?{k-dE+Yt$?cN)JZj3@Sxb&rS+QSNvn&
z`xmsJRmWGhvz{J=XzyCyzdv>58Q7OH;3IimGGy!DfrT^?LD9+Ngs9L4*+?t2{5GTQ
z;o-1Y31^Q0ADbAf?1W{$`Fqj{DGD>ALa&`fSlD3Y0%(_ZE{<_PZ7!wLQ_oX8vO>2z
z!&drTkQk#kY8{D6k%I$sW~Nue&@hsd-HILB-aDE~QkRx`5`aVf{CetphG1~HeDA<8
z>vd;%10%;<>=A{Oj`^ibVs9Y-qd9|N_^)rM^R~cs35z8lBs>Q!`r#>P0B*j0`&I>6
z0l9#EX1eFTP>ETn{C6n}fo?70Ppw-$afK83*T1Tjn-T;><Ad#{!?*oWbx)b0Y-~7e
zM+>X>I*L}W-%|1i!175kh-)lF$2E5j>vR>_en@0IMkz5ko{pkE7S&*R=H0sjt1lhb
zUEf|B7%wI#Bm@GE$9T&R&i!!%jgK6g1QYo#k~DA_D8`G6-k1&UdZ}hT+&xjeWn`4y
zLcRdu+zJppa*vN>qi+qNL|>Zj5)nF#s~w*Yv}bpAY1S46A$~zYVDKr5tQnvO9ul8E
zaa4q)$fAOAupqTr*gZf-MizL@%nU{G13rAlrZ$muwYBhvBB;gGkhtWe_goD5oE5AO
zpS|?V%<4^vmuf&dpxwbM4cO<iagA%s<#UviGb_k%H{JdS1yy$PwYSHk{9ZgPf|ivq
z^E5P`7pIz=TXcY{w*x37UZu>*6ZHK|1VL9L`54MNuU-7(`$mN<5iREjKFnGh@d+ni
z#=V~<z~kq3Tj|~BC30&aq005G4>m$RFZU2o;2{B77&9HYEr`^jxj$Ep%n+%72$1kM
zfcb);@87?l`wrOLiZF51BD~9OUQrruF+lU~gR%i-dnCgvqTlQnKRLGD50R)E0fF}o
z5t`ECNTp70qTz3L{xeAK5SKY^!f;)M<VAAa941;}QG~;p_7I@GMZdm$P5zp2`LqZJ
z<VGr2%TXd*GZLzpDd%mIx!<2J%j1mIPlTbq<O$sG9F9(mHyrI5=fCbDs)Ay~#Wlp~
z{))S)BQ1`ADyB{M&zPDVngy6X#rk6yn-_@*oNsb!(q48fHLX$z;v+Ki{`vSSr+Ut2
z;q;;_dafGp@stiCrlP{xJ20?!0lL>_GjsF(YkpaYz3jW|^sLyIm0*mg@agHv3kt*d
zF(57PWlRT~JosuXW0ZN}A3)jbms;mukG3QB*C?CX;f=zosb&-*VFb?A@{EL9`(AN=
zF!$THT2<D>L^@iKKGEDsS%b{u%jMkM6}OAm$1eu&a%Jf{yCa^h&46vOFP)_7gy&43
zG6Cgc6WZd_<En*uu%exLZGk*gKGohfin}*DN3y~I_P{R37oRJ&Sy*bTCC^QwD8Tl&
zr%VAter;{kZAwvmDg7n5TS`2*dnAmN?X8}9|HGx``|X{b9sPoW0>dxv9zn4x%HU>(
zSy@@-0abIuhfJYcn*ZA)2?W7<q^F1aj`e6>_O|GW!oN_<t}v$xR&u{4-<!&zl|uL3
z#WlioMAlAS?`O&RzA*3+_4O4qMX54?tuNR~adUOuH#`zj_>)dUDa)XUJnf&njs_9e
zhYzb?ckz)wq@Ebkb?(n_)L1H!J3AHcGEAdqEj6__efnAHa_dCz_@cyoV>8FvE*jiU
zaaF(LXXxEqItHW|ki+>+5bd{r)-9R#N=V3~(@2na7DvFLrgwL+;@}+o5F|FNe{PYN
zlQRcPj0VsD{*<xI%g_Hj6Bw%#36CowbpXhTCt@~(g_%0Xbpi-@NYeew%T=!(<zQyo
zqOW^FzCWdtpvF1bG_3rj6-Uc#m*Z=4U~CSWPDCc(Mt>nO^X88&27qY7n}h(6pvcP;
zB47BiQos>j;g7B4x`{K~ZT;J6X=%O&(@>-HX^vr?nt<J_!^+bOpa_e?6kc4&UToy0
z1j>?5=2FsS6BDD{GAu5A{VvBCtZ)T+lZD*(vs?QS;{W~`P5b{Enp$1GJ?|SF>4Db0
zkC1Pcmi`Dh-m5MUiv4@btTV>eB_v^XReB;05Syd&(1L=k!V1IIf2?2z>Y>a~LN@9r
zBq)}N-K;OR3kb@#jXOh{&DcqPG%e`;_*abr!x;YT>@cPOarZlK8?BhM{wX2hZW!?`
z;{34plh~Ma&~Q@HZOb3wKQEx%f$eRTMXDTD4>u~ks6NjI+4XzHSBs6N>7ghZM@z%j
zW~pgEFqyfyhMt$7aSi0JZ|)em`ALZ)h>Vx|;!szgcrDq#la&5MfVC*D?eMZhM+%ZB
zpp6%ni3*4>{_=f>TUF!jU#;IPF8O#g%xpLSl?=(qp=lu|*p5vefjYUkT%KHCi@q|z
zVcNqRR|cn7mhkNIvf1@uwyN{juV18)6VQK_PW^3<nkWo@>&%SlfrJ$H?c3_*PZ^L{
z(~r4>6}HZ-Q#I*R@hWjpTQjg)j`4Pi@5-K^pHM<0h>a`15VGAwL`4Rj=E-SsxxED-
z(iit&^}wWbjQdOIe$GS%RpxT*D09)gX&0&u=-vcMG?HecN-E-C;Kx!Mi3da`5_AQJ
z<Q76cC=u$`NR;Cy-GH*YMg;N=3#}a+0YOjHJ9UP*NGVI?*wob2jg*8$ZLv@Qd>?T*
zR2p>~;N7;o25UWz7Vi;am#I&}%2;h8qvA-Y*v9Lj=mGwW!)ZBS7p~FfX8T0D|FH|(
z(c-%B)_heXe8w0OmKeI~?kpY#D~tRGm5R|W2731XF<h^51J?1rlgorxW4p^#UOe{Y
zno*cB{QSo81&lEFWkG?792uNa0dEqF(lP~l^%+fa9<o<urIqFb1X{zX{)6||DfgLd
z{{B$hlvuHC5ubr(jVc%G4b)F7**x2R8=G5eXZ{G4hLsS}y2f7ES2#L4lCfWG*i>kw
z44V7^Yc4<7Ew}iz|NVO!^#A&XiGo#70MMpON~qwA`L?k;-F=1lJ$FZ(2)dT`xl}wn
zo&vGwl4&<^J&IJ1qe#PtCjFNG<Ze@tN+Lb_1FaXdMP}o9`0d!C!#(Hoe^z%_{D8IF
z+Gev?-*7*kr)>>sMI5*}JN)kKeh>8X3Shh_ynylHV`k|pp~lD*kgck#zR0w*YkGE-
zFD};F+d-Z1xz8TYSHP;M^z@jYU+=E5ZpuP<o+ymd+u4rGVuSko?@Sir&=2kkjjlSJ
z&@m$OOHj5KN5RReDdX0TrUmO#QX)Y$fA}Myw0w(*m=`wf!7MiaAWI=lMS-glwKbYW
zRa8-7FKW^iMhc+NgVeZWWL^x6raCX;2wwa0F>DEAGB8R)!_4d*^UZ%NTimK3FR1Ir
z-JPG`zu!pA6uKhj9TVP>>9QZ*R1uM^@vVvv{tE6*lj^us8wAliAe}KhT+7Z>HCLvG
z0SCujK;VpW`T9Jt^apu}QaZ9QS2gY8!hQqKmoHk|TOn>rnJYof!nv*9;u;o=dbM`l
zMUVGYcGq?nJ2MppDQ_x?aVU+hL$Kbv-o50t4tc}KI0k(wth2I^d$%#(;scg^v!3bM
zeZ;mS7Y--2o=&`LVXH7O-iahNkES5Q52(Jn3PVT7FBUhoRgf4R9_g71L~%Txe6!Rl
z8TFD|ez_IeI+G`t&@yv!hDt*#CJ3q}uFs!8Ux7+O$$qJ6PFF&LmKc(`T#s=6dE#X4
zXi+|D5i0cw?^!^=BqtatRgn?)Ow>@~RWR3~CF~>MTA`zEg0fn1X7}ZN27*e@k-WGG
z4+MZs0bJ$f4CVc@3Y|$WUR4?>;c(>Szz=JuSYeVt1nuofZ07>NrGkUtudN%~8ToDg
z`*(v!tl7!TqB~otq{ZjT!o#B1har+@W)9^T9>Uc1_8#*ZN<}91_Qt^JJ$&&B0`UQw
zd3+R<$TTh#$jMnxl*)3--9B-Pj8t}W0ps!v*TndWtv$|tFa{nW0U|`=a;m@NeH3cv
za!YVoi^vhE=QmIsLx56aZ-1r&o4^}a1qusnSlTsT)E#7H!+aWD4|CzDZ)c!vvjA8I
zXPlOfwM@m-Z8h10g2PAPCAXd4Rt@X??^X38rl@S*2y^xE;=b8UZl_2rjKJ<vZGclm
zjh#=sVluvf;W+1;gQ>Mvc=UCG!dc6$q3xB%m7H9XA6W&%lX0nH2t7Svtx;}g2V_H2
z>mEovXZQ9aj6FST_Miz@d$?4j-;@@fcw)T0ArKI@J6JF<z8)@9B>=U2jB#gd#`kZL
zCiztuT|q&9{btF1ajOn|?yj5YHWnjYz<A5R$u-6I@np2c2fiXs9m7e?>DRB7^_?(b
z;8-?u{lF(_U?2hv9l21z1h0FIG_edS9zVcjip0ai!#%(r%GN7(Ztlw$FJ73!-O5A`
z)zqA>&Q;6DEGx>PS?lY$^Hw~7Y>b?seU=5kE5V?QWGD67D4W*GS8gcfjEvOM(%iWB
zY%}T0l~#KHyDx~sTwHv&x5mJdut_=ur(C~N?ZXFmKEas_{J5kzxIyzl7_^4i?1@DE
z>}Aom0qvh%TMzuEkStaJ-~L%YIXwY^N=D`&l?&x>dwbtVUt5IrO!o9o6igmlrZcW7
z%LP72+p$WxN*+C<#3yZ1lVJSv){qdB(eeC~Usd8vf5tN;29s0mO#}0zqpb|AUR4P_
zL>rms6`aAR6%)NALER_iasYz}fA%?m$k>vD1IqCc7|pyD<PX7Bc?E+YSYaw;9(MMz
z9GCs+Q-B~odikoh9L~qFO7Va21uG1{L0ykF$jrX(FOmhm`mlB{;%`sFtnyLI4_%jk
zZcg^*s;uk$!Bu-)Rn@rh>*r=xeGJI3?w^p|Xo||WU>yW6FYzmV{c|!>gI0q>YZGYo
zoI};`u1SMtT!(!kwn{ascc}Z#P1%3!DAL~98yxNzV|ia6wENiGgQ66cb#H5|`}zku
zehjB8EF8G)&ftI(*xGt7YMdA!3t=E6gotT)3V8qcVPtO=cH(vn*&uczDX)mZD*Pz!
zeB+Qa-9Iph5Zbv)(QX2AOwV8F&)Ij5v}^TIG$rz`(#TDRhpS({gl_~PLi_>(B+j}c
zh_5ritdvF4$B(E*pI~W60gSy_0F$YHA26lz2Lufuz+Jg3Qq?LciC|kGiwfTZIAgN5
zF0mZG=J7o7*2qZHcttlj8eR7~W5ucglvDWhX17G7+Gd3tqu5Xi2T-7sqoKClHGBPS
z)>;}k&JuO(n%2m^-T#FRI_ty3zwuu5uRzJ8QBaU7>iLcqojbKu9yT9nhJ|(G;Th1)
zT2wM#My5f|2cZ*ebV}cxazpAZ_j|~S0CvyH6JvfR`_l~NNwJARpdCKm`Q-TK+c&G6
z+<+8byEbX463+E#=4O(m#{ORf(6+HpO%kXOS}pXgQ92TU)ZBG{UCH&X3q;zulyr<Y
z+S)n2FVy<Zw<|L_=$>~-+-6KWg3#dN;^MqQfNh7C`HL44UyzCe-pjIrk(12A2qISW
zG#=Z33te4O-S(e8%?i1_Env}tWaKL_duw=|bV0xETmy{h;?b*bpg+f!KVK;yW6?Wt
zN;P{Ni%<bg$CqgS5e8V+Gk$<T(gKmioyVwQWXr_cw@p83V=4@L!9L_MO+O1;7k%K&
zl*4U9Qtsig8qg@nIX;d{h6nfa+l#-}D`GYa)hK5Rt!$qf_P0@HZ0BRsehhh)d!$2o
zQY|b(ju!Ac5MyKGCAM39@NQQTI+mL|uftG>^crg?_d&-H7ne40T>~I*Z{J(|r$VLk
z%mh{CwvElfzbRfU6}jk6rQZ5_Cwp5TmPVaH#0o0TWB70A_q&^hx|Pp4XX}8ceDv8G
z`kvr(e^u71n+o_jE0myE9a%|9C>=Ko%aARAhhqS45IStJ-jO3Y%Wh4Si_{nKItoyO
z4VOpyb|-KIi*WsTCnTwDV9^F5D|&bI(eF>H%#Op8!5CFT1I2yL55*Q!ngH5M9kMm!
z^W0KgveQ^u?;Qg-#H-c@Pn)ju&uFIc)mYB#({XFl%Fj;;jAMqalu#nek#}_~bRtaX
zU`0<KOTJN88lY>3`q2PgbaQjV(M3-WS|h2Vb-BR-qW;s@Ec`V7yf^@|UREvaSQ{d}
zNN3L(pXv&LhX=8Jb<Ke<HZiXK9Tyjgj;`hxy%uL-Urc6weS?#BBX+)tf)8G}czCPw
z?I<)@7y!+fG=aYQ_@mAZSP}Zb*dipq|6*}VXC?xVS3A|0XmlHtA!p1YlyegAc$iZl
z{M7Q@@m31y(7rsmo#)o)Q_9|u;8mZTbv7)2z=eTMIMD_WufcDGy*frGsyj?&LWA3Z
z|9mPL$;rU8JiyAw$Ma#C=P7~lbeOGp)Ys=3ioKn$;5a>kjU7RBS~jT>tJ-c+)n-xs
z*R~DPH!zqYz?eRaT%EWcTh!_c2YK3AAZ1=$<S-ph<Lt$k0suE(odwoMBJ`EUi~Z2c
zS4t+SnVGWB=@xkfYkBz$3&X>4BUlFMK=$AcSbAZg18HXa^$nHAMY{8@Ok9@Yof-6h
zJE%ff2L;~-BZ%HuTH0{D>$-;ZPnrdv=-BIcY38)G-M`kDF%01glF}}~#c3+Pj(2#1
zG11n<T3Q4}7cS=q+Wym@mI>Z*{^oOlFi{A?_f;rwntVokY!5sINUVSFT}EmcH^4qt
z>l{&Wu#ry;f1Lvm4hkxa!lAt{m+Buih_K7F1Ham}2U7k0>+Vv0;k_I1kSb!@o6K(~
z{>$?-@@MPLhZE!fT=zBn)t^H<E!J1-ohviAF{mho;UVu-l>OSbhC#{O$19W1xg_ci
z0Th1I3J~;uSFFv<Tv{9(8*5HWOMBSIej%|Z49mcD-ab&D3Qu=;@?^jdA^MHlFBwHe
zW7}o&tKJG>ih$S(kejUQS%6a^q97AB%Oaj96aISrc>C&jAK<bI&E?;6X+3esdc5?g
z?gLOIP1_&`7gs%N!|5>G<56%3P#<#qQJBt7PDYJR3>V1QUBI2%?*Y;Hf>iirdQ&sU
z6m*i{*XBiX(Wp>a*=dc|`5?fYl01b4*>C_(r~G_>%-L(cxtZjNr~q2zD6r_mhnhO9
z^x`7k+PJFHtsDJ^vx6AO8xR;jT6uED#4Coc;i-ZjZMP663G%0tZen7huZZ`}n8)+e
zBOGl;B(BOftP-Q(G#^N`cXWh0UV&XHRDKT`-#U4CfO;cn#!)9R<YVU0y?`JyM)LV~
zr^j%bd<?Tyn;IXa-fa~g*b?aM)kvZzz4$0ED~A84)KaqBjFUrN24y6L&Gbu-bO;R~
zf~TJ!RCD82{SW6k-mAX2ervczak@WVh%@c(-qtpbA6}-TexLP|2Mvma*_Gbt25zU3
znSG2p3JxIQ12pBrsfZ$iDLX?`bcF)CP5#g0_lx?XHjVrjL**E*^u8_|80&&)2+5u;
zCQRnzGa5-|waUw;KA8=0_u0mVk)y+ljgT`pVZdp)anaM8wKg<(ZZ?$SOY9-RK7Jrb
zpU&;j|JT2HogtQh;_KwhJZ@wHz(TbBJLK3Xqjt+r$BtF|%!$~#Jym6yK-AqbGC0i2
z)vniUzf7BjE2E*x|L@;Na8q`i$w;4o+XHCP9!oS~ofy#kwj<%-D2|V{)ziti-(n6>
z2zGQ$5h`S4<SgV!Vm-fs7E^_Gir>utd7sHVyG!!f2y*F<kW*Y94R*C9rRj~VI<y&A
z|1AQGBezYrH<Moa$qx3@$b~_=X1aq@0#&reN3)Co{vcqAJniL~Yn?;!@ssT1B}V9U
zS!dOUbaz4aGTlGX(A%^8pVigQn}Q|a>9Jr>{}a}^krEO@&6o2PQk1D%NwfAtux6XT
z5USK=#4#(#>%2@LW_f)^4iF2{g>WH4;X8(%djN3x6@bASO3?-<Bmg%hH%te#kU(&6
zcU6O@H4M4!7hhTkx^>)b$bB83M2ubTI|+)wxYE(3i%8$782iP52|DntS&pv<QzeWk
zdZxJn0nimIGsM<rFOSj3=$PJn6rAjW9Dg)v>89<_;UC|sx_zb5E9-Bm0uo0os<iSc
z+vAf`i1{EM&ns{pKo0VXwG6-Fl7t7dB!(jJDx5I3RBSZ%S5uQC!u(g4)2DWX|K&vc
z`gZmTm9iG5CMP+i1W0M}Mqu!ffFhu9ppO^8bb*Z5?t+MzcofNR`;UDm@K9`Oa#Nyr
zwqi4gJgv4Q_IO)E-S&n^RxOX-O8XcOc-z#OI5+C*tR1fRdRN$M{@3Jy$m^I!Ftu9I
zYUJ|3r*ZI4o!%%RJ}J1oo}VX6Ff@}+Mx&w0T0b#9H7r3x!{HsLgqpH)oV;=j)Y}_G
z`<zBkmm)#JZbC%r06oJkY}udEH<yoI_5OnC-2ux>%~l1aks|9oN$$;H)43Jh+F~iF
z5XrS_&|lTsy~pMadt8qZU0Z7Q+BUMZyq3>P!23U68D(gAI8YS&WV2jrJ5K`HSHvs%
zzghx7>0vZJ-9k~o{uGuPC4cs<a_vB4)xtB%LPqs+vsQM&S3keHM35txR%tnazl7)Q
z$~SayP}$Rs<RcR;Wuv8)KdrTlMZ$%=zp&sQ)61$81i-y~Uv$G|b4#-}Kq58Oxkg<-
z_OBo#0_BPO+IHxbu%}qPkC%Th0VBjX=@XKI!6!WE_s^eES%2apKoD>4)?~iE>lw;2
zWPPT{(yxcN*4OvmNNy$qozeHyRK2^C)y`E=%b`vSh2f4<!<q%*od5nyy#^QD6gVWM
z07;n^#9?_9XKSKxy|a3NqSb<(M9bv!H|W8^82B{qGEGc6A)2uw)JQM;2Tg-&UE{W)
zzc@K7O>dnZSTu&^fZdahWayfqjEokgFw?BgOW@COJ%n7h{z+>i6z8U$)q2>7otlBJ
za~=+@$pvG#zn?_Nr$O12C~<|gq{$A>)qpZJ9}!Fc{t^KKp1y4I8j6M0orHigwl*qy
zd*mCYqT(&Ip!i|c+%)jVfepm3xET6n2$*ahl$Di{xuOY3goy#+R9+^`ZR-UI$<A1V
z%f34V^fXxi3%#NoTjbD^C^8~PQ(%xODZ$$P>^)~O7+foDtv*FN%D_NxRQL^z^EQzT
z>FhoXm-fFOr4Kj<^Tj2mQ#q1W_cMk~kPZJoya4_{j*`gFM1s;x;+1l`ioq(24@rq9
zTT8-A0vPv{c>c{67JZ5eoxp*wq?Cgm1S!7?wo=gXZfo8amUMM@pM$gI0}wE;QqZXJ
zZ(@q0(m-H8-atiNefaKTH=z+&iLo*!^lv%vfo*HS+yVjsUTpz7t9UhLb~q6a`^h?v
zX=p>ec)45x?I;k_bbP+tV>(7x+H1uIgg*$A%nOS-<2B5DHay^&K}{@qusuq`?(u7^
zHw_U>jF0@I@2d;Wo*5EO#5qz@zGhRIxRHHPQ<D`?QUA`P|9!vDb^&mi|G3ea0FPG=
z+VRp1inF@SbfBoBy1YH#)+ghI+Lb<tG6lsV2Llv+k3&;)=6`4rK<q)`+W!3a+6Dk1
zmU?<^1A`?OH!$LQrrm$$;Nw`=X86I6-x{CVix(Re77$xJE>L^j4)HyOR0Mt8FHkFv
z7mBVt%r`d1sx;Y_uGv8mm(bq@28r0eD`NiOe80ni;oCESAvOzzC!ZQ85g>rTs`omu
zm)ooG<7yu)5<AeS;J=_*{{3c4R~KWdR2df}Bb?EUz^E1xiF)&I4D|F)tSl^G-`3?`
zU2d+)<}(dV&^taXuKCzlWGP8WI&LAMh2gd~qpl=oP2^v5HX&ev4XXDI?x3wr_Ba@V
z>p2$uLeK!cI*KwCbXD7V>`>EH0sUeGk6jm>!XWLa;rT_7Q===1u&H$LwAdGeuMX^>
z6BeIM=T)|uLI?Wg(!ZAuS}b`Fcfl2gEh`l?lG$Uw^2bb3@wFhq@JZlIO}^v)`w$}<
zi%S;KmrX5&jC5*{5S!Q~#LWEejoL3A0(=uwN2vF{h7@612@v6~{sB_`i8@D9bRkq4
zLTLb>y~BN_l-abuzFw^aFcd-vZD3#(0K14|$l(g(Wl}c?35*&{QU19dza6_I9HxNt
z!~6FymCxSb+jflYax_2#)!g+|xImR1y`G%xpjC%!Y=3s1Vje+JQ-TI0fE?}ZM$l?4
z617s)fNZIHgbq-~xD6)boA&eCqQBtfjk~e|y3;zhJpvoc;WZ?x`1p8!AS4$&KbYfE
zLKi`$NqP?eZmd2KmtL5fnEZg@UFeWkY`nw<A3x68ScM%gpo=AairbhOzY+zopX!%@
z`u2gOu{BD$H*F?WD>uijH_(@qZ!ccT4!iFk<D`G*I^EkErWN1K{yf3-&S0;?ux@`d
z7$l6kojoSC>ytI~v+zVUb)-GB5x2+y@>nM)8N@j_IEcE7OKL-Xj_vi4RZ(t04wpsS
z!_KGQ>Y5c}cQ@Z+!UG;Vf=^h#Dyr)1KPs4+ZM@~;svf0H2SGIZ6BI;Igs-6gDUpdL
z=clEkOF)BUEjP8l)Yo4S@~YL@A~r+WI6GZuf60USu|#uyu+i<kfhqfU_WAl3Oc?@%
z9wKzCSfMsHQVkj^+-FYCjveE_WF@#ELw~B;{rVGvDUZQYnOep4kcjefcgMq*02*x9
zFr;c9&C;~;A-6k$p12{oiTX*v$@2Txvrqj3y7tQPMGB%qB}uRDaC8c+^+seKvOh|h
zU4Url3JHQh^78V29UdGsfvs*I2L}dJ@=+wh`d}q3LVj5p1u;k#%O#o>)R4ZBp)O-<
z>sc1<0K=r44J{z1h*fbCds0@F{OHP)xlre?&>Niub=L>{o%Pkhn@@Jv>k-5^7vV42
zXI#;$s`@rHRGI2dkH)HBy$i)5_AH$cbZwhoqAWFOS9G;tjMmlBuzD3VY$2&4jqJnx
zS5<PXE!U_pryxzt7l5ec9_J39j}4a6ye@X|$bq89-povjLKuyPRt9!vQtRsYj+UDD
ztD#=kM+vZl1vxo7HBD7Y4+%|S)0}GxIPiP;^xyi$AC>6P8fA@<ib(YX<l}`FpCnys
zyf?n)@q{|HQe5Wdkw1jVpw2ORSU&{Rcd9BV1cF}q`sTM}W+n!uQ&LLA3>sJGfIXvT
z8yi8s_Hg24cti^q+ZLAVQ)Rk@nMzuv&?cb;K2HL{?UDC-TE0JMSXnbR4-UK^o*wU)
zfLY$}eZY$21K3HT(qXkD4D4Um2X+!@2!0onYISzAkWlrK*tA5oeCHGmq!I@RKGh4=
zz5B+?-9QiP86uCP&hu?lY)pb-c)4JPuAa63f{`?UhUgd%@4Z2S-6U%IXa=;ii$US!
zYDpOMZ(=w!WRI}uIRh?u>@w(L{o#n_=ZyD*F-USt2Je?V-JV;<f{A8rcmQ%8?5XsP
zBWM9`uGNX*qn1wcY=05DVXJrh2*0z#<%;;ya#V8ibSQAk(LdiBjwn7u!j*XW4wSw$
z5Qw(6_7#j3=doLW?y!O_=O_?R=J&J$_9nlzRdyRcPg8sqLNCbm;<TzN-#}1W2?v18
zY-bDgkN3<iVk&Qda)|GE2X!9!?r$wMKWxV*+#1|Jtx5t^G<W&tRD!#110=n*BWy@)
ze4Kw(AOa(sZpaZpkHqEBCV&v;^k@-O?VwPPfNB~mC?olZF-gWUX~6_ZLyrc-iVA^0
z0^qx(=60%Y(!iaXTBK;i#KNOWqOt^E!0c$b^?3)Nf^WlS#yHp|WIH9mk;+4Lc0OML
z9NeJ>%nHtLqf6?5ldH4kLwfA@WX5>@tqR@H_7|_<U;Cg)RhcWiW1XB?nLC_^n#a`p
z3cuvF9q@Wsy>&K-hAX11pPQ=#RV=K90;R$+vK~0$0~7)$KBK0FhU_GmIb@H`jZiAb
zoE)pkJTyf;{l9VwC0*S5_t)Ep#RP~F0c(|W@C?Bz?_()q0U3Ti-DAYb;kY|4Kdha+
zqm)(Yb7ix@=NjpT`3w3CeL8OOxwoh&EY$Q2QUbJzH0)V|fE)Hk6F{qG!Gyuv2$-;@
z?Ro8es!~=o4q+*iS}Kr!vscx0>kt#aPX5$w*|zhyse;O|QDZ9=<Y*F|9mZq;56F-<
zGD>{~)k7vICilN{IeI+%nh`Q(u`sj6Ao1{cJHNqShpyqCtsx0q?FAD-pWfVf1EGgQ
zjKOZ1E=p3lzCyEWWDX6$#g^{wF<dYshE3EPO58mjg+XS<>p6V8RID#pI@?P1Snpr|
zdK2iQ$CsKNw0@(C){DM?F+$fTCwyPQ3~K~!RxGZ>0E`aJQ>(45tuSnIU!4T&aHt^A
z*poxDQew8Astm!ngbe-NQ!k((*{rS2Z+W^7LTjp^6Y-I-(V9c@@FX6jxiOGFLdBzC
z)75pKn<XgXVPJe44Z^)q!XMs-tK(7N6yf93zUmP4Q3MJ)q?VA7T%Q=qvDec$1$>*>
z6l1n4V&H_XrQ-^lNI4;v{1BnWgd!sVppC@dEQp(u(u&!LPRUrx_r~w=?yk<~jQ)Ss
zM3#NAH2#LIzAmW%G~kU>l0~I~&j$Kp6-I9En#h%v6$F5_whWtb&VdqTMo73yLz6g%
zN<_``;g{W+z}I8!e2J_`s=1ctp(>rHQ<=El<=odPwZ+{bK`Xal{^)&XLTr48Cn#qt
zwBY7?qHbGalF}nAHOs|XKC4<`lG2`luYv-L34p36P*wF`nlMm(0f}Xl5=Z(()gB%b
z&g2;M3G@<;V9ySTq-0#m$}k}3f`z?S%xogN>~9@Inwq@-6{!|t-`(Eo<L#OS;nLE>
zA_2UkGt}A3>H0{Y`2G9tWe6@Y>9-Ha$b9R21A_a8gimiLLuqzyofjG%awe_G2pi|3
zh{fI9RBD6j_?BjD1ze?o5SRKb&8MTdVz=vKy31>OfJTb{m$zTZYkvYpb1%sG@rxH5
z&@M7Hz=ARer-~|4rVN1~H4<DO5<uC&+(Q;LQ>1LtJpkS79C@0{vg7&U^HMq3#ZH&m
z+ttMvO(DqBqC+H(N@EUt-?Z#t{xI?6#9;>Q1tTK3h}b|;7}F@oGn5vbIyT1i-8rZh
zL`F0Bn3&^#!Lc(Hw+6aRdTbQ!#hztTlVdrSN+dS_f~I6*BwCbd{C*)iB#fd!QNMc|
zIJ^+G*-~tu>BAD^3`P|LBCUMTRLJ9qo}MFw4wtJb;fb4BTC6P`Ejj>iK{s+xurt09
z5fQof_V%_@+uZ;^4H5P}CC)D{{{Q8guS^X3qJ54KYhqH4y+x1L4?qz!)6ofSs}h#D
zLyu!hhZN(=gA?=eiqTbhc`rzLqun|Ubj+*afmrL5fgLyF?n3;W$2KU9?dI0`-RHmX
zOz=m(5U~l3GU_*UbPL$15$daSS|DgS7&gDu#G%{}E?me#5V$zd&N)Rqz1>vM8cp>N
z1*_6rg?pkY?)jLQ20U&~R==t9aL@!n)gS-|jzuRG@pd;+RE(U6rICd9e~=f<jE<h=
zg!+DuLSQxlBRB$%qo)YByzbarTMpHgVi&-M+i$j#{l`*uVc$JL8uyD`0omJuV@DjJ
zmQ+LcU3;2@(FriD0~`gcFe!BGVpV5n*bKp0p_#;%HIFvZ7xg9)hl6YCg+9Le5HPpY
z48Z^5F?aKRd8J+;L0knLOkx-C`S?6hAP1aSTm%8(L-9X1k5-H#6jYvT+uLs4y}jF)
zz;D6Q+`?iYsL3~KN<bj>92Awyk)*WW1KZ6^c57|5e*Wy-KWsOyK3y4S5UTr%c7~4b
zEm*4xQMrey9H6&TC9p{ppoyiQ^pZ4aK@9E0t26bq(0N&2*GSjai(<p0`yWN@0C{`3
z`!gkE3>5S*atuUF^&H26^W9z5AHRP|{5xKTK){5-cVKoPiGve!ug(eDkucOlP&qJt
z(A5<L;=`U6z{pVfKUD98mX;YenxXj;G7Up@NMU;V)2(4|(WEV6Z;04D=N-s}YCT6V
zTre*4N2KqISLk4i!p$7lyD#HGnp4H^V6a?;LGbX<cX#(A^4SGb|EU^;T);s|1KSgq
zS4tXkC$I?`HfH7n!<ukn?|0VI2Qy#*P#-8agC>z+<&2bso*p?+q(B8*t!LgU$;tJT
zL)`CgIAHYaPPkREFLs6yskNS7IDLLfNWWR`Xc!*t_Y_or)hn7(2*`q|pp6sK-pP?P
zXc7y}6duIHTmzCN;L7U`(5@seXKV-*i!u^`cxXbJ<^v}mxw*UZ@)c-kzz&D&l+Dhc
zGL>K@1ecvD^dsnyGdWCqnky^Wd0AP@%>L&qtNVd=G)xxgo%n<}Ih{0t5U~?NEzE%Q
zc7LYxbQ!9!ScEGL8aiW-i`N8cylmGEJ@6W4v{UO|Qiw2METzRKXSSh6`S`=l9ig14
zuNau%YN@cyFYN67iwCPEo{lJvZ!HD}pzQx@Fd|%!f=o&@;72tzUR?li8DChqSjW?e
zGun13GSGS&_IDv;AQJ}xs6wEzu~D>mx*JzQmH|L8fXjweQy>8}v4CzANJO^b+9q`W
zoB$(hcbC?)S5lJ=E`gW*2|G&_RLe8zwN`MZ3WM^al1v4^5l?$tpe>LfB@q<AyqkwB
zLLgaTF!1tNN4B}RfU(4G3-XE*@TQnpV9no)J?Jy*g?BzhyC?Vupf>3k9saPx!Ms=2
zDq0G_zBJw2D4^8D!o;-md3x~30$}f@v;>Gu@QFcyI^_gC!IPPl6$uaEo##G%`UIta
z#n>@22_@((_!zvJ#+|emF(#o+nvPA`Rj66vaC_tE9T6$@MFrmzhbsEp`Bn}ZL-q{n
z$2T&SPSw??5C6D<&a_DaPMq^khpGZ0;ga)mN9U@oeGCZw;d=A+_J%v9I_eub#)P5)
zNhHLf)vm6nzE9+kpf8zPpNd+c>j&lf?%T(sP_J?r&kd&Q1?GUCN+gpZgeFK04;D?;
zi@{hOzx{HHa08f3H$cImBp)=X>U!|;!Mk|iPqv#!zHISf=JwTOW&Juej{o<IoH|;Q
z4;cW|K((x!vk*QBx+=g8lv4@>p)4&m*{wsy^4?=8a)Dj8adgZz8rY!-*w9b}#soB;
zbSxkVay%TP*)TJQgLHLu{{?yw`QcBQnt$w8BQq#|O-!6`6TC1befe_fU$fVB1XD&T
zu0%0R5ghxa%Ct9H49xkhoUZqd-ab8g4Q4qyR_Zj7fb<yf1Vd#5DADrn9Qnvw)GH~S
zLDo^Dz9omK_&!RkLoJ4JFK##hvaovD1c3k@6d0xV2j*%L@*1@r)@=V@ZC4sjW!SA>
z6rxBa88gdV$vhO9$08}Q6Uh`ALdI9-Lf8tKD?@BUNTxPPA!VM*tlEaiv<=(*t=;*1
zew-iQ@ym6&yu<UZXFY4(>t6S|)TvLr@j%W?@><aMj!d5t;dd^F@Sd}sS1s|~#Ki=_
zQz0!oHpABqI_USnQ!3{d6r`96BpgxGmWEbNHSLPaCMI8L85mTuN=nd(2CFx~<t_I0
zwJs`_P&@Dc8l54;i!4i@I~K31I^AD?K1D>>)IJ(2t>i$7lqjwd%viyt{04M*^rfYl
zbwFoKY`$0*pfE`i8F$akBUjyCdSt5bKF_OS87OYhHA`ag2cke}qWBFj`BSH+4?|;G
z+-9g3e9=BKV=Oi%Cg!|;s*Lme!dQJO+N7aro$!z%SHgT>x`1BjJfo^(W$<s}LuPFi
z$xCw62qM3Kzdojp0|+@R1){z_5Y+wr_JmU-!(_gbVsm!jV$S2uR{kB*LlYSp+Q6l;
z84+gYXWs$Pe((<9lssKQfzUWM^?Jeq9%(fgASl4g`_Z$%@H!vpnac#V-9e@Nhew!5
z;}rULotNw)7^Ly)#;ReB57WNslVNn@va)B6t!8mlA0dQyZ9S%MQMRvadHI>e3<}%8
zZD;Y;u(IdlBr{$Ko`+|MQ#RQTRiEwuY_z@YI@-kqNAiZp<EW|UDJhsya35PD&mjzU
zq#zr&bSunpYEM^0y+^^O*s^nTTQ#U@Z15RecaoE>x`(TC)~vZb8*w)(<31Z?kLJD#
zVJf$?`91eTEw&M=qgB_XfFX?QG=$?y*fWn`Nb0CzQxl1et<|p>2udscMYt;hMP+2#
zdq#gh?V*DZ6oAg3=dY%i9&z)xS(c1y+IY?S9|uq#X_wzE@qijybC7o!EdpTm;(ga3
z!uCdFY)sJ%fr*E?u8VP;tDZ6lKt)n@^+Z}oNT*G!v@@OCfk$*FLww;3+U`i3*cwdG
zOM1`{5uL_yr|>$JiEO3F0Tqa#xi&~2?o8@q7NJ8gzBX`YllbuA!)9SPiq7pjhQe9o
z7^4UKUmp4km{?h#>m#&*J8Uq{pxOD}LJEeB>C%J>H$YX92N)#W+8RBk78kdDUNk*3
zyYdNI{o_*kws(A>;#bV2)S}pAY5_H2B&a_8V1uuu<hHVBfi_W>j^BTWE-y!q?4E!j
zi(G(-7<@3)Wp1F@65YD|`zUM{aWa&ZeYFb)L$LvbQj(v)!Gx4aNx5~l(hVg^d<IsC
zldq3D?f%-6jjO9&7?biAC)p<)s$O?;Km5bX7*b<G>E<FW2kTFQ2eR+UKRPy0p&1(v
zsqVG6HZ(w{kys%S$aosMCU$pqm1$$16IvHhMm@c+<&tpD{Q%;!QoNBaEl<S>vRg6N
zf)g4j>QiK}hhIRz0~t5Cfb6Er9EvT*z;}sXK7FDE!X+>f03HPdC2um6<NZpZPwW)<
z2=4l?-VRzXN%8jv0bAu$Fn^r`=+XEL;VT)vWV;x#jGv4(Oz%XY&i<l_xi@y&UQP^i
z5E=vCEHD3xhPIV(5c>a7bgh&(``;cie*!16c9HGv+sBTxvR3~CERnbjEM=1CEE&nu
zHqb2qV+pL%dV?9QBJZD-OgScf7aj@$Q&W%z3JcBVN5=CrZ^rZ8u#GpnvJcsge#GR6
z%1?1{K#A{6!}k-Ah^gT#&jP$L|G?K8CfP>rt{gzPg@vD&2W)wj02Z1CeT=qdL)P%A
z5?_!rFx;2c)-o7SISJFeHi^Kp^+6U_`o)u-ocI=ZcTzB1!WybmMBp1R`|QTHr$e1d
zI%r$>64SzdoXm~GLF%+<*PCTR40|NRc9777_D^?F)|Zq4&+kLvu0I(2QVN@+y?v;<
zmezuK&3%V!72=^_u)^dm?D=u9!s&eA=88k*<Hx#U2tT>@kT1M;??<q{%X2ehBG`U+
z;9k=}=cW692V(C{5d)73W<4)Ei;VZRrBcS+IBj_80*V}|3lv}9B(-QmPZ2c&uI{}q
zwl&HI8eIqz57Rv+$7dndMjRYw#I&@Uk1}#8$%%@K8vqOUFy+6e&<2i=JJi0sd!hC5
zF?1TzBhc9!)CV;nn->z@*>{*Za3VOOPX{PXA@_E6_OqE(U!=kC`ubG!jeSHLC(8Wg
zyRq2LYNM0)XNJt)gqf*X*q`!hPX`SVhM>0gSSdi*nUArv*E;QPZ^WC{LC}+b5h@*_
zz4E}!I_SUjGYk;CZbpQ}$`aumb-bamok4#13EWv4T2Y|?ByqDwP!`eIS=GyGy?T(E
z%5rm^22rYY-_I&6jQW>E(H{zndUU`T-3w0+-Itr3e8p-t*oHuu7@TM%bDw|+gak!L
z>jTo{r%VP7`7j!sy$5)*C7_B4thxOBeB02_P!3SDsQn6R1rQyZ0bW|eDs@;;Jp;*S
z+YvI{XQE%&JFqv`9p-&duTv>5*fIeu6e4%@=W6$<!>dbt76u0K?c$eCHx6@vAr!VO
z?>};sBbt+%x+;)#T5i}f7GRpXy|uroJB8QFLq!KP0L7#w?^6Y5GP3}B)V-WRLG=jY
z9~1c@7cjW~wivUur&lBczf5i0Gn{0&u=r`&1?J~cK8DKu+}U%V{w4^yEug)^RVA21
z&7Y$n)IW$o<RaS1Cc+CCdeZtr^L!Y+kL^QtX~(B-;G`R6?~SgAPyG!&+&xYXJ@big
z-@e82@$y=b^Sa~)D=0@CZ$BxAL_rG-yQW4&L8^aG?)$)#w!(7Z0@Dn%fFF=PNBP9o
zYpIi=nnh1HRrJyYL~>o-X~iDmA{>-?Sb)!ZBOqWHy5C?S4^oFn*>`3Q0QxZkH9AhS
zf02dqMY6LT1zDh#bSPYK#w8@^Q3XW;wB<6XZ=nFtmU{RVan&tf<U?k<;>DWFe88*K
z^3n{yurLF{;JdQk5@Q1ZD+#i(qc+7kw$GdEMR;Wu*;y<tC+u&BeyRe}sG*@m8w6eB
zFndHY>i$`H+o^vxC&~u`)2!_5v!wMgw4OR>IE^EXd|U<Zk7VKg@%+k3>VyN&BrL(D
zFtHxvU)&OuxE>7k^f;H^$aM=p0|PM+ucp1pwxb&g|H!)NKeq0Ym$GK`i6vecnSQrz
z($dmDyy}m<NC%+5NyQe`?i+JI%I|&q_HCuStSmc(imFsoi^k(y8?Zj|a+9>GuJrXS
zZS;w%zei)+12$>5>$<|jp(i3_Y-uSj@fq`UOVS(nv;XinB{}aWmE}<7`SlcdpT03D
zhx~G0ix59l;DX5^(rSM+tCTgljljXtF_1E-F!~_J@Vi6*a|GSryT)9lxR3H?$zTyX
z(m=dGmk^&20-aK(NBsQ{91I1PZPmixwxQJ%%DyW-&=_JzuF_<?|64dG@Q&n03p+cz
zDFN`QRLDI_%0(3N6j~_N<|Yk{=NI6pT8!q83!>Qtx9x6^Lx}DwC9UDEMu}WdRpkLm
z0X@Ht3}ruDc#;-8DJ9wZsT*2aPKl9IG#H=wk%F8m`Sllvy{eWst`6Xfq;-`GI;_YY
zlPVn&j6HI;r<=?*UdiSs_fG<g(X<NH-VM$?AMvbMf>Od_{I4&ljLuxXeLMSWmTE|#
zDUgbw8vK$R$A$of{wv7CRZqd>us#@Zr7SNgX|z4lmI?@a=u)EiwDf&@1IbcV<G+K<
zI!jAcfxl^0>V3oDW|5DgUU`hw^_@i_tM^Y&Us`E}d<EFY_3!a0-pJ9xLBQ-QFWiaZ
z1t<AV<#3i{{X>#3U*4cYbPgQ&?%?>CDlxG|->77U(C72<cM!5SnrVq32qTq_y6P3q
zMql9EltlUHnVQCzL}g|*$KJ}peWh0cBlm+^@Gc0Yxd01XO}mc_WOZ{_*mv<xfiRO6
z8XX;7eD=A%3<A>+8$b$ZX^HSP1%pX9jaPc|ZWzf9a;$WjR=yMcI`Na4rlSayT|SNs
zrwu6M$(kcDuxHEzu$%}}1$n4`x{@<{wsVS#wPqce=e@5O8*d&!&j0%P#(6@GW2}N6
z0#a%G`x>1V&baf6-cXU<mw<lxbXr*%$}tx#)LuS5PV*jJM6N0*Jn$q6B0%;o1IQv^
z3%20axpU`?ad)lN$W?9{I0IoWV?=aZT-;7mQxgg&u$Np!<1Gt$H%hQ7D{C973hT_y
zqg~ji@elix&wyK_hfP^<Hv>LLT190uKpQ?CAi(<vjVLK8v4ilhyWro&H98q+c|u(|
z<y^VP;X_LRb<=<{sAOW|yS){%fcI;#E_L+v@eFs}I=KOy?1Jv`UqEyEo=aYAGXDYk
zQ|q}nIQ)Zx8Np>>$P1#)0}QV(OiWA?kf#NF1Rf-)noO-NL;#IG5(QNqa*Ug^yBT)T
zY2fE{Q%uXx<0tHUa@*FSolH(%L80#T1c3?6LLHo5=%O2Z&LO+@G<j|zp(JXADO2Uv
z2yDB#2?~Z(%bu^eK031oU$-3vpgB14XHG(F0S_0o&PeoV{S40st7R4(9Lxan1h!Ye
zyiuM|Bn#}DR=97v>lF%rR(Jw^B;9*Mwd=_u3yrbAGCkx@X*fle{(YU|sAvA}gj3nm
z?}E6t;|}QG4zY<-FO6%cf64UL$jMo<mR=Mz-;eg0zj%<(3@G3GLfX+N2G3yG!@_hg
zx!$<5UfN%sLELIg+)3PdSJ6jQvKTEv&l`R7QJJW(9Gg-yQdMmTZGXa$BP2At63>@X
zd;1X=r+oL^BYeB8QA2^ZLWT2&`!jS$y|jMheSULO^qJciJp%CW1O*FLet*g6&;*&S
z^wiW^TR5wn!=n*oTQ4mL`GCUlP!7<}Uz?LBGi7u{6g@Q0c-1n@f4{Z%7K6^<!l}jS
z85bTgE;NKl!vyw=#Q}fHJD#3)HaGHr;N#;de(jBwk(=9+=1(fbmxgj5QWw_Qc`2`F
z#$su%ydzP^_=Xd%UmR1IbNRAkAx_E<Q*sIT$L1-ieSJUj;caxVpB?+6y+`Ad+RAC>
z4Jut`8aId)wqLLrL-?jAD5oF3uux21MP>KBmLvm0GNe6>kP`38q^f{iLLqR&Tv*T9
zUy9&QR}8f1;^7f#X_NNLa2N#bfvd*Yt9zRRj`w!9j6?%Zdld#Iq!gT_q4Ap=bg8_t
zzt&sy*5>_ZEX+DsfDrQ<Ct6fsw1QBq(z13$vjp4;BW7S=fJU`(Q6K>ZPEI&aAR$Xh
z-mFtvOYO)&H*7U_ch`NtcXWJn7&Bk(!<mzanR-~Y<6@oJGd=Z0?<xz4fVZwMT6Z@G
zGCJPB$4kresx>e%EiaGL?`L;(d>S8@)k;LqkJHl9R@H#`Sy5vI<HGXyFbZTn>?ph=
zmw!NjWgcpj+3qUG@k1uHNDpiHn;@*fuWq+YY|F4qX1BH7JABfnDJH?DM{vjNc6Rg6
z#=l;(-=A=rpS971kK^a(En)ul6b_KP5E2qJ8k1*5@gX2GCI(NMOudI;U|<N`fhOu$
z*}j2Uybp1uC+@Jur%%%_crJd+n7(XKQGv~FKpB;@_jdbAR*u$M9>-1X-ouT~^iGl<
zSk^u$ohtwE;lpEi?0c)LtAvdfq?5)KXwK_j#>VPjRaHG`Oq2I;FT9G=!!p>}i8i^I
z%?ua?|0&5Jb;YifFS_E(ZKE)0GHo_X6JFK#`K3%AN!hJ^YKDVF;mFaWQbrj{)nOzQ
z391Vj11qJvPiSQxGrJie{qo(rHKv(Sy$#GE#)0U{QSAD7!<`PG=KYlA)~xdUn<7)c
zRh&j3C}#p?x_EoMA>=yL0zzq!l`~{>r#g1{aHly2lL2YH?<echsu7n;6+NSYp`JY4
z^4_pa=-xMi`;3)lcw$(@`X{s*{(mSTAwdeZeO(MJW8EW!0%6qF(^JeyN~&z?=qS;_
z7Kn;6vv3s`K0W5??VYMzGEjT{dOkA~(_pPvk;TnDyr6#aC38zlJYc2E1z(5=vi^{K
zkppyejs*n;o7{48r0mbuZr<MBPFlK;f8J@smcRTs=Yu!)M$M9zRd%l}XsEx=Ei=ac
z{`ITp-JP}+qbFR-H9eCPENqmBQY`seLlFOhQs29PbC9PW*C`Ma?_2ozab>D4mEh&Z
z(j{9Ud9&ZIq`o-KbJllPqC<Jzq7=3$6Bk$D$ZsDch$a*+LbZ>EW<Wl@{TavwZ2Rc^
zxqHtH^)<%+<l{5FVd=c4Wa8=VB_bqlAR4$tKT_jmfc-r?J5&RwaSROu$M?_qu*8!4
zXps~4WZIRniOKo3r6q@iY|x~BTsq`wKV?{+_x$H(j-I)KQ{u9WGj`~2BL6zQ<a^iR
z++0DQKfU=>wcn7eOx_E~2di7RZW-qFRHN1q@7ZE|`v(i&k{*bsDw@T3dfw@fQn%BJ
zfU%9ZXXSRd_L-;rhd3493MeZF1Q;5&V-lt)5T!_Xp`(zi5~il?1Ox@|_`-J3?fzlY
ze2nwR%iv*)@+qGyraF%j+ml~}u(G<>j+9*!n@_^{=C{n;FHVC>V$z)jDg=FSoPrX8
zCcnou#+NV0gYCGQV&~7vIz4NAVagBzzojZKJp2Qru`{oh^l#N~=dihqKIK>5UTmxc
zX^yon$kg5Sp@4symV6zMp}1xSuNDsOW^H--4>lW~L?a?}dal&wPKO`2NPBt@_RVQd
zQ2LzewSjS~Xda9wSqgM@UHnkBa1h}J;|s#@$;hl(>*(k#zrOs+kw3q**zoIQyQ#VV
z`$6*?Z5iwMw_|u5=a(;=R`V9pef_#vkj+eih%6nl^NKO}+Q`wvpsf`}+S>94`t{vp
zm?@)z>w|~6sOT-y<T8-+lDB*+K!^|)wu#!<zkc#}_=m@zr9r2Xot%OK$JHpwy6;wN
zDoBt#_~Pj>V29Ar)6rd3-kg55ioJ5fvIvsp93g@Ha{S1g&)(G=dQtDhEejaOeD!Wh
z56?zVG)Bly5(q^bD?LVxsY;9>BnGF3Z$3B^MFN2!40A1%txK;ByCmtMqv-qV_4M>6
zwhs9}h`Tpogyj`A``2`9qkh<8*f0^Hq5hcb*Q*6joqGL+Y{r-%^7^<yO}m-6yxdRP
z*pSwPy`%=TR0r5uHMO;E8A3WWep64*9y#)~#`VSgIT>9n<Q847a47ZxEcs2=hYQJK
z;kkfhG1Ah}q2vu}uI#h?+vIrE=aG?-BG}}g!y<4sW!=5b0?khxN=J%&w$^m8;OIof
z#O4-(&em_3e0oCEq?rQo<%Cz;j4LcG+<E@|`7HDRb@S>xW0Cyxccy3cx^K;}OXZ6j
za28fLbnzDXZ8=wr)`{!*&XqR*p@S98$<0M~KX;x%f>c7_y;LTjnPI9;!H>AZASD)l
zSYXRkv%=1wE!us3y(h{hw!2>GCM%f2Z1Jb}7kYoi$c}#B`^<7P8{{xX&)nXJWEsKM
z%8G4mYa79X0;3U>M+f=y-@ds-KJV@9{N_?B+1V?2WUjK?*mzdvXkb@J=&xAx`n7AM
z^SG-;3WQR6DrEBz`IX*)@*BomAzid7_T*j||A@0gmljG28HFj^2CJ)#E9M$B45w}l
zp0kwmy@LHsAoM9iOqK?W9Zw^bjoV}XCcMZ8SMU`pZZfF`8yg!#&|fHp$Kw?RX7mH=
zUS3qY&nvl5SHFis_>r@-RynvmU+cKH88Zi2S#dRReOe*$TraBRqeS#U>gd9GCT3>O
zoR=?og}J%2bg?e7(la~BCyLzV?&no+_ytVO1Z+Xbk|L2I$1^jU-@Ls+TtCLba_@w^
z`|Tkrc1GmHX|gSAg&$(?H@$W(nTwMX|Mlxv+zk{<=kCD_9>W8)U}hH_3W`iygZH;;
zYhThD!nZ&8`AEnGwh%x|{AugoAfLW)f&4IVX)_CBW9&I7=A>eKubJgR^kZK6pmflD
zZ>K}raPG&e^WotIb1M!y*tR>fpn*2(3E+(Zz=@n0HyM%X4)W9FZSU-$in_YG{aTuu
zljcQNllVD@OE1F5YHd&3$V2xkCF^@>h?5SpWww9jss>n%lwr=IkI%;As;Vk$n*sP%
zqIxDKJ=Wz~2%>~5EWA7YRM-Slg2S=%=p4tH9u+d0--zF26f*23yyW%t^wPz?hcCd%
z&^(`<oUAulM2)PVTJVt$azg{#`7iD58Na=1#rOV<DG|R(F_V41%H8j8B={;R5Nc|d
z2Ff6c+l}Fen%&*qRaS_^t-NOILu}_>^YQT9g6V*H?+%|t5Tl8G`w;3=wIjRBke~$f
z&&=dy7JuvL=vY}=a(j-aM>^}7xRKLA)fN(#ph^D%h0^1&v>!cUWi@_W3_0-uwpk=2
z5)=;$1V7=hPvPf8I5>L*u{r^!i6B9@{(FB!|DUe=f4!{NfAeMjx0`O<Bp97qJEGl1
QA}^$lhM{_~npN<B01I;~f&c&j

diff --git a/docs/sources/terms/images/docker-filesystems-generic.png b/docs/sources/terms/images/docker-filesystems-generic.png
index fb734b75c62aff73923b144ceb8ed15187e0594f..ae54b72e885ec20ee281925dc470692ec2de0b84 100644
GIT binary patch
delta 48941
zcmYhjbx_w`7cYt;22#@9-6;*yDcvdE-T6h4?vj=kkd_7k=`QIm>F$QRdERr+z05Go
zF#Pe`vDW(3ru^TFn%EcRF)~m?jlkUy0>KNo3O6w!^cS5k4dIN$A}TI1bGk5D7Lw+j
z?QHu#Hg=J3uyvUmhEUQ@H$Eo~rKSzlD9@y(_369po~&q9NW*!#aCkbv#%6ZGZAP&3
zklr+TBSnu%^MO3p?46b7n4)!+*3~&|jFsTZeGuY3f`JWe=>)yqiKPXEPATBb6QgCk
z=?-bn!jZhlhiDoql5sOW_1`?`@-e{o8P#IWNVfIOreNC4u^Jrc;CiNLl=H)?I6LK7
zEj2su&tdtog@oM9##|*~pEx>=ZaasDha)8V++JKC%+(INt#*W@{8TOaQEfHFcs$6t
z#5bKO<o_Jsgd)}qjphSHjvCT|qW!Hk;q<7_trLrg*z#4W?$;0XH;SarJfovFr*@<X
z`+8p50m8Y>_nQ>cm6)FL?79f9NZFI^h1uIfiaNh++p}y8tI5utW7@4Ii@N<-jJ9~a
z>u|n!xmql5OTo&^>m@ONo=?MH&B;06_Z|L@9`J}8A)b(uqGhuV^(9QGmFmp&E-nf*
z>NR;{-Cpc_k@NBKwf0HNwUQ4rp5*J3#z?}GomU-c<M6#olbIgek^P+{oA~P0`MkA(
zFivfW^;%CIqZ*e^QR`q;x1d`g0z+eKz35n%fz4a8CH8%81c$Ph6tqgYS{RCPYs*`b
z3YQ16uaWbW*85E1Atgs-ZC+k2m#q&)NCfWh>U__CE++H44imE4&chJ%^3FY69j`@1
z5(zGDjmZn{>sJ_dhHng}W+bzkNDnv-^PAQANsxN<ML!q)?_(OYxL??+|GGbMTrNAz
z8YAvM|JXYiX!Ppq@lvlw!TK}8hs&~=c^zrYt`Pq2kRe0p5Rt)MhXL6DwP4~~$#5u*
zWQ+GymUkRABd4EIVMmT8oA}2Jx!p*DLG;XAt~%91;Vr*sUy-o=<nqaANQ4ggV^Q$J
zcm#>k<?`zs*2Fv0dEIUf=j+Fo`ue1Gn>^2pgoK2;HwRO(l$$(V+HD5NV;v*WiBUsD
zm9Tpy0<u0qQVWZZH*(HyI|6^%9TL9HTdzd>8e^q#QB$5aw~j!#T#fJ<VZr(XMCvyt
zS4&oIjbYb#gxZBaB?IV6STgdmhS0uKkH%!TYrTV8FFiQmyKH-lkimn2ho{+ZvQ3Q+
z&zHi{4ptE;_gz-b^?eXBKFYqY+y1JzBP)z$_3RFGcYVt7jX_(@Xy%uRE&)FNFWmRm
z?hn_S8G?LH8v|%2-Z-csqcQ(yckdlzeBqI^6yGY>#|3@*8$?lr!-B!B=_b~_kPw*?
zA?o1rSV$pH$A(eVjHx>lib_NrPH6R>_VM|@HmMjxjM}E2FOF7LR(G(l$tZ+!O<krZ
z5K&Ch3tlg;S?3+mRJnARx|9@8L0zjQfdgY>nCOIrbrd3^C2|3Q=HAA`=At5%!oLxi
z3|i!aY20j-TwGV4IC@`14bkbBTXMkpYfvM4i%w;QNg4jN3g+cpnTq=QDfz+VSnE6`
zw%^R4eYG(=r&V{9<>R=b2C9T>$bp&>w25Ws?f9JC-1Kj>toR1QXe+HJnGTPYeSvUR
zrrP}t0zPNtcYl-qz5E1P4$Bdv5n@jS+^=#)>!RL#EN*a8hC2AT5ih~%OUlc;Ei|}T
z?UrcQ)_|{}GR2&(grRg^s)1Barpbv3Ro%%cl9+gO(3DU^a+!b6y?J&r#tXF({BFKn
zGy2Q;XGqo1a3(t^>7TY{s-RlL%?d{1+x(8c?qa(zyR&?ykOVlV(D)p$R;mK`A~E&h
zw@YD10b)_r=*~PVaA*WHzunmbH$x-k<X&8EwbpSv6>RNT{vf9K<|ka(F*b!IudgpI
zn=U<>&Wk@=E5CHWc|Ok#b8-rumMAMJSu*JTuA5x#3~S`&;W71ecTdB6Z#|tQ6-SA&
zK>Lxj0wxzGMv^?X?a216$R<4O@5A=2A3+7F1qyFUbA#Kq@zh1lerPUzSWnrAU=mb!
zF5~&7oqP8C;&jbO`WNcjGC~>C`>5_Nenv_RrgQ0>K#rvkQ7p(_{_)?=p#Jg)st+W5
z+Ql}1c3RD}%WGcJ%?S%Y#>ENM1sDyR@xJ%5C<H7q*^P<M;-x7*dV6EDIZ-}*{w(in
z6Py416&2NU5#iSe?@9`khttQxVnl8)Vq7G04@^u=dAd3~Jvza6)5WZn7AI$|v!Gy0
zF1OQ$XszwSjj5)dKPW;-$xjlT2gzOIhjdDNXCfUw3ivVI`AjYTBLqLnl0L?Tol}}<
zS4COh)K@s0NgL=y#PCaD1)o0@ebyIzf#pVW5&l{3Rds4`Jhuzszs<1C0fe4mv=Y11
zQ^H4`^vgdNjYd_t4g(E(Bc+K)dy)cL#zOVl6F<-J*@F$@sEjC}w|x|13ORBFmI!#_
z83yem=Ir=_&XR}xj-&#F>1ttWMXEpY@>C<k!;A58aAqdEx+u%kO0*IiTz0=5O={Z_
zxVpN2+txx2`v8v;B1%dV+Q*SK_UBjRssrC$=A6CxY>j>Q!7s^IbZ@Hh!qD?Fec`aa
z>9@R~Yxzp+LcB+@24Q40ss=?4<85ltbbsCA`t{cLv9>j9^8Nd&osrKWD=Xu+(<5A)
ziF{54DzqupmSUA^CD{B<ly0o7!3&M*O9z*hmb5S)9v<(_hSCZf?N{0w-eNKCX=Vur
z%zaE@m%`z8G~U}9%~9^VVkIAD{%^OXJn|l^+60Ss;qHGxeob-Lt2BrL1k1xr0d~^0
zS;&o1-PWi9X9O8orCZ-R(o^m2!wTLtI1Vi<1PBZ5zeL1lcOYHJ;EdghktF=n+ZnJ-
z$p89a6xQ#wxA#V^1#~!KDqcLlxmr8*;E)gtOf<AH>x;dal)eNyedO1#xj5Vo=FN$S
zGUiM?5M#}txBu1S@rdQY<{z29i`^Bye#eg}M7bZ44d$<gqsr|FREkNJexXYjY$6&h
zvd9evv5Z)*h*oLra}lb7!;GtBOZU7m-rJkuQm0)jH5V5zQFA)6osE*q7s($}9370%
zI^WHqK4gf^cy2jWCcl4kzAb2pzH{e|YG`!65BbJL5`aI<8Z}o@FV!hLxm<$OuWt`q
zU~Oz{oOZ_x<8J1ihC5rXH&TzmQP2KrM(Q04dzv5}T;xOnVs@=ZQ=-x%l|y-zN9VFh
z_vw<C6)IJ@EESCXDkVtwV*4GPV}>SK;;^Sv+1RA}+0@j6b#H9*@bG`C6dqZQet}rn
z%>HKYkKKAj$0hfEQP*E@(<N*2;;OG(Uf-2b78Lw_cXxDl+*%<Vz#6Lb{F8}Igk9?U
zs~U^;I(0n~GJf4$tNq!|)`iA;-*Z}+`uh5se7W?W(9U?_jXremk^zrFJ8wH%wLS9&
zjj{s)pX<mFM?df%jmXn&HN=lyg*wvr`f1!6h4>ZxioE`HHm%OL)u@+}q;>SOVabP-
zN!Y4sN}O=fgxH&>Zlxu7;<DowDB<mJ1bkoXqqOPo6VHv%g!kaKch8rskd~u%bYHie
z*y4Al7NPnmY;o><XEkBTo+c}~Z0^j?S*p9{D*m#Tm9@_2l(N=#k(}(_0b+5bBJ<x$
z=M7n`M?)zw*?n&voR~rM@&3+y@h1ky?gZOuf+S%_=S0F#lh;_in;p#1cfP_hf{>_4
zN=~X*Ph%fc;_1Wvt<S~b(&6c97?UN~TE`OIM%NI#-^b#zIpPuYN64wUe8<jr3GtHT
zCd2$J6)R@P?x>UyJR;=tor^ptIu%iH5KZ^Tm$p8h6sk4r=hiofrD*|}=~*Iz1zK3P
zIv4@tbC2j<0cZj+Zfv#aHRwZxXxVE=a>q@aei0=MCA_Z2ZS(cx#oAM{&r-hK{pKT8
zD<wC*v_(2x8cx@){l4YSQ}V4cU(VrToaTM8#<LISv(;~2BT*7VTuGSwvj%2%cHtuw
zdAWLPUE@~sNuSrcViHqjyk*0i7Y>s<L}A!*BX<7g$*8KAXsNnP{8S~_-`jKCnJ99r
zuv=;l+8jzx{d685Y#VYNEyx0{W}P$M%a3y~@Cx>qnu=Gquk<D8-=%-0rwQ^tZY2GF
z(bUfq`!{E-bxH68H1E2_Dq0sQnB=HhLg-%ovaIH40Y7;5byHWOV!6qmeLQ>nO3BIw
z&&B`Be?dF~o6iDu;pUvqIgLj!BR-dWC|zK%ek{M<`2b8}^C>GEBM|_3`Fy;OjxM?;
zg(;WwQBkjqhwznRV`V+R%WMu;x^62?GU|qcee>OiX5V3>3ePd>7O2dGQzpfBmseEh
znS3H<fQ4O|P?wUI0W-zl>%#uD;i#&&x3@w@R@OQxDQVii^$Xm+u8t0C3WwD<K9j!q
zt?&F^dNgbO(ebeV4a=_1l7=I7>Nhx3D`j>h+sp{=I6ItdAFU}U*16KSpW89gv~-^D
z@IhDm$~|?II-^8;tmo7&{9-GY+wB`+WyK?wq9h*9FYu$957!l6%P}%KZ;u64RGO~*
z+tXQ2s_IV+S*-9cAm9yNs0`XG&aPC6r^Ptu<2yP#@0?r8$Q)6?PwV^PG?TxwLWxBb
z6`Ppa|9O9oyWEEtJ}>qMgVso?Hs|w3mmCOS9McG~6E1)qzn&e+OFlkqIr9vWQ=(Q{
zVX-v2#n~SbUwe3f-*pbAa?%|vHqF^x9xV8(sj2N)PW;S+d-;+ugVS!Y73{-C{JD!H
zJ@S7I)uFD|d`08vU-1WL9>7`NGrk<2M0pUINxs48_>3s*j&4A0R<Y$=4qfp(AjSz|
z3@wN$)_cYjO01_8Z4%R>8rB9UAj3Y*oSR#=g9LT+$zLX)jY@TX_bl~)dsl4~B%qr|
zZq9)VKB*%mOU!wH;_1@$>Gpg+a#IjOmc!`=g@B$#?_lprU+1q9wn>X>@{TS5)%&yM
z1@k`VQ^n~+1T7c){p=89$cHS2k&*teKs`N#@9ZJ-d)7!2V%uRe!|4Kuep)3p4fZR-
z=j;86>iW&z9#~dZyLXwHnPf%kWqSHuiNqDe|2yq03toHY&y>$P@gSBr4|njtY+Hjl
zzZTWyDRwL8t`|SP3H*x1#6i!gJ+B!R%IxDUR^i5=Bk<M<dQj&(erA8c<?P#<Yml5i
zZyh{GqQ<KfiN*a}Is*3$hbLYLjS`!lTL0qylKy@J&(SH|&7YHsHx-dit=ym!p6_?l
zHm4<e7Od>yXG1G932=bLx((yz-BlIUodEc!++2epgqR>rL8zuiogl5ErZ(T(vpf)j
zMxMbXBn>H{g5$lpA10?{bvrY^iNfuSuU&etrGvWm$;wV15Fd+$3Nm6fn8Q4)&b`^Z
zGNQiW;o8L-8*P~<#6kGK!!DRn;0q<?#3Ow`zPM+YFB6gQt1j7IqeBEtuyg{YQFZ*~
zSt{+{ctQ$Jyhs8+GTwlqT5ZGvmCifpSfHm`Wu=70Q}5V^oiXj}naoITf`t(qR<Fb%
zZ~P_>=9?N<*Q)LL<TooTDrLHjJtBuo4G9?nw*wk6m_3DGUts>eq2);*qJJ64)cnAs
z&ZKMjI9Vd^oK|XJ@HGPab5Jd(+GMBQVey1{o&5!UFO{7A?#4&_v^0BX$867Zh({hh
zs)Mgiy+}NNvFWL%26)~2c<@64$l!uSNm+;_F56P<vJ6d<9xzmDkMQlR@Dw>KT)3^Z
zk(LHfvvW7OMk%kReOc;1hCiFKT*gBfj`;l3rGwydP0<9)>yB|$uC~rlI45xZ@$-W+
z;#7zRPi?8lz`~akt3c&Yba*)E9GBB{>tFB9x7^Oo_-$!WSM0~<owXnFyq`ZeC;aq%
zLI_V=djq;<SZaP0*!8_dOt1MT;Ec90WOCFIlE>4cl$R~n9yo5H5srt08YWycadQ8P
zs2sF7pGr7@m+~wpBwL&d!*k*^NdE(0V@_;{lislTYgyeI20UhvRC+0bfeC|}#T`#;
z=rD;XTE`*gB2L15z}9O5xQShi-z~xxL*|EZj=!&(akUukt|{2fUowbvghrOc@UZFf
zAqE{RDymZp6{2&{NK;U&WH#IutAq}#{(RN7Kv3lViD(@*gO?|aojXFS_=A{4Fh&6>
z<<JlY-QPSr{jQ-DNOkAS;hzx&-`fM;zhi%;s~`PA(c^O3MFN;nWj=>__>G~zn4?5G
zZ*|>mF>81vi(aeT4|c9L(fl!z-!qB46bKtb8Qdb$N~lw%IzojCnJR?}v<cv*qf1k~
zuc=Wf)l%jAsY+L+>DN(rS7H865ITmtuCKqbiSYJ$lM1o;vjrhn-t;r|GxLPxk^Xn+
zNZiTgYx3q8o=ex-MF9&|#Ev0#XhaXNT#ess(kLjHB#Mpk7ik9I7Jj}RUBN@(K$tHq
zQGvs)MSlsIw5F#bdkA4l`!e3$#GueOw;ny%kA@T{$G}6%^6lveBNm5^rMp$D*NeLn
zOIFoT<`_DES03y5g`dAR30wOoY}$m-jc3ooQ~B|j1Y4+@i~CfIetqgi-3Z5Sjj)=M
zc0mAr3x~@Ve^9Hst+gV_!qGGvOzq!~?a257_I?2w-fg{CSBCqSGkA8)xBkeX30-O^
zGn$%dGSa9F;fDhG<P;9qtDUH2J<~ID%Jq;I2Q9e!2|E+VM;AXrqL2}reuEJ>QZ?+@
zaREK7^t&yt$aUQ>HT`tiVg58p&o@`~Y<XbCEHmeOu8QO{pt*#LIFnoJQSK1U|7^dG
zD?gFxX|Smm+YocuLAm22O4IpMOD21bVCjKwx747=d<+{GXcoO8l>PGGom9cX6?8o8
z!V@EaSuZ+Xt5QI&b%8mG^Rwf{*U+Gfo?i5A8^w3oU1Zk<tt+ZlljPPNufG#<BIW(9
zD^hg9eg7{%0`Gdgs7&MX!;X~0YXW9JZX%zrZ9ObFcuVhXt~}SJFKibFeoPdF%vP*r
z2_H*@%+*FYWM!S<^2EF9HYzo_+WdsZ3tIifT>v^NN@R3kp$G^w8+JV2(*&sEBe+r)
ziHuonN>lY|d)AEPR8Az^IDS2<MKCd|YAsS|DOXn`9o?_wiHLUCt%H?R<+N>5lXF;D
zyifY*bmTrx*g3g6ky+2OYXt^oQ!^FK#j=Y15BC0I>vWR)R&YAqq6eWTyAfGD?N^M4
zOfkw?y7h02XHKKpY}U81&B=(mFGc(}mS+U`NMT@zVWdQbRP<zmBjVQ##i;Io)s>d_
zj`YYElZuM@m569cJTmhTq=jI;3^{HjX*qhs9DKmH-{5Q@?9QcXl`=WH0Ju`2UCYNZ
z5|Jw~Ot`Du>?$sxMu6LKOEBrk-k_w*bps&P+dtUZ*9T8!W;S1>&e>Oi0T1_?gycow
z*JzL1_l;y^GYzf`4zG|h89q1{PFOx@{rcMSjsBUaP0;OvYOpq^o#XbM#|fe26bq+i
zb&B$vH)+z6%ZDcYFcn&>qs7U3(d@^^Sz0ApCYU)Cjw^eRra%&lf38vY*_<^2{uZ~v
zbD?2D{p>(k)R6y3PF?XW(fApP*ain~ybJp<Bctunjp1mgRd+`Dwyl?Ho>FkckpI`K
z@`}b5`2cC=RTuLuWl9o3@h*<w#TP6w_6znTML@{`BftHJEXh^<<^cM#&yI)t(Kb^{
zITdRxbSQWe+>gbGjStyh+KRgz4ER+TZF3mEzCg-D^8wIN<G!Csbbne%-19~xL-nT)
zP8lY{Srny!fV__Osz%oHg$(HX!LXpbrxq^nd+Seg4KDamVRX(!CF1P~VOah1W*sQp
zGcz3$5@<vOB}*Ghg|WT~xh~z2U>iIr4-cTF1_ys+vq4hVL%sW*_`beS#`eHbmyXwa
z{XJaDO3grdQ{v(*{jh_>9TFcO{-=3lv-3pR*!Fdvl1`9z#IMNQe_PJ0mz--U)U&0d
zC|a(7G$2f^T)DDq2g7A6inIw-pgNs=ilK~VEG>0@`_^b+AbC2$5!Fuixrm6xSUtq%
z#c4-rxGrtzddO&>0Q1$Z?NQ(+IB&^UrsW;k7C;t^rJY4Fp^No#7-5+2YVGv1jBIrp
zyA}siXBs`&h}B4UIBjJcOLd?2ETKq^;TlfBuc(ptULqp<u|QF$#WSJq{+9bUB=|(k
z&*$r@cxq@As1vvv>ppER|EY%h6T@Va`|BM13mS(mWFBty=ZjRysM+H)4;CyIe<pP1
z5A)LigmSkT!8zSvOEBAb&IupzrN-xG#Hj6s4y`)l+G~n+oF{O)M7K*!{_S%{#?scm
zfB%B;N{fn@>qnW*U9W8iuZ!92GLyy^at^~rvRWL5-(AyL-(Um|yn{+CW!lnH%kSk`
zglcjpf7j30pVF$7XivtVXH<ouG~yW6hV=f1u#OAV%8JR@WOr~zJ84~0ne*BGK#?p>
zmf&!jA$=U!!qmep)o<#1YBn16O8Q|6*lLrLSFc{8qN57m+Aa{Hk%4O1haLw*#lj>7
z99BbCl?qirQ9&bSSN2*}Hn*bPw82#}iNSL%`oXcVuLc@!vJ_|wH&=uJ2L~8#w7^1H
zXJNsiR6|jJGfS<g-ur<M>tHfdM^bLXP#S(SHWn!7mNA<JTN~n^Bwq_<WmTC^9c1Aq
z=6@D@i&=h>pP^7RabvS6B=q%TvhalGd8kj?et+UF)c9%Px5ue|SERC%FSu;k-BVL;
zveMGhttB#PI-i#5w^+ohC=%kC21q_!JRmlzwf=)6z0W7dpG9i%q4%bv^o6NT#pbNZ
zPai-Co<n+7`(YMN(eGdh4);duLR#g5;J7I&((i44D83$Ow>J^EVl9d};d%<TNI?Do
zTLr}uJl=_@nf_?4kWL6SWza?)Z{jWa@`Vd9l_KAVWI%Kx2-N}YOS-w3yQ=2YO&?o-
zi^WBV)qTxo#^rXyzB!z>BJ6mAHuYtCdRD1ck!*+4LYN;J8TY+SXnvG@;T+wrGtY(1
zOxv%+X0qd+7{mRwe|xgvNZft*G;rM^%ugy>ks7zVW%PGv%8r$l=W{#kHhq3LYz6x8
z6-;o!xy%6IZ&}RM?3Z_Rh_)jsOzgDwaAw)apT3}ALE1ne?j)gjhyMC7P~zGvra-m4
zI*8Nv*{ipQD`jILU$)pJRt!;fcwi$L+rE}d(Zz(CS^{Qp_!yYWWj_A=uJH@x#%qvi
zUby8P?TnqxDSW3l>d_D5iiA{kI2jS*v?<`w7o8WKnm%~&F?G7$0G6fEHNisYf*;q@
z<M@8I+LS*ZNYT=kwBY=?+%^!f;^KOThQy0TGwUxEiaNcjaU;}Z;LOZO-s5uq@CDqy
zK)Ks^p$KVzq5sR29$86}IOGYc>4JnLJnel%pkC+Mas|rMW|;x$LV-YWJ%wXi(1&M`
z$C>)vArB@7y=$!6l$r$|Nlxy{ZLjD1`7V)Nkoz?~ebQ?^n@@YZt4KwnhObL7BM&~O
z(*?lb967c=&z*7~O`!3uP0GB9f5`aW%k81?`bQdl!6Ad84FNoqsQi^=@tB$fK5)pV
zu4is~z87T^7nSkv6n!$Dx)_Vc8Kt7WDNKOy6OeDum&^01Mg4J_0BgO!zdc*aq<eco
z!Alobus=70@lI&`V&B-zB$)#f0AE1qliu5X*BpLJs`?Ym8<ir}u*r0u<oi3Zm8oWa
zCxM3~b%`iOXwn^wz3)Ae7oy^So3%N`Wm5x#YHLGsyjkVCx=%;<W^}l`)LI5dI|G`P
ze~dJ!mpRt|rKTYQ(1#{E5zLM^c1@jLYu!#8pTBu|MiTj{dkF<SW4_}k&_N1wruad1
zT~H@drhu+Hm!<IGLof<)K9c4S7%6_(M|#wNg@r)q?OL;ha+<J2+u_^gExqHTL&KXo
zYx=6e3LfOh1GIgoxYba4>M~H(z;_By6CmK_MT6&j+qT&HIg;P&Z-tq>;pM@49Jf>W
zYN;MNC?Pq1FIMLh;~fshKUCt+KTP1}-7dM7UA5S34*lkX1XQIx@Rc3bSH%`HSo}L)
zg+tFvY-~Ji=ec;0aKBcwTgE4014<WQc(~Og(egMHz-D$e_4UoX_xQegKAKzg<s+Gr
z=Z!oZZ@=SdLOcntTH8015tra2*qKH-*&am2VQtwhc`T;O*<v705-s}4F@5L>ZnL7Z
z-p^V>cPODUdW#9<gjJ2<2+Rlkyv`X6NXr?0Tm4%{C;4dS&d7VkO#>J@D=Y80swdbI
zk@B8H+3#B?Kqc3E=TqFSThYD4CMGr?!CpLZbzGMn^rm*U0ibYQ9o}8bJBQ!T)i~^p
zkm%j+u|5CdAAvTF_Jmr9T2A0!)!0p$aZ#(%f`y81ZH;nqX}j+f{eudH;8CPv#w|zu
z9&Hx-7K2|mL$@}LPL70x(TT8-FO5!lP+-`bd|}2pfy#fTVHke@a*kHJ6)F{vFRR^9
z_0W+pWU=%u>fCXCJ&<qY>An}$%9s>rh$UfTcB~s8pVueo9c^}Y4!sL(c`)u~#?-7`
z8Bq%k{W?A-hE%3l%Lu`Cg_8hW%l5)-<~OGeE{&8FC4W#!6Mxf7<c)wgXx~G%QaUrB
zq0->jzYgX}c83UP)k<Z_n3zBZ7%jI@#^taH)lQ(z<8cK5M0={#WPMoBX+Lzuxpno4
z=Pssk#jvoMGF$h>QvpF_<mZGpHze>5dMLCLELNa4$AD0UhkN53O4LeZS7Z4apRV=$
z{YJNZpUZ>0i|fte+jT4-eS3b+vNpFB;M8FA%jf1xe&<)ado`5qNAnm+OYyrs#Y0B6
z?|vY<Mnwl$*J5^|s!^-K$SC`EcKQB6`mGsOi20-mc+NZ(eP{$EDfk7ah)A_=&g5Xo
zA3H%C@t%%X>?eP<?T!Z<4;`C>-#5t%`%``_m@61n9%Fo8CxPs0J)Md5S~EF0_eXBI
z)0+4_HkP_Nu7`(Wj;$`}0~J8%n4H7}G}(G@ufvO%7f2jBP3|$k56Dg9={#-^dV6k5
z!vG+DhTvmb*I??{&YRE%nfBPS=G9v0utg#rdb}KCBlas#)c+x#gE~(fD;eH1cAO|_
zs1`Vw(ix4zc4fSyvU;)S;r*e{!QHMvk{^d3+0r9PP*Q599BL|9NxHM>?R@p;x^eO4
zIYX|!a?xj^CCnl&ifv055~<+mwil8fn>Q4}kzbQOW)pV7Navv<+u4aX-?7?2JZ|rm
z{no?2eg1rh{jL?js%xWBQZO4Md?VK!8~~PF3-dTN-#C;9t~tO93e~0`b29qz*^kbQ
zM*|V@=c~g8q5IB725mx1g16Bz--lZHy|^?+9t&Al!)ljIduwb=9aN%p>SOH|p^ReQ
z%Q0drcFPXGWVYj@OU~<ShyqpQ>CiEx^J1r3ZX?6boELHUQ)FmpqL4!u;Dg+Rd+f3A
z;JFe<@Pw6`>%1{1eUVEV6Prs7Zi%udoZ{5F!i&%FXAq~93<mC24|B$ZIt(2UZ6}Bx
z_PQ_(s<0Y6lN3{e?sSgNgJ-G#c85|^m#NgV4kP0C1Sjfub#*~?HlOWu8pZd%^XKX|
zhdXtK)~OXfoj-l)NG&<=um7|6-jJ*;3q9OzQ-NmZV}7E6|8uf9#3%qhO-h#j$SGY7
zDAfqZfOuWDzGAnWRbdj}@rW-=6$4ZnwEWQqWvXA5zoyY}dN*1gR!5qB#PwU5G3&Xx
zfienJcwHQA&(|a4(5e+H1^6<x$c8cM4v_ki$7X{}!HH;HUBgLdg9~|A*U9$Tw(+88
zN2^9oU_{HGNL6Ngp0kusGlX!le=84(6m=F{G`26IB2kLW##(;iSN2brv_<7wzEN|!
zxQFHZ`>A2eM}E?VqyyO|;FPMB4aS=ne(DPP8|(UP(whqYw+qjR#esm8m}jD#*JT!(
zP4r>Yq{U(L6vm+wmK*lNPiC(0ImTHeygz-jxQ{>r5HyRFLY(ovzp(;h_RaJ~Lj>--
zkqWXBe}4-?6u*S(fIIvI6ri3Q+s>c@GLno&#pS8aj2{s~QzfDX6!MpmcoK=tkdI=a
z%2Qp@vBoaoaRS%z;rQE*n-q_0I3Q&jch{TaKlSzNyxb1u;x-2RCqyT}<gvZK87<Kl
z1bWT%!?2*WX5+WG<6{$oSrK488~ifL;P;3{HXU5u>y5jyxsa1P^E?)t4GPHel>U22
zF8}HzU(pbq@BaSU;?nj##HigB3q9Uu=_teevTKh;CSHB~)Pc9bViA{=_%A2h@3#_-
z<E`@Wp9Z4L?&<8g^OU%vO+x)n=8mj=lzP#+`V1cO7qW&`_O5m_7+uYD@cY9VD9<})
zs+}Fy*M*yYWY733(eOCZB&;?GzmbNcRtfO_;qBh?rDlEO!(S3E4CvL;ZzW@{>Ya(T
z>*KX;eq+h)()_RC$sA!%dcdc-njp$a(35k?DULUz1P#sX<ilL|&4DBeEEjg|pE1DY
zE1Jk={lfhn2yvqeUv_+R#Ggfb9^g|&;*$V_s6^bqDThp;L|afzSsC=Jm-1;n%OPk|
zjm{wpF)@3gQ1J3rtN#{Z$x>r~z(3<}OgcR$0dEU+s%iH{gtt&|rB5eIA{_ZQ+9np#
zpBZ&Ae;U9BLPVuoKjwwqjBs0)h)E4=wo)NBuh)Bjs*kKU6=P$6uRd+aMv97U*J^5N
zkJ*e<Hz42zmNYeu4%5W&(foa*o4xrRt-(JIP4JK*8`8CW=Y4rGx2MrqGty|wZb9=`
z3%8$7rSg*{)!82J(a>9k{5P_<*~=`AYVEU+Z^+tQn-1&*Jy0GFeavS*R+UxfHkJ}a
z1*BRWl_h+#$z*Dldo`!_r>j$;@TWbs+fQ=QApOm5v2bw)HLvfvaAg&vPv)t4h8Lf7
zhdInEDv0V!hF9b<&~}{}@}fP3hp4D30a=-@@^p!@U3J0Z$acyQ03oYH%W6v;j!58a
z)fDUYKiJH1IWEK0vau>qqfbxItgP&RJoSTll1z6Fqx_9#YG_*=_Hn)5+nHW=MRe>h
zl^q5f2g5TmR_)Fv0B=O=C7gk>96zb88Dxx7ZS?B4)|SF^Q;yYc>HYR~T3R}=#(wBd
zmA-iKYR&i`W-T{2H+>RsqVBtQo{B(Re6zEZaj@2<n59IK^Sz8+lFC`i0QAsNBiU!q
zqf=A+y?}dWZ2pF?yiDU=q0(*0Fcpg*_lusp)=Z_=7PZem{W>Qk;DXiYehW=LLa&>s
zgl-qR!a%Lvyu)97MsOo^7?SDzkFi{is<|}vTj*qE<j_cVocSMx=($FUSXV{#c%pd~
zW9?6QN>XS<L?E7Idm$$f*dr-#w*NQp?tHh*I2UVSb{e=qKmvE(n?c(Q#gOq?<gK->
zIH+CHIE5b7=}$l8NsEavF?mB^%N7dJ9>5OY%y%uziNEx!wKh-}eeufekW!GTtjA|>
zZ~w^x_zW23{yYu{T(F5+db8sqhJfi561gF%g5GUt)Y~^eKgzO4fN$^U(AqnL1Jonh
zd7pi?Ja`8GFXod!6QtB4tF#!Fpeqt9=>9zGTY~^-%$IqIP=U4a=X>&}5rhDMr)N0B
zhXaT0J<Y{bu9&m7n?mim;NFE(CjX{@Ye7DSBrQKb^Hy(4!keZSpADj*hfElUB1)xF
z*3#CV+CS}W;b#XizBs<_%2lf+Yi}0!ziJHiesv0IV`jOBcdx}LB8bq&q;IB=_>Ir?
zYu8rDLpTO%U-+q#)txDX0ButghwCWV%7PHzOqC}G#H20$x57v)vi8@nY*l;ag|;^H
zxxBYEozD95jo!(sf{z0?>-{o(7CzD9A5)(&H;?mSq_Aeqq7;BC_|r8Jpuk0KmgI)W
z2=d@TfDpIEb^kRyB49AKD$aB*5#m+2i1`pIDi<n7XUvv)Bq3i<dU*KrZY@nsmfLpZ
zH`{jqTCzHqqlh5mV-UxxTAdo{4)SF)Rp{>T-#bPRKqroE10yQCTjlvbLPhP`6L9o`
zleCIam3RorWDTbLp81+5#z`W6q7rRH8DXlQOGUC&U#s|L(v4mSu4IU<-lhSB``Jen
zA(F8xqJ7$&!`_}vlo3OZllX53E<09sj>oHVC+a!uu>KjN?CHlNIRk797%MzHEjTz9
z0lu_`^%1(|y+UPcy~@B6tEpJmYsZ*10(^ouJB#Vy=3Q0WXlD|0d7Y3$cUNQpnu?XY
zPs>(AwVWs$j>gi@wbDouyK;v9ZTv$4R%0V6DOb4-o*SVJqY?~!9;zJ#eGwLU1CPj1
zyYB;ne3nuI9<l9;iX9SS4g%cC0H%O^;Gfpf7?8?58RA?@V)#z5J9WDL+hgAM1G;LV
za?mq2v(<^3l9^R%8en|DKP3(bmET5t-90Qlo=imv3fLOEM`=M324{1m5n_h;K;Za*
zuJhRZ0UQ2#UELcNk6X%uQ_)eEPuNw5%162P8>&~g5?gFid)kxc)zRp$f@<DCaiIrp
zyF3lSQ|q7SI7P9FwqDo$AEUbD=G?>J&K-osjDNs<43jIOuzmD>|9Fno_}-SBx8I(M
z358DJaz_jT0AAYLnH@-w<d)r$ZM(DKANn(i1s<-=;s{#U3nna|$a-m`07a*i18hYD
zn!9><Qg+i}HJv(_!xb~wDS&(N=~Oa>;wUMZ>L$0HP4|&p*(n3%+uG~BSHAeBRu<9u
z<bTXjH8)Q#OT+m8ZjH|K7oteJ(3kD8kcIlnBcbM2<{N?nZ8^tn1{|k1D1HM7il5S5
z6>}M9)cv#~GF^=nGi`!D%7|eV_GSo+5RG-Hqaq!mxDYoJWSzcki!SHOocMEW9=u5X
zy*lu11OfO+%ERBoz1A_(7&7fARQ{QoRhpfezAw{k2M9HE;$2~ODjsJUq|Yhhyu8%R
zPjq*cBUbzc{i|9Ii2!9F=(T$x;p2_bSYm^o=dT;47N@%N$I;xYwFbKcA3mKkwb&n=
zZFdW(7ped#+|fTA1x)Sb^-YNgo;+sJY8b{e{{A2~Ge_DL-_YEMCVqY@+06DopVxnM
zRz1~C`9O<fY(8P064YCy4-M{zBP`-@gogF@Mj`Y3M$>!q*;Yi%Qms>|$}J&@NCL}T
zt1sTqyFER8V5li|fq~~6^0CADZ;frPI<aDJ><@)1s}tF9Ic5WY%EH641_J<n)4e&%
zlF1Or&CjcFS>SnE_4Zo#+l6lY)%GSWj+c={@=Gi23~JtxA9ePn&Dcv|SUf3Q0Ph=t
z=G#a{O4uOsNR2i8-Q*fsu>3BF=xpD|Us(9aV(f>8*sNAWAcNJ^38e31a>SR?=z{+w
zRNodI%{Vx?bQX!dea_>YX{CW3i9z2ubTm1b>dj?^34rdF`W)a!&V)Siwqz29`f_0p
z6i}>03>`5l|Ax*pk9cK?$fM)&!T`*BgU#2lKSIXwQ&%xUr3wF}(GlmZ?06VBV_`h2
z9W$8SY~#%-uCIO0dN0!-oKNgn8K4n0ORe@jG}G}Z+s2oa#nfy*3b(%TPtQi;-%nLj
zemhVQI3T!1a(|PM$~zkn<GhCrYJM83b|3>19?hh{<?QXtz^@~$)LRvlFg)pzx_F$w
zuELl?ePl&|Q#HmxAKu&^lsZmb$^LJ1{Wybj$#{3R`sU0SXg#TmP20dZU_4kSUq5~K
z5B~p%b~G~29HR!IyVhYM=&mkig`alHZ>0>#GvC&+47N40Vd_0FpjFq`r_JMIq!UAB
zY*#PdiipS%v%xZ^eF51&p4e_F0ooUHF}m3WOEADo1bBdrgfC6&oS|oH^m$!eOzW_|
zw@^n06q{;vwQEjKUwE5914PLxy>M(TT~8E{YXvIAQ$Kv4&f{>lEQAR?cvLhbC%gph
z?FNBJ?#KxmHqh-7zUzj2dv%(hL1<~cOn@ypJzl6%qF%Q5obCDlZCx@b#FrXZ2aVRc
z)jyBE3<owdUl1Hw8ZG|mqx(ks;b0yeZ9`;^WIbss2`<~khD<-EVWK8~?~59CZE0Af
zj$%x9a~BMd`gjoWSj|^Og<l~sKhe%&Xh8PI*=~1drP-ikGw>Y|()p78mOoXd4WrgM
zKk$KzI1Plg)s^;6+EsPxgn))>yi{D5-IIw>jJo*G$r}xMGS^E~8GPe7ziJY(U`+=y
zKS#lh|G|0oq#_yA_x^}AOOZPK-9F8^xZHHS#*Kq@dF3}2v{LfS@E6YsLjj~Vbtfbp
zDj|o7zd$A`@t36B4Ru>Ki%cxPDBQV65-t6Q9R62Wyp=q-_5A9R!qI{NHji;}u6JZS
zPB?#hXOf4SJXtOh)C-mkR~RDuv0q6@&^9!r==fD_kB4M2HGQpZX^|Q>3IWN1R4hu_
zWuU0kxvs-MEsFq0%3D?z%K8X1Kp_C5q^uMSJPyEYlK0a999*yDTy!sJ?kN#Ryphk4
zJ2jI`lm2c4q+kvD$;rvP-N%P0y3OI!gR5g5rh>%BhjWz5H=f}EpV?Za<m%|Z-0^Yw
zei#Q<&~umOqe1LP0d_`X)JYR&`dbz3HJdA(8+i_^9?b3pbSTEq#Xd|Dj?GUguWfEP
zs-n_tjF0$_>@xv^JFjgekkxAaYuCJTGf_mz-3{8591*WLC?yAv(8h2KvGt#-PvMVy
z@d#2f{&fD-_Z5btq?IKf_(Q{r=!{H<*i)~#aEOK_D$Sf$KJU6XyZ#uCr>WXrz*|>N
zilmA`4@8HEQN!{r_h-HFaHRHz(!IIe7`dY^j@38Y8v@F0;1E&}ha(t?Y{%vCv=Gz6
zF|yaT7H`GfK$bMV%yTjDvP=cz=J#v;k63g%!=&7rtGiePG-;Dze?ZvX6PchdIs{Eo
z%l?vFrVAKb0_}nCcs{}Geq&s}e7uhe#|z{QPJrT#f{>mhyJnw9AFYM`uJL9o^*Apz
z4c2W73*fscQm(cSEq(`qwBxpp5H2pBlsj*AWn~Yj3n5alJjKq&O6C$6cI@uVlQlJz
zQ9`5@?EfHosrptyt|a}7!_DEt7PIxohs&#z`}EYKF}~?KZ1E<<XIUnwn`{AcRH0DT
zTFnwu;DseD!A)z8V5S%qHWzGh=*&v~w^v+TVHojdaOp@x9bp&s60TS?q0?QH-`=P5
zvN;^+{G2Ma`9YlFYrVgR&E?C-AB14guMfQgSjOS@GR|dFuHvG$vNqpf><2!tbHNBY
zX@q$D|A}B-AR)DRG}-Cj%~nGqn&GZh@~}XiVp{SD0y(DC@$m}c;^N{hZg*y~A0KnT
zGYLvT{f+%OZ$2}mS2Z?c`bA24q*no0uL<~ZC6Y;LJOZCg!UJqB4^~(zdDGT#oDS<H
z-<IfW!a}p<wTk5hq^_Z$o54QPf&A3B`Cqp{!03(=_cm-I%ygdw+Qszdf9o0Pzl@40
zxM?hWVN<X)PHv!$jx!~C^U0Z9r^WccC_IQ5ASAPgF#6o4(EKq&19f)ue*??pgaWca
zzrmlc4C<)kVvm}?DwwKcX&vU5nC^+;QZMcSU}gH3D?_S!*#^Li0pF>BWdE^9z0%^`
z5(1{y_IME%K-Wj+7tW7OvrQIgk9QA^n!|+()F9XE?@(!`oKw2J3s-H)p+A^0+$H!p
z{`eaxLt3u8;$=_TrQX6n7D@7N;9W(mqs&#Jz9UF<UK@2g3eapHKYMda{QH$N?(23v
z*eOz-I*P#h&53ul1f_ZK22(cJSI~<P)wd|CYeAf?`65pm-Zq)A!i^h;=|8xfu@DSA
z7lDFPLf@fb*ue!emxuPU^C-UdTLI@ZZv|psB&H0EY62=`0mkn{Szp55>fT(K0DF~-
zn>Y2riqzwEf^<M_i{RqJL%8>~$uCy6diM)@koz6C<lxwy>^y%51@@^zMXc_tqCgdp
z1YF}kB)vQ7ur^yQJRJA^Ti4IdFwJUrmTElqr*RI<jy&LG{Ad=fL<6>BzFyOl{9?+j
z4<v~sY(lxUjX}`FDIV{c`kQYf?_O#3a@x+sJ~4($MQ&!c1j&J~*6q||me~JqmVj>5
z2$HgKm+4D3>b^S4ORUq?IH)P%|JwB8UhnywS$X5%xSEwFd(`GM#yf7FCYWXdu~$W}
zMhjLN?T`8PPh+Q6%*PGaMT<TsFC|TGt{)+3JY>XjmuYMICm?Ffp+9&Zp647ov95U1
zrt#8<raV)j#Q>=lLy(moHlE7Oe+OhK2!KIA_BjCS^eEW>N%H&tej684y!$&pusTOO
z6frZ32V|Ax(n;yq;-qZ>adLVp2x{pgUM~>)O8_Kn(q$L^(#P{T5X4!)a8@JW!M>k{
zdspE|0TNRWA~aqcxbJfx2a?%sXa3T&XpsIwEX!pE7~x-GrqI|Ah<>)hzoba*cr1u0
zHsewfQONdv@fEVQ9=wQtzz~z4uq!^z`;<oReGXjo=3nnXcdN_4YjpkyGx<pVxBkc7
z+!<xuLG{7Z4~@A+3<Tug&9%Br)WtG{$`|R42M002e=vk5fQiQD&BYW>#MHRLX96sU
zCr|*ww_r&N(7SimT9twAuaK~<xl>W_WQ48hmmYTYtKgA-fahgEuQ+Gvws&Il+8XIb
zc&V$Sdu+3S3&0`(f`OidgfF8;|BS^Q$qN|VrEwQ)f-DAf8!?9y*w};-1QZh%(@FY<
zvu$NkAr&pd%RPhE`Fb6%On)sgH@BOnJ647USBOIf0aeOF6dt8lSuF7x>=x@M7(w5o
zXQ^t%?!S8gZT4ovn|yq2v=Np9Cw0tH<yqyFkW@8wOn>cQ^gg8b<{#X$R>}AZMk+31
zXZ!S)bGE;_%8QP}cNUs2%d0DMY!Vq|lh}eRe`VgWj9*`;1xHZ{@T8C_D&~IY4Fb=m
zA|S1Zn?*7v<Z7)5@f?schoe<5`~nP(I@OZUqQ=ID>ba(U)t{eCbO(OCrhMXiBhO%;
zl0LvH7j5cE;mAdg7x%;htl*(Ud#1&O4k<D++nt{tp{2&AzeB1?H3%u{O*CMOuD0_%
zLlJn-fIl8MtSj`Fl{q>kfXlNHYG`D$y|4~!IYZT+Dp>>KFn&lVt%HnlqI3ebfD5fp
zAR=2o5Xw8=2&8fBX7LbtQBiq*OcA~Hy;tZhbw&*lGKT*qD(@lJO8fewufSspd&t@=
zWK4kq)z{&^bL?@7GOJR`<-qgJ&=<OlQK<GK9RfBfes$`fGo~;|CmoV=_Z1cUBa?yY
zy?63wun5JcHuJ6v!(Rl%ZV>tSaW4MKJc+75VET~(CVt9%?jN>r6Jkl&%0((hl_?b#
z?5;dnqY<h9J@dkK_xyJKvkk-|eVTgwU%CX^ySU{89^$+`hlPAdI;(>hgEv*mlC4a2
z;ux0LR-gb;zuuaTX+@)29cyr@xRBy^iv$TKum_~zoW`9t;qf<Dccc$VM6lT{Vl}mP
ze&pvJg9!tapGmvQUo}7GdSaY$1n!b;OLS0J;bfGs0bo7jvjK{PMPcD@UR!+d0}fe1
zQ|MB$O(eHX*%I|4_jxY0txf>4M2Je>HAE*m_%Y^I=QGDrNU4d@5)DMEkdFMuE5Mz{
zr2xDZ+mue&!o=*_!eO(wcVtzLUJnC0*73&IH(;pt6mP2jR2jD!-y%``JJMeyD;gr6
zv$9;OYyGgx1fpL$*3Z=P4MZ9)_GPBZnSo_su}Zzt?{RwNHS-JgaC3XDJyQybdkz1F
zW^`xpyhvRtJdEsgh~VVpWW<u){rcu_&)ginh1`?+_Zrzu-8fgkMlMSMWx7RhI08=s
zPF+2&TY>Ot_Wp0tC1BAGjc%u6?p!m;$#BT_&X~44{M{H!wb{QvSw4Ht43*pO9q^zF
zO9&gpg;l*Rcd56RgbvT1zc|Nm!CVgr%MUQ?&a#PinOjy!NWd6`eUAOuN9TTX119cC
z|L@+onOYMW&7fzm!D7eI9{+rJdNf)2jbZS6LxRgD5-+E%@o5Uj)Ajvk7YH&>g)M>$
z2bg8*%rR3PL}8c}M{)AfO%PzyNyi6`SJkz9>>4F%P`?|I_aA`bi7Z?9#tPAV^gZ9W
zCG%LIJmGf|kcJ!{WBhPXVLD2x=6yP7bboiQQt~!u@oP=f0A3OeOArkAZ&=@Z$={_5
z*t3_P;Y$^=vJ0A|1mJt$*mL8|o?{AkW_@umV#d&{4OkA2M0uY3`sYOH$ERqKplLWg
zH4{XcTx&PhVj@$SI);G-2$Ld+c*24JNWntpXU$=VgF{uH$??E>RM4L|{PH=EYp%8i
zwoRjRYgcgO+~e&Q8E}R2sdxfQ(g}zju8b<iehmyhEfz3GLTQeo!!?n|?XkkSGn^w@
z*8fYUzMF~p&94bonxR!gCNe8%gk_V=8wBR#ZNEP!KX-bK;`jAF`^TDe-@Oej-Kfh?
zPoHD+(RZ{7u=1Gca=B_^V!<kO)hlXQ|HU+B6F@MzP9_J$tbi^B(uF1j;uVETIWM1t
z&xtJ9hyB?VV{!Fe;E-hN{X1;wm6T_i6aWDV=dH!`WkQJm$YyLK<ZnM9AW73j>J?TW
z5DX5N|4_BueNlhgf6d!ybnn@m#2Lkl?7aR{DIe+HY#`I3(bWW7^BPE6{}Y~1i-BIV
zHz2zaK{!|+7f>aoO5Gvqb7iG4bLKHY*{%aFrkicsd4G0<%>+-LRll~{d>v_MZw_b3
zD&z<Ypw!dsG@NAzUK@zVjfKb+<>~i-L%ycQh7C{(Q4WAtDbR=k>bZHf)?Y?lKs6T3
zix{L6;F<LGzj&Qx8V!F34`U7E*DwRbb4X057~hxZ4K_1qhcdjjwzdIo)YH@6*FaLY
zeS>iF6v;FzYZ)p@<&?p@FoM{vCPIg06y*)ABfC0|q};g@nRG_%iWCY_0dgMw>2=Av
z&84>Z|5aHSSd1AO+V!UsV_OVY&e2&l+1XopxLZe!57xHNlok~>Lu%?lYBa+39okr^
ztu1)eFkAqv#-SA)_8Rtg87=3SyNOKD>KcF&WOWh{@~q4D7mzj9nB&tkiqA-tn9Y;X
zX>txJDl7zsB>iIkk671j)WXf7gdL<7;lf;xA~olOg;b=4#x=tqtN)65-KHxHU{j}x
zNd$NrL|6L&^J$U~(QkC+Qgi3xV5Oi5;Rim?VpWK;L=-NsGXVA)1bAV(I4;o*AdXH1
z4I~Kx<acB9{^H^+jrlVY?5l4Ua~mg5VD>+CcT*FS_;R}5mf-D@SJYh_B_YOwK@YxS
zOQuRPXC0LgeDs%kdnIhRE*q?puZW*aOaj1K!c*CTx&~8{shZ8gch$>S8?<W;c>}OS
z=Z4bXJf4kFxgx1=ZaST8DXtnphFrJ=gQL^aK}wFH{?d8bVvVj(>-!Up0(_7R>L06)
zAS_aIca8;?xZ>^T7;*u6?zABBPZyr_QT06d)pjC?oS19+-=;^jHmB{;O0j0g!9o$1
zH7y+-4>FE$tzu4j;=<1N|6(Oi4J8Vl_)_z(m&#hFrr16aTIKo9Y)T07igus!#NeZE
zjTgT7Yl{h8=VeowP3(>v{7GUt!{h#o&?@!Bg`q|7N|jqJP3=ln+CFldNEaRgGx_iT
zfQ1GUmQFzS1bHzTbnOrJ%;}!z*+6MGZJdKvd)_@Mue_6Gn_bmbrrc&0?zcr{0~=v+
z8HrFgh&r{_xa^Jyj40K9EYmwn<9dhX=2qEpOi%oj{_0aStPwR7=mM_{$TkO7{IT@O
zNoaSDpKYS9G#M;UX=39{+8RC(Q*=t?`^UXH#Ed_LjhJ1w_mYqR)r2i*hLlkB&Hu}F
zelVf`ONZ??xNkm}x*?Y?E^eI3-J!x+P^NDj<+$D7uYestYeV$vzB%8UFVE^pc<JIR
za9d+-u=I@quwGOE%M8fGlYXbF0nY~nkD1p8Ik_>hx)(t%tkL8xmUJDfp=HXe7fI`U
zVVLxv*5w7W)RrFcM%bC7%W0Gg)LNP~4WlK=!E`1M0DfUot@*oc_0ppuXu3kjCzDxm
zILpS~o$4!sf2-4<ykFO_3Ft%TGTE7YrfA04&9_Agv>+aC+EHauwfnbI_L(%i;a;(3
z!RaXoD`cbYyK!(NfUtt;Zh^CW^pkfA{vpENbou9Wy!Ytb^}~Gw|H>$2uB>`d?`CVM
zK-lG}<djSrs^kKcppgGjBw6os)u)$SPr1@c3pC)K(u`enKM@}#ld*?=o&N>&#)AId
zT6%b%+=b(?M-%d+hRnp!XrS`5!u2yB-(H?(%v8P|4yq}G8J727L=zirpg5+_`?S8<
z7PCOwxg+Zx1Gk<qKffhlPu!mWvAq-_t&9Q+s00mG!0X-xL<B;c<N=4e9{!s*{Y_Db
z?GJeQR#T=w90@&;faI#-zH**8B9JwthlTtH)arbr&Z^iiY-ie<2UEGL?1(^0)s(l^
zKZop5t8T<tj~JZZ%6}@7ZiV*w&RMDeK}O^{c|Z+5nR5C6W-BNKsMBa+Sg>-h<xwn$
zkvyWi2{YUs_W5n-`{r+dDv3V~QG`xJ*6l|dxwlz@r<b6ugd-#8XXWR6tj5KMg4b^w
z^2tis@mb&n#p3lL)c@P&r(C|#;l?1neqA&;lFr%g*{(p46hnRQNd8?wfHLyP0WeW+
zQ1iWCU&s;gLw$ug5;7{gN~pATbw?}mg314Q<U#Ol1q9#to`P?!Gs#cEw;yhH7ATgK
zKmY@x5zvd3{NlsQz#|kpQPGvcw}igTt^({9CX;pW|12<wlX0Hj?C!gd+?AtP{{R0Y
zMI3e*XqZ>d2RawlvnqQ&S}&oOtZuE(br^CpuYi;Ie_Rm5L!g2A9Xo9-?;qN=^@MJ0
zobRUbdB!WdiS_p8NC5M^aJ>7}d@}sI|EsY)H@lpvJ)L^@m`k$(;^QNO`}bDb+6_@S
zBHgY26){C=rXY3yzd1<;C)o?~k){t@qiG*y>Ae+h1t8`V!~&&m@6Y^wW8@#Iw7A~E
zD&noUtAMKlsD!io0e9DMve5~jQ^@wnw)4}jf)EjYiMVpH4{bv|%jKB-;Ns#0iWw@J
zX0tuX+*BFUg-g}`-+(98q9tUVy%G4bn<~Q36Pfh>fmQrJRDESsR#CS#-6={p(nz;-
zH-dDR0@B?aq#G0wkPZRqmhMJMB&18}lJ0Lm?|bhZ<NM`M2E%jq*?X<I=A3Ko#YWG#
z^w~<c(;E-ocYGj)LICNpe0>67Zt+SZ7ib151n~fP6-TyDtd`qH2P#{;0cmtD5cZVi
z83iiNbN3&_<fGeK98F;F{5L_!V<i4`6Jw6LWK>;$Ywo~a?vS(P4M;3<mZu{9p8(4}
z`HqHz%(Yf_Sj+LVcV>FPqlX&dFGn_=qzdDwSr7%PKu`G|3U0X;i|t~oQ2yH=)H%|q
zJjN4KvVd~}cFJ6h(n%ZM^<16&w%f9)o#M^I`1F<*#h4<hKW8T!{`bp%Fi**hcbHVy
z=|(?S;23#X8C%iOFtF+BU7ZZ<M@KS&A8IP5EVq$>#_?&pS$-GyKd9vfqbWzN(opYk
zvdtleFktaV9GABFe7Gy7OH*7z$NB${`DT{L$`A$G-u>P6=AX@{BAvgVp|m07(n-AO
zA4;r7iWIJN?n-o17kp~zr}mkNP#|;|gWNdBmaNeg=VOegnWu->Ruhql+10Oab5B<T
zUodBY3drR-i_)Wlq7n<FWBnZPG@vD4>zfAR<-6%(0Nu1pbcv2ib&Gs6g+c5k6<vmj
zEj^6c&iA|17IBwg<9%<x3I;Sdspw}$8rNx-cAq0raI9kZmI2QRHYJb$u2zg92P^Am
z|MO=f?T=Y^cmDSc{SOak>0BXSC@J3%r)^UH=LMnvHqpfnd>j|s$fj4u5a2HRjV3o9
z^4WNl;FT>>qz)$Jk5iN&p;m~8Gf%52S60?FL%C1hS6ePRCmb2E6jDiX2wkk&8Ty?(
z3=38Nbnz|{tb{Lfu(u&09=rl$AZ8m~xH_nx;MuAITJ2>iA;;glG#&<_2!LfA^W`A#
z+uNyMKs^f#{KfroMaol$P`Tqe91tt9H}4f~%)$Hr1H>yV1>09__O1QAKJ~vFW`$9j
zbGLKz3p{3LHsPvi7W}WJmCZMXll?CrZgD-Hmn~P(z{CI-R?On2r0xHMZwl}hM!-8j
zrJmOPA>bB+Y7?4*?{7u)Xj36mu|*m@AglUwd7HN`X|9nP<o!`Q6R4_^pbOSW)am~p
z$bp*jkTK4w?{#?Ge|7RWzMMJGS9j?G_oy<}?qoIIZaqq=^!wZM-&6gTsx&QmeX{f{
zR<pEWPu_eh`#sX$FI$&#5s>Ngz~r_EnY<}{`&Z@Muft?~#4SN+%iqZHChPPzpu_ud
z9eL&GMNv+W*mR#l2aWWEvTC`8gB!udx^wSP)B*PL$DcnZ3|on7RaI$<awb-9T?z7Q
zo>=2j_5YTR&{K|@n^e<&mTqix#eW;BG)^TFG}0e8cy*oRp`xZwa`X8!aalR`7bwS_
z;<=szywoqC%p!qd1m1LvJOrNo{R*nZ8|m-9;BlI>b3$}E6JG>qkX&%lUY*PRvBbi2
z%ikRkZ#Dn$@pFHp?UY$Vpy=kc2y3p8Id|IJJI8qI%cIv6$P&}s6%_$DX2*jch|BXs
z+CxwUio*_*7QU~Y&zja7RL;m7NkIraglwJUZf@`O$IjONDBBx0KSge8vd^ZIDYESP
z_eZbpE%vtmVnPpxOSV|o&^)R5!$Z1<ijfk=RLYB<RQ*~BqMSBS8K8{N>`Gza1%tO}
zJzx9H(^zI4(|vch0!bKQOqil?zd)5~T4d3jz(_m`EfJs?chYXVE{;e{gz$WE$s_6Q
zW-SI&x%@HaS_AH{@JBp6zQt=W`q0zIe&K}A_i*R*KC_8*nGjAMGFx3f-$N7heQGKm
zXthVK!NsML#)EqL`Gqtq{9N7L;cp&$ZZ1jv9jXh(du4S#K6_6OS$XysF8Ky;eT6g1
z%8vON!aY><WRT`#2qpd2q@YMeCC$`$GgM}Y$mT?ZP%|22G|1@mJS;oia47^Uc^&~%
z0CD53n^R&g^;7DvecFD)7TxcUK&|OQ|LmCx4|jL)pAi}r{!ebxZ%j?S=LO<8?k%1?
zc{MxHX+uE~JMnYfW=Km#>nTD!WncQXO@kN*8(S=TbMwUHR8J>9-4!&yw7232oR6Yp
z{LcPasf~i49T(A-WMjVUe=PX8Zn0lm-4zlU2^sAEv?1oPBV<VbBBi4kwH}HDyt@Cl
zX|6`x_H;xVed`a^q?b^%4sdr~)|?3B*T6;jnex?cj0WVC#UGkY%gD%b*)Iy}+0O;V
zFEyVqnqs;`_ua_*prLk`n4BPQYSL*CFLq|KYi=kh_h-AP;Z}h6^^>jE*5k7=iUwgn
zcx@;1e$_OD(VeMDQ{&8|l^;ALSZtG%l1j$P0*_{MjV^PChhs@NR;}G;oX&HT_~s7}
z^%q@O#Nw3Ath#y6Y{eHh!5SBXZH`8$8FXxFYYQ=Zrlqd#-ClY?HoaP%-Y+K#-FlpQ
zj}V@7V0u%cgV6)xNxSz<adOf{j!T>a-3Uq6<A04Ag8%%<m!E62Lf5VQU9L`5Y-b~(
zD2x2FrY7-2QV3pV{Mn{e0RzLsX-6p1=G)nh{dfuxbr9uaJ3k4z<#5?PF&wFDf4mn!
zh=(ZqmZ~`8`F&aI9pg@>3MJic+}j;5mOC8CDze2_R!?uixStNS%-~O0$h8rI?%=z7
zQ;F!={njVq<NIOILRb=TtC<>WQ@ofh?&3Ru)7$2Q81$6-KL-MKtTPK51qJo=s9WT`
zQVh1cJGEY$#q&`w1x2;rF-fqnmOu<i@)3yH7A5mnGtve+gkPo#yX<>V1{0b4{QImp
zs}z(mcZP=In&Yb?(FiLH!iG>#$PY4^*jc3BNg<RnDc(I$IAw|TU6Q893emh^#VjY`
z;q05h6P^C`aCKc*@I3V9cH^xA+Jc)*poZ-VWqy7Ar1i1c8Kq#NwKRO13Ip_cZ+G3$
z-afx#>a{Ai-*^UoaYGN^Qk(BHR0ju*#FPQynPyA*A2l^nD;oJsDssI2NfWP-4pzol
zm}F&Sh65k&no`#FLgB!%=>q3}S2QZJbM0V3!(f(L+SbP`UR#^1TXDqDgpk@+yd*k)
z>w8f5&C5%)$(`+&-kd6B<q((imGj|ZwoPKE<$!bd@20LT<&oj;zH!{88|TU}_nGl*
z@9S;+EOGxxB3vq0BXT&2+2uB_H)G^Bd%IFPChg1P+$^jo`(22ksK{$4<%UcgtQ%K>
zt{52Ge9qLqxWqxrh^Tq9LGV!PQTEekPt7Xhuql^Xe;4oFaeMx=nuC0OUH=#?{sVzy
zzrI@XodxY)YF#kGnNE2(sGCTCA;;yI=)7aOqo6qPin~}YDJh8(0NoM`paFjD5s~i8
z3(X)rwgNbO@+}<7-sGvGuHwBHV4Q^ZNKLr9`BCs9yM$77kgiwhXT841YjlTFeh1Eg
z2mc?Y4OmkC@6ysfL!Uw?YON<5UNeF?R;1s+=nxzI&$Wz;w>JeBazs0RdDGvo2ONqi
zucrwg&sj@}eeO5Wqhq4y#B@Orvt&@~eJU-DMZxnoVP)d)*57qC8zx62<h3KOBhuuS
z%n}yZ3XF;RN~mezgEdJkf6!2qd|xk8UI^wK^!D|yL!NrXhY=BOzrs@}X5!-!xOf=3
z*m2Z!bm|`#qoQLhOTv)*NlB$bc{6N2rm8Sdnly(hqvF<t2V-Dj>gpL7g#VtOZ~rPt
zNfQJ%dlj&wRdJ@N+||3%n~3}CT}Ir*m3%2)c96Iy+K_|qwnA_@DiQc34mZ5#gwMjl
z5Wcnn4fI%S$kpj;|JgT*1Hl=k%X(~evfR*2tMc?{?klFsY~=umM%SP7nIj)>p0S>v
z?*(q?B>Vx4M#DE|T+MqETNkc8$3+S6S9r@Z^0jSg<Z!~C2hrCfDVD(%?1o|6m*d&^
zlutv`Q#e3ot>vnQV&w8A!AWzCjxGlLqx@T6-;m{YXDI_UocFj?Qd%mpMVH@{O+5Kw
z+2Y@c<;)R9rdq_`yX#aNdn|NYTP0WgxRkUEEO9?S|I+0>csMZi>lUAcWT&#YSWmu1
zKJP2tf6qeKr}Sjxmjna_zxa&e<PiJEQ3&lT-mTrfjANE?<q5K$CL88?4gDv$g}h6k
zO#N<8Qg?nf*CIyrDf#odnjSH`kKgRe+uX~}_f=KZU9fENS#?5or3LkNx>Sf=ikCq(
zcqvy}L`l2jSFa3kY|_yR65A@C3kVf|Q;on$z3q53uXzt|s6Nli%8DOw$qv3V-OZtK
zg?(1hPX=r2?d`qOb13W2n>Wr&HOOAw-Fi;$w!Ea_>gnOO$|+Lqd<o%|PecZ+IPpAA
zXxaUIYvzYzA|pRJEjFIi#KmFzNqa{Uf=NU$(1K*RA44=}Z5!21n$Bm3pH$4k_O=|M
z_kk}bW(uL8CU5tY3%|3-TH8r{mxd0QqSJWH-#LuVj#e~5`ub=W7yZ*gaGP)6R0k{{
zpKO@7n<F+~9FF$5s}8hSk5>i!u4#_2dI+zo;uHxEp2+ORkyT+JsLU4Wip!xE0nB_$
zq~^ONQaR-mi<`wJyre|4BNHqXu~y%(BCo^Mq0E<&w`bqDCYiZ>F6`~+Y9pL3UsgL&
z1*>Jt$;PEY@&WP*;mal3Hd89$^bJ}&Cnv}C-{t+|zPh*hp5G9XkdQF3vMMk8;z2+o
zgTWhB>8mEUV;2|m^4fdcu$j(a)u7M#5~U`WV~+42pXiF_-toWElFxk|r&g4Ilt{yA
z*g<(8f#a}RS-6(9+=iJlnoia#6VC8F6n$EjpanX8{-w5(O5CFM8?*eQn0AZTz*-{S
z@aOYiTB+FyF^uZ8+h?{7m(hdFEEWw>=x2l+;m;$KgMNPesMj}G%Bb$$9vV%?KtkO4
zmg9&F-}vIR=Op0vm4VR@;h9`r4q`q1+=b5fA|2vgFR@S%y$})bJU7uw!DzK&o8K1)
z3mp28fk9xQAmwD}f3c6kl<V9Kp+*YFY#U*_+e(RK_&d^bBI-V5ZL;Bfx}aY1$NR}<
z<Ci~-8u8@bzV%;t_3#oCct^)S-K2z8OM{36rhi#<4JVVU{&tLivawz@)Ek<A(b~hu
zSAD-Ksi2_raNXk%CQYGtNJlsWPQ?IHU*4kwc`Lxu@`rH)*1CN=J|JEji8(06dXrvy
z;RReehBSMf^jw6Xas|%wW*I+Dj;7CbI2e|H{}AmkFR}9T2_he#kEdy{xaP+CDsW$X
z6ni|qlvx3Ol6IfdzdnkJLpQe-1ic;q`+~1cG=nq${=NFwki|f^3kgf?;!;=l$09F1
zYJ2>Q#z9>cLt@#5d|4UT<M9m)^xj#9@FQ@?dEa-3c@t2K*6%4QDfigyX#U{mbC?jw
z9qk+crDbnWgM_})ULBzJT`XYL`%dtaww8BlEDtj}`mvZZ+;?f|-^*3YB@TvcE6vX~
z3afq_SK!zxDn<s}lS0*%rW+fjx>vXNw+4t8#hm_k-h!0kV@Xkm*~{&Hrh79q-}=S)
z6!rCg7*!+CS^v0FAK=KdHP_Nv|C~)#ktx{qZl8vML1%Y$6|c_zcTMHf0lF_t|4mA^
z&6?{Q=1z|BWq_wr!+VB0ylcv#o<BL!WUbDoSB>yxs>ltZq4#=YZDkghOCz72_&ay5
z<QZYPNt~_Q*1s|jCrL+kuxDe`omOZ$UXlsv>kp2M$vJxRD=8~c)4#xG_V{=*`M+iY
zeSL+YK?x-}l%L$(iQ2Cu2H1^r=JQdtTD-P)-1k~D$oE$ouyKL$N=#l~7CC+(!Oepm
zO#t$biR)7&B9d8Y8MqLV=HsoJpCP1ZtW(d;%R_LfuD-h3eI}+u#Gts+;r45&G&fXM
z#;ner`LmvZYa5<|s!C{5@-qw5j<*y9_yj!#^vXFxPLwjgQ`OYb8a6phSKHheHSI(a
zi8;+A>}6zR5*r%@efA`I0U3?<8J|v$?G6I!xUOapuQAtmryk3Z&jxmtLiDU0xDKMC
zse1Y@t?XGVpecCG(K@1dZ?-A$z_X-;)9^daMxolD;ny3%i$<ZSs2c!wcwg?5*xkEJ
zGnW=i)cbiAUu?ezX*UM|kL{nOM7r6|@*s0c<KWmksih=->TLkqSqd&?VG%;d3>o=5
zYTprsM~L4A>M%CYs&x>zo53_V+BYy;dGdmvaEF=sD(z!%>@Tf?q5^7;mn|B7Q6LyL
zpB=`b^Sm`%FVjzat+i?4nnTTj>o-#=f7a$#mca{pdU<$ztq2Gd_+0VmB-@6gF=V{`
z=<d#JIZInoqGDoF_Lo{Np}UXt%7L%Q6Kqgm2^@=<vy%->+Z2VfQAtOsEjOg;8;F-f
zx<vBzrQPg}YDOh_z%<q)ez&^|TZI77qv#@h*y43Ss@Bv@D<qb+H+%T45G4ki3{-5}
zD5e|cR?im?_7l%f8HtkaQ|ijtZg450A9}(iRgEb`Z!aUNph$)MifbNv<gs*t4f=Fk
z`p|86*eR)vjU)3gHMu(bi@mQ?wrZ0gx953KWwF3-qw=M<$ErR#C3(&I9SgVS>l5(H
z;-wH92S-F?BpN7jXpHXZ_OfMVX_)E5*hT&Flq*d{NVW%xi#y>B4Z-KC{k#sQEMiU0
z^q>71fpULUP|O}F9-FQgsUJ7gO8drD7D-3o1Q1bD1}dg@2S75Xu)3C>iK#d<EG&#9
zX{Z1`$YO6s&(SI2ecV-lOb$-cP;Wb*-7zgo$=G;tofGbTUyQlgJB(a$m1siu*kPr`
zmOu)4`Gj@D{p_OJ(mJQ{$$#a!q@*CJuQfsk_7gi($MbFJ`EHG}Dn{gOs5qftnuUK2
z#LKR9g**!4-+2Mt#eRFU9$L$@Q0{n(O%nX*@H<!x$O-=9Cc`S~5eNVNTp6vje_MG)
z^^y>PIGZJ@j-d+|FZrMpqG3Dtl|3#iw6hm4CUdRTF_Q2XH8o7)$%@q03KMYmMxoE4
zp)%F!>4u$P3cwTQczIqPP|CkkR8+*z6m(f%2R-jID>Vdhu~pvpzFBP2)ZQH8jHnAl
z>@uMK*dqp>www=i=0|^!UEp_2dR12*AIK&z4`~3*D0u!nr#J_WzOQe4xd=Dh#>VVZ
z13wIo5+zWs&1H$6<8YKk$wB$BiYv9kFrvZUzCQs5@y^beR)X$gf@`?t)KY`E2pBDn
zi#5o<kE_PU^q7#P8`wQOTHV#zg5{G;$Dt668{zp%PhYm?osszZRVNN^0wLevzy7`$
z!Ts&X^=_$|YJTIEZnFb}GgAK8ZYv~#d+$d|v6o)7`Tf#q_;iq5D>^Q2hl)8{9tps0
zCx&~ol~kTLXFG~mDAH(fTEd>aO7ik&j=>{tku1N(q3)GY?8{1H%krJCn3z4Cy+|Yc
z4tatU9;sL;jwbD~Q;v@I-_M@`$HLk5X|>HX%OETB^mP;BOV8DJ5^&%1T$4i!o`Y}O
zml{RDCH0!%C*<mCpE*!mCbL>?c`WXVL~nn{_k<AteS0+*VTIAqtYk9eIz0Uh)Zl``
z5o$#n5JGcrY<kvG2kz_(!$ghz>adI&?z5S)E<6f~EcYqetIF0gtl4;qo=mqbJtxtE
zf`VuqDzW{_qN3R=u`MJGRFE1xqT}L{v%nzK^=xqnVnNhS$Fe3R>#;e1msQ5WaJAuQ
z&(@lmc|rqYN;C~fOC21zTy#XICexd0erh6R3x&9um@u(0neCCID=HFyNw<s->vP&N
zE92wtj!5BXqDbBY<Kn{K*_hSj(#YA_)z&*be@TbfPD$BFNIZBE?n?p;6(+SPJVflF
z)KD3{HQ=n;?Md>Emj7HWDx#oNxjNf;nqqeJ^;>+e=L__|?iOZXrw_9o`79}IN_8f8
z$V`hg@Lj-ZwZ)CGM)Ng1Y&hY!+}smxUfwg7zR5^JP=EJQrKP7QVB_FWKH51c3>+?1
z`(8T2bj@8G89I>`H`Kt23WaaglU0!FK>Xa_zv0U-ybWAHX1fy+#s7OWenI^buup6T
z^%zrI<CW)e=l<An2I`6F2tvrnHhVkf(YZ9uXS?SE<BX42?_b|u((T@OG`tk3f34lu
z`go5EGV5!xPELWBWFv*@POm~h5sK1zcx?Xu3-t3<+RlzMAP$_eMJ*`^An>g(y2B<+
z>d-7koxi<R*4EJs=H%dzF>dU<ang~KD_jNhuOD6)s@NKsRz)(v0JkBfcwiYP^l;Y)
ztSPP%(?2PC{*2^0nNMyCaD2B)e)bFv7fU8Fg$TpdO@H9Fw6tfY2N7d<_-SFj&d<vu
z!JYNs+qE_O?5PGz`BbRF5EalllKGQnmiDo_2~>~QGB_ZJCCoT1NJ;9G)L>vR{TP=w
z(0rmvK=2{+L)Y~0CxBdlaSR4LZ|_`oer<hsa#{SHmTy|w7>d*niU;QK@a@Wq<+(;|
z&!2tBAn@^T8};dwn*pOzpmc<*&@<@M(`V)@{c+xS_$QFMvN0)k{`omq-w&*sb2hH$
zU$QtjOggQ%)HdH*!4>=N<$nG8jDVc{#{-dY@G7uy;E{9j@@Ba2&6KZoEQh-vtx%PE
z9?7+gWiqSD@yeN-P_p~_(1=jOB~Pp0hlPgb<X0w~tEu5V3HrmW<pVg~_=Dd)lbR)m
z0k_@V{U{KZh6b8&K=UNYX7VSqDl2q3^$fJ>!==4DBOiT|z`_EpXU`QC71Wia7PrP>
zOhoiMd)mLBic^XERWmW9d1}RRNc|sH;p2}M1}^#^OoiQdf`@9YEkC}8e`;9&&Uq%>
z`+O7Ko{+=w_}XH9-C5L+unh%k)q-W&f|D48C@7K>dNfep{?#8BatNdl(2EzggXYNk
zg1tXkI^y{FC%sNCGb?NQ*1^F+(buoZiY_8~$h4rqtR@q1EKW^N2Ye#iCxnuAA$_wq
zVa%9>iE&Y?MoRu7V}~mVsSDrr2W0ws%`D!82@w)LWym-A6-Nf!0Gm|%<EtNEzmk9)
zJw5XeUjlyB-qXeQm%yKA&z@Z!uOsIjElC5~($FD#kK5|Z=0|l^(9K-6M_~An6|6J`
z$K=B+%V6%8AYEgDkz7gG*tue!Y`xbL0URPsXzb|%0=uNq<py0F>wOH9g#yP{E?4A&
zK{YkpGu31Fw>=;p7hmkjn{z|KL}Ie?J>$!iKKlA_CCk1lSt8di5)z#+qVw@z0Gt+y
zk}l#?vpiL#uAgvsgH08mjDz#aapCi@9ukp%WYqhF7|iu|B7HiqK(GFC8!^8ldDu{~
zwuZ+0R}hqOerE4(-i3p&p^?!7W$z`G@k~wO6Fdt`EoN%<zQRNH@qx%q^8rBM<mKr>
zGF}oE_{5W@0{c-)Ynz?w=v$&pHTlcH`y76IVieFt`>?y4XkKeb)PnKvAFQ<5Xrk_z
z`l`!8-tPWwvWLp&4_F$2ci!Cxe&3yduPrN^NciFR&NCVl18;rpJ!5WenI#4WhS0;q
z185VDTfZmbgo2A<)U({l<>gVG<5F`IJw5$895u}g?4&rd+;5fY9=v%U001~NZVHC;
z^0Jzp%UP)Ra+>q?&1)-R3EL^w24y0M$Bml@qf;bQFaRBasoc2RQ(V?Npj(OOv4PSZ
z68tJPdwlX*soc<V<|BP77bI3-Wwm=}^bhnFqMe+}0`6qNxc>n-FeU5daf`o|N;}MP
z7Gsmm6l1SanYMLjVUr2^mYy>bk_lKG{`_jxLMhN17u5wz#vuY<pFPcKaitGe&z#R$
z`xI(+dwj)pw|}6a*Y-U@E}sjGg}&|_7}#R3A41E+fW2yIadFV+&z~p3gl7F0klQa%
z8~zx>akWCUOwu*b3}!7-r#m~doq1|c8W;Y-z+i6o?+hC%Ne!#05J}O}qVwLrHx-T#
z4__@)*ae^Acb)Ied~Ga7`_R>ec5)&qWkfE&rKF@N2@O3V*4O)G82Oaw84WEH8cln<
z!san$$5f#-YTeEpe)RD0EBk2-45-{dQbRxOJl~>J2UfMXnA7}xt(o}YOLRh|$r@nO
z20G+C6_ga$evGCgOm@-$axC6%c4j_-j)gs*`R`w10c*8dI~o-@+3Rbx<qj$?zAx5H
z%*<~x#i3=V?TOr`^9&_Cf1p4I+ks0JeCHMx#@RVIh~VK!e0<pI>-!)y3W}0^e51tV
zta$K!Wx~R1+J6%Q{7^<HHi!q;?tc|z>36vf*lwe?3cO65jux-U5>>JalS_55E3(AB
zgOtU@BG;UEKE-B`|9xSK(<U23&A@JQBnmJ>0vMj(D<gYS5Of>H@Vu9_eF&G3pFg$5
zo&?P8cJlfC+qn*^=`I~e(0?@9aTn&@8V!lB=6b%zj2Bh7=b-iUE;Hkm);-~C1%*g+
zGc)I--Y5cGrg%BLM=&!bxD@y#L+k76{zCUR^{17Vq*Fyb_IoqF+0jo_<rfDMj$J(a
zBS=pX3JShf&yV2<zwqBN29=3myAxGA^zftJPAyf4zz_mG8uRCZ$!GU3rThc%@t^i;
zFuwRYQ(kQ|N~)5{gX%7PpK#ge@dxA3xF!6m(v*xW%{4?mp<m3&seR>pSs7M^VZ*AU
z9x?GWG7$iyz!uFp+KupU)XW6^#57DuNbqPqSeNfhMBTe-7P{xpd%v4@1Y#Q=Dd367
zfp=ishYk*=aVSLuYinvg;=o0N6VlWsit;foepK$q!Gd551eHsMJG}ISRcw>Ws&U;`
zzbv$LXhj5xtrr(bc^3~?Y<Ni*$1?N%$7D3jX~0>-TR(`~B<<LOeggTAK}V<THxu;a
za)$u+0)9aHe-lOc%xZHJ&nRDFD`Eq>y`Z@|+cD_jxs4@7ZqqKEXt2|5e@k<<H4Xmz
z%UM&VZ-Ii;;KB8(%(`BvtB*52m8XmJ{eTd<npRNo{A4JJkwZyE#j3vVi<MQV?B1+&
zEN(d;`f_Pmv4pn-9LR;aRdUu8d>$Til)^|p>|Rdql$2s(T-G)fGsFYQ`yg4_xaQB)
z_1@)WWipWoxc;Idg7a0&AjIe$E)HqXoP+w)tJ0*e&2CnZ#kaVByzM18N`h<qu|L->
zW~wjRe9bTB>$mxB@JzY!?ozUo!#V?QkNH`mJ<3$m`FG6C&D)n+yqp$^$b(lALGl){
zc5o2=v9RFxB%})u0WKMer>GvD#0S%E3WZ6#=z;Wz_V1sRx0xAOb^>gys<EzISzPWP
zV}n8CT_KI0YY4=ADD5sKZV8lvc*IPc$|SWs+|B@I;CFS|AFbp}+NAP(v9sCRKM3mI
zuRH`kw(pJ(*4qK1z+S<seR5{H@2#$G)-tRv#c^DT-`|CP<G|(26=H+>i0jqsq@qiP
z;&V0;^7pqFxn<4U1yei83=9k(Dk>_tz`CO~z}7uxZcc9}jmMh(;rg_Q`&B)&``?fB
zoCfvL?iRLknt^vgD-ZYHo?AG3sl|<gKg!Cv7Jh)j<5vu*Z3Zq6dXh-@>V&=)R^a$?
za45JzK7?|Xz3o0B(k-4e7o%hi;~KAY`lB5da`-IeLJqIbH{@FbZ=O0?SRAu6gmdud
z&(Q<k{Po(}E8CSU#@PfwA^Gv!O8{I~X8DnuJGI&ZS#C4~Jy(4HJI$Ah#aJw){of(D
zd|!;~oL0pC%-7om0ttiusT>_zJnUUqAs(JumlSqm(g7=OTeyj8Kd-XoHnL2=OW5a-
zrLwSCJ=l*u;$v`RWn%4lyCQ~FY8~vUe9RzBDu20ed%W6$W8B<%GRIYSw3yb?Mf!fo
z3N&&PGa4Hu0<3u9vuiof?K;a|cQ9A2aTyO*z$q{P1hD+zj}K{C%d2}3UwB3^0)JEE
zv6Y@RC@IOy%Z|Uv<ubCdL@P2dOniAslxL-HS9@``t8L`&A*=7f>MopV(&WDLlgtkc
z<dJmY4Yt7p`^x|F>clb(5PmPlMn{to;hL*Bv2@FV+M9$z2PMkhh5+H%#AX{pA@SUs
zLT$*(vYCYet>Qk&ireLKS3ASq<r^P)yfL?{Yt>74G@ul&N;ZeHvM>eB9xgQot|2UJ
zMMlN+^bTXxj{caNFBps8q!K@7054)`aeT8gg>wJ$Zzv2Ds%2rhk&#t=S79F<>B&0Z
zvs3+8gpO{$xc@uV>K%ryk59#N0v?-?t?jXwYj+W;DugZUvHOV_kPQtE3k`3;hl!K}
zTAF0q?^<j1c5sPMm8p|-bLltp<RpT5^ob<nyc5{*{qrO35r;d2GxuGhIcA`%p@~lT
z2soC0n`juWLh1MnGDXtRiAAcOp|n(IxMY@#ThH&F2q9tX%~15Y&HW!I%YX;o`b*14
z1Hm&#MJXt&$N=R_GwEaEm&72T8qQ=ZtATHZFM4y{)A@mp%e)_}f+NOKOKUZ#{6%+2
zh`wJ02zw~1sX=M1IueR-q)+f#d#t!mu7;l>Q3(e9`>6>RR8{5N2Zn-o@9*!EUfg`5
zMnVImn-Um{uli=^=hqmZAJM-rVT7VE%gQ+4bRkrTV$&l@>-Y+fQHVs|nw!_7kc{#3
zgoMRm_w5uXXQyL6_C(;X@5KOhEPl*kse)o=e=!Qc0}-WJP5{<ifF&azKEy%TJ*d2h
z(HFF|_E<e8XMWJo{`8z7ub>#Mo0b+ZZ10PUnL=e{AFm(5U-6&GrbFP;Ax)<H^@GEB
z2@Z}=vsbkfmd9q>h6Z`kfHrF3pdsc?N?JQw4dSRYt&R8C`AIKEOS^7Vs#88_h?}QR
zjf_Tv$DsP9fQo`*l$3H3x^gaab`Ek~XgJT5<CW~7uwtS^9LapiC8?VNVt}%$N-rQg
z7h62zHilL=3RSuw7DGd(hIf7W?in$y?&u(!<$Me|G^NeUgQ<Rn<LTf%f_M7EFa_5)
zwd__c)7g#9sytu#VpFM^a|ctwBsnBxn%<s}b80C)y+;50oAX@5274cM7m?sq7H}{S
zdd9~qr^2zx{w9C=6bT;`TF0xx?+{#=ML9i*Mi~jUdth2GEhZYcC7Kth&3Ud$#86tH
zX?c7WZm`B(?suNiehnyH7-|r6%Ia*D^mo1GCue)1q0<%{YAk$nQ|0Ln+xH0{(P5^O
z9*+@1E0FKwhnQKVozCB3r3q@71#+M-4=JdGCbWqLw)z1<IbS}Z(eS$?^5F2W4)n{7
zMUqz$a85`{ii%N*@$q9BUPsI4cOELnuL(vx4?~SGDc{W+Y3pdM_BXkq3H#Q~Q1`(1
zL|8^d$ip5LF2QlRH!9#Zv2#u47}S^D^ON``OD(5NB-V~bt!RKH5foDo*w@<^b}jf#
zNV8&LS-k*UEbad06a+~hyP>nM%DG&2gxj>VPYda;-h(*dXhtoSKyE(z>IptR^9neY
z^sKC<>VQ{A%K|5pCUJ3T$q)F#h(D#I#J~l`wu*fIJ#Wz%j{{pz7;7sFs`op)#I=Io
zwdM{^D|x6SV5s-Hff=>`;?f6j$;O3GcXxLxzZ2!()bxA^D0Lz#SJpt$D#gM&_KGWN
z*(Vi#i{<I#BdKDPfjU(DA?-7YJS%H!X*Jddb~da7*_fO*XPVxx1xzaP$I9~wRL8&T
zF{AkAlP`Cswno71LkOURAb~~rEI??{RQ(T3BLrJR`+T;#n&)k&`v~FtG!#{5-Qfg?
z>e$VrueQZYf1tOw&m2rxeVhJ8lSl>b=`+IhyK2iu?;BpFQby`p=}5JKM&{RMR_5<1
z?{7~z&F>FG!_2?edxVTpaQpJ^Cr~>4lT}dEz`t-@jEum?f2{lUb&}IS9ryK*QJT^M
z85gNwDq=vA-QI5OPUe^4Sm)*Cy=n1;4w@S+`l4a71zJ1oG#z^$%zyoRcqsN?M5e^T
zqStOmgc3`s>cJZ<zbr4`Gtl>ShFTgh3RNy3A5Bl>aFU#JPffY>k7BQNb(wJs`Y8z8
z{9^iH-28O+DOQO8<DF0$X?3;#M6rgmi0@Mi)hY*`kgiU1RMb#pB&cfn7(Qse(PhH8
z=}9@V8N*l#5ywQkwYq|W@@tB(`pVZA*kYcZ3J*8xnYo397tGw;|MLE;BGeIsUHc^z
zhQh!_NiWotlq^)Q{|AK$3^^%8id%9MH+ucSKoAjm;2E4aoXC|^9e2c87YpbHA{`#V
zv%Zri$k^{P{6iQruk{bOOtme^=0{)GEgVla!<k|`l`K&*vWxvSP1*-EK~Jo9RNTC>
z{p`bUnYZUXY^<#Af8AQvRusVl>f%szM+_vafpJmG-N$Iah4w*AtTFK4^S!S3jg8*l
zl9Hy7-Q3*9_<itYc)-~HJjLpo8q&j!4W18Bml+zo1h{#t3ZO7iRO~#E_UXR%^)<TQ
z@JfwmeB&E*2DEKMW0PcS6vv2d+5eEYS2rhg16vJ_vp6upuPz=3Xzs%y?%E(8>Fn-p
zj6~qZwSVrJ%qIq88HhAbW)8r86!T34K73zTnZ7&WBC@ick@19gTWLeC0Kc7YYsi>(
zjNJf$PbNS;)N{@7Li^_m)Uz-{Xe%CA6^~6RawTnLWtHfRxx6A*XAfKVjLV}H<-MI9
z5^F0fCU`hi1+-=c27tmax(n=7YLnAGhr@YYK4Jk<kSD|klgerk=-4Drf_WSruhPEE
z=h(s08(m!;#0gkfknV#bi<xw5{#d>3_BnkkGdnjsMGWYRwX1r&#N?E%;q%4=Rd?PC
zhs8)(cH{zid>fc?)?OC{Gd!0uZ)O3c+gz;;{!hEQPLv?fcJM)9*hov?B>tGk8qeh~
z)}GyeX!g?5y=!Dl!rsR<cQ6zQ=q<eZP+?)=hP0GaKX;l6DV+Q6Bx0%8Q8-K5)5S7?
zqv6HI#;&gJgn%cdj189X(0QzZ+sGFX-e_WOD1ckbE6&O3n#E5_>|E8z*F#nW29pQ>
zpB*5%!)Tf@O5xBlQswPN7|Cw`(mAMf*1oLQX=T;sjrN}ECxB0(!qhbLj1Ty;7{ZPU
zw+|F8L~L+yOvS}!by<`ZlrO{YH8gUP82=gJKc3L}@9!V;aDDKwzdBxXqNAmiVv3c;
zLkIzGr=*M3F2uetOd@s|`a&)-&>z!pdgA-`Euh^P<B*PIR$8NKQE`5eTFq6wX0-S6
zlE;PDGgSY&xDVN1`FgMJHn{;s`VOmh4Cpm>l_uMB^{n$=hq3X-EmFX_Li^v`4dfke
z=s{-vJ2+c0Jqy<3Fk9LTueAx_0p7<OHy`ic><<qOcRSkIwff$ro_|UQUiiDkrc~e)
zdyZUXY3gY}YNVo?TW<#6Peww+N{<Y^fb@b8aj7&Z%7<7vSbO3K7@ha_^=GnCnVG-Q
z;^HQ_p`f4)!D7>UQ1a&Kb8>Q~`h(kU%wf!<?(3f2rItw@?Q`{_C#rg~K0=NeFC$j-
z<uw4?A}r<%W_TYT2LW^oaApdqZ`A}}Zb-@?O=~ndW+o97l9Fh6KGr}r+>MUQu`Rll
z!5VE5!E*WLVE9LByF2rywieS!|2LS3`OXn%*6*@7{%1h|bcq9^(V&XrwMV4T+aIaA
z;2IL_d~PC1G;q5E-Y95qnbrEtZrog4RrTr#9H9QHCgw?#w#HEbw<Ap1C4DU<)VTd8
zY_L;8OXqT$=*bhP+e%tm@Araqq<Ur+()8`txQqRfiNE*t$6Y2Po}o@Se!oji*CQAQ
z@iUF5ewqE8MCeI#sZOr(cgIgw?_#eKsMea^VqYw^Dtdfk_|{tY)Ep>XCT7%o<q>st
z?p@WE19wHL>7V5Q9>G(99o)<)0>)jCY>Mx1wjO}~V)iuz@e^rPe5Q@T#||hWyOcF+
z*83xn-*IZs_sq>Kq>MS?@d1scCj634sD0-MIsltPEiB^nJc~w5OmJsE_T#RjJsd1%
z69d!fVF>CeAErQn-zf?szf=FA-7HwRP5*#%44CM{C`th*kw2NbF^~XJK6&Dr39Z{8
z(M-UOqH<thVCGDvsd!~wofa0{^RHjcYkYY6_jWZY;#NbvCMRKpMuK{_-T)wWyMccO
z3qOdkSgWMCSfaQ?{7yt9F(pabBLjs@&;rTm?(WL9GUCGr*cfZqni}vs3w7_8zwi+k
zeC<oYYCXG*Av#`aBDm0nDqc~19b#eybT6I!F*Q@<`HZxV4*${F&eX&F{QTlUvjpBK
zXvU0uTUt;cqhM(0H+Fk@<o6(4Sn)ONji)D2ehausyHHhtyMx12E~m&E6wXVx7h&Z^
z)-hC8dN6iSK7RFM0`9Pq^0)Y&>Nn~9=J8?3>PPsuH+&BUPzU7@-(LZR;X$+he}9O-
zmM++Tz6kLDhqRTMX-@Q127J`D(^~7}rFu-Cw6y;av>AdYJJ+XMbj*MWQbmD1+W68^
zTTw_zh@_8C6B^tgkcM{RDTpibr9sNZg_SGUznDX_gnDk|(!mA?*@FLQWn~?eq>zyj
z+W7Tw-x%-*V^7gFB>VgSnh7d$_JH{-K0NHCtlr^&%EFydvKcOO4Gk6GwlFyTD_NH|
zI_&NBD8^1D9O?iMuO*LfLmw8_xW5x6pTbcaKQuD3b#r}vZEIs=H4Q)}-XqX)^JE7{
zMhIqp{W3Z}SP;-LEQ4Hlth=pF-zuP+rK<$r2EH78C4=PlW7Hg2szKqQotT1}^1|@A
z3f+B#l=t0J&&HNhD?D>a6UqmJ4oa@e!|I3FiO^6^&kK7Me!j4}ARKY~GF`7j>bqae
z_W#bm3P*R|Ty3J?k(0kl%*4*wEgt|MmI^%8QlTIz4EI8CGzOnQQS_~;rDYs62Noa(
zeT>HVys%)|S*)QYPj|JsaC>>|=_v;cR%MpJ;99j<j|r5QSE;e2z;a@q6onr6FeR*I
zMv|Jk3Z)CU1?&*y=OH*YG(@7|pyW5lfSX=>BwoDOt}sIX>Uq%UD=v8o_>D^h#OjA%
z%q95{TE==Xf|09R&(z-IKC`Zt)(;GDN#0BUtK-6!sAy^?K$GS5DJm&F$%e_nV6Z;F
z#Iyh@Oc1uY_l>MS{v-H8@oY5x*v(Da04TzGe%jiw_<q?Qz^u|Q4j6V$;16~@e{C%J
zoQ*bEgMh*8=I)w!I0OY@85M{67@FhyG)w$tE?|NhR&-e&EgN-YQ~Ua!vrw8gA(ZCJ
ze~YJmwJhol2g%Dn{rd+V4%D4Jot@OXn?p&L|Ji}y3Zh6ta0y*Koqs@p2QgMS9vm3{
zgI=1EG2yl<0k~EF{|Md>4`^bZWuSJDq?6ZqaccWF1dAj&c><!~Mf=J(KkP~tC%0ka
z6a{J-n0*lD-2lG3i7!G)jEMA=+2XjBOD!5&dV|7+Kbv^40I~0P<y^6%o+yfi-Zhdg
zP(44Dw9AB$%PBxaba^xoGYDOL`VONUnV1HhI)mV^VKgvOI*2oMHb*NRDKk@3JY$1{
zuMnV;@Y$U&Uo6IklR<f!3t}`QEJk~8qS20LR|50}l*SohK?y*?u7|ePTKAwVmQ;WH
zyx@Cwlz_~tlVg}IHaI>c8E8WJ&&~Cfz6Lx#7gyxNO?EL8(6c5$vd!{LiEe_ZKw(ME
zbC7-QT%)8kVc13r?#FxgL0UN<VmIo%l~1VZ9*x^&`s4>(f@25EabQcp1tlipSspGn
zdBu|p{fh))a<U9qsHoxC^lPl{l38{C7qR>%D9y~snJ*;*^^cg+!vjToMTNJ9TVie~
z5*xpL5D>D%hP;dNTFE_Gb*P*BE7OR=6R2=cvB@Tq^WLaJpdeeba)`U)Fx4CAEhvDo
zx0cvg5>8#X<gi*{uT)pB*@<degXwi*QV5J&{Cj9T!}aW0^4UlVNA>|A7vVjCvfu+W
zF-a}I<JI@;!2n`y{rNM5Fir7Mr!1%<O}{n}LG5m~rAU2kV_nlOF;{bMW^Q{wmL^~R
zHIy1F0NhNgAk-h4v<*+)Mn*@OUk)V^gD9?k^!l}&0V&J}3hco%T!2$zU^7C?1PnVn
zecyMsV3wZ?WKr4TJ->#cz~XtkoH8I>9Ln0ByNb}z(1cf4yKKG(=403{9R+t$qph1_
zVPO?6Ho3{)&n_fVBBGd0A3{qu3*QJ}OJ@O!1%fBR66)%kR#sK<m)o<ro>^J1b|&6;
zySKWCi;z=-{MFK5nL=hGB{eZK9Tt`ROl$u8)^7ctrlwYC8=1hmxlFJ43lCe~*q_sV
zT9}xFEX*hL@~@rmHx=(x6oO91GPUH_N?U)ZAnh;3T;ftz#n;<Gv+R6qZ2R`J6~-}4
zvEV_$aY9=ckdl^OxI2O#4fV9No}<G7<x<bgA#UjOZ~Y+O`U`zf=CNlBhjBU`8H8Z*
zF{pMk=)x}B)W}F|`RD5DY(GvZ6CPS+@RPqEO;t73X)cJ}-(YMI^aKnpQ|cljYUpcp
z2`@wYdfOF{5&ARjY2Pu&G*EL(2I>$J+Aqj?JZ+C^3ZwujNJD2S=)GEzu7RH3;#`Z@
zQH(h391+1b;x3oVy3BoQDsjE(V;Sgf)R|k5{-#RCVu}BBP(`&*$jb}X5CJMhI!sL9
zFOdgECFS@8m?wso!&pi-&S~@aw9_Djm%1<~p=z9ox)aE;x~*~L<DFC2{0b>Z?f&LJ
z%=Ti3_=+np9}OiXNYdex{c&Ion=;PaGu&LI>{YP#^akQ7k{lNs*MQ^DZ@E5%4lNI~
zHsJMAdHea5f`4~$w6*<445t8GgP`n=O&3bqwLwB|Z}&r`vbOGRhx~_x8D6l))L&do
zWQb*UTeZUcOhoFL-AkpqAI?v=sKi&A<Z)BWO%pWc=lvCQ|6C-q9)lckJ$*_FC(#t(
z2WvvO=i|Nlod2!45fTrz;U(5Hd`%Hn1OjL<wSd4UU7})l;Wmr&-RW6STc3Y{9p!b{
z3eLUK)P!gY%F7+j!2Ok!9r4)dobbvH4m3r@3U7FWY1N&Udw<{Ge)ya^C_K~dX1(w1
zB@YaaOe+0kfUcl2Y3~g=b{1)YsDLq$X>dduAYg;<b`c*yjQ<siP7GKK8~=Cn$HKy-
zV`KufFPNh|R18cgd2}m!flOl{a~j#5K@N$;#LBpsP@>qp%L9;-+?392oD$UDF!qS@
zdBOjB?=NE@9bJ#ZMIjn)?w=jnr8@s%O8;X&?gD2F=gigB^^3NN2|EHDa4hJ(vx`~t
z_n%iri@!l3nfLXUkTc2ZcE8gw&_v*JacN)XS=-YU)HmGN8-NnZEc4daQ|;e|gML$q
zg0zE?Z_2*@A|g8FQYLR1f=cM$GXTMvOdvjgFT=w<)PHX#6_`~xEHq(C_}W+HM)zZC
zmJ-G#OyGwvGyHxyJX3DC@|rw>+JF~q1Eh$Wnwrr1`g$U88FBTzMO?ZNL7`!Tgr>ol
zVH+gbe{PVg^V+fbVyp97wq&@waN$@Q;)rpJL2r_G;2^A&0mP3lklAqM0sZ1lM+d_`
zA8Tr!GHzyP19PcfJx0^xt{y{vPLRX<_lc{kb{`TlDGW+WETYp$zFTTC@CcE#UtC1`
zorZgq`CT5afU0ebnT5r*{aX|@S_Lh{3OzxJc>3%at4X{6P8--BfL?EV0+%Nx4GiaS
zPT3+LBT2#otuobN31e&34C`Cq%?}_g1Hbk*HfboHscAF;zr&k1Z?5c?gnv-*VQ^51
zqa+O>0nkx3lw|IALVGq_W~<RB4|*s>bSmFIqk8i5XQJIS23%rxW?YfEIYe$;335aC
zs1+VvQdei&>DC&r6J_ZY9*lbf{CAl3c-HmD^$=<#L?1*cytw0y0o;>suZ!5#)YKdi
zwd$=idA-;PD+~uN-!O-+df#rM`x_bIJzn$dr2-tq|MI0JpnaY)*!jjE{tm$d@hY>?
z7ncl0RCxsDz{>{b4k9PVbGsMb{FHnmuB%&jG>Q18uTQYn5_MVJH&hHv$-I8Jw>LdX
zjl=fEp}-jRIrUEca`|&(W6jPf;R=^ZZ@~BR@ctZFso_6<{D_5-kB@Z1v5Ac)$s1f!
z@@^;smnxo&j7%N_9i0nMBi)Dy;KnYzY}2HEmKVwMgCFL+pa+qM?{18n$;t3=X|}di
zT>SmR`nB&Ij2Htsz};fah$yS;LrG=p`2piudK)`Y&roq2=GN&LUtn|4(&gslA&k(;
zPqfQxn__98qwDQ2L^K$;tb?RkCW^aX%*KJ*hTZ{h&Pm+palv-MW;DnmCL=35LQYPO
zkR{@?t{#mG1>=bT_$FYdK@m*-r5UU&gIcEWIhYn}GoF`68wDJ$i!J^nph;kx#|jO&
zJxb`F_{#wg@mF;!l?)zKDPGd{b|?Ydc5n5yXakfP>tay9f`bDZCgy7j?HrNF$j+NE
zOqa)gY@IdmxWU(k4Q37Xd`}k|z6#RRS7bvXQAbD1=A*gNHd9S*<=Od@HfG$!-hPi_
zzE~6(0I|+B{{<aK?%Tf!D6V<gKBfbgx3krfut<wbNIgd}^!ShsyO-1dM=DnutWM9v
zfvvvtP!K%gzYhOvR|Q?&OR+dPz{FvNW(dB2ak@2Y5G`HDw*K*BYRg+}94Itg%JSx{
z#OX<z%3_BL;!OzZ#*g=iTJlfPV9tjp6cqb_Qxcjs&U|iV#R=fooJngWxRLW!Mxw8*
zkB_(e9}FOabo!p2IPJbJl#o%u%FfIG-R}5$5wRP%`U<`aT#%B{eY@E!O-<GNR$F`e
z8x@xlDLN)5={qG7O{W3`FNJ6HcVolt^535kd8;>XPT{B@POa_J#HnZ))q=XHA;tzR
zC5L&lQB$Z3%*8$<6(I%yJkT1KBKUo?a9)LJksuA9=94E?^PO;?-TqQv58wjrrI@ME
zK(ABmIT9%f$|kl&{jH>AG1ChG3SxxC>1bZWfhu{!S_)xd7Ah|*w$VgZ_?N;lXJ;Q<
zl`r2_d?+knGm(=3JfOFLOSp+!_ePSedJl|eU5Fd~aU-z_3F5`yzFo%xcL(e6h|Aa#
zg{SgoYI?D(U2mkY=JO+5KPM->mS(B1(x`9}fsX7zFEAH&p>6N$*UU&1|L5jb4M3i9
zUH!?<fguD3qwXxRv8zvi(yMUsgcOG&^)Vxl?6r7t>B*zAl$4wYs(mwl`H7IIHee~b
zriP&!6*QC}%&KSgih<sm{yuoP-o8F%5mC{$qvbZg4{X-YBMSj1h14YtK-lbfhLD@4
zre+NqoLEO-oN9PD8ZMeyxh{i2;Rj$Wef$HB=+!w=*afPrUmjhpfV<Ib>|^gT$fF7V
z$-VIrGHS4YzZQuf+3uAvt?9K2#4}1_v>uN=>iirD50&=8(Lo86bZqqKfBzEi{$Qfi
za-C^atCD?6`BaseUy~=bikaA}o?T@<NxLZM^W?{_z)(*(wqJT`>UOKmB<(+~2<k5o
zm>q?Ol(4h2^Yu9+V@pYCX$N8ngM9XU8=2bUEfx3F&*FIbR|=rBf=5+lHSmCxVLTnx
z_gphSC4s8Pc~hZrVV=MAjh{6RdFKzw5WK(>TDu*U%lC-YhntG2Lc&r2Ab@v4P3j8D
z4nf>MJ6kog3gzUe6wf*Z6a=U^AjwMeo`);_z6J*k9fM&{O37tJSiJ-`!kWd~@Uz|T
z10b-;0+92P0`$U2fkqgaDOe}WYErs@lZmUF+vzg`0#@Xbx3c!Be3%-!xu9re>L;}#
zej3_kIe<_+Z$$=fLpVdh?tUgN4wA)K{pnV&xD6hRn*3M84Z#IPm$2wGHkprppxge{
zBG89^y$5C~T2z=?w;{KY;RS)l%01DoBf!eL&2dIPn78944axXQAq)!|1=B|&4<=k5
zoy-O!N1k0goF7FC`JQd-f{U6f<mBWEQuri!%>n0xCdSRjcmDuVM+!(O57=<B$jE|q
z4rE5<<<N(eOjQq&V2gtm&%VFX5mg7<8tx^Bu3DN#SP8~0oTk!<mDyq-R#{u*<#DP@
zBRVcL<W^PT!BLkMg!XxQ&aEFMEYrz>aPSBKY*$ZWqQSuM$S_{ujeFbH{r#QLjh)S}
z+cdBZRvYX|DkxrtbK|6#p=-ixnixcnWMx6lh7DLGii&V>fN_*EHC-V9NSsdH9xaaq
zs3DTaX+Ue(n9P@lZ)j*B0v!y)@YFXmFJMaz8WvttB;dgz%EfiJV-i)tJXA_bK#;2A
zwb!dd18P!YR)&g8_YJJ0`tR#Pv(hFZyR_WYg6D7b4Z7I{iFcD2LxBHUBje+vW_v)7
zs;MblCje$u{*Qs%Y$jN6-h`AUTRzvIuOlu-`nzOE;O%K2GIHbUIs%cK+Z}LGOK59!
zRbarA%3K|s+wEtGQ+>a`hYoNp;;F<Rd^9zGJ^+(Mp=M?RHQFKUU0zv%PPyuAu>e<~
z|0;{X8os*vpka)N?@sa>lJL_fXwj3vuPN%sj}snd{y7X;rneUkE_<cDk5*MxP|qN*
z%vUHWXHY>oWV+Qyuc9;t*n!~T+|A8Zc=`J)67g)t(ivZ=&tKCV+<N%~1`F<(T96oy
z6GRcr1_$YEAY;4rVPO6GB?CGJ!HEs@iwjlHhJd%`EL)Tt09y4*ld!49CT~3QAM+VY
ze!XaAqOPF_vB?Nks0C#ONL`MO&ZbRI^uK9)gvZ9J1e%$xPJ$BDG@qAT63<8;9EqI7
zygZ9O@NaFiW%_Pmplm_tY-81}0!ZrU%bY7&u)uRr;Ew-%f?8qpzQ4}4Ofp;pnyr+E
zCa6JAv4V#T%on>goUF&`$+j#G;pDtyxnwdno<l~p1l(L=@!{FD=BJconz>PIKSB;U
ze|t8im}nS!X~rRslzr*>%NLQ?epd@l!jnRk`5!k=?py`MHXpwcW56}S<ulgRqs`E}
z-9PF7$_+uqiq5*Ym}9gAt*23R7zS&9${uI2@je)dA#&#B?rsCKJDfz_-QBYoo<Ao~
z<+atkPq#!1w)qGM3_OI+uCBH77$S~~?+y$6*l^shU#~UVlc<3aOG-j|BdWZn!ww4;
zqgkTPWn6<*t*zvNSy|d4SWb(peherf@ClhObH%ODDCOj8__Z&gsfkWP2>P+mO5!>^
z>_1MACbhWaa@38?$-*jGG=(2<FFdTIR5dqqA-=MINy&u(`dX}t9s<KOOyp3sggp@8
zK0PI*z3PN-1pL=Rx&Ry;jWC75>6YbQlN*d|)ffYPFQ6rL=1JM`KiAM~u{a8zx76jn
zoX;yi5k6ZBhGH;9X3HcU<xt=xOiaZ7lZDw$T8X=+(g~0xnSXY~QzM1Kpxi(LRf4{O
zLHyb2>C{_JVkv>K%$_|!oD2`4i=trV2-DKQHS6MX`#-^dU+d@y48tX)R*i45fgc#b
z5Es{dXF6s}Xw1iFt*nSq$*#`t;MaE!teFZ~2(*!Bt(Z>S8+amXwPE|>k;hgbqDWLb
zEIj(_$Y?zUIHl~X{Nv}8v?!fS;Wd44LC}dw%fXX$?q&=+MLxt~&jZw+lac)A4_t|X
z)IeK6OpvIbp7cZSb9yp&RZsuu`0(sD(SJ2Ha4?^|ki&ePJb={nWNT=7$lz2$l4!(U
zUYCr(a(HAt`sGbVTH3eNe;cUwadElUZ&7-lu`-#Ks-lH|NMbNAE@Y?xlnfYG2HgJ=
z7DnWsM^oPe62-Em<t1>mH3qIM=vH)2EmMN)mCG!L5B^_qU;UR=_ielBP6egmG3gHJ
zE(HWBkrV;x5K(d?k|H1?qDYA}($XoZf~2HMh%}PYb?4*vob$Q&{sYHfUSCo6!`f@j
zIp&ySj`iL8W#)x_qe|+F2(VIr8D*I#ChA*2x&MsuOjz|BvB5oW5|n}A^vvAJ_8jcj
z^}SKy9~8uvEO9Rr!dCJO&YIWr6usrjBYQ?oMI{{*Zdu>Pn3GFFKo?JFQOO6fh<JUi
zDUR_^2i@t@rFeLFN1;?~<I>r#wD{|6ACi)oee;y4@z;G}rw)PIgb4&H_6U}!GF%=1
z>d>c24K+v{`gk*pa%!k8GUq+(+9mM3fDuw-XFDQ}x9vq0{zrc~q336ukC*TwiP;ld
zxGoG-d&Fd&|I<O`=e<X(<mnku+n8BeQ}%5r_l9m#DivcgWk<09(CLTUKE7x8+ra@_
zuy15nPHqmue?y}$QCi-Wk9W<?x{OQGyB*yz=<NRe-76Bs$2Y+wXdr>FP2$|S!jqH+
z^e?d;3-fhjv%3DfB3TU$$48)mo|s;YA`YT{h)roYXXxlMKiut0Z}ax{7Lp&-i@3sV
zq&WQTL!1AA+Bg1%@8Y{PHNR$#4&GbC9x|?RKj(Rd&#6~*x-lRGX668ll}5vWH)>s)
z%L(1ElA3$v=Wpibx(Ny^S!q+6JXj3YYG}CM@cM_eJuT>$(?D3wv%Q?VnTYb5hEIV}
z!hv|B&UR?%r)%1(VdnLgcdYRS8~mA$96xF3bP$|5Q|G%Dc>n!QIL)hC_i5LJ2vJqt
z0NEfjGn!NDJr$HTHZxuDUiK+aMv?iQf<}lfL!Tb-<8w^5M=>QZu(6@?H*RcRL2Q9j
z06`Ejc8t2c1Do&IK~rO_j}K8q5D28Y=xEym6R_I^+(y2cd*fzXN72{rT1CaQvWM=G
zJhBiw++e=^^sIgXy=F{I$7XoV&eap2bE0q|o=?$%V;SmWCPGeLJoWpt>KQg@qU`XS
zx2_P78MlSKsFS7#VMoXtrs2q#N?lzy0g*d&Y>JACPeEn&^BCZ|m7X89awk^Xdlv(L
zUg+)XoBHC#3m(G2o+5LrcW*f`xOg|0DoAj1AQbF06M)|L$nKey1D6<&Y4{*|_KvZk
zAsYH~Xy}!=kBGT!0J(m-N?Wl;T=8@>!F<t8JQ(^6IMT!KzNw~m-hWST$@p7a<o$pY
zU0oa)Lx=u(*7%a4q5e0AvRiSW>bVmiuP{9sWv8+Ad(Y%17q|P!7gFG&)$Da?5PAQN
zJ5HNBC)STzbAfb88gF2M=9ujtXI)fRchCFe_~@~@xj9v}k1!O0%z#LhPo-yPCp=F|
zS{Cx0?|ra~`tGn^-#j|OIrP@f)>pRSvl{y(z!Wv%_x0)PqE08<8j`OzT3ybSra}io
z)mf&hzXKXoJveDKK4qRitznd`sJ!Dlw|VeR(xRdH%0kk>%-*h}>|D~$fhhWYS=!ga
z93kD<Eb*RF<Vlp!9d}P8Mp|zR9y{BF7<9x;AIvc_fCJN=s>uWkbB8-s0qeKPMa4Tt
zr#m>fT^)87vR{?>OD)fSeeAwD>u_?AqkX%%nVOXviB-oZGBP@Ba6fl`Y;5CA1{c%;
zL45uP4eJ}>&!5wVTa@6Y52I-~FhfXJD7?PyylnPiK65Vi3_nIv<TPRlZde!jETY+F
zyH)&^ltMZTTepPm1SZB9r*JaQm_)SQ9(^Tft^Kp!clh0nZ0+SzP31a*$efFk_h!4M
zK!#(UD(d)BOF==Q{!Id(RSozkT)8q8>DoBx>8&3%KUfq)Gm!PR5iJ+pes3Bv8Fz_;
z7`J<GA2Tw+R&nZ5bDHisC--|w0p=-(_jt$3AGh&0rooL=jPK3w;VZ}=etmOyAT#pt
z=ANdSoRpO3;^-+v;7)%AsS(qc4(dBXers^0Vf)^lwzeX2_8JOCcC!fN7dTUfh#P0h
z1(3%YKOHwT-1Tb4pGW5xIHj{NrQjhF0Kzm<(&uu*f`Z<^r>D#ELBLyWAjv>8c$b`A
zS@c_#`!ucU)3a0iGYJ-yF;AWdbpk<^I9lc|%8pE*?2}PMJryy-7@S*u^~!RrKl7}U
zUD%(_mmHGP%ql7>Bh@}zWUInXW2Yx{l1Vp<8hrAX%p6Nw(NF5kCe^gJOU^bHT2Q5Z
zxVl%6#{Oa92g8Jf#HWdanYF1RW;H{vW2M;qva6b!=G6pOCz_D{+6Q!bM~2s_f59a{
z#Fw%Y%$GK15@1QlOcGynio6t3JUT3%Xd?)*;V`^<HNSOye7vWvZN?;CM^#yr6^~e#
zA}c?iyVh@S12s1?8m7GZl4q}>s>=9aabci}iJma5`rbOK>7|l2*0VevGgW6z#J9I+
z)$=7@T}zwr`k3cRtw!A1=!1#+jYv1=1kjqia~#HeaEj0Qb1$FmOkEv&+-FM}|9x&F
zuH%H|YVO#H-SOdqz;8t{+2Am7St@3;W-l5D_jX<rbaJ4mF<@aUG>Yk+)#&TAyyxq`
zNw#@Sg1`5OnmY~V89agetXE$0-kLR9xTCD^xJFK_%R4zgf0mAg<<I`O@9G5{`SyWq
z<Lyp<V<|hzjne9wMDy*@rbn-4R`^b~hUJce&FSgyi}{`YJ$rlW_h;fO?ur4qk8^ma
zu>!CDKJ*>-QY*NCI)Cle7yM_>hkpdwSUNqe19uS9#^W(TJ|Ew6TgU$7%;MU-C(K2=
zyOxj2%ccG9+S|updo46$tgPH>8%l-oVIibWH)$RjsgjVE_WS;V^G38i{1v3B8tTZq
z_7UOSMj~dc25LP=B4(y)mAB%rhKI{LjFu0fm{{Vizkh%Gdo>>(#m2=x;^*OwXDmA;
z9UnF;x}|MsO1{pmsMLWTk;&T+G#P0`M?C7;-@3c8QcG7Dpr83yEoKs2x`EmXZ^rhl
za&ztVl$C>*pa;}!AbEvmkQBCVc^CG7Tbi3+Lg_7y8+eI|)$-9}yb8XXm=m;AUYVb(
zi~s1+kuTt@9j!NO;~i|Bc<RrxFENU_Jngm!$o=+8)A^&%S5o!-?LSuE-ZM1!q{I*J
z)rGCE8%sGeZj_d-m)F;SVSGUv6c{-^?#3$1+&8Ql<E4K7`E4~dwN)6@a)L9(>DNN7
ztc;wM4|lk5<Ho?D)PohL;xe>s^Gsx$kOH-vM-OXPaj9Zg!L3BTn4B@er7^l2FxOec
zB$fu(#lxWvZ@u06vyQ~x(=)TX{W7CGzCz%&i@r0Y#0U&FGJ$e_r1B2QlhoSn9d|w2
zAK6+;UOtlJC%e|3M>~!2dAhpxoSeqO_Oz5$RcTer`?DZyyr`;%s`0-Owxc|`&Vk7k
z2&5jo?Kt$ln)&S6-I$V+^&7~;XRpE=19ou^jEYn>+)J`L&-rMyhLBYS%sw5P8+7bN
z{?vHIvu(Wme1|%+jd<g4urZHn&s(K<*0RIK5^)0R*SNRJC3hC^kSedm(}p^U!DYTX
zw>y_d-O4J}Y)u%+pQ29%Tt4DvCem>!QsXDdJ)|a6dn(@*#e^Wv&VSP7P7XIGLDS-O
zmWgSTiWZ}1@>AMbT|dkdIsx2#eBD30yH~i`*iutKJ@p%I5^C;F?f4x+)>kwBVEp2L
zYYEJxv=Y>V4|H|cj_24~L&I9Cyzlw-7p1B$(P(O-&-VUuK41OW(oyf*Qfz-Cv*Y@C
zW2A>5e)xUh2SM=;DG-50=syYmq<&sm^^3&-m}8x_vlDUXS6*PWn1ipdpeIqSbF&UW
zRwp$!o*aYHR_GzMZl*gya8C3{xua2FLc*{l9^PXfL_PdTP+S3Tw9_c=+xJVNu{ARO
zyC}8P?AI0#U*FcygcOS**Kg`A2JwY~=T%e`U=S3JZam{VE+ctJhpIiv2mQu`s;aMk
zt(a$0oFjNmZnv}2mL7X<W=cs-E!*w*aPOeVw7T@o)Z_4RdL#Mp#b>~FWPuvAfLYRW
ze)8U2_kCVIF4{jJ&3gOj(W^R3oWx4hr2yQGDXVGDhO^w8YjDfLL3}8f40G2ZBdC1(
z9H$-;74j&SW`ATv-(d##G6g%*+x1QVt@bQkv~B=Ui*{<KZ{pw}1KP;~gFji+hM<(P
zy(kIp2SuvU@BdC%tFT_Uc)O#{n_onB`CIOQ42quM?eFg&Y7o#EkU-2pCFeiIo@)T~
zF%@@7hxK(rLiQOJ)@X*Iq2hySD)QozK1i2DFvMjw2j3(l#+~d;a~&;(2>(OxkB);}
zFQmoC+gifbr+>B0_tw|;Pm|b8O>Jrx2EZ$PCZ5!JeYWB~+}AQ)Nx{TrHo)!p>@#(-
z9hKiuQNr+zBJ+A&JJfCtTp1`!3}iWI2JL?YspzZSG&asSf8jzk)K#Li08BQDy+7je
zfGx1jjT@q7tb-mp8G5JVe`e_)w|!rZ)8V3%-R8ZCt79~LrkUva{_5Xo@6BiC5ooH7
z5QFF6zr9DiJ`R@|dA=CQiwxp#C_vQ|#qikLarlcPjM802^>5!!=WZdQ$;E}V#BwoK
zotm0@a%Oh6;wrpTYQ%+*sKtFm0A_Ve2WE76Ir1l;#)2{S-5==$`%#P`J)IS%TZhNK
znH{nv_NVw*WcI%d-|HW6cR29M?4Y|Nghd8E6pWXTMm?U0VR%mZE%dJkIvyX#r|8^-
z$^5nNXbs&}wHQ@RC;RT+!NIQ<<qm_<uu;4h7Z*J`>1cBC@rdD8;&EA74i2lEVU#Sl
zao8_$lR4V<v~NtHYKA^FS)K0~7vUTfpvMstK3mN#ySr!12MR3MPOdzpp3qJTXR_-_
zZ-8;>%cJxBznTe>ev}d*?0rM3fLoqEa7RB*gi*b#EH6LQ{P||Co72B9=-Ndk8Grvw
z+0Fj5nuUQ654V}Ty5H>dYesXOpQsJXlsiNwqL^kH#eq$Ve5RS%+5VIvE@uNbJV)Ca
z;lLn)4Gj&;fX;nqyIxOo#;QNTnf$UauxmXc5KKtuP$ikC;Q<SDw~dsC@e1t}YS;5p
zw)0cYT76}ADmEk?i#`+pyhz#uc+Brhx8k>fftKKz&h?)e8oN2*s3Yb`*f|l<f-f!(
z@%WC6KUbsGRoxkX`SDOprR7XU_H<Pk5dtP1Ocdl4Z!=q0ANPyW(S3Z-Lde4;MIS?Z
z^<HR7ig`*{SjUjCT{rVf^zL1zvowRekf#3Ps;PD4Kw7AJotStLM;@dHFSXu;-bar@
zARTKZs0|teO?LQTxyjGb5#QVAOJm^D{KDIi*Ed5_Nw&8`!QHv0Z{q8{xo5Pe9>eCa
z`jRNRn|7-*VSJ!OjcPAX)0<lF1$!K)=jFruaA-%Df1fYXLeJAre@{gN@~>FT9Vbf}
zOFNuCtZ;tJPK*Sy%J}^713^W8K|z7O&8br~M^uE=7$49&YmtHpREcwchDHYr0BR!a
zYoBN&OiVDp77ef;^C^4W)RP!0dUCetX;xN{r^Gg9xmpIYo#A`G#-n1QNxBjmj0LmU
zERH_uxkS9i{oTh#%8}mW!Se2x9ZF^?dO!u@xOnknp%=J0y_X7qxh}4P4nB0GbmiCA
z36!nT=V4k$<wV0^5*;TOPislJW65E5>YA}hqVVEyQEC~?&1hZHNs-o@IYmoT4>yL;
z)c2>WL>7hx2fue3uk+?Yq`lV=vi6t`v?BAWuJQG>g^ip<tb!Mi#BQ_m4HH@t2zitI
zIy#=qeeark2z-5kOUR^3oggJu^teVo=Cu&i?Z02QUC-OqwPw|m^6A>umd8~RA#*v;
zd5vA?@i4Rzu*uskiHN#J8dz5S|MuPbY7`qBPRs)wR`!EGLF~lT5z30I=y-k0^SHPK
zDi+DV3h_GX${7fDkqg9}$9}7-s1&e?I()M)G3Ggik8{auwf&l-BUpXit&#2*Som36
zwYYT9Ed0l3Yx0AyI8VS4-9Ciw-RkG*7}NFjM-a9pcUB74{DRmgf4}5~$DNhDpQo5=
z@908_d@}r{7?L+0gl=6HT+ifvO4#1+CiQ?4uOqr(gZp75DXH6TDq8H(jGrNM`6~mc
zU`L^S{1Z%FbW^#KpN6Yzz=qAB2IlB04h~L!R8&+dj=ZKK?r~{Z%dx2AZ{MTb74PTI
zF(*qe|BSu0nr?q~*Rj$4>L7M^ZY?t$Z+#WlWT}a!phDF)>V0=JEaYAV?7oH1c6@w*
z1pau>6Ec_kgznh};_+~hi-%Q|^Z}nmK>qq^Iwsa=f|jszZWFS5c^yU;{`W;WIqloh
z6dtqYW)fr4hb<ulgn;*h9rW7^_GaI>@;y<;C|r#D=-5Ko#d?KSLr@Ull}J;D7Sk*L
z4U%Q_c%N*b(gku{tYT`dvDfaQ@C7Qcg^xJ#*mY}j<RN4C*2Je)xahki%syj8Wg+Qv
zI_TQAp^VCDFh>k~?BZf9<6Y_}WeVfmLiKfZLqNvt<$8KxFc$z##rAuxj<Zb8%#?S7
zWQ`1=O;4Y^;~4qwRwdU@*GCQ&wpm%|tHqUQoyKF6<B<BgllJ_K@x~ZmxIA@oKxbXM
z^QGq3GxxW+7)9-ahDaf)1?q0jf^+B%7lMq8jQ(52Pe@6Nt@b^4U4C3fhnl;{ZBza9
za@SAOurNL$5EGL?=b!lvTKA?Ye2j>Q$lu@o^Cqh_A|jmY5l(P8SElPkgS`f-p}`Gr
zmWA-e_=hszHqtH@amtwI&jGC4ho?392F1KEulrm5Jgf(@N-Q%=6n4`K{+8z78<$c4
zP#$lB<Nb!$_>#D*>hHG54U3(#Lihtig&|(`KJkpJ_d$|Yj4tR^fhk1ShyEn1J9l2J
zEG;cHz>|fs30IfS67-Mhl^)n_#S3FgAdBn73#=V3vaX4zJEUUn^|aTgpgTi1l~=@%
zMdLBh`C2S{prph>9MsG*uvuE>?zZPqb+miVLs<B~KFoTh3l1`FKS+v2&%~E5#XB|D
z+}jgMa(4RtNc%i337Gp(Jc)_1I2yG}mB~jpNFu`Xh;OCP_T4HgE>_=Lsa-V%g{`YM
zOj1#iLGri%h#QQLZ~5zRPrzkNf8fG%$$H!S7%-T)!oYyN#H3$bP6dYZA>e*?E%%{Q
zpr-ctg&$p0dv0kIZ4AqIB*@qbWBYZ~oh%6Ar!h&%c*g1bP&2qcY$G+j;*KgFzjvQ*
z*P&vTD9(qWD7wm|OPD-Ws1kBC)z8x=$@p&f0wq>-vNxAH6cQ35DIWBA>aNuzw&bMV
zr8llnaOXZ=+t)HaQ(w<P8`-y6yZVB4-$k9cOLp&f`A7B(7YS1e3&U%@H$&#w&~<{)
zYl#_armpuWR(D9vsZ1GY&@+6NJwXJYK6l|G;cd5H$Hxy=Q!t5{ULVa+RyKGF8zt`>
z7?4b>MlqJZhxb+i!&%O6;$BA#YHJgd5I5<dM+A6EN`SB#Hw0u^-NjwftYcUO!~}I0
z%XFT{#ik@afnKxGu1|nArJuM{)1FcoyYC7n7)sx!jmn8$bYZh6K5_Maa_{Cn4|d|9
zFR+H@a0|6GO!^=Fwcjht(t0C%1=OhBAWN`moPDRPJV@CSNUa+`Fg%=KR_$TalZqaD
zU&q9r#%r=c(L+I}vxUi0*$W%$ZRYporANLq1#X1(;IJR*+8;cD1IJ%azc?2bQc)o>
zx4=oohMJ6xot5z7N%C4Xl=MT2#)IhK%X>pZ5{oN^e_zGlKPN!lJv6kj#z7wma%->S
zzP`Stv$Eki7k`lw)8ux6oOkspi<H<lI3Mlgw6?YyGT7U@y_Tf22sn{x?|$`mD3v|V
zhq!1Y$N-R6{w3|SKB-lGF6uikey)A{aNiN#D<g7uUxU$Br-!>_tIiYkQtty!jzV_0
zme5Me%*>3*z(}(6LURHnGx3t4;ZT{KM6nZt3nAf`)YnkVN_s7i@WBYLY5W;^<qQlq
zDC=n@ig4D!o*KGYW_$l9ur_JHb`{9Gx+<I3KS`bIQOjQWDGK{WVPs+86WZCW>gu?p
znOyM6hc6IFg60PU7qQ@?HVRMv-9;?{r!f&ImL_fuauMS~#c9kF3ixcY!CwOKCh6uT
z4g#t2*mbh0GI3g~aPPpnF_Mhb!$WiKTR#_rl-K)4u$BtfymS$xhX;90FY?0Gm%&#g
zB$TluJz*e^LB;%&p5xA~Pp@x*OZECvQLnB-48ES60yS410e98%+MZp!gdZjHS|>Ff
z(nvTtW$2FF$tPcPB+&ROnZJ|MT6w+9;=+<q&9=wPR}r?>wvT^0*f^r1UpCr0-NyZX
zvuw>gTiaDeM+I8x#jc;9pV<!wpS+DnMMbN8P==#^@z*q!Gi;^t6qOwYV6*+m$;sI|
zr}|Xl9Bss%AoivQJ1$)xDpap22Sf2o2mFJA;+^xd%YAsNUlR=+o^}E8nw4qQ@uQkQ
zI7ZB@#&W;Hc{gD38y5*1a$T<?&!g}AEmm3O+ky=r%0mVU&F-EoWE%+eoRD5|$Hnd|
zbPfD%4210aGp1u>W8YwRme>?_X92oh3c7Ud6}6z#NO50Jij1(PhI*5Qm)GubcB-YQ
zdwTy7M~)A-oZomEZCFpI44Wj9_UJ7~!y9RapF~uKdEEPN&Udt0o;<(6FYRb$8%m?C
zefMXHb^O=Oy1(D_m(8lEbvaIcnxTU=_Z@SAV{$olDo*j=S|}VgO4HZ}S66%6`uQCu
z#-3B#mU92q3N}qpV_V@h2L%b(^kM28ZL^?qe4Y}67vk+rytRo1?QmUPdB63`R2-U!
zw)rcbmm88LX!Z#SU2iU+babaDf6sm;9;r17C{#`_h=MCU-=-#`$zK%LGvBFU0Xf+7
zzUbzRJ*@)*q+O87y5`<d#H2d}LJ$&hfE55Mkt_G^EsvCV-Mo2|;y=lh><#A)fjiLi
z-@cueIF;Bax6w(d*Hc;AZ1hg`?L>~QX3V*`&%MR&)=+EYe$xzQCoVGO<m~Ef`9gB)
z8S|-gC^|IsgSn#2wti5{q-gW+l+v<!F(PPXwP6RXG7aeVeIL%yI92FFty|E3Qg$k~
zeQRlW)g8LqPxu>lG33Y-QnC`?J&!IX$eVEX64W$(jw6rTO8*!k&yrK3->s}jRQXl+
zTZ;(@1u5UE?f;(E%_be*bacS&_Xj#@=*HUH;WQj4+pZ@42M^+dselRk*hxkfMwJjo
z1r!M8(xq%Aa8Z!L?hHOaH|Y-3BPG_dZvY@-DS9GA7n?0JFKGMvIMj&f^=|shKTl78
zcA9Rh-xvENXm4?f7CtHwOv%hj&$+(0I(KDZVeMy?ZbQ@(nwgDe;Ucm?A8Gq;Pj0R@
z7WLn|Fq3lrlJ!iFT+6^9U7Lyu5(tHGTSt3)4J`kr7Z#)HYY9RGF28MK6QA_r#cu}}
zmjI@Jg>v60LnM04(8DS><msIeyfGNla85O?pn8w2Xb(K=g6gD0I)q>$pg_>LVAvY%
z{Sd{LO1yHrY0bm66lViTU_8(MGp&fv97|>gdP?D9OEn%*@!eM9^FQiH(mV&P0lX7I
zuf<CgPDRz1OBXPC?buv77OQ@qn4Dbt_pe{2z_~%;+zgEzwwBPTprRruQN?K@pxO5r
zDqjd_rzf;hp4x-u{PuV~3aJX``q<2Y!L4+z+m?6m5%qf1B3Cct!RoJ#^=Sc@apq*O
zk6n`~kljVt0=8f4O>=PpA<Dxh$7&9q<{4EYcAm>4f)@n^`(}nM(E9x68UQG+K(NcJ
z0G-|KQ?#@%%fWkr67dicF7X-SdA~bN1zI`B8tFXsQF`?KbvZd0Y<LUhjH0Pmti14z
z8zcNC_|7aWNYl(aHH(qbElB|9NMMJChGzUdfIGxO3=OXZaA=*KGi49N?g%k-FONrE
zc&9oA^&5h)up~FPMV?v3S|phJ`}@Bhd%}Uqv&Alw$$zKJN*D;`h)~ueM-tGZBP^UK
zzBdPuuU^r6Zj)6hv~I1=0GtO>WLe}Fw63pLp00JSkPd9+?kg7h)<XpV>n%*~&Wl+F
zHmCaDq5?6bqzf}3p3XOnUMoNLR*nvK5{?cxdrBO*gTr$YZ^Nc#w1R59a`i{`^bo`w
zP9#IlJ1Fx;cC$6QV){GYY*RDw5;1ORs*DoUR+4c2C7qY-$*}lDntLQY66lz%%_-ut
zCjp(AUm6}8OcN)UIdH;^3UCoWaqm)1%J>uhn;ImCm98EAYyt96Pauey+0R2dZo_4A
zQc}sZ{QOP>Dhvhyxh@6NtZ~htTyjYkunLNK`4TlGL6T(r&JOVMx*t^Y^=I6i`JQJ!
zymuH^)PRfpASTzp+eL3{yYYD5RZ?n$osSYccU6H{9YgmyB|TRQji+2W0AvA&(!Rd6
z#1R)i`?S!kR#h{z-v+dDSFd~HC@YH+LjgJ{aW#RDf{cXZ=IHyIW%|g&q~}3<az|+J
zA3nazJWH3g5(np#AN1zh^%ym{nA6Jx|7I|6%N?s8Oey1oAcecT?Bc>@%{!T`t(IFa
zI6wJplVhQaq>bi<JR?&LcR_8Zaq@%`>vce3NE$?jN;tNEpg1$9rMrI}Fy&|L7Es0J
zxD^<h82&ysMi{P)L0_{IV~4xSoSdlhTd&~gMX^o<kd?d~;<i95m5BDlcvN~Gy(mhA
zEozleR#umwTHX4+vcz^#|Mv^C>z32=;ZWciWch^vV`&wU%%bfwPX5+u@Ez0?m8{Ya
zCnY_8tIrfJVK8}0|DM0Owgw~Re-}hSpS6HIV@BCxu>3O7kDoKcDbIZjJa_9bv;GIT
z*AFfC!eo5E;Hf}iVJzmwqrEy7f+dez{w^2`21t7d2_Z;*K>=OfTOqJRcl*(T=d!)M
z;rIyr8&hj-I$wUx)=u6CXz7RuUzElk#&yW2FKO6-I>6RLm{@giY5Mqf3td{D%h7$-
zzR}NdUsyos`Od+^<PB%zCxwBqIOMEy=EqCG^Gj5C@zwzajxBP^F8w4VZz{GQ;L_cD
zb3s-0c3(Kn+C&Ln5W7577hoD)lLBp1TPv&BbZjVaV8A|I6coY_W+y*BUSblt`-}ov
zf3RXXv^FJCfjYnOizLr|neH!xO#a;d^Y&JwENg4qTXu1yw>^GvG4g&4tJ#zz@F5dm
zhS|3{TkmyXWCNLU5-vYAo|+8&@S;Dd59(hqbA8|{9dNk2j;+sgUIG`EZjuRZM=_at
z3r~80NteXV^xq!dn0d7`9rG}w$;wWTEfzI?I>aI=|LpTKYKGjkIc&m)&YOH?fd5`u
z#q8{>4-RzuF$_0m?zjJ}dZcnrl^x{y|Eav`F!7p3<N)Jz|D}Y^bstJhUc8^5Uo@M9
z8@u1w2m5myo16FFH8%^id?A&Sko+}aXb83Umsehk!Sjy8)Nu9m7>e%aHm5Ry;Hjaw
zw7E<zCN00HsP`qm4c+X_6fkK)l&mj`mPMRK1nz<1pYQ(G(hfxZ^O(GIRk(`E<u8GF
z(C3Qh6BZY5#6v)KG9rP>(w`g(r^w9is2N<o#c_T2D2pwCSbqH;d(Qy$D|p8$3^aDD
z&d`SfjWC^*jb=lI3<FvTFqPH#1eo*rKiD`?fF)wjo_*Nc)@BnE9j(oQ1Y6XF%Y{<3
zw4J&nVrHIfH<o)Uu)pQ!mn1gbco0c58&{C8+{ngEe?El-zI|)84}-5mtP*Zb7A-S0
z|7k<%Uy_iJXazwP&%xwlDlmD2i(XF9uA~UM=;%*eOH2v|^3=!$LwP84$y;o{K1)cB
zQX?V3$|<G{^4-9shK~MbNlw1el#_E*WEfSakxVE#g9nIQt?mProsw72j!8FpVh5+Z
zyBAv<LBDtBS6if1b#=ABk*O(9wcq0Dba)$9E2f@*2Gj;F3~6Mspi-ElzH?Yowr{wQ
z1IA+k&W}A<Equ8L#r0IZ10CPN?x$1+CMG%P()}2OzBYOJX$58dFgJqW@I_`oC!es4
zWx2~wNd}}JJlXqmZ<GX#OT$e~cWdexbzTdzH=&hQW^(sb$J^?lJr_T05c_G;QsUOF
z&XzFs^C(;@YeEQQO|`HeHBBxdHd1Q*t6)H7K~F?PWC7$CULeBHf35OEE7%BVB^X&7
z%rbZQ+Tdg)EkI>`LP+^O?>QHk?T4^z&RRWw_pZ*@2RO=<B=}&dAZ<@ITKKK3e4iQn
zt?l{v_=XG3>ub`XIEulUbVoHwXJOc~qtpg8O}(DpqH)i;*;gxEsY;B=ON^iLgZHV;
zmIF{72Kvly+?R>F4GpoaEJU7%z7uNV`}?3dUXpyUl9Y*MR)`TOO=&)Mb@2dMR?B+o
z;<eqwrbl@G1Pau9FulJPc}CD?O7X*9YHII|!T!DhrAqV>ULW|86i9hqAC(4VCNa7A
zWGxWcE1UiLCfmo?cNJVClq$YlyogCZgI)5RE;s}HDYE`P<*~84lF0dvHmm4l7U|(a
z6|hgq>dY5>aqHx=4H$=UQLs(n;Jk8m=A~jYF)_IS=}3x!j;=ffHo1B|1mp0Ofr49T
z<<s5W-NDC%6gB5*BZ8q)Wd6I>lzL80k&!7MifE0SI;pn@Ko>0u&E-zMvv)^JXF%lo
zES}r&J#n9#H!LhIEUYd8Ho*CSkmUaha1H)a_^+=G%osTKOa#$+Y@Gj*tv&e3I}uP%
zS7k+e0lJxK_XSHLU%d8e@)QF@bqQ8=;J_aq9*#h-o2HMO;;g`Ai9VN^;KQ{^j*lNd
z&Z>ljj4aHCJ}a{m1jUGm^Qhjy1w*NsN=uno%@Sz(_t}U)k?~(czK;9q@QU7%_73uo
zq@UWJ>D;heZ8&h*0L!!;C;^2mcvYxr&^~VH)P>Je!0>2{^GLB(eqo`DETS9|Vuc0O
zY|=Rk{dt*C<?)o1#f4D;*Se;iZ|Ly)00{1+f&ys0fxZCloDaC-0|APcoDKL1JXnxe
zTqh@|482^>n_#Y$j<Cy#pJAHo>G%b@f#r2;*u=ch%Z*5SijqTb>unBJP)r*s*!-Eq
zgm#dxDqGG6e+Led-IU^<SJBP{dJ>?o|KdCR*Iy|!?i5X|9`^m6J|C+Ncc)zG!QwsO
zB{=Z|*T~LH0-OUmiKtmh`{~~^9|6Rl93BdjdYt%vNZ&hHoi+kBB9nl;%{{W9z{zu{
z+N89fM0$}K9s>R9bOvGDhh~id{=Qg}-$3jN4UNH*%Q7<l4Ox-wm^^!sd$;-T|7Gw7
zsr^o8s=t^U`|`=*DZ<duL>?`x&+F^E{`1$7K&)7$XKhL|h9mBC@$t?C&Hb&s!`Ck>
z#2}eP;k;8*x*9@3FrcSb+&PLexQidxHd)!)(xZ#ta{b%e+uOL_yb2E=Cxs4XIG2Kj
zg#|q=ZK)%4dCX}eGR`8P#Q50PjBBN!kjSUw47H9qF&psfG`3FPLyP|WF`$>lS7_RM
zOjH5}4BorFLqmM~J?QZ?10!QiBy9a0pJ`rDEx1~3FOSAfx1&+D;+9Q;Y#?$s`41?~
zn&c)UdkWas2i&`Al;bsZv<MJv7pM|0$tJscHM}+NV07qI?rEvxW2T7M*bO@tNzZT!
zV&akPqN1LISV;LuAw+@t3s6xv1EuHe<>t0V2Tgv2cx|KE^Xk<fe6=Kb6+%aAN`ImM
z|9BupX5QJkpmdGn(;bQ02mJI=%s@;@N=k-A(({h_?rqG-V7HYh5jM6MyoHI!qmPe?
zVzjlioN-@>%`kz^2Bbs^wdOKf2|Gb~5_sv9F|?;jtXE9c-@TjZk=>tvHxJ@LUufw;
zXPRbEz!V260!3R}+v>hPw2xIxOw3LN6Uz?$F0Yl=uBjH9ogWn(K463zI#BBcpe|V&
zfQV61)7P)g!{G6;jg8cU*MMtM<|?*o2_*yL1V?fTiUAz<D}0pqmX{~twpvY1O-PgF
zJAjxwRb$$rL&L#+a3lnIIvLQ>ZC6*eqN$DW@OhLM(k)G{I>gHXD3uJU;Ix+l@d^Ll
z%?(D%7(_|?M~t!OCI0l87S|<19u^r!PIveJKzvchAtx#*`_AjSD=A?xdNP2uFmzIG
zlYtP44u)Zjg`Eib<ucLEbL$o}7Nb3_4gYfC|L!89{HX!^3%t4dHC>=3Xb9~*he_vZ
zMiiAZ2=NHXAM(U&CZMV+6Uhidd_zN7L4SMHP8`AdnoF6Ptyk8|=*7jsNmGqK{eSiN
zPT?TX;s$}M^VqM|)zz<1e58+s0E?j>rJW?<{;j3O`ae<TN3|D9fvr4ddpWccvS@Zz
ze|-F<`);z*nF(J3LEeH;cZ!pf(*^va?n}J}7@>z<bO&2UNA7rNd_vk`CisVX)^;Y0
zg}jAQWCGqVY<x?HaMCeU*tU@x&}^N18UeujI4N1`fy>6$mP{6Q+0{d^@k2x&6N|FL
zg!;X{bQND1QjA0<_xCp4J`~HZeU5|El}U@i6hCYwP8u&K`wzUe2-uqug~jsw^o)Z_
z)QpXWCYK%??Fg|c`=XfG&>-YKR-{x|sMw*M{C%Pz-Y5e@B43dv-R#`-n%s%yOfZSM
z?;3(wT3S9Uhv_YJ3$$4cjC?WS;opL>OVq+B=48wahxOlyhs4!}Q2TA1XXfQ`J391+
zjd0<1OG`=b5ItBlem0WX-&sX3KnrLF2EG>C8-y_!+$MN?`p#V`GEzbqOmhJYi*h2^
zpv&`Gnt=(<EWkwgM0(KJckBI%QeX=@9|ta^skc{P8ng&YFiNCjUnPyf^kZ9b=?*~Z
zW(Z&~w>Nd<jyx41?<134Z<SuT*hfeW7uwfIXDWw<-hLEC(ak1#-ePMP+j9btcQ^p!
z$|73BYRbxqAF-c^qPnIgl#qz1$YJcm!YKrlWbG5%+vv!`;*<0sTsXQWF!(>x_)ril
z-LW;X?-mdf3z(gotF(o)f%9*LM6i5(PU0d!0xwU`zmnifRtA*}XoIkuyUfX%=D|S)
zV1VA_&V(r^>&KJUnc@r3|N7Y6{L9qT^hY9ql59upkCsP>-2i#jTId@wv$f65Th@2)
zzQRG^s9{eW(Qtv%KQw`d{I;>PPAC(W4me>M?MZ>giuYXdhcdgK<1(nR*eMd=#~Z|!
zx4IO)^}aiQgM))n>?=`$QV4`6Yo?Xhfbfj@Om^QG2E;jjSFget9u5L(A)#Bhz6ZWS
zU%e`yot=Hn$Quox2UKL3bjH?!fz5A#tHiNxEO34?FuAeow!8d;M1lI7$yMkMR2<F8
zjY!<P=url;_OFSezQDB9eQ9Z#PB)3<fbZ}ayH24DB6oY=fn&vtjL+XH670~=NQn~z
zz`bdA%_k-fRWxUb?NDxRQ#pS|`GvfW|50;7hiKG+GblXV;rzePgY}wF8-lXl%*aTb
z4RL|j4cGv;u1;Uf4hZ=XX<xC5u9PUa;slY0kj)wz8d_)!LJGQgt!v84<ycIsOCjd*
z`_lmy4}g8pDz3b_Hsw&yo3KpuMi%?g=Qyt9CEzXrP`C>VP$OwT3ICd$ob)}|{u2c>
zWbW%^+K6!VKiGHXAQ7P)l$Mr;hfNO9nm5BoAQi%yZMq=WSjj3U%uB&^yo)CVs#S%X
zYTFMc{KaPgOLm%>nmQOhP=;MCf&HOOZUYk{SW<$P6ha~(L9qVAaDAEe;8TWA-Jf#4
zy@Kh(rqMCR*aSYD%Vt}zz@@Seo6B5AOKk$;>2v`1{rkCi`ymDV>h0}Kj*gBV$KuTY
zKCaXOQ$fws8QEF4fATk4!X6^s1o6Xv3H0(|5|Uz2Uq=~LzK?Cs>+*^KyL*d<hNiH<
zq#XDTpb*;uEET&S`~9A4IIe03j<}?$oluv913`egTArVu_XkMp4EC%cc||F(Fv9<S
zt}p*}TI1^Lk2L<(4g*9~*!KmckGapuKp0ht&zIB7w@UF<LNc$sL&0^E1h7*l@Kg7$
z)(@Vd(RIF{siTuxw19y)S)QJr&PdK6^c(Ee*r3G3l$?c-lfb68I`WQa1sr{UrGw(6
zqQa~1DT8qIwN%-o=-E8L>SN*99Y|SHS$Wdj*_jU`Q0YeX*&s_O0q<`jY>0c`Jr*9G
z<AP4o^I*~??`+O~oddS+Cj|wCMGZYx`_nr*>OBEI8`}bqZe#QQf&b{z4<DEx!be>}
z);<!kwGt2z{23e^jJL1hgERdTyFV6T*d-Jim`n9L<G$XBg(2`qgf1W9%Pk-x0~R@4
zJsJD=;Fr4dS$Xt-e)qrgn}5&8evtp2$A@E||G)V7@N@sq<B!<{r@vOX?P|;+@JmBQ
LTe(otGU)#Re@fs9

delta 59513
zcmYIw1yGgI*0u#mD<KVnG)hUQ(%m85-5?z=NH<8gfRwa!OLup7cQ^c-d%rvXnK?Kj
zGn})}+G{<vto-?^WbIW+q&UP@$K!TL8-VfkIi7>83BnH&l7MgjzRBwCHMC>v1;@9M
zX4mK4WIO7OxpiEb>IRZiPvKEZV#q3Bn17SOh-qBEU45SMLfpnt<@>?z3}U>y;RX^(
zUxMAhA%#x42z-D~TUkIJ)2OWFnCaC%|F9YFy0<X$eYuY6OLIKz#r}M#R95vQeK=qu
zBQf^TQoN1?tyx72o|(mcl~7y#(L;GK*z06!-T*-~K0a}z(atFQ<2TRDvQ+d+BhMKJ
zhckS(h}4&GFRY0fN{t;zc{md5=hT^SLqC4_(7JK7+)C(=N^}v=VgKik$Nh~-V`F2W
zRpYgxL~raTaqH-q2q%_E2<;6#cv$SIzGS6s&F78gy?(~PX}wE*B|09CkUsocuqve~
zSgDfFSuH`LywUvu4SxpdK4*u{FY%r3MC+f*hXGm5zXz?Q+!-^GE{%Qbp^2<UT|V$g
z_}nwknz`%BzdK}Sm3^j@NZ_-SLOGU|6|`-lGHPFH63deNot@1BeQWY?_deg9giB0H
zGGet_xZC;X^-|i$&yPGlUZhGJZIE_Ey2;1KN5JHFDwYRL>!!Co%y<E9TX53$&eE^c
zq)!r*s}~9u_&8O9zO9wd=Ok$!8bi6iZ^6W&o#XlE;e@!$H*F3HEhCBPR~uJQ>ydZ1
zjG#R(G$f$miV?WFLN8&cWCK+C6Tk1x#Dr<oosd}HZuFBFT}<)&cU9ZLdG76*pN{58
zS8=%Ce9vzW#zHO9sB;jibJ(Zti)Z+7Q?r>m%Jc67@o_XU*?Tnb$cnTUaQl8*IOXBY
zel!{WhON)ZUEa2Ac}!O4&XMIEZk6AJ=A&j=dQI%d5cFFq2(3r=F#Myl#_B{1sZ3#!
zY8s|{gh#`_bT@x&+Q}d4v^n;(l_5#Y!BX?JIFw%kPqdYb37h%--f-!^#trrR?c+mo
z80j<hE&BS}m<e|}h11dWaItC8?D64VlboEq#}65A;q3B~x50QgV+;JnG>#!EB6s7d
zGM~<r6iUPJ`+;fi`nU_1elX@*;IZ=OW6g96@qOEKHuMjc8{99nk0eSeF?q0bns9lF
z&UTMRcVTvPHD@L#^5|5Tsm=O~%qdTOD8v-1Wxmnq{hF(^)JSz*h7oGIV`MfJDO2wV
zlOWFo@1fjsHa2oJCn_qX|2R|Fcka;ZrMi?9Ec7K$AyK{2ZCa;4kr~BoqF~!ZM<;T9
zYs=~SdNYle$7mq=v!WXg8XAYN*cVdp5c_cNlHh?5{!0!)zNV~Gdqx;D31=9KT?Ix|
z_-j_CEDeJ?_tkn(Rm^rU@*;v_<=>yEZ-l}_RTUp!t@Wr3>ta?_^?BLK%gfi_-NmEf
zLSm;ZuqQ;3Lx{}%{m1Y~Z4~rxJd^VB9xKfVc>26Uke>bh`}gC@>T1f<bHVkHTQY^i
z{-E4yk;h~pnSJ>A^XFChM`)y^-+#QlvyYC5h@h8KtwkJ9&lg?ER>ng;Xt5#+_A!`H
zUXR)tr<j!2p6&VZJJaCn2!ni|EH*j?g!0-xKkzWt%H8%wxq1F%#F@|rce*xa1wm1k
zu?BTixA9yC3_pcr#-X(+<E=?ns`pEGKjh585*_0)(}A{5bd87z(vJ3Yxx67`roU%r
z-)HCR935vGTpcOo<wxD%;QaBxH>AIn8_O0H78d^fQ_Rnok@3Hezxo;qdZmBO*+Nk7
zt9Hz6qOAQ0Yoj;am{i@(%E0VaK)s%c8Ar1zu&#G-xz2hcPbpx~93k4%{o4AHPOD;T
z!(iF<ZEg8pMaK`J5B1s^ExuUcVz&($SuvQ;-EZhk9^6c4XK*P+;Pt+c$F1%ydzJaa
z>1lc-6u_afIb2ys&ROk1S>n&uHaC+r>zzuEdtzwtiq&iWR%K-w817CK(uLwO?@X1O
zjP}HeMMcoR`29+NkB={dX^x|{3#R4SVW*7om};No*dNflf||EES$!Bs=MMihM(V8g
z4r1;oQlJFIrcNqjXvs&4h4?bpmyXaA;`ypeQfuwTh`}c{dh?(|gy*n%AGarUc5T0q
zbE!#~d3LuF_5T~gkmwV0ek`pZ&(>AS9iqCwV2=DQ;E!le_o-{$HhFG7f!+v3)5AmB
z!vakj=ADw#6%5QW7U}O?c{&YhF`+O59*K#U!?ke<2_`sLSet0zd2+K`oWH-fH^R-$
z9knr-Ml_x$pHl}ZIwOOo@qf)@=4j`+WXjT-PPK~^QugfBSMQCbJ!C0@{G$1tV4MgC
z#ksr6)5(4Y<ODZQY&SYR*cTND9=ET}cY^e#v5c99+C<Cys7~MWYPt3GdERjmyC<b7
z-?<ws@XsPn<SMSj_pAS_N;}#U;ZfQ6QloKyb4CEMgvgHO=#d~ti${C$k7l!l;I@0p
zX3FF#B=a~Fbh)lcxN+fD;8v)9k`@;)Lq$cc0?$MBOrg;Fj!-<U-SK?o7B#B|`?;AJ
zRny6z^a%g=8GYQt`?@srCoF@lkUM?S*m_^RR?ktf+*{Fy+(IDu=i{%RaJ^Pq-sh0k
z*M{sjCqEDT2KRCKsy6NI3W9S4Mr>A|-5oZm#wAYVe(fyMNWjGvLl+jFPu5yV;7^ws
zs?-ynaoFp+Vz+aOi2Q0UAP_ls*gvN5?BwLcRK40deR?EIJn550ZMjvUYQ+I3JG%xx
zr-S+4)$uBw(y@UESL^>>0DA-IsBdJ^Y~zKup=V9Z@=6}kfyVM+v5%Elab$RHxbWc{
z@3Z+-tfH-sHt)JOW#WCW=c|9)=Yf_c+8c|M#1XSFxJ$Vm8R7Jr1`qGW%^C48X`*Me
z6ckvZ_k_GI(aC$}&kh!wv}iauYAwEh|32${x{<fHzi;L0>YAojqWv`*s;j%b|5Fbe
zXoN`hJTf9;h`@BbiTemm@%BD<cFIZe4N*r<IKAcFCKg*gjOir$Cly9^CP#1h!!5%N
zeyrSaYjQCKPATD7b{R_p3rX$8Mu}ur)Ljn6f}m`@XfZM)#2F7JTx2jQ09s(O9Dbo<
zA1C60U_6omBdJ=heN+wEP@bNO284e4c`M0bj}R*44F>aEwN2*2BJ`+nc-ZuK@%i)T
zUW=J>lO4N3Zmh?RB&&|e0u_0U@k!$2Gm`%dy;|aH(vPl)LQS-)KT_?Bvi?=sX)mB=
z%y)j1&2I~}SFAL(C-`VcQIv`m1LGg-mnJwYG^5BMLs<6m0Ln7cpjM`|Hd#!Cx7!$M
zJRQA#d{6N?imbSyBj&}22EGDwbL-=yf8(R*SkltT^Yf(ziupkq(a-1^nA=-B;ZTW)
z$Qy2`akjTJG<N?z*F_;*yXa4Pwzjd62xehXdyU<us@v^;)l1XyKlY2`<IDy<(Nx3y
z{wNKq?QvjgL;t;bwZv3XT-}WxrC*SD(x0pM>!o3!Y{pj3FMMSSR5mI~MPCe`EBF)k
zn+*$nd5SPSImU%hfjW2cRbn0AqNw6%rGXrOc_<E|GrP50lX0n-6s28_yEp6^5&O@`
z(QIN?XO4&RKZ?`?<fPV&)Ipq8mNvW}yj^i{=9(baI9JERpOKneIIf_S#~$tl_7_oK
zn@k&qg;hJbtn6%y)`bz6jMdk86$`BBn44Q{FEsJa-(JGKU*DU~n2x;4rL?uPeQN%$
zmj^0D?6z(9U6CIS=o+sw{%AJ1RJpmkqhrykW6%Flr1@~yPA;3`#Ni<>CL*H1?c3c}
z31P0BlS*hIg&j!a|CH+L_gfG4>4}C!6opUqf0O<TTU-`GC_hBefctuHXuX+@{d?gy
zhn_b1gm{d(<abGFgsm7ULFZ*K<oaoh{&S{$m8FDAiKkG1BETy5Khxrbr*6&#h`73r
zKL|TnA1<I1NM|ZV*&g6iZ4Q)L%yT@$g;-2}IDUDy@ceoC<#|?iO${wyTrO$<Y<aqK
z5(`oaQy>7eE18+WYaVo@<S%~7<zY+~Y2-KQwEErPv6ycul^OOYZ}cZ=5wKY=9m62L
zBaP=G6Rq-Dj_}Y0VBx!XvFy^$%dRg%&B7|%TD*78Q`G6C`V!o0G>hoR-?z2Kp-2V7
zP}qkDoRtf{@V71YcgwN)u>H+h=+)o-h&K4w9JW|%f_@afI9T+GPs!-t*)S*+H(<o+
zSFO;!DmOX9Wy&41@40iMB`34lzH_Ec;T^0HkCVysQ7<+L#RcHEV|qSi!qPGxryKdI
z#^)7J3U6AlsHh9~U`21-biE5Rl%!mo?U#U)+Smw2$Z(A?>dqA2&@1^2Z05ect))$2
zI9^_-eddwTk)WTE@%;YPu4+y*Yiny`5)u;MpPuS}^}Dt4@RC9*EoR9F0VMrnwb;n|
z=ZcZ^&vUsKB*et&YJ0c{kZ(|g4c@~I;m@$v2<2abYWHnQvb3pwh!Dk6zv8%KwPpfb
z6P;g(S_|gAPE1~>$;L<6ra>ZBbvH#{RWjJ_%$B9^V@;ZbS=t7A{Nc}E#<MxnDosp~
z6^Yh)q~yBa2Fz83KOyD;>N;`3BAKCjd$VM2F6+~i7G5@N#QZ<9v}*Xce=gTnZBA_M
z*lQi>gf9;S0VbG%8o3)AT$U&Eu|n0#>5V_4wU-vE#r<mbhR5Z?4i#$kZ4<~q#eaXZ
z^c784w`;JMKXbV2V4*?ncB$Dr6%Li~jER9kmc@AJegEL#;aP@Yur4mMX|z0OPC9P?
zZSt0sA637_y4fj_;35O=GOPT<j^g!w&5p#q*vb|Q6zLSLLupiQ%v5sXZi76Eg}8a}
zx5Vn3;jV1O#s*mclK+%O#z{JiFP~R_99ER3drTz(M|AZ@$9Vo-gCTO{?FD8<zQU^t
zv3BrEX-Ucd+V872I$vtkqGEq}eEY$8v`E7@Tv-KN(Q2Ct)6EcOQ)c+mQqs1Lzvjof
zsvMlq=lf9BqrH(VvDKe%y7U?GHPo%Y+vtGWS~E1V<6``49DhG@efo?tMl6a(xrj-<
z&cUL!!ff(_o|(D-5&-*Bo7Ij&MK^dfA)jbZ5fPCsSY@q}^5+zXCxuOkuOJU(l}qhD
zzGZ4lb0+(D7VK(qtpP(P6@Kf6!4$iZIyX>w@kbJt)^m*bNBQfYsGiZIL-#NZeg@XI
zWyF?gxen@F8XG4rC@4tS>_2tnvyBNTwN6*V3my(QZSB5ada_b*CRyxGJl$p0x*7)K
zIkq4ETZ=E-3k)THz@i$S?u>JA8X|xGtXgFeoS#EcvA-uniLqj!3y6)dj&6&02!uqN
z%+7z3@L63#jD(l2*!U4KFz_QbZ))>u2gB-qmHoRoA4~ertT~{yeBYTseuMe1#i4NP
zC0x*k|H<j8<mKM<=<^7)H-RMo1s<$Swiv~KK_4r5^lpU^FL#$1v`w=guc-O`HLbNj
zv>m)Fd+x3I&O$6aDhW9!tOW|ZZyBE*c)m0C*{vScjz-bREJRDegD8~7i1;3t&3??v
z+>hjXtqEn_c_!*rSt9fC_Cg9(dODN&$nQRWqUnaD^)&bFd=c?Ab-owkny$#9LV9mr
zwqh+hc_&R4+2~&$P;f{MM!ezc2uZI<!XwXKk8@PYS5OxfCBE*%IhcnUf_-B!W0jPc
z%xBI5S0d?=?D3f1mq1X)#r}uWX74{J!Yy5q{~_tEHjFP=+)*p`btWc<hPqtqCCvhA
z0_V+i234;ti$uh3q|g|fbHW0WX4{NQES?cQKbm`$yQsir!%LuIU)o9Z#<q4{l3YRT
z+buhihsteoK&jm!3nYMr6umgIAV&(Q#zHpoha73TpQNAYZp@V#85o+oTVH|+JJ--)
zvS|^&qYXaEh5HBB#>b_Xm3I%Exc2StTR@Tcca$ejWA9PJ_f=k4IFTcE^{bzcY`RkZ
z^>HgIXma+EQ$GM=lJbWAtyQPgJ}ip;;lG^;I>?5avk#ZtxXuzNB{oAux5dB-Wr(ff
zyxwi}+#+}b$v7E}<<a~MTe2A{aqhnDUGodM(4tMHZ7TLtMTR_JKF#v^zn2|m7>#5c
z9Y3`$SPHC_K(Vcf7me)wn*B_$S-3{MzF3B<yhyunFWr3&wZY2d)6ANJn5<V20y<_c
zqa~DFXf~PM`OixtnX_u-<)TM(^W8%$>hGK^Mbk%rSxSs@lSveC1T&5YA!`08isX{{
zGL%m1DUR6mwxqqWAD6cl8Zc*?)Y5od0%=$&{Clxztr@5S)mSax$8|^0U;wtTX3Nf4
zlZ<O<I5k;Jr-_UkP5thDy4u6H$`DK~4@lI*(sH;`iIC8zFSXxywR8GvTv-u2#i#Ut
z(24^6;vSyB`_cYEDSvs1{IwQYYMcK9(nO^qo{?a8@7tJ=)mz`1UmE<8-<@80ddE^!
z*zbHzLTOnlrgpNvd`s6Q*FEUF$ny?9SooP6y((p7#rW`&)sC}M#B<#9Ca7o^x8myC
z)%B`Y{`fE1n1+rH!o+gF`1y#0bY>)9zOS5CR^<Ij{=qq$=vuMv_ctF^DuS-{I;=M*
z3dIOo%fzw#q!I;Y!w5=CJ{lz@dp*?<(cRtW&TvA5?VL1Q7M@1+TlY$9;!~cx5_Jo6
zvdEN}_N?Ee#5(Fn$GUQ8&}6Y@p|xOkb`ARlGOqUGujl8uEWg1`kvceFtF4x4?Gu^h
z$$#tmc<o=j;Oq~F^Z2lszgSMizcJ80-3jN3*qQcRkULQ9e=v?3-=XO3DXIhV@`=i~
zM@;>B)&=6zzif_3O7)0JEK9@4hHkK-YH?PJhP3qO{0)9kPK?8YF6`Qgit$MH)h%wQ
zF%hB`*@l|w_}iZi29*4Y*oWH3Bbe+784aHpCHkC5)5dD+Ju-!SLU3A7qsWQlb}Mnm
z$A%-<XRA(kC$-Af(<h=%p2V3`-UsZ2Fuf6GLLMHsIuGu*oQ{9>R)t6|_g(d6?rc_2
zhz#Yd>F*(-u(m2AX<QZ)K5jTTLY6<Hx#M&74x#y2bhgZ7zWG#C>KsrifDFGi>imR+
z|JbolPpgYcZHU=2K3m3Pd6v;$=o^LpbXYZYt9u7h-~z4%nNn9+XiEtRpKj+D+j28k
z7$;Sv5D<Sh8X;!GR<X~s6jz}7?*+vB3w>_yO#aBQX``Qy&3MQ?;pE@fOLCf;`vxhw
zs4mDe-FT7U;%<E`CFR+(_s>KHzA8Ll?Dr;YO*i1oo&83Nhb0{xBz0qNqd`2H9+Q(x
zBH-thAgCz(NQsNA9)JZKcnn9}bcUz>W{0bh+l8KtDf%Y#Y<J7jK(Dpes!6ix?FZ=U
z!5fwB-CNnBd&|Z8K(WFO0b%$6q0D74^w!olbai!q#8fcb<FSl&mjc}7@%1Z!Ns-Qv
zJaDb8(+$p_ZG^)!Xo<JwsAKLbOfjKCRhWS3uv!?!0D!7(_fHH?2u&v$n8dPv+QGvo
zi;FBBGMhb<{bVv<X(7wEvUVT^d3S{7e-zSN6B9!q8c3BK$&(kH?fdv~i_-w%VUSmg
zxcNCe{C}C*CpC{BLWS)SHT=DQ!ZxPcJ5UzBQ7P1e+sTQrrnqh!Y5tvv{AV~W^W%Ju
z5&`xpEL*LzXjgkzHH<9hdk%a{Ga~(%Zhe3W4aY)oUU6L}d%d`egEk7)%C080*f9tP
z!ik{1a~kFHqHuPn2%Gu3&-yC@H=)>GHG=Cu8^P;0zdKh3_4DBa_kHB$&eZJcNTd63
zZ}<Ftppp1Tv+<0})4|c(>rGK<alOS#i@oW;zN0oaSqGU)dDS-OrZKl6#vj1A283ZH
zGb5;SdMr;~fehLnD}1_ZgKMMru8s#s!*exlLIN0yIT+;RXV}a^sd^pSnt~k(XybU`
z6ev?TS>K=k_>N8`%WwzV;)#_%7*WHrW@|&>fTBns+CFUD_P7|LrfWRg{FdX)=fZ1d
z)0(Rm=VKe1EEVx`Np4$mDAnkzk&cO2O=4n+_|N`{P)vQ`BpK+sSKkk%+6Gd53bmxq
zn!U-C;J;jv-<=(I7Cbz-!iM6s{<2vuDgCq<q5vpTfm&rqb*sO)hTZ1GClZGPQr%6d
zFA5~8<tE-%gQ;hD3@>hP&S^ZnP<7O*XuUf_^^U4-<{F)&sy_&`d91w#y@~96B#VNh
zk|zS{UjH^bB{SOcLv6A+ZkjR9W)me6X5b>f@!GEz8Fz^YKLk2lDBqnL-kRM^jlQer
z;?b&(m{+U(MH}A~*{%PbklvF=K3iMQN~`^?n1YeM<KcpP(;x2$dK4~h?oJ8{3SR2!
zB6_dQj@A<Aaka!#6{BGp8+qlfe^}|e+ViQ<hdb7(W4w@fy5FWWE#7q{m(n)g<`N_I
zHPhCY<YQJ!<B`#6<@s;w&~+~ZlAMbPSH^!iD+*_)j3M&1Q#*vy=ZyVmX?qnel@iYc
z@kqgbM=VCFvRcsZ><9%%sl^m5gG-*B4aC%CA`F2z&4wVd58yI1K#%>k2E8IYcF;!P
ziX0^dxKs?<XU1U4-3fG32bP;n25{O6kdg_9<CfnLNA;R4)G`;PrdGSSjP#6S&eqzO
z0vX(RfIm;c_Ws162&3=UQ&ZY$4^|fwTLA>zAT_fxh2ZJ7!oiI$OkPIf#N~Jyh{u+A
zT-!#A84R<qLJ*%}-!Bj7bYq=oV4=b+SfK>q`dcE6PAXY<0C)mPxVX5;)qyOizl}zN
zhs}X?Bk|_%Z?thle$w}Ep;j+sdiOx%$Gq2_7cGZruNQ;zi1^Sc<~uIRqY|FmxDp#;
z{nmK<a!Zr@-*9U+jqEgPTa&v2wmQ4=#)+R~B0WH=u%UQ4r;wK|f5aO+alljeZa0bk
zGJdWoilM<M-yeDoOoHvL!@=PO*Xa^n7?a83U9KX-Le=AwS*z7)LC8*OvRHljyE=Xx
zo%#~!R_cw`UNqg^(p-pgt$iWj2Zvj_1HtWH-P#E%t8>j-k733|_IKRZ?MLN}a9R<l
zxhVZxnGJ~-YjW}0kbFuJr>8CyGJn`-jiuF;uyk-3uFNhfLQ3FHdKV*dk@ZR-g9#wq
zjDUd@&TugaiLrxc<G<KL+|fBMnI&Y<YMbA{i#S)uzh?AtY+b!;km#e1PiSq?YHsOb
zzGKE^c;miIsxJA%4C~*BQ2ZMXdyGQk8}ePkyF;ic0t2pa##>q1`V<p3s3S<|rD!Ly
zDQBDT>-A5c#>z{6ffp#DQL+@M<`?2Sw`Y!WFxC8EF&n^R{Ywn)FQUzNo8`{_BxDz<
zP}Tm>F$G#OK!jUhipVLVQc^-yv-lLR<fz*x#mJ~D5>+QANT!WP{oYy3EDe?CEsW)d
z2|@xTYv+@qG&zx}03wRZywNinXdBK-Cgc)oS=Ok#GGA^H-U!&kW7a(?P$}P^sTk>u
z0mU)mRBP&o#?jo;gHUWa&sJ`4X2agLOI4yzU48Yh&9Mz#33ysS9Xolmr$vVrL0lZ2
z?0J^-Q6XUkH3(1PvgdJll+#F0pd}iLg84KjP>}Lt`9@GDz>!0a6y^gK7spzm8KHiF
zUFd7feY1|flqB7FE>r(_y3r>b3&2UHmPZ0@1NGE^GV&8Q+5G4A<izb2d?dL%SpV`3
zJJR*?XG)C0&^LWXoD|nH?TrjUSZ=xir94n`qrYtQIACCL@9qqir?Vi$Q{HQz$&PTk
zNf$tO(~qoCeEmnWl<7M9l10r}S-FL;^^-%xH&>lctAGBKEAJoa@bmg?IFzT=WU68k
zol6Kvu0UY@$#JKI^X{jGG_C|hRM7)Wn;Xjd3DjB?ui;{EcV_&Nm?7S7igt9Dgo3?k
zlmw)DZ-E!K2k|!K@1Z=br8EQGlDbJ_ow-Y=VELnOSBq$DIK-No+-F3}$RA?Zl{Nqk
z;NxMXD(dq(0W#t%RGgM6m9ktF`S8G`w>p+OU#lA3w<oITO5eV9<A55a=Ei&Zie%nQ
zRnY-9k>i|%=B7*fEcZ~Rrpdy$^)aQ+aWlqoF-wyyJd@56Qg7&iD>I6^ije)4mw+=U
znJ7@D(@Gx`f=hN50tjt%P)!yY(c>YcUSsX`D3Q=I-#PEWjC-tb+r^uaWpvalGg>|8
zM)oJdeOG4^cZ;3x%1glfE$iBh@d3Hz)?i%m<;*YAG@mpqz9qyrOxb7C2%qh+nfTRr
zr>B0RN8E8iHU*m<h)`IMt_9+LUEl?c-iql@nNp5Q;XY^M=C&~mfc>+5{6N<m|MDCc
zD{dfdvy63NX{=Pwg*PrRj|y0E^lmdu_=zl^T>XvW;Vuu3`|A#Qh8e>4rd#v$I-Tyz
z29Ho)4@qiEf7!UdbvxO~$DgmO%5D7$R1%9Rdgw=IcxTH@ml}ZexK9^c0=LS%Te{8>
z{q4JsaDb64r3Nw)Pi&WfD2;g0C1cY{71dKY2t2xs7ZGk~ns={oE2tkEH<Vg}TQXuF
zR`QXQ2V08|TbB~n?anJp{b$a70(C^yrQa>4xo(p+X=$3OwrsJc?qS!G?DF8xB14hO
z5l^-)N`E4Qe#<LBQyIQkcl6(WHnL@)5-r|*D(}Uk<$8L99(e}wvXfvswm0vDCcNSF
zxt+dPxVoy=R4;9<{K(9wDOA@e%~vj#>y!fc<8q_FK&$kJ8f$qKVyr*FVkaA8c@pv5
zNwS{}xsH#iy;bwp@*Nk+_Mk!D;5C1M><GMnY;n4CR3hUlh^hnE7XVaQ%i6O8$+(4v
z>-%83sgvDe!P+IkxdwP%pO%SrdXGqB=}4!GZ<p-q94|jVAf8iS`7ocRR#ROveVLVW
zuCd3AZJ_!?xGu``rE76P+J7RItf_cnAxObu$XFnTf?6T~pYpT<qGhcrZ{uZ)?>^mB
zzS%f3S<9+gSgE^QShdArY>?&?r=UozFg+jZYKJ}BZf&%f4MOuN=#!A6)6{>w*cUVd
zf~?8<$`AfB!}x?G`PM!ppq87)C&*?RN*>$yCsImCR6Czj$3;ceI33{UgcH$?*Jb?$
z)}4~uF^t7bMJBY0j%2Uwr>F(>AM!o~Fg`9mrVT7C_|%^upcGOcd5ZAy`EwC81(G85
z<kr~XFu1a$HQq7W_@iKISsydi^U9T{hG@MCRm0;E3H-C%rNq$6;BM0%h3eT0vjF=k
zMBiGz@Q2pIJH_OnTvZKGG*J-~coF-}3+4a>|1APtLLmszwk8<}lp*fxm~OR>tTLYC
z!6+UccWCc~02;e1HOB#R6$fwUb~T$+XZ!JbhG6;mNlTNX)!mODxr@1x1A_*yfs9pV
zKFgwug0H=)1-&gboBS|R`V2_&ZTK7l5~5Jfp8&c=k0eFc3+y&oZnt}v#@nTre+lnq
zVYi2%KbZU*ed!f(aSMZV#OcTYWaeUkm&EFE<rQ-FeF29z)eMX7ofbwNUf7}kuVMN-
z#gd|5tUdzgD=rA;4{tfni|*807kGWf%H)MLgp{16@O{+s=$GeD4l{?pOo`bbJ0KIe
z9}Xbvlw;M2$I0UQ-Kihn2h7pVboO9V7VAM)gLeG>j2kh^xw8CKfB!jJ&XZgW5swsU
zb=EpqnD35fW<^B}Bi|^!N|5l=l6eCl4QX53(dNlIfXQ68r{4&7SWSHl3RTrbBt9Oy
zhpI}teP=oz9=<zT_Aj@!|0E`qSXHEn8jOJelk(!_HU_qcgVH<yme%R(NiBR%w{OrU
zCXz;EQdH*U+6VA^-_d<L3P{)8cR9yC>!B$>9BzHz9quEb0=j$~x{jV%Z=70X1U6pp
zib`2m{bjs&sTlk$<m-;7z4dX6wY{1ffs}f18EUh(AC!%m<)xNT7&LUZ;4+LWt@9-k
zy+=^6LwS7ZIHDap)JU=0DAE?b5Bc>PHBaMl)xu9+_55^zVYz<~ThEL;l#9UgN6<A+
zNaJYaHO^YgAoI?TV&-+%#cbLT4@qqNj(yC(t*TEROujf4`CwYHGJoY_<9%#@zB1PA
zLV+SpeVu)#{Fi6@^$iRR%s<mI5mqMBUs@7y`~qaedIO095zQ}ZcsPq1(ysu7XzRD=
z88+J+AU6OAiT@gPbLnC~IWU}#Hc#^lU}U5z9PK@HjlXPy-?acY+bVgcB43I1&&IoV
zK!6X>^oEU0jqO-~9&{!*`oXX)-Wei%GU6HtIM?@7c#=8eqRWheD-+aIh7a4Zw$adj
ztWcRWMLBUqc;G^0-+z?FVfCUC>fa_Z7u*~|MBB_T?{9euZr-#!pmuy@3K326(GlgL
zg6-N>$f)8ye_?)&b0hIlt!Of0u3n)&C_PlqmDnxD+K$&zf|Nc`wq?43UpoFO6}!C2
zO^EdUL}g4c4INfu9YQHwjXI@m_xg%i0{$9f1eKVx^ure9L1xk0@AX^Hnii$ewW7}&
zm(^<EG>T#rY76MmkcLU1ccf)4)>z$2<qn_wrX?Y^@+6u(oIJ%9Ob&O&b1dh##tM^~
zRYQTzXIg>li_&+zh5%ED0Q(0n6c6spPL_BwyUmZeWc)E|%#GOCYR4S~^X!gvmCt_C
zDLqGdki2M}L#X%iGX87CRecGh#Lmr2gzBHkeKT3&Ds|tfF3xvH$tVMgnw!ga$3!V6
z^(f7ECk&nfJ_+<sa93b&rae-lPK3>&pojVcg71&O(+vhN5L1Xaxj%)XZuTt;=<5%&
zpv%j<gyIQ@%VvUsGI`BTMw*Jz4X=?A0P#_LN2H-q5{M>_Q-$TNzh}8+v7$ZC!;>Nq
zP!q??Lmhv=H4D#u`@H`21(W@c1g+TmjekN@cTw~tXZx3j7iA1b5YZQZO}@s7_|#et
z#<vIA&CrB*-a8GqP}qwC?|qtdDfeX=OGRN)g4Fq73I^(|+zYP2SH(rL`O6Z~5zrtv
z0hR994<N!mALQ;_8<H`dRbq^E;R7aa86YbT=5yb&lbp(w3b%N)pK-&X{QkPy!4dj_
zmo8i*iPcVjkWdPryXQUx2_QXY(}^eL3e>#K<weJMFCt>^pBU;UyWMyG4hL(Xq}vGC
z<$eeJ4pn7gxw_a3gskZapu77#SxIh^10(%6HC9Bz4u|BXj~<MNi<7(81qFr2D6jtk
zd8q#7i;|JjHVY{!6!CW-m%e=aCM!o3)q70D6~7QgE}Jh!kdj)=C?d7>-z0(H7UT2h
zUH$#*_o7iEBT6qW@hGWD&J($guSv_b175AoFaMJH2eEi&_^d!XtMCD;pX$F>KD@Zk
z`5O078!W7Rcfo+a2nRgB$GrE@9#x6ZhsI(~CB$tNaWi8g%2(K8wyvx~BSk@8C-DRZ
zJuiCylZe1!HH&SIaVw9EOdZ%5&%fTSTI>>`Q=6IU?+s2RCjP!Vi?usbLF2vvFjDFI
z<>K@i^r%b=oqnm|^U4fHJXl!xj)2sbFCHhBriR7U)%9L?k`~3s_pRO0`)g-sg9G`|
zxnvN6TE@bc*gTjoE&0p%<#(-cmRuw@R%c)?rIdh>Ej3GQL0=yNLF-)03*g6t^LwIL
zO3j-N=R3pAi)obvoI6>zzn_HZ%<!qZS*vgnXr~qqmhmVnu4K~Y$35v2nl^d*^0rp$
z3qnoo&z4*HoS&MBskJ7^Hg=bHG}@N>52(_JH&S1|h|p^V_<yDI(h@noB$E2FhZ_)^
zAEHKo@yXaiU&zJxx0Zj}B8FVOWJ+_tGHEY+f;E*aHhK2qv#NoNnc-~y?(VqK$T;XF
z1qudIG(~jHT#+XC4H90*R-9&wK<CT#T2eaJI08J@lgmVA&;S)TT+q?cIbdH6(UAHK
zaJy(LNnM_o?@m5(Q?<#W!XwGuRxof3*3P!S@6Y2U)SEU$0XEBCYlI4<vcS2zxa3ZZ
zEU^{<X{EKa?!3LXNAj^M_Mtz;LjkH;E5N;=Ao;-l7PGxO9-B~KKe~FNt<A@o$X#Ga
zo8S@U6C8ARf=JVJwGtVWmRZN?Z8(^n7aZKYO7#?5pnMwJlzdw7BE*q(j;H&0Rv1xY
zA6sTng!-`lsD$&H#5yq|MS2SOwi0Ot{P{8%ImGaKk4TPe=9U7wE0eh6++6oueD>Bm
zE7Wpzh}jggZO`Xuyk!?wAn9AL1If1WB&MmVf<?$W*?Khg1#hDkwvcIaxezkP&FyD)
zrf9?QA)5E=bL<Y5Gi?X`Nx+e8=sSNG8+&zmAPJloE>1^U24WF**H~VUYv1`K)=ULc
zE7|<lz;D!U3x?=MK9jalx^V!94scq}mpVH5^B|@a9vmF)DM8!W-;4OTqz#TMzp&nl
z7`GyEt;~p>5J%KapA>+)ZV_pU)d7N!A3vEa)_gv6yG&_bnXa;@(fXv?cJKc)!$mTQ
zQGWnmox_pk8$PBWNU(|VgD*itjxXf89)ZNv1bJL%RY&R&htB@HsuIKt24<JQix;{}
zH;}kb`g_mN6cO^nMHqur?Ai-NFWQ%4jV4X5=noGtuoCFEO2AAcZEr5+Zdv^8F#n?_
zjBw?2=ifai5QeCcEHx);709E8s|67?<GB)eTK%3Z`3%|oKu%kq6zIO)Yk#(TU<4{!
zgUMKtXQKlQCk9A^6SNv)YmM$%gB9DJC=U;Ae|3Eq!nANel%$h{giU5iUM}?=>zi?c
zrXTtOL??|^mUBye$E#gywgB|%sN}!<l#+bLV_i6GjPwV^fsrFonxDVMV_j^R#Y{~N
zb|6`_b7_gXI621miQ4&rFA#=K?yFY<sJlN^$^zz_n$83XpVL1O7%NG-Y=`3Tlf8eI
zfTR15WB-q_24gWysM^;k7Tqsuc%U0$=4}Tz4{PuqEBdV7w&4c|vu-{7peHRr$yK!G
zK**>J4maKR?ue~0eG7;vFm5r;K47blW7SMg<ImJYr6jSuwcC=ZfiNOXXQx5Gws<K3
zr>RkUv`p88Er|J>6pTv%<DRCXjFVF&qO%H<=>q;EpR<<ZrP$&>ni#Rl$747==sre#
za}di_3xtwJrg1<-MSZravwalZKRbqAfcZty@83tm$?VDE;KTjvSHtd}Bayy4ls+z`
ztNK(7t!xm~E6Q~aTq4ce3pFqVjs~i2)Fq{88@H}JoS0v`gklt`RL~F~QtLQ<wD?!?
z^V9R|nV1kHspZy#i}^poCpM>lbHBIkp~av+1=G}Ls*LXTrk#|I>C4lfs9UG!^D}IE
z&$DtS2dn9p0m&pb=;nLgEjGz@?(DDU{1noV;nLQyP!fofWn3N|H@9~B#{sAgbmOOY
zuKjK5gY*{Brl}Z$8T61)!TYFAdbmr3;ZqkbUE^0iPK{Z|Vzu$u_@KJ$tN>$&zlnx6
zb(eHBU0Pbvp5^XZU+0izB=S18BE)szXkot2jmeR=6fhUXSs*Td2iX`+y-rA1Q_}x|
zjFeFLkEaNRP8UMgYBHzI4{1%0nz3|VKvp9XGMICOu3-hq2wNgBBYLb)|I*h6BYEF$
z)1M+Pr^t?DD19+>H^4uR7O<=onfOo@+#`<zoHpsj<yM^Qm0%%m8A}laBhD69bNVf3
zyei}7l012MklUEy8m0~X4aw&KLfZi@Lyg-qU(E$o^yN7sLWXw}#PIeR5M;nVs9dkd
zt@C8Fm?kETekS$t$`sxmrz~S!+gv}sPO|#zdb*Kup%2)B^y9->3L{KX?fCEYQ-<FN
z|C=O=37!~#Ps4e?9Rmp_6bZ4^(Q~+%f0DRk9ZP2q!q$6Xdr985kG|oaw<(yPV&rIz
z`o_<%<BK7zIy)SQ{&D<VAx*=8pACGeo2!KgQXxQ2&=xbM3{}I99L{`u^!|f4@DW9)
z(x9J7nfJH3G$Eq*Vno0-YNW&&R?={ZPu$pWf_t^JSjWoa<&_)~sI!ix6)oOhz*z0<
z%m4w^_eH8J$|$u|8>I5rhc}K65}5keKNubnr<Lt-x}k^_kMiWNkNn4E4<UX|rN8ZZ
zSnAs9Hv-2)z^%Q)xwN7;_3sZ&$4^hLY8uP<@O|Il93S0xueWEE2s7;S?X*N;3YiY(
z-vy~hF6%Z5Au=X}WQT=4h3A%t`5`0>?Q;^E&rvwuur|zO?e90uHuw9xwnqW-q3^m5
z@iL2}v!nkQ0{Sv3A+Kf;u}6Zs<{!1XA{*n0kmAY0)@+16rm6zXe(5xin*c_AbSx~t
zzEnwZ#}DydqfY@CS=^3UbLwM>&-*Ek@zvJEhtjEi)78~0hyz6aRek|b(s-%WS8qc<
zRJjbdHT~vpev)kw4%iK)j1(%T0-4$#5&saTbS8Up*f2}~xL5@u6E*itIRvAVu6=8A
zRZ2UP=AN0vgZmqX<8kFY1HCo0PQ?)4EV2p<i}O^^t5>j$Cs}bI1~anj91;n1=cATr
zDxjqxJoQcOZ`g3HP-|d#7_H)~e=^+wthWb)^p|w;S8pVTfe&DkPPh1m_hC)5v(Y<E
ze4OFt@6Ky03k6*h`%`vy_TA>=LpWX>-RZ(w_Z+Qg?_-xzz`}EP@|GcXZL)c59GGio
z>zmy8T{Z&v9=GKrhU=Hc@;#E@!k0@7OX)jiD__7inGZn`p<#Gfg29S?w8IG5FaV1s
z<xrq+_GhM4Re8N|<G4E988=s}3L9T^@7zyfJ+}?J#lcDDwGZm}q^f<2kslJ{3rt}o
zT-Gpvi=UuhIsxamD)WS9YMF37z*l|P?T}*K{-<D`44td0s(se(Kytge6n?;{T!lpc
zI|s12&y$#zZ;z~XFAq2KVGz5V)jPEkP}O2vQtj!@3AtDsU8-eyEkJK)Q6eRv`0&77
zYc?WO?#Apm+6blG&@TyIxy0sLa|f^K2OerER9makdDkN2jX-N6LJ}!Ka{=Q~Avgd)
z!G_=p9z_tFt287&-k+i4K#t`!0gBP`onbaRQw&eR299^R4EEd8@`tII9TG08xFF)A
zD0(6b&}VuS`Ekow-nVb6JNIs^^77Z(7v@sD3jM6ipEEDp0$-sJh2<qAEa-s@ILq&*
zZ)h=w?VUuUecgcv-mp0O5hFD3J+;E|mj{U;{d;L%Ou9whYDB0PtN9{^{=ni0Wx`cr
zkP9~y+b?YP_K?0j81*~BE7u3l3orWbEb-Cu%Q-e?B_;1Lqm5ufVQJeCujkO=dZS5-
zbPWBZFAso3?+NM)o3bm12&7bSIGh>Xg+sI_fga<&^vp&$EaH6WYt2QmiDekj>T<#e
zXexX~vgB-_?}wUU2lK%-zP{F)L~L&WHe6ee$aDt^z_{D_0H?V|ol<dj7@3Z)F5go}
z{cJ~Wzqfzx(b#u;d9DB87IrW#|Gm)G_lGBz=6k0*r;l0hL<5bmpJW`SZ4(o7tuk0g
zEv-E~7N#j@f2p*Aq3ux>Mpu?$*UJaaE_IO|2<A$kr24w0%`sh2&Aa`g&w4#sgk$9b
zzA2DJGs9)L5>bEN+iDY}EZ@j9FK;GGbTy)WQa?wll#R3zFGm&fZQVChjqA~8Osq0#
z4KNwqVzB-N>XxOnq+I`Bt}GHZGeV4*;L7o88zF~4UpoI&R^DZ=S@@L2;<eKOJ0H{$
z)((Uo%lYc&qW+}m8k-Lwni%7f3bcGc{kp<J@t*Q%|2*!uFwyvSE2S?F^SwD8js_ne
zjE3yMuLYT3osoKHHm1?X`d>iQ+;v<uxJ`rJ-PeOK7suI-VAJ+!Df7~zI6S=G6aJ%?
z)PdoX6)Yr5*K%(M>jlt43R`5asAxMDDZbwj&l@%jp$3#ngKBGW<D8-V50-RuVwiy%
zAjNn<_vhXFpW$hXuP%!)rFotWq`iU9QkK>b(qzO9&7Gn={hDyO)p^GygXyNQ!F%I8
zOe1~U7>-Xtq#uyhx=W>7xoR$PymrlCIz2U{xAcX)FTp#eqT&H+qCgA(B}4fX)dNJW
zw78y6$&g%GUQT9XGgE=uWUK(EGW_~87^s6F<b%UwPc51wRcbd%{)8t|)T+d|rNJG+
zQ!3JL?TKMBnf?i=-jf#sjE>z~G~_Ty=8f0=P3dJCgk;-z(by=#T>atVe^~-#<Sa<C
z&H<Kv@sCxb&XX_p7!mE3ghGJL<jMk8HeP;~hlhXp6zzz~9{QL^4Yvu>z*mQU$m(qN
zLE)M%fw$q8mS$tRETp=KKJ~A>HD7!d)yQj6XGhfPM|;5cqVp7HP1ioBrzZOd!S(f}
zKaK^Z@n`vHnEgv9D?go-oXfI-+=vS9>vacq$+NZPUP_onKa?KXeGV3G8tC?!%{!XU
zClMX}!I%EaqB9I6s}B<tBpD5#;Qqc+$H!5AK)AAE@@YmjT|+@ObE?$l!`nIsZj!ni
zHed>BgE?CQ1aok-82|>&-&{OZnuhuhsji;BwUrt>eFH-|sB<6;cq(J1Rl-UrR^$ol
z14&vQ-C+KyH0i?BRhd)GUv9%cB?7_3C#Z86zb+LgF$W6j<C3?q>IFVN0S=cDiUr4a
zdJ!ZvwDG5;LN3$Ji&0X&Ee*@<ou0q$w^I!|FMD}!0`BTN4PV=q>CA7I*fEE=A=frN
zV-&T4e$VA1xXci!#%fLnAYe(&eST15f9qM;E66z+^0>38|JQOAGLo0*M?eek=b@X^
zjQ<iJuf&zT2M2R-uuS4b<9!o~`(zyhlA$8k>f8e|Pfuur;LR6MM{unzQ>7;8z;GX@
zW={e(E1&tt#m7zF??|tI0n-eKAdpHQ!`x6G9{b<;=3k+Op9oVpmX}w(>%vj{)v6|3
zLShF7d^~QbqBaMOM*k?@-QOP04GtAuC=uc^S@!wV*ljatf2l#spdbU{X)H*h75Zb0
znNAk={!-RVcOOiJ4gAWN!SNKOis`_nejh%n*Y(B)38#gQ$fGOFem4jeV$WXmJltrW
z(9&+H(>45>ac7)QxWD+`awdsG`L24Hv#tN;j7)p>*T`}V9-Q#;2s3V|%ux`M_Z5G}
zCvikWX0s8H+0E`tlYVLPs~#IffuELgh%nm&yF}#ZH24zI!o~6gRIYk@fmfa(mse7t
zh<NLAUXrhjT6c3^S_r9CZQ0ee?4R%G=&DM|zT(!_F%bm=3YctsGZkjKn);*Uw6SAC
zs-ALrYh4HP_|pw|h~nZ5^@M0Yj5Y@pSAH)5y<HbxM978Xw#v!~m=e#%D$80M-V<+w
z^l+veegnv78h{oR;;~KkbZJXl{n_8*sOX65Cvn(gL-!}Wph@<;e{AeF8hDC-g!f&?
z1EthzhN%__SHYmL8`Krdf3&(Fj`T;P9t<fVp}!|bI(^9R4Zg`LTwmWA%`i!IwnaDQ
z>b(hp)OcAlJKCZ+(v9Z5d7Jze^wK@x`ICYD&YsBDTu|HtsfP+Vc?kG5iwBGIIM_o=
z2a*BQ*py9n{JU}q5<=oeMnVl|XkdK^oATd|w@{`I2pjBO-&z6p;YlVRU8TW5NUX4w
z1m5UOxrO*{rG?4%p8C3?F9^s8o|2&AjhVE99W)mt>@VS7FKNbbFMiL}*atIsd9AI-
z7W>MQM=j46;<e^TwKvG;*zQA7F574nnVH~7MBNlH^5SS?ss}(m<>7-6z4;82x5!R*
zPS)}A-gI(65cQ0quBljYsopk&%h~5oh3aTO(QAQRL{%%0MfJxM`zxZ7D5Zp?vtv8L
zh@8B$)d(s0BbY8|ff&EqH5{Fgq#{)#ioWpMx7O+^F^D(kU()&v1T%bKs1(NA;%NCV
zo5;s>x;*@k)=7Gwzt8JPt`trsu%~06!f}QGuLF49w{I#qlwCXR-maHUcHn~`;LNVF
z%T=HTxno;mhRBlh-RH-g1uFSU;iP0?w6w62Vjz?|JkuX)Qrslf=k;>$ZkG<kWyTUc
zv%s4I9>!e_<i;*ZK(Nhj{hphj@5#{7)GO4pk_HtB;?0sZ6J|`fz|$tPJ=6rd7dR{y
zxDQ{ys^+tzNG7cel>_%vpm!6%LeY?55LSH&)^B9;6{?+_hI;z@-&;trv$KDMM_&Kp
z<Rm+rEJ5CCb)=n|#1yDnS?Ln~m2bs_PwWc>CSrR1FNO;37y%79xW@U$lxlCdYeuH%
zy}mwStlVhb2kphQ7RiRg-zT?9BCmJGUW(%_Pc;}3ybAXn@t_?k`gc&#Ld<;xgIy=n
zr=oxbmP}F!IxoIVxEG3Jl9QL8UKpO_7q9Fs>->6_PZx~!amegM7S}W;XzjDnQ~t&8
z2pR8LWHcKG=j!^VFxWLRnN9cps_Odx4I5x~?kzT^0L8$Dgi$Wvsw3-kQ{}iFtKjZL
zT)m-wOOd`_Q(RgT9h`}hX;T|Ig%h+Pfy-<)uy?rt0+QD=+WR}>t#ngI3sR;Pi9|ei
z5ufsvc}bf02(i2VL2;THMPnRP#IjUR?(Yaj&k?Q}%$m*2?QI#jWGtW5I%*FaX|gw^
zH@L6P-KQRCLR>-SBR}y=K8?50KPw_cvivfJA%kaQe|=Re+V><+L`9@Lce|HniQavD
z8LX;EV1M0JONSPgOCRYO{neXX5}U~o$(urg{^r&Ex2}2!N&`eg*&bUk7wo5yky_Id
zdw~rGxzRcGzR%zH#e^X!vD`fG68mF8fs^HyOe!8nG+2)WH!W@;?%{Lpu(3!$ATcqy
z-{As8bO_7{0FyQexpUL`JNM7Z%PD3afp}ombVWjRe<EHp`xmL7s5iFsq?eA!gxPHQ
zU;tWDDKp-<L2|+r71?_GpYi4U>06NLPfrX+;~orH$%K~8(~Y+^X3EDoL9DbbKTVcK
z;K}P>7S1S3{u)OPx75}pH{_sA^Q}k=+($r9=NK=6DL+NW4CfgC7bTeawooxrCu3YJ
zPlLKV+ZRT|<w73}QhTz@QiLdv-Pq<7sFa3J%E2KrnEeaLUvgaCj+UA!*Soowj+Euw
zgYO6d%nGJ4J020;hTy|PQpnkv+@&ma4E{nzaBH1|j*fxg<U#}d)+pFSN~18P6K`;e
z1SXiW%Of996rId=6nO5>mDOkP1`ns*)v8W_fy(715|ghvnvImoji(H0EmDU_@U3ir
zeFBG}VtEB<Fz+-N4o?TW2m17fua4C@)P6|pY>PNGG+|E=-g8XtRu$jm{VObU;;u%l
zDn`Vay^*A$=v7mkt0DI5&U6S^w*B<qJpyci)q!0Ji*U64+osGAG!O2T%wLH5w(Lq3
zrn31C761zVf|T-~3?T5fD8!sBv$Ow#B!6Y0n!kGbzxGydPagLz5bOZ*`SuY)&}g;>
z=S;a-XD}ib8Xy&%ES76WMH;I9EoFpU?*S-jnJCTyt1Q6(*q*AO0V_RB`JP`jfsO2T
z(Sf&4_=PSQpz2sK&9$QKQU%hIL&7#jp&^+fts1%VLZuWA9}s!zTxiHYU*rU6ITLpt
zQv@5&w4ye*K_E-6^!{>jn_E{PMoe7^!%kd0_U@X3DlpKE&7I?t5K7D)e(gNn`uKW1
zx0%knhUtqsxl%=Ye(kS5^uINcI($M^A$X%t*%f5MzG?ssvVHZ<^PY|ZdP1l6`!f_g
zN*0`)0L?d738QkkxzQKOx^++jmj^`Qs-5?70o?<_vW8nqq8J#<zcp(W4wB3(#1z-2
zk5>W7E7B9Ly*!i#rBFJ&YW<fl{U6vPPW#~;={{TegqA_#vYcGmxu&KKpG%~#+50Kk
zIA$?b(go$TjZR|qs)knzX##Uk#)%Eiac^m^JBp(ztgV{O_HS99iXeiVvYgzN^@aIQ
zsTArNrPjIRM)~X^`>i3<b5=>djN13zM`9SVvN#LMaHty_F*F6#5g*jqOfgh04^KCw
zd1WV?zb-EC_};5kmYm&RcGK;5WIAYIGZ49iy@H&XO}Sm=a29f6XpDSiwdXX6$qHZq
zQ3hx5lqj^AsbrRL8^nIf6uK2_s;0E`X4qXG_|R(JwGAvk!JSktQDAvfWM;78;N6Od
zOF4rLkEdNO*T)BtD%3HsxEElEiNjMa{<~Y;G*x4Q4s>&x@?ub6cj>=Xq0Hf}dTK>9
z&>j#$#klYew$9br`G;=|kg<?tQ0mCX#}B!;0UZ?2zvj2nWt#|NJ@B{`pYDoKp@;sn
z`8;>m%7+WQ&JQG8%-@YMK?2|fEYf@Jf6tUaq0LSfP#ws*u_Al8Ay*c8!Uwm_c?+DA
z>=L%^y?ePn+0)1lnN5K(Ik|-P&{Qex>x1bI;KFEn?0({bPW#37t#nO$@Y0|n^aMTN
zV5)O-+nk^2UybE~ReQOC)OFyOg8$I~)G_(~jeTJ!Seg}#@dHr@yhG1tFK*8>L3GZ=
zeMYNE_JdG=d~+_&XEwW)SDcSG!Jre^f&e|^r6QECpuaF#bdZf2l!v|(`IIkJtB&AS
ztHkJM1oYDF<~;LoEN^P8(5&PeDQT+We}+V^!XIG_4+Qjx-&a?rNuX0MS4?7aLOeu`
zS0wO}k?mOOVm_C`UPg{O`crM)M_<LFi9&@a?F9V-#UjM=>}x=z3N!|ZR9>Q6=w@77
z`++J0ER?I)+4?f`-pMSx1H?F<)ENY_ZXjF!DLEON-W22gT*;-yd=H5J^%O9HozX{v
z*Hz`D#$8XFEyHz*u~BuLAV%EhbSf#;-u|{!4-POPo2(x(Z{0@+W@q1Ts#NO3@5a#y
z=iOa8dgiAQ5rYuhFF{1eyX`$O@e{?9_EgPsDSxrD4gaqOog%2P!S;bGlpsHDwwf<p
zd-$)x@5Sn7PIL;})AZ&xlCXWR)mvg?45TzvmJ2^rg^cf(TIes=hdJN#-;Qb}s7nEO
z2oiLGR^f!O2r?O@<O3<ejJ#>Qv7hpXJiuLMC%`hI7tCt$f%IGEYCv{F|0yxOSXtPY
zbPM7=52_VGO-h9=V7&pny{DGYAePv>W;<7357?aUj#=^3wjY2}YeQiKz+cZ0!|VcM
zQk1~;{^4K_7>ge@>aQX%8aoCCxOiPzK9PkJ!oz!ic%mUfg-T%dtL0c~>~OGIpF=G$
ze+juLUC<Klm!4aNV1HEu3$67Rxaau^Hc=M$H*RJ2G{?eWN7wbv?YHUU)UVZGZdsd8
zKc_z`(2u7qGz!3g?GAJ}!QlT#(^m#$*#+BvAO?+qba!_*(%mT`ozh(os30NTEg;<p
zNQZPI-Cfe%aX06j`%8a-!hZLjS+mxfnaRLww%7f8GqZoaca$YZ(qt4~@EOX*f$0k-
zb2jCx6J>;%%_pyBb#ykDuI8_nx6dYvS=o<8AZLKMfq{p;k_30Q(Ut!0@#fovTw?X1
zI|JEglecdtoE?5V^+ul)a><u}*$d=wb@^GCLr!ks6Ad&4GPi@Z<KcARV@U!Rw>h&F
z4U{HZ_fk*}3^2N`{R%`Rj;61*nTZnpWxl$kV4W2oRY3Q@H#n}}SZO~^KoF9VQ=p_3
zBD#WYKJQpv1(tvGMo3slRCJOFhW4la_HapX@W+ABcO^Gl`0D*Va~@Skh~zC58Z73d
z*T`_mCDxyPvFhV!iU@(_SLzPA7+CT^E2TUNa@XJ4S(XzS^&~sryRjw({H1i(oCQWP
zi}m#zk4K-So2^v3SOs4m2sdP=J{BMzCq5>{Jt1&4bRK6dN^ZCC8!isydS@zm8XNH`
z3_ua`PuLjlLFzjR;HqQ6qgRlAj?!uTo>hZ7iT$br-9eEF%+mv|8NjTW1I(H!&t}a(
zb1A^Axia3`YKlfjs?znWEa$2ePbMV^+>&o>{OfCnpvTpP5DW?U-hkGpSK@}v_6`;8
z>l2(Ws1!}xIzxP#Kf=5<GV1z(4S+5-`^r(K(OM&LAIh%zQ1uS_C+P!Tr@M<Sk=uGH
zjTD25#o^rY1sru2BJiwrx#M$Hc(lW!9L%Vc`2ttzS@%yF2JI@ic{&1`gg#RcoL8|i
zp-xb!{-5Zld(}5GV6vU3u)k0p;<mK(93Z%vnO{gS(4qgYc}cta;P7BRP0&-7rz2CK
zZ#I@1fQQntZOg@4M&EC!`BG1he3^hmyPzWmBs^f<B<AIZ26qIFU>Ac>^Mlkk<D&j&
zLO}KyK${!pk+pabFZQ_sbyv@esDzaMe@Qt1`FLM3O<_f6CiW!P@#xmoVUA~TyO}c@
z3{C(~-r~u+jEp=(%gO?)HV&-*t2b9iUJA&>8{@&c$QIe8PK_*K3}6PypRv=YS^j~F
zf(9m}WiiAz*~VGf#_qq3Ut^Ia`OnM*T+f9smi|ck7=UvPg)W9HmWO<%3H2vKe{uHk
zG09%pxEDt7%GHxKjn_Mq^9{SjLG#qvXo=YCR|;uKo32~1I$vtbn0`%_TP!Cq)|KhW
z=-Jv9nb;ZD|EXZoPpUSRsU2vflDN3NC^TplD$f)&0biCT>?bfeeR4d-*nP1p(V<z2
z!(#-SOHU&O?UNY>z)o;;=C<hdsREj<$>TmL5(eh$tJfH(n}}KM?ci?%Zao^46UrJY
zq9bkoW19nNMLwRgS_LA}YhCPu-NehSzk1sP@V7?>umZ)4ijs77$A*Vd(iz-}u+h+@
z@!!LeMcJ+SMX$c3QK@C{ba6F<@69#oF(rOg%D@1jr{nKz_sD<v&=UCdM^RDe;znQf
z-Xy*E=Mjq2jlPbxhda-wQ_8b%D3lzu$pghw>vwMlUj=Mxj}GgHXePYHe*IUNbl1YC
zPhDO7e!U>`2_nFSq3jo{*FB~rS^BkpX?2a2wl+aWM;BMFi9BCvQV50za5euB4g){-
z89N#DS-Uc6W@hFZGG=ugD@PB3dm$!<fP-glb>;#~79G6Q5u{S?={z-*K0t1`tlk4o
zgZ<O-M=vCT-X9?t(0rxFD>FJx)BezRNJ%UKjA2-geLd8ZtkWYIo832O)w>JHkL%qk
z9IxXlceh8B7731jzoW+b<u%3NBOnkQPvruE|AX(-+-ToY#=S%s9q)S>n1G+kkByZg
zWt4~5xCT*l@EYaAUy8ME?pME*+!xh_z;ABs`cOJLGT?JZ*prfqH2pl%q^2f=9)A|6
z>(@314Q7kaR@n-9C(!pq{<6BX%_b+u$V9_H{>J^M-gk5yW=`jeHPihWh7@%si#QcT
zfr3B~`90VkO9@_sbM)`Ge&m%2B9GXH7tVfSVtm?wh}n?lh;eAelFo=?HuP{f%iGUf
z9!Nx>B`+*0QvKmzgz%0&$S9f&lTP#ddx@}a$grA5LM}o4gB11n8b_geNc`bp8m|-F
zc2^iY3WDs3Pl))R_R<ga(E6)!t<r2LsnRj8E9Pw|CiC#1>mJX)e|@+0&LPrWuf@=@
zdy>he>KyKQ%$vQQe~jFO#7#K2Qk^e%c?zAKoxKt9<@)$%l_sooT8bgj@NeGylw@jp
zf!<4dPuGzu5}3m2>2N`pk4muer5dIpx85_`Ib*Ro?5S9*HGHwr9QooyO|~@Dx1dut
z(K+~?%G`Wkw}s$HztNAI?f&weUS4}^*(gLcVO5$Y@{W`V1*PPx7Anc9l+PMkqU^u0
z6h6x>7{>JL@)S=IHT=`9*J3%>Jt=cPavz?yH;8SvLY^MS8?VzN?yy&HPcWGa%d$k%
zpNn5dvfTc}kxt^a%t&#vc5mp&K;XCi_QT%vzZ7yVu7n?`#BXkoN&B`X=;&|~8Rg>V
zYRtO*y4c(8vs|akIPAuQ1ox)bS9e3T52-k44FtS8kL?yK@Yvv-@l$P`DV4(Au&~sN
zwIU@@Pz36|xhK!Mj9H~F_uG5MF~S}n{_z`&C#2wQi7R?|R5(7~i-$sAB^2Z<aQG8W
zT>~@tVFDKXX*f7s%BsGg_2P2a&Qu)zvKW!Cc6D`Z_Trp8E8UyQEvRIb6BIxvgk08N
zodqF@>Z`>j70{?pPRw}Rx{z7POa~(Jt{$RvPP@wmC+@wpT*!K1lE~24gq=rWY+|Cr
zVGIXGSjj#9+#PDO!@_~I`sY5H>vrQGQ;xdgaO`EACLNJFm>)gGBHVP6)x(jIH}Wlu
zt>O3E--wLfVJf`~5yxcK#~TQE!8%}O=FJ-zeC&{ig4ekY+8ZC{ZeP7pkD(&hu%6C)
zUt^6MGjsu+1%)dr7IJw||0pe%<HpAa#GHRifM`Q`YI0{+cNJvO0c?7P%=DD1UyZxF
z<qc{X=9`q_`VIyXb-1k14TYct!f|G8v@=$dg2@I>GErBS9!I}rA(T=BWD!eC%c*~i
zh#P!g3DE*vV&jmQMP{uhl~q(ospwid^CAlW**9E1$qXU5o}W87Ip<jR#gsU?Y@|e@
zPW$-mu)8q?euutSJxZ9878MoA&o?EHu6#6~ojX18MdzMGWeO1Ex12=0m52TEewNtM
zX@m2>vsE4M@H%Y|FGRca;HQ*+l(2|0rlFxhoShYs7TaUlYqe-;ia~sKNm`)hYD>R)
z4nw!IzeMhrWs_y&3nnXo&!;-esZ`f0W|YyOfkTlAV$u`#PEbI^riw982nC0^z-_lN
zdU@b-IFDT{`X$a__-A%e=+MsJ39Gp{D=_zq2rF;24%N@^``%(|%jKnZBvE>A>OZB`
zp|fqCaN@}2FzhN5T|Pb+Jia)p#m1bJ7hc|QaByQmBwrap7Fb)0nNXb`o9fn9EX_5$
zTGoQ*IzF$b1~(!TNUK=YPyVnP@71axK@a)bn8;+NGBK;v0{c??;9#ia(|nBPZA@o7
zt~<^oCQ8ZYo!;e<oAEbZs7p*N%XqaTK|Ry43PS4Y>IHhmSYf~Id-e|Xsd#wd`=nlZ
zKJ4SR@b1_%fcJ$RNmRMq73kRPJ^stlL{lD0@4xtE5pr9TN%s=3);h2_5_KE^@1Lr>
zjiJ%Pkdwonrmb$R=|LJVZcM@u1Ko5{SCc~O=&1U_AO{my!s6aEdv|~66~b-q#;ea?
zJ|~U-W)|ajPoN~W-rcPxX7R88hC05`FDoqs2j@iloC%rGz3^k$o%>UniP4TC44_|D
z<I5RJ(jrBiwn>)qnUy9mb?%$8dEKcP1$w`k=F9Z5T60Xsh*P44KOT);i*NjCS0`+8
zCR7n#f8d)^^3N4pxo^L&DmJB2u4CcKky?K^CM~`?%6E&Un#I}A3@1ZS?Wf@2NrF%b
zK6Y0aofjBp&XP+yjE%=uL~THZ=nz_A!DzM`H5Vc8pU<Tq0A%nhGRX$Tbd@)EZK-bM
zc_vineNpsYwN*!AvcWZZWg~9O@k!997ceipO*V<|VPSdWdozWT`K>X1Q@A!)OFxMC
z%$lhoBAR=88FQJwNtv6IjZhU4At8Sw_Zs#e851dt%$nrw2kAGF_DgVU5XN`I*tp{g
zmQGgIo!vdPTWsuIS=Elx9&S4{daS4D;t%FrTuHMt6?VJoOy1s4emQ6aZ*00hUrk*<
zM)f1dX3+dT-g0cR==ma7cz9S~W2p?X^(&<`X?ToSTZH2ya_;0xiHG~Xc(wdGr(I0C
zq9XM|{nT!daZ7x?5%N``JRR^2yMQf?ZFF~Bt`5Q99?tbJVZsXI1*u3zN$K<*jmQ}a
zq2=E~42`|1q07h5n)(eDCKuMQv2=^_0R;fP0&Ea|ww>H!u8>C;Wya~~=xCcHoM~cb
z7jpZtC^cowwet;<v;TdCzrV=V@%G{(yeT3)F^bHAzuv<YWH@_fpDFxwa06HVJ-fTR
zb<z`?&Vb;PzCPKXjvI6w=~dzD7ZwwrUm_)QhVi<&HF@1%Utt&s`r``z5S6M(N0E><
z^Zx#CYhJ6)7r`$5>j(^O1|50`jg|4|$(43s;3rRoy>FzAdHJA06;G$~+e!@qlj(a|
z29f8*g^G#>CA8D=TIlxf>1p}y3gN(%LPF1$0o8tS4SbHaI@Q5obkk^ie`wypTvqaX
zRgHR0#;s3FgY($TGmW0?+mVEFHGlcR?IQQSbO2Ul1WdZGpoxl+&$YkS+&(%KffJuo
z))_XYtuzcf+18@x&xWk9GtOOl`fQ~a=U<hl#BC->zZ7q=C!(v)$&6BxD$3xG5VW;a
z@7#|fM)Hk}f&^TcECJF&s&lv_RR1exL-e;q5w&Gy``Yhs;_oZr#L3>~(rIpllrxLM
zz(6jrus;e5`(WMOVV9bWmR8!o_7*nw)}1h4XMB!$(Pk~Mv!yJxtnJvuexpF_;YV-K
z&HWN`xj45pGVg8+!RVu}!?d91#OL~{Txr}VyG<9G(!lp18S%3@@MVw{i_abI+xDKT
zBQu$hr}^Ikb&g+tJ1KM*l159{xj*n-l^IHDDMcov^N+WW#hgwSQS#@h*E@lH@*QTq
z$9ZBXeB8jG@HSY)hxzmN<$;IYvZ4_=Io@x`P9ayfra(JKG9ejOmI6IPu8VJMVBGsE
zX`)pags~CUs*YBtrTNrJb_?{!gVcTPEOg2pAv=P2d`?wkQ&`;9+rK#;CEBENG?SB)
zIq?KBA}C_gB5-38dTfFu0e*f>KA846iLJ_{Ew5glEI-^$#1${2##52-_4$w_l&M29
z3I6wtIPpwFdF&Q-ey0@pc}h>sCtR9HJ!z}=Fco;%ncp`s$vc$%PGoux*pJE0Hi_P8
zXn;5vxOjasq5Ol(ki_OWhSV4e>m@KLToE*Qc`?j4f5<XFGVIGKRrrVSj)sw16Xy8h
z%;M0Xx&MG(tIl~d^nD+U$n|e~0?5^Qy&x4IVCbJ;;@_1vx=AR_g<aAIhJVM|-|20G
z$2e~G!6imTElcMWlXuy@lFo#M<*9b2299>PHOfHxi2~8C-N{1joLBFPw3IFzLct9g
zHkOhy09h@|lca^&v}>Yp5Jb`rXEUluA735tuL4bBmR0}7i-vFl8K@bBaO~%2swn5{
z+Y@rTv+c9@ibf-#Ab9Ew!SIg5Nf1Gy__omgW`oPP%h-RJf|!{|5TSE<MLQg)eQP$b
zW<}=zn+bk-`fV#_!%>JDsPZRQ`MWiHW#yKpQ@u+P4h%Y&`&*&Uzo1pV6<l1*@Hh4?
z5klFo)y|0PDyZa^Fb<tM`mMu}k59;C<Ai+-QW$2ITBguBE+0o<OIFDWXk(GO+Rp;u
z!KI?=mV8r&{XLj~#B+2oG(fF1#@P~H@7WL&8P{uXDZOX6XbIHC|BeirV<^e5$_=+I
z#Knu8oBS@nBcE+mn*Ak90h;A&Ik{a9tC$Vs($FG^?m|JK(B8WLs)A*hP_Q2!71cl*
zTLqJpf#PfG_K5S@z2|Ht07mL12I;Ds{aKm9!T@CL$h7X_<Mj5A`=xIW{jx|Cbo(wR
zB!n<<O!tS9m^k8SK9O9&`F^>n-D;suywx2~SJ#C=Ajv!-0R(6oR=$99GVp4gcF?|Q
zLgfj`pNk3$LwdgBI@@jyCZom^WQd@MKVRWM+t=cUV(Mhk4zu(4!CF2=^Hr3o79(4;
z%!e)T#4MgMRuK%URTP3!5rd%>&d9#q5xG}MtPBLKpYLR7Kfi1V==$<QHpfHCHFj5r
zI8Geao=672pIJ;^Jv86O(pq(SBCb6aqB1hIO}jXe@$}fk%9#J{d@+ctQ~0B&_7jqW
z!w;Ri%ULWbMJWaSbXs~%mOl#u3aY>1F#+yI%$Ajx!N8DBNg7?8N+`$_uJ>4j6CxrK
zsPkmkh^KaxN5YOE-u`p49!H}VBy@RMy*tM_E6!2gBBWnh`p^2)(EQV5M^DEWX#5-M
zfSc|3A24T2==z58u1T8Wy_OQ{!~M<Mo=!9Z%%7u&a*_@P4RKssTe2T!Zm`flkArCf
z&29>pps}q;HcZIZ(#A$EgF@EnrPJ$nVxbD}Lp_6mc%+o1q-!uLw4V`ryf>x{qKf+R
z79F6}w~68yw`bm0re<p4{4OF8sObN6g`J(Qc8G^+>Z;y!e$_w^`1v+OTz;`Gx}w}L
z*~~)fqw1D*WO=)=`Nz2zw~9fqq0_7M@-vCoL~$Re*WWd$hRoLK@p_>W(tYR}MtKGg
z?)y03-1b){$MahSpB{(sw<7Q)y6`x`la>yDg<Qp0oA!Ko=4Bsxpaqqjv9zxOrx&@v
zE3AV#dt|xQCpLe$Xf@x=PyFy;X04HlNi*s5bjvA6rC_|B!g-Fz_5BhHi?*yfk<Ks!
z%!Fd`7^ASu5FP<H5B!mNxOHO)P_Pdw;<`80q0>)E4{aRmr-wvvezR^0{z*HQ2};R-
z>Hz_Ps6`eH1>c&RCn4j$Z+Xw#>!U%UAicI$=W$H(ZMrm8L!zL#xJN#P<6lKi&iavk
zCoHVf8~9+62I*^(=)^t+OCc={ja<=GuK(hS4blgCBF}F7F#0tj4RfalV_*C4xRf;H
z#g7mRIc%+nQiv>KF`BY&P@SJ`TTDii3jmRU(xm$s5-Zce2wqO+fzZl4#ior$eJL!>
zmC1!Q2{IQJ_~1u;)h;Odip!M-nDlX2{CsM;8iRZvLboFbJ&qRT09{j<@wETwOQrik
z4P0kY3~JRaY}}pJ=-a$J2GERgJDPQW{iwg{_*@8V#!|;=e15M2Ser^h_E)KYbLyc7
zh>u!8pl*LX)*Aid?{elOyLpB8fvy({?)!X$X44}nnJjR}a;8eHCK@<n>Uc618hgT>
zx9j{43G8E(uLu4ufYCA^Fwhby<&GU(B^Vx`$UHW?!~bzPQAo%p4%hO)v1R^nKbqlm
zXFA%D{YR%>aC{5qe%zg(pMTXy4N!jz=069xL`zA1LpK}fcM}09Q19#nX02Hm{rejX
z^r&t3qkg-`nxDki|7h=|5i{=}ZhHDdGll*BTiIND|4B`)n^8X{+tfla*Z5%0wh^QX
zcXv0Y50`f+suLp~)EDD+qgTY1vl!x5wi`%3FMj*1T<Qd0C#(VPqDZ|=KQ#bCK~XPN
zqYf{pT3_ISGR$JB^NYo|wgM3s8eBp&$9~ds3Wo@%7rE|L`HT=zq2l~F9#Lb!dgi;3
z4Gd)I_rOD$u$>4_3CBAznPNb(TMYeHY*W-s)-Eb)>*Dn1)4HS=pu~r|sbn--#HUqN
zvSbhD)T1AVA%r(kAVQZxh9jrwMS~=bgYc+FOW|iRl;RKfwEUV)?_V->hj;vx47Uvt
zC9w$(3tPWmY9^SkQ=u{|&B}T!=zDuEX43urMyYQVeuE4y89u-ztF(9^+xO1W#O!5T
zIwH0y{aHBQeJd*;>A$F>7cveNL%W1g4|`L6F_CbGdUZhl5`&f@iC&57qw#NozwJ$|
z?J}x)b*0ft-2FoiR#!JCsPA!6rX$*SSu2cr^iE}2Z)ns@aJ~=_@;>gorC(Txi}Crd
zB!ib-zfTGl+>K!Zq3`<hwcyw8uRcv#2$ji|Epc(r2Ve>z^2GZlhBrr&c7h;da%W>m
z?#Xd|#`BV4(H62*RukDL+27NuE!7qkR#S5;F;Muqfb49I$;FmkT*HZ2Yu7bCoyd#N
zJyvO<gs`y^lMODn4&M_9E|s>U{;tkjy)lvZ5}_;(?XU#;`hgqdiDxH6_zB1aIEGG?
z3PN;RW%p|b^S|W+H^fLvgWrpZZPW3;2}l#|2tvLSg1j#W#Xo3aPZw*Ab4-~%`Y0YO
zM*`e8jLp=miDA-Ze9LVuPW0(h8nfPiZBLW*1P$)_)?Z!?I=Bs=Pe-@)ULM?_C%KHg
z?{nHrYWDRmW7&}nN$Qn0N5$(L_(mK2ed5y#;)gcFVUw&q78+eX1EH(ccWC)dUd4sE
z5?>M+aiO&x>1cwrp|#O+VpO}O!Ri}8w*2EYeIxh^De7SCA>8NjIvTpYdS-|aB3S{S
zb~8MT$)LxBNG^vTaJ2l(WRh-}NU-R*zt!k(_KZ@x>=_EKTH+lhTHCL?D^Is4A*G|m
z^{(}v5TwgEQC~H+Eq;EBkes`-Z>Tze0)~N{e68oayj*aF(t^_YssCY9MtKK^g>Mc5
ztCzcD^aW&XZ7n&J$~|JTGn!Q%2XZr$1jx;%rW7zBKdn@Hvcr@cvKw`UijNHKFK2@H
zT6Nm{HZ-12LS7y70iTN^Gm8{oF=KErk!0OQ8LcDNmu5F5McsZTN-L6hKyL<uVfcpH
zV|{(hQ19o4aeYYW{2F;}FJCDXd35yiPMrIXXNcdQn16J<TD>zti;+F3_rAr)s5&?I
zy+W@QX=@hgRF0(4RIyfq%vI30K*#la&kSLo-rr#2U8~<Fs4|U6NyQ~3vvZ2WA~J~h
zJkPRYxtSZl9~K`)LdJ4gAto)9^(wPp9G;I@c>SSP<8?7Xts|cU5!sh#dB<}-+57h_
zMrImpak+C5NkWzLt<)rk(qvBLch%6sx|%#MzvqLA3+gFJa816cjFc*%>OUu7`}%0o
zZR$mK{CAl+-*Mf;?WtuysUZ)Dv{(5OM@yC)e^j*sI(<BDVhDdh7H2AUqS;;-yCaGj
z0{^mdbK|S#OZ-I;K%(*g{t6lI-23s~Gx?l?1irUepR&T{#wp@proCeJmz9|jOq)0&
z;!>+m-(|7ZFLA$<+rHS6G@iHr6~85~sQyjO#1x@Fkl^TZWk<5~#_=HpL&xdiC@X8B
z)$3hskp``9m1*7xlu7V=IK%89jyA-)d_2^k#i#mk3c1m7U9~h!iwhiH38*{6o*q;G
zIb*YPnXi0>=Qx^SRnrXb==gJda=tN_%novQd_2p~L~v*(dbJGQoBb+9dc1V%<%$6N
zv$+P|O=O9cWO6I5Zk-Fv&B=dgPI<+sYpRQs+y#;_q|N17^@sm0I5=%&JaI6QOVw6g
ziFwt?NT3<Y1ZnFnCQk2mn@Ee#y|nU2lI8dB+2Ya)3JX;lj3snk59I+;_&bs*j6ojB
z?Web~(l!L*o@1!Gx}}|!j5j~O3!7yp%?}@d-4zdK0wRm)(F=FJCnRWYtaXK5T^%h8
zL!RMQFfcCxG=jkev!scy4;T5#{qxMtk<$1$b$*{#J3LI#YVz@n{#i&{bzX-Sr<78=
zyK<zGTfMLB`_+}~7PEsZS#Q{t<qrPs54P0Uz-T+I{MYRiF>qL{wO->&k9PFiNXSyT
zp*)u0*X>o}MKj0ISYQ^rMRrDbc*ETkRN67nwdqdYVXCa5mZQ7afRx4(AX{T?=ID|<
z@;r{O)`ypPsd?bMen6|ZdnE*;aI(&^Vf&fOurVK6+uI&V#+g0Z+5M+dqexgZRV-E0
z;7V&)LkG?iH|5OvBZ(Zf(pK5$Fm%9tJVyuj5A#U+-1HugD=@!;P_<?tBf>TBj3A{{
z$#J)XDwe9wPI0NTn{_F0-p|J_B-h&A+4-ZaETSRkmGxM8)e$Gh=+xgVmz&eLGG$UZ
zq=&UmW6dGZE1#cVf+<CTuF~jg!#6vxMuPkx2Fr{6v^_G*YJ(-}bd>M9JK?#pzV0j?
zy+j8CBZ2mO;zUFcQP(R}A^~L}gZy`jP51R-p?;#bEgW0qIA7_z<$OXmrCgOP-K00T
z#BK~apNBd_Tpl+i&7N*A^!VJq<1#T}%I5Q_lxPn&6smcitibFkrb(acxu|2B@Vl;o
zfb-5~(s($6FeJkrj|&O^^=sJ#=FBo1;U>TI8?kRxe40?6lNnW+u0#Nt#2BZASCljb
z1Fm2SKQ=R!_j7?h_{p{chlM0MU(SvK(0zzcj{{3Xsh$rEuI`tABqgormW#%#X}=H>
zjx+G@t?u^cy+j=2p!zjBF_vu{j;CJyA+cd7MWtS|l!CBbO$<~r9@9*qOxDnDE(1US
zDU}Thl;yO^yYbSIaZpBMKRCEy&TT2AD3~w7T?cxRTI^$H=P;+uOrsSBtJALcruB5U
z&mc}{{#mmsi3Mpy$ZBWpr?jPdwc20t)JhqdU_$G{JQz>_QGTO7{zeM;laMz^NE4Rx
zwWZ;$t*!fNwVy^ZW_Wl^3y_RFQn`GP5g_A%o3owmkr50-!!0BNX-5o<1Y*9porM~;
zJWzI}Dspkn@bTr{rGNxaba$&-<M*(fapvUM?mL9%a(+JJ##^bXzN}jV4(|S!9U*5b
zm%^DVHVW}@GsVKdCjx>UFk(7odw^zHOe}e+oEV61iG&!>m}w@eK9#HQJ4E_KvDD(x
z4&H5@=c53~Xc%va6gNgP<4V;-<`h!L3S4dIG|Pw6i?wE}ELCE*0%b_iL!Q~V7gX{;
z3Sft>L9J`-@!L+;UPQ6&$45~>;!4EUekz<SP)XTzepqfYs?0ITPI;PO;bb?d$T6wq
z$)}f9H~l$Cz|6RVj{~uo9L%-$_nvmPe*vtWaCG*^Xg0HFK?LDqmzI?+V6gM(#Kdhl
zV+gxmA{oSEf#Z`C-jdD=xW|uQ;lxQ~2nYyv>l+$s!@|PUU}*HR;mEf}@{RchoDGCM
z|8ys_S62Pb_e<ppHZjKeTSjQq-aa^AAA35cp$c>`9Cmi-Gb}6)n@N!T7Wc1u$6F41
zD*69DjwiF@;NbOV?CIyc0#takq9O<ylta!+J5%BQ-1dI_Le}lDDXxcUk3ZO@d$&jG
zO7;43*L%!3n~SWiwP$8o0c#tFl~@(s+2we9Y^0}Ew&BcHWYwCTmnWGo<Xb_+8{_j5
zfx>&K2p3{MUTWn2^?peG)Y3-nw+{O=LGT5OaddK8%Tf=Jfp@jG?Eu9Fn%PWFOtSv2
z$z2Y9J8P|;j5nXa+~Yf*#}Tfgp<$+t!pJ%x@58Kbd=p3O6OB<j%B&q_mm{UtsF2E_
zGLGKsXPlkG+hT^ey|8H3NW{m-_ZE!LcGv^)FV)yS7#8-Qh%1nL8RH4RiVWxY-dz$m
zxbC@KffX{FWMpL3kk4IrAh}d<Xz&l!bUrK1*K8~tKWhSC0$Fzl7w1QIk*v4}kCOfJ
z*1v;!4o-G4HMuY;ZoA|1RQ&(+Un8}#g!K~w8I%{a^8Z(p!kH80;;ISWqQko6e-K`+
zjT8WHV*<bPf3Zi)T$5EF%*OtajjI^S$q{>)DlMGPeo4I4vIzjw$>Fg3;mYc+Z2O-;
z=d{l%Za}AC0f>yr_bx{2L+Umv(NAkSY;5eFGq7J`YfDmI9%-{!LrgHl0P#v8_4@wA
zL^Cjh6qGnk-WQ>OyLlEDpp2!)Zy>fxc6ZYjQHB8dLbIHRu(Txj{w7vSDdXoH3nBOi
z0XNOtVo!{hk`h;}%PAFiKM87%ZPe#+j|#}(A_0E&1`|!hS8bd@O;!yHi2faayI-Md
zX_5VGBzjh32sshvb$+n`p;TJv5zRo@qwQ8D$HVCW5Bd*KF=Hh<zZzRwTKMTSOK{3I
zj^Q31o)s;1Tn<ZRb|odH@vlo!pgv;*w@y~0Bq_`Di?FY;%QuwH?rzm=Tb<pc6sPWv
zF92HnSLIY%vf^z?^Cgx0^~XP<?>M4lFT1<C{z^6Av%B@7<K=gtwlx?C8fRyZ{v9_-
z&Zma#GlaT45B2iw=Hkk}QWYNyx<@PyBx2A^TWbFlhtDh3lj&-mVPODt)Z*Th<KPf-
zrFO|^61ct}1)V6;Z_i~+{ipM-#>MG->tTFfywG*ulLY*h>_7-NMGxRqKvmJ+1wCnK
z*B2&LvNnH1&XLGh+)#0X{|MwUF@9G_Hc><bFo?-DMq&}C!ZOUDaN`Ll91t@!oMq*7
zb=AGvld`d~Ne(Cx0h5&3VoZPw`=kwKcG-5R$+IIpJ$;eSWhbg}sRGW45y(3~(7<?j
z_MP$kNCivF0-?^tL+!bF6Cn?WAWb$c;J131C|r(6EYgndy1U93{`j&2vY7}5<t&9P
z2e=pKv3%Z<9~$B$59X<PFH7>N8Ha`-o1O5Gi0%eEeUhb@el6;!+@Myf25$wOcjP;e
zNY;PZ6BB`Eaw04$euEl2ee*K?FwyqUvfmZ!0VW-oG8?GdSkF05%BGZM`S=G;*Jbys
zG{v94QwiQ<lU;+^P(}3Hz)-9%5IN70kgiW2_yNIsy>q10o5-BJ%c#<#%gLv$J67eq
ztuB}U=zWd0ohvtf?p1TT(LOQw9VH<_J^pc#=1VCsRlA>Uxr7hdTlNmt*c6iaF86*C
zmlUrs9iw2%6u5z8^rM5jx3*lsn4M-!S)`Xv#LPzvM%&Q->{l7VN^!F2pJoFIzroDP
zcTf%nS})vla8=OO)ve`s-jaX#x)@cZQOxGl4hu?)__7;d7GdcCmZ#R<{QfILa1Zl}
z2T4aqBB87O)!0_ych-~HdNtN@;GmmS!*Aan%)JG#FWaU|T*8R)Q%T%1ZnP9Sw$xDy
zCq%23i$K0Tl3y1RvR_ZU+`_6nSGQEHMlH##m$X$E-yUhd%u{EDA>@69POpEVrJ|A*
zUeAl7s912{H5L{LeuV+xsE+QZqkli!ACC*zW$+eH99)MSkZuq#+p-}D4~!mnoUQ81
zz{VgP+HPyR{z^gO|HJ>krTZ&l_j1S}K7Rb?Yh(q56!-n$&9;ETgnx@IKDgVIa+r4e
zN<TdQjR6to3sChp68HN0Q4aN6BXYtO8hUK3tttT}L3d9^n-Lol7G~0Me?#ExEVm(}
zR_f{85P>6_WqZzy-s_d^_qfpu;1aKkbb{sXzkj~K1k-bv!1&=6J+D9j)QUz5^H!Rj
zS}~1Az;g75pRnKkXux%9Y|DE0-z@uOm&sR<*HZ>A7uQ$c2LykWWHts~2azp9wBuXO
z`9ubzoxx;;tFPb#So>(F_+$CVPv!>kUAB5xr~sIE3dFJf?ZGUwt3#3d)ap|8)o!Cr
z+1=lE4|fa3tiCqWui6fwOlW7OJaeD-W~^*sr<w><fZm!VD^s(-s!Tw*n*qLCpkv8?
zm%q^yaQqCe*$HXLa^c1(Hwy^^1%=pj>0}*iY$D^ps6xFq!&YB9|3Z^Pzz1w*ItsNk
zf*O48ZtLTZyIeL2`@A5LI`>3WdN1-V4e-*?e-168yGZ4R@|$xhT~j&5=<(f<eFX$S
zIpP$w1-SIyxi7Ds1Lco|EG*mrKCIR&S1T;isKnvNTBp;9!$}s=Jigyja2rV<;QnV(
zB25tkRx&-#Ej4?O(C~5uwBkIUDmS1Vj@;I}k!NEJ<8Lo;S?!5lhG8k3=>fG$5A-k-
z8yP{`Nccf{2?_i4K;2^d`v;cs)29SaFS@v|X+jSFZF`<!Hq<uFO^px>SJ+Iv`LAcP
zxN!c|J^a-TTQLmqU}q^2XDl}l6jLi%0*B@0*w4-B4GQj)jVVUJf_3B9YuJAI{L)dc
zDamULZqHtv0qa?b5(EudJeA6DuE@v>5VL;&xk16o4-z~5rsum`@4Shyy4;fM88P;b
z?jz{SDQ$40<aK5PStgxci>KN|ifr0e0_6N$+jzQXr^)Wct_p}dr*s8VxisKAPa@Ox
zQ+!2ZvRwiZY<XO0I<_Kpo+~|Vb{oy?C;N`Iu75zj(qP-UqKG=XhH!}@rsrz(guT?=
z2HV<5CWeMSxr6OKRgcK>A|x;2-Z2EYn3$NHHJSFs*pH;~s;Mww75k#RSxHO81`kZy
z`AY++>)(ONN4gzBt&4+S{T>GkU%W=^=^X9<^FAxJve{<(RA%^!jB>ZuRtC4Q{<${z
z_WRR|A3FJpm<riYwLAev2dRa{e;|t)tJcsR8Mc^$D80bv9zi^YdNr4q7gwsQk%i-g
z7bGcJU0dBb+8eADN%R)?t*EIuoJ9n|YJZ{HgxwgNpcU=>^4HK%gm~+TA8JQS(iG^x
zo)cH#L-`AU(YNV$=Y8j%HLfl+AL`li2>HjHpD*SoC=_`40ECs*fMEy#_K&g*p`nl$
zuY<$Gb3u*OdJ`HfP8J%^AX5w)gBEM($)af#rUBN5gKj&YK>;Azft>oRJ=j0pMFtZK
z_ZF8&)|T0&7(%ds_%Yf2A=>nC)ao)qs$}WF;_2d2kkWB0O0?7vDAwwi#^WFYZOP==
zeDu!+YrXR1-}aY2ie%_Db~gZUaJB-2*1Go>?0Nt*<@II^v&G@N7Q|n|RiPQZ7ANTl
z?lRV`wVgd%?fAylm)5|j%i=P{aL%3;a56NWFMl|R=>N{Z04JU{b~g!rYYR?VPB;_~
zAA=t2jFaX~Wm=d$YzG+O6CVh@{14RnNHGZs@&>ILx-xOeAZd)Y8j1b)N-0xuK0~nH
zc@;KHDpJv9sjX1WYPr!J&%kP!f{rbQysV7C)iu8UW0*J@Uaf84L_GbIG`W}r{OvK!
zbUZz;^R)w5??<hi?P67%E|C21jH+iO_>H2c*IJD;^-=6`l??nRLP7}ik>_u(v;$Hy
zb&XTe%VVX+2K&*fNm3Q4JZWT<vQe!cMNjeZj6YgRKYo5`W_X5=2e_j)@F3qHAZ-BB
zU!d7N(pf4p?}n4^b8Q65yi(@yTUeAw`z01=e@6U)=UM#1;RxQ+)cim3tAu3j&RsyO
zWF;ZZLlO#rec1w5G(qk_tNEh}dPJj2@0-(eVUvSWQt%R)^ygaL4(6Pkw}%hjVqoMP
zdOr$`fX}seFj<DnDL;^>{@qsGJ^aSa>FSIB%;>bt4<iT*Y^(vMyS}`jZ_gA0d5_!%
zc&c{_3dEheWsq-G8xq71)8O8f)KS<8Elxuvq*Qz<5f8VU*5&^xFfx_^pR8*n(Z2q#
zAaLr>GMyWsY4;|w?hI{BwF|UaA9Whyh+e#^Fgq~@a&AiD+3P0np6y6tRt8lHwQYq6
zK=HWL)aJ>x`Yp8hBm*yulU(~)A-I_i^A!O(-j}2EOBr@kQz5dno8^EPhl0wcrmhVd
zzD^IPFEn_tF2XMWc@{Vl@;xG?B`E(cf6_!hS$|C}DEJSwSJdh;(>|wuXo2TYzme*$
z9?<w>+3xmpGjrML??2N-d3$=Ckl86Jiu*jF_=kqdrUeFey~M^&9FRp(5Lw}lJA$J;
z?qTsd-@z_7Xx241Hik~I*6^#e<dfRwXw|MseZ}NaL5PlzccC5IcwE18pOy7pM<G;B
zOb7%I@f;EJhx}&$gw3REf<W)Un*nP6K7D$X7&1Z|)m#M5R1O)JrIBL?H^vV^CXqxT
zO<ZhYKpE6wHTq+ZV5}qY_&yMa6%s<cI?S!Aek}=taa$Mk@=Uje=U_9Q(Q!k(U$bm5
zhLGRE$uUd)<}{hh9@Jk<atWq$KA~jjA<v|M;_z@?hCoPtDdQX;A42#85mwOITGzS#
zVv33P71f7qD)42~O}vUsOwV5iY+G@0YH<VdRrEK~E0^)~vtG?`**Q5nJ1hPg9YG7t
zUhkj~@z2r}*`oQ1g908=W#m!_eLcjzk)z6b`AR)zr=~imMwXV>n_!<=@iTv(|Ln;~
z4$a8OxV}7?Z={k>TFEUc!b5zf3PKheorTkjJ8oYhuviV@iBuAzA=g*I=8WaW3P_Pf
zqmh>eCMa=iXc@(xaYrkOpm*cp;ITnw>ykku56#)ED;G98yxQjIzzrNeo}c{DZnzPf
zna%fcgGRp){a5WLleHoZ%=oE@r#Gk;l{w_VoOB|9k>cr04+QL4pN%&dSPZ=!w6h?`
zpMalDKABz+C!VgW7nj|k)hX~TyScJ_yI%mvbDASb?QNF_AarVn@)JOkxw1z5=13ou
z(moDUnt<8upV#{C54K(z2>GQQOuHCVeYNAXcDU?)JL|2UD;a)mG0k+Vm@3&K+{U1?
z;(nMeIG{&Qe<%}=sG+XD238y@HG7;Go5a&;z;QbV5QIhfzcGbpw;1-h1`C7UJ@4;?
zyT-%pg!T5W9nMsm0Q{>}2D7?#%FkkdmSlXI|8FLMjcCZrE5YTe|BwN^QM2D%ve6lC
zoR}rhqYQ@&87|On-o?B0V&n(4aukNV3;WB?(tCcRmSa$?$#8X={q$32M_OSQcDdCe
zF7PD=*b1jkcXRza3zW%H^z?2Sykbw4ChYs?jM36b5Wg3P=vdWzv#in_G4~H2K&T7>
z>5ul(v-hlhB=Y5YkI8aP@%s>Uz~xrp3lmMpQqTIF)A;Tmyi@dYLbzemsbQdOay!U&
zzS!M&cavneIA$$U4q(OS`q=8jEAeh88Kc)1sJHJD`(ho_h0>)9dz7NdBtF|MHPt&U
zHn>95K=1b#DSFmb6O2qvF>iMMk|)Bvc$Efhlp!y8>LKBXgaiSlFNOHel%S=R4Sk76
z>_@Ka$IStX%qJ@9EV|YgF{)0{{uCkTB|kIRi8+FcF7}?drolrT_V#r2nCH4TY?i&K
z0p+08i&Dj<rj1yxrX>O2l&F!+aY4vJS49KN&7Di(Tv|%H*!xzb-oBqz&fJX0X*?T8
z+bLro`pCs`w$bi2LE{EC1#N?MD~E=%q2-yvzz4p96whXk1%eP5a`hiL8mr};Z-17A
zpH25ZnL;HgtYSv9%WUuH*+$y~2rY&y+6Tf6#J;Ki^f>wcHIorI(ix$Fa>vaHS}!ik
zHsE_U3*);9!!%m?{8HY@wd<$(5JRM>2=DdnHOq8==r?R;Sm2Py;|DMuV<baxUJvBo
zH-PCQ`GNNAEZi*7t3RCrB(@el9-d!-$9lUCh|?CEvVogCFCOk`qJq#rzaLAD+mOv{
z=_?%`NDQKh@rNiTU&Kr}OPckwbaVw)$|dx=(EyunvYkl>Ag>%h)F6C2TukQoU=i*Z
zZ&4#6Q4k63i!XXcM~?apEA?h!C7lfXfGo;?5`L<<A0<t8m(|lF5PFR|maEAq@N=vi
zB7gM~k<D#MAPp?>nJLm}*!H|zd&wSzLMgyt@n#mn!DQ&|lnB!X+|0XoF8?J;QvhX~
zo_;_UakEI>s3M2FaX8&%JenLSlPjDG*wD(qF1E&vj!u}ieTCQIdIBO>rOkW-@HC>4
z`4W#0rzU2^Qn9YL!B|&YMw?AzDKi-vwp4hoiMtIYi&b;{<6vV$Xad<ZbaNnaS=Gq{
zf`zqu4+O2Mz);|0Zv}5R=Q(8n1Hm(S);SqZ+w6VD^-gOG==jf)^CJgPVid;w`gZOh
zxo&Z$+{N&p!#A8VGIYFF!0Ak-DvU<#ezoi-NVMG4mnQlpCY+WRJ*L?3PLGV7Z05He
zA#>bln99Tq4nXqBHLk^wJP!$=6@USE?3W6;oqj{y0qZ6vu$8dbpP45d&Bh+SJN?$u
z^1Zf-Y~^5n5Si)4vlEB&H7c9qU$Vel3o#&uwO^me<MKp_ynOK5016>IB0s-*x#36v
zKDWcom0|Z_ve>|II<0bnG9Y3Z&XJLlz(fvUuwwH)j68yt*^8u5B|qr)KR!)zaIk>(
zYF+~a4p#1wQKnRp;jN(G+-KgG8zI$+su~)cQ%g%rcc9^vsk^)TbNM%svS+JVRs5&<
zT73b(`)e;>-v^dp=IE5U-^>}q!y$G{n<vl(a1|e$;`hgrWnp(5-8g4ZsklD^BU)8Y
z-+?~`B&DjbQ&q1TeInT4>mB3V;&~f43;JZC`=s3q3}b2K)|e}aXoxX1q1*Ij{NAL=
z-=$`xOm5T{R_tzoqL3%#LAxu{zll=l*XNDiz1aIT-0`K5UMp`;a`I^iAN*cUPu<}R
z!A!m&ea~I(v|p;_?^v4U9`h{ACE^&HcSE2TVVtpp9x!=K9})nQ$L6{zdudSrCt^I`
zQM)b*6y7>9NcW*Zc~rohX0{$pK4G&Yptg<jbQ%6nEa>BW1Lp{a{HD4(OHGw=L?ZUV
z!TxA(EVWuWZIttyhw~6*lkSzR4e@IA#Y#}YJVp`;>ehl)$o#S>N+KkSZ-gKc*jYtT
z@4Uaizn?na`J3}F`^#dlE3_*c)W=SD_nwk`yej+HS0`1IMOn$zsDyVHYS(!0tS3aY
z3^PG$sO95jwVCJAG3*8Lj){o(^eJ}J&PRPyZ)QCv8daeXjy@NTgpV$?TvW8Lo8Wj0
z84%2EeM5|aT3937{{QJfHz_{w2^4`FG>vbcoxmTs@oH>(q7UZHB!kKUHCLv94;b}#
z_NLd^O9CO{WV&vL@<1u#X|log=CYGlvzi3PF{+EB$og<(xAh*2y1#<IMyJ5D@jsZY
z5Y1v$iH^24s1Cm4wm%&i%iWQEiOlw%)x;ze7a#Z}(Sx5LPmmolL;&QI@f8z#1$TV%
z;4SnLuGh42{QX~aN*XPItH44gjqPCsc+;POJe5fr>=tY5|7g9L(Vu06$xx<_Z)!iZ
zE9ILrM26o3R`;Oyt$<c(O#Jw>t4u1A$k%qNL<cIL_|ZoE1!Q9yWUxRsbG;{W8K2EG
z_yUR~7OplF^63@U)I2BTjzICf>$m%Hwl&amD)x;<zT<Tn5N`GN_Z<wIQ=ThyKsphD
zmLSmgatSo-f(02ND`hpUM8OD!JWsw{^pd!YI|4KkZ@m(ATEHMl1Mg9f+hLpxW~<M6
z@ayR^m1dP3Ov6kc`>^|A<!lX8N{E^S9yp%J+1Xsc{~)I-Gi75jJlgE`>AAz`qm-1{
zw?fPbPL2u!j^Il$J^9m&KOh)^n1G3gkBuJ&oTPd}o-u!aS&S>sdB<WrXK3IYo88&?
zc|6<=jP1BfrTFaAr8#=>bjf&12EM+hz+<hbi*Q3vYS_|?giH>RlYyTf7~BYvk&!1j
zI3Az0^$7tn0Qzw<XhT$;_O*Wn`2u>8{Hjs8Op|f2=X;h%AcBsYJ}^)me?zSsO6`%W
zPrn8Du$ABQ^k-vMR+e#iEHH%=00Kmr&fMG_@QJVqzip<6@3)3hCxJU`rp1G`WqX*_
zXGs773t~iw%G)3hi158zYj&mv`tF<aGn2)MLYWL|=*v&0ZPFM$*cerK&FsZ!!wke2
zIT3~+l-%#<RK>bElAua?RbKi5hG%0x%?p<7lZY1hC^#3MZgrg`Z%-hgCw59xQxBGu
z&eproD*5=n4eQ#UuL?9dJp7(4n5wDYNXHM!=SG2-1Z-rZL)}4uUvgZ%b_}#%_#))<
zv3oR&<7hM>n%%-Y<w;uddGYD9xiyoGQiuJI;SJc$GLs>Q%WLu~-Ro+2?afmp;9WsF
zlcuDkmrCbx@CS`2;?iasFrjfw;axM8>QQvN@b~qA7hv)RWu{xHE$Mp&NP)4ty?u2j
zj#jN|Sx-`g1o5qx2%HlfQ1i}pf7>mhFfx|XfH6|`Y?V@|!^A>qhrFC;8%F1U0@<j~
z4OJAfrO5xHNV9P(L_2Z6rcL<xaGG|1v2n)*Y!lCZNU!zo{{&7hHg)LOx`=-&6iCP>
z$e+4W45nhpu&}vk*T+C)@RC8Gfp4^(v}O2#nTw4<wTTCGKo}3Te^Hm~R-@u&%Ha7Q
zyu5Xoap)I1nD^=GaB!(YbZa2z4eQ^(0ONe=iii-m$cag1J85<a5mHF4^4V3_In6Sx
zAgTRj!R~owM|yLOc)fNs(r?tkQ)e8=a6<!h%GBv{LuL#p1~owVEx0SatlA$ww0hrN
z9#j=+6hFQ`X~x6182tDziS=vl_(U1_MdS^BqbM+ziuc?prF^Zdjw7unjM|VjY8jZ^
z&Ci7^7KtXS>Uk^Edw7{hFLvtau5>yFPmzR%b(hO3Or7wNQVNJUI;)$3r8(<Q;YiEP
zCIB0wJV3V(HIhMS<qS1{hQfi#NR<qE4N<rSvbY#b{(dz6y46&`p(-_~RF~E3a-SoT
z|6sGLWVPdIhhhV~E~LYmXxbOAPdCS@{{x-L6*$}xIz&VhR?|#9OcZZSQJzgv^^L!N
z*c;vx3Bro#>kFD+?$6%YFE-SCP*OTN;sB%6uh*Y#nFN8rl&}CW$<+{88=TqD;DzLW
zbaTd&l<Is21}YEf)QG;&^!7HfvX9hh^#c+j20IWXO3ItCLmGmD<ZJ%<vQY&9jnym?
zqHm9p`_GTDJw{0cHa1Fy(axBRo>xv$h$jFJ<9&`H-lelDMgv(vQQ_ad?jTMGjJ=Ly
zXY+A5qk4wCHxq?WX*8+GI@c$M1lhqYdS#JSM?ishx5!~n4JUU<K~D_dm03Y1jkbM~
zkOhT%=b%x?*d#?pEd1kn$cgVQONkt|PIf_2o+Lj%|CX1h(cCZUBB#bmScod~{$88Q
zgT=sRx?k3hUZd!IY-9wo@2hiM&j3_3OaQ~Pv&f0!+0}LgVC;ary!<`MV;*$#6}}{u
zk5k`n^i@z0FkXv3L62EY)x-SlGs-Qz1dpx7$M=e32;Wwn;H701cUlkqL79*Pd_Mn8
zD`v<$9iDPp|95<{*l6ml49J6C%-9XNdXnwl<GgqJzL4)e`gf#UNo&xx0r)WgvKs5v
z)!m|n|Kfv-is<xjFU@+A*`GIhDZJF^=mfoVZbx}gDi=>Ueh=cm-6A%$5OLsJi7Tu8
zU9NXy5);)M{ALS`c+4~(^4Qoz?0m9KNlInE8ztpKCJar8h=|F-?6n46P(01v++kq6
zdLnfD(aO?NoLR4K6f76AIh>oDE8J^Ge6!*7EP(W6=jT(m06BCRfG%%fTI_}ewg)6B
zL_{KKjU2Z3@6RrK3<YS>P5m>MTQh00q)9+9z(Ys#C+qGOX}Ve2>uF8A&@9kE47T@w
z;w*!UQEP*hR=>#%Lyv+3bliHKIfTrvuV*S5^qi-4EBp<@@tyBZ%_yY`1ggP>#uv^Y
z%vS=LnyqiS{O7YTtm!v5d4qe;-zh9Z%4AWjn8U-|Z~R*2Y`#0n**_0Q>ci{mc&3Ju
zzj&te>0O>gGh(XSETw_Yobxme_-2lM2eX$z_F1(+&&`5OmRs4Ih8PZ(Gjs5{dN<;W
zHHt6q!FmO`Z>Yo>=e3RgZN$MKVQ+Yt52aijw|{v}|NZ-Sq4z#FpJST^KLE?ZD6$N-
zjg2iK;mz%hbM`tsJitK56pNjkcPeA5pI?qn49Z`6oTc%$mhNgssjZ$Q%5iMSD7SrH
z_7>@Fr_;8|l6|;^P9%ezxBF$+S^#mp0rR5bXpU3=a27&%iSX`^(dv7y{EqWOupaCg
zU>oT-IBXpo1x^;SeK}fgF|)h}<gzxug(8(itndC}RUp%3k)y|z-E5h8AstxUxIefe
z5k^Dt&R7{Mpxp4+Y<oaWj%43G74XE?&1n1R>Fe0qKm)I>Jj=o3pE%tda5rplv1(07
zNT}E&J=S`*Z`8w*ljrpIL=yAQ&(7Wy6clvAq%E{&%4lldyB`@eY+(Y-2A;8_Tp|^p
zLC=JGZ9|jQREfAuggDu1#sZy>u587BDenKsY+RtbeO&xJ1vzytjUr=-Jlh57fx|_3
zL<mKZ?eObkBy1pJ&P5oEz8zz`ECT4<VH_ON@!iKsxV&T|4bW1`9BXy8F-Im=+#ps?
zh&2Gs-)*2<OsC1@HRvkJwb}<JIc?C|`rI*QKY+DF9lLLi1q2tuVofs-qUZLFOu<z6
zw`PJCkwm#t>3p`J&at%0)DZ>vBZx`A-^0Q})~sq;Mi>6>^d&bnHP-yx>Bbx<NhQJ$
zk*&AKYcIiD;XT}Excgq9Q9OkKK~I!lULkwM_B+4?2%|q|4~-Jtn%%8jxkOED25lCc
zwSj!|x!KiP>-ayf>{??+5o1JF(J2ciOK{N)539`%^=6%g4i9}Ek0H^^hjQ+lLQ0Z`
z+glFHammYv3$^@XFqGx54<Pi~{e}tVE_UNhn_&8AK0bIo4AQkDJe&sl0tuyG@1H2U
z5>bid_m7)@bAUqwRE=N3x$piPcPZBhD{ZBSg7AR^WuB9W9TA3YLPPEH<BcdNBdc6!
zUw|pywHowOBT(wMqg=U=uefZofS@1$hVpFFPG(!~|2KX^rS&R#9CTb$O)=_LIQ)TY
zk#YBRIor%Rs<x6}{vAoDkV3=z=Nf&)HAm91W1j!7chKl{Mtx^@r^CW*a;}@3&*|9<
z5~U0QVQ$dKyS`BGOk{2S`CV$;@-r*7!3R3w&>tai?U2EvYo$RCp#b>`#eTj!ZmIdi
zJA?NRDdF8^ykN`z!BE|Bda{wtz-3n$M*5XaOtdaMmPn&PGdd;HYwk~L!(CwrJqgO6
zFKnJ(n;xPB^H2qK%-6D($zd}Q@+V}~vwZ=#i+!vw1dMD{FH(CQY+t?9Xod(_<<))Y
zZ;ot)vS%=G>{%EE>=mjZxj2Y?(Bd9)hHHT$0V(|a@D5$~*i2?vA`TV@0Mk7FZXDDc
z&-<;wyaQkw@@d$Te&%C-aS>Lv=!8G*P0zR=gaUoTCkEkzrKQzh(0^y{?fLhI8g<~E
zTU844<0G7m_aG7icHa0Xl;vOXA||=X`!+7{;dXU>m(JU;%&_&bqphvY3<O?<hIS>9
z73TNStuLJz%gV~IpDmdchOK^FMn*<nM+QwFWiy4IbJFjC7Z81<EaD_S=bxX}8U`})
zUtpJ;$yq}3j;j+siu&YuPJ^bMrcWR4aYDYjs^wKUEQ5xbdMJfj0w_|3urC6Z-&L$6
zQn`?9oLMyK={-yF&mHOpds7J1R8NbI-%_h>sq9;P5W@RV`qj$@ZMC%QfLN5FQG5+V
zQy{!mf-B-yqT6-OX+x90af)S@1w6*Y-rj>=7sfzh^Jr`&SN!(fabhGBwESvnf{((-
zvma6~5D8&3W1-UsMK|mJ0or?ZcXta4i*w4#6pyz@u3P^fS#KRxW%osm9vY;(OG@eP
zPHB+t6cD7O^B^IJG$IYsAstFfhjhq6>F(~noA>*Ecib_q!@nFu<veFUYtJ>;oO1;Z
zgWk=1Yj+UH{wG>lQpq-3TdOHW_*JQ18pv(IDxY>``@t#(oOpF~bh!5aeExBNo5!Zp
zHmGQ~HW1<j^rU;U#FJTK*JLF9uC}(R7(XO$K7ESW2>pz1d$AV}y%*ow+LA3ZX`Y_%
z>|Bvy?m|L*APe;(|6r^-S*ZH!=K8w)M^%*_^kA;hx7xDW4$SPYvPAldk<ec->trfn
zCr+1He2m7F`qh6n?eHfO*oJ{DPSFib7rwPGYI!|R0Suz?BLw1%xGdmLz4n!+8!1<A
zCGf<j5|}#@oTZ`IXwNJ^w2FboBgh-68Vdjz^WR^rH`PUTMh=)t77H=!RaJqXJ!W%b
z7+5JXfk>YVNI`)w5(vi(0h#iJvhX#SMw?F!rMmyD?|HNRnw^R6w(P~zJnm<S_oTHz
ztke8!dw4ub%HflNM4`id)r_-4Q=pWrv{DepgaYS@nUaVb9&#A^s{38T-t9~Z3GH=1
z;)1wu_lQ9)>Q{C=xCBPkw7JuZ3*85znjlFmI@>)IbX02`pv=h@^Scn-1rHF?;(ryV
z`1Nasi<|NuRu=LJA#4BCaQb*+^QS+5V12%wh<`JH1oTty3ve?Yi!cF8J}opyx&~_H
z48%e`12210#QRA}3U!0)9hapIPU73qfRlpNAYp~i+U=$L*Y}!QdPTM6Y~Nd3w}HpG
zbmB4gR={bj)<Q;CC7m&`>5iNW93g{USgrk`DYG&|)*}Jcd|P>)gR?<P%6|;{mZrgp
zW{HIi<Nll?2qkuNKZz$;Nr95&JklX_%gVXh4U_3&k~1ocyL)(a&CktcfO&%?&07G2
zmSQ`GhW4~1CEHJcPFgJV>OBKY?sJNS`-_h4GAj<l8hZ4(`E6ly2v}QXc`%Ym@Y3M*
zkI8slY8;;@x6NJ6n@_q_qks#Zp5*z<g?3N<ltFS*H(+AcW&kzKT5a~Kwe5){u=<>>
z!j3fXL4@XHZ8$j=E|IBrZ;Td<h2f7E&>s&L)nQ=!`dphyBOG%ov&T-A?_;1%nTawN
z!(f{Yk@{pwU@~rt=Rv-5y*-7CYkblV(j<=2t@GV#u!qi)k?}8;mJLnJCn?p^5vDkP
z)A{DUJJVJ{F!uvI1|pyv-;U>oRsQ<*sKmoltNuF%utWdNTA&m~YMCehb%Ls@!%v-{
z6X$qmFuFoazJqv|WzUvCplC>;YT~|dzo+B`sKMQ^OM%7M6Fvva)up(tl-W`pS*E<c
z>~BGD=+Bw23FW-}V%{x|)HZu*i82)>n?o7os$UnR)OoV;7#nj|Xuw4XaL;Y6$yWA8
z10_IY0-ZMdu!y@ku*K8a3`ugJoS)~1-zm~B8T0^0b(Q^C(D~`cKz{Zq@ykvK6BDE3
zqS{~Mwq^nrBDxpc1<_mC5<(4@NDc}y^t>-nA!1^!&M4Sab9?LS=amUvK<0A{1;l?l
z^{4v!a}f!NUvG3uwXd;ho{MH+P8QX=gZZg^@HRt7^_>7AYa`+sY;CRmBPNE^bkzK>
zJ#qIvSS)Z>4zxW|k^SzmPACYajHADmc-8c-^m8VqmVjgK=uCAD9z&3f(GPl|@OKsN
zUn|xTOQ$PGR|0OUvU!-|<Ci6%o}L(o)BBbD+}c`NdClc)BBNOausB+~{4uvLiEqbp
z<-VG&{=L6FbDsS8L^3l6ERH>q%rP-Tpj${|GqUl)`1?Un*ziS%62jy44R@ujIy<H4
zi`jEKSjGG~*v4D#G~aZ-Ic19jet}L;f(Uf<4M3>7moDOUAP)67f2{Ue)Kq<AL=gl<
zYmGGTAw~Ce#pw~B3GkG|As_%cNpsc+Bn8dL$TQ21$Y-9i8o1Tw9l?<%Qrk4a!4rN7
zmnh3>K@haiz_$7YU;0L&&8?uhOt*`L=RJ_4lZSwmxAxEXMlyw?9eqydzdFq#bD@2D
zKg#p{FWmM~A2sv^GwT|eaoLYLS*DmgK>KEu6F{m`RQzpW37cOZHGMU&FNcg<NN&gl
zEXTISQ=0vSqQLxe`kaxMpgLPZ?>_w9hRL6|?!t_A_MPiD9z#a;kxk<<H)m+Tt{1%i
zufDt~KIcmmhHgsw>e~KnN`B7xJI_YQ(kPV}C#?P30<>3MQ6==a#fNizTAusXR!v`<
zfJe8Y+et#=uDrzH<>PlDD+1y~ycW?H{lh(B_qWRy_K~cfdHO;^jYB~}K_SE(rWj6Z
z>$tMD((pLBJv@AT_n_1|R_5muU_%UkLAxwgfdf#VMnI%l*J{F!S7mZC#4;>T;}4|~
zGfQ<k^m<pXAcFu6M8&(id}B5b_#E9c`>Zc4ke(?oC4l#{5!yoJ>EyP%U4^m1!TI=P
zp#@d*h6Kb|%(rfWWEq=^hVNy`UE=W8M%{BRG_)bJpI9SckF$d{2^j^(Fs+PBXGczT
z@=USt3+7JmO|__p#YZx~m!g_Lk2yljA)QYJeNXhhrpCPbJp%@#s`Og37eoo+Z?&-S
z%>HJ0iE^@ZU1vBJo0Os=8k(g2(e+;*{o(9bCRha=1VjKj0Ae!-^sN=(%Jx{)Ws1=K
zh)5&*orZ<Q2#<;?&=(k-0;Q#;F(BR~I6=dPhTfNFCG8u_LvSTCbomGhv9ToVCeWPb
z^L_MTLYCsbHw?am^tG{OaDON|R#JW~#?czzdZ~akz<-#i&0ev>(>jbR=ML{Crewc?
z0284!meTl~SnL~2QuuGY*B5ikU1Qo>UH6P*@2a`zd%N51rddO$tF@hF#<+RA9}=06
zvVL{4zWmU2v7aK~FW4z9{X6E5qz80G_RjD4`G(^RWZNc-M=LWS_c>mWHmw8`iny+>
zV2dl=`xzai_4Rcq5)xA5({*P`#}P}D#)cP!Q~nz)fnEScj1f&uO)ezJgqD^?voBxF
z?2NV&P9<SXW^klJm0+xD5AZUa?=$DgYnnaYRelu>dOVQ`4GkUJ9+hZ>wq>6}rmGYa
z8%*iwn8IDj$O>RQsorD++S_R>ot^LJ|L*R3V|^ZweeLdE{{73Jj|ny0p4q}-sxdKJ
z{SSUa1HXg!KVoubh>~g=2X}pCW@14nclTfksN`eleEyt-$AkGIQ#g!|hzMTdW^H{h
z%7B@<!DAawr=~Hvl$oDW0vb~=J*}akO|a#!ikp`ox)$VeynJk>|JGsE$Na6DP_(?&
zNV)(AJtJeU)z#55X>^Ndu-){lzv#JtwgKtdQKX(7^Kd#UK{t{i#FIK;J>hKD5agwv
zZJ8O33D#n0?^Y|Qq=hmV{a9-GtXz<O0ak@bRhWoa=NGun!@&hnLGN#6WVH!;<m8fm
zZ++Ei-<hg+NK)+*j5R-h*sWxS38|`McYwj;i+yj?#JwmC|IeRFPPX(M*KFQcB<IlL
z<>gA|O>((hxv(1lqEbRYMtv8vqY;e};J>uH{RymV_WvB)M}~=697FL5YGN{Y9`yDT
zeL=oPT(()I+ZRfoRcKOi3dw`^Yw62{)^X=C8nC0a*_2EP*|a61>&K7&!Qq0e-I-RA
zy6H-VU&~!c;$~X9((fgI4-5}=zfn*KMR`n~9tQ+T9Vn<7I+~g#^Nl9KG{0%#P{-{X
z8yZ9fxVdkNb8;-=zJ4u?ONa|HQT}Q^GEp#Q(ELO9R~#r?P#ac5#QJJ0+Lv@%4`4yI
z{c7*>K@!W=-40>k<DEfCa(Gn)s_)rhEQj;r^YYH3i2*+Cc6beTSK}ttbY_m*JX`fT
z$3?1N&<EM6+smnVe8@WUo1}q}{&pKjM-{U=)PLXgWTcf!cleI_2S>0zX=)Y>+HfB~
z{N>r><qYcBfDWhBm`i2$ZH9sW$A--y7@WWc|1F$g4pYRCj&@*o|Hkv4z7QM-YL@Rx
zecOi5n&NP#Kzg{zMdQWIn6d#WI;>1;^x-}}GyVgJx3#vl4$^!LU+W+r{y!}NE*DqC
z*L!tsg7?p!Y3%*0H^px;6ZJ(5cbtvOx`CQ~Mm9h~vLhjvas2(oCMk;J1;#`~+zCHD
z;^sTY`0PXk$hXPuAtZF7ISKczu|#=OGO4;3Y^Oh&rH)=17zi;jGw*!+__0@pEV|c{
zJM~B;kYe`i42PQ3VAoaT;hG6{_c>>;CNm5P>B!Zy!ZT{<%$<OkP&0Ng#$3k$4t*W!
zC0U9t3He6s7fvrAlK#&G4#Gx9XIE)z@^T<q^L6m9sp$--ty=x+$#YN=MjO^Bz+Yc(
zh{iM?8rF<U*4y;)W&rPP!R(KYhaDY^Wjkx{#QFZQ!?SH<BV`$$*=FLdztD}Fqw_A5
zJ-{CyG<(VD%OcuCAES?XY%LQ$LXmsb(m%%IGn)5rjgtVm;scn$Ed<A=M4+-}i&M@f
zv*iV2bG>|N_i&2M8W6zczB8pu>JPC-L4>^L=63PF^~{)Q%X}s-?74TfI*`c3PJcy%
z+Cc}0Dg`dz6JK!WyJ+a@@}ooW+Wb2%!qAt2?4)s`$>SUrfvatPv<1EK0Dipsx!sHc
zPa)@zH9XvLnVP<94NX=W+TosLn6GPU{!|qFjC^)}p8V6fq*4yJv1&cpq8uF?+YT>B
zo01#VqasWBH#Y{#jb2^d)Q_AVDOdY>y>oTz`lS&20PE+Jpr+E*9lO7E4wZQ8b4d%T
z(#-Zj4EXfZyP_7@P^xxWBXW>HQwj57R#H~&K^7A$OA{kU+oKeqwXnEz9>Ci>KJB_f
zLN~lGdMt0naK6eEnaRrw@uH=LD0zutU}A<mr=yEK+l6ryx#}t4u;HUgq6Vv)nB410
zO9u~v6b-X6J6>HySFVx9Cd;A^aBWOa)HpblTd8UAFQD_~PqRdSF|m@7&CC0{V#z!Z
z?>oibEkMO=4)@5Aqx`#n%KKde59HHY0?Kptmj<WQsO<$Z;l=70K1qqG2CIC8u|<6O
zAL!)GAH&e~-@HX@^xTI)wj~112NM|dMZBEWxqF5)QW^wVGcv0u=P4ckLQSP|$G1~N
zz1Y<dp-2{E5xDTw+3CS8qI>-Oy`5ZEN6YJj6CPuBB;`49gWvVI9R4szpfA0!P}Z1G
zN*t@5m|TAAgjJa-qS-%!^jce6#pn8@AhEXAO&`;l2{jk%6+{|`@apDfK^S<nxfB%#
zL?Kr<2b4eT99E|r-Qc&e#NRH6zIe%^70c1k47D0w8@PhCL$UxOANAUwPrpg4MRZPn
z)~X<wR34kWl(UB)804qJJ|gkm^70_1*8L@H?K0hV#QZ)(2;A!$s~K+qfG7>fl+Ob+
zH~g0cUiGPo;KB3VF>dZ$C1U9P74ByywQedaD}ow?zOR-;Qze2#BoQU28)$nkrXrxn
ztFGOP)J9kol6~wZh}<?FDJqO}tZZC*s+h4M!NrHGAFO)K(_^uT-u;C)Knn9UQ*fIg
z8$4=5#RyG`!4ek_#DL)7;aNV>Z@o{K5%bHJd~?_8!FB~t&%t;oOH718Na(M{OqIpq
zhlz~nM8C^Un?I$($x#L4+xiwz3(W%?aV8#ovxSzIUXzRU>eM^CHI#8b_Ge|J4V!j4
z{vL8{EcfcaR*DqfNE$fUF$yexoPN&C9wSH2ztj#YwZmHf2@J0Pl`;#l=%4%*to|`H
z{HoI#t|9$8RDgcsoF)qg=5RhKD_MT1=E^{T=d_t-EiIkQ`$jWFDM|umqNF7E`vlLx
z!h}*AaO-k%;iv)||KLJM2(!->wML~F%?vpo&)e$2-J32tRfsW<iF|g~+S>8rB^<<E
zN4FPQUA=7X7d0iYJ;r(P3PkBnMR2b6VN={}QfJiHNaNm;Y-K|quJ-}O7IS-fi0%9Y
zRliHY;{+GWySP+kLqC5We9OgEEe-L0+#?;TtGl|X%TCWiK<S+OLuk3OqGLLl$pf)q
z`lOc}gmp*EOK^-6G`8g)QQa);HXFb6V|KDY0ekQ0tjyb@G2BN;=xDB$+{x(YbN1)K
zyK{sHI41b`FR-a&001zDeZpUl3FjkxmMPpZGfl+5u&^cI4do1)STo6%3IA47_%V)L
zfXpW>xB#T5^Z)y|a@Ohxuv@5TtjOzmzsugNuJC35W%vg&;kqn6gPp8j5_MBkE^`Z6
z|B~!s1?al}{#s0eCnfG;9#WRqXwRm&rG9^J0Rm*7o3=n8sAy<OcL1n794`Kn7%xyJ
zhT{!>jv5TrqleH&kg*!n(2I+UFPIt_T(fBShU{Bdz}=qj#shR--lwCZ*N3I9UNNvD
zc5@lNlfpG+m8EpF@{9iLIaNCI*QCieU%q^+l9oUnfrMu7NP+<K_IVb)qpJ<oJ>wcg
z=NSbG!F9JYQyj2dG`rPTGxipX3WJB3IBV0vP7I2I)$PQ=@y^{{R>9NjHlvJnrpyex
z>+v3YJX=EG<QdZUfXxwoD~k`OIXNzEE^z+_zvlQIF2reRd~-4sdBJQM(<XkAB?vdV
z3*#z{WK0RZ;Ah3S0jjyfLe+j7l<|r8@5g4_D2a&K&A&DIf(OI3ZezXFQJ~!5aVMCN
zmj`v=lULN#{5%48os<CYWo4BCnB9Mr2f#>RDJvV=buiz&IDO<9OtS;GjUbI9ibG6n
z`|;z)EH6*b0|zUsJOg86){~V5G1<1j=p+#@OK&#khMVHj&gnjsWGu?g#CA!}RFxN)
zB#_lszY_YBl}_n9a{-1jSCr8EM-|4}I%u;iW}mH~o7{VDo)XIVi4JdcNkN392w3GY
z_*ZvaEds^&R8%c?S3>}Dbfq*(7>wt3YJHWKhMUMFQ*KGu)gV}w#e-5xr(ju>P7ZrL
zG)x#RA94~$t3kz$`2B}tUKR)Ii(*fvN^yF5g)W<}kMBFOiW>wA*^NHB3Jc>{KsR^m
z+$HevmVP)<*32lp2vN`en3F{KKqm6F(v^gP0jEO4vzfuXS|1gNRrO4aHC`Kof<r{a
z{<pz34=kIRWnpT=MI1Np$3m4lvbeuFj|aal#C*?QL4wK_e=S#8Ac(TE#`W1U6mw@b
zd4>%vv<hCYp<&H8A{bF;zyAR3y}a_ax6Lb5Tg&K>^myYm=)zAhRPKWDeGZqE3L#F?
z`B15nM@ea^EkI=9<HzT8Y~?3prGszZuKXq=ZJKNNP}0<-y>zzmm&Y!a0&NreNN7j8
zSy)UP5*uaq%iPI4XnnFss{_U46)OJOS=H<)cH;TDk?PSg4;StMNL4z5!hNACXsUur
zEb45N^z`rr>W|OmGck3&874CZ&e7ml(^lV}fa{ZW2%0!*?r}UMl;(<_gTw6P=G>tY
z6qY`-SFa-AAlL}-=7j}em!nyKe2rZd75lxmAckQljV)i7kTjfZb1a!WoMeTZrkOWB
z92p&d&(BBXI9OP}F|>qg6I5ghemHmASStJ}K!SmMZm8UF93P+9RkJ_q+72U@naLLC
zA;kdUC{$#nrAH!eh4FebErf)G7Kgpj`XHFyR3hLR(Pt#G=#Lg!MV6cEgDDP{@B?Hw
z3w89rUcX+lc^9SPDak?07R|p$k-4|{>-g@*qpjCLQHX|>5g!}MZW<b0!EU+OiU5g-
zh#)wesa~BJOy(Hv9~?~PJ;6f@h5$T~JMDS6aL+F)I`_X$@3ncYJ)zpnzmvM#_U|<i
zS>xAu&nQK7{n$2(_6J;D`C^6}9kjqHhtcW3fmNprz5gI5*O{B!KRWOM_Hd8d<{j_b
zRv5@I3{^~~607Q&rxXztD`B=ly1qV|sYPkp+3`L-drMbYbuComOwEgo+1VNd*|}|A
ztg_&g2q3#@_RMj_l)z^jAI?*VzdmIGYbj9NI5_s21IR^2vcpfd#vwrwoDYWjbzdNB
z3exZt(NRmgdn!6oyFm5e?(g4{nVL#^8A*Z&mEw*3dYYb1LnZ~(9?!%BZrrDU4JJjc
zh{u4HD0n2hkH~TV{d~`EZW+98bTc*K7Z2@9EZZ?nuEXE~(jaXf<e!;%^{%U&_B&JW
zJCJP6uty|IR$|nZk6``rRn6Yj{&Zba+VA)|+YMERiD3Oz;#ZmC(L$gL^}iETnh}5|
zn%tay_|z;i-OwOeZ96J&YO&h?N>$F=h4Y{19_pk__*mFH$181Vc$U4rF#|=kapwh%
zz8LS07wk^cid!m-_+DTh;5`1E-v0&>f<s8iR#Q_W{J8g*hZ-QCuK`#IG-)|sFP}c(
zhwtBaYvbZ@V8GCD4<B@hhBi}g4MhX6@Wg|zUDcV85ETs_mJ)>Z1snM{eDaP9RdYg8
za;4x5)a+Cf>HDuVvZ498s)u$s)}K`n4PRMBCHarL=ZmYW%g_`0^G|P-H7nwme<wZi
zao-)~)Wzp~QvB>-{Q|^HE`A*8k3Xuakrr>}Hkys0te*Nuwo#;(18BZzXiI0W$K#z3
zCn-i*U9C*>vuMg~cj1RD5n?$cqzDUYi4{4w1vte|(P8&BZ;mdHzImFXU{PE#(9$jk
zefl&2lQ*T3!qK4tcpo(a_zgU@wZHUb2)R*>+wl@54umdNTg?;}g@<yO*^3=u1O)7f
zK&iSI)yj?yM<8qGc?y4^$P$Fghq`4m-43J+k+;-_^72!#L=SgP+wIq9q`auBe7p@8
zmoL~^Lw_dX^N*(M6;Y%WDuL6EuA;I;fde^D<#}|l2H9mBSX5D3BO}qR-Hgkp=>q!P
zKHQ#_M&THqmi3`g816$uRi`I!icgO27bn)=yjlMAOG2ATE#DI=&P*okNG99ejWf{4
zRklGA1fB$<pO3{afYhrW0|@c)Swvlyf-Zq#jsv6+C7NId+jTxcJ9y8Vv+XzsSOsN5
zQqnMd5crH$fGh~?i}};^{54EGfYb71EsbLhl?+@h$2%P%%pBz@?(CC49K&+FRirl?
z)Igt742>ewIam+dg;_0>>TLZh!Y&)h=tvXuqcO5z|HcdJ`PYxibh*FkxL_lnqs5f6
zH;+#4?0mLvXT7z*3|F2bbIi$E1qza28xv!vzA}2Du<$DzYH|W1!k#lima4u{>>WeH
zZvr7TLzv6sNh~j3vUY<%FKv;RHY96B#_k=3cFSh<IXY#ICFbQ;Ew)2ou@rELt-B!g
z>gIa(r?V&E70P^elW8L46`n8~idA2Xs`{%}E~LOGsSJ8v=9lcfLV9|8hBb(b_;@>x
z3z2XmGSEln%IMgr{5B#yqK$vCc^H+^sIxDb-v>CWdotOBN_p(IDIL%o#oQP1WUee~
zO#2QHpJi+^F~6W7U{7j!cr4!7M;1KZQd^d8Q7ukb+uC$m_B>-v<wc9%d)(j^rnIW7
zx9~Y<E(A7C&5<@<#D$Nc=0|G-TQlWG^{|&On04)04Kp`DCl7k)_SHTMTf2xaH7gV=
zD_{nDU<x)~B!?ME%83O-?bx2a%=7-yQH~>!%+<%hz;Fs#8l3$(lUpAB?R4{+-E9z?
zR7eQmx8?KIzW$s0^j*FT2De7OAr|7HqZyRY*%4&e<&nG2ApZ&UF=VygVQjG>{@Fvq
z%1V{}#k&-85*iV@ym&o*32?tvE&jm#M<-9S*MU%)fAEx`UcK6hWam7m|5l));J1ph
z3|TA^+DT1K90g%mhbXUD(%}?ZkH7Yc)t4{4*AV)b+<3QV=dQa~uB99kRTf<fObiT^
zV=!3dFLe*p;9}w@FzH*ElXEQg)N_EyBI=+C<PS{m94)|g0r){AVLb!RF?lJtkiHnC
zynMt3XiSW8rJw7g_<4#$-+`gK^d=u<d8*#a85EgfZpBsxd?MVAcQP^!3oQnqyntk)
z9N;@Q_Bwc{8I7SXBx3cWlsTB)tT1NejEonRJeInT+hJEp@edo}=Yehm7M8t<v7kS9
z*A0PJF42eAWK>udxVT`MMOm-Ix`>xNE;SShEA2hjE6^TSPz%A|z8O3UY4u}$`7(8L
zd)tRwP;e%8&lgAbR2CdQI~p%A1l?I%a|g)+WjK%p2|r{WRaH?8RGb-#=efCnIsT}4
zx&a4~t}qFCEYVu8@FT<v1`#)}W7kF8i+Ob&J?)rvCQ9KqXWVINRSc>iY9KU~M8wat
zz&yOi8Vm_2y+wpqmSQNqeICUlKSy4f8fnS%aksoj3h9f2(@3)>cR8To)z(>tUc3WW
zqmvUL>3{?4=;G+x!>q^NG^RsFhB-)eY`WNm^|QRwPu|-<e$E+pBZMjhrAnoch@JDt
z#8$|*=%O){+4Ld$97g@=6ZFN(DXOj(hUAJwVD~~8I_}=O&V^SG89;F9Yiriw*Qc9_
zhSP}SQSq@@sJU=#CLpw0U41lgrTf#VM8M6I2nQ1i6%moQ>mily!JNT&N<_6;Z0cSv
z7M6T^Mrj=rN`MNUi}4YPkBoeqw9_CJBYSy#>;eRMbGJ7oB|2o#&plSuI3t+}{G!M-
zOL%j2@yUI{<mpOc-0&?eOZ#iGVu4GC*otr8s*FvAR+PMLbUGL|A!cBBcYf5~T%_*W
zyFi6z_A8f0g4(IsYZZ{-GdoK`QgrgX7u-G<E6Xy1?-os+iqv(b;K+J=HPX4mHs^A`
z(l3qChTdE!`BgMPi&3SR)GgZ@eUc7uZ*~ZKhqKN0XB6Y(8|<88uVSgM?Z;-O62?BG
zqr0ANY0gP_#oTzkQc_}mipCHJ+3ad>K|_g13ka!D8nP51zB&aY)FwD6K8muk`6Q6e
zgN3lvLPpcMX1${7+5SPR#6<kBM*2Z&MOMLuj6oAnlTaQktQk>fDhht5vbvBXJyn7F
z;1ReI8?ORZE^<Iy1@<6;mGiK*^|dA72$?DT{<*vOMb^eUHEsFm;Q0b&&VTjjjsye{
z$lH<<&PiCGFdN(5D>bJzLS2rVQ(M+-e$3fqjv_#!DJt5frCBCda(q<F{Kp&;d&tGr
z;0E2mfS6xJk?QYnMGSl<Mu3<iBk5eX?V0_G!z2HkRa$CnHaa@c!QkgN!(kQ!9td1e
zWt%XAYB8?G(Cp8uKa*Wz)Y&z6G}AyuXbSWi!|{mJh~w|$08S<w=#3_)1LV}c-`Q3?
z1d{qIup{u^mtw9O0W``UWX;sgL%Yy!pHmtJ7Nh-o$|m=mQf-|uSbEP6^V>f*due1s
zjB*NHmdn!qKBpfKebR-=GGo9C)&a&`b`|<?xEE@p$(M&Y5`m&+Dyo`O-7&cZ1%;Na
z73{jBsUe|Tc8~(X=?7c$p!vW+lFIM1`QmS#QA=E1uZ9ksPiJ7n5KiwCYba}7mE>bQ
z9hcuQ83vgIRoL})|91_tW)(|o`Ym_g0t!;_o@@#@wcB*Si(Z@;B-GwUlYrDh$`zmJ
zD8@L1*V-BoGbW}6kosWuvcUCYRFn!}8Hr<zn?3h!^4Mc&P(M78k-X1+e6AA!_Vh~y
zv7qQ^Xk0-Pbn-TahR~~{JD<!xy{#Esqq(`_bUmkyaziBH))NV&6$%CoA1B#<t8bkS
zfr=}zG;&g6A_DWpCJzt$i<vKquN0+VQv@Rq4;tBAA@<f+oSZmrIy%eiD-$!yvQnm0
ztgwonCpPW)4-2GVktc6ssDs_iY{;;c46hzlExmRn_xY7DRLEj+rRP;dgrtQjl_?^!
z^xH9-t;bvE#_SS{$sz<upq}QJ=PY8BCy|jjE3X<JhzOBjd=5)iRw3^^3q%^RD66J=
zkwM)Vi?L#=W}J&LUw>n(1*aPD`5AWj`Q5d*%Qjy9E|<^A+UBQEpGLF_RZ7H#KGH<k
zd_tr_97ohQfEu&{Lx9&FP)9LC@{97n@UH{TIL!ac<XYk3Qpc6;V_=0;Z%~d5m(9hy
zio@0GkJbF^p+3b`I@<aXb%%>AVxx}93<4tLKOCm(W+v((V-;?;DSNXh4l(i{dwO~V
zcMnYe^&d@_Bb(s^JeXd<uz^Jy42<5)Roc3Gef&^r>Mal&$-n=P@2V*cUP4b#w80%s
z1sMTQSE%S1vYJwGM2B+*+cv*I?#{RI?W@er`%q0?Lo#8{{bvv`6Ai1Z<=Ml;#63Nr
z44RO}dg?Oo=Y)#YQrcm{qzq4;^As+tyen6*T2}Y3S{vG=d6Jqof{pd%gjTURRTXGl
z>Q`h)Tw>xNF!BA%0iD-k1#AE<*iQTDDrL+y`ssv}EdjmY<>W*yoZMCcr_pG0#Nu-d
zR$GlTuf4-e_a}V^M-z5MW1lORl*R^)0yCC`xP;ucjrtveN`-oFG=sLjo}}5A*R^^a
z6wotNCTW@K{Us@kvbdiox0~wFjH>$ew+|a-dIoedetz!e)B|AgU}(}Ow6AKZ!TK@C
ziRas(s;1=S!b6>%IcFF=nz2ZN&J|+X`$sBzZG6~F{#LVmJKJ2TuH^WltxdDo=vLq$
zCo4zG{!)=rtn>vqI{VF@J%it9X0~=#I(j~9``8png_r}(*~rL<^BpR;Dvx{{kq4$P
zmW#i_GjnL2sKg=@RxBeFl}^N{DxY_Cnu|dLx5v3ID*A>}d1O{sR*d^%DAP@y@$nJI
z>EoF75y!h5nwrFosx5mIR8>_&&d%Jg508&$-kL+A-wb{OYfQ^W?PF8<(CHp7C1hKn
zPq&GCWzJcNVBfF;)I$tuXHKI!^4q#?*nBKfZ!aJ$ks;qoE3kAtJgz7uVosf$rZnT3
zemYr9O_h+0$khJWa9aEFQUh2$K8TAq>}-E($)KR`>FopqR}65!i5Q#Ec0JtU<@-H6
zxGdJ9{7p@ra@%im|4>-+61heh6+b8<h2#e8if_QC#yN!^P`<Xbsx}||%3PTo7cXV%
z$q$3oOiUiHuPcXUNT`c3u`z`U?M_<=-s+n=CavpVH#RQ+*`J*nJ^gmPdR>~|^ZhP^
z;tKpBslxT~569VuHkakjzaSOh=Ny~L(<n~l=|w9kF1A)sQ1AnE@GTdZX>z5i7>jvg
z%o0P{W#O@XaCLAA@w>oV=71p{bRt3{CrX8|>Vpy*{!Ol;b3Bt>Nhzr!6-W=J4Gog~
zVvPQjeN_TOOShS5j3QQj$$gtJ2_N`<T)L$uhvarL(zbvHiq9ZCbwM?~cuA&Im3+%_
z78xv!G&DJiC!>zlkdRo@)8y>Dn|fL10rmU{zIt&nA9z|^++wv1{dMn^goO3?qJnP<
z3p7sw)p{r9#m>rZ+#Zq2vumunXJz*yXoA_8l?Xi-4{wZ@FD$3tBeQp17`Q*HCdPAu
zu|ZQXF*W5+LQcM`77UstlP7$wI+My{dte5Na$H&2JAO#Fg1lvV1^ZnLl)CZ~>+cE$
zTz}=1Ho?jGOqsmsT9A8LoUGBGJ1g7K-u}n?Sl<i+%IHgqJ~KlEfW)7W>0JL<9|~Cr
zO4s6S^RyL{tb)~_y}#i0E&BZ!8Tr}jB8~4!KoDPR>o&|`KM+`u-~L1>)zyZqMiLsc
z)F-WLgEkK^gBVb-pgw_{TPJ3~np>)JMbP@9(hL$L0d|E0W_w6Lpwg4o)cWq~L*B-Q
z;2>`MB~Zf8j%4+Co0xof5EvdD=`~PR_D)NsO{Q%5;Q(X5f4IM`0NxdUnyOEz!FK$H
zFlWqQyN|u#g~^JGTY54H>Ou4wKwaEi2{!ro@fB3@Rq;<BhWva<tHn?PB7&vk;onJ|
zEc@1|E-13{Y8A$v*FRHIm@7?eEHo=7VEdnmeGC<pwWj;WR{C+>_vgta--a;@C@XJ8
zlZN~Rp^>rYB4U&q$jJKQ0m7EgpF{4F_gbD<H)4*8A5DhJI@%gRRvR1rZ-_;&;^Tt!
zenP*GB(o33g3ZE)^{ZbQzU#@EfUVknv3avWaP|7<P<<6fDw8&h*)a5{u{<Q`O9sW6
z*FiTK6H|o{v&Zqnvdq({9_jWl0x&in9v+8sa&nZ~Iy&p7UMVyYM6plTjLOyZ_59h%
zi7-3B_1F+F>G;t2gWt)lLE};siow1G_y#he1mC@Ss03L0Fla^}<ntZfKp0F<&po<#
zVLGNyEQ3s6Y!TJZ?lzh`4N|^mw;U#&zcWQZ>z|SUUn}?7+*pRLD>wJ~jMEHcemw8^
zW?SnUuM|mFp-RWEWOj>+PiXWGTWpgFK1N2XMqwMt*c@gRC%!g{Xi)n6f}Fd{#Xm8F
zFJ6|MpneUl<F%fx&lAU4l9O_BTCe9M5o`z)V;2$5<>bJIaJuhk>t9_>k<c8o2+$!g
z0jj+kYz>+F8bc}a;16KdAb9g-kc3I4aE7s-h&$5pF(69L$aq&-Sa<>VVm?*S$qHc>
zq}aqv2J<?NP(XKfJA>i%*-f4iyPXQh4mz}VlLkE{luEP(d_VbDO|c%zGcgg@!M^*~
zaD3ZcWqSG}m~EvDj`wpWfI06?Hk6r<TeQZD1N0@Xk2fAW5oW(Ex<GkH3Q$(=_u83S
zg2oimGmBC<AIu{FW;(uAj2|TUgD$Kzfj|HQ8Hy0Xs8U?*4TkN-|L4<lL+_S+GLN&x
zmno7XU8rSbo=PDk$iGPK38VHjdrB#(#cWpl9N!$6?2V6ir2Ab$z8v_13C5bIwe_0C
zn>XuC9tI4kxpGge5U&i7fVKXAnl`b3$R{a|`+bw-CMmxw)Uwgq{R!fE9o$_ube`8M
zg_m#4Oq+Xn?CgRL+8%!>DIA;Q63x{ZAt}#shdw|5Tc4Bl)#cf?HeDBrfU{*qDYII0
z(@JSFvCa45rISzi+TtOWhYOsZUVUW5#4j#({`5m5KlWKx<D6bNHg5j*6lUDsmGL>V
zbJx=C1xL=|y9&E)wZ1u5>K2c?UGyoJvQjCAWOqS9e1`&LWphJ*{hLcZ>gNB%1TMd?
zuJHl?u(~nY#}Am8&6#C_P=MB5-tFpU++3R3qZ9&nbqR-AoBMlL*AhQlonRV63?SB#
z<*9eyo@ltb^1cnczmbD07`~eO=^PI2>W%KV^pdY&;c|5yGWbz8=N6TKw^q$^GIaq$
zIu5n6h439`e-=?mw7DYC!YXtcr)%0sAUK!TZspU{uj_Z`NDFT-yKeRj&NOw9Gyv3!
zN+-uMG|CIgT;qV{AYhc2nFsC=_+pbzq$oS_9#czn4)miwpkTiqy;oE1xrK&f=j7)G
zrvlpTbd{L3z3!O=-J6uXJ8V-WTON`q=2&yZ-~C4vK`qcL94_a@+}Je30vIw_bTnL~
zCgpJN8!?@0`^p0}Ef%pcSPK&VsQ*nvNk~cO@9wT^ixLuEXGt>Aq2~Vm4~1I+>(7ww
zXjbM^1{Z^c#j+(7g4*ncVw08zdhRyKjWNSUJRTx8=1XHwgCH&1xMEesv7H4vunTjW
zaO0w`u6veAy}@)bB(KGVRm3&zMJ3D(+Oc!?woJn1n{hiM<4ZJ39-h4xf6@>p)lxSf
z*v1n8vIUuZ*4Ck*c^cFS_TAe>XG}!P98Ui}2X193D`a{7#@<UZKmUk@p`f=tbHKd)
zaY^b07;Vj*Z6}!~>u5+4!yVdy>u|ZhH(IdPPatweYL6Ov7k>w`auq~Gn)To_qd=_-
zd8&2rDXFP){?{ixZGM*rpCED9yTn*`r`T8rGn#L*;R8uh(yi`5#Ovx_R8!L4rtK!w
zx+X@g(aIbH86k#T;Q7}<tniXdN<j2-`cKf)%PGL#MzhTqmuOZ0=?d``4d{7R?C@6S
z`lY|JUP>~`PmkTBCxYQ2zZxMJv=gG|mkOg&A>U?dnMSQn@Pjx@OM)4ITnr!-Ssg7f
zCXv3sJEEh7(@JJ{jC+h3b)E}?)`KB-^`PlfOB59yjUeuS<<g>@%-+I>{Tww{=Q((V
z>u|tcc?Rc&7NIxq-ciud(|1FHP#zvQ(*=M}3ATU57cJjqudEDi>u^)(y&UCnsUxYW
z=}pj=_=NZlS+?@`ql9bg7NBjqGRR3w1O)gLz$T1LO!`@(1G7*=L!Ovle!eVo$4dm4
z%Lsv0gNBoKyb+48G(>2YJ39J-&?&{|^op#u4AI$R-D8kbSxK_;x!o4n1`1h{GdE8<
zd?X?aBUgy|cApJ>KYx#tA2p@zos!bt*NZF{76u6d@>7PutD}yEfB%|1lE2ZR1~WZD
zd!pWd|87*hq23Kvn<JT8a5Ve3Ui##u%WG``Q^V4Z0Qf{@@neD^@zZr9dA}L-CH1F0
zp|IDk?m=Tz9q*n1zr1+z`#j0F)VRS*U^C=4%Ef$AQuXl+m;2)`2Q$RSdmGQ1kl<UV
z=1wZHKV?U$4a!<<Tfq1aD}|OuXtp6!(U%#03SKCmT%a0OA%~f%b2KfOcz|!nyxttH
zt%X_4gn^aS*wV&k;}VSdw16#=z0?9Vm<AQ{-;ZDNzs_U|2E+beXCf}n37eJ&LM#ue
z?BsmItmC7B<}YQeKfJvqfn4kTD3iQghtKJT@8L7`I{(&>7$2&kVDjPTo9poS04gBp
zuOfUdu@ueP%%?Jh{HYyQ_#hV5`URO|-$~8h?CC$XO?Pbp>%x_fDk`DjB`<*lXl%9e
z7pL`!b=!3R_p>$YhDwvqpFKTaSR^|i04M)lGKU$~-b{7g!DBHF;&|y3FJZ{(<#lNb
zDA)>cuAsjlOMd>M4<;=n#B+1);0`{$0$kqA+SV(+=2bq|Mt%{dOwho{ql7C7d~l|c
z=-oy@xuS}-OA{9jjDmR`@?W*!O-yWwS)-nd4FL>SG<ke9!7#S%9yL9-<Tq54U7ZGx
z!-%a=uiYDs0BLCoAa`<rtvock304P)P<(}QDCqhMTmSpf^V-3oEsgLbxW{sNe0{KL
zd{Ty>nYB71;#D;W#8}s>G|l{)oLqS;L60a^CtS`m8%JY^OGucsmy$w)4RRko2{_G>
z3|n)*Z3D4UcjI(rwbfE!9r-Tr!_h$EICM)R<KNFp-NVhIe+ef?%lcqJbBw;>S3juu
z*erRZn6LToyX$&Ggz+o9=g*fmcOth0oM{$I@R8NiriynhxJW>PA^IZVqRg!Nq$^}l
z+WM9lsvv^!N%o$SU$k|`4`L<azJ3X9h^5B8Jf=HOizt5aRo@^7Q(?ef>Xoum=k|Ov
z?kJbuVq1V!a7YM8|L@-k?IAP~hIG)U_CzTI=t{FHD-UT&NmJiJB0fj7^P89$i@3s<
z2~$}l#3zOfv;}N|EIf4>jNc0p!f5~2Vmg5#DNCZ>i(^47z;M^~Q|~bg15yzi+j4`y
zQ10TF4Gv{pL3<bpP}AViJ#V+>{AQYi3SWuXh#*}wX;I~%S5OTedRR3yJY3T62M}BX
zY7grNI`Qj{@Zw^-@hmYvc2VfVTsmO0q^1a;kQ8Amr-ihyrDg8v6V(N0o<u<0)%TZF
z1QRp9vjU<`T(1~dZvRNPcQDV4KXfkeE{N>*l@cj(2wahB`VkxB$3s4x=vBv8sPBka
z+rQ8L97HMrLHzYlGLBmq$K2_02Oz7B-Mlux`+3W~@sR_9merC(AsE;1_mcMgl*?~`
z;H~K;OILRn!aNF=Y<PtUm(zoP3P=k&`2D-ykXoSR__)ffjUteuk2fhP=~r)04<#qi
zVn6?{5BT%c1C@_~EIFqvLDv-^zLgb+09Flo11c=s5O8c6GBi4f)qg%&WWgIKnjzra
z3r_a$R{6Y1izcW<)5W&d!8Pb|DQc^6w+uhsXudX%;`#b@9j_G5yd)Y^emJ%3(mOUF
zpjufAA2v4+NN1c&e}D7uMd1-uRfgrUJy=u^73&8m?YKcxI4P%EY|4sqNaUho7OoFa
zQ6Md?{4>s3;b6|~y18etHwjaCZA}l61RVR=$jAs2FYj4Pem;H4nIukV`+x86OQ7Ii
z13~Gxv@#$45raDK{3(9^_&B`t=SnABJ;tXKjAi2yPQnxLBA=lj1K$H&k(!RL37FY!
zR8%DW-VgLWhR-&OM;=l&F?<chi~RfN%WtO^KTIl&KWO+@RJ)+UG*~-h%ZHg40`VR=
zQV#X_oz~p6%(NetJ+?|Z9LzO;OpfWR()<Do7}^sUPzAl?3{SsFg*;zbUEPn4ih8A>
z9!!H6^K>0YqM@U&0xd}!78aH*XiYvtmgW<gI47sN^LAmoj;5wiPsxX+Ey4TN$W@Dd
zLPBL0E1iapX8$dXd7@XS1V6b4-ct%oN@?OI60vnI?$PPxZH}z_?X_F=9ZfC%`VDjA
z;dYrF{CwzYpu+e?A@(Ea9u^PTx*X^_YtkQp*reqdR>isho#mG=G+S$mdjg!2@7>>K
z(6Y0eF0HJ*zv&2pq9k|s^bAy>Na36ZgP&N+9B3V?fv6qj=6shJ6VmwiughW^<r6jl
zQzX;PiqdC9wvdFh6#eyE6cC*WgiT-k4rKI6K<9*1E15ezk&xgr(FspJ^(P*W+~|PM
z_2tVaJXEV&**klCNz1?#F6GaEb9;2f<&-H1_YGPnFiam10A{~kAh4fHS0Vgn!S`|r
zZZV7qyt>`=4A;Ku1zcBia6&B>2qXH2y8i}Bu%8OiL(k_YMt<i|UR8Bp=Jo4|4-Cp*
zyJ5HRpzZzdxFbR&U%yVc29xk?N)b<EJfK;D3j#3TJQ2|GA45^y*-d>3U7*M`fbxB%
zs#JRN4@gN;c%4lfH`%Ghjc<|gJQC95Kd`8&Rhcy4I3Fx>1hDfY?$#eti%El$EkBgf
zp%<bIS_ks1EC>Xc55Q{C?u>c|E)5gP_mm=*3m-A{*OwrGvj*_I_?b})^De?`;uh_W
z-^2aw9v7GP;NHz&hpy4k_seG!!nBQ}(zCJz&Fvzlt|kO!q@|xff)N7~XkPqu8scL<
z0Fh18)9H_RKQuJ-TpaqaH&$-+Qx?*%qTUCmr9}a-|Jvpns&!0((ND{vG6P8I0$lvz
z7@VWf4VmaKx1t-apN=8#W`9hrVp~{f$H0wqMxvwR`a^GcFSfRpmJ5`pFdK?P5efXx
zS8lSH0t3H|+xZLJ_<^q?AupHaPa$U1{QS6rYWW1;J@7tx>imYMHLXrj$x7(_-UUj>
zvEyuU{rHyqkYR11nwu`u@~Q2fNgXQ4wbSgQQHY_qJ^<>wi>9U~9fd1IDI9otFi@jm
ze!B<-kOa(m)yqwqFPZ>0L-=oc_P537N@K88IwOC!?n8As+mD7uskSs`@w`HnoVGwb
z68-%Ya7mN&x#AC6av$fVncz#i0Hz>ou>o!u3Ek!X$b!J-i~83u@g3ac<Q0ts+XDj;
z{>SjG;TTf45|3*E;za0DdwF_IMn9oX&_l;m<j)umFBzt@jP#Z8#~y3WojIMB!UrmY
z?d=E~FXF?gJd|l_@u>K{cH=lOn8R^7qM^_$YgfM*4gK;(yCOLmRt?~g3I0_m_-uSn
zeJ74iO?`d9{Ynq|rdp=(JtPQl)fTPq8J^bL<aTxn$4Xew36|B?L(5Ojf7y=Yx5eDw
zkt&Y=AzmXjqz$JjNSnizcJY7bxNK#mRq^jjToosnOvQq<SZOe<0Mg@6+0^>1M2iEP
zht%TTKZ{?SQShQN6W(-a=g)j6MvkJ2E<1Dg-^^2pl8iC`Glmi>pC<)$*E~^CPt5Cq
zDF4Zt!dy7^%y(!}xQOj2039FX^Qr+&ME<ZpE1-ah8GQ(!9Y=#2i~_(OYObM@l9CTD
zF0KL*o1uI7|Ix<41Ko+70*WTJ_>|Axj?;-RCPhRHMRrv7O!Low)xvkj3XOe>tBUN7
z0m_k4vNOZ!>sk1?_+6lBwJSHnRx~iEI0Vij=<0PedEDDsB4(?;6H)5VJ)PzFOp<xy
z-z+RUC;fa&OW`5!uU-_>Y|-h18!jn^^LPJX*K!Af3Lh_lH`)RyamF4VVW*`!uO3aw
zZ2SBB*D`>us~8yhFh8it;~;i0f!-If10NeZ7Ho={cS}r8e#C?Th0>Lt88z|TJhY_t
z;e6RSMjV5>tJCFi=MQsbQmIRAI&;v$f$aH2LSji}^VtC=km#d+j+pY!-<c0V>3_H<
zr?VMZW7!tI87B9?y&(kMp7c*R1aDvUA}TQm#OLo{(NVex%D5WHTIpx>3wFcMQJ@Ta
zD{3nD%Lf6RP@MM<qF^lIy3!4;0v8#`PcJOs?+0>Bn$jm}DvftxX=xgeeyobSZ47Dr
zUupmOSvMFh#gh=~aJZ=fjd4mS;`!Ct2ZRX!`?TG9!ol+dI{ov?+5|jbaFyLdAA2?u
znP|H-QNIc2?5&+@`ZH!H&v(a~RRvx0)gZ+Ai^Jm(B^p3CDdK7-x`0x&!;*V<N-LBY
zl*5L-B?##4idS76|J4ngoS%!W?e3CmS0>^kN*#T8x+RW=XJ>E!e~9fWTXewdS6Et|
zo_1(f$;)#=FdWvEmq%TFP59mNFgEzk|3gJsahcUmC(h%e_Nwj45_0H8DRX+#HQ)j(
zmzTGA-jV$C*zSb+<62nQO}2?OoiyCSK^#Rqf<b8lP!U7EJl33$n5fh3)MgHZ`}(R?
z>v5csi8ko29<KnwT2+<=bu3uf>nT>KntlNktqX5DL(#U+`MIQUWZC{JpN9W0jGL*p
z>iPhkP!d^CQ=6%Ge_J1o;9!-OMRij(dW=vY;2mRQb5vC&*$JzJ1m$npWq5h8U5X1K
zA$_O_DK;1uJNUo^Q$pvsAGSU5ags-F3%G_)a$U8@crO?LP6Uwo`|k%$t)ottul5~t
z@qY0YeGkMKRHCT3T-AordYQp<#>O+hsG(Gah5bq#(LDctIHtRvZm7ndZjLSz{#Qug
zC55qY5jB|}9v%ez0|Lw{L5;Bp3~ZBK0~Y(T^5~v){$=RtCb~5ixMcYJF4~Qa(s%a3
z_jt@n^Q1_mp=0W+w-P~<Ov?fTmC*SXG;oYDwDmT3TjM#*z&n3D#|0GwwhjSNG2ERe
zT4Df(^~xm1yr&I{4Y9lIqaK@YA_PUV<c}cV_1zxnh@k=P=A|<P0wxH<sXUwUpzwwG
zrh+;lE%_t>#qlTv`;#(KQtTwWkCxOWw++s$rl+e+TFHJ1D%DPh0Rg>!qZ<=Uy`T|^
z8Zy?J_J9MG6)UyzS{ZKjd+M|!3~H|`?g)<Wg!2E@<&+xgg!Nd`?ro^fu<8dXBy)re
zh!f3#zWiyY#9Ghi>hrz7zG&hnZts_@-h_35@Su+H;NZ?mPyia@mq2^55%hFcQA4Y$
zIG-YZLApD_LT+xZ9OUR?06*pJ+vQ_SXovPag@7#<U_5>^6zGM4xjY!D!KWrKA$-4)
z(a(9h2)9YZY_S$)6xzH$n1-O}k(1CX$aQ!OlX)8%(WM8tVL_mP{Qe7au0{1sejknS
zadqtRInX?3HvE36x7oGYR|WQMyLnov31^OENI)O%x3=uC`S|KpKB&LKfg);RKY{a5
z$#UaHZbo+Y14+;%<-ySiu%J5uQw^vL%wEh_T;4+@fUkJ+R@k?weeH`>k?nf*DOwK9
z;J1LAZ%xE&W4HC~VjC^czPs-&WbW=FH8vi3yzhjQk?C&nQxL2CR*ag5fKp}o7zkL|
z?o<Ci9?~5B!{yMa$-K688=IA>kxW5*r<l1iR)}Oc*vU#I=DW7Cy?xyvMJ$7ZsHyOD
z4@fW3Gccr%W=mXFS5-Bz0(t-*G8!CGt*C`xNi}sJ8Zi+BS0(O8grE?$bmKdFv0wdr
zqGse2r(R1Z_zGV_0&>TcjUXv+|MoUAX1+<scmItB6z840$MMnx!%jm|Tm)(%8JT7J
zPk}FB;nm@Fsc`T)_X|`%clV{k<&Mjg`g7ol(iIl=9<I2PFPcofxw+{uYx5V%FDsj?
zipP<{35CSby925AFi1L+03n?6Abi6|)8GG&I(2)yiifM?s?p8D&dIc>4HaPR<HPa1
zD=09URb-1tAG*5s1JfArE^s;w;MLKhZAAy`^x&3(3nml^IajsWv;G+>_g}&+VfTF{
zu}d*VWT39Wz28u6bhyQ$#@df2A2b=P1b)Yf#6;Ke5iC%^Ankgm-T!`r%Yqo2qP;l|
zXQy!_Q=|wP5iw&Q#4DM$as<(!LUXhJD@(qAfQv5or}JXg9N4@Pmj@EJtvE@fX#)eV
zNQgdyms`^3>PR?x(M%Qd{?8O*ondZU=wf3CVAi7kjF;#*$?+>dUZ*67r}xDy12Cuk
z(-rbmKzUVFxx6Rxh0Bw`4G(^+6@?5~KVQ4^L8KD-m>Ucafd&C+0R$n2MMCx`%z`Au
zdwUuw=|;juaX4LLW1KS}8%?fNO$Bf#kf&oR8#40~I2_~SHM^rod5DVg^WCpfGcdj<
zv2X<}OK*XTecX2|UXoXo=yOl~vuS+Klj~wbdhn%BSDMA?Xteh+sRMRF=^PjmfR7G9
z8ffhHV6u$L>zZi?4y|dGQ$H09imz-k6UiJ?4kwu+GJx-L*VC;y6`iv#C|Z3Ye{LcG
zkG+2Tv=h&Bce?zWDI)`b{O0sPfD?h7m!JQI7#G)77Q}n8gDO>{&pLN@(Mv>0DI0J#
zHZw@KGXTI+cfef)9Gyb0V_yuko{SDqv;gP{wmRrFF3AA>!#i=0XKt!0h<N@GNJ#5<
zyq!%2B<d&5-NU1L9}wM?{3<l3+Gn841&2}lh!!xC`e3qn4x$XH=sG|r#fJ754xpwE
zO0b(`0Hmpj+u7Tb-96klJH9ujcmQz_bA&A4T7CHz?`feCh2^Z*{_boEqk}HUln|Q#
zJMION9DfhF%BP>!c;;v2oLgk8uaxsFzk7L68#fR?E@ebxJ~zGdYAOW^P(>*zsfGUt
zx@1MPU>Y*qYc_Qp**py$o#DvnXb-anm*sqrr=qFCn79FKp&&QV;+?~13BPmuJtzZS
zeK#o<!TRRv8x0)LZ|zQfsbmFsvB;|KBeG4oDW)Q6s&K`bL{C`QlV#!{Q$%4s31A`f
zor!{!{7N%tsbeiD)Y$dCw5x^1c1C9>10y3N%xnMOd7CLCJ@{te|2sE%C&$N)fRdi~
z0`7^MzkmNuxZ>ghF%$Ijb#HHqqq)W#4&+=PZ$gSFc+cnOVBw>RaUCjXdRP1?09y|3
zEzlu;|D%TZxu^7fQT_`F>XGld%SPG+=f>(fIzYi;Sfph5=gGq1?BF097Opk=^5x4O
z6eOff=fyU$zvnby97Ol)FVI!ECo-zu01?g>ugy@33k3RtojLet9vy2kyPW;&*H#>{
zOZc17fiG^a2qA0M*6oX32+1Jeib|`=(dY>Q-jGb?4JPBhUxtUlvXBuqI>JHAy^)>{
zh?zXoU~JG1_O-QD8B_&56PJ~hjr{32>&YN0ddCag1HpEf|2>LCTwqFE1?Yo`o}M0h
z0!Q=Y>dq3t_F^}&-z&fsUD-oOAi@369TA}f6K(P*1%PJR!I;#?=kDPcp-1ixY<UD0
zmW}beDXxl0?!Y?;<c`mi^~d$q(qW?;QkvdtMgZXjD-A-FFD_oZWJiXafjI%cu<*aY
z!LMxDh~l&W3*pN>!OS!QN2uezGf?JSfDGkq$Tz@uD3q5~c@2ZpdR<$ctZ<a`?$Rna
ziwXeouYPP>-Dm_Go2Q~*Rc3zxy7vF6?MlO`+`slCqQX`bg;F79NTp4tt&W)_VVmt#
z=6Tv?k5VeLO_4Do8Fw;emNDf}giJ{?h0r#S|Fxa>T<_QS!}~v9`f#r6w;#{5erveb
zz3!!w(-^K_J6sQ>{wuLKzqi%-;^zDCl9wQV@U!a7KRPthbHDKpmGl8TG5G=NY`ur9
zu!x9gwdeegT<F6;t`$J3mv@KHtPssBEF2mc87V|05^?{8X%IO`xQLx!8T-4*^q3YK
zCo@Dfun{KU9i6irl!A2X(ad<;m1<W@B*UaSM~byE3?2;$;Mu#^SA-wPs_prNhtN5^
zencXC3X3jG2GYDxn#Z0c`}6VDI*+OW|4BMf>jtOg0<0nwgmlq?I>EAd;SBW^Q3=P#
z<Ap&0Y~t<Px3oZR3!@2u`1sa-a35fLkx5aX!J)i0<9X+O<lz0Z4d2j2ETbFo#9fGO
zW}pzSprA;Dv~O&FJldNb9$G1be7C%HlJK!?dSVZI^y6nac&NzkqvYl8-O()#CXSBN
zMn!w}rpVDE3V;(W{T`eG<-tx@5{cAGZ^T4>Ao-mKx~QtEItEE%71g#B_4VJ<A<4TL
z>aVIZf*iudr9Y1ZW885(l0L+;@$HFz4ygnQ+S7S-ht`uzZ3@k4RD^k$g$VS!Pb_Wv
zxJ?dnp*Gqt=QgU#)u;^njtnZpKAtlhmKB`h<KxyZw9s%16uA$#=P|Vtv;Xfp*jt11
z+uG<&rMev?GU{p2=BZQE3DQ5k=BAIEpwAgeS(m6*R7~A|bii0TB_d9eZC`LO0<C^W
z%0-9XOVH4bTADEm>&a|t9L^3w8IhZ9Fpf*oF+C9d?(*wcjwMmkP)9<|E(CBX#>B+L
zHW}ZQxinx_Qg89jG|D|Ir9Oy4VAd7UIrzMCssly>*7eA@D1aL@d{&INGB$6{&Ytqc
zdHzs9YWpMiCpYO#cZH}akk5Ghgb*{(ohN@yiGB^kg$DW8Kctk*NvVVf*ZI@Z8q2xR
zUA3@IJb&kXWCXlvhNovuIQ3>3;is*XcCK$>A-cUa2eKEiW&7(q1F~`TT2t~Nq3`CF
z4^I-6t<#)~t$Q#ZUMTCWmJ3QFEnABrnIG_gEo>@<(;+f7&a_?z2F7Id@Zft11?S&@
zlv)tvJr_g6Yzw@<omW%a@40blnu!^}Ge!h1!+Xf2pZ8SxEc-r~$_kVMGjQF3PU3+l
zo>2+)E-zpz%OFM(4Sj>L-omd^C@yXFJ=^hL&F>8gFLSVF|5=n<Uwjd6HXqM$qr~<`
zOiDx{9<L)Bb^%)K?*`EZy0YnAyD5LSe#-Ee?GsKBcnp3ylN@2x91+;~ZSgQP<kn$i
zupbl>BWqkt0N=>lL!B_T>c;TkxV^{QjxGc1$O5S?{i?rF;d%b7x94?p&BsBFBCCm9
z0H`8!$@;jP3s!>9R}OOq(*^~-bzKtvog&T9{&&J~kqgT2A|^(I+;(^KG?cfGImj`x
zHeBzdU!5q(D9q3Q!~=N7Bajs><qXeIfBM+YPcMD>^5p_-r5U7Fc>rw`z}!?mx8$x6
z#gNE@8o?Os#b>aA(4VL4jC4@r6lM=J2t%I;Wi_8EC;+f_zrTY6Jd4_B@+*yJ=q?TI
zPQ%<v3u<Q?4_XVEnt}g-Az!+>2q+L*uc)gFmHm@snC%!qi1XIQY6Ucwa3@7Xl4uc-
zVYxkZZ}*-{?!i(g<-drUu6rZ3DSqpJ8LRCZx_#?<Tx@fv4}Esd2ue?HOnC9xDz4b(
z5R<S-j_j5$7fOw*W4|#1yu9fGu}w!hIyxjl<Xf2x5@#mQqYpr{$7u(GQG9mMx}zO{
z@XVU+t#vFy9mCJ1#w`(fL6(*_h5FRblM{Vp9)Q7q;QW8C`cV<rtGv9A)K#_G7j<+S
z4LLYqn%tSf@(w``Tv1iHqQiQZEQXHF7=8UUIh-89@(&=v0Y-mK%%WB0pBhwz`%F6+
zU5MLAQ`i(3z3*)sn{2)7*N-1Na17&WZ!at^R)5ES2Hf+zZViJY1k<X&rq`Dzr0ov3
z&nDcmdUU?8ZzU;yAB@B$hx^XwK;Z5HdU*ZESm-hv81&|%(E^%l)D`cUwJ?`{&x(Ji
zjuh$MSfxaR>%+Xt&i1DdfZ1^F!9oU~p4@k{DL=OgaIZb~cve>fM+ot3ryb@yA;R34
zEIY-&vH}c$z*pv=ps?w={UPQ|J1Z-zvC7;PC}AZ2d5>)D>`E#s@6ACTl}Aep{d^Mf
zWaA9hh>zdH%w#t`TI@X-^Moemlm{hR?gn8W<&P7rn}dGtaWN5Q<hX!9EH!%1!TQ>F
zR4EW>yYJv3Mf;SLls@mk<_nW-v`CqOfz#ld-PbHE-dik(9j6Ou+_mzRCQA2u0FW1{
z@zTba+Xb-uE)=xx&CC|xs{B4#S9dexMc}6#y)2UmXkE&MhlIFl>*;NGeP;w@$SPHZ
zT4Cn}feDBS3%9}$Y}E(oD!2kPcRyvYI_%M$Q!Y@!<(tB6r}<0N2G^FAm23n7WWOs)
zHa!7kp}*?tCZv5m16xx-Rib9Q)PsCQw;K&P){NTH1Y2MvpGC#T#{IY$COOhl&^G-m
zQ7o-FywLLU{wH?Q7t2dyWjg7v-j4miu5q41I&OO5#38M4{K?a4X{q#{BPY|2Pwrwo
zcVc&0zPqWFj%Dd`n~N+<?Ckg`XVADr<@z5&J0;gRi_K@b#2<D=lYzU*Hu8{}3x6AZ
zzXzF6xI{zqX|gp*T4Ec%`$yn5%wJH=&d=`fDYUR2+*mC)F|u8%B+i=trit=j;q0Ca
zWH1`Kwe>!LX4$W&y`{ZX=Y9=p>kEKrMM}!hFxU;tV-~~-vy1L>=9dbO*(RXG*vCt`
z+q~(rDOSJXeS-vTZk@;^`=v^hIMp-Ie16U$z}K<1Q*(--99B+<_QwzYozQmyt-b|A
z@I$a7(qk4TY{PT=p!KJfY08aANm9=)fl4G%v}VIaF$L!*$e;D5(wH$Yu-Lr!0v3BQ
zPL}Lf-pm%cr76pw(<PYGl^sh<i*;SJDJw6Nv`&mkh)R9rJc7m)qBVRiHpP7c8u2m2
z`5%oF(A64n>w7?hklsSm@8{^KuE%iQgE&9}Heq;9dTVglNgtLvPPTFotj5w5IXAYq
z<RjK|)Jq*W#cg6t7nXZQzJ0q^an0Vnn5dvQdDYu{$}$4CX4MGsQf_`}sd}`C5s2OQ
z*!ClDZBf_(LP*cZ$n&2_eVEOkm7A_GeC3LoaRpvPM8u-qR^s=}#z^?{nvKS+dFNBI
zCXAb#MkDo&jTz=}xz0Rz@L=i@u+rFRb|G>XK;<$X2+U-F4i=n48h=<>TYqkgJ6t8}
zoMzY9XwhCTTfRC|+IP+}9Jh}}Z*!1=X<-KKU!H<gkOiNsA7%bW2APQ2vmaSGLTw4C
ztElMrKp|{Ia$DW-s>1qL;<i_AOHLCD$BV7y{P*GUYQeZf?8lgO>o?lk#h-=<Wy-Sy
z+P{DN=(qs5W!38H>J+G*8C$L#M*{eM)6fLed~9yc?64@zI}8r)EA&xPHPEoIV54ed
zgNGRFrZh$GbVov=K#Am#-0qwY7TR?k8G_~O3I&d26YZ3{w9LKNwRJOQqM`&ZIj1ca
z0@X4$BR$=21|GKR1TTW190JFYIZZwR0hFDKYdxx>!l#N45Q7Y0yk^V{ST7ZcPgYFz
z6!V>ag~bh&6T9j`|MrN>3`jBv)(zEQamL2R@xV^nw03a#ed-4-(nr6G4)MPm5P&57
zZDF)DUD(d9cEisksaw?eRbyx7l#+QyFQxB336?_|X}=hIc?ydaS0f4Ib56A;332F+
zAA75ZQo`UJsT*;K*ld>fK$9~6AT+`VuW!CHpxUt$s!4s{4~$Jr+<(4@l^Y=(jx(TZ
z^nx!*l6dt*b@hj<s^@)@tvMZr@V9hg@SBsGHm}x)yMvV(m^-!`8m!_XB0BSDoG!(b
zSw@^}iqO-#7S7kw)m3~3(4k4lUwNS9tN3iq0eO<(Q_#tJU=e`?EWOOnZ(Hk77uBdl
zp%i#NE9c|?<@D~F&5~mabLU+9MDfJcH{UikXZcmDVH-on{K)L8$JZHRo)1OikpHUr
zl;v3m2Tn<^H@>GdpN6mzPJ32W8qXg%ASk(BPxBB!$<fXAWk;%pbz$dOCS*ke{7V2K
z70S;gu(g%fuV3@&>GfEsN+rjm+4~8Eqz~`U`6Qd=v$JpU;plOc&^mF)Zge+;v<QwH
z^DzAPK$argsiLNb2?<7>(zBJ(aY;!>HGPrG{Y~1hk?#_55{{-@ARvEsZDpkr6cW3d
zvvaZ+zO_DEV<8YUFwDB849Cv-q-pEw>8Oy(iBm7Pw?=rVdV2=BZRq+C{>k4jMHty9
za$o~Rdu3HsNM~nfDX<ok#(8NkOV{q*gKQ|l!l$sZvNA3ZBaF8zHk={FB*&zKSsfbi
zW7Sc{exJ--Ou2F;zQR2R?!Skj@1<$t(Y_LmC^mtTCS}-S#>vaeTbgvq`IgW;4Kl;9
z9DvmNf%D4vje^?uGh;2S&qn2x8`bCGjJYN*m#Mz4X)ifvx!*MB>m&$%86vaQLPlCz
zpfW5&xvFJoXqZ+}Aw3KyF@eQ9@pyT8b-_e>BOM(bHy|#UhxMsd&d%{-{*`L}3&kfk
zT!|GX*7Ng*tOvhv@|aW*?e(jDy*7Y?$NGp0G^c<GI^FyF_3Q1dtSnm@8JYj}L!se#
zb@dQ1@=9BNenVJQk29*kFIAxARQZSOF;AX|Fk>*)cHlQ^9WMtU0nto6xXSXPBDdm*
zi1xkzx}XWG2b%GGM$QFrPWsa^iwysTsBZ}}2BZA^B$N-xKx<grZeOS}hE4LX`KO*h
zYFDXG^ak3-+$#U$gbY;$&z$~bbocI>??-mYY2T0uA9D`TUsZYpU62CELu1F2ea`k+
z6pAqJ+gE;z`aphv!2{9w`uYmmi}$a$%YmAes*R1+bz_|vb~=WfwA|Kdua`EcwapC|
zyWFRn!z^oKIb=Rn5Go<}!(`=4S_aJY*cVzviXEH)6KuDv*1Ub|7S6@PgB+Vqk(AuG
zNa=iMQqh`h5iB&`Zabf@sy0|@fO#lS;ufu(t9u6Ircr9rHegPV96bmQnx2t~si@bk
z#9Tgz=}b)eTDer?S$*_5znI0ujw50E{N?Mb_U`<yb#hI<T7m}Y3pn3CD1Dh*T3S+`
z$*>^b73lULakX7tx<`&2c??1i{R0C7@qCjDpI_{oU(~fw3+|;PW?vN53=z0`-O#rZ
zE{`yK$jE3cp{=0TZZ_hm^pb7iG7XX#g3usr8Y#HV8z|&VF>qteRm*j?Upz50Gd#ln
z(g=&SXs;l1PE9S=<lrX*tvlT|`>?7Vfh;&ru@fiE2C0>wMlu6(ZV&ujr=}oVas|-9
zS6^SB6cVCd$Y=gC{d7Z*US`BGtj{+;E#I+F_TBWq=9XsiGLJzVm+^v2$^xH8su^8w
zLl6>tZYwbWjbl?{V@oR`^&Ta;y?Ap&-J<pS^u68L<Qy@dZ{!ZA^%CM)LVlN+#jEnP
zzeqoahqYh=FnOY(p<(k>J1r6yfY1bpH*|Iuo);B$9GN25RJTK5=b!wZZ$kZAtBKr&
z<Ac#@({`KK<Cm2^W^7~^QP0sQdex^zL`)Wcgov6-`0yaL-0+r*u7J`4jE+1L;_><!
zC8!FMG@bXp-vphwtgO^`(_Y)x{p|Bt*+sh_I##C6<_}GVf>6bviiU;>r9~hmJpsPf
z%?n^SeWx8AXN`b)@)>MF`c8p9H>ScQ#j!W7bQi7ejq5kjrOFidt%kjdbabaFh0>ZG
z#c+QKgdtw2FKvTZcueiVmM?R`<+{vOYE~cg?-jM-Yrz}m&Z$NhiAfpmqzch|gVpZp
z;Dv*|C>n$1&hn&%xq21?RkbWzBSG9e4j$=K(Ej7dC(OUMwCjBo%ByK8%&rWVob|<v
zL&pxLzag<|myW{d&;x(}4}GPYq&wj5?%usS30}-l8V;MidXxdNa;1JUWmYz}Wyk&!
z`%PLFnd?HT{Hv=}rvu4R%dpeo@{E#~N(n<=%2VU5T9D6?(m~xp2R5SQhdzG1TKDNZ
z5<m<@;gb<9VDZloc#|r*TMds~NngHvdM@(uskNEYYr&5nnR}g<=FAjBxiUMgtx3NV
zy(^dcY}cV2-aj%k<M%Q0037p}dWs-Fzj-_C5RfD8T+w^eb`RE8&&Zx>vF@q#8VM3_
zOUTrqj7<{l^Y|tUnvbnZNlW`Qq92|JX-du1Apw{`>LGSe@aox#_rHNG&^R)^zqr^?
z0<Hd*AgSG@tGm2tD9M01T{lD+$M8Jm1A)Dwt4UJWvggllZo+!I{_zA>8YGDKGV(mh
z)!kiJNvSCu5CVG#2L}z3n;@?|#B&IFYYFJKM-N$OsU7Wpih2y`)(=X&S%w-Ph{3M2
zq9)}<epN>gAUCDJe54*tc4iU;&z=njcOv*CJ)x^>?f69<q53+voR?#In{By%>j#Ht
z$r~fh{DYE<ao|WZsc{O{h!~+mP2jzlsi#B&pHAG;(z5x%{rl5IXJ_lE^wyYz4_4NG
zp{)hCYgU$Z^mI;pFWEIJE4(V$x@O6A_}q6JQ&UqN1%(EK@mvPPjUMiV+vVZm;W7v|
zT7c43oKlq#6e{*ybIXH4jz#zF6=K*(ihp(uJ>9EwLh7WSzkc;`v$DQfpYAP8kd>9?
zN~$@Ae2O{%_IJh0+gp5Wbku$i27_KJFw7&Ws`Zy?L$6Oz#{HM0|5iV_ru)}3v0}d#
zRxI}0WT-&0XIc@^0u4MpJ@X5uXpo~%GGIkWYA+;xZMypUUvC4&l#IvYal)$XIl8<`
z;dWK3n*^oMPmPJ(SP85uiRvfo>gty6gLIIDBNlnidlJ49+g=Qc*)jq0k~+l9Kg<4O
zS((X#IH&Km;nWw#RmO~blAJpv3>A{N!+_^SNy$}tATrc=3FCKS`pJ_eDKcIz)R^wX
zehm(c{zIW~xzBxnH%wai8Lj#B&Ye4Ut{xtx2~~{9rvmEV{<wFBXj0~q(GR^)$Aqfg
z=)b?vkc-cOR6ZaIE*AV3bmB7gpTj}msS)JnVfcy&5@7cK{y)+G(z*ZFV;%o%f9a}R
Y5#D8SDVFk@`XW^ouPNmJb@SeT0A(h8J^%m!

diff --git a/docs/sources/terms/images/docker-filesystems-multilayer.png b/docs/sources/terms/images/docker-filesystems-multilayer.png
index 0b3ae19c2c4d3c94bf4ba97f5bbfc3d5180c00ed..a4260004e7636863f5f8dda6cf5027b4053cd219 100644
GIT binary patch
delta 87327
zcmX`Sby!y2^F2&T*Nv2POLuo8DIFpyrP7@T=|(`hLF%TZyFpq?knZko-ox|x{@&~2
z{*!%X&z`+z&6?SMTSy`0uPW1}fn*Y$g!*OZ=wf`Hg={=c6!&0UmAN9nDY}ZW89KAT
z_Qy3}=1Rq2^KZ1w0)*&vgaNpi{7C<_E6w!=e*NN}piv&pXx_VDcU3NYcNR$}zwMLh
z3vJ$Wojyz<+kM(gUlt&MUSN0dS7oixvv&GUdvOqBVK2H{_H9p1Frvi12C86cfAe9s
z_!$DWTVq9s{C%ASknKSx1rgC?PaR<qxZKVBMCWP82+bZEUSBaJn8_?XI@f}6)U6y3
zC(bSW`8(A}k+eTLZD;0L^RvxCCs?8dgNMB2bdK}a4o~}7>V30@w}MpdkB+i$)V}VE
zp#b}f{Gw0oL}J&g9BD_Cz(XFOvAoJnVs~$_bu)5})B5<_mr?)E9owmrfaS@D=Sqa{
z$m`<HWjz{J%VPF%oj&Yg53MH?pjmG)1X$~amLd<kX0qat<jyxgJ=qLXsYfo2$Z4i(
z%HdiV(IW&;VW2nTE*7l+LI|D@X#VvkX(lA`bs3L~keZQ-q%qAcz(&<3Y-)Ofk06o!
zno2zIwMv~^gVLWSVoZXG@tj_N-$i639_rUq!}i!+5}OX8vXCv!q0+K`CW(KfJD5p(
z^eY3BV}mk7qjFAOa!1NJ^Zndsf=j0|!|QCt^3wY2l^Zf;yn`PN=6mf3@hM;|zQD&W
z`<P#lOU_XZamLc&0<GIR{Bqb7<8pS&9%cD%Dk?%rTZ(u}`nFKxs`gE;S)+5z;W}JG
z<q-BX%o0THNt59%sT3au3$tm8G}3vQ8C;*8#7L>ww6?%~B&?W2JVL}g6Y^ENc0L&r
z!ZA@~@<)}yF^M4-NuyhZ$d9V#>C{&b)Pz|r==W)&`H_!^fO&TDc@OV$lHMg_^ov6;
zXFg@J?RxRjVG`)8qeiz`T@nW1QGc}KuE}*wf4)VEOv>y%5G`(_AFtdySJM_+Js+ln
z$Q}nID~AL#y&IqBcyP-WNZ;X2<Mb3F<zF;3FyD0dZhM_q&*@$=Rb=ul_R|G^Ks^O=
z*RBjg==Uzb?fJNnz`99g<(}N>yAf*dd5$rezBR3<Nec9C<1)v5GjDsNM5u@;w~H4l
zaldKYzU7lgR?YHJZaB2~BH_ZB?#nQfQOwgHa*nI7sedkO9Mmht^B=(-h1hi0cHc)5
z@Zq-ZZx_$B-C$U6E8ueNl3|D7jwEq;D_56j-O2-l1jbB8FxCZ@)%7Bj3U9D-bPDfK
zEzs(8T0Nv;P19#pFP4nV+Mmn{okh<-!LL@d@~pd=1wTNu{phtq1(q(}Nj7JV?x4UK
zU%8ba4@i%5lN=Mtbf{D^HQ7uDF$CMS+G6Niy9DdV3^7TR=!HM7@fkOtT;gWsxh$D)
zXPp6F7U)AeKBi(8>y*Rs{p|B^a_9};4RU(UAI!R7ge(S69(HPJ1~wPGX%;cLh!zm(
zhNE5^QswfD==^|<U{ZhsOZAhzqUNXDcsLKbG{!^gVqnZ6mA4g=ER8h!G`)C<ZlGZ;
z!e<@h4-Kf^|Derv^Fz+dJkH(+Ui{*>jOlrR+k=bm%{+pb%WY^e_Z6Q{_|7uG{UAs^
z@+lA*S^P%sIr#Ap=GT402nQ?raUmd8{g>tt%izv8<AQuA^W;CUju9OY3R1J{p+9E|
z;Gd!IWuCR9kvFFPrs;5B08u|xy*HX9?1A0WaG=868#WQeoBphx1Di2^iw|D^LPdc$
zKDV9+I&En?@a=%!xoY2Or(F&k(LdpeEGL1gZ8EacS$13Ut9{Y9Ce=xY=N+|3_<4>f
zLQgeBee3Du<z0ag^9x(|cQPC*ygiE3nVPc4R=Py3Hm(P}q;f5BKbY8%bUZx5$Az{=
zsUR`BpETpnHce)^N>ot%DUhp?a3}yt)YO6$n7$^a-S$1|omh&|E8K>;Xp{N&s9D7i
zVI=d)Hyy52<H)O4ge*+tHikU<(~yh3{GEuI-0dX)ex#-J$eQBGE@X^tby1yOs&w*a
z(b%;1@PAoFuQ%Q2xBnP9cu4x~)I}nGb)1q+GeY_%ftL~*7`pU`mh1Lx+VcgNWA*mg
zvQ)*Tpq8<z>2e%S%=3e`Ni*O5QvYE=e5KQ#@O#8)NZ2@4`svQcH0`+m=?*Jzx=dnd
zRBDLzeJ`A;npVcnimPeNGfS^oeDq=0zO2ZW`wRe?e@a%E_ekMix|KQ5X|=rAH?qg8
zLh=<$Z^}2{EN+jAW5kmwH4F#Zw&Ef+g<uv$FSt7e3)z(;>(&R~FT2C!)xyrH7`xV*
zVmi|kwH`wA>R(~jBPESR6gFTMnqT~N&Rrsz*0s|$rs10(>LtlT&7eT`XTOgHdV@GP
zNNoM_B2cuMgPlq*$Z_Sy-g(<#@JF{JG-pyddW)^HgoFy8V-4FQr`rNGYmPOy5#uHM
zRV)TUqV1RqWGA1x(SM51vbN&*EPm0{VxH`&GZnepi{OYpkY#$?dtgiaPcH7qRvy7v
zzw5LY^7C~wy>qLxx~Jdwlp{oAp>57c5h#4^zh#-PGa9p_9@D=GQl!>;d@t`qMLdN1
zs#>YZ_*4$)A0|}`kDR>#O8fwM+5Bzv3#jK;0t22qn0l-k9Xsj=v15%^O%=p6(*AaD
z{CkXN!7X-{dgK`_@?LcGqF0I4WlWDW98IdGWdHK+Olo+Gg1xk9i#sTGc%4IVKi2m~
zEvXog*@cgPAZl^a5Oj0<Aj0n5DBUXHR3aA&I?8@<I4U86edrGmx{-u4z!q?Kc`|nm
zpN$k^U(dJlStz`2ogp{GkmA=h5mhrU1U00Sd;Bb7oDn})hee{|<2RdCg_A9)RTzC*
z)m^aCz;LSo(R9Q`P>KDsE0P5;W4}R}@_Jd;m8|Z(oUnez{}F>+%BY6!yaPeK^6P#D
z<ynaIdiT!qvuZxzn2#2fo%IJ;^jpUj8{A>wV5$<b_uiuqe0m)GF}h&}xlsL@J|A-K
z)c(!ElgY}Qr=iV>Z8gi=vw`NweJ5h9^K|?eYI}t%F{$Deay=O&@F&3G6PE0{?{K17
zvJE}EP+E39E|($Z2Pgh@9CTXtbX%;WUyciU|8|-(Kb@!m(kz}nr_RNt!lt(5|D|F6
zW)Rbqh=S+kvOf!agKpX{?N6ypcKn-;tS^J@?>y{r6_fgDEw<V%6ej&F%@5I5^P6A<
zPw!&S^FpR%9BpW7(aw&SzknXgaEL+EM`*&n<?(!W)Qd&7+puQhbL}zwa?k9uw?zd~
zhwD=U0A7$@oQl{rSR%?rG;yXfNux@*^_>V9!uxuh+s7G)mgjwjbt*mpZ~eDz*RnT3
z`SGLEMop$(u%TAWy3KPeRV7{2P{4V$m|Tf2f7Pii`RMcY7gM23imRJt%}uC1yG!Ka
zw>DGwE3}IKD=1%vfZGPVR8RC_Cx06oCA%PynqB{q=#DFL$(5E}A>82>-?)B0tg%J9
zwUGfXZ!AgGQaBgKDLMm_0U1Orkf2OP6yUN#X$&+`hS>c1yisB1-;-xvy)uZp=P-0n
z-x+U}&h+xzNxTmY^oPFDR1*Mk_yS5hi(e{TVNlvamdT9AlHzCLp&%;xj<zmt5ct6;
zt#6BSlqD>)5uJto*v}TC5qL38u=;Q@Ci}6HuFyDYTBEb>Db)lP4!iZ3E>cRU(&$li
zc*!-=XFk;Cu~5)b4tMq0m#y4xNz@j>nAf=ds5@EYQ2O|G`sY|a-jB71HS#|M<${~n
zbAJsBl=h!sBfFc~rC_y&J2pG(90B+SpZLt>8eGh`@z<x1ge-Ci%lTzE)rHEJ*<r-3
zF3qHAnO`qPd%4=-nkSW~;>*;3#wko*VcfIztgwJCQ6j^k=!(QX-(0Ks7}f5|WAK0v
zQ=|LZ(vrHo?$t$xD)xMR)bBRSumj)J_cZ9i-x75KwcD`EKBLs7nllCsB>_pHiAvjR
zzYlv)ubw-eQr(QXNu`;RLo%1HsWUc^f6L=luFbNxefxbVrm~xAOERl+)A4(;GOAmM
zL+HbnYz&fe|LIai_DmV&L-m-7@CYMOGyFZCUH{XTYR+bYlC9{{*9$EIl_Qc#8UE05
zXDfbxlbS5QE7|G&ymq86*h+xb<>D`Qx-H)*Gh60_DajJE=~DV?uxH|*o$Jl<%^~W&
zA)FVw<ZnM0`)nPk7hqkD%UDLMsgG8|O1xxueB3p&<hT9@jZi3)X3qWl@9{<HT(z#)
z@A~42n!P3V(|K(AL58}quUQ0I1-A7a5bM^$QKF`Gj3S9pjmeg?#(_Zg&2-uXez6nf
zTJbEHx*^+i;x%fN`JkCqsJ`Syc^0nMm4vw|8CD4HeZHM~6g>S6SC&w+f^khohj1HK
zo}LW*@D*-yMj6!egS|YMD5Blv>^{0&T)Erp%&ZKms6;6^ACpx^E@d8Y(Pt=OgEYH3
z6b8paWISCmS0Jbo*uk@(MuPoAMQK1vZ_h*SXA=VvX^Ggmk_!{Qhl#b9=Q(C#mMSUL
zU@)j1N>H2M)Eb8vMelWpj?7kgs^&)S^SeFSRQNL0eN@Hq+9Eg0np*8SO$4%1QB=4*
zwM0f$p9rZaO~=F(4pO`{=f2}0QU?=7<d|>gu^GkKY`(exXtzffmk0|`OvEfyiDkQe
zBe$p(3~Klo+0=|?ie&AQ<^xJ{Nh}R1Wwj;3e}~>Uh9CwLwjfGi2R8a4W1Fa$3K}2`
z?IS17bb4s>IpWIM2`$yV`YMz~Q|HDs-Ypc`(jb#>-<xaIC}Xu*+byDafTkm%of)3!
zUf3vH>Gkjh5D>fj=-+=GHQRv&quhNP_MCP<4ikblfA^)btlgr(^6ZSm6#J~(n5_yI
zi9Hnp7Z7bRyo70f!8;MT6dgD|uUCmqU6?Gdy=0FSS;Q6tYs9+PCXCMEjt0VoB@74{
zT*y)Kh77SS>bj0kCx#*${gYt8oL~+g#^8Q&4+DOmCWVSV@lnNMH&p*oWEy8odTTe(
zm9Rsbu&2^IUl=&x%&kF!V#j+#E~;>_+Z?uViaT5&)g4lE;7xLTSHY2XjG`gWoGUEw
zO(L?OdvDy;z@_Bas_Vd-e10b*E5b}o<n^fHsgZQ`8R5m&`2G;y|Dsu&0#2HLox=by
zgi9Dg)?^JBS}J!<eKmTdZ7_ngdMn3qC8p{;6E9sSBF#+#w-~I=k7eUa>Is6`+~zDa
z2`V2pU(!N5>B2W>(eJt&HOtxvYc@0aId<RP<b&7lg0fs{l(eLRaUeV)eT*45Y1dbw
zZ{tfpBbP)Dli{feTU{^;hoZQI(7b>V$&0vK2HMYgZGj!^mI}X7LBDk|OCp5YyXNi&
zqA?*8X#XT!vU&1tImDQC6^p9cXE4R^3On#hw5LHIf2*$otFI><R01WN&rPt>LtOcl
zODj-VAzWFISJAj}k$$h#&rJ!5M2n=5bz`!aG>MGw=a^4p7fNMsR)Iz@NdQ1gUOn~F
zI5CL|pNbLw)on>tf;P?ot2`dzf7uW_5QQ2}8apo3!|7zE)IU}0<Sqt2n~1|8LwPpl
zNOt~;qN>{~)V3{Tr%xy}Fks~@H$gL3hc&v;zD%60Oj|@?!En0z6XwNs@?>(K{e{0h
zVRbuN-YvWAmjDO>=}0p0@tv%lvQ)K@x{&AnuPPS3Fwu%sT@|&sj^CEQlN8(ki**DO
z1#DO<<aOgcUP;>NKn3Wk{|v@)J(lyjpvUXOMkJ0aTiQA|+}OhyoTxw;jI!+4Wu`cu
zAW=>=pZ%QVKUtDXo5^f%sr-SfS0DyQ8Hex&DYTYM89DNb4%qqHcW|gFYsXdKO$eG2
z!iIF;<$3Yzb7YH$^qTTjZkuqhcO!b}OSL0`U4V!~;eWyzW<h{G!s^%L6mo4n&VF=-
z%YP*rQ1$3w+K+`T(2yZdqs0G47A(n`$|OoaPp}w-C2An6=yaXfIt{NBrc&mvu3o&Q
zS`Ea?y95Yjy>KlotD!VJUoWDw|B-?=5J#7ie4R$CN|-i%Jw~n)6YhR~@?W_nfo*|7
zC5~W%%5kXTzZrp?$mY+q#MQDqJ`;UD8&P?gMHu3W?Q;d2tGZm~naIDm(~D=NjXL9x
zw`0y@>_(f)(B#8)l~NE$^NbjaEG<d+k%bUo>0k3<PfZ}8{<mY}mOam$S061RMDW3b
z*7INQdu^d~GQ88xwd?Tz?SBjP<@0YsHxjY+&KY&jp{qWg{C@Wv92eVUJqzdPRq$gt
zi;c1G`H|_Y5NWM8(d6V;!*$lqwuTKnRz4|lWxl~vl4du>iCn@QPLxLI{%Qww9n=YW
z-gn|3@09KH+wdN=k$j~+|D%(Eh3CQ`YxjTWzZxll5K1wO9Xu(O{h3IUC4g8g&oz~9
zG*kP)tG=TyggyF@*3+3F_Pu<*{jH;kArA<>o|lk|xr7}LnZXTP9*y+RYyl?Xv*ZMX
zlnJbO5vG_|Ch1>0tb~9ZrKP+#t%v+y1$pi8>-^O(%qzr83?yj=c1Xd9IZOwk7R(v7
zFF7L`e%@qKY$X^7YKcq9961o5L?-xw+qM&BKTaItHV+5i0G1eO$KAq}Q9I``*z?X6
z(5_AUT)g7ftgT?epUdCbMC&|?lvDJELXt!k5IRF8*#X;==)e%fS2-|M@%`}#vQ6Xj
zgjXiBHoRZS$m<>;H8M=upHZqFICCBH+}__MypS+|Y&nEbb|+`<uE+MEp(V~H7!Hhg
zt+1w<Umq^FrF?R`n=N|mYqL789;A|m_#i^R0(LSBwWwvf#fO+=nT)c%X?YZ@rkUY^
zb_kI&fJ6c5w6g2568eS{WBf-TZhZdRh;8@QRqi%kUPTiObT2I7Z;|a%o3Ny1o`d1b
zB?wFk0yEDRa>&$Q0oj<yGOUgYF)X7N#J#^NV=Y_A1-8`O75L?kp`JZeSXai&*UWc+
z@54y{DVMI&QpGGO@I%z`>bQ{~+P`QiBrF1C$2*4|TaJ0#csVm!@LHFI=leg#=hGCw
z^13U7A48Dfrv~r-FiC6!3{lBDBO2t#MMf6+WbE-$@7(Q=DBB+eT2v!s?fJ+lu9LEQ
zk<qaY?my>7jA_W)sqzLF;G}d4yksJO`zsLelLhD?uqdkHKatl>=SUGsblw{R`rmAd
zlGd5n=+borCnq5<pIl{@j@u7Pp@wLF=qG%&x%zg1Avqa7fDKT2SqX$^Yfw63cS=`4
z_*BZVOEPzQwoUWj!BC`YOZy>nh2Sk#3iXpaF`64-eFbiv{##T6TZIYChTy7jA-LQ&
z7aS%`%KNXW016}-zyJO7@PGd-N5kD#S&8slTB8yU-hQoPV~h6x*5-X#TaKUG_w%&0
z!X@409L(d#_>}1>+_SL@^#5G-A3Ox6m`UP%$KK(sRIW6=7<h%pgMz8->8a6IXoNv7
zNN^`;=}Gs$eQ-r1V*@5z$)PYQzmq@d#}pra4fhX(|1*u6`q20yQ20~)4wp|B=*l^5
zC5=Uie7E%}VD4&!4i<7<)u56Sm-Ihx5QV>lLvj(yqo%@19dFU$*Vhz<X9EATX!QMy
z)&0^vy~PE_wLC>O&&;PEl3z)88N11&CQ={+;Ah}o{PHQ6?jlSUQxbN^R%6Uk5rO7`
z^9{pGGW4fN?*wmOL39Vq!6N7BDek485;vUVnfu!9SB@O4LL(0gSF-<Ys5%hkFE3u8
zL#WJZd{QxTPx~_jzbr@>L7_wr7?Y-^_~(I});(Yrwp~pN2SF_=lNJvIQjCkp>lO;1
zSV=L9gpd+H!Za;-y&RYYCP?h3DjzwtKI5-s8g<k1b%9|Hh$7o&&5@J%k6d?wbhK5Z
zpb5P~3l`171VI{%i751|uD*GbbDywdilUim#nnS2zlXS#v@CEN_S)3-oq@$B>!e}Z
zNJf6;_?N<Z!rs8<$Vv5B7u&N`D<%^CcYhaDtxA1j2<U-HF@{biB|Z_GlUA&*`1+FL
ztb%+pu{JE*J5^-#(cuTs#=z>A>SL<X&1tRCx+C#kLnxVi9xcQTx*fCp3SI;%_=DQU
zM05&kOf1!11Si(iB;OcMOCCX*pNqrPj66nm1#20Ad4}0|-31cgie=d4Hi9;9CW9w!
zTKPHR)l4JhvH#$Y5(E6o2GNchmU6%}L5UBGT*s<Xq{l-=*meP|P^O<1zm@?)$jUnL
z%KUNgy`B1fSB_FF=bJK&l>z@-m+F3aD)8#P4d(dOF?)e^Gvv0?d>q2oqLMEZ-M0vc
z1#ES{uYc8c;?-~=Ywx8+v~%FyaJG2z&93-(eU#p$=-Aok%?l0?;=Nd5EdZ^nXfRkb
zZ{5Mzb8)=W@^mS+BuAK3BCWnPr2PbAd*8-cC)b4=;V0cS7@)47fAk<LSxw#hayn#e
zHbLax2v6&uZ@TtZW0n;zxfTJpc*p_ih{Dgn2kI=#8I8STs5flO{*Z!mWY3zDCJoJ-
zZ`)+)XED?-mvEgD+=wuX+|*Uq{`8f9$@JfFzhqg-pUfYT^cp`)AQrE!jknWeVqJD;
zT26V<n@ZXVmG>oTN~nCB<0GD^>{3TmBn)a(*$ivCEkSvX!wFba1-i$cN#9`6_1!rd
zZ!)dk#dO{3M0vLr9wQ_nEj?r4T@pq_*!gvFCNNs3YMhw7Tq=__@H)_`dgaZH8kN@Z
z3{C%4$oTw46DRBea&vchGLS`gw5GpC#g2?rSD5KG^jK`x*VSZZkV+$NA@wE^jQLo0
z^qceg9Fq#qR%d|pYXg2_ddUPbe89>4v$`RspNmdca~ncM3+rl$Lct*d$#O;C=Idy{
zr&&rXZ{Ip3uetEZ=>;9S5WaJ^bZu1iNZYD;6BEE_JLlb2&KbIAa28ZFBAh8?gMzkt
zDkklyj(!={n=#Svo|#ovHu5bq`q?AF$nx?CzZq~z0QF@e<q$+BOHbaykdWshR4z?s
zbu|pdngGZ}`;&k8cVYYUp3(Y4%FBB5d@+^4xf`Blm9DO7T;SzSQ7A!Pf&xV!j>dO;
zI=*b8qV#oXG+k{izFw2^CDo3NYA71h;!oQs=&aNJ^-45(i4U$`%Llwlg%XHbh%>C?
z0U(n=4V)5Zd*>*e>brLScKcC?8s--nMav6XPWG`3%r%oM#HTg6|0IWS+}G?BNM=dd
z0hE@jjKV8Y!4?fX^WO}9SiWf9jm7<njH~Nnepx<rlwJK)_*#7z2?Uw?b}?~`3DD_f
zk<;s!5bApUl81zI{07xj4Ffk{19a+z6Vx;?x4oagL|KQUeIHuNJ@PiXwQV>rbin#8
zjqux{HbV!am2}U;lkNMJ?9DyawEuD2a)%TU=wyWPd|WV&(Ht*>An#w*(<lEraV#_I
z!@9(#ny2-by(cN5)jyc-$2z#h!20P4`Sev;*3fHm{9D=+Xnn^=G2&-$WgtXzy|Z^)
z>EI5(Acrcrno|Ak3*u`17h?S18Ck_!$?z#0sGl~zYQw-#z`T=|&~!C)m^i(0VuG8P
z%dWfJpQ<w^(`43+C<*&%oFQBgsOVsx`@^~ksRsh@lX0?Bws(6T)0KEHtMV}{(B#=E
zJ|YgCk1Acp?bOm=%okuX)HFu#b~3C|cn8%js*CvhiFZ8B7B1kVp1dRCosTW*5Jj`N
z4A~p3x2F#sBPWSt(Lh_dc7o^S;QrJ$afDNaAJQ|sFHilFYi*f6=N;jsCS1#@xWNNy
z;8q^=wX62h%{kax!wzJ4K>&}gP9@m2A=nSXP~&{7P1^hrK)0A`fX>;kC3lKLIi!y-
zr#}}eZ7or(aQ{oGVHb`DqCVgMl)GehI+a0<_Wihx+|b>C1wrh7D9Me_kcwjO=;5eP
z<9aixC>OEc2+j`Ed!u<z$Vrexng5q!SjYtQw7)*<Jswo>!_@wCQb$mQ>g5-bc{Je8
zZuaS|!Gr8upoHi?T^lO~V<r;tDI^|kS9jqikI2NNwO1^e{xTU@j&Bu-7S$KP=rY`d
z^F8{f@ypGdj07|88UNynYO|uyEL!jR^trwG;(&^ZS`|VBEvvuOAaR^<AB1^bMqDuU
zM|LH?v7X1C=Wa1=BBiiTXRTA7!n{KCACiA%JxD;uc}#~?ebJBXdpmzVU${{ZtvvxM
zN<0sT`~)#P*j!)o3Xc%T&vSxe+1RCq*_(mFsVnD*n4|cUnPY}d82dw{l{n&l-!UIP
zhSOLhI6hwpemj+u(xGF+ozLEa7hepExRM4+!XWJ+z<~qZ>nER_&+*N~S}5(2ous_H
z<_6x_R)n)_v1(J<m;Mg>FWbKY8ACjMA+`#M(&Ef~PUKQH{?otPVr!*L=2~Ty$w7wq
z)|&XcYH{OM%ADB&5YDy*C0J7#@d*x7Mv=DysBwlqR_CoykNGDXds6@kBTz@s_QbYw
z(UJ62ia(1_CH`8cW&Oe^ubPPLru7c+F+9bb{*I;TG(`UR<ul_X$f@tnA-OIzg9LAJ
z9_QSm9`A*=wd}W5A-(vrAizN+lcK4;<KD$EM@!oYUDPl*c?)9d7<`>#s8VYr3}>_u
ztyO+uttBria^^zrRBxL#^lg9^;?OFLoA#bp>FMZCWcfSOFZ^(vqia4u1CsoNDQ6-3
zWMC$<c)5p|!Kv%b-G`iJmfGD9Z(+tBs4rVXT#F1bzB7bAT|G)`Zho=*mSv~x?TSND
zNKm5xw=QI5G>btMzG!)S8$fcUe>itj@P4h;F?}3Fs>;~ec#7$MZYe8vop78oOTw)z
z!`-CcM>gZ5ZnOVa<)Gy|aH0?ugm+jelwHb8$-Tv<ookTfs@gT2*GmQCe0iZ%sUHC9
zIGi9u8;I8^QZFy<T@jB_2>S)q5m-zaM=nvHwnt4gV#$oFLKtw5xc>X9R(W)PjKPmO
zs(4-U-N%9D2fgXo$7wqqI<pcTl(%`do;5w(tGmsd+mpU<bs}+q`{H6jU+W&rp35(k
z$KST@2igfwW-=jx8kX0S3gX<P!RFf~qbrFwzghfqL}^9&7EA6zzXF<<jqYPforeLN
z`>RZL+S^2me(9)fUoTt9(e{PJVvB-hT%T^n!xyL$?k)$iGMC~e{Mpr%;C1YTjz(pL
zGol)Vh#k<OY22-V&*LqZun@@iV9(kU*ge2OgSnyiS%cTd)jcx8s4Evm%{4jVxo>{p
zWyoK-eJWfetX8+^Q|x?m1RF;J%kW;S6b>HBhC(CVE0Dx=3TxlVqu@s)C$2&wFWi11
zOSl(egT>?kyP^Q0z*@>3OrdjHuHZtH=SE-lEWBIza1;O-iP9%j8Dg@?Y00oe=qe>>
zM+dL25&t01YgN1a<Nm-qTdNl3)!m<P<0nm?3O^RmF19Ksuz2ADo$5Yq8yk?8G}FO^
z$D{pM{mzF~A{q88rPxt9-GW2a>d|M}`rKG+{)}ifM-xN|{xq<RQX(7TUvg1L!TyqC
z%Tg03Blix-_Y@_84P)C{TvA#u)iQK8z>*J`TYBV5h-qI-K;f92$-t&aBz&8a<$nAi
zvxj*O78JEr|5kfMUA`LfJnYB(Xt?VT2z#sIXcV_`R*K($T@tF$n=3uFxwK3ptpn5#
z&a|H`rX1S{<l@gJC~9UQ4@|4}+Um4Zt0qEPgtCD5a1NKWCrwzz9Oku*BfGsL3dW_g
z-}Nq`u8j~15z<L|aZe!#-W=Vaw5Rh10aMPzzx1~c6v%~WlReWjWCU*%ocZsCxI%V$
zL8ZoDCIMZORf-FJF!PovwIC|52;4XEfBR<2|1=|8RId8tO>HjmXca;zt$It?@30_%
z$D))`w;*RC8z$3BUW6hxd}2925J8;ZcfHKmaP5(|8KMj?f=#F%i^BxxI1r@(GkZ|E
zsy`hM3t`Z$D&qVpwN`#tMW9h(7nb=rufF~GK%D{yM)>@(7S%>$NcJtV_Z5MorBF&7
z<IOQplr=zLSlAO%(1~ZKNUGDyObK9?S!r@=*D$~F@Hh{ZNr3q!l;EC;9MD=wcByd9
z5f!M_TDBPq!u{ZQx5UCn<?dol@O&?DP(6Fn$+{Y8Z?;)JWxL|x7=13#(w=<UP5niI
z>;&^dimHzGM9=7T9c{aqOu{189BU7iA%wdOx~!@e%h6%dU}lgrl-37)MB@nT{{pGE
zw8duU3O`^_`Vd34v`SoMOoz`fQs91W%CDu9-`Tle&aVJs=pUX_2+dHwJI@hwUE6r+
zW=xvyKSHJLJqMPnGn^&r&bo#_Yx5{h*V#se(<vj`^iLnV&S;>F#RnCbdnQkuZqgy_
zOTT+gBScYrPd-;nB~b`;#V$gdoAE>-qmD}HJ{g0}<M{|7)fKq%82ZUgQAK=7#^c_v
zwr99>)!6tHKwPE$FFOdSE}q&6pc;Amn6}fBFn3=rvDhzt`GIXMkSf@>InXjcFXXRE
zLs|m&*NUdFQrDECo!dppH;gm$1B3AsY^`$i51I&kMFU+CfcBT87OtRj2o`{p>BG)p
zQL|-t7=<#~)+^>4D{yq$9u7l<rmQhNJW-YFs5qAOz@r}xQm2sM*1Q-FW#e?`#s|nW
zQx7|xVand0=+pim+9gM)V`90vA_L3wRs2mzzW21rI$Tw!T|^;dC>Vum9;G{d$b8D^
zg=zLGRpGY4R4Glm4{FeBkfX?ozfctJkC&RW&9pA<w5)^pMI2)bWl&6;7O7jtgXkVO
z;X-kizX4Jx)s=X#4$-l76LaiW3$l@ZKT)tt7VLg!H7OhZ#-nNNhe-cjJfPjCQ~%<K
zYTOw<j2t?GxqMs5nZ0~!#*@?*-BX)}Wm#bTEgT3(zbN`FFG)AV%HN8%^Y_)wG{KJ~
zgdf+RE_>hW7El4QN|!6{M<x@;5X<i$e)jZ>V{NE(pn=u%XCvIzHNLL0<)Dyfgy*y4
z^%y&M6yIy}OOck7rm&Av$>-q3)Mz0tZ@Y@5LMkZ7z1)B>GF#d|slQ@MGEs1r0y&v1
z0uaj1Q|e_S={Lo!ftJ21N}-aFw&V*Z>LcJ>+jmW$(pdKP-IoAP<dBCyT;E=o*1f7_
zDc0PsRj*)<qo&a2&NT+7M2gfqs*0eQ`Sa=oVFS6n5Q2c#lzy1M2C2!_wBmnTwSCG{
z^G{Ze6WnsjI4H%V58m9K%TS*z1VB-8zXR{?jvX1T#bDc?S|H@+JcGD3duu({f+_3w
zeQe!de8%2ji5~@@R<z&mj%(aZ==oIbxt(>HRc=9Cq>Q;Sj|0WLKR$}IY-K=9grvsv
zOcp+lyh|uft<>YwiDM^W?GorkQ24T2p(n#%|0%E<ByUPAU@k3Q_5ZTMwyYMB3h1<x
z+TM*#O%><wPx+Tu3skY)HcX3nPl`=R`pkDLpj*xTMiY$y^XlX5GjveSi<g1xA(~#x
zQ`^YR^efFzDvomQ$x0jo7FlLW^|Nqwr_>DFlg+oQ#wg##h0U4R%Jdc*b!e!B{=)q_
zBB`Brp2oH-A{TsPGQc$Tl;^e95AfX7lNUQJUl<L3$}+&$O%{E6Af@H}lGJ_QE^zy6
zK%2I_@K`;ev9F8UWa#m|W+wKUnMrkb&`kFuU-9q0lI4P?PWr-|!{q{Kh2C<lO9iQb
zk8*N6|EnekH`+Vf2G4me#lSCuYO1`QU8uo~iR`+yB;8xdDJW<!f(RTqfA}VRaMg*g
z^V{Lzw!?i)M<xyXUn6*8JJlAI<B<1N@;2lxGBWRv?ovE$$fdl+yWlx1Wb<t^uHRfD
zV|LCHSQZ$kyh3*_Oq8k}eAVoOLN5P=>~V3MUkvxj{p;Mvn+=s2?KvG2JyRpK#wN4O
zuk504Dl%Q3wDwel-d3MGVF3kKZ*dAj9_N2tn?ZY!ick$}nSQ`niRO9}=bhfzFsh#|
zRTNx_5JjL>1o(_W&&AFxXHNs~GQGT^XkK5WOb-UpR->|#dqQw5AT0Pq(Y9|p#{*fo
ze{hW2^M`#RSY<0S&-SFvdH97hN(auTJpQL-@gzZ!I+TSpof<X(vrOh`1NM4(E&5-P
zJK1**vj<Rz6)dsLSuqO~Lk$${W+|4vc!zt<4H{ZRCbFm<YjPPscU+u^Saq+Kf5lF}
zCWt1eDgJ)k-k@_FfTLkL+OAZ%Otr}MK8|z3U1x2SK=}^N>p9`5u&F*Mhb_B3Y)|n<
zw(NLbHn%;~xi8NE({6kjW?rkSA2gl6{zJqSt6zjYzC~Sl&~k|y#lMvAOM<U>4*mIY
zgo7kNq@nr8pA%=^wF7~$M4ZJxp`O1`Hj}t?tCBnS@CdIso*qFIOO^lux)4cOG0L7l
zol$u&gj~lr824U1rnzOW{9u$`V=Vpv_g!J3GD>i`3}Y?8kdfXMtGpv(1GVfw@lb)5
z%_s4X$>;lolsNVh{LGUPXO?_-dk=06U#y;1yh$H7p&q)AyUuK+WElam%`A<rpjKkZ
zU||eD8Qg~`^A?7068|{f{)3soc$ry2L-n};g-y7;C#--e#~$kbYb9@41Fy=}R#S~6
zM8o6fUjqP|>a0>@7sgI)RrU7hDAD9NxUd@MgFU-hx``WPfR*OG!HD>!g1^iJye!yr
z4FEIo-Ry~=?gJ`b*=)P=C561jBM%B}?!2Z^kUal7cen1N;NWLj(M*k^30>x3M0tIc
z*2}p=MQJwAIraWzI_G+*hh7&Y;dR8%YrLw;T!0}pQD1Ec!uL1hGUutMYLEstZec!m
z6PejS<jf_oIG=hcZ*yUYp4YcXRpy*dy;x~xb?%y}eJY3aq&tQoC&dU3sh)n~Cu<w!
zc+I)yc#Sk;F8hAf{XInaNs!p#GF_U>v^an}sz@l}y)Ti}rVF}eMGs+#U^Xa4FoS&r
zfW1|>Sp9O_TzgO8nek?w&!ke7sPVoTl29OPI{VC_0N;=<Sv!k`?nf_#6T2gtLby&Y
zPdFBjC~v2)bM?*Eg|$SQoo2#PRuQ)vLEcvFGc>AJY*8^TAu084^Q<VyT2<(RK4mv(
zG9sZ)Q&<AlejZDuO!I6{Q8RFzZJ9^_P~LkeS=qZ*_HOG+m*C26X!;P3AcuP;4)pO)
zZc)U2^lNWO?S$eXC_v@-(?FvaUbJ_w-=iUH%c%9<xV8@n3lFtbivJ1ERz4J^7b$J5
zwBl5!LG5?~-=wuzjZ|{y5=Y9H%z7XRm8BD%1EyvTM(-?h(``9TN^-S<RJk4qMR|=T
zYrT$)Ut+nU=3c5!9>Q-c42+=S!V;}VTl%%fS?3r|-z>%wR&}_Gqb&Ni4<JUwdQZy~
z`ih!pn_^w8A1QI)Il0v55?SYW@kAvL$-M>0q|9B=!Q{Sm7UeAo>JMB9ASpXAUHyDB
zw>*7rw~)z*KOrFS4S3D`-ZZy{G4}3aAprZaJX}He-fs?MhNq(SI{7k}F0>ORO>1hn
zmT~mGxJEP=HN}G;chS)>j(^`zQd4BGoJ7?#!D`m?)@tq}U)~2z26h+wE{&heYR#(f
zcKGlW*FZ~u?)1OUy32_9#I9QKBz*HQ!sxl?97FBixBH8A7~oIE>7I7t>}@u=zBZ5K
zvT>!-yF~~uAuQGZ*6!SiKCBH2juv1oJ8Z};V$wqvcB)=kD(ml)fsILfg>_jXG*)p(
zFfH&#9Z}jg_RZvcCXIM0vV0s&)o{!1u0DRZWH-;?(~UpZcWqHFd@Zt+jnN&6Fh3>Y
z+w&jWg{>%qfSewQZ1>6bv)cT=80vkd#&k*BE#{@qhniQS4`R5@OS;7$a{M5p8aBZM
zbWtq)$!m-DZuQyue3CNMTW63#re34E&~K?)(jx!3IE_F*{|f}K=+W5~ThV8+UOZ~@
zdVHJ5k0|g>o5c;6%_rC7bh%UmT2+kr3>v3Z1X}t4y0}IQfm}FDm3pPD_3I?ET|ygx
zz1kPpYLo`e3_A6PCAJHx_hmhIw?lfkomYS{vaf|E)*cI7de!>YYiL;y-r43SrQjFf
zjd0svrIQ>rf|XYf$80>uXwAQ{n=@p5El%Cq$edq-G@f85=X=<TdB3hWF9|W25KGzt
zrYd%WHZoVSGNr|VeAjqt3cLtS`m2%a;<xW;&_VJSEg*a17x}l?Qy6wF{CI}0QXEAA
z^>0m;Rn*zVfxBdaZW~o5{>(h)m{@^e%Kg1br$WP%*`7#h`NRV_O2Kg-j-vhN4Hi=q
z9o#4Vs-WOtFWZ;e*NrEyms8QHADn*xiwN`t7Sn7`JT;@E|DE>{sB`l>F%)Z#z~484
zbq;IA=dP<y>N;1ssI|#8l}*2n7m%?Q;YLDmwTj|;rL7a@qM5{n^A6nTx46kxS8mJ#
zi#shsbXpOQ9#Di`nS^iMXd!0f(q;o5JSXLBv<jT<+e~5G8Ut-MPyoBjs?{QJ!0b)K
z-JFA4Pjk2%&l=(HQbEhT|0=qmbD~m%KI7iC*n6xO>1!SACGa~He}ruZ)KCzBmZ|(n
zj3G8fJPMswdbLB;sgGY_CjE>6%FFZt+0|Q@&tBYRS?@raL<?pTN$dME=L|gJm9Bl0
zYmLhLlqpCLfEyNvTsXSyo2|6Y=gT>L0X!u@CFdsH7*<Vk_MurLJjbd$MOm1q9Dnk{
zX?{#+W}au|&vtzaw4)|l{F9gR7>r&R^4^x?$pek3NKb}F(VHK%QX}Z0f-e2v>;a?C
zro3=M@2>hThvH0ei%$}g;bYy@HM4%gN%+rrX1XnaO?y7RUrVF0saC=JYl~C{*GDVe
zpGm8=2=c!xCVa}>n;~K$Zr$ZkjF5O=OcT=!x9*6v9Mjd`YJpd{VGaX3yzYx3n)%T6
zdrJJ^14&(%oV^)NQgES^1-3R5&vG|9(^Qa$pE##?Eanfc3f?!vaJeMgQtyq>>gsl`
zJOKIVqZO*H43sZoIs-^etKpdthjz7Np6}wD?tPB%QqUBXb^6xsedA|!)KLzjipjp`
zI&Q+FU@~Z&0S}l*51>@)A4^R!9tt5yO>79T^>`<ks<HjPURK2RVPiw=`QKptY20WD
ztH0Zm<sL_poK~ZLjq64Es>_#Yv!-3(*q`N^fwE;QZnyo3L<S29q>WyDseh<*A{~M!
zmH7(^0c#d`o)VPp*CQQY!DjrZA;>Q*krD|j5d!B69dG2;*Z61<LJNw2q@}f|5``5R
zl;)Cq@pj&8m+ZG3?-$QF)3(xkkZJ2DFcqg)B(%{+D%;E7azr0$MKLiEbOYvgWIo<n
zK70Fj=PSf+qoY%Gqxd(ANmFi{801Mpr+KDp2gjOAQLME5V0HRQnvXl9h%e;538EC<
zCAua{|BtL<FeycXQ7OOLn{+h;vm?>2zcSK?I5*VUgqCWHOdb_fk|5r=Nz9l5rLpB#
zC7{?hEI~m2Br7Z%?x(v6ILBXa(k=QNTD@t$9{8uikKF#uNV1gQmZcmrmDkFl<u{wb
z2vuv;<w;RG-sUij@7VoRWR&1xD~y2QwfYCmn2=HHWP!=T)3y4Q2&8LqI<om(dVzT<
zP*l?4Rre}Yx`uT2&qNR)1J8Oo*gyt456U4w|A_s`Lj3+X!Q~FbwEs4KL`45v(Qnl1
zZL8x=G=eRPKjVY&*C=nI0#uLbvugxhhQaQqQCrCbl({ri&I+N5V?r2JL5r*D8(Hml
z6?}^R>-?*?0+V4fIhTaoefQ<1?R1y!la%~5T&Mbz*_9;a-fnvh2i~9%sd8*UKLpn5
zV-?x=pSG%QBY+q7{3I|!l@9;0A^yK=Q5ugEO__dgfKK=Q==)yCs}gPFVLFGG`O`>H
z2%!vWSy*@~z@NUH=bchKx<VRQe4^m6!wgVlHMZY<1vl-)9%M2L?-;(TOq=legRoJ8
zzH(tDx^|oTC4Lnl7aV6eHq;P0Jn`Wu1f=0UfKC4@5_u50h{Kk2ZX5?XEr0OcYIzpp
z__!l??cUVfkb2r(0-I*RL8)-9d{#TMu->HDb@9q>vwCmHNV$41Yn#Mni2yFJotG`w
z-O!W@7QA)uEslx1k7(jF0^5J4e%sRuMExli4n~Q=OACU^XS*eM<spB=7J$*&#{s@R
z`8v7@D;-6LBoOMgsD#C)COAn&N*l@|e9CP(6k9n_Il(HL`FHA=K^+$L2e}RVy|pBp
zZE)dHAm3A(!mZ~9+g|i@U5FNR#-NW|OK-j};M6%U0NSoVWBBBJ?vrw?=PF?#=K!*s
z+);$TZ3_9zBNZB5d8Q_xt(Un7`vGIVqtQN-&ec5|)hH@Bt2bb!mh-?FJV?Oxz7-<%
zpa!CuB?5>GYP&`rD3459h?xhis`2*^@C_d@nK*u(t2w%fDh$W>{#iRGGH4<L4)^{s
z$xbNmXuMn0e`!a~JO^RSK$~a2pLo$2In`_h@+ji=i#-cYqo3xNeO?B{0HJHd-xZ=*
za;{On3!7?ar(mz3Uae7D%TF*~;9234zkA#iXW=6Y%CW2^Zrz{vATK<kN&hIG4f4Xh
z1cY!#OXE7w$S&uX#u_&K5Syv-tqjbk!+E8px_gIuk}iBg8p|28jRQ~g?u_1*wR1v)
zCW)}ve^bIX4Y+rJ^<JS`GhExr{ge;+O`-xNRQ}94GSR>G;-TlfP35xkZAr#Nv5HVY
zYw=q5(feY}gb3W2wZUq}%^jsajwzvqjj_ppq1D?obI9XS$@6mT73jdN>D?D?Q>7a5
zK(L>|zMUe&ByCd8-rx)$pr|#oQwslK!0SkKVI<^FK)?oY;On2hsA}BMg3clu^DUqF
zgiSZVI?cpvXNV(5HL=CC;i0Vf{@2-$*u{jpS;i8r*!b2DoMTSo#45`qg#o3)=0&{9
zw7fs7uZaTiBi4>=I~S*m23K8qP0=tdBDoGRyYvu2?hGbTiR_=A|0xj2mT13FvFUnO
z;?M{U07qDuwt)HHUPp$)BS?Rwe1BbkrSTe*rIp<qHLvs)kwP2mOb=t^(I#3-8KpF8
zK=o}Cs6OZI__CD3ARf-Bo=5GJfL5NlON6Z9x44|Nx40t^X3?XLWc`LCDaQCo_`%%e
zVy3*y-cwFA=f5F{mstSLVEn9pFkoO#NCDq(EtbcflQl+Ru>@IE_q~PSgnlr7#?Z<H
z20Du%l2emX{XoVaOLzgqlzY~OH>g|r+OkbMp6`?)76>Dut9!P+i_@Wn>j+1qbO+y_
zA{`1wRA@^4#2xSg5{6F4KCpNFd+C`|enZAytzoa(ApzHh_q(2DJ*!`cDs&(RJo)9X
z6vtk$kPwsaNv6WM143QMCCGuxpj#Ne2)o>Z+jhySMad{+#3S)K(7J<+Q2x{wtWw4!
zt>)f>C$9Lm;x(X03Z|&grfn;tPcIGnJ`iKmT_0*oPG`zrbxc-<Je0Yui=09{Y2^R5
zDTARIxNFY=+VX0j4`A24Mn&&`jTSVi7wpE!P!{~$hIA#IH&Ltb6Y`z?(n=Ox=lC5h
z|Jo8pb32<^IyioPx{1RKHLY|6t2wl90t??Y!FE$J-ixr1AU>i1$HN4Bl0K{Wl-PVi
zvK&E%5?gDBrgvXwJeT3X@hdZ@$*HhFP{lpbU7Su*+tva=vX@9ks9T}P94&AU1l@R~
zU8755W-yEwV>|rexA@5C+@*A)<g%BuD**MHWDYp3Arws(q>jm&tcMY|HGwB8(1m}W
z%03+~hg-X?7*%TLTTf?1ta_$c{QV*Zvve@r=jv}CoRjiubcxse^|4hCcwlCg^k(VB
z^PzVDNRUS?vmFJb@Lc4brT7;Sf*;iF^sxV{mMGZUGdt4Sk^P!CDG<|+dL}E8L`XW^
zP6WJ>vbt*oz^l@|GI5E{YUuXa^wU7&9wo9RVcj3>BX{R+@KQFHcx>!|6NCKqfgLS~
z7t^J5sR?56)p(;8xvSWzVK#?zwZ}_9m03Tzg{P=L#V`qoa(Z%=-W)7;cfv5`iPW#Z
zw!zzV+g^MpU(T_)!L-TivFJBy7NnHzL1s$FNPbn`=1R*8%DLhe?<_UyaW1zY%;{tA
z%|+nx6eW^&g4st1IY`D9Fvi6E+w;QA#@}iwYX6!2L$Spx!9Vm;QGJ%&L<6i_Pn}>I
zRLJs-CrRC74mC|TPF%f1>NRrbk*CVlt@R_u=(lh<sM3i*(z&`5+<cC3RBmx$#c!6r
zYL7d}LifJu`?oo*z-qJ?7=)=SfZvH(40mv5<9LQqQ|{h9{jR|oQ=Ui{dC|rJ_Vp9M
zFxf)S@u;n7J6(pguge0m?I)K{$ri)NNV>c}AuUl0v0oZNiu8(`YS|3sl$2_^3_7_T
zuH4Z1Zk^mf<>we~c*>+nWhy=|m-u`igq85(A+gOabR3j5a5^Fxd@Hms_>LK0%8CEP
zVmnT#9a7I0Vb9)S91}iOOCrMGjf;<95+76B_y1-I0A7mcFDTUky04$EyP>B`!81`p
z!UpOx`^2JXe%0%N3X_7r;6E5+ACG6a#~l6K$ZGE~s`l@^!$4;h$Vz6rb_P%-lG#1^
z!P91-<Zt>v;@B<o{}V^#?Zjb_I8uIlTyd?5ax(^BR5I_-L-!km4bO(Q;{gp_f1-%h
z>-*ia4IJGD%qD%~<z*OlQx0zHaz<oJ5ilnHNf;w%dSUBFE6MxO;IfvlZMbB;0^b8E
zbr#H@lKH}ZForp<S_IFoV58Frw@AOQ1B9->M&iRsZi1pg6p{X6)$Lql|E#(uJ>V>j
z=y%64UN~f$u>=_NmjJppYk#GX#iu@h<DA?3DzPhqVS;+>{X>e+gtHl}-v1gmW>|Yx
z9dS`#5pr`!<FR(={=$UrOVk(R3j53q`@(>oOVa-tDQ-i*y9|zt+n-%#A#{v8#ra!4
zMIWEIf(%2r->ApwK}Lb>4&&RPIiqsP6I}5t8YKZw8X&N_L||O6r36KU<Ts(^Y(}6{
zIP#Av_V?A{?|uKhl!KgAhrXyjlZ!p6(WZd`J<i0oSuqELZyZr0!eqN{;9*rfQBhd*
zkQ5DJA?D!W`hyW>0X{RV%_xFF0aYWfVanJCkDAt_Wf=R58nwz@FuF7Qw~o7=OxZGV
zy#NN^8#=i2B<N@T%YAUJT4_rI*^*)OTe%6?!Tbug_%JOzou#Pv!sPfsN}}5e={`ya
z#be1g`bJ1sa!;X+fKb(wt*PIUb8K3YoZ*15b92D^jxoQj?6RMR2|N|L2yrU3$X!D(
ztra1DE!eXsrzz5Uwr9ke)1e62Gey9<`Dz_z_FnMqth10F2rIl(A%&;3!clB$4=2aS
zqeh(RU}ewX*_b8E9{}q61|LUGGl?1V2l3A=Be@P#sQv}Lq}L+Dca`=}FYc1<Z@cuZ
zu_UMX>k3B=p|hx79~h)6bj8v0K$PyHeCWg;X@hhr{*_qNx4*aWoCD_{(_#N}SvTA#
zxaUThF7UBMn<YJs=tS5S{-p1voOSzM-YinnTlX#3Uznm1HkAZ!lfDbe_YA%p7XElH
z=&Xw!;*XxWjlG55q^rXn9J8c$XET8yPLwaXvPVrxq{>cZ$h>Vw2Ruk0r%Tw=k5W=9
z!Ju4nC7I6yIsyKc_}TYj9387y-*t4QZ9xYr(-WR>8DCH6SLw?LD3pLkf;N8p-?38G
zlG2wcMAbe};SvgAjvq+QRot;3>i7`e8)Mz39Z~FeXdl2YHl$&#*^0`K=e5)88uEb-
z9AL`0a0&Vsh99wV^f~OFS5q*7g&)+&YlHw~OFV4ma*J$F#BXbRFNr2Hz{D8XbDe!6
ztQxh5w0b>q)DfSde3VP;UhNnfD1{zO&3!i*#wtXPUk(@YrNELExr+!KWHoWMXQXom
zg!R`l=7Iyj>0m*_d)SxXft1gNU0Xn@Pg)h$#fq&!VDl!nOw6KW(N_~;<u8B;7@Zn|
zNG6^R=$8eae4Z+~QP_*2jot|7+pBCPX4w{a97%2#bj-->+2qS1Pd8=B7;HG_Sdd9>
z12Q%bTJw#>AEv2v675-rI;<l++fdEFk_^5e9ldxVI;82KR`Xg`To!yrmA@W-J?_wZ
zUwM1~d)b@*ADEKC*Hgf>CjwXogp)l}gQ$GUU4|izx*>M@FY-S!2fFHqTeq!GQXKpL
z6Xu9Y^`rk2=3G&&MbZ1O111q!*}wrr^||X|%GVuFJvNp145lA#2xZY1S9{Vjqzuh@
zSSw=WK@3KZ-qytZScmyJF+ln0o&dpQ>pK8^3;fq<kNOuO_f4YiX{IP_oYHWb;&#dM
z%P)eAFx&V%10*bwdF{9}17<II>Lg4Id;w+xa>D>cK5W*~<itjlJhSU-S`WTA4wp5#
zL{&9vAo)vrZ^-cEh_@KpRLJ{_*9?4g7V?DbmHDphx0V*x@e^d@_2|Mv;5z_(>5TDM
zEELK^)`9#gbXU-}BIY4n0Yn$@mGw7qKUO!<rzZC>gIgaofA$EFR}Eu6u+bxa@kEg4
z45m*T9a>i2-aMAY!c?o=Wc>v`!^o?E*ZBYsKE6ZcTT&?c31;i?pLgTCvRtMhX#;gH
z=$<BN)GYiX(YjJvMkpH)W2{CCQbj_>3i#0u&fE~UF1t45VAxw)1!qDID`8~%tM2DV
zV(*>#_l!#kjefjSF^A(~CP$0m<MZ!^x&LIa{&I30`0)P!qv<QdvTB>IrMtV4Mp_yv
z=}rl0>F%ygcekW8h@^Bk0wUer-QC~je%|jmxPI^p_FU(lS!>OjIg1G)V4slF`353z
zzfDyJ4pINe@r*|W^~n9V%;U0jZsfjZTA~Y)bKh6WiG!RiLa<^X)s+qpfODq1CZ|6x
zYutW>K5f}GWq|Z*bI)pE+Lu`4(E%~%fnhyQCb_82Szz6;l#U%|4hkxq1^^u_|3T3H
z#<XEso(5=Oo&w|?7}wb_(Gw4R>x!%D0NHFS+P^0Lcv~#g?j9hh_~Z*vc6xshrJ#mS
zvKTWk&b1mj?uZRg5_eb4+k5$JeVI+rRTAUCe2<Piw!=ixxaF<cirdP|E?@&b1;U&2
zl`!TgWU(Esn(m4pRp=Sn`%JqEAj<UWyW`z0P6%*Gm)lG1viI0;zOr%Fec-yX_XA;X
z;`7ENkLRMjE0@aIl?^t(57Bxz;<UfdKCB3}<E;k;@E^b({I>emc6n5?>*skxQrj4G
zKaIgoamWYUj$a=~ey4<_elgzMBi%C(i1p^4<R^~oW?BuBf){+yP3z#fZk$A!^;JTM
zFMkcH-^7IZPHiq=Ge>rh)$f1Y3+ovMp^%z!^aObkvHR`!A_6QFvL))m?z9o(S2z<S
zpa27Gg*d(0NT=)vVy8C-Hk#np6S%u?1>q}wXubD<e&5&90)vqR_&?_O3TV1`9my4u
zs}UfsZn!3O)bqv!r^_>SN3i)X-4L_yKdlEisx7#IPghvSE^z!ckco%qXwe=-PA9gX
zBgH@V_kja7%V`Zt;@mYCAYxMm<P?dloADl6$Sd*nz*&9rrJIhi`Mm5;ItIT@+F$44
z)FP(6I@0L{6Pk9Qs$M-nN09sBZqbtwJXR-bl}#I&&0=7$LUw1A1go{{($}wB%q2ak
z8HyalhIH6P^BQuEFObvlW82^Nzk_2Ca)fWj5H|T~Y*qqF*xP3b0Y$*>&kmWN5sS#V
zH(lwMM}<Pf6l!%-WoTm#<j}~I$Q7|$aXXRNkU^gtJ;z)A@cb4SGdCm<i~j)Os@TOa
z$fdLWAFhLjaQ|J^7NfjL;Pv#Y5>M;+M}zop67GslKrjySi2hLLljoSErr)R<Xzkq7
zH<%PC74h99u?LnVzxC98h_=*=_H4iMrdFDmzhPw*1daHtH`h9(jcb<f8};<h_}z1R
z<&tWYo%vp2C^tstYtCMO=$WZI8nK<Df2@xB^+*ms)eZ66J`;gDkv;5xKJAgvA065P
zuUDf#Jn6lU^$kvO>qfJvJ{T&y9GxksC2vPI2rs7tLGQjx!Q`!f&~##0ov-?|@3Bqv
z_5n4Ai|n@4OaaA>Bg_8rNtu_OPlI6Ej&Gg#2IW=dJuau{B~u;zWU&&B`#&`9jP;Mc
zU&syuYPt;mKe4hnToW5~fAF*`hDU+6`P%ds+hkjpSw%JDu^qp3ld6}6_|Zwgl{g(W
zhRmi`vsL|GIOL&=yWu5e2YI~268f%tvzJes)liuu6v|E=waG>H+}I2Y0fr!=mnU9V
z!FV60%AR^Ii(SA8d_gDQhA=LOSIX;Mtkywy`sJYzEH|JgpomNE_No((res00`pWub
zI9!@MlO>7~H_mE<>dCbv42*^lb%rH$9Q!)D3dH>WjUZ`9bgz9%1Fp#tbBZLW>Xqsv
zE}JucQ|CcxE5^U#?|<kYE7o?3U9$;URVebs;$inR=}xoybD;!IGHr~F7yii;{n9<w
zwHx*@$3k&b7T8aF7NaXyj*qLr#UNJ=^F0#3qP6WYp9{sn2dIibC{B8@lboongIFX@
zzE(V%C98VuQMIL`RtnDRt}|{hKIrT5*l5zTa}HxZGPl|qLtOmHQC(dehyKJ(Be!>g
z;G9OPFq@u58mB7JFzNK-a+L{?;Imz11Aa?cu^UI$-7B-7Uw+@ly&egOIYop_)&^Xr
zvM%<9F%fqHSsTmd60t!a`w39-)-x%d3eWc>R=&30c{=?5DOGnz>^__N5v6apP2%}^
z=>i2FHJS-@kVroh$<g8l_d^|obdBo{O_3s8zRrI-J*zMKjj~FZ!n9bkC17Os>7PQT
zG$!T`f}}PJL~OeJ!a{uui?6{cs9Mc_3ViS1qjLqb0+|AtSv-kH0!LIaS?*S{t7Mfp
z()CoIs<9Ran<|G>3s(7SOdk1nNzjr93gs&|ma3-n^{=?Bzs5XXA@Gx;X$AVbClbi&
zx#dMy^Bi#<EbF0ucXGHUqf|CDfi6*^WBxX!FD$-zE=~p6vadPO>oUKxhDSbt7QXgQ
znm(Le6c8`nYS*?h;jFjN1Ll3D8TPgJMm;(@C4%s<%VT~j&#G`9Xq~xNS<_K`+l0(h
zB$d!t^*0$IX0+N_`$#R#UG8gC?Rq!>gGZ^y5|W<yxsE6#U8a-BJ5wTZ*t|O>Q{2Z@
z=)e(fZCsa%d8r;&^M%b?pE}X29F=AnQIw|s1t83Ml~lnf7Q$%H82{m*qU7uBW(=XC
zitttSsZzj}rv~oECZ!T;vEY+BdFlL!RV_AC-eNnU{CTK*%u$z7!^ZeQSWGlEFKuj4
z0rnCpntDdEj1lJbeg4*I>OO^e!Ve`n?BgIz@`(D$G4s2WaRGNP&kE<Qb8*gk+~Ir$
zG@#=Jy2i7MjLhG~$;5EFw&Z3G!rl94SlSe^yJ=CH)qS&pZWJUHdU?uE4E;jOUX8B9
zu2u)Z9hA#3W}%?=8|;+29K)}VrD5?;Y*RQoA$8ha9u~u;E(`w(l>5FAzb~r6E}xt^
z;)z}HqkIozrG<8I0c$8bgy>Mm9HZ!t4FG$1tAeJ_T9!FQLh~0csJ5Yrh4!<m6#bNJ
z+st>TPU|pXvkdW4v2ZD^a9-R!T{Z>{uw<!esBNLbr@3QR@M+1PT+2!Xf_>Mm*&u&a
z^d4WM<B-UU1i(0H>E|Jj^H{4NwDR2)UiD1^NnsMx6dJiobRv1sVR^@Q6U86X?*N25
z=&;JVlX!s(9>W@V1izM?_>{J>R+!VAcG?XnD#wcf$+f~@U$VGJYM3%k^V%<HIWpI0
zrGBA7(MZ+SX|m4upD`#8g$8O~oR-dU4=x6jwCxFImR@%E0@wSLR58A^d@B)@zT69u
z$Ri5>%3*w4$YqC~U5`83tgF<lVF^&6+T!h==moCFkkubIANMsko$Yr#cjs#hB9pS9
zU<{!}HuU#XW5N)y)^A(&r5mg@rkpN1#qo!jOCk&FCWpnoJ~O#{i8$u3;Zp=q(&uk`
z(Z3r@VH9pTP-TO3<~!SS#^2mvb2$yBXG3V1lnz{0@UZ?k^Td`Q;l{O7h6n_UI3VP|
z#Y2o!fiFXXO2uhwJT+jOJ$4w;oIN8RZoZA0Ti`6`c0H@gOZ4m-^%UDk)M}PR#EwYI
zGDN<}bk4X_wtGiBO?C&<XX9OS^M}9G;4cyO1K)`#DUB@t5aFvwnP<5gevo}$F8vUj
z=c1WGvO7*>pPo=v<WkH9xS`i4W!85jr>jzMp&t8*F0SwCnJ?g!RW$9d!3-P+#J(U}
zwa3lUf3?5%VRaWda}cHN(kD&4sgH*an?%h>?FyqWFM|o=ib%6>5j}0-WQOehE?#v_
z`XP_9j>K0Y6+S)UqchS<Z;KbyN%IGOKS4fNRTadPT4!fI0oROVKuecndmriyJ1XGs
z35kGput@G+0v$x2`KNZN-oc4AKJ?Yzaa!SnpWAF@;rn_LdQK2E9^YR*<cQ7dY7Y4A
zW(o-)5F$g;-)ktdZ+&=&S<l?n`ht`fdn&1+AMMej^OtC6BS!uQGr*DFPw01-|7q;>
ztE^lfMqb%4bujH-4M3>Fc0Py2UNSnAx+kG+1;cMkx44T(4CfYhu1B}Qq@uKJL>|@N
zY;%huE{ekFK}PI~&q=L`9cno1i9zOIn)c*!J_b)s?D)`G#jtgGcpakH#p|myksl%l
z-zJ1zI=@ay9&X`S`N@}@^nFCix%*i86ZA-PQ{!;#h70fc0g%tyKae=~o5jHti8(Y7
zHZ-xO(fJ6*h$^BW>KzVZaNfxO1w-sUe(kvMacg`|6G~;3PB?ug;!Y1P9o<&zLu?9%
zy9t6j;j^gvzjz!+pCqA+JRZ@JAJS9E>Ck@r!zP+DfWlR^&mN&At6e6r)3{Y08TjvV
zFAqEfKvm(6a>l23R$8|=By)I`pU+>@@jgF>Mc~e!wnFX+k~iYmc>T8F^gctJ;&Qdq
zzJ%d_%J@T4;P@az(!bqM%MWp!f_AvuQ@R<KN$`-C-tR>lJWm#prrB|48?i!uO%m!#
z2Z0G8Kd<MEWV$)ufurbyLK+Pl$cF2r1)Gw@0gPEzYZH}3M-(!;(QU;BBpt<&){EpS
z={W!Q+zz-N)*pn2Zie$&AUDi2y-jbB1(|=dQDB;jxZAhz>%Fq}a^vo;Tw>kbJA3$Y
z(F8FU%fZ$)Uw*1SHl9Ll&0O$Lg)&%ZhrE0kWhI?Q@cYDv>!pHw{oSYJSP<XMnPCAS
z%V9v_tfK35SVX5xygGT_K0IC>9KB3Aty>k4y^V-$lz`G$S&#jjd>r^)DAhCE)`$9o
z+XJ-sgW}!E@Ooux9CYHT<#L-(&aAy5(vO>@s1aj}WzNrHkz69mPL?rZ$^SxrCMtQz
zP1G|>5OZDikwst_Y_ql6a*K&$n0+(?2KN=^G7*Y<6xt?7Fq}|h0@yHJCiSVZ7O=rD
zKk>gzxy6N>l*6;Ns;+iYIek{Bes3w3K4W{=tPf*bY2&PZIy2j0^GEDE{7j~$&vWQ7
zf}$>M%tQ$O-9NG?)9_UEy5|AqMSxg9znx6i2S>896)%+fxqFG93!=hD7*OADxy9=u
zn6quNINYvZyY3#S>>g5lvM_mU=tg^eA0K(E2f<-~9LRc(i-7=mAfp~95$4~V^_;bl
zDW-X%#En+bpC7Gw9hd%Du9<K&kdL1Vg!ViQ%5NupxlekE(G`OfYq7&x=sR8Kt;LEh
zCv8xdjbcmb{Y8wKFxh$72blg=!7(bT-=+J*V!h(82$l!zT^wp*Y@6Z%;qOxAIj1>K
zcT3}SeA1N=9gB|l7yuq4{0*$XK~LQ;n(>6FlaC%&HqQfp_5VO)cYX^@ZKr&pqAV5@
zR2*-YYvp_rj1Dm+sn-e|pe#2<vrZhS6oM%e3dA8B=Dd`Y>dil(0=#eRq=s==P;&0x
z-CLuklaDtW!7WPq?GcKLHwHMwjk-@ZXGpm(C44lEB4-TIr?;@xZ$;(yp}n}aMmeiA
zqx$H6_*&;noQ0vCRr_bT8FF;r5rjp2q8vrg>?x!IY`ypnJV#S4>q>@hIxt4$mHLl}
z`e2e%%EXcJqYEejDt_`k>SUVdi+u)b@9PV;?F)13Im0~Op7n`r2A>0urXTSq@>oG|
zYHVb7Kf~>OaF2PpT5A(R1?2Lt4fi*<`pS?6za3B?0s;PYyj1dQG;wxg&POYul$p9|
zoU_N!0s-5k&wSF+EzEa(&xqenkV|+xZ;b30sFx4#-ZufMi`#fp@f74KU+yy(2?GGh
z?&>nJisJ|av9w7IIV24qL`vG>L#3(gkgqI%8tq>FJNoSKL>gRR(s5pUoSe}}TTo)v
zCFOL8i)@#rr4;&(UBCUFFJYxo$q|ysBWCg_rvnf2MnEof*akB2{J8pfvhus7m`xBu
zz93wIt{>22fHYpWzQ4doLo`%~AHWI?92HPyz(j|D7+kblu=tZYyqfO&n2{QyXR^|Q
zP|qCtdGmR(9=oTAn)RIPD~Xzp@V~BKBi}A(5iDFj&I7lxAEj@@(c(sRa@H>{UHR4)
zDy2VYk`qL8O8sLcDH3sbfc}+6Ny;_D8oUlxuu1^8H17+aS)JG*q({_N5Gw02kzvr?
zX-=mLn(Vg@G%FHDAN@Qk)QqWqXPozXy5Y86jC0kvZX@(d!b$H5f6oU{GePMlL4+<#
z2=Jj6T&2)Sy4w8*e6h2z!BhN>QL~2eQpm2|DW6R*4;w)n_ge|SjLSNQB~t&oO(~rd
zFr<t5)m+P+h)&oOEq-7VE->~S0bO4=^fXh+W8NYfBYp-u*UtRtDk%xI<6h2j1vqz+
z{`B?XbJaUu2Te;jbsyN#4!GAx1}d{UyKl7=kY)ssY`vXmugvscB3F}hwB@O<$R@qT
zJ65GIz(U08sdZ^(LG-NLnw@fb=-TB4u=MncCqTkdm`}7w*Z$j#m->@S65kh~=tsOf
zS@W)XT6UM&$a@%)ib+H44_>9L!)t^h)%Ex>b}Wun*3*fO4_Q=8`}XakvOB*abmN2S
z(g5m)3!iW?EsbDy5NTU@1J$}KZ}q}aCTr1{5-aQjvX$;}BzXMk_=w-a;|-WhY!CcO
zrd7~hHl{K$&YP6PP;Jggn^-RR3q-$FbzL4Dv&Qc2AY<t^&t0?&&k38Vt+uty>nDth
zMn}}8%U=b(Uo?bGzFP~a{#v19{xFojTHIW7o~AA)T+f_3z&0!OX=+O@?Ij4C<aC+X
z+gdc5UqW1V=wEw3VafyHKG0ss17sdjxM<mK-bdq&S+1u)W{~Yhng_E#Pu8mVHD;=)
z)*6+!o_x|FB;1NUi^PvhPwIGPb%ds(SLI`3@*$IukJgC=F{79mwjPYtt^_G%Cytv`
z#HKb&L`MvoPtw$ej*D5b^U+Kue}L_aw)?GZudW98m-_MFUKb!U#b2Sg$M&~MarBPZ
z4mm#zWuQ+e_{xZkn<znwIl#8*omTL<2K~G+GQajz`Rx?0C?{c7PVI30Dy8$xcHI^N
zMkxAWC3s|#$oAF$&NUOnS0@+{n2i+Q(`d?iX=A&sM!T+x*XnZaCkwm>`um6L7>14e
zxa}wQB2#L=06{0N(&ubadaY>sLxbZ2UCRLnL@-kOD{F_0o<t|US_^gUuMq_+OD~#t
zPo90eKX_XLj!cWW6<#FeFC!C#y>rNP)1=!^oro=vNxA>t@gC{W-Znn&@Az_=oy<m1
zIQt|OFyR7J`)ZWMA%eD>nETc)v#R#Zt=sTnu`8nMKxkzI{zc<<+xAYRhLl;?wn)nX
z7RTYvCa(u{<uJ8`9}U*d%6)J8-^NVTU#NHk8xz&nWDLvA-ttWU3z9OV7zSqSa36vq
zHf>CD;@U4-diIQxJ^YOu8*<xKSe>0OKSLFBJ@<^4{P&eq3EMDRNiBRlt%0-PfmLuj
zEC939{$AhzPTho4i~eI}WjyhHr`o?738$VE3Ubckr`ZFcnGS&!NNIwEkUF5O;K*;4
zs+zv8*aY+Tg~3o0uF4nU$>XbgB5xl|k+N{mVXX^IH^yfJ^SXFS+{2y7JE>8uNfA}U
zJ0qU}+KFpnOV$~02&WgA^Kd2B5ALrih5(z~5wDb%63b)NH6(Pwp68lLxzG#b58fK2
z<-CUTqgPBtQ6{};+`w@uZ%>+?DQ6Dzs`+12;(bnxc0Acn@dvkZ;LF4;lJrhFsMvst
z|H{gei#gZy1Uaw10{s7psu6InrfH@1o@k_pS8^*>HGfL#M03*qaM#Wc9<H$Q1x6}Y
z;Bs0CJt=U~a3_5HuqU&5mc;yOKSHXg?gKBk1M5F4yT-y34kp?<;NxnZAs`F-fv04*
zFs1t~vWo{YMVa+xG_OExe&Eq9e&B~Wi47C>&G$=!?q5-l6Z!lYD!(`u&LI1a6Qt6p
zQQDsuQ(EXPwCRO6m{`{(H1D`tfg4qPuV^u~TF<#ECFmMKL|bd?(z3~%tatm!Jl1<D
ztw<Ru8>Rd)vzsAwP!2`Vj7=WBz5VOXa~Ad<JPGIq(4hZJ;SDt4p&V4UQh-|@?vRi>
zFwO2UhIU2*f`3a#MbofxLXj9Os7G07v)$D4|3s=Ra$VbYM`p{dOicpb!&K$G$m(UN
zQgyUh1NL7ifgt#}=*Vwp(DUjV+jzJR<=EtUv9$)e&rM5@5sS|vv{hd5ERcrMINx%o
zyVi9l2pE*S@8Ij0&?_}u)_92)C}9|uIR6!B){zT$BP5|9iC3+h_srBey3B2{fy5`4
z{`QZ9>`GvA4(w^9ydU5NAbwxocEQ6SUs$F#PxbZNJyYPXhi%nj8n1Rpt7-WrqX5%7
z_lxVN5hL;bvN?2G+|qcDI#^WuV8js6#Sf(qX`1%j1pn<PJMjp((Xc%>#3y7$vaN_Y
z-@l(|cTY|dXD=aehM5jlbtrJQ^38hmrRm$ZidZ`_E6~J!vH{$?^s5BzQs7f+ZO=M7
z?r$5gAsqP9?LN5>3*IHZy2QP+i1ORQxkC!@LdArDGz@cJ?qPitmp-*zkeM6E=<xSo
z&&@?`f1z5sliG6lz;pZIiY5pPznuQ#tYy#XYTf5NvS57+4`ka^XQjXtO7iwcy-WG~
zC8kGV!3Jj9D>8s-Kf=FM&&*O*CyPO3OexTIeerA?kzbAWS;Eg0DJ8q@4M8o~OnGn+
z%bd_NIks%W;hiwNVTy!2tY<t`XM!tb`}+~_XAbpv&3ydOJQa|0RKY|TEHyt?XZ)Ws
z@T&=`gpe)z;fc*1>eKVmJ>@+l&sRjJ7mQ3GU>d09Nm)Et54ZX;szm?idOQK+o0a-c
zQE-4MuvZwX*9)N04Z}=Wb3+?y;!N&hXkggw3<YjFd^a^FwhxJx4gFjHznNeZ2CtPN
z-RV6AdAv#$1wvee3dWD}aC4s*eGB_{<yho`uzE9&Z6V7vMLAi*-sapa;w``i7Js4F
zInR;13!kCkrqrKfe|mbD*u~&!)7>Pt@P#L~IH6XT^4}m86mgIqJAWO-*3D>zbiWhl
zzkLcylwH|19+%s&R7^-n4(!5@JU`=#3T;@AX;2by{y5!Jv}T!Z%XV!`uZNbo)|bA<
zFuDF47#8a={&vR8REH65l?fafUk4C%pdhVa!d(mhx_;S3iKf?Vf`IH@HkT`&?CI<m
zxzP)JevBo%KteAjdAV`Fbnt%B56^tsX0zvAd$8*YQ~y<<FH_6;ZX%)6TppTA1yNnR
zbc(93H>Pf4`UCT4=<-DvTGa4YiPv!(J0ESQpPPs^Wkcgk?ntf`J-UDsBHEAGn69L>
zAZku1-7iUEykkz}<&|Q*AGPV<IFN|LAc!6Fz#U;!Y6l08C9Cxj4|xQ8vO9?h-{o7W
z5p;ENq=#22E&AZ5u1Ta_)~7kH@O!_{o0WtQxuA)RAHKA@l`Cl3FA!<z$zO{Le~9f$
zc9X$)0Ob^edUuv7Kn-Sh@{xjkzU_I@8zbS0KfK>h?j2`z*>-WvW9)J>MJ;9hFg?Z3
z3d9?mkSS|wVUdXxcqt?s=S7vElj|Xk<^4ZKC8a@bzAQP3l|m@5-YP1vy3rIjD>+?$
zZ1I)jnA5a{G5aEG=Rb5cf?Th68)M1(4;}sV-bkO*s9-Pf9m}CbNAuWq$Vjz>1)o8}
zZ@eFgUGR+|I9q^8y;caSzuT|6@#he);44#_5K`n!AhkduohZk7%M5yl6-rD2BUs=H
zP5<Dy8;blwE#B#jeT4#^>ce6_`NChWg1eBIe$fnMm>62xq36bBA~Zd(z3djA7+;$u
z;KF>A25PmpJwy^-2~p}U(ui62C(U`-zoKSZCo`T2aZ}4Q&)n20`Qq=itqXApian~Q
zs%rh3$;Pw`t3`KV$K!-popj=BgMpYJ%!#$PapxpFf97eHyb1k?{EMFkHh6}w@pbnl
z&mmRy-zXVG8!V^Lsdd$K&kbj8*3x3+CfqnnCJ=3QO2hBM>CX8hk}V-FUBb|kk1z{0
zbVMSHIeqgh)H!xk6SPnncn)&S(ZG0Q3Nc#PFW#=FNS11G$NtPCz;{iGOV5)1MGw(a
z`cVb1RbnWCyOf00|7W+w9J?2czEQ8nTI?ltvdI~=#aBcoyj)3fSq`w3caDl6ryKqe
z=nTqus)P~{hNNU@KbD5rT_AkIn(ySp){jV&fLeV;Le8S1XIIpP8$f&LlWQ%!*VKPz
zWAxR?2JZ0gI)r3*t7T!LVfl~W3u{SrMc_k(8-%1yixU6A>tKlIAY-Pr)}$g?{^er7
zEK0$3q>g{7<{)z_Q0t>Jpy5qHVf?2TsMjA39rkza8!(r_U885|J9J%-j-X%`gm7Ag
zj5?=TQlLdqz%waA{sog79ydX>V26y@wH+5iWbz1ZS#RWZXA^s?{~zB%1Jv^2`*23J
z6H3ne%IuB=^_?bU8gyqSgrG{zwZ;XFAXS@O=Qi6Df`Y*2wB+DD!SZtjFj>hMvi*vM
zF^+jpDduOb3lZ4=*sw_SM6ZT^1c9m9sy9m~3@I*ZupFl7H+RstOd>{wl0`L&m9RGR
zn)rZ5CXaHo^EAvND6CSacL&>g_tm~FoPxhR#!rk65uA93`0ktm|2L07MKUP^txm1V
zs_m(@R?Fhl`+mgHyB5P1xL;{%OI6~rR?(iYf_FY#ERwZAwUunRBjJauU$357pSEPf
zH)1m}O^izjfvsA!nIhbv8z%BEHo&GTsvCV&3fk#?pLT8awdCEsj!zRNsZZgyDbX8z
z76*}`!?(c$`unrVoC3%D*Am8b|7vd*`uQdhL13uXho;pC6ab9w(dk_pD!M!<W`@Fu
zN$({r`LslR-!o>S<UGR_EuqkVRq}<_dtrV$pnM%_RP+-QheIM-y}5g*Jb{kRbT0l4
zQXUPd5|OlLo4aQf*sA14z-Cu~YrPEJ*}U;w6B6>*_wlyCKDS&*511B-_pr(w<7__L
zE#8q54QgWVBL?hW)nD5K#_f-}spSv7mGq&00}L3ogOj5#-r7*jg{NJnIT%0SkYP9E
zO&L9w!(*a*w(ZB(ZX7w@!#(;97gUSU?$x?TD``+8Vb_PO9pjj=Ztk9qRZfq-iD*eB
z9o7*sU9?mctyqWI^2GF>B*#BTrKA-Hl9HnSX-RIR1By~Q?4cpqq9q?%(;ozbUj~h>
z@HrInSlZRwQ*{}3LPA|T6K+kW37_)vEDl%L7ojF<4j`e!?7Xf^{k&ksw1jEU=;v#O
z5DXB}$+aW8w1_;9T4Z|h3^&SOZ0uen5EoQiy0Bg`*xaheQn*@cB{7;Md?jAJWoRB_
z+ll$lfyW`|J$B-hcG{dS%|x;0e;P?c#{pS~h2>82)N-xj6y)W?znxGPOvu&+YLH?_
zA~eb<`M6SoGEb<es5iSJmraX@%!`Un>GnR=co-{;x6hSNw6~U~rQJ$6ov$0cs%vs9
zPTar21qx9RE)7hY(Or2EjQR-Wdyjug8qEUy2bC2aO}UiE*?Lb_#g1O&8!=T%NClG*
zay8atkd$S|lWKKJuQeY8za-1b>X0FsJ;H>sOkm6w{GR!KoU*g%><QQc2GCU0E%!VV
zPS223tdKPiPOq0!#Esj^-<|(vP%pOY?BkKkuHJe@5ic{<QG<Ma`7soDO+{py@dIkR
z5p>Iv4KF6Q*R8lN9=ZfZvmbf1^O`a1D?@Y-4Ngq~qoC}-f*u_nOT~O`4x;+<Ze6wT
z*+X$68}fgdVNDwP$m480$F2u$hR}QX_5@p3Z5(-4B!l5SRVLp#^68c-BeC3sHdpn1
z@n^g-?g<w)7$EY%i~+7%P<AHW0GRBbd%)~8WveG+Gmd<v9VtC>AdxvA&|Va<MQxYx
z<q6g0-l&9>4aKSfmu9U&i01xM{u40_U(#%7n6sbI0tQ|ltAM?>jS)1}2R`S2uAZby
zM?kFL%xI!yIV$OEC^jQhT0(ENfW2C?xkO^MTKM?-Z#%9I{nRaQLJY1GK<EvJ(N|Xb
zkl*2#tBV<|ir~8~2P=B<Hp9K#h)NG%ep3jczwP`(KhhiEx@pM4Ak?K@-!Tra6wAhp
zs(P!JhM9QQxIA|hE#ddvFZ0>k3%iFw#A$=I^&awz+8>JE*_<TtnCQsofuj}j9Oc!~
zi{GyjF+&hX^Hijw%Hz9$-O*dJfB@CzJ#TZ4gq4rZm=zH!F(Vl;NM?!n<pT*R{-mrn
z`Y{%djz<<AZ{4TkAK~uE@A=_BHunUwbav#N&wfKDM56=`G%wb^c|yQ87Lh+EdAm)n
zx70>YV`VX1?T72S^|~3ER7Sr5WnXYf%kHL1+6fkUaSS&%pbR}%D^`C?Li*6I8(d$}
z`>0??59zojdmq8ot#Nu=Yzo1D5jsXP#Ee}WBdbxq<U3{ueMLk-Tv);=+F;MMqD$>=
zskkW~^=>mUfvvbGe^zq6YO!=y!hyU^KOe&&HpWXR74vXc_Li?$SC4F-+Jz*Arth)d
zGdv|-^+zr&;QH(Qbkh9C8N<b`<)$IsGQ*-S>OBb=>rFr_4p?*>mEIz=RAAh5MZ0!G
zX772uo5`I1`Kp~odStK%-;SdB3Ee{cmC9tCXbLr5N)5cprc@p=pm+&}x9u5b747AN
zJ5Ykn*fPzcX*e<xi<0^4A&-=^Sj0=5s%SW0eHReAac%-$|Il|0Sh-Ai47#D|hcd+_
z-~T18F+@EZ*DoY3kj=MHeYYhSw0R|6!UId-@ls*o{|E}g`OO<K2ImkY41&VV#m}BG
zLKhn#%6g_>;1q9EBnDAdfMCR&I~GFQMYt^MrfW+TZ)Va!p^`qUf~8mz##-=p?>F~b
zAa*3*&PDA4Cro|!HS>6WPe?L9eyZI+b?^{@yE}6AiYUugzZ^OYjKm(O$Bc81Np{^4
z89brPp`C7-k0aL(ze*<b1@Kbil=nn56~H@5V}Q-aFL(<1AlGgcWE%sbrsRSszG$f#
zSgmya39(bbaQ{_Fl(I;@Y?Yq=`yTjr{+&{!>fIpOxVN0f%KN?x@;U@T(ucaE$LF2|
zA;GPSvD1B(&conk>MFOy*6e#E4`SEgFm*D*=&hAof|;htI0a&f26L{Jwv6+s*|ll&
zF#;pDViN;tX)H?NmMl+QjsYjwNDPCLbjrS9qm#cg+)7e|7f63~sb7wbD$jvPH1yn$
zFA{fKY92nuZjVuFZ`vFNs7*JMf>1G6f3xY4;6sY9aNpARUNtgW-ZG-`eoc^L81c7~
zxMc<(<m%^o-eKz?(1X2@bV{tiIo4xWQG~=!=W=0<n?%VBq`04n7x;}sq;$fJ@B35c
zp)eD+n|e-G^;l(S=xzl8TBhLQC7c%@7aR_Ih4*pXzA)OUaCVXM=A_Dy;jGSF#9SQ1
zLJ}?CAhIKj+?Sa-l$Aj-NYn8F3(Ktg*wN6XnV#Lm@EG`xUGVtiz|6J8%;PF7X86Nl
zFSy$_c#@V1hnX75aD#$OzZtJxXS~^Jptsuw!dKWI(s*lXXCM|xUzmGe*6u+i{syBU
z-;$zk)H$dEgFjQJnxZ~nPCVR6_&=`UgCotbLTj-dI(19%89eKRo~T{=9AkgvSL0(e
zr*U3v+992@1l=iA$ns1od8c2Wde?XMF}EeR*p&RHvQc@2qIfP4a)c>)a^A@d2j{de
z^8?F=hWS5r`1$@0j@*(gFpo$7&EB|A5E5w)a4}qk9(iFhPi+moU32B1@igavj2az!
z|DG2o8up0mlS_!ZObgn8Dk~vlDU*I<nTm&8o@NUn<yY4-o^qk<bbY@ZJ7O-)n_Ta&
zhsN46xJ$22Uo+tc=Ea0aedbSboSuGkIOzc@uv=FazTWbMQ!yk9^c|P}eTQ$P3uDaV
zRh0qTOtj0K4nMl=fNB8mUx<fYoL^)?6eHN!?>*L&T{@}b!D26E&XgHhV{m{g+SF7D
zr1d0im_p^S8X*G90=2AI_rBxTE|lKmfDu`uQ3P~ywrGVT!gBXKF$((S*Qd@@;3e-e
zvcKi?X3n4a@+!OE*efT@@&D8iq|c7DM-(4l^tY?o0W!jaF=j8cksT9vg{;oQ^B<gI
zSQ!TW6K%AxMvTnGP-Tm<rA<Wj5Ss-G+lDwPu4T3OD{XpWk_Mi+XsMz!D}nu4ujgNq
zx(`Q(yFZWJe59uWEJI%1IMG`;0iKB5@lKOjX}Ff_%dID2NTdmn>I$Jn{U!MXuO0bq
z*b!K?jq4DfSs06E0bxX5B-oPM*yv6GhyTG<sHmKWcuJ}qP(3kq1;)D=Rx;!VS8OV{
ztqK<j4JF4y*#{sCsqy6QP<UlKyH%T5r-@U-K=*r!uX<o-Lu<Wscm+N@r7}E^C*Apl
z*Hq#!AI3{-7U;YP)857E<EXYOv<?C4?))FSYNjKNo^nZEHUP5qzb|~HXJgjd!LIj`
z?y+wslmG=uXKUi3B~mJ?!nJGns`=wDL?csI1kuF?#+Rd$eL=$rR)VSFE+sj3bVD~;
z07Q)&*5A8e?;DYEKnaNmH{9Ps71f(yY2oo7S=SlE_Prn5S@G+oTVKGMYm5I*zBIwv
zy;XvYrZS=LFBdg1H(*CZMnoFp<|}c0E=%M;P*!yy{v<rV^u6kiBtiZ>O?7e{0&I1}
zSD9ec|JD0~rzd~xckX@-`^pLKhau_=wwhn8RQCIl)K&Zn1Q4||VZ{-QKE|>I?`6W&
zJP=Cz^=43a|2B&L74<IzMq|~BYc={`aAo<~3Cc%=tHQRU)dL|K0S$iM3rXh}uAXU}
zJ=~5!x5W?q)5-1-<?qwoohVXjefLmcGg0AC%z2ZRkOur5HVgs!f+_d5vsJUc(G6>J
zs|U4Xi+yKYKw&P6hbkT|XWocM-G@-i?`ZJ|Sn=`G_x5u(AOZqwCvGt4)CmusMtyej
zn7*NGrc{7pqwZU82T$m`z}iYq_Z4l4&I?<zI6G_hoT!W|Gn>PCFY%(}-(ujsOV{BS
zw5EiEbyWwNVEO<bQyT1%q}noJ#L55yq13SczxqITQDMS>k9qNHno_yfd*@{-Ra@`g
zQ=+r=9D|G57IikqZ8psZ{{ppOnHIKw+0+j?YkPlP&`8l1qLIdbJs>O2`?e~;?Oow-
zZc6WsXSmDeWBlm(Y+{Yc31gIddp1_ekN0T+HM8x`Z;flnEN}otzm+D3GtPW(uPlSC
z;VKYF>4TGMlkjnIdjH!l^7VeIB_oI1*s$sy!c|H245v^#bvj|`2W&)fJV^xfzQVxw
z5?XV59&j^l89XW+P{%(NrKM%x$i$2~NGATrB}fAclkHaHeaR5eof_eM=bsk7f>(EO
zXg)W!uBa?Mr3phM;495yq@9w)be92JE0S(KrC3#40@8g4h>e+NL-}1;;O743@7GL8
zm9{<^UQW(53MqNoSGX&>L}ycK>o9qSQN4u)h6*FXm6Pkvd?k}&AlP{~+d2FsK9Ks+
z<niB2W{~lplj#cwJr-+i7z^H))9V2sG&$!X_I^z<p?j92TeH67db6|w85bb0hwV@{
z_$B?Mk)E(DJ5lDXN4l<3r6nr&>%vVLl$A-q<G#>8P$|>gQ)|Z&i|B0Xi57f{+UInt
zNUwi|y6t3USTh@!^gZx>ztoZcNH6JJ6vO-AgKvqYq<jQ!vZgNFz$^<W_PM-F4|k>q
z7a)JfR!iby@k0rgfNJ3X0AP8<h0mzD!A9o)i&&)Il#{cPEBlai3Ygt&**A?<+#`=H
zG`SDO-bKHYr}^7<8P56ryir$^gju1#P>I_B@`@N)IV7dhhkl&U;aJoT9q+F6wstA4
zYcu5``nYV{ZBx4=*-708*E@3-2~>U4?O^TPc+>Tr#(2V0<_LRrfU$3h$DGMEooo3|
zRr*R-#Mpw#%+w4~@4y}7R10)2=Az80B?cN1u5V|6;SB+CSt^DT-GcFC)99Ja!KFQ@
z5NU;}0Prik!WNi@OPJFAeTP4)usenQrpl`<CHL63PKa17tXRbdh4=pSMWL%YPZWQ<
z7f8Lw?{aa@fTzXweP!|UEn<NIHa0+|2dVH$Ok9%mFernn&G;7fYnSeGa9Wy+YhLu(
zQwtN>>^SjqpzZjg`>kD<s(z$KSs%I)m7oBYlO-WxG%jeP$XfXmZY%15f=@&|sKQaq
zxti03WpJl9=BBx|3Q?>p_&AM2!Bt<Ga;(SFdYuOkJSo{Y%#NmNRdm8@YgOpq4Nyxl
zoV>?+ew4-SjH$b5ZT@)Y=?_Wq<*G;0fF!a3hyF_le(5!#BQJIo_UEFv#smG^34x2%
zRw0`i3Cw6mYIyx&g)?u-@ezXHBZh`J!N5)%1d^E%+n$u%u$Ud|n;m8H28TzbMOna`
z5a0}?U1#Hvj=np1o|pwR!lyn$d%E{>?=O5|)q?)B@0j*llzEu{lfTiW*e>e!1v|U_
zvtDJ^A}6$zS>HEN)u;ChD3QJJW1A9KCgjXrQBB&UY}F2py3D_r(FWwdPobra?fXdZ
zku=?RRdN#kIoMYG2HE&z`iB7?hz=o4y98J)%#NL<rrwYJhTC$Pv=Kb`NhL$HM?L8j
z=bTN*p+}J_j|caFe2Ikal?Zv(NpVpC56Qr~L4Xf|utaJCk4}=Wr56N7AtDm`I_JxH
zI}b@hJ1An@3awt8XT>KmroBKfos0fd_mNN=N6vGzrlzKi1wna8qNG&TBTE7v(DC`W
zGaSUrJ=wVE*981stE;P848c`MD~KlnFkLnht9Qx2(omapkjH;A7$cL@%e6~aj#{6t
zxt3UOaQ-mI7+HxnPxbb@9diY{CLCH!A#*%(^UJKX#T(P+_H)Nm;sdG+R?yi2Y+3co
zcB$lL4QbvpYJ&wrK+u#tKfxIA^@F`5X~gX-_K`ba|2U6lGOG@Y6nD=3M^mN8IftG4
zKF2E~iiH)@kOL#7^A?9n7_$GovvTVZGiDR6(8Zxd#1mvmd)**Q;t>M9Bo>7W9JkF3
zxs$_UCjXIy0_PLC+CH*)<LbD$gouCNdRo6R@1QtUyE4S(UHcjV=dcxVMDi3=BH}?c
zp51@wF*zOQ)(Rz`9#1^fNtc=3&wcL}Vsi(C=Vy!z^4}qh%gbQM>EbLDp61W1M710g
z;6q4AVx<~%E&b*W!Kbt>PJ~4xmLBTiGT?U}KGhm;`4^>5L_8n36Og|TEo7d9=UQ&(
z=*!S6xw<}4I<(6RsQ4hJr>Aq{kb#}zbzLP@h{q0Op%w6po`ZLh^B;hT;Z+)|$Rg77
zv(`d9ZKDE+9vI&L0--YVe`2iZD{jB;EPrwdL&72&sW-%^uA*x7k?4mAQ*;fNsI6bN
zVgvo(_-mjx<4GDfUu3W2DwPDh5t*HY8RqT93mODy0LTLR_Cc@^iVTVj7QWt`8fR2y
zl~s1CVFZ~TI@S&g^@AQ0y-<0O-)=~Q&5_b^_^}gvC7W8ML?PH%J2gFrZ{{CPM5b--
zO89qJVC|R^ZG){y{WNmU9$lugP=VG-h)XkRs}-dU@Rmb_qaEC?YQeKc;rL{9blv$@
z><Yk3>OjdGEIWf`T`<=JX!QSyBOkzrtBsaQgtH>~`@rdaTZqJ+eHqQB*L)?{7WzP9
zRl<_)@A}NIGRe+HO_N_%Nn^1MM^*k1_pm})@*z_~v@%yX4d+@f@Y`QbLqq&97TV=m
zLFawA2@xJ3NQis+IN|iQuw4syfL;LlPCH{b-G3^s!#Iz#QBlztN{<NJv93AtnV%i-
zWG)ar`kil}<nQ69`|42^8r(+-iGGVp%`y7nUnl{!S&_Ocy}xz{d4!6^$?G7ME+G~{
z!xcRS9n)}Ai=Psb_tC(g{47&AmM9eqOhVk=vb}QR1b-iJlDKU2iPukmiR1!G&Y#~N
z7OfqpwFoQ3gsfXvu_3m4sq6S`b+;gYq@<KYA6bW$5K&^Yly5LR_%|<`9WH_%oHW5a
zn5MBB%t#!(X4d8Y{_wo}Vi}?n{^`rVJ0l?Yl`5jA2~EH4Pl5LO2wnly7|RLfXrSmP
zV|~MiLV7`dQV#Hvm5LYQQJ^}|Jqwk?Q=lJY>H?3LX7y|5jn$uY458=jGMzP5^boV)
z%4dY=W0L}sr`a2m>(HVl`2Lz)2jwhn>BH}{jgdK^SYHzVL`oijvU|<l{?cCrNne#x
zw)17r36$L#JFTeB2nm+EGB;S#^?4<c`HVIS*i$E0o;>A!<eCZN0o<QpE0sDNbZFna
zZ{g;@#ch2mscpMjcMXScdRebu?J?u8x543m_$b$0emrZ9##pLi?mOvLLjP4tejFKj
zaW*a?OV&Ezd&%U0^jDt1twKA{Y{x&{Q*1bVaww!v27}fC-&2v~eH+COw1v`R^y@LK
zidvQHd%vSH)0w*k=HrQl!fel5+}-RtRW(ou#|H4j73F&p5@OUV2llH}E7|Pntlq`E
zY<A<}Gw_i{<DMbJ!6#1A1wJv~sg!zO5mJoc3)5Vx(QbRJYossb$15qPY{d4?{iaTj
zNbQ8Yw%;&WO<B9eaYu=kNdJNjfHp#m++4BM?whZjO=IrBQk7FyL7J`p<aj;^ce0Q{
zV0#=o4z2j2f!w|GG}+-Z*m6uM47nf0V5yabogAAPuzB}+Xy;#$_-PzAStvCp2}xX)
z2^$FajYjvRK~8K5C)ass)y8Z2)0@*|NS8u5{o`8A<%269b}H0y1h2Ww&L+K3#O!fE
z3Ejp97QlMT)QNA`z3FP?)I=AnnD5#NO~0cSVxt?_`A4?^9=?+sV0KX=dm8Mp5%U`h
zlRZO<yLxwf|HF&p-b>j7dFP+?vSx<3Fr+10eL1G+Sdle-jCXVqBo%S^{@FEcvwFeh
zmNEtjD1b$1!MEyFnqKXVPgXYVq?aoSJzuG}0ebS{*b%ZQ*V>il`W#y4KUsV4Xpuu*
zWmaF0R!Bb8BS}lR-Ss=MJ|ieFy{4&(vxm)hWF=+lL^+&`k*z8|m;sb7>&TX{`kz5l
z7qRrW%q=8|;X2c&r4ISBz*0B;xCX~Ao>r3Mja!3Pb$%2VLum7;zNGK+A~J+p(XgRC
zz-OPN_{}B|ur&U%sz7E4$j4$rh%4D!!)+dyI6pPt*IIzbh)Z@7Ddr2#+i&vs6_j-4
zyglOe_!2Q3STRl&k)T1Iqnl%o7`*as)g9LmtD9`{YnAr5;g6c1&`@oyrs-Q;j}Pjs
zW-Ihq+O8&0On*0-cKU%y{<_?*yyK)9IQ-&<61;&a45It{^?u2<%h{)LI=5sUEy!NU
zFSU2%Iu4)eeKL5pIIxa~6r~j8Dc{q>l$VnZFDO?3dX5Sq4J=`9O>b_e45U>f$0(qK
zYCVTsOODah6<}FX4=uW*tR+fa`_I22Va1AW_0eeX@N+F2Zo_c!$nm<n2n}!zMJuA$
z@h2-3TQ`v0VJyPjbnR4BC4|vFa~_Xo0)t8}9o|n^9|K+4sgFcO)v!h?$atobXfzr$
z2;SYPS!9%tOAYO30-ShE^7>XBDnz%jw4zA4e@Q3aSN?t-;ct`|8%Qys5YZAYo@M`0
zg<h^cT%UjmGDE#e4OKNY6F{%pu&)Y-K^=MW@Vesa>MC)wKYH>0FZ<}P(c$4w!(8Sd
z=V$l<cA#zUUe>wgF~T^zYQ5I-JBALIi3%bo3*{=`pJfTH-S<0X>O3*i?*1cR(UNym
zM+J*<HC#QqmjM#9Dkj*8S7NvRSkXB>Q+AqIDQwhT(f`k7FG8praB`>B(}p4}M-{bZ
zM6j0O{__9L1iT(p1qB<|p43AaHXG)r@$QHcoNlG+&OZNWV35+o5bW-Jvh6YA{G4J=
zLMFFgW(U7h?2XXB*f5*zSq0RN%m2HY1-zRuSMCL_@SzWPrGG~i1$oALz}VlipFLc@
zz)L4V&;TR=&B}sDu<Nk}-B)r_8rs-;_eP2Q+)+OW{>NgW`0?_^@5ioX$s<;?DmC7`
zhmn!sZAW}SlMb_wg@wgV%V~SY{YlHI-Zu`yasjU!e$UNlZrhjfSl?R8B_EJ5%;rV@
zGsM;nup;wQd}U(r_TqBBGUr1(H*Gxm+;{_VP>&6$YH&b37g2-i3A&xMn7&uUmWf?r
z?UTU4rKGAF4~o@_@aw&<wD(k|NXwPLog+;4B+lA(UUW>qalOI*bSUWbT4JVEj}6IB
z(fJifBkY<}k$hRf<MkFK3M5>cG^^m2ff*c#-Gg2_4khnDgD=Ioh;wj?etoA8`l*ab
zK&5?<6{ij>BI&)rktQXlGZYJ!!{q!~V_}^4GCw_|T`)nxpy9gz0NHMtTacc61Q#Iz
zrvpVkjRN%A*7;@<qrSr6#kRF(bwK*h5AS}dmpLrf+xXPmEY9o(<LRAgF{b={FB)<L
zT#ZZ4>bgv;VK~l#aWN}G8ZpM!MU_nluD0|qvU!jfiOBitQSgp}f_H5`=lj1;?TH(9
zP$S*EYvnfRvSw5!#GL#+MugmZsww>xlgy*ySi+ns0b2as7p?^ON8S0&xj-|?f$E!=
zgzxCbq)}94&r};;Q7_fo5K3u`d;uT80ouhT0=_uxqtoY&Pn_pYd>7GW0G4?DF(Q;z
z`;2Sp8H5lTO~VFn*3P>i3#chPvbJ#kXqXi|RTXI3XyVuZ;78BW8=YgQ+>&Hzm$LST
zPQ61fFg0d9p3(m9dRXo*K<WzI7m7)yu$T?>M>py)gXwnXYJW0ZHieO1r^Z-1SFh5|
z)YLRZF_XvPk$sf^_j`7BVA7$&4%D1=G~e)~K5P^Y#D+u9%E*P*c;=QI2z}RY$du}K
zkbXv(8q8IHpUUJn+?2=v5R<@nyGq648Mxq&1qzTM0&QNBv05c`;w@VOpg&h}lS&+q
zB#@V$0Gu-L^ucBZVX-r@^nSF>*>+s^Y*(PVGhI3^1+x4&P|pU#zzT`Ew>)n5<<iSW
z50)tPPT%e;vvML)JB+AtU3O->N~Gflk+!SOVJd;L{pU}gTp2(td>B#SFU9cZ&)|Ca
z>T9-taPaX*=xBA>m$j}fG}6CUlBBu0?b#z`8o%4wL{vP_$lo!iG93Jgr=0(7Ix>{a
zX*ILe*w`4N2ef&TG#%G3atS`{<$Eodu!5b+*0*$%1)unF(yZk5{scwFuQo^lEmapT
zRX23=53|hfzaVO|xJ>h|x7I#5(Glvg$#2d3{DwSryEI#yk>-47wncvXGN*HjyT_9C
z9y;cYONL_@oO*A_nYNOmaTO;{_8VIw_OI`M0^|@ca1h~HP`fecLE~Dx{cVX2Hn|qb
z6(O;AIe6pGdQM=&wDbpbFe)(cpjTpTvm=!B)USF&dIO8RT<YtA{f%8Rb{SLOnt9X7
zrv>w^{+5%CmjN=#vgvwvZ|$(?NTVY)4Yr$~W$$>DwT7BE3}qrB=W9JVT{sQ>wDt7?
zvKEu!lqV+b`YoZ`C8zAIt*!rF7@wo+fthGBA;BoC0+3(9zhTsP+zDF82Px0!a?%^?
zR#wqw&Ak*fv?s(9&-9@}G8JAo*y`dTsedODa@NFbl5PnO&a@}@uZ5<28el^grkJ;U
z`!E}+(2IJg+6*iE!E($z>|;M*C^OudnJ{Axz4zlYxW(EJYQXKE&P^mitTxS{Riv@W
ziWV)6Z%>8ax`yl3UI6bR_Ae<Wm!28Fps<>`@)uiqzBX*1M;={Nb^rpUE_Xnwp5^ZP
zj;Qz8`*>;X7-7)<GJnEzNz$x*@n>n!HIl*d(jU{XX!BaF2Ncr3zkvq;tMog`?PFGU
z)<~V(${_d&A2>GMO<^*Nn0K?C4;VP^KfJbN`0ybCml<pUuXhLM=jG*P&d<*eR5orz
z*o+E39`zR#P-%p=L4ZUQ)Ta6K$A>;_)~o$Qf7S^P#~O_-b(^emB0&*nAFE)X;1o!_
z>os;p;iRf~iUS)ufbwcf+`;-}$tmYAo8To>B5?iNSQ2BW*9Dzk1CdP<L_R%)?7w%0
z8yiH?@0K$;3YFRI^W<DV9f}<q7Uz9wrqALbZuQyayI-iqKJnIRo^*i?=>5!)2UUI&
zfK!2D2U1p@dAEf=M!T&q^pL<V8pT5QH{|oSmV4!riXh!XVEfvS4P46GOMEUYti8bF
zba$v{zQjyVr>_m&BCC}QX{I2zrL8E?r(xT?4~cwsG<M*8MaC8N(i7rvn;)y9q1sb4
zT}DsOY^v+PMk^x=Vb7PP42MQ~bhBVp>Ed-<H(S&<Ffe<)Ke>Ab<|1yvyS2c_Pj@zS
z*r~*p^*?xk*DC@V$gL@a`{GrMQl3Jub-UOeRrUfTHI2emsXcB?MHd)a+<!a0tzW4c
zZKzC4v2aL4m$I*WkH5xFCMaB=(N7^aA-Y*b|GlvjZ@GfvIin`EA~CNMBQgpfJ&+J_
z`~bqd;>pihf+<GJp&Nv(3hG`sB*VE`XE`}y+5D$~CS}<p+H<p0ty}b$NsI_5nJz^4
zoOWr~R&lYK7Kii4XN_LgI!+^a=dZW9lRZ!!Nv^fZAv7UDg)h5V>vsRn0}~9@YS0hL
zwE1;FgyVbgg%ntaF*N+-uo+3yOH0M-JA~b@_#IMszbg<tQrwk#@}fQh?_6A5&WX5f
zk2(N{&Hfif{_`MOYU=H&v-KV~q5G}G!w^&wt;zV)&$*4*Z<?Q=n3l~cXYXrkdy&yn
zS)}P7nKRH;o?oeR_t?O_gZ<T~ZU56$5@SJ;IqZW?nbhzgHCLC&muUnQ+_ujb6Ah(@
z|Bt7ufT}9mwsdzZof48tcXvv6Bi$W`?hZk^m6q;qP!N#r?(Y7F_y7B2+zn$W7w_1v
zv({X5&b=4#PAx>kWb}m42V|W-j|zy@dcMp4GT6Nd2wQ~HaCAo(Nh+eSN-Wvob2Ngz
zs?7nMd~)5d%goaXF61M1k3-Ic{;)V-9m9U2G>6T5QVrQU@HFUmkfcPKS^4wp!5K7G
z-9K(#o_#%jzE+-OWgsfy{?iESW$Kcg8dIU4Z(zL}Y3<E0G&Z_9EclY(7X;tv<A6`r
z>g^8Hw7Ty;w4U^AJ5`%(4t(lAYVCZ&su~O$+?@E9n)(9=7q<vpdgd$yM9VF%3>kc$
z7Y)1F-gaMXY;5okC~}otP~R#SfCa4%OSnKLr2R=5A?!5gH1T%*P*EB_BMLGGPeLvf
zGs%%yP;9>K`>#D>tj%aml}~@6iz{SV0b9LD{sQ<JY{?RC<<LWSblLP21xYZ0{a4NT
z5B|$<nU&Io9uTsoq>V%#-+hf(iYTEw+;zu-bjnuw1$7G>`K`uRMOVOuqHr5zuavF`
z5a2tKcT2b(HXHM9{|@bb?#G9W;0Rp7xSzY}J4^|@s2AV3JF#j01lY>id~96uX1;w|
zea*TJyoeR6n*H>3OA0QAXxKN7UqW6Dmr%W&Yg5qaqUni=n+UD9!}qb}bg{AOv8<}&
zK`m)mb+*c&Gw62NeKmA{>IbRaItK`uao-5B*FIP|!^2)2k8Jx`7#CAMx3vvSvH;U9
z(B#rH>-T#f*O?2@yW;tO&vM_s+GPp9p0uh9%1)mcCM_JaT`F>!hNzY?$#oETU7VsB
z%pC4q<2!X<H@Ds7<0RG0=#yO&v5MXDFTW^o^Wc5d-OEF^J`SDW`ox|JNZx?Do{Wq(
z*9B6czWM#2N?Xp<kL`2zqC7kWqQqVN(wBl3C}8FfKIhFh7`)tRD>?#>=$y6-B)a{5
zd_(`NIGCsq=~><0LhDM%wX+W2a%QGt(|ae5D!r&>E7-sPW@gf7Ds(u%f?*Lv;(Mj+
zZe?Y){ZqNXjsN*->hSUUa5nO+0JJSezMcM_NFNqmL-G<GZ5}+1ojtT~M^tKf-LQiP
zh;UIs%1XM?c(F630L;-$o^iB60ef?rPLHTP>kdk0bxO<j<si#P$m{hlm4u`*t@Zu@
zt4;rIb+xbjvg}q|VAd|g-GHa@r{OSE(@uahp|ke{9%YXdo#x?g)c$_l%e=0?|33kg
zX5D<UZF0OCM$5C9-L7PWS;3`?rXHYrO&;j>Hji`eRFG}bQ!!|CtHeoe-0-%PR@h0%
zc?xEzY`=MmDT_*6EW>YZ_j0^!zuj=*np0QldDt+XVKx|h$>KftYHwP$TRz_$oDu-D
zN1dX;y{U+tTr@u?XX916b>;j;AGV@RR78aGzV`pA2w+BGjYHle0lut4*89FkEi`@9
zpz@7Nh2n?rrtBQ7J@|5jTL1O)d$iNJ$W3oxAR}>kqM-H4f!nBmQ0Ym~GT`7^Cbc#o
zH3C7GTQZi=*>#I{dBeTuhrXFhD&7z(yMv+5<uf6EuSVy5wQ^-{&$)V`A*=*9Xb)(c
zIyGFm^3CL<fMQgo2b8@ki3Fbq&rWmh_yvUUsO=sq!{eNb@=@@{@W{7J_6nUl^|@k+
z<8jJRqqcXKpuF0%Bfy}z1@2{yjg1!oK74XzIB3zqShKykYQD2g(l2US(!-IsV6>R`
zM&f4jcw#|h{K0GYzCFoqbw541zZhj+jgOC4n(72zgTR5FcWVzB_8raJD+3@8^%g6a
zigIn`5?=gyutUQI#(TIHp&1>N*flpa{Ikq_D5)ochE=ms%L};++io!6`Rm<RTP7l#
z>uzlI_=f-osJ_FHMDah3KTLbC(S^IezJksBI(YV{ompsM;AEL<d7lT#Hf^T4qT4P+
z5FiEpm)STeVKVhRzWL28tbKP;{k7h`?k@<VuOB**m*Kl|9W7o3e3C!<PaAY~(*%xV
zP*!*@LR)9uwUuWeOX?V1R7}KAweu==KC$^e+}h``>h@?RCN&>C9KJ2cxlZTZ?+XbP
zhqIf%7Qrw{KRB?uELAHDE!VEM8VW)e0QM9V6$QE7j^?t)`7Y(8$FunfdEUx%792Y=
zm{vc(50Ak=pKz%kJ4_kwYf!uJIz;ktQ{T&ev?b?9r~S6e?Mq2gs#M2Y>xY_=+VFB0
zSrBhP;I+D*rKCpE#>h$xo;lgEP4GqySR@J3VurC_ZLTzdl`2dwE#^8tTQ>mG?N>Y5
z>mVk+QbDQW86IQU2HU@gv}oN+4F?jEaz9pcnw_9%vhZGYK$<MfxGf!~py?m(jI2s%
zjKXdYG;!GhYmg@oC+_3V9g%qZ^Hrq$kJp<G@FZP!wbic6EuW74&`(xS{TGjCQc_aP
ze9pSz-;sh}sR|~(9<Q`}?*rGf2A$iIf)5iM?fUZFIH^nrQ&mkYeKg?^mhU08t{Olg
zn!t<ymHlp8vO6iHf$bb`c=X1L{D=Fao`$25Lo1bvTa7A(={rwb*_7t^kB?_Zeehkw
z2;T`azQJ_fcq#{9n!a;tE_6FyJy=!$;_0?&Y2V}N?!jkRhFnSbcn3_cRX>838IpQ=
z3gR8r?^o7!DpRaBiFJSZN$J8q#D(IMk}+NFil{YvxRqxxPh{f#wW>!U;!ezIdt!^A
zquX^;?B~WN#_kPA#3o=hf<lK*+1|FuoaZdp6b3;Tgl2{MW-KwU*Xdk!!L2>;xR~(~
zPxd-jIOs<3Vu<qa2Oys@bAhg%*Ax!o3`e6gd9HK`p_LcCOOsoh<fom{O5~Ll&^HQO
zV0ge^bCFR2BbAz)uL`qYiFN)9!KHfUt6?8b)6UD-HrsM?(BfL{Yv!}(4a@iUpz=$H
zw!-mXC3T2*?^RHRmfbg-E%3-%{~;YBNvM(V#s+kx7=rE&Y3bHOO9DRO8`70`5ASyd
zBHTbTC;fXnKrS1dfYR1|+@fOi9O2rO+m{>=JFMDv>PcmwUZ}P(DSKI=E-pM<&Uua=
z{ULEitE}sgI5nB(boocF`QE%upV_<7mUolC#<mwuSK$LlH#t9CS&r72jfOJoG}ttO
zy|5YB3j=Yaf_{U}<NS>RpFY)YJEV$Cgn-87368O+B%Ae|wyL?Q?JIi*L5h>Tyfn_T
zW(Z4$)u)hXjcGv_g(LM6`Ll>vsTVwbdlM#*5576=CIHq4=Cuz>*JALscbzA+(R>iu
zA&Hl-;F=D`hIZ!;GQ5Rh^b05vaA2J+KHFEc0?zFS7;zuw{xW0ad}@}U?3{uvSR3K(
z`-sgXS20_{a%@+SU-Y+~z48*gd!V+>NVyD!x&Q^Pvh9SY<MuMgghf{f!0hMFoA|o-
z$$`ul4sFYN^#PCLjWU{%YF*thjwOnh${yXGB;|IZvc5T**Q&J`@1W=4Xvov3(wDRY
znzz6GS$%!E)!C&eQF0;wCnx9la_;r?stNst!Ob247)xbXSgp!sPlD_Z={>|Xh}5H|
z;6Xc%S1qeupA$}d=52btzhv!csNQOKR&-?xwe0&<B2BN+{qt{$hO1iQLX&GqcuVo>
zY;2@I(Fz@%X#k@`MkKob<N$?rjD!j+0FBQi)D|Kkm$18O?@!pV%u4Z@yX?N<H_2H&
zX_%Yj?F49$!S7!1yx{!{^*$zaNx$9Wp(u54zRG|Qu6*ySakPYlVtU`6bP@zDGsEQ%
z>k4ggz52RR`>$WaL11A00z!n#9N@*%-q?6!KTkC5<oV^cv-1V40;g+4G9f_z@qdug
z=YRK<)HG3mHx=Z@wT#`ho?_N&H60TlZqbHRr>&X;;Xh}y!S}SwivlICxJ8pP^&Jv?
zl*aNZqK*wAeRlZe1{i*w0wbsGSf!tIZPMy$YTCQ2;A3tDt9a<>_;gZb3&C?aam@5s
zu8`_~`AJHI>0W+bR~~nS07x-#E!QbHjHIAR<00t<K}wP%W$1X<otu;kPeLJO<3-8R
zK%e<&o-E&Fabzc-9;W*IT<-Ozv3WBuY{7Faa!f>99ZzG`kN0iq$A#(XG}d$|#~&@#
zAvP|?%pOi>^0?AlPUMRh;4x}{rl+SL`JR&Ex)I4xId`+<JPz1O$;j}GrVxhYZ@wA!
zUrNx^Ob1|*;;~*YBN}@e^@G6|_iM5(@2o_JohakeO@_lpxC_L^b~FPIvq5Drr{6oT
z=~l*%K7=Rt!_7J1Knw76hE;I-#eV1dN{+~F?N_rF-+F|!;zHLT20Q#P+X@AmB0_x8
ziRd-s%{vxQf21LE%8Lv9XLAlS-vSkTWcPe0<j2ftY2iNB%mUzj^f){k8$LP#1WqJM
zu!kA^jWpm+55Iy3!b)bv<w8GQ^113Re5}e?ZS&SbsMBT?9gJQtN!9O3O#augspet@
zO48trhP>5y@}=vn)4xg@g9B=1V|9;=ydM)pe@p@IT=)LwWzHG^{JUT&$a#;Cud(_=
zF{gLxhvMqpUs3dWB9$++Jdkf5gD|O(>;Q(g0Bi;WyG99y1T;|;pG~cOSHPvQa7)a1
zhuLfc_AKLZZN8C;T6}`LT1VWlq45qvdY(b>BigKm=r*gzZCqaK$NQgEp@0CQ-~%UB
z1K`x7U-Rp}L3p#UiH8MOsQ{A|RC4v(Ry+AKz1<8Ck{4mC_!e5ugL{@^>**3Sujl89
ztEQspa^t{yI4-;C6OSQ6)kLJC)M=OPQC*jx%g4<abNYIb8r{4>#A`vv#ACd<`Hs_*
zZIeb3F8Anc{gbijW~tief6`XY&#$%az=<RKDnJBe$=;ToI58}%iqRF~l*q}jft*P5
z$6KQ`+uy%AY&z%7?Fcy<5*C#rY4Z|)hUZ6xQ!H2QUOa9VOqGo7XCAn;-0_jdk$@Kr
z`gE?2f2UlX-M#ed)TgGlIzK<3d0U4w6`T792RrkNi$5y$+j-tp5VkpUpjgQi9hWTm
z+YimJ)S7x<;S1}+pJsno(zwKQ!?gW?gy&3}b*>GzDhYYPRBVy9Iw~ung>Lu*;TBdO
zy-ZVdZ%UIS7xvA6{6i6A$7P}5?hW<YQdPa^L!Yu5V(>F!v<}m9y@A=x%lsr{T8q99
zX<|0(-|0Y@-`7W?>W_yip#PE=KA*eN!GG%sRZA)DgVzTsA|x48%${=l(LW{B!(MU%
zVdv{AoXOsC#8E{V90Br#BXn3SCo9AQUy8fzM{pdPb@|%7HRAa%XvracNYMF6;=X5O
zl;LAx<%5e&N?EzO22_9Mv$M0M!H&P}M@fnFXg#eh6ul7bAF)UvjBI^++iFym>BoS2
zeVO?2IluR;PtLiL%ctGx&O=fL28tq*q#3DfZ1ESVg$XOB4Wftx6=k@mdT6PZ>88U$
zUARzrDsuP4q4A36+FjM*6YEbL30UkO>?f*5C!0r_KI9hCw;o1Ne)w`h02dSv+Bmz$
z>TP+_*~O&E9e+gv&0=zxR9%KFhQ^i=^4>SO8Q-;{6yqjYjjA>Gj`zY>Vq?>qeYhi$
zkudOasee8G@f5BJre|Ql%@OcjFj?*J<-a*z+%3q<Q#Lg-OJVhWxN7?T$%12zQa-Ql
zqpH7>Hpx0h!vR)#O=7x<S^rkqL$_$tjKC)O+8*_DdrvGhfUT}FSk^FfsXA;Tmbdu*
zh-}Xd?z4;3c<@jCn8w7zLuGxWqt`l1<M2W1n16|rwX#T7r>ZOj{;_#mhwf|;q0yMH
zUd~x%JQ+}Kc7-MS1`4ggs1fX&*<vnp=oQ0PUzyMD`<fYPf{zAd)>n#)^8)rqzpeMq
z*KV^2k35F90N?PIBw~XXhY}$CEi5ge%2vG_?F-tXkFM}=aV`4>25w?wVvgILwq+`_
zvsVZ|eE5+Jig^Qb^Ygg%JKni%21<}338))hLiD2n@Qv1f>OiW#9?g~a$&L7A-C-vJ
z0XL!21X=wP_xD1oBG#>Tn2k!P*zEc^_~$r2l;+qxV56`;zTtChKb)M6v|!w|{{y)<
z8i~*l=GsN|!eEh9^gyR~dL#Ci#yS}sSXUypd!NJ|&@ZOBQ)=~@k*JCes&6P5A-2N~
zb+M-bRF9>NeXo~z-^IH)z@vA8_s;K5>8_Y!Phfh#qxE2P<VxxfEQmrDxWCc)>UKaC
zhB$%_poIkuo{sq4`3QioI#<_;>3=xU-%x-;DRIs(UtB)1i+4r8TT@jdr(;quyv=x6
zg9LvL6c-Ms%QWD2$8$KjfS0zY#6%VG+mmI3H-L?p<M&`0SW{C&bnuz(l;JH1zQH$I
z9lX4gyEuczu+}$<T!E5ogth>v8GZv<^5GB(rc+jja&C&jqisDe<;+4gD#O=t0KAW@
zw!n#C@<Q5e#d0GhQqH`8EpzTi8u)^ABkTYjd@I4^RGh@|bgt2*9zHU1kt^#-ijXKw
zRq<pDYOzFSe*{BZ*Tm~Q-Dd;#+*Vu`Dj}Z|_3z11NukTuVv;5q7dn9vWdVRioRmRW
zg#0K?QX`BSZebqZL!znoru!b@JEQFeTL%~Cq+S@Eu!}^jqo*xw({|*^G6_9d<Qd<`
zo`DsTnVXwEGYfcj)EM=2YFLOlB&0oF2eJn=qHyjq^*l1>xMXW_u{8x#s+FzyRcl;a
zTp2n#y5hI>`ndY~^!f8=AQI%UCU^g2;PcuoHSJbBanKT@fT@8|c4<2OlsDrapN~V|
zXG;7XO!qRY_f}g(Tv(c|Id}W^IpXgHA+cr#HX~Q|JyL{8R7)Td1Zf&fVV`Uj<hyj2
zgHK2}68qtWE*M(0FasFm90jyo@x>L2P2rguDCXJ!a>B8ZCg9owMi<moUZP*{4cYov
zqXwzXv|Tf5u_+?FXO@`70D);jO<_(9EaFgGAr}Ob=^USWPPU|BJ4qidy5%JQ{6s8?
zSkk!u96uzQR+Fcxkxi#_E;_^rR#uP42lhxLBqdEH|NJK(oSoeQvMN6V6-Qx6<4Oa`
z-`9r_;q^A?pFU{<i;KPBM*0#FPxSYRjhzNlM1PA#3%!3ZPOD;uAbUPH5k8d?kwc*$
z8SUP^d>0ZDlHO>yT+`}$_-(l-1i2Xw4z4OID=Uf9W)8#J&W`Dx88&1Rf_Sr$s>t?&
zrnTX<Geq>y?IfQm6uW{}ep-9TQ)&go$3@hS4&|11<1*yHOmT8UP$Cj$w0#XEqpu2@
zYn4KcyGdr2*tMD}{9HtS-Z++!$g>19Ox?Bh&cz{*ae+4KkHl~yBhJPa7A>*hf3{+&
zp{e^_5vKvLi-)H;UuXA|lvK!hX?&N%zb1y_D+Ww?4|6jW5DIq2Do8_O226CDR*OKP
zz(Mm@R8;Q+VWfYHBzZs5VGFC7Q3on!i`ke`oh-M6Y=~eAe~<AW-z4X!hTW&5Yr5lP
zMc-elAk17^THD$Q^&1;gQpZfn6G=d(`Sy*ax~{K@+gV9VIUsmWGhq32YReP?B6ZZv
z%)){&o5ywJ>|e>3laY~;Z5kSyamhFmUwd%;f%Fj?K+!^X5#(n~`={W+^W2hxF6Sas
zWTZS2*?(C!04Yx#3;8kqw8*su(@q`VkBgnHL~p9HLNQ&dZ0bi24TnBxB8TK0OT@LZ
zFc7K;2-A|8GGrL3yy-kCt*a@$W8o5d5^eF*P`R<#S9;_Mf^2%2#Uq2Dd$f}Bhw!h~
znu0+9APNVd-9-*FnE%=S+fjwIGbws)#c_P!<lvvFaTkgdZ{@)^sYK$7=t01!CfeLm
zOk>VyfcCmS)gQYKCM8OC-0zCnWS7I(rWWRbk4)a;!pfNZ-q#|`yu6xo3nC>keEvVE
zsEq~>riY|#^NoU&O$EI}YX@W3kE%_SR8<0j_S#RnZEY+=z0g@#3*X6w;YF3D5uf#R
z|E~7K-fdxTZSNrU4P_B>#=nMMHKnAcGJN>(A%hxR$4kwhgk)vQa@|i?ETiz5V?mUY
zkWU_W(IE<pAkLAz{>t#>zg_}da9o*i;EtDO(sXZ&d~J^z0lf$>ndl(2B5;z#<ET7~
z8xj+4Sd)hx3^U|wxYsn$9%e8LIr~DrY9Ih-!#(lxQF!&kL5senjEBR-smu#s+2{jK
zinNJ`s4ss0NOK{giVN~j1Ckj6W03=73{>Kp)*f$svY~B=TS_T9V^P&_(62`nMG@0&
z!<EN;w*nUr+`~sr&RX<QCIDU(><4#upBm>6|JcQu6}CEjBGRm9F?^5TZ`dsfX_aiz
z<I+UIVk0A89W3HEprJWj--MQW9X>Vt)SAmjMa8wKs;jQKd2rc<g#~q+_7ocka(R38
z^iN^y$@jxJscePDb_ldVL9O9pKnUc-{TLn&j|mq7V?6O>=`G>`u$oW`3L5aTu}unq
zEBlYRb98jHlb)_FiQP)uy+SIJ-iXeluhIeuSV&A|)nK){E20t*&mXEJv|`FxF7Nwd
zo%e6MuD=vY>vHi5>7s|1*gl)|(Cwj8>qJp-)Jgb2Z1LM<K-%!koR#tvx&EXrvp*~=
zT0G-Mfg7G{0{oEncG2#b;(cNhYr=z6k|Vxf!?tKajg!cdFhtggQLM2CKL`*+yBFz+
z^c*foZ_pRfT4h7%cakAPGfy3MswdyRAjXe4Q7q&K4ZoVuv9NFqq}z80cLqR<cf1_j
zJ7>NgGK(3s($H#HqVO@{D<&nKf98INuaMalr_*4V2IP?Xe2@<`%MnOqCZhzi-1&j$
z;mx~CPd=*tez4}EJ$By1fdSo<e|=~q=;2T{7A0cHLcmhn5c<8IorX!%KeC2xDJmB4
zbFGDdClth*1J_Y`dHL7}h0HyljXp$lSlAGH4UO4HVPRo>?R!S01q^T>w}J-y76d<~
z`R4;jbQ2?<5`J!^k~U7vq|h(R^6E|8YNkbvCrI@_wE<gSm132%_foPH(&H$_Tg@rB
z(4CbPz|*>|N)6Vp<j;kZ*@+FkSuBYtOwpgUu>6qy(aj^>N3e?9aE5FLpy%&!yX*<m
z&2vU~v0K+xTuIvMuC0*cmp)#&n@y%K6e9y>{Z!?jE?k}^0RJm_Y3ryZ%pngcner38
z4;yMwG9x1d?3P$~eiza~sN2Bv1#;~36*m2dS!0)uzItdB@EQXyRAe2U=<lr1D<*>@
zM-LlHD(aycLJ(slyfmJ_l4<Gby7S%b=jIkgbu{ol;zjvX&l|FRH>{qgWuonx0wm+&
zZ}u?RRK6&yX<d5yre{Xif3l!396<TFQYUSGnLh+ajf;!o;64c9?hauJ|EoopfrCQi
zub`@$T9L!`!SoBnPl!B(T&Up53$PsM{u39^0!Iy*E8=DFk$K6%FcHB7`eE5F(v2M8
zkWrA6C-P<D?MUA$rDGs&MbK%X0s<lr&~8i+pI!Z{NBv)VsST1Qos#h)8ZPUdl23db
zHz?V&skC>^6SANk@%~P7jJR{as=uI!Wx=zN{0p~a3iByWQImduzeq&(X!$%@*~58V
zHQ!Gp1t>kvEj!d~?(U)bD~f#?Sq>%Mik9Q?BT<;pp-?pm9Ht0^AwYrq2zcEN4DfsZ
zZPww8*tFMc4h&lL{Sfs%lA4+hkyr2@#z%mZQsC*A_$e#|@@$o)f*XgOUh`!6A<FG-
z7zoRM{i=u65f(nU^w4FhnVd=hw-V{{GOx4}josDN<z!_bbD5T6f|IRB$-tmbw>30z
z1J3VNiS})~bmhFUWmN&?vhwNZOw_%1vx1e2-^+J8u+ANFf69?Owf~6nQ&Pd)WLW)E
zLt~#;uE_(L=<(&rx>>6$%l(z$!ytsgABc`tUEYc;3PBIuwV{TGydW8R|BCPqGD{C4
z_$PM=k8`mR?Dy;ciYie(6qEQ))ZoshN*D5lRSkN`NR5+~QUf^wp*e%eaqBzN{lSJ0
z;BPTP!6Zg6uzoOmFC?l%=&VsS@G}CNIu^H>dNgIuhNJx9Mtn5@+GuwxSU^F6(T&*%
zCnfop*{S}~atrS6%M-Sb<wMp1i~X^-T&7^B^sPmW=ANB-=!v<xJWtM~*O>?3Q;jX*
zTWGTAfRFK>DPS7hc4UKS@nuC4jHAzSd7DE)s}og2LCVY1M#Q3q7giIy=?hq4d7R7#
zyKc$2Ny`{&tRg{-=4$eDSyG9|R_xNssGWZM4#zo%9g@n_#yIo6yV%HD%KQ@TdW8&S
zSfO9U-R3D2ImccaF-408e!&~=A}w{OI!Dvx`}`dW2A<lbWvw3C;T~t0kF8F(_$c!?
z71C6x?LTr52J!LzavO}L;q+<s@ZKEH0VMS8u$RYzcYBSyYZOVZh`BJH;ZOr@UtcQB
z<wuRHe;w71uYpv<&FNCa;`(|F&#G@B%$Hyq6=nTc3&k7?uvk|av_mCzLnQS>B@M%X
zuOMJJ7(|g*D5%4!2??6D5Ro?b7O#Fp3+;qzxa{}(J0Q*$WWi88T^9YD&0oRAE29%4
zz^<Gg=ci%Vub-HAwkk|^Kx8R#Y9#MO+IOt3dP?EIEu?^FNM$<y-ZugvJfYS)7E$nS
zy5hA;Li5*W)j$<_M}ZP_`|vx5L`}w6HDJY5eBPU$t|V_Ld(g29c$AI}p(P4sKk?E<
zbGUOh?p*k)EfSF15susFy?eCi0=aR79IZ83=e+nH*R1ddB~6o`Rysj+i)-%!F|TP&
zL9WHu@GQw#!|OUrk4NoDe;Ld<bdqRC=bhZf0!r2C!ru~!*dSh;dswt@a)0Ew0gmSa
z1`#LUdHXaPL95#>(x|=5pdFEsP57QJ^D%n$nG@VJ<{Ux$tJvt8NTjRi=v)g^n4qyN
zBO_~M243DYEgezik_2SDWUt`YThbe!n|G1ORw8Pst?q+!xD0;}vn+e3yl?xm6g<cC
zpn@rQe?LHxo<i=}Q(hk>I(?Q41~SX-vf-hENunvn<5`4H_w(KHM+z~>CXf92qAS}U
zDk@=pJR|?@0{nzSQZ!Xjwa{=wXk+V)UBmocH_nAOIg>s}`q0vx!=mP*mF5Qv{>|-o
zvxhyqppAz^*+-~lIkAuSVw>YzQ=4?)Anb|ci~x;-{~Rjh*prH&v>sMAkQ9LViO^j^
zhl(*GJl1<QqAUd_IXQ*Z{K4h7R{MK7<yM(Lxvk&dq3O2-uL5_FyTLMwh27pqn&m4U
z#3=8^rDxv4@RipSOF1vEi3lfn&wAF1J#v=%Wk>$^`OU!3;iPpwA1)sELpW#?69o9_
zb5Fi4Q;SVc3ApSZKQ=u9FCMlWK4A$fdZ*gjZu{S{rqIc$DdY@{s9Khm5dQIBen7-y
zaeiT7(43#|9vMSxKRWum{2N719sV>b5i_E?dal|ESHHu9oU6E`4EeQ4c4Bpr5JlNH
z14o7!e4vL&EGzis%dN{jL|<VBe8hCiA}@z~VN;=(xS*RNzIJ>B@M~Mi+ZHF|zy92D
z&Eh#}HkfJBv%M$O<PS8ZkrJKIxlqeQ_i6RN>i@lngmRN~;)6t2B&|r{%dMrNJ@*YK
zp14+6U^1rDvB8Z-!X)9!=IVi)PI}8p%ITpFHL=R`I_E+DRQn-+ux8GG7H92hTtyyV
z+p8-W*WU~nHd&+xLOiLeC~3s#E!g0aBJ|zd?p$u|2;3~S8kt=g89&a~Ar{cc_pDUt
zIC9E}NbmBlY;F0EZU!(?LiX%lCfsi!(lgL^nb+o3mLNWlWtlnI!UaL%Gcz}Nc;*%U
zL`WbfZ*sc%xM9Bvrx?7q;lRb^yoE4E#0}+t<+j(k7()9S7?-@MwfKocKbycwga%J1
zEiEN2({tY`b(##u`$w-^JOnH-&Iw$P>DOgW@wN8%=kN%^|G~5K#>$kIo_*&;uO#)G
zqwR%63PHk<In2w4ByfY*H;>N@Y`6CBUxiBbtCFTfTR=v6r?ZM!ruqATS@Nq{rD{6X
z$Gk(@5-29%g<a74086sc#6b4iZRq+!I(Plhok4V!nI_+~4`sjVT)_EYa3H65H|bK-
zCh>9t;~t#+?DZb#4K+{*FTZ~hh^7%y6;^(_JN$7lE?t0aI46V{6(vZg6V3C%4<$*u
z2gP@{al8$kDeUPr3Js2=UkVqZWV!?!uUzK?{^A1AlBTJ-maz&9#>8Vh)%f!2o13w7
zy?~T~ISOHDb*+WTzd~sxWn1lga~Tz^K)+YwiP_3LvZ@A0;Sc=$nzx4^?rLgkt=;S+
z(nH}SeD28K)`gR^<MD>LF26e(`lk4md3(^{_Qv$(ZbkN|NsMhXGpX<hVG+6LwKVk~
zfI^^NBIL=*ubNtKW{q3q)sB7*26ZwfdYNCm{l>NHtY%1|iWzVz>PTaSb@p#iXU(a(
z{x*knFoEr7B_5;u7YjkMJz(pRVQ?5a#Q~7C!=qCy(FvtyTB|7hwc~ARBOx2Cp2bLf
zuxfE<y4L4jXr%T2#=gA0tY;VUaRwTITb42;Dl%KU9NrzO0eaU1EpDY#pvlkmQO|eG
z{@kW)n{t{yT`a&MLd+i{a*Mb<9!#!&x!868ZA`Hi^!iiJZb%)5h(922Gh#~DdsEF^
zUbLBu!IWInhC{c#?bpL$Ro+rxn1|NJ#&JwQZzwtaXPoX2iWD4dDqBpDLQdF#-*N}>
z;LS;Yn&lLW`2fn-{XHqyoV3H)^V^r_@J_mw{?p^b*>EIOan-N15H;A~*i^*b^<Gx1
zNvgef?>Syjk@5<v;{4xz!eB9h10N2uml?*TR#)U(yVZfH-*UtF@t;s=u+z1*mDJVx
z4^x?`zx~E-^NrebAHI?Fd%}DGBqZKCs>5*1z0JM3ozdNNS+FbWSp5a5F_r~=x(o#o
z)ZIlUC>Wi|iLULX(j=!sYYd_%3h<9Q-KHcSpbd*YtZ~Dp)ukUH480#8?%L0>A~`tV
zNL@t5T!v00FWy&eV$#=Dm#R1y2^8m&Zhz0n-_;#d-Xjy_P#nRs3*0C}PEM+-L8Zn)
zY<`RK;}?XNY9oK~5eGf{uF(*BCKqR8=Fpu!Di*mgkck>UOi#NRRT6i(QxGQe8^sD~
zmT@{u1r5b|Zy|;%*9-+I)ScL*v%~EyHj<}TbmvE8Bj!cr5D=e}p*ByJt4|(Jjg}kj
zN5?7<f8pY+aX3*e0TQu&8JR@7Xh<Sw!%2bq!7VuWIBR=~g6nr3z77tK0cEN9aNb@s
z*py&)Sl=DrJbiuyQKoXiZa+viZLN#)dEQ|F&rfen{2He#{R661en>q=3mhDQfY;~H
zI1*Hdp+931PZc_1$x9uKv&-mkNr+%K3-$wVyweWA!SQ!uHmtazA$L5ecYSTU)?&zO
zHYhRWTj=h)cSCaW{otodnEm5>k0lH|1>_38_%~ECz5Qbc$1xxWQ}3nA1NG>B(l;Cg
z-@WbtGialyx8CW&iXtzkZEu{6COY^)C~AqPt*sqWR8&--iqT9|)8oaDKyb^-Vx`}^
z4N%4O55fF$r9o}YcR0iF<-1h&J=D)_fc^2a?y3bL)$rX72LC`?&J~mx(QPI4I0@u(
zdAd8XOmAN>g#MHmr^9Lot=DZ}H`#{6zoiF?R-xe5ghCPw<-BjyAzkn2yg7b9Vp?!p
zDyxv^l-=CSZ(Ih{iCwrK`oTDkCHdEs(gOmS?8u*>pv_j4R#f)h6BthRgrwCukSA_z
zVE9~6RX*R6%E%rNS~`@LVi1$W?wvUtt+c&sf4mI?L)O8?wg33cA(O`ip_$nrvPpJx
z-Kn|BZy&4Dpe2}OXGgQf68i{#bSzt|)7ioU7N(1V3<BbejR6^bbMyRY|BI=BClL6C
z3>g?J=G)04Wn}h@?9jks3+BYG-ve-9v87sIsGYZQVP_ZDm|7?%2ip<O-k!7BaY4%a
z7vJjL-A>P-*I3d)U@%Tp?+bPiKmYmq(fr;#==)w#v~~sq<>+yTP&Ik_2*<s#x_hom
zDD7r{D)Li-%jdUT_IDDPq#wq^Cs0)vgIWuGC6ljbDll_58K=vKMMzSU^he;oS5w2l
zr#uX(AD5Obzt>N1abG9KcC6GZZl^YoeE-4=@$o@|V>UlLbPzhxBp`tFANLq8BgJ<)
z!x@WfLCNXx^4o8@LSocuvQahf>1GdxaM~b^nUmNU=uk)q<Y;VwqvLAF@oe){lzI-3
zUHRqe(3KcNi0OIHR%y@{J{OLVfW8jW2Db$Tj)FWb{ktg%>5&GVFYh}uaWS3fD5G24
zDrW!v**!ly=tnj!E~dEL|H7vzE2^dS4(!O9rVWVD?!Wg!rVa*$7Smu7f<$3`U9jWr
z37cz`F$)2~(LNB-ot@o8h#Qi1I76->5)Yo|Bo|T0>e<dEL%F%=xhj%1GPh-{<sJ^o
zFfzKc>kZZR74y<-AzRywoA4frSI>M`R3HM2P()ICaPXI%t*7?izX#?WKIo3ua8tJ5
z3nDV=>EIxkwHeq8>fdL>g+vlWMuXOZTu$6VBg^SIMe_h89dpIKekQ~|U4dE-uTf1i
zT9FaSY6-ItR)N@us7LTbx(`JDr8(8L|K~vwm!8N_!OLS@rm*D9{@{2)Qo8pe^{%ef
z9-9&<m)9x1Fxydyk&(H&CFONE6YJ~Y2xt;69$X-trZx}?Wg$R8xj5^Z{FAZmW#At^
zYGuS`xCbaTuNq+81i_nt>hEUK_sMyU%X^<C1jKHz9;4h`_0@qpU}Vj3->1IiC<4_`
zr5jOx<<iZ{&d3<8-$no}5o5*48<Ttkk4uJ=;NyLOg9KJkBtbzOe7qUbvpuw5D{<jr
zmV{DCu3wC5q~g~b_6u>K$&3vrOGC$_c+h_X_xUuBl-$K`O#Yww$wowQEjD1H8U%*n
zF?ZY4QvHkkUnw^1T)rZgJi`08rEZaHercikGQx|}lEB8_d$KhyA|A9gAO@e571I(v
zf>Od@2Z=Q@8!yiG1MBW^@nKLlYG~I$3w4jY*D0#oPl!}wUayKVK1;!kXQRjJRwp6=
zsK|wICnf#3+JXzR!;Av$4gQg(^h>@zYbTpQO+RUmG~2al_74&bYcvTCHiL$v@VfgZ
zYx+-T^;ti2*iCv)|9K4xMeVI&)G_?qcUXs0l`S|p(<MZO3=2z7OSc}x?Yt&n1cmce
ziLxl<tpUONqmbo5#)gI1Xm9c;Ng4n!{EMbp8_-JZUgIUbbNGJu&sq8xuD>h1G>Mek
zd(ZG$j<0u_kt&l*t?TG2GR}9G>9YjU50#?%7%SIbhxC=@b$B52OJvonaZ{ufyEBd!
z>R&A*gbX-`XFXS0Pozl(9-FY%l~d6LX*O;FhJ#k^6r6vj=%pFS75Qj)zb!ogwAUlN
zEb)uMRQ6UP(&O?@(c)t1k?8lLxBC98fdg4n>U7MIC!yE@wDRAOg90k~y$qi#^?n^O
z7B~&MN$ezjxU+lq;%oBOxL7mqQC9*dOIN2g8A3+4M%}fFV}i$O!bux#EN9s5^x7lg
z-A|1{mu~lP#Wir7ii5j;s8$9zfa7irOGZtr-}b4^Vl23{7$*f9ClckY$|ndw!*7f?
zaXq!WGb=nlSU)E(l**9peNe$-w`5;qSK~omYN0Jjq`4h%IOX{@LTJb;ZRN?X$5?a-
ziMeu3YfZ)}rc&z79=aTH_j4!cd)K^ywVUu{(oYD>@NPdUe%<$vp#L4)aLZ=xYGq;Y
z-ls-ZnNbM&@_>`8^=^9Qxm5P9Q)mfyq6!gs`EoLYPv)gpginSfL#6unxc6pPml`Dp
zov&F^rW}i6_!I{5=g$(Oo~Qe?2Ga;4nz@F1<9!v=aC*-aav6Gh0`Sn*z<9>&iMJ)h
z+F7OE+oNge$SMOwMdelefOodG23y%)Fz4@p1(`kmS2%TO+mfy>w>RDgbmE>v4GKBx
z_tHjw0s>irq_t4ctY+sM<_1-CXIw-_^EI&DuP+S0NI{Rd!_`ILc)s{w)&u{doMaAp
z-WU8h3VWK5`q79{_?u<oQ4Wf#3-;@TiJp$@7%a|79soRpmLWfehew7FvsFrcW39`q
z@>J=)zG{1?VP-OvSizU$9Ml%bEcpO@#i8+i^rF_W$H+fj17;d1H_#M;2b`Z$ab^%O
zlw-z<QLnD41|jg#q}&0csURzqmc%eeX-#w(C_Lz_h4WrRzmwL`3k(%wT1c9t2!YsG
z%}#5LB!Co+mx9!GDLhBum1w+g?rJ13TU{M2gDXZy#>*f$s*l2lh03cdgkff5b9kPl
z?j~R)CQj4Q>1~okr!Dy@1gaG>GBR&cMt%+3J(%}F;)Z)XXH!f2J)4Tk+1Uzz^*p0|
z$oS^^-?zA(f{%5wI}o_&MZddDHRvh<N{4F?wzptj%|;Dv?3iYom1w73qF2Rmnrqg<
zzh8I2;IhKek8*+soe&S)4=s?N1e5f#+5)k<3=@}OG=M}{3ZgEW=ooOT)P9<lmy<*0
zQ@^kq{o|b$EH2Wa6iVNW7b`&zf^=c6VrC1@$UNL}g2;ai^59!r5EL3x-UkSWamD^g
zBkSyqEr`^JkqkmIPeJmVbo~wft@Z7h@*?<)c=`iKSE9w^yjJn-?;FkU{2^d-Dg*=U
zW$$z&5W2e?1n2#NkGGVdK)rM8K|mT8c7EQsGTRMVNh#6QKZ+cx*D~~^f01iZr9TIp
zQ=Ev2kzM_MCl(SiT@won_y@M}Ej2qryW4$^f2Fi=vtJ0N)TkPvR_5Q@l76alWsr%o
zcDs%F^M}>#-bs^ds7okR#1anV(9>Zu{tPH~cMpyI?)$JgkeA=q_LA#88=$7&btc`l
z#h&QRLuF(Pebgpqb(W$EaqHOCFPcBNAoH%A`s2sQ)kv^|(p7;1ApT-ZxaX7qbI~U^
z2+Oz)94ltuft_~2dMJ-rfRt{L9=R&@OcBO9&5@p{C5!%f6ca!x?H69H^=J3*NVVgv
zZ4@7HQJME7)4Lscs-&dU^=qO4^R6FXNj2HX4MVEOeJO@;2n4U`3k!c)S%efB$~b2C
z770M=_YK2tYy%;MyzXbG-9h0|k)_vXw5Z^23CW8>D<+A<^IU)`MBe}fIR~Dg{UV$*
zAz=UkYxS@Aew_ruk9f$?p=ka7d7{ed+L46h<OuxEaPIai$@gfX<v(ee?H$iC-8bPn
zv|1a~bMqSlAO}9`g!++?IAIFnL{fp+>vPoDa_eRsu=iCglQ*m#bk=Ch>L-m;#%w28
z_*ctH7gQL3TC$b14H%D2g7^HyI|0>K+PO!@qx=&YF+Lh@q@d8X3v2q0>Bvh>0XF=1
z2?LtiKkHlf@B_&v5;3=NmzaRmcYQ?>3_Yg8Sj*xF7~*EeBY!bz8KF+}sZqD5TRl*_
z4RgK6fo#p!=UbM>YRhU%;^);@hnu--uR-s$jNaj8V(6u%zk|bwHn1Uh8KSb_2?0Ty
z$6I)C*ufO28r&(cPz?-3x(*%8m*Efm`3@a7QP6E%eMUhEjY&=(-sXZBhlO=;d(uvM
z-3?tR;Njof>XuhlLMMGo!V0DC`%qT~uZF7zsCmS`gC1u!iBHXlI(vN)otv-q$Rz8*
zt-^J*?$+zN8jP#9?MEsUtkeRnL>hxXLy%eLR!PgzRQx3O3H~ZliqoK+U-n`M3O+sD
z?>0GIm_9>pQ+MU?`o~jt{d4V#uSRWEkQR|n;ev<#2pjmK;hYKT-!@`%2Ap|n4$3z`
z#k7<WIg(HvL`glgiu$Xo%%w-hmq&{%9)4Ue3K=>2(TEsl=RGS(%{k7~_qLb<Imznc
z@X*rAg<CRErB+sHZ62&NjPY?vv*ox9@gNLY)To;A`ZXpcFAj2QFZ>P=BlPrpyGPL=
z$3U=l!qlijDUgFs0?xBT={ZmPhzI;$Wmk;@#T$q-ici>aC##a;p4=dGRsHwRkke48
zJ^TG82|tVDix0@BlQz%Khoc}0i#f1hoi0Hd$f3!qYrj`GS`5Q}yb&J%ixJe`#?rS)
z=nIDuKm3@0&-3s=z-x^+FqR%tUiTS%;MdhP2@+3MZ0oZy@uEWJ88nQI0pus*;n6?+
z4cnvEA?h_?SITVy$5$*D0OH8sr_y<!@j){No7uWWj?vp%?u(G}rZtva2aght4|d%{
zcOAiD{VXy&;92{FoY)KrfvwI_+0YTj?nt`fBo)M!Bl#eAppwYEd<_l@U|dc=wM6`8
zQ}Pj>WU11(-0n-GFmQaeEzxZ{J^tQ^4Ki%KZ=jK%S7Unnm|;?m#QELOcmh}Euxb8k
zt}s|F@atT+GHeU-ib9xyXWa40Nr#IyVX$*9O{LKX)i526%C#BX4fC1aC8FM^Cl;Tp
zJ+FwRKSiZASVk7(8#B{oO~4}u=*j@yUb#QZQ9#w~$`No1%u2$xAtK5xEuJa&eg}%#
zUmtZrDi4#znFh*ytZ#9)%8~LjPC_aZIY?~;P^#$ZcY1}?N`iAWCkp=loeaD@TL&2o
z2|z=GwxJ+8yt24Bjm4gX=66O|ejpU6e7=1yvYiLlWSoe7@?^||^mGR&=b*QDf!|ty
zXhyry(a~z>V{I`Qcw{l^py6O^Aqa`z-=Sj^D7>)fk~u`+A7+y#zui6bAtom$lR0cj
z;cQ2FcmPi5b6j`?ThMZ=2n5$(7h(ud4ELEfLi={1W3yv;4TK}gO)dDSHr6bm3}+f|
z(k`&bUh7?ElbWDKV8i8_o!UCQwU(&>$7dP=o0_?<zUi(UgQT3+G;9mbN2BZIu?2=q
z8M1Y_{bQ;251{j)GLKx~<;fX^L_ik}+a}GfxLEULJ2kD{7#37>LO)5y<&!CjZSW7B
z46W<6I(W=7&GB#<HgyVuP&&7SQCvTsAQBnb@nl@k@gYv|AVuQ*-bXb#g&a87+y7@E
z_=*CG?4PWy=eW6zy8h-l5b!k(-`de<U0tp5T4MQp__6m1?!RUNc@fY?li$;Wfk_n2
zn~?Cc6leKRT~+CgtHy9Tz)4n9W$9WbW?ESx_-sR<I$iXO*Pin0S4%{!J@DRu#LZ1d
zK^i!)pFAgHLMx&MPze&kg~Zix4?v1)_Fph)u=u><TV-wN|58~A8UW`gcqPGkTAe=E
zxML*z+M_D7c6&<EFME`G!<vR)Xc-|v?<St8ygce-mBC;^6PFJw;Kzt81lh=hK{%dJ
z8{jx<eQPR(9EHl|$?2P4+;06KSoxx7;LjI{o7KdKqzu?;^`MvGQlwwg$y0889?mX_
zG9qRztCV+Zd4F(T0>1J0975VHbf_XtPj9Zy<<8=_AsKRN_4D;f_GAY79$qpCSx$R6
zodMMC8X;Lp_^DLJ-ac4l2X0z~-PZ@?5_FPq;v5|Ou)-#;qvs1*u9oKRsZ~-?*~+Cd
zd+<6L1yZ?O_b`|;xh8&wsgtBeCHILHQqgQ|<%xndp?ga_ip8`KfhCQ?O<#uqB*Z=9
zh>=gLO_a4&0>MN_!A1oGwwbid*m_Lb;1hV5%C!DaBx}e(+qE+Pt`htoINC?F)zeGZ
ztrOS$_$_zV{32g`Yn+A-@jv}M4O|51zs+qDaycahvBXGKN1%p~f2IZMlk*w`+UbIt
z_2BsLF*Fk>=!xY8?UTzqrF5jX?H(NIh8#Ru>fR56ck~(0e)togNx!xvaB(JRM2&cw
zWML^gE+BL#xb+xLW=vd8b``JI*!P26?7IG+*RS}=l@yBXqtBDF$+Q$vp%nncm17Cu
z^N-K)lzzW*+!%U_1A^m}s9Ydz{;IiwS_V0QS7XRdvSF(Y5oGp3;>@ST0^O@FsT@L_
znmRiD^P4;%;w6J5qL?#~Qfra$sNy1l7}krKY*|uT((T%Z@Fo;L=L%E63O{TP-tBfl
zzF~SI1#CIwgLu$P2y{H%nSk_8e<4`dmR38bop@BI|FQg@#qag;RR)DakOBb{!{*I&
z87&jeGW1|csR(Ev3vc!#ZsoKOtq6kFZEs&cI9@(E^8Nl1ul(r9(99z2{BkD%bWR<g
zn}F5`2@#ji*+oU59S<GWepN(E4HuM(oN&oznRL6dfj=3_R8)~DEudbuJ!-@+B{M6D
zRD>!FT6pZDzkh-^+4<caYc`7Eeysfr*?-^F{imy_xA3EN7sC8<TVAO9I@RF@RAM>5
zANPH8elnMbvUX}I(pop;1w<ARV~6UHIfi3*X;cZL;i24-JE4dgcG|DN=wpPl`>svi
z)Au9xfXwz)5$H-Sk^N@)wAAdBW;kkOY!u*WJ!5!MsuteqikxRLMz%3YotzTM6!eji
z4m0`P{(Az12l3ywHt`tPL15`4e^_9zwp01@rdq95>V%bnH0hzJae4oCcw$XW7gid`
zYuc&eP^@exhch^CUU~#N)f#j>Ac3ux1K{~VLc3?>_PR{N!{zjik^%+oT<`;dT?m_X
zlR3+GkW9n(x;Y5(cLy^NT}9FlUQJ`0k8b5!L8)3=fhOrZJOu47bVTj#I%d1kA_=f>
z_L8v=f-eXpabaD`1@V_pp3jiX*-*SY@nK!_I#Lm;&fl-!AriM;c|Xto1|AdGO7h*g
z$p+mMtJ~qBE&RwKopA1Zx8pAw?;ObX@hrJg#YBrdUPu#C0Og2fIU1I)IP=FC)P@U$
z_BGO?o=0Yh(iD(1Q6Vo(Oq#dHjem~}W6D6v9i()6{mu-1+RTvcf<q~;t}H>6FIrAH
z3G%s5-fIwV&}5;d1sDP-b0Cxj;^5K3riv#==509s&tSK0;Pd9Cdka1Zsc^CoU7YEg
zj?UAS7$zDThl+;V`daG?Xuh!C?jqnt`0r^a<)yT*&Q}muWVd^DFRYMoJU@WnIwnvb
z6XR3whGY~6HAYh@sp+I0<dnr>1ul1thMF9Yff?g;k&@!$r*8#q8Z6)Co;=PeoD4ep
z4p>c;n5@*;_Gx~ZQ?0#_JGPcC>Mjxds}JBdfFS){nl%a;@5BH$75A%FvBXPDSKi9$
zXmRj`ebDC`(#~}_&xlYhX^`KZ`#V>LAv7=eF`jtiJ(5gAep)AOk|aTFX8*|ntX0&c
z0jPH-ff3&WaTu;2BqTJeT^TZ$mbY2DXC$S?VM+Y_&dx4H_3fA{L5%))>c_cQvdJp%
z7P-JxOf-w#iEeZ@PrZCZ9B736_$I^p!lU&i%4eLh2#{cceHjW`Wxa?&>hAtN*ZHFT
z+k)~o&|qesLnWeBOX7$d6`z|2YVS6~NZ+@i-|CS{f(jQ{WRU!?;I(cK;eU{evMjBV
zzFjN{Y&sRP2$C99Xa+P9a>BIQf=zBOjbiBT)xMIYr2H$6j3~>+<z?sBV`-%YxF9&x
z^u)|eo8r>SSW#t)gF~J8jPC9`qh+3Rl4BWqQ&{icl2p)QGp77-P(YY8=glI9%H)?n
zSNc@HP$3#}pg$5@#dUh)&hf<fROKQNrRoCA&cV9~5QKhJ_8JWKv3Bq$({%k`lyHcN
zXc4J#4eu5G^&jPX?AXRhravdkV!D+4{27iu5H~1E$Wb>OdNGsR(nz`WkFI&85ybyA
zzjM&5SWOn5Bi#;y;DI+Hq_0TU<L0VFbys!qu?194JIk#3vES@+;j*a?;J~_)s(B0$
zMiZQz#!Y<rk#A8YF;_ntP&y*x^Sb{76j;m2{-$;t8s=6p`|SJ)`qtscF#gLjIEO1B
zm){!#;{N{Lpy9%W);7GM^`D4ml>^v+j8RIg{k=JEx&memuHiuwCjg)alR$&l0iqBx
z^Hdd-xYWax6G;!FiwpddXMs<r5rCMiy%dOuON3feAiyN4VxvN{_>T>3;76-_L0L%&
z*pU0ZIjWjFUwZ11@weQ@XWTli5KE!4EvhsFet%GeF)qwoE^4{yP_VOeAZCSv4nq^)
z$O3q|+N?E#?95||+R9O0i3MXpIzJ3d>rcfBA&c;&LU}16cLCrLXRt-Bk4Cl8(_QN{
zMf_iN1xE(?je3@6^?vsHt=~yP_(NWF<oWR$eybhIPa9E}OK7Q7jGF{>os_8h4}o_M
z_#?vyXne0}&c3A0J@r-+>Dx>I#x3Mn9L<yR^K?P|;1e`7EZsu#Lh`p{!~G^lkL+xw
z)W>T_rydXpfTmlT)W>?f<v+h!T+fZ=^x6pK$Fs@VxCp>lm+Ej=w7~{EwccSec6S@H
zd^et2FcYuGy(ATU@+W<HA=Gw4n}YFo292k)#Jo!6rk+cG7T%jcLjx02V+wDjeG3sR
z?Ht211(M3j>Y+uHlKD!>hcen&zs#W4_F#W6!4PDyzZQ!QCODN4T3C~wu0(03b@)v@
zdAFU4!GreB#O3Qu35Wvx;S(?0gxT>`_T(_Aki<t!&5w9sLi^>mtMK(JJGsU#zlfSV
z>H-fBBa;vu8gV2rOzI1x0}nqO#7mIX>e_qfdCB6p!q?_^jg;{A2qOxM*p$yDE`Gx!
z?P(ht5&~=Q8PO*RyW2L`ZKRIHUwP_4LS;28l)wvtFHaL!ky0th@=ls7t0;HdudjO~
zriK5hH4mVqFXFsm!$hStk4H(^p;G;nCbSk;sIhUP1~|#-5o)?)%<;7E&lX|OkND@l
z4)17NrBk&ztx3)6R#hl#DZC#k2m*Dh5(SWR9w@Eq3~hIYug3U>y$T}lHxHnR;Bzo1
zH#ehG9N2R3d7eS&$;*So;dBSy2W97x5ByFGVEtsC3)X*5CWC?1$J<d`_);cq9-g#%
zAE0@uZ*Vgh#>Su-OH1TbL;ef4UlhIx_$Z|j7ZSyZB*20FpDju4O1tAn4!r+i>Z`-L
zN~3P+5~RC9L8L+HZUF%SDd`50?mBd*fFPZMbcl2}NJ)1~H`2&`e{=75pKtzgW*nb6
zhx5LBuf5jVdlSb{^-v4CO|NurJIcKot%csCHjYx@$;}XG*%%Jnwa1r<xe9QwRr*%*
z6j+&x(B&iyi?=;l<su_FfzQr<mgZ6WoQvu+Udi=GsmeEEZ?sACAmFa(R2G4+!D?cx
zH3JT_dr*4<5}D8KfF$PemKkHYHECCvYOy5}#vUI}m)U!7_r7umOu3oH4_P4e<N6%x
zl!RfM5fVnFaieZ*kA@bf>O`)vZ}&X0!NTnBx_0m2L<UeTMVMTYQ7I@u74=?ECP&Wi
zU!=4Z@3kV7hLUA9aq=*jR8L8!1Btz%J-H)(wr_G<n9rNd^x`|*`OhhlZ__`^$QO`z
zf0u2}Nao>>jZ#)#!8K|Rx+;D0&#e>FCBdOY*pxepG~yts+*u+gzd8`#wq4rf=(s|B
zZe|vhCP*xjz(9NOi?mxt3MP;z5-C_9mzCxsaFaviF!J069XELhCM7OD#SR7f!yA2S
zVY17S5kq++*#+FybNAWvIg5Jxb*ac80Up4+g^YHGr~Gtg0)$}g^@Dsw#0hX>*8BV|
zUTxvhW~q;+#y<Yaog<_0jOmyY;E{Ps=C(&FxXQ&*>^V|83O{`_xD__IQq(v&3FzE+
zxNUd)F;1m(LX`JW=a_kPA2l>w`b{vB_`DY!(dDxjmGm7O2m_q?-Frr_ZnP1|=I2xD
ztO>mt-hS>vS}_1<b(Pl)1AI34<RR&^7O$`-7@4>z=I9M(2Hz4XvaqgQcA%bQiBJL#
z&i!GJuyZ6++ENAQx0-7Aav=nis^q``SiJ(HD+H_wgdQG@#y_BRlzd9*A4)!5Io)t<
zVGQi>11(A^HIC1tynfur@Wgg?V1M|z`n&BBLxdgl5<CbCb6Stn?KmGTt~+I`%nQKY
znzd;(Lvp!9Q;Xjmb5LG>58IsttMnW>1SyV2vW4w!+t<%8cOlNxRGI3RFQWVUgMt(y
z0tXOEZ}G>+7aB~yXl<F}jyo_W9(c?7^%xt)g`#Re53eU*zXq*S5gdR3{C|4oh1rk_
zsE0tB2W>+BU2EA2u~cK<6GmZHxbX9BllA)>IiC}_oI>S|!3HPbiu0!P0gyt8QY1<(
z6vEE?Fq#R=Y-@S4T}2;fzW7Eu_Du~vk(7;=xP~4FwtOGbGdQ7PGOf#9`s6#xn^W2Q
zzvrVx#l=j#wFfKIu<EF1QI`$&)`+mTek~9Z!smU?a0Kk8#~P(@$!dM6iKD3HSqQfO
zP^0wGkXYc=Q{$g43}k!Y`({C$`%i+x``vequ=w0@nDuI(UdQRZLs@K7k}v(8kT1|v
z^ii{PsR17}sC;mDOzZ_T2?`)i1`t=?Wkgr4CMer)_hP}^3+h^0tP4|(LSDB7p>Bs@
zly8&a{;J>Fzkl{ur~bfRz_J{m_=1&5Tt*&4UO|5BjV3WbpF8<bAu38B?Wry>Un#pC
z_kuiQe>O&|%kTCyz1aLRB)t9CJlXklssBbCEmzym7ob6;8<?>^CLNHbeWf)7jP&I(
zdosVui$in}rzivd9UWbBvptn<eIR<I<X3I`SznC6cZ28wm-&N?MC5B}{SZReQ8!V_
zZw>|?F<$1?9ti*U>`EVUB{j;9>zHHE#k1-K2T_T=5J%8r!RhwbdM{+6!?3kR#?{eD
z(&`O5U0|TY4S>>3K2737b9<!`Ee5{mvb?;Q;J%J@h0Z8oCi5~gDwh*;6cywJwj!cr
zAGiBglJns(5D{VN=K%^{tHuQNPq}{dglx>}eHH}e7G-D8IdSjJ6V_;y`h{j?sRtA_
zbT8HWXMCJluZ;^#{n;w=A9vgpI%M{gK;A1TJ}c`{`lE8dZyu6YmSc&Vo2K0FU0f(4
zBCHR0Uqz0Z4@)@ereDJ^dBNB43^BCF48cpp#N}W9ZA1Lx(){mOANi*e{R;C7guaPX
zXcX$@Y9X#7E;sKw7GspW8AYV=_oVy_-^3A{sM&*r*f9DWhI4>Bs;jWcwIhrtaVAjh
zeXuM#I`B|+JnUFD_y0mFEXL4%ikiMxF(_}(M*$i_i>xfgM%&?l31#f{tDu<H)>W^i
zy$uu;L*`fG&y{;O%`Fmq<0lH^<5OQkQ~ZEM&G%SZp}q`6sg?hH3+A~v7_YRV^jYrj
zbslBV>;jd84G*t{d2rBvYmtAk#RDI(2jri^OM#2*8=E#l8<X1R*>)PRUbpI0<!WTb
zMl=e@uxj~rnDqKd>+Qn9tuZRmSdLP`iTV2eOD+?llqV0sz=`mSc_s#z4Hf4i40(H>
z@bGHh)7%+7>#t0Ee{QFxfn@LD=SgXS|58kVNB8M2Zv;C0=e+Rt&wd((N?Mh+l+ArH
zKyF_k28Imc$A9FSqgj0*)u<;X4_(}X&>+mhVh9|nL(45j<4wGve4N^A!T{#J0AJiS
zzs3-l<t8+XT1X}qvQ@Xza`FJ}V&AYRBL*WdzV~vIVDdFI!NNu*Ifq!WlfJ1r9VZVF
zc<Fdh?-GB_rCk5v><r_@7+ADuh!vKAP-yc6v-=^1q=WM(004!`p?#Czk85kIUjU&Y
zEbzaVWe_VKaK9%ZFH|CYjD4Pf?EV&>p&aE0q|=@nj}aF$P@-5p;lPObVkDU_y~n%@
zL?Gt2Ta4np;T_4ncA)03Pk5Z4tRCq#EGG{b=Y%$Ru)Z@k|FrZnH)v>UT}cW_Vl-V`
z-LhyBp%l1Pf$u09Tz!s%-<VxkOmj6J+#`?Aa|;y^fTM-Or~{$i)8n=E)t|RYPa#0a
zy;IeV8XS~Asn-Ps>=UOC9~u(*L8p<)cIxXeG<4j=VNMdvdL*P(Af{*M<V~zQS;m5{
zQ(V*~`g~`1Pc5BwIYmr1fc66y>H;<0f>ZmD17hK3lo6@fkiECv6j2%E&q34ldRO>K
zzucES0zjyr42)z{R@K?fH9#(KK%>z(T1SKftov^&VTt)XSu}nZ3^?59=Ae-6=s}K=
z49RwT{O8DY2zr7^IGkUgU{Xf>UN_clb4G^+bzf)azy?y#hP4V5M!se*Uce@=-jsXj
z<pozWL^ZkDfwfXs#~YEr8{5;3<evpSz3T`p5Kx|JhhtlYmftp7IIW(#UwbU@qzk&1
zenGBT8p|Ph7?&L@EJz@bPskReA%LfJLCt3q1>8pe6XI^{v11Iy57_nBh}Bx!LrV05
zH0%?*PvyL}tPq&08r?ET$mGNT%R@bq9!@%xJQ3mu8ZKW-h=EtYE=(W-Na^<|hbbC`
zp5Azw1*F`tEDErac$?fG{9P^=fWSZjytaEBD^5kFl4!JkS+P*Ju@Z=y=7I&VjJM0G
z-=vxL*`KV3I|uixBb}!0Z?3Lr*ViT&l~q<fUu&s%o}x)pfINiM%#M(s`rf3MW`9@h
z6p`h?f9?YuGpSaNW3gXkC~$(n-&CBa!b882FqYw}lKp3KR{uT;?;-`Bpu@u|qZziH
ziR>zwa~4)CCmo~Urtc&q<auo+%oL%R{(&{zlUpg)4}7%#7m?|ru|UE6KJxCpW?vjG
zJ<L=G`cG#|&#H+@NmE3v6DNgfuyS&XBPiP*pYHo|p+zO(!kDikKzy-m4nk&QErJLL
zh(;R+ixJ!(q5lpR@Up-kr@_Jdb=KKcEzS@>mzG{f#kxfNW(S9vs^O>-xgK!)cJIs&
z17~;D(GRsQ%;#uBQ1x}<$NinvylC>ZwQa^wbXVPLA*$YsV*_ScaUzZs#iEavu$Brk
z9UbtsVV*p3{mfsk&<7v_mEK(j19$_=l;!^3X94xPY{vA!$o~Qjn7#6ekYL8JjZLIJ
zT1i;vBULn7e<aX+-S%hlI1C(D5`J8`I(L^dTqN|TcF$@ZXw{&w*Hk0*y%KN<c>G;p
zPr;e{o}zDF5PXzw7_ZlU_d=|=ftWCuQXzR7!saTK5yw6G`XuTJlKSgSL4Iv9WVx<p
zMaJhEZW8{VCBnPrFfi=TPdg&mTY+KDdT8`m*k}gKR|ROarXsJb<VjsT{o28re=8!Y
zg!sFv<rGktg9uO0C`iuFu1|BdrEqp0Neo^X_(6X$l$~&=C|)=?cXJpRV3KkoKst`r
zN^Goby+G&3^}KzBXKYONy!=AYjc7A*R!~s#ZQkW^ebl5na3qOuZVk!3QB3?h*<oIT
zOF)derQsMi2zaHR?P5S*q~ZHkl#7rB>NnHHdLEO7MJkxz<|%*$2+J1ms>9*bkkr_}
zhxNzP=}CBoQUowuq11H~S_7}^GpOKq{ZZ`V`Rbg>ccoox>j-54AV93rad$jsv~zUi
zn3$;P$hUukNydZuvGwNL+`w9T@k=2kMJWjz7CaN<I1*ybl4r7HpxC_S7c>E_yFgve
zF8@AP%Kv5v(2=;Ve=uPTam|n3zv-OXEJbMH)*@N#=Xy-gJ8-4oK!vJvFVacS>JwR^
zQ7WdZp1A5J5;@#k`6dCT$Eg>6(5w0XZ&L*KeQoIGJl_58=QX_EFaNJ;{{O)C&+mW4
zkkR}{Q8Smpr$dhydtcD422?~2BcL6AsFr$)pRap=X9r_U-U=j_W&0(JkFy#(LBD{F
z{ogew5EOwW8WYdNB>wKqEbq@BaL{t{WQ-~c3l}x+sF&Je$G9!*4?B^YeI9h!u52*U
ze6Qhc>17AE^xr2X0b?8ra9b;_M)VtUaM(}2xCSH-tB+5^uMHn?OCtE@$MM*L=|p)R
zF3G{+{t`nGF7ytYbX3hBsxXK1(e>BPf@he-EqI%d^`txGbI2L*99}5*S4G&tzCCUW
z&0O<(F{u+DkIz6O$ovG@U7hkqr^aXOs-g%1D-SbF>S%X>VH9xBu<quApVa%F=5}YG
zD7`1N4GCT|*8(cg<mzizmixlDA02pEfuA09GZ>u~X03}u-a@%-1~TeeB-LaM+`oTc
zI5>VD@_}{mB%opk(5u^i+*n6=?1?lowSEc1nFNi961V|Jeqn#4b;v}%^5G_}BXp1`
zwwus#c(9JW5g9Iw{^PR<zvk$dp9U%>2a36eIKP-oDk8giB;YgSSB#^33W%+h)*F<^
zgO!yX$O*dM&eCvD_XM4HABox5Z+jx6J?rbJg-HHQeCwF&LR2IwLAKCJ0}K)lAz1`@
zGW*8(!(Ev*v{+`LOo92-cHApn*puK6oJtK3gBksn6C*<!PcW1s_sTab2jmV1SV)82
z=^#|(HDDaApf=Ttt|sF!=Ui<=Q-Knp0LQ>)WrWQhH9P_mH^LW5iz?;W*>KpRqAcL&
z{Gv|c?6tHIEMmgqP3aHyJtvmCi;k<l81e5(WU26UGM((Y?X{2px`5sL`v@loPss7+
zz{yt*aogzqDbPMl_mTyZS5ndeq<i)E@@#Jt2?5}{c3f#C8bW9wg@{6qd2EWzG)os6
zxO=_tIS&?>K5S+tlKl^IfqN;IzmYtg=J5Bz>J-sg5K(Og-j;fhp<ji_*%@9{19K6J
zv6G%z`pg{#5l~Z=AakUEVt9Qb?^Onf8#da__3xT6fEsvx&`14Yi6?1vn;w|p87~jJ
z0ATwLjl5G)4{D0VzAsd^BdiJh{Tc6BZ}+N$DxNAHe*EW@*&_Yq-fSQ_S3IS%iNCtx
zqlGsp(+vm3UVuq)YAQ*KJ15HR?QcI7epqPzFY&3s|K^(pV*#RMW4p0AYUm$mc>*_i
znH-#@K+g!`_ba~?1u+SN_V{M&lHzYrNca<C<3U;K0iyr{?RPr5QFhbiJ<&tS1tNuQ
zkx!<N7SS_!eyezk3Xp+Emb|F_sG2naJQ<)f4~RdKPev5EZtRv<9gOKzm%~5zg@^YK
ze_2#`{xovAWsTc`PRQHGY`Nwf^x*<BL<&^r0VWvo@+6!ei53AFLbtR9CBg<&{FfKt
z2x+1VLDLHL-SsP*QGWYp947RJrgU{4Q+f30adrIpUxof~om?h$uPHL%`=DZV-X6C~
zf+h@brhns|+<2$Y)?tUb9wNjJCGAlF)vxs74|&5v6Hhnj#fSag8Zn#Pg9wU;yWz-S
z5=U*d_1fGUWk_6~O7-*Sld~JAP2gp&t1zH{93}^Ui^vv=2sB}$G%TV7bYPk^1dRvy
z3JS1`4ocFmqp&A6sL%;sSX&G5B|?crzH-=D75+#xxtXG_{M{cGbYKqWY=rz>p|I$l
zpTSQ$z8B*O`}Ls6jG**ZWWU*Y>#v6V43de*D@kku$$KA|zvqYz+RfYrtK@A>5(x-%
z05<^&8(p?!ZwJ2BmOJ*WQCUVGpPjw^p<0jIfv(W&6=DM#P9BZoQ$Rsbk9-YmDA5cY
zwiWD+1qrzFc)tRd*6jQ>Q1nA9*v;7tVn&u4Yfld5v4x(ZdWqa&f<}x0=uT-2z}t(f
zi|!)n$n1#*C+5+UhmimE_&4eIe>LxG+$!8<NnJh}-aFFCY?7MJ>Ld4`Gj{jv9lig(
zO$(1KE$xniWVrihScM?o_bu)y%(fsZpmPHJ(l3*^@gjQyfPjw~6`f;eiUb<LNWfMg
z-=js+45-Ns5N4^rw#i*DS$r3&5J9%fC$j@Z3lEqZ2%xg5Nb(<;tnPce{shp%a<4&$
zdY8qzl%igB{%~S)Es-op1hCHJ;vgbl7D@^Z1`ZrO78V@`^F-_ab%#y+W)!}x+DZjo
z125ql?P)*kP41k_XJU|iq+gS!-ww`d4?aMDm?(-YEdSkMEuBH507_I4D`Ecj?_Ht5
zFh4=mfEqX;h3(`7%mwYBeSrteA9<PA99;cdmEvxfF<r=6?*1qb2Lu=rQAng$F^jEE
z-O;Mw_YxC!Q~-l0?-TQxOZqF>|9A-^AdFrBlbIrkhgc^o%j|c7=dIc0V_DGUh`Bil
zISHDAY#+?y&Gx@8Np<kh79GfOo1p8>H?EBPjXLi~qq?-8Y+~2mG|ywgV)9?8IzESg
zjfDmBF4D%I5l|=!QWf;{%yPJ~fxd!GU%N7Jo*$H=z*|7=#mZUcbAQYW3f8tiE#%vt
zXuQ`9eZ1Jcw!gHoblIESyc@&=y1a?k)%vWmD7t)jeg|+q0>rqWF(4Ap>qbX^3MN^&
zXQVOneJdyo<)nr%@7B6HESbv#3E=<NQ?qsrZI4!gIhQ){TD688a97y=O#5NMke$Mq
z2D03;0?j3t)r-+&UHLB4Dx@QsdB+j?9XW8TZBhh@tFR7#55O!#nbXsi)UVJ$n}Lyu
z-O95kOEAw(^5Mcq?FybC(68oQsMvAc;IyE~KM~mEcDj3igGK&f(tp6%XfRhg<);m)
zmg7NRJh4?QmC-^3VZYq>Dri<iL#?X_`N=9C4x9%0-eJz<|33U?4GyPt|LTmo9_O0Q
z>r>A}o~~wj+1<6q3u6v`iF1*7=bH44_Kk7rz-PU2W0mm1{&H!I=khuSO<b4HdsAHx
z?>vvsWgFB+v%U70y=?z_wds$3%;a|(<)`klZ`;22U4f2A1y{lp5JDihiDble)#jE4
z4nmqF!uCi(F$tEFHBwpf!T0mEUDg&Bm{U_*P^-pjR~oODv89|#RF<lWMsHY^38$(7
zHKJ@x5Fc@wnzkZ?t$u6Ns$}TN+Aw*{2rfQxU-wsTqgHp$d9;piTgl+n1Ct2Bpo0d1
z3eCrV(Cp5d|A>&zx=iiCFU9)#xix7Cgu9fmq8Gi|T84{@4LHf`r^g9Mqwxqq*QBa`
zI5zokxKVi{BVmGGm)q1THcx)d!R>s7e?^5ggcpMF>_%@GucVNdZ$X8PE#?g{=`?z9
zOZA61W;WvBz)=_eIsMR9pa1NKi!%p!=&p+ks9uLF$$p<G0Jx0Luiaxr*y-p3szO4>
zK+n3LQ5Vwu(*C1fi#>c37+-cP<baOOqSHndLPRv|`bJgTis^E8VMEF0ppDhV>eao7
zj{smK;P}nVBJlCj>5$P*x%1&@XXW7Ow9?E+d;2sieE<2E`&grpUd~wE4i~)?i+BS0
z_03p^Ab<0*J=u6ghPCwiRVA36kpbOBAD`-!3|WjCAO9Iv?^`9y=nz{G4}?8+9)qHv
zbzclc#?|cre){F#p052F{=Ea_$>v~EVFx<rLPc@WPoMmuuNItNQz|NAe}GYmF8|`j
z^QxwXBH1bXuY(6n*V&1QrBINk79i9-zz$<3vr3Zx_N||z{a+954jPs!Gx%_k8yZ9(
z<9>=5Hel_{=AH85nZkD(!`o3$u~d1wP#2Y3pAeAp^Z%-=2|R7~xF3+3Jl|XvF3l3n
zDg>)+-0Up(cVN{xm!o4`QZg!d4Rh<4zY`K3A68~6`X8aG3b&`@mai~LcrfvS`+em4
zl!A5Q_I^|pO~e_EmyW(+ey42lCu^@_Cgu{88dBq&*YOwDdhb7qd85Z=1;L`R)S*90
zS+Lbk`@Yi4uGT?Ni<!mJ?N#5!`;zSGLhRsyu-?JPODx8ppSlXSN8#fTf{J1ZXpqR6
z#EQ<3=C~m~R^70{hzM%Pj}{@S4(``9f@AcoH)|NeGr_WNJMILin-;IH9Z&-OY4c=F
zTGGf(2NI3_jXA$oj!j7ZsSx<#ASR_w;FQeXhlGz`eyIdf1kJ;~rt7=U_cz>`qTXSn
zE<B`8k}^t9J=F@0bH6ir{ykn<-R4$R#la;AVqSyRC`NH_lxj_6qbPWvwxB)@>h**7
zCdcRp?eyJaIMn#~Y0eq?4|gV40|^pSuJz^Q$!tb#fr!AyH`_PwdK9(m>bk>ij0E2E
zn>!A!|5%IH9CATXk!4Sv-HNLkMI;X0|2=~eEnx|a4ucct+e1?MrtlN*+c$&#UJyff
zbl30wz<`+1<4MdX_ZOe@u(m!4I=82aK6bCh)2I1Dx#JQ~se9k?*2!eC(=(!8wTs<P
zH}Q^gZF%2?FkT(49fLr3eWX_&i3qn-p5q_RZDE|AL%T^p;CrKO?(&*ysUa|BOl7eR
zY%a%!^A*>Bhr5S}A||PZPX>O`gVbs|?s)P6m}xpZbT}SNV$j=edWX-@-q9DzIJ2Gv
zix+h*!r;Kn^_db78vXF*4^d2?En>4o`s?_60(Wyg0NVR;rJ<&#5EBz4GS%wib@Yfx
zufy{HLIu@Pi3aW3?cXdY`xCL@GLhk?`UqS9KEgAmsz0ClCdeT%?Kgqc#KgpXn{zc)
zrd=pw$dg>$^v{uT3zc$wlG#%DoXjI_l;;URm8WH89dT7*z`N&dqM*RC@-w>c`<}w>
ziN9Wykk<)Z!E>xfojWCP8rsN748fO1dHm-UXkhu|{M<p94q-ee=X!f<h+*p}`x^?@
z+qce#bNFZS@=%<ndXVm+!4@Im+|b0{;OKBqVYifSWK{QI3Q76=iKB6C<P(O`)Siit
zJThm6%J#K2C0F}OiV_G3HZ~lClLWc>Yf?4c##Q!L_a5mhZCSzu>QYkqgVWPIzdJhC
zkb6$iXr(Z40-_0MI)j0VGd20W|9Xl+9U!R=*X-?f$iN_q7+KCi1guA<5kcv{{=M2~
z1@>xR9!3t|UFPJalDS=32N0v9qk$Itt8#s_I-w&lgo>zCFA{tuG!|K>xQjK!FQnvo
z&81QMPRTaQQKV0ZPH3lMlajxzYdF6$mXJIZ63N^c-h>-#@N)a5UyWpfg~k6;O0>-@
zG-V7@(QUAY_n4b|8~z{(0w63*XsSwp9@uJbZt}mE!Q@<LXJ`#x#9#x4cgyG~!RDXN
zsgbA3M=KVOivT$8jAUXVDk#Ve_N#o3v}`<>R7VovUo$z>$A-H;tXpaA?&(1W^xx}d
z^f=2TIe3Z6cmydvv%*4?=qk=Z-^&XqSq9OU7lDNb{*%DNHFq?tSjw+dtgX}W_B8hx
zp2VTSA(OTF+7vD?*RGlE_=qz{-PovZ579P*5#KQq4mbe7NH}a#+N;r<uG4teei$Rq
zNQZ$KW-ny#r~KWQRhXZ&%E%}T>xm@LefqX*_b1V7{#_&DD=PAN{?^yii-xYrdF=%m
zP)>PmPfX8+l6dMH#8+muvad=@i~Rb&y{)GrMQ2Dr&;ABSF5tn%z^;Q7{PPoXYUnB@
zQ9}5K?UA*BSnT2w>wh*lgoI_fZN3l4US3`!AtyLxL`-66JgR<Zb*K&wv*0&IQAr~r
z5Y>p`xi#QEKhFFOSwMKkTmYGy_pNC91%zb50p1;xn)m7czk9XpG`({tN1Q*~p$eeE
zVRT^ax;e+B*Kn=T1zhotKIh@SA=%hU;DP|eIM4l>4jmoc$x|$8Yz#qyDlHb+Z2-r;
z9v{EU0k;4I?_Wf$or&5tG;B-*b1f-~&Azt;*uX9t2)eAH-NS`%Qia_?q}-LZGi+dT
z*-oY~ny>@H`}dC`^*h{-&!WDt%Qg{lu~gL#D#}avCE$PFV<}M6)O;iXx0a5PQFhrA
z2MZ+I4jGKNKOJ^gwo=H*58hpM%@~HZ*gK;rJGDb^`Iy9jvtYaK;}<QTbsMZ^kUq7J
z|DX)hN<w6(^j4{%yteH=8@)2@@j2tWB!ZvFh)VT`Pldw2900I03;MY<A4R4-FWL>(
z))HCwzn9ck;%vuIO74W?Qyde<YpQl)GBcA5r=c>jCBvEJ=T}C?7h+SL_@EQANAYs{
zKiK}`rEA0?38M$|HJg7V`jjR#3Md{NoGkdkL*8wo9ipJ1<P8YK^*EtvN~%ps(dq$H
zi$@pc=UemmsK%o}&N8G&mOHO@Sr)oKKbRX89n+>vX~QBZy4pwB97;=lt}$v0zf~aG
zszJH_`7=j#WqarAk4Qgr?q&Z(QAOKXS-owI0f-87d!#4bY^Xl9dI|42bQ^@Fp`i=a
zZc`SQM3&uMNvg_6#18N!Cuc;rBcj^xUhH}*FGJEGbM=1tl2Yr=`Hat-UR4u-9;y}K
zMwqFf|JNHW<8q7_1pcteugwAPrhhHWnw4%tUp(#Tljds!tIAkWcJ|H=TZ0Vq!LH3m
zO2N3ZqZNTXWzg%S+u*nrm6%8XC3IR!asR&vHLUFM23<qxYrwsMaP9POWPQ;hkFL|D
zm+Y$#PBgSA{Wk8uxuRtPfk*kLyJv1joFcuxpc`9eU*GwGrz#g0$A=$i+(ayvlgVRW
z)<1X(@chb(t)Lcl^d7Nm@#@;@$1N&4v#K|v&-Z!2X!E(VXQd0+fUx#I&DZsP9!}%*
zT<>OB5(J??9N2nJ=eV0aZV4WnJ>T24QxS%MCXHlz*=w%xhr>wXYo}qdeD8n1L>Qhk
zhFU2k8(&X;f84#6e#QQ4&srA{4U^+}2hZEr*Vng3Mn-bLaJYYB4nnzK|L2tMZ=~_s
zr|`y}o6&#)`?B1EAX`>icA+S~di}{*VtHtIuv1=5t(=F}N#grka;;J=|A89w(=r#k
zcfKN2%k}<s?E2X>yu=>-{4e^4rG0JL28RY|Sm_b1`1$3A24MrCxvHz<)YPSb3nP2F
zhH=vKVs+nnALs-JOV!A3CMNtMvcU4qCL41CIkTa$dn+n-bGo^8uQU&w@&~#&S9W&5
zXSn}R&M7X&$il-v{j;mq{GC-%RRsD|oS<nE9v0DQGfwxbu6E0VHZC(AQ&Ujz*|Y~f
z^Gmjv)AMb~nMDd?3dKUkpbvX@S0@Xtl)Elea+cQC486U*A@Xu^adlKuc>vEFlJnR=
zvx_jG!U&Exq0j9rB~Ww|)to|XVPRp0`Tp>L{~7q(=q^4qIvkvwM{ldw`s@6on~GZC
z-_+M6!d7_7nPkLU+w=@9m{%40Js>E}?iZ3PfOoSN_7npIAuP*+j)R?V<s%b}iw?jT
z>sQ0wmp1XdAivV=(H9dR>fGX)p{HMKb)fIFqmz=7=5$(<_@(zVY9o4Y@x|b1Uz)|}
z2`4A+S1YUQFJD4H@2}}MU?t|Qd(#sh7KYYnWodXY`JE$0gc2lkA;qTzgan2&^R;1Z
z9tjx<GKD5TfZ<O|Tf8wmkOY12z2<w`=}~M>My1L}q4>DC7Yi+r*VWgX^KIV6&<q+f
zF_5U=s;NzYnc?5*;dTJz-5*Y)Wo?g<K{`IDsp|s@XZgtPSizI&<GH}rK-6<4!pFs^
zh)xG=?0kmjr}y(Mw^yOVjV>g!K?8?w8|$lEJ7MW|EAA-=ZKj)>V|FKo7vx+>54E-9
zB?h8lVG%sLsnE*r->W|z=rirFRRTr~4F~=Vr`TG}<=>rkEo_gj)jKn3dcB%=-SI2<
z@Kem<-d%*Dq@p?(VFk?kO3I7@q2*fRZU%^#VG$7$>WY|jwUF6kOA1MTe!+N|CcCqm
z=Jt@7sQG)sOMX5Y29~H6f>4<}qp^C2lxkD-L_z0O=tda5L&5is$TudYzx4cWceNwX
zptrj_ojAvSg?hXi7W<xHVI3Npn3xP3S6RYkPyS^6!pCnUhTrOrI|&p?EfdqANrC<9
z$E=|IXXaYk9luAOUZ5~YKM@4z^M7hlPR^>1(Gu5#{;9LF4gmq6eQq}%+JN{Coh&sZ
zlsLId>q;O1K$_k5ljjF;o@DtWlBc8nqX$wpF#>}9<Z$$cMjedvqfX<=sry1SbG1<j
z>Qz1#?Ep9Sdh(G{VQT`7ruytp%nzRrkGFyi4Gh$$l^Rg|G6PXMW~YfVJpbl$kajQw
z6d5MsOQCuHFlYDk+4JWLkg%|D;PCKp0#l6a4-Np;_ueQd;B#|uq$H=O|N5sk-Tn*n
ze7byVhzlv;(Gjp})@PfZ1{46I{RqJhO{idh7L@OW%kJ}Un;Kl-aDXP_F8?wEN0bU^
z%cE-XGKq_MDicMH3J|AIs~a}3rrd6wbT)#`E}%~A2zU*B9Lo$GzJ5b3V)#8CcZ)o(
zO-=n>$4QmRX_G%ZN(@Pd%iZFpa#rQSa_e&HV@T9jAyR;Oz>rf$NiHT8eT`nKm_95I
zX=$7DOWXH>EP10DT?TAyFId^ksXxxN2r6on1qdJ?)}jBqKHDR_ud|cY$Oz@?3c>QC
z!pC>=@6>{%p2%R}tcOmQ>j`dlhvRR2Rb-%qQx|mW<sv4w#H5gOd6gUQ*ybY{SIB59
zD_u2n!6hYSXlxeTL(Zd;9wWfQfUgO-d30svn1$O25Hto4<|?&XDKG{HMIRPhKP}iZ
z@ug_K^N?4S$C%HPS#v`~#GIH4j%pT?-R3MQ!G#>JIRc(iNoiYkeM<9BeIS4(yC$2j
zVyN$VHtR!CmF{jGU7ms&EYuQ>-BHO@ORZS3Z`0zE;yXkbDsmC>l9)N=46@jlexP-f
zlop9iu65P>-oCmk3;prKdB6a)X_=auPF{#?Bc0-dkL&xAlk=VV{12;hu*B&b!lVrs
zlx}W?UPH)yUEP|36Ezwhe&XcRwI76Z$;m`YT550a*Kx5+z>uc_y5c&OGP|t|3;;3f
z;2e{mNT5i})~!gMMm^G@Wo8~Sqnvpn@NyJDV$A9B4kR@-P*29>`Or6LYonc9%Bahs
z^^xzHZEbPdZOJPFM_y;;mvm4MK>O=GVQmh9`%ZmnDeWV34LuL~*C5^rg2{KuSI2XG
z&+-d6Jx+~xNXP@nyM?8LPOh)-`4N8F$trmY!1>AKRXIC5XG%#)>E`m0jbni8YB>hx
z^2!DW2S?wu^5#3mQfXB=F*aITs!&E-2FL=~FxG`=<-$YubAOTagAgQ~GagY$xV`;{
zZmbVAUR<04yIM^}Bc$hS3kJGd*r#h;ocDyqZJ%xu5^|38qv5}OJN{O$rDL?v_a<Ni
zu!7TDLlkbdd!VX12g6y85}6XQIevjMYMn`qY>Ea}XvRPf&(+VB$(RMX@ykmz)_U?}
z4@~HCb4hsJ*dRbNi8Uj$P1%&a92~^i-H-fWF<SkYmXwslD&V*&HwMmR+Kio+RE;zU
z&h%HuE1KzG(`s{bvyex&`EJba=jR+htE?{5l0Ve!6~F8b3Zj{uA(p<mIoNpkQM<N!
zh$T%(h%xbwdF$MQ!pW`g6I)|=?eQY%6X59r&zcR5TUOTn=$^Q{@<>$xEWnRXD^w9L
zU&4|%n8X1(xIuo6S}bMB9Qm>{)h5c2nkr$pH;Iz0)Z%rDAiKC&e|st~CvObkSBj-|
zgzx<P+vo+$zQrY6?;VxAk@waUC{LG{hpW9P;1ZJ(4M%VP*5i}k*(vCeVbMoNbB@nL
zWR7iG#&WMjkEumN9xo63M+Xs9&Zi}nmDy=oSfZMKh9iwjfs<QrY;7&@Z*QtZvaJnk
zcf5l73y=t(>NTmRM_ER!2Oy-M|CLs>=P3S|bvv=^yhBcIQdYveBT=av^0I<Tv=`Xn
z>UHF&@|3B;;2rw4Y1W`jzVS^=j6rCS<Etn&Jr-v6bY7pbs3sU-43f%g<TvsdTxzN(
zyGw#X4Q|-aU3hSv6clwS^1!Ur@3k(0fhdoyPN=e%2W##ok8T-Y{2nMEIF`GS<Uh^7
z68LB$1Pq6l=YL+`dIQSNJzW6V<?UOlZ|m%!^S(`27l)KU-40#vaXilms<$DXciojR
z5(t<XR8Vj@ZHHeJhBEam2L}cSuWxRU_jY&9)F@&tgF*3V&nh6G;{tX-Iz>iC7Wk*K
zGdcl3kHZK>HD}dV1qJ!e?=4>O_J?G5DJk`QpcRQ@qBo?|bh3$%GTP+mNbaHY29piM
z%FXRRJiD!cG3}OdgRU5Sm@0~kJNNryaiMbtJlm!9qPM4`m}LBT+@EZ+g{>!*MY}+G
zFU*DKFCucSV-di`xPyrj5<?Y@{_Wcs)oTnqgq>Dmd@_uyX!0~?tOA}-t3F4%HI@_P
zj+<!rSBH|)(#UsOGrkXo)z*ZQx0eMV4`JJFY~b!}1_h);6mYNYgc%f5>_z$bu3z?y
zhiOC+&`9OIP2uR+S?dZtkoENmecHoiVNvwMPT7nl09BvyS^LToW!9chkB0g?|A(U`
z5-!hI!2?C_-@gwI%ce;`JGF8&>Og<T$(i2jleV2uTEop94=7gfYMmQRZtv7p+W)?8
z{9e*E2^{bc78cZ)10vDd=~5Hl@wTR&HBTYvPWQYxjQl4VBIeYOb1^X;!V<dF$oC#J
zIl^j|QRJI=+r7Q({rejRY-lriKR*7%(Yf^MeCeASqhei+qyg9Q_Z}wJmlE}Lyi`(B
zm9b1OU;aS`f5nh+20XU;<94&d0@dg2>}-hb<8<lQ_Zk`u@Nl2GxGDj=+t}NyE=!*p
z2A=6pPbAvqnS^ZyRwH0$S64RzW2~(SzU66vy9qMGdUF=FfrU3L;IdJ%tlbg<#IY>o
z6Y*huJPaL68vI9^+st*JB6ooccJE*=?n~0c?zU>1x463)9N<OxkGL+ON05pqJuju8
zPoFNR0XPfAwEB&5!mFHRJk#i++cISxHhlXxrPdO6w7l;LJ09MDnRxXrskAf++lP>x
z1cukve9vhY^;g<r#TXe0W{wWQYO7MKiEm4%S66M~pSS{w#4&Jk2a1b}vkMC?F4udW
zxDLVONfuY<AfY*^efA(JIcaS@96yZDAwc+79KdJwnN&Ppo<IA=L(&Jq1T2tTbzAKH
z3)9-#_5t@3)7N`;-zcgEJiqmo96@(?8~cUIx*5#RS+O>5&W+4X&W9xO!N7{DoE$W4
zG%>E^tLu2z41pZI?GY8#cmAqrJSsL5DDp2~9<;rzg{%<yrKJ;zi0Qe($i>}V_wx&;
za#<<+2b0a9#2>Ge^c(01uqZx@`UDIWzyEu=5%xyTaJ@5_L>SO=A88fgo(Bh`Ei@6M
zyQEsYU}oM<=XYYTKUwX#Y2!<xL5cuG@2I<%*OjxQW9mC?Z6*x3Y77jm%~e06+gtFB
z-DwyhZu|~?{dz*&j(^pxfcoDp^Nyp1Yla@kLV+DO!RyN1Q%@k!znz?S?3<oorhXkQ
zfP~OWL*V(pe{!piyNRXELcfw({Nsa>yPrSv^@x?Nv!e%HOXzjBrv-j@F*1cUp>`Mn
z(JjK}tokgKcMoj=i@No*b8EW~cLz`fCWM06_~*}9-H)J2b_}W98&3zIMd<3iQ@tZf
zP%7kptEgy8CG2_ev}YV`T@-|%6LoQM|1hwM;sBdk#QDKj(PEH5%WnC8s4!RR{B(Di
z{JN=O%_YMF{x=tw*4hr*gGTEG8<>SjF;|0{wbHUN_qtChE#$4&)!BjPqWsN0M7jnK
zABKgsRh;m}ap7mBRs&vw`3O>Ahvf;CCcA$3aM6orKG$QD{fXp!j?XTyZ_w{s!5)K?
z*&pbDobM=Qtq12fL@6_BfQLuL68>C1?D6HuP#3A2n^4(=Q2yIA9__WYHF%%9%TJ4*
zvH`2yfS2`N+uWRl9{)W|6qi6Hr2ik%!_Do?8b1TJZ8fi}X>!xqRwoOaxi;#(hdZ^D
zC>>B*cLxQp<riAyg)BUXl0~D8P82d_al_n`fM5=~yP>Te8TF79DEbZtb;byj7tm%c
zxAuS+SZwzG%Bb+8h=!Rxwo(AOkp}j|Fk)1iB+s0Kyt>gySPfz>mztiudP2*mT%p&s
zEBYv<eb@yrkTH_ZZ87qmnmP-WK$bqt09L>A0yYs3pFy!wPD#nUu7}Ld93`^$BQ2ZX
zbSly#tiWU7BiRP6tGb0XO5jfOQSiYbQ@Pn$E5WkM<t%49zavt?^XG3Hzi`yLmz6{1
zGN4Hu0myFimCJgPh(8zVoZid%fPy?4^nP)_j3~(swGLQp!l%OV%d@q8!Om(%y<b!w
zLke&VFDt9RDGgEu2O}!2*X3$Y*@puYpoI>B`RSND<9V_ZzFo9v@HF6|-AXhosMfc)
zc{2x0f5VH_I$5x|Ir!hU`>R9X7UaJWrOs(>4MRu&&f7oM-i`DzJ>$b)nl1o4u8&t@
zi)t)7O1V#>Kj?W~cDKgi<Y*73q$LG|j0Skk4fjWsXqm1}?HWU%h_0IceY_ei(R^(u
zlbZ{W%VJ7D0{6%m4!N+<wP$P-jEHn$cKm1|2<NBT<jV20wg-aK(`#K$1KB@?B<Nr+
zFk(J8p~F!9gSK{$hr9bT6^dvYK2RV?(BR?Yn|%Yv32Z*Kdnq>jZOrO?yUXUr@ppIu
z@|(LeWPbn!$N%mhm>7c?soz4zU0TMZDASUUO>J*FN+ncOqm=dmRK9DQ`%g%zMmsGd
zy0=Fi4Evy`&qSb+Q+|NCv>MHxTzpgdG$}0F>=9^zO}*|RfuPUu49%3`Nnv+)kAn~c
zN-?G2+14!}h>SpVmb<zC>Z2&HL8O+<))QtmA!cXThBfZJWno4O`v05DCk}E=`eLl!
zy?f_xZEbBvAVZH<4rmXY7au?FkAu}I)S#e+ECDSJ^z7LNe7)DNieh9=#sK=iZfIC@
z$_QToPgS{6gDUCEDc<zjor*eEvdQ(e=ZRjS?b0eJTm)PX2Nw+Awi{RBkQ0S~57Iw8
zxPC2k_%6?|$pm%Y?PxLIi_z!WZ~OGrJw6Wh3m8^obMZG-0;n+Li%U0Lr4Tnzt6=fy
zQ-*}Hlp^LvS!p)!N22cj>S?0GwE_jc?KS_1c@2O#@;t#3vGFF?Lr+DAR{@p;;36Zq
zJvtNYjs1_A;Gd7Qlhe5e=r=rrYX@4??(YH){dyc{E}W7cL(Z@Dq`0S9;vsE+kFZdw
zshxLz2X{J8LdI2E^$xpuF%3;K<WKvUv^_ldsQCQgyFyNB^)`|S2s_-im2^eCzHB&w
z_zLUoCY_$9_@ufmwU^B9o*Cx{qzU)S6QjI;lunW`fXJZOF5%^sS*OVM@<n@j?Z^GM
zp9=w}D{O+&%dQ1Sij17O9E-!|K}w3|=+d(w0KLU(bl&|;0jkkr5TppfM+##ADyaBZ
zQf_m_de_7GxMMp>&x_;OEiey(MoQT={2MbnYfn!C<D+1|{lRRicu3jxz$Y_lWHw;Y
zp6m#GF}Q6jLz2<q2h`9?offjs5<Hk^`Gt&14}Xa@w=t;&iO2zLUncJi@4WZUhoFau
zADgD8&lu@}R<O&&B=>krNXo=?V353MxzfN56Jp@ILQMe4BxFF;S6bXDf{F^_VAT~&
zHMNYUj0F6ngf<!(9?m@sCO)o92OTbi4xTx}`GtkaO${b7(^FDXl3(2>(gdLaNkCp&
zTKYSi&X4}w`g$#lBFN)2U*E`6{Ow<Ba}z2Oe4D1`>lgnX>M2RJ?c&xj!9<GL1-0}T
zo#2}rwA+35AXKF6;_A;OP78n%N?NEh0Z<|9_v;Z4QBewKmo4jd!zQH+7*5LcxjW;W
zgSO1grU;%747^}w@&^nw;MZsw7*KFItDwg=@Q*#+&{(+|V=ICD%8iEyZTAdul8Z0v
z1qB~Y@6Vq*`Q;;ZcX*w&g0Bh1M@HNq4@mE{!19;R#wI4pbygE0&3|chkiapNFuK1!
z?FH*M4%ToVz)&L9|G?^F$wZj>PG}&enVC_Ok6<qunQBUu=kCA&-=CwHw0G}xl~JgL
z9U!_df_!3tWfdvd&|kbchb6WtUFSzULj10?PYWD9i|MfgL24IsHGDgJI(DljO}0z_
z0qM}E07%oK0W{zyA&Gl*IP8l<OGl^L08UI82vaS&d{p8m1mFjrgG)j(YX)`^{xLH%
zTZf}zqDL&jBG3M4D&_Jj02^8dyd{&ea{dgZ>1@H1p9c#w#i*nRuQLk30El2>^hKAc
z#4ky~06%<7NqaI(-i<m_-Z3{#L|8i{$5&uy6E(%ghJ#PMt;V%>x^wx--DW<hGz#;Q
z(}R$Z1awP_qo7EfJH0tk26I{OGty7CwiGU_GKIZ-8$JJ8SEi@yLR0KY&%?~a321^;
zn3$RK_V@Qky>HIUDvtZWGN>x|JJ<fY^&D5$_b%@VbCt7Xc5)>DqL5mH&e2cH%VnMb
zD=juTBFkPKbZD|M23%1Jk(B7^f@qGK_1S^(c99=EQ1@RCz`Pjsbp*2hM7v2z3Ck$a
z+!(sMIxt!P{ToWDw#0S*ri?17p4jOeL{pif2(vnOcLW}g%ID_hCV^d@{B{-=S6|lM
zkve!mB^vZOIa!n4!onf}(2nom;@+#Y8>6CPPR$ewkaeJf%A0R{KXUew+?3C^7qisW
z(RwNnvji|bgm?%LJNu@Yg_CzCU~U=G(oFtz21AxJ-|?yOd7=Op(h!dR@B6uPvRWVn
zv<hz@S~l8_P}9l&k$%6(3`+fJ?T~&P+z!4cPhcI5c)x!We4|HtzA;36eLU;GDR4Ll
zRt!JDN@QA9RaHfdJY1v|ShUvxbqAfNr>B#M_jUH=!)(!awJO62hMcb`Z%;Jlp=5Tn
zi<9;|a^BfK5a22ehsl0vRr)m=N@VBPlUM-dy#b$5MPCs9E50)dVjeIpevQWRyxi~W
z3u<!(H6h?>Y$qE6!3wj99LeEUG$v-Ij-$W(4!k^<D_<I4k;#ye8Uef<r>60Z4-Dx7
zLeoq@fc@?mt!pSZAVnh}N<r834<H1hMr_~)iGi{R$5YVtVCQ&i>vdUUV=6q{U~#cl
zwF&Ag*_eFr17@sP-&i|7(zlDt0YF}>%>o-`e@6vethujW`F3~1Qz|(sQx=7vO_6aT
z)DW=-@E~{57(6`i9;8-Q>3-}+tEUh^IyImD`4#3tv9OSWP*7`DPT<90wK%L4$LLT@
zzlx>KGpW#zON`GEkdORwc}jmzNg02;2Baf^8tpdL*GJy`UlpMQR@!LGy?GN)BI<kJ
z4D_VS#EMgM^GdCzpW42(v}C=;Tn^{!(nwxjj}~z`8~%uIQ!|(Fygl!T0CynXS@r?a
z%~}Ak%N$G{%n%^NL<z*+{kPxocYpS$yF)@brx7?p3$>B5;Yjq?Cq_sIE3pv~P*b7n
z;R5l*;lbGZ_QMe9+2Mw)u8=)k#qmn0lN6H2lP*RWR=v5~IIA)_Kt;vF!vnda+=7@*
zw||L&J-`wk;P_X}uCA_<4-e1-Rtk*qoOjs`*kWVbDJYNzVL|ynDxw=*DqRQ`hQk~-
zDhDR;@rJ#%mDGg)FOAz7%4=6IQuitJDMz{>G5z1a<3L>($u9vT$SQx$k{lbf*`C#=
z16LE^ay{ZA+RDKqvi8fv7ey1g;sqwMDYJ7q$H#4IP)ezcuLcntr9ja2Q1YBX*ke>o
z2m$qW+7At;$9qIkR8&*%n@$lP`_=Xt2M327x-xf&e7q4HY)e=D7SHD<fZqfQMGG+D
zUI|c!XlQVJXr-Xb|EL(5lo9W5$X@Y?$@QxCXK$y5NPk?9DIJ>-1#rxsvI@7nn}Mab
z5D1L)ODShV!6Zikgh8h1(9lT8LT_|fMNLH^Q{w!Oj`*S%{Y)=THa(j!g+!>lrYmHD
zl75#G6@Y*VOgCe162$T*m=rbh8jCTSSXkn;3z2!?4jMd@n&17&*&CGaP8SNFO<<gB
zvv?yf|HaeYJsqqkR8mDO#FvT$xH1=-)2TG<NI5w<c?WjGpup*QUUo-h2<FHzAlF$^
z8?=SArI9b+Kk$P8V>*R~?Mh75#J6|gxNn)6!5k4Cp-;h_`=ap~+~maWc3k>d<Tq)q
zhh!qVk6`E7hNtN>B}zWObOD7OcX78t0-L$I*uoi`;>}p<HDe3S<F|<^P!JM>&Igkp
zUr9$X1oZo_?@0x>f5F4OC@wb6kH=*LJ+duzw*KOo{pV7@(|AwZoV)8bO)sm!BHPxm
z=xD4$4kB?hERX|-=Q9M|690^32(p81N>7Wd%=n$=xJa}=1hOG1lcE0$Z*xR0ygV%7
z?XQ$fW}DsH3eJ?M{Fx~a-83`+ez><_qVV1OsS8qbJ+M5>?Z4eEl$1@b(%VN%v=#YC
z0K<lb0fk4MU~Z+A_GUxY`{4qeol3Y9c+ci0(r?z>ZCJpLh2FY-r<d%Es4(^zP?~ef
z4ZzXb`zsYW@aCNMc@X8DBRAJ-t0DXan5sj<&Apjl0IiMkJ5?SZ=@sX__DUio3={Dr
z&{WPae)Np{@`dg6@>1lJvGHel2cZBQG7$WAfXgZYeWt>I`t0G8T<pJxD&uXXADU_(
zchqx9ONvXSE_Nr-1f9`(f`bn>5W!$t9y_~!=9j7|F`i6Wq8mkN<VW4Ts+7Uo)AfzU
zpTCltL01(;z-R&bc>oAasr7mRD`yo`gP0<T#KqqyRog7e`#e%nJt6Mg`17_n@72dF
zgVvz7Jo@U1->uZf5C86tmD%+g3Er5o1>nfQ9x$q?=*5(DB#|}&F|h)?A0Pr@-LB|0
z7J)K(?<iwe^E#V_U}UMT99r?myFCc7rHUM{gTWBC9fZA$XQlceSUv?)W&oeBLK$q)
z3s`yID_i*^A20_bUDTs`d7)srE40i0#?krukXN4TwKVKpXgA<_mFt3VS);D4AJZ=x
zYR~;F=wVt?M&{ej$y%3q0;BRsHb5k3&%s$?jq&&QcaV^fcsz!n6}wpu7AMybNBZe1
z{9%Q??NL}hT5-wTj8Kqk_dL`|(b9fLtSGk_5!1`b%bU;e`thM61FRQ0O(F4L<_1(p
z-{PW*#zHg}oWSKCa>DzPF_Tp>fAh71STKcjr#E_*lu+6w(R>?h)IC{grS$mv6%LLp
zx|fXG{MX7F@V_N9#mL}D0DqEHBmoR5feQA|*47q4O3wjOiYDjm9gEwu41#NpiVX#q
zv9;M}NaWk(H!R?kF^a?aAy%OJ{yiaGKmg9pVKh*<i#J})1LNi@70HV@uche7uGX>-
z@yQ8Y;Lns(Mro7>eaXxe<2soD#zA_+J6DKLuUQT}US94G0%B~c?u;>&%MaN6{0#y4
zj7mt+<h(I;dc<hC$e{EeHwL1>cpvz8=V13`ODpxn^hB4jtZY9s(>u~=95`UeAtz>|
z>Fz6Brs<;cxdj%s!YOPn7B-e{*rcxI6>7q*E%m;&`E@LE7&BaPCFgw!VM674k&^=F
z<oTv%oGt@+Q5>&qI2G=eh1~tP!JrgOtOD>+Pmadvkq&140}gCpbS)+(CKYh;GQ_M~
zB8}U?sLWF!NO<xK3Z|)RXhb0RrRUNSeOd^~`H$s70-h5B;uvb#?tz2@_IY5k0@<R<
z;dog?w4VdweofeSb<_je&*qdJgY|%8!2Si-XS=db6K%f10QM|{@>qm{jv)l5?2iIv
zpVdaAcW9x`VXYnB2L0(bfe005X0~2rYU;%%dw(BAadBEv4h{|#Sy{$y;zB&6QwU_c
z9~dwY)Y#bQB;tGDZyWjAbN-dqr$sa?TF55h&B-!0%$sBk;8>-8)0cJU$(Ju*_}u~X
z(*kCrnN>82|0jKYZ&E2O!2gQQluLIGryUs3gM5=`{;NF*`3VhueiwGy-Yysm#_vl(
zj(|`UL-zyr0~E8cAlUkYP~@@CX*QVX1y23U3vk$m@tDNIG|c*9C?8s&=H_qjH8r{6
zU>;S4^z>|gW2C8ZH29lqAXhFf#$8`?{ulaf+z$MfC%*$Ju6HJux~gLkW98o`%9lSB
zOG{5c^bj(*?Jg}2C=5h2?&@qWJ<OHK8wb-?u|tNwh&M=ro;2lIp@{H~;W!*HDlC2P
zg+$?xBD8Ig389m-Hm|{?#6-t{z(8dzN`W6Ywz+g@5wHa70&wIr@U8z8eEaqj(Yn==
zB;{*|@u5yw-Psmj*_-<$X0(e7sot520~5-r$x6_&EPQ*B!|`<$m=N0K4XAHwm0g14
zLD?k}MH$HiR*7&>lc8OM>M*V=^qsbar7<=uD@3v|pIZ}xGJ4DyMFn>3+!3>P9*xl!
z=b<GfyB*Q=_aOHmBmZ|{UvY9axE#z@Ex@QSbKs$sDyg-eDmH?Lhrd;1NO%f&*y!Bh
zsHu5D#^DF<tDpLN4LX4rXhxyfGvua4uf5%exw41=3eeWWl4NB~oUvja`uK_riY{q+
z4!nIki!FkUmj~$4@QB&GpU4bQ<n=|IP+A4ua`Wp`d=zUxY68R}ZnC42xuTr1goWLg
z0IWuxeWBn-nZqYay$v>aY}7+niJ&fIU<P|tRn*jKPGIM+gBC=*vUxy&nF3ynrKY+%
z(LZ&~CFBW_;h$<V90-@NK!A#tCK&JzZYMPBBk6zxvj^@?4SvBur9!pzILNgOj8t>s
znL5)M^?l&5*j0u3Uop<lV9QNGFjv=nFRrdjVZ8Fl$bf=uW(FfRDwYcHY*#{nf3JV!
z+D#-qy_zdZqqKeXbmPO;*l(aPu1~diY3=R4ae)X1g~7m(LboF+t9Q6?et`3}7*2J0
z05*s#*jZ)803{?s`~A&%pKi0e13_d@F1%Q>eoJNN6ruIr9w4!iUi>|`Kyr6qbyyM)
z`TV(3yAEd9B4F6a0*$DAY<dyb0;1-=Bm(A`M4*5Ah=BFuZAuE-%v4GI#XsRYD5d_#
zD~5$x!^CiOlCo?6uG(xGZ}(e*$jgHq0SvQ<vooA(3+&95`VNtA#l@)}K>Si8BO{ZZ
zd`=(s1yqel@Ad)akazm?>#L@U3JvO{tDH_FLCEwp>n%FpsR28+NKjjoSBrSa;HL#+
zV4p^brg&q-_3s5cbKo5;=|a1B2FLUaY%v*qF-Gl`M&2#TdfKF<z~<TobMy3((9w|q
zkJkk&3k@wRYb8tP%aKv+f#YQ({}Se@cP~z_2MLitwmh5Pa(5QUu(Glu1$LrV_lP`P
zsYsY&do9Yqz<^(2&{qBc0E6<|w=63S_=io-IRa#~V!%8A&2)9)u5Sc3m$F=*0@9*$
zybrZFL*QLXjHqp2ce~e}>*n;$=@~+_QXikBBxsuy2O@2z{+-3(|LN_!<GF0#_irO3
z%18-iRuYm#_UauXWRy*!fsC@}Eqi1oL?I-5?~uKsWbeKA-s^Y1pU>y>`hCa$U$5tn
z>Z#l9dSBOho#$~L$8pNaW`pn4U_ii8QR2-2FA6WOPlg6~K>mL>`ReRV1|ctVy^89$
z2R3k&R3&Wq+@PJ1CS=>&AZRrkOix2&p9<yTRVozlrVCg?`WhYu1;x_w?nF?@)vH&P
z5yqQL?*!7+4BSfW)3jNJqr$>Ij#jTt_-t-K4)+L{IImY%U5ktP>xk{sz}X0h9g^C1
z{H0e-Re;}6S8cuUS6;lC2G|s5`31(5A=yYv?QJ*+pgmRdyctYPw*B+8l6=5_OzBgo
zyMR{Vqs#Z7Qi3}Y&E31IoqSJWHeDAVA75Lk?TX7_WeUE;Dgyg(oEoCh`*W0(`{>ER
zF`!Z@q31ph6eQffAn|T-)9MQhjEI(tm_Kv-PF@ahOH8gSG&rU_ctEthbswOW<kXG(
zF)COR4FGhTJ>ApyelU=r!18}LJbXQilM3gn+{n*QFiz{o_5y46rQh<<y}KbRr(ftI
z(xtR}lZ)qE5?E<|3a%9GF0q{XI6FK0H4xy~tjm`q$hY7UWTYLPnMo>iIoj9wPyXP3
z>NB7IX1);|lk2NvQ*zK8VOncCx6KWLh4i;?-IhP1Y;aP7pykYOd&qC5{lf$JQnZIo
zJuxEs<u;taoMCmf;?2}4BZ>vvE_I<S97I*nrWV8ne-)*rp9(~!Svu~xDI`=GZW*U0
ztacrNihF*}_g6n|7@*i0>N(6nHND)5J;@noVFlgro<D!S`DUU%vfN=Sb!Nu^y;mPt
z$4p50uO#AYV-35Sh4G3m;DLET){Fh;2g=G;wN{4VCCNa41WDnj!b4K}p`QU|UoJtI
z2QZEjOV@`YkNer8I_dF|?O*)P{4otD;lck>Dt+g~whCE`{H7`D?CtHq54GJ5_tpG-
zd<|+|@y0n|RHqb+OC<mgB{<kYU~Z1+?VBpGpc5UPE|_+n1%;o4X@7po*ITp_`I?aB
z65U)JC{i5i>auot{ygzI(#Uq>S%^EH*XdOwE+%0Y-p0RG19Z@8qxydC{d(?gA2}JK
z%@{o~C)b7fuHDt?GteN1x<_5hpapG-BsbMRc<XYFhmCl+IU<2kh)(?X2XXe7FE<%P
zqS6+=ynXXda-i^2t{u17Gi5Jm$}aD1@K>N>sm82B{ysjc85()h<I}%C>nU9dV$|e?
zXpbN9_U&6tJtS&79Z8Cdh3W}O@-=SqpCO^V_xz3<Gd9*A^yq<c-eLvnPD(@iFiPND
zp^#0!AM2W1a73tkw2h4&c#}FZoQ<xkggWJYtQdpx+qYD#R9~=%+Hvpg<cVIxZ4ID3
z5fi_=LR~?<CnOl35k(87+=k$_=ea5>6r+<KimkDEL0hwJ6PB-EFB-wAUcSpqfnTLE
zsd(RQ^aG4c?+Rr_6%U_eXj+HBZo#X}@F7a);jZ#0BufsIekA@x0;l`)-5O2~Qg`E6
zQJ%E4H*EYDr8G66tNN8+f8z=C6~ubdtI{c0Rws|0v(-8Nf{rHg7S7q3KUH>9zn(mH
zn*5ej<5+jvW{n9x-90{21o12>vAamq)U}m*gPo~ek^tq-1;kC*k|1+>dU5=os%rk*
zh3<@(3?Qi%_ak#7KRbDbNa9Xa1ee~GYw}TdxOjOBE<fssu|7=K_*D8LpfVznyn3R}
zop9CGR=T~^cF_RfqTbnQf(#0l>kqpRFZCCYjJddM3BEBRrNL#<8jxDDeMO8L9UWq^
zcYE@&>MH8(O(?j%=<C<6{AIB4OxE(yy_K<=9K#jez%1L|Vfu0cGOx@M0S1)~y%)-q
zxL>{mZ|?IReDd<D_crOtJSF$w0XN%wDe~GACUbG3c;e2^&R@C}F3z>>?Y9HrF4f?;
z@XXCUr>c``B_^c)M#ke4c=${U&0&tS5S6Mbf}njgG*|*o?p()$sWz(%2NX13QBhd?
zwbI?$-Zbhb`@2u)j*l`5cN?1<D<_Kip){}F9+j|K)aanT_fVOV4@lk4JIlMPn{1A)
zc&w@H>{YMo&BX!L$&3;7)Ulk&^(O<Q?exo+GoyrL^!Op;?u;H}1{3uG4yxXasL!-n
z`?m*8q1WUcXelV#(!PDe<U&90E|<1A^b{P(Xz>NzC9E-$l~9=efYyn7B#%T=+v->s
zyQ-QR3oFmLnWLjMpvhpV`#{52l|FyN_L)JB&9e4jVBiaCdcV}vPvu7EUZm@uN!(sy
zQ;^AM1{1=K<_LBBQ9zy0CC!ys=p+E{T2|~#CqhW(_163BC7lfk48GvjyyqWW+6zr`
zbFrdhqfxweRF{7bQ+L8`YO5F{EU<pCQt=YFF^oR3jIjD{(sy`yNk%GAwDRxYRlWcz
z1MbL&9t<LW@_8?NwEXVn-=tJl{#5Yx>h^t%_{(1(qquy*|J_Vly2fr){L5fb(7cc2
z*zb-ctY+;pSfyqariFe>=XjB+Md)og^A-FH>WEX+lpnb|Qgca~EUIsR4mwE!!5gNo
zZjBEVCJTHGB8>kaZ+rShiC2}4QS>}DHJ7cWrI7W^pJ;MoV&e5~So@3EINWe}bY!kw
zY=Mq_1r!_yxl-=v4e!ZvIIDCka<a9yTed_;DE)9lu{cKX)YdyZoKB}TA#kdAm|yT_
zVI2g1$}CF@YU#JQ-z~L7${ekqLKvY&dH{~Pr^&nneTnVe)fa4DT~Gbh%-vK!ofI4L
zF+?Kh9o`!JqrfaJoyT42r-M6pR&vmRcFGX%v+pzptQF+s7UX4Rf5iZL;QS4Wb@EHl
zyOmh2f?jT3=!Xy63-j}$@j&i?ybi8fw+Zl7laq}Xq?d>r+23*xjb(V^XeVBv!itE)
zpp-ABra6_B2nfj76s}){_D%0I1NXg&`Z3_ILp~oJsPz4Nugfti3^5C~@rUt`)l+=|
zbQhDe$R6_+=(#9B+43<W{H@bas-NGB9Kvq^utfx2uAygV$CCMxV4yE=K+mNVE;E7L
zFCmOkWZ2Nl;OXtHCu+Yw$qgK4O2lqwk%sS66!SIyPvyFiucEy`8nxm{lC7TSB_eih
zZ{sC;$Zbm7t)&@%iz{f{<4{RQgLp^&^Hags7st(q4U0N2-?HH-^zx{*`c2z-<A(BO
z6~^_v+~7L>du|`xaKHUTgWg>t6?tsjb2jYx^Gh?ynW>cfAOc;|TFlKB-^?+1+V%4R
z{cXcWe{c!AOF}}j4o5BuD<j2^rJ<ooO#F_1cX(xDQh{%LO_~8R!%Ud*w)mbjb%KJ5
zlHz>b9d>rR`}g(TN(3$z$OXg<R*-d!)r?Jz{*4b`iXJQ?>&VY1w_LvDIQK9J2QPcN
zms`EGSRBw*zjLPv{F^Xe^LQ==ydQo2!b?VPgrIeAX3YSLqB%DP6NsgC{uBWfEGqDa
zrNvPkqA`X2EcswYMu^72wz{lr>LkE6te_yMZqg!idldskG&%0usb66mF)=YXSY?6u
z?{pvQj--hv7;M4nmqSS7<@IbdSqU-b>y!E-dWMCQQ=63Z8^3-BCRzZ`fRpo!palX5
z8-hIM<>lDgto`Lq*mfVi=RWS?X5Bq>nK*(gZ^UgF>}ZdR%qxUvVjF_mOd833cyH+e
z6^dzNK~2@71YhnVNibKIE*7;TpPAV?8aZz=*%+dzqM{<w($XTsW#aa#{-1Zve_G|%
zs`u0B%}Pg7s~GY~S=9qitFY2w%NQhF%9n$_syDzyz%>+51OY1|9plnVVPWCbjtys9
zfK8R>O~$6s8111|^fWU8ua#5lk+wD|0!@s1VQJ~tr%$`pXY0dlTm}j3o4dkg!#Q9a
zR{Mp2t$E{k@4$Ssqit{M<%f}<o-;sh6?D3IUi)Sh<#*g~xn-BAot#EX?6`B4l@X-9
zy}b^F@>Mz^KEClB-M@f&a@=c7OjTvJE4tb4?ll@pN^P=;Pldzzh3|^e)deQ14J;n6
z(>@fvmfIW`gajpZHE0lE1HZGra6#SdnOjSzs^7Wee!%9l!5`?gZgFsV%Oh>s(;cR!
zV;3(FED@g*PiVWYz-DK}AT};54)@Q~*~upLTwAWqncsK_U<7+}_MRZ)IN2nwFfuw?
zjg7c)ek{FIXb{N05o%dTC)N2csg&^&9t^P}HGlf@-f&)@Jve6U{={u?tnlDLpAh6}
zR;e41X3$~tG{1C>ylZPq14YZwfRw{^J^XU1c%W}AD?>|3Srua~?1nxA9AyG<l;cL3
zhebK>l8gC~(IJ28?7v-}c^RBHj3ao6{h_1S8~NG5H;(Cps1t(R0tWU|Bj3woV}E(?
zQm3*mxdpH7@c`h0AjRh{5Fijkf}o`My0bclHR%KmP&^<|S5KW1E35A*GM7l|ILVX7
zW^%wUKrNzqNo=dDdq3y#dhIy-G5v>3aHb~JolxM9Iw!s(Xt#cmPtOr&J#P*U)m3@f
z`0LjNFAtAPKP<*1sS?MC+(rekC)yLHL!`zC+m9E)Iq?U=0xe>uTjpbZ?V4R*OZWi!
zArl*zX=!OKmfBGWhO*`n(hUD_LTTzXHCG2JV&{FJM_sl3y!qD4&g*6S2j&Q`N{RGE
z+G=hNQWYS08JZ?#b;pDBK|dy@m)9IzT+b=#D!X|!N3=OtBI>UPo~)et8~h*?K}y7o
zWR-%W&m^9`T$!9VCOCEEXveAJ$Ec=8)qQhB_0_-y5^bHF&W>|83OHj>fwhFI>cC=K
zbn_Y+7IPt`=HVF>b_@sXR!{F_43O@f00yz+p3eqEZm+_zCrh%juWzq!q9JIf(0oJ`
z56SK57=z?k;c$=jSBZMFe7^RLr2&JfOdX39p2qClTr6#r*PS#W;Z%%olVLSfv=_-}
zJ%Ed|DBtC5jap^1T_>8RyDO=C|Ndx+heUA%wONb^2{0Lfg*ncpCv{(gW?F#%aHjbu
z9J;S<bB*#RYo`<3(m9fC=5Ueg>^G%)VNz#NZgm65s}X2YIsnqNG1u|8y<_6WOK2N|
zDU>7e6YJ+!pDBE)EKE@eQ4+fNLGPEGtOZ0JRFqwfS&W?o0WM}R3h076T-E+l3%`lo
zzEaKUNs~)T%FAag{{DQ|+tk$5n~;DY(BO9D<}7%TFAj@v*jnF*nm(0<Qu3?x5@QWv
zP7eRnoNvp=k3h>{SBqCEGP3~k`(116pELYR3;rsiqSv!JmJ8%!MQ>>ooCcjZI&*O3
zIkfX!P5k%3S0R1<*~}DT$dgVsG@u<NBl939f*vS)i?8$N+D`>NduCD9KzORJZxQW=
z5B*c$Kmufb0lzfh*82MW>Shu(7kQZpwPRy!@kiB!%qHKWwKXEEw~`VHXaAwfUsH^6
zTIoztF=V+Uk&lZ#pG@e))YMjGef@M7bS^ma^76vke>%N$PrUj*JwyM872A|a0rA)^
zr$al^?ykBiVAqN{UA%h#zRd9^v44_6-PaHnQ1z4KuCEJMtN?~PHZkb|w32P^u)xdQ
zL){mSjJ1f)xx%6D1QPE|1lQWyo+Vu09vXCfhnpK8a&yt^Y#fJUV(g87>Pw}AELivf
zY?G3}@oJ7Rc(s&UR-c;6DPCP(zGnNH<AAdp$Xby8^6g{UpQ;`f=H|l59WL5RO5As^
zT)AQ~`!|l$a{rnH`H2LKbg_&V#Fro!<1-%?E^lmX9D!8)4AR-zh3(kb_&;$&u;AGj
zRKNmJ1DjgwC08-vS+eE5(DzJWnce)JRp`9E%Cw!Xr<a8nkzXbZ76mnb*;MS_22Edq
zo_iU(j_<y?g%(#N{wU1roPH4cNK>7N)*UCJQAVce*YT=D>CEpMMm)TW>YB$hvGzB0
z-?wt<;U*g?+-m<z4uq|vxq@OSLeSe#jP#*g*Vw=W<$^x84~Ht~4V8MU{P}Y|lT#Oj
zHqE`gyW76!Sk2ZqrSK()L?G691eaPbgy(vC)|I)r;c9$+ky6_N1JsJ2N~9gMOCM_f
zY6v1)U9AiqD8dRTzGc5Ua=7>>dLY^4n)5CKYB><x88Vy;4X*S+Pm$cJZ+SlyoyObr
zK+(IjfY)zh{coWh^=l%c-MP<A0TT@g02Loe2YLO@)DbJ6j<uY523N+#9rsvPRuvV)
zr0?;dCT&?<itA2N3`I$yzrw$;90=fTc90Q_kk(k}IkAXTSNTYFfw`pyk2vSVY~hiT
zQj@6dvi8^TaI`x}3#Gtsiw`m9!e^S43ZjpW{`fIpQB7^f9Qh~H9IjvpeDXv_5u0f;
zVO;ndv%ldF1M_D)S;_7KL+e@r3{KA(Zl@$+m48OfFmhLDg^0}ixXeBycQ^Sudkt{%
zl)k9tX<mo=9&I>ws@UAQt9<X8!r_#4h53^cl;-lebLrsw*i=X8-&DI~Ig@Sq=MogG
z8D9|+LPE$>ChgbO#=ANBKSx0!1(eJ?ckfngA0Hi5$gD|_XHY{jA0J6XMivDA|3cTU
zUVVHTS&0#?b5K#K_43H>F+GR>h^NtFr!Nm^zpE>ZHJeuHz}{e|y=bTo^>Z|urdH!L
zDI;8hG9(-M`!P*47!35~-O??ggo58~KaMC`<>pNp`;(u;IiR*a+T3VKy#ZqLuh2U`
zS^v@X`0-Z%V)s?3t_9AY|66P~q47k>{-<vEyzwDW)c_lcFZ+g%d==5hEyO>?tIqf)
zjh~B*wa~1tEr71iQA-u(e^m^DXF)|)){0Kd@Ows|7v2B{w!OdjPj>qK2N}Ka?o|Xv
z(vN*gW4F1fQ60lCPmYKub;Ow)`yGXZ+{)x>Ts2){ych8}?HGRfHx{jyks|>~W7VN(
zr&%L8(Bj?ewwE3m_b7~toz-7IUNaCbw>bk{ApfDEoN2U?0#edkp$A7Y*4DfPvva(?
z!tp<T&~C<-;b3bPmlxL>1S-m00y>0jk7st%!0Z8fQUB04v02NsfS{zN#JdR-%kieJ
zGz-8{6tlYS<i~f+wScOz0aQ-iSUlG7*9{5sZzLBa?ntX;>58D^wZ5!$cg^mwbD><+
zsLP4yqWr^bAjQ0o5)7NS^B@oT7+(KcOY36G7vHZS)a4SS1)kO2gm??Cn`fux!o{EH
z(l>|*gT(EZXx6>fm=lwgVd#&Xh`EZj&VBStza4SQG+&>Owqh@ehG#^dk7vl^MS7Fh
zV)(*h^JIVBbIfv)HcJVW@0CeqRGI35TJ+loRu#6Q6=JCyQ>7LPf-_e3qQ_CK0y9T0
zzxjk(byr9@T#jkXcNSBs=6R*b@vrDq1O|#YG{!!*79{BFi_;qUiMWo1vZ@W3Cez*v
zZd&~V?j~|Gp<!VncU@=sOuRU*;`*%2cXh=)4GRmw2~mH4{N%|lc7*sWI>#pbo%t<;
zSiLAUH87t-#DJD#4?yNjSB^o0n`ZQTpLt#a@^}a1Y7gS31nD4~gUt>_>AL#*sHvIh
zXTQG)6jM@p_@c+Y(^67VH$&!wd*mP9GVQxfnwM8&qo!7SUn)L7p9&iCF4N9l8Jc5s
z($b&M?LPL)E1I#1wYBKz=&vwx|GM4hM-IsOqK_j$zJkPjEz#Zmusk-9c5CpBVc3Bf
zm4IMrS=nKUT=wP}QpR#;t+;-3kUDYSIGyma^|--AMD&R2vg4+>5D$-My|NVO8@5Y|
zzka)2Yiwi`HZU+iSX^AJow3#AlRRvIFr_wFSzAAkxT(`Wflg0%KL?`d$j7iSBR%k)
zEn;CFh52E}icMM}DPug2C(ispuky#i=`DYImHvAoPI9r;@<LPST3e5v*p9!&y@=3A
zUlx-d=CWM5&bgH3273mEM#J0cim}Io3UwzRM69o@%Z(hwpOxwOZs&9&>hbG{pDSvm
zvA^I|TOp??dN}TnmJOHPC%Ka~curL-mqDa@xX%C0Mv6Z*FpXpB$;q?Rbbts^AV@>O
zdvOp?vJ>GK5U8uKt1BtroBo`F1Rw2kYoo_BCNqET>(fVQcZfOPF(i6nZ`X(()scyP
zjrF{raE77o)G2k5=clU!86p_w8B<BI9PnbhNg`BmYxZ4Xv>@z)+c@72PbEF20i)Mj
zTx4rKndKJmNq+vcv)j4p_3+cza5OOD=rH?lzb3tCet!P1B!y^)JA#4^JT-(A<wSTy
zN_hIOUu$2Wp(!z)?@W;{fWLw>x){P@k(-a%oNA7`88jcC<Pvq$>|1k2>J@3}3H_;@
zZe}!uNPcs3a%T~PPrxiDL>H^Bd4u;w7eyJDpl*?0dOGR&jE7g|$v(BKpB!E+E2k*E
z3)mn|(V43b93{(ZkkMDxv{95&b4osV!;MsScHZF?6zn&JJTBx$^cNpmeAv1KFR;Ib
z?nX1H8R(J91jn81zg0L|5jVq74U{qdWf;}t!^-2|W<#q3-{tK#j&`PSuD}?--&*<N
zJBnhDjUOh4KP~@?*A9Asiv?x@jXW<WtwonylqtJG$^c1(lfHRYE{W_ZiON%Ydi+7O
zp2cbBwS=xvK8Oqr4K-JVeg=?6K17fLq~(g^kt}hWmzVR0^+Gp+kWeWq4u%!y@Nrme
zR_ejTp?0J=Zf@OY{!(6y2)Ffb+QVFZJVC3a(-PO*WjLh9w-$oy>$+Z<zmLbkkmENR
z=FZrFhqmL%F?RCFaH5>jc4tlnO-jn@C%!ZG8X9&BM>}mBBPUN%rS3ofo@DTQvZ)u`
zymNm|d=|2v|42zqJ%b9uJ$xJ|iILSun2amC(={yFK!{~-U@*~uSa4lEg}NMYZfEEQ
z0E{jlA-zck#PNy#xenu4wJZ&uvZ1^rr_iE@*WA@Pq<o6*);{Cj54;$+`RVaVKskqN
zBb9n;7bL1kB_Pc?4(o<rK=`0F-SV!qT;%O-9{s0=9w;#h^$lx{IA(l_$`U-n>{pww
zYNhYvAo&FaawpJ?!h?7{1RJYGOvXpXD8RCaNr|Ps+;L~HwiZJM>(_dCc)0(|@ODTm
zkhb`3&#GMDl=Lnd>9+F46w}cG8h9clX?W%RKz<dWJAqL?eO%ck0bpJ%{kdE=QXxjF
zg%&6~kluGYwW|8aUV`vjLWzK``3QZ`H{~l0wTuGSq>iHs1JC}nw5d1Y)ViTF;V=9_
zHfJKMB6z)18wgJd(2pAIDYLgEAY)GDwh{NCCFbJFVg$j4H30!Z2@-sX&cCm)kROIX
zdHmAK^6gw&J38p)Mn%I123VMKpPl5Q$0k`u#i@R0WsF~Q7*0*izSLJr;5N>~W4_?e
zZ8ltnzJCs@ltNEm;GqAFF?6gYMnqls#d~2VXg_`AP|tokGSwVm%k4zomiCO$BbkDR
z-{R>DW8?W>6f9DtU{UtE6}<V{mc!U7=r6rzBcYC$_dW|@nl>bP^y%WKyDMm<$Qk6X
z`D7z)K*Yf=ceTP7aR*6U()aIgRn~u(iYEEW?23q+sHk|F-OjRkpDM!0)h84$Lx_(&
zEVXt|@FqN)rQz=O<&xD>2Vragjmktt!@RJ}gQ~#2jo6aiY^@?QTU<Q69boltu%5@L
zvR{NHimUM^J2=?g#VADHevUrW*N@ZHHU#CoR?YIx2zPJ2RL7JO3sycJy)kpb;`C5G
zpJ<x5SbU=_h|K9phUA{ggbu$I(Fm7@+s$%Ec9EDzH1wjG`a5`bH(bjM^}KE;J-1#Q
zzFc9}`)DF6M$7%7*Vm!au_Bl9vKZ(fPzebMF<4nx$RuwO`z9+*pp+c(QopLJnMHVc
zyE0z3#&9Fpq1nH|6tpc!Y<#W88v++?v9vOqEW4sg>i)PX4AbB}&EObu)3fOF0M8g+
z@~*8z!{J_IYE?z+?MPBV2Z!0C)3(OfX*p5_8KZvSuj@Wz)~+}>E8UYB)-wn<XfM!2
z?|P9jE1!bkgi1YR4q?20y|H0vXh=?4Itd@i^!BPYnv?-E@`tbzcuZ+8f<pAuo?x#F
z0^r*Ru}5fcfwgC1gXmAAb2sS))(3kw@^USp)tlIG-te~7!T`0y?<lsTz8ikJ81=2h
ziu~e>YIt}i!m+vF(?OnX%^n^==e_CS_a!bZ4b{pA62)cs!MD1>U+)7uvobLOIkQ`N
zxici7xh8N)QX-6Ecd1Q)GPgeBa?k8Z`1j@nhxrgyzYG8?^$xabj=p_+soP=NPjv#t
zl-|)UOZ=ZN5-RuZZ9ZC$ubADKdGoCK0^*9%qH_mHYFphY6v&>(-QDXf)>*NrNZO_Z
z39Os^=2qB#i&*`mT)gqUg{)oy^jJ(#AT`)#=4`n00q5aevyUgkoAX`lnm59Jxa<ts
zvfbcv^`V8_gc%o^U07(osq-V>ae1(0n9}zfDRMJb&~rpO5MyVN?Uk0We+5c>LbdeD
zac%>0`{{>ud5eq2BaRb;0w`8+pjYE15ucH<ddZEkGV3iD=A4MgL(QL;^b}*>?*Ou`
zztEix9-t53+Im9}UY=-JKUYZg*qW>{?a?Gv`e8c9rHxH|glc*!E;5cO|KqOnqaWYf
zm3Pg1k)E}QHO55dm$P$o=YfK4CgQxm$>i%5{*FRvq8gFJv|6BV-};q9EmxY7VsryB
zeEFi<y8ll4!G<C{&gh45YK^SFKSi+t;RSUqmf8WW<5Swwie#q0TT+i6CTDSBm_ypB
zk95QwFU+m2z1r_L`Sjz(nc=yv1%{Qm{-mI?H0ARiR971fPn(`bDeen0f|*Eo&oxT_
zwJt@m^7b!WZ+FmcP7WHO3pfLX66E-Zc&w;%=18e+>+kOFC#ku<zCOo<ctjLO_nN~w
z<$w)eC?6xd_bEL5i2#DnAWF(ACx_81iJx0f4x})=t-ZZbQ>~O>(b91aSn%sTkg2U6
z#ozB*PHcRr*szp+3vLTm&7W&t;~T`dxHlqn`(Q9G3L0+Fo$`D2LEbV~Bvmc4m7B96
z3}!i{?KUs(G&Z$hB&U|fO@|#wD!_85RZS0GyNivJt*WiSB<IkZA($znkp}b*zega~
z{|=nFOPO%6eRSP$JbYqI*2e34s;jG?6dH9*Ga<r1Y{^Ji6>1A%V2rYMI`*}DQ7{m;
z;nLh}F;dZ_Bqr$X9aS_phiI16-|D%)FG-G{csCZClWIB%V>6{?Jc6>-a#;UWvyq?h
zcD3cT7|)sHu&e4^C4`tOl(3Bg^v|CC1ns?Hr<HQGs4T&zwl;MTC@a|8!wUOgnB#y$
zP60%bX6g4A-(;cPtXG(o5m@B%N6@J!0c}Z7&}E_Rk1(&3*v)mK)JFe%0q=N10<R9e
z(WlLAQ|+}KbUM-|^xCI#6KW2Zy;J+YKdT*-thXz}`n$giq4=@0lC|pO#yDCV&Pncz
zxi~hP{P(3`<Yzo&{UiUQxWb61A~Fy58Yrc}hPD{apFh-`J^K`8V35kcxig|JU_^O)
z<?$pb9-ey{I1RiOemm)-m!Tkq`E~`)nzE0#cS9Y3WnEyVqlhqqXbA1^(;tcAT`xH9
z+!dBpj5x6_EgF&9xWLKS*6lL)A$8$pEAvj%xx<BKuCRWqXmT3gd>Hv%^;P1Q^NtSc
zDcUieQG_7i@_4#ch3;~2D)RPK*A48ZEV`-Vkhn$_2LHk{L5j(4Mc2M(BCl1n^g~qC
zk7t1Pkaa5KQ?!xXawQL`Zu$M&5;S@}PJ2@k)Nn2sLz_nP^zo+O)3|r;+Cl0<`?NiW
zrA2fXv4LV`POGT8vQZ|k71c=|bUF_C@VPbZXDupd{BfN32|=(V)Ju$^<?HmpsR`a(
z^a8jN*Bldt?o%nj)quCW44Jf_lfa-!R(bfu#6;eoh6Yyg#L#mTZ0}&#eJq5=@c&K$
za;?+acQ_v%b@z8t1=7>+uKIIL>h-3f%OiF%AoazL@EG1(y;nAz8Lhlgr(5FIqgjX{
zJXOkoJO#3;)#m2M1=o)eJ$A%TjNWkbJ&Zkj5<oZA+8-5JwdhV}d?$u^yt*dmZ#}`x
zS^AH*B3@@N(?)&xkZU|z`7ZLtXYey6fU7rIis0;}Pm!>Cx!6r8UiUx<Ed^d!8S%MQ
zM&8FAQz2eNr^{G3E$XV|7}!hpgdu7gy?HY$`m|E+-k*;4<-vCtEv=NZjcFWJf;sj)
z&u(f5pZsXW!t6Gj`JeBkwApbfe~b-sZVs<9=)W^*_+*llg(ZOlMbRM0*<$`Vn#MTT
z&HjN!I&jytFBg5D7ZalkDxRM<XF4*{$&1m7?{W!($zc5qCN*tP7nSv7#VW^^U#34R
zK~D9PyBum0!f-C{gPoBCMpo&6y^QRSH!#54;b0pZ|D;-DGCoYH!R~R(3kVSY>x*I5
zul1o|dhp;un%Mqq0&9UN6NM7zSXdHf^B2m&!O>oEyl+y}Dt0os-d|v{a)J87vyN&{
zB9hb9K_nL{iyyPgN65@?x-DZ2ACa%;<*n`6j<7ket1M16V?*w`N=6LS<Q_0OkcFPU
z(RqDjWo&-l)yi&1r>v`7$g6+go|bfyltGz{zApV)&_p#i1U1J(^*6o-C=v=hocYH`
zVH+5XH55@4U8j99ZXo)-G+6v*qCo6;x8?_Q<XOQnUE#uoU6<|Gn+NN1*!N*9v!m#S
zdc&vo+2+x{Nuu}9%NGdp$VBb*Z^;A&c^7@Aqs-Dnr}qwGo!kH#U>EL5yHs-!;MRcG
zgW25M=q<NkTDN?Qpa=*cUp#+qZ3Ct_GmrV$U}c~}j@RUUGhSN@5WtVKm-zo~gP(mg
z{Pk>y?bjZsPK|ksop`*9i~BBj<xENJM~~X%>(~Ua{@OKJ=WQiT+FW{3%!+<Zs&hFo
z36AObMhC0hgGH>#CH)Ic_2F`#-Ck>u{k;?a`L92^zQIJ~_DiwALDR*CuWV@O%~B`Z
zULJ5#M1ZLF_mA1okE!y}1X!K3JFetP867=65jsDe>~|Q@!#Cp0As=xn6TuNw^zD_*
z7?HHOb(y-DA_-xzKyh9F+=|1vAW^q<K0_W_2AY5gT<Gf`PcJGGc6w!GV$is|1|bxU
zXdlC~JElxubwxO`3+pM!$PydUQy@F$*V1aP@rE$m*VlIn%Iyq;UB>u*pUV&fBj-Aj
zMrg%coT@8Mj#hF&k-Y>S6Jz7EK8h841QRb?9xW&aKM?Vl;i$R+qcy@N8rJ$3vU;wQ
z8>+>ucBbAV+{<$WryU#1dy=T(B+tsyVCmg-mxHCqof`{i#8Ygk2Hx|}vVa$mcvCSw
zWsp@dd!*}pkGuO+>qDqvFNrvGHn+5-i%*>*r%1tWn-tam+|Ylbc++Npd*mG+5n*!b
zV4r#V*ZITzr#Qgf$e5#iaE4hSS`s$mzLr+cEA#uys0z-v;;+c@XFeuKFI)!rk+SaG
zt5Q(dk`bJ7NYp$f;mSw^_)Kt<A<=Ltb;Dg#$p^p_6_;bKIypnLE^ArV(p4$GX!%Cs
zjf+d&7fsD6=nRor+1iq+%++Er#+8ue80T2cwG$B%diUzrcsWD0dh~>5Zq6cxpF;0F
zO5@&Eafo~Q{9uUqJS&l8LDEytCuX82$pqMs4;t2Y%-e9e<KkA24$SwWsS(ER_G*NV
z4odEzYy11WndP!w&!cuI&y5`)?LckZq{qVtl!$Z<yF9HTwU{J9fyl_-QmZ+h9iM!Y
zp5>T|ii!xxv_fRBU1e70S;k>PnG5E6a||SaA+-;Z_1Fu(nA;NMqcH6Lg{BsZsGueU
zMZa%#4J-oJ2v)Y|@DjQ+Ozuc2ytoGSYmUKi*~@C_26~ZO&I5c-6SL~<V|d6f_R<^F
zPR>(f_pV%+P|?zA0RxX2GO_e9`(w4<wF!&D!f<aOK4+{qg|agEqrSd<wW|`CGsHrS
zm~S?~eIkjzW2C&<7{byZV!vK{{a+XC*k=Y8*RCM38_r_*U8avew;psq-LMZ!x<`oI
z;ki@Wqw@XhPPV@6kl*obqqVi(BKV21cZ2@sV&ClF0+Wp28~N$pWH~R}m}|X`Y^@)A
zpS}DII?tsK(T5LZRd2IVgb=KqtYf}WOixb>K%g|Ke^0|RySp~Q(1fk6z0UX$5m$BA
z`LB6JMt+z3M(ZGW77OSLGa`_;ui3Q5@Y3fQllee;JOXSmcu~ob%F*-eM_DkZ=}T`J
zjfCTN<4%}NegU^(H9l!>o{GlxpMXA{%|zATwU3Yc30(bfTUxroU}O4sY1{`$;N}rX
zHrkViN^Kz}-G}cn(J(MIJ<TT<7*GeuZ12Npzp;sWk)4|asSKF}1o6plS+;Q5*`4@o
zIG{*M+vJCm0sx#!40QypHGm6tW=YToA!lcmm(+ABJJetW5Bon+Te2vtQF-IU!A_3J
zm}IRqrZE;M=G<2q8K0WNf$H00j3)><dCAHgKzHZWBPpn>{S-y_uHYgtLND87?`=!$
zEgZ6M%8*^iI_&!&d;XeILxLm1JmDhX&vq(lH{j#B?S|1Rt#AJN2ZUIo&IhT^OXF<`
z>#K1+=`^ojw78-P-rlm+-i$>2D--Vb6Qp3OL1CfI++trInG^=I_!MFe7&3eK%)f`q
zaUYuNM*jcYm$ka3UUT8${8LLAbL}z`iX(U*XzBbrdwbEcnZb8>z$O2xJVASrZUP>7
zom1)fz#dd~*dmH+VqZ^#i~$!JUKwG?vqe|x8%CT|(hg)(g=OVxe#N@D!PW6gRt^U-
zuQ;+%mXvfGXo=)8@80)-7)*t|q1c{0d1923l41sX<u1-w@FJy)j?S4(ie0_Jau1FR
zW$F*GV-J#IwcL2AOVXQr3dB&Sg8;_Bm$+7wKx<VS=->c!8?vQg`=oxf$MFpP`v)*K
zP=8LjY<qt}Ht6KG+e5EB@bp}pZIk)wa#{R-kHPWb-a$=uby?J1bKNHkp_CL|`lO5)
z)ft&9l=y^%3|4R6^kpO@sNf<Y)Hg?WLRdiUqSrCi*6f49dMHAKx>#uJnFWq>`2{B2
zFI(v^e*T0c7f&77qjK@72JmVKz?_-Ni8AIR^@#=zPY1uB`9XH^(UN0-#m3p;qgj^3
z`p2C$rM5Xv<CxuaZQu1=zb{aM^z1?{AED>6H&uv@D5(?JB<s&xfEQ%uh4+BocYgB$
zMnY9V!DeZ&#F81AoSA&Om9C+_cCZ3g3GG()s%Z4DtLkGoIM4>g#Af|;D_&=O*Zuu_
zwqDuAenBuelame<&NE!N52GV+5J2{1!z^LyBGGM{pI`0}Q<|D4iXPlByiKD3Vr_Wu
z@#PFH1i5@U`omSZ@Wr2YYvc6J&d!njeoV}%2H1B~_|N^>gWX}WS3aP(kz%TgM64tv
zm@nA-b5<bLOmv0EX_u#Uz;>B*VXgy5^$UKO)xDgK7iqXMA1JAxcoE_=&efmEcRVoN
zq!m^lYb{Sbc<{jD^DP`{Vd2RLTAP*OBd{~E)j{{?lJE=8OJY=|x#8|EzXdG)&mf?G
zyYe^AoeIeX`QB|*TH5Z<XYcA?2D%S6@Fm2DLs@0~gQR=VqqP3dttVSk5m?*<8J%wm
zJsqIMtI*;}V)rq8yM0GYMxj3LaT<c?DMrSBke@n{d!idyxipZoIA9(EpaCMTrdIT-
z&hNa?JxNI{buD)R@K*>bsnVK-uQlEt?QdlO=@DJ;Xm7tk=*r`LR{uxhRWng*|2sxc
zx^h#ghn$Y9UdG}e@ow(tY4b87Bb`|Go3{f8<sR0~v#DTD`5y)sA1nm*WS1RMu7=z<
z6Be(J92yPJ3qVsMhFdwM(;C|}!QvFj^Z>8MJG|`6eNLgTug?y^*bzB$yS)R=8TDq!
z9;!QaHSDfz=!<eV0khpjE0%h9vq%|Bf*9DXa>Jl7ju3T55P;tw1&69E9kfqO<T%W$
zPKw&&a+;dH|0GyI(8Zn!^Q#-~ntL_xt`*0A#7F*ibg*lKUB>p;uZ#@7erAtYnNwS_
zdq8&{F1#w><n(~UFG>LEaU>(r>dtyK2OZs&>p6<9stHhMOQa`m4fc%8w%`9rD%a-B
z_*f_OL$#!xfKc;Fd-8|38`rw|1(_?>U2*AHSz#+IMSaW)?(9|P0O5o$n1-s_h&b#l
zJ5LOkJDM5PzgJo=zR4Uf<$;Z4yo!pgB+xz31nure^b}(B;KA<3fO*bH%{`YzwiGpM
zsKpFKEf|ryyWtfBMOng+YPE~8P|BNM%_J|k7puJHI&z+kV<um|#6uvDVOPB;|1m6l
z{8JL^;L_4m1MXc2lTRUhe+H81+`)&Sa}>M|*l4i=bBWl6*w~D={>I(Acb_@rk*+Qp
z2rkeQK{*CY@}qJ0=3hKDyi&0;aX&R&pRFH<0?KE;H}Qu(JE0#etd=x)K}q=uW{W#2
zIzZ40>G<CDbv;7P*S88nIu@kCmvDuEw7<1r%gM?4dk9cPovRS5cyGaX?|iyARJybI
z4v(<=u1Pls8S(+_$kLV21PiMHzCB7BWzPF6TZrpjL0d1gj_<`0pM1d8&Qo*)*u=X|
zgT=;r=X^2Pmfic$Vke%>6~^&^>UjhE`ZOq{zpG8YfAKqN3Z#oB6Ogk9cFh}NFlR17
zwC24I)98N%%O<jmg0{m1fl0ZzSyRp2CkHEQ;_rU{LBEMI=Ulw}!|EMlC==k_W3A3x
z6G6M}RX9K7KmUrgzJ0f0@^RWKlssJy(Y{Jb>cS3p+-z3DZAC;67V~bUsQ!4?o2^e~
z>@3L~PY~E(Nv`BRIWuGX8j?I%A9*?*Rn>2FbQJGspyAlvM0`@1i;a3s`C4~tb;|v|
z(V=($?$wZ;KOO{a(wcAB`50hv={P%khC8vP!F}BzEJE>i)U_<Hqs)HeONLg_GClSp
z&QO%WbjoDoNn*}~2LuGD0wfsq`SS>_YrGroYwc`A&Sjri@%HYK()k-g_@^sIHiv9+
zuKy&PGy-5W&NNBk1~G#zGjlc!kwL#~ZNm>kKt}I0w>(suc2U&FNB0bN;a*Yt;#XBw
z5o&8|+bjUsj)+fslI%K9%4qYuXm?EUI(#4cfs@=jn9*`f@t6(zFD`0oc5o&Ru<hx%
zIQ?!&CwrEm$?&LVih_cd2)hTa^Yimxxx&g?`g7xtkS`J(8;ZJDy!=ypnw53($uONn
zfjBvGRge)97gqosueUVUxKA2RzI;CRH}!F`^OWCd|8(8OFm}ix>pkyzPwE7X)p*A$
zDk$g<0Vle_n9Ii}`Q11@IkWMd&8@BHYMI)71%^!@%$Apz^&-N;9^8xuF}e@Y!>GGt
zB7~%Wt$YJMphi8JjSi~_YvF5&!LBs0Uvvw{xcw=2OnZI|t*zZmO;0%&m-Ux`_5_u~
z7gVcZ8R5)6KC~3j?nrKn6mhg^fzM@72xLVBhz5*Hh)iJVZjB8B8jyU1+6r49A^z^l
z?R1kQ#b$GE^XJBz3)YWWuic^g0|@Xc6H4i87#<#8<?HK9Ps)J7q*g(}5TJ~$W-|3E
ze%8S!pvQ5c8DVT}Anf4ee8VFQYu}~C+t;x6;yIG?Y=60Qw}R=OaoRWI^OMuh0Eq7$
zoxD;ZQvSR-Jm^o1$iWUsGg?!u-a_;Vgy=)dOHCb-1}me{1}!*J1Z|X2Y`}GNT(q#h
zZ}cYTdvjXs$3@q&wh|ubWx;=<1qF4TV5!m8{Y2?aWk4`Fzm~=rTt)~2eLFgEsz?#C
zT~1$sFqir3+BIfo1Uj@Bd>)=WH|X9vDn#9xn>aeyA)~^Vm@KknWrk60o%j9!uAwfH
ziUo22<)Y<Yq!Or!38?n&Ki`0lS|2pV%<gWJtyq`Vzdb#+Y5>8ntMYMEP>8rg@fk0>
z(34eR0WH=pDJdxpBslz&Pl=7qs&458P#s0x%o=`_d7@Oc+$#2%RumqTUHPAeEi0HT
zGV}4-h(N<O!~t$(3Xw!LG)uP+3yeTP;GlGck{F)BKRV|tR{#Fp9VQ9L=00G#0pBBe
za;%rNsUFkcf*Gr&2iPl2EnS`B``9|{gsX6?#v5b9TPK!q@n6GRg2n3t8=~8hu&y03
zqNmswYl-2E7#oVoW6N=MtqHWg#7|^O6Y55|jMx348iLEI0k?n}gTWxhgdRS#C2%&s
zFonsgk%C>f-K$s0_Am$9=0_<D%yWOJkx!J-U(jLYYpu}5rVed8Y$d8a<@+pXW$50*
z-4Ru}GkvfnSH|m#?dLum_R*P_h1dZ5V+cYeyRsYw2E}Y@FTzrkdsI}Mw4H%((bd((
ziR+3zCLqg5!6Uq*qZ$1Xdi;qtHjuUteItejp)RMT9-ysx1qE0v!6@wLaHCb)Y_K@T
zbIjc*+3YF8#H{T4@4&P@+s1MMfq5y}Z>n%Pz`t1W_U$`5y3xUQM}q5lXr2;ux?t)Z
z;wr;YKiiiVcU8%>Mr5H157z0~PW=7#DP8mOt?r@TUiBTosn}()Kx2q9T;x7fS3+bg
zwih*4u*qI`TN@jWYvabun4$i=zvo!*=)}~+bcE`G-)GR1&2xSv$E5}FzqQQAs1+5l
zY1?y45;xbsHK_NPurbwmrtT?3=E{e5FrC_kq`}k?djM7W1SlxFfS1Z{^6tAoBXg?x
z>C>lc@d!vSS^`P3C^ZI4G*~>@#Ut?YisF#h$6n;7wM2+(U8|TuWwMfN5L0MV_Hoe&
zx#N`IVPtqApD2h#+#3Si!%uTjwLDbxj>toKC=-qcMsM-($O!^#Ul;n$x5MNgVlY`A
z*v(E0Cm_Pp)6@R<C+-^Qf8d@vSA<_fosszprei8a-uU$*&)CH8o#C4IrUR><<>kNr
zDW+^kkqZIzoMa6B{r!n2d#z|$O-)TXHn`98#kk$aY@P<e=s6z!YScr>osjI94|GMQ
z-3ij_eAYKa^Rg?8=Q`qg@>9Ocsir{Pj008fCbp^_hY5H-wW$Yv-7G0oLdW|gY~0-I
zFLi!cJs>)Lx<4%|t92s;YF8WxjXt^|zP=BdKm^7o1Pyinx@R;9{@(6WY?ApT2EXf3
z<j;ef1bt|q{`T_Fths4M?kZEGA%EUWvI{{pEMyFVf`V7UxPRCZ$SFhE$hbua02oDA
z{O+#Z5#T5Rj$jBQ_jO$Pr@oENMG;e4z+c;}>|2uqL>T8+8Lyran*Qy6=cdB(V)@Rn
zKepXpl$m+cosdFFq~<IUpnSJ^c-VdXQU8tnoE!lbxa<J-fDrW}kk+#{Df~=ZGgSUx
z*4L|*g@o*PUx7v_r?j-R2Ut}*&~2vZQiS^qb0ZtxWCMT%6Vfwh@(@N&ZVJn##nE!J
z%fFhNd0~^=a&c2+g6LzmzaaSWu}dUe(hue2EOUyA6x%KAF_=yCG<GMeezRQ})@W*K
zN&|(G(}RD<AsF*L4J{EPNjC@|q5rjaS&KnjGc(QFqIgXT38DV`n7k`_58SUrAQCa3
z9{>r^=zk&+143y&T+5-QbqR*+xxG*GN&N;Bfu4`JkYEAy3Y3e%Wq0gMit0Q}7_(Kw
zUe!vRkgGE*yH~jrzLZI9pJH&{RH8z_BGe%1Gu?4+QA17s9r=hPrK!Zk)sbwR%!!5x
z3E9(#xSn3cQ%HHVpyBNd$N{slI`&8F#G)wD!XhF?^Yil;a4Iv>)VPP*DU-<PJFSdp
z-=I7HtpP{Azr92k856T?_WXHQaVQOi5?&o#h~Him78WYQOZEedu8v#>YdNoq<LY)c
zm4DUTDfb~J27-~pl-QvwX$lqc7kKxFKu|DS-`NpM#YSlvPwd;=0mzi`%9UD2=!`jH
zITk3+Xn%>N1*lcPj6Uk7V&aE{gdD@oSMbTZ0r2OGsZNS@ad><q>?Q;FM>)&)NW&fd
z&nsa)JpvVFWGr~#?BcqXExt~V;>JsR(IT#EQwSf}W1tED|Ax{K9&+*G#mQy370a`-
zvMRiqS(ur5^%0bbxjh@M=m^m5IR10U<>b;x5lO`_uA!c%GNXl(=GKkx1BC;yTjqat
zfHqpiD!xDu<1P5C1{e&{P*C7t18yo0_DG+*e0gaYK6@*~?nB7CM3wJPYxK~#<gen8
zHOPP=?%Co}gRPHjjSjoy$kSJ^KB3OLt7F!~!^5n++Vm6@M%YfA(&cB*o+(pazFfZN
z&EUd+^Me0##A1I`0(&9A$H%J^qx|2REk6&}n@M2vqTtRgrqZ!RK@su-dQuc!5@u#*
zV{vhDX_^JbTSN%3$HurI)v&U>_fM+f7#DwtIxWJGLi&#HOssj#FE7&3i4hYKspnx^
zNM|Bot!eAw<5!ioo@>9#b@QfKbXZsyO^D1D0007)df#aj7Rr>_t8`2~Ug%Dgvnb4w
zm~Hb5wSv;-slNUjK5p(e@+-sTd3UfsS{DxX#99x6iRB+ceEf9oJ9k<L5Y$K#7Y>;}
z-a>a=SsCP3I0#q^j7}|*wnDQXs&T}%M-LU*01OB<@5{Z4`R9aO#x}22$u^gVgxCcH
z_Ew;Ga+nLH51jfjIQ-N7eN3F(N(lw`V}-m=g@+Rfxm-dRVHsf;OMqs}1O^UR-qE}S
zFNF$V-)hUJsA#7N+iiReX^$v!rM~v*bh6UwK*>2b#^i$V!^PLH4_eXeH`5P6y@QKr
z7MVp;(9-_+)zPuxrs>bb9Pi)`$z5^`4Kxkhft@x5m|@9T1UvL`Y~JtG_BNz>YI0|k
zs;VpsbE^wfk`PrZk)H?4rD!PdL$?>(6Xjww{TSgnzW+Q&5V{{@fbW>~{F4oQ9vg$H
z6u!{a3;P{;FiFhU8tKkyIsNsP7z6UR&~)GcJZ9OkI$DkA=gv_mxnq-9)t~?xp6N{0
z8`ew1<p-w7^_JF#{k@Hx*Ym1|A`Yr)mO5uhJ@U{3-b_M5JOs<AyL{==q4{uG3ATdU
z+W3xvfF^`ZtsE5oIkbi+<8}T!pcae3701XBec|A+;AR{RYiNZwwATpQ5NN;gNZX#}
z0Gs202z?9eyl!qS*uZ1j`LT~7c(y*-v<50fvllO3G$Fy@p&HhKCK+_Sr)g~dliBu3
zzaglmub-BinhQ61)`4G8kiG=Ob<^M|c)m+>4TI@?h27P>j39>KA|WFinVX!POiN6B
zd=`mgRj6#L#toTiWfxZHhOWuZM(gTZ8>t6M_y64D<&_Tz479Pdu?bX`--5?n{O2*^
zkVKSIpm1Kh;k-H`5Xtc5t|`{npCWmrx;nl@OC5BnN|KJQ*2@#*k^h}cN7<#O2n8+;
z_ORkT|My{S8Xi9OfPM{5C1h>4AjalUP@LGEV8LAgOBTT;De)>mGb%|6O&}=G#D4p@
zVRYWtCpnH1RPmgDtten}nPyH-&TlU=hGSDHsrm(kk<!0yW}|iLb7$%HoIB81<DoN&
ze9g$v5d>HRJcSf15=&Cy8BEV01{q@(mzKm}htn_;xy{<I%mL~r`Sj`NF*d@b<nb{x
z8(%8M_xDMr=!1Gz0Q#aR*}Z!;=q3L|KrhD^7t40mr<zM?AWxBb+=~Mb{Kmn_>HS62
z`Nv(P3|liYF)=w}$*WPBpgpJM!+x$(;C?a&wX1{q&%GCM-%a2&)W4I<hX2i-qfQD$
zBW7h*?7awI%5?wp7wG@~qyN)CLI2kq{hxk&I`n@o$p7iL|9o<uaM^)fCjhfdg22~<
M`wEy$$)|4r585i~`~Uy|

delta 111057
zcmXt91yqz<v>sYIq?8otMk#3lK~TCIMMSzgenLPR1O(}p?#@A_rMtVk8{Xl*_grh1
z>k4=H=bXL2{lzA*7}a|Xtu#pza#1n9?r32scy3wGH=FHWt}&@oh7rTYsPg)CjyIfz
z`6$2hI)m{M4qgnMgfR(5NoN3}ag35IiQeYi%ig=&!;>tT1p0I~#T((&?Iqd1F8dUr
zSJ=CkDc5&%&Z6Hb5yfH;AMs$K`JQj-D4NiV*)A$J^>=Nk5%{YAMWiOVgz~>mFH~;o
z-;=LqOT@Y~Sh2gC%#O1-?gwv6i;=p|elHG9ei;<cD0glTgE>0hz9{P_YagTtt;(I7
ziW!#|cf7~or?}#Evr^OL{xtuOZq=#c`!mr}O5e-*jnKt23iQh}wbP+*58qn-S>WQh
zx!8G*$EcXx&*Bf_5yhAvbia0VwOk@4ez-0by{&FSFRrJBk#lyPAKdcch*Un2GujBI
z{CVQ2;W*Oz60bWE8g)+|&JnEjGeD~``1{z^hBQ6*?mmq8Yxtlbi+`33(YJJV7Gzqr
z6;xCO7)~4#rn;e~cI(hI3GtXXr}m&WPavAVqACMt<qe5lx^T=0v>=zR$SCKFfftNZ
zcZou5=FKGk&Pn_=LS|v!TJ9&FP+9FixyC%+g#j+)ghvAQ%;sZjBkI0Ohpme`kzR=E
zybBW(K4p$DBU8&-K9oR{k<Omfa)PasKw5(IasKz$89z)H*x8-oq+u`wn4|pDl@^bw
z1DSz_&X00gQ;gx3kPqA&rj#`KtD<+qS$-@r1b+*IzFl6U^njin!Fqx)_xME`0mExH
zd3qAfrBAsP-?z@QzXYlI)e6~MM+7XL6uWVB)p#O?Sl^k<unfTRD_uIrnzNtdsE#Wj
z?B8mv3voL2EjVmoj?RXht|`vlVCKK^YfU^5;W`s^gJJ!YhFp2dy+#YP`7P`Hrrlj`
zFDsi(q!x9&2W49qksV*Wh&SB0ed=p__H`jMSy8wV$I+JkGKKL|R)1h%%j9t-?N;bq
zkYY$QcWjoTcG@KbKR{Wqsr$RZwjg0>ij9e@po#7;AZ7jWfId&@sZYA`Ne-$thQGLL
zy&{76;D_1vUg-7-4%+uq`%4=eBwcNU@IAws##Y-SYPHlte?tp$IR2|h!Q4|xl$zIm
zPDTsZP($l@t>vFIRVJCMU@w8kf;ra6{J)$f9Pfj*_B-O=wj#cria0W(t@V`pa+XJ_
z>%Vk>TfZ-C7&@ox_EBmc={JctelYib9((sQ5rTf0jWC1+6CSRp=WdaY`9$xtT(HgZ
zg~=wc(Mr)f_XXu^TMrhO%yp4LkF6Q*&bwQwrqnQPZ8;1K%}orhyRUB|=NeQ?7#_iL
zdqQNs{?#Q#y?KKDNb_YwhP~j~FqenDwlnJTnofVg?}-NALvzeIZ?1*25Kbs;r!ieP
z^&);9)%*nNb3u0eOfXWHr?_s6NLLk`rJ2bWhejEQklNu7AHpE+>nlAuMv2fcIZ?+b
z<VKWWcNlo-rsBuvFP<)BoeN9fSlC<Bemc_pl9`ZMHI7)~hZ{+GmY`x+wxaI|x?!U)
z{16@CX4;Qz0v~Vc``*-#F_$rC>`VI=L@MfLjMsl43J9fQJY(%P9aY8D<?&qLQUrFw
zuA3=6Dh)M^db$+Wm?gLn(1fU_%t{!@yB))7ypyzjDyF!dZ9n=l9mzZSB^)CXaryQI
zsk;W}S#em2*GcFCvNOsu1(xIIk4@t%4P!86be9qiu7a$htwqPqW*uZlQ?I7+T0K;<
zlR+D3>J*j3Lx508@M)Eo<;8v>0>j@@*OXyL#u&aklLH>?AL0j6y@RtIHimVJSgPnX
zY3fX^wr7aTYepx6x4&DTHVspLXOyziw#=K-{dl6@`E4+<2PvWlp{4qJjDOQ3;*=Cn
zf7#jCD^>U*Zn0Tk&lC^0G?FtE83|>3d@%5!U>vMJxd>uJ#NkI8>)y{xe5gf{h+Xp*
zM1p;e7I`{V_Fw<7!L;)yf8mc68iqvbY``h<Y~i9Bg`pOcAIHi&7O#|e^j)GGGwB!p
zU&nQgzSQwGlt%^{5_<X?Ou_eSb~g3cMUSb;t(q`3cXLsO^LeQAXrs{U2!o%CircP8
zLw@^RyCh2Y72D`|5=vz4U5~eRI$&>4=@^N^WR=WJ5A@xTjtuVg?oq0q9^G!IH@YD<
zew#D|m1Sg(+ddXWh^ff@)-mI+j$+EKUWZX8Zq0lys=>0t^`mYbD7rFP>UU~AL8FEV
z_sw0CzW)oeKzhfJvNDEyK3&hZgo8C~5Pve-*t;qum?lQ+;NwCLLNgv!*Ui6*sXt+A
z@=qh<5FC|oMu^(9rK~A8H+o?n?^rY+6@6G8dWtx<(QA`dN*vYh1{!<Tq94cXx!MLJ
zA%_3ZQF==ola$gSo6<5-=+hFzG?v7>Ow<-ylHZNo2g6i|&K%+?caO?9XgfKmAb)Lo
z6yzU<x<aj$7^odJ*tI?st)`<-ODhozEqvA^5nCy^DU(V+WHJBH#<seiTX1*^Q|lJy
z47XAwS$}dC^(Fh#MpxVCdJC(wImv45dNXqv3Hfxm3FbZR$f<fRgJ$OFiXY?5;XCd4
zZIRE_=P&wxRZY6kJ%ehVEvkWrF(l+`ar|*M`Nx>IGJ5B>np-hi$1m*KCVfj6?`%Bc
z0$j1P)EXI%SO%XSBxp$apuLYzAhgUrpsmIv?T2b4>JPRe7SG2@MC;<ocBv<SI%S??
zpHIjtf0y<CgA&LA3;a{W<A!PY!MMoigdWveFu8BG%>oxIoq}*IgQP(Ekv}A!u9y-}
zvfS-I^xKfy`M`Uo73s?`nTs(!%v(hTrRRoQb43`{ew~I;rsi2h1J>m%W@Ps#Z*A=M
zR+LZ;YW{~}tU==|MKZLM&Y)AT<{ab8(o(l#%hzc7_ILvS$Mn9Ko_<!4(3i~R>C!5+
znvNcNceaD}e<%#O_O~Se-a@TQXOuXXef8~u!J@q1RoOk$l~k}dJB(TlYSZ-<f{4*0
zaPO`Ysc)%uf4!_zGRyBJGhzB_c-ikAG=~uyNX2^RPF^k-!b4{(*NVP}ap%7Mme1YZ
zF#gxv;;m_VF{2Ojs)*{(h_pU=e*q4pEpaYI?MIH5uPg#Ma>ESqe4at2mA=`546K$G
zt&295SaXg_A<7>t>tn)%V}6J${s(h6_W>AqvK8s&gyKuXI0UIqVi8fFercn;Rw6Du
z9)c@0qO3OcM21kk{y~me_YwD#-IE~1+Dq@{VN~*Y-UVbw#Eve%ncM1Wl#70P+!Xv*
zQOy)?2MqU^Gn6G_u@Es@dvDxM;wg%1gw@#oDX5#5<TrUN*v*0AXn)1(Nno5-A`8fs
zfm?@2Fz+oTtQA2KBxub<V0opbIDmPT@{_@Pzcvj9>|dvqoctn|aLC?29B%f4SRIe`
z79mt4&2^d0ACGk!V>Q_xv}m$w@%Pb<@WsPc(|NQ;ugq46;>BXBy|lhEit(0b?$Gi!
zvXl=gV=qI%of~L5e9~g}Qan`ej^)>;AF%zalEdMQj|I|7c{9=pNfiRK6d5^i2!g)a
zU!9oNR913FsWPu#U0waCv6`)?;pVRV-QAt9kIRYCrV9pzkRB<{r@pz!SMEr=S4c*4
zXfT_CZbK+G6*c6awBoD?X4^7<r?up3d<yis$^cbAyE9|};^7L9Y7r>lhdA{5xGZD@
zY+QdzXIQCPN6B<Gtdp4~0Xbyl)BAd}K+hO{mnDP0<gkU?y0lN$XgDh0`eIDQXWG41
z${XfQV@IYc;|zD-wak5YoE{wEb2KIM!o-KP9O9VwZ6kpaLSdE2E}5St^uFV^m9fdC
zgxEUx8LrCPAPR~cmd&vH1(`P0Bj&F(D88f1iuds+s-?Js{rF8^vj6jWG+wmx)$`nP
zs>dzw^yx?FT(i*RiUt$^Ec^5f^14m8=Est_AiiTPw2%poQ8%4>5q9tUw2>+1o`Y4p
zG8bBJ^+UT>RaYNtP^tdho8Wo8*89$jay#SZWg6nwBV9#|UB%sb^wGOyZ-mDPuux@$
z*B|IvkA~nu!f3`GSSyF)&sv<(mFut+^WYPLeur4d%a0L@4H#t>38u#1yh~Yai^}G?
zh}Q7tv%pYYlH?5ETi7_i9gr48{FsZV&Nc%f7(Kf`7ECVQ%>SwrNk_UDP$V1fU(b2n
zws8ozfkWFWHrmbsJJ;E3zqCyMEc=}weLB#Gs6v~}hsTU8G37hF<Pw*)o)!4WCS?T~
z<{rKDzIi{io!N*SDFZ83m$nY@fe#TNl9_AP)p=W6B4t;-9afAWdb%p^PKdsnju#B&
zwkC?F8xCd3a3l*j<~vK2obSyxENB%69`*a(Wv5q?j_6WmS=~j}Um{VUnV%hZhfx1h
zKoZ^LRdw!@i2C{Ha@jqSg)p)!dj)Z5^j9^82APeofba53HW8a^{j2rR5RzJU{m)^m
z0Jp1D5go5G-Q*rQt~s0r7><#wAkIQqwSFBfq)QT*RxL`U2k1V4uqo<`zIp#IX8{vV
z#_hw6!+o68!k-%i@9gmw5T?v$C1_P#Hxbi|m&mUfRmIQbi!hiTOq39C)6r@j8pkEB
zp2|~loNZvy%&dvs6=g^c1w@IcFI9Bk<LYEnf9jevKxukvN*zq96y>}X$Z2<K)W*{d
zqwPKDkxCar8U{v5c`-%4g;8f1EL0aG#1~8R6CI4pB<*c8W?RwANP`GpU3$9S>m(t#
zOAS4f?%nP;rRm=ZlJCCK4EfwX`Qz>=rT0YRvGZLWM-#%{Y>1-1h?$3SGwddain|{%
zm5V%;7mxJ{C-Pl-qbq7R)YI{HDpD39H%5^q*3g0iZaPjjgX0ND-@IEoYga5l(Bc6V
zt(YzB%go~cE#&6?5*;&(*}#V72U8SG4uwZM$!X=bBlu73(vzhO|HDgD=Jo#6bJc>;
z1OwXH24|?$s3SaAy-0f$=B>({?aaj}2jH|DGbq8@=V|{KlzV7_ePY-URnW@O8|bM2
zw6<(LJ+uM!%@IW>m1Hy_dp08IaZ&|HuAe~PP#WHzBKfW`)z;PU-S9r0i#3JW&@wjf
z0TPT83mKEI`C<^(j8fYa2&BZtvA)c*5)*<ckD?Zau@s`}l7NqoFKg~Q%x{A_*(N7z
z<4>AU!qXweAYJO3vhfqR;-g)qXO$9V1C-2W2RVw23P1n-d!Kx>kP6*h60(TE;J<(S
zCiFA?_w=HVQ0?6LI(KKiBU2KZ$W3_)kA~q2%}A$36^c2+UxjX;5t=}Oy6h;dmT=o+
z)MX0sMmiq~xa}#u^AwxEWV}$w=iq?SYX8+5$Rw@N0r|);F^!nPRR1HmfYh_H!8P}o
z&yq|GDdaMAs!N}aI5?6W3OMipI9bnZ>>8qZDU!jv^g5vQ(lY7nDq&fFr;!I4nIc$M
zSN9Zwh7hCR=JuAZy<LSd3{cE&QOa0<9@@F|NS8oFKZfXJGa}@+SEZe@$W|#n(AJ<F
z<6cUj&>A=43nuuYudN*#Ac_2QtzfPrjn}XR#b|0jw(hE^C+l7H5&R-li_{_Rcur8)
zxvJwmZ9EW?7(PM}^)3h=DU;SM7bu&A?5K~bdin9=342#y{cmr8gJOms(0z)qUA%l2
zYO9BslnU_1(6LUB3CaOi`v}o1=f(7kJWP*Slpo@z$g19ochGMeYWpMKe_ii74*H7N
z10B7d)}FJ!c08wvF}02CFbI6ljzoyTNh8fkS;eFah9347ti2t-)G(7S<Cg|y{G#`;
z>%#EQ>(p><>`rqt6e(=gwpTzUrh_LGFu-#3A>GQ*9U5%Nsjr4I`C6(o`QRj);?$K0
zC29;dvmVqnjw3{*{~c+<&z?9AK}tcVfAhn`6?PM)AGFfb)1_D(LHn+43}#Xu9v+6H
zprDAeu&~s{#c8~el>9m|K7Ri54VTq?v!(Oi%&Ul*8QpYU_VxOP28{rJ|5e;4FS1JW
z><#K2x;8Hkp=Ga>l$6+##v@tv>1s>4l<4Qu;VvR>C!OhOX<}b2E!obGj`B%)%v5t~
zYMjH$jC#`>8<U(D;0UQFCk{%+#@X=M*`{)X7O%S7t5X)Mouu>q`I;uD-Gp~$X8FnQ
z>6cN_&`6wjCd#th&-b#0C>3tAj)lE$CInu*C|8r0hr;C?9eL*4+OqRKug~7#<Kw?d
zlH!H{JpJ39uG#%)WJK}!@nZ@EIQWiwi9nn;i;Ih{Yke{(kNh+IhqS+%wS;>cNK=2L
zgn275eNbXV-9HrO<ocENz8SY|)JRd6|505bYH2Cz@)mZuvyCN&hP%y-hl~QwJM*E6
z6_kyB=ukXU-86$FvMY_917OUP{3LD~c8u~g_MsPUFR@4|4QeuL28d@OaTaQ?#hL8J
z2uN{q38vDMzz8LjeQAGrWZZ%OT<V`u4JIaLORe*M%9pK?yvOC`<w6s;pmpoYHA?i)
z&-Ul3jLpppMpB-?d^v14S#EsGu3I~xMH2;$VD^@1SIJV4lEybXYz`e;Hy%pmq&qt7
z&v}~J*_Ef>-DPCZNV~gVD@<4l3N{>_oScMREvqsUHQyZdoVlOvY$hfqnwRp{`}s+1
zf{G~dyj+c|3FYAuaz86Po+vY#H>!E}?wx2vP*7PaujSO&q$F}@CsB9#yPM<w=qu<r
z``0fWHl6Ci`RsRb0#5`OQaz4>1Q;0^cl~fh_(g4(ByA<k5xk$g{EQ`Jx6%oNZA_Fc
zXNHh)+(pI3F}UnEod@XF*=1*{G8dhr&5e#$8Ls{NNup7xc{ngJGv#qU>)hIMd!}>#
z^((TUo+AZ0x$K<Vb`d6vMzM!sINl^wZJBs~J`ag<vauD#Iw>I#rz>jmIBX0|8+e|M
zs`2sh{mi=z4hgw5@Hl+44hrCunT?G{6F>{0`swEIdaFsQr_*Q*e-`3baW0>PKmH@5
zB+42FY2$Buz4YI3vD#7j)!Aa?*P1J~>-pS_%`0|h!$^U8`afr&1L7dmy|4C$gZWix
z0ehEdGWPz^UpjjLpES4F`^CC#GQ5)n$zMw`j+h{`Mq9>%6ez)FMPz+LG8-X}^m6CG
z#_FyV@h=g~=@iWWQ3)Xv3=9n9<&KC{ZC%}+v?hZ*RlDfu=%$mljuc^cj~{G0XZ7hJ
z7Q|KBy|fGr*HF{>ocl{0N+B1|`@36+XHDKs;#=Ftp219M1x{MSN+u?zvis9<gFl%W
z8TB`Z9aPr>4jYOe`fglZU46$5AWt(HnV`NmC18|`fUZ(8@YtED8+L9BCMp>p8R3r4
zEL1P}nUzI*KUraNO(o*N@3ueJWb&`c9=f}6U4QZt`rJ4;@P;3@vcBF>sMp}6>)=qi
zAN5>1BeYjTSNC5kzwOdNe0)4kdwXn548O;5FJC5fe|uiqa(87O5f~WQdcq$h`5RQn
zzi;N_#f~p{4b;?P4?x-7_NR)@U;aw<nmV5{FInZ`=H=i};B+}y*qof4+`|t0uzs^$
z(&7f`*V?4_T%B&8%Owl&WTuw^{ACQ2{ILDVzv%fueZyy}%*fUkqDVKjJ&Lmen8t31
zD?v5XaXr*3o$v_(Z`)&}Wu3&|L=y<1o#=R)BTwe)Jf81g;l6n`oF)C5z2Nx6N|tym
zM?gJii0bzt(xz2I7Z0{fJ`xWy{Mu%p1-A=GVs%J1nv$-jTAGK)MTL<qyvhCC?Hpjw
zfmRM$mBU(JvY@7cM``29(7W@>ni|XLwU&=<!F(~Y+3mWY&CPY5;Nel@JbKj0!Nyi4
zFE4-gudmO^s3Yl>ea?Dk)N{6sjEr#e{?+~c)L+VZq_EDO9{b|_d;&yRM2E`7#l<J6
zY<XvAC%-bHr>m>XWivZ2$6Q*tR=0R)eqMCAzn?>ak+7TK@nhkkp`k|2sF=jWZQhT6
zztt!t3slXH=-I*Ih275-Jr7%7SWJ{QOik-lTcCq>T$OCHS8h#-{{EfdgRE?@iMsla
z2HET-7(7qqmz%Vtq^6{lR0?O+kM3?rw&3SW6ZubVf!W!{VS$0tKGD%CTH4wP(jPvg
zN1t6BulGCOF9uS52M1wZYVPso4N46F`<Im*JFm#YyL)<A#=(<zfW8-JB^I2iv;T!n
zW{MxumXawQK?xl$wRv6<brE8qy!_M|83cya>#1u`PtP_lFE3YcTCq$J6O&b5UY`Ey
z>S{GiQD5KcdQ8V!?tV4SzzLg5L`VY)1N!bUK0eoL_prXczBk}v6dWBK3YTp7x4>W<
z1PsrQg_+p`CPp8P{)1ibN(%7z7V8a@_h3Q{h32{<j<}$vx4(Sk;u`Q-w1t(*cLWVy
z6|G1&>$BuWNEio&N2bsrzO&J7gqJeuBJ8#v9w508JN6Q?`S<U><iXUw!|Yu3*2Pd$
z;#Hl@tMcS5|3)G)z0teu_s2MFj{Lx47k+wz+F=A+SS*o=_>Q@&Xeoz1N7x-AsisEc
zy!hK+1$_Aa*;(NhxkTP4;IjTb%+h+Ml0Tw9AI=s+gW=*v%)ItPZFAh6;yJ&$JoW-p
z8$C%By7P3J@k7J45WPJaF5B_v{lmGHE)h64QSZ3@N?KaF?kwq-e6pQ8Kw$b9(3>zZ
z2M34s2$8F|jX=i<?!=4UT`WU8$8q{@rvG{q`KFO*SGUe~ryHJX@2_-42bzcAT3hc!
zJJ@8r<YWR4x$?hGmX<!=fu<DkO|B^{e9vt;RXGU$wEPTiFJ1o&uG(ZE?X_*PpmU#~
z^Ij5UVPOIHMZx4=Ujd3KW3)gcVo-#Eqvhu4v`D8WrJ|-r<4eEm(qHuR%j0zgL;v2@
zp120DtIc0a(EatifUi_)M+DV1geVygNQ>@d>4!gRQE#(;UIRT^t&;QpN!*VgYrT8Z
zb@nEj5{RGfZZ2=DICge-cYB)euD1OE!1fPOo*yj!sZjYPPm%cj`w}J$9UUFPe!XwE
z0Z@r|Q_FL%>&XaHOMeCj%RZfMjduK!OZ-tRET68(3E+y9{K=C^5*U=FoY(f-AG5>X
z-~V=JX(=N*ybAo^@ULIL!kn&)YUTv0yl$^ZZ@($Ix?XN}MKiS6Z4PA@!|<OKs26Qz
z-p&pIHG#4Egu2GwzwsC^?HI3DB>X*M&y1>#Rg&-3oiXEMD=~a`1Z6GkG*nV)4bBuF
zROMPT7F(^56a!a7OK4<kY9u$I{!xH3j+!aL$fP4amSZ#N*2n5hXC8Rb?ndvT7<|>2
zfzW4r3rD^q#aqLi0(|8Gs_q%XDTTN46d7G$kpLGGz{?FB)875<KD4;9qDoFc@Ewei
zh|tA9fxiO%{bNP;PeoWp%y^bJH-EZsj}`4&m<>XL`;Et>aIIZiDvyKKh5USGxtDnW
zCGJjVo#*xVxJ_JKT;|$BNNPZtSZK@3hm*ko@8FP#1Fa@zP$+~xU1NRT;(6^P=rlb&
zEqJ}wo7nPn>+#aY2BWC`+P_66m7EwUDXB9g?}s5|-Ev#qTW;L5B-f+?&d<(j7OFqR
z6m;Hwb*bb24}2lu%dd>yc&_D>nt3lWqc6?i(buc3=e?%aZ7PCcFlv~L<ZD$>Dmefz
z>JZ`8mecy$jV`uH&6-?)ulHM^o8<^mue28MKxagOI22c&8w2Uq6}}wLo;^DlE7EbA
zt#=&Wq=Z1H1$K6JitJQFO--Jg{+J}yPl6u>1O%v4zOq|6M?gYt{1cp0Vbbq}nubpe
z?4)u*yOp<)lMXF`nr^Mlhs0+U!T`YcCo9%>wnhsu`79<lF{r&#V_7r;ZUL`~tLo5i
z_Lz+G+*@Cdn;dvW6eJl8xJxpi!I>o2!VQkw>YOlUF~*o5&{tVQlpqDhg~u472I5Zn
zqj)hZ-XtX0f0F{3d2oU|oS((X%3#C|;Mkm_0ArTF8Tg&fu#UN(@iUX3gL`+474u+P
zjz#du?+#4ah+Ew+a_xrGx_hYU_ff;<gbwP+ZHg@6jt)o+m1Ly*c%4<Da|G`a*YsZc
zi<=GtjG2RK(#L~?gUL(uo3>m)lk}1CS$%y=%Z!VI)3-5IW!}zG()gVVjBVd`)qPj|
z1sneS{pRbvZ(Px5e*$qWKYsi;RWXf#fUpV5gOgE2v$3hkT;yWGuLWSS01AwjAZRp!
z$6TPupylqf(RjV(bhZADJ!QnNiAL9Bd=)ti2m+)gB#y&iPf=Uj3=P)cyuW8D>upn~
zo1Iq&s0vHH>v4`07LYjE;63IR{9lBWl$3nx`c7w}4mc(~OjS)yt3<D%dieoWrrX1h
z&(HfgX+<;<5fSszu%9~Y1Bgf{j|~b6qVYs12VMa1M?M04sr$rAF*rR9HGBq_G6<>|
zBBD-70CnS9;g526oO*vU!kY-43`%#%sa<I|xt%rv$Z`JsoJC1V>4Tb@+8{8lmw9C6
z<;Msm4Bua<UwSmVfp_9s?@PwCwYO(EJvw5J?ODZ2?Jpr&%>Y)~&D&ZO-B%c)$+#0_
ztO<wrxB))@1|LJ^cgx;)%iIlh-!U|^M3IZ7#FO!m+Im~k8tsx)7nd;M{J?~Ga3Sw3
zTY<ag;yd*vC{lIFYy-Di7GY%MY2)gPFu1oWqOn!|5BLC|TLHHS7G)e}aV(xLng-|V
zU4&FTMhc;{TpqXa0WUg2j5i_Rh_B)Ws~a129gf$a-ZMVyIg1uhk(xR>8fYje#z2M8
z8G*ieQqp{7R-BHRM1s%3Q8EMO2(b7b_(tVevrRI$sdAG8sl>meS1(UPIGP!a_tOlT
z+^TrIrO+dNeGyv$@NkbNOaXfT!e#+ZqtY=sHN}jEL+-K<M9M7!_4DU{Sa^6wp>EBJ
zKfs+?#d^x!`2~G`-s`%EXL}Ro4WM?Ob3N%_im>2n4@V0t2Mfz%1UQ%>I!K(%Vp8Gc
zPt48q4GavDbM<6oWSV5Pz@&P%V~>Uw_+3HdawX-C)N>9nRkV*~6VEs~OF4lZ`~{4!
z%N=trE-uT7^#?Km8XS`6;-P|tK6$xz2H5m2CM-5K_BXg`_xB0hGAd90jg3_&c%~#I
zY&C(QdPe1WqU48I$Xm59FHuqfGF(?L!cT|{)kuB}ysTm)%n5EtVy4C+TfD+Pyp9xe
zPhts(FP|*T31K_#pfIZJiP_#0m}ccF`;<8&EI$$Rp!2eXT2C=i@_T|h@fcusuT(F8
zDy|xfsgbpcr9aE$qtc}$(S2ubv!e&!oWMLVMaoX3+FWC+3_Q8dv`rCD=f<eh?aRu^
zaZ98$jo;cb+XfQ5s?K>|KM@S+-@kv0KgGj~oGj2NS=k)^#o(|vQ`h)v{F)UV2ZvXi
zfEWfGf+EO%Pb!r3LuqC4GY=0BJ57Y|VC<f*u+WkN&*9y*l{-MufBF)js_ntF$)6N)
zJ<1vfy^G~W3!|o`{k!riC@gIB6$1bRK3A-ehzNzg+w1c;u*e@j#=1u?yuH0&s2Cw4
zAvq$y)zbPI4r5|tTQ&al$;C9R{{@jS;#-Jt1@40cZ367RZ)PJ?L-bx)Fsy(mftk>A
zd$nD{Gp$jqYnsg_c6Gj=>H!`@(doLNr1_~m=(TW(04&#&wM1+BpE|wosQ{k#<7!!=
zyz+^nd@`QlU38DAzK5vo?8>|C_FB=tHnRR2>G@hDRCU1o4j$5i(^vIaF$bFQd$Id$
z#pLWYecX2p9V}`sUf(R$LzgOwrppCwO<$vZEcwJ@Zw0bk?J9aHYjZ(H9pCY<;^{Zf
z`Mqvx1K-n|SC=~|=Z(;ah=?$P*9NE}Z0pf{HK+MzPb#^eFIJU+u9KUKwU()^uTN-<
z?*aPYbE-W*`RI4LcLAgjS&1B&s%x4-k{@G#{xqG85Ad+Hwe6dl24(64%ntT7avd$L
zyl94`q$G>dEs_u*_q*)B$Hr!B;l}l-0UN<4_Z1N6jg3OmXRbheIqK`Dz%>m*f!2>F
zqz2}W06s;YYW}e_Hy78Sln%VEzMfZx8*q5N_4TMIC~A?Il9KX6Uzx?}%O4MpV`>K)
zl?UEAn5O4L?7WeYk$CaobpZzJ@8RK>H75Nj=#S~&zvWc#*7)BecP)Z(jb$n5BgK$J
zS5gOSF<OwPZQ$daJR09IBDB-|Ob6flm8~eltT?<%$LQ;h2YhKZRV+U#L3}1c3}_Xd
z9~c#rn;K!SS&7{#`EB6Gpdci4_4F{^&i8INfcAwx<^KKhPJ));Cn3`4=x9QcdaP_4
z*XVvL>E`C<SQtJvAOixfRR9L=z$;8!0!ZSjvhg=GQLSDiQ*UVrdfj4V>1y)U|9*vW
zF?}Nq;7TBfkBUlHnHu^7{rQuX%Oz!NTh`Yv0UiKo?}&hQvP{5#*VmsB1QA{XKa0<}
zI|dy9i3;T5<WzkPNXaZN5GMnzt?8AZ<<OVg!`yQz-f$uJTBZw${tNQ%{D;Rx7@h0t
zF>+BIIM9oE#=aNnL<$Q^q#_)nnZk+!mb?nEw#c~CAU?j!%S(13mUcy5k5-(4aZ2(&
ziT`jFbWx3R-uurDLL?U+&0YR7*+ZX0D2a%Oc(x+U!ThNxN-r-T+IR}SI5e>>cAOFo
z`dww)w0xdXRMdb0V`XFG;xCP2A{g$U8{U3@OMAMu1?1T!Kn5>Ypx`4=k&&~=1Rxyh
z_6s293)X>To!gpiI41+668j7<4Ii)jSVI5$KFs=WT4B(4A)g>EWf?aUusDE`-G)z0
ze5RSMXrrQ{qEps8nu0<{M|bv1A$8C3A!Gnl^0o1JvEE|<)0bbSDost-R_1F6kr939
z4R@E8lxshA5%?L)_oi!<K>8r&uK=F}JpmX7_qD*o%xr`Kk5i7lf)(%4ike!MbVfme
zdFxVJ$o3`ezie<)baHwTOh5`aW(a_@lQTO5W6hC<7tHpi0Wfw7!TtT|=_!~R@DfP{
zyatSJAWr5R0Kn|}AfX|Ge|m~XMMagScNb3wfu8*`lB*P*nVAW3sZPZMzxsGthK9Pm
zeIwcdZDV5ogdZ&Iqzl<MU#=yR!no|}l7fPR?e0N;cmhCOj!sJ2QPI=0<fiylms?m^
zS?6;2u?E;<PS-2Z3T8m75w{q&`o<p|*i_h0q>_w{jq$vBBgq#N8yobwKP4GDD(oSc
zo}AotAx}z9rUPOwMN2I%1r>ZB!I-YWgCG_f|A+&ol>j0w2S<N3)A6fUuQnwW!C@|$
zrugAd2&e+L>>06Gp)R|L)BfD9`$}ij0N^t<d4+`|-|~RnSHsbKk#P+ANUvn-sa$J@
zkm$q)YX94n7>Z+B$XNHW6_1x3@WRDi=?^YF93>?s``W|EN(>rZ4spvg8}Alc{Y0Ct
z_Zk=gakvwsCE(c#zlv5?Q898|?T%%Srk8W80hgk}YdtqppPlms!8<N4F6Vv8d-}(~
ziD=u@DoF>vl7O-8J}{;jTVC5QZf@pjDagr%tyY<jL!nQnQ~AIhF|XOxC5)7VBCbH`
z1Os2F9zfJ%AQA7ofjcw}6Vud;@9Tg5?AhYaTOm;NSGzUy@`6q~6J3>+mDUXMNx8$^
z$KA0kMc5S5D34YzpT!}1_}Jq5hRO}Q`969}LqrWe;!y@j**U>^`8sZo%?bd40xgDy
zhGGLDJ=JKl_}d7WKjFY$@Yu@ZdVmuuz)rIk78dG&3%{?ftv$8$;tjac9F>ob0M%R9
zD8V_;2klN(CGr50a~RE_KnXT$o*E;Pzx*5;|7Y=ws`mT$@6GMkwX4k3ex;?Q)dBkC
z@sfsSsp>(c$yp&oW8e_5c6R~s{OKwGfOt|3PP?D6pK^b>iD6Pf6~#Pc0w|=fub+_d
z2>2%mZEbDz+mj|HCOR{Xt`)byAn@%^diD56eEbG73`CgBH8nNkS><%}^j82Df3Aj1
z)>x<3w6xs&0+p^nA>wiI&A{ujEy8p6XtgKY2x<>?tpXUP($v&MV&3xk5#Z)?K!_0u
z3JQkhHRtAb_6=zMH(BdODoYJfzSS{le#fAGo^HDR-wsho8t}L2Qa#TmXLECNmm{b|
z=R7WtR<Xf>iE@K8(Xq0!y38^8LJst`yiSdkXAzJ9`wBl_7$1N~Pl$nNhLhf>iU>z_
zESuVG-2?4(2cVVP)MKW>xx`slSJwu3R~^9Rnf`2IB6#4^DD@;iIVoucAVk6(#e<ay
zI9XJe_9f^`U~wwkg97>m#5;UrV<Q~=C`-Hf9}ncmOqvjfoS&2W*|XNHl8*qJnjg$4
zEiFikvaGDk(%#;FH&snQ=V54<^%vyl7ixgSuy=$jk<S`ulzslXoy__RyUWA<D7rVh
z9<O1)FrffaX~#fW`C}@80OyBZn4<eSJ3DI*!q$1VSFa{ZGBSSCGc$Lye&|@W<6-Wb
zo0~JFjeY<a33{GnZDaX7eM`u0$oq&`{Y=knp#Kfn#EfCcdeE-G9uF0CJK5+0ABBz2
zYUbkeT%&6g_&joB%`i)LAgk0qefrb_geogJuf;@eXXo4VHLnN;I)47zeCzpU=Sj;v
zRWmO0u|oVeZ{A?fy^e^8sJR4)<Zvb42zr?>p*$SeG6sXt+#D#tNZ_H=JrVpoQ)^p7
zOhRHllnFkmX9<_F_bECycG1pkL(N*!$jFFhAD9wf%W{AJzb_Rvbq(zP;Vk<jT2_PR
zoAByLA&(22R6wi+__*&L6!(L&`Z??5=*Tv(hj-t_kg7X=Cu(!HGf4^jDWf##PH5_3
z58;=S^fep~cd(>VRa8`T1h1zJ5BO>YI-BzfG6b%k$du^vz<{FPs!JZ&<`DfC?EMx2
zhh!n)2}-}*bEW8ne0q+ONzEIA11smW!hsXb2iT66v$3&xP@sE~($f3x7YB>u50yCr
zvW`GRpERvRNIFlIxi5^2Pe2}UwPZ?RxA(w44bI%mOrZpKFH(@ab_5jU*oO}v_V?zR
zrlm!R%!YI1iloEIUlrx%zO7gTmKsCzVLRDp=N{g_Su)Xokx;P)R)pTs5)=Rp)1M^h
zY-N3mdB3soB@ozm;Y}`w8Efn<RaK6s9aNA9RK;XI@EN?L37{+V2}b~I7r;X_0<6`y
zzOBp$Plg)tl*ddPaGEvoI&e=B?GaS-x!p=(t@HB+F90)XncM}o&Ensn$0kMkP4z}^
z-uTNe{{~hI?<a7d!;|^8y6hTtK)x(b8Hr0sumG@g3z${UQ%%AZy@3vTZI|1dXoy1`
z_s-}U7<3fkIX_GQ(>t*28raYeX4m@3_^S`Uk$d~Wz&`-D{c>|yL3EckuE(+21a#fy
zPDQ^!p=Q}f#D<8DWhRlEgFkMl4&Lfu&M5rDr(O#kq-Tf~`ay#5LoVNJ+@q6LOhyE*
z*rWi8T>+C1@SjP5+RN(2x=%Eelv-!YjHJa>RaFxwCMFiv3X4JNup$Z?!I?oJ#p5i|
zy1DMKkVO%}8-$U)eDfa1>p+XpgQP<fQA|lGY8m*EIUHK$l6#AbQT?lSvA{P72Z~N$
zQ|s>T?nzWs6k4JY1qjV9=fOcIt0*f&9tcCoHo$1$0M4>?E-=5#GBb^|03Xx?@0aPc
z6)8p?d3*2&*Zt4$-wC?Dac$t#%Yh{*O2VpnkaPCxC-6c;L4akj_V6PYZB)UJl%I-C
zfZ46zUmPw6CYrOYm4EmXKo&tMY-d8o(7kGR7l2JB<q49p=d-iW>@gb~n=uH^`>y8a
zf$MdB@)iB@RuJ9oC2V28<sQczKvFy~sqz2`vIP=K?!lJ_g5w)`z=x6htML|`7C=l+
zB{u<_FM|<l&%?}|j|&4wIAJwY%k>fXd>n!T0zam}&WDD&x;6<3$@FH4{b0tMC}4`A
zLi>+~S!n)4q}|=fL@ues8SW#^G2fw5O{$Q#$ErvFp?qdpRh1gMW-0Y1aE?2Mhlg7x
zYi*Z{AMEJTiVE}cc^EZGFc`)z*<h3mr)acggQ7CN2XR#k@DDc}T;h6GZ$d+{N=8Oh
zsXPw{AKDKz_JnmV#35mX2i&oT0sDmCW`S*YZ{Dmbfr*vXLH7N7EJpD65HVG8aWM+G
z?A~VJXRdR1Jgxl6`9XZ_?)DmTbaozR`o$XEg$%Snky(F`lm{nP<{m(v8PI*_A(9!N
zUoj|j14lDFj6(3t*Xar*H%p&POd3SJZZv;!Lsg(WK8+P>DS^CE&2Q969?VdSrN2QY
zRl^Oiw93j65g^2<0rOJR@%Sd05lqCQPOe>Tq2(cAe|I)*4S_hFR;uB^Tau=%ySw|y
z<zz!CO_TL(z+inS`(1>`Q5VBGSwghbgEqC7+fY#U<zomFs+L4JqD}P!781nRi<sK4
zp#VmpC!o%oFnOw1c7K=qMei-_!ANnMV&V^5JY4Q*2C;n7!?(Ny7us-{HHfF9qvP*n
zVyd9f-_7u<8M?oF19YQkiB1hWH;C3Hl$F1iIN3{sBB6=O72@aTUp4^M5(}=3m^2X=
zc5`!s5fTzI3?ab55X~|K6kM4?*zIIx9=fNf0Jm3)hD&*2?hZ5ScsnyQgTWw|;IIr5
z;ctAOy=p2dqWM;nfMb&jpfOPA9=K(df*>irURhajTmReF7cR^Y7l`%bBe&?(^mM~}
zci}bC^VE}<56&@(H2@`RK$)71jEs<~pq4mt9O+eHSI>Yu>ewDHY1!D`X5r!`fmuwJ
zuXckxWWPwOBF6-z4PsVS#o>I?)OekMDu)=j?^X$>f<S=+oJ8gw6HcJtgT)#g6jXOM
zX_9){1l@ZXy1LdC$z~5-{;n|_Wd@i!hyFn6*i^PZ$%0J$<>_mP@gBM`8^)dW67@K#
zDlh&MdB2tP>-zKk)7R|XqSqCRTm=Sb80FskCEP+%iO%(iZLaXfQ?PB)ThW)3rjD@O
zgg{BfA9>cO;pdHQ?Wdy_e4?=~{@Hqj<t+fX-hi+Rd?EH-2^&MP-`1k{7uU!7xG<og
z9uU735WOuZ7I;g;BbUCuzC&KX3S9<w@TIykg8`5MP7wZ%nVOn{GRfTl)$~)5(Zb2T
znaR%1j#XJ%`75a0n{W!jA8u}LvT{_X4g;bLz~5%6Dla#y3)6>v`utg&o{nzPhM)Xo
zXR@L;Z<~#od5Ho13n3Aa79bWe!0m&0>IA~U0^HK_vgOe5us`quz5~K5t0FE%_7nk(
z*%f86FQq~b6l<#8AERWyUBI;EktN5zNd^C>7`6^vgie7pdrZuspJcPri5~%yrt^A`
z2jt%A>DkMGK$Hwn&K)4Ys2(O^`R4NkDnK!D(9!eE829hAAYgGkJ3TmXvC5E0{9z}b
zf($~bgtc6p_NA2-T4y^uvoR3?ur;DLjo+k%Es=-zb;#o_vv=*6<Br5_1g`O~DT(^$
zjoC3vqge)8!t;**$<x<T5tPY*-2eOo+=^L3@R=+>d>G6PG5PtPUbD(<^ecs+(*@5l
z0aFYF5rV)u0WBL*lbiJ7#BpH?J&lvB^Btd8Xq~Z3FHib<&X}+@6F#1)B?fJnw_*yK
z+A92K6MTOjF^~@lw-~WMt%n21ilI9D^&=qJQ(X@hS_42Fp5$a><Fe$y>@VJ`)9i8i
z7YPlg((S2vmJrpyT~>K6TtKON{}i?OKpEsquKd-p7X7=K(-E0D82k-XilaG?c%7f<
zS0fS+AU>xC518^SHX9yf36C509&YfCABK;<HC#7=<Gz#8`T`ctsoB}t%RxXh^Y;Dw
z86lItq{j+V8j>IoC1%q;X$NWC`;{ju+5!)oITS)J2el7YIlW-4%D+Gi2v7Fd=5;}q
z%aUapW1`SFF>Y!zjz<gOg(=G9kJ0!j-&16@QoEt8l$w|vs1liDRZHbNn#U=Q&7H#0
ztr6+$`0%oiB^APV24+@?^qZEi{p$q}a4-`d9DJ1rL{?r-L~dqIPP-k5LQ6!7s+3aL
znPV|P^11)8<Wc7gfvj_so$kG<z{5QR@)v#1F(bnB6tD4fH6xECf0vRf3{#DP**$@e
zH*l6PqgkcoP4h};m6kGT_UUsYieH*!yihWfe1_)ag`=tgqhT<-U|p#2gHJ8P^F4td
z{*Ah;A35C8mDfB+@eaWOfaea7lkN}EV6*}Ob`TU2VtxxerW)4-^GqQM5NNvsdf=)>
zA3Zoy@C!yn9h0M?B!0(*HDC&xj7vs5sJa6sWpJ)rgt(W4MEF9_R!Ifr-!@WVviy)V
zYzbkIgb6z;8dY-=R-|1+j{6A6PJ5+1EX+_AX`iNhl(Al95ptO!GP0%4b20T71NG3$
zgGC&}0T=jCLX1zfBkcDtq>8b~eWM-MwEP`Y&!-rxRA_;JS~Uzj9a&zyunTdDKvS`p
zs@x<ZI@MQV6aW^qsla4Jmr+gn3cL9|*C!ppTiF(Yu~QXq?IOXoEnAvTum!l=M~k?g
ze<9wT#(({m)+F|By0h7yw|xb_^Th;F>LWG(L@IQ_zTiZhXp$Q5C#(y5bmq%Sqnw2u
zW8LB&b<=W$1<NU-$@qiUswYDWj@l~8>?{J@_AojoCQB0#L&abNN|)Ef1JIKVFcDG|
z-1R^Lj{I<V(aGYJ*J1P#P5RFxERZFO@*gu<{(+GR+Py~E2o8Da4sEAs#3G$@L>u*T
zrLSj4mlcb6cSh})qnm2J&_)Rvf*Je&eSEsTC2;>;7Ja4x`Q`v2@~0-BIwPXM35rw;
z+KB~q_RY{U_-~B(%U3~eq(*Q}c$Z(6Y`z@tX|^Jx8vs9med{wIGc5l3@(!$IJX3I&
zdw4oa$+xBgm(b6ZGBr-u6LV?G$&tLq_XJTkHgtOZMjSBnoU!mcB9ia2)Qdm%8V4C1
zI!OJRjCR%}l;vRG16J3r|5E+ZO2@|wex}O2P*WwQO+INwCUpl9t|C5(=)4cyr9$ed
zi5~y++h=^v%B8sxi~1HnNF+GveT!%WE>;4J{07Ix0~dO<Gjh@|nSLYs>0vQPz<F=y
zIdMps6o0Wn3nk*hO!PlJZSC&s+w*x(N>MM15>@7(fZN1<_4g-odhqkhwtK<i$hXkY
zlkToAe4yQQ5WK-Am>ft~nE?v2Ioa8L=X2T%4#wC6q#g<ErC9);rpXBiJy%4>OE)O+
zIY?ocAC~cewP^{K7Usb&2Qx@Z_-SZpI!4OY@F*yDZNQq_d0`=|4p=kvZ)t(R;^6X2
z3JMCc+gD7zNDue?C+F+Lt8tMrDe8$0DRoPU39rm=TusMf@HryJ-jc^mOIh`oVDV0J
z*)3*IsJ&CBK=21obIsRB(6<<jNQRu8U=I^g9K3-=*OIl(gO=GWPCpI2AhXg83Tj`k
z?Lb;_g3|)m<F+LF`<jUpY5Ri`&;ATufT1x`zn2e3LWtP}Y5-m60$WPJSHs$k2n!>6
zuu$+DJRi&m!2L&oB&9q69@uH5Z1(9LtlE5>-4tLF6bE=HBd<vqP%>H-pXCC9vOU8K
zX`{qevj;TqCo?VW$|3MW*h47<c^lF%^#SXM0+z=v77R?TLEsLHRserbA0%6(xt0@P
z<st%@fBH8qKwUFz_8$T#>jLaim>PnWnws>}NB+O_!Ggp5<yJvSal%&a9<;P{!~s$q
zH17v0GcFTNALP6{wb}p_#xuZZPu<E2b?cM|fkqDm*d=K4_FvOcH%lg{jyWY@XnI};
z>;c`v*Z`{Js;<mYDO3XGQTFCYDPq=HUqLLJOv^`=QVcUlx|~FdoPA;X$0Iy--O^3^
zBEjfj;p=7^XUGKMn0;;%L(@vcQ3=fx;ro^MN+&KUk_+m0!jb`fN8eRbvFFt7AKC)=
z^Y#psaAYt)k}e!iRc8DUcfzpQbEW}BoTm2ZpnHVj8i%gqdj=Mb^g=R^w_=H$cL5*g
zKH0)Gog>W*sVoXtj`N0e2IJb&mV|OucSx^jfOz`Ib4W-?$Q|rM_Pzk>FX~|rzl1C#
z_itNU71)+@+6FGpFi4hbKUg$_qn?(J=UnUsYd_H~<X{7m;laBFQ{D%daN##gAsioj
zwT|=E3IulNny!tJQrpUEYc<y+Qo(P9fPn8aKa1hhjQo6AQbnZ8&HvvefWQ{WKG^?A
zZn?j^zI|9fT`NR^eeO$|ydOxHKq4d1#_;!b1_pmPxb9Z4UN!mBY=p65J%^j>VPJ);
zirbA;ar~B)cg$0{!Y6>)*gT8aA+;@nJrRnUxx`7uA)nF(JVn}jgqYU$97Pth)BaYU
z`tm27YW_QBb7v~#Gu+^_$AQpO&0{fP$*k%<^5MM&>F=(J)uft#l1oZ%xp8~RgqXCm
z2y@zc>%uSE?wz7L_<oF&P_g0^!y|*>i~Dl@4DvK#XnqX|=Xb1TL_wt0U*A6SKSHzz
z7UgGiUViJjMlKLuAi*pwEm;H|w_+xMN&XLHwA&LCn$Uc0ZSB~O|0y7n`cYk<W~jU_
zo=pwt0+X2-oW@I8S=pUQPhw)?A>cIAg6!xA_~n7ImDSat@`?%yuwZsG={jo0Q(@fm
z<G^{&m7#TfT;rof6L2Ycf!nwHaf1i!#cl!?PgOPzPV&i%Pn}=EPc+=MZEkM<XkY-%
z3z?X#cgMsK)&OnTe{^Jr|DSgK2Rxf8pn@8E$kR)KsO$qV;9y}#S6AKyScDb>OO=2D
zdsIG`<>BG^(es0ijK^#wH??y8;P{w@m67qSM#1QNuz-x)Fb_hSzu-j<<0r@A>F2=*
zs39j!KS)FZn;d%-2~Eu#oUv<{jEk5&r+#I+QYJ_0>fnIZh}hK@`-(}kE>E(y)@3~Q
z#VAKxPq0t9_`*MtqnouS)B-~`Tfw@hLiK}{j6pg0A291f?u90ra;kH^qvj{i*lFpy
zSR#c`9gF8B_qCqqA$#4Ux}=S+w|60xI?_f3{zIlo$@D^@XNP!%AG)e(OEB0&#K-}9
z!e2G)z*93cRlFu5B~)z2gTL?-y=sXAztio#?1$+IJ`Zw#ajq^f1LX1{b93`dk|Wl_
zi-XfsA}YY_#1s`HohBR16L~GoZZFqUBaBs&A8gNyFuu9BJM%42lOQ@K2|IZ%n+On_
zj~ndQp}t{29#600L5|pJ3f3zA08_*RL5w}_SQNOid%!_$_+-%pH1ICC=0EGlt9tbg
zt|wrnvn?(rMpM7hg{u>+X6sIya{=Dz1-7lgS)TxdNLa+EJ(PR*6%p9|1617SA>qP}
zEItD0NJ#?Hql!ESR&@^-$jxo7Si6eZ40L`1HxEEUu*jI+3pP(W@>Q8}{@Y8nn6B=H
zfJ9HAj|L4`hqxeXYRc5#-@h;61i83e>;g%rv>kzv&Ga7|Do?mVlw?G#tx`haebb}Q
zg7_~d_)Fpd0(?%(Ih4Pv5?wEknogEt_U#mj`R`GPg!*V|UI*Hz>nPO~`lRVyn20_j
z@{S!j?rx;E;Sey)y}tS3YqGTk*<fO@pHcV*p5(Y9c+9O-;1kmzDO7tIPnnwfnpu@-
zEJxh=>7$d7fm8FWb_DlkWUFKZ)KDa$o6!EQvxAM7Gbh)WtUf7=S($ZQvKZgs#+dB6
zqhgQ}Z=@Cr_lw6eTk(}X+f)g@Z_>FFPPfNv>TDLp`Bav{y6?fn%&Xg*n-?5<^_A0L
zAwl0L4F!{!7PROtNb~lvV2aGKGhj0UHzYiK?w4?JMuxBZ-HmG)ry0nh`+!1M(A3l<
zwRromh>-yj4oY%PL%0yHtPN1%kReP8<q;W=R;|rq(8J<H^VmD*s*c$vcMZVL(-C&6
zi;65)fwNw7d3`;8-S!uZTktc5?%PNV2)zJvHiD(q)=qo?UWG6O{xhU~3<>XpJ$PpW
zU}%cFivn|lL#LXxxwe*n3mBdwHw1Sexv4k9#Otnj`2AzqVSG)*Q8#B(mUjqo+WT?u
z#rHm$|H>`(^(P|XQTt1lAsj%&nnOd4@{xvd0+W->{mAPokFM~U?!7O|8KTVeQ20RB
z%=0BAnAIIh(%c(mUwI3pb~faCoWW!XcDg7M%%-DXs@{>Q9i>c?k<}P9VKhbNZS6Vd
zUCYD7RBd$-{I2AiA<P@U!rNy#jOuY+*f(4>4Z|B6>Ipbc03@iKY<909HlwzTC|N`=
z-X{3<g5zInM<{A{Hp+^J)UE8_0REsG$n4QObAk^?IP^3Fnk!&CfV&gG>CMB2ei^na
zcI6XJL$TnxV|Kmzlfq|*tw&&G;WIGj4sFH7A#oV&Z$}4OTSv!qrRB8xao`1rzeNhU
z$Y3CZBN>joFa%qTc}J(Gy$^mE3<mZD#;A(H+lvf6raIMZaIz#NbA)*VTT1dN0o9ZT
z@DOmpSI1s~w4VwlpDHq&+1PlK-&{Ii0zAL_m%N|B-PC}IS-feZuc``-STH#d9;bUg
zpyG<^eMWPo7z;{4Kur6nyis}ivxq5EZ5rwCQf(Pjbf(|P*^mUpzJ?AIH^ZX%@aoi<
zWZWWouSNrlDbezKe5ARu-skh?*}@xUef<3#3S1FXy-OQ~{9T^<HjD;EtmSZqWV!9$
z6c+Dei6!V*#Tzh)z@UY{PRgdeq$vnl2JL7%*de$-iX}SxYv7Wv6AC}ke03W+HscNT
z`ZS1_eJLhG$<@Kou@#Klj1n|)LM11}&{KnuN<oYNYq7#x9tnoVcRVhUt_XtxusPKP
zvRg7+xr>KK9XLjF9>;POd!@kf$bMKf|1(kx6#LfAAT-tBY#n)aR;X2>4A$dotw1z1
z{orBy0aEGqrSG}{jJ)!Gb2GDloe-*2*i&Ow4;UP{^4!iU<P;R|u+-XL`~~ao))oB)
z1qDUG<Tb0DDFZBY1yFVcPM#8wE1#_sl9Ii1{a>->)K^b(4Pc$tf{0awsuZdm6b_)^
z7zp;>Ft9MCp{8e_;}I6Cbo2U_w3Rqeh0=NO6CO}OYl%5vc|{)!i;LKzOmz5FyqM8U
zedQ^9+32qYZ($(Ve}qXytw1uSLSX+?^PW=X)Xj$I!kFlg4+iftcpIErLBhFfq|7E;
zgvw6NE#iEEWw_Fi136(y&_GY$V5=9=60U#m7(=~H2q?4X0u4tlBobtHLW$7WjI4R|
z_@M2B;hY=wM;v@v_M()Ql7ORo0x6k7*c&>!&+6u1>i+vBj|aP@P|t3R6tD&jVPWAg
zHxf-SW1_#f5pn{-kt|3FVyxWplkVYRm8balQ59f|J}~DB($7_8P7?8);sF+`&#cMb
zy8G#<M%bLE%-gqk4^h;bCGfOzUL7Nf0Xkz}RRhv{?UKS`-l^ZeNx=rW0&68>FD3}J
zxhbL^%hY{*_e(t{GKR6*Ef!wx#qC?9nl00sk1BNI*iq{HcLc>y{;BIo-!{oBL?*YE
z<t%MIsLQ}WR-n9v`)7RUq(1mP$E_{tcOzyCLyK42UH!0+clp!oeb1Kz-qTJ`(VxV)
z!{@KxUPYLs9rjC_#=HLyO<x%mRrkI<Gjw-%NJ=W*9V%VY3JOR_m%tfPX%M6Y=>`Eo
zN>UIIq*J=21Zkyt_dLJ<`@uD9=~~Y0v+Jt+KB?;6nwj`vf7!D-i2}9JUuWIZF;wl|
ze79B*-&c9BVE9{%A*iCapQZ!SlJM~F2N`yc6wQuW#V{|k#5l`3pZ>OnOa*5ok|wHD
z-e<dLIDks!2_BQ=jjm6EWJclX)pviOx4%{X{$QY=;UWFPQ&f2BQMPPgn#2bpN;9*$
zC?K$;Px3Lq0s;dEeq<U0r<eyQ7|!q<;M?ww0G;sDDPRtnU}0~aoE_Q}gM7~>sC26W
zeo+?vQxClXYA8at!C}0|zAy%qZ){(Ukwt&w2S}G>qrwm(0H|^6AHZDSD~>ryBkykn
z73yg~Zn9Wg8pZb+r0m}I7#OM^T@RSJ>ApHvwpRHwrg_I}GG}HhtiHX=XupTr@uAqe
zkiu<v9s}HsJrP?2WBUPOA~NcuQsfy7Y1tJC8;ygIw)QG7v0|~x`h(MMN!;KtN>jx8
z1i#*p!TY|-Q;au?s?F`G6mQGS<Q8(?)zB*awR!veTOKIp=*OkeNcG=y*4x{@ywmX$
ztz!Ytc0SEdIRNGrXiw_$wywGO9chvFV-^jW`=^0Zs{A6B68OxzZ!eAeHuH2opqV>}
z+>P#rsw*hyQdAx<bL~)=B4F6)0ky1fzF6SoH}jd+**hsH1po9Q1~s$5Rbt=KXm)uW
z7MA9P#l-A$`53NeWb}M|q!C0cqD361Jb`hj`5v$nyGZ3RCn(_V-Ma<!afi0F0PsJ4
z{Fo8-C)TeWKwL+gDqzWEaM7t-L-y=vP5*JW>Yl?qb5{8oJg>is56nCp{gXB`u+{hW
z?>zW@(et>zr9^{Boz_qKNJitH!%~CRk7SBz9AYE<#uqBCW*CW5KbjoaUv&L~(;Tjg
z_*hxrV6uLE?o}DRYX9$!pLGta)dd@=?jdejbTj>Jla}W@s-%GHgYDCJXi$rVYG#pz
z-7fp)?L>Gln;aW29jmX+FiG%?1G7ddLY=+Ri|VMhlpkyMU#Zn;e>(#S^Bs&~Eo3s~
zgrWUCDi428@kZiYy);APvtUI((~`+*u7N5FT4hh{e!SmAYp%J(v-v$g=_nR+tqpj5
z%@>Ixo|r1%hN0-(^JmYX$DoL4lZGxeDaob=P<UAouWcPXd}V(;B(<;1XW24Sz@+dV
ziG<bi=fFV;tYZF=t#Eqhb0d&Kc4-Gh=C9C%t_2+^8k+?EK>?VGV!$I_dQ5lxa*w5*
zgXgrgwEWb|1cv!&lRXqig@uCuuOD$Yy@DS&>l?p-l4D)4W59zfFqu}-GMN$TDYGs$
zWGBFdxd5>N*=&$}#LCJJlQ(*`HaOb)$Cp3;O;Hr7yq*dxn-jY2vM(#FQ95TBdn^fF
z@}N_XX9s_K*Wz>nt9gGo>Vuk4^Y6BE<3M<x5t`!?E9-iX12Zp%$pu?$ZDnjZ(ZMfW
zcP$9Wf!$bLFoE_`sUfjCE&5NRT+TE0>0fv0lA5_FlwpVH%F^$Zo^2<owVnh%jIb_m
zcvg(Ux!&TRXiX?1MM@1)RGzxxlb`6|RxsCksC<6K%yT8B$UiZdTtgyP=JVq?2jIak
zAk@1EbO|REmE9wVP0}pP1YvdW1qkFW<*z5$J*a^nc8*HL_>ZlDaE~)^iU&zq0FTSq
zdF1WweHsUhPM3Y)4h2@<1OXXH!`j;VIk4$n?CtG?hCj$0U;f=Q`vK4)NP;pQvLm|b
z!)|*Q{a*L#TI}C0EWY<obt<1td4*-uF>{~np$2o^2!aLuYz%s!sEB>8z&s(34M$K5
zQX6+*u7!Y_mhUP?p9|jAwGQ9hh)d1#I6V9QqAh##r=7Rm{?PpC$It(=JQh6+%Bo#w
zfFV5{$0XO5RmM>By|1sjK`v^P${G<i>UUP&JkSn{>OpTMZD~{|B(Jn5B%w~^HW60w
zT#EB$Wj-~mp@I?vvg1cE=x_5K)Nz=~wOQb+_}Ij4WmCx9P9Y@@6}*I<wN9JGf49g1
z7x;~zT=n_uWok>LvL01eXoK_Pku5^l`&6CC<-WJ=n^K7(6(?U0PNZOcyt&Su*ijr_
z7<T>JwF|YPTYjq~*m*J!6H7ctDJEvwj&7Cj`YHrEi9sqMl3x#7Cl<2e8HI*Ct`ah6
z`@TG3?_?1Xfnm3o>{3N78}2MW><<wsr=I$;D(jZJ4t(#s{+n4oMS%L!SOy$^lc;?6
zA`peW!R%Z=prfUgr2fQSq?OhDxfL_0QrF0+2t#M?k34K}aF7qtZ7pb`n2o9$Is)cM
zAVhO(!c2SyxLea-U}wtt9)6<|t4k5};^$EWnZEFAVoi3^B{U*wVxPxPRd2&^h*dX7
zx3;68Q=H`{Vk;T}df%?o;71)Z+w96`!lk(mrisR{-rJlhv##)3e^#}}#S_3}9f+gV
z>+>BdM*c*DdX?Dj<mQD_Q3X6U{v4M9jo^fJT;Ia#?-Im0RGynzsEpJNAMag`t_9s>
z;3U)&V<R0JRQEUY-S4bPL2)~49bX}|V!}Gvo_(wlt>#RYaQ|>u`Vp-mPrP35&vG0h
zsm;AFt+YlzjO;s`WzJv)TuCRSP%ZhYwkvJ9eJ;@DKHE}_iRQ>OAZ!p#&!h8$3SAu~
zb<}gIssSEZ-~90Ek9%8oHwXvB%K#AgWU>g9)qFz*;kQvmLQ@kHnO@F2z#jdNd1>2S
zUK|}AHTvs;I3KstWdQI$!>*A*z<+!KU3~!NZ}_mxKXW>$8$0^j7-<o~-rOh+h;J~7
zHlXa>cekOVQ2T#N6<smM_byJ1j;~vyY(h_km9pXMsUMtH;U=W!NJldJnm=_IgI@#C
zm1k9FH3v)UH!1HSNDt?}re1pe>}trxYYI!4J_vc!o?&sHBh57b5e$<sHV*lwyF)IB
z8SUcA$DY6FV!5fjKX1Ga78PZZQ9?_~meENzw1<G2H^>h<YuE3<`(6nH)+3a~3T4Lo
zyE<7!^p$t(ZoO3xFv);f&{G*%#BJT&uXGzF=rFEA479;qg7U5piwX5gpT^@g9?YH%
zb#5K24-!0CBuFpiFY61o;tDg)4doR=o2no+sm1DA!pfto0U5CbxuZTdDpW4>etQ}v
z6sg<>RM}P)W~arLp9g>$#Q_<15W9HXZ|ZamP{@7oSC*$$(6yuftD@a{6yXs<Qp;hk
zw1C({ml6{Qzuo)cs0TvN-<OO_4eE<O_?IonGK;={<OvF~Q>2GJk}`vZJk{OZt(rfY
z27~p+F$`3G{Fw4hKg0LWJk*qqV!fvz?KcSO5Fbrj_$<JuKDR&}=-By=)INSX$aR7u
z46O%D#N5A%rn4{^vv8>$5tm9gQ^&e*GxTkVy?+K5iR)DlW#&0+iZV=7k?0b|A`eF2
zgi(_aBQ@cdEe0|VxNxo5BcdoR%}w6tXQLrWsIWGF;3c@Fj$cCkyzrDD&BgG06bf+n
z0PWp>o2M|dRD?dnaCv^5)i?Z!w^WMY>K_d$)3)C_4z0KD!7B#M^W47!2S-b_QEW&T
zz01v|FCS0I+teehl&`hCKccHX%*8`g>ej!{5NW3GIGKAKR+-Iu(##@e6mC#d7S>0R
zB|EHP>*|=aqRs%pJQf8Ty|{(qrW$~k8-gmQK1sC-@^iEORt!W_CwjS{fN_ur7qkZo
zj13W^bQ+U()6aT!O-<pp(<w8&=ReX&jCTyozz+Bocyqof;Vi-iy!vDi>au6OHOU_}
z`S|5ebBe06WtH*rslVBj58$&LH74^PB`$%60MRr4yzE*##AYYeD2`nq<J6LF^gUd~
zgLkaBaxsFEv<H+R;$GJ}-3q=e31r_-!6|kDY>XBVz-{kp%cxbUG<xlo-!QjV@#G2B
zSJbSfxrzv0GS!td?HVoT%S9Axy^G1muuw8|wc0v<j8V66z{fYyz{e)UOx$e=9UM+%
z=I!m@YP^g8>&$%b>f>bchiACkBY)g<*;Of5IM)$*;l~&%QL^09#gBQg3`|K0TVQVJ
zdi5tHgR4Cc@l?IfFl;-yW^uzNh=-qJ?(ib><R#9@f>l2u;0GgSp1bik${d&D3_N*X
zw|LsFup)oJm5{G2cLILewvkRZL*WML<$PB`*5jni+-zLkbBgSk{Fyj+&)=}pr7kEg
zY%1wr5x&gdalG<zp8r)dK204+8d*r<Zd1J<QPITTtlTJ%U8RU-_msmaU8Q;hAI=%|
zSh{rhXuCLj1LYK?PESp#a&u>C+3A%}egr84tn>22tY=5--=*X(cWa+P4BVgR7(x4o
z{u4ZbmV*J1C{+G+;4jVCndP%6G5EZ;^ej+p(RVFkq$C=|T8aw`Cl3o<0M*q8OJSy{
z>H5ol+k;yWEG$y_^Ab!us7C4eSUL~?0J@e`K1k)y>cGoKm4^C(xKn(?B*}G6FC*Qn
z<&I#)%^?zw#sdW%Mq5pIdh;KG2--DkVqdSZoFjk~pC^R!*975Tw`kuABa3Abal6df
zy)6wew>KSWz9QAnEf3sm<-&dh%<^ZckR*rikJ`9NQPKMnshctuy2NH_iGe0&p9Li`
z28Q7&JqPY30Y9yqc(%}ly8H6Q3L@|lQff$ySCphIpkoKCNEYrY4I0mH(i7GJtU5A|
zSMNLv8JKI2rwUhOG^rQ5R-D(bw|EZWIv7=OB@LJX1Lu;e<CXMl);m6}#Ebt5`1o5W
z#p}Z3+OHm1PxD-S;5C>CZ{09(b=nT^ARzKt9TfB@4IUmRU109i#Yr5X6p2exUm0cZ
z{2&QSf#&rZ@vp^BgMiR_!TG^=^%F=4C)bJgy!c!ON@)iMOkcIJfxt*FnYMJz83<JE
zA01hO`2RL2$J%bKYW+JK0xEXfqNu0<{u-YL_xd!wgnPlScr_y<qf^JK)_R#EYJlP>
zT40Cg0eNOGTTgqyfoI$KhJ@`$?%E6J#S2?h&F&i@@mbN*imZUtxPfOljGKq&)Afc}
z`{Nt%omMzHp`CKq+uCAPAksYtN=9oXK`)9s^RGa8?=O#G88HWt6XernOjKWg1xn_O
zy}TJ2R0{Qeo?G&Q5GA8Gs5cM;<=j^>qxJ^UVA)-+Mcx&9+66W%^qbmEXaTmIZ!tm7
ze<Bf{k%71KwnUQTr7~6t(`)sIv1m&Hf{pEiq%A?D%ujLnc9as!x!g%pLMYBIrwpc}
zV7i!Wlr?&<k~0n@4!7|WNr-RCJnYGubl`b}XA)<6twB(Az{}CJ<wox5Bv|Q-Qv}JH
zdCd+TX?w$UjU$~Zr1e1~`}A!*@{3i$z6(1i5p3YOuBX#M*jYSZ3e4vQ<7^#6QcX!@
zK~dKs*y<{-(Bf2xeTt(mmi<0C0Y!r7q#`lJ0&z$ANXN52q)09C)O_x8xAWEYE+=)Y
z>i7J3S^rLuvJ@1WLP#dZ{XKjWuFif0D#4w9qozjIa}=64w7*YV{_Ux*n25+WKxK<x
znEba`)Sf@zNRNoXRI;Dsg$YvQ58j>+LzF$H=<OhB>Ikxs=1!vTKf_$XKHdeq=Y~a2
zu3Z{*(1=_USFo_i`UAqC5-sT#97#<@+SzS;sIxLbZU{KQWI!5YF!nk8>k9y51CuNi
zAnx21LBMCc4T|tY>g(z}D=e$T3JVITA8{l#=jO5qoz#+Iqu+qGAnv0KKJ&VZ6vtcG
zAk9)S-}=f2M}8?=!ehf+(r$<z*6}RW!brkxwcFeMB~4`~I`-N;GjW)jIJ=%^lK-*7
z(Y;Jr@|%{28ph9jstD!c3JA2V$7vu^{PgqWS@K9xp?aLwZT!<+dkHOOXXB5!jGRUe
zODSdM!59vXB*cuyeJ}M(V22oSgLuR?kE)N1T-;pg_oE$3I97_RN0(ec9y|}5%AC&W
z(@#VEbmg{en=f33J45a0Y%hZ3s*mkRIT0*4;c<C7Xhbcl6gA#exm<C|nv75>36*}*
zknd%Rpg(%>FrJ@{SG14Ps17{wo}@<v*#odozb0nlJ#gX9)Y!BlN<&rCZ=v!t182Mw
zn;9r1h-$cE>@yi6O)0kEIo`an@%$SIrSfC;2>|GwLM6e^$yxjY#J4?g@$mAMtYGdQ
z9t@}hHv~YH9Z0o&vJBH69tf&7g4N=bi%)^q_5syaB_)PlVk|i;OD5yr(2s06XzL|(
zIY*`|ApRib?&D8q!B~v;AW`)vS*LSme!e1_+yr)R7WD7SQl;-ky4|eEXg1zr(B<B<
zY0Fp6{vIB+vPVrI;mRolcmInzR%JOX(8%M8?4fTf&J&@`$&sM+^No&jAceHEa?p7Y
z!?s^d_B4kcEuMBXEV8e3lWD-Pb4x{E*~7e@$-W}j@9=9UjrwrxF7MYaHGTAugDBIM
z#+9myIYrjhpDYOWx(1a~H)|b}QL>(<JlT=_XFn#+dgdOI4@MX3rR!k-XncL8*Xs>`
zc>{e2D`LSAZ)Qv5@ESesEXra~Va6_E750~T`h|ODy($;+smK&t-0F-u7-rc-%daHq
zM1xVio)Y3%E@>^dIrp;t5h`yKpaS}#G?aV<MUQ0A`GA#?CFmZLC7RybrN$Ik=hFR#
z<TEffSHg4mbwQCAFzZd+dKrA2&aa_;2&!m(Vb(D3{@`1k!}#K>-I`v0lLi-y((kro
z5ww3OaKmjtri=4W^Y4#)4GZ38(c6IlSW2Og5C)7gS_OFY7`eJBK=-k6c6OG4l^B!}
zss%3sDi%v5b275ne!cf{4I~d`xIXRH81Q(30G^1Y+c%0YsPOI|Xu|$}+f*C|3~VXs
zy+hybtNGP*rI!6CAgaDm1q!pG<-pe02MuDxJHTZObPTns>GzphoMuWsh`;f@Tb5@A
zrK>fg@BDkLZ~|^ftwj<O=bZ43GNM$XZ}Z<_y3Q(_?n>Q7Dw4&h-;cP8nBh}c^DBWl
z#BKGvI271?hYULd11=sqIy`NGjot|_o;|o^Yh`~C=)05pPyuheNV0?eX^~x~*;!rT
zx;REhrkJD=kKY-2l<SWhwcY!rhsFrw1%}%Inm|nWW_U#nhq9}I;;x`t>~S>vfjz0U
z_E5Np9Tz=!lTe)ZjT^`ZPTpQG-CBU6?v0hKO7lrZ2oc-?YAE!)0a0>l0{pAFb@w;Z
z&B1FM=&Xw=&d|uHpNL*O=aHtSJGemR=XHk_fU0?UJS=C0Vg0Uag&2fj^j`|6vx5}t
zU(oKvv0^O{P*}MJuOA?k4Y46(8D6Qa-~+63F==d7iC+DwrbZX&c12}XRjE`I6j1u{
z@v+pzUI6frYo+{e;#yvV^2Yn1A(9h`JVj61e!e4$puHNQM#@1LKm2hT51%Y2wbxsO
zG;EMNoBc);fBZ!L|Az@Wi-*%<*yW{z!=XogFLA8iJt!nFnj?+e7ReMa!HE`Npyv@a
zy?A#YePBCcb%XbXiZAGY4rh&4|Mixa8(|>KZ&J$37mu#)NI*bi5nmG_JLlWNMAyc)
z=A%X<nvTAe2Vu3Fp+&q+447GuV~QW;C6W4(AcjtN{hij4d6`u+91s2AyMZgsnDqkz
z<ee&V*>s-2@L_#$RcxiUU;Q#f-NjRet=y)-BoQxqnEvUq2I^&;lLcOs=tra%5l|?H
zDk>`Y4>JJb_!EN1zvX3IOG-*A-MX?Q$(VMwC7A|$a>9>EfOR98`sdc!veD#CfoL50
zU1YcN3oXG@hu?Y~mpm$W>aWx<-LbH&IF0p8lfP3xtP;k|;}|2>j$*A=x0h6U_l4Dg
zgtmX?l8ucSBAD!0a=8OH5EO1PaE!UQj`0Xn*1TP`^qDi9d7%xDmdmT-@lrqOdY(5d
zozf|tyjs(7FI(qCndhb2LFRaLYYe}9$2qfO8Nsp3o4rvZc)L1&{47k(ov=be>4`SO
z3|j4;6sqC{10bKNI?&=lyxHf23>fL8*t~1kUkG@TS4gAs)B0On%+OI9)Br8fzvhrg
zQSKF5AI73TB0x$NtdtEtH2xsanl7n^wt`ShRkq3at%#1z1jiv^Zb=stwumlPvF|he
z$z<Xx$toQtE8u6VD3veu7`<Rlupn`>_#<hb{WG^MFEpz*#kq7M*z0<|)3Q{T{CzX%
z27CF&cvZ^EtkjGj3up7AXxBZ-*ggj^oIbj8mN!mexbOhsJLVS#GvmikzSCh=<(XZL
z1%3c}GrKHk43mm7tzwyihgc}1TY=*);kp#~&l#K>zsu(!jL^<49@K~|Tmn<duG#H+
zf<9Q)rN=6uN$!`P?HF4Bc@K4#sM{M>{0I=H$e!1B5Q6E@Y<(l)kUt}@FrxjYqAF=R
zw;%Jkn|)Q}A<~mBGB^b8xB+hu;<-5A@LwKC)qrU?MwLBdnAObYz5VHJSjc_zh2rt^
zjL}N$EBb;*pZR3O)_ZW(D@MP)ykZrS=8?(N_z74_1YaxcuK%P^SvgexEMEGkFByoD
zaWVjeV20+N_w!cG-vCPSCvI{#zSBDM)qg`!wNz}FTGp@r(X;&3wNKf4UsBlXb;>M3
zEYfyEpYv~QG`Hre8`^KGQIEIOj0sbch7FwZw!zmS;*?xkDIt^2>+#Im!ygR|p8A<G
z^L=b0oN0S2nLY;%c68`jZ|rZ2AXo~|pHU^IF)-L+RQ_GgcLW3GWlgOt+>B_+MY!8g
zpto&}&C8~fx>(>kZJ$@K6NVa77^)<bZ~|s~01DUQGr^?X5q-axIT1Cr?YV){*zBg{
z<2twePy?{i`&8<e19n5_TkcYvxt)ZMyBg_rP}=&+mrwhaXjk{~N_g;$a&alhN+s%?
zjgefYKLv<}N@eCPRuyc!L)G!k{mH7AtvdRvkdq!7>=!MaJ#QWSIv9qr9tba;r!HTA
zTptnT2^%r3qEX#E^hikGVXh+bq!2Tbe;WCB`y!mx*U(>_tk!yv5#RColieGo7{Yt6
z{zALEC?*lLv$Iq8S1ntHBS`~nmVHZy`?M4&b|DJ7dnsdwjw+!*Lpwe-Za{N3dWek9
zjvfzIggGg{{KuAiCVRL!<ukD5P2{aCUC<Amd{-m5v$pcdy~9Q>y)jetZi<?0?P(fG
zoJLoUY9GF8pFm%nRo^`Jn7HFXh|ZR_{V>sW{Pv8uL~*t`oL$;COmWA~<5Xq^^VEYy
z_U<DCc9y`7CW#xrsJ=by3sJ-<L9STy5;3P?N8y7A8E4|VeqGDD_n5SdYhV3y*+Vse
z`3Vg02+wH=3;xty5JhPX0PKV<`_-SOLYYwuDe_9A-=OBk*}+7_egtBknu&9>><F5q
zzNSk|8#9i>(tBJWtQpTuqvm%hjN$r|Z>8!x6Xi*iGAR$oCtL?JGp$Fza8=))ncT~c
zqv5{q%L<ejMEA2|&uoW=w`bgQc)O3464Ux@1XsJ}v3HlSZ3&|oR7#{6=&7P~(9J!V
z49j@r@XzLv93<4<ET@p;HX%^@k}g%IeTL63*n;E=HvGAEw3S>6+#B_3N#xJMU$*O@
zSLtB^ieK^gPW5w&*H+2ap4>nNSq0d}a}1>KIsK$Rc=vzHqI==!sLu#+jufc&`g{wz
z7nuryZgCH^f7k%V{THbFf#YPG&jB6fkf+|n3cyV<fV3Lq0u_wgdmlzy>fnai-nG1X
z;%cQSs$)#@2d>f2%=BhlwP?Ng7VEBW>R1~RbkVPR-5oAZ+!8YMN@J(|>!yxih>Mu)
z*!e%G?USU=nBR=;@?W_KIZl0@cjZ@!l|BRl)EW(cdYsTj`8ZglpKAWgZjWd6lwuK!
z@E7A@Ie{AUdffCR=4WkZ^szeLiqX3`>k<9<d)571G?Kq@IYjFB@84vBvR3isEdag}
zwSqQmc%VgM&u0`iq6}B;JUz*zjyZ<^H=q{kWsER$6^Sb#Q+g@DS&4P}2RQ|l)mT5_
zabMKDM05S;DmlC$5Rt7<d6Y5Yci>?72}*Ep3%H=ncg_?&vdNT|kL9h!3w{tZd2yDx
zdeHmLCb*q%E34EQ+)}q6iue1yh(7TiR<6FDn3rE9V8bCSErsij5(E=l7E*rfemEl>
z{p33hLhe#*PsqSD>*eLFA=6>J3}bwUlV~*1Qf8jlMphb?qduHP-_N)-L}x-;#i&mP
z!q+p~o>4$o5n+s11AVQfwTkt3y}x|pPkn&;aA`1G2Or?ye!K+#-^}mRD8)a=VkFSg
zp7#Tkj{g&sf2m1>3*iBZL%Qq-3|VKs1bY_S=C-rT560{{>kvFmM`dq^22tD}BVMEp
zjYyJDKNW*Ci#2hmhuARs8V59xuu+nD6B1(3Nq$S#qHl8gqQCxCcIJL#R!6Y_?AfcW
z%g25(E?yKX2<5wlC92*mBIz-^o1>OV9e=u?7YPqj^dj}KkTz2AxO{_7p>cnI?^ev*
zUW}$1+@pwbc&+c9Frlb>uB0^cv+Uw}m|(W?`5~Em2mhV}SStteDoJT+)E3Vx-h<G#
zV)-Oby=f)u`$3KkaY98FUcnCQ%m?5c4SQ0bHVMm-Xk_d^x~`_wMt=5X-EC63@cx!M
zg}>tLwzrRrG}gZ`47}rq(DUf(eb_{jcFj|0cz8fUWQ<=!;>d_oIuSE8ri{0(1J?_J
zxLVXSpx#Z47g`94;5J^eDnh93h}zZ3=b%O&#{L{;e8mxv*#o=Usqv7S9&)!PJ6OPy
zw{br4c>JHZbDQZ;q8CkaM7$sI!+@$nv4@TLD-Z+H6X0ggNdN@tJmqlvzC{M`6zDtF
z2pU1Y^5?<t@k1kHjuAYO%xZ!@Wi$sxI}MKPncyzO6&`SZuBLp1{A^1~-xMeqp8E}L
ztn;KO*=d%;PPcSYopd~S46mdCTl+mpf>D@`3r>2W7$02K{Nd$LGTKXNSj*?KTje~(
z6>(B}(R<Yg7NiW5oL|eeVq4f-O09aBg`bt5)~OHoW0CLt$$n*A?ee4%IwOwcHr&no
zU263Ry82<Ju;r!nyaE@1Df7|Rm*O?#jLxLH+)b$4jyL#J?TH|DOdB@%@o8zQk6zy^
zM{j13Q#A6RXZ=FcY%!2C_c^9p9eg{RUtyq9jPDRDf>fYEnjm=(b2pfkCquqz$mD4k
zMHdx9Cu8I$wqq8f10o>O?VmpS>G=(s6V^Q4892K(n5tj3XI|LiIyF8-@6UEIr@sbX
zMV?gDz&rBD9io_)<gxuvxaz*Pgt(w+Gd|ITj^$;EJqi7%jphR`R$$>D@Z1L&_{jiQ
z*qsJ)`eQXAYJAmpByg_E(;gIem}^q_-p86!Xt-AED<6Q=V|Fd!3x6mMxF@P9;$DBY
zW!*)K_-83Z>Y%u<iK~hb7(#2i;S_Yhv}nZ)35p-_sGrIdtYSaAx;L$JuRHX;!x9nG
zzd-m==e>?YnMyeU{Sig!FK+_qeySM2%jE9e;5MInpvw}i_w3~O<mZyIrt-bWw7MH^
zmIN>=e?=4UpV*)M>u{pM2k4UlY}hw=0}0=&@zX)7k7*YBy8cdrF;i&YlW^~0P5XZp
z=$yt~rs9-SZ#CFe{q>LQQna=<OR{^AxgE9H5&K{M?I$ZH)2wdW^I??R1{}1N2D?aa
zqcwY$EyR76Fb{ZhCt35I1$E0EyKG}_wQHKlO7Q*Pv-5HhV}N8oRTc|yr^vkUoVkbl
zWQZ4o>SZuCW@xANiJ$){ZsMqMb;`q#&tc7~<?&7tLBF5&mB%S;)hT}Qp{RRh9Gt}c
zgqI%g!FTo<EYOg5qN``5Rw&npGEi9Xbb94-!e98)04t^0HX4_^yS4s_8;6z8pN$!Y
zl2g#z<?p42Q}xi|HRgZviwMArJg?_~05eW2G9-}FQK^MwyF)d#o9kMz-Xl&6evsf0
z)eH}El)FNO%$hF)2Ge0!z`UN?&n=Ne<PH!Hwuy}FnkhXku*R?WM)rj6KJLwj61}d}
zmA!5HBZV#`^fKm83ju8WWjrObMmn@In%LGKR_^bQ37CYFSokZkj2A4+0V|>Ch%;Lr
zaRP_xVyX^lYijXQ;lFUyEV)^tOojolSi&n^@51B_>&Y(omK1dT(z^R@K9B5L;c4-_
z=7aDn?j%_cFkwJG=`KoAx&JWha7HgV%rV#t!i`lkq>~Ccg#6Lrn^0&)4W_#d2Ki|*
zSjAy8PvU4dsUlZ&IXe<F(H#F0&x~XK-=L`#!0DGs=5(Hq`fp)6ALh}zid1wA=tD;K
z!Zw!u?Fm0(aVB<skfWuvjL96>Qr0f8_9CxA_jQ0D{F5qCOzx3?L`)OoBEMT5<|k$w
zD?;qL_(m5(oULm%o|K|S3C?3nKPJA=AJ$-(Glt?2_ek{0T8o4IfCeKk{@Ym%-Xu~?
zq`2j#7-)|+@mjP)Ah9z=4tHu*qnaWHlXLrNt}Fk*f%l!#rjFZ7!kLB-W1sa*?l7xP
zvn>ZCh)lm-#`YEK_ST;eM{zVwB0D|8il0#ElL2b<93nCHXF%putwL?nhSfgaaJDLP
zSdMrgEaDMfE|(k(TqCEskHD5dZ#SVOW+QvTOFb?!={DcmjYdlJ!om~F6*HggO{NhS
zEe{$=+<1c6l>G9sa_sSU#As}tLiIYqYva<r;Ge?O_?Y?aDB-!+bsayL%?`qb$?N)2
zN5taga4iw#&f%P{4C*i~;<uY1E;|yFiwp%ZGk5O}R^0o8k({yB<BhK>r?kAu>@2IK
zdU%1`7fX>~@;<NU{D0^=>67($MugdOxQS<|+ebGki%qqLM_^xbJVXlmW5iWF6%RV4
zhsj$8lH<@(%DcT_3Uh(54AdGFy*zoZSaEjI)H+OsNv6KKF_5vT*lhJ!pWIXCr&|x+
ziU3>G-NtZtE5ZQYz>g7E7cBS-jL3NljA+QN#f2&$NIlzkHL~XRYE!P^^dta0%3+|u
z=1;Hu;8H#n$cDrE%Hr9ctOams?}d*%d%ZIwS`z216r~Q~Um{l&gucd90}v&Lm0lXx
zjmfl7t(@xl7f<DY$IF%Dd1s0R{)6W@%(kNhs$yN|%#Yi#XWHohUT9{X_$TV$Cr1U!
zd(p8&-GWfh)p)I+IxK@O8v*Nkq0RcF3w+}r4k5jIw6aeO>LgLi)PgZ%b-2A<#nw;5
zM&*d1CI-Gy0>3VYzF0$I{{`JO@kn}p3t{@wP-_}Ne3wU0iGHMX!j#{sF`J)LG?HO0
z*P1O;U^5$X<vh{|t!XBu-wf5^I{9}ZO#?=Z+L*)3nsmqvx(_gz`fn{Zw=Q!o?cInG
zhtQ)ley;fa5UVpL@gvPrvsWwPXK9fsqmc2zC5y;(!~OFlF$4J*q6loO^7C*-UkcMG
z7h8(13=2ei!Zo+u2{9uldwE+hG)#LI^BJ_sAy#MCdEq(o?3vO>y{<jaj#=fz<{dJ%
z#FPx$EVe#yMDfm4QRe$BA0uvCvT64pH5V<c{7I&tF#iV{wVFa1V|8)+A>detj=EjI
zFI4R(x($|j$yM<!$(oOrC|lF#;}S+FiI`#onY+z19am~zmJ<|GMq#J_L(2Fr7MiGs
zgUu@2j20qt+?gedpFK`krGuTWh@+%RSr^HDa2ZfNw<pMR;)+j;MO_}Ov;>2RXIH(p
z8@3koM?)=2EQpY<+KXE!P?{f38YLxx^?6zr7nVR<o>2XSG5MJki@QmVbQ4v7(yPQz
zC+%R%L=@VRf@5`Ae|z}b7i&S&PNLE#7UG{JVR<X}3yLt6RmGSA0Gjw801~SBsnij9
zM@HBNGgQr5OsU0P^y*TqbK0CppjYAUJB7m0PDs$2m|a-HTnnor6UIq~6~ar4wN8nq
zNWx&f@byC=8rZJWsD<paTs=~sbVK0tl;Z_-2sZ7QL3G%uM=sACJaGYE<vfV1{~z10
zVxpBk#)l53-^ffvm{n8RP8ylTj4-64>3CT@rNHBR%KaboJhBEtN-9e$*7E_#TA6M3
z3*}dW=;d;0_|RUMHdlywVF-s5(QLP^uZ+tK1K|V@=?V`m7I`eDNpgCpbvF)xKa0U#
znsdGwZ@Lg%_niq3smEM5GG4=AZ;S4!&j=Eg+03zgdXGB2qQ<cjT6WpQKWUa^7#%A6
zir{4VQN<jSmwuaJ6<r4g5|q9JgKRyOU{$Qd3w>N+A`Rr3X`hv?PYBVA{NJQPgtsdU
z2kCSxXw1p|Ipe=`wKYO@?gkG$d9A|SnV$TV$MHit5jMJvj2Ad&u$};=QfjLN)?`O+
z;dXiKBtH`5ryI{gVfS1b8%F$oClO5Q1UPPN?<wfI5l2OZs#`*T<-}{FOvmb4W(#Tq
z#bSbDMt(>9FrnCLQs6dZO_g~;&zbTyUn2}$!71~4KtJ%euE$sX{YFe6*m@xTAWMQ^
zXe~mUJwmZE!dqT;;sV`wo_{8b-=I`)nIAl}81(hB4<AH<4uyph5E$yP6U2k&rCmCn
zVG%k<J_t~TRwwV||0%=L@tH&;Hj7a=kt5p4H)H-Js$}U$ebnEjZh3=~nT~<N9)-TF
zEzRqM*{?_C5=`jO9^LS;yc8#R?7^_S`4tNX{h)smh5ClMkP<%Nwr;WG_+ecaa_~?>
znfG}p?;Jt)AU+c;(i|T6l+=^kffzT;RdTob4fL+$JH3`}+(hR8e&*}{ex|rnoik@;
zRL@aRqIgezsBzMpX5M|Zg?ImyoSZ|znN|WI(99UN-=r=;L97nnid~<R*A+PUos?$D
z3gr8+9{7QEhZR7VtaZnI7F-YCNE;_{TsbzszLg@6Tc2l4;|m=nq{lj(^@BR%-W`Y-
z1Rwje5I@Knu?OYkA$pbJy?Y^(dkWz^Xp5a|!3tfl$ckdSA#1@4iT^e&gHY}q+9>I>
zX;J!<GJ=x!E6WM1Ac1aCGJLvCr9gYO?i7x`@^}TyKzt2eyUusATnR-YB#cU?sYAh|
zt?EvLD~qxJhxddbip+@nGvj!u9g+R;=RLCLg0l)HLD*lj+e2<A6wY>y&d?Ek<eFRh
zW4RAB!k6}6kGrVVK73u)B9z>p(HF%8pu(SUaB1)7uyLDMP{SPvsx)6;IQZlT%`OoC
zd?e^(4jasUMEpKBVUqrJ#fJFXpd0#+b@1T(l^O@^)lAUgVob+ocuS4s@*MMiMA|KX
z_%aIr&@HQ@tOM-bQnXjr^%m-eG&(`l3H`8iQZ5>->an(KtW>mBLl0!D<I24cxms(W
zmY<gI<Y!X?x8Z>}L-hsH-I>27v={ED1S7dTw-cn6!Meoj1`Dvj`WwmQ^0%m?d7K2D
z08NO2mj4SLLFxiVZdXVcKmoFKB%~f_wx2m!%4H(E4XwVu%fNCxR5p3Q(V3O@lh4DZ
zE^fvJ_t3>ae#!t1PW2Q05iI*5PO2=$U;HQ+-(MDVkADm8Xrajk67HHYStjxpQ=bhU
zBSmXAH+r_n^Sb7k&83*yqS%%*3D3e5``$r3)WWs7j~+&3AA{Cp9b94^mc(3%1F|o{
zevU>t4^q|Hk8q9tVJGN_hhq}xL!l9+?ZG1sN?(h@b(l<uB1;)R-7996^1zLBYzyJN
zBgUor*5owbBNlnAFlB<)R1;FBKWQxgKTD?jpyb4r<5^dR40U}B0(M;;V-NjwS?=0|
z#i8MIvrCFI>9~=L2U7c9vMjfy1{-WxY~x`&J%3{q0KW|$T+X0dKK3Bid^Te5H9~YZ
zM-@pZRT0FZ#qleYml4aB3jQ^YY8wR||DZtJw9qZXa<4WLt`yw6xNoAbV29Oz;H`vf
zB<<=>LCfDnK#)3*nL7Xx0uVbwZ-NzBO8BYSy>F*KvGK2CW6~$?N9DGx^WQ7-9vU-y
zn}j^Nq2*zAtO!OPs{&A$?D|{JT6_4l#7pXy{^K0oj8gd7>a&Ymx6_4=lG093x&|_n
zzY^8n@N28q<8a0-o_sImFF_I3YyXzZw2>ZPIwF-5cnwE32$2v63yx(x7GW`(U9yHN
zWh@r18bZ@qTl+nr8LJ_vakvHu2yS|HY+_^tVJ-&ZpY1ILcg-P%#%G5m_SJExB!qK)
zFtv)p4p+^rTh1u47YM0E1wx+RN~&iJ%g^crhk1D<RJ#z)N2X5%x7w1LbMNkWNMnmL
z*$#f@Ya>vBlrXyMH%i=sa<MJnF~$`*nbc}p58Rb57anX)(Z}Nc<o1+F#|r1_&!qiv
z^)MbVpbi?5Se6){aJ#Zo`-5rP@34G2$69_U5gl?uivGxs+42UXkxgp3_I@XpJWrC6
zjXF|Rf`GM#TB{h%C>XqY^4oG$4}2T#F`GPCVVqAOu*5`uK(8s~q*19e7ntQGpX>Qv
zM_^Um^+jBP_32w|bw^h{j2NnG+Mehj0)WG>H}-QD+G*bwnX1Pcf&-fh=lAB<tOSL^
zK(I&NN#+z6FE|oQRD#j@DPgR~P7<F<>#hapVW^0WVd{D+p+Kv*&?7q}!4leYHYi6M
zQ&pP)H%#IdowjVdO&Rlz@@Uo4r)0f~KmIJH0b%Z^tsN_S9m5_-E4j&EFGESN=&?pO
z?href;acrEoV7B#vI?!g5b;FA%Ne6t_WEM&(WG0b8S%vzA%aNe2GxZqV(kE^lP6<)
zb_OEi>pAip)7W)igp)U(tGgVOkcm-XJKh#&(7F0eQy>aihsl|k>vkkCDt?{{0O^SH
zIb(BRIg3L@L|qLn4&4SDIR1U{x50%J1}-G??NERJ*@cLXVTIX%hyc3a_uaGPfVPr%
zmQQr1r{S0x;oN=v4Jp`zXsKGQM({pIqie&XI&$1Vo0f$=%usNE3>^GC+ij(BlGW?^
z&~Vk@p`3MrvgwF4SBmNvTB&UWs&m+mS~_eUWS7ge8J#$=QggVoI}iT%Qlt*7c!4ll
zIee!g(Ux)ZRuym?RXNm>-7J;FOrzVr$=`=J-RZD;iAm^`7kEUhyK+3{@$5?}&wxiQ
zGK53{PO6QO2c__s1oAGWlRX&q>?E*nUdF@@VBBg5Alhr21Tc`<p)B~x8iHDsAE}l-
z`_$U!`TD<;x-aC31B@#RB@rXP<7j&|et{_A6Ky)|2Y&<`KWoSc&bfTu#E=bQ<dRcn
zwK-EsHnMRk@GKAC*R$1OhaX|0k=b?24yC*29NAxvLaHCWCa$B^q{9uDF4`yT4*W|=
zmWQ%e97`}aj}@5{<x8g&jdc*=s^FcbIPZI3k7wZfYI49rHQ_aN|6PgHo8&<I%_?>h
zaK=+bPz@Da-h+q&jt~n(6wJ{#k5<ug?k7#}V=XRC)QmL;av{cOgA&mnC4E#IFZc}~
z!h^c%?~MF8rx}aT1RJ&kP+a`?RGsAyBEqTI(gQ1=CS`{LU2kI{!6at1D-7_0S$WTV
z>Z#q%1H9pUxkqwW@!h>68p*Wpl1Tzw=7g;~zjTB^qql5Ub)&LQPNs}F7ryF)`RZ?K
zK$w|d+1Fhztb7A0<%ONug`15+>JU886w?#T<`U8CF2W@9*Zpvt;5;FN(ioJ^!8Vj{
z<<}z-s-6Cwj(*-}<#P>2-;qF<m6;XJt|i(1+<~<%LGX&|Nhuj-230QA@iWKK`!}ZG
z=x@JP+w!hL*5#5u)tA9HYXdCX=io&Wz<HUERkoa;DzAIXGj1%Dgg_%}QD6#DX;5oz
z0%ft2&BIm4Th%gkLvh^3wR3x=!<p@qTf3<xSaGE@2&h_}-FB)6Smvx^TL_BRyneXH
zC}v$zDBK!T+vN~?wpkV2`g_Gu5-o0xIaxDzYAa`WF!W(=*xawM!A-R$eyqh#GA_*@
zv~Xdd*;D_eN*IOw&fX~7i!cP@dRch?3`G>wXQE@tbKl`%7|~H_+9$-bh>iX6yGmBU
z;ZAsdsKoxl{F`bslBf}B7tD;_L6|t<Mb?Adh0lmj7vse5>2j8iWKPW5UK=OLPu4|o
zeoeH9aiRLpQ@Ie_kC<>mUnXMW{GULZ1_WB63JC}hlnV_imtqE!TRvA;GQL0Itjnu(
z!7KW!ay>*$`aG+A+6|V2B_{~sWMf8WGh|w<e9y_U%@CFWJzCs;?%a1Y0|wsY^&j@}
zl=&9QSYk@mF7U=En`LuCS49$A%{!#E?zxZDL*mz#T_vpz*gK5w$K3=uTqq=>18r@K
z75eXFdX=+cW@>qMlhb{*^8dpG6ZB<$U1}nKEAuPW@msDK5`?gQ*Zy_XXWKuaa44&k
zz>#*7h)i3*yBuFz(nM*6Q7(s@pcAHeKfVcf(B>oJir(`}ic*6Ijjh)&Vl&#@rDp1j
z%4m%k^8cyJKksZ7+$|nigPb(--vZ|AQV}w;7DL+`3G(ns%jz^R$3HsaWWrDBE91NH
z;=S-fR^M+%r+&Zm9Jsf~v^k-W(}vr)_n36eS?F4H8G>9akZ0HAk?Z2tr{+0MM6Nrq
zW%sc7dj*K|uHY+@j+_-_oL6rg-UGI7-u66IBnMkS5Fu$gzG)@I*qp4WULf3<MQC!(
zO0Ug>F6K)gscOWU3fBKq6rn#p*w%L-xkmSee@&gL6jz-S8dq0`b?iX}Z(HR(aTa|T
zIY2aXeLZ#w?d3=Ozwm7VZj(bmLhtXmr>R;HB165WHMe|j&>t^wld{c0$e>H2gVIx!
z$_}V3JtPr2{D~-nNzX$m%}41)nVP4klKd!v66S7tI4WlJyTWg36QiuZkIZd{+3OGE
zef-Al!y$%-@|nM6)o1xR2YvjA2n%%#k{vDmm$4S*+_=KFPcM7*ULbR+>Y&Bo!n#=9
zIBJ-+Gsj`g*3!!5=SX;`P$s&XqUq)4Qy44^k}{HSbPy6joHTYuD(jR?jI0xc^d!Kt
zd(plOgiAhSrB@;2iv7qoXbiN+HR%Y{@t%lInUzQqxqf%{h}$IKxG^R{xYnUb{<-Y0
zqSrUR*|PZb3p7D3<F89=a`X4!k4U{H-bfs`W|Sa6GR?}!DK)Hd_6=o*_08e~!vR7W
z580YjZ(<&X$@tipKULmxQ*f!kH7XW1Qrz-Zj$P~4^SzG)wAaqJ`nYy_Mw?4fO^MyA
z=PWr_%sP)Tm5siAQWay^^$xJKUU}7#!nEzChw1vuqNDoz%9^S<e#<4-y9Vb6NMG}g
z51%{Iwh#T_wz#BZvR1pBS;5gT9*6;_{)&WM^6i)9dy?A3_YIWlRv(<j{|OtO#V16X
zaJ&Zi>>}CVjq=mROhOZ7;fX>*xUn#y`ta{<hkM|{%l@w-WrdC8)Nn<XIB2C0kGMRt
zo`&SnzcKfGjJ^+_J1^Zq52i80&1Y7b*}yd+>5vZK`O#I3fYn_ZDK$XA1$dz?4;XR7
zG3S=|4SKd7p5v%5Hi8l6^^4_AymL4(|AqA#3J<~<j9^vf1gR_p^)akbE}m1o9p}iM
zHHA*M9b%Ei=x|f*h#dfS4~@P5wA56;51u@RHQ-T;$(WP(uJ(D8GVw47?iuamk~|Q%
zrGT*s<nC83E&1a@T6^4@@wBoMe~)X_hn!>(Pt|ih7EY*7v7git^(xdIN@3Suqgz?r
zxw0g>dWr*HPhE$Gmpit-;`QZ;&nulu&G2$tgi4|b3eI(I-3Rngl87m?q#S$6$}6)z
z3W?QCNz9yRNpj<6Pxf`e(Y{<8zGz9{8hpb-*IvxK{uI&>Jo;+iY3?udqmT*>cK>o(
zvHcpW??s%Ft(a1Squ)SdcVPKf%ic&-oNM{vQ1~4?Y<g}#3#l3=IrtP`l&He7y6wcN
zR0Db+9jRqheYr$6P1>!fHIBi{xg$2$TV7}5gnk}&rXCfsx^~zgKcZd$i`Fr?`((!E
zN3aKH9ds0McfCL7EKd3E9Z2n*g+qQ;UdIA+G^(m2YX)oRIVLBue3_17>RZe}JzQq;
zufM9hSatIx?a+1Z6RP*`{%;Yq1Fc$hQ+L~ej$6J=dn6?u*@zZBd=k8}Hikx$IKmND
zOgQ$J>L1z;QsG~m99&>g@t@RK*vRkPZ#j^TrwdhmEB?Spv^9-C2~6I@70q)lRbJPP
z8n&Foy`tHN1X-1omL~__SGk~o`kBFwVHSplLU+@GO@gAi>8jC9zpgF|pP@409aer~
zSn48q%nw5*tmm!jL6N(PQT-xWaLQY%vo5nrChhmIhhO;GJdT&9r@AR&CbSMNv`}C`
zFS>di_MD&yr=6}rDck*Nv>sZ`xt;jNEaECN`B+%22$1oR%7}NWSb<a4eTK9sg+*G{
zVC&N|f4aP`n44VbL=T`{t^eU5PEKnsIeo_YX>+QR7YC(=Eo$szUpkH3aTi|Vcp44!
z<Nu+P4W|s*=sCM)vLrg#g+wNFO?j{w17v3I9!h@|K0}ybS|Nj9E)XPE(!5Ju#A%TI
z{7UQN1mfPG!txWpPz~3J6tlRyt@AWjLCbTuFuHcUqIY1Xq;KFV{2Ofq@~|Ige1g9)
zNpbdNag&)i;&qKrx|WxSrlYLTa`vlxMr!`KI5>SVHPWQ4e#U*S04cuOuZtK&zxwz1
zLT)M^{msFd3%2nfhH(&e<~SyRNKOA=%mfIjcs%%d6Jbj58ZvKml;R9%`JrxFDACIg
z6TdKg;_t7{Z$wKB7F>BJw9GTkO&?iJFz~SV2@qjo<^yluq!j!bUFEa9?X74ZMUcbh
zwU!65N+G%LGuzJXaigCfHr1SNq9c?IXQHs;^7U#tiAMfT*#!?i07PX>D7r_dJHLt1
z<cK8Uty1fK-$VF_Ppzl0%I_CiUa>F|3}qF^2sdQgT4LM#`sILR;Uaq_lbGh@vH74Y
z^2R@%_3@i^XiPVWtf6AEq_@)kY+AhU`W71C=8!&vcwDGDPpE2nXi$f|`Y+tZ1^$@;
z`6d>k#kV-}E^gDfRwxtB6C0r1Cut9h;x<?N$jLDzyok@1tdPHNVF5Qj{`_^d64|2Q
zwZe_CQV9(+OXNY*Ijfr|MRuKZSsaBn5wSknLDy~Gzu{N!aS|4L9&Zr^9C+%OBi13v
z<buXx@a9zCpm}Nnc6BVv6VIEdcc&EZBaWQbq5X34FfyV)Zn$$T&$DXQT{3l;j(oyd
zMgHXbiHy%|*KK@VPa=b-(@VNo>{{GXhn1pl9WxFm;*=>I%h9)L$2XHUouuu7*rRO(
z#7-vYACIWTQ^_)Q(3><d9(gm?MSeek&Rbk1v+Q-Kt$8!#b>sf}R{|RdGk*>xeSCej
z-);pOswM{Gex?kmr<ANo6Awl2>#y4CA<Mwcdyu!6KE6`rd>9p`ED!6Si?6ufy?NBD
z{}LL`m@!Tt@J73wLMx=g{I_R;wQEW6@cfPi!!u7dyU~ilJ^YKXFjmuD=orG}8}ma=
z=0|Jtz(qze!L{jRTuM#Tj?i_7!mkE*GlpPvZN-eDaYivK&N#%2(Gxl<?`mgldU0p#
zCvg~HAI}Ix6tA|lJ4F5^)nxZR!I=7y&lNeRv6$Az+WklsC7saE;$}CI$ihfV@g=hu
zFOu)SVb^Q4(3)ZX`n@0kigLHzs8vOxSn30?l;JRw8h_^tJC6;kd>#E{#V`Nt)MMWX
z#<n3+-r_C498Q+F7LB^AO#4y^L;c2ecIpEzQx_ib;&f*_hmobXCNnE(JWilp&X~R;
z&p|(Fzu)a#WwQ6D=Ru7y36G2xwD&16C=2hdKau*6EmNEO`2>(8H6pP;xOb_Tyv%TE
zWb?Twctx+W)u;gD14MTMBBq`7!sM$wL@qad;}>XY{l~21V>UMiKC?nn#-mZmxO{c>
z^W6Gx2myJX_|F3JnWAO$g*pua@_O#-VOM9|>6c;wYNheAM5iWhCfm0|?|k4?S9#a}
z=JZ|ZMG*5X)NN3P{=utxq&j|+DZw5xpyU+iz)!|i+(JBGJ*3qZp(7|PyN`$ReEsRc
z27n<4_}fZ0RE7dCJiP+l6ip?SpW>_=s<Bi_Miu<ZMqTX>^95cPi>!STP1LK}Xwixn
zxVcm9@8Ub;KT198a>dxV=BF7cBm(PsF}w8Ci0BOz9kH`@oE8%-<fbhDx3YLIth|)|
z#ZyVwfpJ?&{y8$)DVL&3WmRseUNlC^_vvLXg@zdHUL{K2;XJtLfQKnA?|jMcJtV1|
z%DBN<C1<uI@{1yLF6<4@FUe6DP0M)$?@Kz`@12W7vKQzV7K$7r-BKI&)J(2eBHxVa
z2Up5LpJmiwjq4nmZkg9aJ5^n5DG5||JA<vCY#MUf5P839R|MuTvM14j0}6=$Q(=^J
z9jWXp!BCC+OgzaF_oJ<o?-I*@Ha#l4TF3lOvvtr*#QtM>u+Cjo_veHY5z24qDN&l#
zljDYJ0$QB$EnZ+CGh{6ul=qgrgw$*Z1g{B6nRAWV3AjDqHMWtStq*tbfj4!x5I;;>
z?d6&Dbg~h#I3%#Re>D2`@53!wf%JHIfAr>xz7|h>xG~-*40LtF$7gOqH?)n{5<JtA
z`_7uJ=ac!Bo74A(5DLBcKXnC&?%woTkdWWWJy>GW<&6%wc{M*pFV1xEGaBkxarTUx
z%Z~nIH}2jh{&4FlP9fh%Gxcpl8-aKkm+2Q}PF{1h^7<B+B*Y&8lUTcD5$ZnQYW+p7
zTa~aFGL5%Vw9h<KPj4QGab+nWf|&T9f}S5by%y26rxMFUG1N&`YD#4_5dszwbs!~J
zMM5hrmYFN;;`;hnl~8X)*vUh6TlbQ<{ji-gEnlzig0UHd<8K@e!i$t15uIorco<yN
zZ781w3xKk`0IIWXkLK{NR_`dVzuUUp(~k?-G922G_vre|%DmCDT!X2N|Ht@uaM*p#
zF3FmBJ#VCSQn&iuM|E%B{}UCdKtt~FBB4s>*6;NB?{To-Oz}X@pOwXDiK!Kz%#lPp
z4`>7wZ0L<E#^#>Zv@ARP_J#Qg)?Z-<+_L0|!tShn&0hKvN6SHYw~%zgk*Zrj9wux-
zltq4f<|41-hMt$*j_LDMPW%f-P%yDxIAUkQbL*`>3lfHs{vv5bn({j+VxQd(qs~_*
z6tnWu>_I^PTJeuRP72<h(6C>MGE4B%X;v}<&4AQ6Ff#13hc({^?C~_-l|Eddmv~_v
z1vI0*Ej#?nUv9fC)x(Rz*9lnefkT)C!9Ilj<|lQ_?G0JSgcTZFkxtozMQc*#Nlr!d
zHxlAEWAD{V0{+2eZkB0;KOX--p3XWbtM>c)ba!`mhe&sWbT^1}NJ?|an=T1a=`IQB
zZcsoPk?!tpcn{Baey=nB>p17WVz0IKwLeXVAG`xs>l=2uA`^g7lJL82|4H4-*o!?4
zV^U^a7>fg#{+&XFbTN4E)tT#ZX5<Y#Dtl2bABO642e9=X3b(4LBw8Kq&{z@1fDPIj
zL1{m_j~th(9l8-WZ)OFmbvB6iZ_n5rR1_Xd9Kn5t@vl^t*OIB7jHQk`4$87{2<!(!
z$Y1Gt9^##s1E>m~Ve&b`iz{Jfz(>uxf$*W42-0pOGElEQLhk0|#>~y&>5G$=OBkFy
zWJ$?M9fwvOBVI7rLO1lWN(`G~hKU5kQ_ixO|NAg+<Ai~Ns*?fJH>QF7_mB8^Gv}R-
z`fivm=Q=Ib{RbQZDQuT}B%J{ia8_H*b@=*CEs6+0p3ACPZ73|K9IYb^Q@|Je)14mq
z?{|uXs+95t#f1jVYVV>I$qn5x__rJwfNClH@gr(tmVClPBosEq67<@)yH!<6gq^xx
zPCTh1ZOP=X=qm4dpu{sU7~i>xvYf-lLDffziaPyQLePTh0G$8)-EHDyAdCuWr~H&!
zEkGsi3Z?i}P`!jNaVC{^Yw(3?Z)eP$qaChj;!AI43VA?At0|THeOe)?xamM74_hxP
z9Qwg<2UYjy&**ITUZ;29%BS$U>=-aKe-`c@w1A<*g8t2pOcH{a_8AJggnFIt2G;B;
zbh4F38TrEh4yD?Wz`PNrQ4DtEF<{{W_^^6tvWs2Ez_rf(6*U|@5I-==ip!b(eJ1la
zEz3cuql8`?^SctgY&R0l?r1c{<nk6NWQ7#@)_W_rwX;frsdC-9gZT@B%b%-mxga6Y
zOV|tQRMu5jL5nRoCN(kzdbiq`p123_e(e^h+Li5mA1fBB4`b{h>N0WVl12$gZB43y
z!^GHeaB*_L7-oFy)gT!E_yQfDL2XOn4(}+7yNdba()}XY12*WMW%U8GN2?kkp*Vg^
zmGty-Mxq;uXY;&nHj*ogb*2VR!8WvSoFUSyLqaFA4!O&rvvBrX+?t*<e;_8?t={R`
z4p7Wu)_LdNw3dmj;w2+74=8opD+j&NPJ)VK%)9D+Dd~d7%7$7a7Ag(sgbXXHi2DWK
zVjUa6u0c+^bW(%eTfuaUO0O*E4>6RA6plbPAx1H3Tr`}1Gy{}u{yJ;spVt89A|&gD
z-tyAPO*!b{1^PH%JU8%4WSTP*KDCfSk=P)SB}F|$461(*_OukZ;)+X0nEJJMDpzD=
z94P#CR+`XT2_0;E?)scyo7-t=b?Y$CN?V4)_K61pnwJtvccchoKUcu9`{7ywMOQTv
ze3C~p71h@@9+VU?UcGuzza<I1?h5@9NaITZx}!9Vpbqd}>f#JUjE&k*y1$dLfu%Y^
zjs?eWI2D@nX#+`&rJ~@CS*FXvj%=7sD4?bK1QIV!{P&F9Eysv|em|fx<R%qpLl<+W
z6@YsGl?>c%m%r_>6zTA`f`}NkP?(33D2i<@!K!h<2N6u>D<yMtwM$t~LXNr^{-p&X
zoW*Y`D2;^~W<w>_6N5>`YfFkg>R`{Cd!>JfDS3d^6|qCE+n<lYh1m!f%i%OE-FrV9
z0lw6PAR>n#<&O-w_j|ov(N!fkA@zbH*;xtTYXiiaGwjdP#?b>%bx?S4m1+Ec5eAPJ
zuv%#wW~FI{=F!MjVCiglpmCB%!5^48e}NdcWkrqOL2JRCi!@m9rQqcEk1^<%0Ei|+
zJ2Zgpw}aZ1i0nj}FZ%9k({dj}0HeoAnR@XN*1x`Z?WP5~hR7`yp(PkzeGl!_r`@H=
zxI~MgTbCz^1bPT>iC6r;tN*`zLsXgpMw+2#!8l@mt2TJcOoDSWM@=O{h9&g=7Xg@9
z2Mbff7HNFx6?w#QIVaMKNUjARRs#sj-a#^hDhaT|ooGmjpDG#3J?pqU=M<UfieLr%
zyOsd@mEYU+DFpE2G!t7n5A$KG+=m473=p<^IG8%NG-*O3VO_Wr2egz*PZw5oFB1K0
zAD0RtxjWse2&D=`l2U#dCA5`yoeY~RmldYV@la94WAYAG-taK{4;ntPSwO-J*SNkk
zItsb&>M>zxk!w|iso5I@B5jhVmiW~=XvD_8<IQEA>8ud%ExpyDPocHn)(D|!nqlTQ
z@rc0N4J&H(laK}eZ}sooc*eiOE>2sAUUxtx7(os+OJ~D8p1%Z<Qb=7iSlOE16Bk5$
zq7vjqREi^*9I&UWx`k5&$~(iXetme8&;e6<DY-UC<W77#;HG2+zPD0JgE{&>PR|o<
ztxb`?Or2ZGio?ux*Rr}XPC=EMgdYe<{c^~>UX^+~9nn)9i452E(vBM2l&)!=)s9di
zijT)@A8={>a)DR9PukMCYO<OHXl&J7zz0LEwnzolC5Oyd!xh8<){(@pC9rp8ADKQ6
zY+OMJ14Yr!7_2UT0_ffvW0?2oOf!oDGP54!E2rd9iECOy02@UWX%G5}RJA31Qwz&&
zfaxtgPRX?4E{bxFy2I*)xA~2?#t+5N{0}(D%r$if+g(&`&MZwD0U>aQn+Ls|kk>Xl
z@z>_QW_c!<0l*A7wiD-gAGgHtEvo(%I!-;w?q^LZn4G0roOw}Juzf7Z?h?Nmtph8t
zCd@QDjqp(D>6*p-i3SJzNaGCz?iVQe_rklMIQ+N@QIJlcaqLYS5#SU`Y>}?wPGS1&
z@{f<9q6)AHrvjW{TsCMoUsj_W&2OF}Btg%%?C;A1fPR`lzZQrqchE-;ZP$y(;n)l7
zcE+h_&hZrMFC!=$R7foF6Ktx;O&k(7^AL^u!VLbLVy!ngsEx^O^q~;gx$sP(l+|g;
zNZmisUguB(5%__*VD*FZ?ed*%vL+SiLkn6Ym8oY6BN+b{=t`XAI|;@9&b!q`$T<~`
z64U|cJ@CU|wl4+Npo2SUH~+Q$!;}X>Q|ys_tg9&yJ62gdG_Mj3ydlBB__Y<c?Vjkf
zu0PC0wXy|C0K5n!5s#@fLxlWH{SAr!9e(wurTP7lgeHQz9(3Ck;wq?J^agyOX_CTG
zNdr5DWK#Y~=h6G)G1Tp??Ut^&H|+wxt51xffywIJ8?LbKrU_Y%*|1{IxTiNC$1riL
za%!3NkJ3jr_QE)@>Ywj7*;pb^r`YT<yx*IhHh(_riuGesIWRWog*9te!mhJx^mx2d
z6_#<>hVi?V3nHURmHIIunf)E{t0sKa0($FMf|3(~u{48*MU<(!-9cN|{5wK`DdYO|
z34GpQ!wGZKJ|cz+>QGJ#V2(%>mXnU7ojBgIRioxo3yGgyQq!L04RREgU<H@s9R`Gb
zrB}>F;G4V|vQhW$>U$mvCC;2(RI?$kNi=(Buz^HhG@;TER#F4oprz3YP%up6lL<O~
zP>G}7L5r$`s`FMDDk#r@$^pO^bbhnY7|Msulyi~+)J2O#i#J=WA8ge|5wf1s`;38H
zUMuejd<GBb0J)cdG=c}rcKnXh)<c3EbG&M6jsV0|l4y_2a;DTVRI+7NtIR)g=0oUs
z&{446YwTE+CP+X(wu>s_<9}I9oq^9d16@ccB}XyppO@_R3ycKd=g`8bXtLr-JC+nx
zN|=PyNjt4dMPwxUa9Krr)nSXnoo-{(A5RlKS#>-@{eB!@#S%qZYAnN`L<t4zcD1`_
z0W>Wh_JZE#Du>Fpi&3M|u&*vz7pw`boLlV?k|()wwC<nN3M=L6IQa>2N%h_kQ2PGl
zrSi;I*hyBP`%H=kFiX%KsZ~LbAHddOK0`u&tf*I82rgggz(Ksa=Vs6o4yC<6P)Z%)
z%FN~LrJ$$B4ope0hYM0`<o&fA1aj*n>iTACtx_d}c4^78tTXE?k8T{=#uTl79r4Ep
zfpNb`{5Vr66nA{k;nVMGax&ybPW<HfIM)7-{8n_B4}$=JPC?tuDC_k5`-+r@*}=(+
zb+<EmB&_PLQXvxqCv&xF?F2gkL8t4}MxDF?H`xLzqvqPBg|uZD#glA=po4bGYMm$k
zhhs@C!&uc~>An4s;wteD?sivK&-~oVc$Q2qn2H2S_@wra@w<k8Zi0yMhj@RO&Q+uO
zqaIB8+e{My*oVM|fH+IPLZ~DKI(|CMAO#@|(?G5p?(_>L{0J}gq&hMkIi7B8le5b!
zX&qCU)oV^<g=ff+7%dYiPw2PGPYkPGqO9jTe}u`1g;VqlB0Ykr=hy6Vxt6@m`e%?L
zYs<GXj>erOey)k`D=shvvShA?15qJXP$y7p|D4+Zmdv_EN5{gR-P1Tu(v>Q$$!~ID
zdS;v>p;weKJGEcZDe|>Zu>bjS#b!-i+i^A*gWWQ+hFKIV66p;@5LE{{f)vEY+<#A^
zEirR?aZox<e!lDE<e`lKlwllXzNK6)sD@Tn(q9>`SDDRS5V6A_Q7NX6rmwv!QZ_zx
z0c{Y-5TO#wzXygX#p}saVFf%DywL<(8<zjk<3tsZC&I`~o~bj*_znjlm&BYm)w$9;
z8iaS2qjV;6X$RfZ;I$<bsuNDe{gj+4-4&<!5d)7IQf=$KNq)QODNQc-!p-%eY%Sd(
z38NN|t^FTYCG^Be?WXj)Reyl!bcs%B2l_`qC4BcYJQn{5l^7I38x_jb70jkmpe3$s
zkn}?T^KvNLN@MN#VygGk9$4nvBt%D)3oo80QuCp%Mu{69tN+zC{!M67pZA{n6H*@r
zUz{eMS)bi7iwEQ6gl<ZXG!e8fJlr}dS+vsDy8sh%9VMGl$bcyy%;9q2$&NLRQ}Qlg
zI;+l@WhOwqFZ4JPedACrQ#Z|zR5rYJE7t3P0*{tO^K44Kh~QJ)AL!YB8$X!fnA}JM
zt`w(mJgU#}D(Zy#w>*niWb}SO9-W<FrA<5z*&MnT=SO4IQQXg$+>%Cm>JxxSVW^Ed
zrK2vEh!eKV^&32Y@$-hggEY<ReR}{cq`$ZEtY#otCty1NG1{sM=|%laYwv?VLqXT+
z{kUDxAZw<~4*iqpC3%BH#Ylt~A?r5O!87%~q!3@UHM~Tntbh_q?k-N4C$EPJZ=lH@
z-DC;FvJ;C~PC!3m<gwjJCBKYmoneX}AkoZ;{AY{IV;@0XaAR#NPVF6~NC4nJVLLtj
zmtTFASVm{jR)dx%4r(E7Sg`tDEiV6KYT>#??BwrLL1E8vmv|{^&4>FqoUy@WluqEE
zxreV~6&@8%)Fwn41xs;9Vhhc3yF1-ydh0{d_c}7Gp%<jni(Y;vBC7!Ojy=WOB1R3|
znJ+)Pc}rr+qf|K&?&GoeaMOV56kV&uZ?ghFbF;OHD9cYEg&Hx(eB0ZO_wJY5k>)HC
z_h@z^MT%ZA?|rc9k$ouw^xCc?24$YT*9C@8_N*m}LzDMh?i0PA`%n7Df^oxbXY$n}
z7avSvg+Gx@Zjog)R7!c>bIq5zd7!|n9#h;x!qy1!Xkwub_DkH{=*0mZNg`;&GQrPv
z<fI)gZNXCNVUp%q3jBwZg2Pl|5=g1sjXgJ%Q9FdH4I}!mdjggkKC<8f8y_{HBj&ne
zmU+Ggl80`#YLKR8E~96>B<eCI2=N=`ev=glo|aN`Id&xhAr)qv0-Ep8L@MeQ>gnFa
zPSwYn%%QrIq9#sC0cTU*sZ07nw+2K;-d?B3cnepakSEvPKDe!5tGvR~I@!M~dNz{K
zv-mIuXKz0gq#s|L+L39%U|a0kPS55k++l15|FMnX$ek+D5D?y2JBl&;V74gIK2bti
zVmIzGA)N88BVR_cWtnnEPC6f=Y!j~V<}HR3>%M)?=1+xiR3I9PUu|J<Cliw2O4i!&
z9dXfa6Y&F^1Vr_t|6}!@p6~}9zW4%=Vf-6C2wd@_F|C9nO_bJ)YBOg6+Vt%5sV%`d
zrySmQ@T=N7N?nyNIMsgaI_(g3A@6I`r-lFPB|w-F#o@+7H@13C&ZE^eNV3T8fLc<t
z62dM8evbc~<^NY5AXx0$BGV0jHl-h=okEoPQI>2kJfQ|V!xSo9rn{=sIpf$fU&D|}
zM93eOwDZ$*dZcsM4OSLs03@=~octfZWKsa!*7e7UOkqev5lSTqw6CnpIxbPH6tri(
zr*?~X5}_!P)1u2MY6Gw~s&qz=-7n<I_gO~|pw0Me_B2A(W%T{t@L#j8h&@YxM-Gzr
zZsU8`9uk$PK(?o@Rs3XNbX<^=3XR5(PpqR&e>y&M3}?k>W8E`KhNc;Mx9LSonNEe;
zS)dPH-o#MhIZdb96<(|a87Zb~t{;Ca`Qc2YIUC`{We7p7Si}N{WW$53(|jr_OPAIj
zKqRT(u2)Z|z@wItQViDb=99~Z^a@vIS<*=?RtnXyru5+U6F}!ej%wx6Wq0^vy+V7q
zlFG}2c_U=kj(&SgG!HRCE#H=%*^NC)KOX+-jM!I75$=?A^=6!B{W4)!&tzhJc6!#&
z*@DP%Oi@C*Uple->*7es>CslB*exFg7;Yh%cz^rh8y5M%Ubye{)%*1&z~dmHm<dx1
z&|)J?KkQ^e`E6$6d|OGPrDsXfug+vXO*YZZ;gm11LbMTb`FH_w+W56t=$@E_Ca;O+
z)GGPNURGMYcq;`SlS0hked^5i7_xS4*7L~7thVsZXVT3${)DkanO~$Wz=Z>7mKon3
zLtcEw#}61(f9s7<k1a}SR(yhVyF)RtHbA5d4zUxHwm3=X5pn58h3MRZb;AT6XMWVr
z4kD9c{A4bp=Enim)0F_acV|MUEI{(OeLq}zgOb2NwzxCX^Q`5c!>UjeOxbOU6y}3*
z6M^uCN`#CIm#fo0;WA+{Xh~qV&d~l~pUM5Eux-|*&Q+Qe$a1EeMz20$<gRJBJaLGM
zu`x6Y$`FGa1{lTs(n>0WV2#3qO9gEbzBOE%p3<OwqifiZ?=s7N>(LK0^{I7WJ0IHO
zbjpS%wVG+{UY}L@e}x4e|1UN<8gA)5y7Q6<mEz|~0}kg~n1%pAI;WAaqdQjsT1>uS
z-Teb={Tg=)dX}Q>BasISVJ}|@Eh%Z2fx{fBpH2{-Nf_lb`b8i$1J&@#8?p_jTz7)V
z89gJIzF|EX@Awm3)_hXEo)N@v=L@^~y9+4UB2)~)_jO+m(R#UaHF}cs#}eaLteYy3
zik((+h8IH{Du~E|91qw2;aSSgM15@zjyKb@T5+E*g1M&$69_o2`K6WOR1vc~s2|zB
zNx4r|u_(zD^E&h#pZj3njei$4v>d}sga7rl7jm@g9eN8j5$rS~GNELYP@`X3`Nr|!
zkL;0#Wk0*g|6d6HJ*~a4ose)&t&DT>e#K$ePB4GU;m~OE@m>40hvqE)n7R5VTPsZ<
z3M?q>kg7G|9_|SfFT)jDd8|)A=sz1_Pu#Av3)D$(x@M2@kXe>`a_U!-a_{_QMC*Wd
zctO!RIWq45)&IqOkR(ahiuq_@N!g=x5;Z>F_$Fs2PoxRHKZ|n0bVP1e9aEKMvAykd
zZyCVl>;#LXt1CP|ICTns9AAu|8AI;*?t6|?{fOxe8qO$&=#P(IZ!3Z$AsE?nw@u^@
zhcTE~S0p-Cap5ChX(2~@H+*88u5G1I+}9<grH=k>q9bwIuQx?9EqvtWc6Yx@U3I1h
zKVLDXE47{Akf=Bo9!|8E1l7>I(&J44knqxRrR}AL^~2u}lkZj`h%3VATzA7k{xWEd
z*Zf3n{Vr*9V2}tE3&?N5*zo`8fR@E}oau*CX$(19iPo+d4QhdY{yFWjUZ@@IY~79+
zBR{(w*Dff86YeA6^n|h$1#8QyJOMrGeC&+?zd=d{8TuUsf%t;4L<V}C^wLKlC3pAM
zdVBqAQT7HdlF9o+%Hk=>Z3?8QH;<K_4~&P;-7X{FI-~K#E|50*9R~-sbRAhF?90*R
zf+?1Jfc^{)Zkl$blPwE&_+jitk%G<`@IYL9EgMBT9ux|MN18fawR32v+@VDHppIZW
zi_8!B@f>eqPFmbxdT3o;-GRZ4Lkp2n3b|K>(NzlGnb8AT21`zA#Bh-mg~=9IlTFst
zRPWwJN1u}rb{R_L1}%JvjuMHC`nw5Vv|f^*rxD|NA7QLgPQn)WLOz!){X?$#L>}*f
zKZm`^oD1gidZ5vU5<F=p>_L2RIrAl29#0_Kr2>=<;lpglR~H$;_&}o>2~1UDj`*#|
z?PZ<@YTDOZ&u;zJGepI|Q4~*gchIF@Rqq9Q25dN7Q?lpL*U$7AS9j<ha&i)&qWPk@
zp@rnh0|%uZlGwU%k+9fUdR`h4X#%P;@WNVkTHw+rlK`uui;^aq#U}8B#-=0RbTDL;
z2&4W_WB{PbkpH9!s*IVWOt=X7^}U^hvbM-B@^T~vQx&U2q#=Z{0*11xEr))(p5D&T
zu|Qe|1yz=bp^KF&;$y3Ki(Cq(jBRiv`(1N0*ZPB_gnRUin34F4?c%7owej)g!fnm-
z&#p%*$IKZGfpHuUNb_YV9!m5a;Ccv$fa?JWk;*N|?TA-O75>tSAwe!a`Q|gdT`X;9
zc32IUEzc!|?St^RI-}Twm8_H_*#hhJfye30NqAS|Gy%U;a>*7?e08`Caad<@f^C1M
z!1Af@y|qAxnd2Ay@1|q=68h1ByWEwQ6M~6STk8z=?Kp#yi|W+Bz~}ax2(sX38O{M_
zBBvv!<G5a!n+}>sbv~4<M<Oe%dr!*}HrKhrgJL5)2KSkIt;E>)RICB@#Im&n^H^yv
zhd71toy5WWG!oZg>Ab3!C=ZQc^TV|@tH1Tk&P`b0fbi-)W!K8ANtmg>nfKgcrw-mu
zS>7Fh^bQskdFs6(-fssDihnGzQ1t)_-YAFn{q6cfJ*hKAmhH5?{j}kEdv9qp<-%Hk
zoDi8tz`JZ#JS=QW1q&D=FH(<~+Q7JdH~p876QeD;rZVKQqJ9!0{42%9Kec7-;@Us>
zUJ_;&-zQ)vDPQylo5G^Q6pU6tEjC4pbV0g!;=M`aC1P)cTZy9LEv^Zv>2Lt>OGrMe
zvDg`q?91Lu=?IEk7CmhU(@0`hpIS9N_$b{xD%gQnW`YeC-W)n6C@fGovD(&F;GB&l
zWjoKnt3uKwQe&FYq9V5w)KW}gOOL5`glt?+ye;caHSfO(s1oI+;zw}@DOgOZ`CeK3
z?Zivge4P#I;{czAX*in!p~sKhb@ek$DN4p7B4@{w_$yuJV5xlN306(MNrb#`PK%Kk
z3&)LGSQA?5{<>+=ia<7Xp7T0>{;1|avb*x*O;u6+%}zXDJ5y`kKkcB{uZ#mYj)e~y
zUO^T{HgCl?kRn_8b-4r07-0Hr$&{A~Itd*%vvGgKu;WjHjA}rUQ4U-P2d5j1d8uVS
z$DTGliu4RDmfIR%l4X}6oazi!v|VGE**WGJ`wnNK)zB-jq$PVKjM0BB<@0z=sl9Fp
zq<S=EnDP+OG8yvZuIf*B7}2WO1En9QOV(~MyG1!AZvx+&-302vM}|9V;%KobYaHKl
zM$`VbRYDEN&H>6<v%~^#uXm$jz6*bYAe7a+Q0I`=pIPQOWRK#vAN*oUElLu#WfK@-
zyk)4`Tb21XcZU&~upBB=%+kK2Fo(~@&&N+l8Qz@e4l@)(^-ywkMnah6_pii~M{Lx4
zWFX|z3&H`+<~YXf_1OAHX*1?9dYs>Juj28q<%}PfFQB@ioj0nW%_ee=F)v%CQRmJs
zt2lhd)-LlZCqzYDJ6*_bPzNWx1C<Qc@rDpoq>mh?mHrxH?`4jmK);U<{CU=Il-MD=
zIr*|4P@}dos$;gw!Y!GU6vDG5T-RJYJ~N9#E1|~epVzVxFoRTG*^$NLB|h{JD^YHi
z`lSvX*j^viT!Lh+D?{G9$bWS~95IBUY<E08C}FD!^p_TOG-NisFvQ`HgNt<K=O>N7
z8W<#wVWZ679a<yj+R@O6$dg}!S^+*7s%HbHC}3-VoAj$d^7;2oWLmpt$ZM@sym86f
zkkpHFqR{64eOdfTJ_~pY*2Td^KsJsjBLOWPV(8XctZEx}9nlC-HXzJ!!$PsL?sFq^
zy-(xfej}HiT=|i*#WK#8deJ75n%^X!p!4N>Kz+w1&ydqf*I9t=aAgi`hVjzr+07uQ
z09tAc>ORD`%u{s}?xuhvF!mIZREN2pt!Kon@4KO<+~gMpwj97Jhr`H?;V(ev0y!rz
z6*V|~&Hkou;;Qjg-Xx3@B{b&A5TzOB{j&}3x+SwrAoYZGG={#QAbel6OH<)bdOos1
zxNs}X3fcgfSfGE#9vTQg=HFB8&d%oh!zy-blsr`JOH};Z-l9f;+hx%uk~F@dE^*jM
z*VSi3$=~A&F3c0O*6_!)O1-lHrNVCUSg_n-R?7$*&>X$3eF=KGMU8M5z4uK*_Uig_
z5{V(vX+$T2IZ8=bbr-Rmu`XRMo7925wVXX}Dil$fOA)RV-ui`KOw@N{?;t|AJh#%6
zJr>GRJ_bX1QaN`cN1KFU3yg7TeA63#{spx$hC8<Cs@?@UD)rI>F%3{T;FQJgnLBB}
zb|5~lX7z?pVW8f4OOGvEOAGl+Y@1wc6*d8Sha@ELZs{OgviN)P?#PV#?5*#%7(*ty
z5vmS&lo!do9_8bOjBF1mV)`ueru!2m;YeQ}^e;|w`6-4MVU@*$kiFi%d}9wbt7dwW
z{X)03XT+pt7(ZMS0Kj=h_4E!B?tJzSX<%b?8PwChB$o!g#_3OcP6B3IXbDdg2&y=D
z#}-RyR}{<7Ty71w<bSn^`Vb||^%pwEuIXOLR2Ovfg?*r$tcaN;wzlK-T#y1KbD4Bl
zNcIm(G@D$+XtM4*@_!H#DbG`e<BX$XktS=|5T2Qg7i;cC0g8Bkh$P-^E2H*buQFTT
zG({IODW3~j9NJ;JpS?HEaaL)|5PW~%5nGk39?5|J`vC1B+VM@wu4t1Lfy+F}4}_nZ
zveA1r0SufofBz1BGQ;_;5)W?fwB99B(>raVupck~s)2|7G;FE?k3M|9!ek~EN};&>
zM|b1JQ+UTG2mr;Y_821V3gaK|*t_%V?S7B%>n6ZIvz*v7`iSwJgJS!g5gpjXaF%a)
zbyUZ?@0-&4H(y~TtbvL!Qx1J})Z6!NbwL;dw4CZl(Ch8_;7zHu`x5Z`+a{}jxSNwT
z*WyD%d*3$ZVc7pMLw|q}A)~8NhC(6pxn=V=N6f7NG3(0JYp8<*^Gq=BwPTW+<%vSR
zxzo*E^Nqkq@;yqgEq@W#E2!nti;S;Rp^^Oq1I{uJ1Q82n0uFyGV!`2_?9zpwwZLX@
zYw5rPdiEG8<~A1NMKoN<g+bm4@FnX=xS@fLjpW!20o80<X~@f1(J<cVnmdFh-{t1A
zhff^%K29l4=RNE;gv+1_%D*dU-Hgo*NQ?vf%MXj}N#vrHS%!~=e|`x<+!h)WGlLsi
zG>M>F{8q`A;j?qFQoxJq>PlO%HJOqR%JZ>gw3&yEJ5Kc<F4bsd5xa-UQaBLN?!fFM
zBk`%KF=PJ&@`ZcclRrm>?ctnOI&1W>N+n=HAiGDvDAww`_5nE+brHnm-Rg@M<*Vz#
z%75y4j&tFdI$jgXR0YS%Mx}$(!TTP;LAY5v2M0zJl$6;|Aa1kx&sSdgPqT>%&M*Z~
zNp%>FV$k9N*0!=fG*8<&RK6J|;g~&rttF!F>5B!N>c`JnU8`9BFd?9Ixz_lC2s~cD
zD0tpHziK|KliZ?Y7A$N!8$$gvj2v9@8X-SZZzuZbO;09FXL+NH1l4lMz4efYM$W*c
zmW}=6V7VVfy7}}gj2UHt8@WamN2Ai8M}wmTT&TX;Jq92l;i8hwn%3g%abYu9!*u=A
zg9|J9>fKnve0GhC{W<l-RCHDjfP-6YO^{h|43{d%sC@CVoOu6ioQqZO`r_OF6AR^p
zLuk|Uvh(W>Px!9DPpwESQUPJ%DO!&BK5SZnuSt^DzC!3%SGyiUvUYZ*CzU3x2*)5g
zFGs0RGXer3h^G)0IsoCuY9Kn)2zMbzk?!;8tBbUq`+~V5BHPtVY7MYKJYTTJ)F`k_
zGMug7<E;G_&ua&W!xwb5nk)oO`K;jNWY*WW;|J$xy)#5Z=7ocP22U|j3gFkD*&mD`
z_V@lvudYo>jn+CBsuMKWwJ+CT%5*t9?PB~%Dkj+t{>QMlT&@@zchu`#dr4Zgm4(Dr
z6uV(~xpQluzx@SA!vVV)i^=Mm=H3)U9B}O)6D_h^y3hF}>n70A_@@D~CG?d?=$4y^
zy0|<8h+x{XWurjTiRbO3igZ}t9DLC->c+`#lT>RS+$29LW^#}5_Xrj|6q;7Ao%jff
z^|V%%m*?4;X&3L8z)3Al1!Yx+o!H&SLfvv5a9ZqIxn30pNFMOLlJWAo`9>k?ySeOp
z@FT(uBx-D=9n*sD31y}S0qq{%h$)P?KaK9KD!J{+ga=uhzr`pmmmhMf{O8hlhVlF3
zpF&z>*0(_2u#OTe+{r+-WmI;LR_t+#X5Vtfo3Zk>PyP-+MYtn8zjZtfFIY8Vat8mS
znfT*--?hVi03x>}5vMCzX@<x5G${4OG?R75WYXi?=MeY?5Pv*WU$I1M`DLP6wTEe1
z-#;=L{d*e9Kiq+yh8f7to>5;f$zMbCLG)0@XQ;uOD3X@I{II4yTU)-oL=n$?CbmXP
zguT73{w5>mwcMTTK~Ac!b?(aJV>D9nEQ^gnSoQR5K+RVPWsjMe>|cG%`J^V4y}kV+
zFE6j3m9_QtD`dnYFfgz%Dk^FYoaL^PDdO`pjtm?LIGMC3!%M7K+{-C*xw-QE!-c4_
z96>L^+PE5)Ad4R{90n8`>jKmLUw*AL!Mv^N88Zk5Y~ff43ESdN1`ckW_d{uzNku}>
zpK*clw+CMThHUGZFis?zcM$7*iYI1fgOgFb)YRJYEl;m8vE+i#(NlbGwf@=&%!^6O
zqH6yB6Z#_((!Rl7$ZOD&R_`85i`QF(nylge3Ha!tf|`63#$5!{N72xx+R`5-FJC|<
zU!YI^?|praae`(k-CORYhwQ*_lKJxdce>qxg~dqI28Q*bE27Ykv}E~&=v@URltD}i
znIF3OQ+s&ear+Dcb}8Ee9<IAtQp>1CMB2<B!9nb%AngzqBxPOAKIqcpC@#=|RhMTJ
zB{N*4E^IMo%+BWlI7qK3XSd0iM$3tfQgYgc+ap(Z($eYa`9LAlmsRv^tR_!*eBfz7
z3p{o`b0>~O?IkrRhK^Qx&Yo<mR5f2qDs-eiemb<&A!1Ky*cky=>Jr9!<PEAiBVkO#
z$x5a}8KM!5x4iJf0x<6nm#~E^&e}0f!a^6&#}W!6OMbTvQfpNF#ho*n&NHsj;9UBc
zqA<qO3CI^$B48W^P18+C^kD=8xw#`P56;Ivhuon5#Lfd3uBn(E26s<KSA81ASW;QG
ze!ARVU=o+OnJJ72GQ~f2fLO{eujn8H5O<}mrZ%>po}P{hqF;Bq3zffQ*(Y^_xu&ip
zSdpMw&|4MFLiJw%hSd!E*Q*Ghzui?LIBg~%3F->-2NIa4r&DwQr5pKFv<Z79l(aN1
zwh-JjEE{rp?)JUcwf20`b?8jj^tr?05vof;Qd?}XP=43lQwxNdy2?({u=K~lDT8rx
z3w}9FzrHARwFp#0e&De=R2j6&_v=9Cd4#0HO*y2R1=j<-OM1+j!2(T7R1#1FqY)?1
zc0O%qwBd|Vra{0zMT32;4>pl_<+Q)mKeiq(^v|SHTMqu*3@6+r!JXQdzBs-7u(|m=
zHbaCsXxPW6fPpbND`O<L-LI655TOYi#ZMt0Pqya{&hHijX9!OrARweMFfe4jLSVE8
zV~H*M`7~*g>JULA_FGiuWz;WI8juo;qDt=goqCDM12}?JUWS0eqs@}NpEPa5b&Dq0
zq-A}3Ey~E5z@pi}_HBUDT@Z5$`Zu}IkC9IYV1se7Y|6$ob)Ak?j{551aj=&HQHLZo
zm^~hpesaT?3wj#x7%{#kCH^7z?(+>}RO;O~C5v@_7tko3Ue4z&EM?YjFx)r%0bPS-
zRa(vscsRIeM&*4JrH4Q5Kgnt7IVa-C;tmkA&T<i6>FoCCRHIsK(5|DHozggH7>c2G
z;w^Blc7jAQF(pJtt&P$vr-MVro!&?chke@XIfO?|Z#Rbqlg|oT`AYm+8*;%A-F(U7
zDdw2yXc&;4%;N}tqTY<mOwtyQz0cy{r4Ed|(k09#B!XH@R>EZ5lBXnJSd^TJ@RVwX
z(wpT8^2|7$vwAKp?*p`L3N<sqT+1G(J9o|d4sl)EB>v^N{`SN`UT3Tu{6LaABVF70
zZnLv_|Jo^J@2x$;n|I%kq>OSj`8})>5+{5wp4Fk1Ko4K0PPrlFWN0P#%=63#v{D#b
zm`z5xm$Fk?C?Y;}g%HYkwZsR#UgAQlE`)3jPTo~0SR1KN5Fv{+evcL=n3wGYsXBw+
zrJj@HhC+2+G{(uki(71$9rqrxvkDC(Lp8I5Sto}#_8RIP;>fB+3o5}E=Vun{6$T==
zj~Ct#pK@+o@e7l20}wF^PP%~L#YPY2)U7SD`PMI&n;$fjlbbWXAWBF}hhBh$%9ht<
zWb#VtAT~8MO$9Hjp;uCCw>*UpU2EnFM8<83+6MLW-{M&bYKcl?f|tEUc^1`WyW3NE
zZ_nmksTqSPa+DhBi8OpypJ5h`kH%36MQK5&90IK^Yd$RKV_JaSo7-^Bx3(l(QOOem
z_8-zRgWU#61pM%vROp#fo4`sBe*!<d%N(rq(9y57%S4*+M8QhWwq~By&TQ1C8wj-W
zJNNg`)?WfHm*OXuXLMB}=qp*_hj#<^8Rtv`rRW?gIRam9ID5EelDLUlD-K*WyFWL|
z2pifE@=EuJ0KK2&Z@(u4ss;LmAA`$yzDMjcUSWznutoK<P5<^VZ}ayj;&mdiEK-4`
zI$3OX=s%3OIWBA|LkSuhQmT4|wTpV6ny-Mw8Us>1JP)h!97#qqpRLqs5M+|lxZ?+w
zg$S=@AzFj(f+Y_6g3i{_hG}M<aRnUEfR^@L2ppZPOx_|y&CK4ZX=ZhVpBHSE@Z4bG
z5Qj%3P>vRUL7s03=^{7Nn)AW~LuAc`!p1$mvSE!w<CyhR)jGX%$@2c+{rH%aW{)j5
zUHyN^<K$F+$PHSpaA;psa!&TdGA4Y!F04f8xEEhommd2{TkRkk+g^V)XqB*CV9tj_
z1z;4IgM*v=fDr7)$WC!zOicNcDmMc1+6rv4Iq&Qmc{x9yxoO>~-PvdKp86$>?zOd%
zjvWdDk#i)anK*9IT^w?iFT1we9EM?rKelhXLuaGs)F?!wRm)|;37V)VC?TIee}4Td
z*WA=J4Wi|*)~8Fgc)ze4efrhgn~w{4VkasHA@UEH5h)H1tk~*Qw-CehB}IksUB28o
zzi=)-l<k_k)8?r6B$jf0VA+4XFkZX`g%bjx=JgoTs}8+PEPOipPtru+%bsILGw_aP
z|ArFRPFGd6$;W%0e1<$bh{{7KGt#ZeSBrob&+`$<<xL2UonPR6!jbB`?E=7Qp9-cR
zRkJ$QjF*6&a4d5D9D0MAZb&;wKhIBGz)#x|QNHI#XHXWbW42|y7|i-UMp@b(#uk=P
zCKJ<2HXYdtsiRksr>m#czc6GrpEKDOkJg&jsZwp0drWermt1L|(>WVvPWG*?N|V_~
zd6bKOuhNc=<t>mJHvvM=qJZb!`~>H->+8zcxH!?9)lf_d{U#TS_{;?`b47eL((k=V
zRLsjO@Vpz|62=Pgm<suAAYobdv~;iYuV#H=nyb(HTrlQ3JW5xhjCX9hoN_oPBdf?g
zTIqay|9~32z8(UK1i9kXJb=IKJ|QBKViKvE*JYdQ@UF&g$5;fQ)pYI2GqRM4pW4J@
zGm_nv%bwYIpyq;U=}XVb?;H!);<9g0P^^_}6wu&IKF?%YPB^pz{I|9By0$LfxBl1{
zABv{(Om?wsq^-t7fnV~yTF)A!u$)|McH->-jk0V?T<bsYdnyc|HZugJ4c&NNYrW;p
z?3QmNP_nYJ;eZ!d@x6fF{4-eK&A=fd5@M3RJ?sPNBxwYsqz4kW8Z=4iV31PaBf#Us
zWhz<Kkm<L`vg-l)`yGm~_T%BFuF*=aHH>r@#QHhnO$K)P<|m^J6Js#oqhe_g2gPAZ
z%Yz1i@T+KSX}l@<C{{;eaa>fTJifOIP@>e10!9>d0nR4q70(w}vhY*<y%qGc{M%`H
zf^uP?X)^g1d1{JK+?h>6Vp@zY9#<m~1{HNKklN*i=kz+FIbn|S3*TG7j>#MIB=Bjr
zCPI#V|KR!~7W~$yz%R=k9q+yge?iRhLExk$o_oW{!T>2rCvx^%g$9j@-|y5I*#*J*
z+bMWIYk!XKd4Lp_;>X9w#FNe!u}zSdLV2*gtqTGIQu#rlO$#D&+=@W@)VtZw{|gj`
z%^ms|r%L?Z=?G6>Gvi@R_gB-DzWDHt=ZlM+A=dc?=2W)8giA?|o}ujncl;ibCi8wC
z{FM6$|E|dCUexL&X7*&h)CT4QVMvSZreyr@i;kF<8a`GOn}*BA5d50ia(P>Oc7WK}
z&5qglF=e>GWic3!ZG$O74qeay0nz>9M#EbY>5X!|Qm)4OZ8&E)V<(Tde~^Ak`b!EH
z<*f3A?7yE%NYtXR48|{46|Q>~3N=F2Dv!boUB7=vfv1Ge?%hrl<(rZ%V9+ge{cyb}
zD2bMs%Z*Oi)HiB!{r#lZ5e@itU|T=A7FJ^g&Ci>#1kC<lGlAhONJqUE@HzjGfGKus
zo|TZG=CjffFeVCe-RwX@#`mM;0nmntef3xe|0q|;?boHjD_B%=U7lZt->F3-8z|$F
zSYc6cII{y!fNF?paeifyVZ*Q!CRn{@i#f58*_Xd#tf1OQtU$)f#F%V+yG%I^zb%I1
z+Kc`$N(LDVv^?#Ans|GCNj;HS*{*JAmwABX$#>dlvwCe7o#&=ps!RWc6cv|{U%JNo
zOV;UTHq{oe-ik$z`6SQ(6tJtf0v@*zck7TbFd785osjKW!pD^N5q{NwJSU$oM0G!I
z{~}BoNL1)ZHsSaP1N&9PizB(JsKUy|%A}n9w}NthM<qt4YB3Wl>%~&7joNyas2>ic
z&nC7C$gNuYl|)<nstqndL8;w%u>hW~Xl?{Fb^&-Or>8jUz5ey8#kk2)Bckg*103F#
zK;c%_!yoE8(nPifTE7JmZ5lgQ-44_UFM&XR4US7<$GiFrHYRqir5#F?PVXvLqs?@g
zrV9i8yZF85is@^7ss_!n5xbJmdf;Q5xNz@JC=DhV5EPMAA6hOf@+ds<M@dZ`Zt-4b
zYS4KUvQ_Pqx;48l|EB7wNtIE^yU-a607z#VP=`#G7Kym+aFk8GgR3h|s$M#9S}!Bx
z3gsQyyf_S`Oq|$>OG{_xpR$B~aG>JkHayPO`>Vle_hCOkSYJqMtDlO8hsW|_vwK3@
z?Rw1DGSY&nbQw3%UuvBNPN%2XFnuC0Kd&6Xh}vTJYFqU5uh7(QDR*L^_17@)caQ3)
z&9I5y<XhWm8cp4FMw$;6OW(e*Or;$fFT4S}gl%cvH^x6r?f7z{IApO!ZOGW`eS%n+
z`M6FEOik)v9FN=QHcZwzAGRjE8?4-!G&s|;BiK7dCrAzq*PQl1%b+scZIBzXu&DGr
zgYF4`_GMzn$|5iQF7sv(0VO;Hps1-~d+g^V;&<P^T2h;2GX}o|&nGtNf%q-%oTi-B
zZ@dq|Cap}Y%+NU?+U)7}Y(q4GQhfOWoU;A>WM@b3F9=XQ1i@W2P6M&T4KKO$U{fdP
zNjrrG_E=Cr-`zhA3}y*2oqw1A!@abU@wUyi*Zlr{&G~{XN}{TyMizioz&IHm5ndBh
zF9j`K)LjuFlr~%^xWltH`10ndO^Ed?i4ZxN;@c&De}=Gs21gWPQyw^G8k3jY^>iq-
z$r5o0s^lTP3u_9|3W`RTBy_R(RXZOHIv^j%XB>!SB{EFbDsB2dJt9qfYUFb;Id_^)
zmc53ENt1P^wLr%o6HEZ{T8Kx_?H6Y^HbZSbi!YZ`-rhcffs~5nxI{QTbqmgx^G=Pq
zQ+ooLUw!`g(Oq;wPoty1`b~<8Q7a%%3h@a1)e~R+rici_SYqDo+n-j$lRdq?P7$qi
zpH*MI*lpJ%aYf;m-v=?GGw6^2c)~E@7W%i9j%*U&hI@fd+>O*LO!DLw5{>UUgyap6
z>>e%U&8Lj3gaFhHh5&RqTR8rSz_$AulTCtDvxYo>D(X8^^M{Q2vH?@9fmvJ3SlMpK
zR-Dm+bs;iz-pn_Wd*XaA20f-eFCk~5cP&QgR#FSoz9u!3$A9N^@LGh|g|fZm{L?TU
z>m8W(3N(QvE=M9v(HpXwsHnFIsUB$HCE9*}m9N(sxOj29G5r^Gk5<Gcj`;<@qT0yP
zse$9$K^`Gijr~knq)xf6%Ju1KNqkgPv&+L#BV`~+UOH@5P@>C36U0rf6BGKeCa$|N
z9i5C=k?roGH~fGvz(br^M=q3kS}2gjAv1Wl0np5pF&hgZmM=#{EIY<wzfCw=F$Kz!
zTT|uGB1SZu*C7U~?PYBErE$cqVI{mT?G1Wxbd1UciNuXve1w!xK6)_~_$W!yc5N=u
zJw~>_-qeU%Q;a;wK17apMGicG4IiSM2A||-wM@XL6ri8FE^HnF?(k;M37T#3(;zm0
z>14C1xs}(y2M(f^4kgju9|Q6DA?jDchWle597iw8!^3m`;lqbZpNl{Ip3l$E^soqM
z0#75nV+C=f{FRyRO!S|(U+aS_u;oNXsqG2v0emK%sk*7l>09qP$YAFeeI7;|uuU=b
zwq$nrEFjUV#Y*!a`do%}rp#@Pcnw%%w`clhs8FFHJ#T$bRi1&q%$g?D>!Yv8+Uh-j
z>GQ%3IhvG8>Pb$bp`mZk^uE-<-g)b?``2C;UFlqC&}88X6(0rO<A`0e?o#G5D7=b@
zhU#cen}+4@s@w8MI<!oV=m++~fISbF{U9vzudSppEWC>%B1C*XJj$m2Nvpu=sV-4l
z0WB5|cK1l@@%wEPuiPnn!K5U~c^%2mp1W8iaR}g9-vpw)yFe2);+009UR&!fEhE#n
z6@|-a&0*AVC;|S#)pMr%d@cW)rD|Ed`F;6@fNBqNbmrBy(HT({h<PAR@bL3`p~Kk|
zzU_v~xPwXvYR`Ruo*ej+-)hlsl&07Iy*I7O;;gFj<?#^hUxVQ^($|Y##?!7U>XxdF
zS>XmfBqDdI7SPEK>us1+e5Zuz99pnd)IVUV3#ZVmu_?8M)@>5Ts4&3M<T8177JO@Z
zAO7Yj<G^A{>EENy)F^VoTgQYBo#`l#n9$(lcV-SB{b5#T#=?R0I_qs8db2tM)urhs
zzpupLnV1#u;C7O%#^bv`okm$zAf2zy5~cF))i{$?6I1lGqDQ<rZ2o(E^FBV3?CqO3
z0wA1B>>MOAB|L%@lwv<$U)`(y8CILMo^V9UfJ+T<zAo6dNd>MEt7@HHyS5$&k($Y!
zPpm04lWXe$!c8Z&@6t{d9<yKr*j&VY26NkqxE5C>qZD0Wsi{W`XRQqO`!M^#3-+wF
zFyonp%m6<ZtrXRCi2WZ?+HR3=g#|3sRwlj8UMBLI<^}N8bFtpju@D5lBwBRx-8gPc
zGslsD4LUVv`chLN^~??bE-a_wy)==vBt*|>4Mzdxe7;j;+cq^5PLzEueiTjuVfd}U
z;NW+e;@SOb;&I;>{v2r0argHQ$4qDyo8smZy1P|IC58H3tD7)uelIU86Tu`G!t>f4
z&u!8(^^qkdBJ#EZVH?F}-fQ907QK*qiF5-RJD*n#DwZn8+HER_ow$#3#>>!c-cqFA
z1Juc$?(v-YT2yLq)K38GU;Sj_+p}6oy#2WSs|!8nos_<*sivKJ*rIy~CC&5rMQ!XH
zDu-OX@bK-`%7O9l9m=uyK#hahD0jfJ9~P+Au7nD5kRlK1(YC=(i1MfHY2B~)5^suG
z$^PA}*dh;A>Bqwv^v>z9N%eV5!W=9D$?NXkwyjGcZmCML>yg;663X}5Ny<aTZ3+h)
zU$(C&e8iv$D^9NWEEKWICn4k4FNxxryczq{@bGX+QhsN&`6ky5BtpV3_rHGqQr0SZ
z_xo|CD$w)a;GlewgQ5`Jf4&!NGS$Y6Rlu-z-2AvM-_I|5XQKDS4P%sz#=uCkljlYN
zA3hB@DkA23kj~EUP`2({Ontn}_Vi3w*^2b`a*>I+C+@p8qx8kO{JQbWyA;18FEgV@
zh=K;G(4X@I_PJ)3Jj5p7y2YysjYP{AqHw9m%HU)wi+6*Ew$?FaZWG-se2Q;mtEFWc
zoku!f0-f7WI&>+&Z4UJR{tZM0N<+p!{=zy2wuxDWhXktqZt6dE!V`vnQ4a`cR|e7N
zjS1q<O$#6=%0H&D(MvX4EMRoSYb5~j82qP50}ALr|9x$xIk0r>DN^e$E9E&XFU7-r
z>gyGleSUN$nhZ1EWjE_J8T%ctN1oI+b)8TnW8M@=1qTWB3M%;uRBM-Oych1I2%5LQ
z-Ml)$l{SoHDrnfrGSRUnDOG2pqMClbdXhFj{PEZ9qw`ML>2V^LD&7oYqejYjntseK
zwaj1_GJ;ydXb4!)H5NMKP3Q|REi8(P5`(S@X6GqPFtwAq7j5(2>G_q_;>g$85hl(I
zQNJHECu;!@B|or%q~+*nl#{x;x<ETSyC;x;EvN!g-Ot8zrPW?xE2SW<7ysyvf{vdM
z{3Q($9QdfN>RlYO*P3T_ZuUv?JKY}w31nL@C?dXMhO{>R+T#3$&CIN_rX)u84?(&p
z{n+fri<_9ly&RA6C_KN^Rh1<&p72Tp41>NOqJM)U1@yX#I8|;ITw@VdI{`aWx&e{;
zAsj1favo2iwQbQW(+Qs0-iP~<vr74(Fj>^@B!SUSM*sfyh-(Y{Js3Quq*?4nR0$b(
zb`sCp*7R3=O-a>tKU}C6YAROUdLJ9Lq^#jqO<}jg=IfRV`tTje7f*rJ%qc1w-A_L+
zydQSJGm~p%<x=ZZy`R@Mr)g|UZtw^!VrBh<Xuu(nP$tG}v3qyEl?c)UsW&4)RdBSw
zZwSglPgk(qBd+Rv_Jw@^ZbZ6ir{t{ry2m*NuSw3I@s+smU?#rJrbpxG-*NcAaMtvY
zQLw{Bw!i&xMk{;SC-BE%ST7D<;n)sveX4pvI(e*eYI#w3xA)c7u+cKgh$1Yhw);;s
zCL}A$t9Lp39pjeH)_Se=4=d+8{9g(UkKgkD?Y)N!iU`Nci^V&Gq7GVW51Wnn{#?u`
za}`{3@uS#&MxaT67*tv0D(pia(T@Y6IWn+3$tMDgX1})a*_PnKZ#^U*Hu56?kD(#2
z7VhHBu-W?hB!W}?LezX2%QA3h<yJ+qw|91aMbE*V)B%f#!|y^>gN*F$>(@BNL=VMc
zV}lcc$>@6PLgD-DGgN7ey=VCQcR_K1x-r#r<;=`XbC!^2*#ihCZFzY*0kSuaj!Y&R
zKd!ig_)5jrjd<bn`8y{CXMpR!uZGw_+|Zkko{U+a`hN4AHLo?5!YDkW*QQ4~J2LS8
zM2reWTr$1hjxUXt{L5HOR2d$XlbT1HJ~SsY7tzR9VGpkZ2Q&Ym)2iKhc_d>?7Ull3
zR(ce-L$6iM=ExFB7r4y~EY{_LlzG!D1ep}+(z-y-A94kDUkPmhn}Wz=1I(Ad=Q~=I
zqIEKnNxMi#P<g%SVxj%{wMohJdE^ldG1H=?B^jB-Z|w12x0L96%LQwHry$+@wGY+|
z@>*KV%q)3%6|v_(d03Q`L9?mwP-&y3VCW~0rq?l@=Z>mGUD^==uJmG8@FlrG;xl;Q
z&<nN1twi+^tpGt#45L|p`sQk(1-#BT>*teVr?vO(9VS2;(D}JrcDvsV!{JgZ{~E|m
zo(c;K!;2#m<T<FHHB~;Ct1Uj_43~M22+EBg@@Mo@&oAu=#0}(MKZN9JrO{J7#@&{>
zK?*6m@}<%GkD7~R9JCY%yJt+02G*5VN!ccIF}@4>0sMuv$%QQ_?ZKJ!jsa;B>GyvE
z&>ln3E$?Po^Ww@VJlnAZ2bLB`G=z|`-<w7rBi-$+ei!e~KY1IEcl&ilv8g2{QgK~?
z`WxBW`?rrL(ypVs%_@{DajH6Bv4S7?Bl}T=W#r`DA3`yC{MLHj5*aUytDB8M_#70J
z71zLM3D8b6;u>;<0mC=<VpZ4UY34vv_HPkkUPnXYt{X%`&SbE1@qK@mq9dXUR3eX;
zzV9x#H*e%dlvI_|(y|{JwyqpjutB{ciJJn`C#l&=6VjGXNAqXS&d&7{6B9n}JENkH
zlggY{W!i2+%yuN_xU_Z@_jm8FHIl^mta24<fikvG%&ZWheA&-nv*1GfrxtDwUH+^L
zi0t?6x(E1}_qy#59@i5^sEI8k|E}8gb14K#MV#JQ)6Yf>6>hn`{Lw315~=v!9ekze
z>r$Zba3K22qf-jna{DU^7M7h^100fs%*YioR?t)gRe<}(HtKfx{5}Ga*Y}N;!p)a%
zHQ)t%CzVhc`u{QYl~Gl8(bg6s4bm;$NJ+PJOE*e)cO9e~=?3X;q(fRjy1PNTIW*tq
zz4wms{Ww1u1IFO&XT@A|&b^*&@e<7EoLs&3Zid++($x)5W%diofDk=>*zY;t3w%4A
z$uB#c%nDe%uDmn?HnmnYK(qZr!<V)ce$~3ZVR!fe{X{7_`Tj8gn-g-&jW5ReCl3Mp
z`f>2%4fufjct)##qQf(|<I!R%=kC*`G>Ng*)ZRuxh=x|ja@MvI8x_@EWy5oi=S9t`
z3hheD%A5uV215J6#|^x_dFSr-HsNxA=J)`-hdSDQkfEMa;RjXYTr?m^StgZ#pRK^>
zG+Nu~UyinzPIDr4Em6N>S(D>*5ZMgTYAUC=)nuYfwM~qE!SxFL$aLQ0dWNoYqg~%)
zA`x<uYQwE3J(>!4UarRPOv%_0y}qK9IlZ$^3EyQkrK2vjW8W=dw|L*X`%RX_$-v;{
zI^l<Gy7`i~zIdMqB(aKu>k2CZY@X;9(JwLdSPpqzSQX=_czMP-=B(^Wm1%clfBat8
zdyD~+o+e*8lR)MqA<t~P0W7TZVRrt!cLF4Iyg%fhZfh_AxZa~5dSy}rgVgTsn_Hmk
zVP%Z`e~T(g3|6iV4;I=8fik-C@-+^Z5qwU83`un}=4Uy{R5VnAzmqrT$=ncr?(|3y
zi{mk|lG2hStbFN#x9))X&aSPU{76Az^i@h~Krmh^4;cZ0j)2eo;?!s`A<tzOGM-o0
zx)PMT@$A|&GAl%<YuNS|4by#cU*zq9uaTpgx8uL00vBU2LhwCc)k|LP60HDP0HKM&
z#6mjPiai(w^?2>D=cG5WPHl?f@UxEWMqOLm_qvfU)c$?F!@rom^8WRneB>%m&@LjB
zKo67jFK=Dzl)UTHTtE0ivf2uX*yG0tEh*9w>$K>@8&etR3H5Lu6Rl$U0VzMVz*Mv5
zf2pWPC$jK}wC-XV^!o>@@v;*(^l=@#uoNRsZ+LJcNTmdvXWuW!`23$!rhkS9NO|bO
zGTUwf+rjI@WztxK<`A$(n<0=pY*P|Y*BaAi+MIepwu3JFhu78zBERer1vnVq$Gs9n
zf=|UdeH3WmWm)>`>%k#m8%N^AdFA<mU3XADI^z*8hqo_&X_gHP4Iw>kr`mM3-)yH!
z4i66_J-_#|+Ip!ebN+@wf*Tb8mH9wPmsEZ=>W&_rTvJSK)RDdwlKD;R+xL%m-__St
zIfCPL&oRxV8y_Lw9i*~(rSFD~;R{Rx#vf<RY1i~Vep-fjW=d!zKgCf?#DAh747y<G
z#9hP@Zz132g=amgU#1yMnm4Dm?DanwHd$M#(9yfoPM51iI5J^BJwsr@{1DK%-dw#Z
zI+2g?DZaCmbqf-K@E|lP%QcU6Ber^P7p?E)T7X)?ZtD!O`}QY^nfHD@%yEBiV!Nt@
z|2FvJ(<#cHxt8_!`nvqUOtp&bovD&tOyZHUFl^Stx&_UH+i6=T2ZO!)8_%b$#48kM
zRFKN<m;2%?-(R01Aa?inOY$ny#z|4g(PG9M85w4BcFdtufvUiUbQw5e;jD`FaS0-D
zj{R{vgafi{T4g7x`Bu%vB`|_`r1Es*CECl$0*gEfD!me7b5m2><vOc{ufRj!|LMOO
zMv97r@vj~9{j2VV*$H434vswv%;XPnda7Kkn@}uKLM0_36P1x0tl(s)8It%;r>dyR
zQHpx`@>l?#|E2AMA`b7|<0pzTai@SS=QgiE2&Z$~r&GJzAGWoOe=(z9TQK}2WQapK
zMjm-UcYb=Y6NTGdE5^V-VNKK-(USXu(TGFtkoKds=MW>`+9LCW7i@i4@X8M}AGzRs
zC0Hw$9|&P>rw_KYQvM3EOCPYfEPpCc2Olh_Hxs$}<GOGrG&Q>HtMWf=5Nqk@s&d6A
z_e1VJwu76?2DgXx^?R)^h&(P;;2CxFkEhFqnua&s&Xej*(Lj0q!o|bmnW36P0$t=9
z&fpYsGot}D+ST0+ECA}@ZkD8fPk`0yKUX8UROMGJg%5#{zXzwqmU#3aBCRZ4QtEEZ
z|4s-k0ty=#Hnlj2MG4Djt-mgC$Ug`{r*NV3+G@UHzh;<J=B5;kJgR!s{KlB8_b|dq
zhq<hQ2w61Tn`SiQsl`)2bvBp~QgaEeSHRwUM}_h`>gju!2?1{wTzXT>{nvTYyFML$
zlqc6^Wj6I<X&k#S)3~p48qAg&Th|SgD;w8U>2PIlBMaci>^$4EbbH}5mX~E94O>{x
z0M7H?s+Oxx&?2AiSvn)9jN$a;g!>#c4*55#+MLMDSYCd=-Gy><QdY12G^O^BpvZ;A
zpkMl<9h59ed*&ftPEMq!8x<4XL1#yL9;HlmP~4_{2&(7pRyGGNIQ$l%52s6Hoa556
zXMOg`xXCnpmbq7LBcl|9Y?pMs%(5LpNEkUJ`pAulsb_hx@I{Fxn}kT!KX726IK|F|
z)Wb^c((tJ6!F_xue`IJSCl7;JaxiBi1gkp1Jp4AonZ9fQ$H_0aI`6*1>=2S_TiE6A
z?B~y1`LVxJ-i*YHiC)vwX4qKwsa0&qI&FSxj;7&*i1;m5GmVWDBrm4n<?Dv0-GWpV
zEhhJQwzk_Hfks8w^rhi&TYLL#m#0T^Wa42TG_qh~-i9U332rW~s*9O+<6%DNN&nq(
zjm_N^Wx9ZOetQ198A(8tV^`O3flL!k{FtLmt-#HdrA+&UHvZY(udM?IkAxXj$<*R$
zNYz!hx**TLRs%ud|Cu$sdOXF-9PK7AAbYjeReCq5H*e<{6B(NJNis#=mYnx4>qO!D
zRB5(V7bC|d4809yIvewr+E)w-rV-V6GQ$ZHgNn*Z%yz(<ah<&Lw9kx1U#F;Wp_~wU
zZ>vQx&qz>Gc6!fNmCbvo8?8uY<|aqvLo9&CkClMKRs}JenJ8R4=McS{qMX2k_wOa0
z*1WLZJlMznKxWcaCa=5FNEiXQ*@@_;EIZ8<7~js$Bq!(+Js{#rV76pQsM+G6YNe|{
zw4$c5|NV3P)obyHbzr{BUim@d>dO5uVp2>5dNic<^vDqeJ>1w>dCG{zjr??Vy<t&t
zy0~BiL0|s0@3d5(-;|OzQ6P%2Q6ew`kdC*mZY&v#_0iFrfB-ZMEHMdJPLPG5nG4Ej
z6EK#`YFGYX)4z)nI7`%fN*Q4BD>64##;E7Jqp#`;di}%ey7Jcq1qavj#2T3-a=oRu
z8eK2S-^@oGVVWbS>f!BkBZi(6ckG|M3aP!L7soayK>ZLYA{cqhq4RKc7O+x=d2{mw
z{g5{DzCz0a7LnBV{Kn?%klyOjB`H*I+!IKy4pB*l^LysoTd;hvnvf-ebmTVgC+;5D
zNKt7(t4G<@hcMb)jhe4YgzoZNydwWb?+N{4K;`5i(+HctvQq27O=`jlES)V7CC6XY
z-@{7iKKDf!^oM<{laihRDkZ<Hl>Uw0(|~)<B)WK#^MX~&$x$;ky=W6RYDibmIrNjo
zY^xh<>U5dGQzRi}!1^}9d`(bLzO2DCAC$@d%&@cBnSz}3l|c?S@Jaz=)@HhZ{BolM
zFmZ_k5Sb?6mC`AlIQof#6k_H#pMqyUl0gAI(0IXKu7ePaQGeuhJ4!|JogWUao01%4
zwcq&e+lnxAlF0nL)4QEas;BiHi#t!Cj6o-r5Hr}30`i(<L%N@34~D3mGQOM*#4=Y7
z2u%H>uwxnEu454*@SMG1H|R0+rZq#Xam2MOL*DX<8oMo`Jb{b7hkG0)YXQ5RtQ}~y
zQr$V#7>_4~g<%?JSm7xfvp4Ufr5qTQCbu@ZXFKbPWkmjpEw0a=Hn(wHcAL^(ZHob)
zFU6M}tl`}--5SV{)e1YKI~1wTvosbypV9y6VIpg79si9BA3`haf<Rr4qPOU^Q?7OG
zLb6Pj0{CWK5MQ8{50ur{-Hx_+dbyoNa3uZu`jWWq5)0O4L2|c6%1-DdUKy4O!ZWG;
ze0GyFQ(1~dCugT5oV+cf<z))gIDAgDIR$cg#o4}b5%_br4^V>ndXzGlF<>;kvF?Fy
z)2e!f`irnbEeCZgFHgJ4_PcwIV|txfnW_UVD<t+Av{y<^$~87NPn77jTlnV63%~jn
z9qnB1=n(C3L|`NEz*Z22OBz{DM6_6K2xnm3-YSU%Oa2}l_hC>ohrgK6quZL&$y(S+
zH}MCv#*PTrr68uOy596k+OpEe;t194VnWFdmZr!O*zgP!*CTXlZhNmA2y!c-U8^GG
zo2j~^lhHqU`FCGfys9>48j>~c>hm)}bv;j0?%e6Z%7clpa8L36yztQ^7l*&S4~jst
zXGykYvNPXnaCQ}>fKNl8vlCL=v$S7E40dI(cFjdO%C)0JXx=|w+4!IrIU{{&_4G>S
z^k7HfzoQ4LycL_o>#<h%)8(_RgLz0pbkwp};{Bp_YF|M?Zl&wGh_%OwkTHY0Pjla8
zo=wKUU&AHviz`)r)pYq02!O5##%Efc&yg1vuCb8jZEZ~k?1fDGgL63sR`teC=3JdO
zUmuD_;ZRd3n9uEXb(`<PXR`s20&_KsqEf}-`6aX+ivpM3o7e08duzzR)WccK`(?K)
z4djDmF9z<dTt#NHHDSt+n*JU<xF%BE9H5Gnf6>#kY4Wr?^O5iiJ(zOmAmoCbe$cVB
zdC-(84BzL0cMx?Cb;C>e<X2y8-&IFuB~}uyn(l#O?wQ#S{mlWvfEkQD>93H<q2*@q
zyr=bd#0<2HnHDNQ&xGVG`&p$Tct2I?5WfpLG74Mw>~i)3_SVIla5KL*sACxsbRxAQ
zX&p)j5N{hV;dj?adP({C#oAy0U?kZV{9~J$Ye+MormmlczoC_rlY1r@U^6|+hqy)O
z3@&QT5HmTWmr^-uz764xD=N~9!3kbd-tRBD+?;ixJc~eJbAJoYiqDInqu3?~suF=4
z|IZ$!E~j)fwEEEPp@ZcXT-4~`qgD@AP*lJ}5mYcWomlya_OhenuU<>iO&GS4w!&{<
zhU98-`S@Jm_2nWT5Nes>^WGEdfjtPk)B_{+sVr)$ik*)o!&h{VR~)`WHX{Z9=OyTZ
zbpDUMOTOUg2MHm+S9v421ASgFqie8#dudw1_yP<AVt<pn{!&PvAld&M%oWjx0f9gB
zr@tSLb<XYxhnE8;pWYwlV{ovbH0u`8^@;#uEcf~PnSWJ+h2XFj4fm(vu=;IGefyT^
zuguPhGaLAC{3t_I)Ww;u*qDtUAbpBHwd_cjm1Z!Dr{P;O(g>^n825LY8{p9JP~Uz>
z(?2U$>=6H$N@yzXqs=Tm2ZWg1P1#1ZcjKY&NfcS3>UvYe>`PaCf+8^DLumSWAH=Ui
z-UNopX{49YX<7X;z53DgCCPi9gq+lu3%b~)Bc1S5*{KCuZ0~Fg*x2w?2v_X7?<@8)
ztv<ksluwZ+DQT$o4gglJLf|n8c$8U<_mstClgA~(3#ZKMo=#prKcX5cIW{+KV6$ZH
zi*ne$wo`pL&wL*3xuDB~K4>#@o%6w9QllJ6AKYwocuC#j81mTz3jd|rMlV%N07Hrb
zWZ#&}s^Bd$fdpiv%?s`wa&O<rv1WRZW*OyECyaf?^v}%<KI!F~^UXAVSv#TcJ^NVO
zJ2gjPAJw5f*w-*`fi$EHM&(}M8j&^EwtmC!_T)9~c}rvd>vq2Fn%N);+KuinCSJet
zo16oYW12&3oPKd>$wEq6TGj!Z&Ah6!$$@b3R66NbH^iA+QVA|B@H#sC>&$yUN{!`A
zhitojT_&pzvwnspf(?w)QR{@LU9R7DFZCn3c-A`M{>>M-%|y>qI+4lf7&iKNtc)b&
zV8aKX2GtN*(^n7DJ91R3z1HuatS%;KbEq`V*?BRhG5ke)sb{CS#;eYe8<@&G>m$j-
zhTYh0ogfYdz&OTxHZDE0^sR{R9U|Pf4uhzw)vCVd=@iLgx^knBxTxHGQR4H`=<mnF
zg}HVw9%6bevGxu>Tvjjc&%NQ_06$RraKH+Ge$KF%w+oC!&Xg2YtTZ9kd>&_;_%>`M
z3{_mfxA!b56`k+A{*jqFc=|c0;YT_kbRewSe}*Zc2Xn?Vz6}jc<7FoDP0-!XjupDy
z7l+T>4w3V?uQDxWG~fWu<$g}=&ej+qlsw+ZS4R?5xqF-0F$;J<e0u)q^7DtMummg+
zd;S3P^pLy2;SiKg?d;U!_=}oBFoyW$;h+@&n9#?E1v|qSe5B_rI=O^gmNgj;F%{+u
z<NUU|7RH#0%viAJ$N*bGUVPzBhC|Is*880PPalJ0@gfauz*vafY{eIsDRnyBTON6I
zA^<Lh-y6rj{{A9Q7&9lKLkb*WTBxX^CykeKU7d*#5O=5F_E`AxA%Wm8Vb73KuEo-y
zILy!Ul+ngU1s#6ESs$7pE;dJQ_jZ5-T@rh3$+r%RL<(q_44@%N%+-dZ3p~ka+E@2T
zHh^0G=kbAHuDyM#&*|~P?C}!v)F-~8#nfm?(n(5&kLk2utI4R>A~C!>v1w=$>vBc^
z>C-3EPk3y%L7EI1B~zxgnk`<Q{<Hs<Qb9RGN5h=TUMj(Whrs0I%Y2)Rqaj#qO@->Y
z1qkzqxdS_{rFL_I?EW;f`JVET#~uyfBQz~#tU59nw4RY`@+8`WfQJc@s=;mV>Bw$e
zEp_&RMMAYdss=3$PqY_RHHrpHAg%$ufpJpDUmR9v*6GYD{5W#(0zGQOl^T&y_F@Nb
zNQ+Z#+7)D?$W>rw>Qg$D_xNtnByHI3c&G9BxL$aw_#&M>q8Dh3-wa7JY4u-`#=z-#
zd6g0naC)75HRkG0j9N>S^rh<h7a-g(C1f^(e;)-eV7AL9LLJl}8rwX+!bwThaX3g!
zykiVYPI9zytU>X?Nx62<;WXF0oGgZ~p3zuNP#E$M#}mdQJHUPOV#}MA>(U29MA&gP
z{9xsrB7T!RYm<Id=^EOfm9_ZOQsck_YWz1Gm#f?`QKZ(%5o1g0)XwhB^|kGEm){Fw
z;`NPn`!*kVa4WO6s@`PJ7sfmt+h4J0vb%d=SnlwAN94TDD*2%c#gmKH<!s8nkw8yg
z-V?&dXSTok`=m&zXr}PXFclU_y|A!4y91>>5w8Nl1S?xEbhBUm^56Gfs^uM0MaN*c
z;9x~c22KCL`x|;Zo&=tOx-1)A{|a}w{;m@@;aDf{u^;eafzsmd@^C(ozxFdRf@G|q
z*=k&j-I38VwSE+|b{CW?_>$32`;Eqe{@M>>nAZ{?-KNxGmi^PZ)-6i`ih_Eh-2lh_
zM<=#O0-kazfTcC`lRpF@oyFHi#wQ3|c0x1CAi<5*LY29xj+KzReZiw<$WH{7bA3vj
z_Di9quQy#lNU2p@x(t0iLiCP@Fi|f5xLy(DaGqp|YQx{O5Vv#Q>!vtcM@Ofs!(|BJ
z!qHOW=1yN!jY&zj4j&a;uHr$Hi^-qvkjY}b_R$?MkC!S^=<VdOKh^KfMt{U&>?Y5g
zp`q91^%{uToq&@zz$nZslU2jUwuD6%kp>b4jbZm25pwC;U%xb(tnf#Oc)v!M&_#cY
zo2<Jdde4jF-Xz@qvD%q$1WuMAsTm@9^4iT=uOZ~4Ma%=&@rM8QvKs^;k4>xX?mA5*
zM#D)0*UW{lI#z9xF17hh_s^EfP@Ur1QKgexjobOByR6Yk%AI}BBk<yi#c&R@kK{zS
zyBx9--jK{_jVW4oZU=~hSb-&>*T16}FGLSj8Yt<F$7!EVq~sv$@sC~HcSaB~x2!<i
z3%tyFhfq4WD%&}62~>x*EyXHxm9#*Vg3Pc%ljix`e@8mrk9&0GdTnXvtFN+)@<dHc
zOx{Ki%g5tMJ=Td}bhmg7+8|(K{lj|%BErL&(e~p#Ynf%}V~xPo5|4M%r!WM5{!n;W
zq#}%k@2_`x%`uwZHWm_~qJ4q9e9kPgc#A3h!w~d0t{&%iYI=DVa<AW9W<6N=#}szd
zbl9mMk=wFnm(j5`?gY@8d{s61Vg9ast4O&dvzh2eZ8Op7+;!mQ=3a(W51#N@wA9QO
z+kX{N%^y(8L*OKwYY!<Jf_B9C>l7LOvA;#WkA7^>W;{^LrTl3_#>xTVtly9KhSHJo
zKXp>rY>nhGR5f{VIlNNL(mX;(Ww7c{9?jS5S1OkZ(?)iwct@d1vg1GEZ#g<W)-k`F
zVRv+-T&k%eD}<$oC7V9b#p43+glt7f=#Gfj?PIqAPv5RZFk5X;VZz5792P>tNEuj-
zNvklkNTB54AcN1IYuyD2jN|D4hDL`#N=ACZ?-<;g%5g3=*QrJ1hL73fsir0-pE*3*
zAB*7GdjCOMO8>Gm!1eyFLfBiKG<tM=EcytYN?&;wo&EuXW;$-wh8NArz{qA~1)K4t
z9gL{$-#!~#-PKpXjD+Q+ew*abpi?h;bv|vo;d|0ttuoy^-PjC?)WsY7Xmt4)YS$<u
zI1nfOG@Hw<T#mHn63~ZYy?Ml)Nr$AhGt``I^^vn#z=74_U?B=FxLRyye(vJZAEt9G
zqA^vV?4J-V<&=NwX&RFak{8wI#`m7AIGEAn3P&_?IL3Y=q*;;4xSy%yd-E-3Ec?8z
zWo~aRrahsAQ8hmxyDBhFcx*q70ec*-T`F5|oyPAh6aAsPr}zEi35iK0v06AY8%uV1
zBbSQ#w1}2?kmCHjsfC4-lvb)@o-{&~bfQ>sQU73pyqo6}KZ?!Dc5ghLhI{=ccB4%1
zc066tN-iA3)Z*mBNJV?~#)yEV)crpbqv>KyIXzFI_$DXF6kb@c1Z`$7Rdlc>E~gRv
z1C^})&Bd-Zw-@)h4^_RtcVs?0)1KDURKJCppUCG~S<_>3*YCNXzDi4XX;Xe^GL!0E
zuaOqC-z_cGV?1Z>IwMB^;Y&>(Vkk!Xz1WGB3fC+(jrG>v=j`!AGNRn^%Mq(a8}b=N
zMXGdFVV4VGNQd<1G==Nq3tHvxp}+i-ROSS-<zn6k<Ub0ce1oM9dQuA%6XWFMVxAw0
z7{776dz>^ID<{O~<2^Y)(;o>$(r$K?+;UiahrBIjTlwMG!c6jxQO9)WpSr%w&%LDN
zs<l~W#tgo&nGV0}blzk$7k+M*n6S1s?Tew_C-I@uTgW#4BbSpDL*!nD2ejI_|NXi?
z|Iv|JkruWI2gja9v7n%sNbU<z^(ERyM@Lr&SHS)i?i83DvD1s?*1vw`Y2P&>N6nZJ
z?M504$f(Re`ET_F;CWgRRvx1CvC|PRP$%|knxTg!acD$I547cq2;owAQ5lW1rMIh9
zbPkyaLAK_Jdk_?961Q9PEnzq3-Lhmp#$%(v^xgGwLFscpCqu>dt$iU9m=jUQU2hrA
zotM`COf=IVZ7t6w(viB-tE+3Qv3Rf}!FTYi4wa~B1G#+t#sP64q32JxKQ|H{Mzh#T
z%ZF$Qa3m5u;^O5xEq~fm+3osAJ}wOzSQn~8e$l!c4cLB^Y0S#erX(Y$4*v1;!!)Cg
z)KVZ4X1_$4`=#=!;$)yQZO_0kG93>OXtF1l7v1}-LX4RL6=#HqDyRG;S);L0(rs<`
zY$kHtpL?n)DKBo;5mM$BN+@p7(E8z+U!u{V-UbHV+poTGdG4-8@XTMn?85#r5;lO`
zH2SUbs+iWwE|5j5nREEsxWI9o<zo$?|9Hy~hd)LGc}Wa`B+0rdTVqzneQGOEX_Z1n
zM~#nV=9(OnUs=g2C0_gM{S8{`iRt>NpkO8?H^9qCWlk+AC>4(-g3AxHzTB~;B>dTJ
zk5QLhxm-7$pG<t*Wb==(74^#1-7x`VzKw6<G{tFud|(=j4j(_I);u6TK{cyKA&Jd=
z%vX#-^Mkb9_VQ4we?B>4mXMGJt>F|iYfgI@!d0sWS-cb+<oZWVMn)QscUme5NixNh
zQiH<-w@bO6$>2b|a*2+XE%azS;H_**Tp_*+p^gs0?L|kHJn?h2yEzt+BZ6>um!VP=
zyNU*b)DLhzgsr!(a_mJUTD)!ek)2Z^9|ebQy1(gvflkwoe#3^k5<yCvWgSat$?Nd8
zg3n|2ej|$9>yPb3A}Rup_nQ&O*IDg<t7)x!%5tXr@B>0#1)Yy80z@;DzHn|#cO@Cd
znA*vn7PMRv!L$kqKDi4oLm(sfEfO8B=PVBfIf#6im~nAQo)V~rX$Zo<+!c<|<HF(x
z1ICMApfqe##c3OTHq+6W=i+7=Ued7|8p<*GySi0lqRr_<yA*K=iodJt4)T-rqJ$YC
zVTy*9fssX6d|BDNRK%t|7fUi?5&Yj%fG+m(*_5HUT<?8O#G@MAAeXeq=<k0}Q03$l
z1O>#a<OlB4ezIWsGZimXUM|Ax(aR+-KkV*`>V8UkM(?SfvDiLx<g`EAYE6hqtD0Mu
zLq^E$k{=QuFQpsR#Kgkh>vmz9CLXoj|8NKLJ>;oBR=e4=@sG1ut|E<r@vz~j>r}~-
zsF+CQ<Pbx;Szdku1Phr=TwlPEdY+q`Hd9F?_vbUhld{8MdJ**UwK{ak#r1e0(QWEb
zg|jr{tvGvUk|jZ*!(e6O3Agsi;tL#3R-0d!pN3#AvjAEZ(q=@zm0@|0AAgg?5=ZeN
za7*BkG2v@b0t%e%gYc~ZZfcY4c=N{{I3zRU3N$37$^&x9pX&s}t>W+&Hxjm3*bJY-
z#5v@63Gzvc$>48F`J>YvLb5NtbHlSp!k%u!`k==(E)$e;2P>KVvb-exL=YRB`&O7w
zHP7)|rS_5g@+iGOy7?!$_x11o&p{^wPN5~B6*6+;g@_0jjpqS~izci2t20}L4o_1v
zyQDzvC#11>vM}1@Mtfr*ewW7_!wb;oppIO-yV)IG+xb2`V1`QIx?Qfr1l3t>jMiDj
zF|&0yDN)V49La=T9nz@y@{$%$l@I*}UI|WXg5&HQI8HA-@Nc~uNh7(^!Q%6$6<+!6
zqsq>%?y@HW^6Nr{-Y)gWkKbop4xIaISrQOh3Ou}8aKwy^jBzvtxl~_7a+6NrygWiN
zsCprH3<ldn2B!^ni^};{5GcIoA)-}NS8zp^;?TV;dGznecwf92ZDfXXSJvD-hEhX;
z77}t;sPOMvvs-4kD%49_mzhC3SP>aP<xpt(-#sJT^zMjrw;Gx$f1#RheJGt9#SkYL
zqxx+^){^vi<rsd!;EK@&yB(=Wq%EVt!~*GdZ^Wl{1gS(uL7KeKLfvL|YaoFd_aY)&
ztqgZqEd)m@ue(N7@>CmbN!68VOOi=T19|4#LMzW(BZoEYI2dM|6?@k{WaRq?m;7<+
zM(yFdYgb_<sRHM6ov=XV(4s~z2v(WqHzSiEqlLPg44(G55{2&>ey|e`Ctvlmb542O
zVrqzpw0T`3yTf^AXj;M|dmUEzd7+0nwUNlGb#=A-i^=SSJPFhVw=98y@UXX=n}(gf
zevNoIf2Mq1l<PH#Xj`%ilS_?`O^L3IqI$i4eSw5X9ed{ChK{aTYa_pr0AWBd+L54)
zJ>7w>IG8TfImR?$IXhouu!X?W%2kSrz`uU3-fY01r(WwshbEs{J=znXHWJ77`i>aW
zkheMF`=j-)2aA1}GP<VIFy!Yie8|BQ=Vkj}xIaT5wjvh>6!H_|uZ%CfgtvD@&-&(G
z`$A>JXpJR|F9+dybmlH0*M=g+aAfU)O+!B?P)SaiigYVo!_eie5hzqU__;XZEX>AA
zW$}B5Gh{(WnnKqj0%%CT8(WXb^xhRD!bo&FPou+wd%{MAPE+?U>BMV;Q+>_(+11re
z5quAiT8Ct1QC`S!+fXW3lZQ)&wWd*j{~|Kdma{3f2Zv3*HKZ#LF_|+OS*Pg(%`0><
zug{;k!Gepqx#Wgfb;dOA9#DQ>d3s9x`3H>?7WU)?cx>nI>4vGf+1TQI%2hhg#B|5^
z>a9UKz5-4_I$*Z4f2Nefc(f|l*)SJ;q4xSUT&rtzlId0}Bqb%~@BO0(!QGXL!(^q&
zh8PH#Wa~c2$YiH4|3raO*P`~}X>jl+_Val=hL@-sMFhbnj$|0cH}k;R;X1#JdB1i7
zEQyd+nT{6u^gITq6rT~IHE7Kp%<k7RMdHj6_4Qc7fm_Y-CG}0kWfgLZj3sRM5a9<F
zfr26!*?A-WWdnkHW;&OdMDxxQw^1h1j^h2odq|&VTCfKKc5A>=qzTuZta6bC`p#I6
z9Ui|nQb$oB0Gk&$yh%iUu;;5+RxQW`zwbs#NHgf5)RIzCig9MUd%I(8(%2yC$693Z
z^WZxCwCZPT?8ugbkfY<`P{w=_7aP6PdnWR~lsQ|yl}{3+qADOg-yNNr$T1kna6FiU
z#6scV-lX#lYM`Ki^A`Q9wZ&&E84~g)gX{BZGHa=3rH@!bLhbQlGC1r+PB%TIqPVwM
zSZtM*Uw=2){V`%WT50Nu_jw`w>Xj=1z+=(TBJFO^ZR)<IWikcq?R1ZuLcls<lvOlT
z%y~O(ZJku#pSPD2EWs=+BPcQ{202G2oZUMfX={I6UlDlvtL;I64wH)Y`;<XgBS8gw
zN;X5M%R`fDKgqO1!^0=_<k~Ck=PHF_EqPne{$nSSqq^X9o-oqFJ6d(zqNR6u8VG02
zb6FNIUYoo#5P;dVZ*XGH%ewcBl+r8WSYxa)-dYfCYEUTA<?97^9-OD?eIXAIr`)bT
zYWkwkGwoiI2Y|2>P5uJXQ?y+I1UwuZq9L@&=}j7cdR~gMkgNR@Ki&55)?_r<eI*xy
zncb&sou*ph_nb5|A%ouDX|ks@{l(p~jIlHWLysWZ_Sh{Yn&S*}nKr%jT3tJa=+u6g
znkq<X;kU9F6;Ay8K7a=)2laOnAQ~{CcqzSkAxK@ORKTrns(>oc)O>#5kKV)lnvBd{
zK3!^XI6cg8M@B>h^SMLL+hs7l+<`+^U)vT_c#DbuqVu>Tim_96H7P(iL|F*;q3kQS
ztEa{G&K^7ZK<;whwa<YjW4P5K7V;wv&YzINOwcax8D?Q2<u?dOJ6zE^G#L}*-?sFU
z4eA5m*6xxVI8#f1mBOpYghSdAqIx4AV+r8*Pu-2)@HBQLIxVeFFopc&czA3!3klm+
z3oKS^!k%ECC%3H+0QVZSq^;gJF%S;x&6Nmz8m%_oFBMY;A7~T%C8VTiRjs!`F4k68
zWyMDzSwq6G(B5NogXr_*<HKa!9FT~IE;X5Bs#r{Adlk1-1c<iTtj5N~aJHGC+|^re
zjV=AH9#t%g<2E)<;;@nHG9F^GS>_!<y5q_!-`wc;gY`V#?me`a!RV9P{Wt2h$jN<i
ztfx<rFDjx)!=GtSnn_rrRz?a)fi^<El)ic!hzXJHA#a1r>jiJ$d6nMn^_HJ{SlU=Z
zGh@46T!Pf~)rTnJ(-7V|Goi<w_x%DaxQobvt4hKSj>r#iyM^ZPms*Aoo?PfjX9%vA
z0i)->YQf$bYYh)y3l$4iPq8UNh~Iqf6+{t|Aqk4Vwa26#wOSPnluZ^cQp~F+yes-y
z2FdaBs?eQ<?ui<Tyjc!H*>D0F-NtZ<I5%>$t3i?CHi}UC_*++~%2_lTNWJ_rt%+JE
zi+s;>Bo1FcuKl$RE|e%ox(i&l+f}f}t-=I)dkOEhaupe=UTd9RLTRO8&q9SlxPGh$
z8FJ3pjN^}7m?^h2U0@gdhr(hr9j*!?<Q@f53W&$E$Ihug3x(8enaqA*m<a9RD$1uM
z3_|Sq*8R>=N@1csSi)H%J3AW-(+QQd$B*4=9uWxvfpuzX#-t`Q=Jr;2bNO<gK9wz`
z-lp1?Y-Sowwen8pJ+GkhP^=bHtHDuk`3Z)UyCUv4N}Rfv^gM`{3=>gc|15k$?&O$7
zysr+|%t}dGE%U3t3n?1qs!NtyZ`I@q1oBm+8tuLUH0`s1SEyj0UU@#WkxGm|;K0;0
zIX>Q5t-}K{S*gVP0nGJsxmV7vM+*hhZY2N`396|P++EO|(#?ZuV5c+))+CB}=d{(M
zk()|oxjsFIjA6chgdFnfL*gKp$33T(YT3Z$r<&)+o}QNWkIxdv>F?Qxnew;q1w2<1
zZ_ZEo9p7mb=a!2I?`QDs@>>%G_V$Vre0w~ZYfXJ9QG1PwiTSG`xC@O&3}Yn^D|#f9
z8wtM}5Y?W@1Yf&iD3Z56tn_s~dB3bUWZIPe$0^vTC+=OON({lP#gOtAnfxpU>+nbK
z?4|I?@J^g(w^&zCtnm8j`nS5z6z}0cGU)%Ft#Tx0laPIxKmd>lSBnExK@^e7LYioq
zw+c=!9%W=Qv!A%jF>Orrfpa3uz+D|kFt0?$+PWIDi*?cGW>=P?p(`02wbQQCd~Gws
zh^L`BZZQjCvTSk|EeUpc!NI6E3`WyDbZ`-~oKQ|FU!h91EE_>aBo`G89W`1%Kqr%b
z_Hwr?|G2%+0ebZJfh79l*C83srY{O5iutZ_dIUisaKYRSM=0VP9bw|djTufTrnkG7
zjE2IL=*yYkiF{eKK;w76y`6R34;(z0i~Gbf;0!s~k<zxLSGt4l?E1l)CszQH^cfHU
z#0q{WEc|9ZP}v`g%kIW9LL{)A2A(1x@4IGuib2Xp|7%wgv(pp7?5yZKt>$8hc>Tw_
z8NC}I40Kh#dlW;qSsB(7c>Ht67SlI1G-Q{-pU#biWgaCiB9i{hCscJCE%S;&8k=ie
zJKtEpp^=0?((?;=os~xxe*3mK3CmNl`BAtr?l|kB&msx#eSSqJ0)O9*oDb}QMp4uL
zuf12TRK-W`J<)3NN_YdUt5#PJ@9;oD1dXva6+hunIVla2{cmsg%k-bZQS=|v&d!L*
zY$2eRa-lqS7izb1zwV7N_}u`pYjHpIbs!>2JHH?&r>2%h^XZi1AAjbazMBlMjuu4C
zZ(l&Kws+jl$1kztD-;9TCi2HN(dFepMf>l$gegmh1*Ec{?%g<GMdE($o+wC$g-J(^
z31lRLL5cR|RF-D@dTS$G(Y>YA$^1~w<bqC*8~wB&`mQA^=%F1_vaRX<*4NEw-@3R_
z*KXsp@2CRN>PzTn2LjzTebFWqf<L1n=wtUXcmpaup@$1xSM5(#UPE}g?VcLc4ge5u
zA6@Q)IUB#r9_Binc1^iZJ^Ft}e2Hu_vQs`g-zTftpLK+V;W&7>fJBnD>hCN2ftoOs
z)*s7Op*8~f?V}q@HPK`u&&D5Z&x;nl_<`~RX-@`xJniXSm4P-NBty@5h?Jkwk44cw
zMq%9HR<A?0wK?poL?Ur+%4!?YqsFTdBEhHK<n&(v-{z$H?iva)mBSyp`>Cjnj;qRQ
z_k;v-_`fe%oe=I!K+?>U8ms;ctG%>TWL@k__<IC`AuB8EjzlO02<7L9DQ|xy<)&i}
z_p}ErGT@v45=$qHvWP|$Sry39o|jUGh=_@x+TJ=wlN0ATIsQ9d?|h-A=6HDl@70#L
zwnm@KpN`+r5o(}0Kktak`nFlfZ*=_ejliIYh`k`dJ7+`NMuUZOKVK5wU3`%y%M17g
z`J{D!&)Hx{);v>6!j*$=cc3-fByn<!!>soY=?}_0H<Pv5t$}-wR#TP8$%mbI&%8Jq
z*dfcTMn2`IH}R><t>2}oNPeU18n0l3jb+d20(jql;}w}HukLwA8Ff+~4f@7`U?fMx
zD=|7(^XBdjJ<+a%3_)uD-`Dv{k{QTHz2RzqYA$fSm7ibx<WxvpP0d#Kcqw&zdfIeT
zIPywKkTJIEcEN_LxU{e0$Jpd#?%huz#7ypZ(9JMzJ*$qFPrDB0v?VrN@<`(KS--wW
z7mpAg8Lb>OKt-b||Btu}2@hVq9!^(R*HX%|H~KZS&*n@o2UaYZUs>Km<kSA#Q(Uc+
zl;WUltNOnDwqy*GdC|=0OSAU<7fk!~&cMXq-ftS&Wn?%)?DawJLohkN<>53~{9)iJ
zR5@PxQ$VFZ|DTzlZ|<kfS05edQN!O1S=`h7JcTiUb7w}gF7UYHo+q<%?X{SSkJw&b
za0tkhT%T8j%Wff;RlD<;1!!bU)Zh~4M_t>qQIeLc<DKs;kQ@v^wsBTL1gNf#`~J-0
zG!yaJ+S+I98erm7U>OXjb9O+Qor|30z&i-uvHVSwj86$@&tZ_3TAv9(;Cei64~2qd
z+*tvBulXqDx+Nl35=lvWFu`=u&ryWrKTgUrY_C=23%Q<Ee}*DK95%*8wq!51ul$j{
zV92`QRn7&H>&izB);YCLic$M{;?3c<V>Gfz0^TzC=jK#h7HH^Wo{C6tGrGg^5YPPt
zXTMyEo3pfNI-MVp@(M#T3<yrqc@z=!47jH~*nrMHyXbfw^Bx_{4cX>HDL6(aCWQ)B
zq!2%C9o)^mf%N^EQ*PTA$6Y~g=d>2$w||1)U0Ka_wlQcG>K6Rh5ht5D;)_-24iXEU
z=XtpGXL4ZqpB@SlZUEB+Rw2qgP|8lStO&F}0MogJq|Cj#wPw30!mUiE+*Fg()O){R
z3CaI5K(<&z@eBL#?!VpBi3~noNQ+l$-bNpK`q(dZ#vs<a)qBXO$E%C<SKKhRF$^Y(
zl|BL{GO3;Y>B&(uY_QTELQ-lYf)93>?8h5xd$?KMdmX<Bg7DRfMWRSP<FI)1;`Pj8
z-Z_Y<$w#?I;BE0T1t{BupXzz{i|XltX*Fu4KX%tpjrHt$nGdwY{)Bi4otdGTBo!5v
zWwT2k&^T3E-o&F~;}3Q%)Q5yc<Z0iW#WCn*fLI3{u05|>c2>u|N(l~&9VwVzd+$!Z
z#k@zD#m|2O^b~+YCO~P4*VDo!@_?T8#Zc@@T@@##jL!^3+%jkuQoKcrj`6=fq>QmK
zq~XKq$#QNqZgq#0@;HUEibqyHHXmP~JbK-}3_1RGT+xYivN|_v7F@Yr4o^FcYWQ8W
zx<K`F;WB{v@DUHP^Frs53XkXv;;y!`vxg1t?0tb}U{q9}n`f~eCMYh>5)lz;HI>Nw
zUzBZERh4#rvfBOqwRWQ|iB|udaz&^B*2nz32qZ|lJG8e+sX!)jZO?f72T3yGTcn6^
zQ*$HHiRrQ`)1?&6%RM8H2mrSmp03FZOh&eU3q08x_8~8eieq!uNlg_qyZ0g<cw7#s
z2rDZv-rQDu4io6+eNmvZu$0OC*!EMSK+ZfwNF<k>6x8*be9i+O!|r?&c}w@J&Eu^>
zE=ZG?$M#2P;k)Z|Y0f5Gv5yK7-<P7qJI;waigd^=YNa}Ar+l+?ncYVU<LaY@-Bf<U
zicm*K$UTcX;P?=U1Tui@$sE4YFgh;j&(IH4;a9I4@lXY?bHvFhC}Yy%L=^W%f>6jQ
zD5BHS!gZ5bl$n^bT0-Eq=v2G^%&MP4JZ>g8C@D?Nx0ER4VL-ng1Kb0+Qvj$>%8M`p
z&fkDmt>&eop@I94>uUuS1wCaZJ<W7EUpAVvsQzG-MCsLgLfro3jXo}id(Ibtx9TIM
zAbD0vRBCK5*a0VMv@H`To8k{$>(b_jWR$#o>6ReEPOldEOfW(${we&rzgup1i#;~^
zD>1W^^GrIQZkR0;$VbOhh6TrAkbn8|B`lQtUG%z8D!Wx+U_e0f-rj!A+{nki)3Ck>
zGPVys3_Bw^Id5sYT4K`D{#J*e!-2=VFEqphl<+Bh4A0JMmml=69}s0b6XiQ%);f<h
z^S;hJ_>RP@i9wR!9x03dF2HZm77IkmM}x6&g?bdd^OgS_I{X0~yk}ao_ixhowhk(F
zdsRWeB=<c+1>^|1IwMxUE>n>gUfhCdEah_VOT`zmJq~M`*4~IB17p?AX88IF9i@vf
z5hHqvp;u%E1|UW{+gy%$;{!3{I4X3R7l#?o<s2YbV9$~!h}%C?m<V(w+Ue+z|Ih%>
zuZ{HX13A-=6Y&Aeb;OA9e_XCiulu6Z!g8&_oFrW!zhnOO=Xz3p0-%q@z6w~*nlO}=
zB4#c%&$YXMdhvW<VVnff`u<7TVVn3p$P&!d9g09i+1kI{2i@rF+P|?D*L%+MpM#Ks
z)d5^v0(d`Tzi%&dah*hpmPbOdqx{n&!>C9oX%~RkGY*IlOvc+Xcwv{T8t>1q7|#15
zHg2~D1K7pw?OC9moekJnfql!ZJ}0=UHP%axk|9NnjheABpa4A|N-wZs_0*UEmH}1Z
zV}&JpB`B?rOSK^o4y)|IA_xsg!2H-)bj%VgL0dBHX95z0AHiHvZh<tMePbFhRsaHw
zsiyMl>h)=@i{oEsXuebgo^sI_Kk$1mTEL)Px%yS#K>zw=?RE90;a>pZt#ic8X&j^^
zB)&E_^O%6SnrHugh`+Pf-S|{b0E?Jd0Fhttp923RpWsbMs<K<hy0UK`B6vjJ561%K
zFmEdLdlA={TcrgA6A+1>ekZ>kwV}Omd|<;&5`iDSbA5M(_C6};8y7N1kz#;uS0M9f
zkEkW}2#ml`vQlBcxayyn*ha`XCDdlQ8<3@f5>hfle=99#A``%<*&vGWEAC1nPqFmi
zpt8D#j1fZlY+`$!devTo9Wg_$j!?!_wQ|G3ViiDoc9Z0}wN@IYmH>{t;=Hq5*Jy0A
zNV!ZUY<I;=9N0-5oOA(IGw*biR>6hfD?@2;IG#ta+{TywrY0bru$4--v%%fzS06d)
z8O;Z8ve3;`W!&ZUrq?miVydc^SC?CVRv?fXgQ?=bVu7c}Ul&+NaB&|oYaL#xl$NR#
zQ{3}H6izHcFp!|a06@~2yb<!Ve1=r)S6AVwe5q3FLz3koUQlF+&2cvJ=kN4f$<M>}
z-TWu#3N3M<!DMA-eTLPnvys2#c7o@73*0+RSI6=*j}LCRMCJdm-5fbA<ROHBmHrim
z-ROKuYJtU&9bd+PEGGvHGzD?+g!N=(r0|Z96R;@P#+`54RvMURj5PL)f$VCj@rzcc
zNW%&N;Z`nHY$y;ZjEM!bm#F7QnmYNO-V9DsP;r;bo}5oSa<jhC;grvr{=8Vf8(p0X
zCeqS}86it(&{tNyksVTc_1z#<l&mX8<ig?|_e-IS6I$MdED$d9NO(+!>mmp47Ya%~
znOM;kx<yO4JRixs`{=a)3e7H=kG1hJ@HqY+pT~O;W)Efq!9ape#RC4sI>7(k1F3i<
zDj{z27MG-?WSW3m%sG{Oc1eYN5Tj1z?sNp;F|Z3;=<nAcp8=PjaeS`imigoN47g>|
z;6%4Qr2G}9gj9~0Z=e_kAy_hJzzA@MUIp?6S-+gn#3)J6c0aIZg;D>pK)+3V4SRMn
z&EO0JTSC&*Ny5*cA!^WTdwhFY3j6C2hHU%0<f9bwI2w9-qofXDu<XA^GA_9CJA|{w
zddBTp1#1OJ9X%NLaSpcw%e`OT8;SfFG`uhyBTbL;r3F;oPrZCZqk)7xp#QKWhX<RC
z1V@G|Yjoy3qpeyR_NAt0tzk=casxXqElmdC>$KVSOz=&&n`m0%>ezwSlWi1){M?0&
zi4e~KC3<~RQsIgp@3o?&Yr0rXLFWLOlUGdge+zS()66rH$@_(XPN|$gPN`tLS~`&w
z{Im=HXHpH4Bk)}DlV$S%JxR#PZC^(cI^yy+NKi1Ihek#s4>}*N_qTe`6LCaR8(H^w
z2L+@&9T{XjIgT<2*0_BkCnn`OzyGeF?=*&>zhcazTwEj>t6GM`V}WHX3rQ`eY8!bG
z68P4c&)wD$dh|-K#Pa6sc|`x!$|tK;FIJ*lBx3+bkPqu~th)Rjy@MyVq!|L(L_tC5
zrw6!eQAAs}fw~E4r6&j14s$FiwU&~7fFK#oLkJ9*O{0&OGP5!f-;eW-p6H8Q18Gk3
z{reoH8u4=b&U&K**nj5|*$!5MHrN{l$V)m{SX>O`K81S#9kcCO)V1?n$jYLH5Ps|E
z0CA_(6pWFZ!Rz{ae0QQT)|jL?E)sdEFCypj(<8+mkE}>;?gwyA)PMGo|CF|Qx!r8S
zJ>~vE8^-63Yj8PEdYaM0Q7clMUBiOk;p4sDNVU2C5q|~=|Bi;329qA-SNmq`cpX{7
z_`N>KHQO74puT#00^K6bPr!!M=k_;A|6_}SqT9n6MGgT$wG;eE2+)1jA1CBtoRQ_F
zWHwbzsY!%{{NKKP@4l<p6qC020eo{~D_L+BW;_21+2^*f<umQiR)qkEzk2%6((i2{
zk@xT49)y-?aLYdaSc+!jE&|`o$Uy1edG6L>Du<_l!P~_9dknZ#Wu@3iKiCbhosE0F
z-1s}1i=aq#_M0W45Dbn@7LBI27jK7B>>L-^%dc<NM%y81VhNDaX2*^uY3#ZR?f&R8
zEle*)_+_!qz#CzKzCxJMY^AX`v@rsJ9CuNnhE&0G!G;i56Y6S;2h|}Xhda3RHJnlH
z&FY3z+vs=3RkUvd^6T8G4YXRlhqExLfi<>YwWhNzTu7-LCO=B(K#KyJIU3N1!IK4n
zjCOkORyPBpRP}(Z^mZFxb8hx4m=&xD3E-W6wd+q6BLW{tRxFjn`JPG(G7)6+Vl1cS
zOI=s$OF&gt;l{t367;kzo!^$aKlz@yGqf?e))hM93iQ)`BEEk|d!boXRrC62XgAu=
z<cDW$T3VVl1?Q)ijp*+c_0fMQ2M#55C~$Bj$fk5-8Z`^aAOD7uWl4JAJTOeY$NUod
z=?fa_CIwquyLZB&LWqcO5u}l;i&8!xFlFZO3gq$Dpqw1^qdS)mHGlPsuCmLzT+f9^
znzSDE(fu6s$`}7?H%FYy;Xpl-2MLHI#Q2?;7q*Vhy<p#}u-b(A*Kb0v5fCUxGDj{~
zzuwEG{XX85%-FOu$*nXSFOJvTo~!ia^5C!{rHO#o?{Yr0P2o+3Nd2-X0iyvL+OzKT
zqIz@lg6G3f>TBD(y(t-k%*9sePfAL^dh+4P-@~0h-pAHQN7Lhc3N=9?HYUQbM>ckO
zc_+kVh#aRRe_kZPC?V%-u@msVL@UvMDaw)w_?BvFSjpP2eaFqD6htORl5kl;J2nIj
z#Etvd$d!}B7veXSUl^D2BRqrI&*R%SV15c`?Tg%Ubsz>qPzU63ZB^iDw8cv6ISb~O
z+Y~5<fL_5?U7HJL%W^PR<utpTo}YC>yWy;LTQzgx4X5@ev$O+VCH>y^{k%|DbySc!
z9uHMvWzAW+*quc4XcQ5djC}4=pqeGf`PM_ys+fCKicc<<`PTLIG3cUCnVCI5xiUp)
z)f-<V>M2(FyOH7G;8yLOe6!YW>OM1@2=+?NlGI@Ii{<HnqFw+`6M9zMEkT?p3#zv~
zDpG?Z{Cc$w^$g%C%=V|BiGYXRh$)Pp5^?}%_CjtbkW$#zb}HIP`575!b{^XxrfBV!
zE0J|6_$m8I$zS^ZhBMRj2ak;9q&*%Bbb=0a)dGYa?W^;yTq#U<WL#nB_tyx&?D*pG
z^7AK|J{g_(!vRKU)#Z$Qr?sWQ^N|<i(nnckiY9mW1_s8KX&=xH&dyuhb~i%@)yicu
z%_b@<e=*d$iHe9+ivvaoawco9sF;u0{B|f69gS!>{Rb+&;>Gxghx^&ug9l?e*Jlgy
zzW0efx%$>-{rL_%oNW$NPo?TYiu(GuFX5^xEx6KV-*#>L$_h;3;D&C>cp_>)!!xRS
zz~42BAptK&{zx!d0CB2B8*rPZYhLcx*q&`_Cn7Gv!+o0r`k&|Bf{iF;Y6?3pc#ir&
z>stIHRDKU)Bh~vc8RC711pKLXc+9U@5fFZLTNql(jCA<z0yGY0N>J_W_vb%Z2L;;m
zu(9>&Cf+Odj{Z32u%eBdaib&mKQ<ZO1f*`LLDSo}7a6?C(|jJG!tY5*MZ^C$00Q%k
zA-DAke%nJ_&=tsHo4ZQ1Pa2>7n-_$9e5E`tsvc>@`TIXe90^(c1==1{Sc6bZ7<F79
z5WUlppR6!$KjYQWqzDQ)flB58^D63dFfqANyLm}YfjDqlJuB7$p_z@Z)Zwy$xvzAt
zJ}PtjZwItHL_2+Bf45(ak@2ra8v!JT)RH;@Se6|ebAcuRK<Kl#<z<1qiHF>J5Q-}y
zr_apy*S?GA2Xi3mm6f_XBmLvk300k)Lk+%E=sD1_Dcc63AZ>yAk2X?$oHr2Z9)UmM
zHTvPe<4W0WWH_uqUW3Jp`<q%hb)=b@#e~s?sU<8@w(?6v91sG^L6HBB0+c?y`T5<*
z<h)7U6*#z;A4qxA@UcI>^6gaatq$%+A#T7Wkg;+&mzh8BN$;0VSiK$MpeJAr<Qb?v
zJ=P7dxfR;CW;(MdRF*zu_Ks<BqxsLv!tt@1kai5Hb~$2zu*0<Q@c0Bnoo()Td3obJ
zga<%s-!|YsqA93$T!#TaLV2;*la}eN*xXXWLSI^1Sy{cVtB%t=Q`WWfZ;U`sT;l5o
zYrnT+y~{+2$*e_7KfkAB%gWE4ZB<qO>Y<hGS9CNa2P5Cc%|wAntM^c<T1Bw?LrURH
z1!nVxqO5E#9v)5{o%rGHWsyod|1W&DpNhZCX`>*_|DQoulq5ts)avQck%$kkRoJ;0
z8@Si-pZ&QuhPZ~VFN<f&!Xn$+NMCY!YzD6n{$8HrTABrwu=?w!#B!UPpE9k{#bTo)
z5t{^GN69+|E31T~*^ZhZ6b-;PMt{^ZCURWEd6VvAZSeIs;#fG706B$lAtV#vqC5LY
zq^&Jl<)6=nlT_~b@%2!XwqP%4<aGmQOl%BjW?0@aF+cL|)ff|%hG&z`dV2%rdDBBh
zNWX#n2k>qUDjN0<34Y)-4Se5Z0c(N>ZEYML59fTsh3ua|*#(^w;o1JQgdzaU@??Du
z_pPmss~dh^;9Vx+_6|Ar%+v;-K(z*7QIzm)buPIou-*U`DJCsuR1(a`oSc9N6bTo(
zu|$j3mmGuOg~h2q9|?(3&s?W(iMO|ie-Pb3MR9V<|D)@zqJrwWwqd$kx)G$iyE~=3
zOTwG(*fdCYh=imd4I+(%bcvL7htdere2eEF@8N%>2g(@iz4lyJ%{jF=)beUg=&d7j
z$z0YtU=fto5>&EMai}y-eiYAMk?P3pyyr9gv-2I1gJW*2px_sz$R>oEScP05#`#T6
zQC>MU#ZvR^Z%v_<*G>A=UJB-WBO~6g&30AoB4u`Vj%cSpH=a|Dm?*FBMS%sSKcWcu
z@i_sDl~yU*KnAlV_=7%!1wDyHzsx;>6v!zRtm;4;(>q=s27xGpr>&$8z0AMmQtVk5
zCj$vUje<gJ^{b1N$KNx@l~U_e>Lnm{KPB#U1yva~#k7zIa&B{zJo}dbBmnp8Ig*9%
z;AiNzUSJN{?iE0(*=1C<U8S#r$~4LyJN@N|b7Eo?)nj}lU*6CcW4JJ5zUSMjETA$A
zxWdVwhFPfBDDbrIWjEg)UTM#nSh@UDYXJRP(yowCkbc)%=Ww(x=>!IYJYA6?^Zz&I
zY(or^2t>VS)z3+U`Iqk+4PN}iVh@lBVTiB~PO>R+tTy^f#S@j!w2JYvRRR1)Yc-~a
zOAV2O|BiS5kPZ(IcVJ-e+4{Cj?>$@mRmNGs{6Vwsc4R&^-UnhTKtu~&b`T~I5+_*E
zQbGaJRdsi_3i-?uBp?4em&H%r)7!fY*kSjaPK5J7rgsa}(!z^wb{Vu@6aS!)V70$J
z9O>w2KrYnf!{L<0s<by{_G<=z@8D;}T7&H~O?sJX{QsjJ8Rp!WAw_+4R@#BUap>}K
zY1{fp#9p^BO8~waytQrx5NS5zsP&vq&CO!l0@{7Z>oqoo<UfdSmcFq3gl?6*II3cj
zM|bXdy_mDW_#*$;v`#&mD^1C>|H)^g3S9k9P>R*0Z8pLB%7Lmh$S3h}o0$w0o@ZVF
zL_~Jarx1;dmTcl(D1l-Wq=sh1zgo7sXP48_0>Rp0szfQ&#-jja4HrvQJe*I}<@C*|
zfJVPBV22U4GqMw4ru$Mw-R_PGssmP(9FyjMpR^k3J@l(y=l)aDbU#}b(gQ7npJPzI
zbM>JS?1M>Y<04+tFDtPKMFPD~?4Ewl!pO?W5#+BnC_?XKmY*g05l~-#^E-q^MIpUA
zS%aVIo#Ridd8o#3loo@B2X#bhhm_A?=Xk;o8+#(am(%9fQ?*i$?Vd<82H=V=lg6m8
zE~|B}f8XRYr{Q*bQ+6F<H9uJFn=n4*%(5tm6Wv<FX-Mi^mGT0MaK>diBIRfK&r0H%
z{4B@@NNREAYAmVS@YJ{CWS}sd{kuYn;I0wg-Q{)p83iyouk)&?2435&<GkHL6y|k6
zz{OsJ?Lmot1}@QyKA^V$>b6A}i^j4A7O|Y!L<vm>_huZ&8$i!5OikatOPrYX+rXyU
z<oD&2VNkcZCNeL%u)Ec10TPXh{TQ^qag>C&RC@V$pDS4O==Ms^2*W=B$j9eVj1g?0
z@N(y9v0YBLwaus&&rR36tf^WTnRg?78~z?S!nC7jy*F9z9Emox<IZmX)#-IFC!>C%
zIToeOS@YX{7HzAP(Vji?>!R>=+H>)LWlpbB`>|bz$sXUMOT>r1SZY)gAAxeSIh{xF
zv7#eRm%5)~hojMenkN66>y}If5M7WGds?c4{R(>R7Mj_*$8w{)zY2i7s(Vl#5Mi9J
zPAwiQb+g~+?g@(1i06aAiH+=F;{DZ%4`OPjF2OTHIV*s)n8SN5yn!n9tJx0oClbcG
z8~cNnGF+{Bm(A`J^fCVAmv&0vbE3?4jF^x@G-f;m*6N(*rIz&n7zT~T!P}vcu?p2+
z4I%4^t5rdFs*~mP)M|@ON<I_G2R~s^t}b;QI=+YA5)wL#24uQj>=jp(X83)(^Id2}
zD{F#3F%9dxE$>e=t~>ED5XJX?MDPh~)M=b%){O-e5^4YmdGDKBZji6nDpjr!TGz;0
zW>h42^$aeYCn>vfI75T=^jN|6k;$OD7<Jt0A*}z8te@_ElnLy1qb1bS6Ux5;U=i!>
z(tu(>KqdgWSr7N_uP%)Zc>nvAnxm4nd(&Y|L!<h8B{%%(K8*!7bW<5*>Eg=NZ55%r
zs|W-nxZXtf0DJqcm9I(1H8pSk{3diufBEtyqLhg+&M;BM_$;ZiUIDmb`@V$0NGfu2
z(=&1X_yP3wB9}LcM;MNByG&8W^Xw+nLQDr~CM)jbyeNZG;nz+Z(&|TR1vl~=<0=L`
ze~MEq)5cIu-qBoD*Dc}tlIM#Jd4Ga{j&F3dh(Rop3Ak6~tB%QxRGWb-adFDE7YwIj
zZg3#<@*F_(axIj}V%Hh_sM-i(L)FgCEx|Y3BH*_{FITq>u+C3Uj{vs@NPj3iBNAZg
z0k;k)ETxNg=s<Y3`ty5M6ofo9_Bu5b*TH4ovcA<f-~Cvr1tB){%7geNuxrSF)zg|%
z#Ya}Nb%Iur7UCi7xR{tvQ5q-5>auJl!9t8nuxBFPs%Q7%xdJ?5RF}UAs1@h!sxJ5|
z^e}<82k49M<sk`y#0JL)RCJ<EZb&@N#H1x-;ER4w_@6pgoF>nZlr_oOw%^#?5<@$#
zJScEtk(5x@c8PQJpA4pOkUs~iB3ZcAG|oNfhQqo2tU5mK@T*G<SQWA$!wUkYz|ncW
zQ*P22s31y-iCOh1Zkyp@@c!`dh=<y!f(rrV@uc7k0a3l;JT<M^IzJD>r%NL2|JLm0
z&7lpCZN<cd)#rot=FS_)Zt6fgg`Rz{8U^exd;u!Fyl?E@=ItTSWqjkY&ld6L9p!(^
zj7wkpWZa!!{aOElrql<g&^wL(Z=QJGdrUGy(3p7hO88~ix^{W2Fh+`1>@${)n>k0Y
zRokyvrGiO1Sq3df&${RL`kC|3O@msXH*kiVXUqRJ4o89bL&*yq7>JFHjqvFLn**df
z+Uu?T9`5~irKHSUe<2HFM~60k`^I>Yz4`5rz4SD$CtQ)at%#0{4E%-NI5A(4@c2@*
zu6D@F3SOt5NNLQv4e1l(Yyhud<Z?%{PfQT+^_;SavnTE)QL&_^GGJ4>UiKnVmN;-v
zpthQ**L6$uJU;G|LBvz_pyd|mvcSM>5G~j1^dB>=598voa|OX+Al3~1P(X+<iwH7q
zu5%eBWY()zUQ*8knKSanGBxyZ{MYPR9z1eYwB4Wu#%|)1=6#E;N_`5&M9d`gRPWyd
zXSLd;OU_eame=*)f4oi2?7c&>XkkwqeTNS_L~_y<rBLbR#~2wrCcFPR<;k``;Li^?
zWR4@E;4Eycq_;=2mfPGT?T!|i24qX=sQnECY3BF^^y#Pz&<Q^4?_q0bu-{&v{#kCN
z>$iO)tDzodZM^>1Y+r(+EeWyOYU)MGHDyiyi!r#9=-vI-W*?se9i;uqs4u4Q1B7ES
zKp}xTqcN@f&UbFQqPjw1S(@LD>NfhwgWf~{@L|9FjM0Sw^w#y)WD>~rf##NRU3VB9
zV1Y#Y9Il@xQalG2|AfGL{$3#qPd96d2hC_1peGG<IVw%HdiWl$jDoYObf0`7HVuf-
zucv=&hfjAdlF9i0O*Jvu5fWzeL2s4e(c@V6#@XDsxbF9lCpzou;7pMtx{}R7^1SDy
zo9No8l8%=#hH7QS?{WLxW_EC^yC6u=eXcRRC<&w23XBPS{6L|S=_-=YYc~F#uYg=4
zI4}S=>XjD8|LS+j2fFlGoAf|Yk84iq<#mi~(VT8V_U+wLl>@wF9Y08Eg>?i@7@Jhq
z!F1((`d7~Xg$YC}z6CNj)iqjw?v@CctFc{c^U5K!+*<8fQ(3=W<FpcQIx^%96-RsF
zEfN+)O%pI%0}R-v!ztK#ArBoZ$t>gN2F;D5r3#Z`BvWLJYq}jJbm?v`>*uzUW0UUu
z+6#)?zr*^_c?yO6z<?(hH3Uo`n51Kn9H!O3e|R^Uoz1cV_!q=#Hun5!19ED5_pe;8
z-CNn^4PS{?mGfIbymm}IdCRe=cCS}Em(>krhcSP+tm3S1$%G^&Z5m{}=i_RuD+EUx
zWN$1DYRHk8p7>bx)iv`o&xHT=^`45mM?fIo-kP~FjtO#Af^7i;E6A8yzxXaj)9(Hm
z{@%?z4$`mmbZAQ;Q;2?i_<=`6uS^FTch?^7fY0`&7hgwPo5x|X$w7gT)c{AUf8!m#
z%yaLlIit7abl|&@9ruZce^fA-#?2+R;9dr+eJx3rgS5LXJR9C5R_PQY!Iwj-O!0Lp
z81VFJMNj?js$4y26%8?uMiovk5Co_323RBf$I&G|Exc**#e)-F|K8^utxSjKnEjr6
zYBmG-Uy)SCq`>k0_0<+Vm_dUXucb4WpUZBJRoL^OXwD#(2b6=r%TW&1<DU!~T3;&w
z!KlV5Qr5uK)&@Ug+Gkr4S{)pG9-$z5b-d#!DVfNu0d&3R)bdY-B&|+$iYV0&F+nG*
zhV(_Y7?=lQfr6dU*n2(I#^7u}H?_r5EOp?3tkwp0<0BcUZu?}!7H@21wX9wOcriA6
ztRiL59Vmnqbc_G1cVbDv#o+huz|O@U!IQUE1%5k?j4MPggh%n}RqM-F;qx0C&c;nK
z0S?MYAd^IuFX(0!osyz?r55tCfbE$DbJ!@qpK?J$W*I44^gfD}YIWDC(n}Dbp*g^>
zRxTf6D62`0VN`gTvfky-2Ra|lk3MONwgw1X6y{2u>T<l<L+I;<vnE)>AF=5rhaKFI
zmjtXAx<x|rJp2*P)o7<FpR=b#a|V#av%ULRZQL5LC118jwbngZRH4n~w3rS)ZQi#l
zMsMp0?7`z}SpT<X$m`{ppO!pTNPU|?qOF)>D{riTJlGZFcDR(ar;*P%Q)#wcq;mmc
zm!LTf3wpX`38z;rjBE60W;y!ud)~em(l_S<kp*CJf_4<CkR*+++&!L`S)+bL6yqWU
z$L`y*s-C>|i4=XHY3s{4YV!34yaaSfP@YJx$!Y?qaaEg7dHZJ;TQ$`g(xjN*z`pr#
z^UoaX@v*&#Sz1Mf#ckq)5c0~(3J-)67gHkjoWYX&O{8R$vplowQK6#@0mcXO+t9%E
zcwh6_v|C*a9bK{|1?D<ANq4>j4+wI@(32ciQ&XdM|LfE#0nYWkhr8Anq$AjA3>WOo
z%nvZF<P#Jj=!1pjEPr#+gb{T*{Vwt0L^q0vI>v($4P=;0H7|DKbA;09tBnW%j(?5{
zbX6PQfB+`Q$9a%LRNgyiK%*EOnaiwiwAW?`$N0M!16)7}=hd-!5RADyHm#Yw013c}
z%Re)0aFIpNkqh@lUirW?L{KN5$={x+sJm)WzJy=zZ<j91C6{h4@NrOvBQc35rPE|6
z*B{TI{!z~ZkH!QWYqz&T`?^5*d(bO1=zE?81VLZusmX$G-+{*8wDiAj8%35&&Cm7q
z6<?-x?5F&!B+9eNA~{iIZRPnwsqg>>^$!bgEi9;y{bROcp6`2fpw$6k=JNuq60ku!
zqLHb6p%PNuGJ0wO4s*Tb`z-aF-bsyL3TD1%+o<MP#6aC=g+b<b{x&^F_;qI#YRouf
zt(kedoQ(<Mj-5UnxtVOECJo@;x_V;ICdTqcj;1M0iSCL9EnJsXK&z41BlUgml@hW+
z2{$#(xb4B`CkhNS;PUyeOW6iay@3Ao5DY4~w0a&?aH|yf`xycke08xu&gN=;e9B2r
z@5gSmI~xpzm(!aAi8%;B9yJ~(C#&v<%xC^^0<_4h*k@NAu+j$WBcs~{%7mXWxXQXW
z)8nNdr9g`j2+nSDI}vi^i-S@PKt!aObSc`5t-7!4693%O-xnuaTLgoZd~ZS;bIHoo
zaw}gUrSwYCr)@Mk5h={o=qeg!G3);B1Awd(T5N(GzQziQrr<>|^3bGmJWF$y|NbLK
z!hl%^CRcyi5TlXLQ6+KKd(V<1cqOkownK{Kr-#S(mp6(#;2*G(NSNU|DfM@mOEe=Q
zZV0*-x_dP3>z~eNasI?*-;)l1*uY$9#3RHEU6HWQ4NRY&E0dY8xj#A@Pvo&D7Ix4|
zf#|4UJ`=GH>7S>>n$T};_k_oLd)fdSotdSUsRB@|M)y5+)k>Y=OCju&<&E|VZI4-U
zvxWT(randifyb+>0f&ARUXQb`_{4adpB&wsV{@4RE2bsyMhP)IqotFLzMJ4J`71=k
zvz5g!o@9c_=iggOhDPR^U)P@O?Lcx*bJaHw?I-xd(VC^oErCyB$GHM=!wRT-HxGAJ
zu5P%>HCm}jQJ7?_!Kdpz?p!xG!z`(vK7Eptqli#ED^$znm+9;6RrR{O{B^jORqi3c
zYS{bk=>c1fjcu+#yxKrbRbAOC{R^LPTU(Vx5NQa5&k6Tu7jx3D|BVa$ng0ykdzEmP
zst}op1(f}5CB6Jz?>d@^XE~KY@s3Ko&gR~?cUqCst|*7X<R6i@pjOT!%W^APDCH@4
zKrs(6rK)c)NkoH1K`-iOdRGEYrv=U$B!o|g{%yCn7@l6GYuQ|}rfricF?*9Y?lX*(
zYwcNoJOHdWYzP(u{gbTyL(usE=so!bIvzmyf6sqs4LG6n6S>i9@8#0(Pd5*=L1>ZY
zaD?DL1Z0mp@cfVh<U&DpP?@Xcz*qPOT3%Umh0@BgDH#(FNQtMMrs)>{9#+h7D3@$M
z_swoMza?L(llt*gQC<BI43_o;3?_k%4nmr;boSt)mX(r%@RCdVWv?DDi8M}DtamxO
zO9KAu`J}nr5tx$^jip(t#|Gped!1bVbUyxF05^5J5D<Zu%FR@YEvI5k7RUd#CE)0N
zZzM(GQ;8BrHgCo2U3~#ukc9Pg+tB?lVTUf2TucPyh^*Gy1wcA6w)EXEpbTFZK~E-p
zG<%4&khOIbXm0r@6^^FXCIDKyK@4>n19by9pt5rE=U3xoMQa@!LDF#kx3~Kw#D)50
z7@%MJ*_TJ!8PV+Ye(N~*Sz)}*3!Tp|7)&hSxY*kQBEcjY0ZW6;gMWs~1z|d{wVX}r
z!$Q&#lb5H8f&$9e4GOt`?U$6$9Y;q(ZnT2gWK8ddLC9i83$L`I^gC!AkXOqsJC|Jt
z;FZ<OgBCpg?_59_6HX$HTv_i)XAUi`d3k`^?Gas#PIN9h9u^T9DVJSdzPCDEsxlhO
z$(w@rY;iHZS!uhh%N1~$8`gkJRW|zaS?BTQ#y-(`Wh5dJy<Q{5ChzDF8ru@_S=iju
zXFQL4%+Ig-AVwAf3j)#5rmPJ&32=IPe!N|R=|OQDKii7rero^32y9-<#TKp%r<vC`
zmyIv4f!Nj7o|gRaFY8y3t0DdBJe-}w144}zoBKK%e{%)y!D!PDLf)!7^EE&uW9PBA
z`dOW;te0R7`WqL%LP@}&!Xw2mVYD3Lcy8$hUdc?AeiDfN{rJ`!20|d8JR|S=A0Mg=
zI|S#)55Q+MX5RT8#MznSq;x+ByGIas?Ctt9NNcOa!CDV;JD+bmlg(bJfLmJt#BBk9
z<tPxNeU1)@K@+3)lfHMmYN4qw0Kjp~&9Pi-gcuTo?yTO}l=KcEf=Npt>b?HgLGA+{
zCZ_Z4zw*)jANvGTF`6a&O6tnJ9)I*i`Ca7mUkYo3^`Q||(ES-yET1r97Huj^NA%nk
z1-8SXXDK96>LR{b>l9(X*tI>-%O|?m_+YV9W%%5@P$Jj6^mhFI=7UgR_N%34TP>)p
zjgnZg6d+}0Nw&+b%Rj#!mRw-&o9waqehRXmm~_5}Cli2s*86VbDRNKz8a9_Si}8av
z_&fc%f_vbaW)?oRLl6E}_h$+<F77O#;MH385p#Mw)BD_|egkgtufG?Q5fc6-=T7rL
z_j7Bs|Jm_&DbTzRIHti5SH=+NMAsoUv;%#i*AfAH6dJZqV4_gHLduV#kJY@2DjM1{
zqh(ss%oV)Jv9WYUdY|xLF*niiHmQglnUY>PE?fxi{fpju%<JpnN^<Kquid-+;I_7Q
z;>A1|v@-7%BrcPY!R7h)4F(w>8hkVsB9#ObJ~yVS_WhB~_%yaJ7Y`Ec=-~X?7~Y(s
z8GiK^t*avl9ZYl<^fo{aVdv&H_~OMvKlb5QL`uDukyhAP6Ysscij18jGdP+YY;1@U
z5)#*l2;T;;CC*GFVO|y$?en-&-(rx?&_xCFG85!qUBzIb(;B%w4{=k^jcVQ9O|I;_
z$59%6budbVAS_574jtU-7#iLLd3yepQ@8u9s3;h!DyfJ9b}Ugh2Hv=9gVpb_FvIMo
z7F`|;^1SQ4=rE5Z<<^(+B>StMi9|`XI`!4_q}RKG3>w^McXiud3k94~TNM@6t*lX*
z{;p8hkuU8XoWNRJ?TVcI;>3EAflp-pu-tl`n*!_i>Xjf864cOf(&7Fp)4;fR{#)qf
z;@wIb!-B2dz`4;HjZEE-pD(ml+Gd@`ZzaorZq&Qc=C5=NU;S5ESjVZOqg%f`P^R`t
z^2f-C>&b832uh(assf35|3H1iU&3Epm^89OcKG?dGV?ldaA3@dvV`+~8la$|N(J|$
zJim@&kP63n1-)ucT>k=A<hmVfD_x(gP1gJ8^$w*NI5@@i#KwB9)-v6srN9PwcmxLN
zgB4|(FBp2==WB#955B$%>*&Dw{U=U~{;3R>RzccnMfmThJ)c)fqhUryu}&aVXZITC
zOhm@Opk=DBkJb~c<54ofN-9Z^qNk=~Eh#HQ8_VXhhLnJ*aAxd1aDQW9^>(F@KSK9s
z`Id`3QsQbSx|@<xV0;2t+ri}j7wjU8BQi|9Z2s~+d^C&8XBdz8*TPJIhHyd@c6~ju
zu$^kgzut!j+|3<CO)f5S=rm-fQ%+g=d1Be&7W{YA7r#4Bj&(nu-fr|U*K*W14~SZC
z3D?d;ug@>eExx+aOlKe4X)@x+=W!z%i;1CH4>kAKx~!cZu8N7a2M|@fd&f95Dx+yh
zbBj$GpYnoU(sq$|2%9Pq;M0x$d@<*7^j}gRUvt_Xo3MUqkp7o1<|HP*apzMtJ+pla
z<Bo_oJxyF*8T({67LppPoVVkV7W~+6Mn;wi<v%TEi`rvlE-moJc?g%|6A|F<`g%#3
zNW(34b}nV4?0mV{b9*z-PAJ#&U(lVj{ewS-qum-+Y8mZgA2PzxLg<>RfbBpc#T~z}
z@GTxu-%E$SWK<MX<ErXv1!M$-v63HeL}8}B*lSd+enCH1R=zYk85~R!baufG^6-ey
zfy60hrnRc_g<kxE9=|a$qQH~*C>?kT&yDAV$8XzIEp+82-@J9sU+qBkVPSy@IjJ^I
z-e1n~b=io)1<%%C>o8vF_irz=C1vdw!xE65-%9Uy#20(xpP?ztZF4(%>CO&U4(`<b
zgPonN@WgkhWBe|=MkdQq>ctyC0zo;2P9^R5DjhO5wzm3A;NgjD48zs6v}P&yT7yK`
zqoersJ|)D~#h}QmeTV@M@7n^C_Ef0Mp1+YH$ppDr?0R3cP-gYc)?RdG3NB%-*-8-t
zW@39QP5=B?^}W;cb1Pf)w_HxDAf38y=M=YgaM16xIXyjP(oRTQuHk~m$Ce81mN%6k
z=qFNs2g!$`-!#n3My_C&k_EURCc1Ex6o12>WU?8Txr?BrW=6k%ZxmZrw)+{ZD#c`E
zWW*Vs9Pa6iLBS`&x2S7y&zlXU6ZRS4rJy)HJ(X0Ih6AMy9GbpzB97C8@93)8Jjh|v
z(!NiBnQD-b;bC|)+2!`=Ax9rZCg$Gii#=Ev<rfS^=v&9EdFq2VebKNmTXqw&wXpEN
zJG`?CsA3ncUyfx<P?-v~IIZfS#Kl@QRWgIgjA7~K-N`wrTF1xt=daii5G322<_XI!
zX2@SN;{PQRCH@^pC}kjvV7}T_J*$%_U%WB8^fd+zOWwhO2?>h~2@2+KB&6x;8d6np
zs+=N2_|k-ry4JnbbNNRQIwThF48{zGg&n#&HZ3;7i;PC@lTR9O4hq62Al$qgO!|VQ
z`tuEMVBjU1{=|pSkV0xC42s2<b_w{pI;T4;B7`>!i{Om-20w{Ur=@Y(oo~}?D{m1>
zh(l51sjpgaa6;hZp;;M49eh$kLQZ$rki!sIoAV#?*JoF3SVjixTU&!LFldp|1%hsy
zpBEMuB>ntuMA@SirUz(PsOi2mIR9#RXK87f#$qSqe|3V5PDC^`JSy;JMdIMV0E7!i
zMn<L@A&5~UKi-&#omzke9VW)Ry6pKcqYP?rFb1vd)~t|BLzaATPl#rMVYds_z<eL}
zH{hbB6B5bjsAAMuT3+8Aytwy1j>xNZ>BM_q_VQ|i;)A<~470YA-q(Dw`q@7C^P>e$
z*1I){59eo6I<B0bbeI+PJi*T6jrV-nP8Q#+LhLy$;YKO8=R#T{5Xu}Jtupf|Z#mxy
z=qM-$iY7ws?OTttpUGJShW{QXM6&2xjV!m~?7E{{Ty;a7xguZ9;9$@DqWd<cJ`(Og
zTIP>7HsAan{5#?jUYTue?F}}4kK-DjO6E*{<?xV>Pe3y=PxNmxk2cs&#QQLNZ*PxC
z6s(V(yNr~ZcBFZMgO})ge_bCD8rqXuRmJL7*x>~!OfHifjb;h#tCvN8;mcoc(cJM8
z^7A_s3uu0X^$2+viw5RO8scF(IxrEku)xFcAFg2&@bNY8tzx0~>9AEZ!*`axdc{f3
zhbGyIe$O7Y?Q*r&je|${AD+-;)NA?Dm$zdiCa0HjX5Rc~w^N$M7AHrTs16S7@`I+S
z&_gf8rLW&FtKbo+4r*ro%m|wH?gV0_bZ9~ft{KlUJ3pbRt?iG}03Ss~6&dhJ-L$qU
zYN*Q_Y2iISJg$6N#e<K=>|+%ZQ_T~ootvwuJz4E>d3qEMGNZAyRL$o>Zv6X~GyTk?
z4>Pf~?d9L06#qPyU#&ccot+=QU9Y}*i%$UITdb9-`MN&bKE3i{!jGSy?q${1j+vdZ
zQk=ex3An+N67i<a-FPSW@%6rTxq1*KA>qIc5e2Fett7a{yreZWTz0FCzYgf=$bf~<
zv3%_8$th`{=lzAA9xd-uU$MeZ!x-#xfTQ?(b~l-nD(Q2%2CWzqYIu4&r^N#2&@ePw
zOe<3yd^whLot8P!pbrLWVvvMqjAh{3f#vap%*;i#VQ_PYi;<KMx40)ed)wdAxmv_6
zk4>spI@>4QJi_lkkbn4hDd+iyafI0C!Oz#1(^Lh0Zen8HVQ@N*%B-vZhgiUA3eD#+
z)CbT@?M_A}+6_?=!NHM|%Yd$ueTbOM`W~Q}m2T+EU`A#-H4onxQ5q$6d3ks4;NXW?
z{Ul1<Bi>6X$=5h(Ao!hM;ZXh7pMz2~1Z><T$G*~^D%PO-bnx4%ED?(?$FAXh_`F8`
zH@o3f{{jw1I)tx3%eg+KmiVeffx<IYV+sn7UCJLyeg`~Wy;}J!yT2UJO9%g0baY&|
zQ))`H4n?~6R#sL*p`oGWW$Jmi(W4tFO)^6W5hW8Q?cUXYz-muIaHiwnc8D0_fP_;e
z7x#OX>_dKb%#lha_1%d%Oo;PZ*MiS6`G$G&{T8zN;Sw@WKtQ6sG<X3P)uoX$*OkFa
zsitj`>SmNw`C>9|nh@?71qGL`F`48|Ruitw#=v49JXrSrxs5*~Rt_UgJZ(IeE8xs(
zQ*3vxW^TVJ|9x`E&*Nj?;5+`a_n_dZ@;iq-p6{5%$KNe?dt(lon5OjZuIYHis3=n3
zt#u<EedY}oZEk7f-!J;0T)Me6n&s<#LYWUF%@kEPuXu6^i1Kzc%X+5&-7KXH0AUQw
zXyt){$wS+PW2oTzAm(wvn*m4IaZ?tBPiB_$wimJGzhBdZd~_l{QU7i(s-?^R#TQV8
ziHd3V^8TR{@MQFyt5tA8L}ZtjpT-aLyTT~<K9<GW@?njX{`k3~LJSKNv-A7Tl;R?n
z4V<)=%ghWk!wVM5DKDRE6Z0T_&ig>U(ixC9Kcc8UkVYnuT#$#Em%&2ANGIEoMNAZ(
zAS?{_RE9bk5GyDRjeG2^?``-0SRHdTj=Z_y)YOE9Ss)h-(bWFz$jkZFknPKt@2v3f
zfqs{0YZAc`BV#$7_H=9+X=!u)gL{*>+rMKARDJ59S0$yEjXoUmJa|=CC}0PmjVq`6
z-8HXZ{W=1;c_RAzd2d-~3gR)IkL~2i+Tdt3c1l*7_8uRA`3Pd#+MgWX6bgHAgXK3_
zAY@==K^^DBUk<MRqV6!bD4?Bf6f0Qof709^`e;N{zP+<;(fCd&FGy<Phy4^ad7Cd(
z-?N*f_C4<tqpy%)-F=YH@elY#GJeUAp}`tpntX4EXhcB3mXZzK+53nHSv^<RQzo#J
zyX*;$mZkz$3o))_mDR9eTcy^lGZ<{<RLNH^J-4N2*i!cu6joB2^^-IO*GM=%0hjY~
z3o{XqVNOnq+cEj4($d$nKQ{KQSZAOmvV(W;$dAOppx3{)*`t6UY)zkS!Gyf?*eepr
zo#O^|m;Lqz7ABoRL%#c?ObU1n;ojc9!FyQeB;Csj>iO}HGSTk%GAhN5Rjg$P2Oq&7
zUENSpQ5YOP0sgw4ECS_fOK8f|12UI9i*Z0$bTo3fLj1SoNOS=D&yJvnfW(#EKjEpd
zXuBlDyti%7Buc^tg?=(W;pX{dMxf#xOu+(7FkcCyCpA|f;p=%pUy~;i-O#}Omqf5G
zwiX4HYt>q_*RxaKcrh_wGo}k4J^yG1F$ya4&R+0jKU`k)Jvhyu{`sSizYQA9S_EZ<
zJwILS)vo{i1I^bNH)C{n1y}zg9kY43fw$Du#CU6YL4A@h5q-J&y~P`R%t}9{fB-W$
z$65E~)l&5$H5HXaR8k~ja90p|VaM-}A3vV0uXYC52V5Nv=j1Y?D!q`_lT;+d$WZ=1
zQ=z@r9q=zPd5nb57Hy22oO%@nK3+m1s5cW49R}tY?0-!@TKYQYQPtFxJoe^cf3;m;
z<de?*_z+CS@b|A_86w`2x(diJ$ys>`w()bRY{=Ns@6>XYG^JqU2NU37Sl5~{d3GlU
zM+5%V`5YN#ZmAv}7B;(DQiwZ@mb83A!G(p5!9bxlsbj)N8&Jzb6Twd6cd!{^B4J`e
zIX(SWtpa6{dR@1Jm8ZAs*Oz}1z<ySILi}}k1LEHBu;ihE(K32jS-Fq4&hg-7$TV3G
zlKyK6-hk`X$d}ck_-CQ;l~Qb~+FnCZSw*J7!(P$z7(>ayVe=_9PvrTw1fS)QqT2V9
zCf-2*2U4Gxw14hNgrsD3@EQJFb;gCmQj&lmtNGhY)(b&6Y3b}Q&Ls2)f5OcrL*jm<
z@FF6%wxWPEz6bpo1`|_7xBX<kSZP(&2h+X^I=XS?yFAuc4!qab*Ela;c+4#=1$+bB
zn7vd~RBo(KR=;P>*Vgy0<{we}m=<!aSk?>|gygI-F~Nj%$wXP$TTovkB7!rLa`6x1
z0DO8&!-%v4C@V^CT%+%KqomB$0)FHqR=n;hs&Bo<I6IeiP(roiFk7zdghPmoDC~A5
zC_DK5a%L3$A1&?kQM<l+`-X)@rk#R}#5*OWXZPXmW4k9);_*rxxW4#)-wvaq0(>j8
z_umSs*UE1kLfp`(k2Etx90PI45Vk89Bg&+Za~|{1q{8V(nHbR^QuOihj}C8!rj>^~
zqIXkYO>y$dI;&!UH*$La_~6gr>Y${gsG?kXMvR7yJv#YTTPwLB>5rwQfdz2>?&@jx
z)+7!W>tJiCB<LSa{QUg5Y&WD;1-Qc$F;QPC{n=T0xI^*wmY4dE9VR3i0$VeRi#;aS
z)}COqWI$1Y`<GX!xQO92U-NMFaOX20{BZjKH-g--QeCzF)+sJ<fXFH+`FJ(&&B3P4
zkeGx(R*SYo@Eq$Y&!RL?Ir>XWrhJBQ;`MZ2r6SvrSnk@Cw{;q%;t#Yw;NurwuR*MX
z1iL#MC7)TGJ-rM&_(`F-&0gsiV?$j{94BTv(6;g0w7pJ*7hi^$hZBtb-n)PJSXvU1
zyRk8jr=U^-X5=pr5u?~c&=4m1!W%F&ab&&Q#k{zB5S(vBpeRH%7Er;}m_O4oaBhW!
z1q4LMf&>2b`Y!UyMn>r^70CmV>_1H>cy~v;e(S|*2(=S-X5;UWrtK<=Gy9&MS~ec*
zODQR#dK(+dK+A$1{(n(Cg(<)fx89qGe7L!oGH8ra6<?&jF*HP3XvTarZpIl_*qg|M
z2K)QTsnf7iGtqKFl6jc{i~uj#>_byS1KQrs4jX(3au$bmaWntw%*AnCOFBNkpC9ac
z6&&>P+l(IdQaSdLHP|YyOwu_u_73U7bm8~CTK0?NSdUl2K2b*-eFk3|9Tlw4lc;1x
z46IWDjw=^%=~Y%iM_udUyS<(LVSj2NNG_3>ke|Olu}?8MIob!vJ#j_lrV1^_MYG<3
zYJNN|E^eK>n*%S?FA+`6>(foS;woJ#8)#>{&hE}TLNqXDcIm53RG(j{1PLgsK_aTN
zGp-EGl>=zeRUgRX=c@bao#tJ6nbG3(Yvq$1gT0O6-KfNQ@A8B1uB1HrQI->9sJn`h
zK7X>f7)~>2^4gM|$^XAB0gLb#*hbmZ%8sreGLg&6v-clOhWh$sczAg`pfgbZ`q0qO
zN^*si;v#|e^&TN0;LgWot;-8Ub`_XmKrIZ3YZXd7T8!N6?G>)g`p&8L`&%d+R(Bya
z7l!f5D~)GpukyYWF|KtbE)Ah%noEY5@@2+GMYO2fTRN`P_uR|`R(N;`UBPd`xr{XS
z6^s{n8^+jI!p_Hq3lRzn*Ku=763U#{clLlS$G>iGQGlF2@Mm6N;UE`m#@bu_GGx(2
z;Es-~sriPCWCN5*AQ*mjn+VTIzxHi0FzPjt2``qdoGg^$tZ$P22AC@z2`apYM`Buj
zrgXWy9^2=4r)dmaF4wN$B7)D@*q{}8gEL1VjNl<4;0f(n*d>-+rriDGxc}-b^{x3W
zqm}Qy=bt&YtzV7yl;Yyz8ZG3Ms7lp9R8dN!VPP@;`}h#>1eQITZEb9Pg#C8eXm1Hd
zS8{l9dclVP<_Q4OhQV1`uQMkXd*acZkSbo~7(w#;)Ht+#XQR4>&T>#?qY_E9ZL0yc
zSjL2~2TQjGQ~o{#R2P&AYZ1dY6;X&3y|7-t{576?ot0yF!uJP_gNkaGn6&rLx$T%?
z2XO}mVxv!ey+L6SoW8N~6fu$95vG)-C9#nKHRwbfGj2)Vx_RY&KR(t!w=+sMGqPX+
z;E=S>ffj;EHx{3%X<{c79QcT#0uS%|-x@Sgf9PWF=a+3{Obh-uIU4pL91oA@pC83E
z8v^KnT{)eLJp+gv>%q<SiM)O_isAoOEPii>slmeTmw#H==1O*rUf6$gI5R)ke)kU+
zrlX?+Y!+l|zq+~DqkRC6b=}>Uj*k3U^ixZWjvl-K@;Jr*a_fal;j-_PC3K+m;p%kV
zAd!bpoKnl{4b6UUi(*C1B~$dlv8aa=3Ii%iI|+{W$?(-t+|lEs0U+s`9~oI#`kG&<
zxGt<x_T=Z+&CLx=?2Kw=>;F^s<EDj8v2@h+1Neyl(`VYlea)ipRYLpJ>{wglxf`I#
zbt6x@_y<nVqv%XVx@#y6^mdstB{_4zpMl}pv@71NvhvbwZ~m*x!hd#A9fz4THncQs
z2?+sL-~QbD4SDRtr~{BL#GC$Rv=SX2AHQyS0EyvbIn+fKLGSGfkoP7c1c@pkJ{oGq
zm{L7GwdTh?0T&ByYb5U~vjiyqgexVHf(!ad?=0biMO&uo(9j7fwWwU3tO)}7SY24S
zC?drZP?fT-z?<on@$n;}tUhohyZ~5znssP&bT8=c>ZmR;aY78JBIQ5d#Gs&r9Q8(C
z>&CHo*eRm{`IE*l8ll8WQMijV=;?!_>b7I$e{~{d?y0@(LL?GSgtuJxl0`Dol{#YL
zq5(*Qwxg9$LWMAM>gN#;b~!{u!L6-u7nAJo&nU<li#(*S-a5inQb`jx(C1_zkbpom
z>7Bz>wh>zA?Pd7S6k1o2pte<?p|$S=R@GhNfXzEDuakz{pMp7s5GC2a!wm!ftF@Cg
z*ZQW2>Ix<;p}&7D%huL=rntCzKtrM1@qzX=Frj0;5)-q9T_{W1JS#5z6C#01;!Q3b
zQPa?n(B*Ap^^z6Lsn^p;y1v_cf%A==het3fdP{<>8cFw;q7lCahxtGa7><>~r7}D^
zYHau4f5AXH!+v~TTN@;%XhiY+=&C>@>;5r=MIS3RF3ui)hfT{nj*w<-GHGWs56USy
zS<_6;(m#?E5@ELE+UySOVc-wiGhgeVq14xht-$h@+3z>{GITAUFWBQfUQi%z3Fb^a
zmXyx6L2?)bzxBtu7{>}Cf6ir>Sq$y}Sa?AitE;Y_Y=L3@boW5!T~@|9KP9Qm!{qZt
zHY$k(z5t!bVsAsU7Jas)Kmz<;5VlLc_}j4k-^c((zpr6eUv3EnC6K&;i0nl;fyeIp
zeZBQ%=0@pjMnKUeW{B9r@}iNYsl;X1$8+meJIQ#wJm1rie2NELw9Mhnx~nXLyvF;P
zPfmM)=`6((aK7iqG-p=b0kVLhIaT7u#%ms~(2zRU;$x+0_aSACLFl8`ADqL(c)X}K
zYd~UBSG%E;HURaqfK(q*vYISTO*ftx8#~f{eeKI(YHIpr>8nc;d$AUieMjfn=CNs&
zn|GAztAA&YeNj@c4Tu}TQb*q;DO&l$@D{=IhDNusUnE#ywxI`2q@Q0474F$ncn*7@
zZ;r`=!|YJ>+)Nmxs}1*B%Ot*=gk*N$!~F%rGQc_H<R*O#EDStCId9CZ|LZB5PbTLR
zz^9~C{W0^*BVz>J!Z^9_9}ixrmT3$M>dv~;_IdlB$pUEMwJNHbE%YKwJ-`2;FZ$1n
zQATcFg4)2qlu-i$eP$*mrKbxkARpBD-_)su`+o?1hvei08|<-HMFXP7@BS6T%S;v0
z4E;UE%vtT^QqjPcyeZHJXHY9GHF@F`Q%MC#PgXC1n2Gx9xNWM_UIXLx>u)h`TZQ2K
zD!`F=g#x?h=PKn7OUr&AT<}7RDw${WtHaXcRf~@mrW>BcP;%T*P7RHsyv(GeB(N$N
zT4Y2<j=o~yQ=GP=1_E7;8}Lc?S@df<%<8QoErWx*6qnn57OHBK<jD9f=8EL{5j_Xh
z^VUHn6Q187Vh5M-jG8JAn5>PrwOJQ5jJIE7f?82y>UK3nlj+T{TN0X7P~dB#H-74=
z#%93RnU(WFRWvgtt#5IqJq3^&=u;uJbdlikLqJE+J#n9|j^lmcSR>n522E!Bkcqk^
zGY&o>eLRK?7P%ybOzP!Xweb|C5MEnZnZbY7eMg+FaNQv=e>2&_-{(_?VN*z752qDo
zX1aT_gJ~F+4C?DZM>c4;Mjqg@b1{MgF90Viz2DN_K9Pk?<G-~5W;Hcv;qKZZBuu(^
z;HRbuImP$yTp>Tu40E7v=tWc%C`s#Ed&pE05(o$g-x#P*p9b&m*NJc>0qr4urCFIM
z$-(jA>{5>DXLls5vhtMCS1d6kOvi>Guuv4z(!x31ju0$U4gvxPUX6J-<#elu{R9$&
zlA@6yC=0#1yJI<NQ2vJxhx{J9s@34oW3n)@54`IPzzx{L(i0Mr0uy6lK53t8_8iK^
zxe76&08x(yTvOuS-p)zZU6Pyj=QtJYuoV@Eap3Ac=)@>PkR2Su2qGae?9<V~`Mnc)
zY7G=@qKA7&4M}47{lNSC{%=7$lhfSONl&!DO3~*8MIh_Mk2GOmz|-J@!Rrd04?_O<
znlv;9U#*dK_;_0===Jv**%LFGo2N_~5P-Vmb}~Yc$g#|$rB$~whLL7B-b)&ACx1cZ
zz_>Utuun~oBw)PcIF7=SmYE)Ld9i0besz@H?rQl$;TobVDWw5-S&xZcVjCdUSRx|D
zAvB*MG?<m!zo8Sim&E<AXJ{STrw%+tTU=o`R#*EIP{hT%w49v&C>k3t?FwYk&^SmB
zk>I2fg10)~7Zex>7a0)|3%mZ%Xut63b6k5C`)q(3Kq5ez%ypHn#o)*#!OTQc<Rem(
zQzb&?Yqrq!Px6!4ZN)^3gbTm?!xeb%3j=)vzj$DcT$x}bSHxnqK1XvwvDHeZVr0t4
zFVV<ty2K>AyH;Pnc=;6si12eC&J`m!`}_BT%NXPHfOeViv3Wa^HXomCWW-EBeo=kS
z$La)%Xe`_=(GRbUwBRO>mg?sRkY0^{+8$5?CXfYC;+GE(W42{Xj7a50ye&p6AZ_3{
zU|r{>BP3<8xUH__DT*Uu5T9OvoJx(&xzscvP|Z^b!#{qs?5#ELHi^cfxFujLm=){@
z61l21jz08%zlcdCL1`QqNX<ysf8KUhrnW!+#`aSUoR%qzD!X=Vu&Gg9Nt+ifB~e|<
z3ZI>$Oe_|vWxEd|0eu8_2GRv&Y=y4p6`#Y8dAzZ~*-(Geonk2s$Li^6(dp~f&c}@~
zl2N)G9=_pw&FMcU6-Xl?K!kjFWa(fLa_uPU`aTx`7Vv>7<W07dP+|e+e9;r{eCxuV
zwLpxlxvcCuFCPmA2cIBvA_~(LywwpN`{o5QRJsKCJo!Fgc(t%XMiJNlPGDi~@9#^2
zWgvKWe{-P?$kWkJ#djs+G61!)q0!LLEQTXvPaFc&h9MyVF~Rf$bJmHCO|;#w(aZ^p
zLWB^R-8?G4RcM#h45Pe|dW?&g&L$|QQxTZ+D6?h#j;e4TjSVq_x<+-`cp)Qf24kp-
z%w#09K+}eB+3aVBk@a6&N;4WeSaiR_{OAGqjCa`$;c9`;n>##odemtD40Z)X+P$4@
zP++#oHKM6xteVr(@dx*Ue9z!^fB!!9_LMc!(t063MB>=iHalTH^UT-}^=qo;lYLco
zHT;EHF)`}2O!E}+{cf%~fA%AY^!0K1JqALj+`86Ei}VL)XRfAQ<lxxLj-IUdgl}zb
zZT)+@P`82p48a_<o<(T6=N-?rYu%8~(R{7B=<DDgCw8`oR3h#Etx_sLdU=@rY}w(*
zgT#H?!4i*|6Wtg3q)*V*VN>gxJ(wOcvmIg93ilFh#r%;-0Sl8<Yi{3u^$o(Mg@JKE
zMV*}}+`hk4V5H~z>JH1M5cRdj6Ne~TDKdqoPcZ?A=Zmc#Q?IppBST=0k%r`a{ro<5
zy}^ZZS?S%J{Y*3T(UBNPr~MV$ocZDu6J-4BWLw9~0$}&>lzDTN*<P3Lb=^1}4JfCs
zO?4qX{qKCK$j}S#CwC>-AhyF6UtEvzF={&IksU^*_oSo=QMu*nmPsFJQi;V4;Nak1
zwfmf41>ax0#en9<BmYx6x@vN6SQ>}=n0N0q%{zQ?Z5$j(CII?Ef&ptC>VEv_F^+Q7
zk@-Zts{VOfNs|WterKF4GolC%)B*}T9GLyNc7YK0iykVf%H~T5OG^vxwK$BqPz_q8
z_BS|~%!wzx^bnn?P9K*AU%#H!wE|9VR(9sF+BkH=c&a2K&_^L8eN6L`8SRCN3c_l~
zJ41he=cl0ha6P@Kc0lpJH1j*h$K#B?;u&I(|7{lJd$W(*oRjl0d*g9=vGB*6Q#a3u
z%m!{sS%nt@Xi;j=dxZ96oUyegR4cDfu6&4Y9OgyIYEFzwTdB8O$X8@!v|u2gw3**R
zouxS*9^O^0(U;huUwIKFn9|SR1|_(>|HqZHGBVWQN0x{_fJvXuU}~#r@)#d)L`nkY
zqn%wthgnJp{_ak_*9-f6g$fmPLKt8MNBai$|EPyXOjo2-nMIXU-y!i3pczQclHfF1
z5LC4la@wi3rff{)$*L@`jj1{tw&CxRl3uz`{>P%|bpZEgrQNNBvdjmFOi=(_>s5Z<
znk!Wy|E$f2)G8!|Dg1P~H3&Wm=aM(?lctIlK8iaNv*!uR>G18~<69i;MehV$6{5?;
zghIw8kJq8Jb91N7b=3FtilkJ)S}%f!tD7G}VT!*pqoMg|B_Qxsn~RIf9#s3GN@S(>
zFrX3`AvQEL$We(0p7L;Uz1#giDqOE*4)!i~*UY~MaBa-A0fFr5#NN-;@7!kdxS=*2
zUL_T{9B1zj*aJaXgt16%gM_*EAOBp~lP|Vql)hC4zD#p8wsmDQf5X$gC7I9n`)Hl{
z8k|ZS$$2B=x&^6?jUIe9Hu9L*Fi>r1=uRJgG7xLzB7ws9dIo9H{kKYiRQS64A@LOw
zQW2mUUc&!?*YG@$JYGlFZFgUjPA~0{pAaZYq51ikW(>Ez5Ta;nP&@8RNB{p6<fZiu
zNd~V@6i}@vRE_iq?e6~dO;2LGCmecd={G=6@^y_oSEM8$sxSy+pbMi!nzZe*RyR0>
zqkn%NvxcjztV{(aMPIQQHy_%wm8T^)DLq#W-Hn5T8&-Py-H@iHzf^@CK_jdE2!OVd
zleOrUSwVy)VKrg_(hi%lFgr);3O>hlt8rMUQh?5#b)3ruzeQC<c5{md9Z$ZG+XI-u
zNwqc9IO~40INp!RK_{$B5NIVutQxr!&_mao13YqT>nEerEHb!-_iN2ClZF&kwe$hC
zfCZU?;#`4`)g=+u8F)ii14Cz9Zi1rZ{7}HZBA&D<SO%Mtl5fycaCT)ykD@LCa^43V
zvKM_X$EIF4Jl^;4^YHWs-7hfy@pE2^A}`|~${bj-pR@q$g1n6lX`(ejUv0$;LcoCE
z+D}MsbU(F_Tl&S71BpK0tZVE%PYSC`fZevVv}JQI`hlKaF)0Zd1_d3Rh*H=SVmt-9
zG12w4A`5@&6*|!FnuPK3@y|CmH?bU?oYu-;GkSuEkIG<DpZA7zKjc8Zk^BqH>`tOG
z>59j^*tKj=!Bq!+KJF$vbj8httT5TF7O*Ot?yK`e94Bjgg3YmnRU;Qvl3RL`z;$Wy
zycc|y1?ZV8rJVSXv`pI}tAs`#6KQEq149zYn?kSsAH`F8dILv8itGwQVvM4q*%ig%
zA!Gs;j&Ctjuqb|a$U9oS1WK@llOx)ZW^rB6jxrE7U-Gb3n{n;f+0$<Rb*R$OA8c&*
z`SS%y1bqCx?UW5&YHHI-RDcME07pa79>o|11y#!W((w=l8yZ|_^$^Nma&Qc0ctsP=
zWljI%3(M~N99U`=>I9|Ua*c&fUoP-H#+>YMSr2rmsHu6GHod{UgO$Kb^+w1EPHQp(
zCHnaJ%&lyGkIS;Lw~u=jc!y*R5C41s)U<yxA8C47w#1^{Vp7DOVC)pmL?Dzjkf7B%
zp%cCqe*@Ljdor<8NSFm<<zZ178y|{$AerWvjQ`REq-?FC0;ZDL0yZOR3if_<Otz(4
z;@rc7OJ0|txLj>Zkn865mM@ItEf0l=*XI6*-NF+f598v5*bBI9HkC6><KZP|rG>BP
z>7o4n+t1IzfwAr$fc_N+A1^HQ87dfrq^+((E#!D`j$$_Pap>r0+gERkR+Ro*m;6h?
ziz0S+6$zA2|Er_t9N6i_MR-yH6@V$%X*usos3elFFBn$84{RRfiCoqw&kd}MW?41`
z2jz)sy^pQxhBmAm-pwaby&!rI1gY!}3s^g1GMR{vf%9NhIiY+sXrTkkXI1khASy^(
z+wJ>gQgRP{g#<`4wCtWF8JBCkc%lR?+UOmfoid)Do?4DVpyaPe1}`NyInt|Up9+YJ
zKZYbGCNAcQ_{e8zR;0h?;OJj%g$EfFPy0{mv(aj1W(!?5sNBrMe-rg|zkkjqeyyVN
zXE{u_rxy_Je~<qYU<#Kdp^23dw08CUs<~DQ#)79$*QEnBh;e=>59abnCS&6%7bjF9
z?uhk<NJs{bPR2*KRVrT&{ZhGpmRoOc54RBFh1Jn2fQ6oM=@AH3bJM*s_15((OJtjP
zc*|I6EWm~S*1Jl%C@+7y)=h<7nG&>{4yyB}KHDnq`1sx4Wb1n<Bt1R-+uKpX<<3A7
z-hoN6Na>#aUyWQo-_blPXBK~@Chsp2Oz79(OpYq63~v|XUSB?ng^`n=M!Th<z&vz6
zJq85boZB8}B?DST%vMaPDm^XP+uK{DQ6PTA0Mb-2Fm5NSmTCEvHHgTKZQ=8w>eJJ8
zBJK!Qszmh^{old<XIr_d;l9yPcPs|5-`8))=AkPn`EWYY_h^1^^3=z>hN}#p9=>nU
zs4nqjRgI2{zyuvt3M4N1j-{%;|Il2H1jphcKHha5sG~+rC>`<LNdg)LR*x-iu4`=>
z$!*R_LnFgI8|zZOQBhVXGMlZ{r;p#!YmS0EPt4vVLd2m<U}wZRm+!KmGa6d&=G!GB
z&+{HEV7m%E{eV%9i*x%iik{D+k2kCU!2fwzc=*H6c6daD*t4=^m(63Z?(gp2umtMH
z8tl%IGHk$=MOF^U<4j{xXF#o)D=KQ}z;x+zQSwGY{AgTjCR<uuBThXQqoUk9J)5xu
zO>C{4x-Mg(f4=$<dxO1!MS<eC`1{J9GShx{q(WQp=-ABKc_)sml$xy$u2&UM|2of6
z!WOd*l%3%;*z^Dn6R`k7(%4uOFsrN`)|~{=)|Ol_fDmK{Y5Ht`%@1s9i_M;pO8dUX
znE^=|AqXn^qUOCWStaI+vwM7;d;rbY{<3z&0JU-5`qM?qOu|X6x%GS)Vhb55ns6T0
zbNY(gR@qrgD|PULkjHc@1r@52%Ck+dNG|Z-GRnWRGgMHnS&>5ifoEQvh;=L{JLA+j
z0iwIk4)1J@zvAg47r|*o6ILbF*XssKATcvrz5Bv9>I5!8#tQkQZb%wdC38bpi$wji
z7%mVDE<Wq?QU06;cRdX)L$uoJ>ca6!(rP#oETaIoDA1`uNPBCiFWMwAxn1==ANpWX
zalQYYcg&Z<*8E%QVR~2>W}sHXKGa*gO%1<G4$eHB!&J%3t3T*R{p+$bTMDd*l9$>m
zj7+Tkem*|FwT4i5RXhevNOrct1Q4u~BBG<scb)}nHp*v+n?_7ZO5Z;?*v`zz7>F1W
z)*(v1*o=7x_8f5GRdEm`?&#_OMw2`;JlrZ1T^G11`=L@NC>vDlf$<MYqLbqzy$_D5
zrLkxzOE=hcF1cC)T%mcj92j%83`XfN>zhA{ouPT^xk~##Mk*Hj*<1?&yBHvjVi=Dh
zkeh9hQD)c9&%F&a+2$17Fd&zN5wK9d?i<rou{%s>QtKLg)|N$sgrBu#)`5Rfii3&S
zF4o~kdlOP_zh~%^J_;3PrYEx*c&$4*vwql}R2aLtke#&#s)q(ZvRJCQ{A`U^5P_ni
z;xkMce@RCt8vurQ=75rxzp=N+ff%wN;!~$-Og0JJ;;BUuIJml*Il{2sUe?;5j-Nt2
z4}QSE`u^QH4gG>bWGbP8@A<sy;=zF1S|=(~wEZUOJltS1r`-ni{}J`oQB`eGzlV};
z=>`drMx;YpK@br{x}_T=giVJu2-1i&lF|**UD74p-Tl_N-}~OX!@sU$+<W%gYp*ru
zuO?PeA(!E;s~Nl2qtN;KkQ!a_FTnsuRePY*s)c?D0a>AHWu-kWD@Gmo%t&VJX~f}t
z;jTtwoel-rSC`%3wd5CcfGt!U`)kFg#sS-$&c&?=3rn)Pt7w<j*xWWON~3;9D(?6N
z5iz0M5QVa>?I^v<CGM(ZLh+;d)2FR{2r^e!0zhPfQ>+z48K`2FtCaeifq?-xRn!AI
zfAn92rv~SDl0N|rhh8)Eus>66yXXq*zPiA*QCAlLnULV#+o@y%ha-@*bicO<D9E?Y
zmo((RIap-nefoz=sHJxx{B6tY`zu0Q)=Es1tgIj3Mv^)}z}WG<h=|CrZkg}e-BG#e
z%kLRixNt<Mpz!E;K{SgQVk~Q#`pTj7jDdwM?8<VYg_refNB7}UI0YPM>zbddp`!n=
zMbChQ>ERIuCS%NI*!lnbiXk$Th5`}xv%v)|JO3BvU1&mio7Sx~IvHf-D)2X+BS0cM
z8OIudHSRSNZRO!s523(7dZgTU4g~m2bI*kaH(Utx-)npZfBXZ#kH3<iA%h=j9DvWy
z1pEU}_vk23%J=WpSg?IL**~&!sJ1lXHWi);pCnj4{GAMrFE3j=iRvzXyd2hTN^#Yt
z8_{}+k$H!amw^&$4qZhvOkaNn=W%e}BawQ~WV4+D_@@o0YR3QRS9w&ZqcODo)9;Ri
zDA9j>xqQ(+Nix&hTQi2(Ph9(Q8PrP2{J6LjEaS73n+XZ}wh|JVLnXs`?`x)~Uw-Z<
z1&ZwIpGA+p78Fc*owGTyvyWuN4fX#;uFUdRlqksH;>2xLQaS`WY-%aBx9{E^+d4T_
z4CSll+Bgb|5X7keS7kn<q@-ME^n`9EbYx|ju;H@)wvIW<u9VbYSizH+Ij>)?5wopV
z<<kHgmZ&GFpN<4h9yE_(_u>z&eSM)|w)St)^jZW<Fyr1Ta%(D|kjc^_o<=!y$==B+
z&IsHaALpi%3q*sIGU>K%F5G{88xLy2z_1gsN1WK--|W3~?C<OG3C)HW0fsF{nY>zB
z6!Se6sV@NY*R7W2tHYxcqn}CS=P3d{YFgDV+;>!e<T9^g(?nQq4C2QO+z}BOc<z$M
z@6Vt-B}<f@FJXKqn;pYTYvuaz4<Y6B^zhW;N>LDKzP7fv7w(Q$x>`Z;Xl(!A(_=sN
zcsaTs6&J^TeR-4#Enc7Pbft;7IS7TzuGD(1V=ahzh4F#-0s%wm#z|^nYw|FDTiHz?
zBsGqiwbiweSDNG>o1yX|5X6z*>etFi>pdD1!^%?!de?dPvx14|VYMihEu{wIoq~NW
zF#f?bl(+k?x)ik^Kg!=9WzI~LTt}tHBB2rzKI!c6`O^mZWf*npj|5_G3LDF3?x_&^
zM;q92{fVHK@v`BFSy?Fqy7I3pod)&aNkUN-wLoOqW0`<}H+6C{eH6K9Xc#{~EjC3_
zaKVm240A!9do1Z|;G`pN;^1KE9%9zrVP!^5#ipPYH&x6$n2gB)OT@PN>C;L>y|C`W
z<%5RY1_Y!7dNp=Se-D@1b|$M8BqjeK!kZ8+97=)1zy1BYemOZgBL|Dk*`S>Lr*DN7
zo~@A4?C#v?MW+f#l}|^8EXqm9fY$rCnECdHh#QZMPK~!Rr|v&JQ&S>NTrn@NQ!)`!
zz$UdGy#Ac6YN67C*uo>Q@KU>BrVVatfI<dSk2rY=L6L;d&J5G|_M5ePpw~A%jT#7E
zutXglfzn%@1}O-6e>SMSrslZR{CR`NG4i>rEC35z`%y5-8^oC5yCtoR8|=X4+oiS|
z`*SuxA|77%5N<|N1Oa?R<6!lDc4~1^3*gt$Ei7s}HZ5&2uAi~!j}$;^oBXa^4&}e2
zl4Jem3faD?<o_di>@U#)AtG)*VMIyPZA@}%(PdBX|6eh|jhiCYoR#$v^W6h6w&A;X
z!vIn`?oTYTAZ;#VVF*V<UzlqQ#UmjBfCmE1)z#GulbEf>5nL>C+Bo6<S#L&OK)+(5
z?1FuLC3Us6p*gxYZw782V+1GxTGnfq)CwC5?_o`$adK~_oO$*tR0V5#aQP=avWNRb
zjqG{4I1Bqzy0i}!`f9(tQ6@0t-=L$xPCvbu2j_FhHU?}nA@SwVTtjb^Em_>xycP)!
z3$wp99L(UiETJbS`i;gAP&&GF`n*Yg`~L0lKTm;d$S79{RMwc2p(NZf0Bgi(>*f++
z$(uGbw|TL@5Y8PoH23(6#{+c)IGVdg@BxJX76daYCJK{`J?G;#pI{4179wKkitGZ?
zW}t;lXHpOY<a(G%`KPwQzu)A=kY!{t8ofka`~wWWC27_xiot#(BEsB0eiShM6tv>v
z0!bf_R9a4k!C7%2Um=L;3<AZKJPi5KqlM70Fp(!rOz}uCbiL+3HY4=@H#g<-J1@Q&
z7<CbZyi|Pucwf7r`&g{}FULv8TN`y^hw@&n2ulk;ddiunkAuI4jFa|xFSUhq{YPe=
zU}8u@XBHYYHKn2ldZukA`-CgY7Ens9o6{aSL6fKDp_sFbtP)OgV`JI;(7}T&2znRT
zT=frlxC{CoIkVu526&iV&o98^GRHK(G2Q5)@hdk7l-e)0#Nw_1&<q3xp!JnQ%v|p5
z>k1<4?3^N_j(CbmTyazXu%{Dvu{MxAm0uEB{rLcqrNliUAwe3tI)>JQ8ydb)f6fFT
zYckxpg6@Y-$aMP#7_oj76kMlBW(?<NXQLe*`!+`7zau0dH^KFK`I59y3-w2X=F-kT
z@6t?Q)jbhjT9W=bqN5a%C;7zjhd0VCgr<{a)TKEa2vj_rR_hY}($W?W60kukF~vFV
z)o%^EyPA>tb7>P$3KoE`J%&<RdqEWg4ma2#GXqj`czBtn!mk2F`)6`*<<Wp4$lzcF
z3B7Z}S`iKj6lVvljEs<SyI5tG3`GE?rGTb}{>Xo@suneBfbUUK(v<xX{d$o$dWNhS
zqZQ`c*)2Tx!E|wfI&(tAy*-uw1eBQQ=vSfP;n3OP>FF2szO5%uo?v^!Up*^6F|i9f
z3rn}2G?+XLYijfi9ROjT!~~-(`~SwAoJT&q^l|m->_Yto$WIpr21;kAC%OlG`mm#f
zkG>zOVlL2liH_`JMBdLWp-%mB;D*%61O?65bb4Jb?|OS;r+#Gk+(buL?tgr#tE3bT
z9jLNAE@q;YxRNO^h`_;-mU#&>NTWFJ&zF$m^9l@e15mz_g&1iWfZOP{L^mL**e0`5
zG90+1<ml;3-5$K0;^M5o@mcx;6NN_?j@i>^D=(d%A04=Ewuh8r<8=BCB-1f5j<4ER
zFwJCQ9e^5ODXSzB7nd3a10Z&vI#jIfcD2$K=>?<>)=l@y0M&pCxS~p5>gb5FGctBq
zpKgvEcpoQ*d(YP|H8_~~F&aG;5z%OJe%9CV1t^c2n!E-aMiwpqNi5sTph*98{Dk&-
z^X=Vo*olH*4Hq#!5#vn5Z?fX1LWMhVVg%q<uBvFi$0XshniH5<ff+-0_X9B^<FacQ
z-Ff+{1_uX`f}tdS-@lW9-c+j}B|0h?jaWmYg_nl_n3@>gr-Ip6a6ugG^Jkl&sk~t4
zZGRvRp#{Zh|HLG!9^Y5X$_x;cJSQbt+BbyjnGiFd^W?M}-wcZ;B6uuUMK&7|=KhqW
z<#<!2aH^g}$KwLBi5JkMFxl%4=6c3}6f{}V^^}?U8`q2k5VI!Up6_X004YP$D!e7x
zdjwh%x_loBej9%p0Xtgxw{J^HVGE*ezCf4lTsJ!u;UyJh82g<BIl#X_R5n5o!2l~{
z^0_z8t++YM5-maoa3w`8ZTA<`w-(PZ0Lfbwm8d3kB@v&C;^ro>y@_@JJedHBt@8Mw
zBtcxPgBieWq!0KE$_ScI=D3zm<(+pP0enLsT?`v|7h!8{^{qj;Qd%F$K6C1=JNSo(
z0ueA!xV;?Sn*|aNpC>^?Piqm7O2;Ni(moC9Pvxn+p)?V!W}yF(Sr}#nhWo0$1{f>!
z?0nC!GM#2M5XTy<#IrpUv^#rgWEXY~@1db|B={!D-<d3lbiDvEupd88%X0bB)6p$G
z{%<KzjEq)*0@d{c3QB;j#1+ap2u4||GeG+Na9?y$_mz-Ie-^Y@K^-?()L0!MgdrQ0
zuMU?Vq&68TlUUWex8hauS)k%o)YcU5zcN&tV7hIM^AaMpb}gcZkx_$bg#edo_iAGc
zC~?y6ZU~1^pFTBM@j;?In4CMM5PBTp<5TMJS?)t%y{E1cP71%3cTX7EB@iWiXRy*1
z`g{-p3OD-GB`Mc5K_sA4@5Uze2F|v28A}o}GBaREzc^YEASZ%Q;w%)oD3bYy(pv3$
zAMaLG$#O7+>;pIz3rr|D>nFoX<;wWD{ErC;9&3QHp_ocI@Y}&602eE>vfd1N-@Z}s
z130VX#V%bzn}dTxNV+)W;^^e`MfJZU<qd2L36wMll9G}YLAW%5?(Xh54lXVe9PI3C
zAYAuF6V%`yKy-disyc*O?DO@j9Xd{DZClXM=C<0f+4EB>9%SPB&xBH|*&Q9-`UwOR
zng|BB>9Uz|^%Rq%Vr?SNV!o%oc`w~dvciU7p!8m>**##R+Lmw#fO%!M^FlSqs8UM0
zX?rvDR+_z2ZqXIbJC)LL)_P?Fo4s1KrI0{j2emHDCKo++v;@Vfgu$vjOBiJcpu5|5
zI%H({)Q^*V+Yc6(tjv32cER27a^Uad*t4_Np@d2E9pfiYT092GSGhD<Y>`n~+k4R4
znBEkO37NcSy=3jNsYU^MPGBhs4n@WB*3`s+0Xtcy=EsjRQ`6IGR9_eXnf;<00}Vod
zMFqH>w(p#JO*Q9RW6TIJhx<Ff<ZMP9oB6N4LaZ;<h5;)LC~XP^VD&s4NCrz}`s(?+
zm6ecQS!<=${vL@pJk>;86d3CtEZPjsTbH>IYTd7$;x78~-d|2lFAcN>bzk4rTVU}G
zR8-iphGF4qH(^x<V1~4Boy9Uk!xa2DX|vV*1!0Z~S%R^V0J|*f=|<}_9b$^XrPkF|
z<m2)N{ag+Oc~$Z%11~qe7%{Q*F~Ya%cd66$)q@3209UVEC^WOaef6r<N9~v0;CP(8
z*!9K1!w&dvZhGKY)eZb&eMJQ(vSu~8pRoe7(-}Torw6kWhrqOIXQ#vco>=#iXMmdo
zR%eO)C+U6p$eghFUP%*XXBRXsokF!Vr2JpYBtTJr0tUP`!Ob85k~i`Td{mqw77nZc
z%Z*ibOJilK%n38o29O4+EYH5!SZ}YL;Pb~x0G$E@82a$5Yyd@4I@^nZ`TqUk_K^{g
z8oY&o<yKwQ53cOhtS6?gyj-YYywAyQo&AG29p<lFBZV5wYwG0iaMw1LmnT#-8E+~9
zd{O(UqL>>2m`5jjS}+)3q_?W9X9qhvJ3$QJw=4%iX@GD1_sET)8T)c_yr%G(j4bgv
z3|OolZ2+2ot|K6G8!7kw6Iw}#o<3@Orn1v0@t`XA_F8Rcre7_&mk3WutCTe&bIgn_
zM8@P28ToC(_n?+W5BrtfkIQE>x34t`e|ui*mq)_S(ARkhM8FRT)R7tj28g=iUj1um
zS~PO!yFTl|_%&2yuWoPRX++7BeSP&e|G`2uy_ja`0b>-Enuu<14w+kFV6~_1OqQ`f
ze~huxg#;55|CJmdqxDLH2Q(Z&g$UF_k|+R9zW4a@<+drDg8%o2c3N-*VpwnRi=(5H
zY|htz9szQNyRfh@8{j-02K)Y}lvLSA<;V`52D<kw`s12+dC~!y?r*r5sp2*`%mDk2
zZCU#38*oNqLBPuwzv??Z=_jaCpnYVHi3RrK&0v}dACIDP5OCqCTUu5NGPLE;im;%O
zw*{>LJ=zZ*4ki;+oOVqbnnEzMi|6jz9#FDTacL3X`E4YAT7D=L{zCd2tC<$Tz<_PB
z8h8HYyyIfBB&3Q#iRBr)^|%yxgV@zd>78jEp-}YU5d%y@LgGhzPtViSo>=Bq5d3Ie
zj~nBkMKpTubrKt8hrr2M0%B7Z&SK)@?=fNd=;(G_FJyzie@Nv(p5oTOv^zXL8W-}$
zDP=+;3Q>5&Rjm{9>b1J=?nC6x4_`h&>?AidmKi*FvCY;INw|f^m~};1MJk7bNsJOO
z$iC}$QH!B*jbX<_IM!k_CqIvNeboRN*^5WGK*tVHWOxlM8OW0?Jz1<#XG!uRRlw(-
zLCyg@u><q-#}&VM3a6@ZN8`e%fcNe&J)ZdW*RO|uBVO(3MYV`A=O@hCZ{FYocbke2
zm5|fsq`$vEu)-AIb*>!(;H|(1f|q>cAxmvR8=V~;RDXwugEIi-1xR>12$~`%rCr*Y
zbT1JGB%_C<6t|{Y<%CfpVblk1ZayaQxNKm_eqqnrrd4~NVPq;Rl2%-T3;I)TyLL1n
zl{4NsP|?&58>6N!9T~SC#(JY5BQK4NIZ+(&$@mFVf9egy&}Iou{s83+VOrW8PMOT%
z)|n-#aym{IpJh}BX(93c6#g{@|DXF?Hx`G(gXSXDs8~NaeEhfX)fic6;>h?ciGh#f
zC>zIGqlg<JBQ9=9R-YCSq;!c#cK|TeXn-E>$8f1d1Q-Ccs4glmugL`vCdtumWE7P7
zMyIV&18#1pj1ne)c}-OH=n>k*MM*XNyAmHHZkOxR8C>Jn<Um1q1SSDl;1-EEEvQKT
z9DPTLlfg^H44~m9R#rA!PGGYDpy5vtonR;AM(_(5bv3dZy^lYB*D*Ckn<@_~_tYW-
z2?_>#`}1~Up5%TBVOYvEB50{9nRXA`YJlQ{sNNA08f0YpIbUDP8&qH)qoe7cAFsh%
z7jz+^f95E^`v+e32VnjnCNTp4ew><NE(7WM*;6`R?&uX~tz<&?*V>fuXWs6{A0}19
zm67RC2GPqm>V+CA9$VkR>)!eABqHQ8AI$=vD>`b9Vj_V8aFYVty}zp))Y>{l3U>6H
zD%&;W4KHcw$}TV^KvHCVZN+G(O9dfU)_;_T$7*P=%kF2+Tb6{M*#YQ|>+kDjfhv%4
zZ(MT=c>Y`-J^C{`5YENZKQI_LR_ClCWc0}E{R;KsMEAg8ClG-fh**<1aorDs!Z{%?
zH;9Ua(=a~&DRP3Rxjb~ZzOTdbCOx9K(PPpz1t=AXj7E~o*k%2}Jz7jH9Ow!7+Fy7Z
zcm%A+0PAn?xY&1VdhsJqPI6Qiu2+m<dLklnyB$Kv91#*6{210U$!}ZwQ5kn6Bf~kq
zwg?kYgNU4*oVuc}-YL+-6m=V0V&5QFBxB;zFsi?fi668lNJ%wbMaFORXpU3IHzSTH
z`j+wTIv{R)d&=0@A0QGOa#PR0#l`;_pCEPzB6QGq`e*H<si|2BJ3ew(S63^rw~pIg
zY(7esdg<$%LYdXx@iGKyOclt~-)f>VHu11lb}-Yv(reNOiWX2k$zIZjQ;S~fyn8q5
zB_-7c<<$R@0(<hw|GcHl{QShEn3&}k7Ju_DBx+y&vj+uliFODO_J`Mfkl~@_U_{A&
z6$^aL%N6y)vny$fwNfIVcBXW2nVpmf@l4%8l?PZ4b>Xaq_$3faP#1#UP^@jh&GY5#
zlKZqX-0yp%XEG0u$kG<Nvy6;1DAtrK22W|Y5!JgQTAe0~S*6CUi2#DGs-$E${MUc%
z_A2=JtmrJomQ&9c@LYbfk;P{kJ^S-2?@)dG;zf`o+1X{lFmO9QKAA_E?rik*@9aRo
z1o&zj|5!DECQP8io2lo7{I&}Xn@daf@BV+!Ff&s_LpBYWc^qP*!B~_@fu#x&wy#^~
zA56%s5#eEf!EtY5N-)G&@09;r-IMjX+P8`VA2(}IlJskr!l<L86S9hR8K*PG%v@bg
zn3RBz9Td>PjgF{*M0JiRVw55!)2)GJhY%us!=085^p{Xo!N<>4vKRalXur1m(d;Sf
z@@cCd)V`=QxzJeF+lFL`OC!ta<_6w(LyDtw2WS;T(*5c)GP+H#-Hf}czjJZ}XFl5B
zWf5iI9E(l}juEQTuWUzt0&*~Rbt};L5s{wV7jA-H5=w=?LFoR=yS^lFi%2a9(bAdA
z#&hUg_qDXNsHv$r--G)S_3`T3(m!aT2yW(8pPHTg<=YYl*qPhZl&JUwG>{lVJ6`z=
zz`_huV}v4)F#;oLA}cOkUBOgJhqQ*@4sn&6l-J%|A6~Z$DoV64)#3wbEBU7lR%)_n
zA0L6erI#YjB=`tGGr$Gh#h8;tM)r=jd)>gs06c`tdn;W6Tiaj#ZK1`t?={eD<>dS?
zuMI<!DP+T_`u4a4*FpH0U3s}t{%OdoS1-r@AOhu{gNWAO_+XJQq_}NuA9bIxKYi&W
z0b947dB5kjsN2x8dUax{EevvPQk<P-Zi8^0dCaWLr8Yt34wqekl*aapsJuM0rjiod
z(z-f#ayaclXAU8QA{hM@FZ_u1INemqYizs|^zyoY2Xl4VA%0<DxpK8Pi>;}p{f=OQ
znp&gE`5A!p;7=ssMzoZbOaW|UOQt4j*}hzbRiQJTX$bilb?>+nuwlR%wG<Yq9A|`a
zd~A2M`f7?pJGi|@AmZHW4b}&h)+Wad{q=t^dkB~UTMka0te!t_C#RwUDik}xKS@`h
zjfx*gLa8_D17gj$(#SJA6RmV?SebwS&X^oW17(&?ng}|Kl=l-(|NJ~RkUhgBtel)G
zH`ea&LMzh6N0e2f_iljXTwr4xW74D#?_miE_P6Il(2Q>w8r0y1M1q7ghl5j`fD8Rp
zP7}G30Tixq;+LqX3M#;b`THwqeEjGMeBGgzaP2S*ZY{5|neqk$Win_vOI}*`@fz!@
zIXly_GO4eW=@^@!#}#b<J2fn0Vl28Y)Jcvu8ofA}sx!j};DpYGr<M?0yFNDF;giQ=
z#`&P<@tJz~<gN?h_Ug_B%6r^H7Wk3Eh@oH5(T01H>2)x7Jnt-<fmKop5uM!rGeHaX
z539s$gK8M5te;fsA`dQZZZfa$zxG~ec{VRbY^;=Ae-U3Cy5V#DlHM3OX>7JSa4J#<
z(ZqXRw*X(Dv07=i*%82_`7tpSsa{|y|7k;5O)EX0zdX9^nx*iB*w|SAD$m3%$-I9o
zd3-&qeSVAxbGkg&3j0_JOaHtRm@$@<0Tk5Tipp{`!g59%p>CIWk{O4MqC5m4$deH?
zU8CSGo$gbp6RdZhEWUIeV@kAqtmZ9B`;m<7(7~m%Zfor5+RbKgcx+5T%=Pf!I<RNl
z<W&gJvwp^+m1c#E_4T71fvshJVq!w>@87@D68i)U6soGoI`!)78<W;kc#b;SSv0z#
zJchlG(E<)0)PAV_Lwlb{f!|B|-gsV*;N-F`JdBr@2TTnN<Kgot?5?n!@b4)6sNuMZ
z=8i-D#M*fC^D?s6^B0}_m6mEc^gN@Z`uv_konVB$ukAd97<J>3b5m-dvAPyOr<yBS
z|9Gi_r*E*=_j@_7dKg6zGdO@0723iHnTLOSdT89AeaH}3O>KUlh8^Z4NIhL(deZX4
z-YAb~%8m+*VRRnLY4zNC_hcj0DR=P)0uzVMSM$Naybt<JM^axkedFR&*sz~}B_<{f
zW?Wyd*<7N7QqL~WXKhP5+S?0(#_p+`BNo2eYp^mz-r!4|2j|szU|=98jCSejWG?4R
z-**Pph?VD|qXkl^w{;FC(R7&uAM}=zGo(Vlr1#U1DmbQ;Vli8pn3&SvPnTa5lkoM$
zB&CFzjOD0JXIdisNXwur{7~2ugBXrgUS7Ub<pp`#Fto)o$LYpuumy&uQhDu8;os*f
zEBKkrripSd&QlSetY^41y1y>@MSrMUjYA?TLQ5R-BPS<thgpdhKvpaF_cx8WH%0X>
z0TL|j$r~~yT<#P!k%0qA2r!;^s!Nro*eOhk677v1Fb7<RO_1t+Ki5pt>3P$umdnD7
z3K4`z*C8u>OT}JH6+W7bqH~R&Bz>pCGdB8fY1RL1VnY5a5Q}Z@>@ZV_eQ}KiA$Ly$
zaFnE3J7ALUUp}{85CI35ao^?9iZW(^WSKO5YtP*c_hdg-<cXNsH}ws#J1)<j7|G=J
zS(h!u<VwqIx#lK?deb*slfTo17<b;WLm%n;%JcFhc^PTQ$P8|>6{eOBBCja;mqS0F
z7d3$F0^xY}So7Q7ewOCwj95bQRrVeb1?SsX$;XtGK>J(5@0HBV!S+{!y_u!%CQrOI
zs{Gl)Hx##3ZoGw*lwwnCB?WzYE-0(_wKcnI0r7h?tu4ccjUIf@`7*LWptAcZR9uaY
zp0`*?W^;XQm>+<`K`rz|G_BU;=DZX@4&s_xnX*sG`M(~=3lvzI(H`G>3MeMP(u=gB
zV^hP)g@hc$mDO=e^tuQfPv)|X+{&qePWwFa>sQUmUmr@41F#jPi4c`r=?nBHinKmE
zAFuYbg3pg8Jt|87kWGjjilhO5yza>uzyOFd%{|*dte2AqO;S^LH^U?2GNHJXo&{?E
z+T>n|qV&$aElU_a-cFs4RN?(3S?yvC^R^#K<JzAlT$rt1@eU1j%9n5HiQN>_ht+it
z7Z&~AF*Wp60=9Pldg1%o-zb2H4-OCWACIEjoXSKcF4jVAY|tw?hMe}h@eB1DNPAwr
z8nrx2dfs~YvHVbG0sjxO+21@Lb)7m|Ru(k;i~S`x<0rBMsam^tGw$y43Q8Qum0;!I
zVFVnM0<?`eze*wvcujvOEc|X5?Oill+gtY4%2j&xAX0rWCRZF=VH}qhgJ?@aqRno1
z>zXR$yg(`9It=&UbEtjBhz-VA!a`F)`CF`0zY2P2Y^fleMm9XOCx&ID57x7R;$2~_
zgk<M3kLAi`u`8~&f8hq={y4;vj}Pl>F-}8>rmNU&E_cd()fay-f3lMGD#6B9Z&Onx
z*Hlf7JSmAZezJSm_%F+rmAbwJOcq2ZJBJd-X)(0bPZmQ4RtF0j_gyrjhbrYR)?sPl
zG?+Nlg)U1gGEUFIFpg;5ejog*dKZK1B)+$k!!3T^usn0KmKwcg!}Q$jOjWZ;xtFhw
zjz;Z~CFz>(kL1_{T=8^JaXC)R4M8+4%t3i6M*hk0--%AJtXu{?F+8Hx-DQY~`nIM_
z*ffYf5)jXqOS|Uo?(Q=z8tHLNB(Mlopw&JByJX@0FZCj0Sg_Y6-U&O~zedmcKf=bA
zL};`ndJPgel;Hzn@`0kX*o)KBT633;fjBbN2TieFG!)bkHz@JV?@>WwW<rI2>rFV;
z{QMDEP=VjJdim*hPedqH191Yvv$Ibx_1=K|eXP_M*blBAnX|(gGW(nby}II1MCDk{
zQj{N(x^kNK>MQFj57u^i{B}d`8K(mrD$z#6^ryt3bZn-A#>YF8Fz=iq&7})=EqxnH
zt>tp#=*wfqs+pNTMH1e&^FT{kUz-sbAX9rU{zgG5FgcZ~YHEs>kF#Oo*9Xp}+bif~
z$7O%ct!(ZQ{m<8#?svalzDGaX9)Gq3kO<4`(=A6#?<dT{6gQK_9Y4_t4{v)21Hyml
zlrtf_(Ma;}^4Lvp+{JP&Cik#(k>QDY-bqpnuF%teZM@h(!Nf>Cb>1GPOWe-0IHn-u
zm}(#!5W9OUv5&6C;o?GiH^5)xaaRZR54p!i!Df$ExVLT&@bSqp{yik8J{+BQR<Cr%
zxz=f_#l=PYSXWia4+tOrTZ?6`aW1&L8@;+Q62hg_Sav+&|3#9UoB!0R%2w{=h4pKd
zvxishhT6xc?Z3H=@SLuAU_Wx2#MmD0DaKM#L+3Kz5ntTh>We!(v01$%M-PyM$^rs9
zYD-H?!#g`WWzvNerPZjxCSY9J+uJJ#&EB4nkkA(FaC4AqDuOaZ6%{w$lSUTbA8fYW
zi8t4G`*F|k$w@UXa~w#kv${tQGb6L~f)<)|c0DVxu@2SJ#YPW)8S3G=RqQNKJrfl<
z>|2B$nxmIaHcH8aiFw6`yCJS;AdbuHfr?nv{oi@qGl~6222L-yTlJ`^FGps`g=jX}
zRpa)wek0o-Ja0ZdIb}QdvRA^XaCRO!-zib}Qq01fJH@CmQ&*R#R+4s#iufA@UU)VW
zN25_dH`r;vJ}~gIW5W)|y%9A2?ccY0KPma!F1@Q=gEzZA5W8<}J_VI7!Q<SDoSmJ|
zI44_!^F|F|bOq90mrFsPfP~R`8zhL}MG5nkfm@v|Sx9ZhzE0$f`i0`Pv#IQ(T@azD
zsWr<Z{$Zl!J(qXN!-051Sm?9!1znT~LZz@sIm3mrwDGvNEbY|{a)x_lMwew03}C{2
zIM(;u>m849EPhT%FM=j4-2Q%wdyAlXB2~D}<-$f|X1eu<3Pbk8=l4$xe0*vg_bHJP
z5eidMxIA{$^DNEem19`H%0H33Y4Q|zb@i8j!s>z^UscQzqucbYc5o9Fx3oE!aLM=X
z?r3xU4b1yxrffo;J6|Werhn4)HIKL!arIDIhaoTToZx31NMgUROIiHRX&XRL#n!V`
z>{{Q|=nDu)C4yNq%0CU=Z|v?iRLh2wC&KK2_pG0ruOr*2tJgVY@a~#uCX6Fm-fpiy
z@d0`myvv@!(faed2uIZ8b@O1)Acwu5+bo9;#+|>w>sMVP>P|C!mWEEc4BB<K`TwgW
zXe)u5A9QEB4}V7D!Yi~i=bgjF{dv-vVk(i(yHWd}%x<@G6KcIgbBc6AJ7r~A?@Qi_
zfw7sv^`9|y`qH;HZOucfMBRV5%~p{LdAgS+_c0QnKQZJMy8%aZ1oL3e(-+=mASy&9
z0=B%jOh51U?(Oog4|r$+o7OfFS2yQNClDfU${O9(nWYs_9M#`nD+nPOnVDTKuMZ>-
z0-TQB;}cj79{6hH1B^pfMovz+(q>)=tJ}J>`hG~f%;MatVPGdrTb-|>f@^mp9aD#J
zZIzb&Kss%d<1XgRQxp|fHud@}dr?o!i;@I~hNEiYwuuymM?~<hV5XqJ9SRIgs08_+
zHML8;Mn<sOaIA~E8vT_R#_sOf)e?9KIW^nnGRg5}rYw_HK|OKvpT2<B$EEJh@KH-!
z(DiwWi&t1p;`kL6W=-CNkq7u3+>-S$56(W&^^Hu^N9Tc$L&)8o2Q})(%PY9XgCyN~
z`*gu_@8+~MMW<f>dKR)BW|J9;ikUk-`)^BJoFKvS^7BIq3k$yh(x|G!YMQ4=8<pYb
z>qrFuJc6;&Q3Ab2cjt#c0hpqH$H&VN{#_^XmXe84@(-nRe&<$%u2B3sBiNnT1;zh0
z5I%YB_{8khfeN^|E)K#PI|gw+BO!imcvwN~!jxOLPRaQLg*Dw0oO_)A<Cp7_^eGCA
z!0ETLI;_rR7CJr9TVK(6mI-coyYlLw@;IWOetwv#$j;M!nBZDAbzFZeta?;@3#0G5
zV;uDUTNpAqln!y#gv!uUPS@Z&Q}D}f8~``-nWpp3&sTy&ri>k3MqrHM)Xk81cQ0lc
zNbdG@KY$h*$8m6Qs(YQe{^vaxz$hq^hk+bJu+nUV{t+xjw>fa7q}g!gPe8}{)2J?2
zEv?h5Be|`Mo)8n^-+F0@v9<&K80<)dA<`P69xv!a6P6Oz{=u|>5PWNqrfg}+q@b)|
z2UJDt)>E{1_cuMUBV&Inrqcg>a85Kgw}TS7k@%HTqVDe>ucG+w7P4szIv}T4*hY4y
zf1y9&T|=k+Nubm^%F89;4h;UU1%iQ94~*zK?jgiV5KwvgKvO~`9>Hj8>KgTVw=yXy
z$qdLl<@|hotN6`FrK{FK*bh6mH=Y{)qeqVfKkv^?^Es~fXIfZT(8Fq6SJA9wp)iTz
z%HQnG#AwI~7N3Ijs3`SM*S?Q3>Sl`ueux*Ny|UQe%1F;Q&#)vjH`m}cdZgRvm=v3o
zL@so;A1<DfYEbQ%YgPIF6N=Yfz_?v!<`3W}Zs-@D(4@ut5m;5_^ytaqsd*L?<5Ds{
z!>YUKJ$?ftRY|gPN-UBAcgE65F{Fb41JBQLerIoBAkgH-yA7SHM3>X7Jw58cv?{F%
zycx{~<FAlm@LHb<s3HIr$T)t3CPW{D4(=(Ua^s#DVILo#U)b2#dN7GwU==hp2}pgW
zE-%jZEl`3*I?@NJ%xO^!egSzeUwE%laGPLYCG&GSv2%-2Kl=m?O1tBCg(KE_N(UQ*
ztM&%zhS+-6@Vv^}><Fv_Y<XkJ2fl%Hd@|Ea=q3pY2}~uDsw@J8uql>-Vt7;t)18_u
zB)r^|PLvU4Q8_8Av@;4c#`g;gr8ImPkv40^#qU0R7%D3(J8A;gDF=WY3voq!gVA8%
z*T?;BfZR^PqN1YM<KyFV0R^f7re|c;3tP!WNP{BW#H)!d*}{aWO?km`q9C9a<dRjp
z>`6`<{rOXBI!GDtIUu)SD9=c)U%Q#Q*?QX7G#$bT(ZKR~8yxI$fp@csUx!P<bn%<%
zBT}$5eb1i1?w^y{v+V#7qfDt$_Vew=*#~ZjdkT#Adq+Tcbo5>C=SuZruUcjyL7G^{
z_12hucPoORTNgic+`~K)NiFK2U1Mi3{qT<Nr$qob3^25sz3#>_NjM65xwu@hVM8F$
zdlJr<EF-EYDJ7<tWaNj4tCz&TsE>7CaWFSk!b;|A+g1CuaD(T%acr_{@AU1)4SLUw
z0&+Kin~2p@+ge8le$Jg<l!9jTEsKA85GtrN+;0#4=7#zoc+WFn^zjDy>h%ka2(W6U
zRNubSErDi8+~xL)S^Z6tKR79df2pDperJpR^)Z7DOf2Sbb2r@D96{?7j@OWqV(@77
zMM<l+nV&Jz*MEE7EFYXV1LddHV}}$(yX?&{%1KLGl~z>je!jgtqBbnk_y^Lb5jl1K
zgk>v??2ak-o!)XRdW8-(Ut`p(7qX1stO;7@TYu+BXt1MuF*{9E=ViDk_Wb_RC?O&F
zd%>f3jQ~1;x6DhQ_glbq?zFk6mwhHLP2b>oM{XZUv(l&A_+t_J;WIZB#i#*8@qLZX
zOAE3_R7%WM+q*jHSp`T{T3bgapFih2ift6NAQAXoCj$P$a7g@twys5^2sjZ1Jg-k%
zH7hN+UGY@%?H~E)CD}PT3WL0(%2&$DoMf<{fHPYBg9xT2d1r+wB%Gd}88jNAh+QpX
zChl|YE#Sj8p-&cH>BR3&7tVD0zOO9AJ<Imu$nV_Q7%Bs?)xVhENM5GS-Sr6_uvMy}
zlxc(|48IMQp+EhyfrtDtZUZYAls1<#p$i`Ix~W15wFXkP=T_0d9q^YDA5O-AO#@D(
zkD(--Vy=5Lm7bu(c&`qijd6Jp9!UsH#uKOe(EJTC?3I$si@C|d)<r_5e{Kut5+*81
z10@{;khZu-)fD!6JQ&HT<ficMI7FIW;Nb{$nVx>N*ysJqegLM1ki}!0R3SB%Z|9U^
z4ey5(yza<1=H{17Z6kr4vu|AVR_E&GEBOms4prt8`t;~#)Kw%8IpahG1n+h0*+1@W
z(4&gWWz6Sh6IhJ{0|w=e%$gO}S_Ri%kLiWTm13D%>sxpR0J$s%GB6xc_$((f9Vmi>
z3-})4{j}Hwl2I|>nV!lhDoVuxqm$-*iW13`sD!e<9hoE|2v&W<Ed;M8Nzm~Sj7O3z
zLHC#J*Q_NN5W6WHKCAfl*h;IeLL0JV?C9<p?9>&mm!v2_&|e<S-W0P+m>a4Gc!3Py
zTMw_#YV4Ph2SHfvG}y_FUXAb1ULF5wo6JtRgJB>?;UYV_DfL-Q7gKpH{zkzBsV!T!
z&2bjy8qs{<MXam`62->{dtTzf-h!xlMO0MO&k*#01gd(GEuY|CYzQ1fd?pqa*Uy=l
zI`fSH3jvEtOp5?{n)+LR^IdfU(<%G1^kGj;aplM2*`wnUL!LD?34n}Yj}ptR%@&vW
zx{HWePrH>zk~U=sjxr=P6rsBfW8aR&T`8P5VJl6ZYhDvRM9%=2gFGT^z{D#`<*~c_
znvam4I5Z=_D4YW_+03W2EbUG=f2&5={Rto6?skira=u1I6AlVWWoBlkf>LB^BsRF0
z3jR}bii;y0HwN9n?(cmAraxiA_CWx=>7|{vkc*<hN-q!6XoW=A)~60O++T|zYq3Y;
z;7iNNTt&VW%DY<D?F8eyN7!$x?Tt=pgo*Vw*lVHfqm@Vp@tbxa{&859FDuDqVp{&Y
zKkp#^fu1<iI+A*LVm$7q@ygg*I^iKhT$q;-5Z4@MuEzvxt1X{5lt8u&wQ`%IV_<x|
zdgn}~<%M>G>xh(sLTEX)bQT`i?EbG}nPg;TWCW`~*+>a{7aLm!uN&RZt)4J5u{uG!
z%Sx@Rq!POA?T>HnU!)4J<kmW3>R{G+QDyk}tf|t*X@Y?@E*u)(iyr6gC*9qWCFbLW
zA<d$q+{WAQ=R_fDzO%Ct-9cIC<#*1N)d(t>gU8rubwxWT4$kF9^TTjozv8vW&O%41
z15E`jaj1%voLuom!v&V$CkbunfeP~2+g(WRQSq<oiY#-O6S%aRXT7TguU_@7l~v&i
z=nNhg9U=zjX&S-k=wWcn+vWE7uYGXppS}h68iKba7@HHh)MkJ3C%^%WLDNM+L6SFh
z7t(F-B=$IfVPXPu>*p|^@`uS$5_yxDq=aAy*m11-N#_J1u?x+2(7Wi1g=QyoTS9_i
z=V97fa&0hQixTW)*jp(r3RU%z&Qbs%%M7Ir+fLyzfId-Gy~r0_>!9%;C9E=zTSU!b
zGZsX72BO5ej=f59a<e4BtX7M)>CKb*q~GOB<tCVv%!)0cn{z4f&vbu#yAITV<q!G4
z%*aUb)i@#Wirxo@hrclcHkblX^>@J}-bo@-ej50b(|j-K{`z%o7`Od`$QNE?H1Fk4
z5?JKVB~lSRv5Qj$RgZZ$hUAKboU;~Db(%TmjU;-bQxikRfCH>7k?dAPB#Wknud;Gv
zsynay0@>9=iWaYXeiMWvhPsjy2PRco8m(WSL6?Q9xflCa4O;wLg|EHvV&bIP;>}fE
zUx71fS`2EccmZy6y0M%%^ZpnSboAEaGNYw>%kNHP#^4^?7xg&r?*V4JOMhkQ_k*BI
z*%SrQ97A=W(kR{<%cW6ORV74d31|y4;59_{eeG88_GKOX|NGk{VP_f9k3i`N+OjdE
zzZ3e`9zu|w4=(Hl6tVW#?S>6(1{40hk<x6Pl`CCk0K1}e1ma+yl~`wBE;t#@mf6pi
zcfEd$YdhDH3-ZeD<!E}u(xed=8?ryZ0psb7bP|sPZ$P2pq1j#hL8*;52$A{8^O@-3
zEffi^X|$moj)l#Y$fIQF*R#4cl#}Ccsc`|B6#Rx~t39r97oUEb4kYD++<^rbfLXS!
ziP7SZpmKTRsg!{*c9)yZa0*LuK8sTV*mAmPTa2DpYjNB&a5jBh-}t;cPr)0{{_Om$
z1Yi|jRAdCcQ-?9Qt5@5pqR2xEQ^JyKU7piCHJmz{n-x#_oFV7a7yMmtw4njW^%hC~
z?O}sk=3@N>-Y;QdwlVL`X3h)W=`V~=b)#9kpSH~UBa6gl$|=^ewO&im;Q2_voUyU7
ze*g9b5(6_jBL-zRX%rNLtIZK`_C5-c1`r$V*7&av`r6ua+cW@H_*jc8FZ~4R5gt9O
z3dl)=#w4Yr_#>%=&%;1qyTTKK6rd&naSV9GkKeCvd_Scd+6?6!E^Sfn{LH4OyIfBG
z+*)(<=F`ZW!Y{Kj5O`Y`shj~{3;p{hPp-Q?{>{GyYO6QW)6+FBw*sfze_z(?HX2ha
zgR&Bw4R~nCm#s6JITv3Ht*~J7(JK-G(6O%X8NJYTBV(95@R&Lu(LYj5c)KrmX!^-?
zx!HNA)U@~U6Oq0FGN2rMdUJ8G=)T$=y|N}miXWW<_M1Et#S5z%hy6K0z^M80!wx|}
zAq3`A{kuLJt-Sww=<Fkg)jC<Satl2WdDsqo7TaxN3EJO(|NAmmIa`na>J(D_TcAa<
zO-@du{m%JdS>{Qzn_saXYG37+(Cr{qyQo(f&fQI>Tk;E@#@vxE8YI|gOsolYu866`
zF;X{VIcaz`RfbmUUa2?~t9F?xtifaP7>)<0o^4K+ES@DKkZ$-Op*FpJ4dN&n^}!LA
zNJc@?93C93A?|vp4*~p>7C*G(aOO7(6hY>fP|6h$Ha+zBF<(Vx_TquPQ+wNNb!fxI
z{EB-mvceITR+Ya>5Kigs4rl*#EulLK4kAkkw6K1%?_eV~^nkbc=`YK)Wj`kEmIE?g
zh=%sMDD9OTt{!OU2+C>{MP-bm6Vq^p)PDWrF$#1N)CMKdqC4c~W_=9)QQQ0{E$smR
zg|#4%@c<aFCYeM<8v*=^f!*;16O(efR(0PCljdEsy-`>ipTf1L=4*`IqC&gIVAZmP
zy}Rh>G~MFL;Turu;Ot;i3}4+GWYbKA3Qw~w_Ax6T3UJ}2JMV|Nze(!m)7?DV$<t{T
zOX?B0L4aV+<b1w4RaIYjY3Wt+zw4WPGBxZ=5j>o(Q*$pWi^dNVa$*@jF@{4)Y~1`^
z+0aAWpgR_&02i&0kh?X!kbC@s3t#0a{Oim=-J9j7V`4IW1ERzbedc0a&IN^yfH0o%
z1rA%dPo~^Td4uz<#6D`n_=^`)rTPeIB9IprEEpTN%g1>KqfxopX5OL5Pi(hMbl=Cj
ztrnHjlYL|T1VDD}qVE1KjUEu!>f^^3m)w8(p06e$JnbVWjGe7!m|E1k_N>m3;<j9o
z1*CyW!A9H@20kLx55?_)fJ}Hn$Nvf3XUrpAU7y;(ZWxTe@s^fe^QH<4&QpXUC<Ptn
z`ucXx!^n6$vvPAS#Tz^+9AzWgYsBwcKCiE@@qjL}9mMP#2s>m|R0m131ul+c9tyiZ
z2Kcs&i`6GszN-TWI-Bo8t=yjIAQAQGJzEIkx0R%i?w;co1zllRwUtlvcanC)GHqU3
zlaIbcZVzIxAG%{Xr3w7FP`b;mM#07x`R?&w0OpYEP3DKez?nhz!fGlTDEsu@cf)_I
zKQFkZOo0_i*~ri^1qjIwVcj~RP1ZdG0F)#u!K56}Bo5cAXyJq&bXJwKLosMz!$1A+
z@v<Zs`<380U;e9Cn?lCHbIjray7lnOM?txgHA0#mYIUZeVWZ;1_%0$!H>gFNS4b9R
zYCZFB)_#R+Xy6Uq5(9XG{qu9XR8cK*vF(YXo9q5WUJiIEPX>SGwV(><0?ye7XD6q*
zT%evofdPm|-^k)?UsvD8-=T%Jz}AV5?BSf#Wsno?v_Dy*-N`5@|61374GaSCc?$(o
zw*~gxZ3gk%wB$(z5%{%^m2wp(zrenUXM5?e5abBEJWjUda=La(>|*WXZUBs!(PoAD
z@bF)@@f!sK0C4ZhMYLBobONWyTPqO%Cnh5DMG6=^V|qO$zyxXVMg4RD6F8ee94)B9
zEXG+u4Yt@6(06-fcfS&82z_E*9a&1Y)vtDBKHV9=`R7?_ED{~^Z3WOx^!p1kJ7DyW
zz8TA;$I8lb6kry}tISkZcgXVd0k<8v;*TC&^I6%w(PpKy)WNBJHSU?ga9(u(O59&`
zQ3k%V#x&}$@k!tOb)bjvA^_ogf?j9%2bfF^N1W$Dn!QOjL@Xu!UKU=2?1P+v_Q_%$
zN4-*gpIo5Oz=3ItdXhuHI-o_;*Cd%`lKetrc|DM`&V~K>Oz3RK=xeG@VpqoKQyV{5
z?`nS76@NOC#B%7|IehRqbWoYx)TCiy;1fzsJ-ViDK~7Ez(y!JJW`nBqAodH_4))f%
zt({P)!_-vZw*hFd*^25(I9e9^v8qp$ya+J@3>6gm#z5CU^S8=cYmJGH{-;CBn@#B~
zE`T7RCvq7`URE!934^IKb>{Gbsjz5dql<>Sb)rhq6MviECak&2My9(+O8~S%X)-c&
zg53CeXM3Tb*Yuy6^DZWcF^q?wHPG^P2w|R1iEcjP%XbUt%GgPKvAQ0__z1Yn%>IkD
zs+$Xd0@PpKoetQKo2*wTg+mi`sHpzB%{VXzK4rF|ReoE$?h*V84(%vi5NP|w9*9`@
z85lC32arfeXVHR{&3gO4HPN8k$-47go%4=Fw0xFJ>nug<BvfKFv)o}eo2`(T_TZMQ
zblISq>rfE?nDMZmEGswb2S{MeKUaT3f<_C_y2I%zY%j2!HY>2V^<JJ>>3o<}*B6|s
zMF8;ue<U;T05C~{L)j8yJsTAljR1SA`l0Is(xY$YVYs!<*Uxdl#3^1rzR!w$d?Wto
zgi0Vx2-*&mL}j9XhX@LScVCH~sUri8dH@djbF;aVjUkE#_v^>!&9}Y>fPmaw^zzF=
zbbk_c{OU;zy>cr?_w1L2#>dG+2><qWCiB#)Ied{2|25jAR&1ca(8m7`&(2W-M9Lq~
z#M#B7dS1K(puN&KI~fZ0Je9vr^2wlMTOWX=Lcz>s5hWEMWcb(el_=mk___J$Y9dG{
z)H+!o;C;-)f*&1YkBf%?^bIIi{-;_2`nf_0T0Bs#T<*>W)dHy{CdNBww=7zK;lXFi
zBm?bTu0h*7(G_b+MDQQh2NOI4{>b&6?{R;c<hV7n*5Lqp9BH?5)_Z7SVf2s=4`Zb3
z58}!E+;D;8h6CA#4uAx`8xs?se}QAsIm+o?YytwV6m6*ZYK$oeboAM?73Qif-=3=a
z2IA6)-47)5JEzIYEO9C*+zPny$SS3>eumHrrjGg3FIYO(Prjf?0S&?Sj?omDbird5
zrL8j}{)B@K3-v=G#Nq_M<z$D_BTX^3pT&Yt{G3zg>oCQGp3ZpT$8rrly+u!;!1#zk
z_AOXG;Ic#nKi?mKd9!fJ)TlFT3tDau+5ZnLGQmW=yXA76=J{f5oV87m{|%$lr|{GX
zAnP*NRH;0CYkiAI^x#QXf@ruv@3y(Q6<0P2J@gIsxA*ML+S@#MZ8Z_Vi^&85{5y7b
zBI2(ll!CsXT>@Q2qHs=~dqidBS(!{I@%#t)oj?Q-MEv}3_4PL(sCZ~0najY}1jv|d
z-kY(kYiYE6Sy#lO5^tK)#d<F|C*(;^=0=fE5=j~2Wz_ZaVXDkQT#k)6Q+*z)yX<Jq
zc+ZPZ5Rx^O7z2K9VImI-c#or&>7*2Gh6@cmsaa|<09rR%jA2B>#QLUdIsMzDqNL=&
z2RMfvC;Wm7p5ONYMaE<^^Z<0p+=Gi>PTtVMj6azeEN+jNCJW$m8XBqTQ1|5jL-l-U
zSo;8rib)7&pm@>ZcxF)xrRQtq;(+`7btBexOfEAArHIC=C78z)7l;esz=YWu0Ma}P
z@W%zLPoJ(Xz<a(u|6*olW;~QG{;&w-F{1FR2+W+vQwac{{>aKKKx_U7kjbdFH5v@Y
z7g$-!*dCRaMY-{A_Yb6JdVbpI0dT?P(dLKVGi^u|38}&DieUQVF(jt^M$vz0qG;4a
z`{4DLD+1V|Nr`U4!G1&ubX%r<5w{u|8QPX)J_c8&r0iP3T5{99$jPXw_n!k~9TncB
zsGtB{iZoGgcQnHaz_(Ju!oz7`5}+Nfnwd4asxWsw*^VpdV-Q>&@;apwB?l`Ek+=_h
z?!qz7$?dykYZP(@<tV=1SF*Cq;$nH_S1)6S#GW0WDKRl6{I(!sD$($nIos~JyTt_{
zTaD``UOX6Zk>_y%TOD)<wic>7`;|Z~fQ&fwdcLLqi4lh2AIwS#m`#A&F6qIcA7Hg*
zgVn4YM2ZLEcA3!7sC|dzXz1~1LA3;6jX*EIN2D)|9+_It1&d!C1c4L6dyZqVgFS@x
zE5P?)-rtqey47CqwguI=?~-DX^GO0EHnbsk>r;Bhn~Qx1(GTjJ=_0M$dR{)0Nql%~
ztLtF^s}x}q5}H{8cZEk@)XR`yRsnF*6_f%{=TGL(pOlbRr3DcJEZ=tVkI8}v9Nmi{
zBm}#Kh|v~(;*Fl3advLzY!n^dI@OcmQa49M%_=OQsDOF@l8bn(`CE+uygpb9NY|<D
zJ<@I@CnzKJ%T@HL3k=jgV8;Y_W%<pyLB~{?D**u_Z20fre$A#YwKpIM_<Uz`GdNBi
z3m;NJX@kGABsj7G@SB_Uq4bB6|9AVo$jL!#a8(&!Q{g@qPXA0HR55%8<OZ!)gOspZ
z=9e-H-}fq}Z(#&a<=T3|eH+{W(Yyg9f2yLQv6tRQ(a13WvGx%7{aTT4Q17xwE#`LI
zZVv{QFTH-|ADriF2!rT;zBbsOtHlLmn>xT3*@!`q>q^<^40$ogC>A|P`0!2?Z2fQi
zws=5ZHdODz{`<rY4E|OD7#6IhNHy2k-R9mAaJ~36Bp0nWdeSmW&6So2ur|~Fx7|6%
zpF?EmQ$S4cv#xNdIrum&cJ?ByPoFj#y}Z1FDk>@jpq-b}$nZBJy**iy?tHM&n5vqi
zC|I16!-VL40<6D+46^@T`f!Y9X<qdeyx#t@kfA3IYnjI+F?KgKVqn;kJ;mLlaswCk
zcQRi1hpnC}oay|X<2RA+BjvU~r4F~Ql(P+FhW0jtn^R>*c5qOsJ%ljxu`Uc>h4Bvz
zl9Y}c?2UVdWII<=mSfNs$cgZ8d@NT3IO$!41!$j@WIoSV-*Z13u9Ay1)Z-t-r0pru
z>vQ@YCqXN*V>1tf0SThq%xtyH!o_noEHGV^{%U{%C}jQxCGsk$H10|Z3JR2Y3R5yE
zww!d!!@R4iT&@9p@Ht)h^PqyxODgCu*pj^P1^A{}WtDgiFx>%SV&V;CL?6J#v~&$%
zpY#vlb99LzybH6D3Y5spQQzI6skC9&31r+6i@N<73y#d1=~)F2^VLwVL)cDHQFPL0
z37^_<?4&Q(=H|WMUn!cgsB360ub%Hktq!;Y+r!#DIIvSX!^jvG?I9g$>2Wl0lB-!1
z7Z=}u8cg}92dY<TSa4`qyWUFY(r_U5sFCuk+OIQTbRPpe6`{MStl>>0^{52??g4HW
zI-y<X0QSbkL07z><G<TJPWd;l5n-o1ys`O#qi|pu%-1SRdj86t&2AuxZw#Q-Wp|(%
zTA*<i##gEA`fvSp;pH+t1B1>Z97<Av*gT<+MtiVX2tzUIqJNPRg!42ReEp+dG>koZ
z;GwaCC1_iI=y^qZJ&5oS$N{B!btop-fZ1RcV`75-W#Px{yxTUw)s|VEnx!n1qk_r^
zpdh2*nP=_o?SCo0d6Uj+49+LkKyW@m1z||2I4NhRr*nnBekCKqqUq=o_$?ks?9VXj
z&`W(~wA90eUFNAhGXtn6s9%5<Gj>Z<?{qihpfi&5_;$ms4hF;Tc_sbwJ)e(+H=SyZ
zenYBGNMG}727uK9KP{X%CP-Uf$I{W6{{}Z1i^A8yfhsIG?<>GGp`WavrM)jPG%`wU
zzQ5j?g+-;tp;Ut;&x?~GSGqRSPw%J!0%uyJB}Grnz$&1zeu14RL<IQuA8O?}r!&l*
zoe51Y>`gaYxeg_~AP}34LKMzGWS4_*)3bVf3W^;Ov*8~k|J@EmT`PjYd9Q^)m}VIe
zM9nAiSwa(=VPRNB!z~hUeU1H#7nd%p@@n7Z+>)xTL*=S%=z!#}Vtel6`bDB*g10T`
zOOr`Be*o>^SPZ9|Np|i^!mnqyBBI&6!j%@|?)8ovN*DKcH_faU2qD1*=!4)|{6D>2
zX*iYp+J6ioYO_pb$gmQ}kh08LB(0F~EG(5V6mcY_jPWSDGHhf>8QZiJ3n^r?BtuA{
ztz@OPd5EN9B^ioy|LwEi_j<pa>v}(&vo0TedWQSC|M&2_fA@V~J01`qBL&ZK!rxz-
z6N55tA2U=V!#4Y}Zu#O8P9?Ct`Hnqm0Eh)UHpFXp6^JB~I6Kay`N>$Lv6_T7KTtmD
zl`@Koiid8J!zwaHVq%N@0s1Mju!q#|lE4=7Hfia8ZEfvJY&fZ5@9I_~=~X40BIZNC
za-d~kXLLh4Dsc*8bfP$2s<bRcR8|n{e*M~(96mpVw}BvX9Z!c*C^SxV3<Mk<9Y?5C
zYSPWfg(KV;{ZVAXxuD7BH*Gvm!y>mANt-J~OKZwOs(mTy@nvw4O$kMRqXT9SR&Q>0
z`P>HaBURlWUVEJK=2=@?O#`T6o5B1U2ZwY^SYP9=S}zBB7asvn|F-+Z3j)mgiHaOz
zPjvio7piE7ZETX3d+qNCNp6i*P7u$BMK%oe`%ZqVOOxj3=Qx!@W*Tof|8_O&2A}r1
zb5+wX4=9h_xkGP^_~_(f808Y))z~=v;L4RNKs(G$O}FDFP_>&Sz_0{^OOcfp7Or3%
zsq{XLUEM01e2vBG^Y^(j|H=WUT|e~xX(ccB;u@(Gs-PBiH*`-7KJ5RXVi9PJ&2)9r
zM*ugDHTz}jX?Y^ilM6!N6i*cGJaB;OYbj!A-K(fz6Chv1^d=`RA#>f-mCaBuf2q=C
zlq4R;q2La@FvNhGpxLDWdWH&n&i?-Nfgb1&mBn$`%6$%ox;N0fn?Pmsktt-sY@7hs
zhNyvBFv#WDp9a}ictOvAxJT2zcY<bf=6Uq_R}3+z&cfgF;loF7CkQ|gC+Z*_IP|;V
z!gjM!R<S*XK`WaKRLC-+-QtuV<hB*fJc>jj*3V@^;f5RyT9R>DrcEYk;sa>G*K6hq
z7sn#Lje-_=193Xz^Y@?go?X9Ptz!UPHE!PCCs@n}&20y*ty<)jlmOJQ2`{7GGTl{Q
zU;hnpat?TKi4dsrC_i{s8TQ3{P1EOj4FY}$7*q`Jb-xsrk<v9$5H4muwAlY>DcL0h
z|51o{&z_#_*H_cgOuH-yN(^9?h%LnX0p5#pL_2kmMggb6x#@IK35oZlz~M$!Fl9vH
zxM67C*x=PBr$ct>ok+<^b#G{^t_`{$G-7gWeB17B`oXkG7>@?qQD@HYZ=E0zXqJ$O
zQV!_B6*7UM8^G%AwdRO!zbb@x!YbY;!JjWv)Ev)+i8(dd-wVhg$8Bb@RNmMILGOG*
zS7+dw-KV@W=;0vaNrE`;)JX`zvt9~7r{uaU9n?fb(hdQ~;CT$sW=TmQp`$qfr`MM_
zj<hX(xd8(nCAEADriE2=zT4j$^@7o8O&rN=8_|d#GZHue8u{sxsiR}3kG>(1Yr<*a
zA8#ca#qSAY(<9Optw~6c31SI=KT%|%g*xagWPy7gR8^5MIj!A7L8iYnO2Ah3>yGmE
z*5-};mX^MY-9=QcuUR^@XMNzCul$w8O#tJq-0ag(LqiO*Af5>7OubNx*M|8+OyGrz
zeH?PzcW!ouwM=X%`Mm2@g`*))>94!;imotz%xC)^Sl}rq#IF&)3R$6QaI@k6GDKcZ
zxS?&_Y2Dr3w6*VFes@J2ampE>@)1*0m`nq8w}(^rVV(280^pz}lE0NTA&^aH;2rjv
zo%3fy_4GXks(jn6R@PYYrn2}iLy#jrZJ~I0L6XZYZM12HdTVxywG)em(6G9!tn4+Q
zv>`ABdatEN3}{_3pRkC?mJ%i(vEZ5F&YjkMP`l7bmfgFmx90SXgKM{M6X(?X4<!{^
znXLy*Jr@M`Vwe^FL#*BmPfT5r0MsDc=XX=UWncaSfSSdC@1Zw-krmY5pd)GpRh9r)
zV_mbdw(%!8GVQR0a@+3RyW6RKjW7&J5ox>1hHcxn%|T}{jO96553H;pY&gDr7kb61
z$ve~RbVWt2s=qIum}}i~Z{UHzI!k3%9+-Pidqi+cv*e7+f}1xd&NQs8{xJp>umH%Y
zC}L7T8z-v7>|Oh=844+GvbB{}8#F0s0j=@LvrNqwfRc|*c3ueX%3`Qf^M&0XabvH#
zS#4K~?dQ5;2||2g-zv)%`wq`6P0CVuc`eJ)3H{z*8^jARSEvyQg1<&Ejs-Z0q@~r#
z1Q#5vs;Vjr27@O$$j$8r)T?C1bGd0W?NdEGkPV|&g!;}-QE?-n_dWkSlziN)&HV9|
z+qb=0fTJw{C#^RZ=@ole2CjNWR9yVFCivYsXzMQ(9M_qUI_4Yq0_LyXGTjVnWga%e
zLA|`?#fv_?@&v(C)-cs=Wi(-zOs;-V8!Fy5!Ie^h5l*1$lSm{BXpBlJsjXcK17J4A
zTtV+q$gX!ul9ysRJ1$Q>23qp-np%%bg@sz@0es#b)XSg+z&HV;_E}(G=>z+Upxg*$
zEA^G-<-4!J?Quuf#PX?CRsH<rwzUu*M*&;ij1aFUFp~G|m}%^nsCtw)wzRhDTV-h}
z+adcwMPMsI+5Eb?t1zTZE>>1nclo(F<G^B0-nKrh7p&&__%Y4Z?UKT?rx!j$C%S$V
zInR`WVG!e!STMPM1qgd<4Aq)^c>+Nh7`}v*i>M!Y9&d`_)%`F%eVfy`C5HEgkH-bC
zhy`QfJC%a-z)|s<s5y-)0m~m?cf#ZfSePUrD%m=?$PftEM8G%_ckI^C2osZ%szWu$
z5DqyAx*~FOW`Cz243*ddy60d4tsOUaIuE1Pc#0Vp2A}^Wr0CUS^Y42GbH3toM1~VY
z6S3(qFh<18#nm;$&)4@jW(?3FQiA8JE9DGJ`#2?7ieMD1c0T0eMGBDvI|#t!CvxQS
z*<MJsOF~H7iHw5vt8_Lu6LoZSSodA)g7dMfDH)e{u6>UY)ASzhDmlbZw^gpFtOx`t
zm*$ZrAn1eo2b0MxhG!pm2gc0-$vTA-eY0XX=>{-vmJFY++8xM4QdodHlN)s=<&cY~
z*`g}Ym(XFB+$N!`Ypx*7$IW>Vdc^`@2*F(#YdjT1dku7=cmxN~O?vLw3JM4chJY@`
zb4RDs6-r?@rjxTXU10|f-slXXc(1{RuPkNztFto_m@$xdmS6}yjAE*fTo<-7klhF=
z@t|6&ljw+6S690Mi%%aD3S=w5K|j6natG+Odh_T0COZKE7rj7ZgAa29Aw#YSadAhW
zW?*N?$|Vp87;<R*W000_`iY<4skaLE?YV=^g0U^Vp~2<6y2K0dAt<B+si$Y8)=$jE
zyVH2I<2r^#M*g5f>&Pkg?5tklC>tihZ$R=^5kiEvUw{4eW15n!k-R8>D;BsgglqV;
z@crD+ESzSKv;S}5NQT_ES4G7S0N;9H2Ul4FPAKMqSEFtiA0I!fDJOUIB)G6qj^X1j
z(yN(T8$p*~P6CMAB0VK59u~iQJuW>Gnte4}bJM0xgNtyYhG0^ozSwmTwn`fa+hHFv
zG!wA7EZa0mI?PQ@$Q%qt(#JP3VdCPkp|i%l6JpBa)3m<q?CrxRJ{`oF;Ltt&{K7RL
zx{5@{i-we&h9Q3~)(@KcKj)S+x^Fg6O?r=bUbfCY6h@FSM9S=+`8Z+_p<_4rkOO=5
zXHx<66wLIE+(BY0;zUk}!OcATK6R^@*n>}XpC8pJ{+VORWb1g~`Gq?mI&pAv?k==E
zO!njs$kF4#gdm&~5J(8}@bHjIOiUbNK))Q35x6dKf}misJ*vbyReE<hV6l8Zwe?eP
z1)l%x25MNyO8u+e5Hv~LsV{+b!*G*B92^|~faN_ut~qUjcauc#cCEAV0+)LW-r8FB
ziB<N8A=VB!q>P!FTAtR%@;oD&#paM*F3~^QQ)(jLZHn$cl6*62`TZ+U0axeW0&)w|
ziSTZAp6K1^HZVRgbgV70ZapkO;ph6v4GUBD?*w@M-VflrfXb!hW$|Mt`fKLCWb2+X
zD0i(}$ZF=n6(Jyxfkd!KSW45oGp(=h@Dt$T8FEKMaO_`Q`51gn%2rwTyIunTVlH@l
z*My94V#ctZ{n+v26JOwvl)?Ed&B+yxi#310E+BnCycU<1wn0AsCJG#zKgKuzB_^?0
z`R?L!#?lfnP3}!3@4e^qf_UuRIsDk#)UD*a!Mc!B4`O2WPfRD7gC;#ensmVGrjel<
zncV-hz5Q?e7~oR(fpiH+_ke|+U2$I6Sj)z~>`eK^XJS}wr3`9cMA1z>@O>mE9LXSO
zDI{l_IRfMY1|QbGh7Jp7cyMlvL&>(e?UiVVx_bt`q#w7--Lt2>p}A{N=7>bC{w*j{
zXzbg!&t_p^Aw<mH5H7^KexYtK;h%XoY|z&}`F36cL(OR&cWj@qS`$)I9NEE%s%A+?
z<7)LyPW5A0QAx=pY)lUws*eb{o}cfLF<PQTEMOo+uqYmRT-f;cRtH8B;Av1d+l2X$
z4cE^s56`2JHDLdZkb)F{Dm{E*rnEn2?y1sEiedPCJ6cWj?V2-sBHG24mX=nA`bFsZ
zSJl#T2$|~6A9Je@rwL-*Ci2Y4Z@FjFmL~_8Bd{<CPzW9jLAHOqeJhg(1CwK?8SvE^
zvFKrN$xNs>=(@SN)$b6F`?V$l@-VR|XuR1E`Rp^Q_eltH3<EccLo!tX*}Eky<dd5J
z`gLfJxFxW^ItB+<8)1B2zl0H3B&r_d6%N*kTQxiz0TZvo8hvg?io+<|-`rs@Y3Vc*
zRMrpim>6x~v_WYL1`6;431?}qO#p=9x_%U1%nOP*DE^^aA(_LEuJs@N2mdeJ<KNu^
o-Ty!QivRBR6tLU>&)ctY6}GeYcaT)iVDLM5z=m?y<mknJ0=msDPXGV_

diff --git a/docs/sources/terms/images/docker-filesystems-multiroot.png b/docs/sources/terms/images/docker-filesystems-multiroot.png
index 5e864273f33e4b027eae4a9f46f618c9d14e08e5..65b61d94f15df00746f152bc0a9d1b4545e0e735 100644
GIT binary patch
literal 63920
zcmeFZ^-~>D(=~eF;O-FI0t5)|9vp%Ng1ftGa0?pTJ-E9&1PBCzySuwP+#&Dt*1dJ>
z`vbloo~fix<<u~>_nz+6Ypre)svswUjDU{-0)ddFBt;cLATTKi1gQoG1ALR};%^6h
zKsgFaeT4%qPdK9x;NS3elIo7Y{j+a>A%tnt+<-6NIf<z`DcPDhx#~L@gIrx*8O&`g
z9S!yEj2UblOw&&I@IfF_kd)}BuWso_%N|;b)6arustkc>3}k30+d4MiCve;wRjsX^
zN50L<axz|WET^}g9x}AZYA(9F9ux=`s_fRU6gEt&Sf1A33J;ZQ4L%c-27>&aUbxVH
zeixFwSf7}^JRb<C2$Dzn=#-^8@~v}~C7}Dv6%GCEk`fY_K_n#yuAEC)Fx>xq7X%R)
z@^(@7fP_Wgu2_8#+1owjf0%s#{alO@p3uKrBw3J1|J_3Q4hHStEwM=deawH)=D%_C
z-(+|Llm7z6|E(bUCGr|FB*e^tHEsC9H1iwP{<7<8hPH|djs-{BG>A0rPgzGt$M3DJ
zt(?xMZN^p{Mjb7|8O!(N<hOC}kb*j+uF2nix=M}SZ9hM$z-Fn*Ue4a$K5*VjMYCLG
zUQ$puTfyo6;Q?PsNhzGzeJ|T~_ixJN*2pymdd$^Z@i3cOaodb2O44yR*ZK76laZ!o
znyRa7<51KMEmjzVpkQa>)zy{1&(kJJ>*VBQn)Wlks3;}TTam$!i4uI_x=Jz4R8LMy
z!ku1NI5>{1Vpc@>p7XhMn#0t{Xsc4Y)x}g;*x$Tt20)_7xAK+aXtmhzaqqmJBr7W;
zgJ^bQVq?>3ZtM<H$rLj5-9|Pdgd7R@0wrAH8-!jx&ozd0{zT5SMcU3tM%v??VbpPC
zNC*?J^Cxn02Si{IIhRX*VAv-TudDHUiAX{zGaH+m<AVc5F6U46oM>4nlqNUOks-yt
zf8{<%rlAiAPTUUgB7IGFk)j#jcM7_{+}*9v?etbvQ&S68!lfi9FJuM^YlcK5iQviO
zUT)L~zulTpY`5N+20hMh3t7pO(2^563x@kI@vj)9t_(dOkVcxHf38<6<$bW<AbBC<
z;rjacJ2W&swK}seH$lh*H!x68YU#T4=;#qxKs_F(R8~_fQm-|U1@^<MM1YU~#LLUe
zpWgCw0vsZByf`iS7b-`o_w;k0+1?`A{<E6)#+5NYA0H1G3?@iq)Xl87S#AM)dwV0j
z7ZtVn1<(RE_^&D|B{LP;Y3I|by0Vp}rHDs+dv*-i1K8wRbHBu4(9&Ss+*-`~7^arS
za3wE1Ts~V2rFWD`=O0WRUSH$tdY)IaTh0(pnXxT1sC`5q{}u(X4l{pqGcyI7xhk^f
z+EIZtb!BDjsrmW+^?|Yo$AK*&BjHu_l3pZIZ<w|H?O)2D%Ze*j$ICPI6jj%!-W#)|
zO!xHUvT|`Xozx65@Lr6Gpb{yUPQNV~#Q=x^{C*j#xTjF+%;cMw$5T@k6_ud6#>Ucg
zL;@C4dYiS8-%}~RNl}QZ{BrCnsC+F6u4+%2m_{rq%K3`Ufk8ntI^Or&62zWo-MP~F
zj>hbwqH#oTN6V#Ot#)=)J4)4lzmw)TI5;RwltC^~6usB+GbS2>@-L)k9fQU>rGoCf
z>e>o{98$fUb`58I;P>y-S{}#su&-yqf=0~oXz15(QHoE&*l}mDR9e}=)7aF+l~Z0W
zYhACAkyf9LO5*l|mJB=w(_&V?8?#X3C((Ej1(Lm%(^jO4Q|IUBU!))>FY&p`B_X;S
zw)KwN%$deOm*sk+XBcjW<&6bTkE^elx(W(tz(KX86Cdr8OwERtyxIvmM5VHN^*6Zp
zgpRNMJ4WSll{5+p3Od{7?ZoHXB}aL`aFx%ZY!z=Y+B~<L<wJZir6fN*`sYt5JATB9
zTrjfka+h`l@M6rufID+l)TbInCJ3Z8(lT1|WT<N0zkRD06BAQj`nH?lVbgldvFm|^
zi5|iFwl=xDn?+kNiN{g(eSZ{5l&!h>xxIT>({I%&^D9(B{b~k{kIf0w2w!nBr@anC
zk}po6Qe;e~&DgA~tE-I#ALmDJmH-&ZXV73qA5YeMJHc#`U=;J&a!t<DweA3TSy@?)
z!k(Z7f@GfDQ#|Eg^rQwQdtb%k0;Un-agmNXoF9@Wvqc$_TrJsB8}9DzCUl<<R9h>W
zHo~NF%acO}j^D5fCMGU!v)1K!VZPP%RE`-B=>;deubD%fmK`liph}XDR_gEC&&%+7
z0-9lhIh4CA`=85OQ^wm4-x`7I0~uNN7OKx(&xmrV3is?tc*uY(@X)<BRYk=domLm?
z9nMwHI2B#p%EO~0C!4S)Md;pw8=`FKK`f;{Y^y$Lk-Zbhku8+BwQ`N=yByRwG`B7G
z_ZPBrb2s1l!4l8aTg}(-ysg%3>feJEH8o2$YE6d!mTNW^%+Acf@bHUiRiLfsyy|t%
zv32!KelIP!R7`@V;bylh%%efvvvNJC0nqd9q3_w*>-Q>so)1R=kmCKf+E2iHVl!vw
z<fH>mHR)!*Fl(fwq5|dQE#0mDCo3z&4PelcP~6;`?WRRt)Oh?h;=r)fIL6>altPA5
z1)3I5FRutzlfN`>d)dJ*!>Q~;%`Q5kqAq}(7|+w=NZXbdxHlRskWFJ58X6K=SX|`K
zc*{z@j!G^*W^ghO=Gle)dP%5O*8~KX39=QumZ##;Pp(fui7~HV*a2{DTkv9lf;TQM
zE`v^yjQpS*Kq$<}K7(#V#<u9Q-vqXQ`5kv;l7ZsHi_HNdrF7RjTntqAjhYdoql#4v
zRwtZ2SjA}CiZ5cf_g5^gGXoy__wU~}WCD((ACZwR6_VdWMn1nC!%6$aARRMf=hH=7
zPEJlpLj%WdVaQ?6qjT;cmc9tV9*}eqO2^hh>*szS{XSo6VMsgiXiv6%yL8~NnyaFt
zr~li0sVB;|52Vs~Q;qp#!5NTF-rhPoI(2`HCb)<=oVvl9t5hbS7Bt-QL^FTZ#xNVr
zZ^4fT(t`-1rFztEZf<J86E}0j!sURsYhw%Kvj{x;{M$h$&$l>Rj>X9fG?N10K4Qk^
z&P&AM=?sqg^4<jWNlB|tBj-{y4V{LI$1c_5n;%}u-diqR-`v==->!Hxt~k$XH$y-`
zj9?d|jR*DtCm1_dZ>ib^RFfSNUKjd~{QSPz{SO-}-Z?aFw|L6H8^_;F?ZX%sDoE^5
zn0PFrcRGlrO(+p5oP4*jxk(3<4IR5#ZP)F``+ET2GGKw&9N3N|=09izGN~CBl~~5Y
z!s5aa$o7R+-MPIFXi>?uJj&?fb4(o9$g)fK5Yeu^`=3j`mPGpcf_kQkm4;Ny)M9*g
zGhBBp+3<Hq0?@~s-W00b2O63&zNfPu$D5=1xQVf`pN>3MMN>ka4_z%0MU>0|0lm!0
zGgQo|zb4?Fu05yjLfw<9r<UJqbh@}gP@{r)S1^^<l`Tlgb&#xnNI`o(^}A$jwcV(!
z?LYc@Wr532h~91N@6QwC;msvSM=Nv~^o2d~o-}RNX_TALkfnA3`!eet92%OA;=33q
ztL%Jnch}a|7BV$01Zw-&65qKgzy6{eCD3=rcP0~NCE$im<n%w#C7*puFn$&|?Mcn8
zcz4B%>PbVQaS|oBV}zvaWY!a{pjgerea(Wf`0V#k5`)VC8yM!?mv<95tS)4flT0hW
zIeX*kJ4*sl5=L~Ao`AC-zC8)~#hhtVPaiYPaxq;aOrzWe6$!~oQc{wp^J?PrC4jpP
zlhW^Bmq}A;-d3zoUteExeK;%sx)IK3GBY)`2Lw$<8hM36nB91%Bp-upAR5o?>m%mb
zIHE{!L<~YC)Q&df(v#|!yi){%6HtfyB>U_^{teFLwi0fL#2_Dfk=fCdDunziBv*ro
z(~yI2=Wj4w;bFDAIGRfSAv*d`VmEU`SQH$Nb%igiZy$Qu5c$_55m;YJr%l>*R-@zN
zzq-sDCvC5|AC~vYX-9`Fy%`Z>OG{;*8==$%0M(LsmynRqO+-XQyIT-4)W^H<thxF-
zADpSfpmj~zcqy`0?9s>l7^6_)8%;y%7Pj{^{fdr<(wo<Gf~Ps++V!v~W||ixor)aT
zANr2|rF(-WC0|MA{Nw;C^#EW|=S3f|U%d{H))pT9@@Jb&mf6~FvmgXKQHo0Kim)rS
zs6<TCNmL49^{;=B{!KeT{k~M~BW#iCAtI$DPh&1DmaCNAd$7H2jDmn*At@)v(EfBW
z<Y?QnU%)z|6&<1#01>#yX9!^3DBq>bMC)k>Z);f@eO-I|@?>)r8Ti-cV^~idi{IV5
ze<Z{!(}ELXaTQwNxiNW~Dc*P%@|K_CIP#M#?%A@+TDYq3bJ{V<AN5;qCdd7O%4K7S
zR05D1L;|j>@KP}ws@o2((8wod{$&U<4SB8fivEKuQs5(aW%jx?B_ZeraITyu_gtZk
zS=4Q5ishxGxE-gJRkw9qmz|9nv{=w1Kw!9WN)v$CTnsVxzhU0xNIEy>_{>a!3#}DM
zNU{#@9sDzo;yKLtvm6oV#s`J)NxDwtSTODr6<84$@^d9jq89WW?0jcpvDlG8d^*%$
zYaxlW<k({pBvI<{TnDmoic^*u1!%%246YUt!r9_dyt~x^3O{T?3|{;PxN5r1ZHllY
z+2Nd`j(TV&4oGqEm;v6?EK3TF-t9O<$4kJgMk#E847NmznO!9xl+`z6rYRn_MUmoY
zeSLqFQqvIa$dqw!!-<fJvTiFxiuUfj3gatB6c1r3O&}w*0pQtJR@F{;+qE*%Yl<kF
z27vBy0|d5h=+{6#i~vaegDpiyM-KI7QX-vqZj`Z0tTg|NWeIGg6)cL^`>^iE)w7|k
zji%|kOpUOqdm&R;I}1TOht4~-Sk|X={Q5>X@>*3$#185O(x@w&+BTuUn5Ui%qMHe=
zYLnstBl0cL_Yg6EHVjWI>-{Fm4coYyN!(sIg}x+m-R$_%w5yI*)ABP&Pxg#jdg8bz
zP1PgAy$=pc9n*6<vOJat2p>SaKCrRXF|e~=|3&6pvOAdg%vkQS9veDh3G4)ODwxC@
z?`Fwy^y9$raD)ZmA9{y1F*Gq6U7gtdaMo1CPbo1V^&p9E$K|SeSLECiis1!yHXxCE
zS~5LB<1cAWtdKa1DRUt@ERhsfyKBTEw7J+wuu+aZ*;YClB4_Yy4)z<MB&AiK%Fkm!
zyOxd%%_nj@Y0QZ%>I3O*wGvvOawir*8C)artK`Fyy*Jn(&ZjS9&cKvTmC1e8In3B1
z#>dx4%FNVp*o@%JY}v~Rx6p1f%DIFA!Vap+da>arb*7tv4nWbhK7S6coYe1O)LR2c
zMo?3CUTE<!T-yVuJyHq%D*NowvXqoIjm<=%E~yK)*6_p!VM+6fxj*Kou9RgxNXfFk
zS}1qWVW*nq9jCM25adpGX2A?qwzimlWe-SpZUkq;R6i>`*BqZ9duO?<A(*_#qWMfW
zhBM|L-<@T_`dxSigS8ct8;{kdC*nbF#Z;!eMy1#^MK(le(kQs>xqU}pY4&f<&zZji
zbpCHTckNa|nhj6A(H{)>#>WsUDj2jJdy~_Z_7;Fi{N;Dpk`#7ytkqRjO>%Sv19em`
z*Jlkb!hYCbl={#Xm-7z-YM01+6KhJ7u;rX&b3?%%gWce+Mv@T!GndJ|%G@YW#RGTM
z0d<_C-p^@-rx%R1yOHcH;Oj(PL@l>~<U$tWdJYKr6*>$51r5T7ue$XZxCJl^!V)rL
z_lp@7ixy%!+g%C{c}?%ik0Xb<_vHcF`*?R(7xcFHRQA%Xoitm4X1#8Iaa@KpvtNcF
zGJFw$l;3JM+AOC(Ki*OkAi<PRD)qK|io%w>9NYG6N_e|u1<lxC@FMXFLf-h0AvAk@
zvk>)jp0KJ`itcbbvRPS_?OLz&o9y@9h}&555nFH8E~)bqS|AtN1REVg(;~vYxatxy
zS$pdeNf{I*n+d20c%k2I>5>bX1&DrL4JqC*bmK!qBky>fPIYu;<oRoWn^%A|cUer+
zWka$~+BWxftpL_nOttC7(qSr5)sK@igrg4y2{QhV@4GMF4PDhtUtm$8UuE&68>hpR
zw#&KH%&LZIxiuz!G@ulUgfauZHx(;u?cR*0Eq_8v3imJKMbS7^FkFl%0wN-yPs{$y
zH9MMWczLyt>{qStzhB8X&LGW9CL5`dugj&t{9@Wl^RjZwZMT)?XuD$UfG%mm0Bynm
zp1?s_P55JmmQmpz-d8H^D_7g}?Zgasvd2)#Z;tJp*&7B8hqvb1CAqJf0#zQJ{HsNE
z=1X^7HU7W?#ernaO-MuMv#mn{Evddqr$UY1osDM2%mf_as|r>V$+Ngj2+5B^n6nEU
zzr10Z7JhEaZsV>1TdBuOWlbs<?wT8}wo>f9+=F*eG#1>#&-}}E1D65$Lt$~-;)`Rw
zB4Wc_E(Pz7GbpkW95}uUk8d9yTK)(LDaz#ca5<Ovd6<mb-`|h4Hbs|J0FcB+L0!FA
zqt)fOtg_>QwjCh6RkgKB@OoFa+_cID7H+Sp5qnt7+UdV_hTox!MtXj<i6j`cNX)%L
zYo%!Sqcm@zAv`^nc6P`rTDJT7o)&b@Uv*`n_h-6-G0%oIOr>4j!}o~4tN3&zBZ!EY
z(M7@?EM*j1*J_Qd+*NJshuJFXMkla8HsUMd)ZIl#y(GB0b9~)J%?OD+je-pMb-*~8
z;515k-{9dc-R<Mn(!EpZ2m@V>v?dJUD$kb%f0S^??B3DQO5?%!57UmjBOhBfBYEZC
zQ&SUYH(BM_`#}T_NFgI54+80#_j>B{nx?F+U4D9WbY*8T6D0h>hTgirh^3ErMS2$X
zo}BXo_cW$>2Ri3KLG8*^{2xM8f*YtHh$tWK3!<3uy_yj1m?Qp;0hJr#pVcO7j-Jj!
zgM8JStT_D*3qOQb^wHB1<U=IXJ2taLsW5#C(3Ql><%NTa;O+aZVt!$E)!u^dC3;6v
z!M~g>G}qL)wNWz~gAZpVQ1+{wHt$mWvMEc;pc5;`U)yd2V|R**iVgsQmep}s(dw|V
zv5`)5MUL+Qye|}{6qyTPJ2G!J5(^z2-J6<H9+5>)3U{rDV|fhg-JI;dDdTVcoo(GU
zdy1r^yIvM;Mr!>@H@IXkzPk9bm}?nVyyhl-(eLocP;+vJcV=PU0=vJ0=kErWMytA0
z83G*9Jv-0et`x$bOrNKEu!wP4rQBU{ZJu)Xyz>=8#33EN-`!t2De1eY;+{=_yKWl&
zcHD#gi=;pFLx*|=fF^T2mutlxJ~*0kMkcT=3jgWOp-QLa%qjJ_$`&pDs^KmyHT~;5
zBH}5aN|XQ#IWnS#8eat1n#h~k_^@9Xx8nVH%x!FJoNZD&-~3^NCB;pmzL7%NAPDc|
zcj$23WFaFY$&=Dj9xt5$kz}h-V5B)B$gAmc)+xB4r2{|qsNKNeaX#QQh_^x6Q5<U=
z$fzT7WR=eKW9l8ZD}fEukelXB=cKbe&aQADEHEh%Aru~NSv7PdK(W_zGt)mhjB*y-
zFc2OizvrJ^a-`E3KkgkV0%YUe<0GepgoG-+MqSa_N$aTqHVzKQ1NynBO)p4zYO@bl
z_Xptk%<kY|V~f?**B6(olsZlqWHY}hzP}ipa!%gd&8TxPa=H=z##pyt4SpuW;v%w?
zYEeSORJesj-=zRAXG-eZEDyr++c^~>I6JG|J=gFyPv5`T1{RO$%7(n>ZSB}@H?ujL
zDweE-@1Tm#zv`(=`+jty47@-NyZk=B^qrzl7A!2~tz4>9$o^*VJwHFE85kJQ;xg)Z
zK9~wVs@wcilo8x8XgrMV*E5<*FVCkwql`2(AuRvPhpuE%Pmu|{Apmbi7C%wWp0H>Q
zPa&1!!0W5dMpIOy%2CMuq2FffgN3Ap^k{peKpSK9Uo8YE38|O-A7S;HGFCpj_RQ7G
z+8dL8rY@4L6g7sJRp;y7n#8Dv8i7$C?dYXYd<$WD=VQi}OuE-|{Ia*4>K(U9h>3|a
zcrr%N2naNr0msAN<FuV~c68MCY7#G097tuV_EEuCzOCZI%+##7I7~nzwr8Lav_$(k
za$v9!^3KX_2IpfA@KV}bSPu2|2hrM7N>-pbLm=b>qB`u?)|w<UIv<xJlze^~q7R*1
zIEto3Cq(2i+BKpnV#NMo6}w@mAv=a5Grn(qV@PFBx1nT@B8`}r)DD8)h_pTB&@wx7
z5dK=RZb)U}a5a^fMg#`kgy{KQ$rY(6OwCTX_=w&?Z}u+}LVA|D1L-hJ39eZaxc`q_
zW@tP6_2hBVOf8=~{-YxUcbo}N$V~D6|LBhCc6Awk4Ncj+ed3SM(&j!p@ANIN<mIFg
zroxp7_NVasDM{KyoeU*$?fC;s;)hnB1@`x;_ErjN7gX;{f|NO2@rk6ST`omHOPnJL
zxi-S-)7BT+hkb_itPAiNIf?SKU4iXb+&Ghc<QC5Ho2LW*^v;&V{3LzM-SxZ8f<74R
zo#hv1c^8eITYv2EH|qfPJuE~l;xqv-kh^i#DpKa{j_muu-YA%us+a`?-V`(Tz3Zx%
zYsWvyoTLZJhCdw37FlpUoEheIJJT~zQi{t0SYF{SoXl&tH`zE4S`l=p+OS8@GO4qQ
z9^s_1Oqi0Hh%#x^LGUdGLE-sIQ)+}j-o~c$*x5vc%24T4-VV%MiB*(}J#4d#U))%A
z$84}~7J%R3hV7p{!`?Y3_mTFWHiXS|^v(CcV#p&i8CK72C$}r6@+4nCuBANs#=-ic
z^snfnTqx-)y91In{FCn|@69@)OsewK9TdU?SEoZjT+`xbAimGc%slq<^NWCohu<z$
zDIWx+^&-MMX)`w9l?e}wjNE(!wCe8Bax3S&9@8B!zu3}HA+?p!m2*Bq6iJ#&0cHE5
zNl4nzIM99Y_A@Z;VFW2Wf{3C<i2ipL;3KlZot|L?mjxT4e8gSm=M)NrDy5yUT(1!e
z&d`P?iB6#Ougx|09Bm<-w+lKJ!@W006kiQJ-WCL(3UEJNI+1m4(Dl(rm|u=QpQ_L)
zXhUKdhcitqP`>=&WA|P7>@+B?NfX)Ky!boVkMV`#g@LH(MVZzpS#Wx_VJHSYcUzE}
z?d0pb1z4!qfbX(JHV#%Vf9IzxoIUjP^h6XD73UA8OD}Ez$59C0iuFPwWjl$Fk1v`n
zQ;%yl?2oK_cyQMS3=qfQBmVZ@>gX3|f|yY7YE1s+=NI%fRon>AGtI9Uc8?Sr%TMbz
z{vU}pcIvCer{LppLCwLvJvyIPqRr4n-AT^(M{vIoAm`ZRxk^9IJMw_+Jpm6~GIQB=
z%5L!MqaX=;eplL|FXO6RTju7$qwgXK&L=az0e-lr%UJ``p8-UJ<lt$w1O~|dFgE@=
z{1vD1UZoX1Vt~A3vu8KVH;b!V)GrWXVNFFRC#(Ix=0k=0M_C+TPX)AebjpXbm08U|
zpk6I3EC>}AhR`VsX)OTx_vKFo_la=aP^P?Jp$~Hne)Qujyp}`hWu-Y=h}3d3tQhGZ
zUZ^Qmlozc8jiax5f3YQ!SyZ_Mf7VpwP)A=KMNcK5zVI=URI}oxQBnPD<Or=NNb^+*
z*t^=2A-jKI6!jWZt5WmD^+r5$BVpp;sT*3~C+m;h>cDB9B==luQpl-RQk)GEG5sD3
zv$^N91GxIv-LNE{w?J=W)N!4~91`H~f7t&2uI&Nf+5#T4Fnq5Jff^-o8jp8y%=n$5
z6{OBLw7a8i$0*wC!YI&;4?|d)c6o;)RBW4wS9b55)5&F<XYY@2z=ue|ZQglo+o&rd
z;BMCaOZP!w-wtv9%Qvg=BC(i3zmFSDYUY`6Ur{9Ct{b2ujXyw)xkbih5Rivr&m@n)
zzn3kDdF3-_!&ed$>)W)^B9|paBHh9<sa1d3ijyy}TB!R_+t$XH_s<piu;E~jRN!;C
zc;~dcie6AXZH#VhYdO^0dS1UR<k)`qm^jqOOr$<4@m+CBYtLUy){jArPs^Sn(*w=z
z9D>yHc5L+g3Zp-`;;|kMd@^AS5ee8<UL<qR@M9BhCyt(VUB89^rw3G<*lZJAIZPuw
zR-7rMm<&Co%2oH7sf_Lf!n>i{d6q!N67%eeQLOQ!QmshVL9UA4eVvfzUI^k$lX;9N
zX4*6Y*4IV@R~w3#D;ow{{9_XHgrRM1fL2;kY7j>_0{deN@AJpiaU)yre0@GmkByDB
ztDP@%0nGDW-eLIKhoDE<4CV)6b$p*17jT*`xZ_y?OOCgvUl%H7P11gefmS_mx(KU3
z_|pyvU`NRjj=n1)7Q#gWyg0pS`6b<cy?w0y{0?tbq!xmsxi}6qHK*@z6#L;?x{Fgb
z7!nnOh`u$D=hYi*3f>x6tBbs0?^Q!Olg_xlNP7SIxS^KBYxRxD&4XV-dE<;h&ON^J
zqn%cCQGoQH2d12LtI>-7td&1~ev`6$#NBCF0I25{6qsZ{ea?mVg$N|P8KkT1ecBa#
zP0>_S<H|2DAHM&vp<n&HV|C?}ADdGs7!e`(4C1;=V5`iZ29JN(*x?k=o+A2@=Vd8^
zeYPLIVWy(Ayfz9Cht2ssR0$nx((1AtP|Stgc7uv88uTFexMHI;RDr%+kZ0C2HII_~
zLr4>GY=&0Ar4IZFJ*R3#I{^QX&X4*OLhcCiZ{&Bij7C@$xl<yjB8jF*-eOUTaf606
z`O~e92yJXLt9o6`oOp1eH?`(Fp&~&Tv>MCF0@-zdG(7n~Jv|l8%&0_6>Qk5vss}u?
zXz><B{BE?ig*db&S!CZ6_Py#eC=h+X7)Q6J$v7sbKc0g+di2~=$JVze525drJL+mu
z>SkWMUj@y391Akqw9FN!_!N80Qsm!eV)cLyOOIxc(#06!^yS)SaJY7UKZ=l<Mrq~5
zJglzc^WAw9M`CfJdXPJ+;MsZMqpia}-92}#nu4-lfQsS^^oLk48atnlovp2{b>xV0
zA$ucq48&KNfnI2r;D8uiKK%ZntDl6#xU6(3?)O<gecvn{Lf#8RERxn%zaVLQC7!wd
zZiJRc0&`MxTTFIn-WAvzTjGa3HMR6T4R)`XJ3O4jyIEes&#-5WB#^KisIN;~++810
zA!`#`y@^g#JTdNepM^%cV;W^n&<{@MC&^W#5+<+VuJj!d$R*hDc+dJ99nVKrq}dwh
z898R%AyxB0v+}SQ;J#C$a;S=Lg{Ry|q*EkdxOuCkCgz8Z$CJlDMFQ#sZZpg!NJ1nh
z8`u+pv&+y+sVHBuqn;d3+`nQmL^Z7B6ns6xNne6BI!5m~IcoP1h!rxhfkyF$CtUmx
z3Boo-^`e(1VfZyr_f5#CrYV!oo1?=G+U;PM!slg4xeH9NtSNMgz{n5sye{B+*bzE!
z4Hgdi9?GNnvHu5+APOWU{`cD(<#iI09g5O2<2jP<W~E-6{)1xQUG;W=d<_r-5h5ik
z+ujZUlGPmbgPB-{_-hwB#>Z|1DVE<<%%Y<Tbix6)zFf4srI^b<(_=i)?jECpGCz%H
z1yi4yXILVZF8;_lwz|<-+tN8dc~Foj_3aR1c~u;Tajhb7%l#CXhS}<i*$OoBZx-9#
z??W`=2SmSQu^7{?ku2Ss9+hG$b&YyQJV-MSZMK$o?Wi7CdNBQQ^pz06`2M)r7uw#{
z=}jk`9#AW0;NNEDxA|*I=&pqO)U=G~qq%s(rz4eb#aNOEm*Pd8P?$%5K1|CJ-94uj
zp1t_d)-^2JZlJ9}Yq85hMXB*p7rpz>Zl$D}b8Bi?rcUCph`T0A{di}?Y=qdpd0tah
z8Rs@}H*%tD<l`*olgGgjS0hFe-dnOyLs;6P6J-WD4vBQ3`fy%Y@|LuImgyc@K{PrA
zN1j6Am%{o~6yh?SVtm=+H=Q1{{yAK3&>?P1`sW^HkBPT|0kA(r`S`@}tZW^RE`wv4
z5bt&wX0<HY=uOt<b-}FyC)~uG7uqO{36P(a9$+A-zE`uZsF^dlY}}=oY$@00%p3U?
z=OUILYtO~ahG;i~H6;$)_@gn_1I*i_J_ro_m=-=AGPE~5uD2aJ-=l^eC^xHrjH3bD
zeTwHYs3%7`!|M)W0|FChBymg@%6FF6)v+0f$|wF2<sH@}f!wKZIsG;8{BrFv?mhGF
z<r6=zK}uH+3DT;~^a66*3*6ZV<_#DXRMv*xv}<qPlB?b-wtkOW2?<b>2kmbWj8$ik
zT^EO9USaK*0vX2!9lt}Dg=QGgod}oP?eZJt!WncF=dYR14n%U|RFe!pIw+BQTGbPN
zR)WmF;d<5Ba?vawsAS1*nhD(DKulevH)9En639fL4EjdF{FlJK8^5sujU$<-`ejnM
zt)rIE7#RiT;8QQuH+`EnK^&@sDyC1t>df8>v~D&d%Og`M=dGOb>ytg~W`|X;mv~3W
zT5$+kNiZ_!jz`Y_iFa;lUs0-1SL@QxM?N`Goynngm%15(nIb2X%j|AMVoA_Vv|4SJ
zr?f07$#Y(px}ski`0I_kd`O@hI&5C&6z#CiT5<dAX^QbI`bNffU(qiagIL}}G+pSR
z$Bzi`uqUr*C&elm@VEj7b1L1AHJ6&zF<L#R-SKmmENas!JLqRVvD*c1*Sa+d>_<Vy
z_kaU#_+}y(!jeh*yga8(%p3Q4JknOb)<Fb^r`px!y%WDY>y{-;BKsgCW7A1bffpVN
zxwig`;9>RU7K`|`Y`}PyH|@8QAGf`RR(wH!2Cg`{=uoa^#nmrW)3ZC%?_Ao}o!0fj
zF!Z755@m_~kYQg;G=Q`Zh6uD8fhWaXrHs@dx`&y&z_&ANecsS+CY02KTe>ge+WBNy
zx>3gk<K)npY^Cjhklc)==FD1kR?`8$Ar7{?9^mL8EVu%_G{7gf8{F-x;6PSZLNs);
zUfrh1z|c42-@Op!RB6&C%B^Me`*O}Mu9lxqLnJMuXnEi6x!|?5imsg^zsLSA1ZV*N
zX*G(-Anq2&9Mn^Sqi@5EVzS}9Pp9wKmZ`;lI_aVPl!5vC<EECVR3rH(Z{;fV>sl-A
z)5~zWzAc7?aOszgc3l&_ZKrlb6__oRh7H&#B2k;|fz`4mBNH^0f_-M|Fx1#zo<GmO
z3Nc`o#~8D8nVkrKDTnW?x27p!&ThyD>(D~S_Ozc*8lw;%=6%{$ZQO9R-O{_P)~M4w
zYOFxHg|3hVSI9yOYmb%sLj)cHQ!HtpzysRPFXcrafUqDl;bxm%>{Qdkvzs3EEA{y>
z%v5)&-6}<R&h0D|7!mgvO#Blzq{0~Y8BWcs7H`UR80%-g{oZbtED6ffCfMF^afUT;
z#0aaE#w1QHYM#<Yl(A{4dgQaIgCFYa2aTJB*7-;|2!>X$+BwBOjA~*!Byp!E*2H4&
zSBO$?q@^3zSzOP?MhMw@^5{A|CO72oGK8UNEXqgjO(M$Gd%pl@vgi7PyDm0^94;>*
zZsFm*oU5SVw{<+7Rc?P6WYh7-l4zj2I`u(7GL2lIK<-@3H_8(BQ|dzN*<d6K->osc
zT*4x1&#ew&gwIMWPsyyg^{KGA7lHKQu$fJ5*P@cX$6Zmv#;gT&8-D`B@^%VRORHZY
z2kv^xa34)^?Q3muG#IxpbUCtb+?TF@lgT%lABoh6)e5w4ybpEbNsEx^*iq~AB_AQV
z5x>c!-B4_hjYYYyYsd$?9wGOmqFf4{%jeV}_=M+=tvGj`suH*E6w@Y99pB^$eFk~?
zt}drmy1vhb|77)wd5nSp`rSS)kX&tEce@X;p{LK=v(2uuiub3vU8al>fTLPJpbR*w
zoYT5T4tcO-tRtun9n8!{fTKF&<$(XXq~U)+_1J&j#*eM$=!IdUh8L+PxR2P<Xgs}{
zK$Jh1sU0QV(`<QtskqT#9Mj}(L-Wfy6K>jFc(d5Ixt72f*(9Db`OA!619Swdvo+1}
z{VMYB7+29tg@K=!H$uWioUy;!V+c<I@|bKXzdw=+s5!126&WWqthw6m=xM4D@w6Vj
zdWxHiY4=Z0`jT?CO8`?IH^6}nhkzx0-WQ7Uj@b$lb_9{Kd`aimbt%6Lf4_bww{|M%
zWOe%sJJtj|dK7(fjSv||TJucw*h)^EDYO7dY6u-|PllFtl1bE*W3_hDOyT4G`+Jwy
zXp<>THt#kGb^u781k4j`j%Ak^0%8Xm+5h_4a<e_Un+vWR)U7uoHf{Bdkn&z%ei*(V
z4iM-UA?sNnh_!$AXOe-(%b{3QZz)$f8sc0tYDRbdNK|CG?+dta$)t>w!H=ZeO9ba+
zD=4S5TVL_cum8Y!W@ty*%1!4sd^<bEWlS)b`(>(np)i1kTZW#UN1YBhEm83y_5!G;
zf%MDEYPV8kI(HXHg9OK%FlP!N-2QMm6-06|Q#w~*+RXz1bd#?Td8(R-K#xoBQv4_V
z=!;{!XD{!sMnNPu%M3MU2*CUrT|qs15nY(|vf*TME~u-V*T*UMxP3vLyKUwQGKx|`
z&0_!=6kPKu_Ej_I$8q-9mc!~irx|8pq9O2g_It78Rp?cN7+<~+`dFIVnI(zj#~a$$
zpp;IEeU#A16Ybv^0ryL%R&TozH4s+zRV;}+r8_6;Qh{;aL$8%^lc~jH`KFA6Tczq7
zT-S#%o$t03*k4@pOa|=6J_DUx_dG`L=y(2fyMg5VgXf(?fDN;yf)}GY9o9D3(Z7$6
zxxjloOa3EpK_qfOh*5NZIt1ZLIDQ53i=U2y$H12rvxeg;Amn0{XB_0vJ6BY{_x*uT
zi!JNfFgiCau-m?;;N(@C3lwZi2(XoB@0zfF-DMLHBCKv<fgY2Zn*<!iH!ve8gp~A|
z_wXC8gm~<%TAh}p!nD@3^$}ed5sy>uW*&Fm8&l00E^W7w_S4S^BKJ7mi?Y#nK(y<O
zEBDCIKgMBa^bml)@rH@tjyk%GCpO?@pi*{nM}$LnlzoEqAcinF%b5^)nx9e)S@&_q
z7BY_E!f~N8b+VMxMJju=x>8zRUO(el>w^_NmQ6AY0Bwq}HEf)}Inl@5ksTFMCH3uy
ztLbI^iJQ)Mw52HA*uNbea)5%@eEyP*S=jf-fug~9y8EbC)<>%fM)%pA!5~0<Y~31f
zS%pseU;!pDwyi{kErousK|{YjY-w@%QVjaO7%g{}lw%H&`IAlv@&qZ>z)*Hec0(kC
zr)Lp<l(!<+mQAcmZm+VV@OfMxx>_m*7sF><Ui#&`{$OY~bC3P1{>v$8J!gM7V#lQ^
zLnB}W(Fo|M%{S5eUa?GpbUWZZ?}L)ptfEvH5yEUAC`fnN3=8YidjEzFl8@ue3~5eD
z7qREy6uLUJSHsWEOqw*@<r!A47o%TNwh>vOoHFEp>vGlXoy}<PuTD+ucC+Zs$}N3<
zl3IIoZFy;-Fy?@ie^s19u1E1^<-oF)hfb77>@CS0V`lHYCs1^d3#i8QxFo3Ntwbkq
zP0U?_zT|elx8yr}{;T(7_lb)k<=s}zVPwK+<kVUXat~WH2rd8iR}`+;+HBJAmbMTd
zHkTc?4L?_hD$Z5k3Vj#e*z1juY1CMVPUe&2uK&TKh#|0K<q5-DYq^2yRxiV2KM$6)
z-i*WAiSx#?dF)8>GkM6-o!%Dbir^wh%Rb6umK|TEG`Vz~H}t8Op*nz>`00wI%egc0
zhP|;J`N_2$E)S({0NS@sQdjf*E{BqcZ?xx=@20w?2kt*uUe@;eg})1SjLt$({fp8)
z?I>ceU*fIhl<fX0gpE+5sn6z0HYfkRNe_8LgbjF~NRQ8ROD3OG%n@C7IM!lN<#YS2
zOjTd#{RC+Fyp>pNbXfZ48N2lhB5j_o+xgmBa<Q&^u(mAud{5s)a>~G(NOI{q{d=dY
z7F4%!biUt`LL|h<s+@DV3~j7<Zkx4n*4C1`j&;La_bXqK&)T!3J9jR>4Dy{fc?6i%
zKi&KI=FmT8)t-|GDTkWv60pjqI!6Y|z=*yN@4vOd?Nn8V0`wjj6kgjGDKC;xcPO0+
zF6-!ft~4xy$ZUe;x+(7gQ$4d2t1<JB;qZ`)t1ZbGiZFmn(s;&<@b4q86`WRxo2<<#
z6Z4?-Y}#I%;7CBxSUVAwH3w(Yp*&buX;I{H5a>MYb@=bUN^|pJITXdSxY2Ay5BW__
zQ^il!b1M$A3AI;)8($u|$RVfHVs=v1X?yN3M2TLWY>0umrTNHgWMlUbE`#f5$}Y_Z
zDl<{Jbrc}HtznIrh)ncmC4jenW&b#;T<j;N8j>B-qIX*s43l)JJz6pF*t0r7HH`Dg
zXuf`8c-v0JQA8K-g8+PdI#$NA*0QqIfy^4U4-VOqwtySX-CCAGVgE|kSnYr@i_!1<
z`LO<7+3PHYzNV9znQ`cVKmHXqbS<sra97F^LmIfBldu<S4&T%rA+5#lVu##i8>LYF
z6~NLZk@%b%qin&qYoba8E)ct0^X~;|Md$VW5?yZMa!^&Aoxv18sQ%b$Gw1Ja3jI)2
z^*nkht{ft$C`*M%>_&}ids5-sZRFF~GmF{8Cw1hK_v2E@ehK1Vi4mUwP3XRS86R}L
zrM^KdG-mn2<+-@(+g!Tb$#7t30Z?9K&+{-Em&Sf2FnzOPU`!oio_bbkePif}0kZOj
zp;yA4^XV(cBKN^YDP~4P0VN3iTu9X4!{5=I;p{J?nB<Y&(UMQdjAIw6P&?zQ0MX!^
z8?_)Wx40sfG-M=+a{K#;>m!R{eKJvD-(NF9vn4EPp4PJHp*1_2qXvyHUnhf(YH$GJ
z`%CGAM3u^SQeAnVPDsKX6TFNW)#%CVP`GS!=&9OJbkJGhv$X}9@dFbB!H5{nO{7x6
zKkx*L;tgFXM=hY`l<}$=SAD&pBj$AVgj`bW=XgTbMPW*+Nk0Wc!@t~}Z@@u4H0|zg
zZi=wqEk1tZ(wN{oVvrS2E;?>vLqAI;HC6qO!g^N=niw)eb0ltPql&zq+uTIedNN!~
zgk2VNi-Z~ErFRkQ_%`|?gCevPSor{7b@BUr+1n-OZZu#6E;oB78>d<NI}#$MQ;r*-
zc9c5vg8lrqX&aByY>+H$$=OMVG$EHY*KU*!pol(B;0`H5+UZ-60;#~ocbiwb7?#0}
ze79wXe6z!z(_ktt5%&jD9+g}1msfB6rKE12*n@$+BB&1kb}7_Ft;N2m2)@;kpqfq<
zt7*1Ay>;^EO|+rho37k*caeHpcBvIm1Z4LBt#x;3X8$?sM=tvU=<DBphpMzjciRVe
zz~g?YmIr1fVRYz7i$a&6S2(U#_p~IUJe`+owY63{%(-Lv)SG2^XyZqt?KQk_M*fcs
zHzXEvS1<3XCfabD$+o@;H`#U|btbc$%@z7Zzds{M?&<kl0Y`B!aU`gk4YgANsj^Hj
zKr3#)X=DRka}#E$nEx#&Ag+;QEf;#j6vUb&*AeaLAb9r6R%|(}uNtTMi+g3Jp|U$5
z2ZL8dzb!hYA0kt<vvSKE@4h@zCjE&<KMV%St37aT088nT@H#;W1sL0Kzs32Vbqi0I
zyx-aTtC_?OT0E?Hf*N>{LoEK;E{=}A=?D}q*HE$A&B$EZUMCEIDx>^<Kj$LJAUQ?G
z{8!enf#|EbS$`<&$08exU`4V6(E^Eka;co__Vz|dR3A0pxb58rS%Jm24>=8n&X7Ox
zeF~q&fBZ*J*<%Vll+wWhVk#^Lx&9`L01rm%-f=Bex5e~<9oafBZV&<;LuG}=MZAC#
z>A8&oG1@}`iJ0$+J=#(4F72#{Qg4Sv?>C0tZ$*1T3-W3;-(7F$qbD>oW)R*zLoh&}
z-hY5-(1`rQvj2_mu*%6$*AHT`_OP12mH6?3V0_;BWHkk_&bZHC3|uL>L4~EVcXtZx
z9Rlj7vDu!u`Oq7sushsdL=r&5$XeeBNT$dP^C08sO6}89d^;;kmok^R5oLgIG?>nA
z0!HjWsg)Q2u-6|mm>M+E%1_hgRvwutOztcrze@+a>-1oSCGl3}H&ZxfQ~+!7%O1J(
z-hHkU;sn|m|46MCOtem-9P_>VrDcwG8NW0(lWoG@4i@2u;Ri`GR>)N=41LPev9nS6
zR-vgd0CT1y<I^EgY;m(U??%>pe(=+>+x3n59{NzbNc}Da=6e}mv1vvd1)Chvr1V$R
z_$lB@CjzRhG(c@s7mN9ELO_{)g9r~7et<}AO4?smW&98y`kdcY;>2H(Nf1`L8x(oJ
z+75)sGc=4Q>AdQg+sKu@(9x37ZwvcRIU_hS{!hKt<x1P)R!i!UoGuBufBn8utz;sU
z0b`llDP(smWqMGL5y#9`ubxU_&RIC*l@s2ZDDQj`bNmP<e6i2F@DeARp#PH_n>@Z(
zu2d3GF}8wu>d3!jUt#GxbyDlUWKH&axQMObh#lRSd5VF|%Uqs$JfHkXUWl8X7|^AE
zr;da8o)O1w+?xcGYVS%CnwZ$fIK23%LayaEr*Dqj+v?h}PLE3QoC)S??~AbC7Ny0{
ziIp^hM4YtT<nHXOX<wK3t&2e_LH~@30zP}?><gV;-duHeazM<G(cOKC8Q(Le`JzAW
zY|2^d>&}KxaA|M`4+&r~r6Fjg!N|O$cGOz_52H?l#}sm}e<$WK_mM!1rn-MfGcbCQ
z1g5S3ymdY9OKY*MD&=l#wPydRE(}A9zLk#0Wog%96vVVCAu$ve#lon{ko_mcuBMb>
zArZ}2bF!DS8KzgNh-gK!9%RH{_Q!1sTIs}FHyWs}JlfX3Dwbe8y=ov{m$e1<Vm_MQ
z6=65&f8z4?P)|3iCwg5{{6XDGL+k>V2UtK6=ow{+ePOTs^UQz>FO$v-9U77#Tvhj~
z<w~r-XV*J54InWzx5Vb`(rtsJGyydVLgq0hdJpdsIF{nQxKhDZIfX0`auP|si!X#p
zu2w^$aN0$RteuVr2q_^~wdt19wg(hYUL9J9OHKEH`A)d(mrNTC%I2X;#t1QoCeD{j
z*>?iG8k<uQ4Zye-W8_Ruc`hO#o3)bhL$=OB)mL+)hwO@q-enQlpNwu<Id0T98Ggg^
zZesErGw@LzDz)mfUH#jgXjs2jHMe>ka&|a>ED0@4wWCWAqsinuwl&7v_c){RrK;oF
znK}B{N`)@k1MY6wLZ}p%vq11gP-uh%I*F(HGg2RK)%^O2tX#M(G>a+-7-Ka@gg_0o
zSzBEJd0ylsV{fdHb~T@CELN9rpKA=vi|Pw2(Hb@Ju|g%82K{U)Cdwiy@2ieAArz!o
z_?5YgF(X1IQn!MbWE?1TdgymNe?6BmYeuI~$?3B83|4jnSSpD0?<(eyl2~v#q7oRL
zfb9khDX}pwFSoh6IMTGG@q&-K)I>w*N*~qx!|XQ8@Zbanu=dbKZ9a;dw?98%<r6m1
z$RQ!NkxI*yQs?-&L4{jUEuqtUw6yvL=!R;?Y_2Z&%xY(2WyGE6Ft*UdTza!%7gfgZ
z)IUM`s^f-r#e9p|3!?fC=>L>QQA7g|FdHoT&Z#*au`aiE6o{nXM0~7QWkpZiJm8(5
z05RN!5;6~K@6vq4a&yF7qIR&g`Zd?rDYh-&_GHq^Os1Uv3v&pY48w8V{A{8({Iteq
zC+V<wKSAz={*LSFa2Igl+PxCyoPHwoOA}V!tEChA@+L}bq<)*gS|On`|9!eTNT5~^
z`@gdQ-Lv!80WMsJj0?I>)h+J$KeO;s#>#<B{<GSouz}J*kKs(N+X==?I}+ri#BVxL
z?J{<itZn#nu!pj?PT-d)KC7#l4Hdh4b>vWnCUIbdksjWt;fMPQXXQa)R^hrwlk#sk
zi)WER0_gt{;7Z4RiTmSERQSdUi5F`QqP01kz>$D2qe-gH@v+M~?xb_Dq-T&FcI4ix
zTs*YygMr=#K)$px-|?Bz3|3maDSe}a22x;RZQfWsK5P0}njwx%Yd7=|H*o!CJ0_M;
zu-3`da9HB|-E0GEkyTyiVzwd(S03AucSj;@M1}HyZ7_2{NujV-9U4~CIXomk@0Lsf
z<~zt$0AbHRUwzeRaskQnitntuHs>;q)jwBsF1Z~txmgQ|H2zmLQCH_HD1M8}GoGG9
zGGLnZ>J8d)3l83Mr^!VY+gM1b6r;}@Z@_Rh=3xK6VW@L;$?h=_3(hAvPPB1SYspp|
z%)V9>E<N{E$qiJYC@{5TCx$z_5ds3)o(#Vi+7hkg+Ub!dhgPK3`emTuhzD!70r`P1
z1xYgMqLye@BbIP&B0JvkwT56dqv7>;q!v{VFhRUj#e_8b7rC}|)0D}Xys`!xKLN5^
zLw?VTpOQDWsk6&hup=QLqd7w4gyT94746uuGM$PlakBY8+%e?}BCpdw7toI{qEK<!
z14cqJw01)QT~D9$HCK%$^kL+VU^*5dJsYuUhDcr<`PhXX$g78#cMTrFh}y-q$ZiJ$
z<9~lTCok93n(<+)C1U9DYOw222~9T3B@mpy_3-|Xan^YSC6A*MY<-{8Lze_3V>0$;
z@O-s~+0qnGW7Y3KYjyG;Z$4G(PUNSo!swyscct~vu>fPv)lt%vz{L@0!j&N6lHRU7
z?`rK#{|>YXbKPZCSzVnrPf2z*U%j-$7RX-yx)&#Oy@$_<n?AA&#o_XM1Kc;;vjlW;
z-r38XHq8lsfWKp`87D1pwFQ0;27A$`B1+KiJW34jeCz4^7a-z4ZQaS)$N!lkk7O02
zg8cGFXi&>Myx-Ldl0yLLD;CcZxhpVB2Fz{8Zu#1CN2I{GyL@K$zJ4gyUtM>B%@+>Z
zkLduMPLj*Q2Saavl+f%IhSiVN8h&LpI95X#*A%>R>_7YX?xH^@C`R5ZJy)~62c_6+
z05zTYz205p6)HCSdckfaS>dm9{cMD0q~KY4{K?!9Ub*Q_zsAd|(>jRd9#6(Rs89-(
zBx<m?l{BZpe{7H+w7zZCFn4F%LKUDLUC5<75E}mRPC|>{G;P>4XD3zI?D2BQ;C5FX
zbk}keB>cOH@))h$W)!!JU4w;|fVi1@e4r~by(k>qZlH;uh2hf<zE{4X{u&jiNG4+B
zi~Gwd)6Bf~XLdbiM0o~NJui*{pp}7*uHs1V$X>gCQ-TD9;wm=273RY2)~)j#z6{_S
zq*QAd_1@{5{2*!jir}QtqJOaWJ7$CGXwbU1`&V}OhQ!8xmQ0UVsiFAueXc&6=2_D1
zMU}lNH~x>CsIL}$zC*F1XUXWa<B-(A{{m7I+%EBl9l&1xSIko@U4W;y==K~3|J0VE
z0-MldN3|e~|8`x}^v%9m+I4XStGD`PG2##<RkYzY?Yx9uUuW71xI?(Tn*XfOdU}qC
zmVq(qy{aF`0Ceo&rM~|hWdqX}&JvKr7Y$MyHMGbkfXm1DS<t}jS1#!9iyK-}<NqL!
z{>s*{X=jfKO!=%U=wEVwbVDwXv*OkX|JeWdQZ5B|{rf2p=)_VCjuxNt0<i!M&qFUc
zwl1$KBL;-9%PzZtrV2m6Z=)#shQT}PQyi{u{SGSuj)6`ehFC0yW%Rx`Jpi17T~iT!
zk8!~jntkuVqZD}{T8xJsY@k*80tENstqrWrV_LW>O*KP!5%k<sDxQ;Blp^$B?e`k@
zL84N%0{9xnWM^B9zDkcrvv)}31M=U)3&XV|!zTmKj&?IqgxNSW7F(HaM_cV{JhxhP
zUz<44eL5UUKI?SmRg_czVEgxrRKOrpMW6SvUy`)nn-KLDXJQyd`lMB5>Cu+T+iDN2
z?-2oMF3Gm5!~eIwsW#W<M9QbTqg%%%7cUS~GW}g=qvP33CIVXujG*_-(5w<+Web@s
zVI%qM8enSl5TQ9ljlN_xp}(%k_q)H(EmR1TQw#SdrTPY><&m4unIUf?ir#491~bs*
z+kf@lp8X8CJ@b}6upMsLOjBG_<f?#?`|{PNOd7Y95QsAy6Ila*{Cb`p%4oISfJUZ}
zSGW(X^m%59o}y+v$TUvBm+o9;9CA-$N~7Ea#-1V|gCpVUot@@+be<2cl_WDZ0!Xfq
zc+v?@Pp@uE0qFuX^yy`$=DjQ1x_@{<!w}M234d~?L$F*>P_y>$W^3ur!Iy_N5qn%O
z5JSIvJz93vN|+|;Iv+JY&88_L-4L=jwXk4tu-q9?=B_F8MkYu!PE1Wv*J$|s(X@GR
zDJ9i|@oPFMEy27;l!uQGVGJVQEhMCB*QIxRChn~c$|!%LPUflO$nB$7zWnxb-n;`x
zY;&5e!w1Ud-Y7qb!|;zP0esnzhyhZuUlAOjMOzAmRfRzG)@%K_YYG8_b0&GeVulTr
zDSPE#)etSuh{24*u$CS@e^2!{Tyea;QEjv_AoSif&D1nCmY3LCQXiFXP51Xuv9m_0
z`z)^o^M883!@{MJR%2^o%HxK&vudBI(bH{dZ^dOF{Bf83dWWuwE19(|mzD9#Ay+AG
zFiY3K9i=gMqM0b;lb#F@I=uSUR`DMt%Yos^kV=d5>6MAV$Oxjnsou;)WGk%3GUdR%
zEh_=F-TnerSIOb2tbk2D2#U5|j?#j9T4SCGZD2<e5-_9_{I}S?PXfAE?qhu(NNwk`
z(8K=^S6>wsM-#0JAwY0<4ekVYNP>Hi!QF$qOYq<@xF@)4aCdiy;O>JvoX&smdARq9
z#ahkKT~)pJXH`=b-sG$Go}$q8@Eqf}@|RjkgJE-u0kLM0rlu;B<|3^`@V5dGs*?((
zCugM#>w(3t*2CCn-qGgYQ!2gJQ+B+7>trw&50}xh0h%!J{CjPr9@sKI55m_L;*tJ%
z3~NCbNxMsT0XG4?OV{nDvm2b2(gjYdnBc32dTkvvMe+4Qe?<3D`7&2z3x+g!nM6f6
za<DKvRNNW8Iuv*vpQU_|)xj7`!xfd7!NAyNl1qb)2u>dN0k<EtQ{iG1DW$Rg6e{I7
zKhR!37(?*(5r5$sDacWvmMCc=V3LS}wh%e3Nn;&}*VAjR<j*UT@=bE#eAS~AZ-m?G
z{E8uQZ+Oo$+n7hYI!qwf;0PXZdY2^8i>4dJSG#AM?`ES#13K;xVIj_TXGLBHT-c=9
zL)R|8)&h9qp7pPDsI-juOUmy_&rspgemTb=f2Q&=fudMdsetOOg&Ea@Usnirdcz^*
z_|7eOBlAFu?~b!}%u1^Gg6kQ>^2Wyq=123sjR0Y+_dK3Y5~Y8BTHETV^g;@huO1$e
z!te_nKk>hw=HY><s{Yj9VtVTJMN*vhNCrnX7h~*-CA7evk2BcHu$anpCpIw`SJJj?
zL9h-^8wrcJOx~f2y{l{Z&qj3}y+XYir%QczZ5CJb{4UbTonE-<MMdXVP;tT^r-p4m
zA42wmh}ZG8#7%Dl%$bD;hYd@eFyp5`6=QhYT9efdH*0W@$NuQJr^rmz0jY6_q;_=m
z8aFn`G&NikFqAOp(%B4-NSY-WOg4u7h#Ep@u1t*XFO%6gSU)Tndv1vW+1PP)TLf<K
z<WcU*Fyv8Hup(l{MqsmjAeXrtC#c42{<Qk+_X(vzZ?8XG^uL<erxHQe+gNz9dbD~u
zNsjK!NhG>Gno&6Mz}xS53Vt^|NmU{Qp2&T^wtuEi%e&2sv(j9*q=W2bg@3A}980}N
zS+n(+`#4%Mwz%qah=(^-U0r8$Y)+kEww-0WWx?D6-kb?}GO{KxROm^>Gm<a;-MzEZ
zkG1Nj%HAoDc?SuXiUD(D!HY8U#><9X7XkjvL#vnjeWO2X<>pZ1+@DIQBfq1doFH?4
zkp`coBY(~d&u7QX>>gv<I6v>R>heYR#UfOdBN(yl%8%1{@VJHHt(Pwg|Jzz5$jyN7
z>rRw3{$n5;vy>v5i_W2=Xz|1SnM<QHGW*QPb#C;0!F7u^h1+Ls+9QEsi63*pZ<(BH
zPuu(gtYYd%PrU^uSn1%gFd~FtJsu9WoXi&H%yizrLMPw#CM3*Zi`6Q)nf#iV*X1mR
z>YbE;cP_Lo*=TTx(ff*$R<Xx5o38#z%+UOM_e`cP{`^$x*%(Q&jY<=B#(uPA|L!Dq
zeMZ!*fI_Z+heAZqZ7~et#heo}a=T9%Q~NqeFV7nsCU$OzOlmcvr^nCBrZ&M|CuwjA
zJi!mCMB{s_Dy#fOWtffgD|=Y-2e~nEiuODF#$BYAh0f~o;Wqjjj?Im1dk8DU0%5}M
zoh}@a_i*A?rJWc@XQRL`dLPQql!@WdQCCFJ{8LR~qWPfdI0i*aGg6oiUX?9aQ`6yb
zkkhRirnw#U1y<LO1MBtb>X)`(dFByXef26!nrWYYOTy4xTYUbig{nO+QGKEM9=@VK
zPMZo}dVJ7yck`1PDXM7xyUIuIYYQb=;xUr%2PT@Eeib#>#Y1B=kg<x-Ip7+Nmkw7@
zN%7tdM75yuYP(~kIyjAj;kyB?8oxvxHX|9B3M2v)q+wb=M%Ag7?`rj*?2W#Jtr6{S
zhK07WO2oTD9v6&EcQ&%C%(?y|sNxr4Jg_)PL|nGL4D{?Y8R%UA1~JV&zxNx>eRgO@
z4Hu`A!zc64+ST2_npMeP7f)hXKTHq9!StT3<G{)s%tUIAD>U81$W9W~k>S2@6Nud>
zb0}V-GCyF^i%rNHd1Z7s>7a0=zl71daI19R_mZ?y(K|RDMrzXylO8uqSH$*W>8pB^
zAx8Kf%((fT)1Fx{(Q31pX_f5VXHi;NE$*t{VYN8&M_OT(<MZyb)l4dJLA}?+6~XzJ
zSAJb(0vJk3Z$VH-+M4xgD0adDhcL)rXDv1UT;YnGq0lhtz3m5u#SI?fuSo2;4?dxT
zRojN3#7YDe75p<hz9`_n&+wb9E#|jAF+7mn>X^vSHS(HodP}$>n+A)aH=N>GEaB*B
zLS@Ae`i|#ctPD_OQ_|PV@$nb*Gc<efugQ|yEletKzbi95O2|!rR*B)iy8R{LY<cn{
zN_>eiwXeX$iJmH0_T!LSM}a*TlQ>(YX!(@=o*IR@Ej7E{i2MnYyn7DF=CPq%^o?7A
z(}9J~`rE*GB>kGL+=VM}>4uX)>RUx`&7CqbEes~k`BrGJ*@3mM#za>}h(eM^I+5{r
zv&h6$wj?u&t?DMWr6$W~3gsr;q~XloGWIt&I?JmiDPIx7abT=Rd@5?1(Gz-~j$ink
z%kLSKmCjIe!siB)a!L}Zq`3lt@-V#pO?`)x_z~&r^G8OK(UB{nJVctT<WL#dQ_pb9
zGt`q8lG}2;%+?6y(#>Iqlw~Z-rp})WhO;XM*HG~ltl2;EXZkFo+J)&53FoR?lLglb
zU2FnxL9xh{Hlo_VaN&-O&<&--5M8YHChdCK(Q0#KS%A`MwdUIIw6e5BKbsIrzF;o8
zQ765qZ~c^IUK?fSqf9Q}&sp?jLHsdqTQ9g$E<E8}s+h|U%LtZWz{yNooGA_y;t1vX
z$jlhiv#`Ac{Ot@6Rug`PoF@Xpof~E?1636r(t2zSD2*}ZM2G9DVa;gCADu$>-YJbB
z!k5HYJK~k((l>}|PVlm!UA0Ne1qb>kKbq}h_`b43-EkMkc~8oB`$zq12FIJc%f)-C
zDI((=K_!RdIq{9ZRhRoI=?Lo`Far&umYAjpADG7?4|hS6AF4dKN_r_lkuG+B3Xe~)
zOq&PKc0qjQB~ekTe~RoxBObY1uY-sPqZ%3C))O^ub)&aa{93mVhY}~T&1|pD_ayv)
z!Mc=dc#J$$uGAn6scT{jTv;%*_nLa6Q!L-qa%b4LrCk+Z38rFf5B&}F%PnfV1{uHX
zcpl7@>Z$DQR|IO;3_C4Z>uSPHYW^fyu&UF)HBZiero?5X54rF6Ao!8cyZF8t1xK=|
zgKpRB;5@*@*QRO7-m#FEkTZB+I7oP#!Bu#mp=Vf;e2Zo$vE0NGxa&LcfS1P{x0Hu+
z@sXoj&Cc`wD#6RDNAyFoE%i=|Um*V4RMRvgcd=^D9~*cyFJb)UpuB6H`OKdNORwlG
zaEz6h8I5tBKvQUK+avVR7P$Cor=E3olA}S@wJ0S{#G}33xWwL+ym*-qU$|+hfhg=R
z{kJi`zr5($OH#&cDa|%1xVSo;P50<xB%++rW|xgadn}{Fu4?NWel>lcdeR@wv`%ux
z>g5ZI7n#&(DrsQlea>@a*koz6;;5<$8Rh)YXpllbhiyA%IP8rtf`w{_D}CIxkT?*s
z9u&+P-fMTx2H7$<@FFYsi#OhE;Sm?@Lw+Io9Z^%u`CHM77VZy@spBf+@2wcs3r@lh
z;qv=tCj2}A<RwUzP*ujoEuet!>K?_HRf&r*FgA?Twvi>A!w3xoEfGSRcvGA<wpm)A
z23&j>u~fJ2DSa;@--eQ@S?l}9r|ml`PRixn>+D4JPFG@`8shJ7KGPj5iqXNrd03+S
ztB(81$Wg~yY&KQ!@m@_yDXO-XWjSpvB&VwpJmo(X#`n|`KFHWg<U0WnpfSN3JnbYc
zH_>#*#iep54~?WkSvDqL1v~@Lg>}>UrpIRDqN7e3Pt7|0OC7wg3q{OrX@0YOL>n!Q
zrpta(MXKVeOgNMRs|NpDG&&5F7Sn3hwBWFVyMb;(I63stb<Jv_;~j<F)`(HgdpGJ6
zJ=if)fBNh%Eqad=ZxeP^7gj$JSXC%LCn7GltgNo6&6TGbCo&w<CtCLmeb}>W>r4C=
zj8m^%)xiE+l+x?5-XTY^blKV3THh$uM8z0qUD0yLSf0e)=?1i=a<h+CE`reoteNLm
zEdkFzMH$SRkHEEx1O2z&LTeFA>9&y7jxYSI6?T$^SN$cW-j{Arm3MCYQLksbOG!e|
z9Tk}bE~ldh%cDx?je>O{z=8y`_xg!4av1*`6?PtWjqI3&Q61ssg9)+$ig3_7#^GV?
z5N^DcvSofE6HlO-Dgn)uLBCc~3<{Hsn!zYl_{WOwCeP;n-A2z`4kE~9E+?Ls#_!$J
zLeH8AIZfF;Z<K_!hnL@{#f6ZMDhAJ?2G)p5A0em5TW`{8OES6qOKCWk?+>h5?R3@D
zN6>=VO_z2ZGb!nXk^>jEc-@(!W6<%&YbCh16NOP^na&^oZr^xZ#x*njb%?NYgFlp?
zMvWf(b=NxM4N*1Ti@x+G&o{PViqsTbi-^nANonm(PFHG9x9Bf0;kY}8!aZvovw9(9
zcT1q1H>Io9*6NpFuv|*PJ=Qh)@TT+AY`g$!9G*H+<GLa<V$tZv#0euv3QYBH;_)BP
z>bbtFLwK19h>uiXy~CH=w8}`!GEh`HIG&%>IlXA{`9P{YmrJa#-gs#A$sO|HfiC*p
zkHK3W1Ts5>M8)o9#XW65a*d6j7*@Y%GPHT5+o|32<;K^hHXkvppQ9ReHSP(nE{UJJ
zdog0|#n_C`LPw=E?9z0QexRTKE|{&AYuHt<UB*w`KjK4pd5L8^>&EF_;CQzeeeXLJ
z=(eC|KGcrhX3SA@b^n<C`BfNe2#lxA@#_@k{-pHtMe&k%<0c%Dg2cgT<vRm&mU{Il
z8|Hd#X)x9Ic<7(155&i~f(opXP|6`l`$k`1`W8gf#cEucU+^U6LWV!^-(pFcd^*vE
zf#?1j{uOLT|MtXHWa_{glM66q;__YQku(|}MHQp%hRY8><&0+=_JOUE#_kPex?Ape
z@J_yIf5X2A3Z>K@!VxL1PA!pbDH!28y`dVs&Zi@L&899qwIm-2F@O`B*g9G#(;}_8
zN@M8CKI39w$9HwIj<Z)w!r&@GN?gad-uOv|TF0Pu5M=2ujPs0rs{1Uzam3EmQA<yY
z`wB`WPG~U>v7f%)rX_1zeD2y7@aLk1n%dh!#WD|bY#(s@DHy9v^D1&=II&o9gTGjT
zYV+5c(Jf0kA3y@5-2cJsxTM4Z03M_+_9S|u!mjK_MyW1prNpM_)xR=B32Dz7Ioheu
zT2?dsp2GH?GqW>Q-eYf;&nUm&zPa_j$-rYo4ZQ#uS0>4<(-r5l4-L3uLTqcUGbFin
z6@RuJmHB8T;bFqLLzrk=vjmE2JuP?h<TlFiE^=IOy2$;~1B98FF!pp@adnp}H7#>s
zxCN*HTH$$@G$D#Jaa6^GU|_C<^P5U-^KT-!g^Dltav~&P=r3R=C~X%`96Jm4CcP4P
zZS`?iYHuqSo+$TW;s=L8GoyW4aO87x3Rxkd3tNk4Sbe~we%(f_v>w$spBV64Gx*lR
z-+FM`AA9S<#)cbp1#o}uf;;76gY(c#w#pswFbnG5DDiv{fg+dLdA>%{36kM{utla1
zRYhna`)SOv96)p`>X;4|`onx}G7e^zi#1}R!}Cf@n}nx^mLi|~;j<rB$)wICq}9j}
z_9IStE@Gr+w70*(Iy+!#mp$^}jKNS#gJopl$d&shlkp77UB0B7HIBF36{&8_LgfVX
zT|HN#1@_x))K$tLf9Cv2V?~MkWMF67-Ah`*gul?LjA@>KDJwH!y3l6<Fr}+XJ5K4t
z$Gh$Qz3+<-!f7P?xefqiH;RF~17!~NN`Vf$Lb)jukMt7jeg?_;3g8ci#Je?;R<wvY
zYk1QzqJ>sp+T%0e{IRi+oWQMvSQ?04dCmh!MfdD)98fa3Bzsburrz3ph3RMl&HY*j
zE717W!ZJ!G8|4ZrTgF|pE!b;rDqVRsyJnaT<*e*GVr16ARMO-y=tJmC)?yU_66M4{
zdV{*^^*fjKs6g7PUz4r(Lty<wQ?087iU>~HU_B6{QsSqb9t;)HMNUx)tT^D?J;x(h
z#&!}VK<I#o@m$WM=|a`oizKc~fmN%~xP9yMVhzl0JTwAzQfN8y4GD9KPz^z?BsV2F
zd(^4$l=W5ERxipbNj(=K1Vy30L5kxGAT<b{!%>bMuWX!|gaME$$*f-^mB7%{_8)*&
z+v`suBys@y=g4n*9aQN}M+-#tuPVc<O!gD`_}m$dJ+(0+jb~o6x51D(k%p%H!W_IG
zafr<=5p&VPQC(uU*ojod8GxJu5>7-cvlfHI=}|#VS!{$hh)Zky7#T2}Co|COTKSQ&
z>Yuw+U25K!)k3JngQ#4)sZQqbS4nD2$%>P>BkuD8AFVwwb(Vf^W`c9rlpYrso!%`1
zKlNpbT2+?-S;OQ?AO!96A1<frz15GTtpdG)iwV}RP3U9X*%r5Y;q+|!&|>F^*_~A0
z@5nlnzA^h^m|ERxV!X?lcK0hMd((^j$f&-F8ib2Sgg=KU(GUO!5-=49=UGYsDwd(f
zQW#X;0pg%P3Tzkrk2k)QCuHw>SilJKbFM5jT-U;YG;)_WUa1*ZxPDq75<WxFe%aXP
zu&0yqur@KmC42D*RD4A>Flgat%GwZD*_Y8M248!cf1`AL>i_Gu-5FkWs)NmQmba-{
zY5Dx-R>Nhitf)?N<4nyVIi}R%9=$HL(Hr$%VO@@?TIVEiwynvKy?)N}-qwwL{S=j=
zF{l;C80Y#HJ+aJ_3v&W^e;CpL39DyteP72J)}$wA%NT~GGj(;+#$t0}L?vXQlmj`1
z&eNYW7WyZ*im^kelQUx@z|%8==kPxAmEJEBm+J)3jH`Kbw$cNjiqLl&t@tq-SLeP}
zpfozD+F*s*R`PhAUq$s*r04QkMcIne`$dslw(w8;Tf8bJl1i=@!U6f7CpBjx77r#b
z26+G&Tu($W99ft)`Hv>I4*+O>O@Du&ow1t#sdUGw4$FfiSL@4a35K=|STzu6u?*Q>
z>g?2iX=LTG^_}X5eI-J}&kkg6UzG%*=qvH|!yX7nI&PcY=lsv%dji_4ZZV&|alI)M
z2iC%6_Ji}2-Hqo!{jS9WIp*5mo`f;e^K01H)Y$q~q5$^z4>rG+IuJJ!j&zk?^yZu4
z5!nIqAONcXjGhYMgh5d0!|7)_pn7AZ7NMIab*JSTjsi8h7^i?CAWlYnC8QoG2P1Ef
z-0#J3O8#*w+^hh7cfwb<X-I?=^~drP>adaFUJY@eV5D3*b9mMlWz5Cs)TIRr*j`=v
zeGE#TJnrlL@W_p^>qO?pdZD5NrYi0pWMnJ8{5~7&;8t1dDh((SE^niW+vo)ES)v$h
zNhNA>RK9Dbca4zrIZ&utPb@p5)L^^T=9%yQt53kBOs%a(vu1t&^2VL$Wv-4Xc&xdt
zIgzIR#Ep%x@Nww9L}7d(915YJZrS%;%LwT>AI_@*Zu2ubMc0fNfc1R?-Vbrz5YxC(
zVlI&r1f#Wsqhv+U!g%Cwk|Xv%qN`sk2dK=q@#4bu#em1`U8uU3!<=!HlAHL*N7*pS
zC<#bj&R5QP>4lUrUi{O=)k12Cs+!~bu9)YQciV$E?v5^0yZcr<<n<a+*8$6FiR>f*
z*l7D#656k40}?T{%PnOd-=Rmr-Ij-5kg1*h&BJtY!W!U#G3<lYaKsJ3jEI@B5W{MP
zMjHP%(w_j#qBsBW%r8@IGBcnyyEWvtc^%dS%SVDD4|ckLDzLmCFoUdgeN!Vwq@?)m
zOfrpkj!4DE9E#VrD)W*B(j*b!I9i;`35`xfsFM&?_GAe=<fAIs1>5s{VpA^uC(`zF
zBXk%4Zx*2YJ<(N*{<&~N(N4z`pd;+rG!0e4e+`qF?npB=LxxEYlTnKq(v1gG2^su{
zhtuZgO6pvpwp1XE3v~DE$yH~vi`8<idu|eM9y2Nin-S<Zh?Ois^+F7`<H~F<Wt)L#
zpI#j9c|MngpR^;$@Mv$VI02QMTmKD93RpxMf?cH&I(hS|X9`K9M5jZviaf?Z&rLc-
zGi<1Q1;t&L3Htse8jbM^Jlrsxz_#PbI#na{DouN^>XXXvo?6BRRHdRTgMG(Q5q~tE
zdnfkKZU|f6W0n!Wj2n{=G*|$a1ZQ@19UHuPXjPD}`!L+!zTqIZxSGv{$w*>``{_Hb
z4)1$I9`gI<*E^l7RJs);NS{ecodQ+5Y~rvKtf*igMhcYdMAzjNdTH!Rdf~i1M2k4a
z+Z}mf8CQ<zq)Q-B5Lx7Vu_^$c{vkZW7=A3w^sY-$!!llM84ZM{_W(3;XZ{rC_SQHK
zsG9E84UBEAmd7s|vBNY%+G8goc2!3fbPn{7S0E;NgQ~(sv$@|{{xo#JeZx801*twL
z*IAyfSd{<BTW6+T&SRc+#E1b&O!|3u-CYG@f4)9$KR%LHQsdEAgB#8MP`!!6?;<UN
zCV8Jj7Sx8+5ffBl+dL4`XUcwhcdQ}zckIA!0t;8Yxm<WUaB6Z0+?1P!aoxtVvVJ@m
zA2ZvxDCH*>7neCeHqd?Xdcv7Cg9_Bca%H>2W-^5Dd_n!Dn55aoDL?eFp56G8SZWmw
z1U%66&zsA6?kzO&_JpBn^#WL*Mm9vjc_p$HKcse5!^=ijl95QY*L9(XMuJaT@MtQ=
z5M%7hKx-WL{Ig1nRo;+^txD6p&UTkiww^;yV1|Sygh)Hu=!m$Sg!5(D*aCa`l*CfA
znN%t6%&<IhAEG@#2~J_TlqoJ@=T=^oT}F+VFnQ?umPCd~{U-?O(oB_~gXfXsxRMCj
zQazMjv5_s$XVnPd!Za?ua8rLBzdkEsr_t{nP|gs2I+RFcJw4_MlGT}kGA53-f0SyN
znGrWKit<_}gz?1)VXmoc%)r8_daNX>_Ww+Y!oOD_`+PHC;6b~J{SON<yK<l5cgidt
zOHD}I#_?pe{^7dS8yr4|yjrX0kL8xm>EBgVWMvmPU4u9HyVbrJ#gQ+s?^Kd>_W*}U
z^Ii_gnt69X8MLc462J#6{Q1EG0419Os)?)K&-wJwSil3i`pOAt>)Trf<GrLP!1B>f
zB_zl~lQSBdvIi6vavIG$8Od*Qa9`LA%Y-S^6o_VPel@5wXPxiLtj~iw*jE6UCj9UO
zhZh(xTh=%?4%=VnPb<__^UkYY224c|@GQ>?Le@=htL4~SJ`C9Bj^45gQKQ|TdF!rI
z`E=s<$%0*D`Ri&3I>|djXw!5_Z>kKD4<t{xzCI%{-&#nW$yfrhV5%E_6vu>Ze~XpU
zT6ZLIoa-AXFxjgy(f=@V8#-AW27{Dsqx9VeGw+f^xfuU%J1QV*eWdspj}zK`e`;V6
zrdv<>AGqU2a{F5#8KKp>xRN*(GpE8NPZSqBw7iW`#z*M8p1Iz$-N!di8uJSf70pns
zh8HV9R&~tW)ae97&kt9#B+4=e%eLmIJz78iM&p7+vH&PLEe#;;-DX!r$FrnRRRaIS
za`%iZEq5K6chA*O^{m00m0#K<D4?W4MRz6TAoXg`oVGEmx8^NqsYQ8*R}}r8eeJH_
z_GnPWjyJYc(E{|4QZ%M3f5^_(_ADW<4@aC{c2-VwCPC$m)BZMw{3kZ>p(P09BZ(wT
zI+c*xlU{YF%rt@;RI}}k-9+uYCVYf90pOiA9iJ%k=DGd8HQPUqb%w`HbZTTM#_PL{
z>^C&@L;11T{V(?ZHo{6}-ub66tY~eUJ0!v@n4NWySxj{SelB$FGB|D+qz7$na30}j
z-vsHz<L9n`fg3`cvV@(ZBF$`K))MXA5h)NUJY<pF{f%cz*Qe{s{vy`>Wy|o}K7FOL
z7;Hp|4m*?w`O#AM$=at{TI;(|{qfG%&)BS;M&R1iCpRcSFU<oOZ+q$_823iD!$y*w
z3GhGsPmexT>5`lQ$9Mvbxr5{b^(Tqnf@w)Rkvd6dXoiQc=yFk@odop8goQ^e44^uG
z0n{35v<d?^Ob!pfOftav09a?CTUjo3Bm~o65)f?Zq?J(sf3EnlcNIf=^C8WJ&fQvR
z7-`5^NSl?$kD@&-rF+&+eC6zU=e7#UVlih_B?-BwSIXIt^bnS3ODt=!1Sz&Cb|E9Z
z(6GS{xy1)<rYM@4Bg?Xz(T5O#cFM(bPM^&8s%X6LRk8j#y)`f&t?$AZ*cyvYHhPBU
zBgH4`KDk4xFTdgIpEUMGQAl5j7o#Wc^w;~p%6F=s;R5JB<UcO@uz=K1`SVo8CmUy_
zOgVmIg@;`B_{_Xk5|MPDHX~U~KvVaLyGb^;d#;-JsFSj7^KW~=Ljo7n(D0A#mA)hC
z1==nx?s1Oy6U#XxkI%wYuQeYeyeSd};QCA;9lPr8`*&86C#o@h+igWwc4mtRviSwd
zU*75!uI-M+0FhDu1#58O?JtYNh?4k3SBt4lfqM&EO?*UGy&mj<*(aZJGJ$c)xYXR(
z`@H;UF2PmI{y!lhA^ItCRMPCcfCGj@NeQdw$H1T3;uTh|K#veS!087Vule(cQs-0l
z$CyEnjM?haBP@OT$3hZ}P)+aKBoj|3s+{47*QiL}8gPY|G#)=oGw?8~xK{`Ajt52L
z-9)LAt9)eTq0}B*-rg(|AXP{YsrTkC;1d-Xv~d9`xmKk4v53{~S@5>7^y4$#7oA&l
zT?r9EavF%DjtMJ>&lSA_HCq{DSEe2tvIvTQg|;jj%@wlYk8sjTgGnj=6<Rd~+`p|F
z&o0Rlla2CSPDoY`R?4~lk5QXZefB1`QkXHQ^!SC0@V&X9i-kWezpQBUllz-|01oq0
zq~|&8lNED{cG9Via+8ZKRHkI-mVecjAQK;a!xjLz$iWfWk4MC)Y6Ws<yTi}bW7VAT
z>P~1{T56<7^{ZRSK3%<qN9U$WN^+4PWLy1Y0F?nh3VZv*aCZ9v$5Z=wAWN3bgfY=$
zX3GdBSG((A{@eOI`Aj@j;K)!QjDN7cO6lBXpk_0WWdIurveiSJ5;0OV!<n_Fes6hH
zD&@$X`B@pxG{mAaV~$=qb~O&_gBXKPl~7$e*AT!)A0Z4Dvs<myLsG%{=XicEkKY&T
zh$UK~Kl-v4?m!orBAg4Mp1TINHT0GYia^H}+D9d)Wc2_J=;i7eIjP;*;KGE*RB_nf
ziA!>m{gUsmXNKL|C^M(+fT6~E>$?4*S264KiD%HOWUk6xog6^L6jTa+4~E8+kX!Up
z5+R~5e4cDF%83Qg^-o<qwB%({`J#1N%x`<LcY}aL=q=Gt(MUHuE%BaQsSCD}Aic9w
zn!;eI?p^(J-e2QhnSuGD5ax|bwm~^8oVpWPC8oDawx2P|uWMQB;+h-ctbw}B_<T5|
zrz)3x`H1<-T|Wx8K1c`T?;AXL{8ZK;R{<#TO+?{U**0*K`{n+ma(*>zHQ>t4BCdo+
z%x`+Q1rm`bC*1%R1i}*YOW{R1x`@)7FD||S?a?-xZY|CHz@KFc>tYJcQyd~dh>R3-
zXe+qV=&=2*XI!de7(nKUF_KoFxB`h+SHlQ62{MlG{MuZFq#{G;f+wgrkQ_GG{Q?~M
zbY)4r@cs&le}*<P&E<q1OpI^tz{7$QhVM1*sD(U;-9L78uP##uT3WDT&hKA`j4f>J
z*KXlug9XAgM;A8+PULy;XDd(vuRBaqw<*7(Ml*%b;W@qnS=Sl$4U<765d?%yfY<l}
z5PBW{aLXY<02&3WZC7jJ_W=XpQQbu@>bIS-($LXGNKQ>6)trfXj^U;fuhLg{hqJ#;
z>nI$Q#ry!rRTXZN{8GvS8Q9MWP@O`a(He)0dJT&lPa)bqeAN-VXeS{kHsb1)k^E(t
zv)$d(|9hjl9kYG8B5U&PWwjJhg!R!}b(w+&#Lr=jzaT-Zp3`?*Cc^S1{A)xiV4SUZ
z=Pd4FiF4ptnMGL)2a%#6iyVeZ0l!u-oeTk@o_G5xO+(H#t?98bVB2%79&z-ojQyf^
zp7<-X6?o%Id=){fUhY@d)1y@88fi^mk1C@qj|YCQPZp}ngNSH^Yr4N9=4f5^WuF>^
zc3C3L(7|5;8J~d6GD0R0d8<XKa)Ej!;oq#rc&UzY>G+W!S?4cOyPH|V2XZ)h7I*n4
zEEbgkUC`+daeb^F@8U3YZ{4?)h|tcjid<!GPoml8zuue-Y#S{Fl>O&jHuq^aM|>$h
zJUm2xkV$wiR={?Fr?02$5bU6PTzk-j3)d3=S_N?FfA$p3jdds6+j~I4_~*g=15Y57
zV+Tda0>RDxlz}5aJxVFSPhGMUUd8OZ4E!xdd#t$xJ1TErpn~D<>^di)3bu@FbiTj%
zLziA*RhXY!%P}#QChq<jO1u4Oyb3F!1omH1E|eB<zY=i&-aa_VR2(BgSuUeS>(>2q
z0V#`Yg(eN*Hv3m=bF5N0R30ZI`N9OY-c(g}s7HENH)4AVa+mMcQ}Zx%phlPG4Z`ya
z3DY9<ji8LLezEdmT2E<auLGwBK&8D=YH-pN3Qc#bpTGTM{nK4NS*-nBg?7iv)=Tlj
zqk#X$TB&t?S<)BaFczjT4#=MPw>sgwMf%Te!UTH-63(_pima8(*LK@M=0ZKx3dHTC
z6QfbD8O^Cbn}g<1Czg#O=ImLkc;v=gsD$hZ_#i7D_hazW&b@nTuC9VFw=2%Xyy!n5
zKcHa7zm+KbW5uo0x8oK&pl{)B>-_kyB|va1?L)g{@9^M-&E(bLmPmTBv5Tlzow)vF
zEGu^_<O**eN44c~N73Ex$H9RfAw9yDlzdR79<B$Qig2K<sO;U9a`4e6OLUQHTvhvZ
z#v=Q-1PK`7hWLZK2Lj8LlncN?@MbR|Fr#6&YO4XF3&!4eaFOS)1`S>LW_#>Ul~4fu
zVysrJ%11!{&Y~tjT5SFcK}H!TwlD-meIrx_z0{aCzqpAHhDNbqy*Df*Gegw|5OF;1
znQXe6K8nGKnxH=mlIT4lx>n+L!FMKQ{~j3JN~}`Gsi1;(tg{`-OEyDFn)etj-?%V@
zojA3O2-mUdpaZs0X0R%8az?hT40~NzQP2^PizJX?n-irhVF@3w$lSkrOC(%_mfv9~
zr;P=iHfS_naj!93UER2|E^{Z05n86LwzG|{Im2YHNGDV+ekpCHIB+k4T}&Y`^98Gd
zPEdbTMvH#Sxx9;tj5_4D##dBK4~b*qqD%A#tWmGa%S%MNnsx_0>p({vH4nRG7dq<)
zB|+h;FFP?7`)<8KVefBpR;s?*(PgvBmqHqqZ_13e>x4l<0@!}p!V{hSmEt1c>HE{|
z?otLqE~Y2+qvkHkwS0k4Rr<)NjpDtnMjX~Oq6%KL3q)q(%UQx(-LU-C$lS)c`kgjF
zz2vKk>)K}mW%OR_nAt*%SHnI4&gD&X9XFPrVt+lxgE;uQiVq7;pA=?YYWKWUl|k$7
zpsRPOmaP`t6r;QZjD9mM8(X#gw8SJ=$~@kqFw*uK7UMgd@^g-=o5FyVDe?G`mD_LQ
z&<O1X-tC;_I4HVpUlF4g5H<b?6z|u%1)wT+rV3GKBO%^#PSqQyB7ZK4rKvMe@=LjU
zZ{13vCO#g-7=scuvQf^p;O^H()<f#DmyVz}>-Oi<Nl^Y%{jN2Y6VLjNveZ!6`RQ@k
zTr@zal;^2qNx!~UR~_&YBhCu-=gJdhy`69nAI-A;?ad?nFVc8>dpiW2gdA*Vy0hDz
z#bs}T6zPc-B8TB4!VoS?X)%XWaX=TmvWc*}Ao?7Ud<I*+N}sLVaGmp~!GN!YG3NVn
z`!)1WmUc<t;H$rB$>)N~!8M=!rBC}du|9(5d2~XYgJCPnh`Ic-ntSvM&o%%zMp4r1
z(%BrZM^TGG$=Q*cWB%!4;ZRDM1CZ?((|bO#Vz_fAbA8AQRTV?@_QI^!liaTtGk0^N
z8PAL;Ei5#orJa)kfY@1eLxW<AlcZ#~iv%JN%6w0`ZQi}D2>MHO=cC34#m3Hp`NP78
zVb8?>jSu2k2AO!TNAIqaX5xN|gQW{<5!6cd&YHeA=X<s@?8}fXv5%P#-R;>phORn#
z_w0yk+lxb12wf3e$bPhPwfHY8<pqNqX%$_b|IF(%IZukVe^uVlNSakr%lf5V0YwZg
z)n8tmPgmL#pW3vG)!blAeAm(+>Q+G^@(CiU<$7wlI3&%L_Pm%FUR_iDyFLQxH;*0e
zo0&5mlP}Ke14`DL*p7U{!nR^pvF_I7{60ZZ{yyr}D@rg-Y^%<P#&3{TpxCBrQ42Z4
zl1Hs10Cx^q(r4R`V@M2yZC%A#J9_s71GLD~*Bnear6Gc*=WG2>9VbYe)di?bo)vsC
zUi0kFd1OYL7pZc93Jj#&@{XGWnoE<YBQ5CF1PBEPEds!*u%^4+M-f#!OjL}VcCb}d
z^=9|8#m+t@@9cPGrgecK$M&i7;21(cXytIGD;^r^gTH_33>6iJeDW=js%h7k=+BAU
zd`7T8EOH-PM(uAaecM+!3BnU*K6u%5!>!>!YS&LAMn@_qF>ii{8_J&}^0Q)CTRh4g
zCgcSz+BzgL`=^-mk9#SpXm|k+e=U+C)yalx-tKtARJ7+K7&q(^fl@9)1vsk7mv|N4
zmGmo55jQhbyMXGrl6!;Vug|WZf`SF!A^e=3!a88VnJoYPf&Y;UTBYZjBO#B0UXjw1
z(#H*x!Ua2=lZ|UP%skt4kg*cq)p1%>900=#uF=s<BCe4mg^INsbLvAQpha09@0J6t
z*Bx2Nwd$(wgshPfB8S>fUvjs1ed4X62)pJr)8ZXbsaBnXAJoQ}@3UlJxlyS*DsM|9
zr<6N_`}q=BpsGtzjMtz!knk^a4nEeLCI_6u>-oD1$qL7)=5tmBHm!Xs#j|c=Q4>dn
zrH_e{88*5tAo6ae{_$#)d2i+|8^}FdI%F$Z$N><k78Z$hE4?CFT`PPKx4NFOwa-|<
zW1V!`#2JwOs;a~OY-%F5|0NLrstZ0PWpG5a*m0=CP&sT_@D~4gJbQm4+t2K3I^QBZ
z2|P3u!YmTTthBur=sS^E@!nPmNPrEsF?q*yw!DZ(%^7qAEa(c!Cd1^k9mV}Fw3Cw7
zUA^Mt!S0f5_m4MtnhpTP{wkfLfqGa+#h)R}ij7)5XJZSPD(`g=lGq6=YcFaI{>Y=)
zQ-Q>G(rlm7?^1qmuYpzIo@|^C`FQ)1Mc%%IBlRuv>zE0%1jE6S)O!*|_n$Ga(w>XD
zt&}oHS#wH<iuuY@IkI>(<Eep(y7Ybv(#m{8G3Ldy{jIlzMBYBYmtLh`{@CH2y4uQY
zw}1V-s~{n8M|mQ#xdHRbg+6|_tj;zHml;~eLWf=?!6w3*sqz@^=1;{&U`6toAgEJK
z<e(Ojp9LqMAiulysPiuH<Cc&HKlbvWw0bj1=D2K!UjNa9klbTma!P{rY9KY#bGM3z
z;}qX0?b%-W+`=^+*^Tw)7>oTq?7dCOq9t`8+M%JF0JPpZLN50as_<W}KO5U3Z##ba
ze$0VrL%((qf2x{sBr|>F;Yn@?LH?*#Y^k=05;rkbK`WOAbH>cD7bQRT#gs}7s~HWe
z?ejDa_YTY-CQ~S*{5n%6QGF=oVIg8}#MJWJx{q5)?ippqr!9zAVd!556-5n<p5TSj
zO9qya_0H&`bGwW{JLguzIHv41R~k;78S62@Gvlk#6M*gTO+ZstBwGt5!gXzHpsg#Y
z&-{qQ%9=`zufHC*l$3o{0vvR}dH;(2>;h_Xhx?%t2q%}q5h_v6STvkVl^6$f=O^Is
z>~2M`TYFlnAT)_63PzPpqprITtt)7ck%8s~$r&?BU<qc!DO(K=v{B~YfC%rFf4Qip
zE90hc+DXCn<*xCs@>+F0Xi%VfPKJL%hV}KulAMc(#s*s334inEm${0|jXj>EGvV_d
zjO@ghpI?t+C1CIZ!358{n#ASu9@Py*R}x-EhPU=>^&R*bqff`r|I#Uc1z%vDS5L$z
z*=q6!uVSgBrN%-`_YHPE1}CRp`}?Qj*k%f6D%|V>$K}D{|0ENZ8$xcAu~ZJ?)#|`(
z^RchxERHSWxwv7w1NB{lJO&3N!A?}e!?`%4OXMs&>3=||pVLGb_*0TYqST-;%gnu0
zzcU)pQ@2~Gw+)wNK})rJgqlJr6S|ZenknA@5_rZU2hZQFeXYiF12VPxFHY%puPAwd
zddTEE9w8}c`KtCaL-4=cA0SInV7bgfw~fqdSeFv6XsP}IN05M3$!XE%^#ZcTKL<o-
zhMOfN2|iqoToVe+SH;Iuk^BRyKS@PHr;QK3C5>l}_;<Xq2$OT5%=;jC`GxMAeU6EH
zELBMC{fkIgk3LsZ|EvLN4x?{X4l(ny)gsZg)1Mb&k^hZdjhPRXH;MT3m1?=<tefP1
z9}YP#%3ii_@k5p+OSJYy)edplKa}K$0-z*R-H6;C$pMQE3&2$nO5tA2)p?UE$x(qu
z0O;fdz(y{e>vY;nt8+i_OZ>qW5~Px5_yz5H-?fE>Ua+m6P#uOKBpGFNpKeF!YztNe
zhdQ<CmvB~&ruOv9CPN_84(Wp2@7levgz?`kC?>z5WT!(5N#Y8Uag<y0(VpoUc=Mp5
zHS2vVFDd%dJDsUW4^>^M3u#QV?V7HKECyzMxtYzwWjaFJJnt&Om~8SttKLLNZEd*a
z$BlQry5<oM>II#5askP_$Q$3;mv!OhalWC=;|u;kG$$<l`FHa%A#L#+eUhe-kJ92K
zNdAV$2Ftd)8=^n~`faC=d$vLwh*m5EW+Ye6zc<>Jn4X??x0)nZ#>8P+vwP?sp!_{z
zkOE<AY+PR_DprN`^Gw<lEv`>j+b#L7%@XURhn=cx9vb1~Nw;(xv(J!MCz$?{(Sa_0
zg&r*aRK3GW)VxZDgq1R@M=Xp1xzg0|BVcz7j~N>W)jn8br%y;swPtZSW!d%v1eVBm
z`tERJj@Rt<a3WP(x=2>z)Z&avO(4X>zpd$?3oti2XW@W#;QsTBZH&|>VPE70n@BP^
zhYqYN{!bj?oS&b6cHQ~#x<7GsD9aj`o@*cMVu_dWga#)cqGX3RK19cCjCC;k_DXv+
z)lB}jy^-AqgZ}39OO5V(o>;L~lI!<1rk6yYk{nl-oF}*IRSLr;4|{4t(&9UVeGrzQ
z7FiNnU?qHK2~tkLJPJwh^z(V%#YqgF$3p`n5R@fF%D(Det2y!sDm2@>oXY08f3e_2
z_>TCtSErHI9iK%3v0!}@mIf>QmNqJ#Q}C<4k&%8WkWb}wV__k!@rYNw8DiE@&bM0o
z4P)iw?Y?)~phRzDF)`*(GO}@F3z={noKb4et>Ls)f!rV9PH8Bu)UjLRs61W~e1GGZ
z@xyCmAY8;|X-7P*d(_ELFKTC66@f=`Z(+Qb4}PNw6Z6ycVN&LB(sU)q9-#L+6g=h)
zt>`0it>J%m`j{3?Ml$f)*XG?JAY})cYGxTdhAGqwfPFCm)=YD+d1tHWq#w%3B!)LH
zzra<0jL2nI8W;P0YzYd$rQtZ9gYgzOj%7pj+7jUNXu89fAoV;MODffN6|C{<0#MTO
z0p%iif)g@$IIX0PKx0_|=$H=$>0cd7_C&--?vSx<@&l5TIoan1^_;2BC2eVUKiBZ)
z$`j*TeV)N7&~*p6x6tfr_>yt4qcNElFSCdC6N0Wlx%KGAQhn8_=Herh;EcreHz2*#
z7)h)&H|#}S)=pR7hHGkSH4?N``(QGHo91$0a4#*R%%|FR<5k@Mv=K`7t#q!H%jCn<
zCgQ0krEO0#>*vynPY+nt;w7zF*_3IhXL`ENUh*puHp=vFPd}_RsQT;A;8v18n|ym%
z?|?hdAZu<6Cq{32r~IIEx-mm5hF&wLm~bhCohQgmL!IuSZCe8*8nP^O)9q;7r)vD8
z2lL-q1KF}d?RSlsX*n8N8Y`4Hy||?x$9^N8;m7AOP%EPN>ET4ZH+H`6=i=fq@4T9r
zv74sqQBVLg#6G)_3!zI$NIXN%J9@<=F4rKNCIyUC=K4YiGw@$33&rb7wOINF5|W}|
zS|Rkv-tG4Ks8A{#Q?vH_m9UlNDL!xKpujpO4CtQ~g0RI~sf0ZTYFmxCl$T=jIzcAE
z^8`&m?3J}|+VWB9Zzhw6pM|mBv0FAQY4}ft;k}m|-)Ema)Z)}fr<{{9!$!PF8<?!R
z8`MOq!-`d&&EswKqFmaFxN0`tY|n6|^Y)0ixWAngAUgm}lNRx_u#^eAgvWc`LS7;X
zimt+S7A<D&4_JAdutM4pd-QRHKA)+-^bc3wdDYuPQP4ZKt&p+OW6ctNDlrsdC}~b|
z*$C}|i0e<epX}Fe5ETn@^Ku6+sO#;nid1mq#3Mz}x^Fs??dH!DBbayHYTrxdC8c!D
zE`fmUV%7}9hd}b9rgjsu3-}JkrkX&_YnDW#8PAGJ1@Za5Nh{+}_=!t_zAiw+9Pk@J
zG2$^9+&$j(!JC+NW=8<|8}~gJ2q{VlVk^wf5yF^2c(^)P;Q{)m7G(gs<Wlyge-(FN
zvOxH@SkYou-65d~{jA;Ks8TJkp_@oSY;t%k$s<>YU~NkC{6Tb^-NSFyrT#%IJ`Paj
zasg5@(>QtazgYll`gdq(nl~z7nNta3Zx>|L_eZ4LQw1pT!Y|m8<}Yt%)WywlKxfaF
zdxeP7_}zabiy>3&%$Mzh@0ILQoH1B%OyPuI7SwaFTRZ0iqUN2T(qa1mfL#aK+HT#O
zku!;)0e~a+>oEz6JvC=AMuZQL1vWH7Q~yWz>O8)PCR0C&-g}yp^W-{P3wOxE3a)*#
zu0C4PxDATSt7(jXx1JTmyfCHtr)z07Gt6m!>*(-1K=#1?|LQJS_-PxhhMnErc#<5v
zjWZkxrx&c)|9QX{u=r=~lwWyHg%DYYgSJ<YI@YRS^JpVj&d{2kanR9sKN5`ytbrs*
ztWu_6*3MDi;C_PQR(TRx?EzKdf1_zCSYAL>o7Y<?tBm*s^yf&cXQsT@GW2#G7Rd7@
zCBVv#cM|IF&dETvEZ2FM?aBRL9t!sV7pbioWoCZ3nfz$0+thuspH0gn&~pFF=`HM+
zVW${AN4fn>M~yN;m$t}f&v0JapF1}Mj2pEGcYbSxd0FyZ+d+}=JZRE9lsL#2*pdeC
z00)C{T(s<KCVZVl&tW>^2(?xuXtFl$1AnWK^BpZ<_-LwCeBe*Y!1(eL6UoXdr0tb|
zH3W_4WQXby`rqvBa(!P-tJ@#1K8_L5sI|aI%W)C8ax`2(<ZYF9Rv~+Smy)u!o(_om
z*ZP}x6B`QXk)B8yj0NG}<k2f}oasP@;1XOQU{FKmeZ(x|_3DVL5R!Cee!S9sFrV|7
z6d^yfO)bqJSB|k#)-FU}uS?JN|ByiN^^bo;!VMQgHnDNBttn_jSa^5JC``^w0Qgg$
zK63XTno*lNc-R|)=&z7E%yd13a7yB1^8yBH!gOv7ZQo%nhix0>0W1BCJr74ym6JO_
zII7Q563tC>R}Or((DhlvS<Y?9F)<D!6AsnnB$5CiX|imGo0NDn`IhF(TYc88&S9Qs
z{Ax5g0h^`Co7))nS4MrUhkrW^PFi*up><#^;K}PszPx+<{c8(v39aRprRs$KgP*!H
z?Lxf=@$)m)wIx*`nshT+dmLm`A2QATABx$Wt7FVQU+!}v^J4;d%5Q4GESZ~c5O75&
z!|D68*)t@iQnc*!f;{Su=^2S0g`7$F_bokDJB&EqcUyeBJ5;qwt@%f8UtqfAcOM5;
zP6h9FA-Q8XlvCN))X?BI@e6O%P)o?0D!3%4^Zk^V{hj=(@jw3a;BjSd`7L@~9IPrj
zh=X3NRl0jJS`ts|@fJ$<Nv%0PZ>lqH3?hN1aYt>EmvoLoava`!9hz{9DCI)mm7ajG
zo*6JN62@K!nB_RsG$>|dKm0q6QH3)IIX5y*N8IiD5DC1c{!=6@gCxCfj8-461o<2&
z7!teJ;xd@-pS;|21)lHVi*9(-8L{?5aNH^w=sF^;EM33!Fj0bTTC}skuqyRkD#zp{
z84g8M(r68TtmAZEdl@v`5H7J9G*)<dfiJ0f7=1iuC9Jcxf$+&FgJ=LhSRxg&=4B1J
z$rler9frX)HW-43*!n?)blB`3cUe*{2^Qx{Qm#O3>ls0MjK7{78(kWxM<{PP^U{1h
zPavV@+(HMMz*Yv5-4eqwaflv*NLEN>#+LCY6BGW!y!PmN9l+1lLbCIyKrrm^VkL2V
z6<Xp7YPc%!Xfz*b3hsZPi`-vpy7y{xvO8P(zS)^szYC;^kO+}!=qhQ_;UY$0dDhDA
z?;9XN#?JQ$<pz#b8-<7IvmD1FMf0Qqwhq7(ZjkxiKfVv5p^stXX8XNgq=f8uCI62b
zmE>A_q5&n=%+huo{PLvP_#Mk^Z*Mpds7>Er43?0k!kO2Jw3Y+Ldg6A=uz%bSbVF_?
zw?dDmD0jAB&^+P(efof?!9BnGlm7pQpQRb70VKqg)lx{?ku5Zm5F^|@D79JH%8z#Y
zj9Tdy$}AG@jUiphQUMrQ=<tV#E0`r|@xQAWH@-}K1tL2~TAYF%urxLyrBlPkX+n>5
zSFR@p(}meaMz;_(sf4^5fYn`39`Lv_9kc4?J#BOi!>}uF#K3;4qa|KpV6XtaPnOs!
z`tsVORDU7xES@@CVz!+KF9ZW@!c40&ad+cE)`lMlNF128TTVb*sMw7n^X;rx8ykI#
z&l{$KK|lP>aTCG1=zfS<5ruP$0SzRFc`AECMZ4Z~9@eX};Jw{GWM#w5bL9q|Cl3sB
zzn)u7o_M8HH97975bhxo*wKojh@b)gs~`yZ{^ZlOHp<Gg*qWqL^!Rw|#deH$l^F^P
zDSH@DBa-F5CX;IE+pWqtetl;r@<8>Sp1u$Mz0Qx+o?k29Qa)iF0jGFYgwZ4W5VQ`g
zz44I(;xIWyzI`3ux|GAk+Fbed{*X#UVl4db1e-l2uGtA=5zt299S*-eZQ9ziN~6_9
z>S%b7CS_vn_9tpAEwf){x*c%Z{{rMxX|4nv=r~eKKm#k|_033?O`_vrf6rSDvvvY&
zB^>A+{5hYg#1Q;glw|*8b1+u~IexNJ|LgVagTk#_+IU6J#u0Ky8j6yO)Zxoe=D4m7
z%o@ES3=xZHc4F0ikR!wpSXA+qt=$1aUjINdjuarcz5jDOALX(?!Eu?N?99nN8e-GY
zdAz!@4vI~-g767Tv2a7y#qdk#WRDFD`ZB!cVDalPB<zAT;TiTa9wRLgV&+-hSsDzb
zr+duL<?)|eibC)*)t;Xu`uhcijou^Oofod>Nrz<rqMEY@pcWOgaiM}~U?pognU|c$
zXGg*3Ta4BjcyH1Q{)&SBDtCh~EPY|$23gESA5H{Q>I*j>x{X7m)%;3jyNsLOQAnf3
zIALs=4Oj^v5tdr26s!I@oC<{Xy8UGK=)5}|2Bu0(e@>>BMl^eQWISfk`IQtAarpz1
z{?CpzVR{d`T>H(C*Ul`st|vG?8VuRF%sh8ak$N6Y&V-k(yL`ps7;*E}^=!ryY%iEB
zR0ijz?V1U;wvzO}AmE+R#avj-gz%;FaO{q-R#$<;48f|YfDRzdk55E&HL}*`U28*R
zhKmcls$_w8aGew9Ujm}PUT{UavizK$53b=QR(-BB{s<eRt{;@eD0b;74ibm6cY`t~
zy5JQSebWGzX62yjJwycmQh<0eu3_)wZ2THj>h5)@Oq`jCBJf4pQwnH}V3}|0J%Q^J
z8JlxWPKn9eT$YO+q-zJLem+P`iOwtS;TCxyY2K0y=%3TKg-#f;E<Ak&rX;+C$cp8G
z#Vx~kdg660UYT);+Cqf10POS}(yThbzt)BI)5Ss97hjsI7-Q7;8ymejcDT9byeFnU
zGz99cG(-Lxr9{>1mUwF@nmTE0DjX4R*ykNcL3o>~elRxTXXOz$mVBIqG96w&w+OM)
zX4uN?g=(8EUp@_7!K6}huqubiewQPeyHWn)cxv%C*52;rwCeMYiB=K;i>12KO<H<s
zFp%0VE_=N@ECf0*!rk6jB7E<v|M_|V8eC7E3gD|jH!l9@TNS&$1SE%cNCP*cyZ7@M
zciCh8hP~UJw)no~qGen5zYp<Lu`(EOsotvIC~|yF2`i?5p_Shnd3()GuOI@lw**1J
zMTf%7&&RB4#3IpAZP9C_4J=({g@&8hKatrF{xZbNP&?B7dS)blz<Y&B3uo_mz=@5q
z+V%faM%hkd8XodfW;`S!m&tl8VgkrA9_@c4N7hA}xuf%wD2j|c5On{ff3`jmtFFiP
z{2stM|1$KdsPpypOd_5Me2i)aMwTUl2iF~dL=SAE<Qn>QRm$|RQZ<|o175!`Ew4Q&
zS?iV-JU><XB;iGrQ~`?ZsQ9{XI%x%a(gte2<DRy>qX1^4#Mk?O$a?FjDx<Dn6r{UL
zS~{epyOa(Q1ZkwZyBkEhLAs?xN*V+NB&BQ9-Q985e&2JxbI-m1In*)s6Kl=+tGOPU
z)g~nlQ_`D0!smARqTl5TM53T^ZHqn;<LM2X(fv2sqlREHS3?81I`R44{@-YH0Ohu;
z!B3AEl>5?14L-cq+5|#~bK|(FUyucnrbngoswjEr3vBYxKWuL!t7U>#x8D?bA174=
z^`&#6=p}rQ&XrEP!xC<jNILttHl2?^`FzXptkX)&A|%wUteQ}W3tgnlV-ujvAQ~7@
z?EaJT6t~LPLh&pIblbMSOrx~0h3MFEQ&*tWo~2#CiBw$C7rmWQ-9zz-kaeu>MFM32
zOx?`C=AzQ1gP^{cl;%E=b>-<P?*10cVTkcSnk)RLOagA{Q^VKmj}@KZkN^2qwZ#4S
z1a%a%hYLJUPfsXi=ETA2MOs7&VK)f*sAn{8V=+E`lE@nV0IxFW<QFvALK^T5lW3ua
zqD<50>lJFhYbXpYFZq$h;r&O!@C1`e+Nt@U+iA2KpLPXK_64;3^xX$+NRg2KDCQ^&
z+1o?;ZsGkaO|aS$pxb}_2;y^n+>xfU_p8_MvamGevRfzL>myI@w75gQ$3bp^n6c$%
zbpWmD?`qNJzMb+ASAp**=i^lYH&&0juc3uaL%Hgu-!;N<@=3Sl=1TX_@1Rxt_JIez
z7HFZKih!=`geGo_&Wwo?&+|ccPA*<HQSpL6sZ2vFtba1JED&&W!RPL%2@Qw!FR<T)
zifPN8frDQF#%AMB+NcidDV9=<?{Pmo)Qm|%AZWfoQ4BcQ2-*fEx$wIb+=DaRU3FL!
z61DOw&A-_m_+!U)EteITrS(4~J~5!GLQe%55T~Hzj<_UZ8?(Q#*o6H=lAn0DAKM*>
zk>Bk_;2@Nj`$nKMBMKq5UQ@j8-h+|nS#7-4t!q7w_U1n0jNjLjY93bB&)u1B&J!Wl
zpI`4}R#xLFnGDQp{25RsZlYM4rxV5dqE@EvawFz_O)|DIh2Zdz!vT-4KG|GfWwrmk
zA?D-q^ruR4<!`@q78|td!3mL3q}QD&{9hQ^un8R5@q41-dN3ja4rq_VWvIl1a^pCT
zjt3R8x9J5gZ8;gPvz_PbjIzU#vfjl``vwG2nV`Lgdj&@N7ADIccwL$Cyf4?fqDgm&
zTK!O1o`Zr(jXGUQ7j&;BzR&r>jUY*Fk5Ws(ma`WvPNW2cNS9=%RSj3ycjjYDx3X9n
zxKVgb%5|{WvMe2oDR~}T3vX_-zbSp*sX^1$43$J&aZ&)^4^?a2Ab^*+wrdMQC|Om{
zz2f0{2|fZll%A%ey~oBOf$bC`D-JKAvLz^hgNN6>b9ET$@hJEhB*SO)4(p~F<02Dv
zvwUB)-<_f(aPwtYv!+^RmzI_-y8OJcnj<PV*PEbhS0jk&?rBq>!zl{4@<i*q1y<}(
zT)R>cyEutQ8Jm2U3YyBCdh|LXc<ODD$bepRqi5UQon-pW?-~W*I+DuN-VUNt^Ld@`
z5zHum8*?X?WTT5QL<you&&c@sv>|8HXxrUCt970~n9WhlW0QuCW7LdsBJ!juu(@3)
zM75WIi>pM65lmX_*QzL$U*HF?(1!O>oVcfypxCSqE`NA5$MjJkh|1^NiB{SnhHYb~
z=<5NQ)A1q_OZ(B~g@(utnplD3tv?k<5YL@$q=5MN_YdCLukblu!QzDIuGHRL&iUPP
zO&j-FQJQ#o)N=PbEL+KrJs+Rt)2nJ$ZoMiXk4rtK$h0ITT>jO{jUqB|M0&!_b@|dZ
z>&N82*jJ2|^Mv$R%3MX9n`YguY0;>pFtX;w@g-Ds?2xa$^uIF{)XZ6sawh9P$qfw+
z*JSfXlXzdN6&Q72poQqN9Nan|$i(zm9_g;F7uMD%vuI*oouBLEZ;yrOzN4iIii>*S
zGK3jvZ|5GLR^}4KZ5Rpqx7<Ak*NnjyZAS26M%kneE+Hu(jcEKq`$N0Rt$;+HCpdtS
zv%)-{$ys(1FK#|3;60&`qiMta)Gk$NJNmoU%=Se?9^GM5y+j0RP1RDvRIxfIn3gx#
zB&mMUK*tiBo8_2+WW76F*cX*u4K7n>R&M#l(ISI&bbAA1Xkn4Y?{=W2X<%Rw{?l}D
z?^)*!wI&Wq1l5M*ddlnWxtY{)0v0R%6E0*zj6gZ^)uk!2$W>n{M1R>232J{?>8L%+
z8sPHPi)d-z)_vpJze1RNUw-azrPA^419^lOtd|)Q_V<=sR9$=X)~&br53MwpReccE
z8>8|qHjyBz!YxlqL7QN?>@t5o+IUjpu?lB%LJzOA?f_W9Sd|<8Je8cEKC>Kd3v=;l
zRFC-;A1k$2AT91h%9*@}&Dq^}PE7Fu$YAv)4ruwEP?ZY{b8t>@eZL<uO}jy3C4sFD
zs=a(<#|W%h4vGwuE>t(Vc|AN3@%xYJIRuAs6p3l3`*Y!EM;PbVC=rT?i5&`_WMtIQ
zGVfEr6C5k-`cJuwa|s1-RFW`^cW8dU*B{UAsgukv8qp4-vT)mEa#==^f~>TMo$;hA
zzJokJ#x@-txloExH0A9?C8m}p$txet_a0=6c*d#i$8&g|ZHQ=A>CRbMTBZ+#9Y{*h
z;sQ%>Q$C5QJLP<vq}C$-N+PU8&uG&9hc8=?bg{uXtb9gSzMI1_){k4kBEN1`%yK_v
z-wkFtHIcW5{NH?NA1g%5bQds@JK1@<Rv`9;zj`kEevKamNcTwO&SUo6<Hm_~1cto?
zCt~XdG^R}F<o)|0F&N?&H;<R&k#>5IDk<SCrYJAyb&!CVYNb|Wr&rwa>tx~KcD}<9
z$Eh+^LV~rSrpt6!4L?#X`+cq1Fw*t$awDmj-$UiKupYMbi&w~=ZzmdT9h<$9F@5i3
zbr3D-db;$ziT{xaHw3FG951kbH-xqJ4<y3tY@@uvOpQ^r%-0`-IP)Ex1fx(e&D2c=
z1SE}>5*3KaCCW@GPoV7IMI~jSrK9h4Fu+=BlCxn2`s)<u+&j{WpF78hjEQE6MBb@N
zNig>7OUw0D2-+mZ=vki0ZT|hb+?p;nQ&r@#i%uVo+LWMHw(+Zg=KSu0dZ(CMV0w0z
z-*0OuU5H)x*N^Vsza<a6kkem5AHMP3^CO>-uW#A=j`l4Cdr8B?WsZi|y2I@h2XDWw
zhFg`zN)}z#&p*U$zc+lO)b-17s<g<6Tvwr4y?$hh?a*NH^u&$#vi;=D_*7-_uvI?U
zSN$D75%FbvtRmusc7RUKq+CQx3jD?n-0;lQVF%6Ojm6JFvGWhB2-MYIz9ym$>e#0|
zWocUQk6XOYhv!8j;+h+XM9qm@n(_R19*$K*${pc*b;XE3PNZw#bK2V`6HD=$OvI}$
zj7cFVHw*Lt>e!5WTT-3ToDz#j+zh}*;A$(n8e&I2-~B|#|GPrmc!xRAJu~J*!+%#a
z8BxkW)n$o`Ei30oA=5e6$23!`9k7%a#tp+cP`^Fi*l6i#A*VRWlvGyIUGCh9nM|Z`
zj;Y@VOn-^~!!?2*12R@+En5j&CJQ}7Un%hD4fnU+9hwchP!^v2OF~7EX|yr&>+ln9
zV%a1KMJ4#6^TRN3eXiC#Yj|jAsaAy*c{dVX8vE>rq?uWTkYiAjkUO+G4=b3TrjbZg
zH_sn8s%O$QY!@emNHcU+V()6du7@OpW)Y``l&>b&J(%Dl3w!sKkco$ZIaz%)@5s*L
zj!koOD9<wV;#`sUrjQ~ct+2O5Z6=4QFZa(`lC%Q$8CMY~J91L++a4u#y&ugjOr#f{
z9@CF^2O6^kcSU8Xb%ZgH4gH><$h2ArH(T^#y)O44nCR$rwKX;WoW_)~msDt}B)O91
zi!4>^<B-%JADkNu+J`zL@!|(A?{hA9=rgJ{nNc;ON`&pSsW-O^gIq5QX(YPCT`vW(
zF9lvua>2H}L$N4I!G>VU`951@bZ9FOgjsj5EFL?I3A*C=S#W>zNO}^{R+nqr+B?6n
zhNosf^@ArTH~QAH#g1a)BoHm+V)#^J{2*)+F|v;LGyD~2d^aiIPs2`_Y_YhJ{EW1;
z9yXl@oASoSYdbtVyi?aNC-1?&q>YM<WP-;gC+Pj+|Fmiw64s#?qFd=(t<P`J@`vwm
z-t-q68`3`R%cRh)<Z%Pd<wuxZ{*=|0W%1fJYG(a;9Jzc;*%hLk!VW~rr65g_5g|+5
zxVqRwAz3+OSs_woh}v>TZXTLb+c=Xe3yglgaY~$wo<FSbbFf5}8eW8p3705PW(2}9
z|C#^AM}MmT5oWm=A>aC><7~42PF<d9^k%QT`XM+tnCR+w*+5}bT%!LasNw^~Dmi}A
z^oeCK%9MgVzu5FnM7%#P8=+9HjE15)UR@R~mgHEqE<0e@v@??z^`l^B6|Kw54WV_3
zJu9^RnPe<-o~o5CGxQzaOuFx#z^{<nBafq{8!lAVqs;$=h|+IeZ%hZyO9mr8*ZyVc
zT-Wd`560v1gDd`4$MJO&i64o~wfx`WSD-bi81jD=h1dJG@-58250-iQd+(%P3vsgt
zrx_vT4P`;Ddn5`9bjh?x1bdL+!v~a=Sq^3JSd+z&3pHrcCQG{EqC~`1SkF|c*e|s<
z<w}O4s=)r%Z#Nkk%d<)2iTXwSULtd*--IjWV0koSy>9~I{SpOEZ*{+Z<&yD!xuuzo
zjFO5Vd4?6-VeZF)i~Y%1qr;Z0yG#uQi~`t6AtSomF$h*b_2iee<B;NZqGI0gLPt-I
zagHF<of#%E1D|})+`K!^iVqUIiS0tvKduR94^mO5ZB@Pmxk@}s78Fru9X9;VYsuYh
z`GULo_jG%{{_8?rWWwg4wHEaTK_H(UN29xajNM$&9)$fTy;8=Fi1*b{mHBA)oY3Y+
zY;16I@8*7*u7mHh^I=j5-$dxLX}%zX)JL5{njP==G<?Gud;-?!6vppk#kiMR?iBY7
zCkEu0n@5y+6n>{KuUs+id^fd=@OqIj%@E3Cpt68?Bef@%fd58L0FjU|QBXj28P-z&
z)A{+mfBN_cpD?d4If`sweL`y_!ZNoj)iXr#_I6Vz&5f+8W9UK*!1MAQctE@E+I~PZ
z&&j^M>ixoLab;6{I470dOyZJ-?bH@><8d{&P}}n-ERI11hEeyI!$rz#9o}CpEyoki
z9+IN;pcxdrjUv<&^u9Xysa7N(3e)QGkVXQB^waqCGw#~@C3$w-TXG~Uv*8+JpJG$D
z{`Lh`bGipltvjkJmSy!xA4m^}>!7}C{lsLT&k!bZ;X!Gs`pL&b1KUfna4+qxA_Bh9
z(aC12lEXrTan9P$R(%8GNBoCP>35EvXu~|*L2-$=$v?V@v;|~QWb4AJ?EcWxySx<1
zm<z{z-(ji%L1Ho~NAmL<+MP>Wj{yN?W)rUTJ^$zXoY6!E6++j8+4qC!-V*&30RPr~
z*C_uu+2(!y(fx3KN&##qb$PmbK6|szquIjEzW0ypR2$5_3dz6S7I@9<Ao2r0cN;Nq
z@qZi$s~aFHjLOA2Yx4|Fy5h@aXe1<HD~(SF`nbHvPa%{3PDi!ZmphKBs(ATi<)4&+
z`fro#M%fnWZ5!sss<kDNe3r)HMdCaHH3NA&19^Rh-wVn7iDf<x?!vdR6hqe+g{Gs~
z%~-1aA5Uv)ezEHPJu~V?_GYsk$jHo;5fBilba!?ZD&0N_c_B$l_1oKa@z?2Oo>cfp
zLY9vQ7@g|@F!Yy4(SyydjLG?U2KpZWv;DMtG!jShhJ#bVz~WR8@ef(xJWH1blIK>^
z@wkDtj?(>|lNC=DeOQLIf~b0u*Nc2Nc$NaD{XLX1p4YZ+AEpA~izmN4xW9Rv&vsp+
zETJ+9uZ_)1r1>hyNRU|q0HwujF~+&D@XkXYW&h>kn$C>}tf=VF-cnX#iyPgsSDn?=
z-r9O!Y-*kT@>6L0Ivy(K>4J2Bl70K_)@6ZAY)Yf$#8!|Z{Rbvoyg9&I)UB<vMZF4-
zPeQQ9zAF$ld=ndu^}RDRjBEdWr_bo(7DR}-k{FzM+O}7G^iHFRc-E)L_fe_-E~2^U
zLl}x*sixKP4fsIMd&UpPFs8h)C{rhgoSoM>#SdhJiE8Wdys)=*#M}e9Z11ptc2{b0
zIIv&bV?ESQl1^F7V(akn-Hm>WtdT?136RXjCc^8s6B0U*iC$BRP_HmEGQwG1Tl+cR
z+uN%*x{87jCo3Mp3OaXecw*wj-S1Ge4g}<r>uq}$7R=+>_(cJ!ejUVzM?O;JthK?d
zVTqKdgV6yQwZ;lq@1mnmbHn186px0gQWl!zZrVl1E=9^BBzLpxnvs7eKYT+YDeh61
zwjIlDN})cda@~^8w|vDd>-c>p@S6{O7mmZK+@7mQ&rx_>a1hN(HO<LBrX_=NqSMrO
zPRBmXck>Izc9vxeFrj3Q+iP#lK7DeW@1^scDe%3&G7k<4N~yP*<H}r!MV8!(C?1ha
zsRu8n7rH?jK`mYnMI+kl?dz@aeDYz-;_q_M(TTo9kUTQ`Scr_LS-CdQ9nMN2l(KSP
z))!E&{$umyK|AbvW>?78xXo7^Z-1KESx#r`+BdKO@in_v-JNvj(=*BZ<jP3RZx_mc
z4GZlf$z6vr7qk0$7wwkLSK0Y_adB|Jjg2-DW{*nR8p=I($1k#l(?{E%w9j8qk48p*
z`R&?^I?~caXTYN0>hY_fVEqcZc3crv2tvph+{8n$wvLY4?WewL=qM^GeulNvZSDV6
zrFZJ&I^}Nh8;RMV2sP^J$n@c-X&MoG_K}~<i-&y#o)kHh$SS@z$^6yR%%ncbi6EjC
zi#=f$jTiat#yH6m>wK5+wC~fMzOuZ&bZcD-+-)(KV!b^@Nv0}|k_(w4DoSa_)Z}5H
z1XhxkO6H%hZQgIs;$s(u-7$4o$~QKoKt1t$yqx)fMJcLFoq$En2in2Od#~#wa(ptf
z)*p6|W_R&BStm60|D6T+V|rO<$x0@Y!I$^hoUi(>*;Ik|o3PyIzXDD!W&fug%R(1g
zmJ&n~tAZs?dA8s??fG@9d`lu4OPLpi0|$FqjbFag5yq!0ii_W~MR-wr$-3OpaOB_U
z_Oqc999)D?WB%Bw*eaaupH0iLu}RxMQZBeUbfqkeqsgbCnR`0!sCe9GUuutUuVi|k
zFP&CWvi+q}r_pPdPf$XZ8W(%DfaK*%r@hHCy@rN{5s*khfk|y^y(xD#XY=sd6B1sf
zad|rA<INFMInVKvEY1_{*@jSck0`7C^HTmG=BEL{MKxE=jQ_a&Y<R@vfkP*v?~j1F
zsMKViUVKDbD?}CM#N;V=CKxOj_jUgE%N-WA5Lp`*c|(_piscVeZ6`Rm_QT0YgzW4G
z4#NO|@SH|m?d@$^T-Os?)IYGL4kkmIU4<N<pB|G9d@rXmp|s0I9$?Z25+19`w)^Yj
z1yJk{al}nL_@nw_OnZAGTcd{p_e>=i&@nJbc-+|lAufGio&ATWs<Eh{%{ZnoJ0~8Z
zHsx<}dZVF*u6P#0g_bwz^J6Z@OOsabMgA3k0X)1K<=ep@n9_p*U0y}2=V}?pD3WHn
zo~RJ_-yD3uC{v!=73m9(o}c=3-QB$u(*hP%lLEGg?7O=i)3`!0o*$$xS~{#1l9>sh
zkJXfv*M`4x`vhKs1|Yn-zrTOKI{ll>vhXK{eBa8@Fc*g3_k?O)(EZQ#!6ztgfFB$$
zO0V}7dbXR(ca2*ecOIweHr;kMi(8$tVHTg^wt0OhjB`n&r9xBJ@v-&AXS@#-*5$B)
zlYKuXBiEc)r4T~8;vUD0Q?K0SH1?)Vo1@S=hI6VNuVUle^@M;=_VJ^xkRMr`n@B}v
zW$aRmyS?k-e0{+MSvHjg9WFMtj3QK4$jMn=LnUAqhC}wgO%RX@|LHi*y7t-WgvE)v
zZ^~*cAo=KMRxzjQv|CXN9bkZYoVnEKV04<bLM$D*pDl(hN>h`u3Pf_ZpB4hT3V%(e
zn{&L8Zo}5g;`gI7nTlde^T79;N9?1p&_DmbxGO8ZB1)6Ki54;G(=Ads(}xIOmaKY~
z55+@+QAF%)V01#P8a&9=HURK9(#|#q`|j@V?TPsvR&bhhtKd&&{|msj{|mqhr}bLo
zgVDXO-&L8$0mHED-G&t}I#=tJ@a6jw#JR=8CZ&wseT*r6v4WfBLIEcY;b6g7_QArT
zmvZB!!s<%P4vN^^U%tY%yczSVog~!B%WDdH8;Lv1s@reEz`*Qtl|EvO?=)@d?rx_2
z$q}+Z3IhiR*Spdc9J|==>ur0vH&y>tiXde1Em*BFIzLSYifYYA*;q8bt0Q+t^~I)(
zI#3Cvuu@Y$iG=Tm>e_dTJ^%Q(ka;(pVcB|oDZ7`#Gj_R-NOC8vblc>D!}vk^e!k+n
zny@eKSgFt7(I@sI!j_Cyxmvh{h7@VYWh!=R+FiyDc)aggU+~__qC93Ol*K;MadN)t
zwtDcefh?9*Zg$8}AA8~9{+@SSpS=RHvkoCS)pnm-b5T*zD5BTeE^?stNv1@=OOHir
z*IT^>B9pyqDx042UlYIp%S<|g;qbh#HvS#j2$#_8gr+wMBz~+m`?u7VRISYe@hw8-
zH3%I|QE-;d$NTw2LCF>HLz^B+ps_OLNjv?OYM11l0Pp*Iw*E@ZGD>sqUdXQ3ops0L
zknUH>u0r*|{nr*P2wNW3c20)>LsI3=N3x)WY@LlvxF0B;O}AAk<DH%2oGv?K!F+a$
zv#L!_rmrj6;i<0y-^l%t$!mKi3jXbH{@bW_SPwGn&cdZO$4?y;MQVeZLz3C=^R#&g
zTbjA-cGZTW2o&6(ZH0&Usp($n)bjVANTH5tKEY={<~e#ET7N}1Tx`rZE;|mgX)pF1
zPR~usK_jus!LC*dtPO+TXeUOYw^)5d_JhE#FRn(0y+h_|`u0xjssF*a@5ZwqJFAaj
zqxFP{U5m$yJEqngj}iz1$;=w4SJ&5#nSA!yu|T#9!GdD$ZP4yAX95EQ2Xz|leBXoK
zf*%=qpj#7E=6ip3@s9>n1e4%*mD)933z-x&GM_Dyp73rHk$0Z$;#LP_j{V!x;C~S$
zobj_<QdXA#Mj&-KL~s?A^Y=gCQ!NPD+WyW!CG=3pKQ36A5@6!;uy<gLJU$lr+#_{3
zii29b&)#__M!bRAD8<bhH*nKx`C*GpFywNwjQC4R^KFcL(b_?~@6g^{qEIS3+<#P3
zvms(lF)=ZyO8Vt|P%;~O3-(X<$70vyLT(j6U2@<S@4Vc9ur=*nB^OdP-7I&cp4t0s
z+?|3(WO20~tBpj`;1IwzQYNHZw0Zpk--^_PavZkY`1J`X+hN4TGp^qgI^hG%`Mi~X
z%-zU9rq*myvAd)=@uEli8GpeG7p1;xaj>1fbUG0GA~*AQ-S%b7s8?u2F^!C%>$MWU
zK|_NeGVVz4Oq9%GQI3q<p36lfei{0%UWV(kKVA72d_#WbEE7mDgr7V-ZWMiysFB4U
zPNYgeb)i?0DxLVn*==LXGm?pYR{R6Jy@wft#q;wCkL7-tcf4U`%O%wXTD~Y@lyQD+
zHt0Bsg<XCEhf1tT-*VIf>=?r#BDo)4Gf`W$<BTAcR6Os#;U8mo+-FQu9Z^0vv4Rr_
zd4wY*sXHEK>fI_nT61;6P9n;&bY<gy`B676X2;UnO*LOv;7&P5Il1|>g`!`PS{eW2
zvj49tEs4)Tbr35cQlHEi_%|ti<3A09t{)pZ0FZRMy1TolmX`d0-XTX8@Z1~qb$_0q
z+V}o~JR?qN5{V>*G0_i=Mgmr034=>F+bk~6>rn=x;*#hCgU=IaF!iMeFL}&2wa$9N
zLT_&aj+>|!j?BAM;1-5S;1qKx+at7<PEg{`y{!n&=6dRz4?fe!uduadoVKGB@je^I
z)LmVyBwQgPQA7+3l%OAb+^lrL3B~&$-^K#~t=m06FSzrsK*r5=Z?Xvu8;_uOuk6Do
zelKqO-(37TG#gCyFS!kq!^64z$GCm}NrP76NW51O^5|Y@T_$L_>+!+HqF^!>4_^)P
zrMOB<%tB6loTB3=W74=0S`TMM5dC`;A)mbD;G_VHJydg>&ypqo3etUdurajj$9?01
zl%eu7zW`^6yZwvDM_3LnF8MT0<3Cjjscg25KYomjIefxC6Lo}F=ub{zH+V{~th7xH
z34y190U5R*>AcZ@Z0C1`xT#5*lI0tQa$@_c^cV?Hqph`lm<b&EI$GMUh<@B^yK{b5
zS2Y$`^jE>utzm?ZR`M4CUvy(v^qnlT_q8N4A8Z-X#`qgFI(85xP}_sU3Q>cVIg$&8
zhwJ94=H%es@Yib@cbsJ0a5^P7^1FJ)5m)*Ar0_$V<!)5$S$Ji(##jhwhtfK-)CPDR
zkPuzVi=BV&$IBh|nw8r1;sO094usL<QICakt<et=mTr<&uTlp|_#N}P`%iR++Z@^`
zifAcw@5!;#(QVqjo&{}ND8rA6a#EIRtCF<nPJJ<}jYavTsj>K<iJJwxN`o^Jv4D;r
zJYAW-y(+OS_JlnkBU-G^e7e}4<vBe)Fc4l-<M^=H<V-%ACA3YOfR#su-LV>?JNUma
zjZWWJlJ);$8rKz=^%j?|V+aR5wLixjKJ)Pmp4p~f7Gx%+BZnj57+ep;aHIh>5`V1c
zHD-K74o_JWK3M1w03EQYSUplO?qSaj8Qm>;e($brthM-Eci3!m6KCf%p>ZO*cG+ew
z3?=2~{QQfvC4_-mBrL7j4l%p(k95a()0H~c%Brekzm2-XAT!P$LAh^$AmG%tJ5geA
z4J;^K(C)Tj^4Rq`ymwT2M>5{(e!ZFJ7c0|h^9l<_hc(Lz$rv=sw4X*K@%yS4YUJ|a
z@S24ndH$}LfCLHYsJMOl60K}~rldFb=e$^cDcpcT_PgI6?v`=64WIacGibaPL;kg{
zv2Sr)t>l!>^J)dw`uQ%3fJTPC(TCt?j#^$Pq$}|D@$U4ZJ;^)`NSCj*>n!feK9snn
zr=>;cVdaSf*C~!6iQPc->Q6N3J`y_d3KRpwP_(#lcK!X*GE?`pl<=&gP$CQ>^L310
zjF$h!U6X89sY|^xM~UlRSIFMMd|+7^%FexA38nt*hsyYWP=3sc8}~phOt_UD#G7e!
z{Myo;rE;xE;mzk;r>CWcXfBQKg$B8B_L7ng-$XLO<vE@&3cy55NrlE<Z!C#GRZELU
zFQ{s1F_zmkyt1-_5R8OH_`HdRkN~#1u<7o25s^xkV10$jKtdkOXmC&(uOUo~LMnYD
z8~#~rl~fpq>7y5_HOVjF82NOdGz)fg$UYd8kaWhkkBJVyFW-IL`MqIlyHLbWqgZxt
z9_uovx+5fR#|Bw_ENWI-%lp%wP5r6-UULy`@&9nL+XHKIH#J$Q__T<}{&-z}4~|<n
z&VWE!@t?`Br~{?;XKEcfVf5kUmy^;mGX7KmJTn-H$MA%QcMuw+2wF(?hZeWP(tv;f
zjVvMetCRr~=47>jcBRa;*;<A`_oE#lVd~5&%f+<l66JsP4<5|w6S}*HPH62v!aEj=
z>~o#J6fu$2Ayx;D<6lk$8@*E)ww5aBq8W~~E1xejPXj&!bMjSzpyW}JYS$6znAaOt
zVGNv?%A6!5r00pz80U)+%gOe(5o1LbTK+WPGX>QB=kKZ9#D9JmtJE1foIr9%LQ+2-
z`NC_rcykAk;{lXm7D9Q%F%<rO!o<X6fGjS4BzUdO{eo&|Nre7tuXhQ9RF%2casB~_
z$fqBc+gayZQb{l|lNj{`AsHSBtfDNS3ph&LOYg?grOL^a{NW2WORlS4@TKuZ7nvA}
zFIUt3PAT^)#%S|(A4R9ig5lbGkGwoT9XrELU>MYNP9#zyqK|p{%oAs3s1<5)`jLo!
z8xV3=0}7o97YX7T>1}KZHf8L>cMVoR8ubwr66Mi|*vQ%}CyJvfC@8ADFjcUfFgTH<
z`-z%ecE^u;BJrZtnUm3Ty&%nBzr6|nnar{eYHqm4(bDioA)(4>WUG{rP%&Wd@hpuv
zF5AoN<*1c03csYOztor+eal>mbd!(2NL<!J+)EaR<$OspB!-ZhW7W={I8X|yAn`RH
z>g*X(Z0zz4D1n7#eJPywmO*7tC`tG*zC%o>M1|qv(^-<51~B%j$b~&l0z}twLl$KZ
z0+4TmqN1Yifto!{#HP#tl4|A7mEL9l4~|UV#-Tm6zooHh@0Rnn#Y`=OQ}Bg|({V^=
zb<Frb;^pn;=+}a<4+fx8v?<?hz^PGoH{YV_w-5gt3yF0QLl2{bDbJcuj8)m6G=efS
zcC9#u1T1i}EByQCQykp2wb>RQ0flgMIc3o=_)NH)J3GJhX(@wp)4@LTDUb@sWX~4%
z{8{?G;N1-D+WMM98ei-uUfvMVnNtQ;35E?Pfna*2&jpQqm+iOj)-%?z@>X9Gw_;`Q
zT7(s)<19Yo(LZ6Kk}Ax2P5*0cc$+~lyGH!+==|)pq5vX!L!eB+7Eg|P)zB}cOyXKQ
z@?IV?oS|V{JX{WL-f4GY&+$j=nY5__B>j<*|H`l5fnJ;nJd9KTxg`cSh$Ntf=!Oum
z=v?a?8<*8eRrB~^p3#ViXNu4mu8(KjEhI5HK`S_$uOFw9!mw3JW}e-E%Xy8okhrU}
zz7_JBo}&a~@fpsnA*lMVrM_l8zq)!k+^JX6c@0WB9syR=h@>@=LpvM6w-VF;V-|j?
zx7ro$x5<@Nly))sn{ksye8s9i^aY0o*`LYQU0X{_`Tz)dmF4C8Mk3)1$W7VMM>znH
z2_px`Se4u1ygO`uLB1A`DJt6YO)#I4z+$z=Smu|h@>-8&(LZeZit+hxCm^w3!Y%uX
zq)l345J^(lUVP{n^@vVGN@$^F>|AB8a|r+kqSA9dzQlX;rs7X*-}G?w{BQ>JvXY1?
z*<%b%yC8$9HHS-CAH1(<kG&pFy0NzZqt@9$?vjCS8qx|ywe6;#Kj#ZOZw-y4zcD}J
z26zSLm(LnJ&<3{hOG?^-)32JyYdh<)hySrV+}h^#OEOqrz1&kl{-OejFp~Gxa7}ox
zl>QOAsDyG0|2!m2^TpM--m(Ax&?yRIWmQ_*2*TEM?E9<NLffO}n>+ucL&9FDR%q4m
z+1c5ZgGb`34rPMbz#*nyCKd6zfc!^isnq7drdqqS29RU$??9p_DU;~#ra2@Gvv+k-
zpxt&^e_i@=P-V46Y0TDq1dD43_!}=)=-eb+j$Ei7n&F-VU(uCX4s1BRe7vDKk0oE<
zrj~M{G{lrwRK!Q=_g)nAr&u_G2(;K!!f>T4UY?JN<#+<PbG9{{8D;A#(f<m_CkR2I
zp>OkJV@Ia}lKb_Nn3xf!6|zXYT!iMgJ+cdGHWCR)nDqrARJgd8c##h$uRKGN5J_SN
zS0%#c)oVjgtq$!~gvWi+5vHP3$CeQg4?=Y^Fh~1MCauOpfL&)K;%e1iku3W)mIx(+
zkn{a}{`vWzW(QjN`W=X!<KtXI5D3KY{_3#r66hrxp8&Q%P5K{fQKj4TUu<Cx#TMC0
zx)l_no~VK!@)b$Ugao;KC+J!0(YbUl?Beo#F)_I&%|0-c8oayvG#R+j+GoEq+C4Ua
zGh&ghpqFQ+RLn2*#%2I_i1q9^0RQdh{8HF|ozEARP+{!1QCYDreIgU+UwfB8Zb*(M
z<->$xowyQUFEcv)O=YL_KHnO?e7wKDjvL&RPnHku8_81KnT~F0Z@<G-={GX)c?8F$
zQ*1UeePA@P$~Xcx>{mf}SIysnEzMEowmiQC@xN7es<Qct6aF;NLLa(F*b~NFjNcO-
zXMSHr=3k{Z=z)YJuTfFDkL}9#elno&>}r^_K{03K4h7GHlsc;qs&e!XBr>Gh0}~?&
z%2s?N6eWpJ>qz<R@OJ^M?TCwu!=)MqADCYeuk0O^e9Bj6c1#l@8Wr(YWyXIwQ&)u=
zwIC%z9^<CUSY#Bo73y^5i#kqwkp@4z1Git@x!^Hu{RN-pU8Cc=#n|^`yWoj8$B>pL
z$1B$E6xM(4j9%OOo1qim1bU?3!cqYQ1r{-X4KTNBy)c!q&j`R$dNJ1F|9lMc9M59O
z@^o;e7jx!c0sQ&PW4$NDErFE(>XnwD9ofui&WwivTW}zT;YVvA!t`}*<_5(DFed$&
zp!}#Cps8IvM4Fj)vVPn#@m-T0f|#m6=I*lbRB!#zZW!1u^)IvZ#KDbCD<CIT^Q?Zn
zNTFk~(SA7ws;=y^b4m2)07@VM(_k~_G(J3Rn+z5=y!aTTMR5;8Is<LxuHbX2JGwY%
zXvGyeeZNJ#8A0TC_lQMfym6Z+rHhpug9~4DDIUh6Ln-4ipXrw4f2=0f9|K4cyse_y
z*+X?d<&{M@oSK|E17MHbj}||%Bw$JOlYB;!#vb1RmvoQEpzM=XN2*q!FY<0EU20A~
z8IZ?Z8lo5qQ^-)dblX4Oi1#&&L$+{j`$1tx?Vj&|?9p@qzm@f3c{}5H(1feqX6nmQ
zB7?Eb=lq2gr##@#pY5F*-wmhb9jm%9zv9N<zCCYpymL9LciQ|bBIdBt83Qc3cl(^&
z68+abm=RQkz<hBs0SujVXlN)O_UQKZ)V<M;%+X1*DC*x_&=Qa3LJAa!+3u)DFQbe3
z!A(C)BwjjbD<IKHTpxw~KEBVLu{#`)xkSYH;p%K0P+2J}y2KP=>%mSg`n57y!|BWj
zD6Pa?CjDJNeyJiF2&dW*t^tWg5{rcf+Y-PCr<A;O8!bPC4S$o1<TAY=Ny(KuJw2_+
z5Kcd*pwPw}voq*?pv<*$BuBcAKO4mCua(vE!n|5ah#9n0Yp~J)){@-ZcMVrkU5b_F
z&j_cSoGv*W63clTzfMxw9Wz8S7gE{i49c}?))HxCV)y~y)W7&l1W%451k!MUz$$Bo
zh8V2#BtzF=s&d3eq1L~f^Mt!aPz*FOyZt*9TF^35B*MJyes8lFw#w{bT}Y02;US%?
zNMybq=a5tSZ#uBXN8s6JnJoe9HL5)6lJoubn{t`hjg9WkPO8&bv8P#Z{@tb0t6OY%
z2rl%eQEF;x&H!n0?{Hjy7hPx_tzEx%Z8^bcWmz^l22bANdCSE@uS|Q;ixz#YkkR!u
zg=53oGF!$jMblk;4cDlgy`qVcjyfYPBXeRiR?K2CFBt5^n#R>tT~V*3v<T$AdJBmr
ztErz4FGtR|jI;}p$z@`O0+BD-K}3+ue0VK8R^_Z-MeOn76vzbRKr$~XVydM=7GO$!
zzGOsh3XY77JR3@XGxEl4Xx7xkBnif0_r~#$>(NlJao+`bcCM6MFglV-c7<b{ku3LD
zVMYut;nHpia4^0a-Jwg}+^a($3whD6;M}H@`{N;J_tEQtzQJ6ot;@rx!2~+8rC;%H
zgAsvrD>PVLAgkCjHp`FnYLY!!zSok7$n1J2{+kc+%a`=ZX&haf^Yzx5Z_lWa?`YgW
z=qT#<@89S^v4d={c83qx*0kSm5+N#oi})1p!%Zvc!Cs^`P%Plgf3@rnRlLejqg;gh
zIcm?wG5aIKf1K2*TU13Zb_Nu8JOoY6*7RdwxRQROX!UwXBcOSALQhLO<$Au>o8Ico
zQ2gmeug>+(1*F{4uYwUx-P64A?k<=X%tkiyatzMu_om9l&Q4Aoe%93~P8wSTQ2_!0
zPd&)``ZZp)ep@qmCr`8XP?G_yCS%=HHf^Lil-opIwrx=PwfxU$T{F4={rYnb%dLgc
zaU8z=IbS^GRy4I)`>|cc`HUKX=!sSVX9#4M(?~K<R`hqan0ar1JkS9w<6q&w)<6yD
zpQ&zgSP@UrXBV3a_&;&K#6&C_nt~9f55)(7aG&u4MM(093TTBl;?Ga_)zzSZuR%)z
z60+~pw>hb>AC@CzYoFhW7)z-2{0?H;pE2j}cjzXtj9ay_=j`WrL(v`<kCa<p%RM8N
z_<x{tKxBHl9o%FAAbaOqQ!HOnSO-F0>!fY3cHx_Y<Nxnp!!)w%4~_3{rowNSs$xgk
z+Bke_#($fiWIp*_W8crva3#ob{SRasv`(s0Xx!5$1Q;`YORb*Hz8!v#F@HCmiomP@
zWG=k}wB4%eY5>7pD#p!oYD}K}{;=xG;zV7Tr{}L3{pBoedf|2xNX(MBRNgqgadx#(
zD7Tg2qgIBy&TIR5sM!^tJqvBLVKWzK!Y2Y=Nl^0bb!qi?ChqPtU{YrbK?q5e+R67b
zRq<(Yx2&4+aRCw(%Hm1#bbVlMOg~2y9@2^u0K}Kp%F4>~+w*O5pb8~<VZO%>;Rcu+
zdCu_mY;(J<wKXM`^%EER$|qIqiTmq5%iA+nUu^8N@Z!Vyn$ru*W(<;qRjTgd{nf9;
zCdi<NTBgX953lSXp<+;yyp~VuG+ULV7ZUnV^YL|7UmEE*2e)@+swem0;#dttr$m}`
zm1~u=B4VRA1GNvk?>9Ed<F>IVKl52&-)mM$pH^X(D`yG116)fO^O9#T8+3hm2{h1Y
zC3(v<tMyI9#XJ8R_&;7IK?4EF^16IBhM%kT;UNTvaj37#acCU)-D8Ty9s(5Ufik~_
zXVH$+e4G$NMj#z2KkJ2|Eg0~KFx)qxI5hO*r5FXU^R4)-i|?tNBX=T@N5Bk8YNa;a
zu}|Tp>-`lm0dr3lD_Qs7D3l1byp^4l*F(oMu?)w49fZv4jCQNPLxq%cMB65MdZa-R
zQj!g-V)vVY?R+^8y0aA;S`>0XZi{>RY&lUCDQ~X&mkvC%m&V4%e`e=u*7|Y2Pghks
z4uimSlZYatcrdy~XQ0rS8`{uC(2ukWYxL-^77LB+=OQAOOHH*^QbVrFkJpruj*bsE
z3-;PGX@pFYpiOyP-Z&N;XvU|dmEgt!ZVJ6XIO`dD_niB)L3Vo)&oh&*<BsPiaR9_Y
znFc^JgzN<3z8s2(fbiP-Uw*G?x?-`sqHL$-tyA&!@n|iT<5n>hvql4}bJn-C1|ztX
z9G`?EKiyZX!f;cmUEia|N5uVH>5&Bme&>W2ty}zGINYck;BdCh{mr+*yta&bO-^C^
z@<}W*x?jV-Do6F)+z7vi%a>K$IQbLJO3V=e-uVl|&!2Iv?d>~y2M4WVjbL{I=#g(j
zp=nH{rsie}u!GLuy?Ik>5dZ+^1EiAl2vA081gAjt7DwZc-d<c5<Fu8*=rUv>UgayQ
zqC#DM`vmB-Xped;e-tp#Ot`FgEPsEK3jdKUnEdb*c%~$a420%%ZBlZau89DcmvwfJ
zOZ6$Hf8*jpm3_YS^yuaUz%Ms-3tL;q*epiuL6n^e-bGg-AtABXH8c<|?;%T4&_Lg?
z5%4H{t}b>b-hyRVFD9;Q!<xA@WONlr9n$WRcYFdbVhIR+=4e)dQlnk}=B_`%vKNAw
zZ8&Aa?@QsQYB>k^2UmE2eM;bXs>@Vs=|6nSB55!|F?%T(vB|((lyKP4pm;os10^v(
z%!a*loJaeRq-bcYE@m6B|92LE*Xja#?Sr_KB}R&^giTF|w4Bs|;LSs~5&QBXMP_>X
z+iIQ0kyRj^SKW%p5rjMdyE`bCCObRZ8|?0%m8yA?jxYe1n(J<lc(gR_0<@|En12Vz
zDtOu3?^%$TcwC5bYr*l}ufC-qHMtQ)G|Nfa6TX6^{QvR$Iq{`YV-|TTCZ+Nc!ljej
z)^NEdiRgBAELIMWRY*;wT-d%kGXXoL7`<qe%nv8y7q}klh|b>ETVPMg`G5Rw-|=`g
z4_p-@*W)D-XC0X!sttLtR^iEC0#mjCSamJz?Kf)_;x6j=EDS1U|I#?6TiJ4L<KVw&
zX>qtddTkxgzx{-<eNP~-<&R*+8ZNMeojGVO&_@f7bORFx;pK6;vK_^;HJ{NzYS7aA
zN)<%3AxLEmcIBGRf2Me*>Orn;k(`XnXQ_=v6ErK&FzcY>MWe`QjPU77n*Ut$hZhOh
zM17*(-YK)Q*k{rilAnG#tTqDJx8SfdMtvF`O|=2{pG$tj$@xB8#CzIvzRt2G`s-I*
z7&Z!_Kfgw@np_@!fzp4mGof9twFka(6N<)Eu}Z9FLZ&E+$djs2%jKj)5-*7`GLu&i
z$12Ezp|3bN+Y=H~@Q(9-jQVArRna}w<<49%l84;_qWC%{IW$OVdv}Gf^0TF7di!ly
z=;_0%)OX+8qCfY5avn6)cH5m8zOY|}k<EtBCW&maz+QzjFxa}->vfco0q+A!j~}m>
z4M3iLV9mhqcC!g+2=LV2z`4b~Fgcj5X*^zRGS)1TPo@gsGcuZeyk#gaR-_hWj?Jpa
z`KdACb~x*D$E{a~&V}v;=lc|F&)YdS<gPRPo&t8vD3g2ladY9~8Ur2Uw%yx(%iC)l
z%50EI8Q3XA)~0XIVZOOJ!sbe3^8P2wlgYc8YSdl2oR8qh$tf)(ZQ&E$=Y9kz*8~QI
zdYL*9X5;2Wyc|GEsfoYkV<P=SjhAb&vHC{P%eb3aE!`AWquZ0!5Rud~bZ6)DexSux
zK|l?rZbM{1mTbTSO?fB2sK|6}s$8@2>q{Q14q%nOSlM`b{JKAm0JJ422s9T-KqP6f
zEq9Dt4K=iAfb}|<UZ(0EROzx}Ko^6#?jB!G9WddxfMj@5P`KQlt3)GQ-@cdh5oS|J
z;i$GZ2(nwIXA{g&2*>(R@8?@lqO5fJY+gX=55H2MQjCw2m#3A&5+11Cb(t6dlY&JW
zwtg@t-7eJr=^#;snBSWh@Xb7vP}KAojR~BJo&Nrf5c(2?n;VXDZ+GRRrL5Ndf5l3f
zXt9)H`gh$}VkWv|G{}<K>Ksq>*de+j;DDo<zCLqD5GFN%2@&-lVI?Ic+Zv%`Lo;s*
zedwE=P2-Fr1Q@sDMshtv?+HXfI$|ZIw=yYxlL9!1e^PoK1(lC-SC=j2!Zz61q5r7&
zwLf+7TW|IeU~oSM&D+q>u(P*2JTf-A=(x^uSM*@UY8*aYcVvG%LxuQlNQi2)8Xe5%
z<@R1M<8Xk8z7m*22?HWI+CWOCWngFrVKN0rW?a1YW$FVmKk!jdehKk&TyE!h;*=Jd
ze&UUciZKJ#<Er4@DLpNGz~|mCZFAt|?SZhY$Hq=3T2QWLzJC_g1}>NYifMD*pKb;y
zpAQ1k5!OX&Ok!&rA;)vIU(-Y~UtaF*3Q0@E$|t`b)HOGMVAt*RJ2TPmP!y4+VZ$N(
zmhz?j*%pP@AW#C+r}yF&YDzX-YNpz7IK654$0F!77Lcay;reM3V)O#*&|KzwL%(0{
z8GUN7X|4ye)oE$zbd)0UEU&ne)RLJU!GR}WqyR`>^vmVi9iouF*yj~7>$j3GsFbq&
z!4w%_Ds))4EGA}G64mJ>?ri!d_kab5$Ss(GeK!RHnYBW02iTzwL8>s&4d;};IhdOB
zeAu{b=K>CsHn6ZL-K^~tFTUKD>5~ZF;k8Ly8nr^Z(<qU{oA&T>>iLJ$SEMj;7}w^-
zLLUCJ1IF!erSIk3c{`5dk1Jf8rs6g<%^DTaywM~kpR3E6x$|PrwD)<ElQxTKGEYy!
zC+F+8-QgEE_x6?hO2fmEF<&P=*ujmpq_VGX9(?nu1hw)(@H0G!&5wBqv)AG-(}8^M
zM~B{SnkF8HN5a>P`pp+e9aX%b&;V<>%d`G!y*COR+U>kOatIZYMz8qr;i)xoWq!a@
z6MYA`Z3D<inoj_fl$dg*%a^JDbniw4K~$x&HXmLJog1n{?`tyvNdeDU@<AYPkZP%1
zskYqnpzmcdTqm&Dgt2C~Ru)wp9^QRpiu&B#OqjN@{??GnTvsph-#EwT-&@1z2F>`O
zP1<FPL<Pp<7?_P+4)zSOYD9-O^HEa|9MdEYT27bYCAuFK4ycIvs-M9+tPhch@BIb_
zIR`IK(fQ6l&>Z#)^flMLvqYl)!}bAlQHR<(em5t1ZL*^9d4~TX+EKO(4Tm9(jg2|=
z^{&ei5y<DALhew*2k5Ei`<;OZ#krbetd?;`Ae#4y%Z`i>sK1SW)<u1qULx|rFMK?a
zTODd^P@}`Z(sd%twtD(ZL1Sz@e|4<V5(p=@mh<Wu#rx@-X?NHuuP_<AxjFFGUPDGq
z)RaQi^2E#3)fzpW!LVF?d$C%Xw4Gt@ss2Wbu{?p*bm9HYsrs}US`xu3yTQ+e5zOa_
zlEmsMph$ud6ANMbD^3vPbNo~np+Lc8N=~Pcf(`+G&=q^fgPQX`y9D+b&*|=4Y^SE<
z_IoyNMn((ED8koOFyDcx@Ga%F@m&C{Fc#{#yN4v3p?(GN1h0+ZQ<Ywlr)EWka$bmQ
zYTg}Jn)lvgFuICpkb!%rhx_nAIN+xCLT)C3CFX$&qHD&+a~wu5?7NHD4-60y9DAj_
z+v+5#m5gjA+kL~TGu11ql+M}oh=CL*!$1je5D>XJO5Be(HVPbSK0_mvKj;*GiroG>
zI*hh$v;*uBq~)&;=FU9;BVdM7!!8g!ljx_>)zibW1(mQMJ^d4UCj__+W0j;7LhkfA
z3xuc*D%Mlr3si6qHHLxH5@CtLdDEy4&Dl@4eENZx;6tGVcHxB`P}}E!G1k-T<^Fmy
zlE0&FLm9n^0RieWt=9+tn)TDuA^>@vw3}w_p3$JCw-O051+oMoox-cZ-!bL~3m4s5
zV3Mc&=^+uM8t{n7F*;`s=Q-#8owlK<eQd+P>NEO_&--w$;$*7;Y)^wML079eF!?ZI
zvY!cn`Zly8oW%j-NYwl8q70&G;Jb;1O+-5QXRbCKoIjhVZHA1DFxq&yP`i6!Dfs*(
z6!ubd5;08bSmcCWDSR6odZ9mP*!}<FxN?|oGJl6(`1t&Cd*J6vM<*2$`cq{Pn-~Ay
ziGfK89~I$Jr@_bm963}n?-Dr$+*+$=`mJPkXC|Lx#v2C6C8_y{!}Xad4C`Q$(au`$
zMV4sR@7^z_clB@9_iBuRIJh?NSeBOzeI>`s%j+XqLe^F@Rj-RHP=la^y*~;%(&0Xk
zK(_$$fcQu&?nh+6*k7FtguBC3>VNAM^D?x1u9h1Fy@R8Y#mdwp9W!}3%^=NWyI+!Y
zz?>z;&0TSGO5Mc2`T30bWj_TVq}-a`I8^p-GAE-ZtEHFy_A&jOKMmhgD2wyEHZA}Z
zrFh-oe71)v7BKy@?0!7bLoNiONfU}4W@gf1p*5>H{<FfaR%e)s(549tea``qM(Q!q
zkibs(&v;d7ARLk?Dwts^2gy*F&V_#20|uqf|7L5XTc;<qY^Z0zDKbU}YrU*uE)mQ*
z{@J_R={nkHfaNN>xfOq|)D|E%I>G}mSHZ?+w!=!}tbT@F-vP3a30lf&VzkoPC83Dd
znBN#xbajD`=5u`d^c-ra<US7T8|QOH2CA91HqVv)L30D&<Rg7hZ;3lR-{?I(;2D3I
zP;ApT({pn-FHR-^{|lCbgF|(8c9yIe+8CjFsQG`F5J4+kYfxM)hzBr^=7=4en44=_
z14fmFi-#A@=H=zo*N2q3J8>%*^&vj=VL$O~GriHd1Pu6&)9QD46*=lrzj@<F&Kb0o
zCA7~k`51+aVfy@CLs!%ZK3V>4{oQ5aah98-M49?$9>3P<tS@y5xN$=jqYg-g4n{!V
zkttF${gqgx&IoRufbMT{!M|9s;ud>gw-M6Gn=oGuf&5_5`8R<@b<$QXAXk<g9UTcl
z9f!=W4+s*BolrG*18)6Kbc^rxkzNZ_+T-lZ{J}x^bczHp=s&>{amKVgZp+^p#(l&m
z*UM$?jsTq19WJDT2rvTIZ3KW6y%9LNf<F9BWx)q}l5yCSqfL+ZWgk04LBL}0!rF`u
z_Pxm%!r<a~LRu-~iz@x$6P}S@&1YPU5pHluRuH8DWg<)pla&8aeFdBfGdnt--+@XK
z6o&)VBSekB0ICOwy$%C0*5wU&4=~>rJ8~TLTGsp}$T|qs?rT&iw~m*x9)7L&$3F<$
zq*2g}SA+K3>N7K~O`rI_f0EmCBnEVeR^RimXV=4wq8UZ2uFUt|5Zb>z(v^C>qW0tP
z0RT~2`#u5Gh*_nlQ1*p@=g7~b1eyvIu)_aODv$_CeDiNI<^BEr!f*!9zIIG|6BV$Y
zp*%V#oyU5bhmta<*K{z&7Z&^MfTY&O2Kc?~x7|ThFlC6J2ru$dPHV=Au5zZUhG#KI
zZ|dwI8)A6C1*u_tALR8~+hmug)&-s=m^==Z$6Bq`#j+}kKc1|l8SwX?Ru>i^KXc=F
zvO;$MtX8Dv_-Be>fkNb$_a-U~_}EP(c!AEBmzNM-U`^bRc^ZQzlNI#H7elr2;eTT}
zL2K*%0;eY3GLTbS+vyLngCPH^GJ*-A!grV=<uxg66Y;OoktrGlOG^D!;-Kfsw#*5n
z#pis#`jhB%(j2^Wk(ylM*c*>WuVr5uT^DWuyW&fyudb)o`zk<I9{48TCo2`Yd2N5<
z8=HlS`hIylSv}DH5zynoG+O#UGtlW=Zy(ff;Hed$GT3ceTic^2JA3tJN=k|m%;*ca
z^!Y}1A<YW$_?v9U*`QpcrxF$C%URB>j%sKVu$bj&>IX#%gr-iH+DMypM;gh6%x-xS
zpGdt8UgQt;ysz|H_Q&cZz{2{7PC0_Yz`(1N(Uad59Ept4+v?$nIFgZEWE7g72OdGa
zIaaOr<*OAvozGC|6L??8O+e!OsGy*58YPV#!iuK{5LHe&6j6cn%tvh<okl^Ala)sK
zBDJlbej=hJ%AB9CY?!A?^Nz6*0&^D{9rfD30Y%X0Q!zS*cH^|QFmq^7#1D?_#TFUJ
zaeKimLypNU4_BgAfOdXD7pCkKdq*MQAtCTc=R1EeC?LP$eMZ4Zz*9p5P->Y6In8K6
z(gd0=%boY0s`zx?1+X~O9*^je!UkDXpd04}%(na9I}#D4PHk;%#lytfEkj494i@TA
zlGVz<)XocLAlo;Lq;;)z1vmLCeK+7`(N-UQFDFD5YrhQG##pODDwbFD!6KLi*}TXU
z6@gf%6S0r<C$s!N?S1z@)$#lHTV!O96cHV=qsS<ZEt`y_kc^0w>^(A%BFPFF8QCjj
z&&Vbs**iJ*3R(Ac`h36N`+nSi!TrPSr{X-$dA+aKHJ{h>x=waq(KJy@R)|XWTtFnP
zgZr+AhGb}1*sNvG`^qgCuMw9AXuYWw*OR#ITMA{z_Qq_hD&*Ner{~%u$!Te6%z;m2
zKiv6>y2L{3qxNO5U@kh=x(5$z5+%`h)bZCFpZc<WX{vCXBi3A-Y=yh2TbnrYcjlK?
zkw#SR7QD|^{>5m_mQ6T^E@O)u#>2}ptQJYrD=<&4MfXutdrp*c=ezG7Px;(Ze?UO^
z$>}Q@zzE89deCF_06xR`BMS?Tx@;<fO9r?Ae<lUSZJ6!t>?%b}n=upDu3h`+QfOr6
z7k&1J&ru8Ic=eLF#0Nx4P3hriD8u60@E0YPTk}L@-y~LM{5n59;u?6c)-_Q}7B3!q
zKkS0#{*Lb2+h7ZpiUT}r=!0VgKlNY9wXSs!y;r{KZ`RM~uiXx1KlqRYCQV#}$mZ$O
z6By5}OkT0&B9?u@0b3_z@dh(gV>6-1{QTr+(KNYl#k=#sZfjZoAV=b{uRS?UvTvyL
z{3^*>758PY^@53%Mxx6sU~t8wJ^Xhz@%rn(8(4O+9^xN+>G4DZAl<*mW?^kEQmizB
z*VnQxt)7H-ZD=|^vNI^-x$*1o&e9}qM3@%3Xv8;U0Gzt*iyI+1+_Q@XM#xi95s}wK
z>*5|Uc8TH+*akeHFwfDdkPF{xk=zfUneXVU(qxIR6}R7cnyGQmd*#aok>}4&yz_S_
zgMw#^AF0L|-_6j~J{YyVc14@LvseA?uuOn5%U{}=nF{;u-$eDsdN569=koj^Zqm9|
zV4i`4gQK`J=E|r$pdsV%pP9C3IF~G(ixs|)Y$`bXBKp35u3r8DV#~%>oP0e5dPg)2
z7Yjh4C3x7y&Ih+gGC<PU%Oa`f)C*A%#wNe?$_3AO%n$^=I-BNAPjs}OEZH5Qo`77v
zE|^+YCJeNlhI)_P%|wVXsz&vZoF!wAA);!xb@9RY;4b66F}!<17G$FqT}tJVk+fj3
zt%r49H%h&|Hj}$?DIp7PP{`-x_{EKjzO2Nj<8ix8kcO@<HMiqKw^m%+MCAH)HG+z%
z#dc#5;&7*GZy$+U`{?@fV}nltH)=f`R+>o`M-oIChaN~dy~KRG9q;(t7jnXnlduKa
zZr$jL{3RWoAmG8k);FC@H;0$e{OUv3%+7y$Obtx+wxXgr3WK=l>qK*A<{wFa!243<
z-NTnw)1^~*dG-q{sSm}y*W5T3-H+n`u;|=^{?7^Dq1&3R4Fob=`Z%X6%kwYV<LK28
z8obHYIj%<qrYV-VV|8&9O&A+}b-B64&T&Z(#w4a|JzO@4o}20DblfQ{*tlV7WE9bE
ze(&P;g3BhmCjKcd!%{A`m6iSF+`|6+eaQOejH1)!xk_|Z9({b-B=k0p`ArxtCr2ws
zWaqxy&!TYm-cW+^s+KWHuji9B4ACm5rN4hvKLQlbVhBp4DJBnyT>oj2$le4v?By=R
zGzrhWb$miX!ZQfaq|XnP@gAQOfH|j2v0B{GIJoK_z*P^s837ehud}px){`<^BK$);
zK+>xtQ8hNJujo<+k6zc|LAGv1y}0|}R<cjl_Wr{Cq0bktB5`U#g|T;IUYl^AeHos_
zb6mH75%8liA5o(kwP>EhN(*vzpX2?s37yD*lX90eJK@Q2mImVmM-}_Hu`fUK!itm2
z_BUEYEb3-DyMCw-ger7j9<|jm|Kk+$#y)&3*gm`2u!>7LO0_)$wRkJ@cE7@I=l<a_
zm!)Stf1+d0;->p?nb*yQEpPN;TI_Cq9$BlX?bmp#?{6;WV;O*I$~6W;c@3P$daS23
zDs|`~-lf!7dwcsTMh1q;0zd%bkoDikUVI6X%svJ813&d^JGG{{o7P9t{sDsYn3WDA
z4M|X3+%%=Ft*6-IZ>06-?6$cGWNy1|xvA-&?}zF8iB^`h$s&`&Lz{D6UfT?U1pC9o
z70K@nXRl$+Nq#(8#iI_9fAiSdG_*{3c^AI%mBnlO)@-ekwGE%1+I!4HN=jlsBtnUu
zjQQsEn`pFG_uj_r+R(nQyu5J3DOvf#0XTo^-rin5Jw1J+X|X;B@u@>J`daS*T}W{;
z_O+rlN3GX|*rUTFkB`H73``PelkHA{Z&u@f11EF&1X?p9Ir~)Zo;wPn$lrjTAM3**
zevCXSw7e|8&t*dBDuU2)Jx`G}5@>XH-Cgy$Vq!B0t1x<#TC%uxu!qDGoBi5M!$o*Y
zHa2g(>T@h%`ZZ^&;RXI^IP?`hX%MlYw5dpmsRuC$38R5PZwUjmp&QRPbU^pe#41EC
zL8N`?ug>=^E;hO2Nux<0mi*B&e|ep)GS!@C@6oR~Z`{~x{aJkGX_ZEmGx?&+>Qp2(
z+qX2$WJa&dt?IQ?$jc;&><uxeYxtX`zDzLF!pq0^d}*dd)ZJM9vQc%=BU%pD?J1f4
zyjE~9PB*SxdAb4}1eP3j0_r~AB3~-4FoyHz=QuezZ5hR#Z7P)5X@Icl2}_Fnlq287
zyvtg3O(%3md&r(dYCha=Whol1y^!zd^klns9oxO&e|F6Ccsq7afKx5Y?JM?_cAhjI
zwfQH}3H;6N-_xY6uVvn}PyE)1i08V(9~7R;3$f?2F~#l=1Kat7zki=??Cg;1VyEQg
z&w$3E0^Qu*gZALpR)aZ%w1`qzc(8xvjn^v^`RiV!14T~QK77D3&#xEywELL&xSxFO
zG@qyr7VqoZgQX9pYa@3)Y|IE4e>Gsfnc_iiDTPRvJ6Jvzwk`Ncru67he(b~O*cj7<
zMCQZKwy{!6sfCnBnv&Ur2iB-dJZCz)x}LADn}Co&Hf*aCwbg(SO%JPFc!$ZN*O$g*
z=><`;Bqhege17)(+lM~sL1pnIXwCEuWV^nL`3NH7kR_L--MBm0sG7`Ov0rml^xPr|
z$!}4cpHEbKO8VEvUdZd{d|-GZde84{kpt&U)0g=ZU`2>^4c9QlcgGK6y$ZFp^)Yg}
zdW}zenC2|+?vNQ7jT^#5O*!O*Nd;SYAs8$IN>m$R*7`betnA59576Jv;Ww=0-Zil_
z^<xzfa8gWj&q}Rf0yY0uWhCwi&gYERuCp#3flSs$*ka4+)9d$22n(c+F{y{1ffmve
z<|KM5YGg=?SNXGdwN|toH^sOf?GNU^Iye2;f<wR&6`^!q%G*<4MWy3wqd(EY0M6W;
z0`4Z!^j#1V6ztghm0)Xl>ot>=Crq?SX0){YEVf}l$;qyNhi_&XEl#Uqd&^U6>O6B_
ziTKRc=GDz$7COm&?&JQ;rLId?_OtZ_*oaS|j*jfQy2&-|kB`xYcZ68S54IbtkN%pJ
zMxVW2R%*TT`Yty=S3^YE6T9|F<KsM|YUglhW=s6tT|1fKT>zO-(^H{xXlX(SAYr^w
z1KC$D^hT?#?%j*~v4bJ*5*BO<r=ZyLT-J9|WWPi8pq7~T@V6GG*_3Sm*M&f1FL6Pd
zzsa7P9j0$0-VxiLJI6j*u`#xFvOhx_nsB4!t66RPwVKHv>#kEH7_`sDgV-x_Cf<^W
zG#`B@j2-tp1JtmlpYSp&$Bd6vUN;k#bR^lBm=wE%?)(D0+q>|p6w3u>CMpIRKP#WZ
z7kW=evcyr@?fy}8?8f!4DT&Bs4bbSox&tmWb7frIc`=JFQlAIf`o#6ng93GIOS(b)
z!6=sh>T&&v++?q$&f}W9;{muA$WTRj=M0vBT&GsBFLN6kH!X2JOvkyl2rm%A71x%#
zAROjZ@Z&c#)6&?gfm3}v>2or!h>Flf8d_3V5C4q2RM`K?tD22?TWjO*+T53h&`o+$
zAeEH41%<x{(pr6v_;{{Tb#`~#{TMZPAbI_|@HOiWIx$yw9z#jrSb@fuXULkhb##~<
z9CY>)%bd{H>0W>QxVd?W{?#L>vSdg|NDTBPF<F;p$cU-A!x9t6^C5p>KiWz@DXs9>
zeO6wxY$G;0GSdmoVmc3x=wnjB?4b3xm-Xi}GAfqW!pld>3-4TN%axqYHrrj@wA_u1
zoQ5<x{mD?$flc8He3Q+k!d@>ut&>UuUU4>jARlAuJsA+XDv9FHNpo`zPj;-wh{>a+
zzJLGj;R-1zrI*(cDuaj>rA-4mqn$&+d^5_Z-rH*zzSvj_S`P=mJ33UtzNINryX*^E
z@EN_V!zapt+md#Ce)T2knX3Z>rFtH`NfJ8JDz9Enm75VY)zr?Hhv7GXznQAO;jrG0
zp|*{>Lq!0Qs#u>4BK|jjqUm}wq7D@m1c3l~>@tug$~fy(KyZ5cO^J{SDQWK4fp1yw
z1s|!r$<2L|u1&;&(#FG`Ed=tVTLuOOt>FwpzYd5fFFJO0wE50%FYXPcE5F-=$fe!H
zOp@;I$6B*amxsam;U~rWOvomS)U74w6{>U8FVZfEw5`=3NO2G$E-)MG={^3Krn9uH
ziLO=K^0pT=^f{#N4<Oj@9l<U(dLDb$d@o<S5Wa<iuq;+#Kku-Maa<YMsY^~yhAIcG
z5+%q*9r4nRl9)PMtrzh4nc3NL4VX78Rbqcj;)h6SYIX?;E125+Q>S!J4wNuIg%=^Y
z-?L1OGIvF9XOYd4l46&>)P)Yk-f*d)@noMF1B20<+$_lLd+1ym@9nG_Pq0c)t7jBM
zl$6_yS5q{;?rTOIA3wh?934wZP9D|))aNA3t5>6qn=<lYB$m<`rFp<0XiUt^Xb*t@
zpx)Eo-q)?9-og?Sv*$c={oUbqWYezP?V~@ATl;VB+erFghx_r6E2E{2q9qn4Q}3>w
z8Gm_vb1@`DtQ4NNx9azjS*kyNmCv3@V%S#RSeF`;ejU?Bgim1s7Q(@G;DqaFY8I+-
z`_oWoQ=i0eqRIfLYtvL#9=>kXpH6*zeC!W>kT#c55&7Uilh2W~6F-LTy2$5bST0H5
zv%8jh3cpWHk!a25uT}o!z9S_@iSO&1joFPIO(~hoJGr9IU$uxJ$oXMqc^O@`zvYlp
z5G;>{yul}$J5XVdk3TQ$#B)pkK2JWKv6wSi@KAw*o0ZkzI~wJ{{QQ*=sIFSL9zo{j
z?t3}_Ghhu<@tK;*l3r#VQQR?_NfK6Zj4YHy4i4|SlfvvGIqSFi39ZkA9)3u7XWP-H
zrS*Jd@`9S4{!G0hN8|^mYUg*W%Z9me;AI}%)X~;640RF_QPNb4lJe+nKz?m4)b}ah
zFWlT~#CPR42x|WQc)tV^>j`o)GKrrb<cNCQskG9*)(?j$t=tMd9}x{f^Uo`RIt-!j
z<|jedf_wfgI+-&cbaNnTrday)Q5HV%K8>8NtQ7n8i!fRE37xm4s*#b>b>SzqWZ3uN
zl(Lk}?$f>eOj7&;EZqj51LA7YFti+{ElD8L;AU*h2XsnsPQt>S%uGxaii(PBkM>zp
zKjP$o4TBXV$z#Q4tp)#LrS#!oZjq44t)lYssx&Qfv<IcqeNT!0nc0&ip#@J*oW~8E
z7|nTVFlTO&TBEix*-Pr+FkS9d?a46Y)6v~UfE@OI`|$i{Jxj9J!PCT5UN@|k`^_KS
z@9-dU=tjljBNIL+M^WkN?6GcJzsB?a1#NCzfVvCOqW^n;zabeJ*|Ss9R(97ui{CVD
z31w(&@6dLU&~ErX96n9UIfKUcU+|`{cydnV)vG6m1$tFgROW&bIW3_-?Oa^w&e5eT
z5wX;)FC3ARo6KTgTJheU$^Wx**860MSdgK|-L27TMm~L_0x!k-huOwV%Y%rBh>Nh%
zp&)BZ2BN_=+(}&6X-H({<S50(#n*=V`+4wvpG;5htyHf)pXk*b-}vn$kBXwBpHaC@
zHR8C8v9;)Kdf%N;Jk@|#I`|#`wo~VBXN-KU60eaFBK@n@<BUSYL|xb`PK}hO3q81O
zhg9nOia+Hy%k_tW69zhQyQ?PM+l%W)<rL9p@1SR)&8=4Bv0JbO9V&YRoFxr9-~y-Z
zJp%*IjE^4+R-v0Oh|v97Fq=Kx*N0Ny^=(4#s_QmtP_+mQNDEX^#@L74Zb#-+qWiXQ
zbR;cg2?%m7oY~`9`;XjG>rr~-O?1r1+f1NHtZnA!pP1o?eEcXo=|u}2l1wzZxWDPt
z?z8bz$YU$3=zRTR(-T;ILh<|e?>1ffAWT-02?R`cb<iT`#s15hL`1<~XhPCYA^e1=
zO$s8YQ+t!{xJbB%WQrzJGK#KNE{wbH_+=+D`{qQZXq#F)k1T&b^)|I3Fk0)y3#E_{
znW5cDMIX5@j6Q4XXeH$rodemR;~ez^MaK2s<$%YQyMGO3Q05_(mDklQhD_Z5DlElH
z0P?8)3b-6P#GVD+#A9GkA#gun25a^}`G`P9T1JBcS5Hk#9d9%x^qyRE<{NQZJcU%)
zV|BwO4z|&D)6=d|Nyj6-Qflfg5j#tG$YfW1MwI&eiL&0kkQB5>5%yp$!h3-Nkv1@>
zHV3Tx04S?9rDbI|mSp4!Ku4^lZ#w?I?F_~HxQK`dr||XbJa|)G5o};OU%M@zMR4r6
zSLI>vh$j1N4&Ft4mp*(DcDID8ZvWQy&<b;9^83)R5{nP4qUUM}$)wkS!bE>aZqCkO
zIyl!ZR_w%U{wXJEV=*)Nt8zyFpbn5K?zkhURKfr-SjP9zm{Cx?b*o@$AX|q6F@I$K
zaIw_t=j?LmC+vj`<=P4B$%|gWWNwSS<T<2mk*(oR96v=XvCFQ>_#;THMv}ai_c5td
zER6nzl~~RyYf#{l7VkgH_tOh2J6@jITN@);;MQ4Zy?h$^22`|}?gY^_$Wu0=xfThX
zP^m$oxI?6aGo#0G5ppXl-7x<Z;3z4(M1|zuo;n~<x<Tl5B;3r%C~&ktTI<mnYclA_
z()Rsc<fj=^SFxKNYyGa+)$W9!=1*QVVe!v&{pwKwJt$N^WK@0?-m0Ri3VxmBgZmFN
zC=sv0lz~g!b*s0gtxnX`!k54p22v`ktAl}~X4^kF*nQe}JBsdb<7ju?-XW63LnUV?
zwR=Ip^s1+rZ@ewvnvglB=5}*nu-Q%&H}RkKhB$npqV67wCz+axCJ!zm53{nZ!UP9y
zDY)IxsHpxj*rDRh_Z)h_FJY3WYzsuJXuJiF%@K}!?3&}FgN2OrbQ>nLyJG;9fjqpt
zcCJf$htEv#tY|2iwadUAZ5~KIm|qmki|_Hp707XtM#m?V+S<=Ow=9^(E2u&FHfuS-
zJ#CD?zfq=i?Cvr<Gj-h#<@aYbkd>G!M80Vu*~eQLjUFFtYvYo`c>rNS+(SQRf+@RF
z-1rVGAEQU4JMs<QNtv8_eX^hF8A8T=SAA^<@h$h*@pFDf53oUKe`+eD*FsvaR4WXV
z81D&1C<PQgwYloHF>{yyBqt1_=V6%@?T`BgY~pE9klPG@YWV)$;Q$6bH3k+R%FBl_
zK`kZB!*(mQ?X6126RCscl3e8W13kiU;U`6Vtt=Zwgb9htPV%PLs&-e&WjN%l4GqKU
zcOh7t<dq4R8kD~I7Yl`k3R~M)ytB66w+|J50q+~IJSmX8gWKVU%FtdMfmtMpe_?>}
z#>HMpTlxY0*K~DrGfEJ$>}h`cmS$z|_v4=l@1_na9X2#+X#rKSM*sbz&=k#!^B;wH
z_|}K$FQBo3Atd$}B?CUc)(DI7<j%>fIL|pYPW@|^EqT}q_TU_^j#ux7pTCC6?IB`E
zS);`8W#z+S;^N|9gt9>7>eY(V$YlkEpLLGhdR^~cyyrVU&LSHWA`m|I443pm20U5X
zO5)3HLipEeGov=`IBzm`a;P=jv$fsN3;yt7y2WF6HQ#cd6$Qhpa93H%>@)#EL4U>m
z?+`+@x>mUAs{SCn&I?cX>8hUj3FcE2{n<vy#4CnJP-}f`h%{{Cum?1{Zn(3PSE+jg
zgJC?4b2&7yb0!jsiMu}QjYRFp?RUxH<S-YoGFIuT?PW_ah$n;4y~DE_FJK;V#0Jdx
zosv*fS1@_T|2oe&d^A>o_uAa67UMcHMID_0mK&(#o%65+WPe~_AS@YRHM3|U6v{fi
zf+zqJPsYs5JPf=X^xZuDzM;XvorIS!&$L5ELdC*No}ln*eX+;{`}!yQ&fdD*oTMkl
z*Qol<^Z7Gp92`Deibxr1c)`O^Uy*_+!o|b-toh!N&rc72j*gC|0ch*SLn0$T5b&H3
zK8FcnM+FdvE1iM=$o$`)+y+)rv;+oXUk^=je<C8-^I-Tf_&syJ{GH2kUs{htt&*WU
z0h7A={Jb1HO*^zf<RT*@$DxSAMEQe>#;4<ImhlQZv)Hn-vSfX}7(8iAp}=xzn4J)h
z%J>Fj-pKN-Yi5<N#9*2x%i&s<mebkAK!ArDCt6+=KV3E4Us+_n>FDYR91C)BmsN?(
zfyNL_ycq5R`rjue7UFv5fW0SvLRfj(@Ky8kid=TAqhe!n#2<V~pCW4;t#y~-qnG2O
zpH+2m=$fdYrcqbF9Efk))HL<j)Q>k)0}p97E$(V+LhS)vzySIIyYg1}wA9oH6rw1<
zx;pQ^mC^F?r#3c{TbrAV{KS60=jyyF=r6t=?u<=a@Hr$!4_?Xt)!pYaz(po3tgt&#
z8!e&%*IZ+0`1}gH{Ba%*iiCn>XBk$|yyz$7K&39=#GN$)qbgru;#3ri#r`@a?QSnf
zfB$}y$Cibzo*tau|HIEi#j~AK$G5HbE9hzbAlKO3{P5v})(u!d;fuo!`B>!Tb6NmO
z+z$Oe{NVO!z#QQ%np(%1>owyEthC=kz3i7H;T_5h>bct#$dxVmFa=hqQKHz`hVqT7
zMYM5B9nTIjO+6>(y8dt-cwwKRQ2B%)+Rw(D4oPUAoAzEL7L2Q!9emQ8<ad^V3K2Ch
zC|k}9`A<FF{62R?rvT1oWoG6e$j|@G16OeAUc_K9$a5&b`c$E(VgbRk%nY)JbJWx(
z;J1Rj3JNe14umB!0*bJYVvxCb!p;5654LQ&;P;6Ux4lw-&K~UcEhf6?zP$u?$mD3>
z)cxw*eD8$!!OAw^zDIzpT+vb{Mxorfdwi*=YlC3X(*}+e1w=%CJYSrfVz|KevsH1t
z51VngY?D`78Wl^~ZPER$&OkIe)N650Su8%jqcb=t=vE7?sPN?D;IKH?Nkpx6gac@G
z@hvPYU@d*s-`Q}f*F?T=Q&Bd+?&7uRk=M|R0a1{)i#|)aDnNO5ex6H!7axIQP|fkV
zZ;*T??P?_@OH=m``h!@3Sb<&l-Eo(-me$s4{(GP1s<eqXQK&#bF{uaN$fFuzp0^eZ
zyVzJ&HJ1!2NR$e%ymbphOnlo#qKq35$nsaDBH#e~Q|rt19KCmq4rf+h9|r}gTri*_
zkU!ix$Hb{74ZasaLgcld+1jpo0J4P!li|`C0gzIcH+5`mECWjcR{o9d?AefD@(Uu1
zpy_LpULvjoT>3}H;`hs}(s~{X$0WV=Gj0thLe3u@3I(aZOIa5ORQ2=mUtT~cW2C-+
z8)$~WWg_M#cs<JX!$ap=gc3~55uQhDBoqKsL_u1_Yy(W>z<(+(+Qb0bbpKmlUxdP~
zTkha)pd@^I2C1MrkHI}31*wjUL^Na<J_VjNTYZW}CtI3_ogFGx^Kw)K@3%G@H$!N_
zrReCC98R7bm%HfdMiKqHnXfuU7|cY2-)YjBj~a>Yt>3<_AC#7s@>hmmG#OkT-s@;1
zj$B#(R--`bq^O$%B{3ph@~azHvQCqlnPHkc4$AWtwYmTB-}9@sv)i<U&6*l#NJwsE
zrKNq@iU`3lBL8&h5*l6m30NzMpiABW&J!Y+>gxVwli0`<#@vgr=`kSVGSi>6*4sKd
z8PSw79A6-jnS!*a#uJyP!v;*|3fGMp?-)wR(fmE6F&OM^n27Fytt}ju78cG(4*&cG
zGpmpghhNeq_k^5UJv5A#@w5ViUDiz3QWf5Cu(u_9ZTBgXG&VL)jEs!%U6hw6Cj$rp
zgM9-|NlRANuR1Pnm;sEP*v~ie;E%~f0Ev>f#V}QEk{X9xQ81C-{rerAim(nq#mLAA
z-IFZkgPHfoWSN+PU(@yjJ4vJ@BO4n4La!mBq^a>$R#ny2cGwRPC8yTh-BnIbvmMBO
z>)eFQ2Yntui%Aqvsl@!eJnaFdaJT{-vK#T1j7jXOsIah88pK?M|8hK*o%DRAMZVX$
zmB%-*8IZ#gtWJd8iR5HsyTO2@<mVfGf(;62aAm=lRqDRIfk=T%=9JoNYHIu-T9lRn
zOC%6^<GIE0D<NUFd7_re+)!a#_iv)OJ}|}CN9&A^7X%+R_?`#b9O>`hOp2eSrq*JH
zItZ{RIk_)<@Oz8(sm39^l$uhy14F~2=8iLQi;LLTnR?Ol^XsFZ$#XN+8oyM#;2}3}
z-c-PK=Fig6IYyO$jKfHA&vj=1;DE)!#bpvkl#EUx<pqW>5{s{Cut?^uKDM@7`*9_&
zs7QJ$*+-U&0HF#ZW3a!%#`a~fxjEfRR0x%N>m}}aTDrQsf!68h1mjmTcq!>w#G^5M
zjUD$&-b6-cth(}OfeV~X5H;&AwSt5WU><|de7J#H3Mr}jS?kw|^71Op;D*u(0Vy^y
zF`3ZN&>+HL26$80N{4q(%mXmKh*PUh&cILoymw;MjTbLc5#Rv;z6bQyLZys;VW@^Y
zQdT|X<<kuz2a>nG4%7I}Q0YV6b3})5wRL`R_wdLoFISX#kOb~5`_o&R|7i)GNFpgv
z*l6PJV+Z;R-v187(}X*a1+G5FynML{pv3Orw{Ka9FB}DjTMs%c3@{gJutN)H{?{*J
zwCiojrEB(cZK_sQR!gwLFyU*J5DInbpLez8(=TG>7ZLeU1}O&v0zwIl29Rs??PV@*
z9&MMJ`#9(KpY}`OKQqQHL_7YwRCr}#Vj}aO4i5N&oU<<WegDq;DlBaL#?z7OKE?Wc
z_`ctRDZljmJP+5V<suQtF0Wt`7st@UEXfC17Bq}pt*x;^5aTRz#aXDSvx(rwwa{}j
zGc;$Zsf+8NSrLw~3Za=*^YV&%TTTPEi+#PTayc+itkm@M*sm@bZ|6I`xLI2bn7ZT8
z)a<1aZe>HEgv~$!b24GGi4io+idveR=R%<*A&4X6{IlBP>EOUVS(Cl$D&V*@qaYR^
zcWK6TP`L{33wAl(OnCpk#tMq7%70?s!P%A;x*Sfj1tS6pFvAf^g!HGg<IJiz=1Nvx
zp00}oB5fyw2QGN}c&U)9tsM`6#kG>a?iRWLrPA4tzg)rlhvUMGFoI7+(WS1gK7JK<
z7x0nr1_8S<SM(oSg>286msz|*yHKcxg;6iAQ6f~YS_ENw;Z1XMb2nK1zBM^$;tmDw
zMEEl+D_&S!m(ZZ}u@*7XZfEyS)Z~=L>L`&6m2P|n#6q9rgUO$gwih9T!$Tag1KhkQ
zlxb~swMT`@7b<Ek|3*-tfrikF=)WfJ?tkND{0YYqUnqT+jcOSod3zHb@!>7mkeu8!
zBxlefKyob5-h0!*I$#&hfIhgqP?5#G4bCtIq)!tN9F_rWg$Dn48F?<mbH@4WSK^JG
zJ0tHj?d^*k8czYo3W4Mm@#QzFk^q&xU+sPLR~6SH!!VNL@*P5({&eNtbnQhf{9&BX
zccw`em+<CV^xj%cQ*^rdBRYi@l7yLCkGT+OIk~ic_^35N=0;(&^zc<%6?POV8h7v3
zQvg!oK#BM7-%~ucwvNG<cGN%ri;-bk_TkipdMPRK3!~l#<R0g)$Xe}$EyJjhGwehX
z{Q(7uXx=Dw2u5iIT6P%55P*z1I4)nV{Jpf4d8#3D%rLK{1ZSsobMu4P#Q&hn3S)t!
zILQEcCLGjkc^T$;l@kLwp)AJb+*#DP`bt4pcc8A)Vc{aqLJ9ucLd&)mo*X8DJ=yH<
zTSDodnwOqq35zM%u7D-B^!062+4s{@Yw6%jbb$DZVZ~Jr_(KMm=q?^BCod^vKh1wK
zRJF9Xu`7({UNe6Y6cTDyymbm;r%`T!Wm@46z}sm;@D!ZSg!6pGp%YmV{r_d5CXXJS
zWrbb~LbW`LFK%Ymtf+W0w7??e>WjlZraGdz1ah$qYqh%%tYu}Juz+)Y%@RQa%Aof@
zS&V$gSr(Q_`>_hUNy|r%%7~B%{ZJV;#SYPIAF;<&tA>?+FE{NG-;W<HDuF*|?Ck7Z
zJ`fuZl4ZkPH%D_v2bR>>c+$j=74zUv+=E*8%coDDb}NHLx3ba07)+Mc6b&D|&U~RK
zapCara13m3%ed7P99Z;?n>R1kKvN1A(^1;=xI95v>+9FAX)u3@ra~n5ru^rMii+?-
zMFgD|Q1J9&xThzHY&WlPS$nYMGU1k~KYs6je~20%y+4FxjBW_L4)>!Q^#A|y|BMiR
ao#3hd4z0M|RI-J@kFtV>e1YskzyAepr0k>s

literal 72247
zcmeFZWm8;H(>96(2`<51f_rceF2RDk26uOc1a}Jrx8Uv$6I_D3ySqD_P44@7>#bAg
z2b>SjRHY_N?JV|QtGh4ho`fpOOClrSBS1hvAWKV$eT9I4CWU~2(tw8rK1p%?ZV$Y@
za}tqOfd^jR@FpR^&+qM}G@XF!XW#xniqNFG10Ui!i)%P5+nGAM89IK0aC38Gvaq#s
zGB&jT#$@McmU_aE4*@|6AuaY<#Xaq4+08v|I+^p#D@-CcmfbRU#j9?~tB;d2KzNT5
z4IU+*Dqxsu-rI!hcW}&bz7iok754{Yu(R<G8*7~^MjXwyTRn*hDST;){m0G1g$b!i
zJ*?G^!xY(G;x^vukLN2+BbWSaZF;ZtXy|V*X<@->L{f6#l~V!-4ga6df*=Dz-d>bl
z5F%o4uQ)>pvbSr<2UtM={#~pIuJFH0q}Y&1|6M|f2aERak~pOQUFLuH=6~bnf0N;@
znEY>{`2TAWRg%Ak3JEcH{e&NRk)-EI`*1lb6g@OFgjiHjal3zb7~j&^=o}Ortj?%W
znPqY~Q>KZC!(^R&P=|pYyE$;>`CO6ji7qC_&iCsJRqMk+No=O~g|v>Xt*yDSac;x7
zxpT(fN4gJTdH~#s+S}VN=ZJ@gbv!Pgn&#!_*YkJ|i-}P(zClLyLb+~>$co?Vb3kcn
zY30L%=jq6ZJO@N_Te%RL%z}uhs8te!=GRu6#rmUwfOkLI$`!=KCX4|<%8|a`%Z-Lw
z@jNX1{rB(Rv4sUKT{E)+SwFvy<<4FcTHu$LsV(ATW2?1T&sTQ_6MNE7)6o@+9=M>P
z$GW@$*d78LD)E)i^Ytv|<m6<Rm8GTk;^HC)XCQJUAKE9>5N%Roy%*tianjQ?cNJ`i
z=Vvv2y&{#AS}hwZcX#*U!JqVqBpzF_X=`f+xzjk5<mAC`K-oN)F6gu1)E7lGusfQG
zT2WklVP$9Mc6@kP(=MB{fE6MSvw@8Q7qx~fY)aMPj1PLc?22x65?0L~&hDO^toaCl
zvFG;SPjOVCCwo@|1A~TtYquD@tsVBeprEDW>0(IQY&0XXw6O5Z%F4>Af!4ZkN_dJ8
zoy`cYQ$mBERDG^}?nW(Zt@DgY`h_Q}c`jd;mxt#XDJZVaY8G4YVJ~-nWo3nG5l2=`
zEWQVTd3ISWEG&z9yVVT$gQ=pzi;D};%#7OY%8K4$y#K`e5Gmr7=@4!B0P3*Sq_EFI
zt)gsq_4QN#S=HUcV?Q@1r+BtPKl8PpB6`cBPAdq5oE+|LH&S4VOG;Eng<ick&NusV
zWo2cdwY9Wrsp1D7G!+~J;c-L_jUmyJp}6IWbIWVBQiGtSU%<A~K7n#cDn%;Gz+FD<
z?d=UB6L5aue>&^(z>mxym8Yj7Z!Ts9xX3VzoSfX?@nS<CiJ&)kePbiHV#Tc2)zy_o
z2QpbabaqvjWZ?!j#JCfr84h2$mJuT|MU*Y_yZ9iwRHmY@Ma@3m-YLe$#`Ih^3keNC
zh>6r`4J(R>nUDdYnPX9!n=9Jx^LWz;4TsW=jg1Y<!Nuj}>gHBb+Me|V_MJrJ%6v#N
zTw~+B!}O$z)A3%ew#RPw={$ITzDc%VlB2J;SIv5*mB((e-X>5c@0tLJTy^MwD|ec(
zt>-1_g{?H$>3jS7`q~3Yqpq%=WMh``)D`?g;s}b=Rd8*`umEcmDss9D=H$n^n7-ZQ
z$7#ztC1B;Ao*q^2V=MikmecmfFg%%%kf68Skc(B<^Z2;287&kwIy{VQVQzlLi63d1
z%2bGm?-N1i3c0p!TrjOCen2llvOFk+TFbuR*yD?XgOe*?U?n3ZRoJ+npXzwhw41@^
z#h4Ugp8s}$ap05X7SWrddCbi8bRso%^<86j{Ao_)o69Sr6EP0QMiL$g-TAYsvOo4l
zW7<AE$zNtpH#Ur}uCHyreEGuAvYn{yc-pv$vPicZ8e$6nmh*gzEp8RBK;C0~Vq@#H
zw6gNy<K@+{Mj$xR%XQ-b&a0iwRfknGui4!_*n}mawn59M$zO3||MYY<CM`|J_wl&F
zY}I*EZW_1>eY_S7#IMN@=8mTcv)z&OP#k8xh{E#n8yg_$>S(Ram&DV1`@!hA7JXRp
zU01iz)8a`ktGvwlt=iI5@z+-DDN!I0C@3KzVS?|p_0#UdVMRlkV@8O1*uO3Ps-=|z
zq%vRJ#KZ)7adGhzGVG5MIpyx@a^b&A>&7Zom;P(G<3(Yn!7sj9)dtSDWu4)i!5Hf5
zvp2x94^vZ9)xaU~d36OL*Q<_TqDzMW?AjcOhlj`Z^{!6{Lm^X;NL5pFe|2VN$8_?8
z!%zGWc_Lj(Vr*tp`?2Y~4pf>^f@PFO7NWg_%7-||rq<Ev={f-#nnK@`rKY^w6)(G)
zV%3tAqee?|@)qE{a!T|pEQ%fiarC5kJuXa~H8qp{tgK3A@+-4dAY%vK@&PBTXak|%
zD9_>Q8tPk9Zi^jOKJ>Cg2{Ucd(Bsn564K|-pRX@>N12;mUmj}`88nT2w)xRx(*f>3
zuA0~0u6KP@GfG9w=gLrATgxt0F>56U?BjrNIoi6>mO)4V2k=1sIg!{N2V~xSuA5BQ
zCr}2{e-~d~M*j2XPhB`RBi($ni`7i4$7N|n8Z~(}6d)RgwaUuM26r>Om|o7-yI6r3
z|2#ZAOe`QEAg`vcNChWi9Q-dhl!`z#;Y8|kCP77TGz0ho+*RC|EH2tU(t#r5hbJet
z@bBLj>9)E%j6<XH$E2sFS^LByppU-;3ck4-3xIZS)q<GYp0qwIi?p$*XrQL0Mf=+|
z%r`bt8qY><ep^VO^xHesY!-(efv1o^e2cJsuM_vtRk8H9B8_LAmW{T#x%qJQx1lg%
z@3TKgzkcB!hO2~xNC4$I2d~eB%@Bx|aj)Bx$f40u)VCBoI5?<2{u}Riw>Q&JbqUFZ
z%2)PF%4k`_LC4BOc5T91$;#+spornc*_k;qB4UYVy|v~!MKpgL7BR8y+pX)?z1{kP
z*Kyr!r{LY%kASqav={&<Npi;v>-WDmXQ3|_Vuw|(zvVWDoU(4Zu+qa`B6!<_GY}*1
ztHs6DmG#@YdQFbs)^no;Q;2YJ&7VD3$eZcjPPDcf0Fo@XRUa<0PoF-OmY2)V&d(Rs
zTU2HytpYdffC$0t$5;N#9QIRvxGhlMf(~Wq5X4Fh=z$2n22ik8LPA2VOs}o^ELM_u
z;QIRd8x2_w8K4T;zX?7beOl#O_5MT)oMCHzzQpYKcy<-7b)#3LpafO}#2IqcW>{!B
zR5~mGRC^XDKVggtbAFnzX?A>}I=nqUw^(U*IgEY7?O6bpAIP!DQ^tX<kir0V_;RJm
z$!sDJ5vQ}Hq~sY1_D6n4$La&Ece$3*2SN7;I^Y!13_D;j$19`i*A?0B3Yn_+<LG`C
zFAfdKk`NK;*7-g^e1BV7zhs&%0ZkVMSh)X$NvAREc~|H)IUz9-TNB7iGZx&Xhlht!
zR07LcbVK7TVSa82=VJ1lB13aL;uLph)EKvw9ob@)Vp}^qJ0GClZTChJT#^8R;T<Vq
z{I<&}iEk@Y!N9<z;OM!N-Cylb#%^zKzu4H=oN&sas~7q2O^v${7@ix!!i5^M95Wgb
z2Nc2W5xJL)hj}IyP0iA4b=+J-X%_fX*o7CJ(Q%*=GQx67P(s^gD7VO0>#Fme&Gz{#
zd-=Qejj%eqx}IDB8y6KBS+>;ZVEj^VvxqQl$sziF9H|$mlJRPqnnk`qfyYot<3?9i
zQ^Ovcn8-OkKCbf(Yy1i$MimVlOa?qnX~$OS!~_K40!+d-R9&919Ic|d;0vX-IwKke
zTtGLJk`qWg6%<0*S9-ieX7DPXRgYB242N$;rQdi&L^^{N%a6vn3!Uv?RLn1@AG`wf
z@~oYe-@P%SNt=D5k-7E5vJKrVTubrms>S5jDNC26=x7CHYisN6>skHG2A9Jbk-Rt|
zt`JiM04(s8eSF#ufN~Zh<auT8?BL)KqgQdu0-($*iC*@Hbt98lca<=BGUq(M7bN%B
z!1JzNllwp@*$U{B$0nMIhF~FEXp~mNOe^HCEn)i?14BI&4n^=P>@N6LpblS>Mt3pi
zp=wY;@B7r9y~=Op%$x-WXh#CgPOiDx1i(GUs4a!nh%<6)|CaQ~wV@E7`Y!<Y^{Fq}
zcOf_3uKM|f$^qQ(AN8xPucv!GkM`>(=5?m2FD#@fe5)@71$_eth=W@jSjVwtcDY~w
zaS_i%z6av7q`q#R#{tD+h*uUcvzYS>{{7i|C~}Nrw+O~vq_e-!IiDs>dYGZU=X4`s
zD+oCx{GFo6cfY-XV2l)YsdAtC87>r^jJWjjuJVTSu{4$H=42Ign*ohq%wX9=pEOX(
zA`{M7)IP^Hiz92ypB<yEma96;iz}lAD<X|poMMCU@tKK<NkU(LH9sIA;DW%emGw5m
z>x8yu`@5J436R6;c)8;=e*1YzIYO^bmyJ(PPiwus5*0v^J!~K|`ESAWB|{Uy`ByM2
zzUmTzvzNh=uV^*+y)`GUYv&!(EyiQBh-vpocUM?zB|baRTTh0}EOy6R70XsoTB#6M
z&~!K_0o-3bh|d~Mp?S=DuAC9?ytp?PREX+-KWqSR&L=mk!=*EBy67^N+NG;l2?HiS
zvVXI(vQ`}>YTFL9ZAS6Y9W|Per@Vtj%hCJ`Fso^G{m7@Sc!dooCnr&S0)n<kiQF1F
zoNH7ZG748QNxBtMUcDQOwURdQJai7xL4Pt58(vH+l!h05<qkG@a`vf?ccGg}!UEgi
z=v^~kPlC0A5Gns>!k?F@nchiN`S@!`yWl{IjYfIV={=!aL>NwA*(3A4?>*%a;i)uw
zC+1k<*T*)XY&@1df6nK*j>G{m$d*)`wG*D33IS(fsR-@~abvG-9Po=eq)(f8jX(kd
zo?5r3;gC+%5G%6|-^a*3x|9e}Llc%??6sOgyY{3B&JT}|T$I$*Nvn=Sj64lXj<VC;
zr_y3GMi68v;;zRFSZ`Il8vur}|0AFd?a-b7sH5CWdM?`iF-cF9SbHKPJqFRhl6Z76
z$A@pKNki9t7#IR&*pfcdlOEEa*Rz{#Y;sttql;nNKqdOg)qc)6S~mUW4^MHw+f9G8
z-DEWUHFiL(|9v=|2xj-<AAPSosfMV1@<aNy``342pSr8K5CisgV53y`E6K#+%7(5O
zu9$502(e@)!nDUsDvz9q{%^vywY62<a?(uy2oSD{y3M%Ia!VlMK25=qc%$9jEZR|<
znwkd9%*-6{^6}|fr;wj)a}lz^x^d?>m(k0~%e{~BK<MXxpSA)w#kVFF%7lA&{5az_
zZE1!5`8PjmVLt&pl}FA_?riV86B}NZ1IY@q!!_DutJRPgbyY0CH)zbAl;QJK9wjr*
zwM<QD5u*EvWKL9}9IC-Z3!x=7&kWUr!H^CSXTbwGtNRXd9z*eABY8rtv&L)Pn{?6D
z)m?;!g2Ml*tSk#q@RK7zpG++}42Y>C13`$lw)W>odqu~Kr;(?pr@Ne7q@9;nOD{md
zu8G@9&>Mu83?}|gSwOs8%Q_$xldlTS5-v$g>yg<`?3R9LLAWtJKqvdnuYR=U9LbF_
zWAiS82&98z?$bS67HoSrt7V7IyTsqiTzPu%!N0T~iQ5g0`w3-Ck>`O&%kG?qiV<$7
z6aoW#w6*CIwGgB$Ka9$bHsRg|v~F;eYMI<sP`IUQz39m)9D?PdWMG_APnr3rg%2_h
z0Q2L8f`&fa8BSIA92K}VsnD#E=sXt8Ne+b!Fi+v}xcEI=Qqi8`{PJ{vR$NTiadYFU
zo|+%hV)-9_{RX%Cj2RxnOO*6!5Y#_^)uA^i9$|}9$~_~6=bl39pP<96>k`fAOX46c
zT?iOlw$(Tp82AaD#UFyMayNy5k4rm<8h4mj6~6IW+CjcN{VIHaU|qAPyF4wU6MyvS
z124IE#mb4Z&+~JC2{Dn(NK$Q1+fX$RHO0X8g&-GK!wnb=Zoa?VO<DoyjOI`hvt9jW
zb*L#na3Zt`85t)p7ema{=>lGy)j2tx6=h|^%lVb-8&tfCk=A|$9|Z1e9@*Q=QL4J^
zuYA@@6vWAHNzEc@Dx>r%T@k*jD=ZItsl(ZyAZDGBE5>~sc~-~LozENWf|JsOF<$~j
z#0$HO?+LlxLd7K_&&GB$e!v_q7?fm&BC*AR?Cesny+V#cxBHO;Y3Fx-T`{B6<TY;d
zp@q~13mh6P2I)FW3AZjz1%1o^zVspJS%_Np_!Z}@mqa|(2oV-?&;-21a;&(ffxZhv
z4dX`@QBcuAGXL`!040(XRmbdFtn_6-a{RMdIs*~IPdi>;jsR*TU){$!egv5Kl(9KE
z<ij_|i<k=OyjZGwdc=TPa<H<vX!Sg_Gs3hnJ^$zZh67@^=1sDzvkBF~K1R=K!41?d
zs=mi1Q+&8En;j#I9Z^iR(MI_f*tR`q4h;r9WrQo-o?$1qq+i6u$w*@PAr0eB{^0(B
zvW7*PC?X!7aJ1~N;nxvJ`NMU>z3-JI;~Ye4pNTx;OH?4ME+qouwlUons~hS~NuOnv
z)_m71f1wFsn<1}l&_PKTe0KJ#p1vRe6|5xOJeIVJ966e#Rl2JW^~rItz$;EUzH?ug
zc{;H)J2;k9%QG}LH_~#TXG*NgDKWdK`N~uP(Ddd1OKIGnxOJrdOi8hvcf}q@0?dvr
zi0SF+;@wO?!SlH)W7fR9JV-!!XaTWIuWDp@*Pjx3CdR6pmanIq3{Sq>fyUK0oWwDt
z#2dOC`$rg~L+V2ms%zdL??+262J=t^VQ=KpHY^RNl4rysKI9x#yWaPtm+xYHb_Olx
zK93u@nXtqJ^vbp@&Zt1^JYh6Ce+g)aV+ePJW!Tt;YjqqrzqD}`fcCy4A5*a!ClwCV
z3HmsmF_%V{AI%(f14`q|M46skjE=adSL$nE`q_}ZXrfIsZdqqTMn+aAo5(=BQg5T}
zDkAdzPt*`q3O2wstpUmTd#T;W>j_8S8(sVBSB%2hLjj<GmMex43}qXuAokF&$ULIn
zlf%&t6T?#k_aHm=ePgy9G)W9bcJhYu7xEFjCqlQnO6e|_+IjC_LVx*gOo!`%=R{9<
z<7?ICC#=4DUS#1F9`v*@rcg=o_U&vjDonqEKdd=3)UN)8?;X0WV{>G|tC<iNqv7cs
zi0?d#f}#5Id3fEMv|f#ak8&5Mg0HH_vng|Pkn{BpJ67RDq^&eGG>!pHg+SuDmz@R>
zCjx}FkbGij_*fWTUf!)Y`)Da!G}s6c5%EV#YN~)uDmfEQg-#zcArnTleELGojR}bb
zoImpleoK3&+RM7|;Ke$M>UyZM@~*NfH=zWZyw1G;;f1lb^bmv9@zN@Dl&%Xwk3%g}
z?w-ar5zD=mGl73KVHS<(RM&^R@MOv#Er@QfD$X5WX~ZZXn?$@{dH4!hS{iWN_odgy
zn6m1|b4ZK74py<*x}zCb{%SFvk#hZZwBOY;F_W$6Sl<XU{}cA=Mw3J)K_<_FG-0Y#
zqbg^ws*iXG1qG$vIzeFk0|4Ck!2>3p;mqy0HGZ!z|A$+ZmopurejPH|z?%LOr2-_S
zJ(s+7M!KLU`rKt{qjZC+GhIye*MO+s+aRX?8!KKB*)Drz=^bg-s^^P8ZkR-i#q^ls
zS2!r)y1%OqxOD1_qWab-Jj=~9`E=dhGZVt<Jr&_XSgezRX@rJ>l9IUv&2@cb9qU!M
zzjx3R_(zeAWmur0n8=6oD1z>%OngCs*_+on4R{P;#J+dyM_{n<p=38E4;nQ5IOzY&
zZmPEteJ2)S>qEe&zr;O0{qgXF{a)ERK1@8;Ei^H&!HJfVD4Sa(H#R$_vkO#{S@5A$
zb$jy#_rh8gqn+Q{hSH&1xXuzNkf3MkrYE()b;AQtIJYEWQQF64l_qFey_)_mp(~=<
z6r3PtMIA<@UcEGC3p^~D3#$bi-m?9zt*OoZ{do*@bfq@W>w`{7Vh_sM+1aG*fP6w|
zc-^0_rz=EnT<PxU=%})}nfITF2E;CtySwL|!Q7bVqC*cm{V&gMhpg}6!X8nDw@OVR
zn}X%UMv{M(;eL}4l#><FcU<r`XRW`L#WftN`vRk%FM`1KmkEW29!FuMBRn04)bf!_
zu0XoJm>wneVM-ym5+D#-VYIFvb<4X_*1D$Hm%BUD(3aMfJ#`HX6!pDnQan7(HrwUq
z?|sBx4C*D*T0)Vr{Rl{;?1#t8Ewg^J<+`DGczA|&b#?7TL_|!0Ma}#=?!;+?qv2Yf
zo{y@G8k0n2dvQqLvzU+XKq*y@<^qY3=g!R&-f7aI$cnzitnyAF?+2n^34(ZV8Dg-1
zxTM%~=Qb315TEt1uCZohfC`f5+U+WOW^iC%4ApPNu!p!n0{@=W?pOxN+3vkVP=~j^
zw_tiA2kpfeO%<#7hiE(bYw<!<t9J8?D<T0Yddr@9qi023Y3XOm-GvCzyss`^Z?<r5
zZb^C5PRf%ci4VI%?zqP4NVqu^@K`0@_uEN=d~PRSTHVi$#9UnJ-Y8OuoT2EUzyq%8
zQs=(cO9oX%HpZO+-`RYJO)5HBe0Z*?Z#Kw|W{nH&%Tp)pN>CVu#LdJiGeQxZn<Ntv
z$>R<eyDfLb?{bH~4!_&=)_&lC+6B=&RV<Y@Km0^!^oV#C>=S}O=|D`Iw>y`6#Cq!T
z2UM&$LC<b+Y!>O`^RB<!D+;?x$f#GG37f&^fW9%NzG_?r8XowVqr&kq0W=w{Ak&`-
zTnlRP<^T1L-=2@tcInsaSr_VV$+Tq<Ml~WVT1pjQ7V^6u&Bgxn5mZ&T0Utrf2H>!q
z_U}x$41`|o0ZS!6Qhy0D?MW;pI?omBGo>qWOeLh0p~e5q0=$#bq6>PzU>p=)Bsry_
z!_D9-U9F(6X-pm;8qMWyVl_hdI8FX+kZ$hb#nYj9&YHUefmn_{xh{!vcE}m_Im%2B
zv&=`9jT(h=1mEDqvTCTxJf7W!<tGeyl^CvC9(p;kt@Efv)zGOJ(7a)vLG23`TBHg!
zYPwcj6B2~WyxLRWi%l0rLThTA-t@WCn?47);bpz;vR1dE$czC*HXdLZO&$Y2whXV+
z&KHw!-}3ylwNq08cT{%?wzK#9db!HyaplRugx?J=<&90XLA^v{4<YHuWn5XV&<iQu
zXMc8h9j465NAS-%k{UHW7*I2zOFmjpPm?Wd=-r9Di~Am~j#3j(-#z=%T1TGno1vi{
zb8+Yu`RL`cd-U=GPHmOJ)Pj<+<zn>l(SPA<7PoRh><#w0+g2&$6jP3}+8}}h(#W{$
z3+$b9@LfY~)`NOcjG<=4E^w~j;Za|>vn>iFRypWm(ikm2+k}6+G-E1ID{1itdIB4p
zoAmY8^Kl*jF(X7B2LKkC;wmF6JN<@56Gh4eIYWbkPukkrbwDnf;W#jum@G?}FYT$D
z>>tGW5#L24$CEr^W25q)X`frZh;jYNw{^H&(4jtfM~4VnVn1h@jhhwHc^CUf(z*Cp
zd<wR$kN_`j!uLK6MVK%%Oc#QZ0bkG(7sL4FF}Ix1eG?VDTcN2p>TtLThVDTBY|h&+
zfXM$S%8EADiSjL5(9&8S%iq{I422kf#d-X%^1R7^WS8QqrFJd@U|PP}@nPZNC5`Jr
z1deY65#zBm(ey1=zrK+nz!RnZe>=LbIO@fq!i4d@!cL4Mr=>vCBuo-Wzvq`NOW_Q6
z?8Xz{MWOu9%v3JB8Cd?5%*f`Y#E(sMb#p~hI^<C-j7#Q^puwPGe_^&t(FsMKn@gRg
z?hyl%uwS5+74jKdbI673oXL2`z^zelx&!6>?*s2z&nVXVTR_?KIl3rjfC8gLYUr0k
zaCKS}3C)+c5T%}ALi{KPd)Tr2jZO1aSwW!gF_b!^zh;xo0v2co4!n6UnO-MNcU{4#
zeIIae;NF@wZ=Il35vlBV<Z%)>p^{VztA-}*&$wD3^$aLMkNd$~8H)Yy{$@8}<W^o*
zrP#o8*l;J{YL$Cugs1*;s5)^qSciS|PFKeYYmP0g=x&VzsGD}b*0$emxYmcFv=!#4
z@SnS(!r%PoAZD|{RZQaq_`4R>PNI}mIn7b@BGR&bTOFC~_;Qk}s?(W-jbbUEafSQI
zA|!IXA8(GU;7|xd7-?wWZ7nS?j!sVMU!tU`aQX}+>f0mb>z=U;Q?%Ns#&7D|MOyLo
z_21WWhWXhw=@3rFBDbp2hz|!QWfsz&U0|YmErsl6!035n^m7ZoIHl=!pJ(&=(sY7y
zuTnsWk|5?)m?%H^S`PhtLM~K;o=EV*BIy3`sG)1t0*#Eui!|oLH;718>|=~Cdj!!?
z(NE*PvjnnUh-b4TA-38?W!P;csapQm(t-fy4k~PBiDL{~KR*k9w&9D~<=ixDaZ;ML
zevvBCVLG+3w0uYx8_Knaf()=WWlOF!?u*)M^SbTb-rWsmXJ>bJadFYqXQYb{RZlVA
zMMb?0Pqy;OW{?xY>+|=ifYNWLMkugZ-=X~;qF=~ui<3y&X{nL3-9>si3VkX-9km;w
zj=HuDw{+_SXve4uW0vcX&9C}L*gsBsd2hDXp#kLtPf=8Iq`x>dO%|o2iVcAUvtgr3
zrl?61b~;Sd6Gz|OA*+}`L)me{x1o_larDYnd5D*lKeeHoHpOxa93R^VBHhQst`I6m
zni_N=FM6B;MC~!IP#jtnI#oAa-DMI=4g6sUBvO;ASv@btqaUb(QvCx1@5_LWInZZ&
zBR&#QziL>=e#(Spys&flx?<YjfY?cfMB#wGY3k~pijo^k@=ci>2UwChELW2e*;uHL
zPk8C7qJt<z-(=M#I<FYb{d$%>B;r=+@sF+Yp)KZe{%`ZHsYw`TT+j$-R*i1!@d=do
z4{^h`Tv!fHHE2KI4~@=9ELzw`Z93_d79(q<!bIO&8{=iz@oXe8eQ(s5^!U^QcU&(y
z$Ygj7@ExjuLIy|x+_UDbpLaFFcS`xsWtp8l1YDMXO+Dl$>&jKAM-<E4{o}P%@F&zS
z$M~&J{!`ON`C<q7<LEa00=nc3L>_S5b#70ZSpG`nA*CInM_}%+f5hK>AU1^*KfNi!
zD&?9Z&%Sa=8M{|aBxvhWR{a_$yrwTfJ>$fp{>IX^)E^vg`ah<WMvqRf7r9;9xBqtO
z#7w?~_UBUu88Dt5y9N7Y{=3y|r8mlUahdu0<k_ZoIzBzUZLK_ac7X$Fd<O6YD8R0Z
zD#^p!4PORNsyWABjD>buWeN+IVD?4T3U1iwlZ>e_+RF5K@~M5km5N8E)J@OH2g(ds
z{jpbw7aR9uv)Zuc#}!x!t(SZG?kVJ_i&XHw52g^8A?sOs0gxxh9Vn9Y15g=0Q2ji7
z_lX10Q2gm|T3ZK|7EvgIw$}2WO+u+exqO@HaqQAdC9DeWjhs-;)(Aqu=}sVSl5;Pd
zV*kYzd|wo3_{eSu5mDEZCA^or&FEFDX+Ezz9oGm;$SlO_O9YGF!$X)81sF>is#if&
z0Y-$Rva*IkdYl#*%>qyarqNt_llmw%rc}f+czzUMZ$0Q)aevRF#rMC9;Yw>E1W<(>
z&To2cPO1Y$&F*4UzZ%covA`H{?|40r+8^33B-al6LkAzN3E&}cs0^`keHr=;5>s=3
zR6+KA))Qo-TcCQv*1;fm<*V<87)iSB1iD#HxWeZBz>LG`;NQP#cc9kP;KE5<JnpBi
zj~Zmsy<_A-d;5pt=JvPPlG{sdVq7%ZTNyCE*JbBsiV<5|NZwNhtDOh(Kg{`3Juv!t
zY4vnTPR+4c2&EErnHScgT%hg7!tI^*aqaiH7483cx2WTADTQO;Qy(ac7(pm>tali@
zF|)!vT||#-Fq(P*{_)%`^W`D2Y^Tv$!)bWu^Zv$!w83MvSV)b1y;MNOkm6b+)jZsZ
z<;Y{QC60`?QZ7!5Dia+HV0)pj(f)boRV{5J%jJ6^!MP%!`{Rb`QjV}y7o;60b{4|!
z^gRVK;IAP>Hks8-X%o<^T7H6b4aBUxQCs`78g47h?nUShJ=dYUl$M$bU-mWp<ZJeM
zZuH!Jp!|z*9XmwFYt-Hud+g~G)ZI=rwV#db^>rBSTr#!)UuEG3rK~2`qg~z>2-ylu
z@s)6{=vCN-Ii?*eB-psLPr?o3)h>WlLb|cV&}pDv@a<G6W9}YY(|6>=X!R=syy^!}
z_-L@^zO?1WqoaaQDo05C4ws~V#9cXWVC=_Lwc6HnZEjsxK-7s|t=sj6nBJ$T?I>HK
z<L!fhZUZh#WI>UoN|p&|UN_?KRLcrq&CmiN24P#(mibdLJkU?WjgaYH8n6Wh!30p!
zfB;3FZ*<rk2E<XiPV|@LFSV1cuQ=d1#wcA}o|T)-keizNvn!%GbZz+3W{VBil4l=q
zhaY0=wcidjDui`2f%}!hgtO$~DQ4hq<_qGT<>_6;pw*H;mOk9fD(!*t-}Kx4eT+*E
zCL%btsL(9q{gXg}Hcgslcj@gpIB<tA8L!8+)(klp>zqwtqOna5>Xf{?e)v-Ri|^K~
zbJp*6=(2PwKst?0kgYWH(4*n(g*6JRi``ogE{JHXj{h(dr0eX6R?Ep5=oA(Rg4f4k
z2)*eJ<7O@mx$b;|XG}oINOh{MhNbX*lHe5NRSzDqy<Cm<EeG2SfQe{@LuRU@0i$e(
z1vC~z4<%*Z>OKvOw><GRdxRy!-##zhZ1QYz`?ML)Dgl_P{k^;7<_6&5q06_=(KLgc
z1?^Do&lYPneyKwBTR5;!cj69&GIS4~RiA3zf`9q3X2fW$?evK$Hb3o6X~4Sa%GC5Y
zpIq=~@vHw`tgM_{Ah%RsyP*boWjHVOL4fKd)<#$1Mu=*;%`J2j=3;WX5}SCfrLV<*
zog6$SPXKOEgM#X2iHN`mR>PWz1wB%4=#NwpCQ<LKUrWASP(r0)w?Xklc6)wTo}4dN
z(pAglZak4SP~o}!fGr;kSMffu11{Qjei9LG@T@=~Oi{zC-KI_iwlow?vUElg3W5F;
zBQ$(6up6S~@T9XV6j55~LP$q`SW<i@?e6MKa9`CRPz4#IJjSMq=|1#<s@pN*%VcZ(
zJ*@nPZz1VzaWhD5$DkWv`Am^zsMnHCA;LN3pOy~D*H$~AQQA0OW|P0bmNsGCJ#Z?`
zF=8pBp3S^M+3_3uHuNqdHm*ai^#+$M8txrp`TMaXs9-@3yKKO#Ii+*so9>T<GMT$q
z?%D{UaWF=moy&qxgu;a_{*VeMBmKfDC*oDBBcC}e_QmoZO~!xPicEWNhe6#Xn%li7
zqydt1a(30gi_u<=N`1Lya4eyIHR^G>^sb^65B`nD)eYDDd9xIxL#0JAWCHp#7rya;
zk}&0#(^w9DZL@5zL>q&)6?R%)v!+2EN!w9RB;?Bo_sBGpJ7m)C;u6DW?}cFR#fD}O
ztcUgAOv3vF;%DD56W8TAo3}Db6t&8|55Ip0)!>cVcnvp!B-*mz;u1n3IA0(>*Z*Mo
z1nCLd)2d(B1}8ptXSFYifa-V7GyQmU(asJ9HhSxw4B&NxKOg1b@^yPg5N${}Z$~D&
z=+O<qtaz!_9&xzU5M{tGRU*&bG48{vCz?Y0d1`!^NX=D&Ozl9ne*XE4*xthHpXiA$
zwQz;o5+p(u)g9O!qKhh7NQ<u9SS_!qlbPeBzP_MR)#YGQ997{QZGVc0bAFl|Z$4&^
zm)?Q^bZw<j97JV8+*1iRQ0%xKQNAAmZV|mC-PzJ^UVk||Nf1d3C*i0s^?Y&k<jQpT
zMX!7U7ykHy#rKjLqrLTfwJ`k>EPEHV1(zf<&b>qEm+A^!zeV-$6R?-7sR%rkWHLvt
zr6_PmJjB8Ot;CqHF`x5^*SaNh40v`U?!)O+!4r(&u2BuO-(TXDm7!XnoRmroY+@ZZ
zFsigC*gh8$S}Y%fUmufPNbIV4k-_T?J?90jPMbms#|S!31@OF1YCJEv2KvlrHFglY
zC~{9a3i{`D9WN+-<<fK&Ldf117=Qt*6s`jpuz9Q*MoARYIEcBmF_(d%tk+jJo2Vq%
z8}p+wN{dD>+!-Y`P#rCwh~3KIzh|mFd_Vbt7wNt&#e?#VGe^sBTdR&q##$FAOgrfv
zY5x!&B=N`?H@(5pzNmOS`cF9t6?VMf?-H7#)Pry@Edwm~QReapc&$3=Xas9vccki+
z@0!R2$FR;n+lJgs>TvK`;%(d9ofGhI{~8Bn=v}U68WQJ}Z_ZGHXFpdcv4CQD05ip8
z0@CF7g!MSe)zB?fIT?H;rrGH1vhAahw3HCS(?M$DvEH2M6Zx8*<nKp!7#uM)o~y)r
zU36+Q(r-MK1{9TR_@unktbF!8$>1(os@Er&S%~P@VOG)iM6|Epao=gUqwghWDS^Lz
zZ=0S=D+bC@`y9I@oI<3JerV=#v**Lv&H&xh_9TW5gALIo5AZm?e(F#sI>aGprw+W;
zy7@r6qTu4XznDEMyNm$YW|;-o3w{0YdjKgH@U-L$tJ530foXKm?fsUWILVRRY0DuG
zGgTdWIx1oB5i^emq{&1RGJ%$XzkM}BFJ|bUNpIp2%H)TKvtZQlv(DXbh1Q&_xL|2W
z9RfyPO-59#^fE%AW%Uox)nH;ir`v$n-9SEk{$c!=qb?4Z74Sl51mNkeAS_G>C7iQc
zYS1Q$%%ejlA4>P%_#0za0`bF@coOJ>n=oUk9rr!Z*0!+N1eijTkU)9C{nOLVCjhK0
z<{#bRAVxFob&!JuetiLl3t{!GE~GFlY%9`kYoxCQG8W||QhZd&F?LY*56>%`%Ul6H
z?_YB#E=HUTja&?wfQ#Mjma6ASN;cY9nZ2F4if+pFynTxxN%E&RHZNT^gMNIL2}E)d
zS$3Ed@mp%;hA1*jeAS+*bERk)1huBPZmFUQAsq6KO&hmk8?sHwI|e*7l71<W_!W)V
z>C6Ow>EOR09W`jWIff$pEgl^Y%SQdf`Qef(aBGnq@AWj&Nnb`j-0=Ht82~d5XZm(K
zYePp=zaIYjWlDI3Q>bxKL+N4MIRBRfhR6Zo^*0{euI^tU$gw&tMTKdjO>$ROn;vOe
z@;yA~P;mird}msR>tm*{l4z{Q#6zz3tPh-fXYWi~{oW}i2Q#%Gl)NvL%9g^(bAr4P
z7ZbUrv*+avj+0!iAT+8StGm)Z<%=zTN%vVt5M5TY1|cH-P?ha)QHj5hx6!kTn<UWU
zbU&9?@|v`oCk31P4J)4CJy4P~@+#zxS|wVZ9`vl2N*pQJf&C+3w^Z=T`$O@~U=qc=
zj2sf+s_Bq{)PcxF=6Y80#V5R*#}Ipv&*@rx_wewjv@pg)m+(fS^11>5qH%Q_zO=}7
zCVg+I8Zu^qw!ixw;1OaEmT2pTMoP<yW^T-aQYAf;B-oKHsax4f8;L!TjczV1K(F}A
z&_s`|G6}$?A@z7w1lP~`>oDdp=)d<F!Cm7f!~YjgkFbSd_YXm%s}O>Ia$oE@`$VY`
z!cOmLNq5<eQvpCo#+>fSVJr<VDg3EuCB`_iw&f{`Xm6i2Y%QJmjigJHVn@1BYmRV5
zY48&C>9J=w-J`QQC9#Uzs(UrJ&F6F!JWEph>Owta4)O8;t;97Ycr!fbu9J@SHgYoz
zolViZdPDHFS}r~tj`}jyfxiNe4<JkvD3?629+qim*MYuwI~SxnT%)tLv*~o1X%$__
zerZ|$??5c+i0y53xI(Rh6DQ(NGu$bY5!9=Le+Ik-JgMi7rN%;mi1`SyKzniwjAFiV
zD6|&1n9n|K;N;Qn^8P&IooE-D1n|=}xXTZ%LO$NPx&!0$R)5C8s=LsI<QhRVudD9N
z-YJd~2P}20J};FkOa7137yQP};0fQqKUzSue#}rsFpQ3nq#vhz3f;X`TXE7VIzNLZ
zHNDiCU(O84^n~;Rb9fh_Ybw+N?HDfl%4DJJ<*IG9oPT-VIwJ#pZbO!vPK6SYgiP4+
z7kuDAsh&KokJ-s`TahK5QqLA|5ynl~Yv}#(NVu?GoE4x>v@wki3k<5FP6VHxj`^Ps
zrFihEY5HfmA@#$dPg0=&{<Lr369b$a!uF{zQPk>h<UYEXe61#ZBcdsLdvNzA1yqv>
zjq1&$m)CJA<X_>V{=lIhiIEi6*X8%2Eb;aPBJ9)Oj?oc)XpX#`bUU#)_QN!!WF&Z5
zwCD-}Qs0VZ+<tB{ScpWEFrv(Se2dwimAG>kM16jQK164J(NH)YweH~Gz|0cC?j2HK
z)S5Il*W^^p5NILMw$}N}ORp!tUb*~SGv@~@jJ7Ju1t+ZlREQ8%=N=$E2pgwB-_b9X
zfZ?4vS!C2m47xl*c?2F68N9R)j{V!hhBk0A1iXy2-|+Ls$08qJW1|f0I5_j?%n}F1
z1UsfcuPf=nz&w;_-&pUbK7GQf2T%SrIv-4S@>F}cfFN#bI1`3tiM6>$BlX`b%TG?K
zmIl*Y-HKw&LVcydy@^hy2I^bOp>`&lIH9D~C$9TDj&sFz7TggDCXjiWIW?(mEnz)>
zp--Oe&^w8~jjs9&jE1EXJ3)&wQ~aA|;#1*oXYX~Az}n>10<!Uni0bO*I=7;NMDV28
zLi5n*;JEM4U)WZ!W>|}!GJu!-I_AUzgu*x0j7G(Uun5O4EUp${)aS!d&`*aI4ZPDp
zEC;>GjecDV(OqF&i|#*vgWe+^*lcg+cV@rpS*nt~nAAD{I@{82a^G~vx+2<f<6BDi
zC)n(<mE2$lDn1b!8^BkBr0|6$20KW#?ulQ=yw_{LP$2|2ykKZl_naT*7!uilvvt7*
z6(L4$PH7zAlvHtCX-(SUhoiC*WoI0#VstwKtL_T8*G2Q4!tj=)y;>{`#CMX=f2yM1
zk8C%ASA9uEj2gb}zB~)0Ng_i{HC=8`o<ALx={&u3b!MxNZ?oZHeAlU>8H7fp5U2#+
zE<5YSxM>ouu5Lt`e)MEl0@&N*lHOlxE^6z-m-f@~&ZBVc@FapI9lr{)tBXX7_X~II
zY=m)>+#5E15@$3H!tp~jD-F5q90bHu#BJwyct(}MBEGoURa6soJbOC*Xl0n;yJF$!
zzX)9cE*O~aua%5FN^uhVJU13geynfq{5p+Boj5of0$iQ!T9;1U6d3=U`ppM!@VB5e
zU0_1_pRbSr05fdcugl6;Rfp0(LN0~11v}_fkHPaFyXLj6PDbimXNx;#ju0DE-j{9Q
z{FVZ@$N6NVKIIMg-1e0m>?Qyl>5baN&fSYqE-Co)za?ev7nf#Zo~D)mIZ>YG)-CMV
zsL&%zBKtT+bcoUBAXkk#L+Po_fBU<kf<)3O<!rr)H|?*L#4|V|DiH-UEqzN0$q`d|
zM07b8;~;AKeC2G6dq=(&=v3EkU=xno^j7I8t*wl?Zp;4waJ6SVLj(Pgqf&NbzcTfD
z001Cy2@e7$Wd4bv1^c2><jA1$Lv=cnyFZEWzXO`Pbjt!}#NWH&eC+g|g1>NFs_F`=
zw|%-A);SVX6)+SCE6}PPX`_G%xptU~BLu#D`H#6M6AQy$-$LU=hiqzEzzyRJ4{i%z
zAgpB<_|M%>l*NkO-5E8!O=b-Xsb{}Sw1(werCy;cZFFF(hsLAsVJ*7gAOAC;irDA@
zeE9*;W@h^R0}lx9>ykOPJtmsrODyR_;3_&I&fj}k>9owL@=iYtP3);8C1-yMWp1(I
zVT)N-2@b%`Qa&1}wsI{^sh`B)MzqbjRS}b9l=M*V9x|l793N5kU0*((m0^8uH1sE#
zLa{}OQT_(5@)vewXm}r3r+xx8Xd>*LwK#?{0K`%^46pg$`oQ9A-A0v}poK&x8mt_7
z6Zv0!8y~e+%i~q=hP`0=i(9L0F18bcLKdPJt3ZIAe3Qx!`=2cPk_y50RrDjEr*det
z^zB}n1pUFotI)QO{>J(GlXp~nMTBT%hLg)iW|Wk!PrKJCprsn4v$ZB>P}(HsYCv!g
z^yLhs(=3G3Y}lsar_h0S{I?|F@mmn50BGRUu`qp0BYsZ+u*S5h1Qg7c^99rB#x@mA
zDF9Nxq2l|=)3f4<%js)>CHI2zQ52<nZe=|*$?xfn@KT8ur0vC+jUUhoOm+9XiG|~C
z$bqrOO~Z{EGYFHonJpu_90zkVIa1N@`P8qkZ{OB@^JH5OT-ouP$LD6CMU&pIH?M~t
z|FFXm`{F%Zq*%ta(Py`{*7m8+7<M|=n;l#xZPY-~shk7Di~C<Dk^c<>&*T6-zT&ox
zZlNaykb1IQ;kNR=*%PJF0rJrHcSPtC7ZX&zzJoGK^wm42N_<~akkj}mMI;}_L%Sk)
z=s3<IB|&_CKvOZl1Q;Gp@<UPCNhMk03Az(jw@y9`A1-RwNZLY9N`7+OXBYz{-CKo7
zm=6J@4!8aUuOT&sRa4=IH#P7Ewuf;b+SdjyT(5Ige_xuIG&=KkqX%wMS6gfePlIo1
zvx+R|(_zNiz*NK$zgFmMlxj}rcMq!a5d`a$+^$H(=kvOI-?K^iW7bNd;Gy&2=&%@d
zn|6m_B=Dg9TKNY9V|JFnZFZDD|21eVh=e8RhR{E64GF}Td~V!*g*-e>FtuSXW$`gk
zH%X!~;*#8Cf|7D7d!Ak2dGCEm4UR+&Rb-n6I@}ejILG<a4_-|XEn1;gaXvx$(UN!7
zFBZ+bz_TTx{M;;4R#j{8Z%YGO9u>p4{~qp{zr$ia(n`@zUx+E8K5F4((RlQ-2_+{O
z%hnQRBuRr4*NMR~8EJKqFsfsP-bVW@E(qo6?pnv&yWF+2=o0Xljt9WUw8H)D$(sl8
z|1}7bSs_gn3qIEdFLx*hU^waMh{JoVae)rmeL1{24-Rlwum*TOxg6dN41t4M@^_3+
zA8{%V{rnf$!r>rCkY`b*9f8`M!C8Z6?mg<Q67cHj^gUBL{<liM{p<zlQad}uZ2kjp
z>r7WHf)$@VkdFE$9P8JcKaGj!s{?^&Ye|G#m*f(YR$Dwjdck<QpNxASEKFwtUVtAT
zu+;s1cRCOBaQ+&qk`L=J*>2p80KP<3DbS;#7Q%bPl{IT=gnYTeBDIA)1KR<ufr*NH
zOJi%CuGc|F2<3*tVTZBU1Xdm^P*X_{i-_dNTB8o&gUp^nCdq&CEq;OkSQh8-I56(|
zZ@dybIsZAFQu2QNI#vqau_vkv>uyUVU5;xZf5q3^Gn+VlxvkKgZ6n2mg!0|+-v?qq
zpx17wc{{Gucf=1dM%{qxuMO{Z!m?PypN|<Unu&xwDc~NNXL1)!d>be<_$n7;k?uzS
z`f-v610CymL;JAX=j$AU=Ni9of9s^fQ#i*-5Q!Zmzw<`#)#58^%%%39awZ~7(R2CJ
znnthqVe)u?U=RYB6G*@U#fx#BwY<Q4-{t(mG6F_uJ_5~*zG7@iFX0g?gik47$=+hw
zVN=9!s@~b~G|&^!!{VOF=7?S%vKrKZNb9^fOO;>}UN>sOLF?}G)}3sqYY9=VH$&P@
z0r(#SpajyZ1T~%KngJs_wta{pa^Qbv0hEPE?b$M3D$!oKHB6JN0Jd&_TTE)LO%m3$
z9wpQ_H4FE&A5Z@DT!WFol~SRgH0Y14WTde+$iiBd5hAgP&VbLh8D)?>2@GNjkh+Rb
zbg;h`w}{a4QVTpq?B$5nKdK>(X)q4=O?X0IR-pSEufvWb%OL=Ez$!5gW5_V_7@=rZ
z!6l%&-ln)(G&w(gH?1F}q8Ln#ICF6NUZKXZ^B2unf#j_rXkZGBV#-cl*7$7+(hI$v
z3EEIB_*!}eCEb|yYh62H!A0u$EVHHH(zFZ!jTBR6PtloxDfi}RrcZJ-YFK&<_Z_^m
zdwaCSL>Xmwzp7d+A&*aR`X-!F^Xt~X?G?s*4rVBYxjwOFi=M+{|MMwLRUz<-nl+|E
zz0a`?%voP`UhUVSULkDfsD>9zOMn*W>JoA-$KvY(!pE3OcY`G3T<)*b@oPHX!1U>c
zf<GWJW+cL+;))W0q`Jgk*p@<eas!-IPRo6kbtzX06jRO(0|{t0`d&LQI>{dI2dSBl
z9(>jl&j6pcepue8_gxju6_W|U{l(3!6Hb8h5Q!HCj3YTPG~fZ|O@E=esA(YN&m@<Q
zxFHh&|9jJipwGb%iqcV;Zze{|ZFuFg0bX(H@TqIz2XGy$k!@eK;`n?RFwXvuUjAKx
zU@Ke%Isw8*VITC^Uv+-sYq(&ZtxbZGGT9GPZ5FisZ!_U;o^+jks{{3a!4rgYLS4>;
zLk4_pbboi(=Lea`gH7@={A&7bpt=6<bq~h?uk=WM{5MPO<`^YgVbj1y$dNM3;Or6{
zU4gbe&g-`UJtk$6W;q|g%s8`G>J;642Pg$%d{%));IDS-)B%S&XxkN^0X+q{TPP&r
zD!HflDMF4cHIN^#(~SicsGz@g)r$7j%}}~8y3lOLz4AnT3f$43iybo2NZpHUQG2&h
z|Iy#n?Fkqi>MyYkmdFET27husk&h#iegddvW_$9F+@|5p6Her?8|-5zJ9!Mup?#VE
zsh!t=AMqWLJcRI7@m>6RzlpFI+gr2l+pKIu`~2@kcpYApw0TsZXH?jqdFPYHA$&jw
zjKADzT|y%s7ZqUM4Q=Kme|~(|@-1nco4%51+-uK#+Bq3QPJOVPeXXFy@!T*4dO=Y1
z?_S82%je&j@RWdR{2M)Hr1Tq(9mO(TTV>Y&2OfEZckFyf^UMirW<ksl&}T8Gi2=f=
z+EWgwSQ_V3(mIuEG(Q26*5b!P0(`lo^x@Zy>Cs77#mZ2hPzR0VGq<1Fk13h8W(}a^
zD#eH)ru}(Sl(1;{Mye3^1})sCHQR#1T+n{x1Xo6$w=e0!a-sLT%^py*zS;rkW+VEQ
zS}s-a<ol96O8HTo4r#RPDDbin7)esv{JvX62D^5kV)Ah9Eh?B6WTFzS_%#8>0@g`$
zzg7M3uXk=Y0TuRq-+_Xars&2HdEO0-IWdG^i|Bw#mfd6@9{nT2I0^rvT~kO_r;eEt
zdiCeY(7ugAmC9Z9cG93SL|h4n+;%hX7XTfIj9n)3g24;JY=kDHUEc;vnP_t20o(5Q
zmJ9o0#pw3;?bsMTJ?JF_m=KJq6LR?fB`~E3q!rI7?x#G$<q(Owa7)jWXlN&EKY4}y
zI%w2ZZ;NU4xZEh{lAxuB{DU)Ljc}wIB&wrlV1dpE=Hv`xTJ1@;l96b&EsgUp`ue<m
z+LK_(7=2@3k!uqgEVcm87SgdHJezbX_PX1wrZzYt-NZl*g-FcAUU!thIKbX@wUaRb
zv|=*(^H{(Q=6x4YeeVV^3T5~k4qMEem01K4=O>gvzM!-7?Yg%#V$?S0ruF!p_<8*K
ztXKTmT_SwR>MA~L?)%qES7KM<GO_qSPq8wQnD(Nr@PJsQ)LLVB>m^m*(#%WhGuv+%
zpAX&uO!efBjL;W;Ap@8#JJC8fFT}9%Ms0t;cUa+Vt4|W+KzO%eIqtB((+672_@$Y7
zI=%CZ19E#sU{?wA>yVBc0KuSlF*+voxQlpjd_ha?QS0{5#1iKGeYaM={W%1mTMg?V
zH^?aBr5NC@><zbB1Ef&Ws!li~KWj<L8euHN%hYSvrroX#{5%D23Q%85Ly_%!s^@?y
zMy@Yble6hSEL><XGelo^j<%!!7&*}+9JT8G6CvRpI~{WQu`G8-bE?7Bc(up#sD-<C
zRERGWHSQ#2qdolkF0<j%zPu3z^IN`(pF{V-;W>E#TC6c(P5WFsL$|ytd?2-Z-d3sT
z<!vTi(|(0ny3fqPHdrk&8e7-EFY)(#;X13(hm_?ES8IPUoG4E!SJ8d<bpI%PLwm^~
zXnZzZY=2BxH3T#!n4fB+_DRK*H=7>g9d=%8+*a4+)a;=9IxL#qvh!fH1{o3<p%AJY
z3XirS#O$MI1EGY(gF<pPh)Kys6MrCA-v(7n%E|)YnC0?#<rbdgls23AbFVY&#IecF
zBP^Zy$g|si$~UkSLGySp+j*|%&EEVixi=*>W$nPgzeIFhFWn*fgPsU#=x8%R#P2oC
zgfIm~gmVk=9~iHDNKd(+G`#qs(0D!yXz^UAB*8|w&;8s%rc>XX9@H7gx*0*TWWHdj
zzEsgcl3D*E%x3l!&x0AGVp$PBh`XY>C5`vh(NwU8>!EsGg_1UTp&@hG*o>@RUCxrZ
zURyfO#GMTy7Rh)P!GZjx`|2P=x`$Ry{9~yeg*f$To7LK0$3nyL)^2AJ(T2Sp%;<2?
z3udIyF5LV9%-JfPR1~9nsE%^pcS&ttw%S~cZTH6HA3A@FyQ~=!tbK0{gBS!Q&0B8<
zm3lawi<=`~Ge*?hd9_*dwG9<9Jh^C^?73)oNPg*<ge$7q{&@~lKP_z&=X2ARSg~=Q
zYYQ~a^V4G-{<62fEvCR+@E9#lY3f8pnvCdA`>xvr4L4QX;0x72GL{vCrA_u0nSxiw
z;q<R0IQ$dx;l#`FzpI4c>9MJ=La@ZPl=T_{CorlSxL@Lav&Ha`PWb#BgdFc3#P;P!
ziE=57uu<bBTx3ua7xB4{uB-Kb!CdPRH`p{tyBCo19_<=E?Mg2phhTua^-R2NP(`*p
zjrdW=|L8vU+YIOIe6``;(9XW72}z#Ql<?PNI@55(<!hsG-p<+ZJI;(SqyLAgvkI#t
z*tRuJa00;tBxrDV4-g!JySux)ySoPu?(Xg$+}&Z}4yW1Y?EBp}9(d^Ps+#qWF-O%J
z4K!(ggtv;qj5t0XLGa``obLf$OH7Or)04$_EmHe!Gloize6Qpe_7#`%@>TOt46Q^~
zDs-?s7j48uuCuf#bsSYw43Qe&>%HxGv8N5Yv3TWRk4mCnR=21%Q=R-a8+#td@hy%Q
z7{v3^-(WRPv4^*RB;Mgb18j=Sy}0}Hs-HtLmdZOt0)B#*6Zqj|hkZpa*1NjiT1d?`
zQ&f{{R^p%@lRR8&S%3YLm)W|No+?(~8`$+lOU*V?qWei=SS=+LbPh5aBUpmqlGuSR
zbA>j$(+)SDJrZTj44p~mULT&#!g_WGSycW~Yb{-1Igu6uEj4hhhKY)76!}89^a++Z
zAzD(T!HNfwL!yci;`oT(D^h|rFJRN=Ez;Q*P*8V*MJZNQvp$fOWgtY$pg&@c;M&b`
za!8YuT|CQ^aGdP?Cd^9t-e5v;@&@;_Aaez>(;HE@F^B)1_k3Hed1)1e{mFHKN#z~7
z_>Ss#v8pGvUqLJ6trIqE^>&rXPxGvcl|>Vzt8=)}$!+iS7Zq<xIqMfo!wQ2{Vyiah
zKXC18Tt@^d2*B)OvTvtbq3w%FE%mPNUBVrx!|)9*%8MoYvG)Hz`Q<T${X%b}bx+`{
z@StQS0<l)b3zWZA*Rx>X8Cz$d*ACTtnxdE@7%yyp$xve6Q{@zuRE|C0<^9RhfQfwB
zWz9_A<WzHejOyLK5m-Z#_)}xKH{ao3i`)tW6|;JiEN2?(NON7&RYVzbQmW_-?nL%0
zgig%A{}xr#woUYd^6Dv~=8XayEyrvcn2HKYS+tNWZEA`&bUH80xFwunF^a_tq{wC5
zwQv>#;G&N&PAxxS`OBp=uO|z#p^4*jRe5^yX8#MS7&pIXo!USSyxN=iBS)2z`eU=2
zOfP)y&%O?&`n3WcFicPXVkCy-GIb1LYn6JA1FQ61w{}F{O47iD<T)BPup>j|9L~;J
zg_v1ZTYoWgNXpQ1G<+lUK<<)2@h>Hpbb-zCm_C%R_<Z*cchc!|7-Po<ak|)d?ser-
zIWL_uS{sRbVZqOM&Gu}6szijdcbY1TIpMVL!cx~gI{wR}-M!ArM7}UP`a6Cm&dhWw
z-qsQI8vf8ze5`@_(wze-Nusi{)<O9kn@gKLB(U;BidvfVOaqJ(G}Ab203RDP%=bpU
zcv|Uv+I<4&@cuxu)55kp3#aA6!mRbUG6EklZm`d(?W7qs*LsWCHHSG+9|(7rQ{4`X
zwwPStFqlw@8a(<m#p){B+p88g<~G7-@Tn#XL+TT##zMWlgH)8QKGteVG#l0D#T3+s
zElU+v1OmM8O2Qe(zqh??FJnP#CpNcG2F6Jz>X{Z}*dC2S=TlJ=%yw~+VCD#&e-YQ;
zuQ9pk`f+bOw`c7_Wk&b@o#hinr>Cb)4bMiM(|o-kKn6ZQX|10EP!PSmi-|WRtwtLV
z7%Vu^`#VZ)cQL-SKg25kF=~}TT=CSaYGgFDaAy1E<XE6=PJX<C+YoU5Vq4yXnKS^@
zLbt)<Incdo?9|)-RH4VM1zw&tAyxFnJ=FEMw*b`OQKej=0{@0lu7}lz(RK%kSiL_Y
zKS?k4E$-=?phYn_=-RakBF24;T8PN&9nR(e{!|r`yus{3DmEP{_}#D9TM!8Eyl}fX
zG))&-pn7`~r-73R`L>)!f=PXWZ(;3R_%xLYyb+R;m<VIW%_&5Xr&q;4baBCvab?>#
zY50SSd=UC~pF@j{`sUu(Klw80Zln$JOX{hN&CdE{_g0c}zX;SP2CI%FNrJ6NVzjBT
z#l}YtqVu+1Y?;3XLbTy6&9qAK*w#7ahSn-3zBiA|7Lj%GkF&M<hlma9-cn_nDaenj
ze?A)1xEOsizZ6a*GMio0DszZ1r&8i25i9XD03%YIXfOZWUs<TS(p^OnNa|*-9RQBv
zq8)*mxp`aJKQgq{sdHf#0zbp}o90TB7l&@-9@!PSa2z(ggwK^BB}N_es=n#``D$cg
zYHWPkF9*LLelR9#0;V&J8fSgUXO|L=7k4o|Tza=6aBYaG20?Uei1<5Aa$hU{&;>r+
zQFFf05v^8CT<Rn+SHHH=+EJWCw{06&8XUNj<1uL+9!wy-u7*mC8>Y)3x>pX^g4`g)
zaD=J0isx*Yh%(bZA5n8*!}FsXQ!TSL6a<#C(BP_sS5~kx+gDR6#|G?<aa#oyU0=VU
z&S!^FPilYnSyW0Y)!R`=(N&5R2oZ<YK5y%de*XDM=HEMqt{IUX&?H0UAh_ZTAepoJ
zV1t8UoGN?h-94Z8{^KmEaorOznf4!VUKIpbE48$z3t8_mu|$4NmYw`71fVNDklW&e
zJ#9D!VW>w`!h_x3VG0Gt&5d14HurjQXuAcJ%3za1Zu(0|u%_$tWub%lc}Th8BUNgD
z(ViU(b7W~wv2$mkEit#0xmK`v`TlCA!Ni)F(N+@JX}KiMR0XdfXA6D4KNF1x0s>ys
zVmeb^CoI#G`yaW|OE^ix_gj}c&B&cP@0$72hn!1Q&U8Xnhq^zZwHU0J;$>rrD(O_!
zjBKA9X%cq#OF@y62SzTOvcnvEZ|*;=t{+Y238FUxz0MQ8%CB0!Wc0w|y|CNW?o!Ix
zW<}+O&80NtmL!shIsRvH*jjwE!;N}D%JGVchr>*KM3RF<pQIAZ@salIi$#Tgp6~HR
z%8hrnrNq$SgR{Q#b+e*>a>Tx8O;OOFxviJ4vM5w3pI(3!4lkrtx{n`(ZK$;V*8v}Q
z>1d%R0>BQMD^7u{xr%&8`b>k|#hHcigpboL@cM7BgYXJw01&dDr}z1uTz+lK;{WM3
zY?M^2`e@OP+B=WH09JQjwUe3^>C$3MoYwNCLNx8i7YFk#egG%NaF+ZcG9aSX#do`I
zT_#{i>^Vph$K=q?^WyAFNUDBBQ|0WHGArXWKT={^w)b8M<_INU9WX10dEuk4gumfm
zxdBsx=c=*8K;_IW1WZT~3|zU-vpD|=Y3m3@r>E8Cj<1^1Zl~_9I&?ahZQwXCcYD56
z+s_=mcanh*ufrQw+A8?w%LqEES}N7iiRR*`Do2`<K4QhlTWg2H!BzP^&f)VD%M_(K
zadc=)+@+bqSQ<KH5PvzQ^4`66^g&lWl=K6sndbLqf~0{ADX+1mUEo`hXPqyFz(uoC
z#|G=_=NPycV+A>5zD5I|$?8|W{dfAkH(M5F#S?dI2?=F$t<wu#&^?DISEy?G3;R*B
zg4y6>(rq7R>GXQ8elsw*$%y><l({>&ilq~Q!1YN9;G(7pg;UoQwgHc!avdUXG?M!Z
z3E2om&S81B5-v`xh#3m?*Bs6GZz-^`;J<%&#1#V%zAi&>aiY2LV^6FgZFF`iEIj*G
z@5LF5V@tUqG3Me8!AL<_*<aZLIR9t5LOcHT0aT2cZ?Iqcra&@^5@g3A^i0`Zydsv-
zlG(RnZpHYwor&(o-WVwF<-%wQWbm9Wi__h`QKp{#NkwfCENnfqAUN?YCj}U1J;n<{
z)1^K07F7ZxacFb`%OSei6+DYQ1}^1(^7nP4y;z&=S@8;L(;CLW!S+70!QMzjMtre2
zvv0s|pQtdRXmhWmV+y&1v*|s|E?+{$t=1bM3|jrl-l9rU9=tlk%Sr^6B#9Ne@k-ux
zBhy_0QSL3jv(?%tB-l^=ik}l+3+zHV?#4k*UkvSdkbYl^l(?C(Kn)tBp=OHlOOk<4
z<Mie4>X?$*p;C`0s-%W$K&eZR65N)X91|gnoLsSN+S}J{PKiWct!Fnrd{FgH^ds5T
zs*Li3qnrC_dBpw6NcVDrGAzs1oPbmlYD$lFaL=L*rJT9W?>}<2_hw&#;yB&r%W{Ei
zJy6$iUO<+ZPJ!WYS65VPJY0xTUEI7H`dQ%PNqnnQN%HsN;!<VojMiT(kCs~K;8oI6
zb@X+^+7l@<xz7%#M?$l-qyY@qsR{=NwjEGs=L<Vlj9*CtH@!8MEU&W=UR5pqkOQ!P
zbOZYbPErq)n!}fsPy-^jewF2}so`x94_$+C=6W&D1rZnI+cV@{nV%9$cZ5uiy!LBl
zr#ZC66Ye(A$lRyjIX)9vcYv_Cwb)b08*vjaSaIQu6IQ>l;gKALSI1#jNuMbwhV<uT
zXR6ZlY+-f&Q7>7OD%X84zj7riA+oOK>EGw@`Y4DeEo^t}gl4XNB6PtTv=mn$v#^g0
zyg=8&q$|^X_KL^7cGX1uN!Oy}x{9N}>-*F76RONQ_I7Bk<|8@?Z!vwgYdwRYJmV$`
zfM~JdF>+Fg7ko9KU{=%jFZcABc=FEFTt9A*@x5_>R?S6Iv7I*pDVSG}m*kbo7Ltp}
zA(29&4ujNqNFZYRuw_4wmf_Mm3qy4Q>gjYY7hchFt}vawaNOS?PiG?=6-&!5Lye}P
z&6ED?*W+Gvrp@N1Kg|9qzaQ=#FRkO`J7)d@C@72z-oiN~kz7A_A<~ml{i0T&MNG<+
z-OGl~?!n~y{#`nQk6<<|8J3lzzU`zonq_-97`Mt`5Wiy$y^Kwai-b4a3t{qVD`bC+
z@IaBKK;M!kk=k=2ondV?<?aLnLeGJ1IzndD@U8QWdg=3!xqmvncLo;g-j7;!C7=M^
zT8xX|&@u#RChI-!5_;3Z6eXzLRK%w*>fIWce-03hBl&<t+^33$`a=a5E@F(YnuvVa
z+jnJ{rLf*(foz>jZ_mmsu*TTeg@1$g?0>&J(h^Q<y|I#l&wGR8C51fi{fI4PmIaAQ
z3_gR40At0{;$NfSgun)?@Mu0zxPP@@g6Gjmp3)z$#?;W7zJ7^3Ur3#{n8p^&Y6xtH
zUR+<)a%UfSDC^VuSI(=BP1xy>EP5m$xlMKrUL^Ol$}^j;T&>sDox`<J0*>+16V<yG
zTKyjGHJCf4ttY3V=0HozfoQY#sqL4ncrqf#XO$2-)*r5b#eZA@64N;F5Ca!!BzS9M
zB_c42!BBfRU9atvSZ|>kC!SaGU-dyfP%X%qA`YKU)ggmf1=5m8HW=StSt^WO`J(lI
zyBlX%?2?YQ03@bqw$nHQik{F}ZN%cZnI^umR`2|G2`J(h=5qXxrAq$3YBZbrBlGop
zZk&C}dnI3Z0}TC@uCf;4wrb)1U-5ZNaWB^#9@S<_CBoSn2vtcN4a{C%zR863NL9|I
z)_InNmuCxR1VBjeaF_p!j;)9U3i_bBZ&?M6SRC!ujsPP!UL?tAMA#WiWgY!{&x)*o
zBRSag?mnD6FXo<y%sHy-H$%x6@1|5pba!S06>=<~#Ns$*#R+J_OMfsI0N6uA6d!0H
zd2}W%IM{P$2TTyBq(Tzoq)KlD{%qFUl=(^gMDa55zjJ}wEF3E7Nv#o92+HPf9_>up
zJSXEL0IfRxP%wtQeSu(k&kEn)u%C8eYuM|5Bj8?N3S^D67=1M^`71;2l1Ks8Y&?GX
z=}se5f3obH`(K^Gm8%q5eB3DPiS^}0vk9a4k?yt$T;57p{uSnc%xo-4F(xop3LJ*b
zC06B^;jB#kHulrP<w13QJ<qYej;&v-QlW3~$fLT<_1x#Xk=#1>^nSy0JW>MEc?c{&
zX_)G_{jL!N@Q#c7=z=OgrxPPp@m?MdD^~z%A9(c2<C1F+DVdmSyAHtfo*P{t#NGIL
zRG_Z}Wh;joy|Dp;QKZR4N9pB@+qZ<wWIe~b*d~nFiB|9R?KM8@Ev?D8Zu|_K)$UZ^
zvrLJb!@uG!Eomp{>1m@W)*c|$f2C@6Y~r;~Dp1+hC|z`ng4U6O(4fD;i+U{i1ttVP
z#Nrf`00b=w>SzPQi$q^W+;LoQm&pM;7(hiQI^TGH`ew2YuJv5<4@@Z1q=wb47zJ1*
zz#vU*i<KkAu~R8(i5u~@(hb(Ekte-Z^u@&$d-HjD`KIAx=`YzbV6urI6y8{A<Qz*D
zlEM4K5~fLh342zYCyK98wPlZpEXr%b$Y~XFaM5G+{)+S=IevVZst)DxT>jVFT1``q
zw>(uCD^*}G0>H-n*JzyyvQBtUZ(w##zPO~W5jvHB=1|myTN=~w4nO0qHrPAXKC@{E
zs<zbq=?*I6FR&JiBZ&c48Ddfck+MMf41rHyU~hwV*MI<tqB`y$i3aodo~~YvhDFad
zjMG*~Xf<4hB7^<w-gO<XWvrjkN>LuSWo*$6amKhT0z!JMz^bV_RuL*D4{H%3Kd3Sg
z(FyEetK=Uyeb1L0?Zy2`OfIn>W!k^WQ2wzPTV<$MJoMNd)t!Sa>v1ar^6d&#m;|^a
z<lD|+h|BSowvQ|VBLmT>>`CYM$yC&TRI@7US?2Ufn*P+WAY15}X~Ik!sIOwK2rf`;
zQQcfGwYA{J=x2&n)V^;A3eFX9gW>sM@gcNMu8&rhUcJ7KJ$)jNFsWDx34j_wMZbOO
z%RlilhC_cdV|f8J{D4ESIV16SAy-knWc{Wrv)R;icCJ`osfkcd2z%5FN{?pGt;^s4
z`_D{zT{?G=yvPOsh4JrMW4P03=&o0?mO#lLqbpF*VyvTchN*tU-+}#>2F!2JI{LWF
zMW|6<(O%7o+{X(qIkQy!^MFQer}FTV1HqL9(d6KI5RWdL)>1wU8i2YvwclF5ib!`P
zQK90lTIgzUVQ(PgE}SM{0F;CSJo<pHB^^Y}Hr2OaR!kT|FfS~fw^`5;CVhF&>$K-!
zkFO)qrmeNAW2Jg{^Gff_8%UOL@fd+G+n>05dGHtc0e}%!Oc&bTL5_C1M+VkvEx0-b
z;xi|igXuK~;u?W?uu6fJSb9zPiN4CcX_prl0QmpoJ(oP&k#@=o+vy0+Xv^&TKtm)^
z+IkHO$K$zWcAOPT439?gkc&GgbUE?$Fgftov`}#+&-Ae8I1({MDVT3@wyP@#8XnLF
zJISPjPuhO=?tc#Cg$XMqakMVZ=^erjp=VTJzNL*NY{MTsIN4AkdvTzY(g~VL4_CY5
zHbc>9ls|6#O_Dr0v3e2X`-97&YIjttRmO=qv2E%6DPpeEv9QVg9f|5%TdY9o`nKX*
z(zuECB^Cp!1XKJo+~K!<Hy-Lt`NnwmJvzU*nFc(Z(X!7p*fY~he=cl!s3TG4pY1l?
z+9uv8@0(V_+oEjG{s@eR&;V1V_dmk?l_^z@Hoky7yz&v(kWar?$l1a2?p2i$thnq5
zq2D9%YETQy8tcJ}otgmZq@ri?U`rejAOH)y>MkjMpiXEs>+Y!W^6yTF&~drP6iSS-
z!;9{SH-gouk<HCWDCD(}15l(8+KjzKL?ff}2UGoWbTpJ?W4ltMRQd|9zc+1@8(%M!
zYFM@J!j3@hf>YO{phz$K<8ZMrDoX0q#qc*ezd{ZtUd-5d2(t$<BPe{Ni;XceKjJEx
zgq994$9XM}FNYVEZcO!4=Au0k!$`Rx9$meEd@i_gV_@+Wpb>gp9psjH{gMp8B;%E&
zBqMh{e9if}<2?1S`*ZI3MY9)Lu77vA>D+j)kdgx>6`s9IaVfiWVCb3Z`)a^fnpRat
zd-#VP6ZX=mz}cnQtjTPv-WcSd_8KZUz#9aane>+Wr-cNZOey&3F;V>X#bwd5Vy&}p
z?5$hmO%p~3f`4iM%>t-10SLrJJ5crV8~eFpAdhmeMiiKNgm*BtHXdiAMP@qI6Y`q4
zAfO2$Ob{(G-p|H}zcGaPlH0cc>a&Prx)KGPZ5FD|RVop{4+ms_Zc#FNv@6GSc{AiZ
zObPV?dI}(`Jvf}GVm<K19`BhQzo?fDxCnZh`%8)d)0OU{IwYrRHOc7}$x4Z7gXJpq
z`XYf=EqW)UC>3Q;Y(1C|m9+e{Ck1WnhHU}2)Q`>KlH+(OjREih5C&Xv>Mc(ECI3Uz
z4tLb*4OPW*-G^3I5$F5AL_IL6kb|qQMA>7-3{PS@9Gp>yaa<)YE@b!b%Z4>h$8D=C
zMXd3u&;g=K81sl@x)z-nB0sXy(aZg<V_w`hKl4RByjA;Ry^$F->1EXs7N`#KaP}LU
zf#ONIb}W&;Eb*_wZOAGMg_s;m{0BSX;2M{*rh$jZY@K!NY$np_ykb@9H@l48XS^+p
zOZt<}ekViJ(uBZwS6<5~K+~|;?A4;bW_Xy?E(<$_1GB_ZN1we`sUeQ3bcUWTlHy5{
zzN<hdFLq2Us>MJUbZ4-(pmNd*Gkom+eWx+qNg0<a-vyXB54PH$00)#F_#Bfr76JZ_
zYcKV{3v3$b2gOI?G$~wY01}$PJ&&;H)iL>7N0FlEXNQO@O#D$&puqXHJf{C-<n<h{
zW2Vwx;{386h0yujPNrATyNXumg_s=0|6uv4x!|2=!Gm(-4#I;MiC2p*Zk*JgQML<R
zYx|S9pCQ)feK=|*X=CI6c0dTyJR$C%lG?c1a4xvl#~$K=q_1hN&Tel-gvVmy)C08_
zAKJtSv2H+eoP-U-kH7^#IhTt`^@y|cfg7*$o7;-Ydwl`Q>@f`t`}dadk{w-={G&<b
zYR14VExmNb<e*<^e@MjSIELCk$88mu|66XHQvn}tQx~rj7WsQXW<@2bGh`n)xq%=D
zHeLB#fmbA~y5??Iqci;_B>L}6vBVRLz279P;DdXW6XFeMiief^d%E+&dXL=*!GO1W
zEGVGH@;0_a1aQ{&qs@gu_peKDUdmY>f5FAkUq1^gS%G_Jh5UIhGQM=X{}kT1Msb}~
z5hgk^L`?lXJ*3Z~9PYuf8-ONm&igM;vv*gw=lt#6A}cWT-e4JSpF6OL{8509PTLGY
zq$r0|!w6Z4vEI<!3LzJR((EiFxvGwVzoC)WW;{e=GhL(m2+}4c92NJ6JkgyQn>ip+
zq(G2&sfcH%6$zK?IH~v<lw{wN;eqj<5x$>oKV4^PFbep;DWJdH@+HLyWMR)@D_fyU
zFJ9~s8_@xumBhhtP~(RI55?o<-jd*Aw<iLefP1=GAT;3NYKZRl^+qClgI36XzBZbd
zERJxN^|79?_Qex09wGqinrx|YF_p>JUZvJfM>`e~iP08tCP#8`&#76|9&eiE!->a{
zD8_wQ$gOsDpu2V&6;)hvWYweXsv3;@^adIa+FeWse2u$%&Zf^~ZB$fRig^=ORi_jx
zjM(!UpSy?3+0XPniDy$EUP+CpI|pjpajSQaSQk}?qYKhT+OtTrBP{y|_0@nKlN<0$
zYOdwV*0}>964L<sTymxOKd2kK@gmqWGjIVW70Vzo(DaFGQdpzH@3vKi8Vsy`N>Smk
z)R>I(TEBJasO0irUU(U?01!C!{=$+rI6q0vwlp43@)%6U%~uiQ&H}Lg7-1gMwMuYX
zSlthdddF)6?=3U?7N{eoCyd|y(~Wg@sX!0RRW<%FQr}p=^t_I;MfaIBxnQ>-Q$9T;
z5$1Ra9<qqTkpJ4&fwSf%iX!eNGW8s#8B$LCnx2$7Sqb}7)r&sCisq~8l_Z}3tym1@
zq)?8|f2=I0?~D}bi6T7!ke2<UU6~%{_z<gc_`Ww*^3g}Ht2pnXg5?FK!~n87GsXe0
zO1b*TLnPZa&=Mc(V4*jd5lfT0m}gYp02r){=6QtPnW04G2^D8|nDjM~LuV%P*E<vd
zhh~1581v&yG0u(L`8`l&XMJa5H@Q1AahsF<Rh~EzZb-PS7~rBUNp6*C%eSbd<Y_By
z$Q3}j4uB0=*mz*^Xu$Xyeg_tVSgI{=D^$>J&0Dn!OC%=|C11P+ba_0nGP?WMGZtXn
zuci+%Q__YU>eEVM<4Fl4t%fsXX%?MXvi1Nk$Ce@JMUK;&@Lp=S$(qQzykmHl2almW
z8}@9~a>?y`(A;1zhYd}RM!T4}Jzy4#@oDG*^31z!wR(9}(3%^+zexS187Efj*i58x
z0BB}aDd|vnn@hwgzz#(-4p-3<(6+5rnQn=Tbws7z7Ki4x%<-rmEf0coU$J{s{d7>)
ze&N>OB_inb_@V&4tjwwRQ%I2($44PN$ces@aO?<j<#jXJ-iH2DIk}E)ar4;wLbk9v
zB=*1cRBN)v0;#+j>y_AuQDEc%2?-G1cS??6zNnzu?cdk}wrV4JrlR8`#!KD5lkgGy
zC5yjRCUh0lux5nqu5FDUF0ba?bSqL*a-;)1RI}%Sh{FNxHpr>kZDRe|r7kAiH;!bE
z;lqq4|1M4vxG`HIv1K{Rm?dg-yyV7Une||124n3-wd}MZVTE!ZOlCR4V>rw%DJ6up
z&#-R8C9oS>)&e!Gc9nLG@b9!4Z7_>U#PnFN9{@2IR~_^n88yn<peW1_e|U*lt?FG3
zSXhC8W-9!**)!E0T${<E&AT#i*gZ%n((~vsh;M}@kwz!&`<H~R8WPbI+{mu+FW{Xf
z0N&|HvvUWki>5_3?oGs^QDPRvMh7?tt}>rGkAlmyR*$PGbNn0&U3@DGjT-*wG&I36
zEEe*YiJ~@eQEAMKRazw(H*PrA8rv)empLrWc`T#=qy-`RZS-PK3qV#?zIbIi&#xOu
zHU@ndIWWlk1DRC{M)1&xM~7oTzXfm?L30(~I@U2%j+63AvIO57Zd0c>`~k-&qT!Yj
zFoaT1JOJGnbjnQ=Dub(Gp<|(*GDVPv?XCL@uyYPScr&t$S*4xdf${zZQ$2GgE-cFQ
z)n?0*DiR~cYiDah@zeF}Tg!5tXWg#;E13z@H|3m-rmI(+q;bEz_mGw6h3+;fLzIMk
z@mf~@Bh5Zr+Mgul)-A|OYFBo(c8X<OINeY2pB+r}28+<ut`)GF%PYu$E?707P0XW2
zs-EpKrv0LSNhfh{0CB2k_o+7D%aO~sI=X;@R{syuz8w<+Z|CX9EcG21pqR}d5p(ky
z`sh@;a-iBY@9tPh<+uj-JSVYk&*ZBiMW*%QNo*||#gY)<sj*8dBa7BLkrK|H`c<SR
zXkh}M9ft7R8)A52*WgK4Pl-n*siNBbz?3I5H9ia#T~8&}rnDY_SVDG}A(gb7CYB$L
zD&RliQrWw*Dz7ox!K<{LA$NZL^qoP|n=ZUWuS9_!=)@Y`+yiwhSq_g}DRD&>r>%1$
zxm|f@XijNg%0HbZ!WwpGMUa>)Pf{i>g0>P285+Y=vOsPa#psClLtHWF=uJPvqtiE{
zsn_ZC_PuuO2&JyRo@{1Yf2U9)Nx|CnuUU*PsZTnSjiTM$M5MSxb%6XwdD&7hEFNq~
znBeg;ue$ik72yT>)6-B|jODK}^aUTx#chD6b6?32t@n>9yQt)h)Iqj)=*zV%9Rl;S
zzJ*D*+48{ENjZGGYsEURiyxmu2acRJdgjuOUb#QE1|)o%h^s70450bkhvM!JCpD$*
zrD6*4njShA#VeJA){aeD{7W8k#d9lN9#yMsCPy5&Uixvy^JA?}3Q_olZ<kpJgQ20z
zJ*3Qh36jD9A3aa3+9N;X`Bmm<5otC9Q<3R&iYO~PnuFMXRhjA2hkZ7Arb#sd;r)oV
zxZuxV-O~#x;Vo4xPVt4lu7Lfgyv`Ez!z)priRw4`;<>N)Qu)t=<fexv-S0@|17qar
z#8i*C(c)6YRN#q*rbay}=T?B+5#YOc;#B{vSYMiB>QVKP1lX34N^@?+5*S=`n&QW_
zi9c@I`Chdfa6V8wp3a8CbRLnPCJFORZjad<#b`gKsFjN$S_bmq7b#)o25OxC_g|yN
zam@wnmxPR}?i`v_`0iNTZ9@FudWLz_;6t~wE!p7+u-Ss!4HvEt7VsYJohFS=!++D*
zLjrDPp1SwbfsXQJxJ>%r-LFQLH-_hYjjnC+2tb2dq87$ZA~Q!dE!D<O3nlC63c{;E
z!Hcp|I_vI3v;iJ(&+q^{P1m&|C8jmf?t(vXJLHk}9D{t%pZ(mpIejT1Ln^V7(Tc&I
zxE-641kg5cW2t#06LB#s;Ik-jybcJoifm0z3PBfd;}qU%Y#rU#dt28!0WED3p`_E5
z*hE?-!7@iE+(J%iZVP+_>l3Q2(xU;2*U1Z2#T&0nzPtt+y}0gFDqT5PTa9RpmD;y9
zcvCgCF`%0Wm}kAL+1MYZ!{uR;<oVj-L%f$yon7tLQygy@2SK;-3Pcln9v_7|p*xlQ
zN6!l9l_x^&=lyEt7v9y)QMe7EE5#>et~3r{Vli0u&kKl^ocxsEJc+M*cG49X+dj?A
z6pM^zJ8sKg7RX`|OFY;{zIZ_-)(X<3+WLna8*zR_gA0AER^HSY_B#fpdTVoE^<lM{
zhsejpLv2exE!$>^v!cWdhWaTDdp$l2@q6P<bh8H(^{qm$oAoC|58NPb1k8cb24W1e
z4KOb+v<_@)znJXF&_6<WKm@Ju#V!!YTNukl|MGYQ@&lS;-cx{*Zkw9SEcV2;@1YCj
zQQls3XNem9UTjzrbeocl&IIE^zZDy#qK;ie@yn?q3|jr=@zn;qy4X$02^>KldtMHT
zU~TOdIWeD;_&d56H`Pet$+GFu?(s-1p|@l}C!c!9^F$MRf*CYW85E0z$z4vkTx?^9
zrl`xKf5}IRD-}8S94;VSWG|AX!6B!Xc{+YCMFbaBRpPhGq-x0py3`14{sk<6Ncri}
zf88<y?yu6V%7XItii~;T6ErUFtv&qhlzMZ{YMY&asKMB>1Fl&uP1<<(3+OqPUWouH
zPl5>+2+E`hoQ+l)%22Wug!*-?-yWW5Mgxxghk*&CFizWXCv7+So;?{qGF0n5zQBLr
z%yi>a1`SALu)9&kasXXM^q7c}ggNBOCjdx(SliG`PqdOKww7_L*nU=e;17ygTwPwz
zs<!TwTF~tU3jy7;Z6g*e3jvF7j>`NZqHsO1zy+l&Shg~(MDb|YW-mnrhoc$kDT3y)
zeTh?vjaga!1{&$UPvlEGpQo;FeW|N=_p_j|$bF5d1e%B&qsMLBP<ZMk#f?Xa#Ri>X
z@p{&Fh!_^!$tZ0I4P<}u+$NyNHzy}#H|8^vff2LTpc<1hoNvitu3|fA){1nkP`<VD
zmzbO|KHqpN<0a5CE7qZscgd|+Idl1&^AVO|;rE4S)e0t@;BSk{OfbU4M9gH3?3ORY
zcD9o%2YN!qPby2k=I9~FzK1#wu4HX@7^kW<ekeXPe1aDYq*S^E<{a@*LkmsR@v2EQ
zD!7&Ux=7KH)NR(<+6udB_pYgL?Ay0-!h*dIt>taW9b|rSIah+sEltZk8N47}I@zB4
z1N+?k$_5&KAV)#H?iEbR1$ng5z^l!7AT>x<qbjIbdm#SR{=GR;MhCut+G(o7_Y>!@
zI&gLSoiUj>voM}F(45#O>G`*|P&u*5SYn*#^VXChIe$P@f(f<I0XIJ%{(4x!>Sz6N
zuN34yOCZyoMA&~Oh$s9OV&o;F(Iontt^<kcwBc@Hbm|9pMY)?&=p}A;iI%2#$7ENL
z?(9M?p_ppf!{5V_Fg55=V?jt1m%rXiT7rz93g9A4Xrj16bDOtD!ejmx1Pc0!j{`k@
zhcw5p(N9Wk??O!Lxby!G?UPERfdHpH>r)NTA*M)ubQ@ew3D1rX#TW95CE+od2<*io
z-vmsr0}OcRGxvL=k=5oD_0d(4;uipD*06AKkCk?PH`77q->`2GCEc{kJ}J}-$n?%<
z!_$di$<SUbs=FhL4oRI=Cg)V==9DUn#$MurhZ~XKx_`~c83ki+Y`j_U%jJ<`K2xEE
zjKR$p=6SIDMEw;ky&_yO*8cPIU=XRnrMJ1&RX2?GFW%D;w)l3_T?5lqI0=k~JrCw<
zHdq^$x|_cH38a3r!FVkl(i1dMly99b4_72#;bwRWRfCba-;aveTbi(~_2e>%AyJQb
zsi;cJfJ@wSS!fZibT4q(8=wc;p=HKUJ^4z))a6YUAS+IO1g;qR+zkr8iYJ{zSFarr
zSgy^4&#wCI9T$5_j!qb&@H;fyA@;m<<vH$YiIm7C71Gz&vU?B-&pZv7#}pfOQ<2N`
zYa8c2JWGCAkF->!Uk|TdTN6i4DABYqqpf9qxVm35nW??4bYfTO68*sNB$iM4unGpa
z9`3je>pu?~gp_4u3dgdeTa%M*$;s!$fIa`*-o|DqBy1+uCNmMn94l03x0wU97*gWC
zBQR-#!Y`T74}lsf)8F<L)C#s9{pB_5&q-k8XdGf?vtDkgnR4x2L8r9p=@Y(|svHYI
zWX-{N-511LCplHeXfJjIR^$m^i(r6U1Jn6R_~J)GN?9LM#w;>3@rAwI>O}e%Xlec<
zdAYEZyqRScDU6b;OC!voDdvV+u-ip<pfhfGHU|OzH6t^X*`3wW{f7R0H=k3=>r|Xn
zWo3EBbLv}^)k;vyLssA-y~-2isT%m?B)Thl;_c!m_FDC?X)wG<w>KKPyiL_6V1P^U
zmJEN9YzR%Fo|hk70haF?JfmGi?SZT`ej*C9X98z^@AK~d1sMjgDOX;FNK>}uYOfwm
zy*~lWxEGrg1?(f{1lJ|TfT!F=gjSmh1QY@5d+47djH5CS7517^nG>@!;|vsOG0ezt
z@LclN!gWkZfh(0yK_pV%x<@<#aS6yTk7SKh0#j72y+sGSbTTu~a4>2a_TjPXv`B~^
z4Ns|=jY&4_R}g?Fyhi#c@$0kio<&ZWXSZAK1a`Fu7s;fseR9OE(#l=iheS{Q33G>R
zI&+RLy1qZCJY@8k^U0E49rMi!es}%ZuX05TXoIwW77)aTu2wK(DSC}RWVt}Jsw6Pj
z+6RLdr>Z1T90}{qacOt|a?gfby`_*pu_*}7JrC7Eh)izWb-K>@5JR8=ZT9dCgQx*5
zA#H-fD>*)f&FDy}eY!#Ck20*Y3m=jn9~cN7{`M08cT)$m?SUwifq@h@bCtFwiSLmp
z!c*RP;d&+|t-CBSmrzt8hCS4oy5L1py6~`(!5AqerK{vIaFXJS&WXy?vss1P7rI+@
zgN(fMna;G+limR5u2r<G6k4|si{}E+<DZkMVws~#;<+D@XS!bA4^4Cy&7?}gQBdZD
zc=2()tKL?%I^leRoSfI=_Lh;$zbk1G{x3199o4?k_B$Ddm45%+ELeo2f>2aW)A7e|
zl9XrjB{ldz^b9%AJJC#Ay(kPUiABM2y2IJ@#R^F2tb56?&m7K&sC*MyQqoG*Ed{R4
z00>u;n$0}ZKP=TGcF|1qsF5@$4<_n^)=_2kS^645w$7C`dp;%=ZU#q3cyemW_wE|$
zA)7l{y7IcujIvQ!-yVLI!|`h^fuk??f-Nn+^2(!QZ%BV_+!o3jIv!oFB-+RNyW~j`
zwU!(;0|Y~AMH+N|d86#ev>-otS<`QvA``JoON<*Jk-;C%DnQ{wriDgBi@8l{Mxl{9
zPM-X|0j_&DxjxL3eB4DZI~#pym5!qn^Wv5;ocHVko6q1GT};*<5Gp3^5|u*bp<Bm+
z!a~7uVoYl$+-eL5x<hB9Db&V!wx)G1aGOLsBM&(i$`;llkSHd9ZD9yKN-ZkoAuVn(
zMsGBeLuVr7WY=l+)Ma*`0VnJ*pInoIo;4oJyEW+c+CBAY6k~hF&JiUE3=}DPFic0M
z!(fQ=-uP6wzL}SU-*)@st0%ZpL_jx<0qDD!uNde_8oN=<8MHNBh(!2$i&g3IT93#}
zk{3rfE!QmN^6EJM_%Kyqt$haBW8IrOT(x-==PO{CqWWcD;RY9O-mSsCo<<)m_Yqh1
z2_lB^e5-1%rg>E$&s)4Cs{R6Zj9d=tyE(1$y`&l0M=OF#!wVy-9Zbd<%pM=XN3|Im
zpk3b+Dp(hj3AndbG~?Cbc^jZbRsD)gVEwhneV@TeGmMl?`&o&qAoLTnQp6YELG|e4
ziRsvUSTPG24+m5NZ3K77x@cSA>SO05x`Wq5D&WsW00l{QF{z9FfFDA700k3@%82Qn
z|0@=Pf=T-7u!r5oh7BX_S7e-&H7lD|Xt_1YQ)TpBMMYr47PLXQJlNn~XHi*<qmoa4
zL;#E#)x4A1mGmid3DKTGl1B%o=wx8Ade;QRFL&j83$uz3NE-LS;H^4^2rv`Fmn+?}
zv!U$mWRC_s^x0?EDw{T}q<xfqmK*?gKlBt3Ng1M>%5J;Z`qrQlX-aj)O(F&~lyo1V
zA9jcgj!eAuPj>qPQkjnaRc6Z`kcstwL`S};!@?$6t%-Nln^SweI?lw$ha>+k71DbQ
zwWQxiayc%@<v`n;E5rAwk<A!tJp9W8X8KxnsH4@u$G>%k%CnL;66b@wjJ|Qk0ugh%
zj02oV2mM9lAIbGa0-P$sJ3q}gz+~LOuXEa#9vRvx)%5ka)<$h#`KNzWyUzWu?A$tV
zi0XH>$q7E-N0D->ir`PRjwJxCT0Qr}B_V|dpc^wp<>RQlRb(HNuV0kgoQNUQaf9Yb
zF3o(tOCkpQLFKuI!N@OOr`WJ>Z|Qs;4}LGJdQ>n=I8|>5i;b9Bnb7Tnhn1X)xCrJZ
zGrtr@m#_4<b_$I^b{uK1t|kr+NNt7g8o$hzv}Dx5<P4yNywNPBoGIX))`G|lh*ue9
z)4D?Dx0~WWb!zz}Vttn#jTQg^DK;I>;c){FmrM0(0%Qa<7E}w~(*FqoXI@h3r=!um
z#0ruqt<FjOqNXi{Q2>7(zStMPqw3~Mz{vwf0W(X%WRq=#+X+qHgjAgPwNAyo1PqhO
zi_5%bQ&(5DzN`tCeOPqB#kwC#wvW0o)qBw7gdeXy{Dq7Q7WYcR>oZTgfGZm^N{6CK
zc}Y`*!C5p`5e?Y%7<h4kdKEJbhwK{D-%PcC{&d0oea}^9%nl2+XPiV7>Gun3J$A<g
z1716VCO^-RHEQh@$CfuG{FRZXcH(EhwkQ5&dZ?lgjJ4G1by;M?DCDCCS_72lLO&uj
zP%h4=2|RuPL25+YzBou&V1>_#+Cd93h9vVo2AJCKSJ@08zR+q?a%@guJeVMIbABcB
zhO)}Sa3>CgSbu<V<0ZXobih~WxL~UVyI0bCR+KJOfi|5kK1?}96s6V2`75W)Z{`hV
zN2Wpjn6CI|rUvT2ptN;xUA2X4um_mb>6LodkJzl)(K(KSc)U0(VMXq&jBoi=hoDHP
z{g=JLW-f}q;;LsRXVgkuzuf%&13#2O{a7TRaSjdso->pac%>X*QFqOYIjts`0iLQT
zjJ}c4fZtqcXn2UuIszRkA%>#eRO*_IE+029(m=arN7T;!52>7$m@t_-)#sj<=w9zc
zME)0AA945OJ+wN-(HZLT^mxsyN8E~dJfVWnJ~N+Hh$aFA6qd4e*EwhuHopy#o&`bO
zInrt6-G->2ra&Wu`+CO^IM<SC?8a&^T)WP$GS?Ojx;gcDyI-&bvcKOb1SJ#-x<?SR
zZqR&1j32K_#5e;BLduo6Ui;>$EOF~ChW|ZY+nST5vx%`}ulkYVWJv4`ywo|<)p|X_
zNtmC+L0(<!4BEN0lLG_??~rgopRkV)Z%w#CgiB@Cq8e4Mx7?7KYVyW5>y6PwhC45p
zkaAWweXyOIq#{?sE+XO53j5Fj_goYv<gMvRJyUzF>h%M$2<Q3m?NTgiRg(GKz;V%$
zBB|n?E425<69|W?Sc9fJz^T7}GS&*{_csKJe+!9GcMmbW0n+KzXAkz~maBnizN@V?
z7Jxp?BGa57B}-}vj@Q!Xj3=sGml)q3Z<XQU!^$c1$$LkdtBeyDljb~4=GvP(B(=uD
zNO+(d-Vk>-Fz@Xdg`q29H3YdHEJ+;H$<CjJdTwavxQbdtb9@BG`#)z<iknq5{ZRT7
zCSSVslKJJy+YJVb%U%oTUqJL=UEf#;{=<KwW=BBOOgOHj^!z}xVV^!XQsvA<c{pq}
zPGP}tuX{vdo9UaN2!@L}7uP_?HL_+f5))8qis1nv#@NC@*EyDwti4~_xUt`})%!Pm
zfh-a+fKJQDiAQIdyIQ!UChJ{@8Gp65W!IjDE8J4f)cM)R;zcgPas$2L6@I!q(fghA
zk2$f+Kh0gAAq>=B`^I2s$jzOOT&mZ}gH6$@yJ}n0X6jY6E+Ex_J=MXxA$eD5so(3k
z_j~|^%Nic+d8nn#O?9PESiT4hqL=5uoMXr5;}-Bkd$0LiO!8+$tv7v$U(YvJ7@177
z)nPF?jJQtZe6#Df#*Mhxqyh3tKADtG?_qE@>E5xyoC_7%vyv?JVFp9PlTUQiKDv`w
zXQSXcMzm?T=P%`;>O_00H!VjMa<<Ptha>VaC0VIx1C8i|<Lt5IHT#VDW~Q03m2$Pf
zk)Jaof<Yi-jFM$GVeU_*vYC^zn4rPCxH;N+kSjVlpN+n!1D@BWs|O1zsdNTxdgn7Z
zpGujZF;Q7fWa6Yezan&2-7j?Yh@7V+>eF#ynfd>l1pwT9GedpjLFM;1iOunJYOh;G
zx%e>8s}e<<U2FDs^j{tDd0H4e{FEiK_Gi&3UWF!LM5cRQjeJ_-tbhOM$PKzF{By9>
z+zj3VJ${>ZIX$?xAys=`jCr8edf$P$cy$e*URzb+T*7OFPe@j?r}pb#x!A-?)iQ&T
zcXqB`W+*H8QA8yscQhf=1?bzFs6@lSp90V8?Wv5;wEN3fKS+VxTPIOIZjS3p!;90+
z50M5d!~UY|IOVojU1`jh`Y*_3{zZHNZ#x3AfyzFs?SCAVWiQ2Nj<mpX<-))9iQO6h
z#bn(F$tl}rz@r0JUNanr+RVo>N(*+3;Q{&By6Y<aEf+c<3^Mop1jM*Js@^bx1kv!w
zT<5avB>czeFcBuzTlu(=Qzr-yM+ju-BZAp7LD)iC6`%OhxA)pOg_RF?UiK*xSGZF)
zPvvpR_;jVN*uYCv5Ao%O_Vf+E&<g^eptOaJ@TClqUwo@V){tEc<{Qh;{|!2Lb$%M9
z<*!QWNHyDZQ^Czke%jQr97$L|r_TC^ix=J#MB7P#xOb8%0M&Q6=;4(N;Zha~1n2%X
zpTZG~?R`#!*~ki_Y3%F&YN^4)lgjALd#<H5keNY(6ABD1?ol9zeF~>N8G^P~sybF3
z6tn=F&N|c~CpOUOk5p55lX{Nymk8e4y~~YeGlfho&JBNtJYR?Z6mk_azK3yv+uILg
zbQ^@?*6sbKr)VJKbBCS*#3sBJ@y2AHe*&i*!C}qifs+O#<T3^KJh+Qpi%xp=g4f0Z
zarrZV7_9`vD8^Z7BG}#S$@NVJN8Q<UZ&Q3c2{90zP|&9sA4_SpBfXrS9!qD9Yzhg9
z^QS$<66l?xpx;`{m3kkM(1m!vhcqY*U4V*h<25Js;B4NmR1apZqiM@bQ1rZxabWsy
zBte_5Ya|>sTh*=%I8I{WleCA1Bo2LJO6eE%Htujw9!nzDn&I);;l)iF>ie?F@*@4!
z?ZOd<SpuNw#pXV2xX6Rk{ekHB*TK2jBGspLcY}f=EPTLXZB_1>_7-Bh-J<g;R_$Mx
zG=*pK_OH+WsX!m`%x6=cM)}iGAotf)PC0zMLM?C)G#yN@-&=0o0o}otgUV7zV=R7z
zHC>5y^HLJ8R$P9rf?4(W@yhJ7`y*INS}Mb4s<F%VUUDQChggXbU@TCcM)!wbTCAnL
z<^9T`|0&iL#p70W{EwpH^^Ggt>nYUlMbCT@r?|?^_wbhC(R*qqG^{-~5MxY5;f4XP
z_g3Mr)K7VM>y;Gc4etD_YWl$8%syKVHH%3#?{WiwrUE!b3tA;EH}?@r<2VJ`VE@fg
z^cIOEDoM#hRts!&<MEz<3Rz)dC<M(Zw2CTv8ed2E$BDm_4g9^}vU_rv*KQMy{x102
z<iv&m9YVVuiZC+BXH@aJ@cKO{^g^)$$_D=rj?ceRXt+ZWKS$@!UcVik{P&2zZSzcL
zYRvA7fv)4H8jAsiQcP4K)I00l8@^HpO9&qbaY4ZIU~zAi^?FE*;~|Pd{TNTDm{P)@
zaG;<x3wyYt?J2DE3nrWUo%_3&7b)y2Cv0t2z<QoAvEab~hBp&}d8|I;1IKg|2pl6f
zmUh!X)${sC>11^HK<K1%khA+w^x&D!1A#3aRmSYzYRs2(aXG0k2_$Ks&f%tb2J)ov
zvb38}4+at+G=b)3fChLhrDOpbhJ8sbacN>Ck_5oKr0;Lxf}S)q$#Z7x4LIwENWekI
zvYR;lk=|loQAuxp(+Zz|NoZ{pOQ1CzllS-^@>D>eRdE|QqyHVdK?x9Ot4$0S)Y=oz
zRLUcpf^p{`IbPk8Rt{{kkz;F!&7~5IQ53@c+ezNu)t?fL2W?*;?%iGTuuk966`s;d
z6T{8pOWezG54CU>ZdQAORLR1Yo$I-2V2v#NKc9RrjI#yGJxW7_Myv*}4n|ogJhU36
z$_gjvRZp%kko(wRw%k}hv`_foPEX)m07lIA6Za#D`DFG%=x}^J`2hJ~cO_wuyWr-?
zbcyRMol|dwOm~OYT$>is^|<L_E1KIYvNKx0J_-xeY})mt7A@Dy=8<=aJ0{Sp{`E+y
zVvqCm4$hYqSk@M&KSo1?bM5^;n7h_`^slq?lAJ=Uo}Y#%FviT!o#PveE_8kq1(R{j
z#9%OTG<U8i|6e+47Z_eo<es|S=!D>zF9g{zeAy*wK_M)X9q>_sA-f~)FsyVO=QgMo
z*K=!2jbt2O6`InBfzOM}QZ<VLQyBy;5|%{LDPn3S{w@~(a5eS)Njk&iltNstoCq+b
zd(JC;{&j&t@fRyxO<Q+fj&}Puxw)7SIvmlrabYJ-`XxM!wC5z^FY;omPAo&9cDi8K
zgD=1Q=5h=0aHwiA{w5}8X~X#CS9x&byMI+e+$7ciBXsQBdG&$pKO}QMKbCFT<~qD6
z(z0KH6b}|w$3}g4GnJB#Wl=$Pa0%F5Mc{%v;3o@rgyb*eowsCP%lJsrte}~t&FWUI
zbha3O7n756WWvnafRJbF1!zfMjpv0P!TD6@*bh1-jjss<jkLJU>@GD=A#ZM%MrFC~
zWIdBlI?Led`NEtIKO+&wn>L8;xhu3h*H1~&#+)*W(_rE3Dsp3sd_-ZMIlV&p9udeK
zn)b+Vwe!&1@nn3O<}H*RO&Zf`jAHY80B?13WO|p0Lj?9Dxxlp*zk)JS@F5-<>C~R5
zaI7O1kEXj{LAG0<@e}%I3Q+6sM>dN^#11ZqNpA>N$Gm_GEb<Yyw~h3vWA~J{CHiX$
z1Oys}gCqK#Nx``MGztm?ULMLT?uN&(w&?8)4NcdbLBdCyaop837N)1Kq{S5<EjwN4
z$H!$VsW~)juQv|w3=YBT2FrRBP$!iAubzcUehZVm^|615S#DxbMD>#4z;$3sH`P?r
zdwi~Rze5vaj;|J=9_&P?_ub#%Vq#Q1?c+#_pA7eUCl7=SOBIv9$w(wR0kD~s&Xw${
z-Y``nfwdze7k8Yp?0)w{kt<Q$k?%e4&mSL6^M$x<WdzoD^QxK}y~}|}k9J3@sELVX
z*vw^c>)Sw<?4L$zd+Sx0WW~|u2)@>W8->DzeAp_E7nc`O4+lnb?OCk*;x6wDi|ieT
zJH|ao&mF)Dk%Tr|bU}i71DB8q)e`AXRaF7)j?&e-Txhi*;TgS%iOb=CbWeH|prP*@
zwJ8$CrQhxeFQRb-H4F?`Cd*z{)7gxdas=C6_mWf8&5o*)lMz<Dd>7n%yi5Ol+c>l@
zleTK8@`jiEcUa)q6gIM0(E_!@+WjB}y38qYmGT76I|t)otS7HjksNi`(t!n4V$6Z`
zn8bOla}}-@52vX)Tw=QAi*UXD;uHoy><apNaYYjFcE^JWp}+u}y?@1K8H#&1*qjOV
z2NMi>%gkqU?Q-b4{qLKZzMI!NbG9t<Ju|w2&0mUozBR@n?b#!2uC)i=Cuh)0*F3%R
zsJW<D_=wK<@BGYfTD)AI=ou(U`vMP*?{;r=x!x|B!cjY*?3$3jEdDkbM_Kmg&!3@S
z`;&=G@J~%n<t>E@hFP8mz^{F_2o+`V)T4xa@|i5`Y70fR*lZVM5hdnw(RyKu&qVoL
zoao+OyG3+)owW*~QW$%mouS#huuu?fymgjt8|3;Czl-t_axvwSd_tfVHYNPPH{PYT
zR2*#&--7yjTk;=bDA<5l#VDlw@uLOeYDy67LAzZ|&*CAI>sPw6qU?_^V}OM6;<5_}
z%F0@X)#L)dKncv=2qwV~+&;k`*Fd#Y#~Rr&u^AqeHraiy>_GHX3fsLcDG5W|Jo;48
zu-(uQH2};7r0FAicRucFOyr{>b^F^JgZ&c4wss2~>57Vh%s(VNe?F2aDdGi`a()ZL
z{m{w3B11kQk}&bSzU`<U9gSr%htjRP_@`7YH*T$WXz_HcRr|Y^D(UK5Yuov#LBq0j
z;k9pGSbtyOPd+mbDa1_-(5J-lF<E(Y_>N|GUbtB2=)3csUXQ1(xz+AMQKP8!0EgqT
zKF>CnM9eTb4N^PHN1$}`0*`2`js5xQ*7fnEGPPD05}?Un*?A;9Lmv;PBH-l}N)}K~
z==P~zP168x{>bxrXnc5UyIOy>#btVNwv2IIv!&{)53X=LE3!CMbr>A*i7q8RhkSi4
zGNW5s_$CYy<FK|f@^b}VT$)#-tyMTz)4yks?s$<^RyIm0uyKzv1o%+R(4bZn#E1W(
z>K()L>Y{ehB#mvWv2ELE?4)Vz#<s1-c4ON~W4p1{*iO#MyU(}rtABd6&suBFIc|+H
zMXe9V7nK?R%npWx6M6OY5%8L?7KDCQ6(Dz57%@lJ?-|=<qdDYy4&F057(yr-f^8Q7
z$#QyJqII|{x`{&Cz{w&P7I5)_B!G{|Ifd;T0C`{vm+Xo*L)#7^d-G>=u;cQ6q<ysp
zciDe;J>OU@tK6{U$_F^m3s>ZeK2deV(9Z74&CvhR@D-<&3Zeug0mbQax76%#6NA`9
zkmnDHOE`=TK_O!l(^XVNL`{uN>_4|U8W*b7bxW|joy{p~d7k6buQo3UY)z^?y3x_4
zfzI?wWMzD%Mkfgcqv-~7xcK91E(?T|_4!<tNs$UGBOlWf5aM}!<R&G<3iwXxWF~?0
zbmdSAnXeJi^nBqRC+|~&zufk+za&=dc&)nvR<Sb7XDyObtAJ<plN?LdTwd8g5{kK4
z3x7UWF9bCjM90CyK<%>%gsKPBB>mI5Q11*59J3v@;qktJ53`GkFJ(M0T<@(7(5cwp
zDS-~UVuiyEEtNx#_SNHgoBJr7`gZZt9x<l~|9mQ!p;Oy$wO_>I+8*9^*F3o&HXNy?
zy#+pg?r=}J3$<omJPo)8q+r#1dyk}1#$M+p@{*H^PR$@=CKR8@(mPpb5@`cBlfTpC
zV3lElb5>#*N9Wrc?OA9Z<P(4B`;SI$zwFoW#=jxb8TZnD6#@?!9}1?Nwk361h2_*w
z&DJPY^}3(nl)JqtSPw(d)Y2+?BY^<(ClT?3PKaLljld{nmoAgcsCaa;#0T^Wl^9@9
z>1QVFkDUxz%v%;eoJby7jog0a;7B$>qo}bNh+xz4l}YISX^069&h-62E|Cg}7zfMN
zfCLA})*#_H8ovHWxki8qY^UPPsgxG^tr+B0X?eP&U&t@jg3aZs^!Dx>@wi}8i)VLq
z)T$3-#56>JT>l&Av?mnXO|rH-t<v;FGzuQaG;qV+X;OM9G<blMI5e_wosvv%0GD8#
zpYI3x<GVMACGP&JzM!i@EqiryJFj9ufLx3jX4!mce_0}>#q+A&D5ScfU7?iJChkv5
z4Q)oo0icj~bieit`$rbs-qooK-By8}3*yGi6n*!9f(}#g15q7L`TS84tCM-TI1pgM
zgFE6}Q7cGy>b;XXqec$xZL_{tKOh+l6l^t?8uW67h^5&6dxiFR`UJKsBDVxqiy+@E
zOa@%LUw<$i{5fBLw(*35s^gL>hOcF2u6VeVsw6MLsq}alJXz!JdOhde2aUbx{Z++O
z*Q!dJFfxtdX8P0<74oVL>Tn(ZD@Ki3P!rdiW`vY@2_1Ym@~0c!*h^Kap#1}45=Q9(
zYPJ!Wa0odc?g4%Zk4|MLNUh}@Gvadn%}Ef<>&-<sI<rO!B{DP%{C_`D8BgC2b$`^*
z&`{W^@HYLm{GyvuXEGDg$kwvm*u>f4M}9LWZ45zyWv2%S{=>uJasin-x|xtF4Tk8!
zgwY591TpE$_>M;HOLZ34x|AO(<ovY1_}dlQ=!KT;<wyDjb%c_Cq!FPRP*%t)B0Qks
zfwmI2Gn9n+L4)JOV6#_rfw1!%o=cl_6XNmm;yxVrg9{3F{nlbV!=grpP6$RO4lpj5
z55el0+{o@Ll0A8_;;{I^Lb10m3xfOhO#1|f0hW7mxotd^g%>T+-`XFlVzFQms}h4h
zzSfpxZ?(7;N1t&F5)FxH9kj72EkF{#ZP7hU_VeCecgBSy4WyQNAs+_#l_28+4E#T-
z@*)E|phFKOf-kOb%ki~#c$@}?I+re~*lZ1;k^PBxb3t9!g4$>e$9>#NFXPQEOvEP^
zE7O|nh}d<S6>ivJ!2^&)KNsZm?;=X^0UoFx=Js3k)c)l(*oE?p%q5sOhfOb|pYj=9
z-k@B*x8@O5oTT5%yxfxs1mv2x`;(&KNlD2l?*zMpy*Cp2Js`KvPq@q+{L~J2oAyzV
zTVq2Lo>EYY90zQmf_sX~M|XG1zr@2KXSKJYD%IMrIw}s@==>JoOCUvtRu0)k%01>e
zI-&HYz%EcOeXLU;pt#tO-xctl_3;PuCl*KMKL#HWsYD}&wLuUy=sp;wF2zu4wd-O=
zp*H;b^^ch3ZX7+H`1%_Br1$-P3WzSZd&1vTY&yZdrf|Uq%K@ZH?OO9&^Lx9E3OkjG
z!#md02dq;~$Sg@=ZWYj!<X2A!1->AP9APIqIxYg&$xIM;6x*Xz+n5mBEn~R6mHc~d
z%G@N8=O%mFjf==XX9ixV&3a$6pJUbWa$T5f8o_g{>a4DDn)WcD!7Zj551H<u@e$bs
zi}z9tW-U%N@uQVJfNgjnDkcOzLc*c$kyU{X%H8Bx^8WgU$0;}2?f#YBddi@MiKgJ>
z2A#^UGw@6N#pcb9{lV{WDF%LtSkt>S)?d#%aQmPS)qO|mOr>aiZCOo`tUJQcEjdi+
zL?FS&I3`*q!UVf)rNf%&wap=m`#blsf_^Hn`+^4@LO&LMiZ>ZB13&nISy?+&*9+uT
zSKGY<*!bRr!F>kpx!c+|JN-p&_90bzvW!SbUj<lDzE0&h`h2|K>W2^ql7NR1YyEZx
z6U&3vJA4DZ+`6~v>xZ8paXQwxUzyZ!0JfKSgHn8K9y0&eipolyW)JprUY9u9oV1cd
zR?z8g4mtwFyy{sOf0#?X?G~F|=rH^&VkKBMr?=UkzLPL>%-862?vxd))x;v|skjE<
zfA9rUWS-f<{I~kuZU`yx1Blf77EhGdLz%g+4~kMkp+wcIDRNpR2m|0pU<?cfo2^Iq
zZTfMntWJJ|GoX0=fCeRz!n9;%CyxE{rPce11%&%%Pq;wc@um*~2wgUSk(J{({?5<w
zhV;S(6O-HsfJp21<P2P2udUZOg2BW4!mA-A5u$@7<n-*DY*ruWP?sM0NJ2c-@Ny4Z
z#F(T<PU%Ddl&h`g5TkMDzJw*;znXn!t!UjoeqM-|jj}s~0zR~9_|Lj3=YzoFMm_L`
zr{kk{Zo1~P(#$C8-<XNNCzWLJxG|OSc`7;v5f0g3NThVT{Ws7ioftOj(nqJ;a@ik=
z#W*Q*SOmj@{dw+*TSuvySf74z7+%7P!=KT4y@CSaoXlp&M#Cgg!(8Fz$roE!uQXpQ
zfZ}LsqHa4F@6lkl`~+m_AMfoyoWd`gYb^P0p9o`YIQerzymY2(Tu8b;YXw*O6D7fw
z_nM1SMO{WK1H#GGDi;xID+qNWR7K+7aN64S>KJh0aPG^JMeo)fFs=uCGiX?FYMBa1
z4&CGqzG9-_=J;Zx3LERkQcqWkrx%q{pSK2sLgHm}Hr$xUN2WYAT3d^c105}`0eEbt
z?_<E_@_aXkQ#tQ;6W}<oK#3m_Ap(u(C$j?n`srWLo<jrQiKUh7)1|2_)|SN;2@mCo
z1orZswI^7N{QVr?>-8zYlE*eyIC`HCg6ev+J3&#jY>3_{LZ%9oHJ%c_gD=v<#x=Gu
z{oZCTT*B9Kn4n5lJK*7g2oY=__@kr$_&OLfVwB3h#AD@BF8Y0&TsW-R_jonR4(Xk;
zLMR~QG!R)=8`bjw2lM|5>YCeYiH-UFaXGiYZ#Ka$gU!%V2*jD!RpI6iMj$Gsx3}fv
zo%cf_M?tRPR#*$TjJPL*(@p`8+hMQBNk994HVsC^v|XlPwPHq@dbfZAw?kaB5U8y|
zTVZS}$TK?WI#iMnPLj+(F1Mqm%N{gD1eOM&(=I&x8-(c_%oI`a(VOCfALv4lf^Zm@
zS+K1{8j6-pZUYAd&6e%jl?ICa<UoumI56d>{{yS}gGsecGTvx9;vwx;jSy720yK}g
z;2~pUZ0i+tglZ-gYg^fj-d`wp+_!hyf&cb4m=|{6iY6(-Vbgnv%-2^N5x4NKno^wo
z%<l#KwHkkzN*zbeszp+d$IETJkC%&XHSW)=dPQA&OTs?OTwbK#@ao>bh$(t{`cmZ*
zL=f_^6iOPFgm#TxctY!XDR)Mt3ykc4%BhFFy>9L8^^@yaIx9%S;~{~GXsjG|rU5A_
z8wLYFt&6et-}ne*PbA){JWe%^TO~A|57hC_ds(u-!&Ap(`Y`MNMN81;5z)i>^Rlaf
z-j#+E3l#LRh)vT{FrLInZmuPYlsGRQnJQ9<j7;cREtnA_pA0Lf?<?!NtA0qoGArU4
zaU<o1FXQ_QEO-vCtG;x8!2;w+i)wiO{wVY4P^hg+G1XEh3=7*-KtSqpC$B)g*@*#D
zGK1dpc^0p0F%mA@kv3Qg9QfxxluWMBqSnk05&%O*Bbc!F^%c5)pXR4Zp)(-#!>ePX
z<E;b<moovqzTFmuWVaeTD3V>SbD}0)X*QF&*eLbcoX;0quA}333L`9#IG+0p9~Kid
zL3nBA{I?Tw-qd50A|6bk<_OD;2m6(`FIcef7d81F#CqjNa3hxC<#~(Ifu)cTD%<ss
zTS*C?vM8lbjIv9D1>`T{{Xj}Jz$S0~nAzpM1zpmP9XcMW++AG=98^U8w^R-+Qh%8)
zd~f{aQY4n$7mU;J1L6&n9=K@SEmIT%2enaqLV%HxqS;C^?tUOYI$D1IZ>`Z%4xhV2
zWnyAtm<KfKf567@VykEG?xb`s9|FV-iEvNPoC-wEWFU|Sl%)Dg?Lya?%o+4BBoY$I
z1`Y*&4!>L6)q4BMQaVoQLIsZ1Waf5gGQCnMI__#nho89U_a3C54Er86ynlt(cS1_P
z4SJp7HouX<uh<2!_Sz5C;c&-5bq8-Y4V-DvVmH4HALUSWlkQDpMjLqBruwL{wHuqK
zBGX_*Re*M#!Hb7=<ABy3R$be3ui8qX5Rr4}Ds<3x2*qi+<56QIFX?}M%ZXK!vTzzr
ziaehyX7*a=f&GQrS<OnSc)o7*T-{x_&@Xy%clUIdv)ShR@!lZd{k$f3xDUgE^B?L=
zYGmK<dV=(eq*OSHRjbm|5iAbNz*}r;ia<d&@{Rj7*z%}1G;wo?vt9&uu~95nrtC3e
z^9NczM<6<*l_Lqsw&(GlsY)-svQ$K%CYmx@hwy9b18y1Pm+DA+b`l5B>u<uO|Ncw`
ze&f0)K6g`wo5uUa#wNt~A?D#}HGVGkC^%RqkAUm!rWer1O5Po~gd(j|AQU$f9ud56
zR+QWZr$`%V!|Um(jX*fgWneJs^<uNasC?P`+sJ6S-ho_&$7OFuUfS&M%8G<S7SF;7
z@O3xt@9$y$ghPO-1c9IwLT81-=UF_Qd)>V~Ktcv4tE;2GygG^)bW?m1lxs{XzoH`Y
z*e?@g8zmss+5B_7r8=uC*9#AuiTtja(qhw<I**lFiIxwFv_K`muKxi+*zOX)IuMmN
z@btx^iO|!^TxIh0DV>F}Hd=!m1(gtCNndJc&3Fc57aID{g1<Rif_qxb9(rzU6^e#q
z{*2TezJqNS+nK}u4)i8E(;cgp$Ko`yl4LZA@=^|pXI`Oa<}@la3#%o9bt^?0v;rUc
z5~fZJ@R0<a{{8vo2U5mvn|U9JUI^XWY{y!pLfOQqU1%qu(&hDZ;_vT2*Y0{@OEIHB
zEQJl!9}hO%=maI_{F=I^Vzp}hTj2fdWeOn3uHvn&EMlhQi@QJV!Jw3)L$tcTclfm1
zFIB;3^QJ(6g0h)!>ic>ft~8dqd^Fo_{QNT&J0vVz%F@j|$-pqa+8CL4b7*8%+-a{p
zQxb7~C9<5W8PoD+2m8n71a@&hpHzF>P){F<<N-x0=8MOO?l)PAu&Qn*zV4wT#d1e=
zt`A=P4+NJ6PP#r{9K@H4jEw>brGDna?9><(Xcn~4b5T-8?4#<}1R)bc;eAMi)H+v2
z!H1*xgA=sEPm*@3+Z0ur#e1_?^()fS%<REuGLyR;k$~s6Ix8#7EsNxl82Ii-;bCDl
z5Y+6J=bOHi<qCbudC~b@$a)m8PPT_g7wHts2K?UX8dKTiPa6&aCNoJg+KdQraBw^b
zgmSx8dZ2DtxDg-EcSKG^j&c{PDXqRA^4&SUrW=>rVv;m1wnbnVWg2GtSGx`8>#Kjr
zlogC=7Rgn|krv?62vZ~lg=B{6W_`fqxxfvTl*PnC6Qs8e-Q{A1uXQd*m)!fM{ID-P
z+2X{YrQ)NVClID`RF4951?+U!VS7Mlm}TRnTW`^MtOE?1rR0g_zLh?nX4s`39ZI&N
zkk+8mJG0Uw*{ywdc)35-Zi0_)+TGVM@OFOM?hl>gasKzqqZBSc@e_P_NJQf{$`&bG
zfW$mLG1pkAFyQmv_ul-22pdPyqZHc97aQ7FDZySSP22!xm9qVt4Ys^H**)D6*`6&z
zm}Ea$PRw*Kq+E6kMNHG>&67k5u%+nEKA#OogS?{*_43A9E=6O^DO^9fpy+-ZT&XuJ
zz3xYf2>xfl5QK49s2VZfQy>1Ts<3|s^ZkADryS-<%cNTDrVPXh+|-|}DMQs7#1Ir@
zg4VMl1-+5&RX6ZqD=qEtPIk7Z@yl1nqFpaV5Cy&-a5xMv%Jxu(StB_WJI(7HDore7
zKCn$8B0=*u#2DIFA}Fe(gF(UnUx&y_cp9UUa{Y1l0ek;HS%Cb4<t}rSIp4P=vy~(7
zWI8PpOa|SfR@aM-2@zFTWz^3XmCkO3>2>#Sp%elZ9U8JU=EskzY&rtL?BTFIjp>8Y
zjFe3G>q{=GusDqbJT(+fP7r`<S+l$!_lNR%-iGPv>yLDm6eVGJQz#Z6{;j1rw6?Y>
zU20<oK{`(@uF>aqj`&Ki<M2KlZ@ljLGMYp&bgti7W~Y*={#%s>ay+%Su0T>=OzKkS
zs1Bk_9~|nu<h4_FFUUKqDF1r4wYQ$RWuJq9Qn7!<WBqc%QUSsW#GR6kU?kcH#EYCZ
zqxEX`a*Z|(N!moCMje{!?v=;(WuDYTRMZ`Jahq6W#&s9Mx(jl>SsLPG7cnBhS@`*e
zMVIBcq8awpHej|rLYINzR;MA%e=H?&bwSNAh`1ivZ67vqrO9M!G|9Yy$XKmRwe|7w
zYWKJj;MH0wI{qNQE0frp$`Sl`y+1bA=5p3H*4HP3P-E5)3CV6}+f=Ul1AFgWAy2vJ
zRw+)|z)QGEx7E$<Fh;mDM518kq8*+38gw)KSEO!}gUNv7Q=?-y9K!ycW4{+zqjt1*
zCB^NXRWL2uf&0&zoh$2B2Xd<}B=YjWFE-D&N_?*8we!8jS3IRhJml0_crh-4C!Kj|
zIGf0=Aj}l8Y08+p96ckYAJg&c3=9aTYC(Biagsu1Sn6F}D#0x-U3ME8i}8NHs)|VW
z_;s0JgKQ#hj`o&$v0ITCyfq>7h2pIH3VPpyZd+>(0_u=rMDI^uc?`iwIc*EgTix0e
zpjr54l$5ORF2AckoOeu{5*SaUvwQ82Cdt0Ny)_r#T!Rxa10@wbjoE1M7`Wwq!rsNj
z2lVo`_ltz<ao<WBYj{kA%(d5mz(?lD#zqS!Eu@tANn-~4m+u>4C>`FUIMliV?#ekH
zMR*ywTw^>E{0R$r0M&R~C5m*jq}u7%_1wHgB?gIZb1~W8==|i&12;O=qRZ~nb|tsO
z+3KqFzrEHbM{7)~Gg%~@iHT4_{aeB!B)(i2e>Cn3hF+V#&N>+TE7$p|?<!~$7p0k`
z6eZ$FW^(AWuemxaSLLBVD<=XnP$x(uA2}#$)%3!|;AG68_cK%PR4ijdqjSLc*m@*Z
z+TS+zmyV8Ub2ec8PPlG*yWY<fNV4LxTN)4c>k~`i0Echtz{CXo>0+f09I&@sgn&bc
z&60gpz2dw1$>LhK5C1kyR82!23o?eYc0<qXYyzdQa1>xiEKa2LXZ8l(9qL73s-;ti
z$H5`DexDw8Fn40OkQV1OP^YB)lr!DVbse~P@ftuCkbpl~ZSO1xtF*<>UyBU`k2F&q
z!DPn$mxqep=8N4F`gvdpHZc>#!cYf+7eXgwyt7p)=Qli;8-;+5aL)LmM1zs9^Lxv;
z4mzR(ac{$l8kW3797m<Z#h;jc*<Dtq5x0>@KPV%+xuGs!qFh}L20FKx!&@!RJ>27i
zFlV{m{^QM6-@*!wfPkPMc--bcOG~bjJdBE$;lzNfAe>CE<MMZE%1$4+SY8x_aII^i
zrpe|?s{^}{=P3&qF*+ezq}@0@(Q2~H;!Rcvz^-M713CW%+TB!sUaf{ROCzHl8eeDc
zNl=p%d-@kIuiJIuJuyk~V_yAMbZU`FKKI9eFBfUo7u|dG$ckM`xXNuJ5C=~$b4Iu3
zr>F98^!k!QA9~+R39Y5uCgoU2-_1NuLw62_+J`N5&nkWa{pGT$x_-mTH9L-4DR8+r
zrqA%$^Zww23lY|BmOM?)%Rx)j$c5lTghED)N1dWH9GntG%2y^?JaQYI85G_x6fZ?l
z#JfLVPPIN&ie3b~Tcud-M$0UZ%dOsu=erX@`3rzf68tF%CstCe)V{lWdwEztnJ;xz
z23EumqaT_V+r5Hkt0xGMiK0s=q{AA+Y@2%}hy=H*wY4Lj7$00rar<bLEXT2ems)i}
zvH(DZK=kV@m@lTL;9*!2VxSo>`VOeyn9+n2H7;jv=Bj@P?*z_E+3k8;Uh}QF9e-qq
z=T%$tD3@EPsAqHa#-6QEH=TCgp{7>^;%5KkzzDpu8O3oapvfd?^EL5#RnzhoYwfT%
z4H(&PJ&mrO)FD&1!3LG70C6w9yvN>pA+cYrCfTv%i-M4fKmA5-bfnrVIo^0UZNlob
z2A(o8kC*g%Ej#%1{3(lBpYFhb!m>cbqoBO<dh-x=dZJy6(5O2)IKbXrU1@FY?j|-7
zD1(Cu-KwIIg-7FYo^Lc-Ed^KUwKsV_oa-&FrZBP=io>nkpGdwn+3ZH+Qf>bth3dzo
z+sXmn4?&%7Bu0Vu+w(KCBG?x#W@nmp$rv`NtccjZe>ID5{}s9Fq_{SWrcok^udPAP
zMW6&ihspV+zUVs{o$I&u6`@g5ed}l$;TBTTG!f%L!Vwu0{4k!}>dh4Nm@iD4>wQsf
zu81+{`NI=(=BxrH3-@;&#p6YK(A3B>-K8yo6ibvS-3Oz9!^ys>F+wLXP+nK;&&=Sh
zHo=pLAQHKx`8rSi>OhvDo53|Vx5d0gTT+-0v~qlC9@7c7b$iv?0&EW;$MHlH$abm9
z`C}B)b1G#0nD|>8Wce{zrb;8<>2Vk1>FIeP4@g7;hQM(GTx$y~Chyy$nQ@Q1f9yQ&
z*Tzr3ho#iz()y0yUY?BBxCWjB9*1>mh<BH&_Wxw_cfi5qS;P`*YU!Lzl`mK_5b_T8
z6w9Zb?<P{A)NKw)G73bw-<_uU&*X7~{$N<|5h^qvTH|t!;nk>CZnV{V;|`UZN7~%z
z^#^e7&Cv$GDI)fF)a4oT@B8kL53umhn2;JN9n8w7?~64RN;`wag&^+emcN_#4nmht
zcfh5*e5kLF!hnA|FW>?;@B+c&qlf>vYtY71Co)7NKy_=vGu0J!QJ2kNHHp+te+7|9
zp|rYNosf9gNh~P1*5n)*b@Ti$c7Hg2H##L{DZNasoT7RHAVnf!=ybw$R}T-HJihO*
zNiHrf7sA(5*ncZ<pqi|uuXWvZ^(_9jvf4b~4=hrxRhN&s5fM(l{AA^3kjPxgc*NqR
zNt>1`1DT12L4q^d|3w}3Z;kt0m!;jjh_XsNlEvu86mlXh&?p9<;;_HKa2%A1TN0H_
zrVFcd1TZ#`QJX)$(z}7)V=wm%LxgoWs%i2?Z|;GSNf4wAnnZOFT;vJOoof_1`nKev
zLhp(F=?PF#mereb9Nqc9WWlcj0wh(0f|Gz%al0c590Rx<)^3j*ot}=tkI2U0z{mDN
zwpndL_*7;Z9QH@oL5`!x0^&*27E6%6GO7$}k}&7@q++owUA+dwB@Qht5SNiiW?L31
zh1p^kC`rxD5_mrMM5+Cx*gZ*S*Yda|u6()eT^VHipn9Zt+Q{^f2swyzjjH?Bi)Fg9
zOOuB_FfC3d<Y1cOx-m+DhG~aJE!5+ME~X#$PNGXAkwO|V1wk!d0l8=pvXafTn_5TJ
z)Kt4&a=xCnccDnGHCj&Wi1vO@Z#5WYIAh>@#USRPlSr#kr2z^G>Znnv?M&>gL5ck5
zD|pyeU~OI9&gFJL-e5G|p^c3V0m9FN9?*Bo*`P#FP$ItW4py}v1+a__rhcFBzygnx
z#r05OF_XK0=j|nJ?`)!HxxTixkv&Z%Yna4|fG0j*9U7v-(bepwOl^cAe+ruIcrhA-
zQsLWMNe;Tzk4ejD_>79gh(#4V_h+^6%sBS!6?h|nQb>nxTckF0?+O0(VLkU!C}>Ok
zBOz2lM|PFJ>&)j&eARe^aYq#J>-!Xec@1s|l+<AIpr)p_a;3ddF(mjm4a`~$V;=?r
zo<A)I6WnKv3%_(UHGc!jVAsbaz{k3t|CPsqGhji_q5~L_TH<1(({8=h(ahs&XW-&X
zhxbiL+80PB*Q0Os2VUV{UEg2P?H#}D*hQD`uCF$WS+*;wl^YOQRZf2^RW%+<iu{q|
zs{oY8+Z|y-HEB6K{h~0rD;AUAmuJn8yCi*mn*828f$8kK_TRn*oG8!$2kkgMlOJU%
zQ!_p-Ev<)Q`k&YJc51Dzj-6EcrJ|<JH&>izvqCn=J0fYhZVwF5elX%qwx8Kx>&-Y4
z;&R|&)`9|{U?HXESBw6s$Fko97`+ZEyZ|B%{{bO7c6Zs%xaMx+p<kq|bl!fE3Vi<Z
z-oV-#RPtORKo#leb^HUJ{Qkzdz0%z{IXTIQNF=~#c05}oiQ1w|EQJLu>q0681qJ4h
zw};JtpkE-ZYa1G(Ah_y`puS|VZTHn0jij^cRO!OIxI&>~f!4+s!MCO#@8!>!-}(?h
zQfr1Yk*NOrl?1p~d2pDQF96BdC0YmWIBCjO=0k+vGZq5*g3C#9v{;FrvzeOde#7E3
zfjd~CYq2;C*lQ!hKPSWInOXQ!L?Di2OsxieNUqT<w!YmsiVyU?v<N_&S_$<qA;`v1
z31E?>tXAg^ahNyudbOYaUmBvv2Q&-g;lr7cbtGoyW;0S;KH=GF^QPm;VkLyh=r0&q
zKu-cUMFA6wqlv=jzMdV3#4^LA`nJU^l~qD<e>zfkwHqEK^-O!sxze?dxLilhwYajV
zo}+J4CBZ{SCdNnxuUxZttS@~OP_%m^lZ0MfEA_*3=g;LgT1x;Y{8XmGR-|8}Q8&)+
z7F?H%R`yDD#{hkEkwJ;Cq&7Fk#---BK9)KTIO7?Bf4JfKW0S#(JzpssW5k#J^;*P<
zo8(O<P8HC>r};1EEdN>^yh;2&LLnKt91IJeok8c1<4xaP?jPV6o6@Z=PuKgNF8}6B
zwFn6bDQDf?!Gr@otrvD(J-tnXE-!bB6b3yPEnxkFy4d{%8Z9SU?ay@+4m_T2sa@{x
z|MGH?@nMe~<CBFtlZzM(v4h4-3hkg_@vvQ?4~$K*pRXj<CDCS#W1wIT`qS(DZS!iC
zZeJ}#_PQVh(IOxi$=31k_N5{ATbjzD^qegG)~>}mGF)S$GcY_~nKJE`rAq3+01*X0
zCCDu2T=wWsP!m;ZwAb}sWc~iQNc7{ELlS8=Pb}=yPKSh(szdM(ixMJ;w9MvsrZ=j2
z{jZG!F=}pOJHKeL)=T7#9^0JJsnlpDmZ+rkCLdo|o5bOOEe;OIVkXv0ReG*^-9Fw*
z;i%-OOEk*FQf8lPnWx@#g2(&xZ!P!dVi)>{&JIM-7AMoiom9a_?z9P^AQNa|>@Kg-
z<4y}FiUf|~(|VZBXqdssx~g=q9jgW+uBK*-069vHC@(BJ+C(fAkq(<1wR*Y!sazUu
z(B(uzOmmiWKehqvk9e}Fi^qr0^V>C?KqS_Q%D8gIr0>T>ooMJ|-)~5XA^%UP!k|-l
zt~Ii6{d3JlA8I&-i$0wy;(!SQG)Z^2iBT|7`;-Rd$E^`Z6?welF^<?EHX+)2HF)?}
z8qDOJB=EPsxeyCqp3~Da3ubfVT`zBHqk{*fICmKLs{rvYP<0;T*!c}<;8j&su~XUn
zypDrWI3;tR%OL?7Snd=pt*yc9ZO&H0bH(yV0D6g*s5H$ep%m3=K6t--ym88gf~q$;
zR(7Be_VcPbGb3`lDc*5+2NzTDnn5UH9wZT$&QvWo$k{O|Dv|qeK9S2O)Bw<s+)|b4
zk}+ad3rm%wJ5a<ukdSQk+I|&234nV_N`}yD_C!r&*wd?z?{#Q@p`8?_b{&x<<KsDg
zkct5{yvhv6dl0psGkU_$^;?v^_Ktd@8fGu>Q}JRrKS6(&_My&dVTTovpU3^{fZ(GE
zgN8)S$qi_P2cZgCsi??8cNFroKJfvnhkG$V(tA0fd_`MER(9-fHoxb23s941f#D<>
z7T#Zxjded41NB%6qu}1*At$3wll52PA}Iu`Rm>c6S$M*YeZCII(90U8dWe0QBTHs5
zyS1$q-;cD+Zuji~pH*GJ3zZQ+dTvEE-#uyn5xkT6P^D+&bU4}Jg{oNVKZEPEUcHC(
zdVN98Owg~K4mJ?U>Nti8IhkFl7?^m&04s5k5;R;!hKoZ{0^+@)h&&BL)1FRbWCQc1
zoH{2_Qdm7xgV0fRF=%{ov_rH*;>!js*j`KxI9lrVw6}Q+CggKJX|Mz|4ICWJ+asyU
z{rUbOA^)tGcfkDN#9Ybv#T-;M3>x5By3(osp6&-8QW0<su9pG-3lIuEADmmQT-}=h
z8~aGV-Q`S$CP@Yj53L`_NIjK^LIqrGa^e`|>vCJy8*dM}oS}Nh&Kh{-F=`rc7=qbt
zcFg2NLc{G&H`&++ngEj->K1=lvc3~s6@4F|1j#2M{Y0nB?1F8su|Ua8<!3y6Dv*4>
zWp{^7PLTfL@vT&yKADh5tX#hn9f6oAScI}Ne!KStW(o@hP@n&tQ5L-yxG-}q6ErpW
z*SX70A^nCWcceC;#Ui$1lsREK0Jy-P6d&hPP;hFeolW1VSM~tKL|MhWH;PARI9=a7
zCZVF8db=*e{2ZdQk0&VF8Rdrp(Sn(u)+g$N&9)QKtY#oUpfuumv-=|%@Nzv405!<|
zX$(vl@-qX}R%<aw@d2<Ih7o}MbM>6breM$JL+~zDvAe~&j%R1#WN;={$KjwsKvdY+
zJc(P?-2tBa`|-4Y|7tUkA+#vIJ-3NFC+kjmHRR@y_&SpQs8X}T`|vtL`qm^HPa>z?
z9J39FbuHf5vUJhRXmGG|wF~3pd%c3`ZY=fQ85aZC-gD>cTJG0mo9~YWTBQBB+0*l@
zHT_A<SUDmUbX-Z9h?>!BTRTL`VudOYkFDr(m2io^Ouo^44yf0J$#{1PEpM<@!)zvA
zK)pQH_+;`iJ)F}+Na<C9Xh^??(48EOf|@z`%_jeBj8NNPQAwfcLqhFd4G~r3u!tLs
zX*8J6<XSCNO<=QIs;=xW!h)B6x{6Lk!hw*AMEo9X1;8ds5sE;qNM#AW0@TyUA$x94
zKv|d0ei>@Axf|F7to<u&jwoim_VhyI5u%k!6GD;$fLBm!Le8KRI8GUZ6#|Y1I;~2`
z^+Fl5Q!f~<>sc8vjA$eQyqi-Gv@NNzv1@DN(No&@>8qiMiFgjR$__irniqlq;JBJb
z!SCM@Y1xcR(xHkJC6JKNru*6PV*e7#I$vT)m}`yk;U%9Fj{{c<l@Bou5ub3Xk5H2(
zi2TL%^0y(WdTVaSq~%w-rX9xPx~eTv_SitMPb4Pu&nJgWI7~Spc%w`Nq<^-f@zVYl
zBQ!T!^r@?>&xnS=UvayhugRF1nW5Yvd$9qPbQt**fc=r7p+hpfyzNqcV<igAHCn8Q
zK&Qwlw@tlq-b10Z2c?q{9fl<vJPEO>a*Y%J(pP_Ux&p`Rmyr_=AeR9UouUp7REN89
zoGQxcV$GDY<mzu<2QEZ8?Ic8OjZ<lJETBnwFikC@;n$=8d+Pmbsj3|dVGdq%Dq7T7
zCDAbi<@w^-A6!?{KRc9}d3!cIFHf_sTQ%A7Vdc{9U|F!XXJ$X{(z5|U(4mAq^mO@{
z&xh|nL6Cb}^QrcFXIs?t?x=SV(DuTU9r$IF>D({Q*W2ep5eY00?t+El+&?jqq4{Q)
z_cS1Wl%&w>+*3$3;=;W@g<5z&BVW^Gzh=5o8C2r>db)kLGE2pqv$*^Yo06POHz6+M
z<O?3<j)$5uobwBv?n%_OMPzkdArSJo`E99ErK1@!3nnj8$<RkawpY2Y@`w1r#RfeN
zjwv&Jx*G<lx2wpqd(Byh(|GO|b=VhQGBHI`yOAT!Qd{v-T6H~Eus>XHqaz$u{g`2F
z6^haSTldSK$C&&-vR_1_<!27jA^@mrA8pQZ)~m@qV=16DK>U}G-{Ur9u0*lg-oZf`
zaR3fH4Ie=LIIz6Dym#@Wl8dnfye^%Mjm~U6X<wio%k7O6Ai&A2ChOG7n9PO{(;rTy
z16|Irn=LUAR+^WZ?~**@HCO+}^)KW2L7B>d?L(YV0CP1#zh?%JV-d$<M4Z8)Gb)_F
z&dxQq-uLo2Q3O?qM_}VmQHdXg=eg9Ix)BO0ym8o|^M<T@!9;fyHutAw4-!<T_8}g@
zD3xgLtUO_kL*{U25XMHuE06E7IV39gIzfY8TL3w-jRfUNiL+2F*kpUa9h^5`h@b`q
zowr`+`GiEg*^rPdojRON<5}g3Pj9F7Q?^i$kP2r@)tk}(m4dR*wH$YQJa>5TX{lo|
z>hmENhQ8x`f!t!Y#=h8~Sf5}Bt!Jfwe+*O*4f$3k0s+!lo7cgGzmpHkIZ5Nn1)m5L
z_n0{yO-c;lMq_6u@U6%5^$5olK;H$)28T$i6o&DBOJ}k{AN=b`+PQj3fdTkbZSVv%
zI5_Gm=fR#^UB-RIq?M$^G#E}FG~4zE`9wa=a_h4?DS^1+JNJxyN>$z{UVNEuAQOwi
z7X-?+t;|3&BBIfX)&0RX{r1diF;pt<NvV7Ryh5vg@BYmF_g!yYZEbiun?=IX)$Y*J
z^6Dz(8j?Qo@LrfAmvG3y$O!d8_s6@=LbvY+eR6VgEl6myo!Pg!V%_<4W^d@W9h<D2
z5JW5+)$PGxILH8zP+@Q~7%*^RgY7;)V*$5^2n%hy;|L7UQjiTdJ)Uvr9<YL)1vz3N
zr@y>BEY{m1#V?OkxHzL%o$-96{YZJT;x$SPjWa6MLD%-Xx8<2yTcJO`iQX%gEQayK
z#U`CF=AK}dR-O-(j2Z!<BXR)29rM}ZbGTeJD9ei5=J3k~iCF$7HgWfQU;rGlKG%0I
z@A8LFX#pA*HvJw5f6#`mLj=Skf3Dtar2+}PHn*!CISq{^N)W~z0TU6x48r@*4C>~1
zFZK51LB#!2ei)*@$ODRsf?0e-!B8zJEdz@wbO(uWyBawd_4T@QyZmZ)<p}=If;)D>
zi62BUJF#&OgQj%e_i)rJTpX|{LFl4&!@J-@92_6$Nv*so&VwneQHsVp_5&L-YtGSP
ztNT`CA5Ah|^knZy5`>dol1F;@>y#+)3HS9DbjHc)MyuofZGWRlvAw4vu-J<Y6F_}n
zZq{J*9@7vWEr^L8*qlqGCg4S_kiTfGuaC?G42ksqP$avW`g$}aq+ZI;$b+1JdHD&@
zzg0zdyw+OZ9UL5t`~4vV0p4~dAmeaCQ<c(hv@als$0>KS!2)uq`}y6|`}W87ZzV_)
zNdOAG52L*KC@a^1yg!UFK8rlOELF4mKK=}BC?&DAh1aX`OP5bazP>KnX>-0KYP~)f
znB3U7d{3i;7{liw?N9c7FMagpgAa}oP^K(vh`^VturZgTGV|ac&foIux@#+SH?-0s
zEdcU}HgKTV_Lm3zay;<P>Qaq@mJsoofN1va<Z3qjZ()zsCp=CfsKd>FDF{aH_-}l<
z_QhB7xo^FpH%E)~6wP+An+fF4-6$Be>K)I3{8Fmd?t;<%6rlKN{G~-K*PG?=cs*Wb
zuC+RLgHwB38Xr!&O=R0NS*eK}SqeJ=tx0hao8C}T#|n`{F$+022F)=*<mcIYH*_}$
zJWRC7TD4R~vfKB^6d?z_t~rxIuw8f2VJh>y&4P@5XY9CB4@;M?OwspFfJ@vF5>m5h
zC|dwIHqvCeujM%XjUNF(CVYAv@0_e!Njtx`DM*hXw@ayP;WzGde$+Ml;IYONKD?FS
z-fBuVH5NG>3)F?t_Zghh`h~g=_>*KOV|%B<x8eAxjgB;B1K+Is$az#ev_Q#f{mix6
z{w>yiW#~9`at<EcZgSbw#a33uFGZZ>T6M<Zse-=mqd+yXLq)s~P{jFs6EQ3%qe1Ik
z-kv^*6!M6r|BJ?)T<^o%tf%+jQO|MheFBqJNte^y%_+ef#i1Agy9|8KtR0r3f`H4l
zEmw!^GuiD6&g6HZnz5QI`i`^YD>N!0^aJo;+q}5ne4c^<aOXR%OC+*9nxy6O$V32z
zkS}DvFJngpU{{0pS-hip5;M%dGlYmv@w)S|PQf$mNkd)mq3aSj>-3}89;txlC}AX^
zCK+cRz92=B*r?IdKss8Su*kvjI^W5g`1V$++U=8G4P?QPh_2;yjFN#>;`48V02w9j
z7unGYJ4K^aXm?4;yJPDo`XUtc;p+s1#!(0#uwKfb&;1ZtQgSG4V6geLTxS9Y0o~>t
znP;<7<9@9CMe=&@TbHF;L<)WRrY}DFA0Q2b;LRcB0gEXWe1OpI6y7dT&}($`EnC3r
zH<!MGs&V1QSN&4WRj$?DyPHEdh4i4I8pBLjXeKRRuQfhjLV)OoyFD<h&$R*|M$q}_
zlg#0q9b2F_f*nWSj2k7yZ?7ee7TZ$$2g}H0;oj1F=?uTN_*SP@<u%5~>dxRRzl9;j
zha|QB^~CbgMi71IQ3-ywfs>U5!Xe}Hejxu`&NB~ASVQHL>9~xiCK-KSdoS-!p7KrQ
zf&VXgC;Al%jQ}I~;`M3#bTRsHW$Ly<t3HGg5H*$o?9yBa7?}a^fuFBL9&p7CARr+p
zOV!F3fljWX@aXW~)%7f29;Yq)txyaoK(L~WEw`BU{S@l#U=z~=iVB=_1b&t3YIT2{
zpXmU?dE9pt^UF?850t!L0p!)AK5wTufj|e?QkygWMpqV4CTo6N@3|dvX3`ifCVJg3
zXpC>xhi<+<LFqt{_NQ!54=J*++{zCrJOkSyxK4Nhtaw+9K<Z$3&B(kH)WbS(6}HqD
zsAqKx<*Xx{IqHE>M)AFbr;d9QV?ccUAK{w<|NmqG8th^lqY-LnW<<OSK^_<lOqDY@
zfSOnE@;dMJa@Gv6KLDCr%oX>-=rJOD$pCfzk?Qj5>dFA1cL|@b=*wD{leEX<{k6=j
zjxYDJ<Du!_d~vS*;XJ_uAfbH*1wTDyVV#?jicS|tLg`(iKyH@J_iXe~ZD4jB1annI
zt!er_^&9NswR9r1_uI<WYnAhfCbzR?$HVkg(r=|>$t+BIP5W1_JMCt5HkOVnFkBDm
zQf92|!n2jWg6(V8ek1xZnw0(Fxtc10P_qkVXNv%&tx4KPBi;s0B(rfo1x#w4WF-NC
zR}SYgAZ;5ZBj?oc`{NNLpOkd@^nCJ^kl(E|`Wr77SCG5AJN<I4k>vA!H7q#JXH<v?
z0RflI?fGb?04Iq?tqokcE#Yu)B<f-#D@8Hk0X)6?+gFMz9m#$Mz2B>47)BbEBnEjR
z&r*`g-a>oEV`+)+b0v5k?tC>SaDYuYu3u38F}$;t>uSyE>g!(Hf#1z;rOE4P+F_MQ
zktiJpj}97dWN6r1-5*kWI{kH2qq2<4bQ2iP_tj|~Ha79xFpciCa$7+V`<cKvDLs3p
zt>XGGt^|*=m@o_B)JAVu=k#~>)2>QB3dQX{c-^kd_eiWn(XZl6q-baa(Me6bIm8xg
z+`idYmD=__t3WeCpiI&1{BNb*ai9j8v71l#MBPLR5d-qg<xH*FR5m@J@X-RAJSiwc
z4&Ml16mhrM=+qrJy4dIGeY`sn2<Q?yPfH3V#05A5OapB*RvCk4db_$CKE{0_TmDy?
zDxDq_okpcbICFUPy|qqlz{%m{053&B@po#&i=*L7@klaK(cs}Y?Jr|fBGj(fuG0<d
zww7`0h!l(dyxxY^^pB(B?z*-3-@d6sIc)j-tCo-B>dXH=$o%^ZW+SCAz|knvVL$(+
z!2%vAKLNJ3K-&a5F$V?YOgy!Pn7CMt{ej%U`xB*Iw)D0FC1uGp;3hJx)R~M;{)bPu
z0S0oZG~4C<lH1eMa}21ptuV-hn1in<q^XO|)&B9{9cH+bGn{%8V33XMuYps+>E)bv
z5nG(d$9gHo?%(3VMK>Vbi<<sPU;xY4{P1^JnP<%6Wd(rR%I#TX5uKXF&CWoC<I$lE
zZAv$KA%Jl{8$Li;&31r>kCCSuD(qH8R1&M%;bErgFRwS=uSUTB9VFqw<eL(fSJeCo
zOY%c*=<o9C+>dEuz&%wyShbt;iKmv5Q~f2?D+9(km1(FumW;pAqC|A}Tc`Ov9B8WK
z2IK{w>`Qnse<5h(Udc!x`1QGVPljR$+Ba5KcyPDI-{0V^XM<D#cZKc2Tu~7K%$CaF
zl`)iH2_-_HfW(3^AU-uyFrq<KRg_?$i&8)cgijbNG(5%_5m-7702kU^@H>csYPkdu
z2RmlBNbu1+j3wL$T-t-~5xLVc{UQZm{*-`Rq~QBEYx-v<be>0{{ehoc0MFbN)rWG}
z4c^PAm-1wjI*1pn2!esyb`CnmrnR#2Ihqd#=!L4?EZM|TD()W%$w<tO@U6FYS3o=n
zb_Y0N8GFP8Ahm^6S6{p$;BlNve`@P#pOG#ie(&eoR`<intmA<Q3^;J$6iEjTP$s*_
zpBtU>z;IldqI{nWjuz}9k%5$^U(J5=VAOjHw2A4z=nxU%Q<=Y5>F5YWIO%eE%zq!R
z-}>&ILRW;@G5FA2Q<FPl*Nu}|4dl2d8u&jzIT*Emuna8+LdolZnO&mOIkH_WqfPA&
zm8y4l{lHyL`~JA;VBRHg7Y#ftgAfQ}7?o7IBN;MoRdBb9G}r=mQZPi4&ucuj=fkyQ
zETKhrk181jg#>gQc#F#p_^x)--rvPakk9<cl;DTg?fcuy`9isd;*cVeKd~dwkg=86
z^GPyJm+Q-)A1=BFW@lM2x8kZ91JgP70kwzPg~%NttX5Jg8_b?x^FqJV(!mButy#=g
zX83%Jma0G=23`#CC#B2xCaiCsjWODfXRjN}0X}-|3~ZLl%l+|Oo0G1fYfN`Kn_)>x
z$__sZ9tQ^pphqXUzrX*YD%XYSIxaId=3)ZcfF_jqDAD86Ixo6&?yVkGTd(1Ho`eo3
ze#%q3OBD50%3x4DKh3=7_zH|_ho}Cg`YJSzjDi`m)M8HuxKT_t8oim^j$PLe4-cAv
zX5RJRj<opPk<!eT^S@;QwwQUmvvUo;wLe!Pce<Pibnm62hf%^U>$vO!eIqOL>$Do^
zj47@T9#uAnzeOq0>FDW4G-`5p?ykWrWE!n#V}OUty1-*k7%T^dYCmw|pb_9$Y)xis
ziyz@OriZ$oleNogDGw(x5}|bfxf3sL?g?z1$!T01kHY-;Jnm%95XNii)qF&<J9lKT
zHy05jMlQ?2ls2K`*{I9=g9okp8ekkQ;VlX>9vZ2o5PFN(9`tTH=i#10X|ZmRa%l#T
z@7V%S!wro_)hk67(9LFS3238U4lQkMUEP3Np8%wC&zfp#z5!hjF4YE8TYypGzTF2k
zp;zQ$!-IemP??oABI*gm>go<B5vU}EKq7qZaTZrxQU`6EoC#{KF=&hz+2pbV)arD(
z2be+bRvTvQHu-!vPPqs^b<|D4A|R_d3ivOd-obl?K@O12&UkArB+K!AV~4vx&07sa
zF^z`zd=YMSuX!^qW0agi8rarVytD;X$DI9AN4yVsNk&Lg&V;LWRGhZM`#U1t;*r>U
z$KmxjwI9qVz*ED!VWIYo0)uc^+?XyzioE#D%nq@jkO-X&nyi<%Kfmdv5}*=pC7J+9
zR7xbk`=bQJE=Ev*y)&1oPy(?gQ8}mU=Y}#mI`io&f;kQw62R;WIaH<Tde*lLbvo<*
zaC=*0+w31*N&oEJ>47VNmih@sPy-U!XJ5qdjRzK;vFZV()f*Uh__J1(>CW@z03k4)
z)9fw^N325@r=%lErQ~|6$+#?6sl3%`2b`4G#rWa*j+(_+<aN4^oHmB21c2zkK+z?G
z9!9IYNtu>ZiS<`C8gn(ws#og9D~v*Xlo@5?@?y#go@)GUhvDq3$=xAVhh2$?LDDTj
zjvv7&dD(DKh)h-DaFgfpmZS7^bn`YV4a=UN2H^f!3f9?I@BnlX;4G$;Ph&CZv)%0C
z2POwegsRdcNmQ!W0|BRyCJWK6XuOeZPP^WKh&wEUr3x6Ky_W}oZxLMJe`Pd4CBP`!
zTq^pWcIFps2u=pLvEM{q{O$l08F(ZC2)Y&<^(6wR1*9AlA!oE2v)zXMZin*lD29fa
ze>+$A+?-U=$0+2!11XjcB&3h67qTE=B&i-y@PWq2UoQuE1I(TmA_EZ9Hne;&vUlX5
z-z`96nk*cvW3x2b-SmRAX}{mwyJ4B|3<BzxM5iY!5PJJmzn*aC@K8YgYdGyRfq^n(
zp$McTa?j#Z8JrjOpAkQ;n(w`}|E+)-z~&bMsnBh`&IL|xFQ5>A^UKZP#93^j*GXnz
zH?Mrj`&F(i&Ipfaw>kMfk%2HdrgJu`(z4Oz-oMJJJX+g|sM&Vnyksg*Y}RS~bp34O
z{x7YulKxXT(nq7D(Jw)7m8L<m-Hd5IIQUzo2fp5R*ZUw%hp3<srP+}RL<Z8GIKBX8
z@3IyZH`HKBe0<(k|FSdQzv|=;gKS#xbGpik-!o+xDqvv0$z^3<=O5=+FS8M#zXO)8
zF5gcOz|sZutNU*I-9Zvycr=^G88Nb#HUNT=%}ez=pUeNNx|Rz(mCB`T%ri5e;REBL
z7(PT6m7;VpK*+b4D?uU_r^SrH4W8N=@Ho7A(`h;imUt%-zf}s83_tRNuzxzekBOns
zYl(`7i^GF;{?xl*d_{Y@;V_Rju_=;k;)3Atov43UNCV-~)J7Y;FQ(&6R>qH00#y81
zi~4eSq@u#J+;7n7?xNLaKQ9`O-IHX*2UZ%>Iy^b$pYP=_UH6SB576jEki4G~27s1u
zhdn8h#?m4N1_ni7W3pNSDZG+TLmt@+B<H@QN+{PaHg>8CaB=7xo12lKTAZ&)M1fre
zP!sAMM18<=jYy&{*faoAY8TG`E&<X@N60GS+wpBA0r)s@`WnHUw>(ZKvQchSx@`?U
zI;FHJub$4-%0VG|ZB&@uFO~Z8-606vdnXxN{LVqaG}!dRK(yhQM94|?X&dSjJltgS
zV{F0;Li^um<c^|pC9tfh#(}MQ!F1aMbA0qcutqP)s8$REZ4W%Lc%ji*R1N-$^#~Wo
zS-dz)`4Ad0_@F>|lBG#9mXNnfzq74Sv-U@6&IdKJ*Usl>qq-bp?B;_(M9fwyRW6bx
zUa$t3=${}$et{N~3P9Vj?GMG{8xI9$V%)sC2Zp|j6v-SnJEO$mPfi-!|6~$uz4yp6
zH1zswHc_T{13T09jH`grj0v;`uiRZsHOObkS(3B$WMDDE|4|XamK5r$(n^e%O_|Nr
z;{|Gz{ctk9C?9g;<1P|kEKv#2vK&zvrYIP2kt`f}_funAzMa^{?G-cRG$dy!)y^=p
zTa)=+zdmH+=3qOO)og`<DG==i1_!0f{XPo9`=!ow4Y)_qA{PP<)5{4+lccE>%W-E+
zj-f#de8x?ocMJh*R_9<mt$uWIkpp!LNU6hHudqqmy(CfTH_?4|KSm!SSfjLp%wUEO
zY4{=9=YOREs<4S+o}Fkpdi=MDdmxZB8a5Ca4TXCe5*l3VHjaG&<T(KDrqR({3u3X}
z&S^rUQ9Kv-HA=f{jhLUVv$nQ250J*jZyrioa7g>3HMZ+pnanwZ3IpS}OJt<T<hbda
zX;z)o$`+U@BsV%<kIyGJtrp`1v!6>9(-e!K-yWN6qU;tTPD&KNe7CT`nQOM&v;i^&
z+UNiN(fBw*1h9#HHadd>p?-91Y;3Mhxipq$A&;JHPA{&xmpjtEg>vI5ojea`2|E1>
zO*;MC`l;WS>#omlVvSqmRnYu2@x>8Zb*2!7oVh?YCd6?hNL)Dz`Y;x|cSAmdYv*ui
zSRsq6THZd6)NbF(#z?dmmHhUlh*sTrE0a6C%RoDx)<A%Q;=3`|+iw60U8t_$;rPgi
z4fZ5_<SsfKTNy_kr_#m5G~h7@%w%w?{5z=zK)c1Cc1}C4$BS;DH6dz?*ENA%QciVV
zQt!+4zY#P(kGnq4Yh!Px7O8j=q$-1M0i*F$W+Kyfvj5dx4kk<j=#wgdK{oFRME&r9
zX4?W#g^Sgp9twG`MpwJKLwdD5FtpB&-|usZ&mw<6^FbFQiFYqE@$r0f>8KRgpff&d
z<qLlXsrZs`zE)!}Q^PA3g2clm0esBfV^iSG$5;$p<>i(+I%v46Rzr$f<(g!K>L?1n
z9g(QY-1w0M-{UMU3f{Fa5BP$9+N9z<|0;fw5PgO97qG&^!+pKS`&60Ma)nnISrFVY
z(f{lr5?rRSM`n#BGw&`Lv^pJqOE~;gNJf93-4FRm6l{mZBB5zF?ks9iw~vmF(wG9d
zSOK6x)L{Gcv|{>~7BO-m1P~Ypm(Dfl_TjVzW@>es&*Te(<W(E67Wn!eAP_0Iq4EkJ
z4{Q8J?xd9OyZOufnScKO+I!2cD!cYycoBjU5*8_q3P^X0OF#)lIwcg4ZlqD9l$1_I
zKsuyBIwb_@?(Xh-j&)u4z5jcU=L_r?+u;kxP#5bw=bT6U;+Wm-?c&Cu`{|S7oiVM$
z_0gxU<}DSpBO(;vJj&v}<A0MH#kC4h0T>9l6IA=*d~7<=xir<Wk$AFTrA1*3Vnt@4
z4%%8Q{xa*J0WfsOTFt%wcX-1O`&~&4^xi%#ZVrqgBNVS<)drI~Y;tUZt)>3YFVxRf
zWbL?D(`298s8$Ru88>0wh=~EaXvgun<3)m~wk3<^cclL*pXEe6uh|fLZ!S3)+~we;
zQA^W;#WDaz0=7XbYEk%){%LNt9olWESdaya#f7E!053@o(D=Yua)nKoP@Uc3rD}aM
zZ|8bv*>(C1${KxreSULBvOQpnOJKkQ#MW)iUy-1AJumM#n*u=LQ7I7}JzWEn^34`Z
z<3K!*(MShLAF3O75~a0s+(()0%Q->6tWe@?4`$w8lPz5q&h5*zM%3P1I9Pe&r}Edx
z+KM`^#B^+QFi)V|&E?C&X|#zrNY}CX%ycC{y8i1O5dw_ZOGI>%XD$$K`cbw~er^_U
z`BOrF_Te?BVMjDBKne-}DeA-S$u4z!fry!r=_EwW4!sd(CurdmW82LA@UJ`EyvJWE
zY+^ux_S6g~(js0mhnMhnv)b?wbP&yL4-|(A^}H^QTBhozrsf*`7-WFL)jIhKhjBWD
zol_R?P)A1e?w`t33xj7j{}=FM^4-l;6zdEC=DB0rg89xrQxVLl{76?>^*}L)3^Dke
z;ZOaH0TK28W(ZY$F+Mi7feEY@CBM}-8!5c^;vuZBFKW)v9|^uJvzk6s&C}8D`DxH1
za{Kme6M$1{O8Fp9@>$)vB($T<Ck}8YNwQT6CMaKG&;9kH{fe}(?foaus(~@c9LO@F
zW}U0PYm@YvV!O2i&f4koI3F(w+xGwq{8S|&ZEo3h{9@~L-v1@6oY)EHmj2Yv{NAg|
zXo_ooJHdf`&%fF@bltU?`y=!93a(ZE$(7;PtrDdfimk7*NgO-B4yI8u_zW#A$!dSh
zRmmFu<?t|Uw3u#bMHyjcX7(K=wRD?lyv7D%;%;II>fgGq!XC$0KG-#mkDoWb$G{%5
zUF<x^nX-OCm@H_opYY4&%U#Uy`|8!gKm%U8{mm<h<nOhpqmVRh0a6z_`U0%R=&tIM
zPj$A7J(eTf71yb*dm0?90b{2`fs(45Cnowc#dfi{D(2m7528qN3cd?uk9#3z5DwjA
z#Ke=jwb>V@SD@5X^OllK(<)yQH79GRs(P@r5V>I5adqwRK$4QY-BK~_%V>Z9R6JC#
zle`wPeW!<G{XeJ}d^#x5oNPAlqO45jy9>*7`ES}It4MF&<jw&zQ)v$<lHS*%=7?ZE
zK!S8_ast47odzF#f-C^@HF6Bwds6YtdwssewOac2eRFeRba7G4P|3k;X}j_pW_8To
z5^K(Jq%1Vz6H=|z&JQ?<bJ)zC%mq6v;M+-kcV4|nR-k+05xn$U8gyPw-wgkVru#6`
z^~`jMZ40}{15BiRMw;l1*&p=?IQ6#fH0b~`l?30|#3}2S0wRB4+u!!W;^-WV;+%Ak
zJNVo|{n6LQ#%z?AsV_4%*p+10{`>@Pa<HMh_Es%M!SjDJcZMG9_Crp$87X>e8cZQj
zFwxm5j}!rbI)IQG{Si)~Nq;7WW~qht)ZE-n974NY#>b;YdhoDV8B$M^USzxkg67`z
zdrlbBLtO8HO%O|IqGh)cP3POK<ljN?CD0biwH@UwvUrQpJgPs=d*9%{1ZY;pPPPO!
zwJzyU_g4T0O4-#KcEfQ}_CsJG{(0JSqm5i`&|XMdchsm(aS@Q5T_Ytm@m%LiVbwDr
zsLi_C%b_wbaP~I|1668Iq&(GN<7lvc*UP9+OLzQJldsUAfS>=xcl{@cV(&thoVem{
zIB%_wqR6ZD&$p8XBt@8%(yi9PQ={kssPxCjH4s9_{|TX2E)HuhtMGufR7{o(<U%Qq
zz^N_h=qPEw(m4CAuf3e(HotF)IhPRcRx|#2NooY#x8NJpNJg~aV69N8vPhl#G9$ga
zjH7>c+o;TK`Q`VGh+(VFuV0_84sh6jNNu6jz($l4>jwxX7Cq)9eWbj;{k*d``XDu#
zG`S%ETTieU=bKF(_lxtxqF1_D^Y!mBl(H3lE4^`Bgjl0KfA;@r?E3mPT|G=EabVSK
z?(0l&`fl2(XLLBx&|okR2aZ?64W05Y=7-=bsAvf)-^hnTs@ZBkJ0>PXDW(>@aq-?x
zP<U8w(wCOY;RFpA8oYhmT23c*)h#D}l+H57G~WG+q&{P)DD|^Y{3cUko|V}Y+4(k>
zt5>Js3Zf1&(u;D8wl3_NU>2|Q5!<CoQo-Ze2qPQ}C8n`VrT?gze1p&5bIvv4>Il0=
zr~jNzO2VA1mV+kZ21Oj#E79*^fBo5b85tXJLwxxx*dYfvJk<Pg_#{&)qbJpufJ)wU
zvbrig1q`|<^E76LEUd#_Y;5eVqmxyDr(P45xy~RN_m=9~(;lq8NV|bC49M-w<%N`)
zES{-RrxJxDh#AkTzaX9l-Eh{w;ukN$Ak$-iWL5ZNg^C$)f5WEj*}k_ET0d`X7cXx0
zlBNH`VSQsm*WjD9HOLB@wV>#?ohsk#-b%i6**(oxA7Zv6JdOUF4kmQIAca6Oj@&mg
zC2U&JQ#_@eiA{he^h7W*@bem7oFShu4K>Em&<%RRJefkbZrUH0C(K<%-3Bf$r&~>*
z@3?FL7uw#!`VyG%Td2k1rlqFV-38V|WfZK{=vso-AKuHwTKyj6YueB=H^7kofRbGx
zD26H`%$Ze40!}w;(R9Q-awk=vU3(_~u{k9yl61~i6U5`C%FKqxCp$H-+&PGZ0Fwep
zHakHe?3hl{%J9<td-C@$l_ddw5bkOMDO$fg_PuY~{M)LFGQEtj!qO`(rsMaPJ*F)G
z{eCC2s$7cWw*SFrZ0kO}t#00%nq2M`sDgnrhf|)Vd^81<QVbReA~G4zBJzJ0es+w9
zIt+kJBm>74W;&dZT4vSgzLJM7D!F~<+1&k^%0g5W6vD|6O#N{wuR&b#e`gPM8I5*@
zUHRk>xwz$GlYSE?;K9C3>*;lni^lh!9&C^P4sHEJ{hPGJibkd-aJJP8TPa;9LCa}(
zXJ`3x^w*|m`syXYRF{yC=Qls*zP<pPAJN{13oJaU*FK~hpYU*CtN8HC+_?96jMm}_
z1>v-W!q~IxjaNRjg-@ej8J^v6_dpzCT&cv^2-<c%yYlsPZ1KE};&4txr)&DB!^4m0
zXo81p{ze=eYGRf;KM#vn2i6mep1xkgcxm?|r8)pDB?XIQA0Ln1;Mhjk!}Mv}PZ5{=
z$)+bK=S|5{Ny%BC-RY$2Z3eRS$H%gm$DQ}L7E8?iuH!b02-r?6Pty`(j9Q>!d%bt6
z@*EaH%V9bzbu_%2FLZT?EPC=Zg}&nCgyfCs=UmSC4V5s8(Sj?gZmyrS+yAt_pUl<H
z&o5-&cMG;0m!QJ^%=wk_aEs=;kN^!MJu>&=zOwlZXA1{j*HZI_V+`yR4}$(2O}_E|
z{(b}SdUPpi-6c{+@AM>m5Cf7DeroEesaGE7^BGA=p}44VFy8CGL(7~tw7e6wCu<QN
zWo5cM_1=Uy-b<=hHX%rsW>F)f4h}A_-L>J(4r*7Gw&#<nOfCe{q=n3KnnfY*=X2Wz
z6eDHZ2`-#HJy!aYq8+70NV9hj##b_v2G&RP)_)otjdv5-%c%K;$KtaH;}&Uuon%hV
z<l(&e)YI$mJ=!nCqUV<e-ye~;-SdCe*}R(6xFeb<DOv9^DT?rH4WT)D^M}k;$Xysg
z{kJQx?=ZF6+1p4#;b>^6tZ|U5w`Xd34l}JajOYe2I>KhZzcouD@G9NrMAIh@1FOyk
z3}Sy6%Oc*B_WY|R5RRrKqJAdVu?T5z#fZ2#3;}DEAbPTtd=C+_vvMom{S-g$&O-@F
zjiv#Zn>um}@prN#yOE&a2@eDg=V!`qUyEGH$_^`P+g&^4u?hI>R}21v?WIo2@|K)7
zXFRfx397lZMd6Y@&tH04Um{+aW23(oGgnTM_r-X8Fz@K>5qhz)YO=DjWT5xH|Kegv
z%rIaFS1EL{yZh?HB}?0;QF6rJ{ZUH}hiQqT&2Ef_G`Yu7)o!5)G5!IiLCvf;Pq%13
zN=yp{Vlxn5%l*p#em+@h_ETx8ovp*Kjq&Z($cLPR_cPI5#BB-+rq*XZ?DwY4_7|ST
zC#9uDIWNJ~X{jKJZRNMtNTp>GaX+QswYAin2kWCQP|*ctW@Pw#o-s(4{P=OT+P$j2
z%W|mb!GgsQB9JrkL5y62#tfrz4(&be)-k^q&EIHOFTM=5z(tx&Ld>{Xh8^iI3R^Nw
z?DXgwHmjMpFYEUCr&iZ%ji2}PaN@}#Itb8ugE5HmCfu~C3BRp+qN&-RaLam}<}^;4
z@+eryU$4~G$~QTCCwvX}v4bR*MWV1juXaW4N|)H@^UE_BT#JUtlMx7?k$Xvu7t7<N
z5sE*!Jw2@^W=<v?$tGn|_tf!3E>^c^XFhsi=7Z!DL*mJ_6b3cYjEo-fWaH^akJJqH
z-hWO^>`@Q4tT{h$HZxlrfs7ehCE(+inL4t~hNf`K$kNh-@BV$`z@(&UTZFXp0ZYw;
z$+n2!k+b}Nz7(yG+^Wgd(VoGsxeil6Eqw^sw%tYwIt{~(C`0h>na#g8qT62Xb<B<8
zZvT=P`{`Ei4;mf;^$U$memOb0vyHX*$=~^peTg>(DBw?48>CZ#Yra&<(nrj?D+;wc
z>{h4amvRV1a;~<X#~KOa$Y_n@uASU$p}PpHv$F&X@gq4od_MU^q`b=Q=F9y-A*zE>
z`_1d`U-%7nJ=4+KW8@%`(=5S6z!35Vmvs$(xp=?dE{BLYs=2?G9V9ILR*2^FlUC)l
z`)mZn{>TbUneaH=8tq?Oi}`x*?kcv0zKNh0qQgj(mme}V@Ct84B0Q_B-P=HDSn|%v
zDM4jv3Yqc}j~c0r%u>lIka+xfoKZH~O7i~APp}K2ukkEjSip4jNcgW7;GNdiqvXo!
zwMnYpsE5oYPb-uCubB<zc*VwQ_-}USYO0<TXQ#=xRw&6t{@&phtQeAQ^_7$yvOeZ?
z(5d=#9LHB<YtpwG#rD&-2`8pGFNlnsOn<)4>&SMLm-~KdXi`JO8BE!-Sg_Pm{kZtH
z_Kd6cuUqZ#OJ{lVlDA$?8yoq<Mc14Q?#jMsxXJnpedkh3Yx_Vlt}{VT*Z8QjiYzwv
zZ%=n9tBCVxTnat6#W3-EcXu_5xBj1f31m+9ik5q>IJg{4Ns-49pSD#7r|bGBSNLFk
z-<b4mX!PG2FTr;zFHcWSraRnyy$_WjOJV-+SAr_+s~mPqf3v!~yH~+unvjzJ-aq|W
zdi`QLVZZ$9U|!9^ZkL!Z*mrCsUcUTN*Bec8#-oSsel&T>ZZcA2lh=P?IK*yuxgqp%
zvW9?CTf4|&Ft_8h_>=3={j4-`Z*rzcVhx>Yo>LCz1=*#6JOTv!Mn7(Im2(})Jz?n5
zqY5SZslErUJjR5wuZ;&(wCzEhlY4Q&KR=BYTx>cSL*o*YSVLhlYhU}8aO?bD1lLBK
zneM6_c+se{!q5MpPS4o)Cr5jq*_e#}n#d;0Qx@@XJhHQ5r`;THC``W}kSJ8zcUru^
z7ZMt)F=J}^<;&K6cEUT??}qF2_7ArBk#gyBzV_>=tD*OH$#&&6tIg?6OZ7<nwYSbZ
z_*A2yO;*OM%Ll(qW$tJj3!kh~)NU!{m%snhKXLW+--)fUKBnWWfK1E;iER7<!!}+K
zUBx8+sTSZ-YT5Du;w#d}jVQG{TM?VG`e>$V8sokw#uvI-PWBih@z+-$!c7XdPOF{b
zcsIv(XXjd@Ei7NHX*^9c>_>V*qp@K+_{{wE(G&xFBPB`EovW-Ft7QQ;$l4%Hux}r?
ztVG@vE!y8>x9FxlTc1@lt#8?lCehm8eq{InTXJZ9B5>JsP(m9nXhcW<_9F>xmQ((`
zr>FZtNlS7%9F%2#^d!Ppmq&EB?+Sk0c<ifk-xVSLyFUxD^L+Y?H2vScf#%=ph3wYD
z1vnz5jX%-RbuBGe@u?skaoWuNmQhepASZ=%bO(#@JChmcm={r9SgKBya|VKNcZ+60
zQ==Xhc$paQNjDR*xQ>WNkeL8kTvZgFi+F5xv42U?whIAO(A`P5d*`C8wCIPQSv)dY
zamYz4w97n$7#SHRYz5KTC(va@RCbn?Qi)_dJs!Webi`n0!)RrA{Q_T34ljoDO4ivK
zES~i71zlzm3~kXHFM7+rHs#49cBwV<)ZE*JsgahbQJ+K5b^n&#-rh5}A8IT<`Qh^+
z8F@R7ho#1&w`+ct*VT9Cb{MtN9yj5d6&8BAgd!$$T^u_c9i?8$v_BJJp{C=xwILH(
z`)A<x@`DEmPne&=kRayaeh#K=R+SNPq>?$iC!w-+mCK>L^UhrB2;f)~=+v$4f12Lg
zujap-K?=L<AoXTV26J#9)%k|3WwU5)yB*SZI2v*?Sz{rezp5GX***IGl9vK;G+FQ6
zB!434c9bt`-*?mb<mAZo)FE5cm4xc1nF{MOdaN<@-9z8(O05&(Oo=<m?}<*|3%H9*
zT+90K(ZpowxPicG>#*h9(=et*vG1|JTifa#goIM=P`ulkX}vKfsD0x8HdGoDab&YK
z#rajUOudS`N>)zqmjSj$gbm^QY<hhTRu?C|rlFr#t8K0zUZ}pJQt>$Ve#^?ru%VFQ
zcN)c7=iYaJjOB=j7{^;5yg#<n)6;Q*fq^ojj?sQ5!mt-i>RVb`98r!aJ3Bj0w5jd{
zp?q>4oHPQ;%p=hN;;Y^gt^>)wd#55<s&p*((~smL*e%pUQ<r_Ip4D9c<@T%ZbcLK`
z>T|UlaDGMA)CDHvxs(HxVnMGcDc~%W)lwOkqVZc@jvx9~VrE~UF`gpy{5Pvv39tUm
zP-V;B+ih4Xx20iu)A~ZL#ABGVv8MlQ=S!4o#^LAPoo_i=pMzd`XfN14adJv!t?L=+
ze^MnGm?B0P@<iq2SFg5y=+!unQ+yrM0cyx8h^?k?kJOf?w<kR5^Y-RmuW1xr9bNnr
zwqgEuq-ePvj6Zp{_V!g88D2yR#SI7vrNFbT27>1|h>7DX>{oB&&2`DHsZ~=jyB}Y9
znz~1r?k7qoDP7aq*;fDMX;^+|XKsC01P}WyeCox^^E+%avocksj-j(3!*1LNjaRF`
zx1{lXajI^}X&y&XJ_dcCShTO19>bu@GrTlXSxyW~i#heD-l}{;{?I77A_c`K$`>!<
zK4M>)?ku+@yo#CcU{k+lKKd;;iALmUCOvKFRqc~~m(6J++R*eq2DOoj3TY>rQ^~|=
zYyzuqA8$-c<mxmf*NP)N>#(V&qIgW%-M97o`Uj&x^H}C~z!Di7Hwzz(*fA1uKUq%e
z1uENa9VTiuRb&$@1lGc{<0pu?9K5=7C(6x!rLPss)8+EqSK!BwGS{<rsX@DME-#vR
zlV#|MwGIz2FE=MEYP3f6+SN+>i&fc{2O%lFv0&dc)_=Knud$neDl#pWtf{9N>lZru
z-}6z+_A2%Ar|psX<1lUVSNVfErIgHPw4u~H8{_(eI7Wh4YU)V_U5Up1Kk0m)f7Mx8
zu<=Kt`>V0^HoIEu=wzTFWmNC9+F%lX#V1d3dGQIP;KUI4+*nxHJucmg*f<;1NngII
zsy}er%|GoDOXXts@$u=xz`)RkxgDz8ota1_1Jv<W1Oe=)Ab)>r6YxIrhfD@o&VIOJ
zl_)}PsiP{dxhANgL9$(QdFvNrTl-_lI)CAL?GuL8Q)hh2PgsHEGBq_eGnlLt0xwN+
z<YM`v+^HzZG;&8w$mAYA?9eI1T6J^VRyaN2ta;v5i-6V4-<o>ldcPs#EzeU~>8o1V
zIo5W&hRelZ`kcK;l`-xu=kn3el*v1!6e07PJmGpNt(AZII5N5L39UkgOg==q*Vm~J
z*|a6*#(y0ZX_h+btoD?$Ev!x8_fEQd845W2gfsl@B9Qs>$NI8|0pS@N8~b}?WQ32K
zyDvu$=43|*k`O7oK-JVA4L#S<NU<sQ?S~q38M(QM&~u%g>j~M=qj!DH3+IqcldTJ}
zp8cdP^AL~U@{0e?S$I|UVY;dD)M;t6gJuDyBL@1j%FAS0s_^9c`nlXxM$?{30ToKY
za40IJ(_J)SKuUC1jMtl%;AF*6()5ujD3iz5*QfQ(1EWJi^zS{=-ahbwpnV)KklLwK
znZxe++r}e?i`ss5roYf=6MqBFtQ6RK8Vvtz%^yzI>^fKZ;CGMxmiB3T6ZIw9FQ?GR
zU~<xfE^R8M0-k|>?3bfupqE!e&NIpYKNCC%SY)*TBd!6gCJ%F3g06UmtL9A|t>z6?
z8Y^VD;mmQ=bzXP#I8!)rGqGt3T8lDTnA5b~)o-sw(h?1HBnGAv8}b_p@Yh;2U`6AR
zc*4~_IQ?ph|I{!>UHUU)<xTE05S_NhkG3H+OXY>qDXS%!yf%8R+Ymrn=CqTtcbN8#
zns9DmZmK3(YTG)B)%ak$g;Pv15kboYQXdfvxD_asrZT{b1TmEvOrRs|^x;t$V}xMb
z%NSG_^=4t=-3zO=Vpv0CU>;gNczHQ;TTW<|EIdLgF>`nl_7h@ZVL1W6GAv@d&|zR=
zVnT~3d$)Jr>`w=wYn6U`-W7B-cl83y8bSWrrNXWhnaVa7ygU{+ah(4C-p3w_z50U%
zoSgY4&3Kiv()S&-p`0H-*{h>sWmPLMjWR3ldpQXtbU$<`n;y{uHyVD(De67RyhTY7
zaOX;k1}-LgU-v*{rzd8DfY)C5O;-a$#z8LJ;HihJ@5Uu&Dl1<;zhydEC4`t-XbnrP
z784bwxL0EFWR^gT#rhzblR?ZQNRF3x3*xB2@G!ztB}bzP3maSLp=L?8!`(+xNE<x_
zO{N}dp3c4hX@Fc$ZnkIV{50)nTK4tcA-w9nB=C+sa&t1c^Of5b@og7z9Owyg8dP#%
z-^$B2uEcPKs@Gd5i@RImF==))NJb35%N1;EZM%H$wi-mq;d1Iwbg{;@oY%_m{CS`0
z5Mjb+ihUN`@<`nX4ve1f=9=8bBR7F{h#FAugL=~}kq0;C?b{>wo!8#yHR00qWh=87
zr`^fhODY#DO!oHs!kU_zUtu8M1}`^vhr;h#q|$8PhKIGENjf~<8*d+<3Uzh$1R}_=
z{>TrCckiO|=k%eBF@olvI&XiQtdDwF#r}%k#t*r_IZ!+74{cdxCvZtkYfon^aGjjl
zc8rw~)s&Yfy*WJy@oR#|_p5XyunxXEokc`9r!zoriU^gaKTi1D{?2`IqAD~Y^u1S>
z%B|JP3r^nKafW{+G;BCUPu93xFV;(K`tN6@e8e=17p3&2qzH)$`^qJHaWoqZ(gFci
zjiU4!j|@VEoO(zAUgl$E+aoaQc7U9Oq!QgTjf3OJ_Us+SNIu&4%EO|D$oD=!7%$Wc
zvG&P%F{w`(_jWqsNlMK8hdVnrU9VQ!&f^>i3bvgKXU2ZW)2dr9G>Q<-Ey-mSJwCHt
z-qic4hL`lhPbM)Dh3r6;V<T3$)irdA?x*IHs*!NIhlUsvbR#4G@w^2fq<q^tbpGdw
z0enxN{x$uJ2#b6emZhG=LQi}RRoom$b6jQPk5qg7n9gy!-dm^CVtm9@SNFwsjkI6-
zK!%&SnZHR4jIBtMl$5k6C@5I*m}&G+)c>hARb@{8f%R2$z<hi6PS|s%J=ZYHnkT1h
z)wLVSS#A67PV${A#`+(=-g#I*z##KUTddqeEY@w02unjPJPYe()jd7EE%lnaM2;J^
zQ(gpr?Q0Pc19U|GTMPZnjbiQrUCxI-;Ign0dmO2YcJmt3n-0$+4qnOR+YduX?)WZ+
z5F&j)O26v;+t>K~;2`}~^RnT5DEvj0$7NtNtwFK*DDO^3443ape^$%XBjkKDDdBgG
zdLXpoOG^)Li-=SyAy8nRtBefAaQTfdIIMa-y@S4gGL?_Y6z|1sux(BdA(kvnKIw^_
z?{)5jx^QN~<1*s3JcTSTQKVslK_=gD=QVPyb+RUVci^RvGU4YYKYUy-HF}A>((8{x
zl;3oELTx9jR(X_Qw9I4d8574l9o8krrW(i)>es~YF@;bGpk&6Uf;c506U8cGcYd;e
zjz@)5Qh+>DEM4P%{zc!wU=TEzi?<O^bu3tg2XdQU-MBZSUUyCWmO|p6ywpD)WBe{9
zefSG1HJ3paS7ct|_#<h{U@Y_u9o>BHd!^Y8Z(KD|XKo81oLRyn4@su_RP#_M+Qz{F
ze}Q$f)_B9DN?Bg|+bk7Mdrr1(Qg0XWi9$zYBq<>RRX&*UnoB@M^*7~>%-+v@&-Gkw
z<ME#c<txms&{y%xCE|UhZRZwpSUchu6dbW0$W{+#GN-1^><2i?B#BNc=x77_z_gMQ
z2S$W&g)O$j!U8|k@h_XB-eAqaD4YC^(L1J#9d)xVho7n#32`_~_f3k<_8`7;_4MSs
z9q&BLiMUC}#&_p5lI1~35*dQ=;j5rL$$*ekC)LWTpYP_RDTd34_?{;=3J?%vlW<|_
z@mYjti9UVw?x-TZkV-rhv6HCF+Vxi5T+p$3)51dS-4-<pr_z#Xc$WQ$#i!<%kczrG
z&BpX&gm{9WeE}ul+aM2eejz30dryQ=Ar%!$Q)T7kZoon$h+dxU5+Z(gb~FaPY0p24
zdbO2_E+!E9v>WlV?QY0z^AYNMLgbgn$J0X_<C~SasmU0>_E#qbEDr1b#9ggw!s<}g
zhFjHaaOD-5&Zf-!ikSmW_rp%ru~l<Eq=nr;T6)K<b;z!17o=!$(dhpqi5(eX&k%o(
zukQ6^TGop*7CUn8?Q41pkCSUHyq1vzW2rJx`O(oN_e@Pq9rozIKWl-I^Eo3cYZhKP
zP=B2psC|X7VxvZs&`HhgY|rA5t45NB+<qb`FZS?_liIA|pPlE;&Z`)SgOLw!F^4cI
zKW(93<$L?V=TEF&ZJG5^g>I{I7nMi&>F_=1+&!d%BTt;2Z8+sOhv^P&8K8wcSi5Gf
ztzAB;DLo+h(VObTwy@B8wIjwR_#T^r&fPPI_4<`-H$n(Qzj7576%|17Sb8|q^f^&O
zLnD5ln$}wvK|?E>C@jDPd*>&(&4>^o0Ja6<-q!uIHY^SIhc6AKCVWul_7n~de7Jv3
zS$#$<_9sDeO=ByN{3<R^W;}Yv81d{(zUj2Y*+kZz#3xT~xyWT%XrIl`d+XJlefYK5
zm7H5GTJd{$iS4NER{Ti$4ajG)XeuhvGgF>5&|*~m`IA~xx}jZp|L_qmymEUxyE*4B
zp{@{Htj7Jr$)A?3UmOi>Zqi(A8)V-VyIVb4^3=l|)yYuYxwClG`&_K)ekJ1H?S2*U
z4N#<NhxOQ&?@vAp16IF_n5w7|yMSpO@9(fGt*903G2JH<FW}<Z7G}-ubHP^E(D#f{
z|7og|n>)`I!bC43Kza#SJ#?C7wim7!#o^(^n^hjioD=j6Nv9z+HaumJIQgd+un_6V
zIe{6b1G<fS%S(M(clP3Vy@xkz3^EJ3FePZ9a{rQ;&yZCwN_~r_{ejwYYb(FbmJ1Kp
zLwq14USxGhezhC~#PAg#AHRIO-y+Acz++8Kq2B&}`#~VKE|pcgIoWA5wc!Y-lW1y=
z=KuZsVi8qjpo>3yNlXFP1V)NoA`LY(QUf^NP6)elnUQ$*7>VP>azFB-b;Hj+J&ii=
zINnvrdxWukSjT4}eMk~wGiPWt+c8n4W?~Tp8LNk23O2W~;cKNC7j#!wYQn2?7JH7H
zGf(J0`X*bPpG22i(}}JFRpT;pxI~kn`~Xj);EP`qr#TMWXBIAMp@puf0aUaw8!5sG
zRFAxul%ytLL2>4=8OiDeWot_nkOPA18XA#_TmF7bq!?F;s**vgDFE#MILa3=`)|c(
zHFp(N@o9A`dVlK4c}2ygnq51FPp<o-`GM#we2V+$f>U#?oL@7NGW<oKh&DcJ)UUj6
zFz}Hn7&w&u8~5_f_KYbU?VqTG&W73V?QPY}x66#lgocNB`tn)MK%kd`k}cd#*dNpV
zicB8M;-AOu2kSCbj(;2dp&c!Anf{>Fp5I8T;Qi}UO<qk4pqI#-c6TnPl7qM6vY4H3
zV(zwu$Ax(r#PJz`_J8(G-B*9udOtQ{kxnxd(}I*vJdw!FI)nr=RpY0A(>e^7$~}iP
zs)G=p=}lAPeS_nWrxO^zwuU2ixhv|%ZqW4U<*Q5Qr5DSC3Q0+RpYNZFC$de9Jl@I<
zsG?JH5?0CfY}uJ_l8<|-s47K;i+i@b?0+EQ9DY=dprVqdCobpvI$2|P4UqbyGMPJe
z?pahFqp_r<Nsqe{--U&LOtabZ%Lr#s+g!$=CA<o4_IsLvf&9@z?3_1da}R=-rgXC@
zxUeoZHbSI9#fJF>CK_NjwY20NPy13Os-T{Q69U3_&SDseLC3;kwpwOAd*&^Xq(&P$
zHFt3yZE6v;H8q7JR+CNOB$*(X^fvTsz@}DtL5C5~+wSi}htCblqExzP?us_zznat^
z<X-8kJ3BwsgPU^z2FYtY^tZ9KK5x9X1c|t_%B5X65lLGIqmgN#5%CHPl-)cY8X`f2
zFt)tMiKxO{b&~B6k|Ej0!<%y5rp1zrS6i0aT7XSFxxf0;VMU2v<WCo=v$OMC?CTUm
z4j{q1foc##<KfUqGsf|npKL-9Cdb3W)4>pzu;accDyUBiBu_Oxzcsx|>qa7BF;;sF
zj`0173QM;kH=S$a;~8fD*RJ*C#d+*pTj4RgYL6dy$eK~%xJ~==RgL6f(&PCNJ4)-t
z>oZhhl7na%e={Fr$4u<jNl~F8IA1EhxtqpmD2{{iyJmGjZ@$d>YL!EdL|2${V}g(x
zuQN9*h4B4^{Uw+|5(pBos5&ofG1X^8NaPz-1dbskC$I4j2pHo>A>M#x(%$|&y}sac
z#h`_jS6GY2;DC?k38lID@}UbQ<@VOWI`O94X_*dd-AmyHUUOYYW7!vHH*6i&Kj?&d
zA=+$;b$5?dZ7f9D&Il(R_l$>4S*}vY0NCKKrZp`>?JY%c>9}{FUf<f=`O|M&A+8%b
zot;DM20nHIT2TH>zH@Q0+=ij#iojAJZBXB@d>y{`|G#1zFP7PG$KC8LQ|AhZ;gLCU
zlhhzv%gM1${;2qKV&gnCB1S!<`0uaS5|b-&a&f3eSVk;A%Ar6#>CSUd+PokXJ>QYx
zHkr`M-LAJ76F+Yb?0(riOn@-ns>24LH_{RdNzZghoISQ?R`w?bW72#y1!mZj)}@;c
z+K4>A9gL3gv!fn8>hf4haFyfT)|6*-bTlY)_GMlU)gqDe001H9d-7h@qznxW6$1`>
z9ewBd$nfUOhbHJ$hxzk`v4Tmxp5qQ|V;oa$4GfLw_ttyA+d1MuPy_OdJ($OKAbReD
z&s==nx#sY&3>!UYj;eC6I6khcH!O_ka*0UraCvtkL{aH%w&lg(-w;!*6k3^l`Sqdq
zAz7-alZPat6otH&K5$Uxopsa;dU~ym_f5=Vd2lVi?AS_rVc~yqb93XP6n?j5mP#Ov
zRJt}~?dQid2ga~_l~q-iUC|r{W`>484#0}cVbpg&;BuD0)ksg_fx*>}60({VHyx5C
zpSrk6H|lE%I^abGQF<j-yZcj)l8R?0R*q?nZS6lnfewH_mQS3rvl9YOwGgxnEg<AC
zpR9=qD3xvgcq+ZVrqXwQ3i$CujanPXB|FE9^Uj^8A9a3VIl8!{RJr3LP@w`egjy4Y
zMqN+5@!+dI<;Rdf-ZC^Xi6tZ_U+n{X8@Bj`#@>2+q+SzS&6ILzvO4p3_0@ssoxxWO
z7fKZ=TWE-!_9cQxI7-cHjS04kA&Fl;Y&7_^y6q?q?XRY5)>Q8)W%WRWgRkAR)17QR
z+>Sf*;m!NDShTmpNf_0XVt04P#%~deasoN6XGs8QGIcsxufZqp?EIXM-IY)Q8W#y<
zgoL&>B}i5;Te`cgYkvGNyp9;dzv`Kj@gO%oJzi1lG=K!{7e4tX^Ji><FYY%+ou8_<
zmC<8A9sZo3dvYXBee?UGACZmN$@HH%_LY(14&4yKyFvTCKlCmO-bg<@vbv7=>b8py
zfFA3v+ART}Ln(4{ysy0YWU;aH&K~N}BECOQS18l@8?6Xb9=J|ArI1Lo6{xzNp;kBr
z0ZoNc#t+#TVp2-V^`R2;(W?k)k6kSCg)ZNAsPY6AX@YYnUA-87IXnVC%Hf3S^X3~d
z(gILc(d=w!7jbdCf1i}3wJ8@6EVc9bj`2u^y?>q&P?V!hSAuTbqurShS>A`zv2LWB
zNGwkW--|#r#Hq4CFbV!mO>ghx?jFUL`KNg``F}dEFI!F^5U8OU??8WNZ((7f8m@sy
zq;LhW8HLo|?rtIw`HmZ)TG5r26(@w%dI#wlhYh`jcJ>iYC@-a;Zp<$sLHkXenN@r;
zzUDp#87ATD5zpU}H)6QDB7WB#Qy{*4T`bKr9?9$%%DZxMtXH1O0MzTVD9wzw#=4Mz
z;gWVSLHG0GvDt_cOy>Upe|Ei$<zLlx9NDxytI7o|?!=!l-o$Bwp*%)lcP>f=4@;Yz
z1QHqH8TZ#;S`Uz=8-ms|jefvEJ7~$u%6<+{q30hO`nDM?rvE)b+xvu;+hPFE!(!Cu
zuV$&0>!yxyV34GV4QKVzAVGus$+i7*G;Id@RF=B7Kb_5iVfPf^t=nAr5dPstVr-Gw
zgQ^2=PGTT&{mN|9hN{fvWZ6v)*7OhCR@WKSo?g3#;&k%K`4Hl{3;y#FCnr4Dg#>3N
zym5O>QD7}hlv%KN{W?5p3*FD}=0~)Tem67!TLJM{PE>Z4LUXJ}Pn@B>wf*RKAbE6&
z-2=hcXr-m&^<VanPc6ooGBjR>Q+s#-(3VtM?o@uDl5+bR^)M;v)_65#l(0zZcr)5J
z_t|C=0n^(R*GXO^X#jZ)aKc9k8X%V-;rNA(meSp0#zlPlksHK@g`fGCWYc!FgOtL?
zO5DNO`6AlH<h%ckdx<dkyE^0Vdw;)hPxzMM`XDoUG%zrr2Xl}}FTvHw$aaHRSL_W=
zHI>k91JHBC;w*)Vx7`bsekOc{`5P+N%n!L<M_B4qNkGIQA|^z9-Cs==VMB<g|L_sL
zeH(>2^>ueYa9sDsiF+#=81QlT^1`=FDmW#Nl!UAvqE6Aq(9inW@Hv24ujgtgX9r8~
zF8uj=a&l5pYSPanL*qqE^nmoxlQ6WW=)a{2M8{4XO!S{f+V`9PElqTlqoi<%sqO{=
zE@8LSje#G_`*4s8iuY;w-~(12Ef!Z48ExyZ*&NKv8$m3J5LaT)vgvP;A`^wO{X|1U
zzxtQZi2L!I)PUWRxO>m*C&skMMEm;skT5z(>@G2JLBh0`p9wJte?oiAVKAgFj9jdP
zCOdu$X8vMb>+U}4ZNm|}IOCE$-}yXtPLpoJJmxx4ND<eCdkdcu@hvMan25`;_VsVV
z@`~>@&t2c~U(eA{Uen;BqYH=;qk4F&Pn8iEKMFt=_4qD5?3F=tID2*`>EinYfgn|S
zihQI5!hSNch5N5x(9+(Tso6oM5H~kBTYmrkoi_+(7}d6h-K!z~+=On)$A_t1@iB&3
zW$G~<opO})yb|~Ixz~oYaMGa1V(JUevm)>lzmM#qa<9#Q<^Db>QRfQtxkvf%Fn_TD
zb|)o2^|<PHC?NsX)$@#qsF&D=_H%~n&K+nZ7K1Z#6O9ZEY+b?La(IiAnn>XmD*iIf
zPfuHeZ>jK*5pIEwh>gu8r@ZZR92uF9!eH;o-Y>p`p-fQP8UIM7PI4s`u2{b;vnFA;
zh#%`B`rMR0m{0SApFiA`QGzxUg5j6282@6$G+I$%E$4Lu0|T|rIMpOj3hk^6bFIB9
z!2=mek16>2{I_>^g@($k4LY3(6#|<*hW(}IvG7Q?IC*&o=Ho1@uc3R6#Z#=kD#Vgu
z1Y1HGKWq~lrjtjPCUrZ^2x%Gl=5D#Tsba&xv93PzzlaqwvUwdWd&od{u2V8?7heWZ
zhWQXcm#sE5TxZzJ=>3rZ5K!ic2|#s<xLu8njpsVQid}vM%UKl)IwA*RMj^r)=1txh
z1(!@lPENu#gkGtoK~N0onTUw8Hd$-BF;&P=K6|5&ca?3|8#Xqri$$vP#4ICS&p|dF
zYCfrpu0`k>K^h@f5wL3B%BF)rh^~&4?}`X-?FWmgtW<xI@Za8669TnPLVQS694_K$
zF6{YtT3Xuph0cW2Z#~%bw3**g?c+02nCj+gW|kfH^XE3kKgbEMi%WJqFMi&uY9)Io
zdf)otV0VM&DFcI9{k-G#F@FF+V!oyhenSJ=mAIXQ&Y`3K7E}$!7t3i3)f47Z;<EM*
z&0Se4N$$y#He#1<D0cR)XuvIlX6lm(5yWxfU6?B-;JUjYcL;{sdF7LDNTf0eG=Rzi
zkV!zGUoUq3`t`g2A|s0{%BZZ8dvuanA?!@`9s&34mf0`h?Zt7|fdqoxbk`6iw!!l8
zLG1i;jVhtfq<6+ALm+@}pjCZfO+Ym>vOUXwG=*We(VN!jqTzb-09f@1t*(gv&-b3^
z8@Anim#2-ZpyS?&8fx}VRyLpkrB`}^iYUs~sC4{BT~kvEDJ3NY*_f9Y(KA_D=i{_H
zwbMd{f<Nq?l)ijmPy;>7@74}vuwDZ-3%~R?fa;<v^{;Sq^PnLHgYG^od7Z`LjD>~p
zjQaW0CStbO5FcKOk9-1-JwAT<geDQd8b*hkEfD^<=(%qqzGY;@6xz%`3%<NK-Si9!
z3Q~L9L`bB}f%-bB%S%gsP_tHhT$~+Wre|d>qSY328R?pueERnJj<WXMi0}EkPQlX+
zpS3N!OCEMCcA$lL5G(b$4a>(p#G_WQ;m*d}+kFfro$*EMy(M0&ZylRi>7ebiisim0
z#b^G7muGFPe7E7=^F)66INpa6Z@uA1qtH&JhaCw*hmVYn(``{f2SF{sL6l`~HdXPC
zgA+H%iJ?DCnqJ!FoD7;z<H;%)|Aekz1eBkk+CW19wE3{t7WeB7n|&tY+1W{#%iSg8
zvtJgJ2;Ig2Qk-F>3*Mj7AGur(boY<8{XEV{5Z_W$Bj#sj3O0LEWqgZ^iuhL_Au&Nh
zm?=rdXAy4;vzWCN)8s{xe*9oW_k?WmS-{Zn-HVjZ+!-p<1(^kcUme#csSs9&^;cpN
zhdX{tR}h`Mxk!P+Q6Km#IMI@$Y&A%s8#jh=@;pBR5s}D_)>3NWtribV0YHc$Wo7&=
zPs13WFavh<-2|1KGZVnmk3C-LWNQwyQC}fy+dpEmoF5ylSzC$AKazU;G6z&KC`vcA
z+Cqy^90l<#zh-_f?&%=nj6k3`uK+&FXO(O;!W86&oye8d!56)MYYDiFB9onm{dab(
zY+A1K%f|b`QXmlK=Ib4Qz?2IHqxjN_4}$48h?I@~Sp!t-Jqv;zO}NXg>)OBhE$^4m
zg1Q>DM35VL3W<mhzSj%6oW4OZvqAX^JedJEYVSfuftVPp($c7dp8Gd<r_gvuhN!Ei
zJkfDAHMuY6!gj*h!XVmY7ZlWIPzq5$h~8)C;3&V`TUJa1n@pRd)*T{+hrpH~`(t6q
zma+$6_b^^X8q4!2{r;JNyYO|(5qgn>@bIjZKZ^_;8-oO%Yvk=hdutEyZ_=pd)mzUX
zkAD4{J$sK~6~~3ms`!Iigy9O}@93D;53)8Ca@?Y=JuU21u%|W!;E5q@Kiih&-ZZy~
zT?g9l8o{V{Uu7{~k&1ls#GFL<ot39Jb%-C5_N>qz?78H=WmoSCrkKI0mp*k1PqiYA
z%;us-e~)<lLpId?l7$HekXRp3LR~F)R<1Zq8LfQ}^^l4HlSfT-2q6lOHaghwh9Utz
zbZ@19)xp)ZvM?j#?FR`g2HH$LRETWmhu%@0jV&*yqN3t0g76mECnper0)pJbz?q^}
zaIlZ?Bp5C6RvE8&M@H(u7JwHs(F<*rE1#Z(e;%w6UYy{q8-R}69;-T`P`2OAfmT0D
zBwtFncmD0~mm96|xGb4%38u>HtMl_S;YV$Ag@5uBD{JTcYF<q>KB8PezzUV0E)K<n
zqx1^79t1;XZg*IxCi+Z7Nld$Y>H{N%fn9$L*y?g|a9|*Z+qj_XVej(@9V4LA)i@0C
zI-TB08;QUG3J)&$+&8~NXu6o)#A&~i1+~~hTC@YcXcjyH)m)|n*&IOSY3MzAgyQgK
z&CR#h(-ksVgK>&hhKPbK#wAeE<8(fXv&M3&(f`P>?|!BG1%-y7Am_v5FRJo}j6uID
zX1+v4*%_t*P;cq5J~GdtTk9DWAqsWC!#YxUzMm{CEHm(n0#rDU(Wsf}Fh(O;o7&#?
zZk;fQi7`pk;l1xTEM57F=DBt%{s|>{DTKTxee{mv=Epbi^1r90*$o&>)xIB0gq;%v
zMOV5$YON#{RaIMn&a0#Vnt+>!#}+Zw*`IY}Fej}g;`FkAzTY`V&;c`~rd%`eobJ;X
zAQ2maf`(rIj|OuGc04bYsOwR{r*=BpOd`~Ws-Ol$`UM3!0PXRd4vqT!4|(=ip*yT4
zCDIR<$R9<B)1u8qqh&yK0x<6rLk+S-DJeP>RGh2n3%-l{`M<w-kC&mj*xG8HAHG`7
zZh_Hld5}^pm-@2?nN#l|kxGxP39b_LlL-n6&XDt2ti39?c_Rg58HixC(aNCwS4p)O
zgg;ny0=iE36zu(rUuGSwhn}4Y$U{1oDz%`2p9KnMV^jU_;oB&6cA*7jZUR3|m7%Wg
zR$FgxZxvXI9z1*S!7u&xG#>mMLAckG;2J)@y#)*h6GqVAW7LOHQYEbFA3FBzl%rJF
zTMMx<k1pS+m3AdYIB;0@WGbf)Dt`&_L=45n$u#(iQxnF;#Ay2gBGtI{2$@2H3Qf#B
z7GwOt%(@8W<m9*kDoBFpbaFuzHFq(wGAk-gvV>3hHSS=BNaP6G)!y;KQdW7&&?YU{
z1T5W@p(*ov;sn5nji2wZ<xavPyz#y+k5p<$wVOE$Q&U!};D2KUnTOjo1hgCZb~~@v
z?Cp>i4kelGS&4J;Xvg{Hnn2~j@4e!p#twXPfH#xA&3OJ-{RKoTf*N|o+2+7qkF%rg
zNEBJhWTs0?i(V^2jYP6@a<;uY+Dd{8T@-6z{jJ1+rsMx<NwuL>^(m%3D*2D5SW;SB
zYDP|=g%=hyTml*;rfK=sJz-(iL#@{wI}^fmPEpYA(b3VGC8%v;>#-PVzw4ur5G7q0
zETIb5D)Dg}|D`5H0Q2|rcN<P(9N%N;@8H!uu09TSRe>>rf48g`#{^h-_@aCWczAfa
zQ=W#&!z@GdH%HX8FIgcne5ZvN8A*KWR<Rz~Z!aOb_)F7&h{}RcNcp+U?<%Tvede~0
zGYUhS;1-M!Wvg0oRIh|eTsfaVx69p%lKNL+K@>4HRp)g9vt36rv$Eo_5P&#G^Eq<|
zZ4P7jt7Wh3WEOo-(;XMK$B8pDQ!4n%_+Raf%|)UO>bt><dj9d_M>A8%hdw>HP+TI$
zP!F34LhtH;&!25cIbZ+Y^7KT^qN;0Khh`Ww#{n)5ZV>kOGpGo7r|B{@H%*6lVcfkH
zfB#@*S&`d(T;l;x3O(b@)TdkTtkz@qMtrH<Njz5i9t1D^i8FeTdX<)z>6VeWpWj5o
z;NW3&T-+$@!-qL62;iFPDY&?fT%0m0ikOz6odeSFX@f6-YsP)wy<aw0yU$>*0hKiU
zSWfQY=HM$25$DT`^8~2Jk;)iQe1_uvHzNJATPDUrsFRWoLBp*g|21fk?G<caCK^Cb
zQqoeWAz?u@Mj${7&au1rSWf%rjg8i>uLfa(_#lmsVm$<JLvSLD>kvR)kKlMqke`UC
z)f=*yv?Qv&eYgF6u`PmG<UheFf;pdu=SgjbVkYbJH$Xg1FVB4hK#4|Z_OevPb*o$I
z=uiKxajfe~Lqp)IK$8lpb>A}<uCRxu9du2m5F^}957tFsNLHu9&=f=x)(>-YbE%oE
zaM&wafBz-~YT9TGvWpl~<w5_qN70p5G<$pd%IdKlGs)lCPkpHnh#xf<pG1?T+RyPo
z0SwY3y0vEfWgZ@Ue8^zvSn|;bo-4dJWuHlV{;Cq8-MqNO^bHMF=z|nZKt@6`_W*T<
zG6|vOC5rHZV)Y1CY6C8FnfM16+WPvH%1lm<$Zq*dX1ikSP=3Dtbh3S#eEw(^`Q-D&
z?EEd7P-!dZrP^BpLVXDE@dL+dE>7CH*xCQ0TIqC?*#~M!<Sm#>@*xBYGLgIdR#RX@
z88U43_g53KWju+C)vu2i_zN2Meg-BbK)n#2f+Hg&2kmS}%^i5?Ni*&x5&sn&gb*$l
zLpFL6FXXuKEhy-EmlPvyCe}YE^btTZ0*9NElX_5lF+-d{Sapt)+jewpeVd|Bhf8aG
z;nJKp-p6<EE}2{8!nY>+Y<*FSmQ5n0LMDn@OO<Rj>nYHj-9>Gwery0Eh?Ku?ZCNGI
zJob@=5v)%PsKMSq$jl5-I4+s}N_s`5K9d1~AE$7zf89jWXCk-~a!(^oKH={1>8Xp!
z+qWF=;1jsw(P(Hhks#_I4ZbU4Q=FgA&qjEa9=5{0gY|~7?qnkM*TaNWUqNg3FH!!q
zK?=o^!vwMMJgssYKh!&P)(4FKB?88vFuS|Elke~EhoMo6auR>e&YmiNgNvjMg&4Yn
zvj14uV^WM(lFod1#RmNzHkfy=huwP~^wQc1b`}~$c_a?l*1u3tQda4qk}ueNko3fL
zrtP;`$oQ^X6A@*y<~<{xpRcnVWJT4~*Fr-P2sohGs4Jn$QLWtyj)k!_68Q<3aAb-u
z)ElC<D3=UWR?7&&<0-TSb&VNN9fbIme@cG=z`2@;yD)gH!Y(RYkLRNfXQ5=s$<9tp
zFB67MN00hO&)BV|YNM>JtxZukw){eb#3cl}$;%(XaE401U{!l3CWf{@-g$B46!+vC
zK@x$0j!M26JUEVt0=CV*g?Eui9$ZueAWndR_|Q?U{wJhV+2g|cTOEA$P|}WlCVUOQ
zsm*$Js?>!KFf^21WzFdx4NaXBjN&U6iXkHEfAP<^F@)h4cYt~xDz{x^NBnO4?KwK>
zVbC8y`tE!u6^_6s2!^P4Z0deN$~HTLK%gESj_~Nl>Z*%u(>xJTC^{rPq72W93PD!w
zin((ArcW4TWMt(CtJ9q~L$R^6;5$%`N_){=SEnXmh<7$V4o3(GT6%~CRk!ZkDK-4Z
zfu>DGMD*Y`>cMd2zKV*#`>Ka{a32TJ1A}fmJFl;<t%XE>`M$ElqzopP3+<Y_rfKp|
zdV13k2+-a1J@&nB4tINPE2Gvv<)1grq>`soRasjr?g&${EqQo~g%MZz?Qy`qROWVE
z0DI^rsDyM;IPO1W))8DSliSkVoC`jD-E}obNhA^h<&<A$01Q6)hzWYQQsZt~G=xr#
ztG_aUUhA7Rp%I};D?4or|BG|N`tqt0fmm8yO#>sxYt&5Bx2Ob$WI~}yO5P-ZbioI0
z9>I0M&vCpZI1usYi&Ws8d%TpR2@#d`|Kx!F55LIDiJzY|&p%&?8pa#ddU|@=%f)g(
z#q_+hy^Y#EYqmBL|I`=EiYm^6*K@S|<q8b}DRl2-XJ>!6zPMOw4Jl+1W%VP<KmiyE
zxB5X`Uj!;Mb3j%4oS>&biHNEl*<e@G?$lvGY4!cD>7cHq-g{4j<9o}1Px@zMEI0lB
z{X3A6k+GGDH5gtG0+r^OEMQNlo}HcXuE4`1#I=x^w*$$s^B!ta6Z<P^-$hV^SO644
zRtX~HZ}VPZAmGNra67;R_93=arp)a4`K9B4GzQ`u;ND-7lamKM4#yn_ul##r;pPdJ
zf&vNG*D23TajRWPW&U(n?an<#c)qxQQ&U4D5to2q5-e(GlBrEZL<$k06GtiqzH@d?
z6otc9g5tO_#9vEaT?o1xc;oco5pC%G;z-a*u3fCMnZ*g+0UsE`6YQqdcvr8gEv~FM
zD`x<Lp-_xs!j=Bu-4#A^a&<k61<Za7!xQK`DCHV^TEn(EX&yb`8LP5FJ4lwCE~ydo
zJW~(;3fk>GFb!&t7Mn)>2&aVy(?A8Z%pWj|&HgnMH!djY3S#P!F7-lm%rx+j_06(w
z=VU^+S!z44;D*E`UPl-YWDgg@&W*BP9ne-q(SQHwqluIafHH6+{?B>!MZiA}%8`lG
z-S3EzmY2=$`)QFNfB}X3*e@$IfXRO_7L=46xIyJr!fQUF)Ftl^XTuJ4?)&5aJ+5}|
zV3r{^H#fHp8ud~S102^GF|it;_fZPriz5t|J8Y5;kE9L=#Ln2^+DjKxXjC#)9g(!O
zF9lHRPNsjdw>(WmL?jO}zZ($}8y`??yP%tpKncgTZNKAR(3yhf@*JDmW1ykAd0`1=
zAEUIh!dX3^?m@%s1*Jwh7VzmhI=Z@3qM+KOf@+Njff+A&MN?66tlZ|w!XkamyY~-k
zE^vUtn|nRK81P?(Dhx-TRF>U`*MmYSiTcGq-+ovDmg2QOP|Tzuwoc|{vO!e|&Ds+c
z$>C9+3nAy5?JO*W4!ev9acympF5m?gVSwH*e0+S{o3BJ5EWSp)9-i=|Bt3a6tE~gT
zpTDAP7>KRI9aPEo@yeAd+siDYu6(@(SqiOUoN|F<f!Wz$u^{)orO;XUu^Y^#&JgS~
zFk4$&Wt6osA*`vWsYP!<7u8bZdR#z+0K#+cXhUe3aUaAGQ`<S3zuW&@L7;%wk>O#=
z7%n6E^p#8~#$)|Z@8)(4#Cg7ni3vBzqu+{LMoP@dt$`|P09$msqM<oFypYwk+t8{O
zz~*SLuC9*T+uxrQxGkfo$kj42aWS>OIw%6BRzGQle`*Jrn3x!RL6?K<YY12H8HB>v
zBS8SL7*y=F;j;=+(Y#+DFuv!B!rcI5*#F2hrJ?;k@?It%+I^0s7gv1<VEGwg`BA@K
klKsCw{9p4DVlOc$YKIcCYF>a@6oGj9L>`$dq5I+g1EHv7Hvj+t

diff --git a/docs/sources/terms/images/docker-filesystems.svg b/docs/sources/terms/images/docker-filesystems.svg
index d41aff2522..dc4dc8e687 100644
--- a/docs/sources/terms/images/docker-filesystems.svg
+++ b/docs/sources/terms/images/docker-filesystems.svg
@@ -11,7 +11,7 @@
    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    inkscape:export-ydpi="90"
    inkscape:export-xdpi="90"
-   inkscape:export-filename="/Users/arothfusz/src/metalivedev/docker/docs/sources/terms/images/docker-filesystems-multiroot.png"
+   inkscape:export-filename="/Users/arothfusz/src/metalivedev/dockerclone/docs/sources/terms/images/docker-filesystems-busyboxrw.png"
    sodipodi:docname="docker-filesystems.svg"
    width="800"
    height="600"
@@ -26,7 +26,7 @@
      inkscape:pageopacity="0.0"
      inkscape:pageshadow="2"
      inkscape:zoom="0.82666667"
-     inkscape:cx="236.08871"
+     inkscape:cx="346.87978"
      inkscape:cy="300"
      inkscape:document-units="px"
      inkscape:current-layer="layer2"
@@ -149,7 +149,7 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title />
+        <dc:title></dc:title>
       </cc:Work>
     </rdf:RDF>
   </metadata>
@@ -294,67 +294,6 @@
          d="m 514.91047,422.62215 c 0,0 -1.06434,42.27288 -1.06434,42.27288 0,0 4.45362,-2.8241 4.45362,-2.8241 0.2761,-0.17507 0.46813,-0.15759 0.57629,0.0523 0.10868,0.18619 0.15712,0.50328 0.14534,0.95133 -0.0112,0.42443 -0.0782,0.81493 -0.20113,1.17164 -0.12299,0.35687 -0.32235,0.62363 -0.59831,0.80035 0,0 -10.15763,6.50487 -10.15763,6.50487 -0.27917,0.17878 -0.476,0.16246 -0.5903,-0.0494 -0.11437,-0.21191 -0.16642,-0.53506 -0.15609,-0.96944 0.0109,-0.45857 0.0801,-0.85922 0.20776,-1.20182 0.12814,-0.36656 0.33197,-0.63844 0.61129,-0.81556 0,0 4.56188,-2.89274 4.56188,-2.89274 0,0 0.97884,-39.26779 0.97884,-39.26779 0,0 -3.35907,1.85407 -3.35907,1.85407 -0.27977,0.15447 -0.48159,0.1208 -0.60529,-0.10124 -0.11445,-0.22726 -0.16609,-0.57399 -0.15489,-1.04015 0.0106,-0.44163 0.0802,-0.843 0.20889,-1.204 0.12859,-0.36073 0.33761,-0.62003 0.62686,-0.77784 0,0 4.51628,-2.46343 4.51628,-2.46343"
          inkscape:connector-curvature="0" />
     </g>
-    <g
-       id="text3655"
-       style="font-size:40px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:Arial;-inkscape-font-specification:Arial"
-       transform="matrix(0.67123869,0,0,0.67123869,53.68199,126.56876)">
-      <path
-         id="path3662"
-         d="m 132.8684,367.78607 c 0,0 0.71572,-54.35962 0.71572,-54.35962 0,0 2.66242,1.51122 2.66242,1.51122 0,0 -0.71153,54.62187 -0.71153,54.62187 0,0 -2.66661,-1.77347 -2.66661,-1.77347"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3664"
-         d="m 137.92667,371.15014 c 0,0 6.14809,-16.99741 6.14809,-16.99741 0,0 -5.19986,-22.51479 -5.19986,-22.51479 0,0 3.39897,2.02031 3.39897,2.02031 0,0 2.36954,10.8944 2.36954,10.8944 0.44814,2.07993 0.80843,3.81608 1.08051,5.20679 0.47284,-1.39022 0.90795,-2.61465 1.30519,-3.67276 0,0 2.89882,-7.87895 2.89882,-7.87895 0,0 3.37501,2.00607 3.37501,2.00607 0,0 -5.97372,15.60005 -5.97372,15.60005 0,0 5.92178,25.52797 5.92178,25.52797 0,0 -3.4783,-2.3133 -3.4783,-2.3133 0,0 -3.23409,-14.8189 -3.23409,-14.8189 0,0 -0.8528,-3.95585 -0.8528,-3.95585 0,0 -4.46772,13.08538 -4.46772,13.08538 0,0 -3.29142,-2.18901 -3.29142,-2.18901"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3666"
-         d="m 166.82131,374.91047 c 0,0 2.93572,2.79373 2.93572,2.79373 -0.37761,4.62343 -1.24922,7.86985 -2.61073,9.73548 -1.34456,1.83887 -2.96947,2.11901 -4.86973,0.85217 -2.3637,-1.5758 -4.23108,-4.67579 -5.61088,-9.29124 -1.36166,-4.61024 -1.99867,-10.32878 -1.91636,-17.16995 0.0532,-4.42099 0.40174,-8.10179 1.04648,-11.0477 0.64585,-2.95094 1.59765,-4.88106 2.85839,-5.78928 1.27692,-0.93132 2.65738,-0.95975 4.14303,-0.0791 1.88674,1.11849 3.42575,3.18947 4.61182,6.21733 1.19146,3.01472 1.93755,6.74983 2.23475,11.20086 0,0 -2.92082,-0.72724 -2.92082,-0.72724 -0.24353,-2.97398 -0.70922,-5.3811 -1.39599,-7.22057 -0.67412,-1.8282 -1.50208,-3.03683 -2.48268,-3.62779 -1.47568,-0.88924 -2.68418,-0.33926 -3.629,1.6424 -0.94184,1.95024 -1.44412,5.64763 -1.50886,11.09862 -0.0657,5.53171 0.32577,9.83698 1.17652,12.92095 0.85352,3.09406 1.99526,5.11378 3.42833,6.05501 1.15583,0.75914 2.13411,0.54393 2.93293,-0.65009 0.80075,-1.19694 1.32691,-3.50191 1.57708,-6.91359"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3668"
-         d="m 172.97661,394.46064 c 0,0 0.0905,-8.17492 0.0905,-8.17492 0,0 3.48861,2.27245 3.48861,2.27245 0,0 -0.0895,8.22327 -0.0895,8.22327 -0.0329,3.02363 -0.28765,5.30542 -0.76375,6.84314 -0.47577,1.56243 -1.21303,2.51325 -2.20987,2.85324 0,0 -0.81311,-3.65386 -0.81311,-3.65386 0.65091,-0.22881 1.13685,-0.89297 1.45702,-1.99285 0.32015,-1.07418 0.51068,-2.8142 0.57137,-5.21909 0,0 -1.73124,-1.15138 -1.73124,-1.15138"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3670"
-         d="m 204.77784,410.06983 c -1.27022,1.55778 -2.48568,2.44071 -3.64678,2.65261 -1.1447,0.21934 -2.36657,-0.10529 -3.66459,-0.97064 -2.13127,-1.42084 -3.74779,-3.67649 -4.85717,-6.76514 -1.10483,-3.1041 -1.63719,-6.47275 -1.60031,-10.11391 0.0216,-2.13477 0.25062,-3.94364 0.6874,-5.42825 0.44957,-1.50612 1.02226,-2.57799 1.71876,-3.21526 0.71002,-0.63098 1.50367,-0.94896 2.38159,-0.95288 0.64759,0.017 1.6255,0.25355 2.93681,0.71095 2.68835,0.95136 4.68535,1.32634 5.97773,1.11825 0.0222,-1.02578 0.0346,-1.67832 0.0372,-1.95765 0.0289,-3.07178 -0.26872,-5.42898 -0.8919,-7.06976 -0.84101,-2.21749 -2.10184,-3.83086 -3.77761,-4.84085 -1.55688,-0.93829 -2.71034,-1.00947 -3.46489,-0.21839 -0.74047,0.76925 -1.30109,2.5996 -1.68287,5.49061 0,0 -3.16708,-2.94172 -3.16708,-2.94172 0.31864,-2.91383 0.81734,-5.11515 1.49696,-6.60484 0.6812,-1.51989 1.65517,-2.41342 2.92464,-2.67921 1.27473,-0.29431 2.75127,0.0544 4.43259,1.05105 1.67794,0.99472 3.04366,2.25211 4.09313,3.7721 1.05306,1.52531 1.82526,3.12483 2.31452,4.79681 0.49033,1.64692 0.82696,3.5698 1.00937,5.76792 0.10151,1.36012 0.13673,3.72492 0.1056,7.09479 0,0 -0.0935,10.11679 -0.0935,10.11679 -0.0653,7.05995 -0.0372,11.58025 0.0844,13.55797 0.13448,1.95911 0.40887,3.94126 0.8236,5.94773 0,0 -3.55349,-2.3633 -3.55349,-2.3633 -0.33594,-1.80359 -0.5439,-3.78856 -0.62416,-5.9558 m -0.12224,-17.05427 c -1.23154,0.34731 -3.06331,0.14247 -5.48491,-0.60924 -1.36335,-0.41924 -2.32581,-0.53009 -2.89103,-0.33412 -0.56424,0.19568 -1.00286,0.73389 -1.31639,1.61435 -0.31298,0.85222 -0.4758,1.92485 -0.48867,3.21853 -0.0197,1.98221 0.29058,3.84732 0.93197,5.59804 0.65498,1.76261 1.62279,3.0659 2.90625,3.90947 1.27641,0.83893 2.42209,0.96176 3.43544,0.36456 1.01669,-0.62694 1.7731,-1.89094 2.26739,-3.79238 0.3778,-1.47261 0.58252,-3.87376 0.61388,-7.20158 0,0 0.0261,-2.76763 0.0261,-2.76763"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3672"
-         d="m 226.91498,430.33317 c 0,0 0.056,-6.79135 0.056,-6.79135 -1.69979,4.12585 -3.95958,5.23997 -6.76691,3.36841 -1.23125,-0.82083 -2.37518,-2.1017 -3.4326,-3.84047 -1.04088,-1.72429 -1.81148,-3.52427 -2.31374,-5.40182 -0.48827,-1.89422 -0.82487,-4.02954 -1.01034,-6.40682 -0.12775,-1.59592 -0.17698,-4.02489 -0.14772,-7.28678 0,0 0.25063,-27.95019 0.25063,-27.95019 0,0 3.47921,2.068 3.47921,2.068 0,0 -0.22098,25.15376 -0.22098,25.15376 -0.0353,4.02044 0.0122,6.77614 0.14272,8.26649 0.20297,2.17003 0.65699,4.07445 1.36316,5.71471 0.70804,1.61546 1.59303,2.77268 2.65633,3.47053 1.06676,0.70016 2.07587,0.76801 3.02668,0.20066 0.95364,-0.59783 1.63329,-1.79901 2.03728,-3.60358 0.41794,-1.82668 0.64337,-4.71043 0.67595,-8.64861 0,0 0.20406,-24.67831 0.20406,-24.67831 0,0 3.62583,2.15515 3.62583,2.15515 0,0 -0.37466,46.37229 -0.37466,46.37229 0,0 -3.25092,-2.16207 -3.25092,-2.16207"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3674"
-         d="m 236.84818,436.9394 c 0,0 0.31458,-40.68866 0.31458,-40.68866 0,0 -3.27066,-1.97443 -3.27066,-1.97443 0,0 0.0485,-6.13244 0.0485,-6.13244 0,0 3.26986,1.94357 3.26986,1.94357 0,0 0.0384,-4.9718 0.0384,-4.9718 0.0242,-3.13718 0.17313,-5.39171 0.44675,-6.76504 0.37445,-1.8466 1.0157,-3.14492 1.92523,-3.8952 0.92597,-0.77365 2.21207,-0.69593 3.86256,0.23811 1.06731,0.60412 2.24898,1.54093 3.54628,2.81271 0,0 -0.62418,6.66996 -0.62418,6.66996 -0.78934,-0.75385 -1.53564,-1.33338 -2.23919,-1.73932 -1.15067,-0.66373 -1.96603,-0.6152 -2.44858,0.14318 -0.48194,0.75751 -0.73333,2.55103 -0.75467,5.38196 0,0 -0.0327,4.33654 -0.0327,4.33654 0,0 4.35398,2.58795 4.35398,2.58795 0,0 -0.0456,6.23957 -0.0456,6.23957 0,0 -4.35509,-2.62908 -4.35509,-2.62908 0,0 -0.30843,40.92114 -0.30843,40.92114 0,0 -3.72704,-2.47872 -3.72704,-2.47872"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3676"
-         d="m 246.46465,429.05307 c 0,0 3.81968,1.1922 3.81968,1.1922 0.19276,3.35392 0.7721,6.20708 1.74012,8.56243 0.98544,2.37207 2.3721,4.14723 4.16469,5.32459 1.81668,1.19318 3.17579,1.3205 4.07171,0.37548 0.89826,-0.97786 1.35491,-2.50699 1.36833,-4.58524 0.012,-1.86394 -0.37148,-3.58214 -1.14903,-5.15206 -0.54183,-1.08052 -1.89103,-2.87259 -4.03793,-5.36553 -2.87017,-3.33767 -4.84719,-5.88768 -5.94667,-7.66691 -1.08128,-1.7942 -1.8993,-3.82568 -2.45597,-6.09572 -0.54119,-2.28674 -0.80303,-4.59245 -0.78627,-6.91984 0.0153,-2.11796 0.25669,-3.93345 0.72469,-5.44816 0.48302,-1.53765 1.12853,-2.66509 1.93745,-3.38209 0.60808,-0.56866 1.4316,-0.86027 2.47213,-0.87408 1.05827,-0.0353 2.19002,0.30354 3.396,1.01839 1.82428,1.08147 3.42677,2.57943 4.80442,4.49544 1.39816,1.9329 2.42778,4.04798 3.08549,6.34283 0.65928,2.26923 1.10658,5.05898 1.34104,8.36831 0,0 -3.93498,-1.30965 -3.93498,-1.30965 -0.1613,-2.60573 -0.66572,-4.86818 -1.51169,-6.78511 -0.82908,-1.90296 -2.01211,-3.31622 -3.54556,-4.24034 -1.80214,-1.08596 -3.08681,-1.24118 -3.85989,-0.47117 -0.77146,0.76845 -1.16235,1.97686 -1.17391,3.62665 -0.007,1.05006 0.14407,2.09235 0.45452,3.12753 0.31055,1.06635 0.80269,2.09487 1.47721,3.08626 0.38829,0.54294 1.53561,1.95069 3.44979,4.23261 2.78949,3.29205 4.7444,5.79841 5.85003,7.50277 1.12436,1.68881 2.00304,3.68747 2.63416,5.99522 0.63237,2.3125 0.94024,4.88426 0.92265,7.71231 -0.0173,2.76736 -0.43134,5.12235 -1.24099,7.06139 -0.79291,1.91427 -1.93089,3.05649 -3.41056,3.42835 -1.47342,0.33983 -3.12755,-0.1039 -4.95957,-1.32524 -3.01245,-2.00831 -5.28496,-4.82452 -6.83171,-8.44857 -1.52498,-3.59708 -2.47979,-8.05614 -2.86938,-13.38305"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3678"
-         d="m 267.46509,458.46409 c 0,0 10.16276,-64.44628 10.16276,-64.44628 0,0 3.35985,1.90154 3.35985,1.90154 0,0 -10.22211,64.7453 -10.22211,64.7453 0,0 -3.3005,-2.20056 -3.3005,-2.20056"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3680"
-         d="m 287.73074,470.77961 c 0,0 -3.98413,-2.64971 -3.98413,-2.64971 0,0 0.36657,-69.26132 0.36657,-69.26132 0,0 4.28286,2.431 4.28286,2.431 0,0 -0.12574,24.80354 -0.12574,24.80354 1.84841,-3.43804 4.20286,-4.3171 7.07399,-2.61515 1.5995,0.94822 3.11282,2.48894 4.53901,4.62548 1.44866,2.12297 2.63509,4.62828 3.55675,7.51533 0.94101,2.87289 1.67339,6.11301 2.19582,9.71903 0.52331,3.61258 0.77764,7.29172 0.76223,11.03361 -0.0367,8.8888 -1.19889,15.02735 -3.47692,18.39523 -2.26525,3.34891 -4.9514,3.97742 -8.04813,1.91293 -3.05429,-2.0362 -5.42013,-6.12345 -7.11007,-12.2502 0,0 -0.0322,6.34023 -0.0322,6.34023 m 0.0826,-25.6991 c -0.0308,6.05748 0.36263,10.70405 1.18198,13.94323 1.3439,5.31484 3.18967,8.7503 5.54452,10.29694 1.92772,1.26611 3.60983,0.72174 5.04245,-1.64447 1.43781,-2.407 2.17299,-6.89882 2.20167,-13.46572 0.0293,-6.72399 -0.63702,-12.10528 -1.99483,-16.13506 -1.33586,-4.00333 -2.96003,-6.57643 -4.86901,-7.72687 -1.91517,-1.15407 -3.57055,-0.50907 -4.97003,1.92406 -1.39445,2.39298 -2.10547,6.6592 -2.13675,12.80789"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3682"
-         d="m 322.12463,485.58433 c 0,0 0.65936,8.40758 0.65936,8.40758 -1.33673,-0.35442 -2.52804,-0.88064 -3.57528,-1.5781 -1.70425,-1.13503 -3.01872,-2.52454 -3.94739,-4.16917 -0.92628,-1.6404 -1.57435,-3.40805 -1.9457,-5.30454 -0.37079,-1.92713 -0.54592,-5.5546 -0.52573,-10.88197 0,0 0.114,-30.08386 0.114,-30.08386 0,0 -3.36894,-2.03377 -3.36894,-2.03377 0,0 0.0272,-6.84805 0.0272,-6.84805 0,0 3.36786,2.00182 3.36786,2.00182 0,0 0.0489,-12.91135 0.0489,-12.91135 0,0 4.63253,-2.66881 4.63253,-2.66881 0,0 -0.065,18.3241 -0.065,18.3241 0,0 4.72675,2.80952 4.72675,2.80952 0,0 -0.023,6.96866 -0.023,6.96866 0,0 -4.72829,-2.85438 -4.72829,-2.85438 0,0 -0.10923,30.77205 -0.10923,30.77205 -0.009,2.54809 0.0632,4.23726 0.21665,5.06728 0.17091,0.8418 0.43796,1.59732 0.80137,2.26677 0.38115,0.6815 0.92028,1.25067 1.61806,1.70755 0.52419,0.34326 1.21588,0.67931 2.07599,1.00867"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3684"
-         d="m 326.68371,496.68588 c 0,0 0.16352,-53.31935 0.16352,-53.31935 0,0 4.33405,2.57612 4.33405,2.57612 0,0 -0.0231,8.11168 -0.0231,8.11168 1.12479,-3.12783 2.15869,-5.02087 3.10122,-5.67423 0.96285,-0.64401 2.01732,-0.62746 3.16426,0.0524 1.66273,0.98571 3.35799,2.97819 5.08643,5.98483 0,0 -1.73463,7.50163 -1.73463,7.50163 -1.20956,-2.06252 -2.41678,-3.45673 -3.62177,-4.18598 -1.07402,-0.64988 -2.03784,-0.62407 -2.89238,0.075 -0.85268,0.66393 -1.46157,1.94671 -1.82782,3.84834 -0.54904,2.90043 -0.82874,6.26858 -0.83955,10.10792 0,0 -0.0793,28.13461 -0.0793,28.13461 0,0 -4.83103,-3.21295 -4.83103,-3.21295"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3686"
-         d="m 346.63844,509.95707 c 0,0 0.0968,-47.55946 0.0968,-47.55946 0,0 -4.43131,-2.6751 -4.43131,-2.6751 0,0 0.0162,-7.15908 0.0162,-7.15908 0,0 4.42975,2.633 4.42975,2.633 0,0 0.0118,-5.80848 0.0118,-5.80848 0.007,-3.66486 0.19039,-6.28429 0.54899,-7.86025 0.49107,-2.11858 1.34725,-3.56796 2.57091,-4.34826 1.24623,-0.8062 2.9874,-0.57829 5.2303,0.69102 1.45137,0.82149 3.06136,2.04536 4.83196,3.67489 0,0 -0.79224,7.74699 -0.79224,7.74699 -1.07705,-0.96968 -2.09389,-1.73012 -3.05099,-2.28234 -1.56464,-0.90254 -2.66858,-0.93449 -3.31577,-0.0995 -0.64623,0.83385 -0.9719,2.90502 -0.97777,6.21534 0,0 -0.009,5.07119 -0.009,5.07119 0,0 5.92043,3.51903 5.92043,3.51903 0,0 -0.0107,7.30549 -0.0107,7.30549 0,0 -5.92257,-3.57534 -5.92257,-3.57534 0,0 -0.0849,47.87735 -0.0849,47.87735 0,0 -5.0619,-3.36649 -5.0619,-3.36649"
-         inkscape:connector-curvature="0" />
-      <path
-         id="path3688"
-         d="m 359.60073,501.90418 c 0,0 5.20059,1.86777 5.20059,1.86777 0.29001,3.96114 1.10193,7.38322 2.43911,10.27061 1.36176,2.91073 3.2661,5.17238 5.72054,6.78444 2.48967,1.63519 4.34728,1.95881 5.56379,0.96109 1.21993,-1.0365 1.83154,-2.77869 1.83229,-5.22389 6.2e-4,-2.19296 -0.5384,-4.26389 -1.61481,-6.20909 -0.7497,-1.33918 -2.60804,-3.61528 -5.55946,-6.8122 -3.94075,-4.27425 -6.65395,-7.50944 -8.16465,-9.73106 -1.48522,-2.23573 -2.61386,-4.7171 -3.38893,-7.44614 -0.75395,-2.74593 -1.12852,-5.48045 -1.12491,-8.2074 0.003,-2.48146 0.31617,-4.58205 0.93929,-6.30404 0.64345,-1.7475 1.51123,-2.99566 2.60481,-3.74404 0.82208,-0.59757 1.93976,-0.84564 3.35554,-0.74295 1.44048,0.0796 2.98492,0.60687 4.63457,1.58472 2.49729,1.48044 4.69744,3.42626 6.59564,5.83924 1.92772,2.43694 3.35406,5.04673 4.27363,7.82559 0.92183,2.74989 1.55812,6.08842 1.90744,10.01415 0,0 -5.39591,-2.01583 -5.39591,-2.01583 -0.24253,-3.08522 -0.95109,-5.80694 -2.12313,-8.16184 -1.14834,-2.33544 -2.7751,-4.13563 -4.87465,-5.40091 -2.46541,-1.48565 -4.2164,-1.81727 -5.26239,-1.00324 -1.04343,0.8121 -1.56519,2.18465 -1.56724,4.11944 -10e-4,1.23148 0.21335,2.47259 0.64434,3.72428 0.43146,1.28852 1.10985,2.55443 2.03645,3.7988 0.53331,0.68393 2.10812,2.47474 4.73703,5.38635 3.83534,4.20888 6.52812,7.39657 8.05468,9.53851 1.55295,2.12718 2.77297,4.59004 3.65706,7.38727 0.88613,2.80397 1.33003,5.87348 1.33006,9.20426 -3e-5,3.25947 -0.54743,5.98195 -1.64026,8.16269 -1.06972,2.15296 -2.61798,3.35081 -4.63932,3.59644 -2.01164,0.20856 -4.27524,-0.52848 -6.78627,-2.2025 -4.12399,-2.74933 -7.24172,-6.34882 -9.37583,-10.80056 -2.10254,-4.4137 -3.43626,-9.76409 -4.0091,-16.05996"
-         inkscape:connector-curvature="0" />
-    </g>
   </g>
   <g
      style="display:inline"
@@ -553,7 +492,7 @@
     </g>
   </g>
   <g
-     style="display:none"
+     style="display:inline"
      inkscape:label="Debian"
      id="layer5"
      inkscape:groupmode="layer">
@@ -1178,7 +1117,7 @@
        inkscape:groupmode="layer"
        id="layer10"
        inkscape:label="Base Image"
-       style="display:none">
+       style="display:inline">
       <g
          transform="matrix(0.71864924,0,0,0.71864924,102.10269,88.99025)"
          style="font-size:40px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:Courier New;-inkscape-font-specification:Courier New Bold"
@@ -1253,7 +1192,7 @@
     </g>
   </g>
   <g
-     style="display:none"
+     style="display:inline"
      inkscape:label="busybox"
      id="layer4"
      inkscape:groupmode="layer">

From 8c2cbfa0963e953cf75fe09ec688a6125689cc6d Mon Sep 17 00:00:00 2001
From: Andy Rothfusz <github@developersupport.net>
Date: Fri, 14 Mar 2014 14:48:13 -0700
Subject: [PATCH 097/384] Add parent reference arrow.

Docker-DCO-1.1-Signed-off-by: Andy Rothfusz <github@developersupport.net> (github: metalivedev)
---
 .../images/docker-filesystems-multilayer.png  | Bin 104199 -> 118391 bytes
 .../terms/images/docker-filesystems.svg       |  66 ++++++++++++++++--
 2 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/docs/sources/terms/images/docker-filesystems-multilayer.png b/docs/sources/terms/images/docker-filesystems-multilayer.png
index a4260004e7636863f5f8dda6cf5027b4053cd219..daedebe9c111b73c621cc7fbea1f61a5e7477c7e 100644
GIT binary patch
literal 118391
zcmeEtWmg<wv+WEL+(RG`G`MRB5MZ$2?(PZht^>gd?(Ul4?(PZhPH=a()4cCFKjD76
zEE<?$rl(guRlD}yPj!gAtQZ<H0Wt^#LX!{|Q3QctNkJeOb;LKoGbzq~w!kkq2O$Y%
zMBvL4(Kr}*jASdW;Q+jT_VoY@(WJTpPri2)Rd-af`R3?iU~d9)adBZXv$k+BGO#sa
zva$c3di;d|1R@1VhzKgXrX4Q3BpItD3!L7hIh>Rd(z&E$><tR*R#CuX!HKA9vmR76
zlo|A@xad5+chRXX8*2K-l1&~)L#Ge1e<LCM4Zq7DeX{Wv{i<!(Nu-vFPH}f$#-(>g
zAxS}rjmolh)A!^0m5a6@X*oF`VoV`KGJi}VQ>-yQFPQ)QiI@$G@CFlj4tO+{(+TqX
z?@Kf}@FD;E;;=Wci2wVxaea{Bf8WJOfJ*wm?-%_6hI>6JB3X?o3zYP~r+SC>|4;h=
zGN$9#mq<XU7j957FbK8kEbRgV0}m@JSuG3=yHZk8s_Yxnl1F#`Di#~ZN#=_;YJd7N
z%GClT<lk|hzmS$J{)rz*GM+@j>bS}#v&tbeT4%Lt_ko!pyeUMa>u7hE#>LsWiI0yj
zzpbrpVt@Kq*q&p`$zC}TkRl`hNs))*;$m8>$pRT!AD?!19v*WUS=ohT>ApYTs-v};
zzQ+TfS**;aJ<F**%C0RCe4BOv#v{NJ!VzL2gNqfCr-WBf#HNG?(}JNOmN))p$Q-c2
z)-;A9Z^u7|iZDQf^Ml{3QB3~|HlsIO2u-PDkc-fqvd?3&QoWR{bCiM`63tn{R@k7-
zc|#p?J_P59p}dCG3k&lF1pH9+*TXk~(5U#ciQ>n`DGuVt5==G}ux7Kr6LDl@L0b+J
zA#XF$@TOd9ICEW+p}@ALi?`?H<sFtvV4y8kugq~B6GXtZT1@b`^uZTGBqDvy=rQ8B
z;jJ2()KBxUu&~zy1HpX!{JOs=Htie5E7dvZ$;kdSl^wtNf{Fy5ZNwzN5Qd3YR8+xx
zYmRpyZGnmup9Knp@2Ppqnj6~V@wU=Zl-xj^G$A($7q<xqC5b40DuQ;qhcdj6GK?zV
zogC5_YVAk8lQk!S1I~mp^d`B_UWQ`C%**7scMLcIW^|z%bSQ3gQqz$zTU#&}!<4OS
z@xgR>#g1WcOV~x888kL&H07w6t|E5^4GLdCm@Vf|<e)eqe9NMoI0=F`AF|D)O{F&i
z3*fPIP{^CMlMCLfCv45v9f{>CaJ>t23lYgllPz2>D=Ryn$d{5DPGn{-(`l|VPN51U
z^v5jec!h@xns~{}06bmWHwXwv>+1&1O-rWk?hAi*F1}T&|BREQ%++QRdtG_~mM<gW
zP?U6s5&x(Z%rr^b;y6D#g;EOT)$v)VX$p)?xxar!3<wKHyeFZj#<!>G?Vi1PJe(nS
zsAdGqk!i>8qC8n`1!^V@1~Lr}GIa*ZVB-1gs0yy!f{(>};;j~YOg`2cBSGs_0y3gx
zQYN%wCaiKMjS$gdh+AXP-BwPtgOsw$k8mw=x>U*`Ldqd}99&m87z}0k;w9y7v}}Xk
zBE`n+ILV<T<DW?3tl4G+TpaK4Q?^qBk5daYN|#*6O{c<o4XxRd8C)D48+3GZ@>f<?
zCPH!Phb(4((-QPW1PB5ZsPvj4*C=HN6Ms{=7N4G;uIsE84?{wbEbQ$khQ3vQ<Im(m
z3GmZkc-Ou4)j&Mh6+8<&a+PJ)s9+=>1<L9&5lAV6n$<>u0*l3a;IJzxLewE?apXh_
zqy?14xbZzzxSY9?)kKN&tfFa2#<D_HrY!{66s)J|XRYwHhB2C~#V$8T3)HH}#<XH?
z{KLj%!lGnyCbUwbl@JwLIUpEM_6iqEF=Wez(v6fb*3m_ZNXk^garNOeqow|YByVrJ
z^UeHV#gQOpPgNWe@0H@%2JvxI`Wi+!$}BW7$CGUczA`Q;KUf)7CM8Pd5A8WF933As
zG3qqc)YxwgO$^1;OQi%RA|Yn$V7z=2L}Vlw;kKNw>RoAa`o+${VH_D5IV&W@l*o<}
zAe1-J@PUcz{MX;%uC+9^L_$_t%J{#-;mVX0759>U*&QsnoPR2)$qeZY3*SocLZr16
zClz|^DQZ9DYbZo6D2V3TNgOp8%W9if=IK}FQDC76!z|eOgPgD@Y_YNRd&|76X$9k|
zlsBuTw+oYLwu>0HgK4%j)LUt>%e6VQ>y5uHlNT#n2Q$QhsHlU_-vpoQ<akCx)^K{g
z<kN!IzYZ?MaAcv<<j1fS;2ZfVyknC3rECopNowGFa>3qWozAZ%3Tz}U;>hL#v-8|Y
ze)oTm7o#NewW}ciu{K1YNf!CWVc$PIl)ffHcX#*5?rsq$C#Q)CTk?IBe!}pU<i+_P
z|6B-SxI>u)S#gvfEm?4!pI=;79>qGmjE?x&Wd%w0M1wT>H+<|r#G;Dmn3K^Qmih@(
zp(VjYS4BihQy~)j%0faMw5A+n#asH~5CmdLUs0tPQ6+45vbp?GM)=?^4wSENYO;KC
zk8Kun&MF0Eq{FL7d5b;n_JW7DLN15a#eIaph{<j(F$Mtz=N=f6otIOac+Pv=<o?$Z
zK+9hcLqkPPikI}`1VCL*R(2)`u3DYpYYAEQ;awn!Z8u882>k4?csMdRB}HsnIC$C=
zAsD5O%ciZbSfZ%aOcajvF-2Dt{_${=3Ru+JO7wIG!Z2Zh@o=a}h>UEVzL6Mao|aK(
zAqG?hUz3wE^vStIO}tZv3=@Xzqv`6U^G>i4zm&ja7MZ_<t{D`Kp%$Ss%TMPAIPRGP
zD^D(~U1h30VJcLmE?J?jSY=H8Jp{eDuo+&;(U$b>r_9;ruwenjY%g4ZdN}6-$YgY}
z{dZ(+Eb6sEsR{{MmHV5E7ahm1op+qVW+Mpgra4#@Pzx&3!uy)*30awmblZO{;$WgT
zRF5AoOb_k(Aj&{kWF}?E6QikMGB*wloQ9M5<%Lukr(fxxr}|bHM#uvxIz7kGQ+{JZ
zI8H8tCHnn$a^68>>(C*?e2EoC#VwC@#S+{1xMu2KdpU|O8C0k;xkJ?zMAIAc_H^?_
zar{2pbs9?a8q#)Rn`Kk-P)Ir3@hvmjB9RN3s&#|>&|PC=W8L%J=HC+$)lySYnaBHU
zGpUhalV|K4Sj#WcXJ^NZIhVr;5hfA_@F79EwzpU)L?)1%K8XI6)braCHx!LG;00Ia
z5LX+;d^L*UmXOFrD(;Q(TVQP=g_trI!jRm~Wl{A7*67<Oh5W&fPqw2ve@}Oj%mRrE
zQ+6{U=Sx)WhUHKup@BT5q7>v7;i~jR(C+u(?rGDZQ6Ep5Dpsm1R=8?bh-g+A7fvZH
zr}a+e7-+l|LOg<Jfo6GiU0&AInN3oCx3wK3AR;Q|WS&*SE-{kl8)aXD5<WBFM3jKD
zXIivTkO(mU%40HdmoRWvbz!g<i}$mMG9ZZO5nzAFUu3mbSIFcZw{27aay~XnlYy*=
zDDf6UK<I&ql~49=E~>9TFlpeYV)T0>a$c2Eein^CSbOnipS@=>Zr))Dnh3?4{^s}p
z7>`@|LG&;w&sloBj6Z+gPS6OcGe<&VgLd#AZ8jw@yp%H%5c*)^PA)=Bp$8&VQqx4*
zx5$URczQJmZ{DOuM`OJ*s}W<iZ&b0B=Xah@f#&Q+@<1UlC1DC}#J6HA>&PS0BTefh
zI*B^AGEu10{id2aYO+*GNi4N3hg%K>@{d6~_ppc32|K12+m9OwsEDJWxD#xCo`Kuj
ztUhY7q$C0pHeLx)=a?a(gh8PQ$$I=Zh^rszPJ@vjXIgnLD{jaRJ*se%i}}SDmJ2zk
z*Js^H{?QI%6A4K<BQq{jsxvTNU*3Sp{I9>_L*&Ei+n<iU^PlzLSi~ukzGWf9MaeVv
zY-`0voO0GFQ^xM{Y4|l9PF_d;O*&d6l3XeW%}73ZOME#rLBk2oyfmAYEGf1p3OeR1
zLc6Av8yAUYZU|&a2o_Zpj<U2ITk@zsI7ge5y%j?@|AvfIQu(@H9=Yqe$oxbYpSTEU
zTOssK#sO1l4TxMe(kdkwX4%v{+)_?Rz;zCwA74iR8pQhbDhaKd?(*}#2Po<$7uowl
z)!tyjKr4srDGS7V6sIC25{}=wkDfzLwEC~wYJJ=OMRlmxCBPba+z&$#kH{t%vG{p9
zdTu|3%UPok78dp=|1k-kdt{*hVJIx{Q7TWXfUXD*aizxLvxxz;NcD56<VFpV5=BBx
zjZ6Gg+ULS?f8#TtnB(*Z(Tk~h0}}SvIZ`_Er2rw5*ah-i*nc`4?f+?F@w9J+d)q@Y
zUxM%vR+EK4FC@eu{CgjebnGs+u^KC<i1EE26t>90$FMA|s!v%7jLAfa92xI^=Zcvw
z4>ztfE8^3mqhG27-HSvX4l?7CDa+BW;dK9uL}O#+{?oHrL{-pVJRqwWo%yXQDZfNH
zYl2awfN5Hd<TH4rd#6~HgnWAc2T*;nLlIa6auTH;?=cdEs3^lIfuu!d94D($t{+oO
zhe?W<MgZuDoB>D>MaWTDG=XGO3^+zTDmF2HqVGKqsPf?x8haXw;3Tuk828bx)@d-?
zxcUzmCY0DmLr(%cWbwb^tCA<=IWuUZNAIt@->_w0mHl&HZR$|>!Y`ElusSVbie9Ci
z<=K#V7GfnW9nQka`R@23YE)h$sh}jOu!|8}<-p67U{SM_f45KiD*IC%XMuQ&@WcwI
zP}nQGr3|O+E|z+Q>?Z$&{eM##PdARIO_^5&Qfdgx)M@;cNvn8(di1~ms&6)zV7HYX
zw$)|pvH6@1zO$#|-OtN|&bh32(x?`O=5Zl^K3`Caksoh=FQSviQK7@!N<_kh5kcve
zG%+qU9M99=v(9#6!d-~L)z)i^IH1S4s&&K&#I3Qxg1PPa6dsA8z}hCWk*q*fKwUH-
ztKvaY1d!-UNf9?D1z$Pb8^JSuDhNn9feHA}2hm@#iD^mX!!wf05l93wfqbfGHB<l0
zIu+A}UNd?;K#B$n06kTF$XJFb;;xQV<4SED^QLWdy7BYrJ3f4(DZdb_l%x+P<m?4^
zlN(LE4TGrNk{LARB3)F<!U`X;uYap6NaWfL#^?wgsFT-Z;A)>}5#rNhY-yeh!ME}Y
zIYi%?4fU6#_Jy;t^7R?l-balpYLr+K>@<qN$IEQ^4NXvDfy6b6`9-=Ye-;p_k{lN0
zI7`PkM&>wcn~sZoK5v|O$fD%UPuSnoEYVu~8UrZzYiHnc`2#3<{Nr~qXR`Z8J$^H6
zo8qg!snPdL9qF#<y1i`J7HD3H!dR9Bcx0Rw@+$WXDrsQ0X-`a#W0zek5Ca~M#+g>_
z-C@-rnd@PUE|=gNu`eKgAg)F~eg?H-NE=fp4ag`YXBGf?U8S5i#Ei4o2nQ26)Ir_B
zJw?Tgh5h_t4+|bk3TqO^T$HlXDD<<P=p>(_3pO~MlHyejMObYy%+uBy7mg|Fd_Y{D
zTtx!%!?YeK&TFly5GjXcg^b2y8k;twc(sD(Q&mR%qglT*D}u}qGa}!FfINR^>HRe^
za#c!&RV+@6qT|QHwjsw-vbrKKl?FKx6a2ychUQ6$d8`-Y<GW9jOfbo*Ii8O4C{%$-
zNguMw*+)d2V+OUUP%(Nxlv)v}3Dm`__16Wa_W1%*b;^q1yC|;HznDA^TrDiTDWFUz
zgu<u;5)NY+#s{w=hy}^tsgeK=K(^bfX95!MiHQaf060b#jmup@o#O3Ss;Yrq6>PY&
za43OwyXM{Q<YC+;L+~(y`GdOU9P_Dl6wVB3k2u$*wpN35)(m?6;nP6~90^}Yne|oH
ze&7>M`JIuylT|0ow{I%D$FwF8i&vwXa0xl*TVSbEIklZ^kUW76QAaj!#jpby2RTve
z1R__s5<>=Re;pMMfF0tD)4jDKK^^<Buhz{2fE%W~STYE?Hl;R~rRhH8Ns5?1G0gsh
z8$=Vgn{}G%XVhO&T_)MT&8cgXt~G-EmAfPxF4$^wV?<+P@|!*%9OAl<+LzswZrl%b
z!<7DVDW5mdkd9R1=PCLRU_?|5&8bpdOe${|(x>*tckK&5&CQr^IOgAvRhVhl-gJgY
zE!0Z0QZp6BVlpJeF=WIstdP}+1Q{1Il>sb|^$#pt%d64!@ajET1)Y_*ws(8&`y$HZ
z<zG~_Gg7YJ+ca{MKoEDAy|hn`wbWz1zA0bSSxx__6bzr0gG<d|*&L%PIiIF_u%9z7
zCxkc&2NDW@rF80|@|dX<G3E2p)@w>2q{l$IG_km~Y##j8@k2jP4`)M|AQRt!oPB8X
z60TI4B#B|Gm;o;YHIXTRu>TB*@eZ7E{(TmZ@9T4_T3EaQ`iW1pYQL9VDy;N3d?kxD
z`h$-7ZcVAxuI}YXO0TZjLMtE|YluX?r2&B<khc6W0OKyT-PQjlnPH1o>IU(hlmsc9
zdP&e?F)_MW+UJ+Xw`?49b<?L}2>6-!Gk41QgZ%7e9;0Pk%3iUpZ`aQ${vtjo#HE;}
zsg~5)8LN9$yqXREzF)_WaTOg5{l0d~Y?yvw)c8VKBSJl^sG}(5a<OnhUIS|k2t?<Y
z62puE#R&7(UyU=hZ-r?AC@XyBZ(mtXTRvS+-#8VlJ~aMxx-8~(I&04rVb!w0&XV;k
zWNLDleW6HrTF$ovfpYfDr=7GAzWq|H>CT}YM3-&c?(F~L@!LLZif|=IPUq@~V)Zt7
z<}BJq4(M%2@1)iPh!=AEnD6A99AESf_m4&}9&d~fTf#y;&eMRZIpUwQ3%P#ZDDcd%
zZ{yvUbh{nIdp*TnWZ0H~Y3jH`&}U*m^#`+Cc@c-d4v&?{tc<^FvMIsdTyuhZKYwc=
z^oJKJ$!nlBEniWt+vkiH76g6eFz$wtkB38w-UTq&;U`rfp(FfH@*jbm+J!>Fa7XNM
zF}2u&V=rlK)FXoL9Gt)ul@8#%^+so=KmYMHkLX_m6IfYQC5Awz|C@)Q=w)e2u00C>
zsf(AFy8UHPndS7+de2HxmwTzE%uiH_7ndOAUIKWNj?g=Yn#Z~2Xg)7uQ)@u>#Gf3s
zIVA#xhu2NzSTky?>#o~qdr_WqKO_u8VAFDYlc7UmmwEpS38bItD6668J?7W9VvP}<
zX^nWuQ5TCFC8Pu2GvBx)ga{(V_f#Ofn@VlE1G=QoUtR~Ilb7?$4F19Z7FD9{A90Xe
zi9tgNvk#ts9z6~ZKgMa11K4I-r6fPBP!*N0Byi`MWBXu}3j!7U+|D`vLpvEg*}D)y
z%<lDn4ax7swDoJx^_M<!1R^31pR!6Wqnkr2ri<i0P*rSsuH+Tk5fI}MdOpXnLFzzG
z5Om@P*W!aDNaCrxe|tslJI23U*x$hUiAa@2XP#yBiF^WiS383LE&Eiksd<0w6uWoY
zYK8;p58{;*ut)Mw6Fof&IIFHQfI&(3gLsMz%O7*Tw`A9(w!a1H#sUD-hqnhwlM4~6
zR;Z-SJBGTSR3Pe>I|=%nm(VqAh8mRH)C|@VpY09d6o&0x-{<OH>cID5l$0Uri=3Yp
z7jKKA@8%O@x2TWV1^;@Y0IX7Q)JK<}Un^c^vtV~l?WGY#`CwSa^C5Td{!}6UWjI~|
z0Gn)Bq-$u_lOMwjeAJwE33N)P6h_FIZg;>wnx?Z7#?QG}Kg;^_4@JyN0hhIwK??Zb
zKc8_MX^}xu?Po7(Rxj?>qaC9CjEm=iPQwT<cU!Fii#`^kHyj|)bHewl=oe2dm%B3$
zf-VFQgylAe|M6`0=2q)d4Uzx4m1~bF9=|<MX_^gp`=-tP4RU<?s-uKt{^)QBBLcFf
z?FB;t$zgZPml5SfB&ik)*t-#W%!m71+7BqKoPA5wCt(e80;aB`{MgZLQW{lK70QWY
z6U$xhgUKcbbCVV-EWNObEf+jeZj{)3J64oAdkB{ihZBsPztKuC8XqWWNnM`gawlg!
znaS9UP~-f14pvf)i1-ZmsrAJFexN49ch$|j&Gb3Q!qS>&_HuHoE8NV5wcHd~U06O1
z6vkoY>kJfl4$Np9K3?dHNk?mM*1V~z^EikjZpkNmG)-?!lM6Q|rNms8M{v(aCUevW
z+~sSxtI1-(`t5QajjUymKB=NqVoNmB9C6Y|z)T(<E6(&LOKt~ZG0Z#S^f9rz{l#GE
z%cBUF+qziw%y^-DZl;IW_q*stMiA(xxIIOO<l%XfJd<ZZFcg8pXCpqM-R%ccb*%Dc
zLDC-?h3H`x0;$k8sgn=MC)~&`I^X4<PuchGA0#nWEaAJg7F4O@){GA=@LaB+)<z6U
zT}&1!m2>r6zb680?xMBs&v(=HZ9VP~F0ZU?-z9Y?b^T0F>*B{T#)KHZnqPrQVj2Ig
zA9uEJj@dEZZ>-)z3Y{M5hnf#g7=ctKTwirHZ644LlzloJMzR{Tw<fx<XP&Uu43Dc|
zpY}cCFT5Y}$6dC<JFiMAZB3PSw%>q^D}uQpiTbqgjRG%UQto<ZWB#gS&o_*IF^%xt
z|69=J=!9vxsNFoqAmA-Gyx?AA5wi4_amB6l$jbHezt&TKFeuCE5_zUJj(YW$ncJ(k
z6D5Ve&|b;-G*k9?3ukfRnNWoByI?!U@y1QvPr|a7WYdR*HnDRqovpl;vk=RRouSAT
z+%qmdtEtsOr)&F*-AV0UzJL7Q<+KIV=Iazb2R1o>!ElJa8Kc_#*)W;L-gj57*IcVI
zQ$7po4*u<%QfiSnGHTZ$-y6LWS2+K~q+9)>0wAy*Aar#o;e96S3BPhf5qboU_6%>R
znJwJ<8!tO#61;{QtC{TPruX|d6g{}!L^V}5T7KsuW8jFq<O9)@Dt67Ott=|E+{leY
zd}+B8QZnv)PeN#{=|ZCW=g4rS@9OLI0!gpr&8j}vi4GQOTM;bi?Mc&$gwEyJUeCcQ
z*NM2sS=WYT-6<F}R%SkiUYo;Pvsq@_f3ol<YRO3;VtO^A{aU9n;>O#Wz%+^5m`qCS
z`Jju*rn?&pTEVkprEMdE&Rw<@j-NxwxbyXA@c#X-3-v)Fa+M?3a|^jY`ey(hud`8W
zj`@i#7k^(=`X*$OXfVZeS<TKJ!3^}c2xP?cGE94@p6}AHDo-VrZw%caj-ySp%_!0)
z*-V)naURg&G&>MEdF2PpRi^KA&Q0UgUW?+a-iy17b@yAgpkass=T4(iUgx*d>sf75
zh;5{$vVTwKprpLXF1=k)#DGg9<s2H}^DNY-{=mhUTM7n2B$IAu#3t^v$|6SakmF8b
zib;H!M01he^X^#nHb%tfJ~iiwn5R2BbKmq28(k6lt40Us8-8!k#}s(canl$Y9~|b7
zJ<sr>fB|)gA#i96OxzEBB-xvl#8}llm}H6kJbvW5ibvRoKWQrD?7h}r7|8D^%N)$Y
zwQ18bWQGS>ka&6$D-2f&s(aD>=syOAgGF4hUWkd02eD0^Uu^Ju%TeIFSDGOCBYP?~
zZ0(y~Ei3Kd;>CeLuPr0v;R$2oceR?M*KKO7XI`dB+2hxk1=jhilhqWC86xfzff+QZ
z3g_?e#&{8baT#%=VCkXKPrKEFkAK_Ed9h5t4;Wgnnl~k2w}c;{5y(h-%@edOOX21F
z|9R2DX6AFPW~35J9+2g@WO_~DO>GQ}H+p02zz2_CBxlOhJa|4Q=<zN-ywE!I&SH<N
zY0Hxba$6W?dm$h}37zj(Ne*_ETDJr|Ocw{fKezpI+f%-wW+JSY<5?_SId*+XEUfd|
zRcW1G^tAVX4=@a$gL11V_V&PH7tgAEAsCSUZ~iaA=}&c@&&=&V!Ju2M4Aupr**{<Y
ziEy3u`E;To09q3u6hv9fIz(}^s|F!^b_Jf1m>(6J$7ssiCpV3Lly+_wKZKj#j`4W7
zUFkqH{wVZ%b&1uPuT)3kC)2lOC@)ciK)HI}a%!tLHiT3KrBwii*0emMOC4zTZS3eM
zv&;~^hbodvxh+)WHV~~^DMcBZsWEj9aWZ%E=ofHpz1Zi+K0TS7-9>!-DxxqMP0qz>
zBYgVj$94GQI{($I_%pK_&z6{VJ)ob!{!-4D`M-Yjr1D3FW!&|_tJoFzTrAIBzC4Yl
zkr}Nxxc$?`$%F2*<+=lviqh0jMolGFv!3Z$8Ag18Ou0;sV;v${FCBjp*iBv{{APv-
zmgV*XR1uQa05b}&Qv6M_)6A}6mCX>TjJFaraM<}X-vbUH&~ulLM{T>wHVjii7$E3C
z%10Q(1xXdEfRJJ=WO|HZuM7;E(x+AvA{Y1h$JAIp5Qy?~@E}$nbsZ}!>z~_AL|9sL
z0aHVBOF@Cm5H25@`tnCla{sa8KroyYm)Cqs#kex<+D9!7uMM-i5Dys*I{E1IJce<F
zW^rZ#cb8JZxi8mSwJ5ME^}hPsB{nlaUk3s9k=rPrd6HP`AC!Bp{b@6?8P>w4zNU|E
z`%*UlHwyp@6jG@T_wRD=Ql|>5*o5Y5F$JqVb8BL6zjpf6W<tM+>S}PFHMd%iBErzE
z`c}Nec4+xu_fBaJonGCmYoW_OT<^kvM4$&3&;u9rTu|ufGs*t-Igmcb;nREO3K#tm
z2TSB>-W=QE@}u*6UIzY8Jt77vgO42WwEDd&a%fvNO+(3#BmEP9KiaFT;rJYUHF}J}
za0(ramX>mGAlwSFu5{l10tN+d6*;d1jGAhq+J__!4vK?dD+OxoQ)PK+>?i;2QcBST
zo?^j05U0Vee4F%+5-SzRrbuq04tlAr`1o@j%z7P}X`CAn2x>cQd3bHn43Pv;f{WgW
z%;IuNOOPiR7BCiXA^x>*_$JnP+M3LTFu|9z@sGLo7$o<87ch&aB_%GBmhUs(@_))h
z(|HV~eAVjw-P`w#*vSF#m|gEOa<PO=eS-eGS__(Mh=KK{(;)JKK6OCTfI*n3twoh0
zVpcje4?V55Aj9^}Kbk(l3|kg>1|?<~u%*qBsbXzYzdoq7KT3fAXhVwhscL{a<Sa4b
zZWg%8wcDARozj(p=O27No-jQ-J|Nm^rf|O2LOE;qkTb}}OAT)>J=w%xF?3F3+*wGJ
ze!1tZoM)N?`16s|Q~Qa`zLy0d6>X(RP)!8iay4*BX`ilmZVyTQn^g01C|tQJFZ7Ij
zYyDDs#BXQQ<8?0>3n-T<dtiG2$!eY;!*$u?e8#TacE_h+Y${S9@egnn3CI|=M)vpn
zHvMevx8~*}S$S`zb)NI%7`Dy!Nfw!5OU@rM7mtxe*{jZ3I6Y@Gn*+2ACm0p>8kOOR
z!JS~L)Nj%~laSdD#k<-4v`zoyMae&byK~M5JxFh_UPitYz7-L8^uJbH@((0*V|#-c
zKI@I4T!K>4j@VPv={cCZjz$Ja2m|SA(6*xvIfO85B@M{3MIvBPepX1XOb+ddng0DE
zr^aM~rwWJhO(@9nu@+}z(R_yxwT)$mqST%4G~|y7O*o1AFkqyaeg`=IqKuxMd?|CT
z_q>qX6H)Yj04~YG@6L7Vdys)q)5||4U>wIFr7A+8+L=|&M`4x0eI^xUni2(#H(jlS
z;G*=#rmZ6LafMp(F14(r^m}I0qg3%B(8`(b{+0LrR0(=>C-Bm>9{W*RuPR0iU7)jE
z#l2)_!4{pDtF|QDW($NwO3p6pF#B9_H1TUdP|QQB?L5_vXVukci1Z4BWY`ze_<nX(
z_K({kOdN63blPKQ;iRXrMfYkzm3AKR-Ff=1_3_jyq4HQ<z-yekurx7^)drJx>Fl8{
z{HiLhFgeqQa{Ace$k@ln?8|f0&1NcB)35Kub}?G+YX$H}$IE_Z5O=j7JckrRh5cwb
zVo)ACz|SPbA`HfbH^e8M`S9kvw-8F?!82xJ0S1Y0<pyTh6Q2q^y;WufkcN)^P1NC=
zECSFZ2p?A8{dRT1o(`TA9=f(3q%mtQWagTR0E(;kkN@_3uO*23g~VGUy)}zbK;8Gm
z?|euk;k>qjT&j1$;pei85gzLGEFHa}r)iMX+o~jBOA1qH5&YV!HD}obe+DbIiTRB`
zCxgy+(`)I(SgP`!+aGTEqWA4%2gv%}rZV2A(@F&-=Zi}#6}x!5Hv#hZ8?c(Hhf647
z?ESU6k754~d2wMmBI+2I?g^XuJ(WX>6+YcP$>q7XJ0Gc^wGke^f)oh4srAB{+EipM
zU8qPpTuO$R=dXVX9}X17j9p=KHKU1H9X;W~4eq4clbldO7~{(*z=zs4hubp*Jf|dD
z*8h24*RMu$F&mL5R9Bd*Hi`qjgTB~a8{s?0v*Y&DJl6AhlxE(Qhr8lii&d4Rs|H3w
zM^?@kDrc1ca99_!t}i!2%ru)E3Jj(#+QwasY#K}od-27gPFQ1?r$Vi0Kv9V{C17F8
z!Ady7$S{K^#$hQEV6bIWJ-#hG5=XOqmVa|N$L`y@nKnb(S+l?jg4<On^lf;NTkn>F
zhl<R8(IZ2GMV<yZg2oQ&F7*i@qeJ&6ebVado>Vo;0{h-4!PcOoU9$(5A1((fr1VGE
zeNDO0-+Vm3f5%;re!C-P60tsTkcI2uG8}aCPzCH0z{}(H!yI#0J=I@xOOG7+`Ohh{
zrTrb`_H-s0?H_ULFXwhA&ke<ddwndvhtdFm1t&(fZ>I+w)+UP9j_8gbH|+Pe(~aoz
zfkFD?6_u$NHq%sXHzAjn{f&V9d}rO<S7yUzb9@$+|D{x~N-!5`&t^U=((|5i89-tX
zsD_f>_53f%pS}?{ExR^Sds0<M=*@HEQLlIZL)+)t)>T*nDanfgrKNKt7p_Z)2s*#>
zie1r=%i!+!m6a|2r?qP<Z5m2x-Fp%<e%3z|FP9`%iC_0xe|=_^&i8cbT<+_!k3;sH
zU=rE1X&_JF!eJFkCjSW@cZ6>e3?>GD>qp$vf#00E@P)z|@~nC7bdv^snkKf<wq?!!
zh5oArvlK4yzQlj#Ua+>23tI(w)8Rmn-_8YJUm5|ZFHV(uyE~?nT5DwbzvNB=njx~#
zHepTSP{gi&HC8lJ4&CD4m!L|cEXnGc<=r<?t_V@;l33K}`u(88B$!FC2~X5w6>Hfi
zE7HGw^c8!_3rfbH_>*a>g7fED%fyU6bR!GxLI4_ZgxTt%f{FU2T#Z^69(L5i)3D+C
z;_c7NdNitQr0<-E7&(#w3;CfA_p9-su063qfP}2NE=iY*b3#prXHIV|R+8ygZoU^T
zH;+tjoYy}us9Kwi_-qw=-}fqeeROrWaKC6HGBivI_qp;)zrsnm6>tA^cJwm4ZnKhA
zZ{=6&({_(MAbTBqh|&@sNpR#YaELR?G*8`b-uZ-kl{PuTJdJ=!ATzLS;_&w^#=!2*
z%6Q}Qdamqs$_eGq=^*%V_7(Y5Wy%(|i;Kyo%uzGTWd%Qhi?t=6dTf|67nZ1QS$X4L
zG6<(|@flf;bu04J<?SE4-Vf?x=`i|9)0r=QQV)TUY))N$Sdb$V>@M%;79VPAmO(~B
z$m1O~DREQd*@wmX$&a`ttC8Q_b%v$ClXQf3(*yEAT#cltln?}h@E(*xFnE!~b6~~4
zz*GDK(SXNppKM;xaAD%K6o=?(pC5Dc?wOEBf9?TibfW#N;5Qq9`$mN8Eh~BGSB61p
zF~v!&6e|Z*dc^D}U|^s|7+|T~AP6Tkj<~IL-LK5O9oV`62oS(>@|#32+K6i@)qncB
z?VeS)dFb#(h%kuK;l1k{684L@@o`&NeXLPHBVEpHu}u4l!-nswP~P@S*So?_F=}SH
z|0q^ZC8qZS<I-6(4I=n2xPTiP+~wHa+XraBnemp7jw;8I0%5$&yycd}S8O&j<%MmT
z#$-6PaWFmy)lK$NB6@WRCl<VgiO=pvi)J##C@-sNGBXZ#vV84d0JJP#IB#<j`+NUX
zmI7!x#VxUug}p(A4T0Opk&tn${J4~2ZFyvWHmK2ve2)ap^veg|@lq?2^7b>~tky$L
z&=p=~5HW)NAo6M3&3K?u{2FAUb)79YP*OCNPU}Ln-r8TPz&XbAocOfuTn@CQp_X}+
zidgI=AmKs+p@f3iq3L%CeMa#xQ8FsH#L6(z_=XT$P?zs#R-rU}vg<#6`xF8ao%G;z
zVgyb;bcz(v5v~o)M5D5=n&OZ{{P}lxRZn7(ckfg!v*$;o)kCNnh-KhDpW~6$Z~^Vc
zIk=7il@u^3fu?!9v7WSSZWBE4lXa^(ujN^`n&)PfXS=3vKj<WSe@>^=;ypFiucwCs
zNx@o|ES*e<7fDFlBdImu(pCT*3l@>u!Ht<;MN50+pIPOl&ojr+#4?~>xvw54c6XTe
zt-VKPki`quOZ(@$#BL>!HdY^P#a1zn@u>=y&pBz!rT6>Ms@(_{!d&!hOuV0`jjbLT
z^7Vn9y?Dp0mtI2R+rmZ9=V>u4+77rd6;a_---V4NlD%iYvjJWW`PZYO!`ro4Ho%&-
z@|>bsa{hamy8oUk3O5KUc?FV=gf#}-)D4hes<w90oAWLs5rG|{tUA~p(}7hu*)J%!
zjO~7FkpgCJG`xG-W6#%_3rt=)^pT+3^+Ez&B{%-4x!?4NF1&WDBpol?2;Yv_=k=mS
z+7>eJ(r2O0&mK^JnVWc6@%$H21Ws<4$8CDSrAsOO!Y88LlSj)V7T~$gtxWjJXH}?u
z<uSL<>U~bykF&B-Y+J*Net0s78zsE823<KS3Oc>Jh(a~fZ}o_=G<B!}JXsC(Yo`%8
z(Nb$BKzgG)RwAW&sHCey2Ut$9l7bah)!TrQKl<11<|pq(0vA>Y|3@g{yoSJV;mC1i
zZfqI<L+H)Re2JCk8xYaUd3>??EeKQr=wv5Z-gfnt2Mn~>uoPjziwrOtV!%BxUcHtJ
ztNH5X#MnH|YG16AuePAvAL2$Ga;}ES0BpCfvQ*LUVe@HwENEm;=e$=hT!l+|QEN~;
z@Y9JR8c4tWavEj9(uV15wzUw`XSo?gkgV|G&aCzJQRyA?7N;(qX^ysWj<(?ty%Mgg
z$g->GgO|`HVifxd>fzc3bPgEELz@bPsbrAfBEL=aBG^p$u1QQq(ug~^D1eSxnQ~7{
z=ObJ9$spF`pyRgw1e9cjU=q-umk1>|DqmJj9w&O(K7=_>M(B9y>tz&JefW4EqXx5N
z>*m_c=zBBm1GDilQK&TNs|4nO4T9Yyv)~s`DfK%L$a@1fOYf4Tc3<iAN2IUoW&(U`
zK^j3Z1MDwlCI6&7H7w8Vy5GvG>OY}GM!*W`YS3{lea~n59d(34uTUnoA&9T~?{)7K
z<q+680|Q&@LHNTMC9M~_Ef4O^1Te4Wy1M%sl~f}o0jkx6`4h=cU#~8WaByDL0V@a;
zUiiJWD>|TQV}XNymaC|`02pjy$CzgF)W{M3T$r&c9{>>0mi4E*ZO}wZPq7YYyy?NU
zzgI7#D#ANiP1mQ8`|6^c;)m~!#et5b&r{em6O=<u>6@0Hiud91z|@vrhSMnGmWT1H
z%w%|2vFg5x?Y;igIR{w`UpkB(wYu|Bh)fJi$;_Pb6O!HOZF%?hB83Kz-a|#%c?KN@
zTQ_YynNmIu%mN@gbeC#O8LwmQqC>2%rsYj#u71nOFNhlP3ITc18;VlFO?EZEo4*)-
zp63~T2p%SwMo%3Pe7R3}V=cOwX8N9oVh({AAkbJ!g7lz9^_?}|<G-*6n_JTo%SxkB
zP?aT7Q8pgXchLATR@yVsF0+h$MQ}(FGGICR=kCAgzE@^Np;!TfK<ABO?>vzmr?JrD
z<K1Xg@MKd2=!QG!+A$X2t5Ud{)EXJ|qI;;881#l9d_@J=!0Q;y7`nk8u^^)uFa-Aw
zkbSTq2#2snf7<>Y-*98QQ!e1CK=PU_X{wHC%1tzsbhi9@6|2=C`_x}+e?jBupU9+@
z{z_$tI9Julukak>ZaGV#kt2|7R69l%oxqx{?Bq6@3pxrr`J4ygL<@HnOI=Ip>3o{`
z09c_fKPjgJT~6-$KYAJ_P0L-tnBqVdE*)q(4gUGOv>LUA3Gnk|$#}oS7MDeOe>We2
zy&+|t_TK0eBHJ-0Y2i~SR+it3FFNPTfe~1O!yrxT6VbqD=%ST}pyHS^05i|f6m)ss
zg@W~@DIqu(v`4~nQ$8>~a^FrlxM_R9jj-lpW+Qe>WIBTV#U$FzFoJa&ACx0gq32E0
zzbJU3W-d&O6*zmNgI*54M+$xFHsswVBgmZzRFPP@81#=>0HJYjkk7V2<{Q%Czp_=|
z51wt#i!ZAf(CbaUEWO9tQ*<GS$KPhshQnB=QOX^(x5o1engGH;T@fJOBhye|F=vV4
z7YO-3pV);ne+6-Td`yarE9Ij<;)enZ@9p8-WB0H>Xe-`iu3Axb$U!gxS=zX8zbllK
zRFts+yZ(0vBghT~|0|{t=j#$qCj8!f-v0h`AAbQ*KdwD2@pZ<OH}%#Wp)QYQ*Q(`C
zOZ1v6M+pJ<67to|!sc_FOA%a;AE|~#VaQwBsI5vsY+MeNHtDw8zkxI5>Zvj<JvUbf
zKow2PXr_WFLD1XPR$etU5*1*i<;&F#$zR#0&5QMK4w8ar#{%jhC@YI&jf)??rTqE?
z0&O8!*Oi1nUeGQ%%S^e=uO=KRZI{s;GD*Twq=Dk6e|XB4E7NhTClonKDO<T#Tr~x<
z(pawG!xn%IH1X*UKS$NT=V8+YuQ*0?p5V_XcZ`o^9VI|4U5mEfUe4;EIvy#YJdkq|
z)o?x2-|G3;bT9vl)>@DaSSC6B)i&dbFbVOw!GrML5Lrbg$}PcH%z=9t{Tfap(K@4E
zo*zi9TM2%SYHK{a&_BBi&-E+H*{;>=pxrm~W61BVkB_*rpIWrRo7=;^^Sk^Fx3Sv3
zYMbeNz1Y2DD+Osv0PpFd*LZM8-A9&fK_>Wk`I0SV<6y?pk?60ay7s#z<NS!wx<fHZ
z`-316*FOkIVAv|r^bHY7*^%i4h*Xm~(lKR}eqxF{J0-r@cFWL@_*`*6U8Di7g8<+b
z9kG;hp^{E7ZjTo>f!1{qLE+N~4?WeIOwWXVy&rN-MRnl)KZncgUTxSdau&@-4o){c
ze6yOHX}UL839So1mH|`TpU>7F=>@mmcNuQ)=t<BKV*(qZuv`m&!Fg_Z%;B}iS=tRp
zDSb{naYC1uD9G-sn!4VP#FJj<-qp|PD@$l<A}(eig_zsB-`hKdSEQMoeulam`8ia}
z<nh+YlB<+-r(H<$lBx-ifZ<F;BVa`KBSePqt<jkF3i%)tOQe^ZiA~U_C!C|}g1OEx
z&a>Skkf2d2Y6z7ePzm)1ZgaFd0lYyNHW_!HWGqpbt5Uir+REZ=_B>emZ)Nlg+YPS!
z2Xt=VxD<mP1BV5}F#<?%gh46bdo2Ov%ivgxAoy8b<i~v}P2w{9SkmKrFGlD9^|2W@
zV8^(E=mgO6j3iun4FxxcXMJzx>pwmESO=v)nvV(G%8)v@ta~4wtRO7hogn#8U&n7B
z&v%6?l8QYDqJP0K-xZDOP6dChgQnoaaPooI5<nbiMc+XAZ&4*Xf<-zitXP_7{LE&*
z@kb2>U8R#e-E!`<->3CW1!D570d^6uv|dw_0Yik7cEey+ouf*30Kb%Durp!LprLg^
zeQt5pxUIHMzCWi8=A1l{8P13O1l~%Ko!?|ZR1+6)QOUDF)4H{sOf4dc-NvGJ+v-1I
z1&sH)zl`lhRby`<DTFIh@QUuYb;-pF{*aq~AC}{^>jgFt<lKs6<kbvkKRb$?nel3n
zTd|>ArR-tZX+Tycg)fvujBz^-5t09MkfW^M#mKssP<%PWo-GursVC}$^wvPLfh^Sk
zCX5Q2@(FVoY|hP&r|DmFD1}v{(Iqq?1yUtueJDN_`j?%mc|57>V%LzobWQqpj<pch
zrin!*S%GwU*k$|e4Uhe4W8h+*2Y1D!F4w`?V_>GQ>slbZK>Lu4U&9t15LaLw{Rjvx
zcgy9I6%f5|_Y(Ty)m|_}_+Ji^FVZ$R2@_=hPKXIN-GA#6yJ|b$!o1tRTJt$0j~W$N
zxNTff>5%2Yn4>L!<9>Qp?c;l4DbmChova|Q^$GgH9XxgVPX41-*9&zrD^!u`@rg@X
zzX^=>Rd5!K1(k?=IPr&>nD0oXS$+;`LproW0;GWayOJ?Vl4@t^BNDLP3*1oRoYZD%
z#b_$eOZDr)Rrv<7m<<>Lu)2}e-}vU~z}T6BMCYIi0k$b&GL`#pU_cd{hhYC{&dz!(
z$8r=wV7dM_+GRK`?QNNZuo|U@<Ha3>dBeB>!vWywvnP30L_S{|3HVD4cb>h*z3w~3
z*Jt#^z+K~QI6h6}Xul#!Ta<tMhhoR;CcoYX@MMeBYbyY0M4XIViYJ}^YQcB-OMh^r
zLN1$tPJL^N)&doGnojgWv1s0T%zEVmMpmt$2bZFZ7a&M4Z>ybm8yDcwIBQ?vF*#2?
zyRDAmZOnWW7~$aro|xBs?#(tfVDbDipYfuMT|V1?W{WNCee!{MX?{UxSuERdh#KX`
z4@4RQ<$<^_|NZWts1+N1yt@S$;?!sOa0V@eK9BaL>q>xQM3+AyDH{+>)yZUit%K2U
zqZx}2vby0uF)K-eZ@ikX2(3I4mCw}@3`YY=hx^g_Ye4a_vYNm=`B@eO_|b?W?(QA-
zGceQN+NGmXz-_V64p|tN7|hQhLq6S$OQAwezfyPCs`bOIz~Pl%hK`?wOmBegS?8pc
z`Z`tk*PXpmUC)`wU3gGMq(JV`L{{J5+i!Y)Dtca~#n89gWzeZqr%Wu6yssLUnZ+?M
zlswP6b5K!cQd_STe}b*Sgl*1UJ8P}3Sn$5&t_5&~2CZGYj7CYjZ&oKhF0sX0htRc4
z$DLrAa56p7EV-2mKawsfhwnjtB33kgvoaJT8~Eu*;7Dr!Z~lVWD<}S8$3|xPS8;Ix
zYn?xgPTjYlj9*qDTAP=E%N(Tb)n;L9Z-QIqc9=`b@4najK5!tAisgqDs!XdALkaM|
zN?zaBew5i%{`cU%<K;B>baV;f=r2i`SLmv1FM0q5v|=acoj(n%`y7&0qT0BV7%cBj
z*MgOE*Sx;&HR%8v21vp&zzd&mc&Ai3$`pH`vmgAya|u2DB<EBc6P8dA-SW48KI1z6
z&ft0lhVUtizUdp5z7G9(6UDu^>OgIL`_twrPw>ulTHb(~ESSo7kzG(&<WPeo3{%Jf
z7=&<6(&Y-B{jy!7sRB9Bqyp}c!@Y$=g#RV;f&hXtFxJ4ZdB~fo_f21N=Ma|g6r+$@
zikGj#=IPc(6YJOgML!rJ8)x0oR!%syylnwgvw7(@`Dt=uI$O(`Rc)(+au3B5*K>iK
zn+bMA{1sT&(|o%#1>Iznb8sze9gb!hWZnzSYx4d5<*lEXHJG!7^3lEjzVpl8Qlkg$
z;b$loc$e3;jM?C&6ITAN4{QJc5R^E13+!Og#)1GM4Vii3zkXNcBP={B0=pWpR#Fbz
z{v2eGrS3ymu`vQSQ4KS2{(}G=H*y7ig<22gvM3SOl@jwt8^PS(Rd9!txUrNBT7*Zk
zx?V2E`*ej?AAaM7)}zx7&s~KpeiK?T@3Ci|6_hbH;Ufref&+8UM}9%uC}C#5!&OB4
zMU<?-dOw0?WR^-aWozt?8@i8$^xz-ZW8sJ*h6*f+4B&2#?>^@2$Yrsh<GgPrc+S`j
zKp9B*Ep@Kq_+zGE0CrHf`WHqs4l)xmsiTd9Pwy$<UbpW7eH30RcFQo{W=I-#mwd{i
z1~NmX3pa8mq$g#>MJJG&h6x^!`AZBbpx*x7$DwRs-b#Tig2^JlW#xMJvlE3oJu&nr
zM(f<E2j^`w31fgU2DIc-1=S|~E{_<z)g1Sgf%NPx=A<taLH<c-cc`26d}8*Gw6l4M
z`arkb8~zr`FR6PWwimn>*MHk?k_+Z^L`?cL`>J9bM<WDQJNgnHQali^X$mXpsPtTO
zuJEy-u7|RS-jDC)Wju0&`%hqw(olSvY>4m}GQIFOt1)a|xc9;xx(4<?3UZzlPoQT*
zcoLLLaOt})crN|>gx%GAuM;9IU$~ECO2Sv3Mn}eXOJPglP}8x;&|t|E;G-jI^%trS
z>4j-*>ED<XKAjhJ$U@EE>xE+qg~7gD3-XHURk5ulD*#(Lw%tv-R)dnS0X+J&;qr^%
z6Xs8<?|Q_XYVdg+4@|ot5JyG~%eznYp&?eNszeLUGRP!EMNdqa^vGL(8n(6y=(BS=
zMEJFSMM?9YLHc_f>poh}Y_E&*6(1@IzK1yHtT)zPV(SN`gQg<DyF9KK&+sMGlDr;d
z_UFG268IEO4^~a^KHPq+2kSJw8JOUNC@!Nt;TZR3hpz(nbVW773}lS8R1!lzPn)t%
zT@g>|dYs;ULSXv2)RcXOUchw>t_&K_w}9|J%`RBkJ=k>I=ww+$!a-R?f~k+eG<XaA
zZ3H9YJBnFi={ygYMMoVG-fjT=tKj*ypBaFNK@v9{KMT?Nr>_I*c@vo|9ooDgi(gMF
zeOX8oFXI0`k#}&s!Gf~rC%qF%U=A8!2ww?hTa$&6tiIBlvy%^-vk186Q&Lj8zrQ+&
zCFHV}zHJ)?fkp&g9(|n-W@^*VgU8BVC-vTzy5P<xl$x2*O?jxDvw_s9TkHkF#u>;1
z()oENLFf0Ni6+Mq?;qWddNx1rm+8p`$;vMj+p6S5lZO<22l|goTEBYhD{;K^>wUGr
z$wGubJwW~f%3{=lowA31Mj{QImrsr&B=)<{E<bEw_bub`EVy4A^-Q2>>IxsGQ?{-$
zFpOL}M;#!UmVur42=P!0GBDmtNkEZ^Pe+{{JP{QyY2M=J<U}rsvv_aNG_1#)fiAW=
zbL3uno@_hnS7x$!rCsIoaiH+nrXjM7*SuaWesc^3B393|`$Dg=FtwON5$sV0Yd7k2
z(JtQu<Gfj1o7&ghj(8k2>bFo3<&cFyf&q~b4)C9|8)Is~uel(+ku_lUU{q)JIQnzD
z{q!30@#l*1<|KF!VxpWm!LGl5_zIB5lu{j`Wv~kc*kqir01i~8!x39)6HG6yg^yh~
z+^l#^X5RKtkGP)?Qfo=3kDFc&0a3SFz}X2vX8?4c?0917HZZxus79lCvJd@=Gx6on
zKjExdr4}T#yCk!lFJu%iEJ6PHdyE5tF||2ST)>|6Z`%_Y);*Q4L+(rpoqvjPPntWK
z3KC%CHUBB_82sNXz`O=8ps547xcp(fmZP)M?-w+)0OzTp{Z{Dcf@2zf;q1FAfw~qm
zNO|m*GB#o*FictHcdF1H1px^!AOB)K*;`lAhfMfgpSq($6>IzB{u6LsZvD}d`KcSJ
zLpa;AN_pln+U%cMtOFZ(AXTkqFHZG5i%rt#dCydMy}VV-JrQqh+F{LGDtUT*Zur&!
z=HJ)v4R@I5u;Yn-&&9l4iT9lcpQN=W+fXEd1ofWx8OJZv%X@~kE^9BV{VF$0=hPbz
z@QAjm)&)7^jWvJKubi&)Psf*b`C8sj4X8qkqitj2Fyo=wu(@!kUprYCS$HP&OSQq8
zsa}S827+r8*~)s2MV#)`6`h1f?+8Cx2Dd$5mHX81xXrEoxTXP|tis*l8F*lf!kzJk
zS?6zQuI_dn(XeK=Bs>fV!l*?@TZCy)gy}o_=qZbVtf3Q!l9KtpytEs?<zaL<P7(A4
zQQ*@kL&#YnHAj`z#UCnH=eKJ%vS8ix33fj8=#}_&p7W+Y%NHMkDO+9RUIWn82?bYa
ztXk~HBe7vs0loH?U^9qeao;Fj6?-`@FpL_tJP3+TPkBia{bT`p?@FxC3NsLc%Lw*=
zIj09WG@f`>Eze|x=b<cS<kEz_0PlL521)LD_#zQaIo$K?DhkCo(&17V^b=#|#q)to
ztuIU|H7R7t?(ZYmc$u|B){7BH|ICX9_q<%ZOP@x#xyo|WyR=t#m)Mcv_T`~7@PtgG
z3VCjD$M<@u9<+x-I5R)E!+6Vi!}B+MWw8!QFt43V5f4WELYe~3BVeIHqsI@y7jgGk
z{N#?pj_ex?S6}s|WX5CN9}G*_GM;g|j^T6r$Ncv5?b;8nOrPhwNIlz5c&&-O8Vu0b
z_&Dp!?iYXOS3j|EjyhxO6LT00Xe_bx-L_q!hp*OziF&ENH)}aUKpK@Ke0Z}cmAje}
zqGyz^T)no38wng3YPt+p{;4WfF-w;G1HFZ)?`Nd7$YqU16J7wap~T*j8&lM@zIq<C
zP%StRbZvIkZ-A0(<{rC;QLWZmc~(2#lvv_^m&k#M1PfzX`++^gg@b8)9Sl{grz_p7
z-L@pvgL)OikQ2AT&(W_oO^z}jzu>^BJ#$4FQ{%tfrzhmA9QHT}@_V~<dzC~5tX0YR
zo}H15K0KbEHFrLo%;-!?tO`Q@ho`Rqin43}-le-s8l+pgK}t$mq(M<B>F%XFq#J1v
z>244SMLMOC?(X^@o_D_Qnc10V#%1r_bDwivzdGkmYEZ#PFTb<JalK=hr*B)45emJ1
zAbB`0x$V5Wpx~*fy59cV{pvi0pG>$u@3Fh+rKrQ)cW+7_WI13@?SD1C3KJ6em><%P
z@JHzo`OP1{G;$;<3wEbHo;0$yhBg$g)@NGIaS8fZWNmyDBzcK)hbS_i$^HyE<5Z=8
z!%ajw1dwEtE@zpSBjyK^ZEeGB<-6{koovpgwKy^rk^S1XLn=%s$<7X%QGaIU;^hp5
z<Hx@uheu4`>Z6u;^y6Q<jC;}q#==m4Qd74v8{%l;ln{wm9_v;5w}*zJFtNzW$l##o
zYL(EOvCx3MQ~8&R{9<#T+9gz6YFZTdQ4#RGh7X$^_CIaxrSha#I}V@D59hrTDvMsP
z)$=PX)W{zk#IyXyx+7v)YW1wWp0rrYf2jczsfItLxzL4;#1Dc(fmDAf&qa%x(kxE+
zT^TynixoR@%VO!`g9tJCfEF5}%wMuFY!ziQC3p+rcPWe@g7{OyD|nzlI9B;Bi81`_
z{+urJtmcTdwRE|2e@YBAApj9CS#e@2O#ZDe!H4QT!i|AjH%)sP%9n4`76}DnU|cSR
z^oGxZ@WWEJ^jtK<D{OQa>f7Ft&v)t!kbQscx{cE~b7~@uG=DsAFfUu&;SrQDH>l#j
z5yMI2v(Fm;!XK(CdAiz%ITq@ajP>&V@8?h>!-ZvUfk>eas+|gB#*Xe!p;?{{D_7{q
zU+;I*KTQvsF~BOc{7Y`V*KG`KF8DsHWq;~}<o~HWo6{WedW1T?jpmyfMiPVTs$|B&
z$QWV4#(Ewva5uLlnL^T56R(h_^^WMOn)Yj9_<Sc$co&+E{283IC1ObfC*2e`m)xjc
z7NHbt{4_eo^T!~$PskK}Zkm*mS}cV6Mn*R15QnDLjBsp4Pbox{p1@XrDO7AOdJBbU
zCbkbwb(3sG<sSv#uy>bQL7mx;1<m=+H?-Px)5}T`=n4D?733wLtYnq^Xk7IdCizoQ
zmxU%lL{Y7|&#3%WI}~VfKSgy%a$2S`9Q;E=QsqX$fh;?YfBk#1RJept6T#LNHbJug
za7be#12cc_BXFJd;xOYgKk;)OLgmOGT9qh8?T9P=&z4VlIzQ6;4=d6V>*y*h*Wi;~
z6l{gQ2|$oSK@vmVAI&D)8~gl#5?Aqq-4ihlrqqIXzB!y83V)FOymP=fr4>8!2kPg3
zh~4xMZ;G_*I!WUrM!-?3Kxoxc7llc`Xfrx8sdn49089@Af1g#-A+s~jPq<$YBGu8b
z<_d~}x&nKnrwJnCk$*<i`?XwSU&V=@c;>!|7pFS#8B`sCmI!z-!iE)jwc`A%M~+-O
zLw}ke!o5Euil9!?lm2%AWljC_bL%z6A|2mvYOcu0#fjzD*8*`F8J`DFMd2YA7Z((V
zHiYZGXe^RU4BziQEl>x4R6kv3rJZSk8#00gkdeH#t&Bd%--)loh>Q}`X%cG+n3dE*
zN#iwNLj7US$=jqlQiko65uIO=QpB^}hmiug*mAL}+SGRvEled~gXQ0Eagf8lKDu@D
zAM_%cUw-BiyI5BE<d_=v%n>_O9z%{nfIOaah+Z5oW(dd43F(jWaBKBfql6C({^xw>
zgiZtq-9@}Cl8upbBM)t;KNyWICcV6jNGGzDt&VC|-c06yg(a5Y;ESD76_;mQkKiLf
zu1@gqXe^j9;72nU5I&=~<f40E@V@Y>f##SPc$2xkArT?w%4~iq=!S;?&sggfb>rT0
zX?<=ri`h0RvdVw;N9M@A1l)7Kv1UaLkGuv+6q*4^Is!?yI{%-)P{&l-anN?77KN)4
zUz(VIxcDSzYk5>yi;YgiwxzGGPJ;-e^0``xRAX9;p^`XgwHPlP(QmMEXH8TT8mMlL
z5x?2$jNoifv3$5O_POpcTWa@yd3=0q^zq|Ie)7I5w4mH-@b+iJ02J3%nf7f6xXcSI
zdDS#%l+>1g`^J6u1)N!OeL5^5@zZVo>&t*KW4D!{+TM+sR`;5vt^j2C__#RHf#1JB
zLnL$5w7|J0MT40lm$OGJ-4UdonOWfSOuVeDN>B(mC8lX_cUK>ukg!0f!NzcFvh?k}
zqLR`&dEX1p_N#xt9v?0{FiA-$MBPUAFPD4|iHM0e^R!sjNu%V<t*rD3ad2Y!KK@Q1
z<N5TbztZUrlZ@XfEHd&80rrgN(>(c$_cHHnY|1}OetRP}lp%z#rKR<OlPF?RTwMHG
z%=6-pLA#fGtqiS2wP3VR2o{CI{r%-q%Tl9#_uCS!S#w^}DybYMS35f<Y*f@=89Zh~
zW#Zm9OzeX>8YMG)R#OO>!p`56<m7^_+})d^)R-oO1qBn%cP3fa%NiD&XUp^(J~>$V
zg@>bcfwNzvpFe+oA08e~pje>6L4a0QUtd273Qo1><-y-PxhTa<LHqa7@^qHfh(Fqb
z(Qv|1ZOS=*b9Chtk2n+qc{<YrbLS_C9Vwv`wKp8eFo%gZ9JIp(<<1krtv_a{Zy9y#
zJ*{^3n<W(TuM|gM;rOlSq2omRi`-Ey(iI+C$=l88;6t+fR9-wN6mmXYA)P`3|1w*B
z8LvXB#WPdkmxkQR#8+fE+oYk%&Oj^(8lxnqBpUnWfXSXg=S<VQ`+43i!W<t)r0d(G
zR8-6h3!euJwMj|A^)jNw+I5=;`16KGXa$>jrRvd9rJOhKp7cF6xft1OxBj8|eQ)T7
z4-$W+{i!G!KV0*`O4I=lb>d4w`}S@A;GnZz6uV>fWg!Y3MpdqIaU$O$D#0_k!`gJZ
z@Gr^QZ@=-!khIlVf;xgiLr{q``6e!I<`>QJ5!VZk-F*I$30XE$t+=?qe)#;~g=KSU
z1#U0)J!`*zSH^<uPL+uW_&(e{w7Be(=Ef*){TdkH+2(LR-+6OA-{i<h$H2gkVyvyD
zHS_7?$0jNfm+yyQBImju%)8J0{{4IHhx_Bhy?1y-1Vv;+Vq)U2%e}v*C(wdX^PyDq
zSjWvFq1KC8EBvvsvDU#DLn9-O;Xi-Q1Rd7oJNl@6@3M`3@A+~|&}ZS1vCfoVzdnb;
zh>g8oT!c{hpv*VguacB$TRBjq#mAe*{f<pdWzGb%sWBxb<zT~6TU&c}ZDXT3OUSWs
z8q9dA$7y5VeP?H9>)Mk~GBPsB_>3xNNU*P8zy64e!#n;Fgr3d9%F1(%!@<O4*Y2>c
zcm&p~$LGaXcUQ+;8nDQO!QnbpqobqPeAVK*E-v++pFe+Iw(YpTn0dTkdZf^6a`>3{
zsoi?6{+h$E*{St<7!?AJxH42!3_o0K^F$VZygThnOM|DDvfmynz&|f>**Jwr8W<Q%
zgWBMz<KS>o4mjOmVZmujvKmzCh2J|8N=T!4p1Sxaah=!fKM|kBt`$kyiQqM-Cx2CF
z!*cc_;MK#N(BmT^^W?H=H}Qh&x^aP@JAYSsQ4UMQs7w-&Pj6=A9kUx+YZYygyxU10
zxvNF+a`!G^8g)GM-{;FUf>rt>5m)xAqxZ5xic9Fephlt1wk^GExonY(VI~pGS!qf~
zjqT0lkIX~9BG(AcZ1G47P4o53d2=<xYwmNCzk-z&@~JO*#841rCD7djPO58W*00K$
zx(CilPa~6w2CW%i<h3aO1`3kOXNPR_DcY^v==j=95gFc7X_US{7B^Qh(S8R<+R{5j
zrlzkR_zk?|2}T>pW=3c*HTEG8jb}PMT{n_lr^_efVL9SFlm<4WvDwgeL1Hi2urH(f
z^1>cGFnLSFus@{QLr@%0#4*sz>N0qzcu+7_KY5}Z5q%p`XTpX<C+66@1veiP5t6E`
zy}!Mk%9yA)nVOnfPTuzn;a3<wW5%c9EU~=Y+#f`cK&hOmzCOmefq~M{kGkUY^gUuc
zJmUeI?i+i5Yu?3(U8L;)tub>Y5vVx3yd2hMA|MpbREf>XIzWWrg~_ag4>xONprWFR
zkJ!Jzy=)my7qIns{W^*e5-LL*RZ(GEpPc*_x6l4Fm=^ll+DXX6r^;?_S9zwrkyT-#
zp)=$2O^-Lb6)!u00F1Kg+`oRZlaWErxa!#9yqh!_h>HJ-h=@oSx^|O)FppmL{W~u+
zGjsX&_O=oD7C2;NWP)B-N4mtEM)NGm1MK{qipt7PcRQsOy`@?#VP$33LE!4`ZEfBk
z!KG^++Wz$SA3c?09s!&AtDGviuMoS{Ud%bhY%hmT>gr!|Qj<a5KE1dYx;!~y;b38@
z9vmEW{sUg?g3;jOpU;N+!7)oM-p4(}@lL{-5XkqkvQlqvZ^zcw*6@LWfievZ4N)|7
z^h{pTD06Tqn<*<RYY!mIjppLRU=%697rk?`wk{)ptU0*Ls;Q}^f$v5LAs`^=j|dOn
ztFEq|AC$HAlzfcPWcv}8Uwpn7t~XpRnIe845>m{IU46$JI%W$uJtP_LL$(tUHj*)i
zY*YsKQ-f=W(xkQ7{~Xi5vjbVD0wQUNsPh+YKNgOL<c4=f{JFv#wyY59Myi>tfG&Dt
z<ke-gcDfFGsxb95?A<-Yt`s3P&g_NU)l}0lcm&MxHi#q+KZXI@w&Y+kv9#+x2Ew~;
zGKqe8I+Z|EW7xrj@v_D$>B8{G`CyNQ^g^<NDVPefIjNS14P+M|p)1ccjS`gU>NV`*
zx2=*MCACO?IJss^!FDHBL?JKG80DvAU==0Qm~0|?Z*N)xS%1N2lPlf4TPyq$?0KW8
z!IubOg|OlUd_;7XvwcCQJ;fkr`~FBf#p!@!^s+OS`D<O0gpQaLQ-TP{VLgyAfTnEQ
zc0RRq*zwr@%Ww;nwl5F%pok4`^}K4ZS%{nZuIsoq`ihF3kFvx2)+M_qf>=UVTe~nc
zA_CoQx2)mD>;8N?_&3qY%8Dn{p-a?mxl;hrIXGCxB`n<h&ge6RuCDGFB07<19x+u;
zPEJGn^+x(pmY8SSTAR=1g6l)J_r>3zzke(KO=NxRpUkEk*ZSdC91^qE#^z8pn*b=G
zroFoeuz&yF<3h~q^geC;NsT}I*9}(O?Gp;(wV4;hA9Xt0QcnigQ2sqU?D}hH$i){-
zu#m^=&1|CXkrvlO%0FBfkMoYhvR=3Q4as1|(pc62?MsEq>!@oS9Bid6BqU@5;Mm6o
z*G2atzh`O%8dYGHdns~?)8U0#cKIWQ5V7kyb$jiB1F@{zZ+1#U7Ut(k^Hl-!6s*vz
zv&>Z~!so*1mUy^Yef)0Na#8C}x0&g>xP3mZDiJkdS@(lN#07(j&r)mlXBfU?RG-(y
zUo-f#f2L#k3Prwm$9+6eVMSM0ZhwI=8sP2arI*Cx730QLZoou=fkf)*YQDGN_tmGf
zm>3HAY)zPtXaOoaEKCUA`aLhN{pQyu7gClw(q(t9iy;%y`>q=V|8w-<P6>oc?O5}$
zM0U1wOpEwL{Q)v9&iD78k~gLpS10eK*SbjXmx9YE5Zb70>!<zg##l{S0{Q1h{R!A!
zcG!=6F17V4zCR_4`~8uF*RnK6PxM(XqOrgh^C%5&IJJi<yB7MZbSH)ed28o^UWJc1
z9k=i!%C?BTZTNJ?cbMn10+{sn=>hwsNTUO+3IexDom`i#-M4N26-<c9<meoy{8t%T
zN7v7mBdQ@Eaj%*kW+LSch`XraqyfsFSb*0c)30Q+`fyYpqsR2od0T_uWkliQS0vlt
zkHP>Y1MPTT-2G&Y{L~u@3yTzTb<~aRxy#up;=GgKezEtLqL+BU<I_+^>dMyERo~h6
z_~wb|@ZI^eF}%e6**KHF{v3mFDF3kMVcWEEi53fl)=MQ*`24Nus*%t2`UmjO9Y&t}
zb$=m8V2WWIwYu4VHr<`*wkK~fAI<F`ZK<5Tq|vRjd~=zfpReLPr>K%8+SFD>Ne|E@
z%S?^gaD{XTmiL=7?FiKj!DD$Zue<Bc&Q2DkzHABKhb}@^ZC;e3;Zz<*c46V0JplAY
z@gNW2{I$y7sV1-Mlh}y~EnApO!2_u3RO#PXrrJC&e}ie4ZT)%aUrz+pv^g&=gaiyg
z5SXy*GN!BAWqO1K<J&Xr`t^|;g3*R;9_L>{i#p(?j89A3!HPvu)cgkzfrE!HZNI;m
z^Cewyr^<l~9Q$Oa@yybTQYva#TJn&wUoI=4QIKrv+5(4O=B4XBIj?R*j!H9H)CF-d
zpCulm-8mH0rYQlG&&gRP6bru=Y_0SqoqSK0pEW(-o_iN;esha+Mv2J5julzT`S)Us
z+peL4ckdh`IpWGI!z1zejD&$QR&J~f0<%Ad&Iyqipf!E@u@D{jX;&lE$iR|Y<#Zg+
z?$>mV5kGp|n-Egf-EEUf@s~Jamsw$*%~o{UI2~=!$Rgi?UL`QqYEYX~;zu%P6j<Jt
zSiSB;ku?dpl@>fwKna#OJ#2bztchr7$<}zLe-4+&g|0?~Bkc>H*AR<>L2M@fA(Msx
zEhk<_+Nz8Tm*gY2C&8pFuhaX1?N|b|AQ=Kud@2vY=<Xcp5RAHpX}}|v#$@kjs!UI*
zyw66hK=;7_T`b}LWPmgCX{xM==<2_Dlem0!yb6BVN8N)b2s$@*1t`#m&$G4L7w5av
z0g8%>djP|(9{=GP=Cv?6J30Anv6s7;0!jkO(0u^5xZsD9m+vnR7FhdYsC@0g|44(@
zxC}lDqk1jg&e4%or~b39vgR!@yB<LvF?CN*k4se4-zLYRoF9GtU!HR=fz!XhtP@^r
z_nxDI?CtL-F8My*TPUq|T>Xn+1;Bh))4*U4H0r4GprD}lW@cvH3!<h=uPiJ|it_{#
z^Wg#=Y~Se=XSU|JoFGw>A}D*nL#T^c0^YnNrAuw-lFf$k(_^I#gygijK}g@QmmsaL
zL3>+Rb+RQ<ghOEG2a2tf+Wd5SV{qLL=^6eJ0tg(73~xe7g7EXLh9zsP*lTb3Ni_mN
z>!kK^^o}R~-pj0$<iUb+6U77Mm=Veu42~B_KdLxkZ;4<ngs2Mz(jSI?uoWjuVE?M_
zNQ;6vAq3)Y`f;+uTpll7#fU-gJr0@cyty<#w?f3meqMOKgJ!2N-C1fW{{lXY5P{|%
zTJrr`L6~%h^!<rS2POw&(3Rl{Pgn9rJS8t^iP}toFg|_{R+II0)EphOvP5=;FWfAz
z^*<dMs|5%IjS-2SPiRiF?Z<?M+Kn2k2@4A+VUP<}{v30IY>gMG_JaN=4P6E@@^P~!
zwAyw_9NU{ECM4vQ54dsZWvv86L`gpPH|Nw4LC=ft$@EZeKusc;^+1P-i;Tojg~<>X
zs%B@|ScpO}D1>>vFKx!AcW3LYj38+Q)M6fI@>O&j28M={{QUfH0Q=!C&?s3J#OfUl
zOh_Quou4;&3%k<LE;smFjhFrj0L-GA2X}B`O>i<}PiUe%-9LCZIPM6*o!qj_uqZ{h
zUYHGK@ZS5FnQcB@eRyZba`&yVw{w4Q6q)MZzkhYlx@#G=U~037naX~a9a+T}yQmmh
zXb=-8z0e45nqR8$p67H<4YWB;=h(c{!%_w6@Z`w7L#UA<5+qNz-<grwfV<_!{MUV}
zV4R*b@4Xnxt072oBBZwq^Sk>JwqxXT>ZmuJ-=w+RxOsiOt;YB=BVzo8+m9bh494CZ
z$qHf1#UKX<ZCyY5gJiVF{T#b$4YwSV|IzU_j*2^cWahv^S>G(t=NLa%fxdewLv#+-
zQJk)2G;Wx`^4M-(D}mZH1THUn5d*$T3#}@O@4G=JO?AEBke-csaS<`;I=2YHz~0xy
zUnO1XQcc(hNJ#ufMpe;Zv3P7{&&|$im+96pR5l5no}Oa5zCJlQNqc}<1S=(TJd0+J
z|7EG?us1fQ5m3d$$k_L<>i+JIO&e@a#1=@&Cq$FI215v+CgP)@5Jq#R2jq?8D{!c4
zLDB{M&rU;KUFPv^C;vZxlv$09jk`naWn===M;jeDIV)y+&8n0Q3^G={iBJ%{lorjR
zS1}Zs`1mH*L|?^FdOsaSoCUF4>;K|o2nh5f_^zP3^euTEG;NMW=Fw9?Zxp1rxsKpy
zw90+dnr@(C!O!Z^2O?-#<pY>rkQ)49Hs`_rs?dZLrHx)EC(A)?=(Y3B4$*Ia4E}pw
zk$Uag;zkC~P!^7$XT3SwoFkXp8_cV-Im|Siv_ISbFprf6`Vl?QaWFh@x^SrE01pfN
z$%r#6M)vh~6XnGVfe?9&l@T-f)lQ=JO>8VtToTa1$8G%v7(fJ<8s1BtqhwKAUp8`4
zO5O04ZIaVjeYO8Y13q1SZ;AT(LJRAeoGt5|ud48~pc4o_9^QL(7(nhMKV|gv(k=mq
z82gG*PS3)^av(@tU0mEBOGZvbwR9b?D!%>MqE%>peVr(V0td&W3iZ8;O7zP7(=->q
zUW;cg6Y>F7xM#Jcv60tvI^v_QG_z@xoT&r!9otz(Mh06rvl39vx<$cSKoxP^P}Z?B
zvSn+AnDm4bs@vP!A8Zb1`;tHaOcUhh=B5L$HE_+9yZig`+sngjLEFXF#w3}#13s`&
zghln5p4U3O`l`ff^2Y#dK39LKkpfk45yg21wI1U$&!hc%y~)LENeI%)TUfm!uzb5~
zF`39&JS#l*FTWI!FK#34{$$*6mk-Wg6N~a=`dgWO6=@hg$)|lGqe)yp2zSWyT@~l&
z<2BJp@z)kS=t9#yoptCqTn1LF3Ucoh<&(aHvW?Au^aZ&=0BIP0$MUG)dU?zyU_gc8
zUoLgLTiEaLbY2goeC=2_56RD)C_}wnG9S!8papaS^n|wF)j2dY^xmi4ejMn7#e`@<
zWr_v35k0OM9-4-R-f#Pe!eodv!+=o1mgOlc8$^?=LyfZ~L#tleit)bcD$9e)($W%x
z7<+1J%9Y?A0-K%H>vj+Cd0$txWq}Ik*ZDzopjy!FXxZ;c1Kr^4xWjYVonrT`(_=@H
zU!!~RVw4lS4xhvoVe8pi%_XnX*Da)@C6FA^*dtn0OEEaLU0lf7l<V_N8V#aOVF^tC
z(xR^sEeO^c7`y@;aReNhL_kZA49U(h3mfS`HZgsbOFwnlBwAT}Z5n256gGRNAH{zJ
z58=Z2iQevhln13nMY!*MIbv(zS+O>>;spB!+#RW8Tx^a~Ba^ROWUbY)ByB=Gc@4#j
zTkI}dSSkk?QBj#W$idp5LeNs-=($DgfLxw)r}|Zm34^#k0130X*=#tg`*L>%$cVwF
zG0%85#xC~fR2M5u;bCoUZ8QtaTwGl1KpYY|*gQ_}2J%m3`^H!s8%_K#j8is)M!UzB
z!*;9DlqHRgq0Dq{pn4^ooH(oiLL{o1DZEaGk3TN-{CRi$s-QLikPX&z{9}L|jqA`?
z-XaoGC-~xG@Vb<b%rwFI1;Y`VyqT<I0qdR_$!h|2Ys^L}-UojcUnFO=7*c|%^VXJY
z(eJ1JKPtGXp7eQ(<lmuOO;m#fWZknwV|=(HnG5KH<#o$7c$h6D`ktYm*z0G!V#b2E
zcz?!gYNB$mhIy?Q#oL?*=`Jgwvyrv!6XH0d!jUg1-x2GPiD>D~y=2yWYM4?`h?~3n
zv#|s`eEh>*3I=R!Y-tZ20D8SUS|*zu&AOY^{hO!$UlyRKsK~Xk#R>|A245EC=l^_A
z*|c|X;Lb2}a;jy7@#9i^fV0S50EFKLg--?9jzL&h?>PJM&P)r;NovU5*|=&90J?0w
zaWs!cz%E)h#%8RNi*j|HaC1cte$7bcj`c6jK)xCu#)`XaW9)Y^%WO^?BUP#m{SJxD
zBO|GRR4y8J-H0Lh*$Ut>f6>FY{dM0=#*QP!b!LGQtc>Kk&(_pWs6g%JwiS>bJ%Kw~
z9NMWi4I5BGPEJG-mw-2TN%X=anFv;4{&Q=P8%HT0XKq$<<`>oXh-8H@y|V8{CP(}9
zAD9V#!}ow1lKRj?Yz%=oI5-%LkB`5O9J!1G8eyUDqgaVX3Xp)*4Gg@Dm71T<Hf?%e
zrBkL|+Vkekn<>x-oSy-**mW=L;~4pjhe5SNJW-MUZ<T4tbj`4M`sA!TAd1O8fD0Qz
zfQU0!GDvJGr=z3u*LBI;6)e9lC?H8JiHZ)}WAwL4S~@MnKp?zc3VfI2auzr{I{x#B
zqnIPa`6VgB^ss-63sQ5fpt;RGe4QMod7a4`mdX6CMx&QM^%fpnZ!a`<E06xf^DSk{
zyRKlYCIQFCxfORwO?^f#%dW&VV2Z&dCu6l!qk91Z@So_|XiI%_Iap8Sc>>gUN;FA-
zCATK=;oef2f2L4IL;|)SQv!cJa5xfy<f)*fsJQdfo?Ha10`;5djmtC|>0km+H@CI*
zwY5e-%zi0xw(-6PQroM8zAC6B?H4;hZkkItneV!gsUqD0ac<z7)H(Edju+;(dJYb~
z|5s&}?d@V^wVBFerZNVM6HR@6ebzys2pHFzk9GsCK{x(hVb*_nc^S>t_Auk@%!w1C
z#*(;C<Wd9|DD^_hjQy2!5v61iWoO`9C<LP@AfE~SN5ZZNZH#0x0s4N>{Ycg#VpKCx
ztWJRaG1Bfr9Y+u=$@fyu?O!x?3}Q-@um^H%UQx49Bgrx(V<QX>5mcZ-;t~h_U5<!~
z1TaO8iF<#Gy(Wm73*mb@r;`KYbH8^nEU9qoPi02!;5l%S1ZzyX{8b=!*C*?-;1}@R
z4uIoRYMp4Z($iV5fi&lz%xO%?ju&<ySoi7S?z-qnbSQz?ovi&@1nk5909YRE7aYI-
z{7LWuY6o_iUfs7}l;rFmkN@>-GAgIw<c@D601;3efLW@lj{`~ZK=^)5S_jm(AfUEv
zi-W?v29C<-|BKqj?gms04spPl#RQ{G$ARQt1fCu69w_{b^mqz+yCARn4&=GYqDobp
zT3Sj0B678uE;p2hnt=1FV~`OM35PR;c)G``fK*C=j7@oVeYF~6dOimh1RYTIwl1dh
zZF__S1$m#9HQTQSTZ6XFDj9hQc=T`E^^%5Xpy4tNcGkcZ8+he793xVC|EM(7QHN77
zLQ5HV)!Ad{&v78itKOG0Sq$MaAvfr9a{(+BrC!q&<*pg}9<<!5YG^+HWm)P!c<drR
zT$18)7>7WCkqN;EsO;b6L|L$gcSEte`?uKRe$kv^!|fiR4-H|aH8XhXrBZzRfTs0d
zf!mh+lg7t-50o3Ti-QFb5{S>ucF`yxYuKs4l`0q+8Oa5DeKOEl!&m?PBlz{}SGZ=8
z%C&L3myk~0XlN3LA*rJP+y|f{p%$rTw|m`P9g9Pb_8XQ|K&vzv1`eSi7A7XU&)Sz)
zijEEr`2x0!T6BzztST9TxHyD_lbP>G+Sw8MVNiI*C(<bmhTjtof<+}h-vKIxq1m4l
z`-hbfDvrIm23vb)=Q?T*4wWwn3HgG)53Pqyj+-766B9a7Bro3Iw-HfyhhTH20n?)j
zklX07ii)=tMwwYag7fvbJTM$-uw9B<Tl?@gicDaSmX=mHThyJ~=|>=HGXLipyHU3+
z;PPdF6Ako0>CRUH1?B{Z6vKdb-kt-+p*JWvI4LkNFaezK{rlhQ>N+Ya>IIMm7i<@r
zCwrbWavfMgLP99u)t5i9CGNPYjXQj*x`Q#5uuxH%w-;JmOOzSL3-a@I4ri+JPN&NB
zk*#=10UiMQP4B{8^gR31d~gk&nu6--BU3NqcJs@X2G>%<=QcVn=c-61Q)0iCBH$(E
zd-6E+J-Ny=JFlh+?5;y#Uqs;EE3~Z`Qd{=bSTfdHN_!CS?s!ni*|0SFvmMF)&5ujy
z+A4!SCwTU(4H4&WKh4p3Naq4}Molt}n4+n5h$V1%)tIoU!Q)AU*l|z<?+s6$*wm9r
zTXJi^2Ug&7uinUK&Cg#&pTWbx04{-bb*<;|+Dd6d@BQEEk8j<x%=m#+DOWU(`Xp}y
zQFZ*?xAG_HG?|YyYPn&_hpg*VG(ItLy~^W!N1-fL8Wg(_Y^n!Su&z~i23NqMKd=WS
zfzq{_0rUbP=bee?MJkyd2-KOgx=HImF$jZ>4i9s#0#Uco*1|dJB_c}DSn!e53rn%)
zuTy#GM_1(CF6z3_pCtk?rI1egUdh|xcjm(f^kPasH7bX)OwO1MG6TArUEu=bZa#%;
z=*IVXQFEObOXfj&S?qd*mK`*9Z%jVma|Tz9>NCNyj*zwKqF58+xVZ&5Q(-jTJ{!y9
z<wpEg_C&RE?ru$ViJl4*=vjRX6}mN_Mu3FXLgL!Z-`m?;$imCZ>$5jgb)2M;s22{b
za@V~X+$!(ei$I{tVk*naZ+$;hvxzp~s6atSkMR8$#%Qy&Zy$BNS2O%xE|TO+)BB!q
zKLD*3YW1x1rptgg&QC{2XAelz@l%6X-GG&S1RR_gILm2O;JvtDO-6<De38%J1}?%K
za78po=MMMwzJv99HUxxc7huDCKJM*(zATL1+}ksl01M#?EX)Po#e<a<brGBS#?z{*
zs!VPk9<ehC#;na}rpGJG%WA?vgj9+k=4@w)|HXD;)ilkeSm0pc$pIUy(y4QiuE_Mf
zh+;=43-f<*I_D|$XsP3jN#|Z-!bt_C^2BPM*D|-V{Hi$(C)z342s=Kqr3)%8$4jnj
zom}^u?C`>R`29k@U3}Dq@yDriiF(~RE=DF&Mm3I?iZ?<4XFr^A?%|dpCd!Vm$FwY0
zAh!?#7Kh1#7jzh+nJ4hnXt8<ubsJWEE?k|?56K^Qv6uEgAD)XA1BD{o^>A@N6PTcy
zfT%h+IekAqJNv#jQKGs2RAdf5Dog?o=@%$!ZKo$EA0{U!gH1t;Zp!t2e4xLar85Gq
z>wKGM!&?uJW?<YHd^R&HIypKjK07}zBj+-awAT+UZ=s=~dFiq>LR0bMhm=*6Tz7MG
zv$ng3hjui%5cg6XXLklLx@O76JSJ)Y)zd4}t^to~c>_K<@#V{x>%b@=YUziU^zmuG
z`jg5t1k{u2yF0H`N$O?b77f6`!TmlwKa{un3K#euj*xmEV_4cC4gKA`EcFRf<Ak6&
zt7493NvG8$NN05p5(7r1vm{yRLu0a^5&Fw;NqN*ic_kVFr4PEZBkY$$yR9M2e)XH%
z&fQ}9geUY@i$Y!ljuaH#uMQIds~ikzmm9K_>4&o^1?$=6!8|o43PO;TAqaoLix@HH
z^YayS^AZ|w48LbE>&Zs}AM7{V1;6uB6&kQJ?uE!l7@NO@z(Ee7qC(wIG#$x&OxIe$
z3+od6LclS_hy&MQV<L73&1vM&qkW#(nAR-PW8pU|9MB+VjY9%_{^VpEI<7xaiy2)Z
zGz2Krm2odk4&e%wxR&uzGTTIIo#hVoW-EZ7p~gg@Nb#iO#QacRUXJOkEP0KNla*H@
z0CCc;FUHzIN0@YVGZUnsLwtr~AcXd?W3d%y`ZY>SiImxaoJ7Qoi!w8;B41MgC_2dB
z2EzLL!;yJO?GRJJcyvz6a;Z(EjOru!sX_cENWW+D%uvR_iN73aa-m&l{pg~0&q=xo
z9x)Ikl{1g~^c}G4!bQW`&-xpkNM_E&k5+~yJG(E<46#u}Sz*5iu}LJdy(VeCvjrVZ
zNtkd_1ae#pJ6Q<igk4csMult5yoaT^_Qof$<WvF}i2@f!@I4cM<||hxBTB|w$g!~w
z>(@L$WWmMMn5+>1Bf5~*WRzs%+a8~QTc@XE4;`be<-ZuYpu{|*w4UiT=ZpQ+CtY=H
zZO2Dg?0xmZyyXJ;VXXRg7y<mHneyO6%JOq_rA(}>=E~o=GZFm04?x3Fyd8~032jEC
z4H{!>RSVQxGI4A4kWwp<@#r@x-Zz-@)CIp5E_!tYG*?&PU|IpeE<#jHECNVG;VsU)
z+ViDvEB*moQ0-~>E({EdaWN#PmMTr}gsIv@jbBDV@7??I61p}XCh$39D@{K4%?1D{
zfbfG1hyk5|7COYJn#H?E9414`$XN8=)%Ef{6;<{>7!39=Ha7Mj&=(28lb*(p1c8nM
zNKnDO`D=uqV<e7vrZCEY124m;o6%%z(B#lFI_484_xv|-U<be}B08G?FJtlmD@YN9
zw*kvl*m*~boSfW1(Ei`g&n(JJ3DKDU4Jp+EPIx-icp7*4vHDZf1$^cQ01RwsI7$i0
z$#Y5I#XwK*JZ9?&EIc7q)!|lvsB8V;kqcF`M1{r|77QmDA_~AA0*e#ep*%R5_po<q
zlzCG{7In06aX8MdySY!F>fH^<?e4~gwwjjK+Sf_T!<**7RY87Wpg#w%RS;Xc2cr8Q
zPY;g`v9l5BZIJ3v_S`8c;uaMZEvCLsj!#JVK!J~MiVXpbl8}9yR;9@oP#p^i-ftU0
zK}N7zUc}Nuxc<<N7H4%Z*z4_8;E6t^14-;H-zF_nx3<h>wX_mUy}VjYfxWH?;HN35
zIHo}O*v}jq{$D@N0zKL1Y-{utXlJI2-QCYCKyc_8JQ9YyFZd#3fb(0;on$cW4+Ff?
zQm)@{fC?dz@VRSxa%Vm`R^-e}{CD#$-<+1bVP~GSQnn#gGx8EBwe-}Qg#B!8d;1bh
zLJHCxwf@WP@mGHVD5r;gSoOZXzWxUqi!f-H!u0g?LZ3c-5Zu_<5GEod6sqU9`~kjP
zX6Aktcs(`J_H3^c)WhA~bUur*{4Ky5P74h<rt7!E)R_{H{u>ZI0;oFRz&N!>Z}~W*
zWL{gALQ3|^lV=!OuSvE|t9MYo+F2e>{&%NCN=r*`elceM@di5u9HSZ>$wN|7NS;P&
z75Ev3fE#RpabE+#-*j@U2_T!NEY9?I-PQXA*QF>@LA&MiWMdy8kDsBqLDs$u1Zaq$
zOpj&N%D`$rM80S$S*vPoTt&fg##GaTaDkKKz*?@QXB)@`Q1l~c-z@O4aLago_9)oc
zu0RkkR#jGxw0-|RR~1m>2yq-sE2{!rTwHGePj9ZSuRp4!@iOm32`o0s=Ft);&i%I>
z)JoGXUCi~kdQ)0?Pjs{~8n5P$$7TuIVr0j{6^;H|9nW==dbURMP62|>#HPlB0I<E{
zwAPQiR9wuo6c~t*o#dvdp{d!{akIl3U)=u`pgV9f1mW=_GXSx1AW!ZhFsOmKBLkQW
zN-J2yp7!=tWdO4r0E{uz>VEo9U$3bYw8twz;G967$#H0SxPhIWy{@XEq2lE9lywJ8
znPbp(c|LOM));R1-tG(7f=-Es0OteH<THrcn>X|`jrOLU0HKJYqoc0_jo`_GJO#6l
z>4mR1n6GP386|QGihUp@d`5>vM@JI^kxDUJ%+tlv(F*X3uOO571p&gKl96H!+B6~z
zI2V5fL`CN%I5|~;J*sm(B8|Nc@IFVLiW5IIkXvxc$gGk<JhZqxDLcDjrrtWe;(DgC
zvN8^op74!DGQ~OR|4L2?Y8xNDo8x%DsV?$~A4%lde}zKPlM5tDa)pm^5FtQUbrp2l
zinaalA%D2eY8vhh%bR#AxhKQDFPdW4^J(G&nAXw^3fgL>h-<mcJ}D80!IhJ)ZYnvX
zP&xJF?~_zm2@o7=U0odm6&5IqKLN|MdQxnie#OyGr>7kPQ}hCa7amLjZ#o0+Xl`Ne
z)8p^#Kxhj2iP^9z?Ru_831n%OPQC{SF!hCLZ}?MMQMcXeIuMkf_^nYet!+usaSAk;
zz4q&-ktoDGYHdw-K{Uqh5ez-clG|$3k-(x`-Y=FHU`<jc0$&v#^6>Dm3pD{riTIkD
znuVx7@K*#&KDT8qAn(|xU18+i<CO)*HFyt%-cpY1`}_N2!3*cK>WMad0TfJz|Gr%9
zfRL9laLlJx#-NrTkyRo}G->Jh^|$(<O-K|ePPjQ55m+5gI7k>IYA1iqvU>tULJmQP
znMwoq{oWQdg}n_USHSE?pzuho)nIOf2t~K7u2um4ZU@Fk6GSEc{%rz%j^to#dTL6s
z1K7%8Am8MbUm}#7mq!8KNR;2PWu}`{)6l?qeti6^zOJrpB8C-Y+OmLMeR|k-X{4hx
z-SBBJtrKuIyEG%Or(hD0grP8%A|9`lC%%SFDe5)_sz1`sGz|`l69)%Jkcx^*4@UP9
z<f|6TeiEB5_d4LaHYZ+@O)mRs-5?clpKIi$qpLef(jfuBU!(i!#*4>G-$#MUf=!ui
zoe@@A(1bPcJ(Qj!e<S@$mo0k8go|@d!K;z~zqZlU_40JPDBGwFOr0b!>ek~UInotd
zob_aRg@wJAU{<X@S+>sra4c(-)*c20=^6o|oWixT2l|*c0|SFka#q&EK5+A<LBA!*
zMF8CHS)K2r&t>68RZWd1@bs_Gz)zam+}z|;ef`?d6?`T;$beaK7&KOX0vemT2W};}
z6McAicxmT9ww#2!o|1-8h#YWn>;a!3b8vL*=pP<7cE37WaR#014>F`odq6prd%fg|
zJvP@RfN%K9cVlhsyS%*oOiDsREdb5$)<H~hXm`32P{>h`4GDScXr=QsRe{#N4faix
zXMp@Ha02HiL5ge1sKv$FIa}NtLp=x3r*n{n<h_P1)LM)S6=+;<TUE4OH2BN`18JB!
z@we(=hxu9F{Zlb^nb3mR6YGn&7f{9~$w{7!?Pj|sXtV~Ol@bwu_zz8ryl?@>hJfq=
zWjnYxY11GOVf&<*74|aF(OrS{^LYp)hS$r)q7@6`{$z=X+-+w2ihtZY-vUK#9jE~h
z7=XIL%WL+~D<z38&X5DSNmWTfLAM3`E*>x%Y`9@Et;Y`s3oUOCmO36s)_%pS?#49P
zt^CLtEQ?wd1p2!64ahg{FIJhp`WZ_j9Ude_gAD<9fpt>g>=q<Gy3Z)KGBYy5LB3bu
zDcaCLj~7P6y9Q|81BiO4{z(@&#F1o)2F2jLjH6ZYw{LN6C%;*dfw=5AGn2RS6n>_p
zY#&})k}&jD0hnNSa^5Q;8W|v#`j<tB4?GxGhXl)GFTXM&_p3JCr4hZ7)MJs<cp52`
z&~L$_V<;#EV#O@Tv_9}I<<N`o@HPgJ16u1qscYk|(NXo9C!_&5qlC>|y>$%;^5s2*
z0Sc3hiqFt$_wQ$z_M}b&SaMHsjrHD(Fd14O5Mb^DR31VNGK80)Ensdm)YObue?CpN
zm$*CX*0r+QwS<7l5p1k9H4Vz?1h)7Ub$Q7>dEYxAy2b2tJpPN|ybu-<DNQHs07(*a
z;5L#&<Ut75V$Un``22iO?|(r8;DcSqJh)q0eyb^HVxqtYY{pu8!v3pZvK!@vE$vdr
zSoYcKh^9Vb#thWXIf!ev8Ka^dj%Wn>oEp^lgXf8g%gdikuGyBih9%e3mw!M_<}^&Y
z=knQjgQP5QK}_~fR9M)x1rR5Z3p6YOqPKx{SAV)W?Ar`vBZcQ~&mE2UV{}OH!C`4Y
zG;`5>ynndA)u$sT4fv?*=H^BKfoYUzfv{I$(=<@tcBzzZpVQJBJSBo5c=v7qb)`iT
zY)_9=7)wZ7f<I_%C^!aj$fi#U2ACvV)W(mk#l`aPEI1VV0=2txYcY#lCnZ!vk^FDt
zH+%oBbZElzOFQ>jJ6TJ2mA3{_W3{!qe!njDHJW;<yj6?9x$dKxhV6Avs%Ds6*U1I3
zb;^wQL7!<wakIuW`8Y0am9Iw01+W8ncxEn8-o6L|A*N&_F%=CBEdz|J(9SYQ;p=f5
zR~WUOq><qh5F~i6|4uZ4G=ey0dO;OXzW1GO&McPv{o&?vb7|cH){NYA4;W!$XMY2s
zYuf?ct^S7hTcO+4N(lR6kBHA*V^<%TtLe#!iIaOF85I>38jqsDF76te0enD1={6uB
z0CSg<o!#0QjlAIgDcZyT)3Dfg$g#60ppfE^=4$8_1cvVm;UWIAqeffvsQYHUvuvRA
zdCZqXeOisPEzQadQ455?lf%IAFCC?YBbG4hY`kL{R|KTjaFi5E-zq1y;5IMgnLfN^
zsC@J^*_pev-6#0n0RxEtN$0#5^|`w$T3ubekGjkR9b@Gwd@>6v5O;byBQ^Eczl->Q
z)dxp>F3|Y9wcu~teqFc=y1E2VIQw!XUofz<zn;o~Y>(!>$`j*10|9JOjvF8sQ=(yE
z`4kuQA;W+LAMwe}*Vi}VFeWjPu&<h}&z`(=(vtm7Gv7%Ifa`fN!h*GkcYyl9tju5;
zA0*#@Xce!@dk`9izF>rw&1xA;XhSP57#-V=P`M81|3P06Gr#_lE_blyfml0);mi3n
zW*UN6kR>&fj3wm!C8TOR`Lxx920x?MZi1KP$kp*MnA&oXYS__;sTFo)7N!#xO^ME1
zRp_cQ+y`DyKPd}L;HvI`)Ytvr3gZr9bTl;OJ7l27Vq1qnjxR4OENvpw)6;XNLlq0~
z(hrxKovn&MRa72*CH(V!l`u6m^&n`{203aIAik@Y^wAvxu<zlQ^z>aM2zj5bau)~+
zlL8|n;x#-gaL2z@D>~-BWFpY0ne8A4Yu8m(1<ier5AMo@OyN<mrH}Xiw*k(bV_<#|
zNlep`04^2es4uy5ONdT!4A5G+*BnD$0sWcAQQ`B))`tX7tAEh`6wmGhEAGg5SU#t?
zIECG=%mvkqGA)^h*6TBg7MI{VLw6^nPu`zd#3Q#!ks?!&$RAJ}y%0$F>-L9&q^_y{
zD|jyZvkPECWSX_!gOKk60IV^3+#ld2L7j1SGzIC3@8`pyME{xrW$-vxHiBWd=P8@_
z{3+-T9_(Ch{ka?{$v2xD8~m<%>~buLq*FYfXDV4a+s-uNgO7Vb6spvsrbmrZ{=b_p
z^lQz2IezVUw8|MS{~#E1crqfv#vAs>4eYc~?vedzdp=zH+i%8kt&aUg&Sp`36^A&i
zm7}h<wGkc#M-NCh2p?rTIkVv{<bpm4QrO+I#gf4PF~o9nrJwugfY)?%2tA`1zw$D3
zjW1q}$cEF{?d{uoCYl-=6M^iPqbYwD2WU&UdY&910s=xl02HJc|19hDfVyv=ywM!Z
zNJrOyd$yfd%gZ1lG8el6aEmf61Ax7brJxZ(!SWMzFa^zwsQW=yR`w$4qJfB!k+ItY
z5Q@*B226i13X*ye4C>ds7^3s&r;6r?0u|?yuQwAVcglEQDqW#T4~TbWhWCaBZH>hx
z2><ewH{0AsoFeJZ2rCVu5aeGm^(Z~3PUu}0Tz>ofc(e?A#8(vO3I%tNFR?QwVmE5d
zTMoWP91cnO`{kQw@!2oOYHuPLa630}!eKeXv6ec_)9F;IIclWzf`W}No8P>9_pWAJ
z0Z6XpgHd5IF#?gOXlUF`oiSly_M;Mqqj@2+Rhk+av@C$#SRJ^Py#x3t_*6wf;kY%u
z{OA&Gm6yX*TD-ti5;(R8qY<dGhPt-0nUIlJ0@d;TtDRwVJ#<beCT}l0G&wb@@pd;I
z&*@_x$@w$;@R}^nE9&^dVYLD*ERuS!tqEhjFy+In4-@A_el*1Yz{oO$z3o6S(m_-9
zz;v^CR-#g1N2}i1Em8Nmy+3cw)@md_siLdmK<?#>HhYDfd1laAOxw$fi;Gin=qiDp
zxtPQ;Ydhcgj*O7-BbSQ=aAHe(Z^0_Vpkf(x7hd$fTzDlEZ8g5z2J$J~eN$8Q)i&()
zPoOx&3TbP5Term5=FUf580o1oX6dy-N?J}WKPrt?oH6SJISZJbeZkd+T)8|SKL1C{
z<0py~2)8>7Rb?-}45(fEXJ`x^m}Em7NSPq(jGjDaHm%x}hwt%3je_aOaq_D?%F@Ca
zw?e$`cq@;^OjcXYqsT?jgnoU<BwIw{Z^I_PDLL<uR(PwRj?@Itby;)MfiA|e*jZ|f
zi+eJ>vavaBp|F%0>qqx{Mg#1V_@?cyusa3rD8`2mA9$G<pG23xGdiYVV-)#Qs@~4@
z76czf4qJJ&fJXuO3KnwebGb++UP^ot67ym{UqCWoh0%@=ckUrzpTecBjaZp19o}&~
z!)xw@j(PB;XwyMH;t7DL7Q=nDTva3`VL4-O<>Y$3g%}Ff)v&>RSD%a}PY`woM{H3;
z6l7j%Ij>IOG?{vX$ZjA4WN#NOWUKGPBx>wCO=vLvq=!pI=_w3o1{2PPuBV6z&W}Zd
zo_+)$;C#zz-uPnOLC6<We&4s(G+A^XEJz{Bi`BiMBTY)wd3=*$HJkT?<W)@cY5PY8
zoS3merNTM<3cQZqQ>C3CTgO0K#+dO%>t?vbHgqm8mP#}4)6<XialHYC-FhxwVxq5T
zgDGe<<a0z}pcg5Y8@0_&dffu0fSrFGUcToWK)#WjEG%(lMr}87i=sdsqR#|?T*vz?
z;2nw2Xs&GEA7crJwf?7IuL0;%L11%VCMb$GSHYNMDnj7-y%0%|E-%$C+i3>{vkH_9
zwnRlM@Za1S)y}s!rL@DDBE%_iasNs|8UXO5vw6lWw|{qW^h&fq`hI;t3Dh86+qwF(
zU7*i<0%RpbOhi;}K2XOi2eu6<t%H3LU{jp+Q>2P#Sd_=%Ps$6__V)HSaNsZ&h_COX
zB0%v-gY?XoluxZArny(k0J7#804ceZ_+X}0rlx*rKn4Bv`gzPt@BX|1vgK`6j&i*?
z|HNd)z=#@G?;>ZgY10TJfe?z@5x@DC78Zd_s%kh|>^GO}cM!v$<+_B25ruO2?fpu?
z@Wt>>I2!NYtK>T$Hy0WS*I^FH<dF-3SJPT>A{}rxB<D@`PK*{l!tBh&v5Arz1$twe
zd4kFLMwlt`L&JD6qFCgA<)%zfKN`Mu%<e4gI}*iRPCa)1#|iCMp(&`ep5^7skh;!Z
z0ek*Piv|35?ZJM*^V3r+ey3YtlT#Yid>Z@-R0XU#fR#;vMkxw>Gq6EGph@!)7)e=f
z8>wd1gT_>NcpArGZ$Rc1*e>u2t`h(es(rv=Qqt4)X}Y<*z{ag~?NUNGNw6!eVrpU{
z)b#!P=B0&a>9k+u8$m?xUI<8TB^DMIi%&cjgo9{2FZQ0jx3)Ii2T#rZUQ+U9!r55B
zD>Pgt7s<lv5-wG_Fda;o67Z$Op^*QtgY=qa0deU$aNxsQsdjTxp0X_m>eKuL)Z9YU
z#Stu9nzeh84;4F_vXQU1ASRn1gc(??-0_=L&<Q@lW0lkGE7|_wBc>)LbQgU{x6m6%
zU5G-DP2_|dW$X`Ho+CTlvk{Gg#kQPI52xAGxYEd?gMBbl4kizZCnAoVEADXzA9p1+
z&eQU!;jb)E)wEoBYBq69mJ!AiN+txClh-A+5V)?GJKN&dh4P}~`yN))B-(Y*&L}W5
zZU#;o$E0ZO&KH@pki#8ee}r?sq)KY^r74=_G3yX0mV!`wwIP7@#;5y$8r&7pSNH<a
z*tU{wVE4&zeU{aG+w;EaCWzQbupTHqTZJ1};P!EV4M;1193orrl76`sWgBn+e=OPn
zJUJfVvS!Suomw&b`1tSvC1~j>Dv$l7)?}xpk%FCR<>mFjOtM)H0^vU9JwPtYJgbs=
zuRwOFf`uS_7DN~@`40a|Sv<+|^J4Fr)vR5T>orgXJ-=-3kUB8V3ChZH>YV+{tq*sT
zj_lh)RC2_P{lP}dbVh8#@3Q8$Q9|z_-FS^SJvmNiJs>C*@0A&f4QX`15WL}0KoxFG
zz0&*<oIaGJ{-r<S=iVbbA@$nk3kM|Jd?Q2oJo#PWs;Udj6Ss<<R|=Gsri8c{5Q|QM
zHH(1?p~}=yY)|6l?MH|q*|81?DMfnw{h@H}s)nq%(`vQChdt)fUm@^G$mz;24tGo7
zR((m7f5=LcvV2Xeyl5DPQcEBNxO>#eLCc|d;idVOy^9NnUe$Y9EzOD-o8U3;;ojQ?
z$#_#0#!LGfgXuN}1qIw-ufr@D<;@{LmbD$f5C9n(!1v3|C-r&;=ql__WV8wdwR(q!
z%4e6BI_!WC*Z_j5dWaApg^2^l+8Gh@Bu`DucmYZ3+?F&dc(RDGjsVQ_x$2Jtsc~^}
z5kPgaDgvt0RYFqIZ!MO@e$YpIM@Os1z&0TVur1R9=mDQkqWi%6qk+J!0HGEXoOxg5
z0=e2qx2<<1?~^akh<J@p%wgc>x$+~Z;VG*EsPzem@1)A*y@OJ-u|+QWSup;0KOJ6C
zKksr%uf{n#VjO-`mycd!Pa5AY5n`W~H1C(MzWpL5j#sw)3zULdO0LkHN%9OA$5D_%
z0h>G8Kjke|^O1nXqKgP#f1@=Z`>U{mVYv6K%X!AX5bHs~M2Q)0yzFE8jf7=OFEQL_
z78~pZVg7V<ZdF*KjO>fx?=c-Q)qAw1EOS<@o8;^BuG??HYBz$NSJnj&S4uh^SG+gn
z6%m=VE+k<Cp3#+mo-uABEDA!)-`WDFlC_^bE0-hM*$PC8`=`D$=yeNngxw%%Q@S(S
z4DvNe?D{U}HdFYdq<WO3q?YPeDd{t0t4*6(R`mfb^uWjAt>}30__tfpku`I-6<k}N
z+z-rC9z7l-j$|ujaF4jbF@-F`!jLDhLKzgl-6K96&lJ#(mL!iLKS&C<(-#p%OT9s?
zAB-Z;Lwp!aNi9bl@6Z>_;A9HrK9C)=_SokAO4rejMlAVrq{+Lm;&miV8!0T<-+VLq
zTs={>5RQyvGFya@`jRM%k$C*eE5C)^up%h6#PDSUMCyf|IXW(tN>=C0reBJtj2#G4
zDZ7_$H@zCR_)AI>EW;a~ew>*!;a!i!t9MmsPr%+!GV)3!khXK7!pPjsnLan8pa+Y2
zA3N{4#bZxF0sHr<kr(bj*uA;Cn6r&ZwLJtydko0#adW1x34RBl03E00)q%W5`5AEl
zVF4YzqH&udn>9()$lGt+`6h4TBN$E3{PUY4F6Vhq%rmArT_JIUHXFr}&2g&kWR>cW
znAeO9rrs5JFcRm%JbF>p=9ct|B5L?hUKTZtIMrUvY{hl~{v1YQ<mgA0G2gRM8pYiv
zpCpvf?{r^1jmMrDaEcSCNWOW7o4xtSu+W`H3wg}y%!q-OV7L`i9W60`pj3j(=j;Ex
zJ0K?z^x)b~uZ}5Je=+!ql|Y5=d{<)kpj8JhXe{Z7obETAd<6HqHwmZ~>I^c8YYb7<
z-&<dcI4r3?Y32RkSHDWN1p=-<Sm|z_-@~Nb)pD}6!EaxY88iC!TfW^l)yQB%7Wz|r
zjic;aVLNGpxbVBZ!%DuE7lo>+795BJBk(^3;r>Z})0xzYZKsoLD@GxE`4br;Djbc1
zvx*`w=XHOYqZ%J<_hm)K00R3d4<o-$P2l0%=qwC|lPN_KPgfYa{RcH!{iyeBSEXNp
zhOq8z%PGIMS{oB1OZkojF}3ri;Yop*R*AQdH=_RsUwkNy?~7Q>QE{0!Z}mG|e&?NI
z$8fK?RuXFnlui-PGb@8QXbcNQYciI|?4=$fe}2zjlk-t|o}cg4@tZ0s(w~H{&mdxE
z`lo>hqr2nwpv5y7<C)a1t|n6%3=QY^LY_c0@g^=bw?l2(*!)=p7P0NgJPx#^CFTE!
z`pT%Px~ScAXzA|m4y9W_x?4cfq8sT>kxofT=}<Zkjf4nN(%mU3dDnTr``tT+@y9V_
zuf6tMb3V1wjD+}q?hQu^?n9Lr;(TV3eD7AE7na2pg{FZ!eSy&i_qOdV@nR!h){Hg`
zxCmtK$f66rK{Fl9YkNgCH>|PFX87xWE4(KhlOjL9OS>r<UY44SuKJ6gSS{u4(KEBf
zn1o?>EIq*zytS7}PnejSkb;HRW}tx&=1{bg-p2&KBY(!x-F{?x-r!rI3h&J;Ts+#M
zuq%x~R*Zd)y87hQ^PQRx%rZr+tsN(bVJ_7xUW!BLd!Z<JRBM03bKd3<NppOctxOVP
zZ)*)%6>iF%hlX1iy>aRwaiT<R2rG>OSRjDi5P@1lWW<-Ihxabiv7`AIge!FZ*@`aI
zeAonJV6)FT8`F$BV#o7~BKeDPtXd{$J_+0OMFN4u4PR=R`6;DR2twen!VeP7+>hF(
zs-QbB*>`9YX`1RZrDe=7%_l4=rBA@~LwY^<TMmL2D*bp`$bzVu8(j1oUshBzz(C?6
zeE0Msf4kx3=TnXWa&+7rRLOvx$oOG}po7;dhsQhF_Esjoft$C3K7YFi<a~KCPp(~y
z*L_=OqGkQ~he-YERDB{gcifHW14Aw8bBtw*zFlbXxYFoY?UXleGU@<=*VWLStFZ57
zxGuZ3Gx4lEy7x}6z9xr>=HXTxdMEX-LDgrKcHbP9tC@^90N8Y;uA-6@aMFe9JQ|~>
zq0#6K?3cN1fT&OFzXSwdIjSU(D$S-+&jW4JP@4;J*xyd{|H?;z!PP8}^a{g;>67**
zr%T#6WuVv031+IbnQbg!0$ssDKM(zdpX4W=m2;YmOYUN;Lz75IX(a*eO_`B@*M$}J
z-m+%k2II`wzkuPOfgD8rF+^^vGMWO1{4Sg441MzSJwLL%xv3bLf=5*z9;&Ul2W3zM
zE8b3(R!OT#vqmx3Bmdjoc;|Dd+P<xX)5Cwx`<X#!5@R~m@<C{v)cbk1XNp{~k?ddh
ziN#km68U#=J+dbHa%~iSa!!%MA0g=|T%P)n%6f!)b<>h_beW=enh~8^`Qz`?0j7^7
z3h$V9c6RDVW0vb}(+1{2HbEVjkNFz{z#$)DWZcfq&F$c7+poj=`1Ze}wZUT}Hb5Qy
zWHt2W(0lcZkjcO+B=0yz8Ag^qw@<xgtBa;@7$osr0R)lJEgbfO2j$?E+Q4ip?s~H%
zaz#t9IJtuIrx($tCObaLv#g2)qT$F}e$YGDLVu9^zKs5KU+vcW(r?CTAqr?&41+Bc
z1)jN{Yc)Gy-GtWXWW6>YL!lk*#?r|_{iWKH)sC@C)a}ewt(rpm`;OGWY(fIarSK2=
z9@^{WlsQk<6|Ms=e~PtL?%l1M9ZGN>ORRmK{WJW;;&psHlrEHvc0~J2m|z_ts}CXi
z{c{x^eO88w!q*Ayjo+_a2A$U08F3E1E^gO%j1mP77-J27ZhM_8wup*e&88lnwIAR5
zne`UcJBk<0bh*zOO_VU&xiJjBAdqJbe?_L2PhpK*!@->wFC(-92FD?gJ#l>r+Mr}(
zhvqj1zP`SOG(%Y;uHk+_o=Xt?f<u@x_BJnq+UN?1n(JDZQNv`wZIQS`DLt!+Ip{1O
zZfV~2z3@dL`|e6sDq3gHcdB=SyoA-HEi1UMpESccA}<|kF`-|^6K-bw3r&#&+MRk^
z|M~vdPsoKl_o^m1vOOdF*<_|s!6bz2Ul1NHHO=*{jit2N9p6h8*Y>N0lx>9Hbr5_a
zKK?`-#boK5*tQmmoxNz-HV;0}6X`Y<#41$!b)}6s=LBlX+v$P}y)}rgmYgpsIaE)q
zjaCq&^m2;2suS^g*U$X^3MLU?<8#-i12d>j99wm7tUsnqrjFCBzBqG;%-BcxNZHhE
zBFw}-OHW{~Iuyd!%(Jj4-hvkkkEPiLMJo4gts$d0_1MJ_M|J3du0P=8H;?_VT8#la
zpFnls{#o^{H#qTAB`;^KNVwl|5iqN!n`&v{Awu?Ns&jLJXpLS@J@4EfY*shS9u{w8
zMI*CsUDmsZ^o-5B?r&f;1JD+mF=v`*LKIA;9g3LUg3o@<#u8S{MQ=zle;yewHm$vu
zm!5qe%B+ZlL|YX2N?ltbdiZRa@#Z73z6oh2f*E39kdXJx2zvY~!H=1gRMd+5a8DAO
z;dX?LyYUsX+~3dxW0eeAZ3OH4?+1!|LxDV|v}+8KF`mIUX2<s?x7tPv9%QDMuKEug
zU&yB}|HU1mWp~eHKxdNtSt10Xh>o-*NHWexXeWo68&|7asP987)4JW~=%)2<bc@R%
zaqUfOhzz)0RiDC{1gUQ79%{-hgGZ*%e(hh}0nvfRENGxLFK2-%H16VXerDFYqGxqQ
z{A$6qhlJD6sbJ9o=Pw3!;n%Ne@Chs$?s`jWE#BMP8w9@%AvJ&O>Yn3lW`GbJ<pEw7
z^po}FAH{F)I9G-{Z@#K;VzE$&+814=AMe{;o#dMh%KJTf)1wGytx!m&?nQ4rlm^5P
zDGWqMl0BU0C+18Y{63kqU`Qa<;`q(Gj>q+Bm_vI~>p^5xhL2VUe-(y~8_n`YWwGq#
z!mlSwgV?P>Bjl<_A|?~KV}+=D!$Dbe8=g@E1B0uOPLRlbJDe8vW2upox9IG8^;qt8
z@f9Mq-|f&a^Y@e{4^F0(=I&Jw#8v~S))P}YYHVtnCI``)Jr(>vqyaR$D94#=AH1bX
zJNo^n!!<B-I^=f~&@i!Z_uKr0<kZ}Qn7T#4mP9vXAh1v#3F0fFA<g+>OYBSZr_IZC
zQb$8V01(Q>o9JO*O^%MHt>6I#C&2!zQCe1p{<&2c%>IjDOgh|BIdoCa)0BZrBdj8o
zAvuru*B7*>UYs{9uq!;$Fr7gA=(aKAD_O;JLb8`)xpJDR4-w+q5qLC#Gl=+U^4g8z
zi>eO#1iTz#yvW0&kZ_bomlC@_=CvdHh*4;NJ6Y+c%>wH_*}D@hHU1XJyd)w!mLN`%
zu1dcp|D+;5^<92Jrm7CH_n^(OG9V6LdE3cb>eSyY`5K~#Tz&3K4`Cl8Se9oM<Y7!m
zj4-=8_Q8+ccR>7jmH1BxAZbf7lH2%XyWOUK<6;dfqARiQs#c=&+?XiS3Yc1+BPk$z
z3hKaw<!M7@@sM5ZL@`T|YhLuCey;p*I-$aYl>u}YauGeNUn>9y=6`WGr3EY(zCb!O
z-~g1*CG&^aHY@niebay)KTQMnj0V{Uw1I(veM7S+M9-3KsQ?T`H2|adfd%OhSIy}8
z*TI~Sv=v;&s+}DvkdIhMgBqtnj_QA2cjY;Y-{wFseU0#~^y&pCLjpl3A*Tj^el2$>
zB*B}3xJ%oo5dBf0b{Dgff%ZV}-7>RF2ZG$uscTJ<_o9R2zoo3aC1;@#T7<&Cb}L4#
z25DT63~N^pogQ{QgM7b#jCoI`!5AD9#~f_Avyi68SjKBR80Mvf%pl_D<R=&V8<cbG
zE@v-_ksR*1)LQo}&_2cB?nnNLe?LrTR{>?AZRrZq$q(eBhxYf{k?Ndvo%Gz@AH31k
z(~APq34seBAo2@oe*hlv0|Z5zX^!f)r>_B8SfIw7#5w5;)L!p^AFTE53M}X*)@U7I
zg{kh7CWOiw5#S`43hFtHb3zMcRNE`~8kL(@G5hGAkZh77@og%A+ALSmmfSYVTycc4
zRIO4=9z`fmXgV>6itB7L-luj%OrvI^gG;YjoMJ)~50^Mo<DsJ(;_S8c7CEwN&e)4X
zU`8zVqVIiqq*KyhNN&VL?fY^?LW^_zCFV@37oA$YSFV@5N-5qu0*-Q{hbY+g%xj@N
zOfsw534=i_QnW<1v33kvltJ;Hg(ypk8Ey@Yj!%kIR+_SKg>>sZg&5~tPAZ@c$h^LE
zlphrh^K~o~xdH|D<_@7}AX$Os;on$5&iLeHA@-%WyuAFMWHy~LAW!;72V5|u1vC3Z
zd0X1-DdBKS&!Ov>#Eb-ankH*IA=oh410~kdm$>+q!tJ@|v?oPQ9}NPXyb7y>d#HKU
zFzh;Guj^K-IT)14F;t=<)+st;k|e`z<I(*_k9-b7zckgR`_NI#2Y4o0fWVwWZPn?H
z!=`pEy#1TQ-)30q0fV%!kFjnx>J28EKeh6J_VMocQ#X^_{>%&|{%VPop(Yday@FmI
z_e<WBaUHq$^1YCE*xtVjt8!QE=e$atgqL*Xlp7-)9WDj`{Z5sgG(^N+|4Y-m3S&#{
zA;!beks$_Oka@QrYMZ>1Xm-}uTz~ILfEN2Q^zhQDEdoV)>CfR|AJJrKXr#hxppm+j
z0wz~3fOl9toVsBF8;$PaY%N1oON&t|kUutoJe6`_s6jY8g6J9;L<8kfwx+grer!yP
zfLc0l9y<>Yk7i$ZUQ?4HkTGgq0L4p6OiaugkiPR{kv)|Y0+@hA?pWuB!zE^qIlv<m
zfL=jm#YuQ@c-S^w($9Npb7WI&8+b<6z$u(JZc~q6Z)6YjLBG_pMeAGIvya$b!8H><
z!_-oSsE7?q-}Q3AJ~$%wzqQ<$-fv4O4jx~7L>q^wlPL+_5+l-Tc{1Q*2`urw4Vm#g
z;*icTa(^SlAK%<7iRUBe$E=${$|0?*^-wB!a5`;@-#jOEp~6T<@w;DC`q--YtI4a`
zx}qHq^uRD0Q=`%is8BrGKwJP$4zs`-vH4$yLo=SD0hmP=u7K_>S}ghrR}h(`Lk<Kx
z3}tIamsIDkMU)cO)A{<*Qk}0Gz+af-540dPRMKAJIkv!tVnKnx#LTSUdG=GR9C-9i
z7i-JUS)`;M#{oxz1Oc)}*yEeGZ*NkVT)|rd3{n~tcxXw7hKC=Utp;KTr5;Y>k^p$0
zwk386^oUNeG*bSLz>wFdM2p)5{Zd*Q^*C!47c&nyPU&SE)9Q{J_HW<6^Kb%BsI#}X
zcjT5X>}R%^06^Z}bOC7pJ5XVUWc&s4uluUjqq$2E!E^X#Y@QhSJFeY1^eb5Fj4J)v
zu*M{=vfz(l3^bpk1t5$sy$<yD7LXHwoN@aCh+F2y0Z1mpc-l^6R)K3U0!gJnhdt#6
zxKMqz;eYHXBVlju!DW-TUm_u<_fOIv1$ocNR`!Lu(^e`w6pv&tg3N!v%W#(q6c(p=
zw8_OkveV=KJYj4fJ-~8oVX~xbXt!%_Ry#gXEw|70bw4`0vSezAp&K1nt6Z16Hd!w4
zZ@3SKdtVVA6u&Hwu4sK+FDcjFr;X;taMbCo_O4Vo+OIdco>IoU|9Tad0!E6)6n0Zj
zxV$6lm*fNT!)=_>^^3YiD4XP-&eE@$e;f;@tAucCDcT|+!vH0h`0uCK@xt4upXWwc
zFsD`HUvQ^U9CzFvQ2~l>sq50ASS$(Xjrtz9ggU)=4Xw?;{{CSGBvY%P)NFvB(M;dS
zi2XBALHhwB<w@6;C~$}0fV>YHpwn11009Zl8CXE%990{jYPy|lzs(<Z1F4~ZH$dY4
zf;f&kT9emBd3n#B2B<zPkPoH(URbEO0~R;OcF$AGR*F~f@ANO|>f0J?Yxy>O&b`}R
z;Cexj2J-tINJdlvac|Ei4V7nrSEtBl{2k<^e{AE_IQp(n#@1#oAs88#4=-~~&2O%e
z*r`J!AKzyt-l|kGfTmA7k$9@&tk_^zT#F!Y44E?OUD7W@74{GH#V_6~hR`@tLC5u>
zj-&JlthVt1rPH(*w`>Mag5rHUvoBBdW^K3;I64`v^;~iv!;0VjeTMUv_loHQ=}Gqt
zqc=TaBc12m&Nua47vWDB`TgWl$0*ASl)OJj*L&#V0+~dS`;&dst)8`**Gmv2{pj@p
zGL?ZUv(5+nvS&#2Daxb3$#h!<Qk33x8dV;pX6i)r&|UY?Jn;T@Xv9#6A$NZb<T8E0
z;8!LF;xR0NC+=USpglP@1jLkZq=QbP7QVhtUS3`@mX?+mfPQWK3bd!;1MAH~cC+z!
zn`vh1HAa<d{r&P6<<%WVO~5M|llOCY`z#w^$l?;fsPhbH{$c<{>8Q<0_%j3*N4^4t
zJoo|nvS9S>_quQ2o<4v$=pLZQnZC!jsRC{D^2kRV>bUKe{i@ampeEk!F3~D*10wIK
z3bRhh3s9b0tby^$3dkkv^R_J5xVcl8L2}Ud82JKB2v8wsP=gey!vcl4D(a`N71x23
zNdU<I)va!uDW&|yw;yhgbDMw~OE2w#;ERbpd^9l=HmSxFBegFwuZ=;<tPfn=l5m(v
z;uy0!rpqpX20-&Z(pzQh`68iFKu_^#D?T^6w-BpD|H2IuKKkQiWc2Eji%670f8(>3
z6nSaUm`LHZf2HLRd>K3JY>$<QtHJwomY_AiLhq^htE4gGE$Nl0tGN#yPNl|z7<fOa
z?8CpB@QIg?kG0Y{lpuU{XV7(8!B?`-8R(|WeIjcVAk0K}KbFi3RI55?y#yK~B^4EI
z2S(kNwX@(enUsKkTuT5naM(UO>9eW-2t3Ph;>_$XXa%!h$Kg;4YX$(*sQ%9kf#F)4
zsj_j%31DZI9iDzJ1o{|>TDRQ^&`js|$+`7l3GDzcoGoaNE`%ZQ+(bn$uYW(yU(M2Z
z@8qq6Y_8|OW|%c{OvHf6YEHy;ixMQ}99V&~YY)g0FX4vXAYk*=Z=mjU-BwrA(i)eB
z;6}+c08_?;6ZjDtK4pr!+l&Gsoo#;{joBsqValqj<81bQ{thz4sao|70Iik=HxPa{
zJG#N6xat9!T?Xog&)7(o$eBgb4@P*gUI9`a${ao`dA*&_Y_Fj1yPDqI-%XL2M^W+#
zLOOps%$<u?L$iqprP^`CMY{J<Pb)w6T{2pztRqN=u~1EE1lF(_(vkPo$GU}zI$)7w
zIbHxFK{Q5DWAD4;GPzmCUeK5sErRF9Yi%wJS}B8uJtGCZ3`;5F%3)O<QKHz)pprcF
zy=OjnjkbIf`ga6mDpJySvB;6E+`)w%n3QP*4%9RrZwSxHLNwjiIkVcY1d>NQsZ*@p
z74SLo6Vasopm1y(4*+`dIJ2s2T=cL@K%pJNQ`$N^@BR)`Exz)t!K4<yF08&j*{q*2
zogdzGA%pOKRs}$i%>y_@rmsKZq_XK0Pi|~%Btsa(Y(PNC^Lr}zQeiPm`YHi94bE6_
z%x(jbqU@vjx+!3RC}z7MAa6))heOi0`C{6*9QcMCSQbQ}=0FVR3=)h!L%!&ru52~`
zuNI&@GXPW)y*%x5uq7zq(p|NKvoXnAJ5S>?9Z?!`Xx_OA%A%Y@p1DrVx#)3mrx~4-
z9V(yuZR*@bOd#XiMD>GK{Y2KN9_)kjWJeOD)4<R@-NjT0o>#2vT!N`p5u0JQ{Fe0E
zu1H&0vSH4OQnYOuBDNiU_Q<F=Z2=_xfzS&lLS^DE(KRxiYT_rlk$so^ObKLH7mPkC
zV_3Bfl$NiUgsWf^3)~5W9(tInr=NKXFC%n{_kyP`P51Wq!vNdd@&=yfE7WY?wSH={
zJ`lJ32$(qHH?LoxH%aA>iJz%TZ+oNylc5ffU?5V6z(c(9fFd$}jSeU^*MOpX6kM@3
zp}m<>vEMN7P!56?u_0fIi<#fQsRiWcYlOm<Sr8rE#IxWFnuoohB9%1LnHF#v8<1A=
znA5<+#>|10g=^AqENcL6+BT-dj`-5lB+Rt{&KMxQDZ0W>Qq4dW+;3wuq-V44ZkXEM
z^U$ULqx!7|FP>pO(ETiE$aRTbx5JWNFl?cbO`4G|HoD!`2E%7IT01#5bO5z~35)Ze
zP|Yrj`Tm$3V@uXjf1<NBETq~~<*C$p#+9>zc3Uo?4BC`!xXWe}8Gw9ftFGLLW>RF$
z(JDl@xBjjqms-TA1_R*dQ`DcXTO2LXP|)u%`2*qPGdI!2H`_EVCfrLP@8&l#r=jM>
zw$$T4-4Fa35mvx})8bSO?7$Kn(jeur+nd$W$_ndXy{xQEP}UikIP`$)f~5rn(7x2u
zE8-=^w7gCqzxM3_DLjAOMPCK(adUB{)DTsJ6Sw2b7uYZFPdrLWO4GpCV&8-|1NuSj
z*#V#-WplK>_my0xA|Wv_Gd0aI=OrZsq+@(&IYfTf7nJUE(}}YnM|IpF^ULHG!jC~9
zG8`k`nEJ1NE5e|j9mMGwjD+WAY}b}heTe>wsq*HtupOf|K0AV?t$UW*%nur56Co<$
z2Jq{5Cz7*IK4Y@Vb^s0j@9U9w_iB#}%n9h$VyXD6UEQ0B{(?Hx7eXawSf>{68DHS9
z{jUCbH^VC4+P6P{A}7@J6ZVNxo;65~2+P%khIHblhwiIn*3Uo-Qt{h^?+oxr!P-@J
z!}>I^K1~1s59o($(>*{H@PS*%8OURp6~F#D3X`L+txI7ChGOF?RnXgpm%hXS#>UiU
zRc4*RJ@RN`F6At-4-Tt96XCk(@FDZjGb1w-F`o_0Aa;BWApEedJgH5-U_63=)~K>!
zljLMnXgTW+bY#5tqkn+^4L=(M4J7D5C)&R}PO-LAQ0Ep_XI&M3Lwms}!R#o^haJrb
zyS}|!PWrPvA5b6w_8nX1!c1~vvCGSl$m`jL^pQVC?`!I~dxp_*Gd~yJs;0l_9c#9N
zjoUNg|MtdKzWpTxVex=Q`2{QB?G3f9`>y^CwC<!!DO1)!<QDr9iF9M8a8vJwGEYp9
zbbIkkblbNbuaQE=PlEB{4eq|8h)JF)D(q3FDRVePrz}|DDPDh}IBAm0J&&@cXc*}G
zlxRFxg63yU9%BnjOO@`Y49wJk^*`4ko!@%m!NAn(O~42B;kC1WX}Z}eoW!V}Qrsy4
zkGIP&t3gGS=okP|CR*HSnc%M%^a*u^5+Jpj{r9HJX|O<Go71XHG%L7v^pIBs!KPkx
zLpY+R>-3OL+rWT?%Epcrtn)mpisG&v*mNco-~^H3Yi_@jXugqflUWH*>|yF(OF3&B
zuuKeUaS6at)I~TAGE{@%93uq$LpOYyR_F)qVxUz=#Ur7Ny+Rk=XDYoq-EnS`o|bmW
z{CAKNa6iLtEWwn08waJnE`PM8e^Tm_BEsr6b5ikqWBSjIJM1V$4h^R*?`&*Yc6F{2
zci*?2f@nn)L8p%_kJRH0|48jFZy{FTt3Pj{)I)l2!P!j)FG-lueJ*;&ZN{9$KR^ma
zwHfeUmjJsB<-cLGhi~tIJv+wWEK4E?I2B5ly|%M=56-}sM=Sx*+yRHS)BZ1|ufUW$
z7V%LNXq@WLQTRwP4{yBoE^gwR2Pv^pDX|Ae<zF8Gs}Ghq^>O0FE*NJ>3<)wPir}P{
zpm`sJgSPi+Vh_#7ea9<wT<nO#1>bvbb4GfROgX7o5@;MI?Y7s3+N0}7-=+0dY{5$9
z4V|B9YRmbd12**jpD<XI)`vFiR*G9?;xv9-1muWedfF;osoMY6hnls^NOCkvsa5wz
z^kU_is<csv(hG-<8X?IE37ZHPDFZ+opod{}MKlZNK6CZ}NnKC?hgd&w55*phoPn&}
z2QV^(J1n-i4}!33^-<8c%)mPnQCF<RD9}@Jr^P%4&XA&=+vCn<N*g<n&DZ<(d)S?V
z!0W;I)OZ&wE2~!aXFF~!@%^5XxyPx>MZ^uK8^ANcqYA<&8zj!OTX+Dge<$p`=SB{3
zs(kycYd@BvZaAnNeQpky`lBRbr1a-UVx_MiPp_AaFaUfV1%V<kP<PSO+KIecwqnmM
zuf8B!^~p8apRI%mRU>Z4CXT)9d+AcnaYaJwOBZFs_%4Y#sq)sVZi=zy8Q-qb=k34W
zVSP!kKeCXXc-^i%f);Q0MU<)@l-eqMOZ(3QoTgBR_%+N=(nzgO(Noji;6<vq80Fz;
z2z1C(@ErV4ppfI%PgYAhG-kT){L1r(7pl&ztgJH)i3{CvkZz~aY9sNg547l3vjf0C
z@+hz{3%dN!LzA4(pRI|}!#r9Sx$PVr^Z^c{*i+QH>n8dfXyjfuiGUP*n^|^KAi>rs
zL@3+_sB9lj`*R*tNMC7od}>Z0-v`D|&0)M>FZcftnaPlK_c+fx26eMB-j{U*dm>os
z+z%}95?r79CF=Ke%ZuAR@0G7{e{ZSuOjMTPkK!$Q{DkErHB&oP8bL`1B-!VtictMD
zpnZ+g=`!+4Bmz;6Io_YQgOxt8b<1S2-jt2y1LCmM)n)!E6B|X-`sbf!Izlq<e?31~
zU&Ixd@hXq6b!u`_Cakf+H-{t8Of;$=@Y9mx+dw1gCv~$^P`X-GXr=~OB4hdl!$R%S
z7tBd7!C!iLnueg3r-_3;6>f_7>E74U^6}>8Ce>u)`ue)&?IB!iKiW14yh4cppxAth
z+2aQSd&B)f>cqTkj2~c9P#P~pKrl$Jh<;!NunV6UJGQ$webo~vxc+a+>XnPCOXy#9
zdKEL5U{{6htr#^GDwDd(cc%-Xr%qC*cmG<0HupZd^ZnS66pczYvR8X8uF0EmPHgdn
z0{Vn5RQoLQrS}!P`AW=&p*`ElY7$JU@jOQ{nFmuADMAT{Gh0PYK`$y`s`R<gKcNei
z9a+^sE&_iFS>7Pvdu>;@GtAabn)#kwGwL1Okbxy|y!#vxxL+q*Sbl!yaAFrkqDt0*
zi~WXhgs&9djH$`q7M$~w_J@IPRh5gKeUH~QMU%D8Cp7dWSTT4NF4Z*x>LVt4`tFMH
z_nZj{38}NQhAN<E0`;aZD?R=Fri;(Xi+XHkZtkkpyMJe;kQxA{^n$^VyM|aG5V-l|
zj~AN1kLE6#J>JaN17bxZcK&b+B>s9_x47@CgBFbM%eP@5hNTBY!Bh5G%8s^^ZVUw=
z)bI=$eM_LHtJ@2|SApja2oOE$w{5@wu`@|foP0aQsk{v!7$(-y5XW!<Hk`5$TiP;7
zoSc_9Q>z!6RHhoeikD9G@)PLZ;iS$c@<@g43s)p73wW>tHutI%T?|ZSLA&R^bPy#1
z(OQhz4y2~_E5=RRp16&Vj}I4&Q{^n{9!cLCHs6Ww%D+<#Ad2|<bfYRI=y+G`X-z?s
zp)$Qzd(d+$rJGmU#CX(Ees?OjmzGHVD3SG>T*0!Fy4y4_kRaHo>QM*{k)G-J-vEjW
zk-gWFAkXak^lfcjJF}0{4G}&!fXbxHN+=IZKj&yqzRTp*luhjs)8PSwc5GZ+BZ%lQ
z1eRK^r=Jf#a!9}02m0D+LLwq41c=du{DBNC1q{)b1a!InH`ciTNAPI@YkQs19l{6P
z=`D1!;aOm8k?!cTOb|bTA>v4ZDURZ(?d<27Y&fR1q{~L63vfK{!U1Ht%u#0T@~KfZ
zH8r|>dJsd?0BVTi4X{TsBf@~DYCzw>pnMzP?IMO(9^l{w_^QS?&~frIa&VM;0|A9G
z&y|mCvnV)Mo<w!5pzL5MB2)MMpwgr=M0B1Kp_h-f3*8%(Z(?*w|E2&-H$Zc}2|VJE
zH_H4amRRu|mKhz0{0Na(V=}0QRxkHlW#wfM6mNQ&1z3<<hkM%Kh&0@EN|*)uJ|H+f
zyx*C5f&UFp<0oB5%m$@4v`pxkC4TdTi!e88Zwq_%2U%li4p+@uaVAgbtGpm4QKJ4y
z1jGEqR`dGga^wQXz`W-e?z(lZL!r)@zz4?#6#856JuM>>4Byj~AmP2?7<qH=6b#`s
zrr<pO1#&pvhjh_)f~hQEzBAy_3?!57gMU^8l$09g?V|9xr4gVXzSD%%VE0^g+5%e>
z8$fI9S{5Bh{DE>pNAmXI85$BogyYN^{B*}hL#hIA5C;)L9Y?}%bP5m;8cr^*sR{t1
z6@pi22LR<kV9z`wARw>>Zb>(n=7r)Z8zP{W)iX1r`B7D^kt;c4=Nxo|32<Z&iya}9
zaDOXs0sY!5&0{lU=c$(`obs%34#9tSn0YNlKK<!2AE9{BtN6htXL{nvJ^RIP#W7UV
zyM6$#9>){r%h6~kln_?5;Vlh}8o5|SX&nD5@(}H34mj;1iPtULush}w{g<IEvNwvR
zs>Y@E07wcn3R~C{{6(jzH#KGJ7V3lHl9dou9}GE7Z$^_M6s;(>cx9$bxcfE0pgLkL
zPA1RE4|Lcn0avZdi+NKv46nFJj^P9k4vpl2kOLgDhflLuK-~Jze)MxjhRq+K_Qe4c
zB6%m6zAfzjnCknYg~<T^f4Sofm|?ldrTl$WdKhBl2@J*Nd%zAAY6HXh1zb=m49a``
zAG>@YAee;zHeUxG8m4E@p4lmQDbM_h@rX>$3FdPo{N%;>M(1Ily5y=dwCOKrlRiW8
zK!dcG9R_IvVex?l??z0ph!yQZ8@FJ%Y3!4GWi187^`i?ZW&;9-){?2W9Fo~`>gq?>
zS?@*;4IE>#gG|&gryPXvDC)j{s190pky+40uC2;S?wLvrc_)DK$@L7mW>}!6x3D`s
z3r9uuS33}^m46nrpIgny$Z&<=R#1qg4ZFjs(RrvecUr_k=y%l&{!(FJ_ribxU^U#y
zDgui_f8eJCfULjhbug=C==y*uZw!8+jRgqqQLe14jH&x$Cj+X<$k0$(8@S*gZZu2e
zJ3hpr^|0X;ar6sTT(s`u&L>C+SMYs`g%V<M2CDEHz-m)qyqGK!679P|sMJj`e;UAV
z8?oCmv9Ltgn_dICAPwlhe*OS&w8l(JODh)u{G`!+^jl8C4&Z;&E!FJ@p5X8wNi4aa
z1#I=nE&|*%gh4HF^thmBU5tpx^}oC%==*w>iMsr$#n|6R={P0(56(pgQM~R0dhGAp
z#uPjyiy?A!D+fANKa`$DB0ZaqM~a$rDcG_B^fRK^<6Y&r5JWlVu{OICLL;#mz{!qx
zZRZ&A0`=*`KQzx`=H#Wnga>uvY@7J2nVI+P6fpuTyp@+Ul-MTpWEFVMyaVr^=PuEF
z;<YPA*(8@XbtXR*^AFZ#=W{S_J}9U%#VNYgG&AEF85?_qpE|%>YV7WQaa$)XeH>vL
zUg$;&-w$uV_d58KD%ktjMUh=S#P*r2v!xgzOG60WM~fj!bgL!S^rxsji!Y0fm(_O`
zgQh`-xV$<Fzw<*%Lci+QQl(_>pq?gLo04!t18gNfvfepBx7-9e12hV|86|axkTmJG
zi!u%GwIIkMc>?BpSNZR6Jb_c5NBh*-9_|AwGasVF)Y&qJ1fF+m$sL%YD0%TUd2kSZ
z^^kG4VId77-5R0et+Cv&(Qn%QNLZl~#sgV0MQA&tEyXR0q*cRZOI8nb<h%9~lEa!>
z;r*#!AnX)XR8wkY5ew%Cq_WnijZi+z<eBJUQ;8Oef~2(#Ab~c*SJrI<j2SWz+LQf|
zglocZ+~yG2UcvQV<*_1ukda+P2qZCj0I&8PS>c<nFn2>b9`4|_CNzg2wBnI2-mTbR
zHd{2(=cpKA<uAh<8KTsX9~vlyI|z1uFV9DW%Ir$Rf%9T=dSUS;td3?8^Q_E)2-)Ir
z0e0m6jSgO>bEtH+x;ATa13)xCt&IVTeMRT}p<@g%+X!bTB;@UbMps8xHsl)gzX_<=
zl!GS%all`Hy#bQFOea!oi`}R}qc2LNVg%*1MutF?{wRUPLs!~Wa-tF(jQ${N+D75f
z@rywo9c;llzA5Kf!it<<3er{R2N3l<6R3DO9=?4TOScw^v#fw{6$FRVgkHmqp$Z4n
z8gV6=9ULr#=tV-~v$LeN|B)V6K-}%*4Nlf!F<Z6dD!@l8r&%cNqN*rMK>`cc_~|{k
zf(p-(z?<9ndL`}ejkDkj9U%)*%+R0K<jo)E|E}(b8PASDF|WnijtS7rn$lF#zWrgk
zX#fh@VUqqYD5M-r*G!`t_43O&*3eYHL;Wj?MM1Wvqn7<TK-8HA0ABnYz+5cGmHM58
zNVSG`qa!1nnIJ?V2#`R3eGMv;CIrA~y-RGE=wi{l&jbl<+Qa03p+ej2NomrG{O#E-
zt=M-Qzy)r73gX=&>Q0xqo9I>isp(Rn=}jh{`NUGgO*Wq^!q9+ByoD|qR`oH6i5qbg
zz9I@ppJQa2y@d}2n-*{%b~OUXFXIC4LM{<@HyMEw=Mh}wd5By?0#RiqsIIHi&7avv
z29}>`5CVrGkY&~i|Dik#3BGB$Z(~3pT2o%{J-EWp*Z7?5-wysfia0p%?>)KZ{fcw)
z5zi*H$OPj*)GTt=ynrG+9A;rcouy4wk)XuOwA~$_j`}O$Jo#t1^Ya>4GADDykqe@x
z6*qb&78;OPO{I=JSRbLv><WZGLN!{rn;Aeurrg+{`U`dHSuQFh(uP}Fr;c<2Lm`q>
z<OA+ES5&;7&920y+(PR&ae*o_eP~4=VBd|6@+mCs$$DFqow6?joj*xqX0nr~&PwtY
zUPZjZ`-5CwqzN(Yt6p)qd7}D5sc8g7ScDRd37^$!?MrzXq^AkC>9Y8$T^*zv)x#g0
zZ+2}$%WohT0_kpfDo1>eY5fDwsghZ7j3)g2&Z4O~w<}R!x~2XdPDFIZdo~GVI5y*_
zk|YJ-R+)C}z(>>3(aml)t;8L9ZSGG$yqsKjb6u24R%>KxHUpe!7E#iwP`J}DD1#u{
zVd!OruOr{M%vKVUQYaNxm2F_ISy~~wB7rDY0p$DY7rWF=Sum*_+L$YOHCxvv31;M}
zMk!PX?sQrLf8|+3*LPAnE)fLq^YvCdU~bj<lDaB%r9VU9{=8=sKt!nA`X36y-WDut
z0IljF=8eURG&hj%q0Gbvl*z0f->VuU^gfKok>^egTqrso<lN<C>f9vsQG|F;lr-i0
zVTUeVc7n1jT0Il*guj#{e0)TOn445_n}YD0U2OPLQ5&klI_jmT{&_sXH9Ht*D``HA
zgFy1C@H6sX#OH`1<@7;z!>r;>g~QY9&0vWWB;jpZpcaLy0717Iau_~>P^fn$%Qr1(
zR0C%BTP`C7A=qj+8;D+43S{FW>EG}-zYgYp$rsk$&9~pRe9o}I;?Xmui^I|r$V2$N
zSd)&v9S4b?&rToX6DBGN{WI7GCaSh8lsitf#>#re9|~&1{C_N^IbZxO$GPJy1A&(7
z{&xuExfK?_SU~u}!t;|6Z$)JdX>D%=zWuGP#D%m%>&@80sX$gL>=}y?LxbHz&Z=_A
zjKdSsfs?Qrjso*2r4Uf3?eI?Fi^qh!RC~BW%oS3ekMwB~og@vlRu$!i3wd(FxRdAs
zuQ6vyf?Rj%Gs;0SgkP-BK+XU>w!Q_GSi|DeCD4*V<5|10o#lG-Jm!v}kl=o!_aBL$
zdt5?1x85oasmo}4;E(TjhBC3m>HZ$#3f0MLPOJ`giJ|A;G3pIBG{)9)rCM>IT3ms#
zoyrM;0Y{Y!(({!Ik984I-Bse6q9f$?{CU$kmJ@UZ{e@=fl;%Kh&@c(?Eng1|?~5RF
zTC#w~2$FDCm8mFrok9P-PLnc-mm6>M+T~sx<m=(z{MbmtNp(MR2+Xl6qWC@D#=Fa)
zcQ)aLcZ7_aUvb+XI1H0qj3(-`hDwI-ZCKk$tA1lAR89PL4Jp(;wc84G#xz5VpvO;5
z*Co})Fpp6Mtb;ad-s<s7<ey6dPE)Bt&a<m)r*sL!d8%WfCY3=w4k3SRWQ#aaF0)pp
zr)i}*_xIlDuqK;Az$th197tjYq=X`<YCZ?8wIAZsR63XCYYF{RnpE@0_YJ|$$d0C!
z`c5KlMbJz1m99!SW(UixCnFshv;?Fs7^}K3%>H_@wj&1BcKzO{MgZjk$mjwyPyfHd
z#Z`v*y!5^ct*?uvP_qTi!Jf^NA^^$t2+f39!UTe3`D8LdOS2Cw;cB-HSi-b?QD;b$
zOK-8;#WyxWWgd9px`J8KU)dMxCDc}!6;fHv!%8FN7P&OO9Hp|rgaqmH-}7yB9zmCX
zL7X?qB00urZPtZqm|xcyT8m898u*$jUxlu_NLQ5qy%tmyB^t9q2j>iid77<xjCvTI
z08Q%7B)1_~*aQkD;=|<&SeKfUHAk0l_R0xzJS(B*n=NT}gKmq)uJ<3ln5079E#pb&
zJ_JfnPH}t%@*}w8elbLaFE3MK9N&6CkkW04K~w6KZ&Je-(^uyiI1a<xJV~y@<s-{~
z%9ywlYh`Zr5HAlT73-lX$eBb`1x+-Ax#M9erk~s?SWf8wb#z_v(=^-(b+*K+d3Dgn
zI?{zvsV=`$LX)=)CY0E6_-vDWr(n&x4?TKp1Phc3W!}tbCJvD+Mbl`q0__ca$yT(r
zYeabw@X^1jhTS}g`{Litu<|(*uh#YnVP9+4%sw1Z(7N!Fvwy&DXmZoYm}V8`KhO32
z5dL3xzj<npdyJBM&-rg<>vT0<0fwKAZlx^sKU_bR;-<)#bADPvC_P)e5apL5KOY=H
zjB8_Jgn@>hqH?C}eq<R%BIS}K9lFG!l^P>+H)zq2uJA23>ckCH{N^|pgcwns^WYZw
z{7MX-iY-Cm&@VL52)tfPEc-(B$XmBggEC_o_;v;#G%(M<%*g1vLh~~)A{YK5+SOX~
zZV|%)r^~@!^_LV({JyT=<31En=Jx|>$h6uo(DfC<yFPW=ajdURRt&bU<X@519Eq)5
zt3Q4;VQYpR7(m{<o~ev+d2ynCjQZi$vS}y)*{UAaw<*J!LPyU>HZ=IYiHwAk7{hH1
zE&aPVlgsWHh%j|yfK&B2BWX#&Qz8hxB=Y%z9t(Ew2S!n5Y=YljX%A`~g??$K&Yz3M
zoidf%Xvj5>R=W6@z-n~AW7A_{0whSX6&x&6rF+9&jXQ|_&0fC3uWbwq5-n7ZFn|Os
z(9}@=d;!mVNd?ja!Q+#2<K_NxhpFj7em!#>wA_Z#t9`7j5ok3L(s=6Aq;UlOT^Kez
z8puKTJWuy|cESsCsL=>-OLG%$$`j@f!tq&%PCV_3Kslc026v*1#`e)5+IFA-vPvY^
z)JW&~K2!4QVJKn6B`osIuO&CBI-y0Js?kr8i^E@pn-PPzL?ic<>B=}>Y+NGOC@>}Q
zSGLK_7FfUd91A*Z&&)gPVLF=<ln7@q_JPGNw=|C(3zY;d_Jr*hEu-(m*AK7$-tukY
znV$$dw!|!=S3F|Rc7)zlNuGPBai`#uFRhNQ92h~1%RpsE2_FbCWDj{NK!vVGn1zkX
zsgGe(q*b%^3GxjUs{O`*2P{3fjs(=H*ws5e^VLTvH_NXkvUD+2&pWD>bAR)l&<59^
zJWR;@?4N&CBgr#{9rfRSX+4#6IwY1mc!|;%MTN^hB~!u$E*g}1@4*==@if8Be2fCw
z7_<Fmf%?DRJcD>ST+SG~qm&Ia=YaYt4rgK~1JqAC{&${oRoBMNH8%V|tRmQx29Qoa
zsbAs;KwP(sLMgcN<0`1o?r|o}(tK}SF7n_d)@14gtD;cQZ$pfS@Z+vKZ(MF!1`|jq
zJs%++c}c-KZ2iol-pG6dO_L-IgZZ5>ZtimmDCqsEpTM8b;&kBkS<g2|E~g$U7-}3M
z0S(0e%=G%oOc`BYC@L^C7*F|2>x1b|RVRr_1lFF!aGrQAQE)#wntRHxgFCW}Y^k0q
zCE6mtGx;v!%%!Q}Bf*o3e(-4EJad*M66RKb38!hw<Wo5NDZ0s0k0X~Knv>fG<r4*(
zqLvf{(XF>3SgcAx?1{WMaiQX-E4NowOl<l%oz$$7zMub+I^6*9lg{b*jOyWy<{Y#q
zu<;#{@a;^uo(@XmZ)o^HgdukXI|Ig3J)|rT3ROWd_BZ1-+p&x>kQa$nrXpY`n(%?0
zSVh^G$&Y*<<_zW7P8g`9`1TnK7DgcLhL4-18v9C_h*Q79tpH7twY>lu`oCHL(jYV}
zt0TFdbg?e?xxBengtB#Gy7wi)HF@Y6`F+0#xxyLfsr%bxz+q$&ef%3dIKQw1N_Vl*
z+Wg4^Qhz@fLb-9&OVOtX<<b-Xnkx<=H$4|zksyl3o4sbxtXnV}bTr0XxMbwDVOJ{n
zsKO9;CXX95k#WBtbkHTeoUl5^k_cg7K{O`z*hzc-1gEhjlpldp1UpR&Cma#251+Nb
z3J;G8!%3tjW0V)|b%`>$+{pUDvLcvscVB?BzuAR-4B-al?{(ZGRQoJY=m@HQ#5~X|
zncuz1Se-2<Q}(TmpJtGJ2gKHvN>6Gdm%rN-d*(|=uCN@`KmH*QoLlW5kdp@*WlG9J
zztocBwWiWq&fp7A)^eeE*vh;$;Axdz{WDV8MxnPNdI()7{U1WknG6nrzapCgubI(A
zeWkM+Qq(8+8nY><aB7D_u>~YGGCmz7fLQwlb(eN+mvSMq|E#03fBl16&X<;1f_DF9
zr-}s1*Cc)f@j5bYdm_>_0(f8Dj9*qEu1JV3Y^R@2$(_uGzcNVi<eUw1-Ti-GvL2kE
z6xohVxCOwc`|ls?yBbilPIYQPlDx^qJ%z^eCq4QgT)SNrrA!|_$BWl&@<QN`%?Rq(
zdIsr_io7rXBHltKV~>oaRv$V09TU$dwX5`Fcn}dolthJP5)i*M{{%`U-W`Mp=VmA6
z<eVLOFbVjrZkfskWatOH=v8=NO(Z8uS@E-f^fv!tV*aD^$8iG3ulL77g4{7^H<!4X
z^7M2qAUi}9_b7~D#o;B|mL(r)G#)p+J4f1ULMq9(f;LhRN0W_O60uK2Kt*Jgik`yr
zQ^T9WABJ_R$nAzyjm(Z~_Z={}r3LR+9+z&=R|W;EpS)U##s1B;Yqa<q(dCEJzxR~R
z6yypED7@SyI2Azv9Y(7sS`nIIusn8=J9vft^=TQC+Hgj4$Pu%=rw2x_|5A*y6IBCz
z#)1=MTZUi&^}}-PP(Pq2D*c9vh|_`po|W3;*}r>0+nEc5k<f0(-9BPB^lu^!1u&6d
zD#zmMwDw@{*eHHB9on=I2<r5LI@z(9#MGOUqL}32x`d(cP4Y)FYR}s1r<*t=muasY
zh$YHJSu;qZhq++MJ|bvWQ3}$p8mlQ#$+mFMkC;NWb(E1%rL~n`vr8K*xh!*`xCk`3
zn+E7TQR4VPy*BD~ydfW&jh+@!ys9(K@5>J3)ub`P*j$alok|O;o{<5&cGAZHR{AU6
z#;7^0hH*RpcVFZ@R$j*vc!87qkf!?q=l^&vd1hF0ItJ)1c-u@T!scyIJRT6T=F|kQ
zOsJjKRn1{ohq+c40ZQy^egRKjjh2}6^CcT(J>ii)7o}Z&d+geeoScjNlZL4g5Vr1|
zX88n&5=O~_tJ!miKVzB9hsJ_yU&5TcaFvQ8Rh7fE36M#8V3zgLEaR}`XIXdm+ULRa
zPvEh;&;R>WM{>d)ovj}RtaKD#Pz#nh`=T~)p9XzMLww>Fh?9$OS<OIEK3zPwhXKoF
z#>XSbM!IvCw65yY@7jw2Jpng~nk-9!_0DV9sI<E$qHe^rtgZoiM;>&~k0WoXF)=bB
zD}i?_CYVX&xGZ^dL$rd+TG!HE1U_C<P5;-_|6guY=geY?5$SVfL=So#l}g)M=H~5(
zsH@!$lDVAiHMTDu_)Q=TroYGe>>fC)!ii}egrel0V%A)|TUpRrSyO_&J*6SR!+4Di
zd5VhQhXP@rqiTIcN)B5-C$L7Etq2(&m8QjiUaBigl!O(eiPSoUP>>mMruE1C2Ad^6
zA$1TW^(KG$Z#`zuOPloXkqm*0Y?@0-<tRd(Rt5n=ea*r42LmZ}<^GzCUJ`;Y^6!Lg
zr9f>-lD3@*xm?1j={>bL-e?F5g83KmwkLbCpw(<u>>Ui6(xfrON;AQ-`l(3zSH3H8
z;_B(Gc@y2F?R^_X_m(%3ypS+s3tj@m)lv{HiLaUz-*-Vs*^XpcTVtDOZq*1_IohtW
zTZ*-O6gA&WGhI!{LOkz`C6p`SU}zTr7JRLE|1kS8COyc%f_X_td1y0^b}T8x+>U<D
z>JQ7qKuQ927hfP6wwlTOc0L5sgenx=>ceD>v{MtZdP<w{BTsQ3@kJ;KcLd_wOf2^a
zMMD?)ME({P>kefQqcFq!-|-dn?)M*2dc178qd$b44PGX}8lV3(>C*BgZ4}==oN<d`
zWr=J^nf<YznEf?zrnX~%LUQw*;0p~uG>~GbATv+22|IrdV}&g9i)a%uVD(lLOT`ls
zWYTrcWIy8lN0v_*XDb6tVG*A<b`@h)^ZkEgaS>#?q>$rL`y5NoE}0my=xg9dSLyvS
z!+uzCNOtV-6V7{_nh#iB)G3gKzr4Q!K0P)C2_d*XDh|zu6VPH)IJt@Oo^M@xLFMr2
znN6xzs*NQ`ps(5KXP=_tkK-*ur3!43VjIxgVx(YxTev3u%)F3m(6eN)mRMN=?V81R
zBlDFgO_F&W)g>od$;$FHa5o971U{I246rGpO2AFVK{XT#`hldGKm26Mi+!9+gAg`$
zJdUkuF;`rE=xtvtn`Pp~$2)zY;l;jzu0tS0>&AJaH7NNR_$R8Pnp8%pQ+e)AN-4ac
z?HgE!#v2fZ1bEQ&&ba`^m?C=Iavh~`p9@^>tvpCK9>Z~g4w~b=HUlRUPUe`aU^)W=
zS$A(q-nCQ?F-P7JZ}WY6m;++?@&V7skkfrAz2s|l^KQ-wS%!2c#UTWs8kFpG_^?Bm
zl@ZM-VFOEFsYYcG<#R(~qz}*9KN2ZaKr6B*MQM9A-1VmuyQ&4fDI2@#AA;hB3+uCQ
zbULN0b@LVtVwz0RVO)-kQS{^TfuMT0^!?A*qA2&O`SEn<Y{PWzG%#Hpp|IW{)bD6M
z^kh)br8*Y+P)`IdWR>-(q%|1)hv2voHWA#hBEN&-fCOPxw~M%e*+iC&g}j@Vb@!AV
zZW>%SzFQhNL2_c{uaW=S9Y2ASnqC+CYBr-fh-w%??H4Bk-tJ9y25RBO8PALP@vH?z
z&Ic0n6J5voRus>*_7kGQ#BWhJ>o;O^OM%SW5L7`3mVoqY-xEIXv1S1}Q=D+aJ)-5x
zRg9?4g1U6{cwVQnpFxeMEWAtuUFqlM!T`wAF0owu68jO_WHQV7mJ~@_w+Iu-B^*&J
z>Q%cPyuES%@2OwgxGWn5>ZZi|2qIWs*-5THyBp~9p{MUqL*vPzziO0(4oaXbqMD&B
zwZ(~dBr}JqqyE8k@iO>eH9yL`VTL37Z~*~A4Ehr6ir~UKeh7>yvAY<+RFW9sbq`Ka
zb6OAAE`0kzqmopOVV2*NH1<^-FeE{UgjmjQldFCX!>e8qO7nxor9qP^FY|}YUY>+3
zwS1SDde{(8;PU;mb6;gF-qnZ8?9BVNaC~Ek`FmPhosxMW7HK&Qp--hEqET`w++oGu
z(gtc14c-hM9M@v0@$!K!HchX%rD+3I^MXZ7d3v8BQ-Zb@n`B5&sb)KdQA^05r*u*t
zd<Khf|B-?E#{o@K<2{LK-R%pTno_+Ag~Iv|A(j4{J_{?m6**al5`rrz-|!}d>Xsi@
z-5@;b3{*v7mLS^YOi-mQoEHS=$S#i$UT=d5Jwuc4l5TdYHrv&u6hHljv{^ZKIt@*I
z*=4v=g~#lPgV4$FJ6P4`Qr)-2b(m{z(qP}%BLWOsEQ!6~go^jX^${&Ohncz{b|<3C
zUqThF6Gd9G=VPSG?Hm@?YWbT!MySsWzEq^+akgf9Mi7rFW2aTSVxZF)4fMnCn7Oh>
zNNvW-nhRa3B3?o~(wo<qD*#}q|Dse8OlKt=|BSH)fd=&QnpN!ZYM6EI`z=AVrmOXz
zMQeep7h^lhiHC6&$CZ8;!X1c^dcc~&H+rG6HZizW+5Qms&oKdu6$0c$3K~fdj6Dw6
zkCMs*E<Gc^s-1<=N@}L4NyC#f+MN;?#=P-nzoWC>gn_h@WI1u5h}JVh;A1OHL*bBw
z{Qbj8Dx2><MIt62cp{!ppKL)%n|nIlk?F+Co%odb2?Hle9Fw(!Z3omLK=jU6{~7Ob
zHRDs^vp<*B1!9&0iTKR}(J=n$APdryP<qy6_LASvXbDx!8|TekphbArPFpcZ+OA^y
z*T5}+zL^NZan}@FUC)ZP*CH7i(OpgnPo`{PpO&G^?Xsq4hju@U)uvK`=5r5YBZr9A
z&OtJc#;}itJ4ScFMgu4QEmzG=Icz=p;RUkdhxMoDsFIJ-1||r-k2ROZE&{hp+e*80
zZ@Et5mgE06A<&gF3V3HciZ{y!x-TQleN-_E=>a$7+9>~MHc_wsf=vR|Qb-zWo;r9G
z!~bZ8lh~YXL5|1#CaE~A)c~P~Iexo~mmgvIF{a|SN@NMYQvz-2l-}uMYEY>#M*myn
zp3Uc+NzW6qP~N=eH{oWf(C4U2L`w$;9IJwHJGg}&bU@bNYqnmM%Jt9i+Zw4R!*9mV
za-zsKCsb!bc>P;rqkk<EJ^v&9RsEZXWBb#O*K*R3#Kz^83Ea%#<s9!@g+}DgA>Si3
zCtns#r|hfQS}IsVB@F9BVtGNb`o`0Y`ahMXxwvTxg13*i@pcn0!6-0hGHw3%%wsmF
z^eR!8*KAFkno%JVU8n1P1@cGzcxu5^-2M|MgwP9mYYwH&iU#4PgoTLxP;5xj+a&o&
zvkpvEpJ3A4mz?tE^Yr*kwZ>6G#b41*-%@!}bfSK|>MC*!#0ZpT4OT7+7iGp455o1x
zBw{{sqGL~z6TyG>U*9XUTMV8VT%x_uBJnUE7X4LegHbt8yn#&S6>>&|YA~H6|APJJ
zr;Z)Da>Payj(*6BTM!pB*YN;M4rxO()Y}|$uRnY_k%~U5I}ze3IsCOSpK`^Yx5nQU
z=YBNwJs=b|eDXx~s76@2CNsRGp?#WX6*Hd9YhsBe$BL43n_Q@A|BvP$aH4}LGsxiF
zH3C?o@DM+x6AF{e{HEy}t@ATYBe?#T3tJs!M8>2IW)}P`w-1tWWR#<OqLK9jb+hb^
z0}a&*UDD*18X!?hbo8%Bg?bmv>aq$YTPO<$KK3d4e{k?3CH1qNH*+-T;w{8m$w_h2
zGYg%!K=t&E+;n06{fy4QcEv^1ymn5LBPv+LkuhGN#BYfNRQEhL5%7&eAnT589XD$I
zruzDNx#dyOsBt`jO@A?aQ{Lg$uiEaQev&<lk8%oq$_?z5dsE$y3}cRM1hY5a1Ack~
zI<3<d`DBHIk*WA4#!lJbDe?Cf1(WyX2xGr1&OTWyAZ=W$yGXg9vqg}T;Q$4brKseG
z$$*NN8b`?ViQin8)-8ar@Pcb-YTboLd!W#B>G*TtFmkatzHn^J`!JiE0qd_2XVJ*7
zC7v{1ITGoF{DWkBM0}9bLf^k8*JzQ<Il4x34QQm2d~Gxqo8t8J;hzvMD=|9dAx*mu
ziEG#E%Sr)M#2ta2&i#wOxx_qN0X8>(!mzN7-SfsSoC0FN8T9lid0D#fiKqB%1u<ze
z{bWB$;17ze<qwhY`$i;CK<VcK!i{%2uLLso%DOhs@UqhpyyO@?i4o~9Ic0lu%*^+m
zp^eHicO{E3^0xmUn$9sUv-j)bnG^188&ge9c6XRulZ}~bvTfU%?8%sHPquAO=EUdp
z`+uGny|2@CuD$l!`>gL)B~O8kq}XTM>j1FtgI-)@D7kvr38Qb7KJ1wX=;6`HCJl>E
zje*wTq;wEle?yLvkom_*;F&$fHJk9&w&r4DLU`@#oWCpyq_W$%Pu3W+FT5Vbo)+#)
zM8W#%?ZD)}+r$xHhabUzeH%SE-+F1?#KTzr9)#c;B}{ln_g47XL2h&)W~?iWUv|m(
zy;y3EFQ8)b>I+ZfxG+&4srJ&qk-E4tmRLHyMF<<~u7J>!NBw{b17hoI8eB+@7jqAC
z#LbYmbzy-weS>4Y-LvJ(ECA(*LaLge79e3~pz<*})0Td(slH>Tnrm6i!+8fQ9Mu4C
z7$VY+V_q^Sr=bN^Is`H80gM1P8XPC}|NBhNtvY2!;>n%{FYi0TMSN_cPzA#!CY`O8
z@}S_k=4f!FW3cA3yN~Rln%qlG<B*WGJNTrxSANC8WyuJYXLB(=*Es2+Qwi)LP@$CV
za(`KZY?H&#Ha4S5ZxVl_KskZf?2_2rSP|p;neX_C1QJv_ttJyl8QHaI-z&*<X9I*W
za3*mutAGPZMv$^>uOa&aYFtpNjY!C1Ag+R+I=wC7f25`=2}>*5=udk?LZQz%y%yia
zoWpSMb^15DL8iuI8jQj<@#p|U&q3pz-0)~vcp?p8<_K%A@(UF%fj#my3jmG$Z-!xZ
z6%5(whWps7ovVM(3^Ndco|*WeL>a}~L4cz18Di`%2ynLZ+zy$mss5!l^5_`M&UW$8
z3VmRDV|tJn=3=I*AZ44GPp-!xJB{=`bXp(CenrG{VPU<1i$9JBBtmQ{1}S9TeKe^D
z7l>g*h;~BA#}98o)6&Gq)%z;o!Xl?GhVe5}?byFS^2*5CBPH2XEJjqWI$=AWFI2L`
z(ER_rSLPC%PO-@BKeL+fR{wwma?FIcurO4&uKdK(LxuN|eUGx@TlilK5o6DM*O1od
z-ykI${HEr*#+o4f&_4xX94D%T7JlOX%bA+_VK_-J3L>Cz82Iy%3KxXmhQIaz0Vc0d
z0Rufs>d~dQ8_?<AqJb)bp@-ZTfcic2-QGoAG*X`8-^IbZ0wg&We6|9n<cDg&Cp;*n
zi{H>w-6owI#FvH{++r4fW7|!w8DeDm2K=_x!HEWIwP_hoMXhb31C8z=LZDD$8g}nN
ze(#JQ*67#{pk8FtU$xfqJ5W9h#VS{Hs4LK@Cl?k)Oa%TagZ8K9yCnO1?IEuwET-gi
zQmUPX*AIWSj^5H#5P>iK(X%D8?$IH81RT&;ts=S;GvSOs_m1s}QYDGRrG60q#sR@q
zj>DMNZ=PuCP5{Y3+3LRZ-?0Y+K3H9L>bLj^?}_ZmCJR`Cg|U#PU8+2cuVitIWPrCm
znl^!6|4$oG|DwPR3fS!M<JT7_eHk4t%oknyVVXD>$y=~(!MC>?nB5o&ADEu{p4_!T
z=ph0Z8e%Bb560&XLXg{Gz6JYkDBbw5U|)y=@@;^bn*Az2-Kv#>Ve)TFz~IHR%M!+<
z9YWTJ;hC4d$rIO|Q4}%qE_Jkdb+YQsJrpby9BJbLFwskL;OdAW4JY{al&+drI#NBY
zGf{KS5#lQk(~sx2neCjb5d1XJ){9`f!YEkfZr3Gz89vYA|3nX`wp}b|{X~=~VG@hc
zJjC<*$Lqax=zMj|e=|xXf!2r65rS^=hAS`ZFV=WMY2xz{DUg5$G)NOC@+`cXn3ut4
zCi<624o3`G9?Gq|iW`TCY#{mJn9&bA`{|d#EwKo1vbJ28ei4KwbQpO`VTDBCX|po1
ztS>OgyRq_rm^>*!ic^O6yx?}L(mU|kb6!9KEWh@NPLB|ke`znJom-h0Ql?<xo<f5l
zOtNKZ3gH#ZDXkZ5dRvG(;7h#S81t1X!`k?w>@{Ie+Zb!;Ml+t&VF!c1oK0^0z)`0A
zI-NTS_Os(LtXZBUo9c>X#~8$4?U?@Wf80!S`1tlMF-y*z<f3n*oB!d{apOnPm*s!4
z_{X56SeRTe60nQ|jGKF?)$`ppVK~rQ@W<zma4<>9_MJ9RvQ!`=JJB?5sh18(S9jmC
z8iqrM`O`B41-pRnHKT;$QI9(`WY-5w6p+-yV}OVTf|<();f{g9^<SO$w`s~iYQv(h
z!Yfu&^qhX&;LxfNlsup9iH%?GX;Zv6vt1!%Yy*sh2L;)da&=u&U&1U-|C5v|<Ii{m
zEnrKXnfit6F}mq$y74i%lKmUk9MJel0@D;=rfmRmA#OxR!J#NQ;75xdO9%hZgq|Rm
zM|63LW%YitoA=*=5o}UeRI10xA%?uoghllm{yw(QdE1zPmgr*V6sf&71;*{YsRAFy
z#H{^z+98-*CkzOae#AgqbYAYaJGd3V{2E)mn^WP0$}5BWvo0ok`2Ck()Z4_m+km9*
zhR?GbWlH-!8BC890@dI4xI#LA!p6J?tx`2RHErzyh12R4E$x2s{%|MGzt|=iY6yWS
z<c3s!e|7AeFQ0aL?KWChr3Qm1t}mM;&pJ*7Q&x2at0p|!l9A4X(vY4!-7R3KI%2HS
zKZ|0leFYl}%R;E)s*kW_)Dx#SE;Um&)F_1(ry+5-05L~}5O&fQ6l5gJhYdvtYet~P
zH2ZtwVqUcDH;FcdGf&8M5BY)*1T5i;Pu_?>^4IixF_Q}OqDv@Q)0Iq3^VaX6i)w>3
zBH<>@FE7!knq2gs1H{<yqYeoP=q@92IGrL{p>FO@Q!l?zVT2WEQ^JN8oPHsM{$b3j
zmT2odXIg!XDLQK+nrD1D?S^S<%LfVHXp9h%Z+|FT`l-m^&h9ra(NBnpXH4&VV{%?=
z4<t1&cO_p}4LMW<9L$+uUUIA+V{$fF5?ArrOv@*|0&%}oD$c|HmmJoW&&Q?x6Sn;Y
z3WeL#-!yrahIOr4N%0t_>+jBe<3%<8)toLu(4J~XMdkII-@<O8fc6Tk_roPF`P$28
z1Q25PA3U4Pd&`s&H)8U7jXK$TyRJ<GMRGgfNFI_Z%vKla#?OU_;^99FR8h|^^t_&q
zXRfY<*V0Z_YKH$Cv>yGes-co|c}Y$8DSUF!Ooad?_|e^*V?85^FqFsXM)g52Ns0>N
zi#8eXJYEpO{I#=u({YsI+T+7VsSi<iG4QiP^$pNlkbi~gyg-6ZgbH~9s#ved6neU)
zPt?{z*ST7lO7ab2-gkP}kD~WiI8%{%y*+&3pDo*k0f^U@F-at3!-L^Y9;w@_kGv~j
zHO&wsIndXV%`l<f%^`~K`~Ob1{vxKQA|m|Yop;Iha~kP;+4Bh=c%$Nt(Pb`HF|bC4
z+$M(|v4ZJ~!Z*@k*%I!s{ux@J$;R0;UZ0nr-T_zXqY)YfClJ}8#$9-izsgy;limrU
zpfXlIsrue;CfxqdLZ!KkEd|S%4Zp_KZHp8gY}={g2@S>enNxYeY}e7?!{cm?sMHT9
zD=xUOE;Do#E_qT+DCZu}r+(mjW{T#XSSaxHYw>4RbI!=LsI42eaCL8(lVlJHmXs|R
zi-62*g24Z-JXf%iC8^g$Nx*;~ry_-0h-PS?_a($B_Ew*qf`7`V37yO>-Eh)%<t~_4
zTN-=O!<Q~%!QvwldZC%(e3S;PlvjnV3p{x|oC3~$K+op>fcQ%Ywj^|`&6^=`e<|1N
zb>gl+uXn72x6@1{g;%kH%GPFmWjn+XMn|dhqUmacRMfk=i7xMz%fvkn!mj%-*E?)y
z6j;vdxqB5^%w^))b0j;}bfuk)gwmX{jRmt}H1z|-D<lq1Bn>S2ML<f$zQMunrB1II
zXFNm>$5IGU=IIOMcH_+n7ej<bxlnyi<{LN~H}Df<obNABIt6f8jKfZtueNac2mY16
z*$X-#c2G-(hAQ+8Ops>Jgk17?rH0OtDkcdg4I9>)eNZhBKJo<1Nje+~eVAtoI)6iC
zKMM}!rsIJ<e}>U}8gBSxjZLPve%JG-ML?Kb`WR~p!vag<hdZ}r+6x}dct|I6!(2LD
zzid9F;G5Nqo%ZO(M0T%*zCN*dTj_j}fg9Z?n`q1y>7B>tL6|9Y!+yygq6>{IEB#}-
z)ax9n8FMuAGJ_*+3V%*7k&%h2DzVxv<VEApP#gjBlEMb8<N^s7ch>`Etcs?;6|oY9
z#g;XuH1d!gms=Q$OVE+AZk_H{M&x_r^}Bm*20MYzHk&EpHZ0@EyBVm8)}vo9tmVIZ
zhq|BKgTa!RcsS7#`eKK7HVA94%uem>#dw_Q%N@Oz2}Ap=W*MO!8ruJ&Gbu+=6i9q;
z-#}&a2AJ5<6&@^B>IL8D=wL#fJoaGw9T+H>$!O3(mqtmLWQyd%ch*o|_186|qu3qj
z3Dyl(Pd9I15sz<Zu6Nm@qq_8UMJOy*N`aLaKKb`qxCt-f=Zgx@m6{M<Aw9t?eIAo6
zir|)IM(OXLL`9;_PIR0|Xx6AG$i{?KtBG&_R8?p2hBoWPh*xy4OvK~_QuzZrYR0*_
z9ezj~2BnWtf!>s968ltEG68yZEG}4>j6&87g5^Xb0e_PyG8KRn?n>4Ih&V?<FL<#H
z7uJn88R>a%`Jr%X7y@&|n5cn~75Gl$)=RzyLSsdkBr#KE9#;YyA0VJO8cZFo6@&8T
z7mhK7u`rxg$O&l_<@mtoINwqyP;kT<HJ`jv73mA^<06)H%#-t_qa<7Lu3n3g1+J&C
zF9X90eGOjPmQde%eJn{R#Y4bWLySOc1+h@|X5MX#BE_CDIcKgUtEac!Vv=u)w0b?g
z7c+yIbYS?#$(@QKdACSFc|$_QJKCJrLNvBq7~6^cwcia`LNT`?e(lbMp}iM7I2AJ%
zgRaLhgfWvML`Hn6j6T#dwXa0Kv&I^u3rCCS4{O!0J7u8{JbiQUiF#Q9o`MvWI+e1o
zR0}F3xot0{?Mtu9`I4~HK1Q8edT8W{pN}oVa_Og@1t00fqKT3tp|s(x+R6J1R>;oV
zFL6TWi(67hih3th(~u2jA)N_5j(ZKq5g>FHn**MeDFHvZh6OWf)53?6`K}osT-Xr^
zKf|6H-DZZ&<~~D9?4HAmLWOie{l)@;C<K->7Up1^4a}GWraB>s3LJ{+4OToCuYq6f
zSj54dg4EMj<uD<=ksbzpku*jk?H0tP%o_$gUVrmIIXL<%3ZlT*AOB+n`1n92#3Oz{
z>9zc%v|&4i!1_IsF4QK%$TiGi9J}XNm6-TXjliaBo|?fLi_FthF}{9}*~iA`SN*em
zdx#Jh<QQ_6^E<*;Fh!gr)cb=WVMvm)!RN;})?_nP^M<lW#yGB^rec6&MsE^|=z7uQ
z0N)n87hHI`o^pq65%dHYw06|<PP4LJJPwjzg+^ir`suA$|L@p@!vyFjoTh?QkRMkU
z^06zVE38~^=kjE5gpZ}tAAn)!52aM#M!_BD{Hz4C*sf=J&Nch*+8I}?6~jhg?JMAf
z2-;oW1zC_*7n%SYQrZW^!@S|hrsC=qeOOZXsPvS7^RW&T@-=I*M!I!I=k_$vC43<b
zw_qeC^5@(Q&CGJtPWvwp6C)&i+j-A#b>w!-G1g892>W)v!i(!lhKgN!dsT!c!$}J3
zViPS|ul!Q(uD0mApR06I^aNXS5%ihzTgisBVFC5!i0=LMv7*>E?5?#vnV{RagWmfo
zb0OFgGZ>il00*<JYad@cdLOFs#5NZ|qr_&36D$?tzlrZ6B1)>=eJ@tEbncSuKbO;p
zh|{@QG{8VxHeW0`2Ya9g%AMN&rDe?5(AL-B)A!+NXO3XXZRn9`9#xx6ZQs}<4BNrC
z>XqVHq~&v|8m#a~aqeN6+`k|CZt9%mzMiRDfC=UjSN`_HJ61kGObMJu*;vKl*5cnb
zoGaQ)^f^|dN7R7o^d4YgFcMcu-*OCOX((@lC8VDzi{*%E&A|mAg8|@WNq(vPaZ^zw
zx|&%0x#50kOSi#6g&}U4%eLH=e@nvkS|oky=+z218dUL&s6gVu8gvD2WH$27!L*`=
zu+l!ptmYdv6II}5sMIW+KzH*`m;;kM1tQ_SYR%b#$ZjKSXlRLuG(=NwnKI>ueN_q0
z@&u&4nt5vtn*2k(9kX#0fdTVqggdB$w~Hd<H1~A6WO$`?gS{=TzK#ukimL&38eShc
zb!Z%9qTwLQ*8ZIsZ)R`QpA_IS>?G;k^?Ty!`kB~q>^#j@tdTf@REx6eVihyb7li0=
zaw-aGJV;Is#j?wNOVJiqC`UC1sv~YS&)H`<B#<4apBw8!gV(4N=Ov_Qabzc`!%dxE
z(5cw!4+C&X=pwxTr7?Y2t`8`qE}c?K!7TLJm!Q`qQ^c4Pzs4%kj-aPY=GB-Xp}^tp
z1w|f5xIZ}v3kwml=$Oz#xTnsUh?w77lBbi}>xxStO6ahKlFI%{Lt<=yv#e<+qtjXC
z;#h3>6^(_N_@sx!9Avt>_vqw=t75B39vh<{(8ly+<t-vdDNRQ4K^H|#ptQV7>0BqO
z`R@mu1W-~6uD4%zAk~Mi0U`8+8jx3h*o<Ed;5uT%9;x|cFrp-Y#))t#lztE`D{&m=
zK4(Y;MTA0=`rHrTlKOe2r@L5@3N?vu!53hWQJQcHc<+uz5dSt$mrw>&!!D9A68e|>
zel7@;HRRf}!n-bKbM};+F+CBmB|jv&p_w@&!pbvgPXp7hhI3nn;IX_)7r2Hzzlc!}
zS;xLordq37oE(d~JIpvOT4s*`N~`+`Y)-ipIv#3o23RSl=50^h?Lh|5L<w6pNUS7;
z&Igwn$129CaEz@f5Yf8h#?T8z3ur~#wd02LV~f9&;ReiHO?&ZzkKbOO_voWmlNk&i
zdWx{3D-{Da$1Im(K5`EC54!zXC3K9Ve?4nS*QQ{slg)l9wE#Wt3ZXYYIp0REVE4r)
zoz<JqM%rK^{tLz$?yc}-un<nW@pU+lN6$PD3lkj1Bd0*eaa%DlpC*~$_3*aSyQG9V
zY<Vl8j!%x|MN*bDET`N1n^stTW$e$2frA;6GEVp=#&;o97w~6NgCS(BfWeD_<~y&v
zRKW{)!V;q%T2AYlmtHm|6q6#i4P3s-z=m%)5gc&<h=&PrTIVD!*Ssc5re){12SM$r
zf7m-~Iltw032tm1W9Zrh5*c~bVS~D5vOf!)hINK!>;Ah}R1a|9!7aYC?DO0r!l}it
zA1Cb0F%XS+&%eIyT{IK6`K?H_8t_<WmnXj`jh&3*K4tWv7>!Omd?U&z5s>PNMzHX@
zL(dqDrVm1fcV1D55WPA`SrjajCb+p%`jCY5M~{VfajzWffKdsjAY0%^YgOcECJ&@r
zx`9n{g%wxmIR&6?{@?<Tt!cS9D6su^5C$UG3)a4XgzC6?>8F$&zG@(iBI^MbZcEiW
z7!Z{h9k1-A@R7gl7nzQC9y!{_eWxxOEAo1yFib({zOR%9EB8J87k9s`$}XN77W3#K
z!^3{p<E<ItB(S<PKTFd-RBd1vx$3$mb&98s8TqT~GZO76kW^#8Y1@6jTM!QlVenx*
zE`QfWk<B7#1Ssp?uP`)s6m(2b5lgaOV$ew)-72@lK|D_2nfsZfz#34)8yU^~_-n^F
zw^!W@>|oql_3pxU`$1%j`C_vgUMjD>XSSEc`3i3DWXZPovf0DVPD7=J!G^W^4?zMP
zXdzEBWyFzi-I)3!Q6!+_uot%r8a1NAfS)CZlN7M031%PQY2T*QxaZmOgM2SQkp6d-
z)Mn>e$HoaIM4aizb(b1-yepq6Fw+RSn$4He?Uj5JGlS1xAsu{}Xvk#rYKSop3mkAl
z=hR)GsK_+HuBeu{jQNa0eoOcDyNy%z)eYE!bzfznDt@pGTv-l)X^|A7Uwd1<)3=5{
zahwPa#CKvl?71=dY8}W4+tQIM(VIE(5}?2xD>{7Q#}`}X-ZJv}TrjJ_bWxQOm@O`2
zX7#A*)O_f;FTI$_M^8bjRx7D)`7+)N!P7F}EJQy>BPi@>Kq#bMH{Fnj#pv|8;YrOw
zN#RhpsZa*!L%GC}(1(%~ELob)ajQ2q$4$M){*6*UWbw&@Jt+iVAs;e$!Y5pOXzXu8
zR7_+G0kJ^PtAo|u@c{bfO*LJa_#qum#+#agfV3T{l`EA0ECIH`IHUdy_P~iUdi9}r
zjLYC3so`VhS{dHIXZ*#BLa8$QWak}1vKAFhSV{Ft55P+}*9tH{xldIf?VUD*h{D<M
zh46R3B`4bj)KPbrTPJI&@_=x5?)X=?O2=^`o8||IC(dE!ZcG0+FS2zDvb@}U6D|Sk
z-ju9<_)zz#<>4aH{X@N#m!B?N0xZVy?GQ@tvxgRGB<F~dl&bIbe_slcqS<}&Unow)
zR~s>(Z(P5CGr#^w3{skc2@cAytRi=O;tI5WOK#CS%1g581aXogqVL-x>sz^>Hm$Ro
z<5)h4@UOR)9I*j4ptSfzao?lWXp!S`RXk*~hezWrNUHxB6_0QWE#fb&o_YPD$-GT!
z)9vBHY<fPUl2)Y2si_9)S)a~VKiG?_%YGq>_{~AQIs%laC^&N!J)#)-es0_Hio*x<
z{hO)eY)mZF%b~28S`9KEMlkiF_k#W#N`t2<-~NbDIF{f5!p@QL7^%XZn+K$_z9~D>
z4Kmg%V{{*F#0^7PN=O-2`Tph(?TaoI#t?Q07FqoK<!vj)n&EuATt1ZUPr-mK+5onV
zd*uIh5HSdr#S~1OkeM+o-UIiWE}m#W6=VpJ{bhgQD4R8Uy#LlmBU}#1iaD9@W1<?s
z94`r*i`myHSQ?g#83WS|9kb#`<4Qz+W%v-?AAABQwhHsqhZmRc3aI&@+q-k6Qw_i7
z-NZ2jR@T@}!Iw+q4}UB_<#FNB-^S$7SV7&$!?R=_Sm?`fNa|=$9S0&mk9zQPnXsmV
zU;eyWZP#ArH}>&pcQy)*8~L67v|S6hTZsxTS|H+(2g@9v1UBd7>RDFtvf$vACt@wb
zh@Xp8em$bt)<K9h0SmWzi4$x60fVsr%1_AyN8kq>Ab_+a0qf__%k752jb+m{>=t-U
z7XiVKki_qVw8;Hjq7*2VYprpEi!je(qEl)~pbkTN!}MgOgimQegFQuyYU^FG`@!{M
z;i8+RALa`niTU3y{ZE?{3!($%^buM7{=i*aISb7rUW46-ax;x!T~^)#!!*?gR&ez+
z_y0AG7ag*u)xZ6*w`AF0HfJ*b%uA{dm1m3?9SM8^JOc<`iIb6Lk^r`%sG68>U(%*C
zHWVIV@OV)kQS9FE%`DN+Uxq)CbKcott}x>~{FNiW$gJ-l)1)?UP6Ra+gVQhW(J(5S
z*lCvT4l0A8`TAalukRMVA|aSgp)n5g;>fTo7dr~(%`+NP6hx!@%f7djihwSzLorE^
z@*31by!M7_d@c9DUMf{Ff{JHDG+z2KUjB?X&qNLWMb5#1Qz0+8`8o!3wh>AG8y;vg
zm68PUYsbkyZ!g1x_1^-T^O8l5wm_Sc_4H1O=wy4;)yH4$DwD!7p5`;>+1BroT@5Q;
z+l<BU(aChN0Zk+~0%#(}NQf~S6+PbP0Dr`@DNIr!A6W@X_xzu=el@d2a)(!fl)BM<
zuXi!3452a&g{+XW8E67ub@lTrkvd*N%uLtJ(3Ri|P0>OJqF2giRYK`1re%um$)?=Q
zCtX3!jygn#e82%FAVTU&65lnnhDrXkT@vX_*XVJCm1kUVAdc{^6hvd+zEE4q<ck!r
z%&K)mSGfvyFk*n<k+XtUvhs{h?p3~h?0ym^0U-)pA|rs+-NOg5-^e`I22{{8z<@~R
z0Mq9Q9${L(ya3G+y7R5+oo;nk$JpUORT%b6WLOV+#c$b2NH9`@)3n9s6}}qMaXwcR
zDgHd(-^jO*EHxRcG0h#QNm^0k6WLu4BrqY8MoJ~D92|-}#KLx0wxcEat(L7D)*?Ej
zhF6+j$!T6*LLyqi4zMx{6B8UvpATa0qVH+%8r$evAKTg?@P*VPsi(#7o4Z(7ydruZ
z5<%!2!a8}Ly3SBww&<X$u#E`D@htR;h)nG1|4M-bpckJmUY_!jN{!E)TtxG+F_SJG
ze$X-Hxb{mHb9sqtNFj)T;><qW!kp`fT#REMdK84`-6pbWBr@)H_=!q!M<Ddy27}na
zvxACgoj$V-=UFLz3JIWfPlz*DICm7R6?c?2I^hh*g!sj;U;W&BeH2gE0!#8#@F3ki
zc1W>AZO;V{Jw4x@Let={h5{uDglGbfE>(xR>Jk+VF@HtAc5iWaH?Ela1@NFAaEW=|
z5Hj$pY6?g)u=wVeH0M9iG5hxfD5}B@+%=O_{SIB7kRwjG;@(S5@^>CUT7dd?5BIQr
zzuju+i`4@N<YA!xe|f68VFr5j8I`;<DI+BQ8{Yj^y&TIO`{7S1oBDRa7fmFtPycp2
zjv+dJp&DGh;U?k#uR|~pXVg>|FKFbahY6*eANnI%C3;2>C-b(`*w1Ofr*7d_)`zO9
zhXV*3HeBLAM#Z=izORrl)OQpYc_4#;Zs9^31l1Qw<A%y%8D2O^yMuD;-r;}j4MrFH
zpZ=LNS(CRtm5){B7p>l2M!{*^hMA3>$gXmL$cC-0t%**O2I$4rVkugFn?mcnRTqoZ
z7+D6|tk<&?3wbF2Pt%YCj-gXiI{%@?W&+nHZRdH@WgS-sWS-2#s7J9tb>{LYb+LmQ
z20pQjff;w&vUE>_=a<F#z1cf_`F^0;qeg?%DKDn|)q8jn7?z7+A>UH(br{Sdj=c5S
zYt?*2lmGCde_D3Ccc57HM1*QNpyLLKoO5|cPREfL3zRcn;y)75PB<t*abAF#!_sC*
zl^L+}G^dM{Johkz-vPOOUd&OgQev=*vhA(Gq0tJFt^<}E&%~0WTouP8rsNpDR7*kb
zRW{8~XF{i&P;y_zBQ)F_V7-?V9R;M8f?j~pz+Jy}hbfQ^Q9$@^j#^b$Zt}?EaefSG
z)iWbBZpM7t(r1Z?=A<-r_GYs^rjsHLYR*e^ut>JI-lK)l{1DjRx3hN|^|odCjAlB6
zM<BL0`BUY)Z2vBk>GM!$mylRcZ!@+<``~W+*35!9e2)GGH9wj>3Hp<0ewF;CA!q)u
zZkYQDTIxhb*R+{%;oLSMx|HI%_XB*00cW}yD_#)DV3>Q#@QXXWBk`>HO2MiwlA4aq
zliIwR3d5A)$4ahe&nzqQf(2piKGmiDB~4t0TKv}+?TM1eXs9omBdSi_|9Bn=xbrUv
zl=LWR5dA4F#jmwHu;DTVU-Q`2jm2h8cpg(7xmKA~zEH)NVF3NDm6#`~>pyl^(>ODa
zAN}93D0YJ-wcd!-c50q0st<`%J!MX+mT&^W;iA`WF-l3T!KJ{w;m(GZLJ$PBA8o@E
z7&Rt{TZDr7?p>}7A>##t9oeUz6}bFYG#`F4T&)?qFCPm)i5ZR(UGmMUuk^tSyUGr9
zjF0dBMdUb1Hsq<pbdaMi7CzaL5&nin4w@>i*CIecnJsn9h?MDNHOM%DGX8RquMDjQ
zxou*9T!@(sYr&9|wEJNy60+}GN1n<msdH4XgHE4j;`bT#p2Zo==xuS$oHOY*qBV=R
zmc#|c5^zGeoc>ZnQu7bGDI1LyrcFl<6HKgc5m+-XE2qwL3kxI8`WQp1(SXir=;cDs
zdP-qMc)Al<xw{=%mhh!J3THGokD_BBWrOZr!pzXS1eL#JR73cPQshrTh<Gf3>RgCX
z*xF0*I3teh5H-pxxFpB1xFk(hse$+Vhw;koo+E<<^zqn6-mq>^a{)rc5Q3iG13V09
zl?8jlS9p{L^HzeA8d6E+mmGS3+jMn>M^5BwbA&Gh{{y2E{Oum8)k-j9V6acDoG+Mh
z_24wCck5~U8DHa4>H5zy6;xhv|KJA02NB|>)}fcrM6jWZqWN3nrmgA)wRKXV(HW`~
z;$w(FYBM<yCah(<=CrWa4n!@vX;ox|11>1x)mN4u+A8K-s=3!Sa(MDMp&f6RUc4@r
z#9w4FR-ZmGxh5lP>N}7-APNou4Sj5Al@G+aX$<J)ML$fZHn8-DUIjHhh<r3C!Sk5T
zu7bMrx7Ak*gZ(w)D`nouo|obUFUWx_)`d9)N@0B=DB~T(@KDhTWkXiH;@hh|%WZ?m
zAI7Z*!_|F)yjx#<UENk1CvWetUx~9S3!O0`m#!+VRcKAQvw$2c9;fOOQ-vRKbRQdA
zgT=54O-o(RwSp4Z>v)^)sV|W2y=2vMMbJFBdZLqTDK>VtfY=i!0Is_W1RK-5r=DaJ
z5)tVnB_})ol@xkZ8VA7lEUgy61Aqh+-Es&aX%MMkb$uRxs)rLII-}lt54_=U#VqNX
zn9{yvaigc0>o+VBLs0RF1>({rF*#qyugV27pye+r+CX^vf*pzwpMomrO<Wxst+6J+
z($)btS5&2Vt`+m|S(C{G(>xQkv&%r#{jO(a0WD!ls(om5DM!N`Ufw^8{)`XpOAEa7
zb`JiO?A`%6lLV8k&hi1pv>~l55sdG&I!s{kPy6&@dc+SPP`tu=lWS!<0z%iqd3eJT
zVA1lt+>y$ON9-6UNzeXydEq$_rE5qzj9r-PWLMZlo~m)lM<=(wxVp-7F=xOB!YS!k
zVxCuZfS!;EC!!R<s=ESkFfmS>b$)Q!96^45zRW-rq51`o|FnMt#A*atO#+Rc%exzN
zQvKTNA`7}e4%EEwQuhJHpq*mrW>lKQvv1aH7<Jr#mtJ7bckIW2x=9Kgpw79z>_30d
zdyYQu$HSA@i^W$#`5CR$yv+OLZTFP`)0qqD_mt%$l7k^+@*}T`ISQ|kkUxey1{Nr+
z-w33HdM+IP7}=G<`@2M@zTjyl9*fBq9TR8aX|$4pEZiX+Rm3gq)XudW{iYk#VD(4h
zU;$=If{TA%?XAWJ+4Gg~@H2wFTDS>*G`B~Tz}Kxa+^t@9OArPNv1}(M&DyF{kh2rd
zZY2&0O`*6onrev()y;AL7#e?9edChP8`t6O-=&&>)p90#POH3&;=||f90c`15^v2&
zGINA(gXI#IzP`Q}fRK%Nk75*fhdXZmbpxK$eSZ455!ISM5As&)eLvF1R%WI^TBVpU
ztIiwxsHW7|y4>uyk0Pxe0-#Gon83iiiVoq2KR%erx3KjulJ9o$V-~d4feY=Wk`v@@
zFpI&4$>`p9gPNSXI~rE*z}VdmSGOmFPn>yNWpqeiz(QtFefOt&Jm>Mr|2-fUjoFWt
zd&fLioQ&gh2>FVI59qWjXS|FC3fT}R$x9>$l^`zlCiBl3yci@eC`5}N%@5(CvA2uL
z3^~I@ul^?GRj&r%7x)N6U{<v!!)LjN$5ylc8gPAj{A52(B_W>%BYd<}yKC}2E<LG#
zd@Q}Bv=~CTYT;@B;NX62V&eP>$j#Cg6%}Rp^yyPH5cp2#0if-z?H7UPqFzKe_Kj*S
zI+kuK!RH0H$FM0Ewe3aAuKS~g>pFo7!(b``J|<h1Q14O_Y434iplb<2RJ2&x49M01
z84|w1AXF*`Fpx^&<o>LdZW!_zbLKDCLf+1wv*MC=8@>1a`u{)tz?ATfic)zDQeN`G
z+JB`4BP$Qh1+<0+|JuncWanv3E^|l(g~zc64HZ*rcPQ!141MGC0_5&xAYWBNR>}4}
zHa$HSy&B&_6BAuyo?6+Lp~21d0aDY$COc;D(!o?blQmEFTI&w{h^5h7uP3l06=MW+
ztFs{oL5&7eDZp)?yggY!)9&<sVXaVG!6PKp{sdreURXLFw#R|2vEIE76~H>H0bGP1
z`qO_9AdNV?;{>*A3h1|LYzNqZkwWp}s}RF~K3d58NC6fmkCBnWzW*t(>LvBqFQJ%-
zGa~q~V4S2rryLJZ{hM8=qqwy61U97py*-H0;UZ<XJ&TJ{#02u<H@Sjd6yW>6yCO2Y
z*hwJ>0hGsTMF#YgWYXu+iE(n-784SS_3L-8Hp!uBqc5Oup>ysSk6~Jg$kxY&@X^>u
zn$Z&*b3Z0~&ro7B=?Owz$@qEGPOMv__(<GfD&!Yv#DH*z8wG`5KJL88BwmRv%UXAq
zD-z@V2wyJ4Fd^`wB&q-|cE1k*x48sjXNDXBo^lJ2i~Y56)qbQ>JOYQ<I-whwBshxz
zR}0}5#rL9fgOwLCzCz%CA%SdM6;iWc%<UArjZND9$byK5Le5Qrgo55?LEYV|rkous
z`YtpJqPz2sy6$QvC`&W2iyKUhcs!thNk`JW3?Ag&QH+lPD^Bgt$3GIoUcDvK#39Wa
z=t{9HalRIIn@BG78kKj=?$O5)P~Zx`UB@R2RbAgbpWhp5l*)d<bD<H2pcxIQdfWGG
z`(YeN8>Z^(Dy4ahK{SF%ujaw!*X^~|IKGm;g-KI=arEmbE@Smf?E3oNbhPeA<WEi%
zUx)twZ#K)|vm&{_>kUz942Hhi+S(_LF6Zm7KwjMG8-PVh@9phne1BE=fk?e2AWF_<
zi-0~(iWeHtV-<a3k6=;#IK8j>$RRFHqp_7(?l&PpRo%KQw%)z=<5e2|8$mOH1NU9;
z6Z||Vqi`hFibq`4fT~>k!w&=j`TY9#_H=?2c|;*D#+4N?Nk}X}>CHDnhz@NrgE7mI
z-(ik~fR8>;YyPYL$s{3_>U<E3@%oX#aGUEJ(ud6DrTp4oKn(bq)^STYq#efhACoIB
zpMTWl9j-{bA$s0e6qh**2G2;IlE!2+u8zBuS8tGDp<d&L&F`qSn6IhLxeaQfEHSR8
zlT#oKV<sdtf8P={S$F&jk21+Kb$L13{NlX7>dj}85a!?R!Gc|j`*$s3=^K!nUpz8A
z+%sRU$!-sDfGFGB+6Z=bb|&P1exiOWOwn7$#=$Z9JBv#mr?clcWg|X>9U#rDhJW2S
zEP6B2KcMgGJ=&Ju;%|8jyg%dPRG)a0eJ5=>oKyp?HRTWItBOzABZqTqi{(hBTSTn^
z<AC{HjztyL0dg#GSti8B0G%B1$HN1>4hIy65&@q0T-O()-z%!LTI#&t`}5MLn}HNM
z*rn|T59rm`x<mN|>}pK-u~1ZwR^;R|&Nf`wQ2XzlH6p2dQK|IdT|#da=vI{%PFJnz
zod^sQy}-f;w-v|g6}w@ytIkyNywKvU6CXi>5?12*V4zqt$=6LNfB#hbHK*0L*{?8g
zF1ZVKpn8d3Uve=#)^7+dELvbWRqWPAD@vCcn%`Vj+d6h^5J0}a9<6-F;U&P$xOvzN
zKr?}bftkHIU1_uhXc4U>02{zK^Z64X@=<xTW9x*xLJ%PBw=y1nZQz%1_e*Y8DfC{;
zfN@LDq=ylt@co*9NB)14^Ya)n;=g@>w_ctH((zn2s<h!;_Tu5x;F4wulYuKmn+J^O
z^WO3*$a(@B;Am~TqhpbTX%*(xObJKL$FP5SH=i)e+T+LfzCk`;ADq!nz&Aw9y@YHW
z5}fL;%{g-K{8p~Us+!>)LPY>kEIHa;J_-4t2bYZD2TXro3ztAf*2g|IYj;Eq4(xAu
z(%s@a_=^~4l++4m&bUTmo;ka5znkza(ovaqCI}G$$>=!}KQfyQ+IJh1_9J%f`BFm^
za34XKo0~%c!CapW7Ake2v%Ky!9l+qepj@#K68E#_gWo_jx6a(pDiMlig7>u{&L(Xu
zh4JdOs)}Qx`{Pk+BkG5M6vHV}-q(LCX`2W&kG$t>rS=PoNzE`;uWET17?;RM-DTTE
zAPXTH&)&`weAeV}!`hOVb5ozF76ui<6rf0fu7hd~IP<66c5ty|rK;B74T_(Uv*}D3
z$kD${CaL0ZiZb}6c~js7JnwwY`a_cPJq)iKS-1Y&k*3gU0dX2&Uk*yxlR=WjJ7{2O
z%JWS_fIsc&S&L<gZ3H_GQLd3*;1lo2NKuCxxRY(Vjrad|0i4UxD^E#6Bcr~L6T8?x
ziJ|4r>*3D?JQPrEC&V{xRkpGcL=i34pD43E0cET@bu4wv#0f}w2b-9f06+U0newIp
zk8$AWXy(_!JN%&a<@vcq2^TV~z{B>tXRlNXXKuJ^cZ(XZ@g|F<WB78=`YL35aGe)0
zmgFmq()+9T;s|ddYxib2#^CfI@bL))13v%<VRS{<U>%OY$URp`9X!`OgSX)gF3|kJ
z@$m2uGj%Z{ry2nerJ?q&@X9~=p^TT!%&cL=r!Su`6z(%qiH0=i#9^fP3JvJ*>BUEm
z^7EQJFQ`JL>u|}&4?m+vpJU!rVs8E+70d2Eo3QI6fV{kewOVluF~`A)prhM}qbJ%R
zTyrU!bMs)gzxsyrQBT%$g0Yn^Q?2a#WGLtZ0h|95z{n{LM{>4a_Z;#mxG8^N!v6rb
z1_Zh%M3V@l-2i|BJwiM@4InVtej5nx+-L@XDxzo#lyOpNen8`RH=xhvSK*|zxwM|4
z?D&n};dvNDCT-;2Bf!#4JfYa}PkWeMsP8~S5Of&^><TD%IAPE29b8`Bk#lpXAYf&p
zCQOB{=WRQhDVW2{`8TakBUJO*I-*&=bbLR^5M)rcGm2j}29N#f2QKFDN$m4EXg)H2
z)a``Ri5kI)l3rHlXsIs_;u9)LED5*ubn6O-CvKk6v#Pz#3ESS1b3Q7`B6kd1f6hb<
zN>mu!?@mXEWB7Y!39S!PFP%jEMMYCR*PLWK&Uhh^Vo0b>XK3tee=pV=!=tzh_?EV`
z@Urspc_=zN-{k<M`zHk@<wOh-&($U}OIs}PJf<Tr^1&2#;P)=UY<yRw*<bHK@V-g6
zTEnt}3sRo6_4f*-hg<J%y5ZH>Ea^x-ode?Wt^Q`=%+~3Fq|q?h2RLZ#4sw;ENRWi@
zdPk<faT!|em(*6x6AUJthjaZP&4c>;R-r}_v=MI~H>K{?Ioq|K5kd#;DFRASppx^H
z1s)x3-=`s=qt~P1V~S%H^bLtROJM=cD@<??N{lN>3Zt5jIiqXLsnfrO%fKPJ;}hTw
zf!!nVPVwvRmTljHJM-8^g!2FPZ6>a7_Zvn+!cU(KFAjnay9fL6wLdU<G&PAB>AH++
z3_ktj0AN^Aj{xl>uLB52L=+ShL<tKE>tE1ySz8D2Yn&Sc1Cm7+U#Q03d#065>;6^!
zDS@H}O!FrdhS1Q)3MnlgJ(L>~n3z|%>-lrD;xZruSjm+PtykeKkeZ^SR?_9x&@ymL
zzqjZu9H$s3;?SPcwjA9LFmMK<vQ7o18_ygTO4QlD<iXkl`zjMQEj|mpO?TbnQT9vN
z(Oi_UGWdI}__@_x`vzwZywVDYe*5KW^t?($otyZsZwH()Xy_3b*WMI;1AEHO1oKST
zqJzVmLn%H2>KQyAmCKzgF?~$A%s2?9gHd+;eq~Wu9Zoioj$ntU$Pa9?8RPMrd_c~2
z3l6_N7+P!lnIV_H*zCrRD=h<ATvc^1=y<4j4xnppy#c1oJ{&BpDheL!W}g_EKq9-(
ztLJ@t6m@(V9-wbdV-$QfqUusJkz=PR3=j86KU|YwV*YNR;hm!4cNDbpd9n8IH_8>!
zr(M}|hV$U;L3=Z2AUd`<r7b5rhSxzvkASsb;9MgCp>gqlD9N{6i9Yi~^Zs$&0WrmS
zH)uVTSy`*tYL>Y|L~wKQi*~apJ3P<cv_x(1APosKGp0g=zXOf`j&Ja>>Vb)>usg?&
z*@sxoUcI;Bts4=(``0z7!fgf0E9$~+NDopxORgh-XQ%mfoUeJW8(wMT52%8Mia+BA
z*J@W?1ii%o64J-H=-s_t12Z$=fD|(@G6n!Zth5>cniL5Xnn5gLVqIP!xYhq1EAg%X
zo&GDy9|JOiq?SpOke;CeA8d6hYBl=4QTUX(W;EjKJ@&axyv(DoVJ=dg(cU<C6oaSt
zJ+I*YE=@k~jD+XBu^v1jA?M`vd25?-JU>(vS;Zx=Zzj`jB`lma;(l|fgs@9d-jgzh
zW_oj&IUTslKt@lJ2K&l0mJ_#mZFTEMSgWZ~Y;XRN)E0D>RAcg+lgT`nAzW)|*a1%4
zW>UMTCl|pQZlcH21FQS73Xb3l2b+Mq&g-=_|1=+U&^kT+>Tg?el-t|g@22|Z_a57m
z<Upch!v4+C4BI=AZ8SySn`dcZK|MP$QN<HL7yZ?3bG7TZLptK1iPJ&7T4OoFd-e~6
zu#5C9e`%ES^kuzq-$Ql1WqcYEwfO0nFgVhnL6)nqqN_g5mKsT+tfs|8@r_MDJB48;
z&QfRn(<P+hF^z-qz5COE8Vizo78CHsn=jPxuQZfiGZQLk?+my0S_VH7JhjwRZPb&t
zCb19nE7Xe>P;x8FKB}54&9Hs@ZI-)2LLX8nUfB<ifcrR-n+JAv{#J!CMZ{GMT#mmA
zsy7FOOt$|nrQCbQt8Ja`^j;uh;t3i;#Xua$NPpz1Jzs76IecXg0bt6`{h;9=iMVZZ
zCV)iv&n#3_1@@CUA_F7<mnTEB)};AOOomDw53rbc;Z6d3*`Th@8`DWVTvG;ZNIcqK
z?&j;Z<cJa3&q0ixm&(45$iv}5WCE#-{7i`-=NYg+WJ4|pOxEiZ5%a{MZM@a)9ei#Y
zoUPU{IH!5C$~O^944FGqsy(H>oZDk2{i>a(oC=dBYwODOR};;n7A(E2%Od;;Q`1@9
z_3yJk<wrdk5ai`muy!`q{ftCJL+h#LiT%8sfTpO>p-|hug-@J49n2KVcCIM{=dC%D
zij_b4Qang~h&p|J_l05#)(~UDjs86U8%-4=jp*-*dw!N#r~Jp~Vq|IA2ON9=?kC1+
zy~^zfz>LJ|wJO*+IUBw`KU~7UQ&cj5=J$T<Be0G9zRK^U^GJKNmEBgqIJ0QBqGm7M
zl+S0pM=J*_W#M+QVAS^eHP>P~2e%$kZE9<LqsOQ@71;;f`<d|K)E~1t4e8<GcK@Fa
zN6OAqj`Y-&Tv@=6##W(U9StS8fmZ~Xe#%(o8q;<4)*{j9WG1!kx!D+H?9I~Df-@zQ
zhR0StOqjey^C$ih&W(EOd6VrtmDl}}{T^-yS~0=#1Qp3Qag=VGrb3j|l)a}l@s)nk
zg?Z;dpeiwUET8uc<?*fio#n>I<rnMazLFh^cvHX_`X!$kuHEAJV-?_d`~v8tb3k@-
zcFR#w`W^peA7+*=6?MFIa7NgdWzvWxU;z13%g*fAiNl?hwMVD_zAPLSaY#RfCq3#u
z(v;nmuT;G`qN#k>bmNwv`m%9gh4Bk+O7`*YNgk-zIz**%Hg5cDl{o|0+<4uD{Fun6
zDia%$o(Y})+b~X3^fq+PgHc?)G_^8Y5;87XTTt)>`u)H}P_xh(5r}|f!BHF7)Y!p4
zI6G83E;U@xTC7p_gyTn_$%p4!cf!3sYgNEWbaC+X^uqt__9>r60WN3v=7)C6{Cvf%
zO1RpslarG-0GoTczPfts1Ta>~0JY|-I{=>4Z99zCo<=@nafl}o<I4%K7c~7kJGV$d
z?ML2ldIl5PPhnqn?%v@wKy%~@9B)dmSG6b3;*=4;Q$^1LE9H~naB;@DWri*MEnGTt
zIxQ_J%TJ=?<_k~tdYtFjrkPvMIt59Yf<|wyz)Jp0xN=-iLJBnn^_jA3xe}-f)%K7x
zT^wb&s4DGz*;=<)u_Q-QC@$|ibtM;*>o^YN(P$Ay7(HjowV$y;pRCgAIn(KgkzX%g
z(Ba_5w2BJP=FY*u;*S}PCRet&nwnEq*Dva13?HMH8rO&aYTNW1aXPTF#AHPH7Z}`I
z1G%;Dp7K^tP&E)z9<9^rd@2RtsQxrHH8}trg&`jRG2s#%6jX1!CqZ%K`92dDst^BC
z)T!*dyL_h5g71Ap<9SEp`INP&R^9vJbW*xi0l&3MKLt6M#{TiB<?jj<Y3H%$T<hoZ
ze_X5A*CRr28YJb~H0FUs|IWOCC7W1|oPP@|opK0xl6mf3iP}NE4O)~mg{|`<`xs9~
zI}o@~1=67ANq3QNZ5J>@D<6KLe)jPs6HFmjV&*%r*SJM2e=Yxh&_}a$7SpOU8+Icb
zME>>k-icGh@Zvc{RJP^Qb(^hPo#wdST%E^HXoe(!g#u@LU>w6{{dm(rT2&yEul#O_
zkx^3yw32v4wxkg_Tdld5teqc;f_N+~EpK?;uD<mE5ckxJtq{`joBR7Jpc%E<@`pus
z7I?ns%@Q-m_=5XCVN^N!wYjG(LqpS{Rn;7HH2JTqoh3}~9@q|-j^-0|SCwspcs=)a
zJz|fGr#MREI1K8tw77(%_+C|@$gR^Dcx`I1be`d&`CC~V@mv5tVk2bIM1Ij>fn$x+
zEQ796tq7`AMKqGCs4E?9v7yy|Laj*tXXHhQ_!wafyR4N)`gU~1M&n=CD7925tuKUY
z&Uyr=B8nO_RuTbp#S?n;Z5sSoi6Ma@>|X2qXKv4So}QI@*%V;{-jI-y>4Goucmlc_
zu3sYmF1IAL5X3F(0PapF;Oxw<wYvNg1Yj5Y7Z(@E0BnKh>Sjj46wu1QQF=x(zO1}o
ze=j9U<uLGc6l6|w+otv{V~%o#!T2uSoq9M=G7(tKv*AA5|Fp%U+mqk~+MLnaYKy#<
zt)#US4E-(~&Cr-|;+8*|8eUH<Wg%|7uB{hLU;{JWYy8z`@O7nE<>aefXD-l)Ri4CB
zY?I|yv8J8~NR{95DeGIDLr<ku+HNlS<TDqyZ1Q95BC*)iAjGZ8A(uy>hTU(S-I5>=
z*K08YLxNh{OQXjRW+IMq_H!61sZy){usWRvkTeNlfZ3^gMZ%Ms64Gz^$C9&5Mn;BG
ztx^ZS#(r;jiZ^pS7KpOhPqU~TdINyP9kg_GQh*k2fqCDV`NB>kGCcR)VniijYF_Pg
zZq>_WJN)ulHveW@s>9mvqLrIDin*P;{;UD2BUgU$I<1JZXmB*gq2W<_Y-h#yg$X^_
zuhy6}E?LEN^*)|snOUt>YuE8oN`!2^|6UvZ>R>Mrw!JK$xmVKB-*`q!Q-c>`OJW5(
zESxzUB(0JT4U#hH(<ofYDoqvk*F0Fb*1cR>(d6v+@}|u2xIMX{L(mS^X|r;Qe#d8O
zH|Ut(YujtNBEC0(HO2$(9ROfP;2mXY0SygZ_H=*la|N`6>uvx#wdIJCIj)Z7eTGC@
zh?xEvRz}}qrKk$Tb<!vH)57Np;)9LI$D1^t-U^`v;;I&keo21PoyZFfkO)FdP#3Eb
z`&PMH{;HR^0K~1+#cM<gZSW|KlGN#tKx@OapmMIVh(_JPNr*&uAffKLjnzTvqF$_^
z64sogvtr_8rbfgGGk73&h*Kfv%)g(4xAA)w)|3X?+KT7P3%-ys92y|rwv>n!T_~H6
z5fD)SlQg4r3dBO*C3ELlrz<535mGk5#cm)kKi&o4g#3h_mL_CDAkcwiB%a;FPt&X+
zc?E^4v(W{z=9d4NB&CpSv%RmU4Fiz4Yh}0L=gp^YnBuJtJ}|ZC@EgK$Bl^m8%F0?j
zLABKm#2-5Uct5H8;3VW;a!K1wYjSXXmd_6=;82=K046&_>ystGCauP8$%`{u^c2MN
z0a`^wA9s-&PyTeSSW!R4YTK_3daeCOSiLNs^*w~xR4Q`rPc$ty$SZn)M?BzuvM81x
z$oDW=g1%M@aPYLovq5>3rr0XU%>pVFYBOBSQLVVlMze_{j^Ohiz>!APm3;zydJQHV
z(VpHfhjYlP9%(|-Y2q<@?T1rkKm}}uH#UBkG<txn{r2V!d}2bA@WtV5wYm76J9P{&
zfC&#yPuF5oQ(fHwo6-&N^^LM(Vie$ae@IuVz2EmNPmN1gud3#3|DdMQ)W10K0J`1t
z+NGw4D4hx>^cQEv4`c8R_~(B8er*v{!C`3AYo`x#)mx)+%bV2SqXa|!#+^uu^AI+N
zu7M!5;3WFS?grAow0rfc+wJ?M->v6h2Um7I^&KuJ`w<|7Xz9Ujn%i)q5KnLjRcNFq
z3O-VQ(J=R$<>#ik9PB;;%@nVeR^kT9>K#W0FWoV3JX~EByPL=4A{o-K%Qtsxn-75!
zVAkuR^roj@LgK$pd^ra)!CqF(HbPHK;<!;a<uEYt32AZNfC(u@{3$T;#_<^%n(s#<
z21G>)E`Gj59Gf{78viX;67I)P#|pXh!Li|O&#(tQ3p29|LC*)<s@@Q^`^W3-H%~7E
z1A|*%NN9Ng;mmpfG|wN;c2mgz_qkrjUmep{()4fXo_M-gl<K<ZYZc{9jJrgi3A5bv
zZ)SXU1eG2Td&<Ww?MaTfU6f^23L%bM<EQ(OT;0OP492H&TMr;6wxI)k#A9AXHyKJw
z(96!ofjeN;Po@l0DPWMBj-O7gElH(G{}v9MC|2S8q5~|d&Db-IkB?xi)sj3XUElxu
z?0y(Y7jzhU29+oF<;`$=evOU^eJXnGMEp35uuf0!12JDRJP`i^bU(!G9jINFpX}&_
zvb~m;5>t|tbTz-Iey5(p##T{PQFP1wp{p$SoqCCoE56;1l1yvlPF9}AX%HRm1Ab4=
zR&SVs^zo)Tg%So4&Ywgchty91xsn!@xJ898J|$C5%u4`}7^<qO*mYJb4L86~;XAyi
z2w-Uc1^_Zx?~EiKfO~HDmK!U@|KE3@+&+Ig-h4K48=l5~e)F&Rn#_Lo27GyR>o0!Z
z)!S>;e<~g#Zt?ZY!v8UKmQh(gQM*@>MnJl|ySt@RS{ex{>29POk!}I$?oJ8m?(XjH
zGyKna-*rAbAB5%Nx#ynQdtbkO%}mFFI!w=n2@#jlpHD}&HrG~CCX^<Q=xPwWCiU)&
zKbWqX);_|7R7Y%`jD&C$s)a)l+r=&|;wf7A!`RY^S|ge$wC}X}1+AFkP{Y{fgH3qo
zA7jEpMA+DaCVE%fywP{Un=-dHn#K!C&`4~0;VQnY{qX-oX4UxOwN3YB^sV0k7HB%F
zdEAi$nsNvTZ88m|coKa(sIb;gzslnY48FvNY!g@TyD=H8i;Byp{sX+>^vrQBlVlJ1
z*Zmb~fu5k1*Xmn@4<CTq1_9c=`1hMPF@1l)<q)!$=UW5W35<FIeZ9ST0@Tz6w}H4;
zvloM`BbydAc0AN(*ys49X86;0>lL0Pp8Ls=BtwO{D9d-SY*ZLh_lOls)>e7A#ubfr
zb~rIc850C3)S((B#}mERHQGKP16^<$1h@_2ojS87#c300>MU$M^Oj0K+%|CdLCnNl
z{(B#NJ!75!<OB@#BQ=;rMB}ZCu*g33n**psZzP;P9q;E3VdBBpL_{#zdR++0q&&k5
zJ}RfGJL<wA(|)UZrIWDGPA+s*H}Ej}>%|&;r<2P5;`I#aoE#i>=l?zeBA0Wzt2m5?
zVbHkSvYs<B26Q-BjrX}ZYfEAjt3ekRt`~cG+^(A}xZ-Rvta<WhLwOnJ;FEQ6{q0{O
zGbmZo#+36KpVFk~3DfF0|Mo-}&eq$W9#&~n(YKI^+i_awt~ck~76FJu4RSUE_<-wZ
z>UJQZq16%bxK3}ueIUu6M>R7X*+dF<HLq2S<)}K?WC@$ykX~SLHCkb+mK3;F6b$yc
zLPj2=yRHwH9)!P@5AUN`DMTi62i%X|{e!nRBFCe|qTUtt<N3w$49cZ>XT^c)&!7+)
zBi~zh&53(pD`i^LSqi9fDBZ@QmQS5w<1Z#RD*H|&^zN^yL$}A6(5R7rONuB>7B9lp
zY4?ekc^25~amYKO6A_CJKN7j9N}z>TG-ZCDmuEks;N1^YyEcKk+cn)BE=RfHUnqcf
z!&`^#<3lyGi3_atlvr3Kad~3TSih}ej&ge^)L}4MIiIZsXJ-C5I+&^Qd~#DUXNQ17
z`ZmZu!*rZ%A-TKN`BQoPtG}2y3#bcoM^b{i4c5L0zvWKhh>nR9^Ri-yfP#2kzlw?<
zf5pYIgFCV;g4K%Hd%C(}BXK#8+XooiQgI0h^;YJ}K8;_!Ce&Isj$m|c34>pvW!|&`
z&jtZ=1|N^Oyw7>TZWXi;+7<}yDW6Mei$=LU-{axAd2H??%XNq@3zs7Tmp$d1qWxdP
znZhg8CDu0e4`8>}T1AB|H$wV*dxC3^$U0W_{cnFl$W4TzylnP=?ii-odSoD<{s?VE
zirY6ZPY`jjyj60D8*i`~Vc@05fErFWZ7jR*oT3y$xDu&8`a<m0O8^5j|8+^7-A<Hu
z__UbtUBkLTt5#zyJ}!s0w7MBAXyF+`LIO6r8Z;ufqtNz9u3Xxd&Rw@6-zMzGr}sO;
zG{0;|+jeIfTWj#!x$`lZ_m2Fs_W?aXET`E!87BW`E7EuvLWFXZqEnNl?aXQF_#c@7
za&~t*tXCP-b-AQ^Bc83OrJ{oN0B+9i^?JVBQGRU;_C^u5-4ua)G&5uLeE-0|8Ws%`
z-BO+m<8T~WNyLgaV_o?6zKu~hPvxCvICsI-RVWr;@|1q&9k@aYK{KO?Gq&N=<Ki!x
zOz+Jt`_U#i;qdU|h{V`<SwU2|u$X#}XS4L<@Tzq32D$CiU#0`ynY7B-$r)iYS_-2&
zKG+wRwe$HMO}Z?dQ=y;`bxHr0H`Mef8F34k3!FNmGcZ-d#V;K6m(YrwQ;W6#)ZbAe
z1)~-5;|91m`T>l3dbZ&T>T9>_y^ZVHoRijpJnuXB4_B6T?OJ6s7j4D^w=0##mvS;2
zJ?_U}0dKK%@>F*LEDp@L*1JpP5ok_Su!KFK5slh^68rlHWsjM5$rXu}sAZ3t7Zen4
z&UX0W3A+4@k%$~MEpO3_LPt9tY`I}MNq2X-%t@I4uKlaFV__yCI);K7_&S6{-<0fW
zf(fisNN5feoF;&mOhBRak^d)O%_ER8BX6N#-e%EVPnveWx81iq{oA%$)W&7Kuva`q
z4HNw{ft(^w6*HNWdT78Go<T`X-Ggo)V%ZDJw^RR_1dC(nf}Q+GLZ{}!2{^4ePdwDu
zH~v|znd)egkwBMf3UStb7O2I1JhU#~;^k^sp~#gJKTE$pL$%u6BDdN8GBH_Ncp+DY
zy#g(NShrGZ(Gq<7A>-{Ae^Z|30Z-_L#6PqvNO_IgFjI%<2GM^%0LkjF+fsj(8I<T~
zf1$)#SE4h}=Jl{pi&Y?lxU+L{T{U7*@g>o9Lhk5Z`%M(z3m>`3aJl8tyqb>5{9?mk
z%K-xjs+m{k=GU%ZZfBuVa(SH+siLC;C&nrvve0(}%!5M;TWKR%gqWQ{V)wsL<`#<{
zFOp=hjt=@3sL=TQVKt4C!B#?&^<*ogDD<L+om5#w2LXe1!40b&RB}B`&n@@MsylkH
zt%OqO+S0M5tQy9S@tKw3U*PL$_NA5176}e`-%vdsHI*lXt@R}Bl`tpq5Rd%9HvGIO
zjthSbhkZDhAK1>W0>_I|w*$)8SsfZWox2ud+3zJlpE)^ah;XKwH`)8UbLV$oh&d4l
zyxFfs3AR7H^@(EspReclXHLt=w9)iEY0Z-OXKZYva2&Dw|9W6qOX)Hpz}TSod{y>%
zHKl$B2CSSdZ@KSBzzE-8OC){=jghixQ%O+KFmvBk4ktJee5*=w)^m@r2DfM{RYAr{
zi<!zIU=F9A+0<^D|JM*o^r%X_^*nD(#NsYR3=;c`ufQu<r=Gma<nZjEyn^T%5gd5i
zfQ+MwS!CXSESf%Fs@b=)?&ZB5bRC7SmtBR%EVW=*5sXneY#t63X`!nbhhmr=TxtAN
zXME(XWn)?uatyn-@zp)oGG$)sUSIat?IPYt+v5%nZ=RXCx^v!UEHZwB1z&D+!IZfY
zG}1P(^H{4|cGP3D-X2<eZ;0#}JMk+29y8tLG(`qAEwjs|Dd>G1R8LpqL<EYp-9pZ+
z*g~JQJ#j3|lv$76#e8!&4Yf&Po1C%VpJkRO;1-!{u+LYenZ)^EUV~Gk86gc$YB-V;
zb*QfI?m|W;<HdG*uh;w{K-heN81aF_yG#HZd(iXIHu7lhue$f`C(20qan<N53aNt-
zSs%(58a}kv7tHT>YG~OvvgoZyrCI3HRK9&M<YLI#rX!7{$}qumHw(4YlwOf{FKV&A
z-8yigamjGegvX#(4KS>sO;09Pi#1uKRx&5E9LY=rj{MHvPV7&4)rW2rq#n1Srfu^E
z^Phf<s&qAmE=MHU-@P*$#H&B67~rid8vBjOjz346oSVZ<OhOU(>h@V6^qMsmc9jVZ
zj@&+q65QTvI?ie?#)gWM$6|4!;}kr71B7$$NL$jfB)+Ipn^*IFly|wwgVVD6g&g7*
zds#)VwVun5jFxL0P}pftU+f?3Q}Nk}Rx`EUUTj8_rqVN5*^2h`&LjjUVv!ga1cyfC
zSZm@uO-xA1%ZcqQbwa{Rp-y|h@O$5OGv*gmCl!iQQn0-AQA%O6!}%DxU)S^K*u}k;
zBS(_M;C!dI1a5MhRqp3wl1dJh^Y{3J%Cg~=tr*{YS&y9vbVfNp`LI#Gv(pcH+IJRW
zdUR{}H}cZ<ux9jQ_M{M>DHsNvUE$C8^2XYO*6xM8B(D<Tybj>IrqXY3iAPO>51t~y
z#<`O^MrDuDX4Ae_`gIQ5*4^`M*eclTZ*$i6<U-?=z?RA3sC3iC?%Y1;uH_`JzUk76
zjPK47TB>F>3R=&gv<0o_MFx5u;ETCa|3)G6d@Iqa`X`+&2>W8^;u6>Tw;jgbz6e;7
z-5G6<zvzq9tM-e^W-Gq>>15WEHq}{e{lI3eKaS+ZVzqo7Q)G0^pz-`+0}f@oZG>)0
z1tpL5_uZ6B{Pv3f;{}la4ALlN6kg`#AT}L+h-71?Zdu;$t!-!|A+-M1`Ie8Q?ZH%=
zAQ<z#jC6TvH=dBbzI=9d7abMc3P#Ex&J4HEsyqd~c?>jy;l+$c|F5jye%q<lQAcyV
z%8w&(p6JLQ6)oE3sf>;YK@6QDbDFNrPNUZjrYL21!WBanZog?5@0fnhAaT?~hu%V?
z&XXNBAHT8-1zXU*oo!Kp&k7&iz5zxnoMD;u@*PUFv^|O5<Q5t`FrQlH1Sdwc*1Gmu
zKld!7X6Lvh<Hn(f#fru#a^<aD`R-VhK4h7Vx!e4?Fl5(EY<=_mQ1|Ua!YWMtmDDch
z;6;T_Tp@gC8L4|t@30Zb4WPGc<-Pf_wBfABiBMC>hAFD$5@lw|i`U!pO4Z5o?B}>^
z^aVM2;^4PxOEMuK{{tkV3`|Xhil$JI(L{~De^1fY%25I|)S*W%L*CMnU4vG=@;b$O
zw#Ae88)epjDcku~FX09FKxEaDo*STL6=wN@a{TM(KL-wM;@Q!E@9yx1M|PTWvYh(C
zq;G|Q)<q!$BOf9qd1{kW6b2HG%h6dccjXF(?dA2w#(V%gw)cb_y*U?AG)OUfd>#<Q
zJRgVC(F7p9br3)cnI&O%F}UrXRyJ{^8dWVKY)UWNz__%OoBB)Wfy+ZjeM4=p@LCq>
zOy0{(aRO<nIx)hB0fth9r(;E8>2J#uj~3cPbT7&SBNbn|TyaWH?`$N*q$ZNn;{`Jx
zmRvPzZ%%&Tiv+thNZrlVH}56B`$Rl12RBgPKw@b-P*)nISQL=7mKxNUw-VGx<>k$*
z*52_w3hL)u&{I!h4SMxcw6Crr;{1vD)9UGJ(TBoOrrp<M-P|#kMN-$h^Uc_HB$j%x
z?ZvCK>B-6CiGk7c!p2KLk6xoQ@&j&uv;Imw5gUo`WQQN)5~%3w8f&`*nSLg5E_Ds2
zSgnhgQR6<}2u^!G&_g@%77R58&lv$%lx^Naczw2R86_icO7r2N%!2QyPmE$xz`iQ_
za(P)~=h#-*oH_%(*(>D>l{c%_%w_n}Ufp!uSr-$|O1^{(+S3V4SP0hxm_bgVZ2A7J
zM>l^AOLt!8ct^^qh8Yl62EcjvpAYfTKP#5QlPDefwm4UC(%oXqO=2mBOR-T<^jKwu
z^vu!*hw6OfrBN&QHF%ptZQMqfO>69|p|25Yua}^%?_siy{BbAgCUxiQLs@5U5GO2>
z%H9rd79s2rb<#q4EM#+c+w*M&4@dUd-ZIaO)1VvSjaT`d#8-U{d^OK>TXnH`aNsXQ
zQNM_Os^l|K4D5<T4Q>G<=3))W0v=4waZV_vBB7vH0@-2U<@u25&o`Y`3hjEGR(juX
zT#a6y793NFR-ax5XRY#!kRtfoYZ6x3)F)l;S2u(jSZFtIBy*Gw@$j%X91EvYvnu}<
zSZXELnEfqi7kaF-BH!$S4QP5#v`O)Jc2xKM@rbh#5l?ca!;iVH{PTgpP9*-uifU24
zgJwh6O3}^;H#*io@E?U{L-KW-IOrFb_9p8Xa|Ysv?l2P(!&r=WIb4{Qppdq^t4y?c
z>;nf(hHdT+HPZQ9em+4~hl@%;v)bDuL`1j}pvPGbXdf1-zi(5heK|<bqf#!#8@60n
zUo6GH!sTSRJhFEszgyz<N@frH+vFT`{S4_NN|NcCz~FFt*3n#z!w^G4B8?0g9GnV#
zU$Fx=MC&}VS8t-8N1YqXNq?L1-FHM96B6#TASEo+De*zr>Gh48-M6|JYY<~k=b_T=
z#Y_t7>*C-o`PY^2{}h-Y<8M+Aen-|O<pmA>;+x(Y>Mgj9?VqmV)!Ld#BtqZ+!x(aH
zO-CIw{)KU(^ZWaM1G4n)Gb1qct^^S8h3~iHh?L6G)SlJa%y_46-h5RrH^vk$=5r_7
z4EYj|nOYf|Osl2jtAB07AO!O?2vr1!zB^t<*y8CiI!5oIS5%r#z<|%QI-Uu^n9jek
zdVO?jy+o5C_D@#(I~{I3z2QVCIu{T3+Tos*3{n)G0l0iI;5Wbft@9L3r}grnt&Uki
z!D5T8UlXU*>Bvdj#^#<>!dnQ_S-u2}>Amvm%Fd+$cxOh&H(8{l4G!DkMAF0QQ~Sq3
zq7p&oHRfM;R(;a^Af}z1zQj`dY4rU%=Z=bvMav=(*c^Mnj+Izj<7@TKfObAUU7uqO
zn2CrCHF(JIu6!C1q&71PiOHh`FKxVBEDV8_q5Fqw7)FKT5RQ_P(q`{I5AO!Q6`paC
zDs6qIXy}LT1M6_fbS4%S>F|({zS*Xq$t2BR`D^jr<bCA@3Kyj8q#MjX*99<@7r{ty
zcJ~r44w^5)W7Bh?=j51Bc*3jA6^71y;Z)J{q1rfSc5y+andw__6jiZjc*6%xL$E5)
zq<3}<j)w~VD^FS(diVwMSbT2ChYGGH-1`IXRO(#06&2S&LD-MzQ%}{&);c2=7$o#(
zD;;hIuAPGR_R*iYrKRDi%%n4jGLS!V;?O-MqH<4m$F!Sl-oBJ*aW^_M!k%eFuqpkD
zfklKP;i3vAx8MF;rbwE)P?KFz#cJZ`J6r2SKc=V%cl^s9T=mWEwECtO5$|_l4f{sh
zEr~*HR}!^yD_{Cj<Jw#a?i<A@0^5yoa)RZiUcV-1SC<olsLsC^eDGP;`a-G}7KJkf
zpyytbZ)Oq{(Zb&|R}Hzhzpqr_c15@So+T-KA_(yeyl7OXt<docL)~Wm6JShUs)ki&
zWz}?Z88w_`GM}B@+&iE)b+Vjo4?Styv0U#>Tc>eya>(FI+P^x$)Hf#S{-Ed+{EwNF
zGb&0211t7c9LDG3MH#Em@qBzSg8!ZtgNSEb_8r+$jNZ9cNB6&4jUM~XPl8^>@+<E5
z_^8IEI#UP6-uRBQO*lOsWl0txR21|dIz@hKJjnJcqlZc2<74q~9^8yUqg}h3WDB8@
zCl-ZehK!b~riOUFC58^*DEf{-K!yT4Wj>R;lE_@Wx2PclxlQPZk6&=G`|lRuhb|y|
z7uqs@ZuFuH_~+&1+L3c5(sp#*>CQayI^S+IoqTDP5&oAGNTpt&6rX9Op^2lA!ME0t
z#>-dl9M!wFMn*yLD?V9zKS+<7x^st``cH0-V&|YNGH#89a*LBCjY>h5;tfrRsE7;_
z5*Rj{vq@@<p;Rdc4q-RjGCkCCOI+wW>%5#iN<RwO-?=3vJ?7(3c}V!{y&6?4gCFBc
zzeHQbP$-tE7QHK${Zmf@ha63Zm6AL@`PVO-*ZEt`Cy#4nFC1DU7KAj)>f%jwN=B|K
zh1)oS8!r*wa27<%{@c~W<ac$9UXR*o_&@*nM-kGZ60x&gPVYPt4{1w?veylppc7^0
zp;3mpN2xLh2-z;nI<XSDRv;hoi(TD#D3Y^_nR4@D5<T7-v3|Bvt0c1mTswt@e1UUL
z>>~szscVyxfylcKVPU+R8%i)^yZrqR8Gj3dF&|o5Ok^^NR6BteDVl`-IzBn2dT=v>
z7!*&R^t|N!XdUc!Jq4y&%-grA2r$2Mf}kNNWq+$JHO^&x@mXwii?hy?-%=Fye@qN%
z;MU#f8LL*NbO^mm4U_C3hC}`s5S}KOu~ucm>fHr%Of?_a>PjGRKoT7EqspK7U@?mn
z-4~&afUMfUhY0FkUfFZGfS<|Zx%V&%T<vQAb~5QLv+NFEwrqJU9qFbYmHl$RY#r<>
zzqk#jCa=Qo1GEb^Ip6z~0!|~Ea{`brQ*`HOIx_+kVTm~@X7y(0{)J}^{v2G#@c%5J
ziqS`XvYJ6yNuc0D>hXe`ETsCOR;&8(-BlX9b4#a?k$?Gw?b_!aS6WDrAon@VI!_Cf
zD;)m`m&$zX{WqI9jn6yYXehyu%G2GsH^Kg^G##HuiMka0)OrxBaH=%z<c78|w&XLh
z`i>{ov-NWB2h^RRzcdLmeT?Y>UW2}UF|ab2X!$1kLJw<y&6b)t-3&fwOA3&JA<DtR
z!aBVQ{2&VYHQt+&x&o@B3tn~!KRZTU$u1M~`L6hQ9j^4Zafp$~ShQV&8O?I;Q|n+m
zZBB{>1Jsfo^}HVWL&%CiPk8*qEx%Hojk+NH4RaORvcUl^94jOv3G4N9P>={j!eQA(
zfpTWxDU<Gs1~Ng?9<vm3Tbq2}zBxK!ilYFPy;5y7wF6#hV<5c@no0EI-BhnmWJOrz
z@z110SW9v4%+L=G*l|_%aI{iqHq4U9!RAH{u_a$V0*}-lv&SvvL+w?^Qq$w@oQZau
z3-d#_tEjp{RP9pJgvlfojf&!_vy7<x;=#-#i?wcgsqOZ^kEMFe{{{)Y|AfeNyc|Y(
zUj%}{wekJ)&*s0v5;QrEC(G6NEbk3j*?FKvMcI6)ghVTIJZj7z0ki1{Lb^CG$uP!}
zhj@RJc{Jc3pWiysVejLHQJ=)jgb}!C-??STR6;N5=s$Umq*7S2j39Zh6D5k?Ks=Yz
z=>7XUy0C}G?<eHhtKMFnpTQPcZxqD_7)0Fad9EwA3WbBdmT%OB_ZqW&O<4DP<N3sL
z;8UfX5Z<Jh1bdIffT#B8zNb}er8h_;B(1Kb=d+6qlj+OAADV8j>Sn}J@2+85(dZ^}
zoAmn~Sa+KB4Qm@a5_6&GH7Z7H#?St+i*5FldM97?jYRVVJa@M?VoV;EI@=q&!?=%6
z6hyS~U~O$<>2z=`w6x6U=anXg5iNLm=}IbHLvs8R#>ViLYr;w_X3n+8!s_tOc_;$s
zNF`Vt&W-M)a1(Y8wgRhT(Y(?*kzQV&V-}FW=6xJ@w{hD+EV_R5ztalQB61&}F%?7?
z*c|OQMygEioab0-%QWMr7M`!*i7yORG_lSD?4W7o^cN7UQqcv}F5_!-;jc;!e+^&C
zD7LkEq$R)mBU%uip`{vlKDE}Tvvv`TyRWmO++C_MTuH0x^kZY83X!$9?U_ml?E{ax
zI`a&w6XJD=+R5{t9Fl;(s+0@X2;#!GQA@m7nocA?=CKp#eh7bzPw0|lC?HFXdM|Qm
z&)2CpTq_$M?qpOQ4lugrcjc<1PUb5I6;4lg_b^Q7e1eWVUSY(9fjv9pYw*r6ghu=~
zlc@DY-_k-Rpiq^WiA7|k{SD~kUw%Ls<zzz>;A9gmEE=fljdH~z7=Bu)Yp}hm96yX-
zB$1IZJX-IbEY-{C(InV^w%Aj8)@@CV-HdWo<B&^U<+mk4FD|Lk3=94T9onlv^08#x
z{n5oO5`Q48FQ&of(sUX!$_n-Z?}N7fKkcEbz5{F@QHfbOn`?|pp>gQ)oL+gkw+5-D
z#&n8tZxmTI=Bibu4Y%V7AtiP3eu-9+L<@->6qArX{j}fKM*Pf27z+-ms}pL6x`OVz
zLc5g8s~g4VQTT__;P^I+<hKJPm6lw-M$852JQ=wL*1q5l<KY|Qi<kbz&UZ-G)`9o;
z28jdJC+qU0l$2@@5B4-nKk19qY>zr2BUUzga%2|k9i+-{938qEba+$w_`?nnRX*V2
zsvWJ2+->y2E;hs{2O%2IrA2w({kou3uzUU!`bbD$wHd~Ed+_gL30WcZ_oe<yNO;NM
zhx#VHj``%{*49b8NuM9#!IA`^?3OGY9UEKoZhI5~HL86e!rEDjy9TC?0MrCuM+@WS
z#ei2XDR1FiM;3$#QtOY8)yJ?8Gc>wd>O=Y^mz^ZXap#WIg<8^^v7ecol}MIG@3fA1
z7Clg6%bv%YS0Qr7J<F))-!?dDnoc~lPdtdMKm9#4!C?7K<({npO)U6FWGHGS$Ps7f
zurVOI*LejgmQZb}H27zQ{z^6V-#mppc>yEnX1C{5cuEBneDnZN)qeS+p_nb7Cc?R!
zf(kOAe0n;UtDD`?qwBL)RUmwxys?XmN>C*_t$|Y3`<qTQXrBJ@@p>GT&Z(csUN83+
z#Ycym27fe5G?Q<YssmMMatexQ<#cqUWF=RPgx>t%b+$XZG>bUVHw~?mlDcCMU`XZb
zyJ7ui1fxP{W-K-nf@-$Aor``(O7aUo>&?eL)ZFdu$7(}p=ThCRg|m&2u#mobp?C^}
z_>5WDB}y2-+C398JL#)NCg+$_BE1RSiZ=xllD5cc>x`=#y*H}W5(Ni7Ii{!lEeEQ<
zsD#+$zuB4^CEK=s8sqD%IO;r3GKLIpWUOb)$u-hRz*j|sLH7LA5u3^N^Aw7K;3HJO
z;Ng0~Z;!2h2YkN7Qa|XO1EIS>J#XWgo(PRd^_tpTse@@YN83!V7>eEfy)CT|cT!8@
z5%~-GA76z=lWWW<xQU95Otj#W8kkaUh=h?T37AR+v6MF__IyM>sL+Tu7yDDi@%twY
z_D?*{rFtey>)k4ax;m0KRx^=2p!_U=RwXqw<ZE>5&bCn36_-G*c4iE6I$EDrg)DV}
z43-H(ymLAV)~dU8>qjH8^7M!{Ffy0U8_PD^I|4TI>Xi^Qq^=Y3j}iJhZ30D6_@p)i
z7}E^elKoAxNS;z>r#B)nxA0Jd{%T9AP4dP;KPp!7CN1B6f4SPQ)#1lV^DA%b-&^*j
zt+aj;;=stVLxcT^z)KXO;jKqz-Ru^BW*;WYik^dBo!Bgc@;&uJBuDde5!QTnzmbTA
zYPp~`FL||gLHp<|7NvrM$Kzu)$0DCYKU%t&xZU-?XauC`o0G-0=QQ5OIyd$}adEcq
zW4^g1S`*cd79}+}eMT(f<KsWgiSQI8Xu9v8gdBm=e(Q3+`j)dyd(Bb_1&lCOQX-hg
zX7N7`;8csoO*SR(!||jXjL0b8z2gG;V)yRiU+iW%9~_d&MJW1r-3s4v<AL$<i5NA@
z1*JAK<p>Y{`OYj^>_#Mf>6^??t^o5Dd<x>S-$kBb(4{L+`&gjTUtXZR$0~hc<;<9!
zeK$YD`N=c~Xix$_=#A+%K`3!?oVL7RN!^b?U5lRqUkxzSd^y`nz+0}RKhUb%QCQuP
zDmP(AP>vQVVSxD78Ad6x4JC9^z<p3sW=>m=l#>esv0lmcb(oCxj9DX!S|s`nbKT=@
z#jJ0R#xi-wRTXxWF~NRqe`0GYsly+QDscyg_A#CEGy48v)g;#|6)XxtXJmu)0&Q?$
zW4>w~14K_$UQSR@Jlvxsti65f{RR?2U{Dp%nTS>^>Ev>J)XdSWK}h!7<*VP+rsk75
zbQ)KWx8lg7dCSP!+<P;1nz-yYVbq7yx8%Olp@h8m{Pf9uszm0ALay9;{5`LPM7W&n
zxkDM8YT@RrK%MN}xdSeXztyL})BQVpc_=8m_4c<6Y22jFqWyyxc?xqiUm=<}zW?@b
z;0E-=)@mVMe0X>lGc!C`da7t*p*Lt*K%hA!g8UXV_<;$c!LT>jJKHGm^QXk*q_M8<
z0F2{fHe1^cmA@DuQb^GyGy82kKier%kBxOSXmQSeAe0YLg8POdCJG1Jy{o4X-Px7j
zV2{mVfuVPIYoi=p_p~%{>gsH|{1M6%ajS6qSR4gb_6uD-ai7sBR}j)CH>l2(!w1gy
zwl*g;liz>Z$|>=6@u{D<%^mv$zZ1>ITaKM-p|k(xlB6y0UD`2o#NqaVckLo{+P5m@
zQ%bRwiCA2$v(42XrUly_yIP1Xa(a5RnQT!1%Xf`3A(h19WZ7Nq-+Eo4|IL;C3gX4#
zV)>8R1UQtFk4_TP^tywfrUCLTxT%h_gx9I7_z#Y&uynBdQ}UAc%TT1?%iuT;c}$;6
zN}}ZM!*qeS*9%a4vB|Zyvz%rk%IfNPTD5~$E%q`6<2ieab&P2b*W?Tw@gPyzF0N!;
zP|E*Ib=|q=w>B_@ovn@Vv0PwcW63f*nC7anl)2!r3{_F`1oOl7ou|1u&DR75+pR_J
z()ZBzPo0n`>#A7MRPFy}v6SuYWrqft*jcl?9-`<=icL2UWm|e8E{u1m=;<T2Ry_We
ze!yk<vOnL{xX$iGm%~n1E+%>o0i^OKuA7_Npk7=0Zf{f)rw7*vDLMi~#vJ9WixU<U
zzbEUkQGS>TW^(nAXXey_XX*>rxwYC`J62KK^;#0N2ICy>FP<r}S2tpIy=V9$*RtRG
zzoAs+k_V(QsIm$qMeld6j&w8<*WaM}2dQo~PiZB(IB0>Y5-s*gs3D!;Lkg!!*X7=q
zg*mglRy+f%uN}WbQ1@8P(SSrX84-N3*|~SjIVjVqZ?A#Jyge!^Gd*1Q4XWb=N{{KY
zvWl35ScT=0=C$Q=YIe|c^`webP@o+zTP!Fm4J=J0+L#SZr%LgEy@UD6#?F~%d2?KS
zw4COD>oQEh-5CPT;Pdm9>`%S9O#jm*8i~)<UI76;IyLb(Qw%;87@B}S1k(gPT^TD{
zI_F#?#mle<#+zfN)b>@c?+kx*d*-vP2sL?eaCA(%AL4XzI>_BB{5k+KgjO@x-$*?<
zclSp5bXjyQt&$m#Ahkr_lKeV}E%*{`{QRuV=aowC<wZtrG!H2$6}Uv}AM~=U9B?XN
zSz9}qk0h++9~EVdS?qUpDfsNQjX|hNm2A;>s-KzLQWR`Q@;5*uYgAdoTR|OZpVydw
zxewYaC3pEMr;*79W46V)++2|CrUruoMfdOB-%cwDqia`G^g^|qhtW(IB)t59bvD1&
zA8*s{uXB`FT16LI<yIr{UyJcws%~s@YHI3p4thgWR6v0KE-l~&Z4aTt`GTA^Tj|Cg
z<a|UzPL7!inN$xlpq^Z^XwLrB9<LkQ@$xcc{KVJq1|liLX=W1*tkyBVV7R?fK@3Rc
zxAU)`2{l;-jEUR%5DSo3!@gAR$=4FjQVR?;z1?*y5TK5SM+Jt~3XFt=MrLOID~;V-
ztNNu-&=*X6sj~@;A)Z%op9~G<A)(Aweejm*qB3>{*W`E<jZ|~smOMQxEK73_vV$dw
zMbL;yH2-F*(oSb^|E(2#UTxbNsJbTT?QT!zw$V=;ji0Jc+qNn-U*-4w<)~f!vv_Gh
z{r1t)cXgFqshq4W;K0NmdbeDEt3<?U2oke+P^ApsQ48j}sgQ}oZ&}&Dru%IYf>oNg
z;Abx$t-LZMq_w|!as!T`4qr1t5e4>#G8@dZfvEavbvO-A(8i~0kWpwk2APo2nza(#
z_BRp+X1eXwA~#3b7va;fZ0V&x=bhQ7HeQL`F{JL-r%RgT)9adD?W3QqU{inn>g-m|
z<9Zgz6V(Vyp`({uwyJ$hu`aKz`n%VH)raK1vZIh;cX4h^#>2CVi=_`LJof#`vDx+-
zKtORgI3~+0G8fz--XLopRPP~TfTB-CP%w*t{}&-^Re8Hb=X;zwOD!T^6B3eSq1RE%
zd)OUwAmmRb^zel3+cbb^k8v-zsXs;L`kp>Y5~m(Gj4lF=R6KI;KK&tpqk!|oUWkJp
zWqR5ImNx<ZtsTicCEzyRO=$0DhG8If<}wS>N8F1~xAhba>LL-@PRI_Os8E>1A~2&n
zg<Ss$6UT@`^6>CX7OF>e#88ZZDuNz8pC3F4SM~RhPXqC?$(&I!KYqMFp6$4cp^W1p
zX>qv@e^D#jZks9sfL3Y{{^)%$sAVOkq^MQQwi+87LH5ZE34?FF*s*6P^M9Rq2rxhM
ze$uY{wVd3O%jAD4!5Jnz^gKGUe|nPv#`Xuj)@-X6Khp8Hnt*ue957lP(;aV{0zXtZ
z+Wb3f_i{3o@!$&$Ud7eZv(js#5X`kU5|tn%)Vw;>Frv>D6BYRE;?*DGVJE9s>3_><
zoyhAzg=D=l+_*Y#c6#up#2v;;Jt-*6-q%bDOMq}5X((~vtw@vVL3+8#R<EJO_U5xL
zNdqPQ2P-{a843Tj-S69|ET1bVCawNF-pFWl+-9_U^ZTb`REo&T!1XTOiv-}fmbDQ{
zc~QP+Nx#4xM5}aF)+=-{<GDN@@;TcW1N+z-YU}m&jr_F|80sDOItO-55l@z1m-b>y
zriXwe?s~RtgWV+_^SiRQ5O8s~|H30xr2W1PnT{4?1Cr~D3la;+MySuv*vq3P+qR<b
zQ`Ae1F8br_-1STp6b@6^l`SNB>Dl8xH94K_jOWmt#N2yDZd}(`9L|@&Mc(%Nj?3{!
zsz|Ng-Q7?rOLVx+hW=I4Tj$EIb@s)aC)g|L=*(Xp1oi$F#zN1`^#1r!Rnow~U>non
zBT0bY_E5?V5<Gm7*?05)d1bi!gNtbQnX-$c*@|Yb9I}YTc1ah%CCB2QZ?nt@mVEmx
zC$%0v`GD(re+YAk=;OB6HD%Ts_FQ2`wfo+9Ub@|vQ$IYrN5r&>`)C|g%}<%9d|2t+
z%Epe`+oMH997Kd5J=KBA39~|RDs^?a*bs8%5KaI|@U<5K07uPyjcVyr>@Cy6$8yUQ
zwG*uZH%GT9ybzO_QnBZV>$HOzfHy|YAfR1bPSQ1ZJb)TKzx)$jWsiaSCP}sj{NhWU
zQONv^N<e1xM-UiYK41xbNCDf}Eq-h|pWK>Ve@8r-7n_Hc(FyVYmc~0V)(d^XVhmT`
zx%jc#m36`U8QUi@F|iD;9xqx%bj@>$<XlSe?{H+CL=*~;Rz(<e|IDH9I6gi<!M@`Z
zX?qb)(G9)ev6IP}|D0DbdQO^!&qA5_>9`9ThLtzt*KKfAz(vsewX@6C{v4DL|In$z
zF^eu3p6k8roOfY}wiOkJ&pU*X#|wEi?ike%s$QqWOt!PJ)O_{s>I~v4M-0ZbH<s(`
zzV=OEe}W_V<)bSohl<CC=<>+ODJsDs57$=nqB;^1jR;siG7s0g=%<LQ`(k0Y)<ek%
zJy4Emsiy>j>6KH3=-OXNNbZ6G`hr6*)oEIvuc5VQy$kdiN~szSYW9E|$Q^Mkg!&&Z
zKxgZeuT~sMZ}#FkH;7I1tM}Nmbx`R7qk~tP4!%&`)=tFmW@eo?JKWwKN%Sc{>`;}J
zwRs%$Z!h;^tIIzF=t52`kPgf5e$GWALVHuR@(1>*Cme)_Ftua#&ng8PF>g0|nDrOA
zNC*Ws{o4e4pPpcwJT&%@y_F2Ih%_IcqIY+x<Sb^;2#XV6v>Rh{UY^5T-#+5c0jIP#
zo%X*4hxpz&OUpe0R~GieqZ-|);9w4*DkL+FZi_V#&Mr2J#<CkeW(lGB>-o91WL8ij
z+`Xfj9DI<|afdrnqI5Rq)9n^7XYza|JGr@?guM=;4+H3y;;7vse7jT~%k}y8NywF`
zS&cvHcXswCe0O(%Mb>x!2;1t)GIKCz{s|Ckh5z}jwDb~}H@-14a*mPVTWpzjlCFTj
z<@wp#-9%pM>CKL)&>QtnBC*MDHtTLBM`9jsUb8QOPLugjx(OoT_J6n^Q$sCZs7@*-
zUvIFx0MH>&qbQk1@9!~N58<Rsh%sBwGG!484mVP5{wBhi|A4_Fdj9J({n(GbHkc|D
z%qW;%S((m3_HzBt$7Qr6rySte>cS)o09n`KhImZ3-2x(<r9ikZ7xWMM*0fmpU4!TP
zSnh?{aP&zOs-L|Z3750-WyO20{yR2k5Dp}`1A(!1e02acHU5Q?>n*lw7qw0;oenfo
z?!jtDSF1-~pC9xcXb+Yg2^se+cKT+vwrZjh*1gh(0%h0O;{$eP*6e|LTegEm>@<V%
zNJ^3{M8GAeFJl?hBlT`hcKY`w9@#8$LTr;#qm`8X<I}TWV9oaNgW!KSGzb^Md(p0y
zK_X+n<)<`}o5twFN3w#;jB(AB6|*__%{>wx5n^>jr#N0g)+}bgM}MCJcX@ebwpfTx
z`t+Eutqj5IlR*U%k;C3f27tv??i=D9PiN2-{ew()eOF<a4PIv?ZS-G+Hoy)&`lTiI
zcnw7~S8RMaPzOMg2p~j+?{a%^wTMS{&32KkoZKAtp<;kDi6dkZHhV7-5KKA0W0iW|
z|2FxI;2j?lY~%-)QYgYTy=M9GB(+ni?$EaJfaFlBDBcUs^ay690Mro1HwZhwA0KZ$
z(#{g4)@rTjP(+PhDD;TQrG@`audYJHg=N}Lq^R4hA-{)iXPvTV2H}B*-C}&8H^_<K
z&9tCh0RrOFC$~r};oeqH?rM8V;@&9xy+LdgmbTN+z96=-A05_von?(<WKB-03`0TM
za!|nl{6Xvr`m#Y7^rMP@BWt;cWMnpW8tmutOnVqJ#-^rn3^N1}Qki}z<;d(jJgu)Z
zuQlyWaHlYwNCR+?qs};wi0vEF;MzJvM56TNbxlS8b?<^{mI&AHyWC6Vc40aYG*CGC
zi<I47TYxNNy2NzC`D7P{EM32G)2w%(yk$GR$^_aFu);qPtv(M3!@$wW|H%=V<<9Kh
z7cW0;fCDPY=4dv0Z6Z%u#KW{t9f;)J@isx7`x{Dj_PFwaga(^)vK@tVvcqw5CDtK&
zl_DM7gzKX-0ydbcU*xXOm(&30kk~vpk)Uniwooz?|L|L=vj_jC>yPcIQKsZ;ZYfYz
zfaoX+NJNE3dX11J%gQ9tFo6ilc}kh)&nKpNIe*F>miZ7LZ!#Vq#7Lq?|NZroH|)_@
zZ1wo>sb~Lt>h7B$LdozbljG6M#Wq*g17F+@rYhFzeTw(k@ui6mDcD%>tQ6@G0mX39
zsmi6v$P5Jt_|%hTWWkYc^r0qUs+Xj~4yj0JP68^wN#hI_%85UDdYa8PH^jrCNkswB
zSDH-<dXm^|wj{6gIWm}toI45h$7$3`Ld9}D0$<t7|3x%?AmPC-R`>z8!o_~Wx#&GW
z_usYZA}tT56&u7qEVi`R-kfJ?=Sbf@k(=X#QbC*7k;L>ww`8&GYZylO<wdsB)4gWH
zieB4er(oNQyxn=P)5LrP&Y0u55sjvnMGn-*=&aYCNGO{)1%*eOG5n47%JzX`cJNTD
zCS6QNg{6%fqf11f)kX&ul2m0*@wwV*p6n2m&2C0<Z_&JOc8Y$Eg+cC9<9SM5h|N~w
zr~$ey{lb=Ue_Xb5o7W{SJ6xJbYUmTS0T3r8jgD1%x9Lc8SlPgnGn~QK*KxGK?YR3H
zYGG=Suh}`uF$}ZH>dauDhiCoxNbVpKpP5!e302QmTrxOn=lN)XtgBbKfBe_4`1n{F
z9h?x+Uq=ln`1s!#HAH~coNaWX4{|=CAm@&%`U;nCW)T*ZK^UP`Gk#lxzSibQ3l{&+
zOye?<p=5`Ps~o3nam@l@(LYqg&j%DrborV^7_^aiYqRP6#gFGQ%PpQMw!-IHvyCb)
zZ;pBK7aw4)7ukj9Xng6*gUt))gtvH3H%pmj^;Tf<=6#HrEhU2MDGr^qxzmq?8i2Z!
z)2iz+=|P||&lD3CZQ7O0`G4gxc-gPH0hEQ>0`6)#TZci#p)0NTp*;)?_3o}?olE>O
z2KBW`^JRMRKEn3!@HlLiuT^5X^>jEeRTMOf12X!E!C(YL`{C^Y<MrbcC*T$r+FA|L
zaacUYa8^2v`Q*Xp{Q)tQ8f=D8BNN>DadgUorKptSqf0up?7_ikVr0zB%op&DFwvdD
z;84ehpn!lWHV$^<qXK0}9r^TI`!SMh%f<Xh!W$Y6CWpvx?+%reiB=hj3!bX3KJ&)R
zymXV6>;FEjNEi4HH}b%5-%o_wp?eEaHT|iea=r}0U#MlBW8&<`3}e7`q5U&*NjnD*
zJ_v1vHRfZ^lT={7)~M)@k$~x*qF!bPv>0G17n>arK%Pp;NfB@TEpt8rs)CrE9X$qx
zoXXNT0N5ttjRy=AbHg7E2atM8ibtmga%9p2Ln6b`w#A$dR{<3@Pc!^(K!Q-_?!GbF
z?D~VOpiHwmc!*XF<c0BZl!qJNKhZI$=v7jeUMY$H)|Q$YT<+P_ef{jehkVy9M0+KH
zGB3}XcNZVpTw_4Z+{d(I_=<)VvrXq}Xq9YlP<(z5rOZ8FjJ)aU>he%+-wH+}0m+&q
zj|&zV8PB8@pEa<^WQ0a<b5tCLrC6Ktgj3c7qQFc)*-Y{a8c}!3B-+>IUF|piknrzh
zAjt=Z%qDW+0qg3REXJx$-TDaX)@SdRt$*qKpuZ9V2p&#LD+m(iC7P3kS_$)4`-(-n
z{GhFcc3awcWHGaOLBgD*B^9Tyn2P}3`0DmnT=sN%^En`kP>qe>mdw<AfvE}L_DgJT
zlm~FZI?oQs-2Q?7Hh`TJ?F^r7{xAUO79O7G=1As5F}vEJ;DLoFxr|a_yT8Hy+_2Hj
z%>@C+f5GQ%Ms-c)>w{(?yt+E5t=?@y0JfXN=|H7GD4^0TBmtNH1ZW@A2(*Q`q7Rxv
zx&X2h54e}O9xF~J2S5c}c7xf;f=SeejyRN?d-f_%kJpr?c2Yzdr!+Os<409sW}!ut
zMFwL3MQ;>py**{#JBTR^eO2@6u2*}JwROMRpx;_x@*|%KqWiNV(?r|{j_d170(LkP
zg%P}?<z}Eu%ViRRqrx`8rs_XAxdscr-%dLonCA=uloBH5<%Nd?^Yf$_G%!;e9kZWK
z*J8`d|J~q(l7PZQF|b~OO6jnIN;xpc{l<=-E0Hi)mUwL_B^-WSspEx_s}{md)@PVB
zEDs_^a@jQnCc*dpnynz+!j>93&8Ttv8#g3E2E^E+4$zY^)$w=({yd7;1;rYtH43nK
z5C#8A=HLLTW~^S7cAwq+Puw&?fr>N$lF5yYzmPF|0q=qVksX*%XzW=D7F!19yTdf<
zj9{H2BVC#abw?N%wqNP-esejkdZOUhcj!f`hUW=->!X!9nmZbr8f%lamZir@m;n9X
zK7pf`TWk%X;J>-6t2g&V=E!dKYnDlg{^25e4x>8n`&?(HJe|(hmoE6Sc|tBz358A3
z`s2e2oPp7*$?E2ZWS1(n(&STG8j_P46l$zv9duA*5uze|P|?>nm9*#N^vG4nOTD$p
z;yANjw%I;i^JVxXuL(Bdl<B-`P|z-T_lcDBYdRo5IJ~^d4dM|VWgWAVvDf_W<E<tN
z>HMxF8JMm%>aMwwvJ@NhcNf~c-s#2{I}?8#EkMdPJKhd#g+i^<6PMW8d+h!A(SzBI
zZKYVZ#7Qf@cCOMK{UDyMZ`53EX*vDX95Xds`i2(uBlUeS{TC9uPz(5Y7Oy1k7*J!=
zdKY~ecpEt6#}jekRTXPA+olG?qFwUD*=zu>#t{5!5h5mglP;*(ph6P;xkVoTJ_6g%
zB2QkErrhNWpsqE@(?H(3FRJ-Mq$Vafb>;zvVHk<#%tYtYQ$?N4V10rrxL}&QCpWj+
zd<HQA5g+Jxjr93}^u@N3fAVRQ>2DPSqAQr;XUckOGojuYvUiPnK70Y2H*NQ{8;T26
zG8Z=cW@}6ped5shyD;cJ8UuPRI-Cd2kwig7O%nW$byKRR-kNWWiNywAY&T=~^GE$`
z@u&THpu+Z}livYr;B^Bq@bLa;%mLyS;p(b;mJR8Sh2-D(`0jkZVjv!*91(#2)uOP{
zv2;=ZT!YyW92rh_y(JSzFUJiG5#6=I5J0W{cI=J(qG?9SNCg%ja6@s|d-4Jwl9CoO
zpjn^Wq)@@*i=kp-7H$&}ov7#&33^>)ml>*z@NfCMMc`I(VP23WQ?QZw2Y7jj^1G1<
zs%5EAHv>bDZIct^I+xnyYnzAVHAe0zqY)9hIGhlGRs(W2UC9>(LY_#U^q7u%f2XjC
z_rNkCr{X_q;3$B+u2-Z@18P*zAq-FC_>cnip;~!`vU7bz&}3zM$hB2oN=D}On+K%e
zen@8jq@X7_kPI|Ec)U#wBeIcnK4Kmk>D$LXRA5PTJzo_rT|Sj@aL8Y&XSU>V&Q)!4
zO0+QJ;wEN@%zn5*tv7^LA4waCuBTCMZRX4C0@ztr+UOD6`DGYi9_qc#`l>L%+2)N7
z05H#at-T9`+$6f9BJq8VlJbq1iudB;4wq+{sw3$EJ+%!~z^L^<Z<9_)z-E3WW2N=h
z*SSB{WRULn4Vx)1@*go%e`z!#4XMx|842RsH+;=;N9T5NG;91eL`y**K1q0>CNsXq
zGhzY)nwZY2Y}XWyThABI^q9ZOzhWBDar!~mSY#xP^s+Mmfu4JxC{EgJHVYCwT2J4E
zvPJEH0-@mc=y2LAwEKIS+HkxlnS+ImJ0O_QXN0p7r_{w+q(0HrO}=sxlRi_Xdo~nH
zt<B{q%`p3?v9Wq@0W%7ib5WexFTz1F82jqD;?8<=_phfrY_7_S->hHLhDP)6Pwvrw
zI!ysv7>YhH|BP%-Lcx2xdQaA-46eie7aUJO02r)dt_QQ+cSfVbmm58=WPV=to&Ej2
z3U)3oz4<jG7VM98R<G<Hj6ErsJ-hk&cvI6|-H<c#X{LK?nKgA!pk+yHvm+0nNH481
zZ*zbTV?0AQFl&@7(!M%(Q`y5vo16!{dq7A}cH9^3jV5JgR2HXo^niO^OxPf<N0Y++
z4F6}u(h9a?4-`J@O*#i=+GlDKJB!{;LQ2ZA`M-yQ*kUA6WdQf&PFB|#x7XWp)mh}_
zyb~L*+Rn?k-MLw@_efU_fcwtp#zsh^BzrrQ@(R5TA8vL`^Ezg`-j5tFoe^+-rnS-}
z8l2T`a|ls}MzY%<B_`OiF(GTaySX%zjvEfb%att#bx4WD^v_?zkYmGruqU<~RO&5m
ztt&6ep8)jje{~w;Df&=tUkxM-Vzc=Fd$>Vo{JHC+MYzieA#G-I%hu}=`i_hpvNR1t
zv)D=p*+~%GpZisK;dlv~&z2-`PxG^Ab(AcH;nvMcmGM*|UPhC{K>Ryfl}1dAp0TF~
z?pkl}NP=U0&Dt*aRUu#@$|Q~3HVnXawYgycnU>r2ln4y>*sPG3RlasMl*QxI#T5bQ
zL+W?mteBXd6d4(Qit39gARe~c!u>B{g1NB?hMAp{L0f<9k5pHi8q1&Wrtfrmf81b=
z&UpD&N(+#`J>N`6Msrz%A<HMAngQ!sxau21hCmvqW6TPKK00zYS_9YlHFgLrta*lV
zlb5I0eEmnicQ~d{!r||a7JA28+`;Pop}F%Khj+Z5c4wRFrlDp8PeG0H+O^|h`Wcp|
z5c4SSXpuz$fXrGEI_)_<{N`omr$;UeHK-<of%C0B9y65d60My9eldanU7L|qLX#Wd
z(ACo!B*CA*Qj1-F7`tLIp=!ICQvCajist<G7Zx<8AHa3HPPGFA>IEX8)4j)I`uTZ=
z;uq!dO2gk~+YP(wqSeV-dVBA?oOVlPV-{>Mj&schkem!UN(XrSo}QY{hru_$g=c3M
zcI*Q*q=KU;FBiG3beejOKwlv!aNBg6oHCY)b0>w};(Y6%+3|{IMK-N}BN*n6*^rgB
zxhEo9V`n%k+CTnva{L!TCD4etH|l_Qb@q6vUklTG9{z&ZX{bgkkt8(xO?2PturZhO
zo6>Y&v?*)L2w7R1^UGI(5X+#|)po5A?qAQ<n!)TB1C3PZ`D*L=MyKg7MvP6>ih?(|
zjZO<Q+z~Dfy4G0Co;*O3UQ|>bhPa;jYGr1Muy~kK)rouxiB#d2$qCiG+8?V>AY9~e
zp05AeKG7Sc!Q={zZHxm^d)Qc`R=b}yZ}$AW2;O0d*@1EX-w@Kr-DkbR0!Y?z{&|n}
z^jj!z&|o$zDWyZBe0#p1#3bu=Ow{aFXjcH*CYp{1EH<6*!8`>MCHhf_BBsK%8*Un$
z!l`LqsJRncU2W8JvtqHdtcrfq**ObFUHIX;;K`BA+1~JWvOuLwnKGkDIRiAT8a$71
z6r%`HFV-Q;(gi8EyWtIVn~B)TA@K{)3Q8H2@bL$w<Fee2<^f<x*>~LkT&hGKF@yTD
z{b5BerDyIp(VYx&h>G+<I=>m{EKq357GnN~PyZ({_VGvGoV;35bp_mWU4E!w@*w!>
zDtD1xF8=(5keTO?QM7<rg-^w(+Q@d~cB$X)4~rFQ&1Wz6n8Ha$LH0BGmx#G};VCV7
zK=sW_T%S=ajWW~#i*Yp%pXW`_2QT1s9sP-1GYvwV8v@~Q@ZQAO6g}S@Kk#=~tT&x-
zm2RJcE)#U!a2oddfy`Zh+(koU)+bGAIKh#$u$SqQKdqP!Ky!%`5IEqlLcxy-GztB0
zItG);b?3W2(ZIJ6HG)6iG*R5{;0#1lgagG?efU~w>%Zvmkqo-#3#lt00g8mRwj&{j
zi%XCG#lz+5ksD~Htv0X_vg28QsnB!-q*zR&@*8wEz*6;5y*uyR*&0x8l|~0xhfVhc
zcqG0w*bp<uhCIu@wwgu~=rTp73USKF8Q*_j=&8KB0INgYqNTKy0srChYy0h4KyFL%
z@7q@coknZwro)9x4L<%Jk1Gqh#S~3@zo-Dw|72M(!`OPa^}N3J?oajmAq=Qv&Q~Va
z&d3XkN%@d9{|E~r=6aL9IOOEoZ9cWj{T(aq;bum}wi_NOtz~c=WvvxH(#aA)o|2$G
zFt?Ng2pw!?DYv)z{VVVs0|gaj7C=$0nNn3NxM)PsjdhE_lbR9stB#j0MT|xwJYT9d
z1Kw1{BYTAK@Ld5Tn5W)|3C;YkU)S2FOCDSGg#-Ps&jHKxJU24uw9@v83o#P^|H8c~
z2KX8`s1!D9x3*hh`?bg@Qx@A*3vypEiCC}~TZw`rE%N;1Y0+PO--SB7;<6c~ai^8*
zlEBkhB_6&CwtH!|)wvcZ&9-8`QltU^TGGGU69xobJk017@vmBbHxC67=n{(q;X*0L
z&QnhgIM(}nR=f;1Dvi(8NF4J&*U+$f-)0I`DpU{Mp;F#{?LkPFkQj(cN??$ik&3ag
zah6c}q75zf8teZzr9Q4*6{!z`qY!%gzl)Nim@YxwkD$?cT=;d;2<eIo{}cZDn@`-4
zHX<?-vF2dL<aD!-&1_0q1`<O7q<!$kiA3YLrb&RK3#Yc0i_Kad805jA+ZkuNZ=ZgR
z_kOU1I#5-`!oePE@b-3#z*01wPkMFs9!8Ufghi-6-~m&|vtbXD&AR9x&D7p844|{l
zuVSee+n&Y@7Dl`L<+H`tCQER~Mc5Yp4^v+mRn;1GeF$j@0qK@fQjqTM?(XiEmX?%~
zZV;pqkZx%yk?uyiJHF@K?|sL3e_ih#-Z9SJ`+3%yYtFgWqDsI51uGpi$GV8YBy=n`
zyM%^r^uG(JW?_M?ni#j|!?)u4+`@wVWfS;P;4@JJTT;MvZK(T^?^k7TLB@&h=jX?W
ztKHh<vw>jR+KSSQRs^C?AwZst{CrMUbFYGl@sR=M=4uWQ%y_ziHp!H@#{%Z((C0G$
zxI{UL9$s`fkAmXCaaRdSCKa69%v6m*P0ByQbQV$4@y4=G>#LXn3Q8oK1f~bSRiQ;h
zw9Zbg9zj}h_Wv6{C(sc&9W9owSKb|KGn>D7d`7hQ4i*zN)(#a8<ZGs`)6z#7^2pUw
zG|Z7uP`LS>DhwJu4*y;w*PK^%+_?Ks+)OwEhp?%oCA5d5Tt0)iUM`E*BU(P-p(}aS
zsD65XZ*P5jD-^go0H&TSZPBzqKU^I21QVTa_y7SdF`D{mrt_2dPhd@8jX!>T;KIT@
znNZQB?D`J%6%mD{6`8|m(&aP#UwF{+!0JdU`O{JJh+S<&0Wc!Rnb#S(Ns!M0FY(Y(
zjX%X>y-ksM^Xjd7l|mI3)$VwU=hMs;a&5ryYtWcgmODJa3UwrqkXZj)6E5>Oq|>d*
z*V)nU@QM%k%De;4gAKROr)t!VKkfXLSv<;B&ZZTDzkyi|e|=4OvnRZXrvoU_In4U$
z%;;vf;yOBnfcopq?sy($K{Q=y{s4LllqKrOm|XtP;l?~n%*_1#u-4O*%v8^b8pCgN
zf~Ula!3#5w1HF@ISUTmESz&*1l85DGk~#qz1qE?``4=>JJWr-<p5AB*QFiYUU^!y<
z@aO|k5zyRp#tyNuYD2ZOiV@xyyBk&E7{EmFcI-M)>J7Wqbo5o5_uAsm3LSeLtOm#0
ze{q6H^R={+!OLGYH0q9Ku>c&d<2iVoJeUJ8dPOhC5m3l0mD<75pI;G{zYVzY+>)7o
zesB%@Squ7ZChgD6O6TWrLHkV;H3v_6y`iu0P4YV^tNR{`eE^WB=gJoF9Y~>)IH7zi
za|-*Nsg4Axt@u-#_^4y<OPDiC6-*LP8ecUH6#-koEQj5|m%&75t2vcg_Xx8n2F93A
z_VXtPgNc0llE8}(1IB1o`dkx_D1cmsd3lnjmjspShvsU<3W?s2B7d{60F5_kp!ip5
z@qe_N5%haV1y(Jn8g8=_;hSsM8(HV(*$?!7P~x32;waH1vi1!}`4}62Y*skDyVP!U
z(9iopqM$gw+y*6nK;O)8oVI$U9H*h-0azIVGQnAQ+EUBh-K3(6@b}{4YbG8ZZ)2Dg
zYL$rpLDV>WJHbI(Jgzj-$jFg+_$i>?%-cX3AMO(J@CTQ^!D%Z5^EEzc`k~Ore?QFs
z%@$)kO2kQM64Nm&0dq)Ksd$u&U;Fno0ztc3A$eWhn5hc@KBI~ioS!zOfeSay)ET1G
z(-#K)ibq>eC-B>uZ-D)AS%-hpZE(38r$|_78$NyfEt{OL5R3q@py^~T4Di_0wmEvd
z`PEx9J{G6?>C?yNQAC}3+x|?$fT@9cc5y2yB-F<Ta9*VRf7gL>x<9U1`u?iPMHrjj
z%RoZ>^g8IpqJrhIe!b0<BqBQTtX8}4ZRYa}Z2F(jqYR=33Wl!#bC&%(jW6HI<$sl;
zpryZL<Sp|QmPh@9Xx#14UqmjYLiu&M0Q7@xXjI^Hn}+ql?*3i-x6yyF+!%kRUOL{c
zS!H6an2rbd*tFSNT41vso4N%Opv428p;cpP^#50;nR2*A^WPg+LiG9hfeqYxrIt1(
zGxLXEt{*nhaQspWceVSw22s&-HBaEAuc>J$2KF4NwH}bI7RS%F2Bk@@{EYlHRR&n3
zulv^ceSiZshl<F+J@tnX41fX?yB}P8fH9~2>T=}7uh`K_3h_Vd$LH)DlYA-4#6hkm
zKVBf!Ydciumz8Bex2N#CZvSr5>D>B^BLXEI0Llr4CVPzb_7Gz3d|&0PJ{CLDzb;CC
ztnx@-ZnU@pkb)l9{`n=#Qolk5Y-8c|Ks<1#@mpRGQh}gsy3p*N$>S!)wE9-FYP8yV
z5*XRCG;HY)z~iSl>$jY7(9`$t#HM|SBJBy=5>=1<2zX_{=bfxHCj&mu1|tzptx`D{
zc-8<pTl5t(rqLZ0H2gsg@~L>tXDUBMfLk0~6Yx$z9r8QMa?GXvJ^@>9WMt0w?9Ckl
z!mT%%d8_|rWR;&E;Hv8$#uVNrug_PJWd|byW?F~b{qtrPo?>>j@ssaSTh1k<M7wtT
z5v;I!vNtx)^F~tIOcekBxle`bGcZav0pIEFk$x}gn^#U}VV`n@(_|uNHZ=kZi;&^K
zyy{g6C*aEb@7n(TY&=OY#ftO4UVv}P-HUwp`?e9Djw>!^W28T;46EMXcYPCv114p_
zex*&@ygPs=;~#oJ#&%&40fsX3qaWtCYRNXh>qKd^zybTyegm8@n;cC5vG1Zu<y(%H
zro1P!)6->~lrW*vKRU{vffHZhvkvj7lihjsvTHg2>sT_u`)J_F`ttQF0upSwb$_fI
zF?T|OhK5dsq?ju-@m{S296VfV0vS1g=;Goc!SZ)%&E(jaVjCuDydvNyA_lNtNUd!v
zSkbM-5cOxI;`gFnpyi%R?Xto|zi(RJR14$_U@-H@#0Z%wU4iUN75#O0GJ=xTj(@~P
zswCK;diT%E{kaxv>>6gnQa^*q=?Vf+BYm*5JF5X`8{E~LI6^3(pJVoq0}!^uZYk0o
zh6e|jvBCA|`2_kq*N&@xMgZqoJ~&-&dy|Nujpy<x`D@>$YzmjpCX!_=F~!67NNbV-
zdENd*@V^zm;`;lFyC<KYmHM(WL;ZMo9*nx{{Qi7fk<wc0#Y44-7&o?0zNCe=MP;hR
zqix`OJ8-bEVSDn6{rKO{&Cb>84!j+Y8Xt$lK3ebYBa%J}?fA8P=7HVRf2GIGRHqec
zxdLbS&G#eE^}ggvJk`X+)X0`*q7P7zPkVl+H95os_r>b;fBJ+nuVOxzE2u~;(22el
zJm;uaRNUJ4$HLm~ODlp0hkDVWAlXOb7jOfRiiWTATVeKb+rfC>-PGtsgHCOl72Ohc
zC|hx=oBAvv#>;7E1el6*4pwFVa+NF|x9iIyi(rIX|A6=hDqxh&1<?Hb{@CT6t)Jhc
zXHLM=?Ui&Q&C=V|GqFg_{~>nrdrM!SA}#(9|H$mS#ly0R>SR@*6S&wx0g#XYf+IGr
z;XXgOK<u`YVexDhn;DNK%@>}|6g=<WkIhT~q-EO)fwnjmBpt2~fDrS<>1Gvs@G+yg
z`RsN~(A3N>GcNhN;_oOtJFTD5ZO;#hYa=ahK|0^%@nZ3li0M`uA&I{L<{Ou_P3ci$
zZV@LXrOL&Yx~?6;XE`8Po*&);KH%2+>Hw`J{xz6(>i*{qVPo_5f}ePusG1j7fd4IZ
zoTJ}g0uK+52GCpd{DFf*;a%q+u}Jd&eLl&v7EcEJ50TYwU&FPnc2NN7%S%j_+KO|e
z_sR9?M9%%s51{Vo9L`^md_du3W*)(*g!%RozZ0Oj82vFox-U~n{xO}c*5eO(jhA1L
zf3xz10*I@MhpwOv?1#~oj7-W%vD2^~=Isf^ehS0d$<dMxMtKUoVK!^6#oC{CzwD#O
zi&N8XCPSKoGjj*M=3hW^dJlhq3lCIHi>{&M+k{>J^F8(UES_XQ)t{O6Sy;Fc@P6IS
z;<a>sctx)RWDpmt9)zn39cs=i78Vw-`zcLBdy)?}NeOFWSXfj4ldB?`CKR(-9B-Vm
z%kH;zC<i%e3xN9_+HHDy$(Tf80qS;3ld)`WLJ<u_FaiLd%NQ1<hC$B#<;GbpsNVtn
z27?Z7@!!KK&`3F}S>=_H6!Q5yJq?JfNpzn8R7(9y_euM^idv;X7SJD+f#PI1Sz*}!
z>jdB`;7?S#&jdm{^p(VH2U!IH{89e2h8Pq_s(zmd?Dul1Y+!rp1kjN}!b72b)efzA
zG;vgvE}NUlx^9;jyZkP1L}}#zG-85`9RVUW)Wqa3H`W>WQ#5RKzJdA9rf@O}$02*M
zspszFd4$ZhNcZxx00TL>QCVJIUgJJRg6)4IA{YP<=dj$W4aybq6j@q@>e;cl!kZht
zEaqgH?=y|8J>L|7VW1$aY?2S8%o?{Nz1YK*s#9Cd5}o8V)#CL(dBGCPg#EpJ>mBw)
zfWxN*T{O#rS-LVQjIz+S@99!;Xxlfi_g?b2v)_f?gINF!_j~W^!zW{+W6~ba$JpP6
z9CAor9jt|?u}v+11~%-188GSzpHtyb_%ag{k7zgsSTg{pSUVsECD%!Dd%>T;+fSx-
z1{qk^ornnVLVdNmoWB_v*tMEge_w+V8Ki}`RjT;~!Lno7bwoTkiF^pGkvM$c>FMFi
z4db5Y>j#!wQV0kMX&ChyPgW>I!%D7<@vxMkw)laXh6b{y)vn-3$S4W#d*5jWIh3^w
z$M}P}b{A@0|9knv@I}y9^#>}##o&KZz>*^u0JNg5|3f@22C3D<Jg7kXE$`fjb%6K(
zg90hvz@H{pVE3u$8v0>kV<FK7I*(=wk-<!eZys&l(0-(U=@aqs4C&m7Q8w*K<MA>C
zY__k#$cfQOzw=<=#boh3m?a*u0z60O>|8Bq(BL3@H!KCNs+gqsDc{@3UGQR7o;kU>
z3HbT>fiY>q@7eHn=k5+aBUK5sg@e}nMCMQa*7WoYX>5qk_6wU8T%c)0($kX%C{X61
zDA3-RtB-EyH2XWFTiVSz#W92*P%f{pS1NTOVN{g8*wB|U*X(Zlf{ZL@?R}aYtdX&K
zZ|d#2^_Or&=J+5{z?FI3xdp+29Vzl3Sl;J@QdPj;zqk9vTi_Z6f(Nw5XvBN{_3#e7
zx9t+YviMpy@E5p$W-S5Z#Bj$gjpU9M3aI$(2-$P}H~QEercihh!|kxUa48Z8XK!Z=
z0hcXhU$y`oZ_!T&Y`}2(`}FZF5md6QmcQ{G^hdP0Tmh(rLO6|_UD2x?*_0pFw=M}Q
z#d>gmUEB)y3#HXc^;>{)H-SSxI7qBj8wRM@q~{D{Gqa>duhVsTzxyjcH7JB*1J@$q
z)4+g~pQ7TJa2zmAKfeQ+m^1jB{BQ~feEb8g08^~C-~FrPBm1u)7^aoIt4(3(s{Yc5
zXPpqS(10x9owS-u4(x?*fZ7Av3(D>7o!vaXg|_el^%$rgk+>k&zHepW2j2jcTF@CL
zI!s0wN6Y5r4W6Gc$OCfK{`~>0V$a|tHekVA>~iku_%eaiMd1BZTL6?ZsLoNDknrU<
z?5e#=0v|CmZEDKfUOcb_N&1C0>CLgAzixHlFE{(FEt|i&_nU)%CtQx=q@J9g=RZ7U
za>niaGZ<pGoj!={097e0gKQx_w0}EPE`y_DaK0W)hAt}l2T7{XOLInjZM3nfG+y+1
zGeHwLe{`CY3V{0I<6Q)tZe%=3%Fp+PFq)c901+Vpa9JOPS7yIo25w}r|06z^KObnJ
zNUqd9>jlfx>ZDbRY;b@>4618_2^%AN`mE|~O#<L}0H?&s^>IgHQpx<!TR0&9LtFTO
zM-%t0Xz&NYrvbs?l$~8-(BZW!GH>!tS|pZir+-Xf12`SeOt*_<H$aDLEGg;j`Zwx)
zKT!CXu0-Mz-|mpzR)&B6EZyzc@p#qH(BQf3H!3cc1f}qbLPA5+JpTPLS8{W6v&IZV
zYe6HGJ4VJnE9%e^;}r`Dt?{3rtjyu16|?}3<PdJxlY{9B$h&u1fJzzu>ArtsdF%3O
zef=*Fw4pwmN@9GtU(y)8Z*#c~xcu_J$xd+rmI*}gy8XGtuSZ8VBQemn%?|(DP`?b$
zGJadN?!`=D;E4gz14Wd%2}siC$^}U1C_|@B_AQ?MU}j|G(pWdh2fl3PD4_8!o{Wv1
zHE*LtnalGql0A-1oH8`rN3-%|ruAcMbR?`0W&A*9Ru=Qoa+{AMObX2zGI+>%I|5b{
zu`)25xBiKRNM&w59eKr9^aD{w5R?2H3{aGGhmi%md9QD)(KM8t*5<{^k>jM}3`W=3
z-CSw{V^71pum|{h1mGiP-CYi!7%h#>arY2y<_7}i57@jXfvygXDu;KVK@uukas3SF
zm>-pgwwizuBaI$=YO63|AYZVSsut@Jz=Il;?YdzFMg2+I;p6E6fuUmdZy+e%vVsy0
zN<9Gv3N6yOY`b`<rSQ!agW+h6oA6I+nWPBaCYP-hFrc4VN3dEfk^#!|L`@bertHmB
zt>mVr;=5w%czVYYh-#AMfD!y}C;_=0^t?S{r{A6l67}sVP>b1iz$6~^W;YlO&1ztF
zGrGhObXr_7Jaiq>to#kS2AvQ8B7YVOT3PMV<MGoea8Cx)0Lq?gJ$Ia09UX}~1=%Jm
z|4^Et&Uo9;{m@gns+Xb;QF}P}VW965mGOGQWKidA(VOp5g+K6+#q}r|BW3Od*g6D<
z7Mlm;MlQ1US`DjK_C2$<eMYezJhQoX_~L%N-(08<E^p<FL`98H&W`<E$L>2ax^3(D
zSs)m}xVe%EtZ#bSn)uGiY_M9GMWVP;1!fe}{LcLRuelkY%S6ny$G&><>gt5sIbV3}
zEgijaTrC>{AnJEY(j~N|k?k5B`<I9~pBTT(78oBaHl;e)q0Ip&=c|#ig+?x~gN5*i
z13So63u$_KdJPN=%;Iw{6_NlsGEx_|zW&m8Fk4gQ{wL8N+f|`*ekVv)vu82a`+U|&
zRFu_#2d-{k-_G*ezc~uUre}*yvnKX0n=y$~@?=c(h!^ebym(}$_ODlro9&5A3JRS6
z9n4AelNXmDWtk7Ncnsl`T<l#=&ZujstqvC}P9aNs^9U3dZ#-sjdU-z!$PmsFApnC@
zZ=QfDf?G^Xz?{{|;8F{hwe9d_?~`Nm#qKBT^BvRDSah7EBtl|a(O-hT5%#iQ*>65N
zBO`Npeat&v?E*9PtHJ2>SRHMO*@c!-tY+c8y>Xpdgu@p10v4X2l_6PKtj)bhpA=@-
zSMu80bFiMCo{IAFBgBzCR5}z1ftY-NGV(^m#!dvQbbIXs_c&>ze*b3io1k=Itx3DT
zIHhVuClRp|gSV8E(<7F!uo!3iP{i_nPu#F07JQNcskL@QP2G<lHv=B$OWea_Nuo%u
zu424Z4b;^`Q=FY6K1Yh!xv^`SM+R8T&enkcxi{i;BjApZBO_*^tLwzgS=gomeP}V4
z4PQxBv!7jGKN??<^p(7lA2V>I&K}QBlyHNmUp+WpVHmo&%jQFl>j_s@R_-F$7jPnX
z<8TNW3WULtkU;9*PsR7r(aI&~#1p!#?60$)1lst`Vm=ppJ}wn9(uC3EH~C5bi(RZ8
zsty<%8!c1o&mKcVYGL9hUBk0lUb71ueie!}Tc8W<XD}kGihfr2KnWQ59a^@$eB$D4
z?Pk*TQkj)iuhBL9IIG-MAV2~<75L&<p2wt-C@5ap1(GZ6;~zNs#271b4CpLt=OS7>
zF;bS6_T5IdUk7&yfi@Htt4%31Qtnr9lF@-^DO1gjU@m!}U`({v5$YKg|J_yZ#Bd7H
z(u1;+10rIN_3<)Kz_N^fvr%>$0m2u5MMec{Wh~gNtkaV{_0iPUR^Mz8<9AY7P2r#6
zqRID!Ut#7ex3;yl*e|z!6xP;GgNI1T$o5#>dszL>l6AKdqpF#+6MONZtA7yL&{lu^
zaIT8%s<AP*HWDRtLb<H58cdWW>o@oG{B(7LFW^9IcjFXNCcr?0UA4Y}<@d<b&7?2l
zY)qjz_U@-++{fXs##h~;R#a5ylQZUph2$p>A4Bw;f4L{uJcG>*O8=IKf+eCmbAeUB
zYI8tB9}<8|hLKUB`*D8i4tMf!p~k2erG2CygW1H?*=gY?PYh?#)>dA<#mm1Izpa#9
zWked=d`}?RuV2$uHZ4dNOw2;brv0@wENOc)c;%Qk<YEQj+X$<wsy_Ed;bkUpQ?avG
zyBr(TQRCrfw4MEU51+*!1q^~N%|??}?9tPIe;LNcGX99CXb`Y8TP-i3a?o$;o*7<Q
zaXXxVvvgQoy>As%)lmsL3539Vdy!v0`ebJ(+e{+3rZ5J#f46S?EM+Z?3@Wpb&hwr4
zz70abKQ*#=ZU^(YD2MaH!qUiRGBQe5GqLB-C^9l%l2atDomm9}?m`ZJ%e6+v^&ggL
zetaTrqL}*ja&)Pc9_Iz|pXHA5slFKZqm2k@DWm4k$bT;{bo7voVd>}@#5(gtBP!JS
zM3t3Uuh)B{vcb6iv8o;AAS;zOFcdd^b8}4%p`pDGLqjskkT3CxJ(2uAEH;3U7Nxo&
zzdpCT0gjtHa6~ff!NQ2&wp%f1Fsp~dDNejzn2N_MJNvC}2yof)@k)EM@m1$fC>bMt
zi7lSab3Jf1e56?k)(fu@$~1%*#xd7ly}GPCy%{Bez7Y-{9dhJFPIjKGN#9!fRELGI
z7w<GV=DeTPPcGk;|Nf2nyb7~(o!n(4)YAz`OkoOD<42~P@NJ8T4Qr_XAY<df`p=C=
zR#K97@9%e2PkQti@^;Zzm_b!2C@5m=A3or<`&?JvH`F-ST6Eo1b?iN=C0Pk9cX+?R
z;N@*CpJL99sbil$T#6d3c-YmKQ^Qf1pI`6E;PlOKUC-oZ5p;`iJU@N=*n<e4EeNOv
zrc*U(*&06|{7S<(0&j047W@vq4GksCd=b&p)1{WaFuA5Y)Bf)1rMAJDijtDR;3jU$
z;NY%O=|-?&@2|z^FF94!f%-sy>R;E9=Vwk6%cQ6Ek>Pao^yY{N2-##T;2}qOUxft5
z!-rrZp`u0!OU4qX^#IKck~`kcuc57Fgw(V<Yw}A%taE=nk0%B#xy7S*luB~kbDSK7
zs^E3hpqQ2rWR#nSqoipmV8V)>%b-!{W6tM<brW!jLWDd$&Hmo8Jtr%?earHmZR0}X
zHu<{Bkm@Zvj`B?9=~l#RT(kL~;zAYhZS<LS_2Qj#weIPbS7dAm^R_c0O_pOcF`-sG
zr&w5xC)X=<Ww%a&3dOar8Fk!-dwaJidh@Wv+N5AbkmS6*n}2~Yi8cwyJ@cAxd;2|L
z{z3$&u(iC%NvgU!()sD9=hF?kN_A~Zu!?hbV-JN}K-1Ai0c4al&pUReY`)LH8ZI$H
zEk|vTCPxDcbh_oav|`kK{`<?GFu!{*nZks`1WbZgK_%l#*$JejAGVgVzy)$18b#kK
zD$1-G^}9ED>WjINSFe{gAx}3jc3|?gw?C!iNoSh|>s`jWy1I6JF88Jy$++Mr;Gw^H
z@tb^xL~~1vqIr#$8)SF9{@t{WcHZ%Lo?5uXiL|o6027H|EQ{d^c<05tyGFG|=4B3M
zHy?P3NF`&*|Bhjl>%3g?nricOB)+=DO)rQxtgUsPUnb>*g>7u_5H6TtaqWTyhx=-H
zbnp36(Zu9(RLY9({p26QS1yTZg+-wx=;*Ne8wOrnu?O>^RUg_&AVPVjlE0U#VMN*4
z;hQ;xEBcL%PwMN%#pVAD8nL8GNJy-qqodd0giB!RL9@`CgoK2`o!@D-o5Ly0hk<*t
zd9Gg>gP-Q>3t!2ip3zgk$PPzeJ3U;;WMxH0#&?_#x$Wx%*{v<^czLa`f{}EZr+B1H
zm`b8^{l;19ya`Xj^bLOi`pn~f{KW(J%-BGKZTJ+gr-<v-0Yb&?(bPLWp9`chQ`2}%
zqJ=m7+KtpSOtEan#=GN9wL;s9-dAWGx($@z-i)RuMWb0%8N{%<ZU;U^-E)YYC+B3n
zBqJhfEmuFtcikDy5fK&TS65RTqC<-z_mTj~Mw)<#sLZh4S37IOViJ;TTV<f-xe93p
zB&WL-JXu?GOlV6MiNN2zM#hy&lAm+)CT9F3b-KYjtgKwdrjx6Ep8DPwfyo&}Jf6p+
zE1iU&Ml3cYgdhqF3mdi`95Z7v00t0U9f!NjRL1DsZ?t%Nkzxnq)zm=$kvWz_#Aj$)
zmz>g{b9Du4J)M@8j`9w8c`B24KSz8vE{(@x$72Y@=boO==SM;Q)DaB#)<!0e4Igbg
z68Bx@!tCrXWnw~Mb|h(`2%78FF1U|yaKY4INt``QAO$7t(o`Ai%rAJiKbU2`MzvZI
z&EA(S5@8*e$8r2jOuInw1_?82#DePm8~EbG!+rMfjjwVGKWF#%A}I<akjb0F-qFA9
z27QrEBV%#<mcOXq7@1jwfe)#tud*W{A%l|L-?uJq$B@nM{Wo{T)F9$>l<7mAH49k2
zaZH^Ug@R&KYc89maK_F<vIpSb-r3fduZbJ`-XTtd!$UzJoEpr$wHdF_ZK$iRW??or
z-$FqVrHYWCKt>WyyFK4gjEacBzqRKqoXHi|vbB#<5V;s+n(zWQ4vEL}=w2cWn^uGK
zy<Kn4q6UDaL$~KAJRWG`x2=~*1#I}KEoR8k9QHwlUp@r$?d&2|6-a*cwz&B9`DSu7
zcBh46k?!}Hq=n5}fubUccZ@I7tgQ#+6rum&$Dc{=0OpT*i}mlkG4KN^3M5UzqDEiA
z*ZrlX-9T`{e2v-J#4A=Xk;~&uxm|AXQk;TLN(c!Zq@Unia(H5aXz1d`z=#N`sk_Vl
z;OnEMh3Z4qAWTY-^XPC13FnP_BXPq3LRAsEr2YIq2({ghPzEV{aV*DqZ2)T#8NG6H
zz^T24Rj$FlfQ!clcYCMjepeZq6H13<va{`1zGF`xFN9B|r^7~88Z))DY^2tIP<)BN
z>+vrL`epfz0wGlQ%QFWDdxdWpUz$@>V`AZkMwHNj9t3hqnyX{Ms7MhtIW&?MH!P|A
zi<p)~Y~MICN%M*h)V6T+-o=+h<3)~!pDJXL!ZV}MymWQe4{I$mYe@OMeSwdy?*%nA
z^^bkwIwbH&A>AMk?tldpPU(_pYN|apva)rm8kNVa`2=^yRH6g~cC!r_*!6XE(b3-E
zC3D$3#zBK9Z*ZAnPHer;m5{Ksw9v#U)5DoLS87J^py(wtK&RzPZA7(bXz=)HPR&O<
z;il8m?t}s!2NQ5SM4b6m>4c&2Sn|+&c2p#b<mR#Mi%CIAsnTRV{IzU*d;2p^xFn{p
z_$y2iD=%+v4<N{uL184<e=u@)OfWC6Lf+jf1oCUK`31A2q}jBC*=z-o2dThfDG>qe
zRB{ohhE6EIHk78@o0%DbddPwRA87=Ay(a=m%V9P!GTrpeVmhBE6Nk38u$-QrP&{&6
zzvoeB*CO$pwsvOCPk^L+mUzJALvgDo2IQ_m1=-;6&=)GNUU8YW`CR)4>`yb2f%>J?
zo0K}j;`1Bw5GDF|?+O&N`LvlSDDuV{YOn|iwVE8s=6|k#^I*iSEk&7O*6S?7rrl$I
zPh9>jY-x0~qB))d0@};4i|y>=hfF0;V0yw$6O(b(yf0rVnYA_@9b+K6x@PAPvHJ5}
zk?~HOB!1Z}d_z22hfEK|xV~QtbzSAS?^qm``B=on>7!$<Q0!i##<#aOdLQ5yhbNSj
zSZ$4F@iJ$mrL}$I;tRsW2j!K>;Nal*xT2yW1#|NvI>^Alpz&5VzfuMm;5m*2LpL-Q
z4w7u+X^upg>dsg{4QiCe67T|;QU0C5BUMls7#>`^<Awq`c9y{G&&WI;|0p|=0%Ari
zOe<p1pT1xIV`>O{K1IAD6GR6!A&i(rOlCQQR$3ZG-ZZONSOgLc0insC_1-U5lVRPv
z5#JJ$6JX;&w$Lck`}q9yxU$^rKCCGt6De+N1yA7wJ(wE8!k;3(ecR3lJ8{4J5)ldd
zaD2_kK$YjT3hEFjD(sx>f{CM|;x+~FP^<kT+cvYIg1(VRZeb%n-qPY~z!k%gEf2YC
z@TifH-<{iTMtc5r=O@_cYX64dU}sQ+A@K9s9cXD~a!nj0e)*B`ig>Y|<l15JrlF82
zCah+DKGnelR$E*=lIl%5Y*epENCT&cLguO(7dAF_*=$EZ$MfD)*@`kTsW3Y-^yNB&
zhX@86(zaRB<Pacq9=n0+_t&N;vo!z^AW50Xq46Dn0R3J~Nu}FER~L<pGZvI}Dd)Fr
z0DVz1kVEWVJCY@o#u5a-c&A|m|6+t3JBRO+HWky?vRDGRGHhD%Wwc?AS}g|R`Z}@d
zI1I~h3<$#aGEv(R!aBU5Y%a%*_3<V}GEiu#lE_3|(Q^}!`dm|PEOmVB%M}hb2oDdx
zmz9$GqK}b31=xlOhQi`vS-C78cWG~Lp5oydH9tRmhq*rtD_<}>`YdWNadF_uEO(9x
z369*|?bWUizOFv*&j30gYIfHuI|o{^UC7JlvHEb}qlH28@0WWP8ftvDh9pK<?Vo(@
z>TA|i#pHYXM_%s45etj=c1)?ZfKdF=!eV#%*H&1-rmD;PAU*xlvo1I-gEkotWB8C>
zGs?vtxEY0<ZC@vH3JPThd;3F66O--*YUUs-7=XCg-&t5#*pQNvssfII1j6I7A6BoS
zv0G3o142PyQp#7#-2-hse$Pq;svg!vny$qOtXCrsS_-DUOC1=T06zF!M($WHc<#Yh
z^hU9IoSC^D&Z$Bs)J<#WwAehEmfL;jcAFR!Gdp)bW8Y#X8;R?+q0IQ*D=C#VinNSo
z<(XQ9!2~=A8=Fm?)z)GGw}(lk{zfas)BT;h6moTkv~BX!n4r^2EuuC(eP&IbXm~ps
z21du5Kas}`SQSJdy<5<-vMTH7>iSrFc>JV<jPJTx5fBIm9O^`TDP?8UP|$eoo0-{e
zYgS@whnA?ZJn&`2go2L+bBCDZl$xzp*p&_tkjm-l_(gf2KynvWlZ$4q+1lFdbm&L_
z^|yIu5+782Tm*zD+T7gjzxy4>Oiheh{CJ_+(DaXs%eYR<Ya2F;K#5{ieEkm=>bQ1j
zFHf5^knJGVZSGMAbmv&LKVBK{jIQ-Hxn|~Q18`VGq~hQ5zg_?U9r5rObuLcv;;_Y{
zprC6`2RKkdIy*a0?Km<JAWPoYea&!)xgtC-8mtDH4ZC|r(W|og)}p0{hfE&Z{ZhFs
z(L>{vt6Iy^V0K2kc77oz;oyGoB6XIQMguK$iC^g4L0e<^Qvr)08MvTpTYHg<I+D9L
z!lu&<2YkM%RjwQwIxg=)fwy-c2BzT~HP^8Iy}Z2rI({lT9ge|OZG{C9Y8OR}o|=}3
z$RI)&mkbsbh~J5dt1{>^JvQ)_mfeW{{{4Gfqw|IYd8jc~$T;*GfHdW!X?(igD|>c+
zZvJUc<*T>tw9vvVz8l3&VLWDLY6j<;`;AkUL|9g{dk+&W?ZxY$+Do;e=R4e;tSl^-
zHQ3Tp!j+zKpB#bRxd!IutAo#@ODzSqW7$?^xe!1OMMQu+t%k#G*iO#KP4NAAWutea
z-^=Zuqd23MJhRCePT%JObM|3zXn3UelYGX1#jC0VLhvVK!2S>YF#qzZJJQdv_J>i2
zFE=|LV>i5?-=_avNC)`in$L9!dc|B>c}eG`Do}NYqt37M<TE&^M@L8T0J;924n2-M
z1Oc49*TRyLmh*temGobD`R{`j<}?Wx#2h!-kY9$~R6RMl5%jpgDr5=)QpM7DphS80
z@F4o<*%^+6WZMM>nG-0IJRKKvd2ren?CfI*?(UK*43(8(!bx~RMFp!dLV^Mop#Z_%
zXgU)2%l`PMAG2P`r&o-`a&oJfxZ>_~BlF=Q@LmT?QJIQ4?JsMdZ#Lp?z#34aw;Pm5
z#$w<o^&-7|d01`Ii_){cZbA>i#K!Aim(O6aUlSR(VlVBXf-hlV#(3(FqgtH7`<>o=
z=f*=a>E>>1VGQGqt?vCw<FjIR=i#bwtM6UXp3;p4U@3o+@JS8MJ0N1LpEbF<d!*dO
zk-n^`x1IRcutN9wJF7su_luOvePf?<nyEZ?+2pM)Bmrkw<@WYWeGF^sf0Ue@oX2Tw
zmKM<HjzkTjJL6~)z3O&fUmyD2)&8df3FDX|Y8)b`*eol9_X56w#ldjdfA8LC>WRSi
z>HZYzABbq~3=zAy+~=~l43CZ*d495;$>w*aVJMfLLAyBVwC3eano=``3mo;k6SCZp
zxFF=IlQvx|-rN~;wgE%FkzN+@Bw6g}`||N!9f~gRj6ooTF@4!A#@&hF!r4M=I1woI
z6t(&9-<<vMS4M=bt*vzkIW^<U0uo*pVcDp?@d%nPnAmWDwJ2=$A0bc$X(z|S1D^(-
zTIsvm|B#7p9umR^q*H6`vtN`8jE?`!y|G<F#pqwtZ~2mvF-)MkJBu~HKO?HHS}SdW
zSs1Xs?&QBBpauUznM9^mSy?AC*R<d1`VaMJWq5hHUDsT#WgD%0`mdEzRQL&4z(`ot
z3=IwKCIXpUR!;8V+}<wa8;!=%Qq)fr6tyr3b{LMR(1CZFtNZIJ#qq{fD*^qacqtky
z1J(Z#fFwQU7#M0vDXJvsV;WDlv=?&nFPbI()LP#748Jz}ySD<}F+5kMVI2KcBZ_<e
zdT&isudcRdSvI8vy-3^Z{DyV(cqJ|<lNd_2gWby?-M}q(iUj3}MKJWu?QCxT?f>&f
zrTE7W6&#4!)>e(lwL^(~wjAImvFVr@dz0BLoj{NBD3Lul-8G4{ru})M747kBJJD#F
z+-^u%!orz~E}{A}r2I~lTv|p&_H3%E#^x4bGh;cfePX|UvAEB@w<5$BDi6IJl4^8C
z)YQ|jnd}eWQwq`1c4n<?Y+QXxewWG0&E4dy2&7Jc%D1M^>4Y(#q4cRb9UUF!#Q3;Y
z60oMyM->TJqDOli2oX^*BubyGU=R^RMv9F6f(M69iI}7wu)ao)4zWHXxjJ9>QdwsY
zH{X1b2oZnr0{X6gNr*c?#e!@Tog+v#`IR}m?hA*YUHQ#I1D3}&+7n+uHuy=?W#JfW
zVETT3l_8AUvG?!v5Bu%K#g_0;il!ENMb+mz0-nifX^Xk#XcA!{kt94u$)PV0;s`{c
z?@L-iE(Da=3G3@zrhk6?n5_;F1TxAumiIP=G_)IvR8+pV4Q?gle^}plKZCCA`w3bN
zbzI`>gRYoBNVQFA2_T-(CjN#@r+-j7`1`qPA2|b%7ZGQdy<gcZOVGu4lV0Pl{V1R!
z)xW=1XbK7vsf>$@OG!`HId2ma$HalM8GHZXnY8!j(tzlY%)N{0!}$-<z@BRO6BmB~
zb1ks5V`B$o<hP>THI%!ck^Jt_6NSo_2fQYhbUuRH4>@}%R9MQ&(P>;*wXd0eIl<sy
zItlvXw>vnLluxnOq?Eqh2E{|=<K3wrzwrg#8+eSMAR~`;_^CXk<d7E6HPElV9s~=4
z#7LO_+uaq*5%9Z1|L^@tg7-Hy4-!ww`OcW4#eaMes8^<SbPLA5Pyl$y9uKNQz3VH9
zzzkiGYDx<vHObDc*J9AL<!I{E)Rhg&${9MqJIX%#3MzDHcG+ES;k<iE06W6%3jasx
z40I23`L9A`BBQuXNt!*wW77!kzJG`QP7h`lOhw1#Up%0jQxprO_xAQg&<)9X?RlAA
zQ$=N{-R)n(4zOCF?te@oM`D6r+9}YET2x<OpJHKY`3`n!WWNrandS5kpa3o6;miMw
zv%S^zJj)tl*s4_=zviZ|Z&z0bpQTXDCDK(h*Nod>qhGq!undQ2GO;&xQxOmV{(fF{
zE+q8hM<We&VKqHsla(i08U$`}aksr``P``@ljFrtfcJFy@pOnmTULT}=)TY5yZ2XP
zu8w_v4CC|lv1xq))l{C+5oq*eBIXMGlTQhOWGPrOYE`dZ0dnq06%Z(Obf98Df`Cw%
zfr*2|p8X#Yq?;q4WoiF1x!vzOdW@9_0hz#RYcSlp4d?r$q>z8p6{#(5^r7*{3hL(6
zSCs}asX8mQ<R$W{ki-hziNt(U`9W#v>g76QvX%C&=+6z-!D-*V;a3&FNxXaNr08BC
zI$qzX>7M?&r$nckl!9oetIHP`y&3JkJHB?F{7$nKkO!J#`eyJG@4;&&w^@WDjfs45
zSwJ+KeM(1>F4Ghpo^2ElfK~8iUYno-y3dTYS;=fW|IdXvV<1rBNYLPKnVVOy)WF44
zP{8U-0?`XmA*T<-YWQXadr+!YbFhhaZ}exfLaQq#gXqDqFi>568#KYvSUWnB@;OHs
zuBiBq9{S3e)3JMJRXAyexW8cXUwM&iN*I}dFIU+5I8uHuC17hF!ee7cFTf`DxEr88
z`kWX+)yJWwW@Qq>iI7=_*A9pX-7~!}KF-Z$o-V^77*$1~^0@sIF?I`bre#1Iy}w$s
ztvF60vvT91v9|6S_>D%w<GH=RD5$ET5(K8SY%IqRJ%9aMG{GVvi^?V^Pf=Df`^K3a
z5y1Vvl)q{WpuuuaDP2ui0o@m!RBU~zC9_5$i^m)R5z*)JV6HZ#8~QuJH5Y#9oGR1g
zeL4<!*40x{p?m>>)_!%?*xv~7>xS6YE3|<GTbaonY~*<jh}VAktVlr;Vsa)X1?P|l
z^)D%ipbiK@L~xP$!_i0g@?|QpZIa5nWybfKbWL@`Qna^&BkJ6T7)ypx@xgXnSiC5^
zShu*WKQ@nr6EDi+sE{X#2HWS5kZFD{FaH|^F1X7G$hZcAUMEJ2%%s#vK^UM;!Msd;
zZ$7j*J3A}9;?Hk&VO9RKI?$v)7U+9Q<g{$qc$t|_oNo#hs6_o#RT)-V)7E!ym^U^g
zZ-@nBPli*J)%Rog8W7Nk5E8*SQmbD`Fk;uH0<;R9lXC=HA3jq;+=y5p=bR2=*Pq}r
z7-F|+#^(sYLX+{8_N+Z6c&6iXOTFr!5-N5KmgTlHmH%d{46lzCn`&2wy0GAt5v7HY
z*6|jXmehYbuC(X2w(1c>3JZ&B78i;4!1fUmLg7!I$jB$vwW5E(Br8^HZEd@{>cGBo
zZRlAv6z~grPGgHeLl!<tVeattyIyWHZZ${klS}^#KcOClgc3CT^hj6!Zw3N61dg!Q
z7$R1u#YUQ_f~GSNbKD4D@?>x*lSB&fBcXItOG>IuzbQdOD6m;-cF%(@OqX!Bf}hy?
z0`5wql7@yv4!d=NKbTW@>}W~_hQ$JDX<S42)6h6lBwzDKY=dxg!1~3oO*i>?9(cHP
zJ3ij4;-?u^&)ESKh~wGQeFEg7&8_YHl3WNtxK@C0lTgfzV8y02xgiS(oE8%&%I^Ku
z>2U91R#fcTSGcvwVmU%sGLkv>Hc}F2XKT&bi%SL-g+)sgF3bNuW{2C?&W@a(@g)dO
z@R$^rE^KVjcptF-#IHXEIHA8MCr*yk)J6aCpBhnb$l<$!p}Vc?fBwwY)Yhg)f&4f-
z)2gw=_?vz*X&~bDcV@r|7zfNYH|e4)t-*?DVLg$2=@~h{YxL<1j<uyS&Hre3IW~?y
zcz*tfpVdCxg6Fpzl3Z2#QU75YN!S<$Mph~Ptm2QY<>llv?fe!Mdh`)2^gR}}&c|ow
zdIB!+>L0R>zzmvF4##EUiy6ZJY83!y>ujKbl5}f(J5ny4-TD-~d2aKXzdOIXTwGnH
zq-9kJ2!-RjTlsEC_#-p?{hvABo3XHnDq;Wv+z~hD7iVbeq8>2|o9IJNc%}~*5b&@s
zE?EK8ks2IQAvT`8O-M)Cske=P&WSXCe|9$eZy!~f)c^HIfc~%Ez6EZG-^VQUiHY%_
z&R@UwdVb)xEZ3|uAahu3bQT6|&$X;PyzmL`Z55^PiIlK#-rm2-;v*tX2Q(8Fd^t!&
zyEm?`yW7e7nkXm==*X#P5jQ%Xg7k$TVN<?$zfIm_t#82DtE&T=Rna+QL|0t=#nW;t
z0cu}#*CZlFr$sGPR&kkUKRCVaU%cGcRX>Z*NJHLn-{%?(F9gZvEj<hbrNh6sVAUvl
zyR5W4L<-gV*8m_x+)pXXU!sA(1*O%%47~?ZL4V)uH)QY>!~^I^!t5e|w)z!K!1mS5
z%*+kGbhuVQzZw$7>F97~N*{9Kb$UVpxS!M05u(vllW_D|V@t#-R#Up@@>_0W(_kSG
zs*)S;Vu+CsUlI|zt>jUk)YXX{)Z1DuRFXV_T}q>EJ_Y%8I6EH466=rmyMo^A8YDcw
zE`1#qe&&sxtc|m<U>f}mx(25sv!S}PKZTjw^zrV}2M-Htjf$GOH=l()i2Nz|AP`fG
z3M>gvYV*B4+x$}`+XG}!sC4kVA29&*fsL@KXcg5HvU{`JF&q4PzB&xnYw>^t0t(Mg
zw;9KFd!)?OIqRlI2m{0FB`MnTWHI-k<c@$}^>XivvN&Sv`awwpjo0hlJrpZ>a2&+E
zVWVwj`z8_6GTnctUk~y7tb<x+XB3VzH96UceS-w^byTRXfkCx)Yigoz#OKfIS~@y+
ze7-m18PK=ti_hzEFkZ-m6l8T|@jEr1!?Z8@rcATyik_Z6o?&QA@^A9HlJXLvXX73r
zOO_J!cq<cj!k7Ga*ZnyB{NvW_t+I0PiGyNCJ7bLpYoD$imyIq8r7^Lv@_5wpT!5wB
zPP-K!bhqrhAw2^)Hm`|$+i@QLg}HeoRpE5~Wbr8l1<by_{zQ$>HIE@!o(qH*FXtU}
zF!2SwS0Sr0{d{ezZ1+zwMl*+Ut(5<e?=xvXhhyIcm`-^egn&+bvkguyEwsvo8e5Ro
zX`yH2WDtt7R@(jcON)x!!zBu8v>9H*DrN=Uc89vhu47h2g(Ts;2G-af(1f#Cu07@W
zYR+!4$)Cg((D_Y0;os4f>7WAskHN$mKpAaLsktX4#eZ6!u9)38#+dqyO&|NkoBG9z
zMlu|D@Ne9_WX~T=?%X0Gqc+^-&}Pm#`gzHLg95+;u0}WdKeqnukx@}83v+WH0Ru9l
zDIyYd;EfrA3C*!5Y2o3Ln*hPY4h{{yhIICGIvTY*QGg!{8zugfF{?xGaS(AC@ch!2
znfZc*2S@0VNRU}mb2l3Q)2{6dUF;Xa92M0X1xZBEoAD(+0TzOZh24Xus;UK#V3HY&
zJ||r6yz_@zEjh(B?E61OLn?a47z5BhAZzn>=KOtGX}UUW0$>l&ne-!9v1vO?zw;EA
zmfpSP=U?&wy2~I`8i2=x=2_U>%F68X(~W*ALPEkgYj(nx(jTutcC7{rNqp~a;`dIF
zP#!s)$Qc%wY6iPtNPq_of&+vYmmUO$ocAvPxWkd0Wk)$bubKRdGfX4jy^qHXfdHv%
z!`;0Ggitw7j<D3iH@(UzDVFi^_@EV;r=;ZXJr6hoN(MSZm#tvy@5nkj5|rLo$O)^6
z$9ligfe4Y3l1gf7Y;2U2khn|Sh=!l=g{CxkIu@3b`6kyL1zBn7WJqU*<=9DaB@=LT
zaqT33p0>V7qUUnkLP6tn+`fpDzCVF^&R|1aNMRB;HX!ZALO}rJ+|~B>II#V*Dl2Cu
zG>g(G{9-aR+;vz+Bl!5Sw8!q%?cChJ_78GlX<?Z6%k8~NOzGKg-3}s#e!Q>T0I&wx
z4>sZI?gL=`oF6Z&t8G0JfK}j@l96#_bbS1aZ>cEe2pT{KBAs>h^@8SRW?a$utduY%
zN5p>HoiJL@#{mO_L-{;>K_Zm-`KhL6@Wtawa%?P+g6)zC5L|P?B<jqo18e2}t5Fhx
zXztQdr1R??;;erk%#b*81YVlHdsnx=n6{3TfsoM~R9r-TWn<f;Vo282ANPEg2ABnM
z%D0j2RFY3;^(aF_C3MU?Jfz0$a4PEBpTQw8a<q#c`_R%4w!l$4I5=4L^z^_DRw4?s
zD}r1WLE{2unGMIr#_j-3Zurxl0haF0i0H*s8K|t3q9+GV{!pWl2$Bk2QZJO@F$w9a
z;|gbIgHO+uhsSJES^BnBPhVME83wYOn;$e48><y?fZu$%FX<d2KRmWfS_8(8dk9nc
z`F?rcl5HD%z{U#~ppq0hz<Ugxwc`*d{+1uqPo>qJ8VFp1>&N0zm`6uXhu4w(9tX2G
z(a~s#pqW@@IGsG56|hKR*ig<i91Q!rUkP}AB!ke=zYW?S&2j>=&I`j16%tb6no)iq
zlkl>49@$)<96qSW4#~)_wFU^jjwK4Wj3ZShrf>vKFJl%5Vq(uDF=uC1h>(Udmh9D0
zXj22{T@0Z(_|?aIHKvVt_*$0bKk{LXEyt$s7X=lwjaD0-FWYGjFKxLh^*$?ca;lwp
z!ONz;`U1pGuoUyt#!&Krf+8XW*f74`Jlvia1C@P{mIE+3(Bqq)8WIA(|MYk-;B$3w
zij9j~0UwyE+fePk%m=(BN+hHd@PG?|(-jmfUu?m%$Hj$#fcj+C#wwzohvz0UUf4P0
z(&u^)R}Qq!8q&~Ynue{bsH8R+!(Ac38v*MFSg(vDId>sIO}nvudk%rrr?J(5nJRJy
zKj0xJTnq=rW4PPfl;@8=58q1fda6=h<92~>b45cVB`pW9l%?iWCKEx3MI-1F28W7A
z*}ZVT@JN0Yf{dLFXaTZxHcJJXsZ%WYE;1<giL_g8<^FfMKXb+JeQ|>Xxov8y=49)c
z&~H&vQ4@3bg71ZvF(Wx~R9#)EmNqEL&d%Vz;xQYQ<iQNTBvMj#&6L(Mvo!De-3ckH
zt2;Se;)Os&#o$%JteU4zAuD`*q$%1%d5ZlWurcNa6XL{44uP<M^-2u$P1ui;aebLU
z)E5(l12Q-rJ>AV3@%JjjV1?oUPsuPKh$>4VmE$pVE(JnHw+{RP)3{M%s@Fe&6U0l7
zYi^F@<Q6iS{$XIGe3T7<4HR&?6!n^1sFVJzA_cATf-?pmii3kwnl0eB*Y5v#M~)EO
z1s_<FOKvwcAuPhi>mZ60W|qOhGFuH39vsBtuq_AF5)idnG}UpBBx99GD2HTZs=)|a
z20}qnK&wJZj)wR_&E^9K%i=TjR%%-9&W7>rySJFDyGR+-vL~$c$XnFZ5p5nX`NPpZ
ztsO17djx{EaTv(WU1C1Y3vO<u-M`4uI(U_nEA63^ds8Pre@YmSoXR&{9o8()6PA&X
zOjLgR#m4FH247ZK{Uvc6X&%^Qwf^l>4UNUs?z4V8+mr;XeR#1#md^7Qeh_&&l#LC+
ztgfr`eT|3bDW$E=jS6vj&t_cjLOuHQ$T{?pYgoQc?=UI3X1NbRqn?mJLqnr`vbU%?
ze(iE!o)kN(H|QLw5xjQzN1@@aOzIf;oao!j%Pg}saP|xJwr7nY!nujq`411BChxn9
zSTJ1=3EvJ4Rhx}vA1@zVgPE2fK^U?H_;#0&^AeFXyTd_}aPg>CPmE`Y2q<oET>&-G
z6}a6Udb8jCqQu7L42Krv2cVF+!bfRqf3B{ztns<BGn--$!$~?zcy%+k&}07Sy=iF)
z2ie@*JgWj9^Y_ZibC?hwEmDw5p+AW*5;87s@(+NLo9t(+jq8ewciy~?67K+%efCmE
zT>bR)F25Jc6vZo%TuphZo^Vcw&fy8HoXN>DA_8DKW8(KV0)>Y6#o@aXE+%3@bY?uf
zq?xzZ^M}_fd9}_|-e`nxPA)^28ca2XE*-|fvAZDV!v`^VrA-6)3tp+HWEMz1tA9y^
zD{@!@HxW%!PfzJfV$ZG47=>sq=s8LPkE4|Ndq@T{MV+_O;ROSnItqz`&h+0AMh0VM
zSXoc%s)d9dm>_`w^H`2%ep~@Ug<c3%ghn8!k|@l8VhZ&_(~M?tI$A3z#C8`a;T&i;
z<IMN<jqA6ipViKXIN|fVzYVjsT1{`@WNK;3D=a~>K3*~1I+(-f@L=%Z<`({DuiIWl
zgoOi-hl&bPyldaQ`%&~qA`T-XdEjIO8?Yq}KYZ|&k`g*Q-x&aS4fW~aytpbQDPCCG
zcnzaN<4a;NXB-*TpZ;(*8b(?~pcLe3xH44bmD;@eB4laF*W?^r8}$L)S%4SWy_R$6
z8Q+TJ*0PaKzZGO+W`3TUnVC_Qm#;AQSb2lA&Rf^o%7<DSOpdhP|CK>IpMaS70Wo9b
z8%&_gN;}k;R4n#R7$O7`J5zJ>`qvJ@)DJJ8cF_<l7_|c3eXfHP93QL~K(O!fxWD4T
zZJe*OM+Iy|E_7kbw3WgS6_t~#f2wF1e7E7(x~U(Mi=NV1;fg{-b6N4LQP9JZqJLxT
z@HUzuhsmb}(aWazUw`ONeg}oLLhjB%H99(}ZQhrPJL}@0!T^QF=7Wx$%Bxz9^1$YH
zft6=D?BkX2lp^X#+XPLh;=t>9lvQgvCUNRc5kwwB3IzxQ;*yf@0ODezr=$A<QyM3;
zTcHhCu{Er_lp&Ds|8H=R>v%P=*z?G#?@eK0wFxl&G8!!AatpTmAlkCAy`iOc?)&xT
z4U7G)i`@9kj@pimJSe7(L55#%<*PfMei;Df6i#LhlBgEv*Oedz|D7_nF+HE;el}>u
zw_&q1`GfJ4$>8Q54@yWTzk88@1&)%3C!d0j@Yb=MHA}}hz{G<32Xt!&9WDfT$(6Ip
zprB%{t_IE$Jsa#>%~a~gc64+AM7b9y8-N8rkst5L3{SE7cWTO2!2iKZOH_0N8R7v5
zK_+7Epf(AKfrtNqB*j^eL>M)-({cj_YJXgRZ7P1{&Ru$9@S$u<w^<*W!rAHJk8=?G
zLBc9jry&E8nycQAH}bqx5!LVM220W5;i3Jaf#iGqWbq8|al`PQAR7S4x{5gtZf9K<
zHBS92WQeaB*WZxYZ*CejT4HGM@|^MCdSQ{gl-1W)I1?_O)J8x+zyhQVzf1x~kQLN6
zi8&%>WMov*(sB=4%f72Xys*jQ4x5`B*Y=0G8{{#C+^Kqk{rv&yFxC-+#>Q6Teri&F
zFHY4H8Hob*ksz4%um1~16mr*Ai_YZ1ZFziP@qF|KWjx1J1Em`v6}~)O*=N;Q1w7}p
zXRE8fkhZo)12v8Jj=6^V6n(931}K@$7V6<*!b!${q>rAvn;5@${`(v4DI7howGbY{
z0`_qnTwFbw2mLAopEh%;9<>;7|BLqj#`Ahoz`-Ks_J6qHZ)cLg6sv_gaIGZ%2YSw8
zkO}a?K!%2goaW~V5j85--7;yAAi0zOQp?MtpjlbBEPic2T_Q|_h|_;&;N;gzfGB`<
zKsN5WoBr#tDP`yB8NSx;r?fj;GuVM)e8$0q4os*3WN2AC#*NS_iioKtsY>rjrpnQT
zS=l`O@B-x`{39(ddBUGR1J4g>`&_C9?Y~0d5Zj3qTRkxxNd<wU1AuAuaCGCr<u)rS
z+WyPMMKACD*9;dIm}JWO<B`DF`jt`FV*}udend2Uq2}^e@WQ1=SYobj`_mP}mSfp|
z&8Ge6k7s8tr#l#=Mj5f_z|3O$a4@G9E{TLS$YEdY)Po>5F&TWl*3%g9$OF(Na0xpL
z@)1K_&>+HPIy(tzThs3}DYW^BLPbMTj_B^)?||?*eY$nMAbuahc4c2|nvh3<5KV##
zNv*XQ!SEz%9|7lU-11k1VI}at-C4s@QZUBwkwW9z4w**v(EZs9sJpMZIrR~2G>}tC
z*ynCiPR&3Cbarb*>~=J8Hd%&-gj^C8UjMHb!0QUi$yP;y>r)P;w$s0F4W|TXH9F<B
zg@yG66&4m6^oE8y-R?905)(7(Jz4@j^kN<{kqF=`>k9)d4U^-TM;;!~^9r2fnVue%
z=R5!qu!7@PqL4XTa#lH_En`B-L?VF3lZ9T3O$$-;qz}L%iGfZ)m>x>boUvihI+^^a
z_2F8ukv?n0?0tYYysV4_f_0UlEAIbm?>ob>jNkq*Tec!A>sH9DWMy-Ulq5oCs1!1?
z_s)&1kYrOSTavx9$;wRj-XnWI=iTo){>Sk@p104-=X%kL>bUOf`d;7fxjvuIc^-z$
zKf4HlV8HC`n8ypuD?(T3Yu-`mYAZ}9$PyS(JJ5fgR`?blws!mOo&WElA?b-j6MVVr
zZrEJn=^e;~x7R1?NOyL2jx8-MXSE(Y2x=Uz2pX`p)hTrnytzI|8~1GAm7EbDdKgI(
zlVU&DUP2N@O4&jJ;8*nNAGdo%fAAYXE!#JYrD5v5LE4!4isvvnF#@5-==T>gBVYCe
zwQ}AxSG&LPkYIZ;#3m|qZu$M8*me$`{T4Tkgu{<!2BE6Mvg|a}V~bV%joY4%BJLCy
zYT9%|>B<4Gp+0|pwhuDNYyXZ;h}<e97Nq$OOZ^{2tw#reD<wsX{I#<)F1F<eTOA7c
z1)}Bmd!z53_vF|0#cVDy0Em&1-eVpW4)F)Jo;YYRAg0LtO!$o46GZ|Re1eH$c7-kg
z%1e@>V)6YSs?qW>5D;JyxRsua?G9T2l#*pU>%Yyk#ZPx`V8hj|EwL6NSkGL&;#G5b
z`5({UxKrV)vtkn-($ticd$g>qURF@$)n*_gJcp$D`sO>FxL=fXg;?AFO6K<S8<jCE
z#Rszr^0?9i(M6xSpHam|PjCGWBBfNa^^|VxOz!MS7*kpA*EZZ`0^D$3<`&~YI3qzy
z+4J$v57iza5$Cv4dW)7Qon-bd3-XfYE)CTE8DgZJnL!W;oq8d2apUF9a`q9pON9=R
z#abHU?Ck8xsmVzS?C!>q-N{hP*DXD3_QF!k`aH4k=d85s1H8jkz&T*p?Y#6eDlVL$
zolQUZAcPjr)~|D^DdjKz###7PEI2J;FM9+WX)%j72rHCCEoDI&^Yq<2;%vFgz$dM&
zk<}5<@fKCf%yYzGFq$t$%7oVeC!dRsiQ)CUN+3stk6@Q6<U?B8{hh@=UQq>wI-47b
z9VUgpOIBAx!JIoEP7?G@09|E4*pj}#w4~-|JNd}LE>U~~Zs=Vlh-U!i`6TCLTB0fo
z7DI=xU(HDtd6ZvvqxH7RxT&dMrtTB3>JOiOIMfl+fUpHS1V+T=n%dQuyj&c30v7$_
zX*v9v=B=WqJAbS%TaQ*0KoCr~pDIs<uZHz8{O>|S+Uh`#%SAvCppWcDzwsTp{kCS{
zH^a|N9;m`%)-DcLhGZ053GbJI@tl{kq@Q~u8q$E9cvtCLGV8qkjYe~eP06`puO`nJ
z@B9+6Okw9A_()9@ljwNGQ<%Y1;w|KLOaP)Un(1lTn}#fHIoZzUTFvAj%91!a$u}&a
zvQC!5LomU?T7YBpoVG-9u>gWLO>{<%O41^+nEXr{ErX=9jq%HuUqM<wQ4h?L0>1Mh
z=V6$@<mzy(u7!pD(n$Ow)frq?kO0h2`#WuHfMcLm;8IPy&LR>O<U6eY;dGM{OQy^9
za7&sS=PW?XFY#<Idv9qzP%IZPh)8_<iZUo@FXCPE{`=4G=-)onP0M+6w)1K~mjpjK
z%i%7^$9`Q9Fso8fQtrmY#9Rs@lA|KO=_pH_7PG#!^_rNNSd5c{LxUJ$ee>p#)gy0S
zvkq^Ao^7ZK=vqDH1d2x;`?+%!A$e8Re0|^f8`K}Hd4J%%<kRpN>ScHRX2<6!h!gKN
z{i<}Uj=v2{w4`saKXm0yyUD~(04bLE#I;WaoW%V6{B@75`AE83(oi_%`-&$|l>_w2
zr+3ZG7ma~U7YB5tx=bG4=c9p?Q?`#UV)Y89#a5bu%HL3(D2|B&C+kEBas)V~6@=~D
z@8UxSmj)s?R+%49&s>!=s+N<WlXbwwMVK`;OBNrW)QMM(;OsYyP+K|5BC?>S&31BV
zpoQduh9>27zWZItGj+e}Ce{{}TRt$v!hw;Mg8s^Q^7{IE2vl*Vqey(&_Ix1$=q53M
z^z}L$8=L3KP*I4=?c0~e>YGf<lUT@#Eo*_52zyM|2jKC9vEsGzY17goVNIqk*-a~1
z1UKvgPGP_Mu7J_2jWMtE<oAr7n*|nc0%aIW4sm)_WIb&K{bJ1@N)b^ua*7rcHf{CL
z>+qqS-8iP}&)k)qoSd9_`}S?DR<8bj*c$0s{O-(14jue%6~OKvfB5uih>}T!j~W4m
ziS1A;Nq?3WI|!Pv4^y)I?Yd^arpCceWBEW=D!Ga@KttnZ)<#_WNapEXH;{N%5FU8|
z%uf{+?XSz>YHky+<NgOHHS^4L#`NPse!W*&O5ra}Sgt)*z7N2G6!vpb;bYAJFDDA+
z3w8n_A|g_|dbNNAarQiw{@xKEC{bGrVZt}6Y}VncZ!E@Gf)j5T1DAF$eYUx85V{*A
z9S(ibaHgW!>dB)6@ak2$MCaz$hkRu866fJmO3ECP7l#s8S1#o72{uKouM_4q@d5?#
zM@Lda?Z?}Z8@V?+;n;9Xyqv};X=+9%gUJ+ssYvB7i>>_-!%U=#)Ab2IgKE#?Q5-Bw
zO#kG7G*HC)Cgd<+o7y!Ubs0NWhl5n78re6G4{sPnJ?kNKJ377!B?HNF4<-m|ulP6J
z^g83THhB;ygn*1#{m!-P^(1<F%hm1-i>|Iv(d<l5a~AkkV^Y8-aH*k3Xso?<ilTW#
zH6A!eRcnqf@!5})y=-h+&iX?u^ZiN&X?JINUETL1U!Szy$7ez0sB#z~JMl#jm>^KV
zBJDn3X)z!mLropYgE&KLh3`M(1DhfvX_S<%b2YfQluXZK@IubBpX{tG791V1R_!z-
zN^m!~)P9Z=Vn^|`ZZlenFtH0evDaU^v{9`Pm;!=8!Z0SHQVQlPUOk*gowYa+H3gKG
zCXnb2AM_J_xLWeX_d!BzAWYN6K|U%ff=&X@FK~<~$uu(?{W+d#`St6FnEQ!l$|@>v
z0X;fe2GN8-$US?q*KC;n05}M8y#-ho4tc&fpfn$FWj*gwEQ?sy6pWOs>tf4N{#03f
zf=VTUMA(pXWv<BuPk{4s(A`Sc<Mp^hA0G&AB}EV1SZD)Y7h88jxR`BcE0;V`SM8>H
z+MO<5&NFtF-3ma5T!Darz<B0}p4r)iK`3;A)Mn(f@Y3c+AMX(;(SLL#;>EWUBClDb
z4)!zDl9$QJ$bR8}zamFf?}gnAm^BceJ&=Sd;P8843*Ubp9hIkF+rPgVNp(&E9y7ui
z;1Zg%xLE|GRPIM&t-wh!ih2|2Q&6-`xpsg0@#Ap^OFmahCc=-o2Bk*f?KgGWyLtVX
zCAxC3nTF&0NNSM2!R*_=_GBRqk44I|_VNzgz&VT?s5)(gNx9Z6@7caik}6lXI8lax
zC6`4iSmD#By*FBkX4u;0;K;~vF9hLv>mG8xY#1Y8dCF1AIE>f$WE2z>1Ol+M$AEm5
z@$l^nrWJEqXX9yY`$7>;b#|19qUO&~+1;YcSTe=@l4)@=E3gKS>*iL82z}e1Zo2Ou
zDcWEEHCEMNt?=s6y8oH&s_z<khI<~%I@qTJM)QEh`V4Wu;DI-=7BQG$liAjo!PV8U
zRXidQ^GeqJhzRd$I)QpsH8nt~;lF$@D|6L%bv<AQ+pOkp6v0O9ONy;erWs1P?eN`F
zQMpk7oiXC=ZzMJVrrX{|>b1Bq@j@OKP8`i`w`0busi_W)=!OR4)fob2AtA`zPS(Yr
zKDopa;E#2retmtVhT%|AgcApwqsy>5Da*`L;{gFevvKd9&zMp^loF~WesHI!Ac3E`
z?+9I+bUQPOtp)>}K5=?XDW06UNyfksmqtn_kU$1LcVY?RWGYE4UxZ5E*1^F8Ahn6?
zl$3Q^1W1rIRtgGxWhFKp2j_Cs9B&fNB}?qCk^_Mrmg3~Ea^L1>ZW_<yVD-YM8}<ta
z00;g$-6sMk?Ay9lZMS`=iA4%QE(HYW=hcNXM_8X}p5ahh2hpkX_PTNU>{NgGp0f@V
zNR(MwJ93-qgU*@W*U(^w4Vu(<5uzx$ULf`1%h{+tcu>S9F8=#TfA+&&*hldVChRrs
z<X-%`{=LQ4@S#(@Ujlnd*q)orX|3^lp&2`eU}vA*uDL*R_{7HF{bJD#M$+>(tfs2C
z_gfWke>^Q<^dOqnTbLk{lLHtqbn)_!(7(U#?@5T&xUA@Q*p_^M@#j1~KK=z#aPsHo
zC$a1EZ^ub){{0*LKOBEbp_$8SvFvqgaH9F6eY6~AKgTPKPy4;5%%r`JFo1(}!RQ|>
zQj)R##>Avc>(-f(lHp?n*$-o8=e*qVhk`ij_c(_R5LQ8}Or8p3)*EkZF9ra9Ch|<$
zs>0=nUhCkX#BSlN*?{T6*21pF{rh3h%*|(sEsfzY5dM2K^0Y5s;-cQachxa4kfQjU
z`)z7w9#h#C%fTxg1DIKGeyMZ&F>hZ$?8*4XUl&_LmS1BPwc}^bdB#omz6Fju5W!}i
zgT+(I&rOyNt#{iMt7efhqY$|u1*P&02py8YPMYkoND>b~u{=T}(X6?xZ7$%|tFi+S
z!A~Cg!Wy|_qi{CHOTcoR{uw8f0dl0<IOE$r8H1m)Le@j*fUZR)53~);8S(&Z)E&mu
z)Ki$pDnl6GK3it$3NiK(C9|(z0Tg#goQH6p|D?{|6*NSUA%_KD2LS<{XI26cQ`&hf
z(*7T-q`6W7!?lD%Hov<zCK1jcG|M|icM;0v=YIW-X2aa<>F#dn`t|E;GSGI8U`L%8
z8tMjXXlY?WF*Q7-q}<=E)f_NrjZ8Bqlr#z#7<BKxS~7ITB)?&il8^uXLi|CFClu~E
zc7}xUp%wG`QuSJ0ygAW_KWo+LP2;s#6^Z)Q0>XCnWFW5TJKEQ$L%wAi92{IqCuq2J
zLE3#UT(9FCz8o<%gaG)pbSM<61cJ$rQCw=$Bc*m3hKh;-gN28?1rL;n8fRzeMJ>)l
zwO7^0;FLYv4Quxo=(9dHZ1(1vns!^vce$SP0|$VugaMg&=`|(P@$LGvCtPzHqbCyE
zp16#^QZ8|$8`aX{7T`vZt_AzIxw%%+@$r8QeE3!1_sy^-$Tv?bTPL!@dBa3PRaMmw
zNJOVv`u7ksJ3FkB*nZavv_tC5D7na=yK9k0%M4h0HQ?t-N$q#llz^^$FJ62z&`6M1
z;3l}fRsAx2tsHq`Y|L`<NtJ%RiB&R3+lXrmwh355AMK*d95ESIPYMcW*G*2dY<T(K
zv4Td@GLLG!(?DVc(b0`*fY7Pjxq!|94OJs|LE3bTWws#W#?E3`*UqJ`jxD1Mb_!s|
zD9P|^4rlC;=C({Lqi#9Hnesd-3R1r!9~`LaL#C>rNz?QC^`q692D`sFM@Pi{Q~6hP
z<`>wT`(ozAnHGU%$hVEnXn|q~4XR#MyKK(V{|l+Zus}W)ZXxt_(FT_38mC%Pg&2^2
zZiB0~9LNi794@^wR8@IPMvn76;USk&K2KX4HQ)zB-z^4G{Mo8M{m?kH8WA&1eiMcL
zK9Gkv82-^#B`=E?9dO~#J8{Fu=45m)UPRKI!$Ty6)hs{%$TPC-?x5(z%A8tTTOUGr
zu)PcvxS$$5a2Hfm*e%0;PenzAwlhgeqTIA8%$Q3pDWL-t;E_H)%CCcJ%}Ghg?rEgo
zK&PFlAE^j}J@|QPL3rLu(KrYH1JvnKGw!kvb%yu6xPSlw#(4A<IsJ|2_tQ<D6#jlx
z_#0|&j|y}!TN^N7E#scL79sKogTVrJp}JGrN&bO#P)(U>Xy~)JMt_HcBi)9GC{V{o
z;11P)MAB5~sQiM0Am}3V<QE+C*vC(wem{K^iPHwkHPdbs-*q9scZlmnDphb(r}-rP
z$M4(bOc`zVFCZi@?SLbQsXyGMo}aE?aKS<Tn`u;6j}OQpdDwBhb^CRhOI&red#5WS
zW;)SklLG5*uW+clWf((i-_xf(dr8K{^3XK+xAR4obD~V|Q<UwmQjtE*!_UuVBBhQ&
zG13-@q6w}yf?34)2AHG<Uw<M?5G}Xx1hj};Wm(kGE=H}#hqDrOhr_W((>u>ky(NV-
zjvrDgC=C8g4i_Es*o|p&c}ujrYJA!nqc+0vtJr$%543i}!6Tx`?r%;(qj9HLs8DBr
zg8GU_=-M?As5B+LQNE}WqY}_n>2|fVl>~%BCQTgVmz!JV4b6F8g)#=LLW<Wb!7^MP
zh`lj*Ked=}xwUG_fkcT7C$qWpmsydnF0rh$ZhQG<?#dtTyFWGcBf!C-zxMKR$m`AI
zNwoy;@|c)1_h-+a3u8IlI*|Hly`@B%tBK*sqkaFB*qSCpMQOB(j=7r}>FN$ug0A8e
zrW%i#{q%<BjG~90#O5O`*3zuUXX86r-M-o*-q6?jM8r+x4%eM${W<f3_akBg@OZVQ
zx3j||sVxDh^iEaKvrOQ+92}f)z5nuY{b@m&d5t&DU&!>J8u$tTxM++r`bawogElrX
z`O79M>U2Ea64jI>W;>|>bE3py@+!ExD@}EH$Dyz5!;}RVT5jCadl2BiZe#zer%r;^
zef`&(dj%016=MP{wyCVO>OjMR+`M;Nln%ne#NY<iVGzJ>O!K#*jfSlSdJD6Rg8S|#
z&D0mRwiOLj+taT;`RZzBHfI__CwRBN*&B_{K}d<IgLr_D0m|2mT#(GPuTInj9=I?t
z=sYsTTN1as(mi@o>U8zqp9p$tpT)+|-Znn|js57$^b${03dhnldAe7M2G$cZ=5Dv6
zKWk>rbwu}SJunW9I!E&LYj5YM$W@>Aqy0SlH~q<_UUL*XCx1!5zIoHzNl4CUFC;1H
z?v-a)DYhhsUST|a!iDM%WtR9ZCL=Sp8>J?F3)j1BNO#$wlJPb`<p!nt%g()b)K1b^
z|CAh&Ag#0{7k=mCuxDwD9wr`)lq-D7IsVm_((%fl?V!fT%+v8?Ufp4TK0A-nLR3`D
zdN3vOZ|eOoHmhCie96~u8AwBc9ZJ?ZHdiiRelFTZMD2jj$A<1Tzkmh8`ynH7f)Wb}
zat$)-tN;RNM9~m-Q*~=vifx~Pp}DhpFK;b@{7mg{Kce{U(OfCl6u@U3irP<)E96sU
z=il-#KG8qDrLKvO>=`9{1{3)B?9H!vS$BI}3Xh?odDQ+hj(BJ1riTGDGM?x(+S1<9
zv6CcfZKxYUsf_MbDe$IJ&oX)b{9#0L^4bd%lQ)Ej@Ph|~ldEC0LS|{-N_1c$$imHJ
zPRuPridF9<9q_pyI`(Ql5Z*U1D0d1}`GRh_{S(8yy{q)VMf`w*<p|W_@8W7(nuvt7
za_djGpqut?HAdx2eOwBg^WYF_ZAcgie<}q4-B}t|R#vQt{op)nH0Cp{DGqy@mJ(+a
z`;8k1DIkJK2@AW+kLU-5HmHrc``M+Ynlz=;MJnGjQ1_|F5Ytzj+`t}?*@Jy!fE?zH
zpAnCD^N)4vo!#bx2O~mgM#}oKx&JN=*iH;y-Ey8HCu0?wjT>7Kb-wb-W6!v7^pB=u
zv6b<*)7V7Ud*NrFy?TXSQ82%E*ql}E^g7v09uU69O|8z`ge#BEd7GYY>S$<~G!VhA
z@DfRxti{WYmtn1vIra}E2^id%f5;g7=#qb6`u9wd^r{1rUyXkFu9O#uiGZ}XG>;&F
zY5nbelOxkpq(q6x+Io5xPWprXJ?4IpU}6GWPrp@vXBElE`#~CRyCyTymrG)jD3Gr1
z?k@%fCW_;r=igmeSh!3;s(|io&BuPOPZ=2*5F|{F5|Ez15Z&^48?k|&1p>3P$~Ww8
zE<0~s2nSOlY&)sZc?ensUTtk8{H|}Ss@2f*!f;Y$D<OgGJH(VqRxhs|RBck+d>1FY
zKWEsNIIQms%5n}Sk<Ws{*zjmuuh`0^JwaSZFP{w#FAW^tqBB7GxqVwrZI|K7Bkv0c
z&815^Gs|Sqfk(a1`6q9X+Q<8;72jwG9zLW$h^>~~oZYN;-@jzI)I)?sIRAYdHF~%w
z^`)Qy=oiityKA#E6U9XqIEYuglpaTX>uJ>2R2=GZN8`TUFWe=zct}cCmfp(JQaKkV
z@J+O}V+&aT)__eSg3Z>808;!jF+FXsfBSY84s!Q&he@BGFJh;j|JTLbCKy4qJiB>%
zyg!F{XLWb0x|*><AK;r?bSuoIiBWzIg=XpcsWlOi9LARBL*K^pQm*ilW-YJSTJ~^q
z$Ar5!60y2R@Wi%Neu6|NV*^2>Ul3zoUpz}IM<qBs+^DDAX$^&N3-Hx{Wf015>p52x
zDykAya*|=DRw3cKWhW#0oR5uiZOr;tix%`dY)rq2g9xz5gtZb;Chb@L$mYuini=Ko
z+o>OOLi6T+x&&>h4%{;eKlkT*t=-V|;g)s+#2#!yYiFmmwx(t;d)zCldt4~<HXT{a
zXH~}Q&+g4YsxA6^a1ed#;@OWXALXCPBC~pW9OVp$_{u^zJ+^5-=<0SJS5y}ixH4#I
z?D|M134h7Sl=m(#KM)9QvikJVxUx`)hmn#y-_cfX%xTmmZcp`1a->g;qa)U|XEr{h
z)X?ae24#X9=<7>enjEO99oVo|>(l<>VH1R5xoe}9<+#|0VPox!2K6^%zk@-Iv;Bo4
z$uc1=MyDhx3ruZ+p)5H9H1NgO-;0n(;^2r?TC<9jm;Kl+U;7u-?De*0-eNGs8mF-R
z!@8zgIS)RYSOEhbaOzbn;I0CV)~C>DW)|$?yKvlm&E3}CZXgQyrC1O;&HUN3np)NP
z^}Nd(Y@M^I3i3-smE{Lj;WC@f@Xltk(C?emeK+x-)9Iz1Ewp|K9LP~Hx6F23YatdA
zau;%1y?xQEApXmj_532m`qdH8=S3)A%nX+~*?S3`=<w1~m(-htmr&+r*i|0^>G|mw
zsMe_-930Fb5%Ec3`%#<|^Bswcm#%$ys9HIIha6Bc;Eo6w*hp{@3CF~!9>ncRpU_V&
zuO#osp;5KkckkvKeVtZ|^{RYb_MY*m%2Udnnb|gPUA?nwU_fvTw$xh)B$+L`YcZH1
z@$*zDbM3}3W<9>xHV>JD`SdpAp0-|ycVAY)H0x>22&bhZ=LEzeWLHF9ffY71H;?jK
z1t;AU8y42J@=Nh}`Ng?&KS6ywRdxKm!EP30)s%XAXad4aGb!oQqfO^h{Z$F$AO7Y1
z(rnb~5=~R$n9l|`U}+0dQc`%K-%C+WZf<|OvWjo~$4j5eO2$uhb%UA18Ohyu4IXoH
zqC~|R6mEuD{_TuYjen)a$FJ_XD*zpO-+!CVDmBl_wD~#4dX=4hF)k4xD5=2$Q>AhE
zBSg<#7A92t3c*IQdZ?$@HuJJH78+LGKs2?rOxnIa(Yb2JsS>h(n9g~<gX;SJAzmOk
zUe}ffo7!S_UbwV%bx!18TaL?Ts_(q_7pkpYd`KxIR7eWl`*hp>%AvQ+v0us{s^u{T
z2BK_iZIShY6(#WIEhyMqh_|M4oAe*txKZJ=Rz*7AJ-a%)%-S9OzEuU^#l_gKPzV@U
z2m)w-aJo|X0RaJlBIZIk+zo4SC~CXAuSy6Cc3P~D*NP+eHpX#06GbVj1O%K1ovrbU
zkQkC@jbzHj1BQNbYonie1e-=GBsIBd_Fk;$!l<%ae(cHo(9F0*?;-n6@mOym%Q>#Q
zlCiO|#j8`{GF5`kY^XHHU^jU7x~`rc4Z||~=WEcVW^{XFV_(n1qjLF2OH?y_h#sgs
zKl({uz~QKj7f2B>xoY75Vl3=uJsN(h>rKm*`d-b5jjYx-TW9!LF;D&DY^89PT|YlR
zyqmA-)j5@kVd?#`OFzM<lg}m$)Lt_P83~XS?#s12W@eVUU-5xkYtm$~`M!_{f6tVm
ze?}vtxA<MPw9TWCIoG$nC1UUjU)loED0N*O9W-b;Eg$W(p?;CUW?hVM-Clg)257<x
za6%#c(L95w2U1`KKF`mbftwZ@K4oo+4<(o`@Tq$>aq7OIcw5o+Q)?h)fm_R2OGjJv
zv7}KTo4*k<>o_WdT(6LkIRW$84;vOxwD<G~Z2)<`3N#-Agx-@s<oWDuYODkWd;5AZ
z%y}=&XUUXL*%e?uAA5|-MqDWQY_=Xz-1qOVe&DoRy=qhZ4L#Wsg&<!vGZU^oQJD^9
z5*49fl|D*sB!tpGG7LdFKBQ5tP`*5r5Eu6VD&LlNjLIePDl^L5`bLwEzcch(tfvZU
z{I@gg%wF$JlDeBe3BYM=WMs;K7%ZY#G#9P-CAo5=kx4O-l6BO=(o#RSz$XYZe>nk%
z9cBKnK-%2g>;MB(wGmmssL%iY%|6&kNls1<D<kw?^mGF=Qhl1!{nz#q4@p~gcJGV=
z_%&mwB^fg?FvROfV=(>+9E_w0LVo8KT28Y8!jdh2YL1)HpeV^@g37kbe=MRbrdsAi
z*yY;v@81wFJ#}^d50Jqeaz3?e!`r9I<8U+x9N5&-5|iLdN!SoU1pb(LhMl!BRu?GN
z{{Pl(FxTMT<rsLvz9dNkUTHouri4Vr-)d1*EMZTyw3MX}pQ)9;eXHdc71guR+uO_U
zM@XJYBMIe6oN>s((&nxS3Gu#do2fd-dFLHH9i7>IFkn*B(ij;J#==;^rX`QVVCI58
z7k3h^ApJ1Bq@-p`N%dtIIz4|p8}Iv=oA+|9Cne<vgOU`_ez3m2fV9=X3uuv^1+*q9
z1a>l7kcyGf)gGb}378p~g~JB6A@}@w&`MED=w@w=k4j~KE7XXkT)CUrRcIt5*I4Cz
zBsQG$-^+Uv$m%KfCLy6BamEkx*#S;E${g3i!lG1PVAu8ZcvlEXDf@a>?=62_@WaA;
zy83*M6<X|bL&BQTF{xF#6b?m22oj`8@`r#l<x<bGe>ogTOB=_V<9}xsXAG??xBGK|
ziJT0oKf}KHaWuM@5Bw)u^<q?u&Fs&(aavw2{KfhCUfh}(ySZ@_tFV&%D+N<QpFU-h
z)Q*nsIn3Va)jTOEnhY%-{ULLFeD%lAJEo>tnmqN#ClbS4s`5`wPza1`>nklSWiA78
zNv>g~YoEEL4GQIY`D}oE!JTC)h+9;l=ZyW&cUPmVhf6m4r_5MAHwZ4AYzx{8U!fAx
zjiQ~NoovdhCPdzyuH#`9Wy?<7F)Ee^8%mG$%RYF1g80OCXXi>`ao}4*L7EC}9Sq{+
zG_8MZ>I>jB_b#~TL$|GY^}K(ZJ;sI*_R^(!h*qbjrtpS`hbdYfe|1H~SXn6O?CdT!
z)MJ>{u0T=)>9y#X8>N+m)8whR*t2Z+&zd~g6z8R$p2L1ue}C@b{#>%(xwB_+u^V4k
zG|5*Hy+v|fK>ythkAp2HXh@>5xw(1B4V+o?jtlNqRunLT*M9Yv;xdNuBR3B&V!t@d
zVB~QsC0&s3jm|7R{lgR4R^Ya9fB25-0~sL^k&dw7;Gw*XjHb=VAj}Zb;Y~$di2@G5
z5RgG%{15XL$|YB%4W6h@M?!*+n5;fSON)`0mFMHxjNKK#rs<Z&zp3fz8ql1wVC_c$
zsSh73tUJ*z+_NYpJDaca%sI|MI$GLoTo!{?(b^7*?{;(Y<r-WCQ&Pak_a>fLZI2%W
z2xvMkZqaP5a@X)FFpTqIx<v>PwK`KB101CD@Hd)qad8XQFJ5@)q9S3rXv5Zi`?*AM
zvd;xQQP?t3`FIxME1l<N83L@(T_$s5W8;h%q?I^Og-H93J>$xFpht5TfHb($$Hxa7
zxV_A8?x3iJzEG*Da?8#+qbms)oPYnB`kc%f9qI*aan9%91(ToyNhzv{1C^#-12*Ra
z`=?Kzf-5R29N;6+T|66<38fcyCQ*~_=*tmiW+BXZ56nO3DeZ+Z>pZaz{{d|PyrIsy
z4Vqjh;4iX9Ki`vAK%ss~g2O<Olai1Gi`k6VaKh*b5~TUo?K<c-bm31W6VD}WYAG$7
zDMBq!l6LXy^?C_%D23etQ(}l6;(!iQLZkWpu`h+dV>G-hb>D`g>`aR+nw#f0{b9Pz
zeBqwvJvK*4b>ZGVcKgkz&Jd%Ni(2C%Ft&sT!i6#^6l(H{nG^(Cbl6A1NrbWp20DXN
zKsR7>L|N^QKV;%}nI*X$ud5HMs5J#&)}X4g<AQZZKHm&y@%WgZ-vw<9zM6^(VSP9D
zQ67nih`fZLO4xmGoecS$n_Ulmx(i<JSVo_x3t?8H0&^j@I2YI_^fX0BfC!miTG9qS
zmzl-0XY=ZjQ-GKfLM~1n1V@@3)_$<A&NTV^cSmLf#@3&Q+zvxZdQKwg=FG<rj{<V|
zQFyp1_rI`3Dr+Wt>^w}<7ci2tovfEInd3mA+D*Wao$bzkSorm8VPR$H>(?)FQlS5f
z#mI1ee>*v7o57;17xne+tqd3yG`5`CwHhNt>{o`iCwu@iV+Mt?=Cm^!eGxjgp-_<k
zkLF0Tvjd*fz5=shw4{*wfPmVD;R~^yNwgA%A<b1U3EEy*QdN3YyY`!cqL2>G=D@qS
zIEU8`W@t3NH!RNQKA@=?n*;2w24FS`PRh3udS0{6Mpz+rgNK(LD`M|!JP4p-WzCM4
zVhT<}A>KYda=+KAPphtqiS2!8-hi%f*qRAC2a}p={6a;g^*e*m(}W0>k1B|m!#W!_
z^-Frk?O5@&<&JWVV1K`u+j@#?|5Te`_3QSww!`fnHJM5-M`;x5ED_`q>b%n{D~VKe
zbj3T{14e>4-f6zLd=54>EY{Zl0*W=Y2iltBHNmulSDXY`hTVFB$UU#l$ih<P30aRi
z_Bfy-v0tm`KJ+G;fs@I^&(E(0vm;@8L_I*qSH~I&#h*VnX>$9tMM^hr^&+$+J^b!3
z7=FuRXSXRNE-t<V1%BFp=Su6}0>wbLwWU(1-fcq&`UGL?>}X7bJ@?fXtFo#OBSIjm
zRPrvDIPyB81_cA+oh0QpDgo9o533%h7H6TRE`oMeV0pZOxQ`MPTpNJa76#Ff(Y$&^
zh;KcNQFL?!q@7w=4~B;6JT>;&1A-p{VcK(3({sR{nSriPe`R}Zz)vkgm4Uj59hz@)
z?Lzk&a9{$oNJP~8V6Zn6d(gV<i>B|>FWkI!9m!seZ(TO;!B`U{1sHG*wzjqw$H&K}
z1mp_vB!t+dW)gy&q8uzqmQpCA1Npxr`lpSw?ZSn7`a0aouOK~#_^f`WSs7awsyg2J
z6NME|i;9Q{&|Sobx4QN3tu%FX2G=}2J<I>&=lR)juznuqMVXpP^YJ%)4<Ie@n2^_e
zpot(5G}&>nv)4L7EJ`OVas}?e^zR;n;I6D&W?tq&)zOH^J2RLB8}eq&{`5)v@IkRj
z<uwM%xU{*7N_fb(Z{HX%Ff%JaXVmXxjMqQE7>!m&qkSP5MVU`Ql^+DszLL--=DCH%
z0FLbaJ7oGl+ij&Kk7CA7A?UC?S>Rd*;<Rw6=vM&0s@Gw_Ko$(C_|w0Ffpc{O&Q+SD
z31FoUfB*hH3dyt!vVJeMhEZEP+rdu3<>Bw!l|m==XR!Ig_K^#AT@n%#!!L4iSuerY
zb_faJg22rWd#;$For0c+y!;OqI=a|8U0q#rgo^GwA$VJTai`ptHFX+V<0(oRwwe*<
zqCO~W)cD|S0ytSQGBT29&M5^+{l8<i(v_wd@&@}4hhV9h5S5US0+W6|%ZJ~|`eMAQ
z45p4EIrbWc7#TJ;5G3x7*4pIc%RT7BCIJDgg>Z5b*ioT>FV))Bl`nGX(vvJdKZSRi
zJP&YXA1f1MPiJKGmeE)>RAu|y<NS_!wbOEU)H|IISBf_wNUVh3w9$N)t|*jw-bIoC
zlej^4IPitnu3g*Wx|<+Y1hPIZ1ajTijG}idZ+XmrRxgQshdC&_fp~+7Oav5dEjKrJ
zVe%s<Ds2aYT^BrC8=Jl9u2cn6O`e!(moWxl{Wzl0=zC!N7XyCYgrWjo>?3SV<IndO
z5=@MYWwkXm<JDmezaV3DaB>>+g0?lX;5<>kXt2?N!@cw8&l@G&aA>7L2q{?-pc!4E
znzpv~Wk&&c=rPDUF*mM22@h&!4xXFsqFMDF^8fEQ9^L;!gAEEUUc?$yxXzNn$-rJ`
zUctj+FZ?=iuGq`h7`7Pps>L2cxFR26Zw{C873?O4>mvRC-R6I1ZH~OiD4yObr+fAS
Pf$NsyU39MeBj5i5q?->U

literal 104199
zcmeEt^<NZW*Y~i1bVzrobeAX~jdXW+cXvu7A>9qqvC=IdARyhXNOw!_Gu+Sp{0Z-G
zFCTVc=QA@qb6wXt-#BNYloTW}P)Se$0Kkxz5?28Lcq#yZXd%A<w`6*RIDvl<Tt%hT
zkij26WV1-{Gm4Xxwkx>*{PPP=ls?M~+(_&uq2;FPXyN8*>|zdhdU~>2JJ`CK8atV@
zI=Wb99Se{E02LrDE~4g@eYonGZl<0gbb6ERdQrXL>{CjI<^2;!4NpYa?Z+%n!N`7F
zO-<W=O{LIgO{Gbk?LcId1olfMaTmNd7>UHap_tRHl}zhSy(jUy>iXq<#krROxnC*E
z_I1^pecLRLo7XP7B1T6?{a#>;B2$NAi&~*fboxX7^DlD2C!`nH;5P8nMB;ZK<bQY3
z;Up6N@6NI>;F14(*iR!s<bRK1Ax5YA@9{LB;1HfqicH;L#vVlVzo$w?|Nkfbe>tX;
z*VicEP%ptgfBsCQ+w9;T5fPDdcINEs;xd(+o7?2tnw>JfQ>{{NmMlZ_O^=ndi;^f{
zC^pEo^YEUaL@hJ?WjYC(oEVnf2rBc)Ir$)p-u#tmeR`T4ZRgn7n2V-n+Whje?*7RM
zTeW_B)57HB_nYhaIB@06KQDm-_?gSgh9>U|3r{1X9&%FBZ(mDGv*l<_&A(}LrHw3>
zsQhG3kqO`N4&S*CCk(adX{B%}aHi&_M!*$iXFyO_!KR^6R>4ld0gwSx;q+2ruAtrU
zSK;N64vZ#CKxuVkiqf0auaR5yChwzl;+Pd<7iT<5>c})MW#cYo5QZfRJ8+b7X$r$j
zBhN<=Ae3smxIe@o0tn!nint+>xiGzYD5nHbQnJcVq9l^(mQs!aE`rQ90-f;VtWx5I
zCUUjj*fgm(9cG++CDYcmm6eqpc8k!d3iZn92r?I`NoTTFO;``M=q^?8^U}U9)MNc>
zzt*uxOh)GRQBpD|Dk@5chB|E|<A=#)MJU4bg}^GBHy(~?jVm=bMHm8ONpS@${S50|
z#vBn2qX-;2X{0%m$qzi~OGXp^=yYW%s;0_xa@;mjtPI?wnJA`h+BdN@Z(>S9Q>D-*
z&>Oi7PbOxC4!BZlF?<#H{9P<5*g9X~-!kKd5i>?>GopDj%Ff0^wzeQ>!!(^6X_1VC
z<(JV29XMrvx%7b{^xf##cjAc3Ey@B2*d6DOuYhDxJiD^OWN8vavI1*4E4j_^(y-DR
z@b@;=Jgmw7K5i4CUTZXFa5I22gW1!~&1-dab!%%REls0FPg}1$!2c(d8J!oITJ1lB
zL7>E#viogZ@BkA7<NfQ`uNB-|Cr3v=KQA_udaG0!nj$^ctlS-918fq(osUCdWA80R
zrR0$nN|M!NL{iE$a4JrAZH2kzgG)6<Mb)H%X^075q84U?SM#e?hw4OOJ5A+f{8U`D
z4DzHIdHQ|YH!*ZHF*JxVUlAvN<)EV6bK0~f>eS4%r=48yq;C1)Ih=E;;X&0>UDOCJ
z)KbyZl2Mb>Vsw;PN#56rtMe>)(G)_p3m-TNA2^i@6sayn!cvCic~-DV)IT$(kjj)7
zf0iCdpCH1`EOiz$Ehw-KHs1|4*Pb1YrHuLU;3aTeqEhZ+Y58@2bya`=;DD)Gr?H~L
zVYRK$_)w2X9J!zq5zLLdK^xu_t5EY8E_U_}yY;TsjO^?NFdz=?-r8<mcvmXXYyB|c
z&~d;ELzu<_BcUcjek7JeECd0-XSttrLzJrwLttl?kVA{KmNi)tUTJuh!$FnGQcj-K
z?}687BIBwT|K3?*rNzua1*%m@g7b#sH0R78v2inT$+`UI@??!p1J#T{(pzxEj9N^B
zTG5<AR-#^5ok3BeT=<iV@<nGNb*G7*Hx0z#OPLCa8m(AzcMkn}WoQ<FhgDc&9Re?f
zB5eH#<(4K^P3HVbgr7OkGR9qFt7Em#T!&sn;85}S_RMQV@$2+fTpVWY*RNk2{BF;u
z_Gc?)D>Z9btw{`MsX{%39<mTY0C=}k=YF7Jx!h!be0o~P#lfMBhSI7x#)yY%QR4g_
z90Rqiw6O2*Ygu_sRAd;l(n!l?q>Qdo5X6Fw8Emwa6+`yu{}kizIR$IQ6{l849?96W
z%X~8xbT^3}z)9po`MDB0^M~R49|mbTQZdMqcPQYVH06|pV>Em0@4z6E3|0I4O>WyV
zoqoHFc{`GROIxjz0jFD!TcFm=yz^DLnnNUWGEhnzb&eE;Do_Z?6DGp`0k4!T`TOI~
zr9|$0bo!D+_EI9#5M=@u*-AABIej$dzEhSFRI<Txb%(^C#bDMD7=iw)AEe;-Ui03G
zJzjGJM6Cit!89==EQ10M4}YD?qMQBY%S%r?yV2)F%#|VMFI6|Z<x=A9?a`}DA3E@U
zzBoZm>U%P_xQvL1jFL*?Zb&KX8!MlgcqMB++EV;5gi6gX4QTx?G_fS<G>xXiZYF~6
zf1=x*rB`L7B1;frX=obt(NT6c#2D(dbf8)~qLiWSSFI(0a=P*F-FyN}yQxn{x;%n{
z#Zh}41QuW2goI2h^m3)T$zm_*@PZN+2bqY~tr)v+^6^IH6!lwl$6r!681@1o69G0(
zP7@VsIEVH19F{gV6@qWTg*#al9tx!-5*fk}`pZYCSF3>&iY+HCU5t%aY=w#<2RD6?
zN}3T(q@gdhtNcd$Ksu5UCACtHmqLl3_CO30BawoDj)Kg>@jX}(-PX@9^6ckJ+S0-F
z^bE6Cyz=G&;ln1W!!BPKYvs%~ULyNf^ahpLz@j&l%O=pv(Akt`OTyf4b)<7bUpa_E
zwM3`1RG?lubzU-1HA2gu3gw=c$f<{ah3W0QCDt8SVN{{lnjmdi`t<SR$ImRfO)Y(W
zea8z6>FOvbjh#3Z)CFytA%kMCk;5oZ3tYz<7jqG$OYjgX{81W9USf>I=1;X$MH*{<
z%=2Kt@x-qu&rf|FwIyRSnEbn6ltdl(P4zWR|8&TYq{Jl-@Rp8Vi+f~7M^VQrqN@t>
z42xTYL>=NKwOTXAq|kcTN~v#1%9a<Js}&m)<4@;LeN)Tu+h#Nw#B;|@^tfbTNyY1z
zM<!5YAW%e0J;c_5szTLx=lOjQSVhE<j~s}ECqx`=Y-DP=+1gD_O~?NJHLFfc7}?qv
z3)#C5J`Mx#hJ+Et{zitX!MRm=CJA_BV-P1AvRIJ6tUgn5NwZM%#zT%cjueM~n~RRs
znwd2tE0H@jSx11T40jL>5_;{-h#nM=Wo_c8h4%Gh`p{?9j0~e!c?Fz#Q4sM~sT4!n
zsT(UE0b#MLV8~2&t5Iw85{E=~OQD14mzu39CtSGL61<qN2(oVA@MAO2(p<S=Sw>+_
z)-j`kXbA^ieSoor#mD6i?{ECv+-C8yv9p<J2TUll9A#Z6qy|H=MsX;Tvq4I>1~p*_
z7?BqAk*Q?rsU(Y&5h*Igu3@j5(E6*w5j6J{vPnIdjU1T4v>_|APg_Euh`Rsg%~N0e
z#FOl(oRXkm)!CUbEvKoP*+9mSf@UR_9D%F&ojFPDI!0lqgt%6Q5)DZu)})lVgq`L~
zI@WSr&4zYEYX#8>FO@ninJIA{sJM<*IqP?oRne2(m*Tu<zg~n+z#+jSFWIApL41!}
zce1~K7Xcx0CO13VjWgqO%1^UHKS9Ipf~7;E85^2lG}_P!FY{Uibwa#C8BzCnbN!e4
zwP+|!(G@7}?X1fw+vfaBOd`#uDGAu|bM);f(yPU0XT?SiIARb{Br1Hb(0B|EL5||H
za^>fk7*$aIl2ZsxFoz}-O)-6hdvzLx>R;HK?|y>$Vc$RUE|*Ngq7p0d`jY9F{ENo5
z2=MyNzD}s<iyrI}Ft1TxU*Eui!!JQ3tQ5oBef!H&@O<d?L9z-J9y>KYT8WuoK_?FK
zjE8=W8ctzgOXWzcoa9TU8Y!se7xVgXj<QjY5{JRzDn3Z#+(bIwsJyY1@UBrI-sv94
z@L&Wt2TyPRUwYg{X-13E^ij(~K$$gRaSf?^>K+@1hVkB%9#J_^t?`B$6>BC=`VTFh
zev^!igQ$2GZz<Dk1ZDwU`#V`rwCW<=gq)Qla!_eJum|N6%&$6aqDh@FmVn^A1%c~E
zr$PWsQ?_K}UQTPwM9I!gzP?;bDOl?cK6pG3^Pe>?s5kk5G;n>L7L2_lTdeuY&n_V<
z>WCz7iGoLAT#h|s1iOBVLF2`b@W79$(zSBxS}52Z);mta;MG<;Eu{=t)73}`uvo8?
zl((WNm`eY|vHt$Y`nyVwilRFT%j$?VbChfvNO38{;1C*TZ_4xHNtx!5W|tY!rP$l#
zu_TciolLZFlU|dIf9Cp<VYD`3QTg!qlNz|@QeqIifSya8t4~XDW(uNH;t@tUouUWY
zKd-uGd$ruH%4**WP_?!4cB_RdeJBZ1jAIuR?C+mJ##J@VOwY)F#V;Wd5dPC7wL&FW
zrdBPZP0i4M1L0kK?pGau_R3i#O=W)86kIy)FR41?s1z(=a?%8fD5?86VA`<SqbMk8
zM_?zf#6qTa3j(t^LD+6MrzQnXIujNOfq<3^@?iLtky{o;92SS*`--U17Ftf+WXJWw
zv^>9rA@D0*z6ftf`YI58#M6+|RiUF`iIBQ+>9h=+xSMn83>34f`VgYZ8+>B(iW^It
zRY{Pu=igrs+EU4kbc*<E{~^mV=20c}QPto0Q59E$+_Co68kBCPO?OJ9%Osj_CK;^P
z`3ipEB>qrI98jH{DKYyxGrcM*>*=~b`smB&b~S$YdCRshH%TE+Z}<dF6uH136r&CI
z${3ejvjuC-KEL(7Q$n0v#L*;?E}i_O(C8$&IX(=4xfW5isI++tr2>^pJOx!8(Hs&A
zOcvIu5NlUzG1F*C#!s}RqS-Gp*3_=_T+K!x=}5AL<2MApgn$?SoUl3S^*1v(Xf0^V
z!Mx#1S@z7KWyNnPl#PY)v4qc@-U<V1sjTY0lzI}CNogxBubAd!SEJBKWF<amL}8ZG
z@FB>0f=h;_!Hk!+Kpa%QlE#3DFClflC)<wCjZ0U0pM*y=;%nV2Cp++>n{7>OK7%7q
zFe<kTt{Ns(Chx)roTyAC3<(UbeeHVFM3CH+w1v&J%2{<*wybpva%)hIHFnL$`1prz
zzrNr~j@RUkB{em%$o^?_MV(gyRa@j9yNN_)${GkuDUp4JkN{QjXD_1poQkVXnVnv!
zpqChDAdwR~Ve-@JuWQMTh^)Ib%j%CtxA>meH!nqzj}E}_dqkD>K;>U#IP6o@JJr%2
zouscqxB1=gkt1mwc9wy{;$>4rebSv#p^{5qi`VH|MJ$XiraYb6?^5L4366pLm2<Ua
z$%JNAZ04aRMaT&@WuzCfpGo_`U<6UT4`uq00_T^kQcfW;a}HVaaw&Bs5L1vt1yhWL
zgIvqx4PL#udp{+Q2x>iZ_(s#jcObzHEhO($@l2wQ1sQ)yC_$|K76>hkYH1Twt7OQl
z%j+nhwO|zwE^$n)8F?w&K8~)&-$a20rYVM{--q6^kdaRGK4$}xNpTAm+ze*|2XE0d
zELcW`NgRExR8U0YuOC(oT=m5YdQdaT2E3~FJX?R;3i)el9(%h|eF!J7{Ov*lfdVEM
z2ak-zf6-hHk0ScL&N6pRfE`n9oPF%uSol??{<3B6u{Z`$o9ykX+Np~wHS75AV(Yx3
zX;5o6`^j44d5vnaq~$LR`XdBEATtE0N?CsKL?CTv_7U1aH3dSQ+<GDznfjEqGU8}M
z!uoXGul{~~74yDg7!hJz^3$M}dr>#;je<bt1MXF|ll>xzL)A)8Y@=j2cP<}2n~^$E
z5E126Z<H~CycTJZOKHs=wmpd?h}oQ{k*I!4>`m&YR?{sqC-5Bhh#*RYKBM-SptX3`
z07I&jgsE<len<&lN$T-7m_CfIK*+#ex&VEfhEI{DpC-En+3)7r1YXK9Ak&36{wHr>
z*!tP{vQ!}?6@@q7qA=Movtplq07My$X_mY*_&9!=F#Mca&33;+>GY(Tzvp%Gzj|3P
zx7s{@2xYdQrKcpF`cK06sBLb?lypnXc)^t-zbT`9RS;lj+vwb;;%~LUU9)t*LHp*&
zpddX9dqy6WKv6nXN;-8H@0l05{f8HERDI&?cy^iYNkQZ3C@6}p`|Gstp+OQYfAM{9
zH%rMFEPkZ}iwfZ~H=yR`lC9>aAXn+_a`WEre+dHzbRoawNL;+Q)NgH){NLL^=P~lz
zsEcB$O%vOclRg~i(Kf6F)UX+j$IeEC-9@|m)vW$i-xYhummd{n9IF_|`Gwfj#UfFo
z0!uFSTrD+5{G)7IVeF<?$xW~;1dP0iqO}MsyUL<S+)53~H+$OU=)5mMj#2+iRU?eb
z<76(L`B9udt=xaixAAALjftIsG5}@<_Ez#yiObZ{h<Gdx?P1lqNhU1;mSAk7J%i(7
z-}hwh=e;{BLlaK-Z(kFUn)$hi?@XuA-j9YJ3pGwEUCCdoh>s+3zuuQrwrO(KDPJ1+
zqI~sTqd%Gf2a!a=S3~+&EE-A7+t{KgOc3k}Xxdv+k5hFdv1&iCiSmnp_hR<7jBz`P
zd8=%$In{P`gd_PCNPtj50^}I_Y20el&`(oykY6aLKK_G!8tap1D!qlRJY+`xa7x1S
zI5V&Ro2EfB=wfEp%;|O7JJm2s@H3~T9!@k^lKZTL3^LYAJ$|XayDV9kIg`h-$)S9h
zb2HyhG&<up*e&R^`D1%>Lce-J_tmHUpwlojy892yk4|p|Flw&J4qL?UV^=5x2+*1Y
zjO7A0;d6Ws$kaFtWs$j?Y%w;W?4%Zv#^vNFl>E_JH4SqVTj0gNZ?xN^xCnu^?oR-H
zNY9RCDhUWC>&UsjqX4k6DF#CA3X@PfG&!$2s2``DB}j=b4rAuo#pI(0U9EeJ60>S?
zY)pablUUb;AA0(L^sx?L?Ny_X#`V0D=sg-bl~uQKRn6g~2r`jv9P)t>@8dLDk||+V
zwe7wyrEJ8f@xw1`v|DLK@&}As%$>3Y1?71N;Apa#aY&8?c22J>?*wntxlF4eKIQ6q
zMuDefw-c4T$GAbPr6+WFaF;Xm*OJ1GC4@bxlFFadcWVK_7{gBTRZ0Z2&EZiT_H9OZ
zkHTiV797Kjy6}p=FKZ|O^cL(iOvZP2MJUEuMQL`i%-`mYj~^bn>Y$tcdI=|m!kwDP
zoSQgMFv!v|I2Iu4P4kKq_j73*LZdznnl|5K()b&+=BKwWfP|+(tnoL7_qh*if{LNo
zIx^2RzAs>n*x)1##_K@gVz=<nI<WTn!?&!KQA-l|A=a)q##!D5Q$VD>#tkM<kViHN
z05UhLyN7IWZyw_*a|4BPIwRvTpuN@I?!ijtHL$D+!83Hng5Z}w_yZj+S#NC;<1u#`
zPmzHh=(qu&1G#S|?{!Atenpoy1YmzmLYuBC((E7evbV+xWB@UCyax!mX1aD}v*8bD
z<_J2>i1A)jgEKzU*A1DSfDe(an{dFk3+OF-63Qc*14kU|I*&#0eXo`PO_cS?#DZPm
zwAjaO%RI#t%GPBF&ppe`{d`0x%>S%kPhA6qs!hX(c?YFxHs0H6Eccm+_=<--)+i9x
zk;&!ikPyhR&FWc$`frpFiydt6v7xdel3*f0iNnWk&<*?K-bb7q;<T~%X-A%xLD-D8
zY)D=e2zt1J?Kr@0Tz!$&U3#OdYgg-Bb`1?zG+VBk$3zw30c<;e8Op~K-m7HFu1ab@
z00<Qu-+N7Yd%tFMkYtZ!{7+HPssW9%)iwZ!X~j#sYSpx3@VK#JCl*^2>C>kjN;)@T
z)veyc9}g5hgPJq(zZ%I<+;(aSJ#JiT;KR}>EZ2%Wv(`3mh@VukGC5D_W!=$Ij|p@n
z<LmM~EfxizE_Lwb&Jyq(yO%TqqWZ_YRimu#L^@x$U&>(Ee%cp1hLc7e(!ZEq7{y<g
zj~;yoUqW@e@42mIS)2a!Gi+~h^9`6Ic9RTY@d`G4!`|OVMqEG8P?DMz!TbXh`$#e6
z`$yl9-VWLN-Um7jdZg~#{9B#%(P&uJ{pz+ZkMUdbV1LukM-HALcsHDHfk_=KM4&x~
zYh|8-1heGJCd+^-b7PBUmW;$!xoMZ0Py9hcdf^JN%U-pofe{mylXvs6dSg$=5hw>k
zNu4u@l*3Ddx!dvnch&k^NREwgK*!*diF@EbUsYMZeJeT!io}Pjw3hFwbnY2Bg|B#j
znK@)e>xEBx$y^$`-S3KyE4OUgSnfyU9hP<1x~<20yn{B{yNjYI40Jyn*F2r93l?5g
zJG6(|9QHQ5$CPt4P1uh3g%dbDG-mld`jV0i#qvmoj+O7E4&SVsF)>KB+eErwUUaU(
zy1b@*{{)!+sXRG?D*8!#D?WCHfpP!pffVZqJ7Z*GFVA1FoJIHN(Wb#+)=}xK6iT}a
z`ND74idwma`VSt|Y%z;V?LW;3c`@-=@Do0{p`@xL+;5JXW*GXtpVh<9jJfIepW7W=
zH`*JS5C475(unr!yw9_-s#>x=ZAgCl&ynW)rzEWOr*H8@0H9-;XS6!vz3&c7oz^68
zE8BBr<dqM9x}6aeZ0$Vi7MbxNyt?1`@UWBW+;=5}Yj4PZD*Y5LyLzcBlxhE@cU!<e
zYIL#r@zGyLld?I^|I61F#f}J=T~x+Top(RiAF{Mu0XWh8n<PTT3U;atLw}ktkH0(<
zukzl`k>fMpubAVCPp7z^Ya75MJU`c|X)afwh$54hfn1ba)D%U#We=MEhZ@D;(yM;Q
zRLIJEu+{AZqv_(obw}?{UHfeOV96K-I+eSr>tc<AsFoGQo-ekBaB=7vTgSI=|8{Iw
zbG*GS!b*qap2bx|Za_!+@~;PZ(%3_Fq3E>Z)-mg~_E%&+3P=F`nsaPcz=)(pVj!#r
zQF1uilG4I83=0VIQ2*pnM!sB5;~BPGV@E3Nq6vFv5XgU4(Y(XAe!EAUue_ZQ#!UX0
zht~E;N68LXxS!o^U1Ut*Av!|JA<nBa7E4sR|1{xQx}Sy$jiY$*mOv(Vd%im{Vyh32
z0xMk-JDZ<agoL1aZ^CqIoR$z1exCTfVTsYMxT)E$PwVO`1LcbP25uo~g?UwpO5H@+
z$dc`xI_>pezWqBHH0M9<Gq!c@bT&uvwB5Jg<8m-4UC;9TdS-m?oHLceZiZGZ>g<zf
zU8m*#a;j~YmJeB`kIJiRGb({nF$d;jJfH>RWhttL1B7MLAGVSB&w2F;bm{TRdR|Wp
zJ-KBLByt9fWkp|*GY!7*kd2xV+&XkQ#v&X%;6<)}Ra*VWvb#Rv-N})+_V8pmr61>!
z&{aMP&@=dgM|)`MZum7N`GgGCir&F=T^!%yf#19(=>XBRmWoH`jqG&aiO^Rp@nq8T
zdBgoCG^(Rw*l#hefy}<;z}lB!l_dlY;fURSabE@?cDTJgqv#qzkI1vth7|M$;W@N1
zYxv*H`2Vz(0e}qIuFRoFFy`lG>Dq)&V;KbbdN|YkcqDRK4xh#y6^KdW3{EKz!fCX8
zp%5tP;C6H>>d<$5;nKj%axiTeHs>HWFqv^Q2lD94qCAzxzKAU;?lK`?|6LNJBDxLh
zN~K@*EP7o!0E(Blm#k(1S1B`oSXdFcvs~bpEZ+ajlW)5Bdnz4SC4Y1semEcbxgcwx
z`YN2q(xl)q0y*fw<940$eqs6{MW{XSewPkb(C)pbHZB>+{yW>HNwaemgl0v@K-kD#
zMf2?pJ=Z=&>S=p~JmFh+_+E2BRf#ABFsk~%`8n^g)bB~LI~pE9(9L6CBA*}S+c#so
zZ42zfKmyepxT13M*$hcjdDkprGEhn(dDwkb`c}!jYYt~;1#?E{3m-o6_*v=ucige&
zGjEsuf%{#w%nd6?iXCO^PE-+~0szyzKuJ&7jRP@tY7w;i-ngpc?5*yB!FSwRFWK)4
zPHxCD!OUCMeQ|#jOycE55=&NF5t!yX5DxM)){<e<G!ECELQ>3bWE^r5ESk|PmmwJ6
zzhNy2ok!d(7><Il={$n9W)pLW2OpVwxC`c`pYz?kg!~uoF%^GCAGZ0=GGO<29n_}Z
zUA_N~6G*|$nt!|kBbCtISzl2u*5<X)tsU=&V;UJB3EB>v6oZV4o|te6wFq>(cbG=I
z)<8*63kqTvQiaN|<dEq<LqYcaNqU}})CsMhh!1x0LC(;#J!pILW6V##KoA7g^n*Cm
zs4aT+3_Q@bV5kzTy7m@?R$t$w`uFacA2=#p!2!t|RHYw@^H#?C{~~Xy7NHlHJ?2O4
zok=|U(XO99tvsDyfLzV@nN9Xx;vW=#R4oaLcQCz*{kkRjWcO1gIQkIJ{O8z`gb$b@
zZ83W1&e&@7iOSkA5V+C;iU<S&;NR}sUx9bjeSF(t0q^RhYZdsR@%+EI-jb0Ii>4N0
zQwRNDFMxyZ=F7(`+v>ifti}~EaaoVdyMO=}vbwmkitV<dk3r==(kiD*&b$fAUfK-9
z0Pit0i^4s|CnztWiDg%f6`6~j6t_NTMPs}bDn-i5V?UpN<b3OxboR;@Y5T)qsZu8w
zDzE-AxL7PMK=Txp3oMt=OTksL`rEw=>?=8*X%<?U6nLc>28YsQ&q>>L{lv<_lWA@3
z;85fTlfSOXrUQU_{aIFUU?<E5SJshuQ8s9S4jkc{dVFTDyIR@<UA8C(fQR`9Us7~>
z6J(^c-wl}_@w{ak?g6S6pk3Yr?>u6z_Q8b^0FY}(2OK*qNQ)7aaDr@v-Sn0F68jtQ
zzmZAXYg#pp@X!rNY>aokpO|FgTYqewBi~?v_rG1L(_yft_@=v_)H@i__}jDFECWpW
zU&iZh18T%AoZ&+2e(YF*lzsxFZv1kF^<4z-dcRcb@B~HfITK(Cnu08=Z`_)BQCpYr
z=)?Jr4&a>YX;CdCo_gLG!#>*(5j;0NUR`9kp&3_c_*4v7uu-YKBh?A1RwSOS&;CFO
zn+)|`VzR9*=?yZg?V#7_xFFF)q=?G%51>BtJfUa4Hu>h<e5Fs;r#pJww54~Slrhpx
zo_7%POW?0o_dU$tQ|82Qon1PLhQGxBVXq5(1)TGojDl=f$7FlT@o=jB=}K)Q>6tTk
zfQ!o~e%<oyj5>Cy#;n|-pjvA%sWw1zP4G9(TJJbs#?#qX)kP*YoAOg7I#x^8dkuk$
z7`D<K3>lg4mp}4kM@(`{VdamU`4vVRd*n4r+^;L+m0o*3)JuBN(01aabV;i3;$o8-
zRag&*7sBth72$t)K#<TRuZi5lX18Oc>_qDwfq7oPFQK~oLf6>+hn9P3D2XFTtMJ-4
ze`;0fQGzNJe(qxIvjZ|5R1e{FL<Z4ZsY}v~VNl#7`c{BDWkcM2z>*1PWDXi^%ceca
zT7^t87LK|2&z6q1X?~2C%*SI*TIWiQ2;@OZneSRsl|l7c1Co4?^sfB`9m9{0(6IA?
z<<b2xe9E=L?_cPU0A*93(-l*&6~{OeswnWygF`b=d7ar~juds41`UHhN3((it@_5X
zt1j>ESaSN7l(o9rGOz2O>)zq4kOK4lVeMcnPejD6&{OZ0YLT2_Q)ZTAF5V2|hgnzq
zcM<woI<phaE(r+OUo!GrD+3lh_ENlu>Yt!&4;CS;+-vEaQn1YkS1N>z)(736-tqdO
zQ;)p5s_QUuB+AvfQ_lis!g6Lp>vvFfHX)}Nd%JghyIv!M7Kb}I^+wnXE7$E!u~*RK
zuNirP)T_s?M`nSZ%CFA$J^yC$wpCh^yGLub-GoaV9j}I13*XI!@cqFXwxmTb%o1Kj
zsEebZDuwTlgX2KQK8OQuS4?~2gvfWJuK=L<Tv;p+hPpBTgr~-V1OSX&m<juE`6R$J
zKm>2(bGg3c!iY$P7_>1Np+0XTYVDR40VFqvrdWI*$Pz&p#P!$K_s_2uP!rh*J|B4w
zg1T3-KbBlSulxJ+qGQZ3GMSioeU-(7ruRL!2Jr)+nl;wBK@~w)E$^ZGz0hL^c<)~8
zq`W3u)oEY%{m1&PZKYq}5FwB6TM?IeIeR-^lr`gHlj3MH%;&56npYON&`rpnL+5Hj
zSmC=Hg&#m{kv$qOY@i&AQr*Pov%LRF(OwsuA&)`FJ>ORllt=+8_or^lX~%NX>2kaw
z7h7Zq12vhC#wIA|!Ti0ZC##)#G!}mS_+zxhP;uC$ersIrU~gwcFz~kbcag$*<H?w1
z;C-j~1t+aZdrYN8N{kukI~*{t`mYwUu6?qk<oPJ%E~2=@FT|DOHM@-FO3{2JtuM#c
z5w&Vk269*?HW{5AgN=x=Y}#nV*t8fqFA3Ta8pcOX^)m-ZCWU@kvxo*|fz%DEC=R)B
zqP{SHD%{>7B90<_R7u4LF8hFZDLgWIc#nsSo?K4_+XN$>BO(BDnNAqova_`Ny96Q(
z^$o5~5Qhu10r-GjcU>QLjC@b`M^DqYRZfDWIu(@e-JasSK_1slkL};PZ&eafJbX?2
zIE3dYN!2xmy|G>Wun1o_A6d^MAb<9<`JRgp`V^pWAEQEOSW_1u^ZU4C`mM;TQ}U!7
z5nB*y@A0W6;<#+pF>j$IxkON_e@w7D;o;tM3%Ax!m)dt0%S1;r&&pHp>W?A*PE9TV
z)M?Eu{E}?4PFjDo8q^!~j$gIKcWCV`cjR<DK1(POs5XR(m`W4d`KwSq_LKU8#ylKg
zHKK7gL%Nn0n|D$AM^xmmQB@Eg>|wBp@IL3{?(i}$0Lw~%rn)HaBn9SUDTWp5y?cfh
zC#D`OIUsnu?Qn8-?_swo%3!=-2;1LCdR?`d2dg}qqVIIXpbIZi+hA#1PG6`|F&175
zi+phJ{=8FdmaSBZY%0vHAMAi#nAMa0j@sWgDBFVqJ3*M4@WC+<_<Op&v>7|!ku||1
zsb&zV0TJ_87qxxNUwR;oVnjUOi>0D$<w9joMeC0X&a7E(@oT=(;SEc%uvm@PfTHEY
z>gEz&_3oaj%fXY#sxdNk3TMA7n<BI4ZG(F=iSi~_qhB6)=M2!*^tgy<v;J*zkSY76
zn7EybzwjV_#K4(FAy1HDZL5%dQ2%bQE(Dt|{TY}fPIPg@LHRrzrTKe<izJV%{81pR
z2;Tlvl<Sl>#{H)<l>(3QKe<nyG(lE(%KI26<Gd8S%S<X5R7=tB0%ya`ThX4dN&A}`
z*Q=I?UupcqOuz1HA1)PzvT7U=932cC*P6xT;_9N<x+*IJL~%iKPTPG2<NL&-xNo0j
zbdXou1%bvqzPX2gHbvUkuy+1_lN~E(({&4!_;4e!ld=zw97|(<0d2L2jxal%c05}8
zeX307`@=J7VCi-50&#7%d<9NG2I4L8hoK$rrr$*0^I9CAx^+?Dc7^bUUeYl@_u2C^
z3ugM+m3a+OZ7fW#TTCzyO>?n~v}W^Q1G4ww!Ua4AM(}`JHLxqh-4;kl$NsZgG34K-
zqVP(f>E`>UZ_Sd7YTcB-F56NwY661PB{dkCs1uF@l$LW50N|+VBACJ%HNlK7L7XIV
z4?+(&@$b<QhJg=B)>Ij0V|W@BE52hz9shjrkRj>L@J=~oJ`DebI4>SZS><&(M^a{7
z!nWU$^`VOH3WMdoBRv0G9ZWz8gQ^6{!M-KGa*fSpntP$?Cjc1jQA~E!O4_3km>Q7>
z{K-Bs(2RdwS}nEJ+pFcTweak=A?Q-@R=^d5qBT9gz8D=TZ@TiNBJIRB8?X54(sgGh
zEd_L=(3<s$;i>cA_i!U&E2mqxETlh-Met{NhSm%}{<cK939F^o9qgFMyErI6q0=4}
zXDOjtxK6I=z?syn+PPmI+bikTTldgWy$gZyIwoEDtxS(GDf*vmRy1`u_HnodbXPu$
zLN}0sdU(6c^xwcLZC&it7)mUd2$LZN=o>9uc+N>O7y|M}cDl=h2erOJR&0JW!jBS%
zzv+VXnou830?K}C(Y#BD>$1vF7Aq-~PpQ5w)a5OtQEitJ^dbCb_|G!vJiBuIS}}B{
zE3fz~Wj>B@5OL3#pXp}34BSv@1u7O394#sb)jQy~@X9-Chiq(14^#KVyuyvNpfS0i
z%nSfWHsm^S9)3@!riYDT%U1^R+Xp5%tY1IE@FlI{_(?TPq-zEfspB3bkdH>5RZd}b
zBqWmAteknP{KkpfqIrq*73ZcLA_aqE$7;pcV{^Q(vgy_9Q)&0Znz_yp+-V0`SGkJP
z5xLboozl8wVXZ(YDQMFkZ7SZt75>zFa*dxQNc$!pq4jiSI|vpD0l-O-zn1%YulbT&
z$kG<^&GhNqrrz(@cg3Mmj(+*yVE4_j*dx}rnaPH<SDWFB5R9WA{I&I5LNJqxw*jdt
zpwj(uaM#SHFdr|xmX<=%(z;b>XxQ~uZ}el5Yr$Faq1QbfSF6y|D}|i&L%;Pjt_$)L
zN1q}36_+0?S^LBU3F;BSGB=P>IlycH4vGsHXX)vs!<`=*Mg@!^3X>B?P9}7tWcv}E
zW(8pUrVN-mSMnHc&3`-+YSzCK*Q7)|?ThE_C_RU#I(x5)eeC?_cwOu?_GWC+(j}it
z|FIFa(`*R0<b49*@T_WLQl&f*lF!W0pOUh{Irr5Db?%-B2QGiLi6}2uMrM1$i;U%k
zPmXaPzipo*+#>tj92gx$YWR*784ir5(_xicb1gTmNqLFtwmOq`QP)lCaQx7THL&sN
z2oJ0hAKAPi^V6tgwRX;hovWN(SL!LD_8#eSpZspOA%y+H4c)(|(kc||Av0r8tfVeo
zRoIEeSdIN&;5ANpv@~D|Ox!verq_gH0l-f3x90?eALIGdW$dEtN^iBsl@C{-1OwZp
z{p^%R46cg2_8$Vrc_>-Wf3@e2>%;vtI9vS((p_7!WkwpW_%&0EZdi7gdEVodmwR7>
zf6A!2)dlM;=%k|=bd~+O-cItm;zy0rgvnAf|GlIVDk9AD9^EeK7?4GjPmYmGmX*6T
zuMo{EI|y71$irSma2X&CBKLt{)4k|-30mTyYQm_{3*A7<16r@5QX_sMIlj2wjt9~`
zRD~qAV5-&f3uZrFus>}s0~*UB+LIjQBf_y5GY*xb3uFGS9`LvQo!EX?t1Lq6NU!cX
z(ja=C&Tf57!LT2JFE&3Bid08@l*T4?L<A>DSinhD?G^w69@#_!M*?Rn6o20cq5t`w
zMR1kr;?n>{uTqhJY0_jUak{t+RnazfhA3pS@KyaYFYmC*OKGbU^<b{*Z=sM4Ro0Sr
zqH=R&s}n;e2cDzKq)MRpdd&B1%r@HwIWp&L$z*Sh)NU)q>RpF+<y9d2i!o_So)-zj
zHG=@aJ;||yAICgHK3}Tc+9i_1!y<p4*V66rdn7TZ_rp;~I3qeB46>}ByhsV#Gzv$M
zNKiiUuRq>e-!Bl}ZN)b0P7A?A8Oi)go7PG$(}Wg}AX2V8<~1~0Tit8c3Wg82?{7XU
z1uH%a%`yD-PV?db=t37Q8KqtOmn_%)R+d15E3eiv5NBAJ|GF8B+8T4zM!D2OH6_d~
zkJ#T#{vgiLhe!~EUBqtikq&V3p77`&;QiceM{L0f8))xBcDwpgO&ww*%*V|x<c;!g
z-HUQa^2Elk&hQ0?AaMAPYbg-!*TGfBi-CwhZpVLM-+s0A&*W^btP|(oY=XWU;qj%z
z1pH6vR7`J!NCF4|U}l1A1Gcj$jP;&EiW$Y_)LIEwta^MiO$7g&Fis9A<MRTXCcg^L
zlg%n=YbU6<|1Q2Q0_W=dzV4H;M2MjVKcPl;nPmxy#)`OAKSvc+=yt?&41smOvLhL7
z)~RRV2M2&XQTHv=eqcov3sm8t>(5g;5<ZGC_>W~IbDxorIXAZ*q9Vjmp^sRsw})k%
zX=8By2CCW^c7Bb*#?Y*5V?^Pj*Td%{;ZG@bAxQa49SyV;L3qmM#)>Ireb46Qy{P4>
z_U<y5D^;Cz?a`9r?d@OW%DipF3EH5By&a{HzQ3?1%N<d|KrrO8?$!pURw?hUFFTNq
zB~02L2R?;~j{REmw1uja=TEUI<Np&66KO!95ay1Jg3@b=tL6t05lncIJXiMh@)fG&
z`#8$Okc~(X=3&q)ghL{tyjBP(HVN$}-abzWWdPz3OFZui+ev4@F)-!#u@v5I);NaG
z!;tE@9qw=GT#U8PUxprq0OARZ!C=&3phTcd1+G6Y0Mq57$oIEg*67QHALN=LWIm-H
z{QuT(Laul9^SkdyCdosCu7{h&{(Xv{{g9@|u9Sd(VEY>$0KjRw_11)k0DyiVx>c?J
zddMJ87ZKdV=Ur23m8R>ehI;_gAEoN_2Mvo27m{q4syr^E&9Dxy&B*>Grv{BFBnYo@
zL#6`?sRjC(jEF>#XTj<rzr1c!CX#M0dxfdhufDj8C}RfuMH>pcWivd-cIdT6t$(kq
z&e~CG*qyYJE1Q_j0?&#x_rq)25edkvwk|sR3V@T>x85<&Z9989_0ZH%i*?1ve1=k(
zfm;)AzYhlx{&Vs~qlrPOz64blc*LR{R)GEGnzV405jh)MU;a7Y@vXqM`TZ!jrab@*
z->g|_lHL-kv}{GEKUc^3$Md=i>%P*zOtgZiX<%Kv?^G$D2-Pf{Vp6{P>t8+3^I61r
zr1Tv-2J&>F((gAxZVSSU1tGiggxY9vUve<WFff)3Q2LW@nzKWm_C4YC14sXKNy#G}
zxx+BOYpyLiHG7?wHmMq8Av{d6@veR6o`7wMPK^26E^ltV_5_&SfwO3;<0mmO_P^ct
z6p>kM@S90#Gf#d$3~OTUwDwUjA5uqz1Me*X#t#BZ#Ew9~4_*=Z*j|%_wOONwog0$l
z>9GLUOELo#P-jtnU<$sjLQsKCcH&4$p0Fy?W)YSEZkoL^kBN16bvQ*E{e^X}5Qd_R
z6HMXrX~To%9FWq<UJQK>9v&B0r<JD@pT>KQptAa5Yu(VZuj0ZWV5|pX3Hn7n&$L|r
zAO<3J)#QF?O(EPs2oW~D`u_g5Dm4ZcZp1N8ucNF9N9|yW>+|Tf;(@V$W$MzH`}Cf)
zsqy$pC#BH7$X6AJ>ijore^2;_tvf&c7My|T2m~PC?c_?q6|kn*lijT52MfKeh0Zyc
zCD{CrJcylvAJ~Na(zZVM#H+&;9FN-!2Rv*6<wS(rDuTb3m+W~wy(R{mC55z|uRtSo
zxaT$FWf6*!j7F-k#7G{pDcC0~pPvdJ&0)pr_(hFZYp}Zo+ANm!6y@QodieK8rq`}U
zP+h%zc)v=1=eeQBuJ^));mad3L8$rlGI#5Twjmo#+52{tu9A}<UhBL;IZsQil&?KE
zNmoiBrw6PrcsR)X<uKu`UhM7!BJV1Hox?<{ZA1QNZfNV>GAtk5vgz3fyrOKa+yZM$
z8`NbF=m}%yllIduE-o}b!OAa4pR$*Yzjl#b-uS~uCRw!@-nV-Od#v#nu17tVwEEW6
z72*xm!zFwg2U9EN-ywpa$?AOC2$5fM5HA`)9=?KDm;vz<4!ayK`XF4T?*}af`)&Ag
zzlHUu$#_HWwUKdaIeV~bhzZ)V)0bPeqyv8z=)|+oZARv~^>)9ReYI*9$!6ZR@a4~B
zB*hq<RhQAacoB>-`{nKT0*6*yS&v`DE>=*}V1V<UPe)NG&(;Um{m&HNK3@03sXmzL
z*Sku#Jmm;7LBQ(sEf)rh8=U++(b&7ULpO9Qgq;=WK!VRSlFO}-{vU;a1F=ST%C({!
zEwG%;QRQ6&!I%18juT>*8}Nph;G&HlKmAlj&c~eb@!YN~p>R%98APpg0{bBgtsWC;
za0dH5f|rgD!w9HZ?o~qVQ|l7q%z?`I%zHJ@*Um5umK*EZ0MCYul{hNA1?R8uj&1Df
z8603Jcy8g{ym#5%3tuj_q^Tq9^cmZ{br*tnK5>r;2uR6-I8T>QNj3##5<z$bXC@2_
zI8CviPH|b{(b(?!((_vVt_60ye}$K*x?WBu96v3dDtFde(xe-9ya*ZZLj22x#S>8D
zh*76%0C#xHhUBvw<r)}_W+&dp_9cTuNjDGS{R4B^m+JhF%^w44Gn|7|SnnQrnT^`u
zXp8a>UJ!+2ZV#szz30fku+u50hd+Kp?Up2*4Dt12DpoD`zL5fJe`L>mq_kGc5RGIe
zYGhxKV)lb*MU|=I#Zo8kLJRS_pKP7Qr{NC#gwpYHcB<L4P5@x$@dS+B<xlNNR}VxJ
z+-Ddr9I`F*oP1hIgvD8>U1+9OCdP1L@e}^!%)h(hw_c{pRjvt-ulUyrQ@W(+9%o+h
z^G2s4IpX&|V&gYDQVvavPEk@WoMOX8hA;HOW+@;d2IvWmx4-iz7B5*<OZww8&*EP(
zsEHv~X7icH78L4~SQ()5%wsP7%G!i$cx!bcQc>;*4+Q0U%_)4)Y|k$!#p(bGU*uW0
zRCiv+9<f!F1f70`!9OhJy%iL^q<Ywc0n%6EuOogf3a}iv5`>&Q(DmrG$Bl~#x*Our
z(!(b}{+_zJQpnCz^54Vgy6`r_2N<lLIpx~zZBsl=lmdIVA4^#;df8EyNUQ@q^v)^2
zG9D}#uPv)_pt&roD&w2pyXFrx1(Q%Bq*K7FM?wJ(x%@UbzLI=f5~5NR3rDtvW1sw`
zl{6F;E-I%aY(9n!2UJmB?OR8;tYwZe2X|ajAJoIM>U@qS!_SzK$Vb|sp`<W<KR;gq
z%z+-jY|QxGOK>8_qAVNqNoK%VT9K{Wufzh&)4dP)2|ljJTo8cq@_^R<S2sdT3Ez%C
z`CMn=wMQkYz^f4nQTyiWB@EeNZZV!b&9m`&J`6>#2V%3oxmiA8nie1+;U`C-`V}4y
zlu(8(*Sbh!f6S`jAdfVLRNBtbDxmj{5|vRCjwX#8c<td<uXH=v?hDGx^TyWG;O$1c
z^Iz%N!%KM&vK6PvwVbYzyNqo11YRNLkMpB7q``0jpv+|R^zE&hD!wc#c3>y@zmqPc
z^ZNGX4hP`jMkx9z4=KO%H+-Yw*+F2d>Th_eeUN!l4+l{=t1NG+yY<!gjJ4)_WaYTM
z)e>sK`kQnEk@k@EC+cJ(tWrzRLLDlg1IT=O6>?4zPd{LP$`ZzOs0b~oo+R2S|5An}
zc1mw#^@4q%$0)^Ih1|MMvj*W;y6<g1x7}%FL9et3ku032#iwxgocEM5*rFHUlb9Zv
z2E5Vpe8&=v6+v^IqS&iSjOfVNs2*8Qpia`(u|qUF&Y!CLT)F2e&a39GLMS|wV9<>u
z)oJtkLyuk-`CN_|)OD@3jCpqU)cXsu<&43I1QELszx_YlWn14O`sr8j^RQCGTXUS)
z6bvBO*Y5gzCZ_rNx1kBwNd)>;z-BPG*f*$3kgONU5yAuIx$_xB>fzg3x%FkpMhG&7
zTvGC_r#WqadEaj{h<)lCjxg_zSI<Kx+bA3$1$FO^_YWiUf)-d7ifo8@?P&%XUi8r`
z*>xZ;pjblo^byUrs4*g<BODN6rnL~C(HOV~oXGZ?7d$-BGFNP@wJB`j8CR^6%lV?5
zryGpsSWkcAe)4X__iY$b;}vC#zPCF05qUFHfg)|1z=4C`Lx6}=Lf?2W*#d&g{kQy&
z;PPL70ru9ZIiOOVGQIxF1osJN0t0u{3%$yGq^GW`HE$_8c!xH)eQ$9;ED3T<OYNpg
z<#~PsKJG{GT#n{W-Aw?Wn1Cjfj77O;q2oY6gusg6Js7wvf~49RawPnCu=7f13*vr}
zGQiOerkhk$q}Z>vaN>VUcQC2Ak}fn%Nh;VI4R8=&p=&2(aXk19Y=mWx$w~}>mF<6>
zByH!CBh<5K`HcSfua_-^%Cqtz@ha0V5~bkl^^m=hXW2q)1R<k@9WEYFRn;G&6yA)d
zU#ce;N98_dtuMMdUU#l@|2U>)<XYoQO>w(Cez?GJuxYJrjWDWpA+0nyUzF5|e@PwL
zy@vTaUI?Ya+7a*UlsrGj6>cJ>dNX886)VVZKbTyIuG3k8NZXgYZ2N=y5;dOG4pgSm
zMBU8*99b`^b&`p-f8WW4zWPfyPWo<?dy{m!=cfb}s6yI|gRGa0JZg|eGE5DLMT3`}
z>D!OeB*PSN)JFc<fW2cR|C+IuXzrl1)Z?G6?<&Md=dNr<G%lRHz8yCZck9m91sgH*
z+?<!)GE$YadWs+c`B4p_XJxJGat@Yt+ow&oD*qOYjy!`GIOr{D?Syz$QScFI&lh#V
z%=W+d^3z#DbCkcmjc47LHqQg~05l0>yxN@^-lJbyIOknZ&8NWiynLU+hDxkaRYQa3
z!zfWD7;F1R4`m19?zy{gYAt-?vGr~qRVAk5gTYp5&?uqsb@+Dd6;N3IQMRDwCjWX#
zY`o#Ulk?vuI?@v(pG^vEUt;|(%)gs~<*NkEPcK4x;M<<8fJo6$ufME8E(J%MmA^l`
zu^{=3TDvO7FTouy5c00f8F;`UWKn>;C?Rew{H$TJW$9_xWB&Yy{a7=l)$;BKK_bMz
zE?v;pJQO)oBZxR$AN0FkE6(V9l1_Z{p4B(W+xy*4IQgk{^WZ}@9ta@Gk!|SW(bKK3
zDJfSv(fu_780B3~NgyU5GE#j@NlYalK7f}xm@2=+z`O`-6(qQ<;_MSO*eUTd&x__v
zDS><m>@2z_x&8jD{(&+8zfwNv6&_U?(<u<tWJ0dAjQEE(m`Fp+TvX6oXa>vQoGu&1
z?bnxYvk^wu-`*^e+v{l*xTs>_`u?4x6MialAW3k59O;sVec3wDVSS_S!Kg#mjYYke
zn|eQUNmQm%V;;Ka5O^dm$^EL?Vcs@nT-=wyt#+YcClNkNSkObU&)=<&!?&a2O++3d
zUz5FZV2zo#s$)zd)o~k1zrH5hgJ>zn;qJ5zZ*1T#vlrz%G@C5Zu}>5}uK*ehe4IaT
zgnfUti}2SvpWt2hY6d^{YW|9I6a*UVFDXbPNjhV+fgr2f;?iIRshM5-Wg}MI7an%-
z6K_+H%ZZ-{HV5xiYjdh>`-LOe`n(Qmw{~&E`c&Hyjb^<9D}P%t5?Psp$RwSC6OCC2
za=`^}K^khTIwnojMz-{rb$U*fyApu~=UH!_W29_1r^+1Ihi|D^?RDd>z|lz-G&MZ7
zG)e2l4lSX^+a-;AanztW3khQ+{C@u<tZ{tWjn|4USKHdiz7tR~-b|C@yC-2)QLlGE
zEy=R;I~?tgtU;przg_^n^>C@(Ph?)GMjPc#c^a+dx0Kz431eMNH<bmJL8H9GZl0Y1
zl7<ZyU2zLuTvlwpBbXnsU_W+r23ny>hD{?onkAtAfn6`>(~?w*Jq({fy7ynP3qHIy
z`kKvu;yTgo{e7(S-Sqc=6A~Esuc7Bk6YF>D*iVOCu5tB<@<@*lSi#qsH$g2YK0)7H
zzTwB#Y}tF1)qWESi{Jiu@`VMYeQ<K|ACrnh%Mj4XiD-=2QNztYO)kP+@2lrGF4BD@
zc^m40Dsz<*qf_LGL)!6D6p0&bpiSFldJ8^)_Vt$KhRtx~$kbrBk$gm_Kn4*42-{0C
zGL&H}mth<Cg!n07p=s+Uqv<4MlvVc;wOzzBC941ep9PynS)))aXnCOiBZstJ3g{b-
zxmX>1C6*SD(XQD^zVo($!;Qf8bteO}*_Xi8$s6A4Bu&+#BgqjBA;a#DNNeFgdjsQy
z&~LT)w&+v|t3QA*IR^jIY2I1_#C|V~7$8GXbr!f#*gjg1!h1rgiblTaxQBxyDvFNs
ztpJay_pX8;w@91$l>$&gYCCYHplA!Nj&Ms2eq*q_`S};94Y@&p^D;gfQUb;x9RHCz
zxTG!CHuu2}{0Z2RZBJaF^vF)b#TwjY!X`CnR`B>?{e<%LDEK2<vH8DFcq%i_$+?S`
z=-w9m+B)fbuc1_=%a~Nm2^3(7a|NlvzbH{gd`*n>t+v*_sJYGryN%(Laiqwmlh6T=
zz3w|HwHrHFruB$=?y<Xo(gT414;|wir#4C-8vT#6s04TyK3YT8g=!Nmnr4NLEMe>b
z@e8*Db;27lBG9;#Kec(y&w#j3TT~DAK#$Bqc$#0fZMVz%+J(ORW!y3Q?hVapB`f4K
z8UU~jp5)oPJ^ZWLL{{9a4?ep8QjgmHQjE3w_T>DfGc2|dMi(_UK*J}1aC)Fo!qYj|
zf$=w{PDow2AD$P^ckj0S;o(oNEp^9VSz#4@qlf!u-BgYGq;bUC(;SSOa#4a_N<XsC
z@ef|#cha!dQJ&ItJmu*gBLMA1K6z&FAS#D@`36~^z9<)LPZ;&x`rz@41Ks9dT?46u
zJD8NSrb~9a3vo~JdBE8Qi|e)bD1}vs$6S_3_eRl$!>|-qAcYp;DttvcJP!{fbV_G;
z!I7Kye|Y-JsJNP@TQs;0!QF$qyA#|kH~~U}yF+j%KyZg(g9mqa3l`kn-R&Ooyx(1G
z=I8Y3uCCs-YghFd4_jYUqt8f12b8oGgq$AV_*kUqqgJSsqoFlt-?3yAe3i)W<abhA
zYo`6s5H+0lW^6#Z^A*pPR8v*%<c%l)6^BH}Yhm1&eHlx}$gpkUI*lp-yr)3K_}%o3
zaENX-*N>qBm-q0d5d9gDSHB$n_Nadh31LkuKt<(4jLf%%Uu+u!<@*ilPM+se0`psX
zgITqeRz%XouL73uI->7ik1|}73AGaHSHWY;@p<M_@sv><LvdARay%x;ibkf$47|Jg
z8$Jw`a=~WbsTg>1k*RS5Fj0Bn<~1wLbOwL_=9r{Z7|Uorc-(YRDExR4NiDPMo#_K^
zK5&^iP9ffZIY?jS#Q|TTckonYt<f-b`pkH;5}=_kyIJ(@PEXPy#J;bBs2$)&ZSgbk
zwb>ajI_Bx?!~yLN(aQ=7C3|QI2tws<=O;SNI7F!TP;&VQ!$C}C=}@~AOd#&$xI41#
zU@tx>MGB_<(Q3Oe%UYak4mv{<Di}KEBB6FzytRKhL{sgXGq~p?Z+~`>!dJ066h`np
zT;>saX~z@3U1v=@A$!X6Ra;%>Ahdnd+qoOP#b|wg?aQd2cSCoq#9@5#=DZQ)KJmPI
zaNdlD)G(iW-lPe8IzZ~l^rhTvFz{un8(xV#?wZYtgOk48{`_J+LarLQGAgZ}sxFOb
zZb$<YJdJ|fjJaH}`5Pv9F`)T3e$s46;`=gAXMPn!MKL4FduH-B0TYumY#7nx_v9jh
z?-lD@8|42q5uoBsPUQ6Z`z*u5aZ<dW9<f9365X~Bl>+Uk50{qp(~Hg%?V%<e(5wxL
zjSoo<k4ZavN}nj?EcSC;@U5Inj%+d)%Sh;MR&Gg_aSiF~E%w^tVv|Cce}j%)^)|aA
z5nCW1W{ai9Y~9u3kwzz-khWEDFUxmTROC<Ek;9VLwE-JdwQsY}8D64})M4T(gs`Nc
zmcVLG8ISCUr+Cwvo6eA?5iLs2VtVf-MvBL#wFMr+p~W0y;lkz_ldRjeb4wE9jtjw)
zJSz^3iw-l28Q#lA>MNP0Q`|gJ;AXWTKc)%gM?S-vWfx!eaIGfkT+>CrS@U}Kb0+h?
zCl@s;j;<;qP%^y64Zxz%x8<nGbx41`hl@<g>^%}HZljr~Jh)WR<X^uWp$18v1|%zl
z1k-<<SY&;2&E`$t<4R-m;3wi)HqbNMcJpd`pI6W3Rx({={5|&b6?Q;9DSX$yBuwa!
zF4x!7LLAE`#kEHg#~+4>y_Y#g#JZML9>yu)hpp=zv+caytrGqsyxcA>u;}BqQTvW}
z9&t6JzVt|F@m0c=6ZN+ddc&BPKP0R-R;hokYwT4kMe?741%+65*LFWf;&5ZO9_|*;
zw%wsv?#g1a?-QekV2&oSdnr_xXxz&T;TX{yLRc19RM!iV$>O8sXcaynnj--%o$eBl
zCh2oZS1X35?JuT<PC}QTq1P)~IX7KRgP*|Jel!}Pyen59#hSCm_7I?qZd^;?2PGyr
z2v6}OI}|JFo2+MoXoGEAZBTSAorAR`hv`L2bi$uExQ&|6t}(OnoL9_tvo1W%k%#xZ
zO@z%i$wuP)Sr+kgXbe6Mv3V>W%{illEC){=cWS5yHW%PG3mRWV^9puDQEUt=v3o>x
zenN*aF2H~!|HV>K^UHN2oD*3B<*9W!Fy@%t>kFI|r3CT}jYx@hpg}FnS1qGY4TxUz
z;O4r;VW(A2C$A$<9+7*x^gP!mXP>)87-8r8&|;1oZtw8DRbP%LK8n%Lf$;DmchaxH
z&wo&@4h<sgztBwZ`=+Y?Rv%^@+WT%)knd=g{0Gt@q60)qWO_UN=Ry|v82DW0S&A8Y
zq3Uj%jPwQI^^@0oA&EgA*}jYf$}ZqD3(DQ~XZ0LekMo#+@|+J9!uP)SIMQlM+k<ZR
z)wxvaJMXm3VaA&msK|2Ut=c6fKA&T;A-OpeifdAuvVYxEiG*Hcjl%U%fz`E~NnYLO
z4Kcg2ar-FAs>szNH<PI@b^1jcuhrV+h>J+NCGICZGn|&Yd-w$Z&KNl;M*FjR+{L!>
z9D9i(f<GyIH5>-17-DKc3PfKM{eJra#a=Aw*bQdGLbUN>d(@oVr!c}rg}V+H@(K9$
zFSv~KB-RF;x-+1wgZ#aS+1%YE|9-fY^vIgxsV;bwT~#5iUh;I3SE1On_VD?vqW9Zw
zi@Sde?cK%v_Ua;GtsJJs(hT9gi(;jO28OOYBjvijn)G~IVDj?bu~5P!rI56)>2erJ
z%<}`cNiaP8R{d#CaHG|pFfeL3EMSx>@$%qpl6Knv@_?2%Qzkk*CO*uh+zVx*qLHz;
z=3)}_%GhffAAQ_)C?&Y#HtP#od`XsFbWh<~xtBcBYPGmJG_=F2g7XnhZ^}2@E^d#C
zqr;LcH3)CpiHlU{hgcH2;^^cnWKoE$+Z<9}b%V&Og<McHa;Y^zb)vy*JqG91zeBBu
zOB#<TY(OnEyZY;tyFxglZL4iW$-Ow-OPGh4K??8B@)+ye8^p>=XycC+fuP9{>{xn5
zf+;=z(aRczC%PS`Ig{MMOL(0zBvjxMZNv^f-KJ*4q2@kfqU5lOQ7=fS9d(KL>~lBr
zFOfN>Rt)duZ|WKhQ$2Mif)57~tkFkO^dEYUYzXG1<9_bs;f(jY%y`1T-Zs-XwK}PK
z`29#Zfi>daWs4L9L)Xr)N?OgT&5gOw4B(`QZ}j+FKZXjr^Y>M?QV?@19??8aDHWbL
zd6HoV$VlbyB42?$tZ?)=A0X<{X0>c7o`g@;TGbU{(}?=py|5oqUio%d80+C@(MWoc
zk&E6XR+rH~Q?fQGnGnzCJs8(;6$N{0QWbZQ?r}MVVCvWRMy)975!;4Oe8OvSRO54X
z{UpfZ)hN-*>sTTk3Yf`mXe25jf@Szm=vETOAalUO_1VHLbT(XwT|M{OSN`z2P1@WL
z1Jd8Oc;wAoAjFVPj){wi2|DatEk@A_{qNT6vS&NsFJUxkRS&`PgCniHcry`KK_zyt
zE^y|)vvyl#DeqUMT!`x~%W>;x{hv`t#0_hxFFRmVE3FPI$Sy)8HoNy$UzPG5@{yvl
zv;O!l`)y(h5AD&i(pT}@c^%LMzB~{89NRJlT`5_mFNRz?wtu(xp#NgV+0f?5yq@Ld
z(Lj0Pwihwpc|LIpwz<I+ol^7+xt$8){S#pS8BJ=_XC%=y*_wuhKP|f+lidLIlOxY2
z1~L^(x((XNZ-*tF`Msvh&u5Afj2_<SPQ|4HCN?Dh;x11!fMoJ`!Hd$_UwOZSx9wIA
zrxm9<=4T@7%OLwZk9%B%#eZ1}uXpo@NxVw%fHYP7Ch35!yE^c=k}R1(8lGOZwdLXg
z-mPXZOsnqAKWW$Ud^tDf$tcxrP&4_p_7r-xXYSR@yaKMn<s|_)8NC=4u^W(hWXnh*
z^krg(l~9{|5fHeK^%(chv-T~ohqRmI+`d?w12$c&UO45a&yHI)nL5D+8Zn#Jud(En
z)KS9$m({}3CE7ey=Qbo`ueaY!_%lgw?pD>e!FDXpk;~uPOrUR&D*A80+!?&CThQV?
z(Z`)UZOmjWe5u($zt97F<cbRwi)^_4J+@K(VpwB~L~A20RNi=!l7&DnhGTRFDlI&K
zQve^CiYUNj0#oX#BMdY9b9*5|EGm;^-n`R`dSo?lOW&JlmB{q;+e>^54fF@&tE=z=
z;Clt8n!_%YsL(5IA<ksLVodQfc9#_r`$$z6H}sQELe~c4BuhYYD>@7Pxt}>iE%0gv
zXZ`7FTuQ%^y3i<UMy<2%CDj-b3cdA|I#Qg!((qYmWW^=Ydok4dxscC78gu>Chq>H#
zMaTxmh|8$`q&r#gSmN}4=GS;W*3XTn4U#`N<$T+>3x5p?<PTpUBfFbf#340CI<`CO
z9H1M#<1<%lFi}6m-=06?GD;_`=9ghq7b;w5hY_?oHxs30T3wCxvbRGuPbo~tm#O}W
zlbyOjd1UTcV+0H$PmDp@6^VYiy-}eb)$YQn_k;~mqy65(f}*_c-BpGX`eJ?5K$}I_
zkx!~JC35ihM6E#0HuSQu2z9AubV0zYuR;^$cQ*!(d(UrPJ6=*<jW~!T=#xV-S8gdX
zw%`Y3uqrp^nA*M%91AP%r`izCDc*GqELTQ#^Rx1Q+L4NZQ|LcmsmPu!BYUbIR}>hf
z!)u0q#Io&w*-^^bPLQ_|TCuv)z)?IQoRZ`TopAcX<8NG(<#!`BbC}l-*9BQg<$U#*
zBi)93jDb0G(u8n@!DJ<UJ=i1h&))6!#P%@7!7#=fH}bbzh<&vT)CsVx#-uBwQrAT)
zVIo+uJw5H3UGdxegM`bUNx9(mV_;%gB3Gp=_J^)WqIz$M-Ao>{Zjga??0ZJuR^DA*
zd)T^-aD=ECEyGAWL?hzWtcgID?R2UH9^o^ET9GV>x?!7if(;6U#h}@Bu&&ruc^0PU
zji{LkF<J=bW4^6w6g15pdlrAPtWixyhd>)zo{l8T$PH$4Mj6=Slbs9@9HQN%ZS|e6
zZrtp&X4i%k6{BRGPKhfcS2B;-X)@%|0YY6J3V~rRIFT-v%Nta=hh;Yd2l<DbOpl1h
zj+4aCItC=z60vt99VYMy5o;&Ic}mY9UQ((?t5-XmpaKZ<6ClIrgASq5xe5=Z+{i;7
z*B9#wANo3dB@E9U64R{d^`7%Y->g&wMRpGj!7-&5Tyip#abek`6i@Yq9~iI{!FUll
zX1jUJhB4OL@2;qJ$Cg)sI*GBcxe|d?w@>5_g{)o;HyyKz;cStVZPH>uNiLy<0hyGh
zX!t<rokIw0Fm4O1D0*O{A3VCTq6wcK%<v(6;%uk8Cbt8ov@QQi-8(D(EXq1p`iXA-
z(3S?te7oM<FO8C4wrjfu<&KcFL^U(R6Wt0M1u8wCzVQk_===BIM$L7gK`3<JhrOmf
zPC$epEk1m!ENeF}u(-HjH9^1VHe#;AgkwnsK?OvckF21YU2#oDu0#h;Eb3GuQxqo4
zXs+0yMHVr~KpHYFw+SG#x*-8DVF3XE1v`9{i~((Ii>kK6%b9`TR{s>>EN7@A$1#}S
z+`<OVlR|}FxXEMD8>;`v(NEANeXt$uO4y@HI8ba}EDRiU;!q<*u;n@-5t2RHZw^~J
z#~djT?+&Rs@*+Has9;SyMNpGr$Q9uIE*e?TeK6so=Uj67rR&I&WN|MeE5cMo@co$F
zxuHb$1@6_(#Nja3e~zq43MIj_$*N}nl`ssi&J-}bQtp!aZtO%;Zxn9*UYhkrSjlNN
zUZPG=f`brhIarei&Dw{^1AwrF?KyA~SSD<-q=jnAnR~&!-(^2)j;RsSbav`%?4h0U
zC(r#Q1?ki%2{BotKxkZ=7*h_SE-U`;6Dz+WR|Jofp($`%oly#hquBY8JV(W@;_hjw
zzUH+BcCc8;4j=+X>tYat3AJ;{-48^fhsV+Ug}Y+?;?r`BGUp;3Rdq;fg5nu=<e6wk
zi9GQ^R}oTIM<A#KOuU$z@I?o9?RPE}Z()T%WkFs=<JMLBqkKOH87LAdl2po--h9e9
zGQOX6F^z>km8Dq`9K9my+mcsLu`)qGsK~8oh<$TkQk9^IF~}r?h5Il5p$8&RKuMs-
zg}OVQ&6fJ7YMed9KxgBz>SZX*#hgej-jG&xdxqMyh3xh5hXw|$UF0UH=V~!U7uuDH
zFqdfx@-7+7RDVXj+D)EH?z6k{x5KS&N6Ncrk@^+@!XX+>*8eDFs~}#@ugdT7_`8Zx
zCrqd!Ra;Rdu4BMrAW5$MpO?cJ%c4V)!*3cLaEVdP1j>Tf{bx~5>(QJx`P|<hH^Q;r
z*ihBEV#XfFU_=E%pp<35FEhdL04Q;)+1%G8|EZE(s!Rqu3x!YYy}U6P3K+O|aG|xt
z3h<FP)O%KaN5|??w(JF7xWG(8nBg9~Jg$C!jcjq3*ig91Z4(IgYD5lw%V|W>3t%xw
z{m<CK%yH01nf#g@LvAf6SWa#*d2WOPs-Epl`q9vN8!}`l<$3U>fSjAYOtb{B1EXG8
zq8hxSR@a%0<H%ZJDp~IO`qc;W^+2?|Yg{Q$OmmBBFeRteRdn_|5ikXU=u$$f8KkO&
z8I$+pB#JTNZkK2Oaw<`Da};tB7-K}%V@3b%2>3*1fBF^nmeq;b=*zi?%IhrL5Epds
z8^~Ox)iRGnp5?t>tS_2~v;J6nW}HT@RH?L0-t0Fi1%Z^Wu(9wGVz~N@xQzW9-YlsJ
zI27}H)~?x$40-j@g8Vq2+^Ia~dzCf$(}}Upw>NIX|6BbI;@i{lL$?yqbuQ_&FTv~H
z9z1@JTdY^R#63%w$W_qe7|V^Z$~^GYUtp=eY$Hj_tcPoDT<nbKxvzbeXV1jPl9ymH
z!H8Tz9Z8gc>9(@%I;!LIc<jVJ-77ofvF18zBebHr{G*kDhUH8vW&6LqUyl@p2_+pt
z51taw{)(s07(gJL=aNc2mZ^E<S>I6?!V-N<<>7=At1Odmckf_qzzN{3$2I6`Az{y5
za%jtjQ!V`~bAYkP90?9CSppMQgbC`6ak^E<7ycail|1~`V;(C$E?ew6f7L6q3Xu{$
zG0MR`BEVUW(*b-1!bI&`n23g6G@cS(3-%3aiA%{GJrbFM$N7obwijhLK@j4)2nF2$
zWD;qo-2#<SdzUfji%u2bu5G(qtm5}ftw4ZZ$lu#W>O6^*mh%FGl7wVoIzz=+Y|f$s
zLtx+KKvc!|$HPc9O)TQx7|&UASrL=eJ%MT@>9fBgR6Vif+UL0{KP0>{E`M}sm{1l+
zCyuV?_MqVvwk8Nxl#i{DCYe@G*Sq50x!uj?J$AKO9XC(n$^6_P{@($6nS~k@lHDT1
z^iuSO*<Mtfa#b@7(7x>;JOwyXQ0Euho-h30F=CAV@WxFnejl~z-nq%$#mcK_f&d?c
zCHyV2S!ojxv&geIcys^2q#z*J?7)Xi|K*j6i7Z3ws1QaoY=J%at2o}W17Bc6!BK%-
z{v7JjQ-yY8w0g_%@b@u{XkMXoor*kWMV1GoidDw}|J43XLpEWV_;l~MW5*$H7b|Br
z3tHnE_ww-P#A2G96_=X=@GKZn9tz;hj}XQ-K;V^pG^B)oUZ!J|Nk*S2^~&AVN7&Wp
zZBdGlvg0Npy-mvMg-1r$d;FRkF|H<MtHc#tfRWP4`xbos?QQ^&Pv)ftK_V!L{DR*!
zSs()5bf|2g``x-IX_KCrI$euzY6|rB#B~OVxWk|n3XuAze%yE4>mLSblarwXn0*!B
z1_ChI5>SO$9MffCK9{oY6E2)z>{9;Q71DG~2|sxD5Uk}&{(cfiIx{^qE8ly^e}jsm
zE7Ak;4;U3H1e3%1iq)82;qW~<DV(I=f4?31_giU7j<(85m;nj3N+@W%jgGAys{akm
z^)|FL4~Ng!841~I>Zt{YXZ`q;nQ6?6@hjwihWZB!fhne97(dYWxGEJYO|AytVR0g$
zDtLIP^%WYTknrI=@L70J|F;bG=(kNw4uwb=NdBxFQ+#X{?jH#KX9h9#sqsyI@FyJz
zmr3UB$~kW(ibaV0xbrz+;bxQ?5_DVDpqLYv^q(#8!vBp@gz&5`dsfF)bZqsWwD5xW
zzX^>gzfHPdqNlgGz^In9$oiGx{8REfi7q2o8N|eY13<kQ<#R6eRhSg2804Of+PH-r
z4CNCWKJ8oh^CwO31dd%nbO*%IGTZq%=Cz+Z2b9Bw+s3^WYYtkWp}V;Y@qf#y4n+9N
zg%xNYD!Cq?R1DwK{tCh_3(|&>Es^#em!Ke>cgIZY9yATxt)_wkAr_TM0M9ilBB@&{
zd|@I&E#iku)Q4zV@_gGYb5wx9Pgg#(YJA0B%QWn!;_d<*+*b(RCToF&(0}x{3t*nD
zf(1>;6&jF8=Eg7*fImbb-*ojY8ee*cost&K&d9AF8~Q!PrKDv6tFY6gsP7CcHr^x(
z+l4dqE62VT&=K(39zClb?_z!xZ$*Wp`Qh)3s8Oj)00P!OB~05%FV8J#eb$QB6<=R+
znpKcbEZl}>^PmKeJT~$KOfj(fEy<X!bamWlwCqTHRO3%3SwsqP1@FeJzJnG7^Zlf-
zHWr#j8y8M>6U2x$G0r!_(vX3X;9+MqF(rwST0>ifc!k({-vv<IidD$fHk>vudc7A-
zDwzd>^-M#B@qeI4h5|ff3vW*aO(9?gr^K64x?^2F(*3C-Y_|ZCKhy6EkA@yh$l4~s
z+Tv;Oqpj*=SB`uv8-5we+Mxfvb9Fy7IdJAa1hf9`n7cx|8+Ki5J`G`RQOxI$?pqcP
z*y&cTf7f>A*>ELg=c$3WcjVP@v3&O3w)k{&jK;X=)X5wF?fm0ny-mWB7hG4-pto$+
zx`%S$?C_xB;aqA#0y8B~RDEwi^%=tEv5l=xx(hSHPoirmKvg&Y<Vi}bnxgk@YlxYx
zgGjt!UN*npbset9tjb=qFT2Krj)+EOe+52KWLeCr9h`!_AX^THWt}2>HXPL{De=GW
z5~p9pP`sVKO)_8^0*unrH(iG_H~u9vf5ZKfrNn+Q=)>tWeiel+-q@IEr_4mV?#{HB
z_M|Zpv*j=EOH>zC{Jy|VFj?893M+>j)TX!{)^uNj@EV5^u&mTQ{z`<8M&0+|V6;uY
z{t(l3uNCFhR(J}N1h)d*Bf7?oh_LnRVoRX2OjSEGemhOZ8^A%JR`SeS7&9!b;~bv(
zE1U84n>t3=6X@>Y_-rtX`eZ|QgPa8(uC6fCb@;j1w6CklR4<iM#9SOd5%Bg{7Ua9j
z`W)j5k5(rls|M`E^pZ(<=zz1uS5*U4KWDA3<~Ep$7N+$Q*@9yj!qtkt?f22X-p%3~
zd54xEdCi3<j&G>Y1@nWgrE9CIN5V$MivR~g(<$%1a>2kYgRP*V5#~ZR8_=j#Q&FkL
zv~<hJ@yCUJcw|<6v6g9>)y*CahL@3n8KA`^R9(eW2!W-y@Zc&833)9-WLIZURY8%f
z2>@NSzxap$5U{)K8LK}gyRJ9O7gh{hxZ`YA?CP4q^nE)_r1GFQhd|JUqV(CFi7%V1
zD1BcVO<h}yt<$7%O}=NX6pBQ@{L3Z^Jm+|LyB1AS;*F`(@(HU_wgjXS;soh%B$+_r
zdrpw;l_Ptu>(V*k`m+!*%r7#EiVK)Gv3?m4UZ&Ov&TDe##fCB5Hf&`H=ZIK*5n66C
z3U7$`TGX)2259}ze2}~vi~Hs1);ERyvb?Fuy86knHTtd+a58mmW8&x%z%#3Y=eKX}
z)Ajx>^a$km4XG#@1a7~lRxO;QpoF;Z{rWA+G92m0@JjB9m*Krl!)2j8+JFSifPHO-
z7D_A8fx8Fuj~l7GN3<FL)3((Pao<2kLzLIkf(ex7cu5!;|EiuonfHm~nOUDUMYmNv
zEWaJRi1V-iL3KOT!YuaPJU=6uxhcyUeoumZPjv>a@6Z<}c=b{UQQz$B-IYIjz%Ixk
z53VLt{qP2}8vneD=La2=NGmZmsXfKZmX+rJ^#ZsU*iW9{InqN-E@anTA5Pa95vwz(
zN0fy9GRhDr2$Zuo%l&ED1lI$C_RculD?7NqjOj{zlv30W3p9RpjE{&z<|a><bUnB5
z7xtkyP&Y#Eb~LDx{Rq}Bs*CvhnQJ1=1}fmJo}?q<qqhy>Fln=hBr!hPhx4b7(X+(y
zXy3MS%><9@p~LB2f(XY7Ke$&GAI|y}m)bI2wg=oPb*Pqe5xpm(z@0qsdl$`>yGx)-
zh8{@!cJkf3I^`iZh9N%*fQ|CMY*XcjXcv<YQakyz<W93Hg!FOe^yh*lEJcfDAAid?
z>_bt4R2TbSa#u{xr!y#!ew?<E7`W*%!U#VOC%JMPkdq#qJe?G(-EJop<-+zGLfN8v
zZ8ab8JMytA@cfnw3z-C;_t$4BV}bcTO&`uAbp%x?T>}?`kbEC(=UzVOJxP5i!Fx>C
zM2kV0jr8>{Bp7Q~b><+6$V8>GlPj6|HWgTo{Us79sxN@fd87&BNAxeFw<9+d353`S
zp5-;AW;y;jq~6P!OFNO}K}AKCDwqf=CV%lEf;fRb5W}XV2w&>Y>`H7S9rpu|{bH&_
zG6C<-TE{%uMcL>-g!5%Ra2=O19pd#xKeHcg{keUh#@sayc*)7I-0kxdgs~uVeMl<Y
zLqNYSaf+p4R~qK-1`DTeoFZaQ;?HJJX*(h8j^Wng2>N}-y}4=6V-2CWeL&dl<c{*k
z4h;|92TPvZF^nSeY6uBKR71Y37~q3`lBvZUpG>r+(jKWPvg=z8e4C1J77Zp%a=X%j
zuz%709Y7G`X$sL53FVh(7jq(4vaw(0?~5(vGZ|_X6sLx0l`Yk=_f_I1z9_I|2Y}ex
zmgFH#Bt<4!P3Qza@FK<;cz?NU1-mc4SlgNSf+2Y8aN1s&*RDE}UP`g&u*pT<Yqe}%
z8Rk{v5#O~wcpIFf&ip`AcN`{p{`Qq_3Lwu9m!Mo{$|0N&7|#o?QO}S3yBc=8N}yhB
zDFD_$VoA{yUU45|7@{R?`LAkd9liKawe+l}X{%Hkal`4%g=!Vv2x`fjGMu@TJKfu6
z3H}hE0Xw`7;i`GyS$aP93tr~I<QoqZ+t`M81DwpH30on{RA459NV&VP-nq-&!>62P
z#@hW)A0Wn`D6U&WT#5`(e$a-#+&oLDZ-2A>o@J}x<$^(4h*P5bw=QIDEQ?kNx@dKG
z*B8!(=IPQ^*6Y1S$INLEkrG{J<2kC^rG=F6ZNh2F93h8-BuA5OAMvcWs`cSt#iN!V
zXR=X2SjUz8*`-`$96QXKxq3-1N?jv)z2p#1*H`kDx&eSj!v@f?!FV;GiK?`BO(aG(
z>^E48cR6JOzC?A#4l&V?F*B|TX3#C-_V2q|g|WkNT0e@Y;!UxS`oIgAbY^0oXKb~o
zO-r;8KIGYW)bwzy?>DpUPWeF93C000_AlsbJzzX={*CZFVB>bAnebvN84{>waXTd|
z!a)>lwp%i`mUuV7=$|7*CB(g4@(^m}tA5?+HlEaZ9I$=3PH(HZiznxoj@V{(-AaOV
z$S)jQ6fEiTayJpaM4s?)J(!ib5;y73q9PBiWy^muCMA#&)xb|+j|@)ZX!U-+XBXfH
zxE<t0djg9)&?m4kteiD;ds^KiDS)_kRn%OQBa(~%6DvdJ#`SaIGH$i1d7oS-{t09p
zAtbG`Mky3Dm>GdmqL(*`{v6V-lT+4@Qd&fjP)4BrN(%QN#2Ss>9&$|<M2fbOJCs80
zxLUyuE5m`j>QVTx^ywtPP>3d>$^ey7T0@dCLR&sTGdg&EgWxAgUaQLWAGas2xmuMd
z&+h(&J3k4MROs=5cHwnt-sLN2@O1Zi+xVb_n5h;jG#1r-^+#_e(PT&~GU1bQ>LvTC
z^^>ns^|`T@JQ>j{4#u#eJZV6(Bu_ldv*N6Zfc`DVhOs72Qu<@QhY%rT81v5Ziu`7&
zhJlkFnoPjL$}@XHO#4Ox0_)Ul20CdX?uV2tx6>!d1Jp|(Z>X)BU+)oewld&+I*j?*
z@X)~<_Ce9XFmCIj6ubYnBviIHS7Lg5WtCDw%eQ`Lw*6u`<<y!t7ke&2PCW~La7L-u
zMys7dDG}7dpQQ|Ce@%7PgjURIR!cX!-#aR6R66%V=NjzN2qG0EnxYZ$;0IwXP!CCX
zIBnt3=S<G0e|RE=FGQN^nVBWV!IyR7dE{pg+2;ae7=OtGWOXKScI2VVd-~LZsJtRz
z)dc@mO`rdHR;s96=_h_|F2Pt8OemFVOV~hI5T|)5opwRaWH!)eEF(x78$P+39|$AD
z<Fi?2WU%qf)eKUA7DUHYjm4mcau|$~g_t|4T-Tk6hXm1TR~51S65l9)sKQaJuno(6
zUR2$EexgW$0(^V%RD*o0F(msQ-s=X(!Gb>}j_&T%w<v26$Dpt$q@WYaR*p!km4OVk
z?29^^W(@<ryZdFRWCFx*{sgy7_<+_z;%nJk)~G;@*0SwT0OE%xx<!}t6}pSnfxW%L
zK=kNIC+=#by4z*^ob7^zVfeK`Lv!k7KlL{$yd%UL1*$qZ5W1kzcChK9Hx7%~aHu_2
z0O9V_YBMRBuSSPS0MS6&Ktk7BC=SQ&uW#x-Rk7)%>`w@UKG;wVjS?40laULQ6sTX@
zG8^e654LXCi)+5Z$e&(Qa7__@I4uyc-&%WWXH1zKK7%FfJO)>*Gn_>0F1kj(YI4fW
z)Y(LZQ!Bt)_s^WV%&H-b#|IUdc_dGsZ&Sk@N_>1x!$pu&CRr#Z7cK0HT?RKdV+n%B
z9OTozGlrTc@?k=%D==kHbd#H+inx=ECcNJ5&a!K(FmuZSU`q8bBJe9MpWE^x8hUw~
zv{Ml>bYHJ9+O2&1iEhc8%Gb9&*s{3D@2^BjR08$)3uR%Ywh3uFhqJs-7+dBiTB8@p
zT7~GJlo8l+dfI|iza2C%`4mFXeBm;^Sy;_$c5IKM5T@FCg?(aqPtM!JA@GnC)MiE|
zt8yLW#<QL{b)x~E6cXH;7sIMxl<w5{1e&4mVWBoiIrtNO-v3jx<m7x@I5$^taCNbY
zrwPvIkt$h>z3RLRFN7EYrBKDabgvJdTLHN+%}%i@+-ACzGTj?7=smzlq(t5b35Wi*
z`dl-Wb2}B&5Oxvk_)-}d)w)Iep6)2R2TGt&gz;~HI6`$L7NmW2Y~ADn%gvHhq~9+D
z^pYjpfvhG4g8?kc)_#!0-{m8!U24^D4v0pb;Un;&qo}L*g>2cY=cb%VZP7ioX=oM&
zmfyp}k*|ur%7{@9Gx4+{?frdsH-qyt3FhbR=j&c&?E-RNDf#O)w-e*ZQ;@}vPrrKl
zMbNesJCK0%_^To2`UZDb*=kV8E6nS~>1K?r8-mZR*|lKHSyPz4c=9E1BGp<5%G+)t
z$>9phF|W5kbPN`DFRJh8lZ<7Z!~p^(1+15|)YDqbZ<;|3DScgtR52lK#Rp2ro7btf
z@0KQ|vFyXgZvkxZAy0qUzrQc7dsoX?tiD^TTEP%UL8{4-YXo$76sdMp6@fGJ7gce>
z26KBsI03CG{SbfkQj@ExME<sFdY7l>pRJuHxaO3xl8Hng;oo0MQk*RXfDv+ke0(@{
zptBT)Y=3D1k(hA~Vb&aM^xX2LY(DlecYpI9$43)62|llAf83u?yPMSUt~zkN=rXO`
z0Xd5saiE?C3VZ243%2ZJfQ<RYC-RJ!^hZA?6sK0|aBIb}5HfY~_QJ@1+po}(<f;E0
zSPd{Wc}5_57O(q%TVq~TiAdFIC$f1MpPnwxKb-b2ujZ{{zHgWj^qLZ$7V}>0mPP)u
zFn}Z!0R+<LxmWOzv?muW`%^THhKHu1tBDomFLKs$j;Trv97ZVyGS!Q4Rmao}o3rf?
z>qZDaL<G#}nagyR8nr0N`Ts)wJ|V1~ahgH5Eh6E=Hy)&)e#!IP=;yqvCn<JZy)qp7
zoTZ1Yoh<b7L`22*Evfslo%jCtpe9v$;i+muV_z4C@$j><dM5gYsd068&}{cJckw`9
z$!bAUCr#nq@oE9MLT9zsxq^t-TOm1~=UtP%E7gNdgU2GfT;Ml86(z3DF2rEEL>BE@
z!tR~q6a=I<xdTXe@WY4J9l1Nd9}n%?KgM)qQnLItgeI_6YEe85QLd7)CTWqBR6cn~
z@vtTl_Y&!XW~-3Ox5>E0zlKNcT*R>`FiLrc>{OU2UOV)z*&BgG<^|sU>OQ|1>a&~G
zg8to>;;iO^ma&eBp-N+uX{Hs65Pn6b^NYrTBL9c#OGmVVn-3TTA<v6HZ%x5Ha7Bm)
zwe&wBz6j-d5#*iUS<|UrtW*@-2;xN`RRnmCgD-_IEauJwA2L0?z(}6o#7&Ndkk+HJ
zl6yih%t4IUc+oZ=Iwt}dIexN^+3|#Z##v`BGt2g%%6a;YF-8rvmOTFxsW_9sa2*Q#
z>W&RtrkM;gdMx!a8Z^Hn_p%@C=Z?VkYiPombHe5b25JcC&Ekv)@%E4ETa;9=^u$qn
zmL!sXZkQMmv8tXe^Tm$8C-EjJNdM~ZZc#f7LQ&G6>{iNNr<&(_oyIw0ZZb8BBK!av
z>>M!^nU$Ut!d6|McBi=_TlPGzo7-Ng-BxF3T)8t$J=fPisXJNC!(s~8FGHT*BQ8B@
zI7f|PU(56*L07zn{?Z?1B@7U3X#V-<%!zB`h&L<|WBE_0$8Ut~BzEnp<jw;u+#A-H
zX8^pCMFCVUgj0}<vg1joQ#c4A(eeq#d{m8TZaFAF8lzDgk3YivSXiil5F9Q^S4*3b
z-W98`Cuj|}=s$B;1eYx)@r=vldxw-b^y2)=lN4bP`*{BdEDT$?o=T)i7c-$Ae2BTp
zU?^`90kX*~jjf=NXUt%v3qKn=1SxP8hHn%6Jl*|+nm~7*SwTtuwE%%xpu8unfIi0#
z?Dl&tZ&eMe%Ed-qg)l_T{nuYTaH^AHjcphU#h0oNCnt%<r@@8Q7@zD|Ow)~BL4!<`
z%6g+B*RuYSlh9H?;WPjUy$^F|eA-WlSY>nV3fH7E=Fgl6khzQMhCwnsn;hNR&wN8)
zrGzroiYB!gf?;KJ6<e<tj^!knJr-2^lc}BR!R|U;WVp8xzizRrDsyR56LnRFLEL{c
zu5(^`s)i^b<CYe4x8WJ|1TUNei}NW~^0t?TX}Elflq4^yRg2|k*B5T-+oyAgfLChJ
z=A;-x!PV1D{$gq)o2a=|pQw?b%VjyNdVB;ayzmj&U#Cm3n-m9dL>2KzDEr`vZ#yHa
zSM=bP@MQx^1H)TgpjEqA^?KJ#^MLo2?rxLYxKatP@v#|{P#|S8_sS{@-H<L;JBNns
zN5hX1yC;-_yGbI0J01@!W2>um^WDaosYHT>a?(Od4zn6Y#zy5UII327SuQRiDfMCd
zqA18xiT{cwWj|;tBB4%QKort$5lyj7{o+7QJ#dqG6^~cp;HhNo;8ww_tt(xWJ-4Ch
zQ#_0`=8cGNAJ5bdX`H@adqZj`7z;)gEX|V!OnK=|O!piZ3t?VGtoOpSd4gGbs;!dy
zrzL;!CM~^6X=9=iAwLgl$Kw4ip}}ORn7fcTTE1f114^hYo$MSmF>NsXXpx(4!)9EP
ztC=d@10pT2QD>^xlJrX~ms3AT)yjhz_=18GR9sl1@oYo0@jT}g!{(DkSHh$Ub#;<O
z)Ak9#hFGr|$wD6?V@(sZtIZR6jt58Q`dmEA{4UO@<YDO#zQp2Y&d5MC-?@nL5(DG~
zb{K$x9ht0uy<1qFxwKu%q{E)%<^BGiLD?j?hA#HuYAFEyxjbA};L&dZAc5yX^;-Fo
z*UnUvB~2SDm=<v~y_klSS2e{$`uoU8D5nFDQxv2bjAv2x^pNWHT(#<l@Yjz)Q-R&Z
zJ}VPva~gAsTpixr#Wmp4Uwi$^Sq~X8pIMX&UIgx*M(I2@oMI^4`u2Y_jqs#mbk8`l
z^)?&d-kL?STf30!+{1*I;FjusZ+GfM9?=AJL~|fp9Wme#H0~h|J6EkNmGbw_Ku4vz
zLAx&DAFp`8nc>A(g_W?0#h+Ttq!cNImx+U@8fn?z*TwD@>*gGKx$|fLp((_UtwEf!
zHMS=j<|j{ZfBAE_uoYoQT8B`o`)v1BW${oL@i9|vrljp2_1gPW%{!qdVa(<g?cz^4
zexNZm>tGz}C`O*-jb%I6`s{peF-eM@3(ydKuVG#2_f!oD!FhHzL%_)Mfxy{3xwv62
z`YPOuML|-JZT+l|0Nu1*+;H7|c1uE?OFpPkMTbqRc3y>}p^Ge{)`BA)4pF6ADP{RS
ziFhB^+Lxu;$9Jbu0+?jbxj!U<ZAiTj)1{j&+|&J{EQFz5EjY3El=s@R)~8-g!*b}s
zCO;_!y8vsH!|o=X@T3t)uX<SL;#tRP=ELqT;ITE>v}+@Ce)Ca!0A-mUVQ;hheZzK*
zi$V`u(oSE+qSr?3B3vfFJecniPeF<mp-yu%dRzSABPB9G^rCsC&io?(7JCRlZiJuC
zQdf!~$Rhr&srnLiadqS-mZ056o{2rXh&nD@z?bs)Xxu5=@M3x(m|8yh1T;dhK87P`
z{=rA1Z=#0!tXmZn9PDZHmfgB?=Jm44Iri%r0J#Ek0;5T`2bPNA$$xu&0w~u!j<m(<
zqtK5{KsLiv@wMybv#QojE@EwRO=Z*X(<OMcWvI~*OpT(rUJ1*Dg=l&afxIJEnjH?}
z^|d?Gz~WBx5Up0&lP3fL7kYtvS1OR{goNp!JLg$BGnFh``!0RhuG(OmH5k3?ORIU{
zpecUC!-BnQPjk2{=LYUTDWAo`zpO3j60cOR&!~4J_7Uw()Y=3}13Zq!`jG9uDhM#X
zEz|i^D8tNhSfpC5G%Cl4)B08rQ+|fNWY_6~QtS85Up+a>vOWT&hzf`vVwR6(P8nDP
zYh8!Nw`!G-Dbt`H%&<84!m(AKZ23)YAGVn*-<Jfi*us=6?YeQ!AvkN4^HhnmC=2zR
z^-o?n<<FVS%*(9&xvuYlwiLw6fAUhEgOLkElx<jF+>!8#bR;R|ym){~ss%k&P^Zt&
z9npDj%LpX&?yK&z%FPzHcqhRbJl9R%GUz6ph5w3Ypa$fW#rS>=wZ^7eSud*=@eFqT
zFWSG7)@xy81}Y}K%iWqm!Xd8R<xzB?cpp?_lPlNmh_oD&^#PT@8_Y2K!96aw<q-9J
z@a7{KcJPsywsX$GEE^FpP|6Z>o3Tf^E44`~K)BDG(mR&(ht~NXn<3bplWiytMya&5
zJJ+7_k;f{OT4~AN)NxvXgjPe-!w&Cj#=JhnH$8fvV5K0*Drog>Jo?1XX{jO{M->zQ
z$aUC;MnI)iyYPKNJ$V8IQ2$s8(uq(IPHJL9fQ|b{zErhc<$5VWo2RWU;n(@0`1822
z5+;Aw7mEYdBx#LC-5Qsx@^$BLGp0@Zr~Zt$v}7$iar^Brgpz1*07LZTPW?lX6KNkj
zrNC2&>ubpf%~^u5`+l^;3aF-!831&`0xl7^5+-o5(BV#cbAy`_CbXdVXIff&DqdKT
zUTH3gCs*gAX31g8>0$A#6ICmXJF%v20)26MMM4`@q=KEyJ!|x_Mif0gPPdsYvA36o
z_rc-A<r;zO*w}R481~(A(zNR~3P}?Gd7jC}(W&}M6cZH>kbr)c;O59E;to+Zh84%U
zMpkF+|Cv<`#Gy#QA!XKklWt}q_C(ut*GBtb7lu2VkWy{nNuq*E5=0ue3FtDwlr}s{
zIHZRLB{1-xr39qH{j|58;%~R9m%Wd_;5Xk6&MWf3x4+U6uH?66DTGYtwX$mX&1KMm
zRT{N9Q{+!~Sq<Vl_CFUHCb-)Oz@T`p|3NasrPDZDqBr+&seUI2>RO(OY`&COVps_j
z60?8Ty-uF4CXxLs5rD<Oi=GZ<fNU-TV#lvP!hf=0e>_jJyT!B*7(K%x|E=gZZ1u9y
z^1>TM7s8(PhWTrlH(3D)!Zg`6e9j|44b!l#WD?9!8Y=w-riyh^08v(hz3Dq~?GHt4
z(*E20n-9EGVUju5xEy_t<)!V^*KSi}JT>g+x>MPegymkY2MtGFfWD}Bsz);nB;(^1
z*^i%hs_rA+Xz~m1D0w=xenb4fgir#D4M~CKV31l{c}%$%^sYqHXoTAStyMG<kU7YL
zT9%ex3b1Fc7rCb8PHx}^mtRO(ZBYZ{n2hZ9-$BhdvIH5=K|6%+D^MkT{Ul(RpsP?=
ziLBYCdW~I$%MQgBjt({ek4%0#2?6-Fw{`zI97zy~p#6?SZX7Ez6;JTPdU+Pz#DoJ!
z?ZNcIuxi>v0<(I-QK>+!OjbL*fX<ZgZSmTEvubb1Xt`=HQ=8~@2`{GaZeF%@cSBPu
zkkZyEo1YSNpHRlB1-Ac6{eGYki1<r59Pkjmw~7L}_ijrtaNxFVd?B<BF|1yE99#wD
zPohH-aCKS~!(vkt9K|Cg45VN_=e8URubnBLp%u-}pF3nwghl;<Z$nqM6l1mtE<6e3
zeo2$P_t;`Sh<>dL(E!it^>JwEEcOMQJLLs{+hr*YUYstyQ%-eUM9rn`0Wy<22J^Q~
zHh*=rLai&$#Q3Y_Dm!k!5%<YhpK<5<fwfW;In)<?AREhhVhbL^VOMSii9e|T7-j(j
z;DO4%p*zAey#{RNQL9q?;}dklCscaY-<K*5u0paS@x6aGF7fo5h<%R_=INy-753CV
zF6+Kk6=z?AP-el+vp>!}DGeQKb^<x&F#CmH`DT#M^UJ=j3j6Zk!VXjjp-H<$`7CX#
zAe{r!f4xehgoYnqJnyUQHBa}13C5B>Bf_ba1!mnJWq<>oP^RmPWCI-VAOR+v&cdh;
zm}8gITZIfAdYIY7=w1@y^YNnmO5LM<Jz*C%E~Uk+>DG}4a(71W+QucWUXy58?EJKV
zbpz&u<w2oJGgRBz<Fq%)U7{=*SmwehGSR>G>Z#|lP4T+&LrKPDu_Av!Yw<?+iE^=e
zLIh^a#!xlg_MUtn>oot;*7($XX!S1T0{lc&@}e|L1+wqG$-_5I6ZsmEK%hLqvYR4F
zFJWBH(%=LgAg3|AR|@@U(DOuSX*A?dK)}|KkAM2Il2JnoGNVw;_k4mgX6*pWG-K1f
zVb&a_#1@l=r?TS5-xoh)mlNvd=t?wV<6A$mjXO>dD6SF~29yez6>%w0as8^k#S6fW
z*f_E2T%IW!T6f_xK|(c;WIsmj(t!n7G7vUJvwwN~6BytvkbWbgQ}?dLA>rydKti+y
zEDm^{7zm8Q{So*1eQQPOIW9#dbueaD=_4qPG~SsWM#rg%w~{hOX4rt})5cqU$<^^~
zC52WboK7{5!Z87<JaZopUd?ZLHR)h^k2lP`M-|QzpEW7Q=tbbk%=v1zyvxo*S}5mV
z3&UG2pDh?Ws~>O{h%+Le?=2Rmol`Z2VX-(_<d40DKnHy=cE<49BnmPkADm;8eEnd?
z9}8$+*px@627JVwd`+pQJ&%tHAaj_}(DehG-sPFl!cCZyG3ul5FOl{Iql%Ozej@f*
z0SUwB<DXc%=HIH`WZ&V@*K1g6_6UKoq5W>>m@ev<q6+OvJa}Yo<i_6s5EqsEMY6)E
z14L2C&c}*Lt6dnr47u8Z*>=sOK}N@K$SL|h(6WOVSLWOXNJb_izbt$Jc3TekTQOf9
zA|NV-Htl}F`}|g6?*o7}-Q}sa<b1aLUB^^q$Wxi?rr<fqgHq;in*!jKf%|r>z*OEH
za<i!4A|m&{M+%zK33jEUEen2agS!#Po2-@n1^U5q{Y45{>+~ZP&&CQ$b33zXI?yA1
zzKy{EHmP&~GB%{|yh}gSfyz-b)|+mSATlZo#Yqo&mOdx<lGuDkxEeu>5L;`Dr1My3
zw2)!X`a3hH$+572Pth&WO@vxZ)5aXmPBa;&ZjCf^tiUZ0u;GbjjW(sJ-UwEV&B&(#
zk<qWYE9rR2WpDdd@TSGELTL;ms58QKOx0vPjk<2|zK{b3{QFY&`FJ(l(sj+SQZwIj
zCL?0qBgOphH(`jCqme$~-{ymJQr?ZNaGAY7{n7*MmT4u8X?pQu=mWrnM=i1)c*U`t
zWt_x$mSKXQRBd(8|D{BvEbW;cY3=ZS&D*4~X(v5Xm2iTD9j<4*UT|66HN3zf>0X<>
zMrJZ_{c7@gu<?Kl-U7Go5BiClQ#WuLn@ilc_J9sQp8CL!7TBwqQtH$MVd!eCG4tGY
z^wcox<AvJOl`7MI5_1nBf6@^`0NZq=E4^45Z65?6$`dKxTeU&kcH3P2AX&|^zC*Rn
z>oM;)Y~~}A>Vc<EM@fEH-sVEZ1xU0a<{vH8>M^c&Kn&^Q%4UMlSaPCCd%-NDxU7WZ
zODN;Q{_S~TrV}4D<TU@x{UP1q66G0w%bUK6Z6jH>o;yM`C=%xxO%b`p9IKmbow<00
z)T`w#!cUj0TIxoO)9hfdlBeSV{BnISxcL(1q}=@K3y*2~x*g^aBeinVkM9c_fz?QF
z;0IAx0KFHp9B%K#%=!wUqR_p6{zHu|raX~4@~Vv$D9k4SF0zB1<6c|ScD@Q}SC^G-
zH??|Byc|YM*yZ^dZiRxM<=PNbq*L5f%WNPmFJIH8*U4dj<BH6E@8}AsI;T)0)5cAT
z)A4z^1eb>ZnuHe*3vYKJV<2n*y$#909iBtJj||x2jyz}PyK(&OpnB#AJC+WknDFUZ
zLP4HxOl%nA_?X(h|LX<dB7OaaP#vKC{^hnCe7+Jq8^tf6rz&|!AcW*sy%{Jw#rGTf
zlM(vqM21_;$*--f_8!A(|IP;#WG3FMWae8ZUqsPl77rd^r)kM}n*K);yCwfWNrc}`
z905oo+4tu)mzpS7BjA1`!yXOzutC7!Vt6-RP1_$YV*U1U|6&V6y8*RH*JyPWg2jZD
z!?K(X-a-)Yhj~#W;7_;Eb))5F{3tP*$~U&0v)%#sbmTh=7SD-&AU_#FoK`IZ8&|N^
zX^2^*+t&dg)?Y)BktA0>p&-&o|FG(IcH;RjT~qE*7KSwY6DV(dG0jL6aQACuO{V@z
ze)G?L{zf_Xk5$4qI3qaq=)eX2uefs=OkVSiTeD0(>kgQR?{GOdqOq7dw11<54@K*X
zF$KJ5M|>cF0wmFYa}=?r*<S@(y6rBmvtT+V9OL{gUZPLWTmVKP&~Mn|_#`Py{DAU(
z$c#>*<OQnu9i=?42W4P$3GakXO9_G?;Q+41Tt=W{IQ-9P7Uk-2WuN)Cl#i|I*ay*j
zYPlyh+9WWb$BDouE9Phj-vKcqOseY+8dA{%5rI($PR;-lWCm=kKj2*Ez^%X9j3NjG
zKoRmBA&Y%-uW3D5g|NG-QK{Sq96Pgr=d|0=ggFz_lh)^s8tO6${8jh*5NLju-%*3N
zpdI^OZVc2Rt$<P;s=0@gIK@GjG&jINv|B;lC+UD5EQYUZ2zMj>658m?U-e>R;&<W{
zo0cSPFeu>E9H87W?zfX&_RAoFvqBptPLT?}Yxu2D!q1}tdGX>nO;peP3R`nN93gcf
zXW4wS2{HG`_hHV7Uk5-FuIZ4%b1H!-W|gP2Q}{7MwsatKr}b#elHv&f^m;x0(eq3K
zy8I#R3yVnhBSrH0ptpEhWbm=l?&Zx`QvGe$J~b93q<>wYC_vQa)tiGu<b^I6I_|I%
zU1U$4=%a0*F1f#=%er=t<{k^cVTAl=uWqQ%P_K=WUBFF<HVYa`p~<iv>?xmXY0LJ9
zyg9h04{kdyzfpxEtSfO`r+k(a9%+5H%>A*Pk(rh|M4mlz8+!}Ah}K6sSm%grFJ=P)
zd?;UWVTqa+O_iF?ko?e&?CVbSJX6Awev*<>3HalR3*lm(ZzoSn{G75dYsdP{4=rs8
z8^C%BG`MH%Mz@o?Rl1VAvL*jb@%w*UN>)omQzjc#`$Ue3%a1y7B(_lTz;dkRjr(YX
zcAs`adf1_P1ijplhPGiNBr}oMPNQwW4VZ6`KI6(cXg&-(V(sK>*dv!ZUjic!pnBKv
z!&_jXGnAWWd%%9*ICzUKkpad=z6UOIFSu1>=8<3CkDheIXDFQHQn^(-ga(Qu2UBo7
z423cAlVF!ag?uZpV1n<$duus$v7@7Q@)gkC$XEyt0J?bj3?3ohzDMHTTefWhrQT^(
zXjf}Cyn)Tz=#nwZVntTQ0t(**0l!q^gERK9N4_rb;Pz0=jY3}zZS;b<++AlbG0ir|
zVoh>2r)GfP%qCe4dATb~Mq$RdL<3E6=n*r!Q<-fg{xnIY7H!Wm&|(_p+y$%u6{Gb5
znCI0StszPWgqZhIB2vKRru@zD+X?&L$IAQ1fmJV>c_0P@cbaBAU;wrsPW(y%An`dz
z8Hxnrmhky}<UisD*y*Qhw~cpF9LxVHZg{1-(f<@T7eq@T<o?@$DOe_EpkGjR;dX@V
zeaB0Wb>$<iiM}<i6!P+VPg;h!ff*-LMT`spyvWhJ>X`a<s9zHU6kZ;2V2pQu_<j$Z
z@3cew3zLhVsC}L(1Q{nkk|wuXvikOoAjZu$y37FRNn~C-=Io&9TWC5969#T&83Q~p
zK#m)osWdsU5h2g?_Lj<>8{huACKs=&Mg<^xNy-MaFAiACp-qKczqw3-dtf0i@Sd3;
z%LX(w&`w`KTkpq~mI6Nl_l;4Wi}^!2i96umh3@m&RKz@m%L1SRTy_2~;>YAF^wQ)O
zrg!g+<j)cTkf;&VCuSPhZyqo*Y{4{XW5cToyW6KyXs9Zc+f2WKI}&*n&|06Mf!lD1
z+$*w0zku)@{_A04Uy9uXU}%7%1wK$GikgFd#@m!n%LrwTF;bxdSRpQ51@u@4TW*MJ
zmu(w-FyuXztP?Kl7Xf&ho9@?V0<XPAWxADwMnA6UnBxgy<CEp^iN%j29Dg#Hemgo0
zeo`*PhkW;hoXXc9j%_?$5imrRo#hdW3doH6Z-C>xbZ+XlW?rNZnRVY=%!!4ZDTcRV
zDbtzy|9JYUsJgab+2HQ(Zoz{)!Civ{5AN=^ad!_I9753G?i$?P-QD3W&b{}I!T#V2
zR`0pGtE#Je!U7|o`zGhVu4~+Wg}&_AHDv%CYWu)yVAhvV<Jkc|=ZStZPbRsj&RJm7
zu#}b!YXJfxoEijpPyR!j{f%iOvfK@jpha?kTA<x#Lq$(L@op-vtAj}9TT#ZE_~UIc
zkh^<8LB(g^KxOBTM^OrDxJ1h_1CyNVk&}*?6olPXi}qeVJKyFLbd|)|(aBH|C-xZ0
z8+W`lTd`Yt*aU2VXMp?gsN%<*ge<qCRMXz@BMZGEdS7T)fe13a`W|@pixUD|(&Y{k
zyX-v<n{RBKb)PtI?EL_MoA|ml&F#5t@5-riabttY??bTJ4L|Gea|kU$<#_Kw{vVVb
z`mz4eLwQ!R>*xM}O}l8czm0)rZ^&otjz3>U|E7ebely-aAU-e;i1p^0<|mBoW?T=F
zf)#wyP3z#kZJb7$_f>+6FMkiJ-$sY}No6izvq18Q(eHoS3+)*OrjVL(@&bMpvH#=m
zG8{Anq9yXu{;UzhcNi0d0yLnn;q>A7oUtE>o!uJPYJ%BJ;Of2?gst?U@jd|c`@WYJ
z7>p*s4w~aCpy=XsBv(YPM*sl2;g;A@&l?>W@Xpj7#pJ(sgU^2C+YE42TXF-Qt+0+w
z;PiVSBRBWSvOR#4&TPL%iht?v14dm|(;Ae-xoWNec%~|+NMPNJ^VC9GiK_?9%9F0#
zbxbVgW%KD6{55HRUxZPMnDy#NrxQ$Q+JmTi_W+zc?#KH@FGjE!oh(&0Z6r3!fxQaZ
zolz1j)~+kxzwa=W^rU7evJ)E8ViqlG$Thx!&%#dZ{yh8%3@OOrf0#O0<!3Qj@F<|~
zUnK+-?FRQq{EV1IF1=|>zdb7y!lzKFn<_&Zvm=H^o<**S-HY3a#D)y{-03;q^M~iR
zK$*EA0HFI9fK0`%MgX#$?f-NeG>koVQ(KJmA!^sttxLRY;+_oQe(17mIsw60h@<+$
zoiCmflA3<wYJd;(K;K|mpj5<no5+4u@<&hI=V(j4XwUW=Zz`p!#XA-TLBJ``a(Amk
z+_+)szEw~6irc+#P%f!P(V6cRhID6SzTxaONXJCg(TM3B{cC;PuSas^rEZwt_LTt8
zfb60FGgFU-{_4;cc)uC{<w@s#s&8<PT{oUZ`Pop}<>W#^EqOPxL3lMi=+jRrsJzY3
znojiVi&cDw9=ik|A3##L%5F=|6j0ncvFx9mmU-Lb8v;^weCyN?2(K#dNjXI?nd;yd
zi?wL%|AF1k7-Mw(LUv#fvt_XVX^_R?nwWrdgS%ZZJPI(j*QUSOCfmBqE2<e!?D?ge
zRJ|?5k59W2rX$CY*wkvasy_;cJaut3yrt|RPL^0gK6G#Q@@lgfDzk?|*r_8oxyW7`
zn_<8~;YIXv$LlH>A3{~xQ!Qk%2{-|7=Jdye#1-LMdA*C(CSV}HJ{E%J0;vfoVw1YP
z>x82ySx~RPv%DCNlqLg96Vc)(S!|F!Iah?oLkK#<5;{(O9bE-t{{DrNv?F-bKBoru
z(ug@l;#KuZ^%0gW7=Os^fM^xtU-9ohl#dZ>JHw{ggs3VM`DXF7f1dQ9S^c$80xOv&
z#>NZx?1gUS5#!bkbA)}VI4TS1jJ=A{mMh1{RbZo$s)qTVh~LoI_Lwh(qTx~&0g#*c
zYA-oaTL->KnslRhJWE#f)T3%gN39f?o84sCVtCTm<F?VHW8)Y>e`ad6H3qvH%u!um
zo`mG%qLw>2gL6(JR+vxEB92p)Xqa|-bGgX`5#h34WrO@yvSPPRth?9dzrOvwk9$86
z5OazMnXV1EPGwo{4Pzwi%-UKtmxvAe(vOFXvzbZ$Qh0eFvG%?7!PDXIZ>hQmLihR9
zFGzj+Z4$4qD_2Oc$kB{|`9u1ZK#m4GxF6yuq-#=lc!n76`hAh_{Gz_>FVZ@G3gdFk
zj)0LF-<U$CG&=e(yreb@cud;-!a{uui|@fH$Xd;Q3cO@wsGPwpnF5(v+=(XwCzLT+
z?pCtvB$Zgw^^|<o7|TOVl_RMI>-;q)&;0vDD9Hnb@|9aFRkQi}H=NerW1er|_=!=p
z0{z_+@nrSf@}jG`PdJZO^^ku$Ioy&^C>xqUmMGCO{g}}g7GJ&;rvz^~)ST*dSzOz|
zAss*o-}od=7tSUsUb@q+ZDqnyZ=nZV1Rza+sC_W*(a|Xpgo9Zg^ILgdh2u!;!oA9x
zmi)&yc%CA$gubf3$tWR%)!xPzDrv5AU!!W*;{hlf3O(kK^u(`q1R?1%odn*Q5|Jb3
z-6@&kKCVJXjxZaOx|B>S_0XDctk(KeiC*Q%)T{8K)b(%pIq#AxXvIQk?HQB598{Ei
zo!yMVR8--<tG-kU*mBpv+}Qwo43`V|)JaPhN3Cix8S|Fg@#QZ=-D6I=j2gBkkHTW2
zsd#8&g9<QLh*8utl4Xq0Zy)n_&QlM`%@ckp(PEwkp_4|`PfwUXq)ZC9dwEtk?_7#=
z)MJn2E1-0|LDqP7k&yViIGGsE)|T8YfVq4B4ojOMbT=(ZvwCbc(2WA8L@iJGjiz5{
z*{jiY+|}wJxQBEd#v~NfeutS-mt*+-xil>Pg>?o?C!|ih%fn)%)MaU`K)LT5Az4uk
zX8H8o33u$89|akdl@`j;6||x3FuX$@Q;ecJCg=cXUC{JZ%QB}(Xz|Jg*)}w>(0*Q(
zyq|(~m+9f$X%i}Jo<3eG7AB<?#*3?`%f_Gqnj|$1xh+)qJa@thHZ7UYwX8%S*mu*K
z75q;{@98Zn7LmM20F;xKejef^x3&6FEAL(5P2V&qDNJIPTq9SBRwNHHEbsJTs`yL#
z1Ka~-SY_Q=yucN=VGS&tUrSDWO4~#$)Ok)j%@zcu<JExVMq#ioNn9iqR2heP?KhMh
zncIs}ztEs)glg+FS?9;EXcWgn12u0>E0@?uR|87g_IPtEZ~F&<n|(^EXy00Xln6>+
zAB0Hc5rltdH@+|Av_s9V#~yFiRch9-BuBQz*+0_@+>9ZqKW#qkYi_zY?0D_Y*A_%1
zW=29AMu}|b@25hC!ego5wdzYZ*l0{SUv`S)4>6ZS6xK}+i+z7(boUZ*%-_Hz51^pS
z-}R#VG?Bs}+;XJK3hvB%ao~)*y~XNs9!$py*Dx&|xT@e`{blZjH9^9SbFU0OSi}J?
z|05V;916S{5|k=VJCmsayKJ!|@aAk8@i2>RR9pfVIrp1cRbHYOx5($1Mxs{p%p!IK
zT9zU5MWzeJowD6~;%Tyb=ssJYnwvlWqXK@3upjtIKtW+-F-U-`9%Y{8YWP|9b+z<!
zY@Ul|2GRZ`fqi;HRgp_EryFX0Qf7Tea=I!xC-SME=<?=)p7|11Sw+*~2Gqc5K<pd5
zReRh#-FN$29~O6!3kOk}E`8#}yZU&@uxaFs)UGhP@-nC}&WJSo7SZzt4kqy4pW;=w
z#Gmsh>WF+LQeo30zBnVS^|p9HoHc*u_Y>rWR#kydsdaYd6>!Z+*3xC)J%qTxj0*U7
zMkHVzERuVWKns><&ety0J2bVyi@M%BNh5spdzZB={7_Fq&k3x?<LA4F9HDt#%@M!d
zTp=D9Tx3W(nT9gk&gW0)^-Nu@ZwPs@=aL%w(H=cI{|NTBV&s1@f!Ndg@%<k1`6kZ4
z%gXhk<&}+41=AeV;OnqnE?}^gj1Q+CNN8I@@!Qfa@8b}{xP@Kn(QYxSD6JZiMzuHF
z+#`vLA~AT75W3=WP-$X@8qRy7kvN#9y|`RXz)}%9K6O^n?_3|>hA4LN_$p21hseRU
z31OBlZc>njTR2wo`H~WoMWkH1Pn5qvjy5+nj>K-c@LV3{v-A%nPW)wdFhyVr4TKI&
ztZ8&Ufij|uD2V!m1s|L@`oEzNdyL;WEqvaYT+oD2S*I0FpNn|VgGooV)%qNp!tQPY
z=Z^m>sy-Hv<>-?nbd|>~I{Hg`1~DDd?{LIKa}K0%Q|)trZ^>ep3EFGiDUS>syFSSK
zH~@uv${Bp0thDa$h!$`vzh1tl<9vM%i@=^gZv{UPByGg9@%n4S;e7!=!|7_LeGSF`
zk}*hB;P@m%)W6$M%MW&%f^xjyQ@S0OiT9M2-tR>dyhsv}rrGge8?i=uOBCu#3x*CR
zzo_SoV7k57fu-n!L>vtr$cpWx1)Y+_K4Dp{O;8dYQOMv%yAvCbbP_{cFOsXI<NV)K
zJ79ZQe-<9T8_8z|-!jkiHoZd>WctfWj&3gEZr{SM_s-JGg?+Ggjq&j4?BUBv9mG^D
z2VK{E%~ySDJcHbtx#XV;VX)K=e*HAgLc9p)$H$B9rGkC?)2HNA5ZBF_eu*T99*Luh
zw$ou5l_K%x>~;6}bbV<2I_11>T|o9eBC=5eLSt<+_FwX8;7_4c&v08Gs?Tmukls&<
z4`(Brm8o%%iRYH9Z9X~k_J#<*?vkQLjV)F=zKTV1iYPl-#)u`4h5Sxb@{pUVXObY~
zyy+u}Kr`57ZMEeR6Gt=qVl;H9D3=LW+@sJoJ&NXp923Bb?lP@UnYDxoeDR6@rN<pk
z?4%s-opp7!v&z|vLiI;WvGh6Hhh}{!+e#Z}_4B#;4x2%-pRjY8mOihcBXEkkG%-^l
zxDR6_FQ(zCsCBOc%F7@^0sVFoT^}sT%2u3Es@Luneon9oA7S;wmV2Boyan4Pi{st;
zjoa>l%I;ys7Ymc;hHjL1viQh*Jur6r(?FI>Y&1BK2O{!m5`O;OMbAYWiDH^3QrvhI
z-Q~%e*J<hCYR#0RfqeW-Af)GcP<}i9+hfv8jIJ2CSc@ITQs4O|Pc24lIdOx!Y!qus
z?;k?+gz3)XKGVM{SVl$l`?Q11)@%NXKt;gZ$D$I(v?(4C{wY<SbDs0^urgW4D_sfJ
zvF!MW2Et*0y@U2Q=&AcdJ(&=7_Qk`>=5^qo{vae~=a0bDc8WJjiefQA#mRQLR*o0J
z=nzw)dab|#igHsF>%@UdA*eE;KrE6Gj%!J&-uxp<?>jrG5iDk;oQF@3*2w9klg&mj
z%aVQv_~PP?0S<BF?$gZ~Qtm4WUreJ&8A9~wENt~#k-2<mu5PW7E-K9^zqlX2*ZC4=
zp=oE;4z4zXj~_Y$Ac$9#y$F&mg;;>K7uSLNWTs_P$<R#)%80a5{~2B%$ZblQSTcUJ
z0VNf`d7pJM&GW^+0>$?I4b%3Gsr8b65$C}AOg4kpfm_p$kdHK05E$edoj=TQyBs=T
zTCLXF22%mJ`g_CU-Mzjtc)?!><flLo|0Yf<=`D&ln=!|;l~BrD-7MC{b7+BpZPHg>
z>F5@w2i{lsA7_Xq+@5zv_DfW&#}8ypsmr@KGx6l4Dc>G5m+=EYlHJv1Vil(m24ZQ`
z8gd94KJXMYBgaZJ*&*MV2OI6){X6>Xa6}qhpwhA4dz_q6h+B|i)g|S02#ai2rKJ@5
zPF;WeT`XatR>={P$RlL*D5nL^@K!)BWY`uW==FL1`E2cPOEIe;n0!IF0&Tw@J-G3v
z_2U&<8oZ%G`~XI1;JAP)Jvu5F*wC`wlEq-^$a=c(b4F^2p2=DZTs>3h*X`Hkdd!|8
zDwa#m??h@k!ed>3Mt@w-!&$g|Sp?n3ev!TpM~NHP$=STRcIDkzs+9h$Ns1TEAvMNA
zR3zf?1o<b8f|zrTC3q7kT9w$PdEa==>cob?J)(AkkXcR%41*rdb2?p6WPfy^SP?P!
z=;u))XUz0FW0C3UhTC>AEL3B=jnb_MCz0X*T@0XNgwRa_3tg2E;6*ODNuiZ=wfhg^
zVrF3i2lx|%W(~u&kX^e|KC50HCY(0*j}m?vmrZs{g#JyNQd*~BUG(qfTJ8k2!k#Gc
z1KTixv6pbD`nsX#nMxju7SU+&bC|hy<|j8vNyr_Ka*k`DOBZRr?@wQ=KJhqcTEeLN
zK#zC8yg$=Zn$_9;s3iwC!vkmS?L>KJqWc!Po}8mCPjy2w?JeH1E`<iv9u`lnYby(a
zSLN31l=EZPE-&Vue(?lwXmazZ7U|lt?RcrdT%!2C07XB-)#;i~)w8nuOh(=#;FOFS
zVuLu9vJUSNij=pLr<k!=R#`7+IzA*(E$zGa%gXNjhLDX<sw)G?TQ0o9#Wd7{*+Il@
z;SH3Vt~}LCCz&io6G|-5Pl#5!r;)(Hr{yL52#&YO)b7BaWEutSRbxsM<Gg7}G}Y#e
zw5ipCf1v1(Dz3|oW!Bie8)Piq=DCk@<vC?jwbQnddHaHP)#!-4a{Z^E_nU^W$xmw`
z)jw;rOrM9-*NdBLF4NS-gzK472UzE&_-1zG(%ynFiOyFEy{$!~`6a|<hsWCc@l&4g
z58Dg5L7B(oE?TzRkI^_2mYeC%86^9W=D}>Q)3qvojhQN{wMONwXM8&N_&c!|k+^Z`
zNgb~&j*yges=SPhJ|q(I(K@jJJ`@wf)Pu6xmmsF-#B!60*w$u_=!ik_Nt)TxaWN})
zKAFqp53qgHcE7g;7Hk85sUP>_MafL@S19hW{i{+Oy(hLu$`3^m=o1ROD<YF7O5kD+
z&~19>6}+xNzpsqUZ#`B1I)y9BNtl&WIo!TW>AbSuwuJ!kiGErO9-StzefNKG%>=;I
z85$URBl*uX>at#%*lw%wuAAbGx}3-90`GzT{*gNR5#v5C`>BJ-l-h4WXRgwhtWtWd
zDEh-glLB3<0Y?N-Qip3B#|)kXXTDlXb?xsF1#2sBnh!6YeLTN-S^`c?i@6luB;~Io
z6NJ5UNOaSr+s~Z{Ef9&h{yp%V=+N9ZJ|FJ+a+;mZN02-FBo#1XgD4NxD2hV_ZMV@6
ztzG6-?VDS7VZ&nAL^ne#BXF-8ciVRNA~mGUx^_icjxgAd_qKUFAS*|xB>bo`_SPPI
z)BiPQBL6|g8Q7Ytz9pewZT6OD{GSjhgNvb|$By*DDPq#ZBqwhCp`l~TC^^90y0am*
zU5D1$`}R9jG1v3Jc*XxvNfo~hy_ML)$I}{g5j?OCY+QxfYbVq9e^58!(4zZNSs73G
z*r_&FBjMDOLQcw2{4#$eG}j@p1}=@45K;#!D>(66r>v%{D>gyDf1@|lgsJicd-3@0
zp2*V&RirE&bX@B~-HrCuz`QP=0{eI`@<D1GV_HPj@WIF@fM)7e*pg+=8_ekq>M~r3
z<+J;HiXp4q36GSP67zG_EjVPsf#-%vxzHQ<FP<8N)x3twlXrAQQAWLJ?7&GWZ%^vI
z8E1C$s>MGu;(bmGcHG%7@kjS^z+1#5lJrSAsMvs#|HjIalPTBq3^A|10{Hg{s^PG2
zW@)7LUZ|x<)^aP>HGfO$M03#ma@Woe9;vYL9j#o0$!W#+B*#j_p7Qa-oX+N65%a74
z0<NNZ2zt98*!*4DH4&b0G}YDt8&~rR242t)dP#N*Q+nJXxq2c|l-X=X@e0J`2R*yR
z5BxGGvSGx$`+1Gm{U_>qDxV)s<q!MP1$f_Sf>at6Qv2(2N(-HZHl6SmBg>|Q<^yNz
zohq(Zw3u40=R%bdWQ`!at+jP&*>q0Ur$a<;>w}b5gp8D}QvR6v?GRcBhayOZCXe3U
z{!Qlv3wsal1XKe^z%r)r0TOVKjw)NpfsG3f2#6i%W{+sYd!qrtf2E_MsaZK7hzyq0
zqb#&p?`rvfBUBc-ZtS`vvgTH%CXqo^<-E!2WvEhiv{{4fzfpjKVB?}Ae_TK=s%z}x
zU^|p!lIq3Q8tA?@tvp98zlzXQdBrn>8%ksS$er!l)SbekSMq*<tz$&3)NtA0Ay}e-
zqF><{E6}VX74C*hLP8L)TD$C-t8;W&*kJ|eO)TC0po8pMU~&%hd8E9b7YP36>aGh8
z8tKw1m3gYK-~NRHe?4@o7UN{KLt0JC4;clh)`dTuzl|6O4_D10)8bYpd(?p{+6N^D
zhbn$7eN5eS;3hbBnC!$Y;6}~*+z_9T70J3L=KM%D)$X30B+gcX=L|I)tm;tUY~`Ev
z>`UEuXce(>W>%ny{bJ+ZrC%jzmjatoYkSer@p#{W3Fg3?ZpY_BDEN^0?h^OOBFb+E
z>j5Fa3mF{@+%U|2wTI<dT>9K{NoHXnqr=~WEjJgr{f%<vL2Ae0Gxz=H8|oko+;X}v
z^Oim5>vdoANP_h(JP>VDos|MpC`j9%^{(X~R~Vm#1sj-XZb%ppBm7JC%q(Sfvgk!7
zlmcxxmoIkV`PFD%CHzbgQnK4V;L?)Kj0ZcR%o!b{W6LfK&Kdm&gh<H4c*Rk5#=B9r
ze;fsV7LZRj%qNe{Q$cc$D(G-SrRJyV4FALY|1?3A;Il?Qy|B7N@V%})Qaplle}{K^
zL(2@91=Vt=EFW!#Tm2eWq8q%OOhEf#rT$wK7%K|w6~^fG0#WORp(kv(p$s>1BzMs_
z(C>GKg6=wew>74Aj|o-{{agRf3os6a(@LN2L`F^;uTn)07Z;&|_NzSH+~-Z-!v0e^
z2B{#l-kf7w$SQSFPL{B@ITy2d%N7QIq1Pq%iMtE0q2adF;Hf_y9aQXc@T}>65^MO<
z3u~NEt4sM`fbNMnNKah84`J$Nw1T@oi1XjS1SQI@?Hf<ZZCNTNBqRrR;YMCwa7KkT
zY{oPw2{?b5?J3%@Ot)pdwWZTT$=v8m-=Lq~{0kZp>oERt!NXXG7HySzVtgAw(1C=o
zh7NNp{O9&<A1Rtnvk45mchy|3c)F*vU*t|N@bx*C<O%_`nCR`!{o29%O+P&IWtY{S
zXXDAPD@^@Qfxb*F$ET@;PIGxkN)>o@@zNQ}y55+&soBp=Um?qvp=gl9-z9+ik?nl6
zoqlh_*OU!UGP)zUR`lpP!K3_&jp<5C3!>tH(EXMq#xvnWT3#u}^F^EPgXxGk3;{4P
z57@;;sdjYqT(Vvt@sx*mAiI~C@Ke5(3QkuSOL}CT!lDmm=9Wm>WpkGO2DkU;qFG7!
zunUUF<nddpTe*Uk{Stwep8T!2@aNdBWH%YKCqOJQsCQ?cQG?o_ekLbfY<peyMoYNi
z5AXMr`@|7lwp$$Y9J|^~UQ1CwLP!3)0{+e>WX76GSY#>%Rtmw!d08ds>~>gV^>EOr
zq%_FQmpLb~QV8kYTSWz0H=6uzEvL(mHNJ8ZeU_#$=1^qg@|Uhgkn8P!V=PJkv7?{f
z2eWe;7wr9s;n1R^dFncBq*}s^OE2L!*^j^`_(24mEr3K`D+JNs?N{CSdzeS?oiR-a
zA#yH|N+6L|l>M@04z<GyDW-q{C~1YJgIMl{B7cyJ_c~+WAwVznVKIEZu-EIr<{`#E
z)B_nNhL(1yxpA3rO|Kho`-Nx5w`K|0P+z2LwRb&465jEV>aNlVSq`Vox!JxWXIdvS
zTnKSd$u!U1)hYSn?zL?SaSDn(tEZ}J{h7-~w+pL9bz#Hd09&7S;%$Qho5IhDwYPES
zz`uOuZkD_Y{et+1pBg%Nj<@lB|1HlURdsBf1gs63L+ISPYPRQ&BR6YhIdU6jk~uTl
z?3|k4g~OfWS0rmfT)KpzB`<y!a_Fc;7E}86cZf^Os3u6E4*@LK90iC*rVxXL{qp^0
zie#x4SM2XRJY3hLxb!U9KXhO{rC(HVS|x@PxJrpw{C{^_EU<Y&=^OQGY{XtuC7WD8
zT6~9R#L1Numt_Zfa+k<(a=PJPI)gG^Dj@`f!71q5Po=^3m+)UO7CU({^&`?GAlBaz
z5VI)h*c5eP22h^*<XQ_KHT7Rv8GJReK@T_&9YV7E)v{30(EO)l!dg;Y5x8LC1|ey)
zqJ)Du9rW?+Buq5cnv_JVe_ZTWMael&)N!xX9AwS~YJGGDG`z{ljR$+{^+!TS{9XG7
z%w@1Q=$QMCT{oj6$e9GeoYujkE~!@(Xpj_eOo|ZyK&6JqO%W{FA;Nd<#)S}=JOiuB
z8+qJW#Xjo&myf`JYI$*eIHKC|B^P~V_D6&I&J!{Xx-%0(kfjz{<AO#Js!eWlo9*!d
z!oNK$IrNCP`dTqv$q=&pj)69b{zxI_XRQks*#F$HOz=XdhI#^quGy+LPb&;AE^4qE
zrs%hD)VE3`Mv0U~IgXLAG54PMghC>Zbh7s{!YnAPQm6L--TLs|zAc=bzdXiIj20f4
zIS2dcoB{hU4^KrhDFdZWt;(wHrL|Ve;@taj)X}>Z&GvDvsV!BB+ge3?$_m!`c)3W{
z0@+rw;em)Brhc<}ZgbX>71xN>#56H3Aq2W=*=7cRi*|&-zt{kivZ!wSSt)3*mn`kp
z>U+tjM;)IgbYh>vT~mS&pezocK!+bgM|6)D(>Vo>kMAW6>HgK;%yf%Q0AfH>tq)DB
z5h!4Ak52E>P|@W^GBXs0Pa>1B<kb@OC1c1$%6Ww;T0x@wuH*};_r~;cMDae{sOTpq
z4ue3je)sT6c?uPk@lyN;xI79%B|LG@E?3VwXs4134wFp*ru8~>Z~M-3LrBP9-^bem
z^U`uDJz!QO-oq+$f}{Cjzj#kdG^mNKkI?>I{k=V4(*Bf-O8(eeNgv`bh#swWXnOq3
zTN|Re@Vv`32kjROBJ`HLDTBvqcuaK9uKmQuog+IL%(LG}LA4moL9L6lk_Ht5W_`%U
zDV7P#_Ws30<?Q%}JeE|_VI2|EMMGK9igBDRPe|uUbozT-N?LIsDJg19OL8k+QA&p`
zG$dQJ<a2BKlVI@Mkg*jmyFwmwyLx-7F8y9esB34!y~!;8OJ1JE@fzDQ#8k}@IAoZe
z*KMhv7qpm`Ff|I@V$Cp|0X!<Hc0`vJf#*q!OfQb%R{5Ka-J1mbl4?sA#yc9TTlGW=
zXKSq_TC;?&#Jjf)^>b`HA^+v`u=4>MVM;qqPM2n)So4@h((q|O)^TCElRTANt2jAn
zx$s{nq$LxQO@SJO*wF}$G74VKl%UKrN=mBjuE<r>;$icmqI22<z8Vi>g~|4X@~QUL
z(zLXD38%|Vqjz;pF2$+G4|qT>3V@@5X*1dz54>?7p?vR2zNGOi{~={XM^jGaN!H%8
zb+MB-`9^e=5@NyRqg;*67zAb6$)sAH(p$|Z!Eed3vN|LPX3tPz%u{Id1%Ky$o~G<A
zJ9~m`K?abNR4tF(Q%<kolq}#iPfqXGGlY%1%0Hd|Wl$}*>m1^c%C6sgMG>wt)=>e3
zeDygL^qvaOIOkW}4X0a{Y<M-jyJ^LF_0%OWp8d?No!5+BUm2o%Y;bN0G78ELEa=hU
zwp7g5W+$jG@77fdpFb8Supu4G3~SQRN1SBkK6O26GlV?Awa44JX=Bf`A{q+ssWSP=
zo=>|<5sBd@w7stHi#z9y_K3f%K@XM(WC~!>fwD947Nh-Z50H~)Z1rSpCJ}G6Bc(@=
zBr+ER+KU2qsO%EHy&$_h8kG>UB3U(HQ*Sf~Q9oYG^ASSvCe4S2Ir|AMq2c7Q2-s`e
z7(r5g=5-!(^(0n00mTZ=jVDT$BNM-eVlqIaCG=Jc*sC?0OC(mSg->q&wd3s2Pu=mx
zN8>yb`oLUtm6blE54h#(Vg~CXxNfV#ie5a;FmHFF(j(VD6hi3kI|u1Tdjnjz4cY01
zy0q&%CSjFgS(%Vk@AcBq6E7N97fzxj{9gNIzIuCM_RxzsZLzdIf`3yRB=4QiNfM8V
zj(i<BStHF+ULU{u`z{eP40f_eNi3>7xo>y!kt4tW0r|k&oIPRfi!*vfgi6e41{8u>
zB5wIWLW(~zi;aGa#k1pyg~vxD>GW5)J0clB?3d=AK<3VloXhzii1;WJz)|MGI5bZP
z*u^05=OAsj$@P}n>S?SjhN=C0Ten#^CzHzH7ohA5Y)0ANR!KX<AT5sJ;!=iOs1>Wf
zCnA1o*A1?(=zUhOqXT!`kbR8c?AAEHFE$0^zY3io8fL;Qj*-<UU-6x=gS;WYBP=Xo
z5N)vMT+^j;w^ZB~kNUKon7~?Gls_-IS+!g`FX2Girk{^y5F6tql!|`5FMH2htgA<|
zNaaG5Lf!XV?-`zwuKFt%+V#)n`Ly}33;L^j%WXs2Rr+OJ<VPYBmb-vfETGCZDt*Ld
zrNFr7hGyfA#NP9EKa(l_>rFee^yp9zt{r*v3#x_qJEh4a!3=V`lp1jPOQ}43K=BF`
zPunZhI?CH;cTfo?L(43)rs3#lEK=s5r#xbgVi7NK%A%2c^?ji`=O)nmAYIphmCKaJ
zkQ<7AC}Ujm<3HjWL*$D|{X*gb*?bGtPdjo!+c(lB+|YO)Zxt5)&w$9A-@FxLa0y04
zFDTqx{OTDabhQOQs#m%t4)I1sLI6?)2u3WpW5Bgth0C&RyS7yEWF`$1D(SN*Sc)Z~
zZ3OT3{&2sK9nH6MQM<wlQ{R8jJY75xlFW~vY4=YZI)>xwj$FSX$g<ThhYSPaZ~%xc
zlN=M0T@M5XFGve0=R4+;h_xf{k_mkQJXBcaJrPX>uujrwKo9X7jzT^_rdtJBCqPj%
zazW(ZwA2i&);b46>{QU)|5OsBEK{vorKkUW9J~BUAyV~eh-A`RPGgO%?~1ezPLTMi
z?&SHkCqYPX=W62oP^I%Yc$KQkEwMHG5y6AdH8@P21V4Ib?H+HgX*y1UP@=({bFD4o
za%O&G)_elbh_%?nKw27uLbxT%Q<r_f2|5zZpd_85FWBhp-yD~c)X){eKV7P~Q=`hu
zNEFoEFK-eLJ8B+2#%|A1Y9E>#8lW~e69cF)SAV<d8Sit7uW;YW&t5eW8lEzO$$m|M
zN*M9C61imtALZ)jdOl$4z|jGnjdTi(zy+35S5dgcPUmuAjk`q241~DfiC4Id!^E`0
z3}pQ&ixB7uyG=c3>v}9Q)U@}4G>pN;D_CznE?DgL3S@CyzEIk!Fm{ph=ETb2;VjOa
zgq-XnLJ}=Mz_KHZ+*g^{m6ZXZN7L~M1H-KQ)X~tTnU2lG@D%hDv*7u~fr)d4iQ83J
z%<z}PL2$Qi@H7o2784bM;TAcGelt$H&SbOIKySAVn6I!uxbe=+-au^n(gImoy9cHC
z2WA5Q$b`C4mw>Vh{LGwdiuwSV@OUrbe<_6zmNfkujm2*0%st*$;FRNgB6sPtPYlYh
z$H!>SV!he4gF9ylx|6Gr<e60R%)Y<$ZtfkT?@I2lD*4T1BXbKyabLmZ2vcz9e3BUn
z&S_ueUp+R=|E<H%`)_FUo@j|_GWuWk)?<Q@NOORT;X35#8>4w@Yv}!kEB~CQIXigN
z_%In64^}kv2`8URh`US+%77{hK0_&^eq))6hg_a!3qHkn*D~&Mq1$wQzZ^S4PR+Yq
z@9)RP+A`QH?@r${VFwn)gou3>&#|0deswtMsX*`CSonI&7tX{GEzxyc`}ZAxFe|hP
zk9SpiOf%6gb6VW!vLng?oUsrOyEwndf+z-{G2eTtC%bZ1$Bn^O%9JTHx<T&%Q?#wA
z5=i4o+%SX8ZZ%2(lmaSQvF=01?_Ef}rvam~1mke1q^!{jC-~*=d1B;rtM4zs=CQo%
z$o`hE+c|@a<yCfnG1tzR;>XnBq%TgiM-`vn^mnV-KqUA_6HHzxqkAUq3R#`Um%li~
zFft7Kr`l+sjTo4UA<C9zOPdJl!L|z&b`7yoT+3>4*V^>NBn>=sQBp;z*8=;q-Y>r;
zbsvw9bbp<=`$9(vvJ825<3MfU;Eu?h>@=B|hH1II-gyxQN0<W0tPo1nKO#O@?Z_V^
zj-X}RxDN5TrHN=}05#-A0=>1Zt?mS1_#Rj=ip+70qom3X(GycwV7!lJB}002!>WSa
zs&JLiP;x4ieFTt=8c(hcg?HAAd$p-e>Nq7dRKJ(_swXy9l-6s9_s=h>^skdi4}Re_
zmAI?N@zR<FI&Z=>53%}Ks;vsG!yt8c{x4lMvynzGxkPVUAd=00Z@i@!6V}?nu8)%L
zu^;}C00l{BYr>)xVoJ)wja&Ds#nW#Dqcb;n(ZvSF*W=TDK_hThf~nyyB{_Dq!*^LA
zuo^dve-FXlcOsKY2n5*S{uZjp-gqlZ&toKA7xcT2eyqS9$k%Rt0UNF@{(Je-co&aW
z2{M|>_`ZK!)PS6T84(!~X^fq(#QwD`k^e|p)q#*tcyZ-t)dNw2{AHTz^duP2xQMSZ
zL973#_YFr+{?zZ%{TBM21K7zz&>3vCxLm31_bsWb_&tE2oe?7rZ~QryHTWPCs^$q_
z+OIc*s{5}|^q;7)3@D9tFV6MovEa(`i!-Dza5sf*C+kN-)B+m(JXey=Z=5}|SO?f0
zfo{v6`Dc^e!OF?f-JQr&YJCropfizSkj#0KRuBgK9JUNWbOkf+Z5QiiedAl!=2lN?
zrxu6K*a{0-+?4SsIg3Wz>OS~dekaQ(pfw*qeQ!T!0|HQB?bIC_tvdeE%ec>89^((B
z?UV{YL)87~)8GjG6xdkH>As;U(RpJ{7H4D0UJ#XWWny)>>?K^5{8tPjbLl$%hSHR9
zw5jSq9ZVPCV@i!Vnp9gR3||?5CzKl2|4+ZWs4!u`$GrGGO{v_A%z0Hx)z-WBoZw<J
z$KYzdMV-}gmsRu0zd$WmriHa%HuZDP#=$=q6k?R6XoSf>Pl$?(zO4!{2RFFe+tLS<
z8Sb+AXuo>CnpmTAKpExUUrdzp<M0h2XSO}~ZEy~o1r8wTw^HYD#F-x)lx2`K+ytid
z0oM;p__#Qc{k4mHf1GK_$l)?Jtoj6ZQ&K(0A=FNlj$is26J8ug5)QSmFpx|_YeCNg
zX09!RTZJ9s^tYn4wCo3Gm{b4%oPjv7FxhTB-j@Up)u|E2ckyNEJ8;JpyXI?C>zc~S
zOPVlP0<O|LTG}~LOn2GNnxtD#DMr<ffOOvxd}HRtaDEpCu=&3E=PhGWrL9kfmy<KK
zLQ0<Y4fdKY!NrW)CRCnbRBvH{p~9$e<@BaAZ^^V60Bt_acaFS>52SuEc^-Sq3^E=(
zo4s<-W46|Yvfz0;za0RDCg(iGK5i%`bkDPQYu0z%ZkJXdVw2WGcPJbDk$%xgPgs?m
zD)ZJO-c+g55|#UN<)#cM#YDhCU+N#Ilxgm%wPTNkcQ*Az2|h>eb2?X~)4xI9buu%o
znU72Q8A#SIb>ctTOS}+8PZoUiBe9g27tc-B)P)N)&kTroE^o6Vo$0{^h(9sak~o?D
zkb)&38u&kBc*KRzskuQ%=8r`zQ*F!1S;>`sPC5sf-R;;nO;kK0jxII1563=4f0C#E
z*LEGw@$<4#SCfcIp}$ax%K-d_5K%cKrP7CP65rue)D9Krq4d6XC9P{a<th5KY}ajD
zyCd02-3Qw{a~=Uua?|ag?c8|M^_?cT!&4UUdvzv$B%X34*K}^=zf|cf-4J35CNojd
zM|}cTbyF_Ux|oYHrIr|IM7Vx@|MVYthtpCqoZub^CaXrzd=56vQH4k=R0RmP!Ygcv
zaioMX-QRcQiwc`l*k8)L%2HB~L+gZy^}>pETtG?hPhS?gsq;kgw|fKEd;TdG=j>^*
z`&e20dJkV<fQbpB)B{)G6BCytJ`T#DY%{)x{@$hg8l0Bq;+hwI@zTObGCxVU8fZJY
z?0#?8rK%sPQPziQL@6kM;be)AAB_!|AhOm5!)-+!kZ=hIhg8^$Io5N!Fbp2lCfqc4
z*1?K(1)pcJ$T{mPQ%?1mTW|AVUzBVd=EqaDDmr1cwJP)<2B@Uy&&V)dpJlN-W9qJ2
zo4-7G`h$~yyXlcMAc}0jqWcztTY8J{$b%V$`L*byk3jcvI$&b8RY>MW12ftY8s2|d
zVJ%v+e*we$f~FykH?Y?RhG1sIdLSh?B4)?(;Ut;9!{SzHQ5NvV=Ln?PWM!9*emHua
zng?lw&wPRObnoRlT>8eM1vz-=nD$<jd7S^7ztN@GF6#abGrRq(US-xY2c(o)-w#pM
z7qTU!$X?iqZ3zq$Ql_q`CT(KYYKKN$raw$51M)v-P|_w2eI$5^njX6<Iq(OMb`^hs
zH@=t-(!+wHL-5nCnJvstouy{TCjP?gxJ=s!9{r}2AvmC#c8YV(#%I?fPnE}kc|yEK
zK=n!lzvv{tDu4y2XW7ET1%q25Hi1PY%Gc5h0%8ym33;3IZL*!4D4`wDDDH*UuP(FV
zlNi$8AXhF$f2;dQs7)f~xmi<D(ZmAiJ0ww3D(jg!0jJ~ZX=gY9jC-=NQE&11yVlp&
zwdjMZ5Z2(&0-(BVB-S62|D+)|=^#%2rZ+|;rITxyt{k^M-*7Fl-s1RWjyAd$ZJz4w
zcR%3@^g!6P7(*7g<rY_2Xo|OH&FvRXXT%3om#iSO16Z@_SM5?s%No+W=hTJ@gg`+v
z^89!c-#^<s5=Y#>W1hH!?4K8LOy<?05#lbn1~pZBoO9Ty9&@}hqL^904cXCBI`6S4
zg~9tTJ1cjd(POq@3SAsZL_7g5bkGfOA#NeS2VzmU#D3pQpF2GwX7V2yC~!WLtL-C+
zH?EG0ONbcz(bM{aX%ES%+Lb;o@7CAo61pOeK%SgZL_Da*vwM&Zox^cqqfqkY`OHI|
zc$LZh()VF0Hg`aHan8sf{}bG#ybPM0F4j`vdH$kGRLfBTE|`QQMyf&A%3rP!TngLb
zL}(O3>ERwu1Aga`bFImiu_$!{!o|S7fc!&9A@dv@*K#{YU;19j_06f$;e8$zANch2
zbS^9spxL{rtE39{+<_>x27Jj2ur6}`15hzMN)r`X1bTkfTJYy>lpum9da^$NC}#Rk
zVKsfn?$@2?PcETPSVkfC1{>E^RINS{{TyM6s^Jo~^T$?fp#KMd4a9alQRDWT>}_17
zl7Kfnlanz0qP=)Qg8(&n0bTnLQ29iLM1~6A@6L@gDznNeJJryFOphIFM}+zTdx&1B
zJiuVLq=8mP=_KsLnZ1%ttx}>8bgZ44p2H9G&u1dDHV-BId(6;wjET0vR>Xc9ITz0^
zGg-)>)@iV7Gij?er7hqRK)91V?5=9Ti$>x2WK>k$#a7G;FR3FXZ=li)m32Yg4xrHe
zr+j<{9<4T7DiOwt=-(5E_kAG(SN3%@t6uYsTwCZ9kyQzEy1(lyzsfWlD;0HqStYf_
zE(~S)Q{2-UMakz(3DL@2;WVsUy}%#;I1CMO!<cDS=LMY)VWvd5K|w-XtEUO)?}hDJ
zpeIPc&D0sg;r?536Uup#m6DR$P<m9@j%CA<*Zks$J9CNP+3#`-DgOXB-B*vI(BLsj
zNc2ZkYL3w_|3V3f?TXZW>BEg<@DpSV4ju=obP2HtYR>2h$e4z^THKV7ye|g+q!*dO
zu>`3YK<?r4mhF`j$NTq$mBeYIPq=yh=c8-z_2W@d+Ob-TFhWd7x^)#BVyjoWPA}H?
z3-U)xN{RFlby)D>CALd>hr)yZ^03-r!|B0D<1GTY8Kc3B$iZuFQ|{j{&xdc8Av)oF
z-^Lz{K*8^n5j{;P`fY;++MA;|1rQU=XXxXBqI|~shEIibg8annz||xbZ-nF3f$mwz
z?4APs023E@MmMY9xNNNE(=mixu*-DTRMCUaf+?R9qKi!mNS<YDOs+$Tmf-zoavPMh
zvZD`s$T~sdfMk75_!}X40K)D)clTR=5jb5{O4;7G11CU7XXvz|yuim>?aJI@PS@v=
zMC3KvDqu^UUVHJB_mOMHkH`KE^h2q_0T=ZhSqm5cJ$CC$Np0KBrfWEC)7xhKdXE`@
zy$u%s(-*ns^3!>16oyh2bKhyV61wkF@{@>&%kyywS+dpvKTD<uq`z|q?iAVq?l}J0
zo?^q1vtuEB5-5}o*q(|c@B1izP+KS+8sJk}7qu$a_x?m_rn7Lr7*8k^W_#J<?q=7i
zs)2+*F@PJcDBqKi5Tjl>a9E{U$!bq)^(p3UyBi0Wo|iZp`vNWwHgTFZ@P+9?rPTWd
zpL`TonEG0cX4hj=BYh=5UP(D+E4FvxFI9R(YA5)u{g%mk%EmpGJ5sbn`Zr7vVEaSM
z%@tekzWd(UG~vEd<&;&BW~)CvnGb-QEJOgpo`z0BD!yqTcJIARclZpooKgsbA4btz
zYGq+2$7Tj>KYShD8w(OYkHaJhrQ#qWimNhV1z^3=_<=OQdM#n(I*+Z|cr1T=bC?Y4
zk_)GQ*{HdGa^=NLg*c7iF_+ofrW1;oKMg3M-P*!nxo7Oewd>w?HF9dAjaAHd?S!P;
zQwy=t4eT7$Er5mX<N`6dD3QDjb=ZjcO@zr_AjI8#x_|uT#s27}?18v9X1%JJAubGV
z$y#5IE;><UO&8-GT?9@^7=CzhOVg}gaJ{39Mg&M(5n8aVdX=U(2b0s4O?&C(ibAh9
z>TP=R;+PS#NVnRR=KAbfm%mwhA7~ImU1iqaPu7U|>Jg+R+#dR!SYF{27~j)W#o59Z
zJF=28b)p<D#Yol_pUglME}Mv!(E48iBNn0bkIWqeiIF<fmz56rvcOU|{kR54VA_=E
zbnD*WU7a7v#SqdwsxRrMyoe0GRy1^I&sU$M`0XYDo;3cksz9U<$j4xWiz_+Uz;2$D
zxI8yM)LMc?i%WJADdr8%J8bgz6_j-4xIf|X_!cn|STRW%k)T1Eqnl$7AH4Qy-5uKy
zqnl*<dzJQ&kuREjD9E-}vve)4r$=>G^A&o`Z8uX$rhl7EJN<ynep_x=-f`A^{LKw1
zcne(^K=F^8{gNBk^DpJJZpk`Y;JuRHY9B~-9Qf*eGI+GuF;0gSr4-~T$mpQT%ZW#p
z6s!NdMuiXumN2!ZH@8y+(x{Q570^PoUV?8V$7t#bFt4bG7ClhZ5~ObYXTFfIVnMY6
ztf|LeYgw@yMuJCAH{C_3Zy{(z^g0H!LNRp%NgXC4%uP4WMO8u=>@yc}sHe~<<<epO
zg!R!-m7V&CR8$RXq=Jm+DhbA;0Yl%zgPKJ~`J~kFVJ3(Jhf!YNid}`^K9)ulA@?8g
z6j|lp_fh^vd9i^M6LJwP;o^C=Usb5(>Lc|D=m7iEtJF|cQ!~-4HtegyqE|<pKEAEE
zxw%Q)?vGx6{Kq!_XMALYZ-mnv;PmvrfF`od!`mj8JX#n>SFP7Ze#h|fDnUWybfH`&
z*+rJn#$&%zrp^l!&HfnanwGqyIx<jwt6}O<y$leTRMCM}x)Pi9mx|8Wxw7-bN@1h!
zivBT|g9xE+CwCe>Z3z5wWKnAdIBOZMZ~x~7;PId=DA>C7q#8!E*)l(mcZZkYa4S`J
z_8FswLP!sTvwQH#wnvNebBZ|&ncjVyANomtFiQ7k!(?_~6;L}VKXx+@@@_(3dlb0A
zg*@Ju{u@;k<QeM$Wq;3h@pSzLE1d*J4I-jmTk;5YJ++|yPD)Ho6I<`zD3PB#?gz&I
zTr3nnS-$-9)U_;m)M{R(#+&CjG7`8Oh!@nP!{lROVX@b8-k$Mz)^e`*gB`zI!0V3R
zb32;L_H8oOx0YhX2OtLXd68p=n7RR0Bz}tTjP%}KoX$7qyeOBZjb~pQ@4$}gF;z9#
zAzq890BHo(PFhUgD`LmQF0uAS;OJUXRgD|TYEAh4QCHe~CR3#4M&Q8_Dtj7h<2Elk
zrr)^U;BYn+aA&PB(Wu9U<frKT38WTw&8bMfuHg3i2oX5~woRH<aLd3P7TEq#FD<*0
z_u$Z5aW4D<jG|xP`ICMsLsF%EkQIjx3q0|oz=<XWhcg5-hQsvYMPp%{_bNXfgIzFQ
z!I0sm{{YE;nOl&adjuyw9)|;YKD7em#?Iw-5`(_N(ABQBW_3XN@6Vt9sFyh`*W38i
z+bqxR2jl2nXfdSxCKC-g0o_bW&g;6&s-Zb908ue3LKrp1)J2v}zuD2h%H~E~CLral
zN5VM?3f{N*n(t4R+7mb8phmp?(8^`dWzC?Bk3Ri(f&j7iTvPfbCYf8sv4km80<hq_
zFWm_6kGu1ma{@k)Bh?Qd2=B?SX``sfo|!hBqF&06`H<2W`2t=LJ7Dpe3i#%5h)S0?
zIdz#k^;1Nbeuc*$Ekaqf&$yP3UI?zyG;HW@<FX69fQsBBYX@sk!>r(?szB356Sw{s
zKWdiV_yT?9jwExtl(jcx>H}(lsWHpxoc2%G<8pTaVpq^(p_pU}v)Mp@bfXRvkYo35
z4yVIqQyA!UYK*0G^(x&=O-)l2Gr1j}*~a<*lCiN(J5<;KGO~{52Xxejj=}=la_Ctb
zz0#V@+>rx7?&ckdQr#ZH?+8<ah3cO(nf!*^^0=R45_s>|DVaS3m;5mRT`@$U%}X*?
ztAtj(Wk&!o(kgCKisKLk^3dS{LjayWm`nfwb|#cQjJCPhjmw_z3RHKdO~)ojl%K3;
zg`#HxM?YAdwEK4LWupg8kour+_nk>Ok)Rz))VMA?vt1?9@v}(VP3H)uK-u9dAD=5d
zfO?N33jC$$2M32X!`I)l{ey!~zd%N-%f4-N?Vu3<yOAW$&27&fEz|hh&MKnfc|rP#
zDV6?cFrH%Zuj%M;Hiy;RPGe(Zh+dl~QPXMtGN<6vLB7|L2@B9~Z2ibGS+I#;rp-#;
zAJ33v{Az;~P*QbaQguVO2bpB{$AYLx;xf&<K3em@v_+`LHorB`>j%ix?b2**Mp*Ej
z+ZFli%aqO`?jB3hd+eAuDH)DtaPGY&XWB}P!daX+-EV9O-@kdtCkKCp1rN)N+>J&D
zSk2n)?@MejNwtV>@Cm)kfg5r*a{?P?r9YzrF@b^woDLh?9ihbMe$`vjTNtF}Qs0m4
z@9dH>%NYAM%$v^mmdtnhTh6xL21q2!X6xO(wZoz#jZV}wSnqz9ed1Qu8gAY)l!=I3
zto7t@;V|^m*4HO#F&RmDVbreQ5xQS-%HG-8`R`5fIjJ6)izX2gjIt^KNEGY`9F51G
zqH%nZ@{BGgzO!y+5pC8yNI^k)fj{$1A1)+O;c<hmE*_Q|JCl&JCS;X#OK@<eIeUCB
zG(FG&y0TEkJmtH`*$9PRRKwL~7}-yj6Xs!G`VD19Ix`dI%pnhceFgSG`#}u2jp^J)
z;>BuH4_QSTo2+TkQ2X{&_-$&q-W&w*EMxwWVsz=5^9u^AStx(AmFI24^m*piMP>tm
zA=Tv$DAhAR+&&QWo_e3IY@EUk*<a^Rd9FyBl`sD;4Z1}zSX~)34U0Cf)p|lA{`VL3
zgi-pF=>9n?J8QJgZEXnngb$pW?x!%CMJ&46E(Q#o_8;F`(trM(fXxK7aW}hz^YilZ
zG8Y#Y2Pzx4B5cM5pHKP=3Me%~+rR*>3CPX-`IEz+x9in@qrU2dhhvP#mby(>IT0a=
zvrSaclXD0pKJ*$pBXLkxyu<<B8RhksxTDSKl5>tfHo+^%1i*^5i6n+juPa);1_GNT
zuzWf&*|ATCTU!LtpH?&33zgaI^W<Flj>V1*i}SuU(`9iJw)*VzJ}%W_o_XsuPrE<|
z^nRt!gD5`>z^Xv916ZlfqT5m*gWb+II&jcF3i(p^55&v1mPh51iXh$N-CI9aV99MS
z;ia&!_7b<#!?B+E3KJczzBXiwtX49(nS$JowxU3vhHdj9IO4_0#F6t231`$>Pl&^P
zeyoayYERK@866#ysjdSnjf^aqJ#UsW3<~kd-I7(Mi`Qx0d{N)P!2Ipu^!^2qg17`9
zHUgjd9&BhaQwc5We{sLx;8BC`%)mVsucMW67kX{l#rCMO6(Fc-6s}7haG@)@K+#~2
z?e(^Pr);#LG%>}%A`)H6zU@8z9y^_&aC<>FgV+S`W)=PK&Q84L27>#7ir9+CyiSb3
zD17`#Ld5Yi0O^XSzh()h7_EkG;j<{Hdtnic<Yryu<cMYSpKDT-J)^ufJJq^Hf15^&
zaFXeQch6~;c5M|Gt7&n#e16sFWvSyZf_46WpF7<H(UIg@s~kcd5>)uMpS5W>b{Uvp
zs8)k|RHn_Z1K=6oqi@8ZO(;V{K8Ni{>RuX37T;mae#M{Q!iQafz;WWL)RPzW5%}cd
z;&MsAWqZ=$u-*Tr$bT6`Lq)YabFtauCiJ+IcpQREq%|FX{x!D|^FzxM6w|Uf=jeTJ
zZ7(ufDT_26l(_(m-}#j~56=x;dzjyS+79_<k{Ak#%%Pub%A`hys5rYszRkj^V7Gm}
znrbLL2H~j%YZ#535qJZF68ngt*k2F4Y}J9T?XPBG)SO*Wg_4ShtP(4>IGhat8?`=y
zmQSj!y3RZ==SDbDcR%Ke?+cCf(KhHKOtas9B+-zq1tv3p0@@?|+}dc>lM~>EdVJo#
zzA!(1y;YuKr6(-q8Et^_G<Hr(jV{;A)3@4>u=1iG92?ml5_*gG4TNd%w#OlD@p7wa
zaoc}tIqTkatTx*2XX`s@>3Bh}90(lPo=iziEyl#cDg-{drYyLGtIaO-8T=ks_50ag
zwyM_F);LGxzm%MjK8h6x9YP)I|M7GcKygLO5_k9D9^4Y#-8Hy7!QI{6ArRaX+}&M+
zySuwP|MLESziJO#1uX2Inmg0e-E$A#GO>W>H$|Axi|mVphpiKNN$B)Q&}b|%nGn=O
zdjfuurMBNyhXiOlQR+(HCc%r!rJ1dDB6#zm=h4NBITb@rT#=>IlI6sKwDn(Q=08|3
zuVq0(8+<^(l8h<>e&XOGd^Nn7`sBbB4b&k^sS4}?GU8W_w~{uW6KTO7Kujsz;=n+6
zBpnoU+U+#vK1>cBeDB8w4QC5jM|oPj?>k8jxULu7emu8o{$?#>Mc26M$@uWP@saru
za2+F3x$y1ht^`yx{;+o}ub8X~CZ1{;#}2>4b<-;YCq7bdhxbd%#Y$u4OKD}tvr6Ky
z@<OFvXW+w{>qf}Y%pW3~Ej9ogV}4RyAAOKA`X{{@ZdtZ55KhKCE}Pq^#Qw&+fIp>Y
z!Ds9U(~(2xmh1nW#eGLAH^sa<lFCj9`+Xv)R8ZhHDe$Fg!WxEzcY(ki+2l<i7BLqa
zzo>e<xEv&%B`Rk`ogWy9lpmD+s3OJ8h4xZ)EeqbI8#>4Iin-tuzXt?5DJe~kYq$bk
z)2BhDw(OZddsnQ5xma@e2?y9E@A)lY^Z&5f?|(sH<;+=7<FG|#w_U?gA01)q`(?&L
zL<UPPX!jOaR)B6^c6gUDG87p<Ij~jgM6OvtPR`EHr_GmZvHt`@B9PGgR?*eM!eZ~Q
zV!jLS+wIKB%iYOB#AQC<GK~0~z@ADQ7T$#O5FTwFJd0U4v2BM{X!zK+fyT!~1js1K
zM#GiP<a{76Gq}f61^OQ@syn<O_H5ZHnA9n(*_Hw99UiyGYziS^V`}TuF<P7M<Hkl`
z*-hz#DBprju&W+d<6r$@u%>-~M?6Q*DJ-%c32OC|gUF+!*!LxEKfhT%gl6qL;yn_q
z8hZ1~=!32#m<9gT>!zOSO<CV=Pt#b(PC4l&9VNX+mkNxe#%)h?NxA*_?AIXLiuU{0
z=+el9l~U~Hb`SfT_J?gJjzv|ap66}Dc}BhQ_e}09kM^cDo3*Q*!5KavYt+f}JsAth
z$VBn7vp3$RSyn7v_o2&MMTUnf9%=rcDga~>=2-Yc!XF!;_1?IM1;#IG<leC<V7$=X
zWSxVx$3IRH>wkX7MY>pw*zxooNKaUs%5S~3<22|WRCwh#_dmXqN~!fv35U_<6pz7k
zbl#;}+ji~wqif=nf;EK5YNxMt^M;4rtJb+xtyq!MbER6K4=Kh8$op+G7y9eB-Wfck
zVD!o~iXIjC{BMJo7uk=zd;(Y$HqRAdv5tj#2w3A-B)dk31&*D%95DoO7^R4jdk3pv
z9_?A-KtMeBK1mxI8ZP_tV3R09feR1Dm>e!v^IYx_{ZP@69FD*QBE_^f0yBfl9StP?
zA6C2P!+BP#>&5xg^(f;;TwI*OOsDThATm&bp3`kRn)lWR0E+1|Om5_5+RDT{cyl3#
zhVu;%G0j5KJIK&$?kRZ}7<mv<&iVB#7b4e|bC&m9Ab=t0gAZ#4e5<=|bk(?Le><?g
zli&o=e~o{Pd+(41yMKNF-T4+Ulhe*9usm?SM!t5$1!tW)-(22p6U^^RWb>4TksK;j
z&*h!h%*5RH7};Oz+3WfaGy3th6MhZ4E63jKgU>68&TmeytD7=l0)?#HeFfYy^RcZg
z9bR0^;JSP&Zl;}EzVnsE`}x5(n_0U@Jt49A`1#~>fi8AB9{gU8FF#q>sagR-B<=Xv
z;-*BUG^9+k-eL&&@P~5p^8B1Gr;C{rJU23u6Ir}?T%YAQ6N(ic$fe(L!=kaTrkv`>
zPm+iG8dR=5PT<^JR1dRWtVwv0seT=BdXo{BDAaM+`XHvKG`v4X<j3jZcx-HCDyR^)
z(K8bO;~@Li@t%nOD};d>j1aaP%@szF5(P;mMI2|BTY71>8=b6mAX7id!IZJ|&rqy`
zY~O`iG@c}e1MrAAU#i(n&Jom^xNkc^jh5$KR!@?VbWiq2HpJ9MA@>HFIBa}3LC>Gh
zT_@f;BCw8@Dv5Ys?sgiW3A=1+tDV<czMc6XpRXhOt(?s#CnuYDU3No%Ap*XV=TH4S
zTW|L~x?9le+!N=2o?-)7rf!TBhU1yaCZ;~hFc5QGP>tILKugB);Qe5I+!OCk3~pe#
z!WtgE_aOP>`l6#|Z(!F-uH;gqOltha-C8=iIgak-@)S6AZW!h_UivSH&U<&opc~^a
z4$TEFXB)>Gsz2OacFb*i++E#x^h@C@@LnG0HmhF%uM1(lEGfah^6y*AI;9zAtAx5q
zULxwyudyN6M8piY2SO^%ZZ2i%j8hp{lNR*|_?!vZZLcih)YJzq^8K9X1n9kCu;@6<
z24KkG$$NWd8B6SC>Vg2m0#Pql-H9RK_PAKA&VR7=eOXDT!;-$s5e&TNzaAnx`6HV?
ze~qk}+Y|=C3VVY~S&lR@f%SKt8>0uSq}Tn?3i$PPz~Tv+uYb&2bDdreA(4`krwnma
zfp%2|<5WHWQ@;<RY5#qEk7X?>aAmXhBje5ep6NF(px#m=t+PE_NSt6jdE{3jW%Vs&
z@x3tDe@z2P6llb|w*t&0`lAk#lC3A^I6Q*)MC)IkarXzpT>#@H4X%x^OcpW@nYHVL
zS^4M{%$+f(H;J#vN#&kHPYNx?a<!RJ>H9iGQNiU}_FL5GAF)d+MQyu;ndwxAn}0IR
zPo{0UjGm3w+&jEA*1b^La$f-^$?^Hte6+@7G=x#B!Kw-9c1?h8H<pOsXV7tiw~_DL
zx7t0s6rrhLz+ODXHvXDuwUymgxj3_TYfH;ddVZLj%3j(GVotm98XToI$L}O}s#+|2
z86G3?j-_jB!~k%-_ZQtbzFPxJn#U!Z(b$>?j#HXQUa+j71Z%fYO~>Oy2aCt)o`Mj%
z`D8E{kd9{GZOdC7+hI^*zb;NPqGW$-79;DNfz00=;qIeDXOJmhC}ujd$<HgCY-g>w
z0Y?98+YA&-5h(HzpeowVxjG(hvW=Lu1$<HaIdi9e9)7bU_J%^*wcL2dV*8|n<|SG;
zwhd$O<0P_1_oj(B9mp;3PnR@m%_cf%*w`9!)hczxZJPIf{oD9>f6zK0Emm+MnU#^T
zf4}m0{ZI%0LF-}*<2#;0yS!1E!<q=%AKZI_sTZL`LCS@67N=ZVyR|5o`o`V#@pQx7
z(@?$J?kMlf5@Oz0RV+!P*8O*~Sj|}_VY$gUIIN{;V<9HO4}YDS+Ss4oE<FO-Z+d{#
zGFnWD862BIpe<NTCjMZ@)(@{^jhXa2XX#VJ7~y3-QK*af!>6?cyL;LFntKuqH#%fh
zx83czFy(NmQV$QR?C_^yl$e-&THm2$A_x^D?ad#{a!pa4`nnR^pFhI@AYl0pK!TfW
z-*<OgL&NQ(T;b63xA%w6&UYa5Uu@z_1?Qdp2Nr#weIlcvjP&&+2i?Atvbocd&)le{
zX5hgr+?MFHR<XmIbu<~orCM9zD|W^#oR+HZ5aS^;lvNV8ZwT(Q!7kH7@#*9nxoAf#
z`KE1^T31uk-dzbD{lH(zMNQ44l_FgL49vtb(x5qms!s9}77J3p|Gld?>j;L6hHAM>
z#-Jwx3>MFc?=TYLY{^4s2d<n%99Uv<$=mM==6bq}r%S|nMk^!xc{C8!S64D0_l?av
zxuMJMn-SwenyOf88$R5hOE)%DN2{@>Lox1jwGOs%C3@jxE`!UN#(XMIG#`sz^E(X<
z&B*WMWasS&+KR>dRmTZy2`MSA(PX^fyq!-&{d+NTs__6MTpZfRO?YEZqizuJ;QUCk
z=3Wr%uo0$zy-&B>4s!yz-ixB;V$`b$V)yytG1p2@=Y@CvG~Ars=}QZYPFMt`T_1IB
zt!E28)c!PS@vetSEh=yhq_x2gwJw*VEX2bWo{HKu+<9aIE1)EH$c+t{wYq{>Y5|Km
zwRw9K@L{AkH*+0tX7a_Nb2~X5A3i<z<vSNEMjxj2Gf;!NIQa<-X%#Ps%7lEo;c?bp
zrmIZfX!F#7snetv9*o*5PSNd2NSf`~QE{>WRAu0RgWQcclGVG+i%A8w!2y-h@wyj!
zZn}8kKQmvP4<~ao7W9014}kQajf;(~w(&<kyLaY~{Kn&?FmgS<(hn*w&`*m%s6=p<
zKW&>oI<1~fqZn;Gk}!hTj>eI*uTx{eu8842qscbpW%|qJQX@Hq=oDwQmZ*M1<0FXV
z5-mR+(t?@r9y8!f&26Q7`db;|%LmK<%ue3m(4$*Z_0%A^Q_#f4gsG5^$_%Knx@{Ys
zycwP@`o~Etkd-{kEmuK3YcciI@#=R=O9YiOk<>Y{Kn0wT-tme<5h8EGS5oM-$#Sc%
z%gf>6q>sM%xK4>`-p1!Pqh{bT+}ZiU?#{A9DG!x%db#z@(0Hdr<@>Cph2z^tt?Rix
z>xM7BZ>ID^>A3^#nz9IW0Y<Tm6brz3G}Ap8q*{-Su~~I4ncCp7HN>wdL{Q}>{0+;C
z3?p5uJh*<@$)716Kgu|EYI)=#iX{Z@-{;l2G4Y#hW8vV&r&E`L!s6=cYW{Pb%$M&R
z9Ut#6t*rd1&~4}X)HGNYO^Xzakuiyre*IDZNujRu6S|-->~&$Rg3>9v8=~zGC^UQG
zf@5uvMRD*us(g#2#c63V6?nrx5SP&Us5Q#MCu7P)nb2Q;6JHDIJ8la25AG>8S1ap<
zpZgS5V1wRZqqG>->h(<K-<PIAQ(JVsh!V1xC+7kn#_mpqRbNh&bd|WF^EfN){B~av
zH55|6dVH0@hm$f!?J2Vz{Z~ve>><M!dbOp*p5z%z5LuYc<}ZskLXF0BzD_Xkqo~Vv
z1jDXbo2SiFEspn^iUib)5SfQC_IG-EDK;8f9<W#>6cwv$03~NBD=SM9=;+)26c<a5
z)>B!7(Fjoe6Nv~V-kRI97*%HYGoV^uDtdOs>$%{SeWl>^?O?9+gou`ww2&}yULp%!
z^j%_k%7S4VKm1rp5$d%bT%u*J>10qFDnyo?#5G}PqWrD)KzaDw@*7(`8tYfvsmjsm
z=8>kaIR!MWC*fpYe_Z201%?5h%dYWyYpyg_5lIsJs)%M08C3EveI|WF^Ke<u`<(RO
z8j<p`)653d>W62CVe2t5sm)%T5%6#**q9VmFaO*HYl3KKX)&|;yqAqOI=p%B&sGld
zb8{7qO-z!Ry`OKJet$D#+a#0Ct)o-+Q_v*bLTNZgE2~LJGcxJlEq(45Zkp%YA=x~n
zcx&&80Y_I=8Z2!Xx=|iB63JcpeM)@j0`=WVVj}3TZggY9$%&#a-04T1xnbBKMf7aK
zbgeX;#f35xj$cgf?ujc4NJtdwhlgWkDOWm}i%mhXuAW?L5Mns%PL_z%B69ig?N7$b
zr@m%-%AnH$sjc;*qFn!@(O+A=OSOAUf+H^>Ex)i<#bSb1hT=i|%*@TfN;f<kZS&ir
zPH(X=G0po12JT~`qtDtM_M|GZvexmwe*KdKh;jpqOG}vb`<^*%dJ3RI@rc_V0yLxk
z(2bTps=g_@I+VAb=l7!1btj!LIGlJ2Q^fVJoWBdm3z>J@A+{^PVzTOEq2FS85Sn9h
zw+rgy8otN$L&;c4^2gr!J(GAM5ef{UZeCX}4;D&94Rm^@HKPA$tdqikbjD|S@=DkT
zJYMSiB^KZ5@hhpp`i6pFVmfRPS9%%%1z6J1`)-x{OPrG(G;$Yk>-K{g?R8`HDOArd
zRBrV49Etq_`H}E^Pxo3sU5?2^VMmaWLIVdcMtmN<_<%>9v-8y4EJoBX1m6M)QT87{
zoW8M&c13;JR8}FOW{}f=NPpf01%40E3Qp!q)u0Y0ve`L&-`gS+5|l(A&e!xlku+?!
z&$D?zO-&8{@ptMA+Rp&^1>I<I{QgDe`VtbwQr9429Zb9t+{~APb}Umi3?$xo#^OZA
zMLuY>t>?XrQJ_X?_%7BL+RIs!@0>qrIrX7@t&t2ad&#esF^7&4IzP<--Cqmaf<Gw*
zBVi(qV|2BLhnPg@)^eIOI1*J^Gzo=5B!STnMjz8T;VxJEO^-FF6_bfvz^hpGcT!|x
z$eN{yxKaAGRzP^Ezget=UTC=NC}m<JgbHRsF3)p<vFDEKA>J2*y#{MLC&$EI2(8fT
z1hmuFU3BAi_~}wH9clP^@0Xr|b;9}k`$H2mXja5%)ier7kVQDSLvB0bXC(YE&QjG}
zV#e4cOHq+cIb-tm-M9@)OiWBEYHI4D&-L-L@$vfo`}YWdp_)GUmyXSCv)Xh}{>ny0
zfB<9!dg;}<v<vR^SspLDzVBq%`>3v^7PuC>_#9~Jt=W%9w%MY%{Ge#_13MAxM{dc2
zgv!Mr@%)qx#*nYpa<X08YeDCPYzh6)0@t)H8mRuXGWL8L&e)=IMaIw!4Wvt~lk89|
zMDdum2G<mo9>PDc^;!BiA_pl<G@a9H(MiKS=T{j;eEH_^)CJj5&<H}T1)N}v=CZx&
z*;x{YZN$AesMiwx@)FR*Vu)h<vwh$wTa8|4Ms^&oIH+O6nVH>Qo>?Q{;1tvq{PJGC
zF!m4fi7S2dl<WmT4J-7-$L>x*!s@M%zkO3*S?L9K(Hoy&s=rTU{33`n>Q@X>$kVf7
zY9%8G@!OS=;Dv;c3<Ax_X!pU*m*C*wv__k?npWqNUu!+V@Xb(AP?edPnThOHizt>h
zHVjXUkipX+1Urr7h1S=UtqmWY!NUI@rg@CPSmiYGQrm-HQ_4Z;RuJjz%FJyhq)6tA
zk{SXN;83G%Ye4C}m5`h(<!W4wGBQQ(RFt6?!}D?{&;*3u#26v!?kxAOPq+;8H4*<L
zgy9>oH?}Zohy=}Ai=>349Cd|X_(QIoTwwfMI7(DdBH^a=UJLt~5P~i5KjS&f$&io7
z-x(t(35x1J)oolY1cm?w&RbqyeH2PGSt!m;M~yD1VnPuhpCw{tOn$!B61**hD)>9v
zZ(@gpmjd#Ln!4$cof-LPwHz;Fb#-%hKg4HzTtO8zF;^%ap7Pf(rs}%BCQe5M4MqQ;
zMRotRi<w<x5RjBn6B9Etyeux~k;~cQALk<@BYTvTloR5ygx<Em;Q^ATNTe;)*MUBU
zRR8jy-LK3^sk5&$ght9D;QiL5{o!&&(coXwE()DnP;FGPeK=TIigjix%H`8EN@xCL
zQ?ls-K5tO=@dQi@Gd+QF|4<F78GYK3iu=y<lDe9bM<xz|SK$^PHKlvABZU`^K+vY=
z1uS9^>K6+MKM=oajTs0Skb(hlSD}-1##!sxePvJ^qr#6?413%rJHHII#}K$U3pbu=
z1wwCFHynBu;pUbiN>h40q>rPS{+KNw7m=}I{+7=oz8OY0HZu))Vek|cR7B<Vyc1&N
z=2l-^7AlVB@%uwgVK8_+HzZ-5XAqQR%<maeI~cQdT5Y7DtQ62*`%Sy8jcKSCJo9$>
zH;Ev$u%aaFn~wJ6MnB}^F8c1?K3v~WCLVj-N62kca!LyA*RNmGDS&mh+WbvGTDmmH
z^<v#T5}Ppwz%=oBB(c{W!jLecY)M-mv_Jmq1;7MO^%4x&_fSuq>ur&(?J>cj5#lBm
z9t4*^Pvo*!T)+&D4%4s6MGt})^433W8fXvITL4{nr`XWrgR<hBdZ!cI_<G!;YcAzx
zH+3QP&Qm)2jFBv9<R<Kmoj1~40ITE#|5uN29>-AV7#;<Ypr*CQ6PtKw59EPNg4$46
z`4{-dDQRK&T-$KP8P5aX^)u)2X_KP{O{5W4B;;3DSFak!ud}S8jB>jjUg4>h3n<=a
zxZ5_X0vg4;G?<i;km&I6x5q2k4M<3KclRMB9w)EOUbUvOk&&@2%BsqnE^Zt)p`n4@
z#yv%P{2ZPhJ^eH2I<ox`4obTrF&%tuU|^e=C?I^<v44h#!=l3kfbdQ@U;PYrpn#C^
z^XqZ5uuSs-E9;-BV^ma>gO0W~q0M^RlUxde&WP5Fx56?ZP&<sJRUkFG%Om4qubwN#
zG@{FxZl3yL9FHEl?tT<VYIAT4Xd{OeTfZ6gP#+>vXho8;)ron5?DATrgIaOTUzTtc
zI{&3AwLK{<T)E^#fEr$G@_{=%Kzd||^NLBR2@6z83jciv*`fh9K`2c~8&M}hy2%>!
z%!d=@TBsw`bFwVCO;bo^kp-gLNemCpICIjen)L7v8#m%Wx||m{{9#1R#Kbm`X4@gy
z=?^a2@qYZ|nDKGKD5BR&Nu_3vz{7wopO|>{o%0K}Tt-){R)c<OHj&p?*#MJlz63^M
zG9b5I9lM|0f4OnzA@A=8iY(Gg=MxkV$~}2^CkFg(cBSKyLi$WNOtlRmzw22k8PxqE
zYFJhyW3ay0n(?`Vfo$4woR*c9jenKPIP}`?gGGjf45m?2TX+!^6vWniqE}c(0d{dW
zaIkNg|68hG9vt=5h`X4N3z4{$10xam`<kq36Q_!CVdFVm{a;OAYj33@rAu51X;R4v
zgreQ%WK8hRigMrAEo-G3w5p`<1=Cpx4ZWF62?z{P-!;&D;Qf$IBV0$&irO%StOvlC
z9x=OY@zPAQM-R|jH`kpB+v@Ht;Nw>5u3b&0)0T_iP5Q~pzFj-LiTV27%1T;BuA&aP
zNl2BQ>wMi-0h1aT!C^H=!}7V73`E@XeY=K_dAmiY88K<>($ZB8iS+%51{NZ`mR8hn
zX7F{R!I9JFZ3QLO5H$giaYAlN_o^f+8tU#mSKGzK6=5wkY&xt+uj(azmf!l-OH>S0
zT{GgbarcL)EJ{BVRWxqgz0)$H>c5$h>JK2$t=CDK-sBBIQD9;s*trgZxVnNELszwE
z)3T8YP4X+Ns1(}W9nZak`~}H{$pH(Rz6MHw_N=IACU7#3sXSIX53z>~1Oq-qfDfAW
z3iZe_1~DlKNdiv>*1qI}LK+I}ZaB3DBA?JRxC;ZwcW1xqQNQ<I3cbW>ha{}<hMRha
zq;oI(Z8Fv@a?JzN_)KtntjTG%5mz=y)prDuOlTIu*)Vg4P_Lq76-nHu6@20s^S9}W
z9`?J+rG9(~Uxk;&HM^RfgF{3=d66F@Yas-?Q8HXUgmP0_q{>DC!=#}QI0#U59uETp
zyq=TITI}IFwmQuLfg9dmBY#IwP*B5i^FKj&@ez^ny;g}{K!U(8REo>Fu-WJ|PnVq_
zJUoN~_`9mA9#TtC@c70}o1tcUCLY*GxSN~Yk_seNXJ@DL^?{5vD$*%-mL3H?y*};M
zkc4e0pAQA9&&|@7@kEzaRxB->i^@Pe{IbAbvGTiYzXR>cF6XZd;cNS!NFN0y)E(N5
ze>If0xn=5Hpb2h2UM-t7x-wlqaJ~+L==}rfXw~K}&m`q{)7~6vc+L%!qVX#a>mW9F
z!-sx#1#!C)89~S0nk}qAbdyiyIah(YoGDq(6I9mgAto|RQb-A47g*Grp0Ip0J{oNJ
z3j7fR1XKd#e9LDOTmfM%JV&+4fxqGC6fu}Z6r;(DR%~U@_o5sA;06b~L40y@^e&7B
z7|BUhCKtM=Yb}@u@2}`y=FgeOOtxp5G8z1xk`HDz>W4O_A?K#1vRv8I9+z%BuQk?q
zpHa!A1zf*}#>PQyr&h3LKi0*85c(dQyE7EHF;zJfsJJ#~Kp?DtZ83F_wu}~<%g%Uw
z;F5%yxQ3#_EEGs@sv^6XDUony!78bU*y(d*cb0w9A+AVah_TdrfDW&r$Sc;aQ$Sma
z7V<;XWr<Xtef+%<Rk(1V3R?dFZnZ<%F^W3RYjP;)wOvx$;<+8_WuEcO;$oMFEN@3H
zRhhz;jtwu6ho{PAFou%dtJTeOXCm8IOxFf|Z9M3p*RZ=rp6Hf<1LX}0F~Iucz1&oG
z)Udkhw02?>U=r>xR>N1ewxYQ<ybB<H1W_s}>c*JKXOjZexl*qkEU_CTu^%jP7y@_%
z4hI2%@fHDbI3+$_y%r?G>dEZG2Y<O8PX&|pNp~Lr)ci~+@)v8ulUcmw9Nbb`!F;TW
zX|X<P`u(~IxtAM)#K-vNViyLo4n%!ts>&CncANroSo-9~6S&^tFk$hvmNBsWk8|Z8
zm162u-<1QDWbOHik!`~s?Gn`KV^r3SMVCBjsEc!lvIgzDd|xDEf~oLBSkFDQk?bBF
z4Lg^AY6|)1bcA6xdLEpvIDu}T!bfRL*Ez1>Vwx2EA){>a(MZFIYH{veCg3)%$<HzS
z8I~y?qkmUt?)IV?;U|T<h)ft|@3^1Sm`|oWS1=})fDVAO#pe~<Cf66X`?E#=LD=ap
zo?eXx;How&lqz4+sYaxv<A0|~(M4^%u>(8Cn9Xl{8xvI%0e2e}m1AZM5jdV{U|<PP
z%gvptp(U(X91o9`<Pr4oKy>eQ|0M$6LP!O%)pc+YlXmhX)4X@a^Pw+O&V3>mEQpkQ
z>=}&c0(9S&?Cvzd;k!&wMwv|(G*}Q}6zN19li<Zso-6i90SfW-sUJ^NMf-Dk1*DgI
z#O#4DFW!&@Wo2Y7IMfi*_!fQFFmKnrW5Ip)v=^K%xFq|qu&Ho`>G85(bNl1MNzVb`
zzhP7K5@=aV=%c#cWBb+ACK)gYc`iQBM=9sGhzL6Vs>Cm;gO-)(kNOSIRZfeXK0GYO
zb0NGm86qhunc4K&X-uOXS4Oc_>R(Rl?=MKYEkPT;kDv!ZQt}1eo~P<%>m39LUnV5y
zKO^vi+Z|0YH@68NBk0g_!Gbknf#Q8%cI@hY;O}ta7LOMPm+J`>xRDVI^xTy@&#tlA
zj=LCC)}KE+?jBq$**t<`7BmjEwcWO3F~;CYDaj<X^oSbf<{*A?KmLHkp|Ss<rBz>A
z>K++KYCk=lTpL4>QH8#UOh65<u3oIRz|`$<BjG42E`|Rnl%CpH!9!5=PREcU0IuXA
zLi2K7*)q#AH{lP60WT5l(ukYkUdR;iRSxi`@Sh!Y*tM-BZ7b7pKmYDKXL6l4>&-Xm
zSU=&Z^9C4GN(fJBU8`gud$s!A_K&T=A>1dPd%;l`O3IUZb80AQF8;!ZBd8VRn~v_Z
zZ*ZX$Gm5{px_#!PmfUraaCojmOsI6f%YK%<(0tAttXcG1z}UQ<P?E*g^ymu0^fU1t
zHd>(xb|<eSqZFYrV}VKx*L87ubb7GCaWU6uWOSydr(3Fn&8L*@SufYJXO|L^Jm6m6
z-Sr#Y@uw#P?K!xKf7*qmp{40Et<9|{hJ72)G;y$o3IxSwWNdPC&n@^16Hh|Y<Zw^7
zZMy*_A9T2F$HC#a3p0+-3Fdd}a@e^NOf@zkeqU?$7lURYo*f?vnp#p)LQ<;dsZ-)2
z35ax{AYs9v0TGVld`7b+b%CvMbhL<t6E+LY${izBQgZp59l3(YXOXHG6fPJJMd~Cs
z4;04*TGuo#BcR>VuYUt9#ivq|3~3o2;fvM=Y^nO#F{AiTlM3ZDG`idqs$wvPcUFGO
zV>Iy!BR%Omm!Z3B$(*edS6bl>M#?<nK7^ynD?Z2L!GY}FgTxzktAv{=lqcX6WDi{5
z-Vi;xu(GFDz9>o|WkJQ)$CE$D6O#Gp`ilavk&*n=T2WkIeGn2Qdl0-28YkM28A4w_
zB9Wj7`z0_zisy>avC6c*Vy`T>q^hfLrf>KTM#rJN)_8O4nwqe3yaSAYDFR+db*-7v
zY=NYLqP6Cesgx30fX@fP)Ivorab<(O;8$K=^@o$Mk2N*5mM*s8X(3QzUXLW7>)OH5
z{%l)Ro7WWyc}Mitv^{WeZ+q_Mpgil_G|HZdi9}eqppZ<|W~%BRxd5F6(DU=Enp#gr
zwFmf(j(#;-RbmDjsVeS%!`dxo6Sxrhbf{!ixbcEI+fQJ#>CjyNkWDlg&+@kdi{ABz
z89(u%@9qoj;4pZyov*kJ7PWk_RtN>dW_dx?zNfjBm~@b8COyINhS{U>W}j<;fd=lq
zZCQJ1&jIMmJUG;vgg$<u$>z=Q!BCBF?^b}>gJd!|$(1hR)xOEUhvYqDcH`IUWhhvX
zr88JgA(xlq>5U)P2d-m=q?>^se|2nzR3Y$r{d0H1XS6+cR7_=sn>lEWNz|>_wA<UN
zo=+-sSNlTUG`6?TqWybANNB!ebbpm6Wn)p=WdId$K=)beAQ-$q?@u+KVKN;+_<3|F
z;hdd%vT*hA{ub6rz21LucCru#hbXH2lM18;9XLxA_F$`**<zaf@Cz>6J0e_eer2rR
zmv1OcMo_?ILHs^XzuM{y|6sE*5IH6@j2-t4ff7AUQ&T}zrT-*_k>b}FW}A29q3iIy
zxX&x<vzXXt+jJ6!dbo4AxIcQ3CJnSc9UE1kYU7#U7i(Z3f!$ri{QOZF?8urPN=-6K
zRE7XlA_czH=`ths46a}Jb(0e^wJz-xW(ap;xa%m}g7Em5EoB7}bqzd$r07Vwi9uIe
zRigY#C_t1$vK^P6x2rp_tVb%)t|*-8;9e1QdRkcpEF~6X=U1c;FF&+I8_BzuDB!7g
zjsnp!y1pDY1@H7yGRuJgO;Gz|e9=v>lyJbA3^SeAC{jSVhS6EVuP@U305Vjusn1WU
z>cAqI6=q|$oiw+uy)+^nz9cLI1N)W)wsXE#eg1M`u-0fhI$jQ2g^97r=0FZGs(tAh
z_}WNtLYKpd0lGmg7}yw_hw}Vej~(82cJ}_IDcDe+9`opAKvvi~nAo{^djSBYV*Wut
zz$5K$3G=u=qWHeOes<}b?9MdLh!%Ol^(ZY+P&j-Z-$P;v5kZFjjf=gOYl$SScF-@Z
zAwwm?0u3vG`#(9QeKxkqsfEy@hK8Jpz}~IRy;`#&kA=X5<X<5NU%m{<$o2zoE`H&k
z_Y<0+@2h_f|GQs91;gk6IzEdA2$p&eZ7#4E*Ym#NK<Mr*JBUFm9i6RCH)aG`8BJTm
zBqZU%XFOqZEKN<#;KIVf`V^FA{F)vQUKpGQW+n^W-aYc@{vn7eXG+A@JiAL2Z=M@P
z?-Sje2FO2u>uy_MQuM#vqwo&2W#58{;6GG=PY{Bxm8H27NcHvwf#}YNu-k2PP<cEA
zbQ5pe&8|L^wh9Eb#upHxDCYj62=4kq?a4Owf@;QTuBb$kU3!1Nw0+}WCvxq2;saqn
zp6FLoLc^EA3jYlZ++<y0UFi@PM}N8}IJM4>Bw>3S#p{~9;_ZP*O8OYj+^(bqg@7>T
z@Y3#dz3of;%R?v-t#(e%{b!eU8C*^<&5U{xP0~AC4$VzIM`#s#EkT6)`|363=%>)5
z<5?P=j%IF<5M8vyARw14wD8C~J6ESiKaBa@13p0@Eq(b?J8^`R)S-b55>Q=%OxQIx
z00mT6@@3lEB`YUZR#CN?<suTG>tOHgxm=jwCwqGLu0A;EbPxQ9AsX}@j1|`TfgZ@q
zd$o1Cbhrd~v)AP<9f2S@ec8uTPMSN#aBZyaUhEP`y+4|X_?GYV{WFD4PEXSeV`1Yc
ztBQba27D09)-&XrxEf7R=Rv|Gs)+l+@II-ipkR}o_}5QJN|!z9rnR_k5un>w=oGb6
z=!xULbA!-5i?J=_g@p`)Cm8wr6U}mtW73oUmeHR#yW<z13oCp0l_MZRkt!WogG;?|
zJcQ8(YRH(#LQ9Q6h$BO3b$V89Kapjcf>6%}P$yN+c3lb4c&P4AEERffVT)lf@yJ^M
zEAWt?Z_m%w(tnT~pBACl`HtI}fr;usO%~PSQob<z@8Ih4xF6oQsEG9D=m(Fyw6KQ8
z7ohEGn$yEadivc9nlcy|QbdW02M~bubwTzI=Pb^ZhD<m(r$^!4Sy@eZn8BGR^CW6Q
zalmXPiI7}o&t48O!u@s6ZK1S*sWp8q=Wt-Ufx)9qZ-}P1h=)!K@#aqKl;=>KYQ~qs
zd?84fLc)^c<4IPQp4!>jXU2UV@Q#l#W0tXHAt}`~;P8~qdB|&uvCH8Cd@+23K}&uP
z2Tp;JwY2QQB~WU{@+aL4kR$4Rm27T<nr5Uz1Hz4BMgg>Zk*|?2z)-jsNZySp`JLbQ
zK_RD}h!FmpGfaliq>TQcIDR5(+>v@`=W4edF@&4D<X(uq$b^W99PQ$=I*h5UtuPoQ
zF()?;060_V34}1=ARt^{c1{0F-}BJ(3mdgCV9`HRXx`96yAOmm0u<bx#NX3PYBx__
zt1z(LKmkU$zwN67KEHt_?NguXuDuXgL#1|j*{xGIGb=rPlx`aixLC9WJ9l)_Jv1gU
zM!c8jF$Nq^GvWC8F|e`bi7pS3s@7w}Le23c5}kh-)JVi_H5?USfD;?)PnU#DL~<dI
zJ>^lpkZ~5dF!+7vB_0vNG~0%VY~UM)Mm=a#N%1T6`yk!6ary~g`~vOQma<Et{-cHR
z#|Sq<OFRp2@A>Y8kZ9oUfCzMAW^_x~2tqNf4Jg{kLYyeeAGF7lmFGd}$e{y04a7r|
zUWdqT9|0n@C7nw8xJ)@0uI(O+2d!}b@*EIXA|kqt7EFNfrRQsJ@QWy+S@rhXJl_dy
z`b%}H-mXb`bey1HqmFaD6F3}+)!jE;(|@s`%lw_qX4-x3-$!5wVs8z-mi}blNgYOI
z7XRRUmjF3DBqR+L^;RIK<0hX07{*TpvcllcJ_GBYT&5i{3mR;rt<j4(kw5Kh6y@fC
zMnd-{H_@Zr@5fn3$tp}gXJ|=62^U=Vum!fCj~Nk4)2ppp$VyU<k2h%xI8o0P!g(m`
zcRz=86=k)!K=X>FRjV<RCFQ%*PnYXI%)<rr*oPO~H<-^Q2?t)9(6$s)kohUMAAD(#
zTQ!q0W-pLS(v!;bkRHd(-H<*`u`)%k2UA#E@rlmLI)#ghBuAofg&%bNHUb7RXH=;f
zLC-_b{i$Ss!3X+R@OtRKRp?Zm(&sx2x`^#3etoog^WbUnRJ-0Z?NL<#4q2{FZPEvg
zYK?qs6-5OGUc!hPt<2|HZFJfrpj|Hv0XuE?aQU6@Lkb4w)`?1~9dH1we(|Vr_2(wF
znT-dP6k#NTV?-c)R`qy3aOmxcCXUy3S4O$FXUn&w<q|34!>>wctmdqntSVgat1VQ;
z36u{5b{AY#BY67Ek{0f)I`oAnps4G2RF=f-B1$EmtRZXRkAL?Ae|IhES-J>LC;kO7
z59{_J=heo2Q71#!-?iGjU0)u2@~V+mq!)m{IcDc*eVki=E0KQe6j;Tas)Y4@|8YK#
zP3)mlh)oP9MXo$~)_Z@TO@WY&%+o9`Rfa}7d;tOb_iwR5&+AiagK;=M<zmB=;gOPY
z7>#=}i4+YD4lqeIFp<7+?r9FPd0C<Jc}<$zGfPEA=9d3~cC@qvn$=z)&wo~6*0`!L
zijcNdZEa3ZtgpxfJtu0UG8DLy20naznfyexVBpLqSKFp~mDHCU_@_%Xkli2ev{gia
zkK69{I$$DCbdveluP{4_O_uu|JC@Xzl1?`YHWGWMR5a2~UU}Je3opUlehY=kG0_d0
zRzsf`#mz0<i_s#vzOmM6L2;(!NmseOQ$HgKOeFuuSvFz|Xr`<`w*1h<5prSc_)EmU
zt^pG@gnMw(fMfP=DH!uGD2mbJMToa|<bxpCND{8T1~Y*c2rUVr_LAzz5MWr~nafwb
z`ab8aA=fBMhE$-GiQ#-PG3uR`YKcTh+@wU-t6|xEANUh}i?<^IS*of);afL2HCzLr
zP<<peBv@`;0R$rpi{0BaMK=yT0YR#kR&SFyGF9<k0YH3^l9KuqCh}@no`75rurizz
z**hAVxGYLamzV3j)l2lU!4o@Mlb<0w10CaFbIf<$i~M+#qSsYiGF*GSw+r!MGOBN7
z!?4h-KsDzSwIPDhT(brIc*_oj!vaG$(g7OqF+6iVw}5`*Pt?h53qb4APgsLc^G$#x
z#qXkwiUu}H<*#vB83||}#XGCPEcYCLQK1%@K-x~6NHKCCs1tJ~BTG<v#>u_|NZw1J
z8_(u4zrc{<5#BJS$gCv1*5UZFP>l%TASmMuD6di1WYCz#uQ#&mpdX@X&j1OD6o>Iq
z$#ryOu(baVhsB`)h^_a-i|qjL?rs2u_w&CzkO3O={(~D1QEcedRp0tTH)sW!SXcij
ze27lV(5vosj#;JdqVE;yxrhky?bsKQ;NZEM7)ZZ>HlEdHdvI5q?{ObwW-hkNL1b!`
zBNU3fyStLFb<VU>k(MqG(f|H2yF59la}0F}gb0~K0i<{uMEbu0`R?wa@v*+II|I3S
zZEf#4o(ujex?Pu&UAwFao?PSxhTx}dA{Lj)${-K+UH!s&gUeE1$|&gQA~qs`K1o{%
z3}g~z$~BK<)=8H{FEsrjV7!QRA9BtK?YS&`8C0@Ga^$weJy{U#B3p8*mN@F~X|z9?
zq)%A2#=nEfk!t$|>qs8o>x$f0souSa3k3y*uBxeg)W?2o1?40I7Ziye*VSmeApobQ
zEiX?pGYQDkma;7zuHXQ4?k8N`-U}|^cD=ml4h)NoD7m|&LIk!-Kvo!BK2a2!>lzRh
z`UXfz*s%C*SD+m6@ceO@tE=Mrwc_#Uu;9T%kox^{g%wpbBk)K_V0ay&Ty58ro{&Py
z{!%g8+Fzl%?m%^Dv^J>b<Tdz%4$x_Z_z)60pz>oxkOM&Ld*t|9>rU+9Pmv7n(00HQ
zqqd-%I6)S@7jNcQEiIW}Zuo80TE^OcA|?^q{TufbSYJu!Au*TYUwGKKD5#PA0_QHY
zxkrXm4;4Acu(4uVB$Zjq2iLG;@g_nMmkFn6|CBF%h2gY4#)4>TqA)0;CWa%Es8sY|
z=eiV#dvmRBh~4@*o)cN>A8!v#jn(GW<^*pWA9nYP)gFVMsp-ALYXsn{tCNGnuvU=4
zSn0yjfP<gk>g53%I4a;%1$dNWA|Duta2`5dD#af7_ZvKRD!<#X`jV6k9F>G5tj!5F
z77gwA;k=#ft{c37&&{v5)g`yIm|F6IkQq$X`?;<ZS_M-@#VzIw_yn_2TuOT6<;T15
z;!>?!25}E&C8oV)w@%mXU~IK@KU@KSg$CdNQXBjm49~o{K~#pM<RgBBGbv9dN{MiF
z(~H8-|N8uN(ByD!{06#5(Ur~Z7f04L>)aJrjo2zDDI}T90S!q98St*=m;or*Rw9df
z?71p-iudJn5(Xr20(Bt8_25dXAI?%YZs|W>%rd!nF+E77WN1diqa7U&EkM;5*)MRd
zQTeiyR7Ih|B^3*HrNBxoEK=Ltm?`PwViOn2Flple)Ul#gIqy+5E+H!lux0POb|51(
zG=~SLQ2>X4vw6<Ys6@t>jZ6p}`G(MQl}d*-w!x|#3kWeFm!#j&W6w9lMcp|8kg7a8
ztIw`4(4K|6L&(cy|Lz44<V4L&OJNAGf+BWIXcw!XdNN4Ts+zcRrz@f8FZY5IlPH1h
zZA^VDc-~M5al<e1*j&%gINX+41LJAIWp&?y3w=vf9Vg*@-MT&#6)Q4$iB`?f5dM{5
zc=TU?!``T6uxbs^cXAp*@f6AU1CVj-LNfO|HsGXSG1)T9Huzj?ec=+GREFYPz+~UV
zVAm6P*C`a*-$IjPuFZe&3C*A&=&EcL4IQDZ_C(tb5`i4q;?FY2N(qc>cfif|>DSUO
z%wd0771Kczu2y)L+5Bh}JiFZ!>o%U7z%^h24c+P+XyoNqo7+31ot7bV{4z8V&yg`~
zoVSr92ownHI_KSV>-^lpU`F3J%!%n~yX#Fspf@f_q0|L*EiJW*&3Vji)A`<2{NC4B
zCa>E=kMPxhg(Wp;24)l6^K+$5zAtQmr2?>M<@_x}0Q9e0dxwC`M06{B{G5`a`7+Nh
zfE@kvMH`^#P?;Pl!A!^dRu(Gl$-ZO6r!bHJ#DzbZl8$btM{un;aNy)r{^aCzz|G|r
zKv0PJs;N;m<VS^76cwd1*%DHYrHAGPfC2jD=i4IQe|Ap72tOi8LOo7PvvY6^{CpMg
z)DlH+Gden2?Rcgs0s###LIDu`mI5GRW52<p<w!lysFT=)pr02Kr++;@_rWG5B@x^0
zN?`0oy1Dr}ATM%Y;p~FTY{1~${alX5LC`;9*beDC0FTLv=GGGoFEcjdA>ZCK2h*Q#
zyidJGBmSs&T1adH7lI6vX?AGq@YGl%w|}GLv#MF_>YMAz)=SK8O+`0je=)dQ8(*f)
zkRslKIy#eR{|XofDsoBq-d`ON2>G;;(5+H!ii*_V_fk^Z4Iu$#CghuVY#y<^$TsiL
z`Oub5tDV~d!y*@lep4qu0Ge}(=|y$pa3bL0?awFp?Vn@$kCVl&p1hQkl1Z*~j%M}v
zKM(+w{F|laA}6Oo*JQ384o}nYgAGmQ?d>MFIhxnkKZoC-{_6#h6$1P(c|AQSsQ6Lb
z@$r94FxE~~l@&heXB3BHj3gChrmi&thV^xv?^Za<bA?shwq!qln!}<U0(1KbJ3IFL
zlu$s=cty;BR7in{6CWlZs)Bh8kWUM<L4Z5r`?`0frM};LMFn8kTO{Qc2M(U<^t!_w
zC*;)}Ra&q)RET;%Bs&~d*Z)C94+<D9v4mx15nn3x2J@RZyqJA`=-~xG8yQgWCgN-T
z?ME#ij3wYB5jou1z4MCNEuZ---gWf+cp@+}o9N*bZ8Un2OEF2)?x<zSw!aT&6-OEn
zFqc-yy0qXPUljwd8(V})eE<)Ur|jv?(Yo1R`86a(LZN!KHO-ntOVh(m3?j{L3#B!H
zxK|?}Ee<`CLf_j532(<q1#|H63}1{)7)FqdfgM`V#Bus|EzQx=+&!~F1c+2Q<R;G^
z=c6ec&W9)r85~o8Lsbb=B9r<=3dkw9cXNe-I?%l<8p&kb2g8&~>Y}TK15n&<u>|lJ
z)kcb%N&!H6BV{3n06Ix3MsytpP2kcyNnzM}E|k`%rRrK=`ceUG|LGB|wT@2wL7k{N
z-LISl)9XCZ-3dx+*#9)_lu+TW=Q&LRP8UP~bQr1Z2v8I7%P>QHb=(9&x>#1R9Gn;%
zM=}BfpITeiJip0RNQ3*_>%oz3(82T7?xR3xd#{PC=YMe-G@Gk@*O&YT6tEYGX6Dip
zd;*XByDwqHh6H8Aw{a?seSb(q?&@bfs^X^ClS#8qzfVgiQIST5l!M&b7yEk6^5|dC
z992vhg3qvluwCGn@ue=^HaAd6!TWQo4cUk{?6$!IOg+Ged9|1!d(<VCfrwI2M5TTI
zr2B<Dq~L_)vj>uE&Ej8_oWx*5dr_0ji%W{To%>)u#oo6ZK~hM;=bgdFgD%id@QyEs
zE(3oY2bljlULTDB>ZZQ{C}pb~opTOc%5$?!V++{5Ufzm;{s#~oKtkBLpDU$ez*qwx
zEG`iO9A9D0J_N1owjt$#;M(o&TgPW>=cnGk>9ER9PxVdALa%Q2{Q<wz*_9DsY!DN2
z`kqx-2>9oaA#FE=G*mDF*~bBsc!5E?E9+mnA~|^kLJJ^#?Ts4nN=Pk;!xbV50@fRw
zsNdh9jrPa7V@yU-T+cM$K>MG%y8m?*_7>1tcEK#IwdIDmZjqmCgC&&l`fxrq=OuBt
zDQc#az-@NZUxQ@g(|0HjnWETtmqZrR>z~M+y5b3`pr=*^M4iE0K6UMIU*L||O6}bi
z0{+or>0kP<tIZCn`lAMh2LA4r^ZMr{Dq)?@@VRE=#M{#pNy!lmfpqlLs7YUraB*Os
zMaQhI;!w~7fnrDUyv$l{qxA1nfZC|g3M~c5&l6$8vi`lWgqoTzv{Znuv{A+&UEfOz
zqqX0;aSL#$)$4eM0~#tj_pf4_J?js5rD|?Y7oTJkAW7!{?+0i$SS*`NnSKK-8Mep$
zaj>5&ka(!e6aR3l8(Pu1lxYN}XlMi&rEziLv^!Dbx3_DV97GAlLw-6##=r8v!w|-X
zb}8n^-MqTLfih-+aqq{4b}ea1geyD#zWV}8(01$jwlMY*&r+P{%1J!vno!*i4Q}Q`
z0_uSA)VmjV-S}une1v7rks=~o==M$&pX{p`z9vJ-^b=$04242}8PB#xQrP{}BteoC
zlrl2-oq<99;jD4;R6n{D;LriSrq}0E->c08-X<u7^!C;qfb+s-WYYji`|7y~@`*&2
zTUv&E$+AHd`C_4wLT8GmN0zME{?8G&r|0!)e*26&F^MqZU~P=K`;N|w^=Jl4O1tug
zhx%H}YjB>>-tI!*cfrYvPO=+GZ>^sIjL2&D=w4nYWP5uCo;s!wUlQU{9*3ml2h~PX
z$S9~K?PL^1A^C3h4ThTR&*lx&go=yKUVr7csWJVQd3C!Yb<peRJ7zXgV6aeOIijpG
zCEt7}v2QI|(O$)wt@r2D10fnK$s7fZbD#x!ho=pT7=qQ+TTjI_q*&;JKJY6wNyj>j
zH(0QiRM1~<{hjN>AnMn=D6iacZi&Xhe=QSt2ophevi@cJS}LhXf_*Ux2>%^`L3;-%
z3+mO*v>B^wdraN);*z3}gg!o(mp8(?HVhR27@wT^b0v~ww86bg!gm`T#bk4?9hJpZ
zFB={U*cRzNwN!6tq`m~%^h+i_LR6snLO`mh7t%{PI6C6ETCx3HV4iwvjEswj_*5#1
zY_X%F0Iq%92_?d9Lw?X95(l&@psv9A-9l?ToIw8}5oTK5Ao{##qwkJG0TVxwUb(t|
z6COK6t2NNZ_EO4+9NZo$n2XDPU`PowUEkbv{ydXZScVFOLQG4@$gnCZsfZC)Bt1US
zic9bAel%F)x*|N2qA`Z_91|x87nwKag#rteWWQfQQJVho?^c(*3K66s8=Q{7BDT{L
zbCE0Bt1<@$KSkS@(J|-%1_aNi(pHVuHpT|}e2%*RhXMuxJ{2qlrv8(>pYDrnj}6NN
z;oSEmX;i1;zkkD!2Vw`s@!0ByL$2p@S{liAXQ`Xl8v&e8IhKuF$!xUz7U6On2>r=&
z^c70G-QN}~A1JT9v;gvFXQ?GG`lr7wOghC5IMS`SatQ^%%Q)v3u~R?(<e629E!L0v
zmyAexeH{G(RMIly$&_w={hUfhul;|4zdC$qC#uYYvN`;7cs)Tto}Qlc8m^tFtiu{w
zXNBA=?SM98oJ?$U^8T#pc0unB8Zcb?`XUDrf>Zi}A>c7`Rpu8v)kBowOAaH8^3BRJ
zL8npjflSxl@P)@FfNjd*pb}QHkRzG>$2m6er`0vTw73}PxP3ltP|cn1J@xR|yDk&+
zE}a&zCE)00mFoUuU*#bT3v$;ATkbpLY;5cZn8Cn9kwmvMxjEV_)dFoyqYK;05IzX_
zV*q+S6iDT-MRLI_&_n{c$-$5Qz@RbEh1N$QTIpzSb{fO}uT+8|1^>w=%QAbud5r0H
z65{=l6&`texr5$q2lLT{)#eabEfL`)1Pmj^%6>z@$iE*vw7=T#n&zw<s+<c?1);v3
z_z5!^CVSJwyj*QS4)_KR4oSV7w4C%SN&l$H-YqMOA?4-H-k}F5{D3=_GUcTnYwh0{
zlk=6Kj7}TQ(nJ;s3kMDm<q{pP@>b}+?iycE>ASo2nSLA2ESredW8M()zxolqzvF2-
zAk9GdIRYNh1p;mb5@Yw(f6KT=;NVj;<8q&+d>0ld<!r<A`QnO-sv(7B;&}>5CsLYd
zRVHAYhmd2d5IE_qA4S50@eaj!W|l-3>yhfI9X?a9o^2N*(0~;)VeKwM3?v_W_}s%f
zeqmyRH7OJ<IN=3Voem4gV^uB(azB5vlBgZ<3aQ8<E^~3wGYCK-5kw3Vc|&MHLk|aX
z<7Bov_ddGcF!`+WwE5h@#eZJ9u!2HXWs3<bzp#jU+J=S%fMR=z|4q#1q0M;@u4APt
zSJgMZqM8|u?;XdRtBIpfp#)%Vr%e@=6uWJ=w%ig@!~WHp`jgQVvfs0yB9fWLA;j;K
zD}PHB*o-Yu+dfxukkP?YcSTv`YCl>iM4=h+%lR1I*R)6@Z*$m`SkkU6SJaTh9mx*_
z6sTf3fJPoDsq74CcZ9A+`Gvj#K<rP?o)Q0B5IZL)y+bU}S@5`Dg6PP~0tcvR58wu7
z<&q4HrTQ~}GtB|&Jv)Qmz{bnNs5Nv6gC-YOYQ0zUYTw{a5QLRpGn$6bg_`USbe~9U
zBj6fJB`Cm;6^e%fdOT~w+VysOIyNlq7{Y!cZrAyZo&yI7$%%Sj$+VUUd^Cv#40S90
zf3{um<pM5TObk^%HEf0E#(bo?iT?yU;Wt@uaV|k~a>&!&>nT_W6VOT@Ek&v%1tc}T
zd|D%V<oQ5r5nI33n*gS;SD?KFcwr9LQ=FKOXIi-Rj^ra=!qxW3PeS-&zTD31VBotO
zz<ryj)`<f`J*xMaW@#9*2_|M#`ZwsEgNe|RG|k8j#)E!%D@268-bc4?W=H^+rSjql
zf0YXgP=bEd5zCeEdyf<~XMdDQhsrjexqKT*ZX&?d^c9dKxqQJUKQVg#Q^1}>O;rqX
z(=f+ZG~ZB;w*q-IUB0^@oR2;^K~VJo(xNfqB4_QN*C?QkgF*ndD{&raz=TtExQ2)K
za4L9Uv$o6B{Qyp3ViJ|kjm?)xNpd>&rB6)cQ{qm-k~V`ZFUte_hKKjbhFig+ri^|n
zf~!c#p@5tqsY}F*dp|y|FJ&OUg1UL*ws^B-)?~LW@;^+ybzGNe&^=6-bayI<G$`Gv
zfPjF6(k&|8-5{-iAdR3PAR!{%4N?M<(nvSb@y>Uj-}8Q+{m0#P{p@{nU)Ri;Gv~}i
zg@_6Qp%ymS{wC#z3p)^fm8VzAk&$~Ko2>TzS2*9mug_T>!$7e6K_Ev_<u>~+AHa_(
zI*z6rdZe<ML4rvtX4(KFOQbn&q+-l?B-um1{-*WSn|O`Z5h<aYXS*DOo0#Em6dr}5
z$xL}8kssf_TgK9|gwn&8*S=wT|4bi+dTJ`A%9hNB_3^tlv^iq{rt?CUIPlGollv47
z8oVRw5G3J@w383a;5{c-<>Xp8Zo%BklB5H2&Esl=taTt$!A67dmzHMxY(Dgyl7oW~
zRSANO5Va*0zq&FVevZ*n^g5-xFL{4%f61wVEx08BoI@!UPIscczhA}*#<jH&JpVEO
ztLX+uk_V*zR}vC@w!_S8E;}=e&e<AMqKJ3qsvFFZn=R7S6S2bWRaV|0@SwyiK12^g
zi)WN;;C|fn;oZG;zWr3iZ};xTbajV>s6+<$pcJ2z3=dD&n7`Lsu_79FWJ}!gc^J@P
zW*Q%kspEh3VD!NQ@H0j70<ri1+Kxw-eHu{pKw1a;PGH+Ywn`lR(3gZkgm~@E;i~!K
z<=I2uJ*1p`^`+h#XV9_vF#7_8P@|KK)(R)ceLk3p$Yl$;N^J!%$KU%!IdzTo-I7y^
zkv;Xl=~?l+O3&c)@2A!~US~<ZpgY@Fy8L%ISWsBVE>yWS$AGATI%W*G5$}wOc;^SA
zVPV2PhpaoG4Bgc!MoQM|N=+QZEXhK#yT*(*!b0Oj)=qtUd%7pvlf*BJZ}V2jn{JPF
zQ#@f0LJq@9{L^^DCm1tLYRbjG67obl3SR0K|EVDX@5plxr^HSmK`?+7=|P=)k`Yrr
zpP=rr+KGn{A8708aZQiaihG}vhP!XWY}`7N&G~?Z>uZOT{XmchaLxv)-sNJKQB=lJ
zR#6^$q)P!nb1g3)6C;>u-vAU->h8OpkXjrLhL{XQ-0{;3t&YRqH2<8UKKxxAxD?OC
z-}K`ym^a!%LG?0eiz@8{lL?T_$GbeqA{uwMu^~Ls1zqp#oC<K`D>Yt`-_VI@HvOnB
zL=iqi^+d}2PE9HKp}4varERC3JmnWJtDv+H$9xCLuZg)X^fCsFHMb$BkfYn*rX8hZ
zH^Q92|G?+|&vqkhq{XDMLeb61S?<LnZ06u#$1}jpb-r~neUlr-kqyRv*h)e|xNuPi
z+QP?GaFc~N*wjlXcndz|1~;N&WbZZymeB|kvXYbI8RY_}u2*4>`M1O<W<)7={xZw|
zV?lQIq_e=r6j_B%aX@%hmUd7<P5Ynfz>JsUi<R-gsXrPe|D%K3!uu@oNtL}r-ezUp
zD7;h;`Xxwt-)1OrdD%kXsjDk(WTfr(`u(UutA1H0gY;A6Ki<d{f_<#bv3<z0vGIAw
z|C&(WyVhUt8lnGCW0~W)i_$fc>Oa`Y-#}4LQDW7$E6pZ%Hi*g?=tcJrxsEq3QMUsP
zwPx@R0@Z+~sV%?GttCP*aXeV-X{Zu5HVB_uuGVboyMLnP7vdP;W2SGE_9{CF(}Fp(
z;DwF!U^5cvM}{8U4~cDTocI2-v4nwP!f}82j(X>^m34yO+mZaYZ&UA$i2ya4=lN%j
z;W!whQu*CE%usPOn`^}Avf12d-N|5Fhn@vDF>wP&Z?D73jL1xbCkc=PG_T(jgYfG!
zw?0Y}yVml-Y8vRH8=sYb)X9pAtQA${(hF!Y?+j2dTt`A$U{hnX8Kg&&_Vc?={whwV
zOcR7d7#R?ITN)|5@FPl}kI$Z<knSbph3W0?vb3j%_If&K4xRyCbk-#Iq(ub{@YjVR
zv60{9zG;3J04guNGCR8Zu2|@oPg8)Jg5u_yMt3l)3$lxLVshWnIfMiWPEHdLllILv
zm=4zoL5VoFQHKL+ydXcKg@D>Hgjgm#i$Pp5&QAM<p0g)7xIW|2MfOJGeCZUR#1*co
zLqv-*8eZu_XCn(MW<Ei3c;&ZH(NcW)NVoXi#Rb85v2yA$QmFiahTp4Oxb0Udlr4Ne
zAmQh$hj)#B*{!Vnb{F~v5yAhxDywv1kH;k?O}-l0P28OXbdSf#tR)!VpEakx#fgvY
zDN_A5;>d=3cOY3fy~C;v0uM*iIZok5|C-!JGj!t@M?4Sr=64KhW|Mo&a>8poxt^F=
zz5a9WV@Ti1qMAIK>|nZ#woSn(N-+paK`s;nSDtt47j7FK`(%Zuz`)I&kNGMnAV%Re
zZ9%E_@_b->^7pYCJ`inBG!3GAdzJU94WLB5<^244O`-@GfXr7@A4Fhb6D9WZQQ}sk
zq0K`#JUb_MWYO6s4h*0~n15LETs*w=o-IC9#pMQ6A3R+Ztm__{+JznzhcvE^%D|28
zv+Ayj$*Oz^*5$>vH+$U=-*1otMZVWFkWp4%Wj|TtiUj=@ot;HgB%slM(M!lq<tkx`
zxZ)rY-LZmFwWR|+RxT{t{pQ+<eH*;Fl)Nr?F>vW3e=V9BG`V0S0=b`yOK=Spc%$Z_
zQ7ByREd&hl{8@>oVQ%O**62ESdsxAAvbz)oD%Os6w7@KX{EL?0PonDM%}BsKKCZQP
zp5OO4^_&(=7jr9qk6!U-D2MWDSZOH#Qv#`SLbezqDKecaW*)Z`Fc;moDB1~zc5zgn
z6I7p~e$&(MQ)3Zh<QZAVf9SpP0)@T2);)ug`k^#1I1B^nZ>ai`N5Y)I{diAS8s2~)
zKY<)@(XT;X3oKeg!{M*i>NT@c0E}ds9{wd+=XV9T1tspn`fi*IJ-tSv>Edzebk)*a
zFlL%79v~MV*ZF`^OZ|htSyva19w$4`>Q+CyxnZ52nje*wzv%c-$*_ixr9ca*2d$n5
zB`@`<c_-uMy4F4_=T_k4b0iKby&R{)fT(a#aUh?S?r9?bLc^IwDo+laAe{eq>rERK
zNO`um%T33**G96-6%RSN@SLBShSq(dq@>AhD&n9G#|;dw5ExxavAq&z3OtHRmx_Z%
z<d=abPj$QEiC7RSIIx0F6d!z}prT5VvP~S7V8qM$SQtsybc4U?$Bz}AM1<h9c7W63
zT<*0TY7j#~K{Z|4nu!#6>HpuE0u>7KZW<DDKx>tK`OG-Q9R-C&OuS>%&-O^TsX9&?
zQHw$6k2ekia0u7uodPhcB7Aq2#55lyzT8}!&yAs3SXgBX$96L~6{qh!+BN1-k|F0!
zQ7w3BgD^Z$KYIqB8X=;SG0Obu_8j^-#TUn+0A>)Wu_VyvAgJ1a+l&Q-_II&Bpp{3C
zh7fZtEu(cY$sv4*^f6f7QP8(_-yF~7HFlay_<rQ((q6)Pl+c~pKB2dzSAoG(@eQr(
zzNl-^&96@mw0s|*(soUW!53*q5O&QMcclw!D9A$TRFZ!a@E0q}5bb@q6@3d$`@yo9
zh`u!X!?t==wmUlRvVrep-?UBQ;5Z!aw?y(Zg2K(VZ*W(_bR3430`ROT&HY+*tLiPw
z!q!4yBPyn>%#-rj6ezqQs<W_((TMOEF`lfb92`bb!0Uo`^C#=qJ%JR}BS)8ZUSnfi
zDn68FPPS^?T-=?|rzi3{zfWvtMt!H`NX(slIdMWvOzv^+@oshWs5S_RWR_R@9zIe{
z{5RTSRY62bfw`jN6yFP!(T`?nXcICDe=hilk_APY#Z0xJ`Sc7uLMVd|FaTxN8d<ad
z4THb@(Dl{g&HnFEWY%I77;RAOw!8o@>)WdmaQagE=+6A4`4_cyTiZx=zzYzeo_RR!
zve`R1@s5mCwB$KF!lf3(ec5>Sd9r6Az3`s6nyS3)D^6l_vv^7h-J;t{)KE{Ji-?(n
zhZY*d*(F~li$xyw0n13__7@ky`c{1J{FlzB&sl)=##S<m=g^S-3EU+ls6n4yO16?V
z`bL%N6iXXuC(gS|M)h}=JxV|{*0c+r8&>@P?^1yDWufov@U6$ik5gpBpMf9J0<U2!
z=9j<H=vaY+n3=Qi-LT(EKmF9M1>HbiQ|JLc|0a)5l4o#vVUOTL9*ZV_%??Ny9_BK0
z{s}_!>r+1H3xaMLm)P9=?Zts*?%%&~#&U8MP0RB0XLK$Y{xro630OO9x1!hkUOnSJ
zd4-eacZzJsqSU)$^fW06q-+=<iB_AB>^9-$br`*S3Iq<9uW!xIC11E7k-}5M#N46G
zQi4~<G;prp$I`wLe?mYts1;ahh2(1xsGo(*I!g5EaYELu_ON$h2SSs?;Q}925l8xb
zw<$bx!Tav$v$t<aSQ*7QZh<h>Id^buc-+1`nha=mguL;YehbWjK)Q{0F%^2N+He13
zdj^KuQ!=}-&;=_!=;(~jKXBu`%zymSQHTo^?_f4C-OtZjl<^V&$Zf2stw;Hdx<=sF
zFKFz&>+?l8YZ5RCf>^ZeUM?-7+;l{lTG-x0KuXeDR9T{+oq&kH3eTt|KL`^gEuyqg
zsy3T5^Lla(J(BFtkNN96gS_Arke3E^kt6NoReV5fCOx_R6dGv5L{#IM@qx3NYdpia
z*_xYMbM`-7&C+qy_5v&1OA4OF^Ny$(uj(oWamwqF&n=T}sH)^e=+=5^Kn@X-QAg4w
z^DGTtU3|6mpMii)i;HhJ?42&*MS1}TQpeMH+^AvC)P&Is=0SWs@yp7AeBp?QWQfZg
zf{DHWBF|C=3%!_c)Vx-F^G#S9iT*)O!S(7W%N<(8q?GPtcavr`O0u(&2&AMq;fH*;
zO7`G^f;b{fBEn4ZckK;l&Wod#ldf2qFG<v?$jpkZJO<5`H`i?-$^J6H$151NyWF$)
zfmg;ZW^)W|yv+AFafRgM93j1HKUL;_oJa=f?$l|nk-QJ3hKf9FSMXJVrEc+bjX<Z*
zCEwP}pXbY&iPZm#Q;_aS=Pf1or#b#Rda;k{B8I9pj%>%!%i66$?&5;1se?O%$JWZi
zp>W`VfeNfs8DxtTD0de}a_?tAym+NwU;U&G2QusFRu{wbKY~evt1KW>XFJ|*19S$t
zLPI;GE{@<bU)`RpBKX%k;@h3=^NyOtn#3e;-=$0x7$tXRL)W+zpZ?X`lQUr^WaF;}
zZ=j$HGA~R`rEKuv!#F?x6`&!4h^POhIt}Ds!oR_mAFUMEPQY8ia>XPVye!1-=pqk(
z4%9Cv0VyidvZT##>urk)KZm`!MPb&f#L#0JM5_PfnL)Ju?~;y~zT{7m`At!`e(%g+
zX9)h%@R1Uwh6k2As(h)LH3EVPu*yLrNAA{uD*u`N?7X8Hv*zrZcU^DZboalXQMrR3
zHQTTt;K(fQ<7+uvaR`Q3pgQEC{0=h5QC6npdr3Y6R0s2)l|;m7i2qUn5*cGmKG;bZ
zE>7>i8WeH3&1=qLV!>SHIhM<U9bYAq_d)zG|K4#@`+_Pfi7zHz>-lb@95^K4H2)&r
zJM&4Os3Hh=+eV4&OWL4??p^WKUz(cfI>B}@!y|rgfr9(tl_Z9zhsi*15^v=<+l9$T
z>M}<3n(yB29h^BYgW|ZV)R^U_p9cOGl{*|2`nu$4c;pG#pl~z+UjT`U3gUu8)%jr%
z@u0?~&qAjc7J~f9F{02<9GB)LUXqV4r)aBx2}Hyigbq0yC2w6kBBtX<=&hD7g~Sp8
z9T<uO7@eirkJcUsYN6j&d`n!ESO>{^69n3m6voY#9%ALncIJtsWH~@RK>1?8o$TW%
zJl}A^lQpQs=Igt*vDsJYdEV0&emX~C%*ZFGQ@9Td1H-_F;F==c;C?%?&N#@pWxJcD
zL`;^451=I<Udm&|Z5%uBr?zr$Yl=V|AJbd%0vB8oK^JO60A!C&j@k<pqOwP7oH+*f
zuEPG$!=I&J{?omza4+>xqH=w0a_PjZxJ+d+VT9g&$kyJmvGerTDibogf`SJIn#ua#
zeht#MevgR;5vl_z(Pw+0YQC2wKpfQ(1RZ$X=$IUP3p6liQNk7-znvMXj5>E<!cu>(
z(zqRS`c0RkLVnAmwujP05XSNWCbp1F{)^~~`<*Y|0;>1n12BoVSue_~8h*>`PfV^P
zSAyV=FbEfhko$4c(ekqL5*l)HK6A86wEaJq*P?4&<^8;!e8?$i{~qc84j@<-$T_|(
ztsE6lryH<F2&Fb4JzNY`PR{@CuHLg=(;zxb2#^Q``j@tFP_&Pb*I)+s$P+j_gEpWU
z%msol_Tye|edxDenzR?|Z0X`I4=;Ce2_ddfO8HB6s%CLlX*<2>_B+N!91~y$m3?F1
z@hg0w{$DLXBu*#bVfHABKCaQSuMX>=Qmc1;`8DKtz{-k}h7wCfsSBaQ=Kep|<6CIo
z3NvK2W$>Z-#eWreq%HK)v?}cfxAdtG<DJ-u*u1-%PIr(W;Nd}{MO*qi0L7pf{ilwO
z30`+@(ETs_*?)zje5DqRc!@&wEUU@CR-ZmCtiGPkv)j{osvCZDw0`Pv{L034V|4kV
zmlzuB=H4fZ6Y5gf%5U;oK&J@ka9XEF@~x0NGs`~AknqSz;}HJ*DL<T#!5{Zxp{>P+
zqa>IV`TsmLS6koeU^$GCe1@!7X~K(iLJ-Kl84+r)GNgn4a8`x!nE%Dy!DIvFHj8q!
z9mOf90p+!aaGPJHh*6Z|ZU5>)D19=2|1M*=j|DCOQ*-;d+qeE8#4^d-(=YW)1w+6>
z=9915a$4g&ttv7ST<5;OetCvR^L#Y0$IP_%qe9A$S5$gVTU~D{Uc}LxPDhe;Km1ZY
zp`)YKR)BtMo|q6xhh}3tXY~Ibd&?Tfedg;b)3%$*y2I+!14;b(EN}aZ#<vo<z3<~)
zWuLeu-DY}ZR^0Q>aM(=aO>cLJ0?r-fXIpjr$9FnY-L@~hb`O<mv<9=iH)p-={&_bU
z4Zh42aUK+5Xme;<z4V*g9Tc03P(cavM;b{+UDT{^sNp4JOd@NJ5|ftY+*_bhqUn7)
zRoP~1ZH+rNw&LHYGvAgbq-SRH&^0<sQ$wdSqTHNM)0hEODK<oy;;WXvDyyAQWAwaS
z_})T4P3!;>2}M`?2LaPY556g^md`86@Z!NqWH4u-MzmD-=6YgnA#gza*`i|Q)=$;y
zsmTQeS(J;Eh=RMF`g$faGc|<Ci~G9?XoGK2LQbhP0|;N`ArVFA4h%$yc^|JbXuP`h
za}sIo1M+=(yguSEl-p;9{lrE2Lc-G;+}yE`KwVSoDInh+=9F1WNQlIc|9Ag+Q+3|$
z@2)Pq@XT#TN7c{xlN>h5gFp;?c<K==$-~SXR2~*K1g`M_(>AoJKbtp(4Gze4FeL0;
z+z}g_^H~#p7&&>r+apc=7wpFq(@ScvwwkzHU);Zx^c4ld0ZGKtGLnQiof#c#Umy>O
zY2qO=vtF9jU}u+Zso!;AiLWgN)$#a?^ZtT+(lFelYuq*r{j;y#-qL+)ygv`_m%-4A
z4F8Lm-Th}peb$3!yMOz&yXL7gTBPS>f)UT0%c>e++Z9WjadO^6l79TJqiu6sWMd0`
zv_6zd!jah}UsXox_3J?Y57vAiQc6qXzQZ6w*X#J<-14!$C?2}*)6gD^MIH(Yc?|Ti
zY0O+8d~uVx<Y<2RRZlYgpGWop8&O$?FcEr9jnqy24@r|6ytRqkeIa5C<W@6edxkO2
zaxYhgf)d+3QYsOVpH&sX`}LleJ@TW6%d-;2SyEZ~u>Hl|-ez+RQEu})ImIU>W5Qcl
z+1~q=kZ^M~H(uI(Ggj)3KWuX!mr@Xy1oY_xr~9;ABj=ZcQdp8MSVGJ!HB)O}XMS*X
zs%GN;Vb?;do%G&)&sFX7S2cHV_v@!nsW^u4@5P)1TKioeSd`|g{QVm&t^b^#bR9h{
z%Kn{C5ZV*b*?V)0$M)lOTmI@Gay&{%K^!R~8V$R2!QsxNfH0RqL~mpygMR=MN^}*{
z&)+CcF%v#q5h%CCzJ6ZwAjMp^esJoD5gf>rt7P7gMq|;FXclP3_n~ZPMDA~?=yykH
zd2LeXWS%ZG5|WZ*HAoALSDU(SPu^Xg31mw7L=3tLQaQ^hs^NQS<(qx{!tV8NcW!=F
zKvR>Dh%|&_VS#p#=uEBBTq&AX2)_XnKcq7N*@p(F8~p6;Lxc<@Bxx=gMpqZ+Cp`(W
zV{X+YG|AkiO~I%jyPN2ma@&bscXL}4Fhhg4{OmzU6gbr2J&FFQpunc1%6`sGi#Cdo
z`G1a|Y(qo>n`7_D;cB0Jo(1yA)8^&SfV&hI%%@KSU?$7p?kMi9%cFO>cq^~PT$)p*
zZrbPHvZVR>e;k&@XXtz)RHc~3!@`Dn(ky-XyH043f5qn_jO}D+VHd*N>5gGZ6e`kM
zNlxG!0c*4L9HwPbQol2OE7u3~e`<nLhBRiHV1YLQlAnyx6QT`N3~4zn5^DIxP^+Tl
zLNE`YOWpRi<8E&ftKn+h6B5?umacHN@x>%Wn5b%yfU`2$WkE`2`rSt)Of`L?fZGP`
zpVO}qqUFUP|Bde_I$ByPv9Ym|V~xJvJ2$8-&p7{Ih@jso(qURS|Ci;T{hGpLmfU1n
zdw{!p6XiC0`QO)FBQ(<bkAfK}C@8v?Co9S=+AxODNBIR<?w}LptL6A6bEgP9TSdK6
zpCW}yPVa?n<VmTq(1wq>iVEl4kC?768!G2}frioI-g`(Oe!F>gp#~?RiH6byzB0zm
zwRf<w&8@>jM+s(>;hdb))s;Thm7VO*7<i8#yKGOA94ITt>uQG>Y#XnTkxllEZ1fKH
zcjULr8$?C7Z>La}Ozk<DRYu)n9Zc;Qc`2xPkgx7gSy6PdsirE6lJM#kZ|^AS$Gipk
zigvSdhm%Xs^tq-i2~ur&`MloWzXgA_v@D=^>|-&>;}8bLkTSN0LQ7_B^h@{Y7^^nm
zrWUvC)n;SkXbSX)j*_q|m{Ag=`}Eg**9%xMeY_pje{r0Xn@a6|VjDz(jg18!_mdJM
z%PR35nD<0pY#0Tf2#Zt6IsRw?^*t3$Zhdj|rgQSE*=VX;<a<nGaY@PV7j<0jo5{-U
zi%VuM^)Dk0)p)!AH2Q{Sj)y05PhP6YI~)#$L5%~l=j7z$H&=2H_7KrQS5p?;sNVzx
zX#O3C((oS~VAXh2!0rg2hQUG7<-e_C1NiDYbJjOA020>*GVxGVR37$rYrKoHsofgY
zMiUiTFyA&JKsw#7nrm$D=s*Wr??F9wyiL+WWZAN}DDuLV`T6EC<$S$<$4AMEsD45y
zoPx-&MXyc;Vz{JJex~BB><>4mdBh4P_VxCeFHBXY@O!(pjjz6qJa96Ii*EOnYBC=1
z8=~Yz0<=ZR`zodR8+P4kn$W^`GxTwV2nbyc;tm1oU;MZvM5xM5O(XDb$w3dNYqfH7
z6uaX36qQ6(RoLs7k)dJCDUFbW7%RrUklmiep?H#Db&bs2gkJVZadAOF*XPI8^i<fa
z3E0`6k!VCc`B{0Mp@sf<jh-4lPe-2c=K1QtLQot*VUg|iD?&1|uLeziSLoi}-UDHK
zgkQ<orLhDx1F)(v9UUj&HwH1OA|p|?D3Aqoklx*l{|lQ&xy|v(%BpKlHy|i13kisH
zTm~Wh&Ff38>@>qeXD7nHtKlkOKN##;IIYhy?=)Gcb%m?l(&f_M)u$9!1{wySx&<#6
zo-s2s@8RPq5a5WBmg{jM?g1S1Y7&w*N1{&<v44_twI=FUFmki^Og5yb*88245`eTb
z7`)Ew+tZ)r^V>tH1j_8jxnVxoTBZb+gd@t+r#F(-YXVNUqu=u=)sgdamRI(wD$52W
zki6UA{G_F;dqWA=m6?rAY1WGn53*~EB2N6@7W)%Bd35wEpSG%c91}Z&wLy%v%D%_K
z?9!kNSgm^bUe9;&6<$3gOugN|82wCg)cY(iQp1Jpnthi#6?xv~46jp)y{0BFHtOFO
zfAf9|pv?q$taNWA$Gnc3jTaUYxi-HPRhJR2#?r~Hy&<99C3~x@*^0}-LD`>%$<CdO
zWSN&&7WFotfPT*xn~Wz~h%fNU?plbsmXI=n1twS4e^2x+PN)@C-P+olhWOqj)glEo
zqfk&Vk>?&`T~cLAie3lI03Mv4nrh4yrXP-mEM>xi{_yad>#X?Y;nw7!)Q~=1N)sMs
z!O14da$j2N9i2ft<dsiSjXHFT@80o#D{F3j@DlAu&ZW}dX!;oY7cU++#sYrAT^;C1
zx9qD<{q~3Wj{kWGo{o+|<tklaQPkIq6FE)g$haQi<m8N)W>idv^`mt!^;v%f$W@*1
z-=|c1@ZA>nVbRnDh(kXIVuJBfmg~+KMb};85ctF9KbL!a>aH6&bj#fP-h0`zBu!NY
zmw)BLSlc+*ZVWNWgC&$VbYk%bJ9DDB>R>@KsBv0}PD~_CXtj|S_<wP!U)}Q&wvO6|
zpi5(k%HO}xjid@Z+xGw5<C(v5W@N(Xe&z9tKSnVaq{Kfwygp{ctFjo0xpQZBbscVb
zY4Y>)KL3s-K+b71nmqJ=@wu0%;LohMQU)m}p8@*@@3xh0qJn~h7uA+5dA?UTO}-Zn
zT+BgBc$=@Ms=D6wr}23$wzK{bgK+-_<T(420`;Efq&M|mPwkuO$-=-vk<6lW%0GOy
z9Yt~K+)th7bNy42^$uJ33zcNE)6p+C>!%9$d46u#8UT+lI-I+8r+IO4ab;j&AO{Ap
zT}wNPfBf*j2Xu2OO~@fdDDKdb@jkVZfEc95GMhFG)%y=#o5{}h_4l?aYiX4TGC9kB
zc}$~MtQXi*VYUC&)&7Z}B>il4U=@#1Hlq-Qr-;bi?tTS7JMP}TUPdk!)E6Qm5Bqu%
z!<G5JeT&!9mInz%_U{U|QLm%<O_xpJ{kQ&nLw7ef7m-u~T{gE;?4AoZ7LSjrYCE61
zd;45{&%Q{ot4mpH3v!0XclDgYLYypOlKsEyTJ>MJR5d02{}v|bn!kyNY<)G%{IjZZ
z#gi#MGaXk~Ozie=PZExM+_C$It8(Krv}Uxb`D`K2H!e>0rW@(jUFjd%*xIsoc6Np-
zKYSQpMK7NVz}<vK@YTc&0+z7B!6x%Pzpn;WHF?FpKX*h#gh^f?GH^RR|7tyC`Ud+$
zlXF?@3>$wQzI4~n3jUY+fKuWGv3e#o#mXuRD<|$rsZj^SqKVCX8WngmTL~{|ApQ_(
z6$}AupGyWt*k&9-!WvK^(3LiF=Tlyp<&7UMN$ZN>I19@{qa#a~J+r*L0-y7O>`%iV
z(MvHKGk1FjyV9%&_xSjTKD>Bw`u=?wcyKK~gW^}H>QTp=hzP9O7d9qaqhEMaB<Ub|
zi>u<3l98H>PgO=Vc_w5eDCV1g2Z5fRzD(_#U`p(br@Bv>eh(7xv8k2ah`)`GzdH>Z
z9X^~Lt_sbBXE0JrLt=icr8NShx4*C;tpT{*>`!CjYK~Pz+uf?D>ViIH$-w&1r(3^w
zCxaV<F%Q|vZf2q*TOA1q@>uWeUrsfgpM>|<x>8Pr^lZB?EzYm3MWox$d8BMLSu8IP
z+3%Sg(eR^PRaOoc8B0Y(L<+8_&i(o||HF|b)8SMjXu!mz=Wl<C-HXY*i-Wf5)xm{o
z7j|9m`%`Xf0iT}#khZ?`kYp_?{q_-M4rXd4WyV58In}ushaO}^WTdRNDlT)SzvWFs
z3T0m2r{S-<JT6+gt9{Z^R!_-}MT8kyIinj$!xeK)hpHV@zFA-=in+|6Nnp3A_+60u
z#m06QA6~4_w*(t^wzsEK<T%VR41YsJyjys9+a~7b=KW^nHb~i{Ke*lti<nB2G<pz?
zLSs?S+#+ODbo1LyR!H7$D?R;|Ujz6@7_17n!~kgiZ@J0GSKcyM<hIp4cJQ@DR1`Xx
ztF_y&AZYLXsYxhu_E0d8MFHrU-Sk87JBUWI0#Rwwv94L58BKwL;xO7Dv!qjn;PM#K
z1aqq1laHS)<wHp-%&8yb&Qnb@P%L3fs#8~;{hH(I-S+NEsEM($_HVTsjDXBwjFySt
z<QZQ7KJrqvZ~$VAko2R~y}X*V|8e`y9Tf=)iQxYJ{si_|rSH4|$u}OUsE`Qo@}?xG
zr~kax`rZ5!_waYgN*_O3(2Wz&Wwr;)UdFV5$G(RVgeR2p+z!d}CgSnEUS)uL`v%ZM
z{P8~y&@pL%PmaF9+dMuNUon~n6Tqc-qdNhpO3qjIT5Dk)3e<uvK@VOIWd`@3K4OqG
z`SO-%g(kj9OZ!R7Ub*>xT_7?>EM<%9#musLR@wAy<810pSo8;RDnK|eI+RV0pIyU9
zr;|Rm3(r$Q;nm@>-P2&s+`)`CV{Y!dT-;U+FUK3iRCT@viK1^;VPBsfY>-`6*(>Q}
zg!8wB;d#@OkT?gn>dD_y#35V^|6O7zw%q=PWa)z{D;<)yn0qHb1%(YR?L*i5AKyAP
z`O3xTv)L&rl#d_r%gdXXS%!Ad2x_FqigL1&=mOb}t*#zBeI5zHqIYYuOs|m^r?*$?
zYNqk^v;(_vitZCnWld$Asa(YccT`l|k+IO|dU2&yzM>)`r&Hb_e0q8P7j3W80#mO@
z5$Ub&)dy+Jr-IAX;h1U{=T5HpF!+Q)wzfSwnf^~BUfkof_@uWjlB}g4QF4<w_#PT(
z@%;IY)lyVkAU(R!R_%9w|Ke--_wOz}#^9Z@u&@|Cl3YdGCxI{PcaM+niPhBi7l*L%
z=rhXbEB<t=7uXeK9H-wJQwXC6-@Ms#c5d4YK|AJSr=lu$a0qBQS|?@A)d8Pct6FCJ
z3u9woTOD0u^Abr_DY)BJY0?-5TJ$Wf!p7Az_eAdv0{F%KJ=}t(r3E!(Y_2a$jlMqC
z-m#+gL#!^E4a=1kKKm7ARgloNmc360+`qZl5z*uryy@JPmeM>hS<`W4bP7>U3}(wE
zpX^R{-Ol^O=ecjTMoAMq+%BOIvUhrVDT4CDUP;YM6e&P4x7@|WB~xBr-r%D!^)L?H
zQ=1_ebgL8^8X9xfD3s?MN3U1z%vNh_qd^yA6Ql$%VW<uDg{vU-kIfmX=i(AM!;$%9
ztE+#Rhq^G|%E-_XeACj<3F|mmL7?jfp5GO&E*laucKFL=WPAhNSR{`h4?i|+Xc^4+
zI}2I@w(s{!AFaFH29!>RFcD=Zkv)-s_a_ufi|ks|V~mJeGS>g<j`pECHHVl0NlB5;
zLPxIBmO1mskCa00+`u47*Q0Zfz505ux0i5zGwQkZ;J2H!q@*M+QK#jHLvS3^#_jdw
zD-<9ivz+YC>88W_(fay&anEe4_1N`ycX)r4zc@}yeqOOrc&|MqgmHA7LgDOeYw7BH
z<-+_no&p&e&d3vvl|yS<XZNnx+_i5icW0<>fe;HGHG9~mtm=FF$i<0gstQ#3-(Szs
zN8Y=KNY*d{16<UQP@`vxIWq^|uZ=ZHv8JZV+HZ_vB&#)e@1rQq%v7K6D?d~=1FV%|
zV;ku=HT5`V+NNvf50THBM()5<+Yt=>+1dVY-n2-GNr@(d=l`lnXfEtk45{&0Vq*A)
zr>LEp^voXKm)d2J3cESp?jGz#(K!4qr>@S!#K{?5_u~!PusodEYBO6~(d&(|BDtm}
zy!GKyhWF6w!#AwcOpmsSTns`<Km4bl>cCt0GV6R~-DQo2#{6p$$C_-JLD;=gdZ|tj
zuvI@(9?Ml{fJrwj3%|KSGKGhiap8LMevo2d!Nbk|o!g}@r3>SLA&)#jf254Vucf)S
z{zpu_#+~4ft00lHimCx^E=(Z(Qt28TjB(TGjHz_IwcufX<DLQY?VwQLooz=`em!+x
z^rg8t=mU=r|2{bP0WQuXT@>B*@nibWi#%X`Z!$0-q$1U}$2Pnf&NZ!mMK$HNE^8_p
zG~TPC;<(?8JR{+sX=u~i(?fQ8c80#OzHX^S8)p*=^`QfosOU3S*pKKO6&3X<FqMbR
z8FV;~1GL}x%0H;6D7SuT@P6yCO?{D)QY{P)A>NVBuvUxFIx@N#^PQcCSFLBb+z=s`
zSN{sGHv$jZuIPTk>dRhQSlGJR6-VTM$VzPYXR+Y%{va;32(iHHSJ@J_qv}#^P`*p>
z69-C4o<6e<;%8gK#R!X~kHP-@d5Hc24l&AFBLxXH&PfbSnhV}1!PoP?I|datBQ#FS
zSeGZ;ataFQ7kcA<S0>+V$wtqQKSAmtuwPmtT3ZeYN~cA7U@yU{n&KcOEPQ&eV>m)5
znv_vK_i+ku%i2O)_?D8NZ#aGjzqNJ2cYAe9&LB)9w%g5ff9SF{#5;7fp9Eg*{GsIc
zx*yt8@bu}^(1>it^n?8uPNpr`Px$!K8-3GO6N)PY1l|I13UAiBROkLgTci2kgW4}e
zZKI%3$HVil&4Ku{u>Yq{cz0FT-c~Rl{NY|l+fmnYVbadsghwO4!#KnL)CxZZ%ORpN
z8ALyOYqzm+x_NoVO5neoy!rO+o|8-Q$>E>RT5PIS6>`S>yI(rkx$enUR|(O}%a_Hm
z-@Er09sY`?<O{lK3M6XhLBywb+1c6LFMk(*c&ekrij4G*pT7(k+uF`fZ6%h}2zaEw
z9Z^`v2eNh<c(p*c&d)Ce$J*MGe$Lf_O9|Ovu|A8z*xCmXWx44&7tYB5V9bj9Mm`@N
zj=;uKfd5E$m80r))H>)@H?}6@-zQzIuWB~=$aqL20qY^M!+(4Osdv=tSl<8j>mvpL
zV&S+ieqrnhsb`su*SZ=sjM+x?pZ`m#v>_TS>AJ;3O#EN!oqtTFpg_s}JS-=H^?|MM
z9i|zhxu!U2Ha61noo!eGRs3S)^Pl~blO~zh{6PgWID{X23JVLf^Yg8b7dvjb^&z^9
zoNg{5;*-r2TS>`D3yW_^B7_}-B!0#N7OT#r7xeb}(Jd2}-V3v)Ae$OAI0WXWH8pJl
zuM^wVd2m@Pr3KpD>N4Jti;Jbre075ijyqg<OJ|3sR_2F&vUxBoqC6)DivUZSKl$YJ
zty_j@j^XNnhUSw%%``!cS0fn8_wH>q-K%_oDx#o}NKU~b0P_sj*F6r8*h`e;9j?rm
zLlVE=S2L<%CdH$DC*>Q|SNQbb@lwR2hbD`yp_CH9x4mRiMY<CjiZxwFf$f@VeV2n{
zHC@D+)nRYG<*Z3Ki4iRl$lE~=Z|@TqC#TdW`uglRNZ)X9^p@uXOwZ5Z1A8#C36QiH
z8C8=JwOoJW0xEy~t4}-=Qoa8bbvWo|6TDA6ybMKy1Dk1thCUmLWg1m60sQlys|h~5
zzJ56Gw4PX8Fa9%`Gw^LFdi$N*ex7kkRrV}kCc>_=+y4}B5v!PA5pItY6w@GK#bv}<
zc5&4dG-FUbF}bjQb+P4N3f<4zzki3SzK4wR;K+YG^KyjNf`Q=^%?t7bwS0lcs;YMM
z5?)969m80QQV@Cev}I%hBVdce76F5#%axz1buX!&{p@95{zv)4{q=sD)4G}k*9=eO
zU;O-f3u{<cI*mu%FlCZ<vH~+}u3>5NL6=%u*kkXLgDtNa<+Dqw1!Uw1JiL{{g!fL<
zKg#rKh!d;^(1KfR_ULtajN1DP?%wu29UARUq!D(yeSCU`ec1?G0QM%nV*}gXQp{Bi
zM>k9@GrC7mP{RiKP&wk}-aua)mAkw6*Ael&$7zE43kwU#z8A-@XS|ex<^_Ok^;uY6
z9`(Puz8WbkDx&)Tp*zy#+JxC{kXCDXpZun=m}qpiel^*|uyJ*vl@k37YUlQl(1pBw
z>)f#ED=F$2jKPt7_ACK}))DBzkc%^>%7H;oInjbIFaa}Gg60!b)@)-3JpW9+&j&V@
z?*)t;JaJ{B=(UW9AB8EK+9*xtq<1?OC6{sR@t?X|_ir%?tCt$KtxMg=>u<Lqi)IX@
z3s?_4Wnjp{BvoRGFh<npLO>D{ld!6mJycV(s_LM&x59|3e96Qe@H-Xl22sSZ3RA9v
zi_{>$LJcmnFs(2WI=#EStr{Yu98d72i#VZux^w4o?R(xzkFO;qir~{mf&ST4*{q=)
z>W}Fv=cf;Sq2i7KKbF9~$fA$owm~y>B=m#<xpsDUdAKYYHVaB(sQ|SIad8D&Frt<6
zvSBiLAJ2DueZFN59nC(NLXNvOoU1hA*T#f}%m~lyUZh(}zqq<8l-XnP3t76-*_zYc
zG4Q-O5OMtT?n*J_G&V+HV}B9q9%^n!dzqf`{2yZ*pp4VqxwwJ~>y~1Hy_n~Q-pB2Y
z@q{`0y(wu)p^(FXtz7cB!H7|8Th^~IfxhOv#lM@A!6MxU_KF`r0#KPr=|&M47$T&R
z5I^;bt3&XMt{hG;t;LW6H0#`We^hoL85%aura`t(p$yrY433=on9yRP{ajza!_&j#
zwgznsqc9W#vW&zeB$l7yB*8vV`+L&;pNC!?uC~28bNcn>6Z)fz1N1<EeZ&7Yx6I8T
zG8#2d3lx84S5<7tBVcf_7^D|3s8CCL4z=yV^5!in`oUJ4$oADiN0To6+mikR`yv3a
z^lB|{9eq}NJt`qp?-^`Oz_92ki(<rj8_R<AR(^YXhod+vMj@Tp!OA(1Kc*0pAD&%)
z@KsgTA=gUg?ud9XB5iNdgg5N7Vr|I;{`>lpk*$yBU9m5oJb4mmYinyss>p&>0;C4v
z-Ip&nhhgCe!+$mFPz`jXCu&FxAKWj9Rooi_lz&=Nv*4WZW*Q!<Y_0-R&W}%~?tuqA
zL!4Zl+XJsX!+g6x^H86Nx^4GPn>=ndD<`BO4}-7K-QT--D!%<B*QCxIbIN^ZCeNGA
z_cUO2f8XP6JmMFa5A*8iU#cv$RA^@YobeY6K;H=wg<faKs>`e5E`2S|7J5nE-u>-2
z`S!vm72(x|z{n{b02sMmuxo3$&TZRE)$x9i4Jlk;6!#k!(v6}2)dF1mDmXhIdV>A$
z0I3<;O6$Kq@fuYVy6_Vgb(rvdsHP&?&yopi`nQ9J$-v;U_A9j2Wz?)(ui9~)IJTy4
zoCd#(UEkAFm|i#lxh-s;$#5x&l&r;lRn0)s`~8wL1XYB;n(Fs&+Si(^@*BxK9+~k0
z&}r~E-ZRa;rgN4<fI(K(W?66V%qmsxdv}{lDqn6sewPnKt%Ny7CyyQy6*_w6Y#brC
zClwWzlWWJc=wrNEm-TnFP;VAOXd;6T6u}C;OqmZ<0#>TkZrfAwyY_NkN4s$=FpYpw
zUfu1@XAT~&j*bMj8?kPOt%+2bu&<{*uPqhOxj{!g+7f)XchydjGNUB`dYWa=8mQmN
z3gRB*<+G_>{iD!b#bpp9rvZFEOVj$M_0lKL|0?qPvW3NMHWr}%*V)-0-kg(Bv9oU(
zC(qc-)d(QED#&f&=D;6`8<Tex7q&`bVnXyQKSA_9ZDQ!6fL4^%$D$@CyhK34n?;3?
z?dkB|11F?_h=_+{y-6G_baZqyC+CTbAy`21D=R1{eBplfz58QzwH{7^=R4u90eq6x
zp9_;C8nVL67FLT#*H_haRQmSu3%D>0Vq#h=J@#4X*%{XPCQk?^T6W>LcSX+AK=&j~
zSD6De$olnQz*9<!*2Q(jw%MdkEdzmyGJP)&_$K{VtSrY!@AUNC<zNp4QW=;tCRSDq
zBEE9}n<n_jj`pDvEw)Bd<+(FYPp0;9iX>M*t|MAu!p<K**78aQsxF9InZzED$qWp5
z+-y-@=)uC2cV_11>QygB!s`DqK0|{OC~JCoy59+VE4CJhu3!d`=6|^Krf4L>YArk%
z*V59o&R49Hnp!g@+H1Y1NBHkfY}%722I?3L(C~gQCM*rqspO|6qnWcqL@FCIaJeBS
zBWXK$J<Z!OlOER-qIEP`A-uNn%zoay&hF2Dh&db|5Hk}NWPf*AIij8Iem_DcW@gPA
zI4uznof<w0)649U!cRMgh>~)`5?1y7wY0QcL}FxTK`p|g$$n`e?|MIoU=i3zc6If<
zaXO2MPq%(-O^+91QlUJ^_yofjLMgCkT*ngMCxrrB_?(h<tDmMFbG)Qw@;5nIW#2>L
zPxh~($GEu(Nhnse_!suqj$eDcnhGh7#y#fqBqO5)&$0{#hU}s9qdj#Pc6ynSzPGZX
za$KG%;q6!J_0P5}J>6i8N9|68)f-aA5Dj(?j@-@7%|V~D1IyCgE?AsY?s4JPUA36w
z#`V<oDcMK$EXB1Pxqlc`wqW9XJv;l=3y{%FofEp!$ySRlH(SsNoj7HYp#g+&%&d2g
zZ09o~@I3ARJb_j*?P>|;`hj(pk`j?oq`TC2ak6E;`0H27Hya|C&+3?R+KH_$A&g}y
zst7@HdrR;Zl`^cFPl6qmBKFqSC+`<M&{~9`*bI4>oUF@ZZEc+ZY~mB7_@^4pW|)|`
zW8?Xv)Ge4$S_`jkMorw%SP1)d;ugC(*^UL{76FSxMvUUm!?SE@?d+2YbS!IHn)%<>
zP@C~DBn%{i(Li+6yurTya_Ew*73>e42OnQ1Zl;!Si_z|Z?trKaI-}qEVcmp8EyA~M
zA^e5JzkZQ^W<k5N)JJi;I}x}ny4?#KcdrmdFq5XHrYcS@5!xIg!asxZg4xT<%UROr
zH2e5!qTq{GxycA?&IgRgdpc9eJXlA2&ABu}6I~G2%1rvHf9jP5)SAd<=T%c$L+iYT
zgiXUp4EY0z3kGT~NDM#3;CUTyc6Eg`xk23rB#hl?O)zZw8p)CCZ^UBfU~k#^x9KP(
zcs%#M_CB>DHI*qK<9IEd&%!Vb3z|mbK|v1dLriYr0zh>}(uujHKZn4F8M#ChA`P_<
zp_iE3*4pmM%7d@9wW-KRy@iE(-^?-ZE5+u)PnWH9acN<9$H+cD2LQWXlQjXx=9&iF
zsL2l>gxA;Kq?GZNrOZg&9;4<%sUYVH5=3ufG`_kL+Da`eH+b2ORZT03wr@4@;{!rI
zVr?ytfmt!Phb;ZSwKh(RYWhhWL#}zLQGDXt98u+{_s9DzmvnS*&ljKz1OU-~X>oDj
z(f>3BiVy{i{=-L)-cm~WUDiWu=s2---^!{?ukMGw9}^RGry0NF;i3YXxA%>8e9lrJ
z>f_YRKg2#>7v#VV$h3ZaZjdz%7|RNV`elfc;bH_6tY2@o{M(%P;o+E2!e<JnXSy;<
z=?xmo>7FUt)?8d<q<>w$+x9fY$oAII)8_3k|J&P3N(SN%NTs`T;m-1Cp10cA5U><B
z!XK2IZ((8*6B9$eD6yvCHt7Dt$`fRR41oPUhnt(5+||_;UJ8Q8oN`?cTH)qi`}9cx
zqJjE<OhY@ie7ZOy_C`1^mGz8}5cm7&t7%F64>j8wE@WRVS@k*`pEq5Mg5}@8VQ7y_
z<`u!Dud<&Ll)J`Fb_bQ|AVva$)-yh`sRZ_QH6L%^Ef_J7`DCt?GBKI6yW6CdQmp8w
zL(WYn8gkl~JZT(p6CE2y%CMUDU5EYV5>*Nl)57PhRZ`GlzIoiy(J_bltA{_$a4j5Z
z8#ki{uRG?zTEd>qPq;|;Md`wHba<aP(lY10RE<i?cpGTKQ+k8Tf4}laXRD56cYKEh
zGq*S`Xj}KWBpRNKBQjbTjLb_Z;l{wF!2muW)1t3$AZ)rbCZe>WG@m_j>U+!Eg1g=9
zclVaP>W{@G>AioKDnTp!A|*Nq1sBvZLyr=qb4S=!b#rSAaq2iZ<Ms2=1(CLDyprml
z{LR_uRc=oge>0K5HrZtTNLl&4mxo6>Z0}RkM9n9Wj{*$&aq?N2NlVJ!-rf^fr-FfG
z=ylv4nIV>=$ckQN!(iML)|5swdwC@U|HE`z9lN>M@{!L^;GnNqS|aoeE#deuDZXHM
zoG3Z5y_tw*0{u~%+cvf2`VDLbTk^8FtwtvtkS?mS<{{(WOZsZEDlUKgRpD|R!-AQ$
z?(XBnln^x5XV1;Qf1nz~5jE;Qy`&Ob{fUfpx3JJG?=2BGm{l99>;h#nyAS1mr3vl1
zyR=s=TO60eYS+eym>9f#UUC^MJji<eQyF6JiGK$&#CTx$5Prc6OA+TueoFo4!Q5!-
z)Y#W=nw-${kGG42y36E}xhFPOLNjH{eq<`2)zkpx+xclE|H;#_BPuIH*fQn*-@X$%
zx;i(7)tx^~rFm$8RwE*yTcb@nIoHT^wxr~9b%f1BFVPBevB{D2vjvY=oUovvvue}%
z9uFHPf)NI$a#Fnp#HXD<Q_+LZ4w>$R&|NqQ@Xt4zARoaT8%hCz<-AV|gCfplyE}%3
zxevUP$jBljy-0P{Gt6$h;@`jL-akH;d~Ig-PT5gBh>#ir{xgt9C18)28Z#VRy?z*X
zeN}F@s`g!1>*bpEN2;R2V)>)>5iBtmtd7vottC{L^(ts@-_3DPGbPrGJxgk-AdP0H
zy;GAeboF<2t=YQ|RF)^D1)!1upAF#6luGZrh=Nr$HH1BiTt?<;(zjPL%Dy-B^tUKl
zm;OF3%)S3I%eXP5DVOEj$gf5Qv#aZiU3DJATGB_B+(Cqji06wgD7ZVO5Jj#}N<pE5
z8~_9#!gq>YVI8cP`-CoTKDV`A96^B^Jj5z|d9eW$s4DM+P?&VKhO%*VyVwXKBt8sw
z0e)VCF4VdcXm-C7JLMf;n7@%O<@s%P`qOM%c$>qSlgsJ0kTU-R1;m-quOap>F@PXh
zp{;Ke+btLFAaFb6>bIPt;^(!!g*KT4HuZsQ03cX*;GA&91_lN?%F4>#?E25yPw;X&
zyM;Ni{4OWySJ_w{M5LfO*UaTem50q<+s{(;^q)|uKAee+?c@^@%42<Sb5#o3=C1t|
z%D`CxATqjUW;ArBWAKnfk2la0o)!(6&r1hdEqscD;ht-qF%wi|3a*J(tFU8sZ?2Kf
z^TP)uB<h$>Y5}XCb5Qyxv&SkD%7Us$K8h3pi=amRyRxzZu;>oJq8J*!&Y}1Xn-HY>
z=(upWg^l&TeUhI?KjVSM#WbGqyYwf`r%%b4gMtXxwqu}2UAT0A3RIT!^ptnwz5m2S
zwKaZy{x&(G4gO3CU9?U~$otGpY5u(t5c;v0T(}7v)<1-Y%l-JBl!Ac1J!44Y_&I@y
zNKFt4n;KdSjZkcrAqCb)bSUkI&4A<|?t*`J2wNc=8W~1@kF=R7DRpzOKcR{tL;@uZ
z4Fxx2dsqG}V;jBiIjGL^#|Zd2xjEYrBe7=Z7|2#uw7V9j7V&5hY;WnwL!V<@{}RKf
zQPD%1JPS)c*B;_%-utikR4!)4Jpu$^Iteb`C-|UyJHsq!TN8mnTdxotEG{lCJ*aJ2
zV;61EhF>8F%6;fBc!`LKrD^NvM4|+we`F?qJsp<wAAf}gauHIBSO%r`o`fx)DUe1%
zhA4O3oz;=*<`sBA)^)Pe0gkXqb*E56X!twa<$q`Y_4P=TUnqc_Stx)dS(#bG5S{r!
z=*)Ay(&_A*u5w&xMt+5j|5-FrgM)*+6P<x!rp_VIS5-!aNs5=3S3^mOZIvRQ7;WDl
z^4oVD1mvl$t#y|4yX>}$df+v6U+?t{)(fUr36J(>2@r}RGk{)YMs@EOT}JQSyBlx;
zlBH?fTFVzPl!32}jC`o%^?=ir8ZS|3?N8e>W`PuwYxT1^1pO8xOI{m6+QvGJ-xBeo
zr9nX{h-Lnc`0+_wTa&K*MJe#y<g@He^oH|3eisf}KQX&>gpOrbEZtQ@ef{UBy1D{L
z2sNondV02q8QRz|7V_CCG#zJV;!jWc{tNf7+_wT|N54Q%t#dq%p}eIRXYTqn-M#Os
z#l?FNHN=h2+lvc>@`F*$+FF~7w?8W84#Nmjg0Q~#GBt8w6H}iMk9^b8A5RD)xzac8
z%I1GBz*>dew|CIw-J6t{=oAzjtd2(~`u)uABQsVcBBQzjWV{XE`R}LCpMRj*Hri08
zd}uM-eil)6up<2R(Pa_`*3prC=XmLsIo;T3890X}&X00<Kg@%Mpjp|N;jB{KHS{gi
zR*KPdQS7jSgO`CC>l7-$__pvT`qnmP1YBH{(^DTS!Y~GR*`n!TDa{21PwUPQQ(-Pv
zQnLFFV|NF72RizH7xg|LUybY5MENv=<gx;>t9((V?O35HGBWbHDr*8h(sr#&i<7SI
z5jAfBT+{&Vr#j4{cd<;v3C3wG3Lf})^z&ztL)O<f#FOLVN*sT|(f9H`bxcvi9nj*f
z%`}MB9&cgCAfsjry{0zCP&Sfu#%L6C|Cm>u;;UNuQWx-vjQN^I=A3%UA3TDt1W*XI
zc7?;wF-KU6VHH+iELHoTBtq@S$^pwpHMF!U_7F#}g$d%^*D0X3EP(OitoZgVF)($(
zHS89-$=`35ghXVYMCq9rLxEOs-(y@HNC$Sy0hE?HB4WX6`C94m{%&7kZkem#*uk?w
zzbjtrbxnj)73c5(vGNlFxVG+78Epevv$-2KRt$7YO9X9E`sWj|-CP(5?z#s~-6hl0
zzwt-w6gSWBFFjuw`URcB#jyr&y^ZxpuB5#ZFsCEmeMkPq6C$Jl;Bl?{Q(dn>#BhQ*
zrCc~rC89K6o*i}>)O$FRMs<8dmQFTmC~F-fv)$MLUJmW<ze8&@5081rKQdwO-j(TB
zAyihRtV>zo2^Hoxj64;Uvht%8wZbI_7xNA&*UR&i6s+;FqPIua5*I1e-|w?dPnaaW
z!KVCr8rW8u&FJHCP8xN*l_QE{8F_F(_|2LibFR8Y@^fKfswcFuw5X}66-Mu{M7)Q}
z5ben(Kn!K)zdt|dYG^QGj=DX3R!bW8`#0A)w(!0&4})Y#Q=NB%Ojz&hX)_QxW5m!t
zGUdO9W%a=q|C45ocUf4uV>7y9O`FS1eHzpa^{J>pklKb&;dD_lGgE>t>xhe!k%^0|
zjI;ILz#u`-?yPBG5y#k*yZfiTWN45d52jW;TtqWoym&zcGN49}$Xp`%C`8-!REm|A
zm88_TspJX(g8JjfoO3lK+jTBEqSQ>%(EJ~7Ya?1*3a&5aJl+RNqII|nvoJ&SNlL7g
zT~~Xv_l4W?@3Z{_lo+)xVL3VQFv>uuHPh(Ax>s4b3`RW7#Kc@xed3M@BMJ*ku`ovk
zaem;k4L&!6SeU(WQ>)X38(bo788^WoXb%*LxleS7x~#?1Q&D*qLP>ZBK_!tRB;)(2
zL_|c}*QZNyHFxgZ(L`e8W(pK3(lrmN@hmc6nN3YfN}O-qUy3+71iYpJ5}H?gdjZwe
z!X4P2MKDJQL>aOM9>R5ZUTc9mp`+DxbLg>j9~EdJ@P$PdGyz)_6;5<r#89KRS@yx~
zkmIO|=lK!Am`_p?f<>PH(4bQ=A%;;zR6;`9qk<-|y=_cTP;j`;eb;ZM`3suN9ugeE
zMG6Q)(Imvg=l(Yr*FZRZNgzp_uFT~pmkHcDa!H3}3mGcO8+iQpE6NeFkh^MK-d`R)
z!aDw^0K`c_;h{pN7DE04%-hlU@4s@j47WgqA2>UEx0H(%Ia_6}F$MNc)gEuMmC^P;
zhA!MaWfjvOeiCC(PPusmNb+GuWlDUr<nJ2i)x@>6wd`2nSWD?>WeER4+GC`iUtP`r
z;dgbe|G#)47(GqU^yvEwxFC1;7FJZC)xosiLvqXqeu82rryyvd!xf2xuCcKDrLdhr
zZ3u{*s4soSGbKzL+_*sU!WQ82pv15qD+|VB>4}vhBWa7ewS)G5NL@+EL?pGy+503&
zEw{zupKW38-q;mbsW;Z&^iH890WtkmubdfFp>%_YEBqB7ettoymX?-Bj!T^%8od4$
zuAZ37b;fouV`BafX2|Yt<Ir`m-8BN9uOiNMYl>{TzJBld?kqeb0oZ~70M4ta;?n<V
zjHyqjh0qQx8!<vp4}~0`*_Iye^_BY&+W*(yTYqI4bzP$uAt5LsN-3>~fQW$7<t?BH
zNGM%`A|Ro3BOTHLf&x;~-2&2$BHi8HUEjKW-e;We9p@i7KOBZX=umGi_O<ugYt1>=
zTs?)8s*Zvq|5riugB?xzF_-wwku=!Z*@DYxmmB8WrKN;Av#R$_0TY_#Xv8TIBqYJX
z_I!(rcpu)^hy<N$YWBj+?;I%Z#7u??)4t!M5-U`Ld=~HS%5aI?Xm78T{p;7sw~=O+
zJFi0AvAiyB7;?}HI`cIDtr?~U&W!BGl}}sw_kE<L@OEOgMI2q1mwFF2<}Lxn4dsoB
zx?X#G6tRi!@dxKyTrBuwZIOv|0@R|vLq%B)40dRRqBEAieR%&-e7N{azAdN7D+MoL
zR@V-<d8=GR(v6r${e66tvQ!J^rsjTs)t0{=M5o3B5gt48!-o&3M##$cyHn&=id7O*
zWa`{xzC!Z&=ry++13JJT_iKYS-Aa`^Atm9nXud1O0@j6o%$sh(kzwvJ*4DP*_~}4<
zIi{u>s*z7|BD4x0K9Dh!eM28+hr<su=h{v8RY9zTkN=U0yo&r#fIlHCnhNT*ZT?%Y
z^A#0ICT2Y3I^qg~b{9IQE#AFbF@)p1_K=4JyGC(F?y=iMC=3qoh5Y;EWtN&%2y7Ir
z>MS3;OfJqEe_W!}K*{H#FU2tWzCNsDXCrhsiWBC_$av4fOCh1A2Gr<xUfu1NKof}c
zXVzqrFmBA8IpwOb{e=#fsCyWf=l|5$&bGdM;W(3&Qs>Zc(Rz~}UhUxn69n-rE3>7b
zZ0X%izr#x3C62?H4^Wz*1y1(d+{)A=C8fd-%Y9h}w9wZq>PO^8e0k;)o)~vcB!@QB
zEtzO;4j!JO8_&CAtxhskzm&fTsE$k~uAOdh$K9~8k?bnBS<wS1XkcLuCyRvf_Orf|
z>qA8Zlg`e&{O=73DKQz<hb2~R-r{4%#Dth1-k*7)wBhZI%fGkc>({05ZKU{8&f4gs
z^~t(C{dKLt9GihLno1lZuk12DTE%VcHwvVf-@XO!9Pu1~@$zc)Htx^9ApPVCC(9=Z
z;`(!XGf}(*{GOhkR;?;$r~0n0`+;zKs<K^s<>sDO(?hl%8`5|u>%}>I_<TF%NuHAc
znUWHM3{p~}l{5K^-ODB#%+733ws=KHqdm^b4;BV8$X^~E=q#R{W)&Yaw>4K!m-0gG
zUAs3SX1Su;P5$Va0_g(~UOVlt9c=8dICNk!r?axwylpfS1;{2lmfus;Vm{xW2q3hJ
z1_tvJxI{GAAye*j9z=T6jRE#b-gG{5rd>%-TEcG0*i(^^bY>(aq4I%Pd&r?73KW4o
z5fwJSyO<S9yc%lHpTL8-M{$XzbZ$)cvMMPnGXeuWe|owJ0vEKl9(3|bl2`B8ywc0F
zUeg!}417aQ<CmWPrPA=qn@p`s$$P6TvQk-X;PJQJ7O7%40f^G7+Ik!i0|2I0lsZuh
z;Sza$@V<Oqb6X6B&A+?k`3IBgT8s2zobcpCG><LWjo)MBJ#c;6$i)isZ5^*y8Gx#V
z&L@rzmflU0n}>&ByvoI;`tRS32LTd#oKep_XodV_3Jm(y{T>zGB~?)PQuN{G-eZ)g
zLF?ye4qvuwrjn9%wiBY?MoNN~e8eYzcc-Ac$ZmlDXijlPSW+h2n{0JlZ;Scw;2zL`
zpQfzv+|_}cL)>^pW$$ayc?ux%sD_5k2hjYn{GdsQ?jNLfs9TbJQ^Cl^<tjNjhmD1W
zfYtn;7-D>U{H;D%cnWmzZ8|wUHPa|HpZpH6HU`2}>EI1d$#}9Le=lmLqrUHHnWjMI
z$+lc+EdPbwk60Kzj++8t67j6C=>75*G~6jLt}ZKQ-sAkZ+8!l!x^)4egG%TLSkzu5
z@(%RHw{urnwtjm%y|s<ArExALF648FSkOnTP54iNIqI4(dNVHu_w29d4R?`-cwhdg
zI&38?Exj!B^l57>fCElRP>d5_2mV!TqXzicg0Rrgz2&7P;RFz7Kn@3YtJ^e~mq|ZO
z;HMFbA3xf44~wIH>0m2bq{xhj!g!HyCMJ2+)d)0ovB=)004`?Wm7e?IbmJsQ%pq})
z36%fwW5D@L5F!<9;LxehwX=f()D)>XL@#)Xw4G(4IQbkI@xgI4-Ouk$9&QpKXOTfS
z>S$P5(PDcf7(~X~K%kVv^~IO}Erc$b2pw-}J-xlPh3&RxI6-PmirDV2P(Jt)&2WqN
zOQlxS+ZZosSX%ca$W<xu5)!#}xNUI4X+qVfu9k3*BWTLwL|#)Be_!US4*xrfDYG&C
zlAas)tl5gaJgO~!Q#IeYqi{o!ZmS?axIy=kTc{gm(l3{wkJkx>UKsUX4uAdn`h043
zI_VKKWUi{O<mZa+<mu`3{(3@lU%%NO+_)YR5D;v^S&K%ubYjO*Qc@;E`DFjr*tiPY
z=$0fcB!Ss52W{mOVfr))87axt25weX+sBV}-OBhVilhT#N2-XrC+j9>C;lcxtj3I#
z5Oo(85?icYcUXKDgn^YiH^8Y<UMdQZso#~0IQ}iD?*&}f13pc>d*dagJ&x0HIKQcf
z#>bqRgK<PMdVUE(KPulJ#&!o$h`=Ov3&bN?Ss|*&dn!+#rq2K*!wdrd+7@*px3{rS
zB@<(Qm~9Q;j*X4QKnwpxe`oqwb*D_fM4@X^zdT$@FRxb<sq%=?gF%UJ!j~A?*)<3W
zlX!KzQ89d2dhG1q_{|Z(&Jg4U4-eb!PJOF8Zs+4i?o%FaR(+#4@FO`2#@)ui;q|P<
ztV(b`t|_R~xS808=bknQnCQ2cm6goPu%#&of;n=u&~O~_{QUmu_*LVX<`6kWMMa_Z
z_I4=_W4E`B{~onar^c;A`<LVU_3o4o5#+gok_VQ0akbvA5%g6l+z9%v(gYLpKp^*y
z&k|45sQh|(ctov3)8%%MKoxisvB);Zc&L}?WG7;Eu&Y1U&>%#Bl4ul^lzeybqFZCG
zE?mDAkgC3aC|EI;2L@gB-*`9Mw$Bca&33vw4`&TR$A5XwgASG7k>aYx-5Sy#m`V8+
z*U23nC(3L&^A!{jq^ql|0SZ*f#Ds+AE7bo1+KDl5(bLyd*sN>iy1Un@%FA~?MSQC4
zuP*<PldLT=R%&AOaGmoZ8L-%6yC%RduBA$efNJ-n)wOFXrmx)EdzAdHoDBiko(q0F
z@3cyTE8CxIJiXX$Vlqi_4QCbqifCfzZCMsuLt2rkr=kd=voO=5l5fMYGyfY40SMr5
z(asZEEY5fEs|*cKH{v3%U7gG<7Z?FiZlrP!(nEIjTRLfim<Mf~P~D%wg7@sV7mm;9
z`o3`Loyk6VGAIB^nPvJmWEIrtq|7f<wcys~>Tt;#@QBiwt|#BFmktk3=47eMD=49?
z1l?W%NHPr|$yu}1vy!}zsinNg#Hc@c?%!U|f-LqsMv+|j{y+>4M19rsji(P4c0`bS
zAd}WH^t~}T`IqM*c{=l|Tkz%~7oaH!QhMbY4g#?w2ug?V`x}#J_e<!_NdR!^=7kF)
z6^;ERW@0Jb=LM4Jv<>tD<}o}3Hnp__UkiA=_MQCb|EmSKRG03K%lAix9oqr=salEW
z7V&dlw*`l3DH=4lwqEn{@VNfdd{Ue&c@ocUf)9O?Jz=s!daR(`R0*6Af6yCHA*Nat
zK32DG*$%cx3=^Nwvw&@ty824FEeU@Za{(^p*iT2wMm4pK;i|YLA7Ghl_FlK$Gw8Wp
zadd2k@F<o^Qc%@$vJonRC`;cYC8sX|8WVJ5V+VN5z!~+5yq1ESM_Xj4Q#GRUZusT;
zrN6;X!VsiP#PF$naLlFT%Qvc13nuwzPaSO8HT~$6mC5?<jw`(#zDA&-nb*^O<xUZM
zEZ=70O%>3ct+;uOkBK-Fl5=s52s%Un9;>Z=J_*?MegLh=S^rl(Jh!(I=p!XwJvewc
zINcPqUu-rmjD_TPcTYkZEPHau+*+p6CR3<!XLVR_He1s?jjK5~KOZge<Z&lVOuP{5
z+oE3!MJojnl?RAuR%Cjepb3ZNHr^cdLvgLgk0;7J#7ZN{O=E=!Kz9g|$tezPiN~sx
zb9}rf^KHN2w0-YfY?e9SyqM^g$(Cxph>6^0y(=*QBP>huYn!0Q83C@*9zdk+#qPgd
z-P3mrfcgakCI|eNR<CcqlKoa)oTeBeFF+Bh-75Xm9HNadt1^QKD**z!$zT@%58UBu
z_Mct;jqmoIY*Aa1SX^92CTr#Q*N5IFCMMpvI5>fN_oH?ez|wnVOo+|K>M_*p>5Qb}
z-z8V+>TvV&cxM-V+dqE>O$DoRf?|oOImpu=T3P*?=UrX)R}>b$ozuNmBpoMwPqpYG
z^lHx^pL&k&zg8CgJ^WojS9c*h4Ih%C^KDgNmZYSf<VDhe#BSwX;bPZ?pjWTVYnpH`
z3=Xci^uY`NGB}(FSzbV^DqK|Gf85+jA?F~jFeZ0sjw}7Fl$hP(Te7){XZb-~O!o3W
zG5amKSjY9AG(~;J>tcnN=z~c=Jv+Nw-PkzS3p@mSK|w)y*DuG9?#VYlWoGIAv}Bnz
zF2bL@=XhdE*w@=I3o=*{M~a(|A4{F>;QOb@Hhd3Zgsysm{H-m)s&xQnC#PpTKoPRX
z86J3pbF}Z;sgXL~6<0XTJ)pLokL1|gJhXuO+C!E4!O6~cXny`}7PgZ~5!U8EjpdR-
z=8U|6qDhEhc(q09y<N?(XiQIM7p<+V+_ZVecFf)f3M)u-9~_~Tno1t#W@dt^-Od{F
z@|+Kun3&8L{>HOg9NiKlJ{N;IC>9C)*kZ&Y56s2{E1R2}$06swg!J_EqUjfF|CeqE
z8W#J;XO1X?@vGIUs|bi9Sqk3hdL}Y1?EJ_ncG}yZ-^<k2&cTW-tPli;fV#gdinbqu
z=9qvquW;GIcHh}`DXmKWSzORF_ayAOnhGA3J4R%)lvGRW*@k`j{O>wCEG!BYwX^v+
zySrMSIykg3Qw?SBb^Rp<mDTBDQ7O9CfRba-h2s_rSdU!OMH6Z+vf88N-im+z+|Fj#
zf)1Frfq{cP-z&_fTRRfiVt7IjVmyM&t(GJ5Jv|#L+}to#zrRVVZ-+5sr8;66$6b;q
zYOPH{cpDqlVZ$Zp_J*X~x2N_Le`1DHjc+*}Ake=CEpYm@SHgnPfb_k__D`cR89Xgd
z<h;v^c>K1v{uWD<zr({jSp3=&Fx`|0=<lgykk{{QO_9pEIE(pLa7|F`yT>szD=O-z
z{78Vt&i0kn_`VdmFc(4~OL&*p0s)cD4Kjpr%Bsu#=jKr=il51@F|^lV;pd&3E<cx-
zZxOax)A$|{(HErdLW13y5MsuGO+O<ML=zM9`E#M1vhuze@-L|ztD+5j`BF*_omA4J
zoOzpbld#7?v9p&dZ+nflW3vdxhv$uTkrFV=ydtL^e<-kyN9280VV9MEkb0Z74n%bF
z-;@i~ZbJd@(sbrnwX^?F;n6MGlUb`OvzO<TH?CaC1W(1523-G^`c;ehT#G-~p(M@v
zju7DDLRK<kx4Ajh$IkmT8mcAGPjWweShaU{dR!&7DMp+{4oQ1L6dn;#5cuZ{+`4)5
z#YJR2R=B}lQL*03Be&n=3iflZX7l~Q0+8o!tkc!)SZ0Fsf|ZIwUj-^;P?6L*&PWNC
zxzMH>`uovOH|Y%z7TnV+BZY$A?I<2EM)B@lDZBGuV|mc>e7dvUo_+`Vy}twbeZKXx
z_r;6dp_RUyP(Jfrz52J*c3SnNfZZ>xh$W*FP?rJjlTeX_jeHl<#Vp3Yz@tL<K7*Ho
zh`HFbp)-Jb&_P}4#fz#@a15x*$ywKo9s5M*^Tr!MzRph+|H(st643}A+(ck1`{b7l
zR_nW}wXwW1#E580cf6UA-)Tt5y=<=L4U<*6N0Bcw&fvFy<6LT`qzRzIu;xU#$F!Lk
zgzN4Nd#lfl`ei3XF6(ZcZR!bDT3-T2$A5G*Z?2gHlFxjBC#O<YRy;Thi#!8@2|s^Q
z?Zj1JpeqySH@BMjsw$iVx&>^`<_|K!XaQ)Ye^N_yk}}7~FRmu`aoX5os--u>98eOu
zoL=t2gzm+5XfkYq-lIM=$g1CZM~pa$;F=h>q;igykjqrPFEjN+Q*Krc4ssXgbKw=4
zXStwe`4r6`zGUk`9P&A$@twLlMf*43@6a&I!A}L^sE3IO<{Wn~&q+s!zSN>=5)y=_
zvsU4pM;)=}#_MCicASg2igYY~_RG8<dC#O!_W@PaVKgPzxb6e4QI9v7EnX`T%PVa&
zLk+J{Yb6?tWn{igGYSf1Pn2UmJh7~@5v~$R-<~Zum*t<gv=csy?%<n0b^iT8phIh&
zfX(@g(rkYvt!9Zwk{Fvwvnnu9$i6x5g%v-};9$J^_%FnDGK^Vy*d&$eQE<z~AMg~B
zo(~HT7kcQr@W9xM?Ixzr`ciLitWJ1%2u6s?r?ZzY5748u7ZzCre=vNY6=@VECkMS!
zhzQ7O>;Rse@6FR|a#M@><g>(sL!4l5RO^A?k|-HueZ12xC)v>07(F{b_v-gIzEV;$
z4_}uv-#H11=({0H!TmDN?wJhUCoCwavsPBFe=LzuSV#tpy7QcqSC-l&wWQ=1m%TyO
z8|!Lu$@TRU6RqLI{tXAOPwkPbC7;JZF$D?uX0p5cNo8Ch)$Yi9{qSQEGCuzDii(pm
z>D--5gmjfo>hVKn(165w=VGEk$61rHknkzl4Tl|30WL1jMg<AzKG-WO{hoBc-pJ4}
ze0X>mx3siWBWt(CCv{8@p-*qJw6b~~c~^62dTy@oHE24=KZl1KYJ-()2_wS<jM+Mq
zYf%qLo8)phcj5(2ls^W>K;?&<G(VCtQcEq@mRrI$JNvao_WjKtMTSNBG8*?YROCzd
zET*kB+0oKA>)%(Ai#r>UZ8#4VvSQkj9zRaFEY<zP*701}qxF=RBYM4gsOW8HF}v`|
zl)p>GSjA%k?wpY;O6vKvLbYQJ{_nTb{K-KO97jV;oSUHuGKM04N)jH55iIc@gqM%6
zp|PQ%tnzT~YZ?-KdcdjSaz<%9|L3tTO{7M*h!eLy-WxmHW|z|jB9ZTLo{tkR(KcMT
zpd$48Vr?L8B<&JiIw4x8U1~dn$G^Mqu{eewcEEj%q>~FNI+S3ZdXIx>vp>7i{1d^i
zU$(aUcfFo{`5xgC7<qb<`*%o<M!2xBur)<C#-5v>-=3=um!uL83r`+P_uV^<Ym}5_
zCQChOl11=OFeX+)7|rtwQ9HA3(RYKE5>lL_@0upHWu-GoN>1y}=Jhdz;K}Ul%<QkA
zuyGhf1gPUw)b8-S=_RS);MXeg%giL4n)mR^K0hLN^^?YmV`dkoaR!sYS!y$-;nP$Z
zRU(?|x=xaEa(3}2?>Uj`o*r%<e*Pg7NZLZ~#C-Fi!iHUo^9KD#AS>FS*?<PAPITDM
z{ab^f9(gz1MU^hWAe`*QN%h%p)6tFLA2PPvr~9)QOfcr|w|b%IzMRMlqi4wxI+fqC
zx<Ic_QDhp>%w;fRCA{jaK-ve529Ps2>YC-`6Fj{jR((NRn>UEcvozzXx&RaDlc=z;
zFf%2fCqVEK8c7Ifl`Dovs@Q!V9`>JB%Y8Tk0_CD$6>$X{gV}n$5eyXS$4lcEw|tha
z7sLv2TK%Rv$=Ai=w_Lp_cFSFgO=4<yIk>T*_pRBd1Pl~0cC&u|yfv6nJDi`P=Y@<V
zOUv)|<W*6orEPq9aLG<p)pq%GzjJ&1{AIet<JUh@^nTB@41g_me(UsC0js6Yq~zrD
z{BZA{#fzh!>LT<;)qR<&7A(*mWu~V$-GrEP+`Qo8e9XR=r4<0UxJ;zv4iRX(r-v51
zjpCGZRJkff3sM}zN}k<vS7DRzDS24`it{LtB7Wz~i}Qd=HrHk{mGoZ7Ns(#*kMr!e
z^uIw{g8E$h$MQ;{5BIrrb@V;(3CQnQsm3#4i&d9l;pV>Gd0Q{}7y~IRDv~}2UI`0g
z^eF79b`dEbDZ>DZ5_);YF6bK{sjo*7!QyqCoSYoB>faCP0HqbL&1J=F?Bd=f<9(LC
zs8VWbK>5xk#Pyjz4Hwqny5krY(!^I>=L6Zq>Yp1G<5ePr>O~6ngpb`WY$!dq6T?kP
zEaTHM8>b0MQebMTr{lXNaTZ-1c=?xwb)zx6`W?+_f5FhFdDA&n!CO5VAXAbBYH6gu
z!p;JRh#{TRTGWRMpMxWZ4!S9<aBy(Skl^do{)5HEyf84yqg6e}w`X<p^mu^NML1%3
zn2|pJ)p`DzagJeWy5D6fqjzljv$G2Zy7GyfMg>?5*Zet6$0}Sty@n-9qoFCX*G-}e
zn{1C2QW1RfNzf6Pq|a<BxjN&sZIL#dj>MfAuW&t5Nho>Eb>0{mEwz#`N)Un**t-re
zzw2BJXC<Mz{)vTvJVD0$GQ?)8kkkpCl`jw1ql7LYf6Zo^sRAO84>)UOzlqw5V-kM)
zbg#PcheQm)cLrBP)L2o`)AW9h^`~?pI*vhs1Swo><XO3ud!je)<s4Oa=&G|^?Z%A@
zpj4c$YFZMMdQua3xE)t^kgHx|YJ-V|wGZ;!ZRV>eB~}Vpp!hm(qT}O(1C(sk{nyWQ
zb>p=(^r3ZKy>4xPoO7U2qI*`J5#7NZvps*#==e;f5O0pBRCK!{h{*9}miVFKv?i}5
z-Z+P<+uceBR-xGElr+NGy8BqRcU&v<wY~1AytY~yyHRC2@O(NtR^9!X*Z0x#$r9(v
zidbL-$OHrgXf4gnrBZkCeN*M9N!b!4T5D?=gm`#*vkW?7IT7^q=-*(r*%>4<wOQv4
z;fktMQi0_utDIu`(Ub{Hq2Rel>kxU@v*hbA*CbZzfsK9B$zgMPO;yMJC_;XF`-Rhs
zHb%Fp*wXpwqJLs<X}x05s5-tZ*`FQWKLU5=07yC?dJ!=wT!5G)@r)sa?)L5GrqR(+
zX-UZxY$V&;tJZKv3Ov1^!8%~kXS@jt(am^?z9Dcx5Ff-Esj&-|naNGUzYMS3rQzEe
z>EABMHwU^lx#_C@eaq!xa{J%WET@Ba{IpOiyUA6Br4-6oSjK{J`CyPioNL7z5kT#|
z<Kg!$J|jcD5EKwM;K$zW0|UEIRt5!p9AXBy%1S55HS>+(RwPB}L>`hGgT`%Z-1(8|
z%ZMLsiS|n&N`6^@L24iG)}1CL8EAEz43V8f$)tUHz?ksoo0#IGM?25A5~>!q=ik3-
zyN0-;)T!N}JG8Umf(s}!&-(hd7_D;Rgfe!-2w>4<c6P&$+C>_l=VMJBF6RvJxtxjc
z^Q8w{&tHykI%Yq4X!`klY-g#LRqamrPv`wn8<sm9u0B+diZEaz3(L!GcQt<&I;@S9
zjgk5$5h8cv_&vuZ15vi-xn3EGM@&$|<0@xXPjTuI+s!>|C|FrB8h4l;;Y0TWXxDj(
zC1ho7Tz8|Z&iTNBx*{a>OzqcoZMoP_`+!yJF8Aevx8}1CHr^0<*QT4ct`w8Kup(;C
zcs@gxd6LO?eR~HRA)A|xkBX-+{Cwc_{O6A@g#)tzq<?dIlP;OTU}16bD(Iw5g`AFd
z=zYB+K9a~!*COJm4)YHm{3@YdD^E)^yo2Z)ys5Ps;?6wYmV-|-{3)1T2XnefO7(EB
zsi-s7538SD(2$fPGWp$}e)=pmhXchB(nWr%DdKQ#adY$S(U9?%pKmUWE%q+ct}hOy
z1XW}xT=gKk*{pxj<f047V}3d?@rdZZMe4uVD<@Lf^^N1hejhs<rNA|e;bJjjY(z9p
z*eQFw+@|AqU*F60d|zLmGh8e@lG8_R5$w{SS1*={6+HYB5%H1_!KM`^WR{jjX_qA|
zZlwm2=-=1a+pepXPc(1uz5+V+t$s+$Hck^B_pT*3Ka*=(&AkUV1hd+&O|PkKd`!$c
zky?W=Di->vh4(8TH3oT0F^Mag=PI=2Lh#FR%s6OU+iz}ZM~Tm_PMM6^6I6l6O^32J
zJajJ$J4;Pxk#XLMH*GL|Rx>4ZBm5qRoc;%>+^%QCf%egI!|?ElHQt<R=&!A<eOYYS
zJx7lS{<I+?V3w^fh9N5o8ky*)9soaHYYw%Yc0)xqQhc0&feAS?Gl*d+Lmi$+N8-fT
z$q(bu>8F~bAUZEv!@{Z9sD#DeFdhE|4_9AVkMf*P4Zo?vQHG0RB84p!pnLi97oh3J
z9M>zAqjUIMIy+UMPgvH@4%XKP#SjlVZxRrBv`K!Vc%Re9%*3F8zzSDB2d13>+CKV&
zZV2pshB=n_Zm!ei*1A86c%~8)c{FJZzwGRpXl(Ag%tcv;-TG2#OwQ(fc;V>xSLNff
ztu6&veD{wbBtQ4pb2c2^=qBnT*ol2n6q5_7e+~GfzG5L;pLw6h7f0#{Nj*7iB9#DV
z*U~s4e<&;ak4P%Ob(D8!e_Vynko5lgiy1;JEcXg%^nWM#Va7*0OI8Av!~};-!N=RX
zsR3ZHUU09GL+GHH$7N_xcRZSBtLUufK=7$t<hfOO$+*P!HFmnrKIg^I^kst%hW(Z+
zC(CUd;X{@&#FV~;F#EdZyVyOaeN9i{?zyZI1OW%diyey8H-giV4{v+#p!Z|RT}}Js
zO|o$K51xq<^tS6-cKy=@9m3_I(a}F&0g^-1qkv7)NpR1VIHb1y_iqbmn(KEwoQ))h
z6G0c&GEtz5HTQ|qz30FdG8HPFt~|ze;RD1PYLZ3ulG^HKsrU}f)Dg$CkkGFk8NcdX
z_>DeK@w~(d7KfsUF068kCOAFOn}dcAQ|y*QvcO|9dAJU+*47|p_H*PLG0v%sn4X?4
z_|w$HESem4g@olJY`D+GK<@s(ul#(gjIMq5=cj!`J!FA2GzT0095dPj8EfOVvCwjh
z9(^%(xbdiBEIUSFyFshWtzWGeg?pi#7SRD+sO8Si=VjN=k^Q##FAd*wK6n;)`8<Gn
zwqqzds%FKV$cQ_ZVXC$+?{6c{{AHTYHbP#PZ%{>thUObhRDX=R^A&7Dap0~^mB6`t
z{Yw<AT|RpMi8eeDC<iH51^$%{I-VEZvmsu17b}=|%o}Q?X<5q-1tC-#zJI?UtWz!h
z=udao+Q>(gx_a8><_xwP{yaObS9djn&wqBHadT_-!mr$EowghbpW}j@+9GQ7hPY?+
zU(OIRGA6RQxVQvCf)@MlOd4UJ_jxFzWZ;3xVE*fZ*jO#-uK8tssXHr^xYVWUhjb!;
zD%dE4Elej=KNbBsaSCyjH)t-45tIGmtb`H-H-f|acz-;Rj#=_Q&+_!=dzfTxf4ql|
zdJ-M6S)sGauyfoB0s;j8`l1+g>wQS*pFDYzA#${k$Xp~$Pa@Ag8J>dLX=P($>#90C
zGA`*5IUm^?Dl%TbMt<#8cdaKL!NuAjf@{^KFIZ(FrIvQw)=>J-iMI+0HV<vaS)8^M
zS7zJLadt~FD;A1w4;Zb-NJG=?v^BmyxwPbJX}hmk(OW6tH8lK4T{1;NuR=;!i{>(P
zDz!BQwZ%b&H?;`}5$I=@UYv$+qfk~*DUtME^hLQr^X>JK()ZIvB4-D6KY>zb2HSDj
zYu65(_ulOsZ%Lychpxhwqz}pppZZrjr$@%g-oI{K!zmyVw$;5S6%^!M@|Bu2N84rY
z@Ho!V4N8Aj!TyZvb;kj2O<4V?ox|;cN^|-xiw_6_?TBw)zqYal7n=DO4_IJXpaf1(
z<9R<-Uk@ez&&$_&|L%b!d<^{ST>HIu9v3c5dW)QUe2kC(A<cBDEbg;Med=v=ve$U)
z)>EfFc{Qqh8e!DBZe6-lB`5*Ts2@y>)VK!=SrLo-7n|t9ZN9L#+4S`He!|zk{#)Dh
zcy6t7MfPgW)(<L1N8hjZupAbEoJ0tuWq<#ej{cmjoJfSVxxDX6ET7fg-yf;@%h7J1
z*5%~AC_~6+jOt`?+7$l4lpQOSvA8AG5L+T92*x9>TVFdc=$6GAcCTj100p21HUG82
zp{dN05<$nehQ@l$2b&N$BfBQCY|ltDH(U|6+~P(OBBJD`%rr=YdDYe1>bxQL4h{}p
zfO<Mh?|?4h$ma$`zNp3SlyNE%XUE#A^V9V_Xp3G2dxy!X1s}PpL!4=Y_UFrT!B2!d
z=GkiQz)*_t>88!0<(&T8#QMsy8$Icda1RR{z}v>!;*q%i4A=VVNcqD|=i}9={X5Gp
zkviyd4D8!q<p8grd{-_rZG>4acf9v%zq|Wv$1|u>uM64tw6(Wqiq2jjCP_nYnKY&U
zUdex=c{1ifGUOc*8EJgs_=sVy_3BBX4h9G>vKC37Tw;)o5r;i^q^{oo*6i_`B1Tf_
zcjWBr1A53NoQHXlioX1t5>UDl;asv$R=XhPN{0vFOK^)m-dH(#(?b*SC!pyRm1d|p
zzeKt9)S{xjw_0??;=R~=XXl1*YHG8<@(@|t*bpf$)}v5H)sWK|<ykIv;o;(X59ro;
zIYB{s`jT>S(L9!yL>oeKXVnSjjjJOeqD#zp;zcPso-a*>&r@;GuMQ|@ZnI8I&iMF^
z(_^#47;=QJud5cJriPk2=+@B@Pj=<g-q+Flq*o@-PWPeuZPDg>0D^{0Roepf66M$w
ze!i%vfpW`5u6>_E<NmeSs;a6;$g4u0-nz-4z_o@!&rq~Dkf$dGvZf<w8jri?i@GmH
zJOSh0->9iG3iGQ$DD+EeXkz5Mg|oi5h?UrvWy~!h`{ou@sCjy06$Z7EO*BIHoQ5Ab
zPA{miPGTXgtmSve9i3(;A2D5<R#aDS2j`4=B9Y8+yEEm1&1v)E;s|e$CueQ7gfY|l
z`}z*nZ-}8T;S12AlB_|oL=eMmsIb!<!q_Baw^e`pKR4>+S6XM+-XM`XP9oU7CNI8r
z9QWyL+l8k*!bP~bxa<2Be|+E1)qOhZcXr=!b90~seqQu_pu4j&xbU~gIP3RzVWu}x
zo<S!=z1OLY)eG;-H<ExoE{C1;ROvnoNeIs7`4%dPWNvPb52B-S<0ne4g@es$+7@*2
z>~+Zp55K0T!GF^$D(Z)H5|uswWi&u9NQXdzzG>YN%R^IOMC1dB@Hi;A;5o&|t0%6q
zp60+%qi+KhlwuBh&HLd}g+-kDwb+FD1&XS-e*v&`Ia}pp*VL3B-_6kbl9Ek&+jGCm
z<3k}?TS6eW=t><ew}I^Q2)@O1)9~!v+ym*rfChkD2cE_FO-?ro?cc>or_IK}Nl5*`
zxQofk>iEE#4N9Sm9bPCM0G+8ukw;Ql0eE0*ngXl_F)Oo-xSC_di7GSL!2gNfeadWD
z**tx`pJzNNUN4Dijsq1q=S?~~9WyvdgS&JII05Gd%nSk4+;5*tK;i5sCw$0+iNK7x
zT;szJ?Q!=oh>{c_nRse{<bUSbI;)HXM}~Vs@aN5SEbG#Hz;)jZrC#3H_WciZM@={#
zr#r1qbtZ0Y#P?@XzI)T|n&|EQwAPyrk9U3A{c)lM%mgSdwq9HrEFh9Vp;mMt)PTFO
zhtJX{C=QQ+9XIs<cSF`|m3u8lMDWh8W-WF}iOG#)g;G)b_Y4fURLqZj!~(tdcZF#x
z3hHV2z}xKdXUBHX_l7Q&IHr%ZRf%XZk+Jo0+5!;oHjO(fW*k3F7knyR*Ba;S2De4)
zQ)vvutm@QSL0sHzxIK!?tnbJJ0xuc*Qet`e@}*%~TAC^BlZP1J!QzuTCMIttC2oU>
z@ev#p()6F;X&xlOY_V;iMKF+m0a}zU1_4TeEq1Fek;<|@(B2+|GDNFmb}2*s4wq;?
zJ%Ooux{C@Gdq>MpgU;`}J@YC6uguMbPN`qcH$)%z>z$n(9@o{@RzyEE(|WlaMoQAF
zOGt-OnwMfC#m2>@wS516Fe@=p5fcd^zdNxX!U%mR+TF9AZ9XWpLm>nviee+r958h&
zEHdUa=%Ata`UOcXojtabPDs~-2SWh7%vMO2G8=D9)@#xk`Eltd5ykUWhoP$N%VVbt
zjLD5Jdg{t;@*Jm72bmhaTls$9pwQ?)fLc9L+xc*|7#&E`r_mYJpAUc@NG%B-f*kMa
z&J&cFlB}%t>PVRd12Qu|qqCc-s<L^!4n_rCmUc=ptv6LBF))D4M8&}b`qC}Bk9|LW
z<Z4$?4Do}Fn6zY|V1fSfW0<;tfdFFnG~5D465`#b{Pm3+pVY)8S@`&l{(VYW=$MAb
zo?6RNN01vgVnT09N38s^-JGIva&n3q@}p-+*F!&=?0;{}e)R5o$`pDZDJ7%8V<sR#
zeM4WE3w-IO!s}d)2V5P)Hfw~-i`^JX->}0iALVtw$-tBfB_)69g^NwM*m$YX;n-w{
zN>F98qcZ*Y$rJOh_b?;{1!p3utk=g*!9~PI)8%L}1-s~~I7&&96E5q@dmy9#3N7p(
z*8j%4lOg%gPY0*n_Rm-E+EzWSC)?O!qGMsqQvN}b{Vt~&Lti`2cV{Efs0K2z)Dm_v
zK%Gan-IKufbHrZPzKE1;WBiK@1ksj@N(hyiJ(qr|6<EDGoVPM;76PCEBC4!h^0vY6
zs=y<0akSbje;Ghk2qx*0YQ^tVKb#)zW`Ra=tGlb~4z4Sg_hsFm$u~`ft^BzSU-ssw
zlaD%{)fmKKAPH{nSE&lJqM{rbkJ|PEN2H(CFR>`1Pxl{MXCE}W^zwie@~fu&_tWO@
zPVJlZukr!M5X-5M)?<aHK+rHmDh+_93HAn%+LGw%>aqglbxMrf@9NH*@TScjZMbkV
z{NdBEH<hsW7y3%pEwmrz5Ym+e(Xv|RhePQbDeQzGfTuqX4pUq`?wX#?vtLr05w^o*
zH!=D2g}(@=mo*zkIX68t^J+WTERFk&jr{HIX4L?rioNgO>1ciZOrJ9|q<5g-zt$4m
zaWx>O=?BYP9LR&C=<qi7w`$p_shMu)$+;>eLLn`dnY=sFKfciQ_!pscrxV=^&9Kl~
zaa%rtw)L*m&=1?U`gr*ns<vD)shOE!8>~iu&I#@rP+^0%2467aRI(Pb-(Pc@9;<XP
z)oc7DzgBveAwj|e9l&_x<T?m|4N!w7+Rqmd!zWJ;wujB~#_JwAudt*kTS394Cu~lK
zG(3!`8ZOBZd|t0nipELax3&=&?5)&zEq3R<nnKMO7+@igwXiBZlKC7SG4&;dd1Q5U
zwh8kg1V<f+*<V4>xp*8JbcKY+9vvmtVT=!}01J!Z?%()Fj~+9GJlE0+1ViQNpgcW#
znThyEOK)`anX1;OAE!s?vJ7F6Kz;n+eZooqepslv<*M2Nv^9Q#5!()O_7JN=x_|V3
z--?v>^{s(0jz(ax#atl{9qlgLu(PxO9tE^e^CpBSo_p}kdvsPt%lCIaV&V2ZH11;~
zLPEjyD-*yF%i#xyq?8KmkJon**N6NzUZ&kYN+ZAcfNz|q@HU8k4;)8IjkK@$qR`aa
zr>`RCo^4e|34qplgGBlw^eO*Pp853Vcl0cD5*klKavs>bq>n;fx(*?l=Qa#vZw-E$
z%qk3x7sd$8j>XKGZR0#YUf&e``1?<iFhd^2jh~hu>B8s%!Jh1J+MNzM=&Hf^Df6{8
z&g%ZdrkNKR8&KHv+Q<0H%c}_5bGuouN7x7nAFmYLOH=y!Y9Lpa$jC{YAps|_$%0tk
zeP({%<{cz-usSl-no3GZ)YK#&DS<caYr#J+&PT_(mO}N1^_rD_N#G!LSVwgAYy>)n
zHhsgd#)9%n)5*y*!jUBd?&l^!A(9Uht`!B{6?WU-veZk~XwWxrmYfu-M=BRf9Caxo
zARs^qpuXs@U&k?B6WlQ0Y2+f(&PVui_YY3xuig>BzF0NBGirlz`xnuSA;6vSCMmLa
z@M&!r7;<6o%D3G;_)&0(XdD;UM$0oOgnfLpE}>WLEvYYdO-&81hK7dqGN9*(=!_@9
zfzynX2CuV5_biY7kI|nPsRJWf?Pnw}Sb$7%R#vu!({PMtnB(Jh`yh4fUjxqIdEG1t
z2@f9n{om&0<z-@GW-kA={YStT362YMuQK>kf03Da=H(c*Sdl0(a+9A9(iB&~5^uM+
z)w$2;&ltR({G0xw)M?i5qJO5=N;oT|i;bR-yk|6nChNT8<YZ;FMnSpUWW?d)llpOr
zhM2*KduMm|wQ{z`V3B@HsOj3;ns#J(_>;Ra&=2l|_bmD$kq|E7UrXPBP{aQ0X8R3<
zx%i#fNN)ys8@ffH-2PNLWV}8DlIkE^%~RUhdCLHhoS;hhf`T+WD}uqthl&Kqi`332
zAqVSrcqt<S(CveRsKT&;s6@uTj<_I@@5n?dud@{3VjryE&ooYvYcu0Cdu^n)Z1sZq
z7B|@+Ky^3hNqzMrA|h&heSK*NX;G;38mJ2b6wozGwszI823US=wrgz&U2_v|H#_@#
zE<srMUUi<qrp-66k+fGwYvl)3^pA`(l8mm-%)J6+ePCjSsY<Bwbz4NxpID*eedwF$
zNVEI^K_?J`4iyhMd1MBxi)truX@p3#lw1?0gTsos)nmi=c|Y1R;y$mqR&<te0V@T+
zgo}zAdcez~v+t$+`|5yTVqSICNw|Ly1PC~4Fo{SLuvyDohTxXndg~Sg0|GQF3Y&|o
zzzrx^2ia)u#p%=IeIhb!v6&JJW(JsN*7Ml^@1~2hxLlDm;Ioxpgkmnn#?VFg`1Llt
zW?g9YWpH<!=|DT5{_XF#Q3gzXOX&e835k$9)RzfQm-}<7%z-EEm5`87MS>%~_>@^&
zZ)lZYgJz)UyE$Xev(M#g);dI9Pzl2a<yQZfb!7$%Lxu+rtc8Ge4Y7wSm_#TUc(Oq>
z>H&Gby*v{sK70i4#G<cA<EM|@^kR^?g`&CrA5mO+R%;q$FKF(;;L-A9^rfYosY3E&
zatn6BO}IuAjL<=?2d$R)-$Cu&u{GZPC|K3*Sm6t-EA{wrI*jy1WYG1tiu!b8nV-<C
z8kC0U%NJeqz;)DwSwxOPp^#Es51)lHIF#S$!=EY>g6*~K+qbE9FcaDOXE`IxG=HXA
zh?g}~)NSc&CELrQ0{k1g*wmQyeHFAm`e^y#xRUgxLD-G!Qw^ndi=iij)MgbS)}Y)N
zg#gK_AWeco?P#pPI#ha8Rh@TUg747V+slsWiasCEGm(ac%dM#v^BFk$WNT|k&qtH+
zf#}m>x6lR%wV<d74HX!MpPp=YNScn6=6O!K`=pxcAoL6huKyE{_7*xBuOTpHB=>y{
zCL7oR%iX`vt*I3gY<tQNNRd2nRxlS1ag}0gTo^2fzbS80C$wCH1&j1*KjHD#td?2j
zZr|v@fXY5VP^?eU_+f|wT--inOd(R{dn>Bz=)|tCvy%nGwRwAfQeXGu-z&`Anz4;A
zTcCFM_a&F}ohyC>XXQl+ztznq$>rqGIofLr0yo#cb>5SLMr2djS{D#0rqC|%cRGL^
z!NdW5@{}I%k&yI)gp}3z;}3s2hIF%w7cbUh;Sf?-fTXb`Jr=DKSUEqy!twHoW|PrH
z-`pnkc!+C5hlpNvs{GR+`mmPVvyyRQhgrXqsEFbR!qC9s-W1>-agl?p{h6G1WC0gx
z;@R-TJuWV3eo)nG0d;&oT;>@HmE(cl=2WovBRxGm?S6mZtdsl)<ute=ys9d63{0r*
z*)$oWcPm_z)4%t}>OPqaZ+KQ#w*D)bY$lLv0W|DHv_nHf$>)b1E){ikb(QFdzVsm0
z?J;WSA~bJa;nJ=35OBvOI(q=^J|=yMk}40Z?g$s;R+lbz$M+Ye{g75lgTfdC>ewB0
z-8uy`;(Y4Uj|cl0)5rwQjtE#dIkyZne_B4lyLfRZBPXY0I|Ry83<!umS|Pr^Pg<Zc
z>wy4J;{FY<C=u+#108fi`7#!}_j%N><GY}`(cN1cT`)7r%HN=G*5@rSAi5Sr$w)-Y
z&(D7ojPJ)RKvyz~j)%Lr0Bw=<CLA2to&rb`-~c8p(%+{Pe(73UQwW(*0jSz(Y1fe&
zAVjycL3i_lz}#<l?z^&QE0z0W{%E?sBs=@AJ1&X5P~BxbfbZ^eak2XN`)?QK<?%7X
z^#-5@1g1BERG#%I5tlmKptAqAwN<MiAYga!7J7H`%FE09K?=1GgfU649Nb{2JGt;6
z+kg`o6JEMhfY7mXl31*+OjMfQXl-lbf$eR>!AX)04H*kVMZqu5oTK1YekLt#kylb8
z*JW-8$L=C}4=W|vtdFU-w6tVE-;m>z{|P@Z?s^Ug4nuJ_h#F!4Hv?IZLR_=6O*^A`
zjEixh#`~OlApQt^ri35>F<c#n)|`p|1|V95)NHJtO<nyujGuG+l;M+}1QT>#k2@2f
zA@M2>TIYkwOKD0=Fo?@W8GSX&vqMhKpx|EPj%y&5+%-$<v?EW3fc2(c%2(>M{F0`+
zLT;JJ6#3cY<c;xMjO^*AX|bml5m9aJDji60)Pb^g0%U-}NCo|q^`J2lNkJi@lBK1k
zYZ%p88OofaU8E^QG(DDvRPX;clSX{Bw@Muq8@p!u`gLz<7$u23Rs&ptNpFgaixuD*
zhX5B>L2iS4n^)CYZ5NB;e~Rj~#}Ekv!9`(K<iwRQjSTq<!uS)=7npAC?~A0PL$j18
z`eC>M2&H3Us&@d6%K@#Bz?c{+voMD~60mcRzAKj;nwXfUzw;K}x*Gs`zNp%iIA{A8
zcf#+|f>o1~Our;t%Kx4S?WGYYCnaUh1&0>XwPNL6W;7>O#+!CgE$d=<TQ5M)`~Q$b
zqgV(91;xx7+=G=lIXP8cZHx>IJm_Wa%7rUA68dQz{vB><=?p?dT<)7|nCFG;7=e_<
zEu+UEzW_Xz;XiE7c85sSH((?_fO%<v-Y6vr2?jdKrgNc>@|7DmR>$DITOzihAs>?!
zf9TX{yTqq{7lkZA3M^(XmzL}8er9R5KOjbQ-oE|fbg(gLH8wWJ%%ed=LSl%f)Z}lx
zdi6?y^u~?KLvLDV-n-ZQUnAy66JqE~0A3xBW~{>hVorXYY_$=<zI6ecYZ1lnT@sRz
zH$X3u^op69noh>Y$7iS&8SUaBp!k~PfYid$;?cj<!XZB4#Bl{i_|bI#pl2>%Frc8O
z7Qx5EQz<~RL6;(7p{W|-)hkI_Eq2}HxO>+$COo{CGDM0A3jDy;fsd-i#Znb^irup>
zmiwU7pg2!#q0=wS5(*d{UETK&I62?TtdCU|aHD^+UJUe6wHg6`$UnH)*qNN%-0e7s
zp*SX-E`O}$zW9m?NTe_j=<J`ET_NlMvL4E9#I;}BMQ9uF9T&5~{F|tMXX6H%epVvd
zSsN8#<>NbC2PWhs9|{~e?UQim=Y|I9**WDCiyp@bcwdN!z!Px3j?lp(!Uh(DMk-@4
z?6=@nyAIF9hkmAApOTXO7Bp%24w4*UgsHJ!XD(HKW4P>!8(nHq#L3FLcgGzrx$ozm
zL01hXqE=!WLqbLMv$eZ>+fB`%o*}{B9TK_JSV|xP+(A$_3s_*;WduDCadOG;!rmU_
zbjs3~<ZEioi}P!X6jKl-OQB!KYvo}e<=k88N|ugQ^P_{0@%{HP{J>>Q0(N8C|L^wy
zIyngg9ejbE3;!K;JcIwBBg&oKV($Ar5nAMLvB~f;c(<^kJ6cs=U%5ge?~cw_m4X5&
zx#qH!?pUpkRUVrlx7$0Kjt;l;-YqHV3)w4WSZH1%^e8Ce$;QRSLeLVp8`rO&n2lAG
zp{umr?H?!zV*=<r%3k*0VbwpMYVhBO4z5T{QIr(kH#RnNPP&QkrVe0|y~bUd0`0b+
zYuGU!qca-l1K$PTth>9**6=Z1yy%a?d9^juvI$Lrrf=T7X+eU)nKZmRMX&c0Wpmq~
z?9MN`O+j^oLsXpP9GIyK_PqT3G-c53HV1}%S9{eqQK+7`=>5z?2dxSm1VlvRi!(Db
z8Og~nE+g^GvehlMm?85Wtb($Az=7;<cWivHmUtrn_|H8a9+`l^Kx+$Y>p%sWUHBM^
ze;*?XNkb(GoYOuyrw$0jFD&U>a*d4_2%al#Os!Ip2VJibr>3s=@`Pr^|E+!_?Nye8
z5|$EuO0i!5&nayg8$0s=@&%(BQnY&zSo26o&TY@ph%G=NE8t0#d=qdN#T3~VXzI>J
zfA{#YC10P^cv5IfXa8#nnO~AxUS8gBFCyAA6A6jNWrU8@zjJ=OWA<xL`QD;C2u>4#
zU_`!WWohyQXaN>Ja#hJ?>F^o!uORdop;lH`MPP4J(&4!+*sU)DnkTNKGjWCvY-t4#
z7#NJMmty<-q>>Cm$;t=pCefoubuQQalL3>QT3M;s-<oYJr-ZCT>cs$X4Ms_9?Cjp(
zgq?mqL@Ll_Aw50416pPpoek~ZR1eVaR02FlCZRmFH~V$?CjN&poP)-X(z)>0oOvpQ
tpbuhDU`F4B@TEZg|NrLyGmG%`9Cyv0RWks!Mu5QAlgF~CY;hg8{{z?voVWl0

diff --git a/docs/sources/terms/images/docker-filesystems.svg b/docs/sources/terms/images/docker-filesystems.svg
index dc4dc8e687..054402db4c 100644
--- a/docs/sources/terms/images/docker-filesystems.svg
+++ b/docs/sources/terms/images/docker-filesystems.svg
@@ -11,7 +11,7 @@
    xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    inkscape:export-ydpi="90"
    inkscape:export-xdpi="90"
-   inkscape:export-filename="/Users/arothfusz/src/metalivedev/dockerclone/docs/sources/terms/images/docker-filesystems-busyboxrw.png"
+   inkscape:export-filename="/Users/arothfusz/src/metalivedev/dockerclone/docs/sources/terms/images/docker-filesystems-multilayer.png"
    sodipodi:docname="docker-filesystems.svg"
    width="800"
    height="600"
@@ -26,10 +26,10 @@
      inkscape:pageopacity="0.0"
      inkscape:pageshadow="2"
      inkscape:zoom="0.82666667"
-     inkscape:cx="346.87978"
+     inkscape:cx="495.95588"
      inkscape:cy="300"
      inkscape:document-units="px"
-     inkscape:current-layer="layer2"
+     inkscape:current-layer="layer13"
      showgrid="false"
      width="800px"
      inkscape:window-width="1327"
@@ -98,6 +98,32 @@
   </sodipodi:namedview>
   <defs
      id="defs4">
+    <marker
+       inkscape:stockid="Arrow1Mend"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Arrow1Mend"
+       style="overflow:visible;">
+      <path
+         id="path4054"
+         d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none;"
+         transform="scale(0.4) rotate(180) translate(10,0)" />
+    </marker>
+    <marker
+       inkscape:stockid="Arrow1Lend"
+       orient="auto"
+       refY="0.0"
+       refX="0.0"
+       id="Arrow1Lend"
+       style="overflow:visible;">
+      <path
+         id="path4048"
+         d="M 0.0,0.0 L 5.0,-5.0 L -12.5,0.0 L 5.0,5.0 L 0.0,0.0 z "
+         style="fill-rule:evenodd;stroke:#000000;stroke-width:1.0pt;marker-start:none;"
+         transform="scale(0.8) rotate(180) translate(12.5,0)" />
+    </marker>
     <inkscape:perspective
        sodipodi:type="inkscape:persp3d"
        inkscape:vp_x="-406.34117 : 522.93291 : 1"
@@ -296,7 +322,7 @@
     </g>
   </g>
   <g
-     style="display:inline"
+     style="display:none"
      inkscape:groupmode="layer"
      id="layer9"
      inkscape:label="GenericRootfs">
@@ -1190,9 +1216,39 @@
            inkscape:connector-curvature="0" />
       </g>
     </g>
+    <g
+       inkscape:groupmode="layer"
+       id="layer13"
+       inkscape:label="Parent Pointer">
+      <path
+         style="fill:none;stroke:#000000;stroke-width:4.80000019;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none;marker-end:url(#Arrow1Mend)"
+         d="m 546.77419,134.2742 c 110.08065,13.30645 1.20968,53.2258 1.20968,53.2258"
+         id="path3272"
+         inkscape:connector-curvature="0"
+         sodipodi:nodetypes="cc" />
+      <text
+         xml:space="preserve"
+         style="font-size:32px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;line-height:103.99999619%;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Helvetica"
+         x="601.20972"
+         y="125.80645"
+         id="text4672"
+         sodipodi:linespacing="104%"><tspan
+           sodipodi:role="line"
+           id="tspan4674"
+           x="601.20972"
+           y="125.80645">references</tspan><tspan
+           sodipodi:role="line"
+           x="601.20972"
+           y="159.08644"
+           id="tspan4676">parent</tspan><tspan
+           sodipodi:role="line"
+           x="601.20972"
+           y="192.36644"
+           id="tspan4678">image</tspan></text>
+    </g>
   </g>
   <g
-     style="display:inline"
+     style="display:none"
      inkscape:label="busybox"
      id="layer4"
      inkscape:groupmode="layer">

From 39037a91f85a4a072e5aa7e585d8c2f6b211df8a Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 14 Mar 2014 11:42:01 -0700
Subject: [PATCH 098/384] Send sigterm to child instead of sigkill
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/init.go | 4 +++-
 pkg/system/calls_linux.go       | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 5d47b95057..c702c79018 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -48,7 +48,9 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 			return fmt.Errorf("setctty %s", err)
 		}
 	}
-	if err := system.ParentDeathSignal(); err != nil {
+	// this is our best effort to let the process know that the parent has died and that it
+	// should it should act on it how it sees fit
+	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
diff --git a/pkg/system/calls_linux.go b/pkg/system/calls_linux.go
index bf667c535b..43c00ed554 100644
--- a/pkg/system/calls_linux.go
+++ b/pkg/system/calls_linux.go
@@ -115,8 +115,8 @@ func Mknod(path string, mode uint32, dev int) error {
 	return syscall.Mknod(path, mode, dev)
 }
 
-func ParentDeathSignal() error {
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, uintptr(syscall.SIGKILL), 0); err != 0 {
+func ParentDeathSignal(sig uintptr) error {
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_PDEATHSIG, sig, 0); err != 0 {
 		return err
 	}
 	return nil

From 2ba0861ad359477ad81346a81f1bac09cb5e2eb2 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Fri, 14 Mar 2014 17:20:22 -0600
Subject: [PATCH 099/384] Add Sam's Go "dockerclient" to the list of Client
 Libraries

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/reference/api/remote_api_client_libraries.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/api/remote_api_client_libraries.rst b/docs/sources/reference/api/remote_api_client_libraries.rst
index e58c7ced39..f74dd416bc 100644
--- a/docs/sources/reference/api/remote_api_client_libraries.rst
+++ b/docs/sources/reference/api/remote_api_client_libraries.rst
@@ -41,6 +41,8 @@ and we will add the libraries here.
 +----------------------+----------------+--------------------------------------------+----------+
 | Go                   | go-dockerclient| https://github.com/fsouza/go-dockerclient  | Active   |
 +----------------------+----------------+--------------------------------------------+----------+
+| Go                   | dockerclient   | https://github.com/samalba/dockerclient    | Active   |
++----------------------+----------------+--------------------------------------------+----------+
 | PHP                  | Alvine         | http://pear.alvine.io/ (alpha)             | Active   |
 +----------------------+----------------+--------------------------------------------+----------+
 | PHP                  | Docker-PHP     | http://stage1.github.io/docker-php/        | Active   |

From 5583774e29911bbd42181e8db2ece08761677cf3 Mon Sep 17 00:00:00 2001
From: Paul Nasrat <pnasrat@gmail.com>
Date: Sat, 15 Mar 2014 11:34:49 -0400
Subject: [PATCH 100/384] Fix spelling of benchmark test

Docker-DCO-1.1-Signed-off-by: Paul Nasrat <pnasrat@gmail.com> (github: pnasrat)
---
 integration/container_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index c32a8bcff7..010883a709 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1109,7 +1109,7 @@ func TestEntrypointNoCmd(t *testing.T) {
 	}
 }
 
-func BenchmarkRunSequencial(b *testing.B) {
+func BenchmarkRunSequential(b *testing.B) {
 	runtime := mkRuntime(b)
 	defer nuke(runtime)
 	for i := 0; i < b.N; i++ {

From 853c5e258fc9a3d8420e62aaed4817179073610a Mon Sep 17 00:00:00 2001
From: zqh <zqhxuyuan@gmail.com>
Date: Sun, 16 Mar 2014 01:07:22 +0800
Subject: [PATCH 101/384] Update nodejs_web_app.rst

the address of epel rpm has change to http://dl.fedoraproject....
---
 docs/sources/examples/nodejs_web_app.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/examples/nodejs_web_app.rst b/docs/sources/examples/nodejs_web_app.rst
index 68c073da7b..a9e9b1c5e3 100644
--- a/docs/sources/examples/nodejs_web_app.rst
+++ b/docs/sources/examples/nodejs_web_app.rst
@@ -91,7 +91,7 @@ To install the right package for CentOS, we’ll use the instructions from the
 .. code-block:: bash
 
     # Enable EPEL for Node.js
-    RUN     rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
+    RUN     rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
     # Install Node.js and npm
     RUN     yum install -y npm
 

From 054b85a7b25e46935c0d91f544aac69dc3497468 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 15 Mar 2014 14:00:35 -0600
Subject: [PATCH 102/384] Add proper support for relative WORKDIR instructions

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 integration/buildfile_test.go | 17 +++++++++++++++++
 server/buildfile.go           |  9 ++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index 7f6e69ece3..9c986d74c2 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -441,6 +441,23 @@ func TestBuildUser(t *testing.T) {
 	}
 }
 
+func TestBuildRelativeWorkdir(t *testing.T) {
+	img, err := buildImage(testContextTemplate{`
+		FROM {IMAGE}
+		RUN [ "$PWD" = '/' ]
+		WORKDIR /test1
+		RUN [ "$PWD" = '/test1' ]
+		WORKDIR test2
+		RUN [ "$PWD" = '/test1/test2' ]
+	`, nil, nil}, t, nil, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if img.Config.WorkingDir != "/test1/test2" {
+		t.Fail()
+	}
+}
+
 func TestBuildEnv(t *testing.T) {
 	img, err := buildImage(testContextTemplate{`
         from {IMAGE}
diff --git a/server/buildfile.go b/server/buildfile.go
index af6702cc1d..5d5fda4d8e 100644
--- a/server/buildfile.go
+++ b/server/buildfile.go
@@ -338,7 +338,14 @@ func (b *buildFile) CmdCopy(args string) error {
 }
 
 func (b *buildFile) CmdWorkdir(workdir string) error {
-	b.config.WorkingDir = workdir
+	if workdir[0] == '/' {
+		b.config.WorkingDir = workdir
+	} else {
+		if b.config.WorkingDir == "" {
+			b.config.WorkingDir = "/"
+		}
+		b.config.WorkingDir = filepath.Join(b.config.WorkingDir, workdir)
+	}
 	return b.commit("", b.config.Cmd, fmt.Sprintf("WORKDIR %v", workdir))
 }
 

From 65051f4215e493928a211c411f775ee1cc7a763f Mon Sep 17 00:00:00 2001
From: Vladimir Rutsky <altsysrq@gmail.com>
Date: Sun, 16 Mar 2014 18:35:13 +0400
Subject: [PATCH 103/384] Fix external link on security of containers

Docker-DCO-1.1-Signed-off-by: Vladimir Rutsky <altsysrq@gmail.com> (github: rutsky)
---
 docs/sources/articles/security.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/articles/security.rst b/docs/sources/articles/security.rst
index 3dc5780e85..e738e9a847 100644
--- a/docs/sources/articles/security.rst
+++ b/docs/sources/articles/security.rst
@@ -7,7 +7,7 @@
 Docker Security
 ===============
 
-  *Adapted from* `Containers & Docker: How Secure are They? <blogsecurity>`_
+  *Adapted from* `Containers & Docker: How Secure are They? <blogsecurity_>`_
 
 There are three major areas to consider when reviewing Docker security:
 
@@ -261,7 +261,7 @@ with Docker, since everything is provided by the kernel anyway.
 
 For more context and especially for comparisons with VMs and other
 container systems, please also see the `original blog post
-<blogsecurity>`_.
+<blogsecurity_>`_.
 
 .. _blogsecurity: http://blog.docker.io/2013/08/containers-docker-how-secure-are-they/
 

From e32965dbb13973f61ba1c0496c8136cc8c9273a2 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <erik+github@hollensbe.org>
Date: Sun, 16 Mar 2014 16:28:13 +0000
Subject: [PATCH 104/384] In `docker ps`, sort by port instead of unsorted.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <erik@hollensbe.org> (github: erikh)
---
 api/common.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/api/common.go b/api/common.go
index 10e7ddb4ae..5e5d2c5767 100644
--- a/api/common.go
+++ b/api/common.go
@@ -25,6 +25,8 @@ func ValidateHost(val string) (string, error) {
 //TODO remove, used on < 1.5 in getContainersJSON
 func displayablePorts(ports *engine.Table) string {
 	result := []string{}
+	ports.SetKey("PublicPort")
+	ports.Sort()
 	for _, port := range ports.Data {
 		if port.Get("IP") == "" {
 			result = append(result, fmt.Sprintf("%d/%s", port.GetInt("PublicPort"), port.Get("Type")))

From 9e69a042c50a3706c847addd68469dfe3eb698a0 Mon Sep 17 00:00:00 2001
From: Erik Hollensbe <erik+github@hollensbe.org>
Date: Sun, 16 Mar 2014 17:48:46 +0000
Subject: [PATCH 105/384] Fix `docker cp` trying to untar files that do not
 exist.

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <erik@hollensbe.org> (github: erikh)
---
 api/server.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/server.go b/api/server.go
index 048c989540..2a5dacd9ea 100644
--- a/api/server.go
+++ b/api/server.go
@@ -894,6 +894,9 @@ func postContainersCopy(eng *engine.Engine, version version.Version, w http.Resp
 	if copyData.Get("Resource") == "" {
 		return fmt.Errorf("Path cannot be empty")
 	}
+
+	origResource := copyData.Get("Resource")
+
 	if copyData.Get("Resource")[0] == '/' {
 		copyData.Set("Resource", copyData.Get("Resource")[1:])
 	}
@@ -904,6 +907,8 @@ func postContainersCopy(eng *engine.Engine, version version.Version, w http.Resp
 		utils.Errorf("%s", err.Error())
 		if strings.Contains(err.Error(), "No such container") {
 			w.WriteHeader(http.StatusNotFound)
+		} else if strings.Contains(err.Error(), "no such file or directory") {
+			return fmt.Errorf("Could not find the file %s in container %s", origResource, vars["name"])
 		}
 	}
 	return nil

From 681d1d2f61b7c76da6612a5d24d41d5bd98e4df5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Stormacq?=
 <sebsto@users.noreply.github.com>
Date: Mon, 17 Mar 2014 15:36:46 +0100
Subject: [PATCH 106/384] Include instruction for AMI 2014.03

Include instructions to install Docker from Amazon's Software Repository on new AMI 2014.03 (Release Candidate)

Docker-DCO-1.1-Signed-off-by: Sebastien Stormacq <sebastien.stormacq@gmail.com> (github: sebsto)
---
 docs/sources/installation/amazon.rst | 32 ++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/docs/sources/installation/amazon.rst b/docs/sources/installation/amazon.rst
index b5465e25f8..b062a15e1e 100644
--- a/docs/sources/installation/amazon.rst
+++ b/docs/sources/installation/amazon.rst
@@ -9,6 +9,7 @@ Amazon EC2
 
 There are several ways to install Docker on AWS EC2:
 
+* :ref:`amazonquickstart_new` or
 * :ref:`amazonquickstart` or
 * :ref:`amazonstandard`
 
@@ -61,6 +62,37 @@ for every Docker command.
 Once you've got Docker installed, you're ready to try it out -- head
 on over to the :doc:`../use/basics` or :doc:`../examples/index` section.
 
+.. _amazonquickstart_new:
+
+Amazon QuickStart (Release Candidate - March 2014)
+--------------------------------------------------
+
+Amazon just published new Docker-ready AMIs (2014.03 Release Candidate).  Docker packages 
+can now be installed from Amazon's provided Software Repository.
+
+1. **Choose an image:**
+
+   * Launch the `Create Instance Wizard
+     <https://console.aws.amazon.com/ec2/v2/home?#LaunchInstanceWizard:>`_ menu
+     on your AWS Console.
+
+   * Click the ``Community AMI`` menu option on the left side
+   
+   * Search for '2014.03' and select one of the Amazon provided AMI, for example ``amzn-ami-pv-2014.03.rc-0.x86_64-ebs``
+
+   * For testing you can use the default (possibly free)
+     ``t1.micro`` instance (more info on `pricing
+     <http://aws.amazon.com/en/ec2/pricing/>`_).
+
+   * Click the ``Next: Configure Instance Details`` button at the bottom right.
+   
+2. After a few more standard choices where defaults are probably ok, your Amazon
+   Linux instance should be running!  
+   
+3. SSH to your instance to install Docker : ``ssh -i <path to your private key> ec2-user@<your public IP address>``
+
+4. Once connected to the instance, type ``sudo yum install -y docker ; sudo service docker start`` to install and start Docker
+
 .. _amazonstandard:
 
 Standard Ubuntu Installation

From 90b283c39a36f34ac97f9eb0d66da3a0a9992caa Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 17 Mar 2014 17:56:21 +0000
Subject: [PATCH 107/384] fix content-type detection in docker cp

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/server.go b/api/server.go
index 048c989540..5c7b0b7a05 100644
--- a/api/server.go
+++ b/api/server.go
@@ -883,7 +883,7 @@ func postContainersCopy(eng *engine.Engine, version version.Version, w http.Resp
 
 	var copyData engine.Env
 
-	if contentType := r.Header.Get("Content-Type"); contentType == "application/json" {
+	if contentType := r.Header.Get("Content-Type"); MatchesContentType(contentType, "application/json") {
 		if err := copyData.Decode(r.Body); err != nil {
 			return err
 		}

From 128381e0f0372f10f88a847087aa91a972770c4b Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Mon, 17 Mar 2014 10:16:34 -0700
Subject: [PATCH 108/384] refactor(libcontainer): rename to CapabilitiesMask

The Capabilities field on libcontainer is actually used as a mask.
Rename the field so that this is more clear.

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
---
 execdriver/native/default_template.go         |  4 +--
 pkg/libcontainer/README.md                    |  2 +-
 pkg/libcontainer/capabilities/capabilities.go |  8 +++---
 pkg/libcontainer/container.go                 | 26 +++++++++----------
 pkg/libcontainer/container.json               |  2 +-
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/execdriver/native/default_template.go b/execdriver/native/default_template.go
index 2798f3b084..5351911427 100644
--- a/execdriver/native/default_template.go
+++ b/execdriver/native/default_template.go
@@ -36,7 +36,7 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 
 	container.Cgroups.Name = c.ID
 	if c.Privileged {
-		container.Capabilities = nil
+		container.CapabilitiesMask = nil
 		container.Cgroups.DeviceAccess = true
 		container.Context["apparmor_profile"] = "unconfined"
 	}
@@ -59,7 +59,7 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 // the libcontainer configuration file
 func getDefaultTemplate() *libcontainer.Container {
 	return &libcontainer.Container{
-		Capabilities: libcontainer.Capabilities{
+		CapabilitiesMask: libcontainer.Capabilities{
 			libcontainer.GetCapability("SETPCAP"),
 			libcontainer.GetCapability("SYS_MODULE"),
 			libcontainer.GetCapability("SYS_RAWIO"),
diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md
index 2c85111b97..e967f6d76d 100644
--- a/pkg/libcontainer/README.md
+++ b/pkg/libcontainer/README.md
@@ -40,7 +40,7 @@ Sample `container.json` file:
       "HOSTNAME=11bb30683fb0",
       "TERM=xterm"
    ],
-   "capabilities" : [
+   "capabilities_mask" : [
       "SETPCAP",
       "SYS_MODULE",
       "SYS_RAWIO",
diff --git a/pkg/libcontainer/capabilities/capabilities.go b/pkg/libcontainer/capabilities/capabilities.go
index 3c6d752496..fbf73538e0 100644
--- a/pkg/libcontainer/capabilities/capabilities.go
+++ b/pkg/libcontainer/capabilities/capabilities.go
@@ -9,7 +9,7 @@ import (
 // DropCapabilities drops capabilities for the current process based
 // on the container's configuration.
 func DropCapabilities(container *libcontainer.Container) error {
-	if drop := getCapabilities(container); len(drop) > 0 {
+	if drop := getCapabilitiesMask(container); len(drop) > 0 {
 		c, err := capability.NewPid(os.Getpid())
 		if err != nil {
 			return err
@@ -23,10 +23,10 @@ func DropCapabilities(container *libcontainer.Container) error {
 	return nil
 }
 
-// getCapabilities returns the specific cap values for the libcontainer types
-func getCapabilities(container *libcontainer.Container) []capability.Cap {
+// getCapabilitiesMask returns the specific cap mask values for the libcontainer types
+func getCapabilitiesMask(container *libcontainer.Container) []capability.Cap {
 	drop := []capability.Cap{}
-	for _, c := range container.Capabilities {
+	for _, c := range container.CapabilitiesMask {
 		drop = append(drop, c.Value)
 	}
 	return drop
diff --git a/pkg/libcontainer/container.go b/pkg/libcontainer/container.go
index 14b4b65db7..c7cac35428 100644
--- a/pkg/libcontainer/container.go
+++ b/pkg/libcontainer/container.go
@@ -11,19 +11,19 @@ type Context map[string]string
 // Container defines configuration options for how a
 // container is setup inside a directory and how a process should be executed
 type Container struct {
-	Hostname     string          `json:"hostname,omitempty"`      // hostname
-	ReadonlyFs   bool            `json:"readonly_fs,omitempty"`   // set the containers rootfs as readonly
-	NoPivotRoot  bool            `json:"no_pivot_root,omitempty"` // this can be enabled if you are running in ramdisk
-	User         string          `json:"user,omitempty"`          // user to execute the process as
-	WorkingDir   string          `json:"working_dir,omitempty"`   // current working directory
-	Env          []string        `json:"environment,omitempty"`   // environment to set
-	Tty          bool            `json:"tty,omitempty"`           // setup a proper tty or not
-	Namespaces   Namespaces      `json:"namespaces,omitempty"`    // namespaces to apply
-	Capabilities Capabilities    `json:"capabilities,omitempty"`  // capabilities to drop
-	Networks     []*Network      `json:"networks,omitempty"`      // nil for host's network stack
-	Cgroups      *cgroups.Cgroup `json:"cgroups,omitempty"`       // cgroups
-	Context      Context         `json:"context,omitempty"`       // generic context for specific options (apparmor, selinux)
-	Mounts       []Mount         `json:"mounts,omitempty"`
+	Hostname         string          `json:"hostname,omitempty"`          // hostname
+	ReadonlyFs       bool            `json:"readonly_fs,omitempty"`       // set the containers rootfs as readonly
+	NoPivotRoot      bool            `json:"no_pivot_root,omitempty"`     // this can be enabled if you are running in ramdisk
+	User             string          `json:"user,omitempty"`              // user to execute the process as
+	WorkingDir       string          `json:"working_dir,omitempty"`       // current working directory
+	Env              []string        `json:"environment,omitempty"`       // environment to set
+	Tty              bool            `json:"tty,omitempty"`               // setup a proper tty or not
+	Namespaces       Namespaces      `json:"namespaces,omitempty"`        // namespaces to apply
+	CapabilitiesMask Capabilities    `json:"capabilities_mask,omitempty"` // capabilities to drop
+	Networks         []*Network      `json:"networks,omitempty"`          // nil for host's network stack
+	Cgroups          *cgroups.Cgroup `json:"cgroups,omitempty"`           // cgroups
+	Context          Context         `json:"context,omitempty"`           // generic context for specific options (apparmor, selinux)
+	Mounts           []Mount         `json:"mounts,omitempty"`
 }
 
 // Network defines configuration for a container's networking stack
diff --git a/pkg/libcontainer/container.json b/pkg/libcontainer/container.json
index 83e407467c..f045315a41 100644
--- a/pkg/libcontainer/container.json
+++ b/pkg/libcontainer/container.json
@@ -14,7 +14,7 @@
         "NEWUTS",
         "NEWNET"
     ],
-    "capabilities": [
+    "capabilities_mask": [
         "SETPCAP",
         "SYS_MODULE",
         "SYS_RAWIO",

From ad7e7d612390d09d3a54fd82dda9687deb3b0cbe Mon Sep 17 00:00:00 2001
From: Brandon Philips <brandon@ifup.co>
Date: Mon, 17 Mar 2014 11:07:29 -0700
Subject: [PATCH 109/384] chore(libcontainer): small grammar fix in types_test

Someone probably got really used to typing er on the end of contain :)

Docker-DCO-1.1-Signed-off-by: Brandon Philips <brandon.philips@coreos.com> (github: philips)
---
 pkg/libcontainer/types_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/libcontainer/types_test.go b/pkg/libcontainer/types_test.go
index 52b85a4db9..9735937b76 100644
--- a/pkg/libcontainer/types_test.go
+++ b/pkg/libcontainer/types_test.go
@@ -30,6 +30,6 @@ func TestCapabilitiesContains(t *testing.T) {
 		t.Fatal("capabilities should not contain SYS_ADMIN")
 	}
 	if !caps.Contains("MKNOD") {
-		t.Fatal("capabilities should container MKNOD but does not")
+		t.Fatal("capabilities should contain MKNOD but does not")
 	}
 }

From a62c7215c6c4675a4f99b63871d89198b211c260 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Sat, 15 Mar 2014 14:48:32 -0400
Subject: [PATCH 110/384] Update fedora.rst
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It looks like ``wmdocker`` does not have an update for Fedora 20:

```
~❯ pkgwat releases wmdocker
Starting new HTTPS connection (1): apps.fedoraproject.org
+---------------+----------------+-----------------+
| release       | stable_version | testing_version |
+---------------+----------------+-----------------+
| Rawhide       | 1.5-12.fc21    | None            |
| Fedora 20     | None           | None            |
| Fedora 19     | None           | None            |
| Fedora EPEL 7 | None           | None            |
| Fedora EPEL 6 | None           | None            |
| Fedora EPEL 5 | None           | None            |
+---------------+----------------+-----------------+
```

I'm not sure if the owner awjb is intending to create an F20 update or
not, but either way -- these docs are incorrect as currently written.

Docker-DCO-1.1-Signed-off-by: Ralph Bean <rbean@redhat.com> (github: ralphbean)
---
 docs/sources/installation/fedora.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/sources/installation/fedora.rst b/docs/sources/installation/fedora.rst
index 7e0aee78fd..3b95f04f7f 100644
--- a/docs/sources/installation/fedora.rst
+++ b/docs/sources/installation/fedora.rst
@@ -23,15 +23,15 @@ The ``docker-io`` package provides Docker on Fedora.
 
 If you have the (unrelated) ``docker`` package installed already, it will
 conflict with ``docker-io``. There's a `bug report`_ filed for it.
-To proceed with ``docker-io`` installation on Fedora 19, please remove
-``docker`` first.
+To proceed with ``docker-io`` installation on Fedora 19 or Fedora 20, please
+remove ``docker`` first.
 
 .. code-block:: bash
 
    sudo yum -y remove docker
 
-For Fedora 20 and later, the ``wmdocker`` package will provide the same
-functionality as ``docker`` and will also not conflict with ``docker-io``.
+For Fedora 21 and later, the ``wmdocker`` package will provide the same
+functionality as the old ``docker`` and will also not conflict with ``docker-io``.
 
 .. code-block:: bash
 

From 5921b186d17b172f205f3b0b6bda1f3a4e650d3f Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 17 Mar 2014 18:36:15 +0000
Subject: [PATCH 111/384] display command display in docker ps

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 runtime/container.go | 12 ++++++++++++
 server/server.go     |  2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/runtime/container.go b/runtime/container.go
index ee545db201..72ee104d8b 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -402,6 +402,18 @@ func populateCommand(c *Container) {
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
 }
 
+func (container *Container) ArgsAsString() string {
+	var args []string
+	for _, arg := range container.Args {
+		if strings.Contains(arg, " ") {
+			args = append(args, fmt.Sprintf("'%s'", arg))
+		} else {
+			args = append(args, arg)
+		}
+	}
+	return strings.Join(args, " ")
+}
+
 func (container *Container) Start() (err error) {
 	container.Lock()
 	defer container.Unlock()
diff --git a/server/server.go b/server/server.go
index eb9a3a396b..69b65ce4a5 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1003,7 +1003,7 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		out.SetList("Names", names[container.ID])
 		out.Set("Image", srv.runtime.Repositories().ImageName(container.Image))
 		if len(container.Args) > 0 {
-			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, strings.Join(container.Args, " ")))
+			out.Set("Command", fmt.Sprintf("\"%s %s\"", container.Path, container.ArgsAsString()))
 		} else {
 			out.Set("Command", fmt.Sprintf("\"%s\"", container.Path))
 		}

From 2230c9b9a735d731cc2fee4137633eb98b9da9d5 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 14 Mar 2014 14:03:23 -0700
Subject: [PATCH 112/384] Move networking drivers into runtime top level pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 builtins/builtins.go                                      | 2 +-
 daemonconfig/config.go                                    | 2 +-
 .../networkdriver}/ipallocator/allocator.go               | 2 +-
 .../networkdriver}/ipallocator/allocator_test.go          | 0
 {networkdriver => runtime/networkdriver}/lxc/driver.go    | 8 ++++----
 {networkdriver => runtime/networkdriver}/network.go       | 0
 {networkdriver => runtime/networkdriver}/network_test.go  | 0
 .../networkdriver}/portallocator/portallocator.go         | 0
 .../networkdriver}/portallocator/portallocator_test.go    | 0
 .../networkdriver}/portmapper/mapper.go                   | 0
 .../networkdriver}/portmapper/mapper_test.go              | 0
 {networkdriver => runtime/networkdriver}/utils.go         | 0
 runtime/runtime.go                                        | 4 ++--
 13 files changed, 9 insertions(+), 9 deletions(-)
 rename {networkdriver => runtime/networkdriver}/ipallocator/allocator.go (98%)
 rename {networkdriver => runtime/networkdriver}/ipallocator/allocator_test.go (100%)
 rename {networkdriver => runtime/networkdriver}/lxc/driver.go (98%)
 rename {networkdriver => runtime/networkdriver}/network.go (100%)
 rename {networkdriver => runtime/networkdriver}/network_test.go (100%)
 rename {networkdriver => runtime/networkdriver}/portallocator/portallocator.go (100%)
 rename {networkdriver => runtime/networkdriver}/portallocator/portallocator_test.go (100%)
 rename {networkdriver => runtime/networkdriver}/portmapper/mapper.go (100%)
 rename {networkdriver => runtime/networkdriver}/portmapper/mapper_test.go (100%)
 rename {networkdriver => runtime/networkdriver}/utils.go (100%)

diff --git a/builtins/builtins.go b/builtins/builtins.go
index eb4a0be874..86f3973c62 100644
--- a/builtins/builtins.go
+++ b/builtins/builtins.go
@@ -4,7 +4,7 @@ import (
 	"github.com/dotcloud/docker/engine"
 
 	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/networkdriver/lxc"
+	"github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/server"
 )
 
diff --git a/daemonconfig/config.go b/daemonconfig/config.go
index 0aee7e78ba..b26d3eec3a 100644
--- a/daemonconfig/config.go
+++ b/daemonconfig/config.go
@@ -4,7 +4,7 @@ import (
 	"net"
 
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/networkdriver"
+	"github.com/dotcloud/docker/runtime/networkdriver"
 )
 
 const (
diff --git a/networkdriver/ipallocator/allocator.go b/runtime/networkdriver/ipallocator/allocator.go
similarity index 98%
rename from networkdriver/ipallocator/allocator.go
rename to runtime/networkdriver/ipallocator/allocator.go
index 1c5a7b4cc2..2950e37003 100644
--- a/networkdriver/ipallocator/allocator.go
+++ b/runtime/networkdriver/ipallocator/allocator.go
@@ -3,7 +3,7 @@ package ipallocator
 import (
 	"encoding/binary"
 	"errors"
-	"github.com/dotcloud/docker/networkdriver"
+	"github.com/dotcloud/docker/runtime/networkdriver"
 	"github.com/dotcloud/docker/pkg/collections"
 	"net"
 	"sync"
diff --git a/networkdriver/ipallocator/allocator_test.go b/runtime/networkdriver/ipallocator/allocator_test.go
similarity index 100%
rename from networkdriver/ipallocator/allocator_test.go
rename to runtime/networkdriver/ipallocator/allocator_test.go
diff --git a/networkdriver/lxc/driver.go b/runtime/networkdriver/lxc/driver.go
similarity index 98%
rename from networkdriver/lxc/driver.go
rename to runtime/networkdriver/lxc/driver.go
index 6185c42752..746bcfb5b0 100644
--- a/networkdriver/lxc/driver.go
+++ b/runtime/networkdriver/lxc/driver.go
@@ -3,10 +3,10 @@ package lxc
 import (
 	"fmt"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/networkdriver"
-	"github.com/dotcloud/docker/networkdriver/ipallocator"
-	"github.com/dotcloud/docker/networkdriver/portallocator"
-	"github.com/dotcloud/docker/networkdriver/portmapper"
+	"github.com/dotcloud/docker/runtime/networkdriver"
+	"github.com/dotcloud/docker/runtime/networkdriver/ipallocator"
+	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
+	"github.com/dotcloud/docker/runtime/networkdriver/portmapper"
 	"github.com/dotcloud/docker/pkg/iptables"
 	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/utils"
diff --git a/networkdriver/network.go b/runtime/networkdriver/network.go
similarity index 100%
rename from networkdriver/network.go
rename to runtime/networkdriver/network.go
diff --git a/networkdriver/network_test.go b/runtime/networkdriver/network_test.go
similarity index 100%
rename from networkdriver/network_test.go
rename to runtime/networkdriver/network_test.go
diff --git a/networkdriver/portallocator/portallocator.go b/runtime/networkdriver/portallocator/portallocator.go
similarity index 100%
rename from networkdriver/portallocator/portallocator.go
rename to runtime/networkdriver/portallocator/portallocator.go
diff --git a/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
similarity index 100%
rename from networkdriver/portallocator/portallocator_test.go
rename to runtime/networkdriver/portallocator/portallocator_test.go
diff --git a/networkdriver/portmapper/mapper.go b/runtime/networkdriver/portmapper/mapper.go
similarity index 100%
rename from networkdriver/portmapper/mapper.go
rename to runtime/networkdriver/portmapper/mapper.go
diff --git a/networkdriver/portmapper/mapper_test.go b/runtime/networkdriver/portmapper/mapper_test.go
similarity index 100%
rename from networkdriver/portmapper/mapper_test.go
rename to runtime/networkdriver/portmapper/mapper_test.go
diff --git a/networkdriver/utils.go b/runtime/networkdriver/utils.go
similarity index 100%
rename from networkdriver/utils.go
rename to runtime/networkdriver/utils.go
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 32584cbf6e..092b5a8130 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -17,8 +17,8 @@ import (
 	_ "github.com/dotcloud/docker/graphdriver/devmapper"
 	_ "github.com/dotcloud/docker/graphdriver/vfs"
 	"github.com/dotcloud/docker/image"
-	_ "github.com/dotcloud/docker/networkdriver/lxc"
-	"github.com/dotcloud/docker/networkdriver/portallocator"
+	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
+	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/pkg/sysinfo"
 	"github.com/dotcloud/docker/runconfig"

From af385151ceedde097eda8a5195b431e8076cf76b Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 14 Mar 2014 14:07:32 -0700
Subject: [PATCH 113/384] Move execdrivers into runtime top level pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/container.go                                        | 2 +-
 {execdriver => runtime/execdriver}/MAINTAINERS              | 0
 {execdriver => runtime/execdriver}/driver.go                | 0
 .../execdriver}/execdrivers/execdrivers.go                  | 6 +++---
 {execdriver => runtime/execdriver}/lxc/driver.go            | 2 +-
 {execdriver => runtime/execdriver}/lxc/info.go              | 0
 {execdriver => runtime/execdriver}/lxc/info_test.go         | 0
 {execdriver => runtime/execdriver}/lxc/init.go              | 2 +-
 {execdriver => runtime/execdriver}/lxc/lxc_init_linux.go    | 0
 .../execdriver}/lxc/lxc_init_unsupported.go                 | 0
 {execdriver => runtime/execdriver}/lxc/lxc_template.go      | 2 +-
 .../execdriver}/lxc/lxc_template_unit_test.go               | 2 +-
 .../execdriver}/native/default_template.go                  | 2 +-
 {execdriver => runtime/execdriver}/native/driver.go         | 2 +-
 {execdriver => runtime/execdriver}/native/info.go           | 0
 {execdriver => runtime/execdriver}/native/term.go           | 2 +-
 {execdriver => runtime/execdriver}/pipes.go                 | 0
 {execdriver => runtime/execdriver}/termconsole.go           | 0
 runtime/runtime.go                                          | 6 +++---
 runtime/volumes.go                                          | 2 +-
 sysinit/sysinit.go                                          | 6 +++---
 21 files changed, 18 insertions(+), 18 deletions(-)
 rename {execdriver => runtime/execdriver}/MAINTAINERS (100%)
 rename {execdriver => runtime/execdriver}/driver.go (100%)
 rename {execdriver => runtime/execdriver}/execdrivers/execdrivers.go (79%)
 rename {execdriver => runtime/execdriver}/lxc/driver.go (99%)
 rename {execdriver => runtime/execdriver}/lxc/info.go (100%)
 rename {execdriver => runtime/execdriver}/lxc/info_test.go (100%)
 rename {execdriver => runtime/execdriver}/lxc/init.go (98%)
 rename {execdriver => runtime/execdriver}/lxc/lxc_init_linux.go (100%)
 rename {execdriver => runtime/execdriver}/lxc/lxc_init_unsupported.go (100%)
 rename {execdriver => runtime/execdriver}/lxc/lxc_template.go (98%)
 rename {execdriver => runtime/execdriver}/lxc/lxc_template_unit_test.go (98%)
 rename {execdriver => runtime/execdriver}/native/default_template.go (98%)
 rename {execdriver => runtime/execdriver}/native/driver.go (99%)
 rename {execdriver => runtime/execdriver}/native/info.go (100%)
 rename {execdriver => runtime/execdriver}/native/term.go (94%)
 rename {execdriver => runtime/execdriver}/pipes.go (100%)
 rename {execdriver => runtime/execdriver}/termconsole.go (100%)

diff --git a/runtime/container.go b/runtime/container.go
index ee545db201..f4de40a16a 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/links"
diff --git a/execdriver/MAINTAINERS b/runtime/execdriver/MAINTAINERS
similarity index 100%
rename from execdriver/MAINTAINERS
rename to runtime/execdriver/MAINTAINERS
diff --git a/execdriver/driver.go b/runtime/execdriver/driver.go
similarity index 100%
rename from execdriver/driver.go
rename to runtime/execdriver/driver.go
diff --git a/execdriver/execdrivers/execdrivers.go b/runtime/execdriver/execdrivers/execdrivers.go
similarity index 79%
rename from execdriver/execdrivers/execdrivers.go
rename to runtime/execdriver/execdrivers/execdrivers.go
index 7486d649c1..29fa5b44f9 100644
--- a/execdriver/execdrivers/execdrivers.go
+++ b/runtime/execdriver/execdrivers/execdrivers.go
@@ -2,9 +2,9 @@ package execdrivers
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
-	"github.com/dotcloud/docker/execdriver/lxc"
-	"github.com/dotcloud/docker/execdriver/native"
+	"github.com/dotcloud/docker/runtime/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver/lxc"
+	"github.com/dotcloud/docker/runtime/execdriver/native"
 	"github.com/dotcloud/docker/pkg/sysinfo"
 	"path"
 )
diff --git a/execdriver/lxc/driver.go b/runtime/execdriver/lxc/driver.go
similarity index 99%
rename from execdriver/lxc/driver.go
rename to runtime/execdriver/lxc/driver.go
index 9abec8ac3f..fa2ecf9d77 100644
--- a/execdriver/lxc/driver.go
+++ b/runtime/execdriver/lxc/driver.go
@@ -2,7 +2,7 @@ package lxc
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
diff --git a/execdriver/lxc/info.go b/runtime/execdriver/lxc/info.go
similarity index 100%
rename from execdriver/lxc/info.go
rename to runtime/execdriver/lxc/info.go
diff --git a/execdriver/lxc/info_test.go b/runtime/execdriver/lxc/info_test.go
similarity index 100%
rename from execdriver/lxc/info_test.go
rename to runtime/execdriver/lxc/info_test.go
diff --git a/execdriver/lxc/init.go b/runtime/execdriver/lxc/init.go
similarity index 98%
rename from execdriver/lxc/init.go
rename to runtime/execdriver/lxc/init.go
index 0f134088a3..946c8c930f 100644
--- a/execdriver/lxc/init.go
+++ b/runtime/execdriver/lxc/init.go
@@ -3,7 +3,7 @@ package lxc
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/pkg/user"
 	"github.com/syndtr/gocapability/capability"
diff --git a/execdriver/lxc/lxc_init_linux.go b/runtime/execdriver/lxc/lxc_init_linux.go
similarity index 100%
rename from execdriver/lxc/lxc_init_linux.go
rename to runtime/execdriver/lxc/lxc_init_linux.go
diff --git a/execdriver/lxc/lxc_init_unsupported.go b/runtime/execdriver/lxc/lxc_init_unsupported.go
similarity index 100%
rename from execdriver/lxc/lxc_init_unsupported.go
rename to runtime/execdriver/lxc/lxc_init_unsupported.go
diff --git a/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
similarity index 98%
rename from execdriver/lxc/lxc_template.go
rename to runtime/execdriver/lxc/lxc_template.go
index 84cd4e442e..db55287522 100644
--- a/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -1,7 +1,7 @@
 package lxc
 
 import (
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"strings"
 	"text/template"
 )
diff --git a/execdriver/lxc/lxc_template_unit_test.go b/runtime/execdriver/lxc/lxc_template_unit_test.go
similarity index 98%
rename from execdriver/lxc/lxc_template_unit_test.go
rename to runtime/execdriver/lxc/lxc_template_unit_test.go
index 99d6e636f5..ae66371836 100644
--- a/execdriver/lxc/lxc_template_unit_test.go
+++ b/runtime/execdriver/lxc/lxc_template_unit_test.go
@@ -3,7 +3,7 @@ package lxc
 import (
 	"bufio"
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"io/ioutil"
 	"math/rand"
 	"os"
diff --git a/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
similarity index 98%
rename from execdriver/native/default_template.go
rename to runtime/execdriver/native/default_template.go
index 5351911427..0c382059e9 100644
--- a/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -2,7 +2,7 @@ package native
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"os"
diff --git a/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
similarity index 99%
rename from execdriver/native/driver.go
rename to runtime/execdriver/native/driver.go
index 9b49fd156f..ff6c541cf9 100644
--- a/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -3,7 +3,7 @@ package native
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
diff --git a/execdriver/native/info.go b/runtime/execdriver/native/info.go
similarity index 100%
rename from execdriver/native/info.go
rename to runtime/execdriver/native/info.go
diff --git a/execdriver/native/term.go b/runtime/execdriver/native/term.go
similarity index 94%
rename from execdriver/native/term.go
rename to runtime/execdriver/native/term.go
index ec69820f75..0d5298d388 100644
--- a/execdriver/native/term.go
+++ b/runtime/execdriver/native/term.go
@@ -5,7 +5,7 @@
 package native
 
 import (
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"io"
 	"os"
 	"os/exec"
diff --git a/execdriver/pipes.go b/runtime/execdriver/pipes.go
similarity index 100%
rename from execdriver/pipes.go
rename to runtime/execdriver/pipes.go
diff --git a/execdriver/termconsole.go b/runtime/execdriver/termconsole.go
similarity index 100%
rename from execdriver/termconsole.go
rename to runtime/execdriver/termconsole.go
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 092b5a8130..f75a4df048 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -7,9 +7,9 @@ import (
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/execdriver"
-	"github.com/dotcloud/docker/execdriver/execdrivers"
-	"github.com/dotcloud/docker/execdriver/lxc"
+	"github.com/dotcloud/docker/runtime/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver/execdrivers"
+	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/graphdriver"
 	"github.com/dotcloud/docker/graphdriver/aufs"
diff --git a/runtime/volumes.go b/runtime/volumes.go
index 9cb66aae44..1bbb14a369 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -3,7 +3,7 @@ package runtime
 import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"os"
diff --git a/sysinit/sysinit.go b/sysinit/sysinit.go
index 56508b105d..50c858296f 100644
--- a/sysinit/sysinit.go
+++ b/sysinit/sysinit.go
@@ -3,9 +3,9 @@ package sysinit
 import (
 	"flag"
 	"fmt"
-	"github.com/dotcloud/docker/execdriver"
-	_ "github.com/dotcloud/docker/execdriver/lxc"
-	_ "github.com/dotcloud/docker/execdriver/native"
+	"github.com/dotcloud/docker/runtime/execdriver"
+	_ "github.com/dotcloud/docker/runtime/execdriver/lxc"
+	_ "github.com/dotcloud/docker/runtime/execdriver/native"
 	"log"
 	"os"
 )

From 96c4816cef592a98a235010924bb2417c8451079 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 14 Mar 2014 14:11:43 -0700
Subject: [PATCH 114/384] Move graphdrivers into runtime top level pkg
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 contrib/docker-device-tool/device_tool.go              |  2 +-
 graph/graph.go                                         |  2 +-
 graph/tags_unit_test.go                                |  4 ++--
 image/graph.go                                         |  2 +-
 image/image.go                                         |  2 +-
 integration/graph_test.go                              |  2 +-
 runtime/container.go                                   |  2 +-
 {graphdriver => runtime/graphdriver}/aufs/aufs.go      |  2 +-
 {graphdriver => runtime/graphdriver}/aufs/aufs_test.go |  2 +-
 {graphdriver => runtime/graphdriver}/aufs/dirs.go      |  0
 {graphdriver => runtime/graphdriver}/aufs/migrate.go   |  0
 {graphdriver => runtime/graphdriver}/aufs/mount.go     |  0
 .../graphdriver}/aufs/mount_linux.go                   |  0
 .../graphdriver}/aufs/mount_unsupported.go             |  0
 {graphdriver => runtime/graphdriver}/btrfs/btrfs.go    |  2 +-
 .../graphdriver}/btrfs/dummy_unsupported.go            |  0
 .../graphdriver}/devmapper/attach_loopback.go          |  0
 .../graphdriver}/devmapper/deviceset.go                |  0
 .../graphdriver}/devmapper/devmapper.go                |  0
 .../graphdriver}/devmapper/devmapper_doc.go            |  0
 .../graphdriver}/devmapper/devmapper_log.go            |  0
 .../graphdriver}/devmapper/devmapper_test.go           |  0
 .../graphdriver}/devmapper/devmapper_wrapper.go        |  0
 .../graphdriver}/devmapper/driver.go                   |  2 +-
 .../graphdriver}/devmapper/driver_test.go              |  2 +-
 .../graphdriver}/devmapper/ioctl.go                    |  0
 .../graphdriver}/devmapper/mount.go                    |  0
 {graphdriver => runtime/graphdriver}/devmapper/sys.go  |  0
 {graphdriver => runtime/graphdriver}/driver.go         |  0
 {graphdriver => runtime/graphdriver}/vfs/driver.go     |  2 +-
 runtime/runtime.go                                     | 10 +++++-----
 31 files changed, 19 insertions(+), 19 deletions(-)
 rename {graphdriver => runtime/graphdriver}/aufs/aufs.go (99%)
 rename {graphdriver => runtime/graphdriver}/aufs/aufs_test.go (99%)
 rename {graphdriver => runtime/graphdriver}/aufs/dirs.go (100%)
 rename {graphdriver => runtime/graphdriver}/aufs/migrate.go (100%)
 rename {graphdriver => runtime/graphdriver}/aufs/mount.go (100%)
 rename {graphdriver => runtime/graphdriver}/aufs/mount_linux.go (100%)
 rename {graphdriver => runtime/graphdriver}/aufs/mount_unsupported.go (100%)
 rename {graphdriver => runtime/graphdriver}/btrfs/btrfs.go (98%)
 rename {graphdriver => runtime/graphdriver}/btrfs/dummy_unsupported.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/attach_loopback.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/deviceset.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/devmapper.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/devmapper_doc.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/devmapper_log.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/devmapper_test.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/devmapper_wrapper.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/driver.go (98%)
 rename {graphdriver => runtime/graphdriver}/devmapper/driver_test.go (99%)
 rename {graphdriver => runtime/graphdriver}/devmapper/ioctl.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/mount.go (100%)
 rename {graphdriver => runtime/graphdriver}/devmapper/sys.go (100%)
 rename {graphdriver => runtime/graphdriver}/driver.go (100%)
 rename {graphdriver => runtime/graphdriver}/vfs/driver.go (97%)

diff --git a/contrib/docker-device-tool/device_tool.go b/contrib/docker-device-tool/device_tool.go
index 4d1ee0cea5..12c762a7f3 100644
--- a/contrib/docker-device-tool/device_tool.go
+++ b/contrib/docker-device-tool/device_tool.go
@@ -3,7 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver/devmapper"
+	"github.com/dotcloud/docker/runtime/graphdriver/devmapper"
 	"os"
 	"path"
 	"sort"
diff --git a/graph/graph.go b/graph/graph.go
index 01659b549f..f71b8a003e 100644
--- a/graph/graph.go
+++ b/graph/graph.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
diff --git a/graph/tags_unit_test.go b/graph/tags_unit_test.go
index 153f94db3d..cae5c2916e 100644
--- a/graph/tags_unit_test.go
+++ b/graph/tags_unit_test.go
@@ -2,8 +2,8 @@ package graph
 
 import (
 	"bytes"
-	"github.com/dotcloud/docker/graphdriver"
-	_ "github.com/dotcloud/docker/graphdriver/vfs" // import the vfs driver so it is used in the tests
+	"github.com/dotcloud/docker/runtime/graphdriver"
+	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs" // import the vfs driver so it is used in the tests
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
diff --git a/image/graph.go b/image/graph.go
index 857c09edd9..dd0136b00e 100644
--- a/image/graph.go
+++ b/image/graph.go
@@ -1,7 +1,7 @@
 package image
 
 import (
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 )
 
 type Graph interface {
diff --git a/image/image.go b/image/image.go
index e091879049..b2ddb03b0b 100644
--- a/image/image.go
+++ b/image/image.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
diff --git a/integration/graph_test.go b/integration/graph_test.go
index e575a252f3..ea9ddc7ae9 100644
--- a/integration/graph_test.go
+++ b/integration/graph_test.go
@@ -5,7 +5,7 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"io"
diff --git a/runtime/container.go b/runtime/container.go
index f4de40a16a..3c7aa22751 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -7,7 +7,7 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runtime/execdriver"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/links"
 	"github.com/dotcloud/docker/nat"
diff --git a/graphdriver/aufs/aufs.go b/runtime/graphdriver/aufs/aufs.go
similarity index 99%
rename from graphdriver/aufs/aufs.go
rename to runtime/graphdriver/aufs/aufs.go
index a15cf6b273..83a6579bc6 100644
--- a/graphdriver/aufs/aufs.go
+++ b/runtime/graphdriver/aufs/aufs.go
@@ -24,7 +24,7 @@ import (
 	"bufio"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	mountpk "github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/utils"
 	"os"
diff --git a/graphdriver/aufs/aufs_test.go b/runtime/graphdriver/aufs/aufs_test.go
similarity index 99%
rename from graphdriver/aufs/aufs_test.go
rename to runtime/graphdriver/aufs/aufs_test.go
index 6002bec5a1..cb417c3b26 100644
--- a/graphdriver/aufs/aufs_test.go
+++ b/runtime/graphdriver/aufs/aufs_test.go
@@ -5,7 +5,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"io/ioutil"
 	"os"
 	"path"
diff --git a/graphdriver/aufs/dirs.go b/runtime/graphdriver/aufs/dirs.go
similarity index 100%
rename from graphdriver/aufs/dirs.go
rename to runtime/graphdriver/aufs/dirs.go
diff --git a/graphdriver/aufs/migrate.go b/runtime/graphdriver/aufs/migrate.go
similarity index 100%
rename from graphdriver/aufs/migrate.go
rename to runtime/graphdriver/aufs/migrate.go
diff --git a/graphdriver/aufs/mount.go b/runtime/graphdriver/aufs/mount.go
similarity index 100%
rename from graphdriver/aufs/mount.go
rename to runtime/graphdriver/aufs/mount.go
diff --git a/graphdriver/aufs/mount_linux.go b/runtime/graphdriver/aufs/mount_linux.go
similarity index 100%
rename from graphdriver/aufs/mount_linux.go
rename to runtime/graphdriver/aufs/mount_linux.go
diff --git a/graphdriver/aufs/mount_unsupported.go b/runtime/graphdriver/aufs/mount_unsupported.go
similarity index 100%
rename from graphdriver/aufs/mount_unsupported.go
rename to runtime/graphdriver/aufs/mount_unsupported.go
diff --git a/graphdriver/btrfs/btrfs.go b/runtime/graphdriver/btrfs/btrfs.go
similarity index 98%
rename from graphdriver/btrfs/btrfs.go
rename to runtime/graphdriver/btrfs/btrfs.go
index 592e058458..b0530be92b 100644
--- a/graphdriver/btrfs/btrfs.go
+++ b/runtime/graphdriver/btrfs/btrfs.go
@@ -11,7 +11,7 @@ import "C"
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"os"
 	"path"
 	"syscall"
diff --git a/graphdriver/btrfs/dummy_unsupported.go b/runtime/graphdriver/btrfs/dummy_unsupported.go
similarity index 100%
rename from graphdriver/btrfs/dummy_unsupported.go
rename to runtime/graphdriver/btrfs/dummy_unsupported.go
diff --git a/graphdriver/devmapper/attach_loopback.go b/runtime/graphdriver/devmapper/attach_loopback.go
similarity index 100%
rename from graphdriver/devmapper/attach_loopback.go
rename to runtime/graphdriver/devmapper/attach_loopback.go
diff --git a/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
similarity index 100%
rename from graphdriver/devmapper/deviceset.go
rename to runtime/graphdriver/devmapper/deviceset.go
diff --git a/graphdriver/devmapper/devmapper.go b/runtime/graphdriver/devmapper/devmapper.go
similarity index 100%
rename from graphdriver/devmapper/devmapper.go
rename to runtime/graphdriver/devmapper/devmapper.go
diff --git a/graphdriver/devmapper/devmapper_doc.go b/runtime/graphdriver/devmapper/devmapper_doc.go
similarity index 100%
rename from graphdriver/devmapper/devmapper_doc.go
rename to runtime/graphdriver/devmapper/devmapper_doc.go
diff --git a/graphdriver/devmapper/devmapper_log.go b/runtime/graphdriver/devmapper/devmapper_log.go
similarity index 100%
rename from graphdriver/devmapper/devmapper_log.go
rename to runtime/graphdriver/devmapper/devmapper_log.go
diff --git a/graphdriver/devmapper/devmapper_test.go b/runtime/graphdriver/devmapper/devmapper_test.go
similarity index 100%
rename from graphdriver/devmapper/devmapper_test.go
rename to runtime/graphdriver/devmapper/devmapper_test.go
diff --git a/graphdriver/devmapper/devmapper_wrapper.go b/runtime/graphdriver/devmapper/devmapper_wrapper.go
similarity index 100%
rename from graphdriver/devmapper/devmapper_wrapper.go
rename to runtime/graphdriver/devmapper/devmapper_wrapper.go
diff --git a/graphdriver/devmapper/driver.go b/runtime/graphdriver/devmapper/driver.go
similarity index 98%
rename from graphdriver/devmapper/driver.go
rename to runtime/graphdriver/devmapper/driver.go
index 8c5a19eea0..33c7a0f483 100644
--- a/graphdriver/devmapper/driver.go
+++ b/runtime/graphdriver/devmapper/driver.go
@@ -4,7 +4,7 @@ package devmapper
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"os"
diff --git a/graphdriver/devmapper/driver_test.go b/runtime/graphdriver/devmapper/driver_test.go
similarity index 99%
rename from graphdriver/devmapper/driver_test.go
rename to runtime/graphdriver/devmapper/driver_test.go
index 68699f208e..9af71a00b3 100644
--- a/graphdriver/devmapper/driver_test.go
+++ b/runtime/graphdriver/devmapper/driver_test.go
@@ -4,7 +4,7 @@ package devmapper
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"io/ioutil"
 	"path"
 	"runtime"
diff --git a/graphdriver/devmapper/ioctl.go b/runtime/graphdriver/devmapper/ioctl.go
similarity index 100%
rename from graphdriver/devmapper/ioctl.go
rename to runtime/graphdriver/devmapper/ioctl.go
diff --git a/graphdriver/devmapper/mount.go b/runtime/graphdriver/devmapper/mount.go
similarity index 100%
rename from graphdriver/devmapper/mount.go
rename to runtime/graphdriver/devmapper/mount.go
diff --git a/graphdriver/devmapper/sys.go b/runtime/graphdriver/devmapper/sys.go
similarity index 100%
rename from graphdriver/devmapper/sys.go
rename to runtime/graphdriver/devmapper/sys.go
diff --git a/graphdriver/driver.go b/runtime/graphdriver/driver.go
similarity index 100%
rename from graphdriver/driver.go
rename to runtime/graphdriver/driver.go
diff --git a/graphdriver/vfs/driver.go b/runtime/graphdriver/vfs/driver.go
similarity index 97%
rename from graphdriver/vfs/driver.go
rename to runtime/graphdriver/vfs/driver.go
index 21da63878a..10a7b223a4 100644
--- a/graphdriver/vfs/driver.go
+++ b/runtime/graphdriver/vfs/driver.go
@@ -2,7 +2,7 @@ package vfs
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"os"
 	"os/exec"
 	"path"
diff --git a/runtime/runtime.go b/runtime/runtime.go
index f75a4df048..25edd774d8 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -11,11 +11,11 @@ import (
 	"github.com/dotcloud/docker/runtime/execdriver/execdrivers"
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/graphdriver"
-	"github.com/dotcloud/docker/graphdriver/aufs"
-	_ "github.com/dotcloud/docker/graphdriver/btrfs"
-	_ "github.com/dotcloud/docker/graphdriver/devmapper"
-	_ "github.com/dotcloud/docker/graphdriver/vfs"
+	"github.com/dotcloud/docker/runtime/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver/aufs"
+	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
+	_ "github.com/dotcloud/docker/runtime/graphdriver/devmapper"
+	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
 	"github.com/dotcloud/docker/image"
 	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"

From edd8d2d3511b0b632149d1c1f2cfd2bad2df4679 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 01:02:28 +0000
Subject: [PATCH 115/384] add no prune to rmi

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client.go    | 8 ++++++--
 api/server.go    | 1 +
 server/server.go | 8 ++++----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/api/client.go b/api/client.go
index 8ee61f6c22..1aceed50e7 100644
--- a/api/client.go
+++ b/api/client.go
@@ -817,8 +817,9 @@ func (cli *DockerCli) CmdPort(args ...string) error {
 // 'docker rmi IMAGE' removes all images with the name IMAGE
 func (cli *DockerCli) CmdRmi(args ...string) error {
 	var (
-		cmd   = cli.Subcmd("rmi", "IMAGE [IMAGE...]", "Remove one or more images")
-		force = cmd.Bool([]string{"f", "-force"}, false, "Force")
+		cmd     = cli.Subcmd("rmi", "IMAGE [IMAGE...]", "Remove one or more images")
+		force   = cmd.Bool([]string{"f", "-force"}, false, "Force")
+		noprune = cmd.Bool([]string{"-no-prune"}, false, "Do not delete untagged parents")
 	)
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -832,6 +833,9 @@ func (cli *DockerCli) CmdRmi(args ...string) error {
 	if *force {
 		v.Set("force", "1")
 	}
+	if *noprune {
+		v.Set("noprune", "1")
+	}
 
 	var encounteredError error
 	for _, name := range cmd.Args() {
diff --git a/api/server.go b/api/server.go
index 2d878b957a..774e3131ef 100644
--- a/api/server.go
+++ b/api/server.go
@@ -624,6 +624,7 @@ func deleteImages(eng *engine.Engine, version version.Version, w http.ResponseWr
 	var job = eng.Job("image_delete", vars["name"])
 	streamJSON(job, w, false)
 	job.Setenv("force", r.Form.Get("force"))
+	job.Setenv("noprune", r.Form.Get("noprune"))
 
 	return job.Run()
 }
diff --git a/server/server.go b/server/server.go
index eb9a3a396b..736d54ae52 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1839,7 +1839,7 @@ func (srv *Server) ContainerDestroy(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
-func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force bool) error {
+func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force, noprune bool) error {
 	var (
 		repoName, tag string
 		tags          = []string{}
@@ -1920,8 +1920,8 @@ func (srv *Server) DeleteImage(name string, imgs *engine.Table, first, force boo
 			out.Set("Deleted", img.ID)
 			imgs.Add(out)
 			srv.LogEvent("delete", img.ID, "")
-			if img.Parent != "" {
-				err := srv.DeleteImage(img.Parent, imgs, false, force)
+			if img.Parent != "" && !noprune {
+				err := srv.DeleteImage(img.Parent, imgs, false, force, noprune)
 				if first {
 					return err
 				}
@@ -1938,7 +1938,7 @@ func (srv *Server) ImageDelete(job *engine.Job) engine.Status {
 		return job.Errorf("Usage: %s IMAGE", job.Name)
 	}
 	imgs := engine.NewTable("", 0)
-	if err := srv.DeleteImage(job.Args[0], imgs, true, job.GetenvBool("force")); err != nil {
+	if err := srv.DeleteImage(job.Args[0], imgs, true, job.GetenvBool("force"), job.GetenvBool("noprune")); err != nil {
 		return job.Error(err)
 	}
 	if len(imgs.Data) == 0 {

From afcaaffd0bb84d0c97f4a3ef54f4d35ba3942f65 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 01:04:35 +0000
Subject: [PATCH 116/384] update doc

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 docs/sources/reference/api/docker_remote_api.rst       | 1 +
 docs/sources/reference/api/docker_remote_api_v1.10.rst | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/sources/reference/api/docker_remote_api.rst b/docs/sources/reference/api/docker_remote_api.rst
index 93558fa974..ca7463f351 100644
--- a/docs/sources/reference/api/docker_remote_api.rst
+++ b/docs/sources/reference/api/docker_remote_api.rst
@@ -50,6 +50,7 @@ What's new
 
    **New!** You can now use the force parameter to force delete of an image, even if it's
    tagged in multiple repositories.
+   **New!** You can now use the noprune parameter to prevent the deletion of parent images
 
 .. http:delete:: /containers/(id)
 
diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.rst b/docs/sources/reference/api/docker_remote_api_v1.10.rst
index 20af253f0e..649f58196e 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.10.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.10.rst
@@ -931,6 +931,7 @@ Remove an image
            ]
 
         :query force: 1/True/true or 0/False/false, default false
+        :query noprune: 1/True/true or 0/False/false, default false
         :statuscode 200: no error
         :statuscode 404: no such image
         :statuscode 409: conflict

From a18d08177c1b11fd1e88c27d78a7256b5d498d64 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 14 Mar 2014 17:13:11 +0000
Subject: [PATCH 117/384] Add missing client doc

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 docs/sources/reference/commandline/cli.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 6d55a0aedc..f302862b9e 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1092,6 +1092,7 @@ containers will not be deleted.
     Remove one or more images
 
       -f, --force=false: Force
+      --no-prune=false: Do not delete untagged parents
 
 Removing tagged images
 ~~~~~~~~~~~~~~~~~~~~~~

From 2bddcd68b4b927d36ffadd80e098f6d4ae2cf5d6 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 14 Mar 2014 15:07:52 -0700
Subject: [PATCH 118/384] Gofmt imports Docker-DCO-1.1-Signed-off-by: Michael
 Crosby <michael@crosbymichael.com> (github: crosbymichael)

---
 graph/graph.go                                 |  2 +-
 graph/tags_unit_test.go                        |  2 +-
 image/image.go                                 |  2 +-
 integration/graph_test.go                      |  2 +-
 runtime/container.go                           |  4 ++--
 runtime/execdriver/execdrivers/execdrivers.go  |  2 +-
 runtime/execdriver/lxc/driver.go               |  2 +-
 runtime/execdriver/lxc/init.go                 |  2 +-
 runtime/execdriver/native/default_template.go  |  2 +-
 runtime/execdriver/native/driver.go            |  2 +-
 runtime/graphdriver/aufs/aufs.go               |  2 +-
 runtime/networkdriver/ipallocator/allocator.go |  2 +-
 runtime/networkdriver/lxc/driver.go            |  4 ++--
 runtime/runtime.go                             | 10 +++++-----
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/graph/graph.go b/graph/graph.go
index f71b8a003e..4349cac129 100644
--- a/graph/graph.go
+++ b/graph/graph.go
@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
diff --git a/graph/tags_unit_test.go b/graph/tags_unit_test.go
index cae5c2916e..17773912cf 100644
--- a/graph/tags_unit_test.go
+++ b/graph/tags_unit_test.go
@@ -2,9 +2,9 @@ package graph
 
 import (
 	"bytes"
+	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runtime/graphdriver"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs" // import the vfs driver so it is used in the tests
-	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/utils"
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
diff --git a/image/image.go b/image/image.go
index b2ddb03b0b..33503bad5a 100644
--- a/image/image.go
+++ b/image/image.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"os"
diff --git a/integration/graph_test.go b/integration/graph_test.go
index ea9ddc7ae9..5602b3938d 100644
--- a/integration/graph_test.go
+++ b/integration/graph_test.go
@@ -5,8 +5,8 @@ import (
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/graph"
-	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
diff --git a/runtime/container.go b/runtime/container.go
index 3c7aa22751..9b138c89c1 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -6,12 +6,12 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/runtime/execdriver"
-	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/links"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime/execdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
diff --git a/runtime/execdriver/execdrivers/execdrivers.go b/runtime/execdriver/execdrivers/execdrivers.go
index 29fa5b44f9..9e277c86df 100644
--- a/runtime/execdriver/execdrivers/execdrivers.go
+++ b/runtime/execdriver/execdrivers/execdrivers.go
@@ -2,10 +2,10 @@ package execdrivers
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/sysinfo"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/runtime/execdriver/native"
-	"github.com/dotcloud/docker/pkg/sysinfo"
 	"path"
 )
 
diff --git a/runtime/execdriver/lxc/driver.go b/runtime/execdriver/lxc/driver.go
index fa2ecf9d77..b7311cc1ff 100644
--- a/runtime/execdriver/lxc/driver.go
+++ b/runtime/execdriver/lxc/driver.go
@@ -2,8 +2,8 @@ package lxc
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"log"
diff --git a/runtime/execdriver/lxc/init.go b/runtime/execdriver/lxc/init.go
index 946c8c930f..a64bca15b2 100644
--- a/runtime/execdriver/lxc/init.go
+++ b/runtime/execdriver/lxc/init.go
@@ -3,9 +3,9 @@ package lxc
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/pkg/user"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/syndtr/gocapability/capability"
 	"io/ioutil"
 	"net"
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index 0c382059e9..e76be6ebec 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -2,9 +2,9 @@ package native
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"os"
 )
 
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index ff6c541cf9..bf7e8ccdec 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -3,12 +3,12 @@ package native
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 	"github.com/dotcloud/docker/pkg/system"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"io"
 	"io/ioutil"
 	"log"
diff --git a/runtime/graphdriver/aufs/aufs.go b/runtime/graphdriver/aufs/aufs.go
index 83a6579bc6..6f05ddd025 100644
--- a/runtime/graphdriver/aufs/aufs.go
+++ b/runtime/graphdriver/aufs/aufs.go
@@ -24,8 +24,8 @@ import (
 	"bufio"
 	"fmt"
 	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/runtime/graphdriver"
 	mountpk "github.com/dotcloud/docker/pkg/mount"
+	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/utils"
 	"os"
 	"os/exec"
diff --git a/runtime/networkdriver/ipallocator/allocator.go b/runtime/networkdriver/ipallocator/allocator.go
index 2950e37003..70a7028bbe 100644
--- a/runtime/networkdriver/ipallocator/allocator.go
+++ b/runtime/networkdriver/ipallocator/allocator.go
@@ -3,8 +3,8 @@ package ipallocator
 import (
 	"encoding/binary"
 	"errors"
-	"github.com/dotcloud/docker/runtime/networkdriver"
 	"github.com/dotcloud/docker/pkg/collections"
+	"github.com/dotcloud/docker/runtime/networkdriver"
 	"net"
 	"sync"
 )
diff --git a/runtime/networkdriver/lxc/driver.go b/runtime/networkdriver/lxc/driver.go
index 746bcfb5b0..827de2a609 100644
--- a/runtime/networkdriver/lxc/driver.go
+++ b/runtime/networkdriver/lxc/driver.go
@@ -3,12 +3,12 @@ package lxc
 import (
 	"fmt"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/iptables"
+	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/runtime/networkdriver"
 	"github.com/dotcloud/docker/runtime/networkdriver/ipallocator"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
 	"github.com/dotcloud/docker/runtime/networkdriver/portmapper"
-	"github.com/dotcloud/docker/pkg/iptables"
-	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"log"
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 25edd774d8..677d52acc5 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -7,21 +7,21 @@ import (
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/graph"
+	"github.com/dotcloud/docker/image"
+	"github.com/dotcloud/docker/pkg/graphdb"
+	"github.com/dotcloud/docker/pkg/sysinfo"
+	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/execdrivers"
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
-	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/runtime/graphdriver"
 	"github.com/dotcloud/docker/runtime/graphdriver/aufs"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/devmapper"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
-	"github.com/dotcloud/docker/image"
 	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
-	"github.com/dotcloud/docker/pkg/graphdb"
-	"github.com/dotcloud/docker/pkg/sysinfo"
-	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"

From 8b5cf51d600dc4f3611cf063c52cf3448e7b01e5 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Fri, 14 Mar 2014 22:33:41 -0400
Subject: [PATCH 119/384] Disable automatic killing of containers when docker
 stop fails

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
---
 api/client.go                                        |  6 +++---
 .../sources/reference/api/docker_remote_api_v1.9.rst |  4 ++--
 docs/sources/reference/commandline/cli.rst           |  6 +++---
 runtime/container.go                                 | 12 ++----------
 4 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/api/client.go b/api/client.go
index 715f58ab06..6191f1b001 100644
--- a/api/client.go
+++ b/api/client.go
@@ -477,8 +477,8 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 }
 
 func (cli *DockerCli) CmdStop(args ...string) error {
-	cmd := cli.Subcmd("stop", "[OPTIONS] CONTAINER [CONTAINER...]", "Stop a running container (Send SIGTERM, and then SIGKILL after grace period)")
-	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop before killing it.")
+	cmd := cli.Subcmd("stop", "[OPTIONS] CONTAINER [CONTAINER...]", "Stop a running container (Send SIGTERM)")
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop.")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -505,7 +505,7 @@ func (cli *DockerCli) CmdStop(args ...string) error {
 
 func (cli *DockerCli) CmdRestart(args ...string) error {
 	cmd := cli.Subcmd("restart", "[OPTIONS] CONTAINER [CONTAINER...]", "Restart a running container")
-	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10")
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop. Default=10")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.rst b/docs/sources/reference/api/docker_remote_api_v1.9.rst
index 27812457bb..def38edd55 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.9.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.9.rst
@@ -432,7 +432,7 @@ Stop a container
 
            HTTP/1.1 204 OK
 
-        :query t: number of seconds to wait before killing the container
+        :query t: number of seconds to wait for the container to stop
         :statuscode 204: no error
         :statuscode 404: no such container
         :statuscode 500: server error
@@ -457,7 +457,7 @@ Restart a container
 
            HTTP/1.1 204 OK
 
-        :query t: number of seconds to wait before killing the container
+        :query t: number of seconds to wait for the container to stop
         :statuscode 204: no error
         :statuscode 404: no such container
         :statuscode 500: server error
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 2371ed1b5f..c780445179 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1366,11 +1366,11 @@ This example shows 5 containers that might be set up to test a web application c
 
     Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
 
-    Stop a running container (Send SIGTERM, and then SIGKILL after grace period)
+    Stop a running container (Send SIGTERM)
 
-      -t, --time=10: Number of seconds to wait for the container to stop before killing it.
+      -t, --time=10: Number of seconds to wait for the container to stop.
 
-The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL
+The main process inside the container will receive SIGTERM.
 
 .. _cli_tag:
 
diff --git a/runtime/container.go b/runtime/container.go
index ee545db201..acda4db169 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -890,20 +890,12 @@ func (container *Container) Stop(seconds int) error {
 
 	// 1. Send a SIGTERM
 	if err := container.KillSig(15); err != nil {
-		utils.Debugf("Error sending kill SIGTERM: %s", err)
-		log.Print("Failed to send SIGTERM to the process, force killing")
-		if err := container.KillSig(9); err != nil {
-			return err
-		}
+		return err
 	}
 
 	// 2. Wait for the process to exit on its own
 	if err := container.WaitTimeout(time.Duration(seconds) * time.Second); err != nil {
-		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.ID, seconds)
-		// 3. If it doesn't, then send SIGKILL
-		if err := container.Kill(); err != nil {
-			return err
-		}
+		return err
 	}
 	return nil
 }

From 326f6a4b4d942bf75ecb003e5c0d439bcb9d67cf Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 17 Mar 2014 19:17:40 +0000
Subject: [PATCH 120/384] fix tests

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 integration/commands_test.go |  2 +-
 integration/server_test.go   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/integration/commands_test.go b/integration/commands_test.go
index dba15842c7..5804d9f351 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -1062,7 +1062,7 @@ func TestContainerOrphaning(t *testing.T) {
 
 	// remove the second image by name
 	resp := engine.NewTable("", 0)
-	if err := srv.DeleteImage(imageName, resp, true, false); err == nil {
+	if err := srv.DeleteImage(imageName, resp, true, false, false); err == nil {
 		t.Fatal("Expected error, got none")
 	}
 
diff --git a/integration/server_test.go b/integration/server_test.go
index 2455c766e3..a401f1306e 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -36,7 +36,7 @@ func TestImageTagImageDelete(t *testing.T) {
 		t.Errorf("Expected %d images, %d found", nExpected, nActual)
 	}
 
-	if err := srv.DeleteImage("utest/docker:tag2", engine.NewTable("", 0), true, false); err != nil {
+	if err := srv.DeleteImage("utest/docker:tag2", engine.NewTable("", 0), true, false, false); err != nil {
 		t.Fatal(err)
 	}
 
@@ -48,7 +48,7 @@ func TestImageTagImageDelete(t *testing.T) {
 		t.Errorf("Expected %d images, %d found", nExpected, nActual)
 	}
 
-	if err := srv.DeleteImage("utest:5000/docker:tag3", engine.NewTable("", 0), true, false); err != nil {
+	if err := srv.DeleteImage("utest:5000/docker:tag3", engine.NewTable("", 0), true, false, false); err != nil {
 		t.Fatal(err)
 	}
 
@@ -57,7 +57,7 @@ func TestImageTagImageDelete(t *testing.T) {
 	nExpected = len(initialImages.Data[0].GetList("RepoTags")) + 1
 	nActual = len(images.Data[0].GetList("RepoTags"))
 
-	if err := srv.DeleteImage("utest:tag1", engine.NewTable("", 0), true, false); err != nil {
+	if err := srv.DeleteImage("utest:tag1", engine.NewTable("", 0), true, false, false); err != nil {
 		t.Fatal(err)
 	}
 
@@ -579,7 +579,7 @@ func TestRmi(t *testing.T) {
 		t.Fatalf("Expected 2 new images, found %d.", images.Len()-initialImages.Len())
 	}
 
-	if err = srv.DeleteImage(imageID, engine.NewTable("", 0), true, false); err != nil {
+	if err = srv.DeleteImage(imageID, engine.NewTable("", 0), true, false, false); err != nil {
 		t.Fatal(err)
 	}
 
@@ -815,7 +815,7 @@ func TestDeleteTagWithExistingContainers(t *testing.T) {
 
 	// Try to remove the tag
 	imgs := engine.NewTable("", 0)
-	if err := srv.DeleteImage("utest:tag1", imgs, true, false); err != nil {
+	if err := srv.DeleteImage("utest:tag1", imgs, true, false, false); err != nil {
 		t.Fatal(err)
 	}
 

From 1dfc44073399aadb226c1b4c1909fb15c033d44a Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 17 Mar 2014 19:33:40 +0000
Subject: [PATCH 121/384] fix panic in monitor

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 runtime/container.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/container.go b/runtime/container.go
index 9b138c89c1..5241c5cfe5 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -785,7 +785,7 @@ func (container *Container) monitor(callback execdriver.StartCallback) error {
 		utils.Errorf("Error running container: %s", err)
 	}
 
-	if container.runtime.srv.IsRunning() {
+	if container.runtime != nil && container.runtime.srv != nil && container.runtime.srv.IsRunning() {
 		container.State.SetStopped(exitCode)
 
 		// FIXME: there is a race condition here which causes this to fail during the unit tests.

From 53c5b1856d91093fed1c2d3f038d227f5fdef4b8 Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Sat, 15 Mar 2014 23:04:36 +0100
Subject: [PATCH 122/384] Add failing test case for issue #4681

Add a failing test case for an issue where docker is not creating a loopback device if networking is dissabled.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
---
 integration/container_test.go | 69 ++++++++++++++++++++++++-----------
 1 file changed, 47 insertions(+), 22 deletions(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index 010883a709..663b350638 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -434,28 +434,6 @@ func TestOutput(t *testing.T) {
 	}
 }
 
-func TestContainerNetwork(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-	container, _, err := runtime.Create(
-		&runconfig.Config{
-			Image: GetTestImage(runtime).ID,
-			Cmd:   []string{"ping", "-c", "1", "127.0.0.1"},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-	if err := container.Run(); err != nil {
-		t.Fatal(err)
-	}
-	if code := container.State.GetExitCode(); code != 0 {
-		t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code)
-	}
-}
-
 func TestKillDifferentUser(t *testing.T) {
 	runtime := mkRuntime(t)
 	defer nuke(runtime)
@@ -1523,6 +1501,53 @@ func TestVolumesFromWithVolumes(t *testing.T) {
 	}
 }
 
+func TestContainerNetwork(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+	container, _, err := runtime.Create(
+		&runconfig.Config{
+			Image: GetTestImage(runtime).ID,
+			// If I change this to ping 8.8.8.8 it fails.  Any idea why? - timthelion
+			Cmd: []string{"ping", "-c", "1", "127.0.0.1"},
+		},
+		"",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+	if err := container.Run(); err != nil {
+		t.Fatal(err)
+	}
+	if code := container.State.GetExitCode(); code != 0 {
+		t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code)
+	}
+}
+
+// Issue #4681
+func TestLoopbackFunctionsWhenNetworkingIsDissabled(t *testing.T) {
+	runtime := mkRuntime(t)
+	defer nuke(runtime)
+	container, _, err := runtime.Create(
+		&runconfig.Config{
+			Image:           GetTestImage(runtime).ID,
+			Cmd:             []string{"ping", "-c", "1", "127.0.0.1"},
+			NetworkDisabled: true,
+		},
+		"",
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer runtime.Destroy(container)
+	if err := container.Run(); err != nil {
+		t.Fatal(err)
+	}
+	if code := container.State.GetExitCode(); code != 0 {
+		t.Fatalf("Unexpected ping 127.0.0.1 exit code %d (expected 0)", code)
+	}
+}
+
 func TestOnlyLoopbackExistsWhenUsingDisableNetworkOption(t *testing.T) {
 	eng := NewTestEngine(t)
 	runtime := mkRuntimeFromEngine(eng, t)

From 353df19ab7009f6555dee506841ae0b690a08768 Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Sun, 16 Mar 2014 01:01:31 +0100
Subject: [PATCH 123/384] Fix issue #4681 - No loopback interface within
 container when networking is disabled.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Remove loopback code from veth strategy

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Looback strategy: Get rid of uneeded code in Create
Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Use append when building network strategy list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Swap loopback and veth strategies in Networks list

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

Revert "Swap loopback and veth strategies in Networks list"

This reverts commit 3b8b2c8454171d79bed5e9a80165172617e92fc7.

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)

When initializing networks, only return from the loop if there is an error

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
---
 pkg/libcontainer/network/loopback.go          | 24 +++++++++++++
 pkg/libcontainer/network/strategy.go          |  3 +-
 pkg/libcontainer/network/veth.go              |  6 ----
 pkg/libcontainer/nsinit/init.go               |  6 +++-
 runtime/execdriver/native/default_template.go | 35 +++++++++++++------
 5 files changed, 56 insertions(+), 18 deletions(-)
 create mode 100644 pkg/libcontainer/network/loopback.go

diff --git a/pkg/libcontainer/network/loopback.go b/pkg/libcontainer/network/loopback.go
new file mode 100644
index 0000000000..6215061dc2
--- /dev/null
+++ b/pkg/libcontainer/network/loopback.go
@@ -0,0 +1,24 @@
+package network
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+)
+
+// Loopback is a network strategy that provides a basic loopback device
+type Loopback struct {
+}
+
+func (l *Loopback) Create(n *libcontainer.Network, nspid int, context libcontainer.Context) error {
+	return nil
+}
+
+func (l *Loopback) Initialize(config *libcontainer.Network, context libcontainer.Context) error {
+	if err := SetMtu("lo", config.Mtu); err != nil {
+		return fmt.Errorf("set lo mtu to %d %s", config.Mtu, err)
+	}
+	if err := InterfaceUp("lo"); err != nil {
+		return fmt.Errorf("lo up %s", err)
+	}
+	return nil
+}
diff --git a/pkg/libcontainer/network/strategy.go b/pkg/libcontainer/network/strategy.go
index 234fcc0aa2..693790d280 100644
--- a/pkg/libcontainer/network/strategy.go
+++ b/pkg/libcontainer/network/strategy.go
@@ -10,7 +10,8 @@ var (
 )
 
 var strategies = map[string]NetworkStrategy{
-	"veth": &Veth{},
+	"veth":     &Veth{},
+	"loopback": &Loopback{},
 }
 
 // NetworkStrategy represents a specific network configuration for
diff --git a/pkg/libcontainer/network/veth.go b/pkg/libcontainer/network/veth.go
index 3ab1b2393b..3df0cd61ee 100644
--- a/pkg/libcontainer/network/veth.go
+++ b/pkg/libcontainer/network/veth.go
@@ -68,12 +68,6 @@ func (v *Veth) Initialize(config *libcontainer.Network, context libcontainer.Con
 	if err := InterfaceUp("eth0"); err != nil {
 		return fmt.Errorf("eth0 up %s", err)
 	}
-	if err := SetMtu("lo", config.Mtu); err != nil {
-		return fmt.Errorf("set lo mtu to %d %s", config.Mtu, err)
-	}
-	if err := InterfaceUp("lo"); err != nil {
-		return fmt.Errorf("lo up %s", err)
-	}
 	if config.Gateway != "" {
 		if err := SetDefaultGateway(config.Gateway); err != nil {
 			return fmt.Errorf("set gateway to %s %s", config.Gateway, err)
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index e329becbdf..117ae875ed 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -134,7 +134,11 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex
 		if err != nil {
 			return err
 		}
-		return strategy.Initialize(config, context)
+
+		err1 := strategy.Initialize(config, context)
+		if err1 != nil {
+			return err1
+		}
 	}
 	return nil
 }
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index e76be6ebec..47b19c9d66 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -19,19 +19,34 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 	container.WorkingDir = c.WorkingDir
 	container.Env = c.Env
 
+	loopbackNetwork := libcontainer.Network{
+		// Using constants here because
+		// when networking is disabled
+		// These settings simply don't exist:
+		// https://github.com/dotcloud/docker/blob/c7ea6e5da80af3d9ba7558f876efbf0801d988d8/runtime/container.go#L367
+		Mtu:     1500,
+		Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
+		Gateway: "localhost",
+		Type:    "loopback",
+		Context: libcontainer.Context{},
+	}
+
+	container.Networks = []*libcontainer.Network{
+		&loopbackNetwork,
+	}
+
 	if c.Network != nil {
-		container.Networks = []*libcontainer.Network{
-			{
-				Mtu:     c.Network.Mtu,
-				Address: fmt.Sprintf("%s/%d", c.Network.IPAddress, c.Network.IPPrefixLen),
-				Gateway: c.Network.Gateway,
-				Type:    "veth",
-				Context: libcontainer.Context{
-					"prefix": "veth",
-					"bridge": c.Network.Bridge,
-				},
+		vethNetwork := libcontainer.Network{
+			Mtu:     c.Network.Mtu,
+			Address: fmt.Sprintf("%s/%d", c.Network.IPAddress, c.Network.IPPrefixLen),
+			Gateway: c.Network.Gateway,
+			Type:    "veth",
+			Context: libcontainer.Context{
+				"prefix": "veth",
+				"bridge": c.Network.Bridge,
 			},
 		}
+		container.Networks = append(container.Networks, &vethNetwork)
 	}
 
 	container.Cgroups.Name = c.ID

From 659b719aa66e7ed0c3104d3704fa61035050ad82 Mon Sep 17 00:00:00 2001
From: Timothy Hobbs <timothyhobbs@seznam.cz>
Date: Sun, 16 Mar 2014 20:52:27 +0100
Subject: [PATCH 124/384] Refactor out interface specific information from
 execdriver.Network

Docker-DCO-1.1-Signed-off-by: Timothy Hobbs <timothyhobbs@seznam.cz> (github: https://github.com/timthelion)
---
 runtime/container.go                             |  8 ++++++--
 runtime/execdriver/driver.go                     | 10 +++++++---
 runtime/execdriver/lxc/driver.go                 | 10 ++++++----
 runtime/execdriver/lxc/lxc_template.go           |  6 +++---
 runtime/execdriver/lxc/lxc_template_unit_test.go |  8 ++++++++
 runtime/execdriver/native/default_template.go    | 14 +++++---------
 6 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/runtime/container.go b/runtime/container.go
index 2a30715206..73bad67d6a 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -364,14 +364,18 @@ func populateCommand(c *Container) {
 		driverConfig []string
 	)
 
+	en = &execdriver.Network{
+		Mtu:       c.runtime.config.Mtu,
+		Interface: nil,
+	}
+
 	if !c.Config.NetworkDisabled {
 		network := c.NetworkSettings
-		en = &execdriver.Network{
+		en.Interface = &execdriver.NetworkInterface{
 			Gateway:     network.Gateway,
 			Bridge:      network.Bridge,
 			IPAddress:   network.IPAddress,
 			IPPrefixLen: network.IPPrefixLen,
-			Mtu:         c.runtime.config.Mtu,
 		}
 	}
 
diff --git a/runtime/execdriver/driver.go b/runtime/execdriver/driver.go
index ff37b6bc5b..23e31ee8d9 100644
--- a/runtime/execdriver/driver.go
+++ b/runtime/execdriver/driver.go
@@ -84,11 +84,15 @@ type Driver interface {
 
 // Network settings of the container
 type Network struct {
+	Interface *NetworkInterface `json:"interface"` // if interface is nil then networking is disabled
+	Mtu       int               `json:"mtu"`
+}
+
+type NetworkInterface struct {
 	Gateway     string `json:"gateway"`
 	IPAddress   string `json:"ip"`
 	Bridge      string `json:"bridge"`
 	IPPrefixLen int    `json:"ip_prefix_len"`
-	Mtu         int    `json:"mtu"`
 }
 
 type Resources struct {
@@ -118,8 +122,8 @@ type Command struct {
 	WorkingDir string     `json:"working_dir"`
 	ConfigPath string     `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
 	Tty        bool       `json:"tty"`
-	Network    *Network   `json:"network"` // if network is nil then networking is disabled
-	Config     []string   `json:"config"`  //  generic values that specific drivers can consume
+	Network    *Network   `json:"network"`
+	Config     []string   `json:"config"` //  generic values that specific drivers can consume
 	Resources  *Resources `json:"resources"`
 	Mounts     []Mount    `json:"mounts"`
 
diff --git a/runtime/execdriver/lxc/driver.go b/runtime/execdriver/lxc/driver.go
index b7311cc1ff..086e35f643 100644
--- a/runtime/execdriver/lxc/driver.go
+++ b/runtime/execdriver/lxc/driver.go
@@ -98,13 +98,15 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 		DriverName,
 	}
 
-	if c.Network != nil {
+	if c.Network.Interface != nil {
 		params = append(params,
-			"-g", c.Network.Gateway,
-			"-i", fmt.Sprintf("%s/%d", c.Network.IPAddress, c.Network.IPPrefixLen),
-			"-mtu", strconv.Itoa(c.Network.Mtu),
+			"-g", c.Network.Interface.Gateway,
+			"-i", fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
 		)
 	}
+	params = append(params,
+		"-mtu", strconv.Itoa(c.Network.Mtu),
+	)
 
 	if c.User != "" {
 		params = append(params, "-u", c.User)
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index db55287522..ce9d90469f 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -7,17 +7,17 @@ import (
 )
 
 const LxcTemplate = `
-{{if .Network}}
+{{if .Network.Interface}}
 # network configuration
 lxc.network.type = veth
-lxc.network.link = {{.Network.Bridge}}
+lxc.network.link = {{.Network.Interface.Bridge}}
 lxc.network.name = eth0
-lxc.network.mtu = {{.Network.Mtu}}
 {{else}}
 # network is disabled (-n=false)
 lxc.network.type = empty
 lxc.network.flags = up
 {{end}}
+lxc.network.mtu = {{.Network.Mtu}}
 
 # root filesystem
 {{$ROOTFS := .Rootfs}}
diff --git a/runtime/execdriver/lxc/lxc_template_unit_test.go b/runtime/execdriver/lxc/lxc_template_unit_test.go
index ae66371836..e613adf7a9 100644
--- a/runtime/execdriver/lxc/lxc_template_unit_test.go
+++ b/runtime/execdriver/lxc/lxc_template_unit_test.go
@@ -43,6 +43,10 @@ func TestLXCConfig(t *testing.T) {
 			Memory:    int64(mem),
 			CpuShares: int64(cpu),
 		},
+		Network: &execdriver.Network{
+			Mtu:       1500,
+			Interface: nil,
+		},
 	}
 	p, err := driver.generateLXCConfig(command)
 	if err != nil {
@@ -75,6 +79,10 @@ func TestCustomLxcConfig(t *testing.T) {
 			"lxc.utsname = docker",
 			"lxc.cgroup.cpuset.cpus = 0,1",
 		},
+		Network: &execdriver.Network{
+			Mtu:       1500,
+			Interface: nil,
+		},
 	}
 
 	p, err := driver.generateLXCConfig(command)
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index 47b19c9d66..d744ab382f 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -20,11 +20,7 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 	container.Env = c.Env
 
 	loopbackNetwork := libcontainer.Network{
-		// Using constants here because
-		// when networking is disabled
-		// These settings simply don't exist:
-		// https://github.com/dotcloud/docker/blob/c7ea6e5da80af3d9ba7558f876efbf0801d988d8/runtime/container.go#L367
-		Mtu:     1500,
+		Mtu:     c.Network.Mtu,
 		Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
 		Gateway: "localhost",
 		Type:    "loopback",
@@ -35,15 +31,15 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 		&loopbackNetwork,
 	}
 
-	if c.Network != nil {
+	if c.Network.Interface != nil {
 		vethNetwork := libcontainer.Network{
 			Mtu:     c.Network.Mtu,
-			Address: fmt.Sprintf("%s/%d", c.Network.IPAddress, c.Network.IPPrefixLen),
-			Gateway: c.Network.Gateway,
+			Address: fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
+			Gateway: c.Network.Interface.Gateway,
 			Type:    "veth",
 			Context: libcontainer.Context{
 				"prefix": "veth",
-				"bridge": c.Network.Bridge,
+				"bridge": c.Network.Interface.Bridge,
 			},
 		}
 		container.Networks = append(container.Networks, &vethNetwork)

From 25218f9b239784e6f38550a6e320bce56aaca3e1 Mon Sep 17 00:00:00 2001
From: Isabel Jimenez <contact.isabeljimenez@gmail.com>
Date: Mon, 17 Mar 2014 01:40:36 -0700
Subject: [PATCH 125/384] adding configuration for timeout and disable it by
 default

Docker-DCO-1.1-Signed-off-by: Isabel Jimenez <contact@isabeljimenez.com> (github: jimenez)
---
 api/server.go              |  5 ++---
 pkg/listenbuffer/buffer.go | 27 ++++++---------------------
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/api/server.go b/api/server.go
index 048c989540..8871fb06f8 100644
--- a/api/server.go
+++ b/api/server.go
@@ -26,7 +26,6 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
-	"time"
 )
 
 var (
@@ -1130,7 +1129,7 @@ func changeGroup(addr string, nameOrGid string) error {
 
 // ListenAndServe sets up the required http.Server and gets it listening for
 // each addr passed in and does protocol specific checking.
-func ListenAndServe(proto, addr string, eng *engine.Engine, logging, enableCors bool, dockerVersion string, socketGroup string) error {
+func ListenAndServe(proto, addr string, eng *engine.Engine, logging, enableCors bool, dockerVersion, socketGroup string) error {
 	r, err := createRouter(eng, logging, enableCors, dockerVersion)
 
 	if err != nil {
@@ -1147,7 +1146,7 @@ func ListenAndServe(proto, addr string, eng *engine.Engine, logging, enableCors
 		}
 	}
 
-	l, err := listenbuffer.NewListenBuffer(proto, addr, activationLock, 15*time.Minute)
+	l, err := listenbuffer.NewListenBuffer(proto, addr, activationLock)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/listenbuffer/buffer.go b/pkg/listenbuffer/buffer.go
index c350805a7d..17572c8a0e 100644
--- a/pkg/listenbuffer/buffer.go
+++ b/pkg/listenbuffer/buffer.go
@@ -5,15 +5,10 @@
 */
 package listenbuffer
 
-import (
-	"fmt"
-	"net"
-	"time"
-)
+import "net"
 
-// NewListenBuffer returns a listener listening on addr with the protocol.  It sets the
-// timeout to wait on first connection before an error is returned
-func NewListenBuffer(proto, addr string, activate chan struct{}, timeout time.Duration) (net.Listener, error) {
+// NewListenBuffer returns a listener listening on addr with the protocol.
+func NewListenBuffer(proto, addr string, activate chan struct{}) (net.Listener, error) {
 	wrapped, err := net.Listen(proto, addr)
 	if err != nil {
 		return nil, err
@@ -22,7 +17,6 @@ func NewListenBuffer(proto, addr string, activate chan struct{}, timeout time.Du
 	return &defaultListener{
 		wrapped:  wrapped,
 		activate: activate,
-		timeout:  timeout,
 	}, nil
 }
 
@@ -30,7 +24,6 @@ type defaultListener struct {
 	wrapped  net.Listener // the real listener to wrap
 	ready    bool         // is the listner ready to start accpeting connections
 	activate chan struct{}
-	timeout  time.Duration // how long to wait before we consider this an error
 }
 
 func (l *defaultListener) Close() error {
@@ -47,15 +40,7 @@ func (l *defaultListener) Accept() (net.Conn, error) {
 	if l.ready {
 		return l.wrapped.Accept()
 	}
-
-	select {
-	case <-time.After(l.timeout):
-		// close the connection so any clients are disconnected
-		l.Close()
-		return nil, fmt.Errorf("timeout (%s) reached waiting for listener to become ready", l.timeout.String())
-	case <-l.activate:
-		l.ready = true
-		return l.Accept()
-	}
-	panic("unreachable")
+	<-l.activate
+	l.ready = true
+	return l.Accept()
 }

From 782eb5f03a9dde970172895da37be8c656fef3bd Mon Sep 17 00:00:00 2001
From: Andrea Turli <andrea.turli@gmail.com>
Date: Mon, 17 Mar 2014 23:11:46 +0100
Subject: [PATCH 126/384] add softlayer installation instructions

Docker-DCO-1.1-Signed-off-by: Andrea Turli <andrea.turli@gmail.com> (github: andreaturli)
---
 docs/sources/installation/index.rst     |  1 +
 docs/sources/installation/softlayer.rst | 27 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 docs/sources/installation/softlayer.rst

diff --git a/docs/sources/installation/index.rst b/docs/sources/installation/index.rst
index 39c1f6a292..ae0e9196fa 100644
--- a/docs/sources/installation/index.rst
+++ b/docs/sources/installation/index.rst
@@ -30,4 +30,5 @@ Contents:
    amazon
    rackspace
    google
+   softlayer
    binaries
diff --git a/docs/sources/installation/softlayer.rst b/docs/sources/installation/softlayer.rst
new file mode 100644
index 0000000000..ff65029f62
--- /dev/null
+++ b/docs/sources/installation/softlayer.rst
@@ -0,0 +1,27 @@
+:title: Installation on IBM SoftLayer 
+:description: Please note this project is currently under heavy development. It should not be used in production. 
+:keywords: IBM SoftLayer, virtualization, cloud, docker, documentation, installation
+
+IBM SoftLayer
+=============
+
+.. include:: install_header.inc
+
+There are several ways to install Docker on IBM SoftLayer, but probably the simplest way is the following:
+
+IBM SoftLayer QuickStart
+-------------------------
+
+1. Create an `IBM SoftLayer account <https://www.softlayer.com/cloudlayer/>`_.
+2. Log in to the `SoftLayer Console <https://control.softlayer.com/devices/>`_.
+3. Go to `Order Hourly Computing Instance <https://manage.softlayer.com/Sales/orderHourlyComputingInstance>`_ on your SoftLayer Console.
+4. Create a new CCI using the default values for all the fields and choose:
+
+- *First Available* as ``Datacenter`` and 
+- *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* as ``Operating System``.
+
+5. Click the *Continue Your Order* button at the bottom right and select *Go to checkout*.
+6. Insert the required *User Metadata* and place the order.
+7. Then continue with the :ref:`ubuntu_linux` instructions.
+
+Continue with the :ref:`hello_world` example.
\ No newline at end of file

From 8b159fca8a4bc8692c77db3536f7098a583270ad Mon Sep 17 00:00:00 2001
From: Andrea Turli <andrea.turli@gmail.com>
Date: Mon, 17 Mar 2014 23:39:02 +0100
Subject: [PATCH 127/384] address comments from @jamtur01

Docker-DCO-1.1-Signed-off-by: Andrea Turli <andrea.turli@gmail.com> (github: andreaturli)
---
 docs/sources/installation/softlayer.rst | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/docs/sources/installation/softlayer.rst b/docs/sources/installation/softlayer.rst
index ff65029f62..0fe3d6df5a 100644
--- a/docs/sources/installation/softlayer.rst
+++ b/docs/sources/installation/softlayer.rst
@@ -7,15 +7,13 @@ IBM SoftLayer
 
 .. include:: install_header.inc
 
-There are several ways to install Docker on IBM SoftLayer, but probably the simplest way is the following:
-
 IBM SoftLayer QuickStart
 -------------------------
 
 1. Create an `IBM SoftLayer account <https://www.softlayer.com/cloudlayer/>`_.
 2. Log in to the `SoftLayer Console <https://control.softlayer.com/devices/>`_.
-3. Go to `Order Hourly Computing Instance <https://manage.softlayer.com/Sales/orderHourlyComputingInstance>`_ on your SoftLayer Console.
-4. Create a new CCI using the default values for all the fields and choose:
+3. Go to `Order Hourly Computing Instance Wizard <https://manage.softlayer.com/Sales/orderHourlyComputingInstance>`_ on your SoftLayer Console.
+4. Create a new *CloudLayer Computing Instance* (CCI) using the default values for all the fields and choose:
 
 - *First Available* as ``Datacenter`` and 
 - *Ubuntu Linux 12.04 LTS Precise Pangolin - Minimal Install (64 bit)* as ``Operating System``.

From 15a267b57d2394dd5cb697f9a80b6df4fc939a76 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Tue, 18 Mar 2014 01:34:43 +0000
Subject: [PATCH 128/384] add time since exit in docker ps

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 runtime/state.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/state.go b/runtime/state.go
index cce6912b46..1c682acd26 100644
--- a/runtime/state.go
+++ b/runtime/state.go
@@ -28,7 +28,7 @@ func (s *State) String() string {
 		}
 		return fmt.Sprintf("Up %s", utils.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 	}
-	return fmt.Sprintf("Exit %d", s.ExitCode)
+	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCode, utils.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
 }
 
 func (s *State) IsRunning() bool {

From c1f492755b8774005b3627da8ee001ee0b2df4eb Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 17 Mar 2014 19:26:08 -0600
Subject: [PATCH 129/384] Improve WORKDIR test to cover more edge cases

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 integration/buildfile_test.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index 9c986d74c2..95d5abb8a7 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -445,16 +445,18 @@ func TestBuildRelativeWorkdir(t *testing.T) {
 	img, err := buildImage(testContextTemplate{`
 		FROM {IMAGE}
 		RUN [ "$PWD" = '/' ]
-		WORKDIR /test1
+		WORKDIR test1
 		RUN [ "$PWD" = '/test1' ]
-		WORKDIR test2
-		RUN [ "$PWD" = '/test1/test2' ]
+		WORKDIR /test2
+		RUN [ "$PWD" = '/test2' ]
+		WORKDIR test3
+		RUN [ "$PWD" = '/test2/test3' ]
 	`, nil, nil}, t, nil, true)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if img.Config.WorkingDir != "/test1/test2" {
-		t.Fail()
+	if img.Config.WorkingDir != "/test2/test3" {
+		t.Fatalf("Expected workdir to be '/test2/test3', received '%s'", img.Config.WorkingDir)
 	}
 }
 

From 69299f041f78f8a86bf810142e740bbd72fe4b1b Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 17 Mar 2014 19:26:39 -0600
Subject: [PATCH 130/384] Add some documentation about relative WORKDIR values

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/reference/builder.rst | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 0d8d750a04..1c8331e98f 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -407,7 +407,16 @@ the image.
 The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and
 ``ENTRYPOINT``  Dockerfile commands that follow it.
 
-It can be used multiple times in the one Dockerfile.
+It can be used multiple times in the one Dockerfile.  If a relative path is
+provided, it will be relative to the path of the previous ``WORKDIR``
+instruction.  For example:
+
+    WORKDIR /a
+    WORKDIR b
+    WORKDIR c
+    RUN pwd
+
+The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``.
 
 3.11 ONBUILD
 ------------

From 4b1513f9c394fbfdf21998db4318251b4e8b6bc0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 17 Mar 2014 17:42:16 -0700
Subject: [PATCH 131/384] Only unshare the mount namespace for execin

Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/libcontainer/nsinit/execin.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go
index 39df4761a0..f8b8931390 100644
--- a/pkg/libcontainer/nsinit/execin.go
+++ b/pkg/libcontainer/nsinit/execin.go
@@ -14,10 +14,12 @@ import (
 
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
 func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
-	ns.logger.Println("unshare namespaces")
-	for _, ns := range container.Namespaces {
-		if err := system.Unshare(ns.Value); err != nil {
-			return -1, err
+	for _, nsv := range container.Namespaces {
+		// skip the PID namespace on unshare because it it not supported
+		if nsv.Key != "NEWPID" {
+			if err := system.Unshare(nsv.Value); err != nil {
+				return -1, err
+			}
 		}
 	}
 	fds, err := ns.getNsFds(nspid, container)

From 670ce98c60dbac1d46a59bd69bd20b569f4794f1 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Fri, 14 Mar 2014 14:23:54 -0400
Subject: [PATCH 132/384] graphdriver: build tags

Enable build tags for all the graphdrivers to be excludable.

As an example:
```
$ go build
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 18400158 Mar 14 14:22 docker*
$ go build -tags "exclude_graphdriver_aufs exclude_graphdriver_vfs exclude_graphdriver_devicemapper"
$ ls -l docker
-rwxr-xr-x 1 vbatts vbatts 17467068 Mar 14 14:22 docker*
```

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 hack/PACKAGERS.md               | 17 +++++++++++++++++
 runtime/runtime.go              | 11 +++--------
 runtime/runtime_aufs.go         | 22 ++++++++++++++++++++++
 runtime/runtime_devicemapper.go |  7 +++++++
 runtime/runtime_no_aufs.go      | 11 +++++++++++
 runtime/runtime_vfs.go          |  7 +++++++
 6 files changed, 67 insertions(+), 8 deletions(-)
 create mode 100644 runtime/runtime_aufs.go
 create mode 100644 runtime/runtime_devicemapper.go
 create mode 100644 runtime/runtime_no_aufs.go
 create mode 100644 runtime/runtime_vfs.go

diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 5dcb120689..0e513cd4fa 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -157,6 +157,23 @@ AppArmor, you will need to set `DOCKER_BUILDTAGS` as follows:
 export DOCKER_BUILDTAGS='apparmor'
 ```
 
+There are build tags for disabling graphdrivers as well. By default, support
+for all graphdrivers are built in.
+
+To disable vfs
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_vfs'
+```
+
+To disable devicemapper
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_devicemapper'
+```
+To disable aufs
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
+```
+
 ### Static Daemon
 
 If it is feasible within the constraints of your distribution, you should
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 677d52acc5..be15cb562d 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -16,10 +16,7 @@ import (
 	"github.com/dotcloud/docker/runtime/execdriver/execdrivers"
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/runtime/graphdriver"
-	"github.com/dotcloud/docker/runtime/graphdriver/aufs"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
-	_ "github.com/dotcloud/docker/runtime/graphdriver/devmapper"
-	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
 	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
 	"github.com/dotcloud/docker/utils"
@@ -652,11 +649,9 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 		return nil, err
 	}
 
-	if ad, ok := driver.(*aufs.Driver); ok {
-		utils.Debugf("Migrating existing containers")
-		if err := ad.Migrate(config.Root, graph.SetupInitLayer); err != nil {
-			return nil, err
-		}
+	// Migrate the container if it is aufs and aufs is enabled
+	if err = migrateIfAufs(driver, config.Root); err != nil {
+		return nil, err
 	}
 
 	utils.Debugf("Creating images graph")
diff --git a/runtime/runtime_aufs.go b/runtime/runtime_aufs.go
new file mode 100644
index 0000000000..5a32615df5
--- /dev/null
+++ b/runtime/runtime_aufs.go
@@ -0,0 +1,22 @@
+// +build !exclude_graphdriver_aufs
+
+package runtime
+
+import (
+	"github.com/dotcloud/docker/graph"
+	"github.com/dotcloud/docker/runtime/graphdriver"
+	"github.com/dotcloud/docker/runtime/graphdriver/aufs"
+	"github.com/dotcloud/docker/utils"
+)
+
+// Given the graphdriver ad, if it is aufs, then migrate it.
+// If aufs driver is not built, this func is a noop.
+func migrateIfAufs(driver graphdriver.Driver, root string) error {
+	if ad, ok := driver.(*aufs.Driver); ok {
+		utils.Debugf("Migrating existing containers")
+		if err := ad.Migrate(root, graph.SetupInitLayer); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/runtime/runtime_devicemapper.go b/runtime/runtime_devicemapper.go
new file mode 100644
index 0000000000..5b418b377a
--- /dev/null
+++ b/runtime/runtime_devicemapper.go
@@ -0,0 +1,7 @@
+// +build !exclude_graphdriver_devicemapper
+
+package runtime
+
+import (
+	_ "github.com/dotcloud/docker/runtime/graphdriver/devmapper"
+)
diff --git a/runtime/runtime_no_aufs.go b/runtime/runtime_no_aufs.go
new file mode 100644
index 0000000000..05a01fe151
--- /dev/null
+++ b/runtime/runtime_no_aufs.go
@@ -0,0 +1,11 @@
+// +build exclude_graphdriver_aufs
+
+package runtime
+
+import (
+	"github.com/dotcloud/docker/runtime/graphdriver"
+)
+
+func migrateIfAufs(driver graphdriver.Driver, root string) error {
+	return nil
+}
diff --git a/runtime/runtime_vfs.go b/runtime/runtime_vfs.go
new file mode 100644
index 0000000000..e1db736083
--- /dev/null
+++ b/runtime/runtime_vfs.go
@@ -0,0 +1,7 @@
+// +build !exclude_graphdriver_vfs
+
+package runtime
+
+import (
+	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
+)

From 448b64164df7795cdbd9be0d663269e6e4e4beeb Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Fri, 14 Mar 2014 16:10:07 -0400
Subject: [PATCH 133/384] runtime: no build tags for vfs driver

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 hack/PACKAGERS.md      | 5 -----
 runtime/runtime.go     | 1 +
 runtime/runtime_vfs.go | 7 -------
 3 files changed, 1 insertion(+), 12 deletions(-)
 delete mode 100644 runtime/runtime_vfs.go

diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 0e513cd4fa..5afa381005 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -160,11 +160,6 @@ export DOCKER_BUILDTAGS='apparmor'
 There are build tags for disabling graphdrivers as well. By default, support
 for all graphdrivers are built in.
 
-To disable vfs
-```bash
-export DOCKER_BUILDTAGS='exclude_graphdriver_vfs'
-```
-
 To disable devicemapper
 ```bash
 export DOCKER_BUILDTAGS='exclude_graphdriver_devicemapper'
diff --git a/runtime/runtime.go b/runtime/runtime.go
index be15cb562d..43230488a2 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -17,6 +17,7 @@ import (
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/runtime/graphdriver"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
+	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
 	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
 	"github.com/dotcloud/docker/utils"
diff --git a/runtime/runtime_vfs.go b/runtime/runtime_vfs.go
deleted file mode 100644
index e1db736083..0000000000
--- a/runtime/runtime_vfs.go
+++ /dev/null
@@ -1,7 +0,0 @@
-// +build !exclude_graphdriver_vfs
-
-package runtime
-
-import (
-	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
-)

From e5cbb5c906d37b14dbf0180d253f58f8995de571 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Tue, 18 Mar 2014 22:29:11 +1000
Subject: [PATCH 134/384] add env hint

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/use/working_with_links_names.rst | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/sources/use/working_with_links_names.rst b/docs/sources/use/working_with_links_names.rst
index dc370c01c9..4acb6079c1 100644
--- a/docs/sources/use/working_with_links_names.rst
+++ b/docs/sources/use/working_with_links_names.rst
@@ -112,8 +112,16 @@ Accessing the network information along with the environment of the
 child container allows us to easily connect to the Redis service on
 the specific IP and port in the environment.
 
+.. note:: 
+    These Environment variables are only set for the first process in 
+    the container. Similarly, some daemons (such as ``sshd``) will 
+    scrub them when spawning shells for connection.
+
+    You can work around this by storing the initial ``env`` in a file, 
+    or looking at ``/proc/1/environ``.
+
 Running ``docker ps`` shows the 2 containers, and the ``webapp/db``
-alias name for the redis container.
+alias name for the Redis container.
 
 .. code-block:: bash
 

From a70beda1ecfb049a3f80ad5b159ba51d653fd067 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 18 Mar 2014 15:52:00 +0100
Subject: [PATCH 135/384] devmapper: Increase timeout in waitClose to 10sec

As reported in https://github.com/dotcloud/docker/issues/4389 we're
currently seeing timeouts in waitClose on some systems. We already
bumped the timeout in waitRemove() in
https://github.com/dotcloud/docker/issues/4504.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index f6b26655a3..4d33e243e0 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -729,7 +729,7 @@ func (devices *DeviceSet) removeDeviceAndWait(devname string) error {
 
 // waitRemove blocks until either:
 // a) the device registered at <device_set_prefix>-<hash> is removed,
-// or b) the 1 second timeout expires.
+// or b) the 10 second timeout expires.
 func (devices *DeviceSet) waitRemove(devname string) error {
 	utils.Debugf("[deviceset %s] waitRemove(%s)", devices.devicePrefix, devname)
 	defer utils.Debugf("[deviceset %s] waitRemove(%s) END", devices.devicePrefix, devname)
@@ -760,7 +760,7 @@ func (devices *DeviceSet) waitRemove(devname string) error {
 
 // waitClose blocks until either:
 // a) the device registered at <device_set_prefix>-<hash> is closed,
-// or b) the 1 second timeout expires.
+// or b) the 10 second timeout expires.
 func (devices *DeviceSet) waitClose(hash string) error {
 	info := devices.Devices[hash]
 	if info == nil {
@@ -778,7 +778,9 @@ func (devices *DeviceSet) waitClose(hash string) error {
 		if devinfo.OpenCount == 0 {
 			break
 		}
-		time.Sleep(1 * time.Millisecond)
+		devices.Unlock()
+		time.Sleep(10 * time.Millisecond)
+		devices.Lock()
 	}
 	if i == 1000 {
 		return fmt.Errorf("Timeout while waiting for device %s to close", hash)

From ae1dd52b19d075c2f4ba75cf0549c644725834e8 Mon Sep 17 00:00:00 2001
From: Viktor Vojnovski <vojnovski@gmail.com>
Date: Tue, 18 Mar 2014 17:10:22 +0100
Subject: [PATCH 136/384] Update ubuntulinux.rst

Adding the Docker repository key fails if port 11371 not open. This would probably work for more people.
---
 docs/sources/installation/ubuntulinux.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 6e79fb8cbc..6998be8571 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -72,7 +72,7 @@ First add the Docker repository key to your local keychain.
 
 .. code-block:: bash
 
-   sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+   sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 Add the Docker repository to your apt sources list, update and install the
 ``lxc-docker`` package.

From f7b6fbbd7664634481c8519e58844d572423f3e1 Mon Sep 17 00:00:00 2001
From: Andy Kipp <andy@rstudio.com>
Date: Wed, 12 Mar 2014 17:22:57 -0400
Subject: [PATCH 137/384] Prevent dynamic allocation of previously allocated
 ports

Docker-DCO-1.1-Signed-off-by: Andy Kipp <andy@rstudio.com> (github: kippandrew)
---
 .../portallocator/portallocator.go            | 32 +++++++++++++++----
 .../portallocator/portallocator_test.go       |  7 ++++
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/runtime/networkdriver/portallocator/portallocator.go b/runtime/networkdriver/portallocator/portallocator.go
index 71cac82703..18ae9469e5 100644
--- a/runtime/networkdriver/portallocator/portallocator.go
+++ b/runtime/networkdriver/portallocator/portallocator.go
@@ -100,22 +100,30 @@ func ReleaseAll() error {
 }
 
 func registerDynamicPort(ip net.IP, proto string) (int, error) {
-	allocated := defaultAllocatedPorts[proto]
-
-	port := nextPort(proto)
-	if port > EndPortRange {
-		return 0, ErrPortExceedsRange
-	}
 
 	if !equalsDefault(ip) {
 		registerIP(ip)
 
 		ipAllocated := otherAllocatedPorts[ip.String()][proto]
+
+		port, err := findNextPort(proto, ipAllocated)
+		if err != nil {
+			return 0, err
+		}
 		ipAllocated.Push(port)
+		return port, nil
+
 	} else {
+
+		allocated := defaultAllocatedPorts[proto]
+
+		port, err := findNextPort(proto, allocated)
+		if err != nil {
+			return 0, err
+		}
 		allocated.Push(port)
+		return port, nil
 	}
-	return port, nil
 }
 
 func registerSetPort(ip net.IP, proto string, port int) error {
@@ -142,6 +150,16 @@ func equalsDefault(ip net.IP) bool {
 	return ip == nil || ip.Equal(defaultIP)
 }
 
+func findNextPort(proto string, allocated *collections.OrderedIntSet) (int, error) {
+	port := 0
+	for port = nextPort(proto); allocated.Exists(port); port = nextPort(proto) {
+	}
+	if port > EndPortRange {
+		return 0, ErrPortExceedsRange
+	}
+	return port, nil
+}
+
 func nextPort(proto string) int {
 	c := currentDynamicPort[proto] + 1
 	currentDynamicPort[proto] = c
diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
index 603bd03bd7..3f3afa657b 100644
--- a/runtime/networkdriver/portallocator/portallocator_test.go
+++ b/runtime/networkdriver/portallocator/portallocator_test.go
@@ -181,4 +181,11 @@ func TestPortAllocation(t *testing.T) {
 	if _, err := RequestPort(ip, "tcp", 80); err != nil {
 		t.Fatal(err)
 	}
+
+	port, err = RequestPort(ip, "tcp", 0)
+	port2, err := RequestPort(ip, "tcp", port+1)
+	port3, err := RequestPort(ip, "tcp", 0)
+	if port3 == port2 {
+		t.Fatal("A dynamic port should never allocate a used port")
+	}
 }

From 7a1db291fcedd50ce99649e95109187c76da255c Mon Sep 17 00:00:00 2001
From: Andy Kipp <andy@rstudio.com>
Date: Wed, 12 Mar 2014 17:26:17 -0400
Subject: [PATCH 138/384] Better test error message

Docker-DCO-1.1-Signed-off-by: Andy Kipp <andy@rstudio.com> (github: kippandrew)
---
 runtime/networkdriver/portallocator/portallocator_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
index 3f3afa657b..356da855b6 100644
--- a/runtime/networkdriver/portallocator/portallocator_test.go
+++ b/runtime/networkdriver/portallocator/portallocator_test.go
@@ -186,6 +186,6 @@ func TestPortAllocation(t *testing.T) {
 	port2, err := RequestPort(ip, "tcp", port+1)
 	port3, err := RequestPort(ip, "tcp", 0)
 	if port3 == port2 {
-		t.Fatal("A dynamic port should never allocate a used port")
+		t.Fatal("Requesting a dynamic port should never allocate a used port")
 	}
 }

From 73c416a20db8fe48302a6cf0db4c1c0585ed0739 Mon Sep 17 00:00:00 2001
From: Andy Kipp <andy@rstudio.com>
Date: Thu, 13 Mar 2014 13:30:07 -0400
Subject: [PATCH 139/384] Be more explicit in finding next port to allocate

Docker-DCO-1.1-Signed-off-by: Andy Kipp <andy@rstudio.com> (github: kippandrew)
---
 runtime/networkdriver/portallocator/portallocator.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/runtime/networkdriver/portallocator/portallocator.go b/runtime/networkdriver/portallocator/portallocator.go
index 18ae9469e5..4d698f2de2 100644
--- a/runtime/networkdriver/portallocator/portallocator.go
+++ b/runtime/networkdriver/portallocator/portallocator.go
@@ -151,8 +151,9 @@ func equalsDefault(ip net.IP) bool {
 }
 
 func findNextPort(proto string, allocated *collections.OrderedIntSet) (int, error) {
-	port := 0
-	for port = nextPort(proto); allocated.Exists(port); port = nextPort(proto) {
+	port := nextPort(proto)
+	for allocated.Exists(port) {
+		port = nextPort(proto)
 	}
 	if port > EndPortRange {
 		return 0, ErrPortExceedsRange

From 555416fd02b9e062385dcdaf0c4b9f5de61df388 Mon Sep 17 00:00:00 2001
From: Andy Kipp <andy@rstudio.com>
Date: Tue, 18 Mar 2014 13:29:24 -0400
Subject: [PATCH 140/384] Add err checks for port allocator tests

Docker-DCO-1.1-Signed-off-by: Andy Kipp <andy@rstudio.com> (github: kippandrew)
---
 .../networkdriver/portallocator/portallocator_test.go    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
index 356da855b6..f01bcfc99e 100644
--- a/runtime/networkdriver/portallocator/portallocator_test.go
+++ b/runtime/networkdriver/portallocator/portallocator_test.go
@@ -183,8 +183,17 @@ func TestPortAllocation(t *testing.T) {
 	}
 
 	port, err = RequestPort(ip, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
 	port2, err := RequestPort(ip, "tcp", port+1)
+	if err != nil {
+		t.Fatal(err)
+	}
 	port3, err := RequestPort(ip, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
 	if port3 == port2 {
 		t.Fatal("Requesting a dynamic port should never allocate a used port")
 	}

From 85a62d9b779bfb351e159f38c2fc95900a0532cd Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 13 Mar 2014 15:10:35 -0400
Subject: [PATCH 141/384] btrfs: build tags

Default to the same build behavior, but allow a go build tag to disable
building of the btrfs graphdriver

	go build -tags no_btrfs' ...
	$ go build
	$ objdump -S docker | grep btrfs | wc -l
	194
	$ go build -tags no_btrfs
	$ objdump -S docker | grep btrfs | wc -l
	1
	# that is a comment ;-)

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 runtime/runtime.go      | 1 -
 runtime/runtime_btfs.go | 7 +++++++
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 runtime/runtime_btfs.go

diff --git a/runtime/runtime.go b/runtime/runtime.go
index 43230488a2..4408e13902 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -16,7 +16,6 @@ import (
 	"github.com/dotcloud/docker/runtime/execdriver/execdrivers"
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/runtime/graphdriver"
-	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
 	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
diff --git a/runtime/runtime_btfs.go b/runtime/runtime_btfs.go
new file mode 100644
index 0000000000..5e941386c3
--- /dev/null
+++ b/runtime/runtime_btfs.go
@@ -0,0 +1,7 @@
+// +build !no_btrfs
+
+package runtime
+
+import (
+	_ "github.com/dotcloud/docker/runtime/graphdriver/btrfs"
+)

From 5cfea26bcfc218ca72eac7115fa257833f28b9f2 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 13 Mar 2014 17:38:54 -0400
Subject: [PATCH 142/384] btrfs: build tags

correct filename and make the tag more readable

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 runtime/{runtime_btfs.go => runtime_btrfs.go} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename runtime/{runtime_btfs.go => runtime_btrfs.go} (70%)

diff --git a/runtime/runtime_btfs.go b/runtime/runtime_btrfs.go
similarity index 70%
rename from runtime/runtime_btfs.go
rename to runtime/runtime_btrfs.go
index 5e941386c3..c59b103ff9 100644
--- a/runtime/runtime_btfs.go
+++ b/runtime/runtime_btrfs.go
@@ -1,4 +1,4 @@
-// +build !no_btrfs
+// +build !exclude_graphdriver_btrfs
 
 package runtime
 

From 29c45e7f4fc616290e416f1b541e1739820af60c Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 13 Mar 2014 17:39:25 -0400
Subject: [PATCH 143/384] packagers: btrfs build tag docs

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 hack/PACKAGERS.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 5afa381005..297d1500db 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -160,15 +160,23 @@ export DOCKER_BUILDTAGS='apparmor'
 There are build tags for disabling graphdrivers as well. By default, support
 for all graphdrivers are built in.
 
-To disable devicemapper
+To disable btrfs:
+```bash
+export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs'
+```
+
+To disable devicemapper:
 ```bash
 export DOCKER_BUILDTAGS='exclude_graphdriver_devicemapper'
 ```
-To disable aufs
+
+To disable aufs:
 ```bash
 export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 ```
 
+NOTE: if you need to set more than one build tag, space seperate them.
+
 ### Static Daemon
 
 If it is feasible within the constraints of your distribution, you should

From c76def2dd23cf90fdc80224f08530205b6dcba73 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@hashbangbash.com>
Date: Fri, 14 Mar 2014 04:19:05 +0000
Subject: [PATCH 144/384] typo

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 hack/PACKAGERS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 297d1500db..47e8413bf3 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -175,7 +175,7 @@ To disable aufs:
 export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 ```
 
-NOTE: if you need to set more than one build tag, space seperate them.
+NOTE: if you need to set more than one build tag, space separate them.
 
 ### Static Daemon
 

From c1f2abd89958a8731211ceb2885eed238a3bea8d Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Tue, 18 Mar 2014 21:38:56 +0400
Subject: [PATCH 145/384] Using names in docker ps --since-id/--before-id,
 resolves #3565

Also renames --since-id/--before-id to --since/--before and add errors
on non-existent containers.
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
---
 api/client.go                              |  4 ++--
 contrib/completion/bash/docker             |  9 +++------
 contrib/completion/fish/docker.fish        |  4 ++--
 docs/sources/reference/commandline/cli.rst |  4 ++--
 server/server.go                           | 23 +++++++++++++++++++---
 5 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/api/client.go b/api/client.go
index 10dd9406dc..8f515639a7 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1337,8 +1337,8 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 	all := cmd.Bool([]string{"a", "-all"}, false, "Show all containers. Only running containers are shown by default.")
 	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
 	nLatest := cmd.Bool([]string{"l", "-latest"}, false, "Show only the latest created container, include non-running ones.")
-	since := cmd.String([]string{"#sinceId", "-since-id"}, "", "Show only containers created since Id, include non-running ones.")
-	before := cmd.String([]string{"#beforeId", "-before-id"}, "", "Show only container created before Id, include non-running ones.")
+	since := cmd.String([]string{"#sinceId", "#-since-id", "-since"}, "", "Show only containers created since Id or Name, include non-running ones.")
+	before := cmd.String([]string{"#beforeId", "#-before-id", "-before"}, "", "Show only container created before Id or Name, include non-running ones.")
 	last := cmd.Int([]string{"n"}, -1, "Show n last created containers, include non-running ones.")
 
 	if err := cmd.Parse(args); err != nil {
diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker
index 1449330986..e6a191d32b 100755
--- a/contrib/completion/bash/docker
+++ b/contrib/completion/bash/docker
@@ -392,11 +392,8 @@ _docker_port()
 _docker_ps()
 {
 	case "$prev" in
-		--since-id|--before-id)
-			COMPREPLY=( $( compgen -W "$( __docker_q ps -a -q )" -- "$cur" ) )
-			# TODO replace this with __docker_containers_all
-			# see https://github.com/dotcloud/docker/issues/3565
-			return
+		--since|--before)
+ 			__docker_containers_all
 			;;
 		-n)
 			return
@@ -407,7 +404,7 @@ _docker_ps()
 
 	case "$cur" in
 		-*)
-			COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since-id --before-id -n" -- "$cur" ) )
+			COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since --before -n" -- "$cur" ) )
 			;;
 		*)
 			;;
diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish
index b0c5f38a96..9c4339fe2b 100644
--- a/contrib/completion/fish/docker.fish
+++ b/contrib/completion/fish/docker.fish
@@ -154,13 +154,13 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print
 # ps
 complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers'
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before-id -d 'Show only container created before Id, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.'
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.'
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.'
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output"
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs'
 complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes'
-complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since-id -d 'Show only containers created since Id, include non-running ones.'
+complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.'
 
 # pull
 complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server'
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index dc6529ab6a..ebcf021115 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -967,13 +967,13 @@ new output from the container's stdout and stderr.
     List containers
 
       -a, --all=false: Show all containers. Only running containers are shown by default.
-      --before-id="": Show only container created before Id, include non-running ones.
+      --before="": Show only container created before Id or Name, include non-running ones.
       -l, --latest=false: Show only the latest created container, include non-running ones.
       -n=-1: Show n last created containers, include non-running ones.
       --no-trunc=false: Don't truncate output
       -q, --quiet=false: Only display numeric IDs
       -s, --size=false: Display sizes, not to be used with -q
-      --since-id="": Show only containers created since Id, include non-running ones.
+      --since="": Show only containers created since Id or Name, include non-running ones.
 
 
 Running ``docker ps`` showing 2 linked containers.
diff --git a/server/server.go b/server/server.go
index 93fc7b0bb1..e6243971a4 100644
--- a/server/server.go
+++ b/server/server.go
@@ -981,12 +981,27 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		return nil
 	}, -1)
 
+	var beforeCont, sinceCont *runtime.Container
+	if before != "" {
+		beforeCont = srv.runtime.Get(before)
+		if beforeCont == nil {
+			return job.Error(fmt.Errorf("Could not find container with name or id %s", before))
+		}
+	}
+
+	if since != "" {
+		sinceCont = srv.runtime.Get(since)
+		if sinceCont == nil {
+			return job.Error(fmt.Errorf("Could not find container with name or id %s", since))
+		}
+	}
+
 	for _, container := range srv.runtime.List() {
 		if !container.State.IsRunning() && !all && n <= 0 && since == "" && before == "" {
 			continue
 		}
 		if before != "" && !foundBefore {
-			if container.ID == before || utils.TruncateID(container.ID) == before {
+			if container.ID == beforeCont.ID {
 				foundBefore = true
 			}
 			continue
@@ -994,8 +1009,10 @@ func (srv *Server) Containers(job *engine.Job) engine.Status {
 		if n > 0 && displayed == n {
 			break
 		}
-		if container.ID == since || utils.TruncateID(container.ID) == since {
-			break
+		if since != "" {
+			if container.ID == sinceCont.ID {
+				break
+			}
 		}
 		displayed++
 		out := &engine.Env{}

From e27c635c06dcad61ce7185d95debef9ef7c9f7e0 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Tue, 18 Mar 2014 16:26:21 -0400
Subject: [PATCH 146/384] Add upstart nofile/noproc similar to systemd init
 Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github:
 cpuguy83)

---
 contrib/init/upstart/docker.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf
index 047f21c092..907a536c9c 100644
--- a/contrib/init/upstart/docker.conf
+++ b/contrib/init/upstart/docker.conf
@@ -2,6 +2,8 @@ description "Docker daemon"
 
 start on filesystem
 stop on runlevel [!2345]
+limit nofile 524288 1048576
+limit nproc 524288 1048576
 
 respawn
 

From f52b2fdcbb29258c5b492fdb2479d473fcb42ca0 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 14:41:38 -0800
Subject: [PATCH 147/384] libcontainer/network: add netns strategy

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 pkg/libcontainer/network/netns.go    | 42 ++++++++++++++++++++++++++++
 pkg/libcontainer/network/strategy.go |  2 ++
 2 files changed, 44 insertions(+)
 create mode 100644 pkg/libcontainer/network/netns.go

diff --git a/pkg/libcontainer/network/netns.go b/pkg/libcontainer/network/netns.go
new file mode 100644
index 0000000000..3eb8ee587a
--- /dev/null
+++ b/pkg/libcontainer/network/netns.go
@@ -0,0 +1,42 @@
+package network
+
+import (
+	"fmt"
+	"os"
+	"syscall"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/system"
+)
+
+//  crosbymichael: could make a network strategy that instead of returning veth pair names it returns a pid to an existing network namespace
+type NetNS struct {
+}
+
+func (v *NetNS) Create(n *libcontainer.Network, nspid int, context libcontainer.Context) error {
+	nsname, exists := n.Context["nsname"]
+
+	if !exists {
+		return fmt.Errorf("nspath does not exist in network context")
+	}
+
+	context["nspath"] = fmt.Sprintf("/var/run/netns/%s", nsname)
+	return nil
+}
+
+func (v *NetNS) Initialize(config *libcontainer.Network, context libcontainer.Context) error {
+	nspath, exists := context["nspath"]
+	if !exists {
+		return fmt.Errorf("nspath does not exist in network context")
+	}
+
+	f, err := os.OpenFile(nspath, os.O_RDONLY, 0)
+	if err != nil {
+		return fmt.Errorf("failed get network namespace fd: %v", err)
+	}
+
+	if err := system.Setns(f.Fd(), syscall.CLONE_NEWNET); err != nil {
+		return fmt.Errorf("failed to setns current network namespace: %v", err)
+	}
+	return nil
+}
diff --git a/pkg/libcontainer/network/strategy.go b/pkg/libcontainer/network/strategy.go
index 693790d280..e41ecc3ea6 100644
--- a/pkg/libcontainer/network/strategy.go
+++ b/pkg/libcontainer/network/strategy.go
@@ -2,6 +2,7 @@ package network
 
 import (
 	"errors"
+
 	"github.com/dotcloud/docker/pkg/libcontainer"
 )
 
@@ -12,6 +13,7 @@ var (
 var strategies = map[string]NetworkStrategy{
 	"veth":     &Veth{},
 	"loopback": &Loopback{},
+	"netns":    &NetNS{},
 }
 
 // NetworkStrategy represents a specific network configuration for

From b10b950b110c93db34a399753706dc79c71b94d3 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 21:46:49 -0800
Subject: [PATCH 148/384] libcontainer/nsinit/init: move mount namespace after
 network

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 pkg/libcontainer/nsinit/init.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 117ae875ed..c39928d459 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -4,6 +4,9 @@ package nsinit
 
 import (
 	"fmt"
+	"os"
+	"syscall"
+
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"
@@ -11,8 +14,6 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer/utils"
 	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/pkg/user"
-	"os"
-	"syscall"
 )
 
 // Init is the init process that first runs inside a new namespace to setup mounts, users, networking,
@@ -56,13 +57,13 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
+	if err := setupNetwork(container, context); err != nil {
+		return fmt.Errorf("setup networking %s", err)
+	}
 	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
-	if err := setupNetwork(container, context); err != nil {
-		return fmt.Errorf("setup networking %s", err)
-	}
 	if err := system.Sethostname(container.Hostname); err != nil {
 		return fmt.Errorf("sethostname %s", err)
 	}

From f58757a699cf47c3b8770e13f371e1bbf493b5b1 Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Mon, 3 Mar 2014 21:47:03 -0800
Subject: [PATCH 149/384] libcontainer: goimports

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 pkg/libcontainer/nsinit/exec.go        | 7 ++++---
 pkg/libcontainer/nsinit/nsinit/main.go | 8 ++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go
index 61286cc13c..6e902d1916 100644
--- a/pkg/libcontainer/nsinit/exec.go
+++ b/pkg/libcontainer/nsinit/exec.go
@@ -3,12 +3,13 @@
 package nsinit
 
 import (
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/network"
-	"github.com/dotcloud/docker/pkg/system"
 	"os"
 	"os/exec"
 	"syscall"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/network"
+	"github.com/dotcloud/docker/pkg/system"
 )
 
 // Exec performes setup outside of a namespace so that a container can be
diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go
index df32d0b49e..3725fb5534 100644
--- a/pkg/libcontainer/nsinit/nsinit/main.go
+++ b/pkg/libcontainer/nsinit/nsinit/main.go
@@ -3,14 +3,18 @@ package main
 import (
 	"encoding/json"
 	"flag"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 	"io"
 	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"strconv"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
+
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 )
 
 var (

From 041ae08a2c8f6f345ac0d7f5fea4b79655e28dc5 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 18 Mar 2014 16:24:45 -0700
Subject: [PATCH 150/384] Add image size to history docs

Fixes #3147
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 docs/sources/reference/commandline/cli.rst | 37 +++++-----------------
 1 file changed, 8 insertions(+), 29 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index dc6529ab6a..089c1e14b2 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -569,35 +569,14 @@ To see how the ``docker:latest`` image was built:
 .. code-block:: bash
 
 	$ docker history docker
-	ID                  CREATED             CREATED BY
-	docker:latest       19 hours ago        /bin/sh -c #(nop) ADD . in /go/src/github.com/dotcloud/docker
-	cf5f2467662d        2 weeks ago         /bin/sh -c #(nop) ENTRYPOINT ["hack/dind"]
-	3538fbe372bf        2 weeks ago         /bin/sh -c #(nop) WORKDIR /go/src/github.com/dotcloud/docker
-	7450f65072e5        2 weeks ago         /bin/sh -c #(nop) VOLUME /var/lib/docker
-	b79d62b97328        2 weeks ago         /bin/sh -c apt-get install -y -q lxc
-	36714852a550        2 weeks ago         /bin/sh -c apt-get install -y -q iptables
-	8c4c706df1d6        2 weeks ago         /bin/sh -c /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEYn' > /.s3cfg
-	b89989433c48        2 weeks ago         /bin/sh -c pip install python-magic
-	a23e640d85b5        2 weeks ago         /bin/sh -c pip install s3cmd
-	41f54fec7e79        2 weeks ago         /bin/sh -c apt-get install -y -q python-pip
-	d9bc04add907        2 weeks ago         /bin/sh -c apt-get install -y -q reprepro dpkg-sig
-	e74f4760fa70        2 weeks ago         /bin/sh -c gem install --no-rdoc --no-ri fpm
-	1e43224726eb        2 weeks ago         /bin/sh -c apt-get install -y -q ruby1.9.3 rubygems libffi-dev
-	460953ae9d7f        2 weeks ago         /bin/sh -c #(nop) ENV GOPATH=/go:/go/src/github.com/dotcloud/docker/vendor
-	8b63eb1d666b        2 weeks ago         /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/goroot/bin
-	3087f3bcedf2        2 weeks ago         /bin/sh -c #(nop) ENV GOROOT=/goroot
-	635840d198e5        2 weeks ago         /bin/sh -c cd /goroot/src && ./make.bash
-	439f4a0592ba        2 weeks ago         /bin/sh -c curl -s https://go.googlecode.com/files/go1.1.2.src.tar.gz | tar -v -C / -xz && mv /go /goroot
-	13967ed36e93        2 weeks ago         /bin/sh -c #(nop) ENV CGO_ENABLED=0
-	bf7424458437        2 weeks ago         /bin/sh -c apt-get install -y -q build-essential
-	a89ec997c3bf        2 weeks ago         /bin/sh -c apt-get install -y -q mercurial
-	b9f165c6e749        2 weeks ago         /bin/sh -c apt-get install -y -q git
-	17a64374afa7        2 weeks ago         /bin/sh -c apt-get install -y -q curl
-	d5e85dc5b1d8        2 weeks ago         /bin/sh -c apt-get update
-	13e642467c11        2 weeks ago         /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list
-	ae6dde92a94e        2 weeks ago         /bin/sh -c #(nop) MAINTAINER Solomon Hykes <solomon@dotcloud.com>
-	ubuntu:12.04        6 months ago
-
+        IMAGE                                                              CREATED             CREATED BY                                                                                                                                                 SIZE
+        3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094   8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8                                                                                                                       0 B
+        8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36   8 days ago          /bin/sh -c dpkg-reconfigure locales &&    locale-gen C.UTF-8 &&    /usr/sbin/update-locale LANG=C.UTF-8                                                    1.245 MB
+        be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60   8 days ago          /bin/sh -c apt-get update && apt-get install -y    git    libxml2-dev    python    build-essential    make    gcc    python-dev    locales    python-pip   338.3 MB
+        4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084   6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /                                                                                                                   121 MB
+        750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada   6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian             0 B
+        511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158   9 months ago                                                                                                                                                                   0 B
+	
 .. _cli_images:
 
 ``images``

From 5dbfe310fe624c66714f8c5017692f528af4c87f Mon Sep 17 00:00:00 2001
From: Johan Euphrosine <proppy@google.com>
Date: Tue, 18 Mar 2014 16:25:26 -0700
Subject: [PATCH 151/384] libcontainer: remove duplicate imports

Docker-DCO-1.1-Signed-off-by: Johan Euphrosine <proppy@google.com> (github: proppy)
---
 pkg/libcontainer/nsinit/nsinit/main.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pkg/libcontainer/nsinit/nsinit/main.go b/pkg/libcontainer/nsinit/nsinit/main.go
index 3725fb5534..37aa784981 100644
--- a/pkg/libcontainer/nsinit/nsinit/main.go
+++ b/pkg/libcontainer/nsinit/nsinit/main.go
@@ -12,9 +12,6 @@ import (
 
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
-
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/pkg/libcontainer/nsinit"
 )
 
 var (

From 3b1d590269466217ddf203edcef295f6cec9fcee Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Tue, 18 Mar 2014 23:12:39 +0000
Subject: [PATCH 152/384] cleanup container.stop

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 runtime/container.go | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/runtime/container.go b/runtime/container.go
index 35b01deac7..6194a19c8c 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -886,11 +886,8 @@ func (container *Container) Kill() error {
 
 	// 2. Wait for the process to die, in last resort, try to kill the process directly
 	if err := container.WaitTimeout(10 * time.Second); err != nil {
-		if container.command == nil {
-			return fmt.Errorf("lxc-kill failed, impossible to kill the container %s", utils.TruncateID(container.ID))
-		}
-		log.Printf("Container %s failed to exit within 10 seconds of lxc-kill %s - trying direct SIGKILL", "SIGKILL", utils.TruncateID(container.ID))
-		if err := container.runtime.Kill(container, 9); err != nil {
+		log.Printf("Container %s failed to exit within 10 seconds of kill - trying direct SIGKILL", utils.TruncateID(container.ID))
+		if err := syscall.Kill(container.State.Pid, 9); err != nil {
 			return err
 		}
 	}

From 38a3fc3e0e9b56400b2c7d2fce3bfc7b15395d14 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 18 Mar 2014 17:07:45 -0700
Subject: [PATCH 153/384] Add sudo clause if your using osx or tcp
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 docs/sources/examples/example_header.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/sources/examples/example_header.inc b/docs/sources/examples/example_header.inc
index 0621b39794..5841141e59 100644
--- a/docs/sources/examples/example_header.inc
+++ b/docs/sources/examples/example_header.inc
@@ -4,4 +4,5 @@
     * This example assumes you have Docker running in daemon mode. For
       more information please see :ref:`running_examples`.
     * **If you don't like sudo** then see :ref:`dockergroup`
+    * **If you're using OS X or docker via TCP** then you shouldn't use `sudo`
 

From 7822b053cbd2288b6c8d9c51a8f495368bc77f35 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 18 Mar 2014 17:24:06 -0700
Subject: [PATCH 154/384] Be explicit about binding to all interfaces in redis
 example

Fixes #4021

Moved to debian because the redis installed in ubuntu is really old
and does not support args via the cli.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 docs/sources/examples/running_redis_service.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/sources/examples/running_redis_service.rst b/docs/sources/examples/running_redis_service.rst
index 50f1471f17..5a5a1b003f 100644
--- a/docs/sources/examples/running_redis_service.rst
+++ b/docs/sources/examples/running_redis_service.rst
@@ -18,11 +18,11 @@ Firstly, we create a ``Dockerfile`` for our new Redis image.
 
 .. code-block:: bash
 
-    FROM        ubuntu:12.10
-    RUN         apt-get update
-    RUN         apt-get -y install redis-server
+    FROM        debian:jessie
+    RUN         apt-get update && apt-get install -y redis-server
     EXPOSE      6379
     ENTRYPOINT  ["/usr/bin/redis-server"]
+    CMD ["--bind", "0.0.0.0"]
 
 Next we build an image from our ``Dockerfile``. Replace ``<your username>`` 
 with your own user name.

From 92194f613e37aeb8a387920c3bee42480da0d2ac Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Wed, 19 Mar 2014 14:12:47 +1000
Subject: [PATCH 155/384] use this horrible complex bit of shell to make sure
 that curl doesn't hand the poor user a broken docker client

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/installation/mac.rst | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/sources/installation/mac.rst b/docs/sources/installation/mac.rst
index 5139324d0b..f4c771cf9f 100644
--- a/docs/sources/installation/mac.rst
+++ b/docs/sources/installation/mac.rst
@@ -65,11 +65,12 @@ Run the following commands to get it downloaded and set up:
 
 .. code-block:: bash
 
-    # Get the file
-    curl -o docker https://get.docker.io/builds/Darwin/x86_64/docker-latest
-
-    # Mark it executable
-    chmod +x docker
+    # Get the docker client file
+    DIR=$(mktemp -d) && \
+    curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \
+    gunzip $DIR/ld.tgz && \
+    tar xvf $DIR/ld.tar -C $DIR/ && \
+    cp $DIR/usr/local/bin/docker ./docker
 
     # Set the environment variable for the docker daemon
     export DOCKER_HOST=tcp://127.0.0.1:4243

From 53dc2d67fb65037d9891e2fa0f6559d5e4e2ddcc Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Wed, 19 Mar 2014 14:24:49 +1000
Subject: [PATCH 156/384] mention the tgz - other people might like to know

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/installation/binaries.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst
index bfdfbe211f..fe03d21859 100644
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -49,6 +49,9 @@ Get the docker binary:
     wget https://get.docker.io/builds/Linux/x86_64/docker-latest -O docker
     chmod +x docker
 
+.. note::
+    If you have trouble downloading the binary, you can also get the smaller
+    compressed release file: https://get.docker.io/builds/Linux/x86_64/docker-latest.tgz
 
 Run the docker daemon
 ---------------------

From 4fd82db4beba03a126dfc557c86d5d52e9066dae Mon Sep 17 00:00:00 2001
From: Viktor Vojnovski <viktor.vojnovski@amadeus.com>
Date: Wed, 19 Mar 2014 00:00:48 +0100
Subject: [PATCH 157/384] refactor($hack,$docs): be consistent in apt-key
 keyserver URI usage, as done in #4740

In #4740, the apt-key call in docs is changed to use the keyserver port 80 instead of
port 11371, as the previous call would fail with a restrictive firewall or proxy.
This commit extends the change to all apt-key calls in the repository.

Docker-DCO-1.1-Signed-off-by: Viktor Vojnovski <vojnovski@gmail.com> (github: vojnovski)
---
 docs/sources/examples/postgresql_service.Dockerfile | 2 +-
 docs/sources/installation/ubuntulinux.rst           | 2 +-
 hack/infrastructure/docker-ci/Dockerfile            | 2 +-
 hack/install.sh                                     | 4 ++--
 hack/release.sh                                     | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/sources/examples/postgresql_service.Dockerfile b/docs/sources/examples/postgresql_service.Dockerfile
index af1423f258..219a537882 100644
--- a/docs/sources/examples/postgresql_service.Dockerfile
+++ b/docs/sources/examples/postgresql_service.Dockerfile
@@ -7,7 +7,7 @@ MAINTAINER SvenDowideit@docker.com
 
 # Add the PostgreSQL PGP key to verify their Debian packages.
 # It should be the same key as https://www.postgresql.org/media/keys/ACCC4CF8.asc 
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
+RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
 
 # Add PostgreSQL's repository. It contains the most recent stable release
 #     of PostgreSQL, ``9.3``.
diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 6998be8571..a163c62da7 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -144,7 +144,7 @@ First add the Docker repository key to your local keychain.
 
 .. code-block:: bash
 
-   sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+   sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 
 Add the Docker repository to your apt sources list, update and install the
 ``lxc-docker`` package.
diff --git a/hack/infrastructure/docker-ci/Dockerfile b/hack/infrastructure/docker-ci/Dockerfile
index 789c794f54..5c6eec9663 100644
--- a/hack/infrastructure/docker-ci/Dockerfile
+++ b/hack/infrastructure/docker-ci/Dockerfile
@@ -16,7 +16,7 @@ RUN apt-get install -y --no-install-recommends  python2.7 python-dev \
 RUN cd /tmp; wget http://python-distribute.org/distribute_setup.py
 RUN cd /tmp; python distribute_setup.py; easy_install pip; rm distribute_setup.py
 
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 RUN echo 'deb http://get.docker.io/ubuntu docker main' > \
       /etc/apt/sources.list.d/docker.list; apt-get update
 RUN apt-get install -y lxc-docker-0.8.0
diff --git a/hack/install.sh b/hack/install.sh
index 65e34f9659..1fa8a47480 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -111,9 +111,9 @@ case "$lsb_dist" in
 		(
 			set -x
 			if [ "https://get.docker.io/" = "$url" ]; then
-				$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
+				$sh_c "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
 			elif [ "https://test.docker.io/" = "$url" ]; then
-				$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 740B314AE3941731B942C66ADF4FD13717AAD7D6"
+				$sh_c "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 740B314AE3941731B942C66ADF4FD13717AAD7D6"
 			else
 				$sh_c "$curl ${url}gpg | apt-key add -"
 			fi
diff --git a/hack/release.sh b/hack/release.sh
index c380d2239a..1f249a5c5e 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -246,7 +246,7 @@ EOF
 # Add the repository to your APT sources
 echo deb $(s3_url)/ubuntu docker main > /etc/apt/sources.list.d/docker.list
 # Then import the repository key
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
+apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
 # Install docker
 apt-get update ; apt-get install -y lxc-docker
 

From fbfac21ed4de550ce72d993810dc07a2c4877a88 Mon Sep 17 00:00:00 2001
From: Daniel Norberg <daniel.norberg@gmail.com>
Date: Fri, 7 Feb 2014 11:48:14 -0500
Subject: [PATCH 158/384] configurable dns search domains

Add a --dns-search parameter and a DnsSearch
configuration field for specifying dns search
domains.

Docker-DCO-1.1-Signed-off-by: Daniel Norberg <daniel.norberg@gmail.com> (github: danielnorberg)
---
 daemonconfig/config.go                     |  4 ++
 docker/docker.go                           |  3 +
 docs/sources/reference/commandline/cli.rst |  9 ++-
 opts/opts.go                               | 13 ++++
 opts/opts_test.go                          | 54 ++++++++++++++++
 runconfig/compare.go                       |  6 ++
 runconfig/config.go                        |  4 ++
 runconfig/config_test.go                   | 16 +++++
 runconfig/merge.go                         |  6 ++
 runconfig/parse.go                         |  3 +
 runtime/runtime.go                         | 17 ++++-
 utils/utils.go                             | 74 ++++++++++++++--------
 utils/utils_test.go                        | 51 +++++++++++++++
 13 files changed, 230 insertions(+), 30 deletions(-)

diff --git a/daemonconfig/config.go b/daemonconfig/config.go
index b26d3eec3a..6cb3659e18 100644
--- a/daemonconfig/config.go
+++ b/daemonconfig/config.go
@@ -18,6 +18,7 @@ type Config struct {
 	Root                        string
 	AutoRestart                 bool
 	Dns                         []string
+	DnsSearch                   []string
 	EnableIptables              bool
 	EnableIpForward             bool
 	DefaultIp                   net.IP
@@ -49,6 +50,9 @@ func ConfigFromJob(job *engine.Job) *Config {
 	if dns := job.GetenvList("Dns"); dns != nil {
 		config.Dns = dns
 	}
+	if dnsSearch := job.GetenvList("DnsSearch"); dnsSearch != nil {
+		config.DnsSearch = dnsSearch
+	}
 	if mtu := job.GetenvInt("Mtu"); mtu != 0 {
 		config.Mtu = mtu
 	} else {
diff --git a/docker/docker.go b/docker/docker.go
index 749857a640..e62b9494d5 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -35,6 +35,7 @@ func main() {
 		flSocketGroup        = flag.String([]string{"G", "-group"}, "docker", "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group")
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
 		flDns                = opts.NewListOpts(opts.ValidateIp4Address)
+		flDnsSearch          = opts.NewListOpts(opts.ValidateDomain)
 		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Enable Docker's addition of iptables rules")
 		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Enable net.ipv4.ip_forward")
 		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
@@ -45,6 +46,7 @@ func main() {
 		flMtu                = flag.Int([]string{"#mtu", "-mtu"}, 0, "Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available")
 	)
 	flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers")
+	flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains")
 	flag.Var(&flHosts, []string{"H", "-host"}, "tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified")
 
 	flag.Parse()
@@ -115,6 +117,7 @@ func main() {
 			job.Setenv("Root", realRoot)
 			job.SetenvBool("AutoRestart", *flAutoRestart)
 			job.SetenvList("Dns", flDns.GetAll())
+			job.SetenvList("DnsSearch", flDnsSearch.GetAll())
 			job.SetenvBool("EnableIptables", *flEnableIptables)
 			job.SetenvBool("EnableIpForward", *flEnableIpForward)
 			job.Setenv("BridgeIface", *bridgeName)
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 0f33b05ec4..7b16a7d2ec 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -77,6 +77,7 @@ Commands
       --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b
       -d, --daemon=false: Enable daemon mode
       --dns=[]: Force docker to use specific DNS servers
+      --dns-search=[]: Force Docker to use specific DNS search domains
       -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime
       --icc=true: Enable inter-container communication
       --ip="0.0.0.0": Default IP address to use when binding container ports
@@ -96,6 +97,8 @@ To force Docker to use devicemapper as the storage driver, use ``docker -d -s de
 
 To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``.
 
+To set the a DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``.
+
 To run the daemon with debug output, use ``docker -d -D``.
 
 To use lxc as the execution driver, use ``docker -d -e lxc``.
@@ -396,6 +399,7 @@ not overridden in the JSON hash will be merged in.
       "VolumesFrom" : "",
       "Cmd" : ["cat", "-e", "/etc/resolv.conf"],
       "Dns" : ["8.8.8.8", "8.8.4.4"],
+      "DnsSearch" : ["example.com"],
       "MemorySwap" : 0,
       "AttachStdin" : false,
       "AttachStderr" : false,
@@ -1131,6 +1135,7 @@ image is removed.
       -t, --tty=false: Allocate a pseudo-tty
       -u, --user="": Username or UID
       --dns=[]: Set custom dns servers for the container
+      --dns-search=[]: Set custom DNS search domains for the container
       -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume.
       --volumes-from="": Mount all volumes from the given container(s)
       --entrypoint="": Overwrite the default entrypoint set by the image
@@ -1288,7 +1293,7 @@ A complete example
    $ sudo docker run -d --name static static-web-files sh
    $ sudo docker run -d --expose=8098 --name riak riakserver
    $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver
-   $ sudo docker run -d -p 1443:443 --dns=dns.dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver
+   $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver
    $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log
 
 This example shows 5 containers that might be set up to test a web application change:
@@ -1296,7 +1301,7 @@ This example shows 5 containers that might be set up to test a web application c
 1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files);
 2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it;
 3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``;
-4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate;
+4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate;
 5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed.
 
 
diff --git a/opts/opts.go b/opts/opts.go
index 4f5897c796..b2f21db30b 100644
--- a/opts/opts.go
+++ b/opts/opts.go
@@ -136,3 +136,16 @@ func ValidateIp4Address(val string) (string, error) {
 	}
 	return "", fmt.Errorf("%s is not an ip4 address", val)
 }
+
+func ValidateDomain(val string) (string, error) {
+	alpha := regexp.MustCompile(`[a-zA-Z]`)
+	if alpha.FindString(val) == "" {
+		return "", fmt.Errorf("%s is not a valid domain", val)
+	}
+	re := regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`)
+	var ns = re.FindSubmatch([]byte(val))
+	if len(ns) > 0 {
+		return string(ns[1]), nil
+	}
+	return "", fmt.Errorf("%s is not a valid domain", val)
+}
diff --git a/opts/opts_test.go b/opts/opts_test.go
index a5c1fac9ca..299cbfe503 100644
--- a/opts/opts_test.go
+++ b/opts/opts_test.go
@@ -22,3 +22,57 @@ func TestValidateIP4(t *testing.T) {
 	}
 
 }
+
+func TestValidateDomain(t *testing.T) {
+	valid := []string{
+		`a`,
+		`a.`,
+		`1.foo`,
+		`17.foo`,
+		`foo.bar`,
+		`foo.bar.baz`,
+		`foo.bar.`,
+		`foo.bar.baz`,
+		`foo1.bar2`,
+		`foo1.bar2.baz`,
+		`1foo.2bar.`,
+		`1foo.2bar.baz`,
+		`foo-1.bar-2`,
+		`foo-1.bar-2.baz`,
+		`foo-1.bar-2.`,
+		`foo-1.bar-2.baz`,
+		`1-foo.2-bar`,
+		`1-foo.2-bar.baz`,
+		`1-foo.2-bar.`,
+		`1-foo.2-bar.baz`,
+	}
+
+	invalid := []string{
+		``,
+		`.`,
+		`17`,
+		`17.`,
+		`.17`,
+		`17-.`,
+		`17-.foo`,
+		`.foo`,
+		`foo-.bar`,
+		`-foo.bar`,
+		`foo.bar-`,
+		`foo.bar-.baz`,
+		`foo.-bar`,
+		`foo.-bar.baz`,
+	}
+
+	for _, domain := range valid {
+		if ret, err := ValidateDomain(domain); err != nil || ret == "" {
+			t.Fatalf("ValidateDomain(`"+domain+"`) got %s %s", ret, err)
+		}
+	}
+
+	for _, domain := range invalid {
+		if ret, err := ValidateDomain(domain); err == nil || ret != "" {
+			t.Fatalf("ValidateDomain(`"+domain+"`) got %s %s", ret, err)
+		}
+	}
+}
diff --git a/runconfig/compare.go b/runconfig/compare.go
index c09f897716..6ed7405246 100644
--- a/runconfig/compare.go
+++ b/runconfig/compare.go
@@ -20,6 +20,7 @@ func Compare(a, b *Config) bool {
 	}
 	if len(a.Cmd) != len(b.Cmd) ||
 		len(a.Dns) != len(b.Dns) ||
+		len(a.DnsSearch) != len(b.DnsSearch) ||
 		len(a.Env) != len(b.Env) ||
 		len(a.PortSpecs) != len(b.PortSpecs) ||
 		len(a.ExposedPorts) != len(b.ExposedPorts) ||
@@ -38,6 +39,11 @@ func Compare(a, b *Config) bool {
 			return false
 		}
 	}
+	for i := 0; i < len(a.DnsSearch); i++ {
+		if a.DnsSearch[i] != b.DnsSearch[i] {
+			return false
+		}
+	}
 	for i := 0; i < len(a.Env); i++ {
 		if a.Env[i] != b.Env[i] {
 			return false
diff --git a/runconfig/config.go b/runconfig/config.go
index 9faa823a57..e961d659d7 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -26,6 +26,7 @@ type Config struct {
 	Env             []string
 	Cmd             []string
 	Dns             []string
+	DnsSearch       []string
 	Image           string // Name of the image as it was passed by the operator (eg. could be symbolic)
 	Volumes         map[string]struct{}
 	VolumesFrom     string
@@ -68,6 +69,9 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 	if Dns := job.GetenvList("Dns"); Dns != nil {
 		config.Dns = Dns
 	}
+	if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
+		config.DnsSearch = DnsSearch
+	}
 	if Entrypoint := job.GetenvList("Entrypoint"); Entrypoint != nil {
 		config.Entrypoint = Entrypoint
 	}
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 46e4691b93..84846e5b1d 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -164,6 +164,7 @@ func TestCompare(t *testing.T) {
 	volumes1["/test1"] = struct{}{}
 	config1 := Config{
 		Dns:         []string{"1.1.1.1", "2.2.2.2"},
+		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"1111:1111", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
@@ -171,6 +172,7 @@ func TestCompare(t *testing.T) {
 	}
 	config2 := Config{
 		Dns:         []string{"0.0.0.0", "2.2.2.2"},
+		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"1111:1111", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
@@ -178,6 +180,7 @@ func TestCompare(t *testing.T) {
 	}
 	config3 := Config{
 		Dns:         []string{"1.1.1.1", "2.2.2.2"},
+		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
@@ -185,6 +188,7 @@ func TestCompare(t *testing.T) {
 	}
 	config4 := Config{
 		Dns:         []string{"1.1.1.1", "2.2.2.2"},
+		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "22222222",
@@ -194,11 +198,20 @@ func TestCompare(t *testing.T) {
 	volumes2["/test2"] = struct{}{}
 	config5 := Config{
 		Dns:         []string{"1.1.1.1", "2.2.2.2"},
+		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
 		Volumes:     volumes2,
 	}
+	config6 := Config{
+		Dns:         []string{"1.1.1.1", "2.2.2.2"},
+		DnsSearch:   []string{"foos", "bars"},
+		PortSpecs:   []string{"1111:1111", "2222:2222"},
+		Env:         []string{"VAR1=1", "VAR2=2"},
+		VolumesFrom: "11111111",
+		Volumes:     volumes1,
+	}
 	if Compare(&config1, &config2) {
 		t.Fatalf("Compare should return false, Dns are different")
 	}
@@ -211,6 +224,9 @@ func TestCompare(t *testing.T) {
 	if Compare(&config1, &config5) {
 		t.Fatalf("Compare should return false, Volumes are different")
 	}
+	if Compare(&config1, &config6) {
+		t.Fatalf("Compare should return false, DnsSearch are different")
+	}
 	if !Compare(&config1, &config1) {
 		t.Fatalf("Compare should return true")
 	}
diff --git a/runconfig/merge.go b/runconfig/merge.go
index 3b91aa2af0..34faaf75e7 100644
--- a/runconfig/merge.go
+++ b/runconfig/merge.go
@@ -100,6 +100,12 @@ func Merge(userConf, imageConf *Config) error {
 		//duplicates aren't an issue here
 		userConf.Dns = append(userConf.Dns, imageConf.Dns...)
 	}
+	if userConf.DnsSearch == nil || len(userConf.DnsSearch) == 0 {
+		userConf.DnsSearch = imageConf.DnsSearch
+	} else {
+		//duplicates aren't an issue here
+		userConf.DnsSearch = append(userConf.DnsSearch, imageConf.DnsSearch...)
+	}
 	if userConf.Entrypoint == nil || len(userConf.Entrypoint) == 0 {
 		userConf.Entrypoint = imageConf.Entrypoint
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index 2138f4e68c..cc33188ad5 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -42,6 +42,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flPublish     opts.ListOpts
 		flExpose      opts.ListOpts
 		flDns         opts.ListOpts
+		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
 
@@ -73,6 +74,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host (format: %s) (use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat))
 	cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host")
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
+	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
 	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
@@ -196,6 +198,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		Env:             flEnv.GetAll(),
 		Cmd:             runCmd,
 		Dns:             flDns.GetAll(),
+		DnsSearch:       flDnsSearch.GetAll(),
 		Image:           image,
 		Volumes:         flVolumes.GetMap(),
 		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 4408e13902..38a1beccd2 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -493,13 +493,19 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 
 	// If custom dns exists, then create a resolv.conf for the container
-	if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 {
-		var dns []string
+	if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(runtime.config.DnsSearch) > 0 {
+		dns := utils.GetNameservers(resolvConf)
+		dnsSearch := utils.GetSearchDomains(resolvConf)
 		if len(config.Dns) > 0 {
 			dns = config.Dns
-		} else {
+		} else if len(runtime.config.Dns) > 0 {
 			dns = runtime.config.Dns
 		}
+		if len(config.DnsSearch) > 0 {
+			dnsSearch = config.DnsSearch
+		} else if len(runtime.config.DnsSearch) > 0 {
+			dnsSearch = runtime.config.DnsSearch
+		}
 		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
 		f, err := os.Create(container.ResolvConfPath)
 		if err != nil {
@@ -511,6 +517,11 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 				return nil, nil, err
 			}
 		}
+		if len(dnsSearch) > 0 {
+			if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil {
+				return nil, nil, err
+			}
+		}
 	} else {
 		container.ResolvConfPath = "/etc/resolv.conf"
 	}
diff --git a/utils/utils.go b/utils/utils.go
index 57a8200a7c..2702555973 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -731,54 +731,78 @@ func GetResolvConf() ([]byte, error) {
 // CheckLocalDns looks into the /etc/resolv.conf,
 // it returns true if there is a local nameserver or if there is no nameserver.
 func CheckLocalDns(resolvConf []byte) bool {
-	var parsedResolvConf = StripComments(resolvConf, []byte("#"))
-	if !bytes.Contains(parsedResolvConf, []byte("nameserver")) {
-		return true
-	}
-	for _, ip := range [][]byte{
-		[]byte("127.0.0.1"),
-		[]byte("127.0.1.1"),
-	} {
-		if bytes.Contains(parsedResolvConf, ip) {
-			return true
+	for _, line := range GetLines(resolvConf, []byte("#")) {
+		if !bytes.Contains(line, []byte("nameserver")) {
+			continue
 		}
+		for _, ip := range [][]byte{
+			[]byte("127.0.0.1"),
+			[]byte("127.0.1.1"),
+		} {
+			if bytes.Contains(line, ip) {
+				return true
+			}
+		}
+		return false
 	}
-	return false
+	return true
 }
 
-// StripComments parses input into lines and strips away comments.
-func StripComments(input []byte, commentMarker []byte) []byte {
+// GetLines parses input into lines and strips away comments.
+func GetLines(input []byte, commentMarker []byte) [][]byte {
 	lines := bytes.Split(input, []byte("\n"))
-	var output []byte
+	var output [][]byte
 	for _, currentLine := range lines {
 		var commentIndex = bytes.Index(currentLine, commentMarker)
 		if commentIndex == -1 {
-			output = append(output, currentLine...)
+			output = append(output, currentLine)
 		} else {
-			output = append(output, currentLine[:commentIndex]...)
+			output = append(output, currentLine[:commentIndex])
 		}
-		output = append(output, []byte("\n")...)
 	}
 	return output
 }
 
+// GetNameservers returns nameservers (if any) listed in /etc/resolv.conf
+func GetNameservers(resolvConf []byte) []string {
+	nameservers := []string{}
+	re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`)
+	for _, line := range GetLines(resolvConf, []byte("#")) {
+		var ns = re.FindSubmatch(line)
+		if len(ns) > 0 {
+			nameservers = append(nameservers, string(ns[1]))
+		}
+	}
+	return nameservers
+}
+
 // GetNameserversAsCIDR returns nameservers (if any) listed in
 // /etc/resolv.conf as CIDR blocks (e.g., "1.2.3.4/32")
 // This function's output is intended for net.ParseCIDR
 func GetNameserversAsCIDR(resolvConf []byte) []string {
-	var parsedResolvConf = StripComments(resolvConf, []byte("#"))
 	nameservers := []string{}
-	re := regexp.MustCompile(`^\s*nameserver\s*(([0-9]+\.){3}([0-9]+))\s*$`)
-	for _, line := range bytes.Split(parsedResolvConf, []byte("\n")) {
-		var ns = re.FindSubmatch(line)
-		if len(ns) > 0 {
-			nameservers = append(nameservers, string(ns[1])+"/32")
-		}
+	for _, nameserver := range GetNameservers(resolvConf) {
+		nameservers = append(nameservers, nameserver+"/32")
 	}
-
 	return nameservers
 }
 
+// GetSearchDomains returns search domains (if any) listed in /etc/resolv.conf
+// If more than one search line is encountered, only the contents of the last
+// one is returned.
+func GetSearchDomains(resolvConf []byte) []string {
+	re := regexp.MustCompile(`^\s*search\s*(([^\s]+\s*)*)$`)
+	domains := []string{}
+	for _, line := range GetLines(resolvConf, []byte("#")) {
+		match := re.FindSubmatch(line)
+		if match == nil {
+			continue
+		}
+		domains = strings.Fields(string(match[1]))
+	}
+	return domains
+}
+
 // FIXME: Change this not to receive default value as parameter
 func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) {
 	var (
diff --git a/utils/utils_test.go b/utils/utils_test.go
index 444d2a2428..177d3667e1 100644
--- a/utils/utils_test.go
+++ b/utils/utils_test.go
@@ -444,6 +444,30 @@ func TestParsePortMapping(t *testing.T) {
 	}
 }
 
+func TestGetNameservers(t *testing.T) {
+	for resolv, result := range map[string][]string{`
+nameserver 1.2.3.4
+nameserver 40.3.200.10
+search example.com`: {"1.2.3.4", "40.3.200.10"},
+		`search example.com`: {},
+		`nameserver 1.2.3.4
+search example.com
+nameserver 4.30.20.100`: {"1.2.3.4", "4.30.20.100"},
+		``: {},
+		`  nameserver 1.2.3.4   `: {"1.2.3.4"},
+		`search example.com
+nameserver 1.2.3.4
+#nameserver 4.3.2.1`: {"1.2.3.4"},
+		`search example.com
+nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4"},
+	} {
+		test := GetNameservers([]byte(resolv))
+		if !StrSlicesEqual(test, result) {
+			t.Fatalf("Wrong nameserver string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
 func TestGetNameserversAsCIDR(t *testing.T) {
 	for resolv, result := range map[string][]string{`
 nameserver 1.2.3.4
@@ -468,6 +492,33 @@ nameserver 1.2.3.4 # not 4.3.2.1`: {"1.2.3.4/32"},
 	}
 }
 
+func TestGetSearchDomains(t *testing.T) {
+	for resolv, result := range map[string][]string{
+		`search example.com`:           {"example.com"},
+		`search example.com # ignored`: {"example.com"},
+		` 	  search 	 example.com 	  `: {"example.com"},
+		` 	  search 	 example.com 	  # ignored`: {"example.com"},
+		`search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`	   search   	   foo.example.com 	 example.com 	`: {"foo.example.com", "example.com"},
+		`	   search   	   foo.example.com 	 example.com 	# ignored`: {"foo.example.com", "example.com"},
+		``:          {},
+		`# ignored`: {},
+		`nameserver 1.2.3.4
+search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`nameserver 1.2.3.4
+search dup1.example.com dup2.example.com
+search foo.example.com example.com`: {"foo.example.com", "example.com"},
+		`nameserver 1.2.3.4
+search foo.example.com example.com
+nameserver 4.30.20.100`: {"foo.example.com", "example.com"},
+	} {
+		test := GetSearchDomains([]byte(resolv))
+		if !StrSlicesEqual(test, result) {
+			t.Fatalf("Wrong search domain string {%s} should be %v. Input: %s", test, result, resolv)
+		}
+	}
+}
+
 func StrSlicesEqual(a, b []string) bool {
 	if len(a) != len(b) {
 		return false

From ec3257921da9da0d37df76e26a842f8f4775def0 Mon Sep 17 00:00:00 2001
From: Aditya <aditya@netroy.in>
Date: Sun, 16 Mar 2014 21:35:01 +0100
Subject: [PATCH 159/384] Docker-DCO-1.1-Signed-off-by: Aditya
 <aditya@netroy.in> (github: netroy)

document `DisableNetwork` config flag
---
 docs/sources/reference/api/docker_remote_api_v1.10.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/sources/reference/api/docker_remote_api_v1.10.rst b/docs/sources/reference/api/docker_remote_api_v1.10.rst
index 20af253f0e..4fa9a04c03 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.10.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.10.rst
@@ -136,6 +136,7 @@ Create a container
                 },
                 "VolumesFrom":"",
                 "WorkingDir":"",
+                "DisableNetwork": false,
                 "ExposedPorts":{
                         "22/tcp": {}
                 }

From 5127732c7911988c81eda7bb31ac77fc1dd36ac2 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Wed, 19 Mar 2014 14:30:13 -0400
Subject: [PATCH 160/384] docker save: --output flag

for those that do not care to redirect stdout

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 api/client.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/api/client.go b/api/client.go
index 8f515639a7..343a24078c 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2044,6 +2044,8 @@ func (cli *DockerCli) CmdCp(args ...string) error {
 
 func (cli *DockerCli) CmdSave(args ...string) error {
 	cmd := cli.Subcmd("save", "IMAGE", "Save an image to a tar archive (streamed to stdout)")
+	outfile := cmd.String([]string{"o", "-output"}, "", "Write to an file, instead of STDOUT")
+
 	if err := cmd.Parse(args); err != nil {
 		return err
 	}
@@ -2053,8 +2055,16 @@ func (cli *DockerCli) CmdSave(args ...string) error {
 		return nil
 	}
 
+	var output io.Writer = cli.out
+	var err error
+	if *outfile != "" {
+		output, err = os.Create(*outfile)
+		if err != nil {
+			return err
+		}
+	}
 	image := cmd.Arg(0)
-	if err := cli.stream("GET", "/images/"+image+"/get", nil, cli.out, nil); err != nil {
+	if err := cli.stream("GET", "/images/"+image+"/get", nil, output, nil); err != nil {
 		return err
 	}
 	return nil

From 367a679b9270dd9ec6bd647998b6ffe594cfa6ab Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Wed, 19 Mar 2014 14:34:12 -0400
Subject: [PATCH 161/384] images: assurance and debug info on image layers

when pushing or saving layers, report sizes for validation. And ensure
that the files written are sync'ed.

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 archive/archive.go |  3 +++
 server/server.go   | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/archive/archive.go b/archive/archive.go
index eace5a5158..2fac18e99f 100644
--- a/archive/archive.go
+++ b/archive/archive.go
@@ -617,6 +617,9 @@ func NewTempArchive(src Archive, dir string) (*TempArchive, error) {
 	if _, err := io.Copy(f, src); err != nil {
 		return nil, err
 	}
+	if err = f.Sync(); err != nil {
+		return nil, err
+	}
 	if _, err := f.Seek(0, 0); err != nil {
 		return nil, err
 	}
diff --git a/server/server.go b/server/server.go
index e6243971a4..840a70357d 100644
--- a/server/server.go
+++ b/server/server.go
@@ -378,10 +378,15 @@ func (srv *Server) exportImage(img *image.Image, tempdir string) error {
 		if err != nil {
 			return err
 		}
-		if _, err = io.Copy(fsTar, fs); err != nil {
+		if written, err := io.Copy(fsTar, fs); err != nil {
+			return err
+		} else {
+			utils.Debugf("rendered layer for %s of [%d] size", i.ID, written)
+		}
+
+		if err = fsTar.Close(); err != nil {
 			return err
 		}
-		fsTar.Close()
 
 		// find parent
 		if i.Parent != "" {
@@ -1537,6 +1542,8 @@ func (srv *Server) pushImage(r *registry.Registry, out io.Writer, remote, imgID,
 	defer os.RemoveAll(layerData.Name())
 
 	// Send the layer
+	utils.Debugf("rendered layer for %s of [%d] size", imgData.ID, layerData.Size)
+
 	checksum, checksumPayload, err := r.PushImageLayerRegistry(imgData.ID, utils.ProgressReader(layerData, int(layerData.Size), out, sf, false, utils.TruncateID(imgData.ID), "Pushing"), ep, token, jsonRaw)
 	if err != nil {
 		return "", err

From e93a16ab48f75311aab155548f32776cbd21dfe6 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Wed, 19 Mar 2014 14:47:20 -0400
Subject: [PATCH 162/384] docker save: add and improve docs

add usage examples for `docker save ...`

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 api/client.go                              |  2 +-
 docs/sources/reference/commandline/cli.rst | 23 +++++++++++++++++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/api/client.go b/api/client.go
index 343a24078c..5a69700704 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2043,7 +2043,7 @@ func (cli *DockerCli) CmdCp(args ...string) error {
 }
 
 func (cli *DockerCli) CmdSave(args ...string) error {
-	cmd := cli.Subcmd("save", "IMAGE", "Save an image to a tar archive (streamed to stdout)")
+	cmd := cli.Subcmd("save", "IMAGE", "Save an image to a tar archive (streamed to stdout by default)")
 	outfile := cmd.String([]string{"o", "-output"}, "", "Write to an file, instead of STDOUT")
 
 	if err := cmd.Parse(args); err != nil {
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 0f33b05ec4..294e1d0544 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1307,10 +1307,27 @@ This example shows 5 containers that might be set up to test a web application c
 
 ::
 
-    Usage: docker save image > repository.tar
+    Usage: docker save IMAGE
+
+    Save an image to a tar archive (streamed to stdout by default)
+
+      -o, --output="": Write to an file, instead of STDOUT
+
+
+Produces a tarred repository to the standard output stream.
+Contains all parent layers, and all tags + versions, or specified repo:tag.
+
+.. code-block:: bash
+
+   $ sudo docker save busybox > busybox.tar
+   $ ls -sh b.tar
+   2.7M b.tar
+   $ sudo docker save --output busybox.tar busybox
+   $ ls -sh b.tar
+   2.7M b.tar
+   $ sudo docker save -o fedora-all.tar fedora
+   $ sudo docker save -o fedora-latest.tar fedora:latest
 
-    Streams a tarred repository to the standard output stream.
-    Contains all parent layers, and all tags + versions.
 
 .. _cli_search:
 

From 48cb2f03177732823b4091fd3ddd44b2bef2c58e Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Wed, 19 Mar 2014 21:01:20 +0400
Subject: [PATCH 163/384] Remove duplication of Dns in config merging.

Fixes #4714
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
---
 runconfig/config_test.go |  2 +-
 runconfig/merge.go       | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 46e4691b93..8bbad9effa 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -231,7 +231,7 @@ func TestMerge(t *testing.T) {
 	volumesUser := make(map[string]struct{})
 	volumesUser["/test3"] = struct{}{}
 	configUser := &Config{
-		Dns:       []string{"3.3.3.3"},
+		Dns:       []string{"2.2.2.2", "3.3.3.3"},
 		PortSpecs: []string{"3333:2222", "3333:3333"},
 		Env:       []string{"VAR2=3", "VAR3=3"},
 		Volumes:   volumesUser,
diff --git a/runconfig/merge.go b/runconfig/merge.go
index 3b91aa2af0..79e3951271 100644
--- a/runconfig/merge.go
+++ b/runconfig/merge.go
@@ -97,8 +97,15 @@ func Merge(userConf, imageConf *Config) error {
 	if userConf.Dns == nil || len(userConf.Dns) == 0 {
 		userConf.Dns = imageConf.Dns
 	} else {
-		//duplicates aren't an issue here
-		userConf.Dns = append(userConf.Dns, imageConf.Dns...)
+		dnsSet := make(map[string]struct{}, len(userConf.Dns))
+		for _, dns := range userConf.Dns {
+			dnsSet[dns] = struct{}{}
+		}
+		for _, dns := range imageConf.Dns {
+			if _, exists := dnsSet[dns]; !exists {
+				userConf.Dns = append(userConf.Dns, dns)
+			}
+		}
 	}
 	if userConf.Entrypoint == nil || len(userConf.Entrypoint) == 0 {
 		userConf.Entrypoint = imageConf.Entrypoint

From 698ca9f38d7ccee2c36b98821c74114b95db631b Mon Sep 17 00:00:00 2001
From: Daniel Norberg <dano@spotify.com>
Date: Wed, 19 Mar 2014 15:20:36 -0400
Subject: [PATCH 164/384] fix typo in documentation

Docker-DCO-1.1-Signed-off-by: Daniel Norberg <daniel.norberg@gmail.com> (github: danielnorberg)
---
 docs/sources/reference/commandline/cli.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 7b16a7d2ec..c483551b46 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -97,7 +97,7 @@ To force Docker to use devicemapper as the storage driver, use ``docker -d -s de
 
 To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``.
 
-To set the a DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``.
+To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``.
 
 To run the daemon with debug output, use ``docker -d -D``.
 

From c657603c612650117b4def976ff40d98ba7c3a21 Mon Sep 17 00:00:00 2001
From: Daniel Norberg <dano@spotify.com>
Date: Wed, 19 Mar 2014 16:00:46 -0400
Subject: [PATCH 165/384] variable declaration cleanup

Docker-DCO-1.1-Signed-off-by: Daniel Norberg <daniel.norberg@gmail.com> (github: danielnorberg)
---
 opts/opts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opts/opts.go b/opts/opts.go
index b2f21db30b..67f1c8fd48 100644
--- a/opts/opts.go
+++ b/opts/opts.go
@@ -143,7 +143,7 @@ func ValidateDomain(val string) (string, error) {
 		return "", fmt.Errorf("%s is not a valid domain", val)
 	}
 	re := regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`)
-	var ns = re.FindSubmatch([]byte(val))
+	ns := re.FindSubmatch([]byte(val))
 	if len(ns) > 0 {
 		return string(ns[1]), nil
 	}

From 78a0105eaf80ed85e2ee236632a2cc16998228f9 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Wed, 19 Mar 2014 17:09:12 -0400
Subject: [PATCH 166/384] api/client: var style tweak

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 api/client.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/api/client.go b/api/client.go
index 5a69700704..e7abf04cb5 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2055,8 +2055,10 @@ func (cli *DockerCli) CmdSave(args ...string) error {
 		return nil
 	}
 
-	var output io.Writer = cli.out
-	var err error
+	var (
+		output io.Writer = cli.out
+		err    error
+	)
 	if *outfile != "" {
 		output, err = os.Create(*outfile)
 		if err != nil {

From 4434dcee89f7d0d0239f6b492b24e940cdbafb21 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 19 Mar 2014 23:23:45 +0200
Subject: [PATCH 167/384] fix failing test to use kill instead of stop

TestCreateStartRestartStopStartKillRm was failing because stop has been
changed to not kill containers.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 integration/server_test.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/integration/server_test.go b/integration/server_test.go
index a401f1306e..617f81fa4d 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -416,7 +416,7 @@ func TestRestartKillWait(t *testing.T) {
 	})
 }
 
-func TestCreateStartRestartStopStartKillRm(t *testing.T) {
+func TestCreateStartRestartKillStartKillRm(t *testing.T) {
 	eng := NewTestEngine(t)
 	srv := mkServerFromEngine(eng, t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()
@@ -456,8 +456,7 @@ func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	job = eng.Job("stop", id)
-	job.SetenvInt("t", 15)
+	job = eng.Job("kill", id)
 	if err := job.Run(); err != nil {
 		t.Fatal(err)
 	}

From f3765f96cfb37f6ea9f925f0d3174fe18c4152be Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Thu, 20 Mar 2014 09:08:52 +1000
Subject: [PATCH 168/384] add a link to the security documentation when we
 mention the docker group (or -G)

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/articles/security.rst        | 2 ++
 docs/sources/installation/binaries.rst    | 3 ++-
 docs/sources/installation/ubuntulinux.rst | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/sources/articles/security.rst b/docs/sources/articles/security.rst
index e738e9a847..ec2ab9bffd 100644
--- a/docs/sources/articles/security.rst
+++ b/docs/sources/articles/security.rst
@@ -82,6 +82,8 @@ when some applications start to misbehave.
 Control Groups have been around for a while as well: the code was
 started in 2006, and initially merged in kernel 2.6.24.
 
+.. _dockersecurity_daemon:
+
 Docker Daemon Attack Surface
 ----------------------------
 
diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst
index bfdfbe211f..a070599338 100644
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -77,7 +77,8 @@ always run as the root user, but if you run the ``docker`` client as a
 user in the *docker* group then you don't need to add ``sudo`` to all
 the client commands.
 
-.. warning:: The *docker* group is root-equivalent.
+.. warning:: The *docker* group (or the group specified with ``-G``) is
+   root-equivalent; see :ref:`dockersecurity_daemon` details.
 
 
 Upgrades
diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 6998be8571..776090bff5 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -186,7 +186,7 @@ client commands. As of 0.9.0, you can specify that a group other than ``docker``
 should own the Unix socket with the ``-G`` option.
 
 .. warning:: The *docker* group (or the group specified with ``-G``) is
-   root-equivalent.
+   root-equivalent; see :ref:`dockersecurity_daemon` details.
 
 
 **Example:**

From 179e2c92d8d02d029d8aa54d53edb82b3fbcea2b Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@home.org.au>
Date: Sun, 16 Mar 2014 21:10:59 +0000
Subject: [PATCH 169/384] Generate md5 and sha265 hashes when building, and
 upload them in hack/release.sh

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
---
 hack/make/binary |   8 ++++
 hack/release.sh  | 122 +++++++++++++++++++++++++++++------------------
 2 files changed, 84 insertions(+), 46 deletions(-)
 mode change 100644 => 100755 hack/make/binary

diff --git a/hack/make/binary b/hack/make/binary
old mode 100644
new mode 100755
index 7272b1ede0..dee7d98dc6
--- a/hack/make/binary
+++ b/hack/make/binary
@@ -11,3 +11,11 @@ go build \
 	" \
 	./docker
 echo "Created binary: $DEST/docker-$VERSION"
+
+if command -v md5sum &> /dev/null; then
+	md5sum "$DEST/docker-$VERSION" > "$DEST/docker-$VERSION.md5"
+fi
+if command -v sha256sum &> /dev/null; then
+	sha256sum "$DEST/docker-$VERSION" > "$DEST/docker-$VERSION.sha256"
+fi
+
diff --git a/hack/release.sh b/hack/release.sh
index c380d2239a..edcee98f38 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -55,33 +55,16 @@ RELEASE_BUNDLES=(
 if [ "$1" != '--release-regardless-of-test-failure' ]; then
 	RELEASE_BUNDLES=( test "${RELEASE_BUNDLES[@]}" )
 fi
-
-if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
-	echo >&2
-	echo >&2 'The build or tests appear to have failed.'
-	echo >&2
-	echo >&2 'You, as the release  maintainer, now have a couple options:'
-	echo >&2 '- delay release and fix issues'
-	echo >&2 '- delay release and fix issues'
-	echo >&2 '- did we mention how important this is?  issues need fixing :)'
-	echo >&2
-	echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
-	echo >&2 ' really knows all the hairy problems at hand with the current release'
-	echo >&2 ' issues) may bypass this checking by running this script again with the'
-	echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
-	echo >&2 ' running the test suite, and will only build the binaries and packages.  Please'
-	echo >&2 ' avoid using this if at all possible.'
-	echo >&2
-	echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
-	echo >&2 ' should be used.  If there are release issues, we should always err on the'
-	echo >&2 ' side of caution.'
-	echo >&2
-	exit 1
-fi
-
+	
 VERSION=$(cat VERSION)
 BUCKET=$AWS_S3_BUCKET
 
+# These are the 2 keys we've used to sign the deb's
+#   release (get.docker.io
+#	GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
+#   test    (test.docker.io)
+#	GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"
+
 setup_s3() {
 	# Try creating the bucket. Ignore errors (it might already exist).
 	s3cmd mb s3://$BUCKET 2>/dev/null || true
@@ -114,12 +97,40 @@ s3_url() {
 	esac
 }
 
+build_all() {
+	if ! ./hack/make.sh "${RELEASE_BUNDLES[@]}"; then
+		echo >&2
+		echo >&2 'The build or tests appear to have failed.'
+		echo >&2
+		echo >&2 'You, as the release  maintainer, now have a couple options:'
+		echo >&2 '- delay release and fix issues'
+		echo >&2 '- delay release and fix issues'
+		echo >&2 '- did we mention how important this is?  issues need fixing :)'
+		echo >&2
+		echo >&2 'As a final LAST RESORT, you (because only you, the release maintainer,'
+		echo >&2 ' really knows all the hairy problems at hand with the current release'
+		echo >&2 ' issues) may bypass this checking by running this script again with the'
+		echo >&2 ' single argument of "--release-regardless-of-test-failure", which will skip'
+		echo >&2 ' running the test suite, and will only build the binaries and packages.  Please'
+		echo >&2 ' avoid using this if at all possible.'
+		echo >&2
+		echo >&2 'Regardless, we cannot stress enough the scarcity with which this bypass'
+		echo >&2 ' should be used.  If there are release issues, we should always err on the'
+		echo >&2 ' side of caution.'
+		echo >&2
+		exit 1
+	fi
+}
+
 release_build() {
 	GOOS=$1
 	GOARCH=$2
 
-	BINARY=bundles/$VERSION/cross/$GOOS/$GOARCH/docker-$VERSION
-	TGZ=bundles/$VERSION/tgz/$GOOS/$GOARCH/docker-$VERSION.tgz
+	SOURCE_DIR=bundles/$VERSION/cross/$GOOS/$GOARCH
+	BINARY=docker-$VERSION
+	BINARY_MD5=docker-$VERSION.md5
+	BINARY_SHA256=docker-$VERSION.sha256
+	TGZ=docker-$VERSION.tgz
 
 	# we need to map our GOOS and GOARCH to uname values
 	# see https://en.wikipedia.org/wiki/Uname
@@ -172,17 +183,29 @@ release_build() {
 	fi
 
 	echo "Uploading $BINARY to $S3OS/$S3ARCH/docker-$VERSION"
-	s3cmd --follow-symlinks --preserve --acl-public put $BINARY $S3DIR/docker-$VERSION
+	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY $S3DIR/$BINARY
+
+	echo "Uploading $BINARY_MD5 to $S3OS/$S3ARCH/docker-$VERSION.md5"
+	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_MD5 $S3DIR/$BINARY_MD5
+
+	echo "Uploading $BINARY_BINARY_SHA256 to $S3OS/$S3ARCH/docker-$VERSION.sha256"
+	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_SHA256 $S3DIR/$BINARY_SHA256
 
 	echo "Uploading $TGZ to $S3OS/$S3ARCH/docker-$VERSION.tgz"
-	s3cmd --follow-symlinks --preserve --acl-public put $TGZ $S3DIR/docker-$VERSION.tgz
+	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$TGZ $S3DIR/$TGZ
 
 	if [ -z "$NOLATEST" ]; then
-		echo "Copying $S3OS/$S3ARCH/docker-$VERSION to $S3OS/$S3ARCH/docker-latest"
-		s3cmd --acl-public cp $S3DIR/docker-$VERSION $S3DIR/docker-latest
+		echo "Copying $S3DIR/$BINARY to $S3DIR/docker-latest"
+		s3cmd --acl-public cp $S3DIR/$BINARY $S3DIR/docker-latest
 
-		echo "Copying $S3OS/$S3ARCH/docker-$VERSION.tgz to $S3OS/$S3ARCH/docker-latest.tgz"
-		s3cmd --acl-public cp $S3DIR/docker-$VERSION.tgz $S3DIR/docker-latest.tgz
+		echo "Copying $S3DIR/$BINARY_MD5 to $S3DIR/docker-latest.md5"
+		s3cmd --acl-public cp $S3DIR/$BINARY_MD5 $S3DIR/docker-latest.md5
+
+		echo "Copying $S3DIR/$BINARY_SHA256 to $S3DIR/docker-latest.sha256"
+		s3cmd --acl-public cp $S3DIR/$BINARY_SHA256 $S3DIR/docker-latest.sha256
+
+		echo "Copying $S3DIR/$TGZ $S3DIR/docker-latest.tgz"
+		s3cmd --acl-public cp $S3DIR/$TGZ $S3DIR/docker-latest.tgz
 	fi
 }
 
@@ -194,21 +217,8 @@ release_ubuntu() {
 		echo >&2 './hack/make.sh must be run before release_ubuntu'
 		exit 1
 	}
-	# Make sure that we have our keys
-	mkdir -p /.gnupg/
+	
 	s3cmd sync s3://$BUCKET/ubuntu/.gnupg/ /.gnupg/ || true
-	gpg --list-keys releasedocker >/dev/null || {
-		gpg --gen-key --batch <<EOF
-Key-Type: RSA
-Key-Length: 2048
-Passphrase: $GPG_PASSPHRASE
-Name-Real: Docker Release Tool
-Name-Email: docker@dotcloud.com
-Name-Comment: releasedocker
-Expire-Date: 0
-%commit
-EOF
-	}
 
 	# Sign our packages
 	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker \
@@ -305,14 +315,34 @@ release_test() {
 	fi
 }
 
+setup_gpg() {
+	# Make sure that we have our keys
+	mkdir -p /.gnupg/
+	gpg --list-keys releasedocker >/dev/null || {
+		gpg --gen-key --batch <<EOF
+Key-Type: RSA
+Key-Length: 2048
+Passphrase: $GPG_PASSPHRASE
+Name-Real: Docker Release Tool
+Name-Email: docker@dotcloud.com
+Name-Comment: releasedocker
+Expire-Date: 0
+%commit
+EOF
+	}
+}
+
 main() {
+	build_all
 	setup_s3
+	setup_gpg
 	release_binaries
 	release_ubuntu
 	release_index
 	release_test
 }
 
+
 main
 
 echo

From 43febdd432eb8e7dc5988c72710b3d78a5913360 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Thu, 20 Mar 2014 09:35:58 +1000
Subject: [PATCH 170/384] whitespace-blind

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 hack/make/binary | 1 -
 hack/release.sh  | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/hack/make/binary b/hack/make/binary
index dee7d98dc6..f220d2dae6 100755
--- a/hack/make/binary
+++ b/hack/make/binary
@@ -18,4 +18,3 @@ fi
 if command -v sha256sum &> /dev/null; then
 	sha256sum "$DEST/docker-$VERSION" > "$DEST/docker-$VERSION.sha256"
 fi
-
diff --git a/hack/release.sh b/hack/release.sh
index edcee98f38..76acad4991 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -60,7 +60,7 @@ VERSION=$(cat VERSION)
 BUCKET=$AWS_S3_BUCKET
 
 # These are the 2 keys we've used to sign the deb's
-#   release (get.docker.io
+#   release (get.docker.io)
 #	GPG_KEY="36A1D7869245C8950F966E92D8576A8BA88D21E9"
 #   test    (test.docker.io)
 #	GPG_KEY="740B314AE3941731B942C66ADF4FD13717AAD7D6"
@@ -342,7 +342,6 @@ main() {
 	release_test
 }
 
-
 main
 
 echo

From e38e977a0410b754b6f318ff973dc15e6d756023 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Djibril=20Kon=C3=A9?= <kone.djibril@gmail.com>
Date: Tue, 18 Mar 2014 21:18:36 +0100
Subject: [PATCH 171/384] Harmonize / across all name-related commands
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Djibril Koné <kone.djibril@gmail.com> (github: enokd)

Harmonize / across all name-related commands

Docker-DCO-1.1-Signed-off-by: Djibril Koné <kone.djibril@gmail.com> (github: enokd)

Harmonize / across all name-related commands:Return an error when repeated /

Docker-DCO-1.1-Signed-off-by: Djibril Koné <kone.djibril@gmail.com> (github: enokd)
---
 api/client.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/client.go b/api/client.go
index 10dd9406dc..07a3d25e5c 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1452,6 +1452,11 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 		return nil
 	}
 
+	re := regexp.MustCompile("/{2}")
+	if re.MatchString(repository) {
+		return fmt.Errorf("Error: Bad image name. Please rename your image in the format <user>/<repo>")
+	}
+
 	v := url.Values{}
 	v.Set("container", name)
 	v.Set("repo", repository)

From a8cc6ebb181abf58b12ed6ee037711f0b2f1eff2 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Thu, 20 Mar 2014 09:59:54 +1000
Subject: [PATCH 172/384] I'm not looking forward to documenting cli arguments
 that may or may not show depending on what plugins / drviers you choose

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/reference/commandline/cli.rst |  2 +-
 docs/sources/reference/run.rst             | 15 ++++++++-------
 runconfig/parse.go                         |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index d398b16e53..5f228f55b4 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1145,7 +1145,7 @@ image is removed.
       --volumes-from="": Mount all volumes from the given container(s)
       --entrypoint="": Overwrite the default entrypoint set by the image
       -w, --workdir="": Working directory inside the container
-      --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
+      --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
       --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode)
       --expose=[]: Expose a port from the container without publishing it to your host
       --link="": Add link to another container (name:alias)
diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst
index 0b4f7eebf4..d2fe449c22 100644
--- a/docs/sources/reference/run.rst
+++ b/docs/sources/reference/run.rst
@@ -194,7 +194,7 @@ Runtime Privilege and LXC Configuration
 ::
 
    --privileged=false: Give extended privileges to this container
-   --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
+   --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"
 
 By default, Docker containers are "unprivileged" and cannot, for
 example, run a Docker daemon inside a Docker container. This is
@@ -211,12 +211,13 @@ host. Additional information about running with ``--privileged`` is
 available on the `Docker Blog
 <http://blog.docker.io/2013/09/docker-can-now-run-within-docker/>`_.
 
-An operator can also specify LXC options using one or more
-``--lxc-conf`` parameters. These can be new parameters or override
-existing parameters from the lxc-template.go_. Note that in the
-future, a given host's Docker daemon may not use LXC, so this is an
-implementation-specific configuration meant for operators already
-familiar with using LXC directly.
+If the Docker daemon was started using the ``lxc`` exec-driver
+(``docker -d --exec-driver=lxc``) then the operator can also specify
+LXC options using one or more ``--lxc-conf`` parameters. These can be
+new parameters or override existing parameters from the lxc-template.go_.
+Note that in the future, a given host's Docker daemon may not use LXC,
+so this is an implementation-specific configuration meant for operators
+already familiar with using LXC directly.
 
 .. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go
 
diff --git a/runconfig/parse.go b/runconfig/parse.go
index cc33188ad5..c2591722d5 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -76,7 +76,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
 	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
-	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err

From 62eb23aed50c9c820836c4b3f515cba2660b5c20 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Thu, 20 Mar 2014 10:18:08 +1000
Subject: [PATCH 173/384] missed a bug

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 hack/release.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hack/release.sh b/hack/release.sh
index 76acad4991..d42fd41ee9 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -173,8 +173,8 @@ release_build() {
 
 	S3DIR=s3://$BUCKET/builds/$S3OS/$S3ARCH
 
-	if [ ! -x "$BINARY" ]; then
-		echo >&2 "error: can't find $BINARY - was it compiled properly?"
+	if [ ! -x "$SOURCE_DIR/$BINARY" ]; then
+		echo >&2 "error: can't find $SOURCE_DIR/$BINARY - was it compiled properly?"
 		exit 1
 	fi
 	if [ ! -f "$TGZ" ]; then
@@ -188,7 +188,7 @@ release_build() {
 	echo "Uploading $BINARY_MD5 to $S3OS/$S3ARCH/docker-$VERSION.md5"
 	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_MD5 $S3DIR/$BINARY_MD5
 
-	echo "Uploading $BINARY_BINARY_SHA256 to $S3OS/$S3ARCH/docker-$VERSION.sha256"
+	echo "Uploading $BINARY_SHA256 to $S3OS/$S3ARCH/docker-$VERSION.sha256"
 	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_SHA256 $S3DIR/$BINARY_SHA256
 
 	echo "Uploading $TGZ to $S3OS/$S3ARCH/docker-$VERSION.tgz"

From 6b46a09186b6a53959d567014b8d0e1cff761bc8 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 19 Mar 2014 19:58:39 -0600
Subject: [PATCH 174/384] Fix a lot of the sha256 and md5 stuff to be more DRY
 and extendible, and on more things (specifically, the tgz files too)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make.sh        |  21 ++++++++
 hack/make/binary    |   9 +---
 hack/make/dynbinary |   6 ++-
 hack/make/tgz       |   2 +
 hack/release.sh     | 121 ++++++++++++++++++++++++++------------------
 5 files changed, 100 insertions(+), 59 deletions(-)

diff --git a/hack/make.sh b/hack/make.sh
index 994da8d9ad..b77e9b7f44 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -149,6 +149,27 @@ find_dirs() {
 	\) -name "$1" -print0 | xargs -0n1 dirname | sort -u
 }
 
+hash_files() {
+	while [ $# -gt 0 ]; do
+		f="$1"
+		shift
+		dir="$(dirname "$f")"
+		base="$(basename "$f")"
+		for hashAlgo in md5 sha256; do
+			if command -v "${hashAlgo}sum" &> /dev/null; then
+				(
+					# subshell and cd so that we get output files like:
+					#   $HASH docker-$VERSION
+					# instead of:
+					#   $HASH /go/src/github.com/.../$VERSION/binary/docker-$VERSION
+					cd "$dir"
+					"${hashAlgo}sum" "$base" > "$base.$hashAlgo"
+				)
+			fi
+		done
+	done
+}
+
 bundle() {
 	bundlescript=$1
 	bundle=$(basename $bundlescript)
diff --git a/hack/make/binary b/hack/make/binary
index f220d2dae6..7b4d7b5b5b 100755
--- a/hack/make/binary
+++ b/hack/make/binary
@@ -3,7 +3,7 @@
 DEST=$1
 
 go build \
-	-o $DEST/docker-$VERSION \
+	-o "$DEST/docker-$VERSION" \
 	"${BUILDFLAGS[@]}" \
 	-ldflags "
 		$LDFLAGS
@@ -12,9 +12,4 @@ go build \
 	./docker
 echo "Created binary: $DEST/docker-$VERSION"
 
-if command -v md5sum &> /dev/null; then
-	md5sum "$DEST/docker-$VERSION" > "$DEST/docker-$VERSION.md5"
-fi
-if command -v sha256sum &> /dev/null; then
-	sha256sum "$DEST/docker-$VERSION" > "$DEST/docker-$VERSION.sha256"
-fi
+hash_files "$DEST/docker-$VERSION"
diff --git a/hack/make/dynbinary b/hack/make/dynbinary
index d4f583fb62..75cffe3dcc 100644
--- a/hack/make/dynbinary
+++ b/hack/make/dynbinary
@@ -5,7 +5,7 @@ DEST=$1
 if [ -z "$DOCKER_CLIENTONLY" ]; then
 	# dockerinit still needs to be a static binary, even if docker is dynamic
 	go build \
-		-o $DEST/dockerinit-$VERSION \
+		-o "$DEST/dockerinit-$VERSION" \
 		"${BUILDFLAGS[@]}" \
 		-ldflags "
 			$LDFLAGS
@@ -14,7 +14,9 @@ if [ -z "$DOCKER_CLIENTONLY" ]; then
 		" \
 		./dockerinit
 	echo "Created binary: $DEST/dockerinit-$VERSION"
-	ln -sf dockerinit-$VERSION $DEST/dockerinit
+	ln -sf "dockerinit-$VERSION" "$DEST/dockerinit"
+	
+	hash_files "$DEST/dockerinit-$VERSION"
 	
 	sha1sum=
 	if command -v sha1sum &> /dev/null; then
diff --git a/hack/make/tgz b/hack/make/tgz
index 5d03306322..120339976b 100644
--- a/hack/make/tgz
+++ b/hack/make/tgz
@@ -23,6 +23,8 @@ for d in "$CROSS/"*/*; do
 	
 	tar --numeric-owner --owner 0 -C "$DEST/build" -czf "$TGZ" usr
 	
+	hash_files "$TGZ"
+	
 	rm -rf "$DEST/build"
 	
 	echo "Created tgz: $TGZ"
diff --git a/hack/release.sh b/hack/release.sh
index 46a93af70c..6f9df8c7e6 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -122,91 +122,113 @@ build_all() {
 	fi
 }
 
+upload_release_build() {
+	src="$1"
+	dst="$2"
+	latest="$3"
+
+	echo
+	echo "Uploading $src"
+	echo "  to $dst"
+	echo
+	s3cmd --follow-symlinks --preserve --acl-public put "$src" "$dst"
+	if [ "$latest" ]; then
+		echo
+		echo "Copying to $latest"
+		echo
+		s3cmd --acl-public cp "$dst" "$latest"
+	fi
+
+	# get hash files too (see hash_files() in hack/make.sh)
+	for hashAlgo in md5 sha256; do
+		if [ -e "$src.$hashAlgo" ]; then
+			echo
+			echo "Uploading $src.$hashAlgo"
+			echo "  to $dst.$hashAlgo"
+			echo
+			s3cmd --follow-symlinks --preserve --acl-public --mime-type='text/plain' put "$src.$hashAlgo" "$dst.$hashAlgo"
+			if [ "$latest" ]; then
+				echo
+				echo "Copying to $latest.$hashAlgo"
+				echo
+				s3cmd --acl-public cp "$dst.$hashAlgo" "$latest.$hashAlgo"
+			fi
+		fi
+	done
+}
+
 release_build() {
 	GOOS=$1
 	GOARCH=$2
 
-	SOURCE_DIR=bundles/$VERSION/cross/$GOOS/$GOARCH
-	BINARY=docker-$VERSION
-	BINARY_MD5=docker-$VERSION.md5
-	BINARY_SHA256=docker-$VERSION.sha256
-	TGZ=docker-$VERSION.tgz
+	binDir=bundles/$VERSION/cross/$GOOS/$GOARCH
+	tgzDir=bundles/$VERSION/tgz/$GOOS/$GOARCH
+	binary=docker-$VERSION
+	tgz=docker-$VERSION.tgz
+
+	latestBase=
+	if [ -z "$NOLATEST" ]; then
+		latestBase=docker-latest
+	fi
 
 	# we need to map our GOOS and GOARCH to uname values
 	# see https://en.wikipedia.org/wiki/Uname
 	# ie, GOOS=linux -> "uname -s"=Linux
 
-	S3OS=$GOOS
-	case "$S3OS" in
+	s3Os=$GOOS
+	case "$s3Os" in
 		darwin)
-			S3OS=Darwin
+			s3Os=Darwin
 			;;
 		freebsd)
-			S3OS=FreeBSD
+			s3Os=FreeBSD
 			;;
 		linux)
-			S3OS=Linux
+			s3Os=Linux
 			;;
 		*)
-			echo >&2 "error: can't convert $S3OS to an appropriate value for 'uname -s'"
+			echo >&2 "error: can't convert $s3Os to an appropriate value for 'uname -s'"
 			exit 1
 			;;
 	esac
 
-	S3ARCH=$GOARCH
-	case "$S3ARCH" in
+	s3Arch=$GOARCH
+	case "$s3Arch" in
 		amd64)
-			S3ARCH=x86_64
+			s3Arch=x86_64
 			;;
 		386)
-			S3ARCH=i386
+			s3Arch=i386
 			;;
 		arm)
-			S3ARCH=armel
+			s3Arch=armel
 			# someday, we might potentially support mutliple GOARM values, in which case we might get armhf here too
 			;;
 		*)
-			echo >&2 "error: can't convert $S3ARCH to an appropriate value for 'uname -m'"
+			echo >&2 "error: can't convert $s3Arch to an appropriate value for 'uname -m'"
 			exit 1
 			;;
 	esac
 
-	S3DIR=s3://$BUCKET/builds/$S3OS/$S3ARCH
+	s3Dir=s3://$BUCKET/builds/$s3Os/$s3Arch
+	latest=
+	latestTgz=
+	if [ "$latestBase" ]; then
+		latest="$s3Dir/$latestBase"
+		latestTgz="$s3Dir/$latestBase.tgz"
+	fi
 
-	if [ ! -x "$SOURCE_DIR/$BINARY" ]; then
-		echo >&2 "error: can't find $SOURCE_DIR/$BINARY - was it compiled properly?"
+	if [ ! -x "$binDir/$binary" ]; then
+		echo >&2 "error: can't find $binDir/$binary - was it compiled properly?"
 		exit 1
 	fi
-	if [ ! -f "$TGZ" ]; then
-		echo >&2 "error: can't find $TGZ - was it packaged properly?"
+	if [ ! -f "$tgzDir/$tgz" ]; then
+		echo >&2 "error: can't find $tgzDir/$tgz - was it packaged properly?"
 		exit 1
 	fi
 
-	echo "Uploading $BINARY to $S3OS/$S3ARCH/docker-$VERSION"
-	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY $S3DIR/$BINARY
-
-	echo "Uploading $BINARY_MD5 to $S3OS/$S3ARCH/docker-$VERSION.md5"
-	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_MD5 $S3DIR/$BINARY_MD5
-
-	echo "Uploading $BINARY_SHA256 to $S3OS/$S3ARCH/docker-$VERSION.sha256"
-	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$BINARY_SHA256 $S3DIR/$BINARY_SHA256
-
-	echo "Uploading $TGZ to $S3OS/$S3ARCH/docker-$VERSION.tgz"
-	s3cmd --follow-symlinks --preserve --acl-public put $SOURCE_DIR/$TGZ $S3DIR/$TGZ
-
-	if [ -z "$NOLATEST" ]; then
-		echo "Copying $S3DIR/$BINARY to $S3DIR/docker-latest"
-		s3cmd --acl-public cp $S3DIR/$BINARY $S3DIR/docker-latest
-
-		echo "Copying $S3DIR/$BINARY_MD5 to $S3DIR/docker-latest.md5"
-		s3cmd --acl-public cp $S3DIR/$BINARY_MD5 $S3DIR/docker-latest.md5
-
-		echo "Copying $S3DIR/$BINARY_SHA256 to $S3DIR/docker-latest.sha256"
-		s3cmd --acl-public cp $S3DIR/$BINARY_SHA256 $S3DIR/docker-latest.sha256
-
-		echo "Copying $S3DIR/$TGZ $S3DIR/docker-latest.tgz"
-		s3cmd --acl-public cp $S3DIR/$TGZ $S3DIR/docker-latest.tgz
-	fi
+	upload_release_build "$binDir/$binary" "$s3Dir/$binary" "$latest"
+	upload_release_build "$tgzDir/$tgz" "$s3Dir/$tgz" "$latestTgz"
 }
 
 # Upload the 'ubuntu' bundle to S3:
@@ -217,8 +239,6 @@ release_ubuntu() {
 		echo >&2 './hack/make.sh must be run before release_ubuntu'
 		exit 1
 	}
-	
-	s3cmd sync s3://$BUCKET/ubuntu/.gnupg/ /.gnupg/ || true
 
 	# Sign our packages
 	dpkg-sig -g "--passphrase $GPG_PASSPHRASE" -k releasedocker \
@@ -318,10 +338,11 @@ release_test() {
 setup_gpg() {
 	# Make sure that we have our keys
 	mkdir -p /.gnupg/
+	s3cmd sync s3://$BUCKET/ubuntu/.gnupg/ /.gnupg/ || true
 	gpg --list-keys releasedocker >/dev/null || {
 		gpg --gen-key --batch <<EOF
 Key-Type: RSA
-Key-Length: 2048
+Key-Length: 4096
 Passphrase: $GPG_PASSPHRASE
 Name-Real: Docker Release Tool
 Name-Email: docker@dotcloud.com

From a9fa1a13c3b0a654a96be01ff7ec19e8009b2094 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 20 Mar 2014 17:32:59 +0100
Subject: [PATCH 175/384] devicemapper: Better/faster shutdown

Right now shutdown is looping over *all* devicemapper
devices and actively deactivating them, this is pretty
slow if you have a lot of non-active containers. We
instead only deactivate the devices that are mounted.

We also do the shutdown unmount using MNT_DETACH which
forces the unmount in the global namespace, even if it
is busy because of some container having it mounted.
This means the device will be freed when that container
exits.

Also, we move the call to waitClose to deactivateDevice
because all callers of any of them call both anyway.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 36 ++++++++++------------
 1 file changed, 17 insertions(+), 19 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index 4d33e243e0..dfdb180bb2 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -14,6 +14,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"syscall"
 	"time"
 )
 
@@ -677,6 +678,12 @@ func (devices *DeviceSet) deactivateDevice(hash string) error {
 	utils.Debugf("[devmapper] deactivateDevice(%s)", hash)
 	defer utils.Debugf("[devmapper] deactivateDevice END")
 
+	// Wait for the unmount to be effective,
+	// by watching the value of Info.OpenCount for the device
+	if err := devices.waitClose(hash); err != nil {
+		utils.Errorf("Warning: error waiting for device %s to close: %s\n", hash, err)
+	}
+
 	info := devices.Devices[hash]
 	if info == nil {
 		return fmt.Errorf("Unknown device %s", hash)
@@ -799,26 +806,20 @@ func (devices *DeviceSet) Shutdown() error {
 	for _, info := range devices.Devices {
 		info.lock.Lock()
 		if info.mountCount > 0 {
-			if err := sysUnmount(info.mountPath, 0); err != nil {
+			// We use MNT_DETACH here in case it is still busy in some running
+			// container. This means it'll go away from the global scope directly,
+			// and the device will be released when that container dies.
+			if err := sysUnmount(info.mountPath, syscall.MNT_DETACH); err != nil {
 				utils.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
 			}
+
+			if err := devices.deactivateDevice(info.Hash); err != nil {
+				utils.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
+			}
 		}
 		info.lock.Unlock()
 	}
 
-	for _, d := range devices.Devices {
-		d.lock.Lock()
-
-		if err := devices.waitClose(d.Hash); err != nil {
-			utils.Errorf("Warning: error waiting for device %s to unmount: %s\n", d.Hash, err)
-		}
-		if err := devices.deactivateDevice(d.Hash); err != nil {
-			utils.Debugf("Shutdown deactivate %s , error: %s\n", d.Hash, err)
-		}
-
-		d.lock.Unlock()
-	}
-
 	if err := devices.deactivatePool(); err != nil {
 		utils.Debugf("Shutdown deactivate pool , error: %s\n", err)
 	}
@@ -920,14 +921,11 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 		return err
 	}
 	utils.Debugf("[devmapper] Unmount done")
-	// Wait for the unmount to be effective,
-	// by watching the value of Info.OpenCount for the device
-	if err := devices.waitClose(hash); err != nil {
+
+	if err := devices.deactivateDevice(hash); err != nil {
 		return err
 	}
 
-	devices.deactivateDevice(hash)
-
 	info.mountPath = ""
 
 	return nil

From fbd6fee4ab9b98f477f365307a641b879badd282 Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Thu, 20 Mar 2014 13:09:34 -0400
Subject: [PATCH 176/384] Fix double single dash arg issues in docs

Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
---
 docs/sources/articles/runmetrics.rst         | 2 +-
 docs/sources/examples/postgresql_service.rst | 2 +-
 docs/sources/use/working_with_volumes.rst    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/sources/articles/runmetrics.rst b/docs/sources/articles/runmetrics.rst
index afb7f82e39..6b705fb737 100644
--- a/docs/sources/articles/runmetrics.rst
+++ b/docs/sources/articles/runmetrics.rst
@@ -63,7 +63,7 @@ For Docker containers using cgroups, the container name will be the
 full ID or long ID of the container. If a container shows up as
 ae836c95b4c3 in ``docker ps``, its long ID might be something like
 ``ae836c95b4c3c9e9179e0e91015512da89fdec91612f63cebae57df9a5444c79``. You
-can look it up with ``docker inspect`` or ``docker ps -notrunc``.
+can look it up with ``docker inspect`` or ``docker ps --no-trunc``.
 
 Putting everything together to look at the memory metrics for a Docker
 container, take a look at ``/sys/fs/cgroup/memory/lxc/<longid>/``.
diff --git a/docs/sources/examples/postgresql_service.rst b/docs/sources/examples/postgresql_service.rst
index 66b0fd7aa5..488e1530b2 100644
--- a/docs/sources/examples/postgresql_service.rst
+++ b/docs/sources/examples/postgresql_service.rst
@@ -37,7 +37,7 @@ And run the PostgreSQL server container (in the foreground):
 
 .. code-block:: bash
 
-    $ sudo docker run --rm -P -name pg_test eg_postgresql
+    $ sudo docker run --rm -P --name pg_test eg_postgresql
 
 There are  2 ways to connect to the PostgreSQL server. We can use 
 :ref:`working_with_links_names`, or we can access it from our host (or the network).
diff --git a/docs/sources/use/working_with_volumes.rst b/docs/sources/use/working_with_volumes.rst
index 02f4e71b13..d2f035dc84 100644
--- a/docs/sources/use/working_with_volumes.rst
+++ b/docs/sources/use/working_with_volumes.rst
@@ -129,7 +129,7 @@ because they are external to images.
 Instead you can use ``--volumes-from`` to start a new container that can access the
 data-container's volume. For example::
 
-    $ sudo docker run -rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data
+    $ sudo docker run --rm --volumes-from DATA -v $(pwd):/backup busybox tar cvf /backup/backup.tar /data
 
 * ``--rm`` - remove the container when it exits
 * ``--volumes-from DATA`` - attach to the volumes shared by the ``DATA`` container
@@ -140,7 +140,7 @@ data-container's volume. For example::
 Then to restore to the same container, or another that you've made elsewhere::
 
     # create a new data container
-    $ sudo docker run -v /data -name DATA2 busybox true
+    $ sudo docker run -v /data --name DATA2 busybox true
     # untar the backup files into the new container's data volume
     $ sudo docker run --rm --volumes-from DATA2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar
     data/

From ab0c9b385c47d818a2105c2114573f5beedbd3ba Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 20 Mar 2014 14:59:40 -0600
Subject: [PATCH 177/384] Remove the inotifywait hack from our upstart
 host-integration example that is no longer necessary

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/use/host_integration.rst | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docs/sources/use/host_integration.rst b/docs/sources/use/host_integration.rst
index ed341cd4bc..cb920a5908 100644
--- a/docs/sources/use/host_integration.rst
+++ b/docs/sources/use/host_integration.rst
@@ -43,11 +43,6 @@ into it:
    stop on runlevel [!2345]
    respawn
    script
-     # Wait for docker to finish starting up first.
-     FILE=/var/run/docker.sock
-     while [ ! -e $FILE ] ; do
-       inotifywait -t 2 -e create $(dirname $FILE)
-     done
      /usr/bin/docker start -a redis_server
    end script
 

From 8944fb2e9b07d5a764f8d48065b9afd73364f640 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Thu, 20 Mar 2014 21:51:28 +0000
Subject: [PATCH 178/384] rename lxc to bridge

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 builtins/builtins.go                            | 7 +++----
 runtime/networkdriver/{lxc => bridge}/driver.go | 2 +-
 runtime/runtime.go                              | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)
 rename runtime/networkdriver/{lxc => bridge}/driver.go (99%)

diff --git a/builtins/builtins.go b/builtins/builtins.go
index 86f3973c62..10ee9b19e6 100644
--- a/builtins/builtins.go
+++ b/builtins/builtins.go
@@ -1,10 +1,9 @@
 package builtins
 
 import (
-	"github.com/dotcloud/docker/engine"
-
 	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/runtime/networkdriver/lxc"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/runtime/networkdriver/bridge"
 	"github.com/dotcloud/docker/server"
 )
 
@@ -35,5 +34,5 @@ func remote(eng *engine.Engine) {
 //
 func daemon(eng *engine.Engine) {
 	eng.Register("initserver", server.InitServer)
-	eng.Register("init_networkdriver", lxc.InitDriver)
+	eng.Register("init_networkdriver", bridge.InitDriver)
 }
diff --git a/runtime/networkdriver/lxc/driver.go b/runtime/networkdriver/bridge/driver.go
similarity index 99%
rename from runtime/networkdriver/lxc/driver.go
rename to runtime/networkdriver/bridge/driver.go
index 827de2a609..41588b1c27 100644
--- a/runtime/networkdriver/lxc/driver.go
+++ b/runtime/networkdriver/bridge/driver.go
@@ -1,4 +1,4 @@
-package lxc
+package bridge
 
 import (
 	"fmt"
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 38a1beccd2..0d3468e350 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -17,7 +17,7 @@ import (
 	"github.com/dotcloud/docker/runtime/execdriver/lxc"
 	"github.com/dotcloud/docker/runtime/graphdriver"
 	_ "github.com/dotcloud/docker/runtime/graphdriver/vfs"
-	_ "github.com/dotcloud/docker/runtime/networkdriver/lxc"
+	_ "github.com/dotcloud/docker/runtime/networkdriver/bridge"
 	"github.com/dotcloud/docker/runtime/networkdriver/portallocator"
 	"github.com/dotcloud/docker/utils"
 	"io"

From f7b3e879fc3047ed93ac6b43cd9bf47a25f3d0fc Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 20 Mar 2014 22:58:02 +0000
Subject: [PATCH 179/384] Add initial plugin flag to pass lxc and native driver
 options Docker-DCO-1.1-Signed-off-by: Michael Crosby
 <michael@crosbymichael.com> (github: crosbymichael)

---
 runconfig/hostconfig.go                       |  2 ++
 runconfig/parse.go                            | 18 ++++++++++++
 runtime/container.go                          |  8 ++++--
 runtime/execdriver/driver.go                  | 28 +++++++++----------
 runtime/execdriver/lxc/lxc_template.go        |  4 +--
 .../execdriver/lxc/lxc_template_unit_test.go  |  3 +-
 runtime/execdriver/native/driver.go           |  6 ++--
 7 files changed, 46 insertions(+), 23 deletions(-)

diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 6c8618ee81..8ee2288b4b 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -13,6 +13,7 @@ type HostConfig struct {
 	PortBindings    nat.PortMap
 	Links           []string
 	PublishAllPorts bool
+	PluginOptions   map[string][]string
 }
 
 type KeyValuePair struct {
@@ -28,6 +29,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
+	job.GetenvJson("PluginOptions", &hostConfig.PluginOptions)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index cc33188ad5..afcaec304f 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -45,6 +45,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
+		flPluginOpts  opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id")
@@ -77,6 +78,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
 	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flPluginOpts, []string{"-plugin"}, "Add custom plugin options")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err
@@ -206,6 +208,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		WorkingDir:      *flWorkingDir,
 	}
 
+	pluginOptions := parsePluginOpts(flPluginOpts)
+
 	hostConfig := &HostConfig{
 		Binds:           binds,
 		ContainerIDFile: *flContainerIDFile,
@@ -214,6 +218,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PortBindings:    portBindings,
 		Links:           flLinks.GetAll(),
 		PublishAllPorts: *flPublishAll,
+		PluginOptions:   pluginOptions,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
@@ -247,3 +252,16 @@ func parseLxcOpt(opt string) (string, string, error) {
 	}
 	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
 }
+
+func parsePluginOpts(opts opts.ListOpts) map[string][]string {
+	out := make(map[string][]string, len(opts.GetAll()))
+	for _, o := range opts.GetAll() {
+		parts := strings.SplitN(o, " ", 2)
+		values, exists := out[parts[0]]
+		if !exists {
+			values = []string{}
+		}
+		out[parts[0]] = append(values, parts[1])
+	}
+	return out
+}
diff --git a/runtime/container.go b/runtime/container.go
index 6194a19c8c..488d905f4b 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -361,7 +361,7 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 func populateCommand(c *Container) {
 	var (
 		en           *execdriver.Network
-		driverConfig []string
+		driverConfig = c.hostConfig.PluginOptions
 	)
 
 	en = &execdriver.Network{
@@ -379,11 +379,15 @@ func populateCommand(c *Container) {
 		}
 	}
 
+	// merge in the lxc conf options into the generic config map
 	if lxcConf := c.hostConfig.LxcConf; lxcConf != nil {
+		lxc := driverConfig["lxc"]
 		for _, pair := range lxcConf {
-			driverConfig = append(driverConfig, fmt.Sprintf("%s = %s", pair.Key, pair.Value))
+			lxc = append(lxc, fmt.Sprintf("%s = %s", pair.Key, pair.Value))
 		}
+		driverConfig["lxc"] = lxc
 	}
+
 	resources := &execdriver.Resources{
 		Memory:     c.Config.Memory,
 		MemorySwap: c.Config.MemorySwap,
diff --git a/runtime/execdriver/driver.go b/runtime/execdriver/driver.go
index 23e31ee8d9..2b7c367453 100644
--- a/runtime/execdriver/driver.go
+++ b/runtime/execdriver/driver.go
@@ -112,20 +112,20 @@ type Mount struct {
 type Command struct {
 	exec.Cmd `json:"-"`
 
-	ID         string     `json:"id"`
-	Privileged bool       `json:"privileged"`
-	User       string     `json:"user"`
-	Rootfs     string     `json:"rootfs"`   // root fs of the container
-	InitPath   string     `json:"initpath"` // dockerinit
-	Entrypoint string     `json:"entrypoint"`
-	Arguments  []string   `json:"arguments"`
-	WorkingDir string     `json:"working_dir"`
-	ConfigPath string     `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
-	Tty        bool       `json:"tty"`
-	Network    *Network   `json:"network"`
-	Config     []string   `json:"config"` //  generic values that specific drivers can consume
-	Resources  *Resources `json:"resources"`
-	Mounts     []Mount    `json:"mounts"`
+	ID         string              `json:"id"`
+	Privileged bool                `json:"privileged"`
+	User       string              `json:"user"`
+	Rootfs     string              `json:"rootfs"`   // root fs of the container
+	InitPath   string              `json:"initpath"` // dockerinit
+	Entrypoint string              `json:"entrypoint"`
+	Arguments  []string            `json:"arguments"`
+	WorkingDir string              `json:"working_dir"`
+	ConfigPath string              `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
+	Tty        bool                `json:"tty"`
+	Network    *Network            `json:"network"`
+	Config     map[string][]string `json:"config"` //  generic values that specific drivers can consume
+	Resources  *Resources          `json:"resources"`
+	Mounts     []Mount             `json:"mounts"`
 
 	Terminal     Terminal `json:"-"`             // standard or tty terminal
 	Console      string   `json:"-"`             // dev/console path
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index ce9d90469f..7979e4f284 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -118,8 +118,8 @@ lxc.cgroup.cpu.shares = {{.Resources.CpuShares}}
 {{end}}
 {{end}}
 
-{{if .Config}}
-{{range $value := .Config}}
+{{if .Config.lxc}}
+{{range $value := .Config.lxc}}
 {{$value}}
 {{end}}
 {{end}}
diff --git a/runtime/execdriver/lxc/lxc_template_unit_test.go b/runtime/execdriver/lxc/lxc_template_unit_test.go
index e613adf7a9..74cfd6229c 100644
--- a/runtime/execdriver/lxc/lxc_template_unit_test.go
+++ b/runtime/execdriver/lxc/lxc_template_unit_test.go
@@ -75,10 +75,11 @@ func TestCustomLxcConfig(t *testing.T) {
 	command := &execdriver.Command{
 		ID:         "1",
 		Privileged: false,
-		Config: []string{
+		Config: map[string][]string{"lxc": {
 			"lxc.utsname = docker",
 			"lxc.cgroup.cpuset.cpus = 0,1",
 		},
+		},
 		Network: &execdriver.Network{
 			Mtu:       1500,
 			Interface: nil,
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index bf7e8ccdec..0a09d324db 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -184,10 +184,8 @@ func (d *driver) removeContainerRoot(id string) error {
 func (d *driver) validateCommand(c *execdriver.Command) error {
 	// we need to check the Config of the command to make sure that we
 	// do not have any of the lxc-conf variables
-	for _, conf := range c.Config {
-		if strings.Contains(conf, "lxc") {
-			return fmt.Errorf("%s is not supported by the native driver", conf)
-		}
+	for _, conf := range c.Config["native"] {
+		log.Println(conf)
 	}
 	return nil
 }

From c5f9c4bd6933c806490e4f7cb52557cee154dbed Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 20 Mar 2014 23:09:01 +0000
Subject: [PATCH 180/384] Dont use custom marshaling for caps and namespaces

This also adds an enabled field to the types so that they
can be easily toggled.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/libcontainer/types.go       | 77 ++++++++++-----------------------
 pkg/libcontainer/types_linux.go | 12 ++---
 2 files changed, 28 insertions(+), 61 deletions(-)

diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go
index 94fe876554..87346348bc 100644
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@@ -1,7 +1,6 @@
 package libcontainer
 
 import (
-	"encoding/json"
 	"errors"
 	"github.com/syndtr/gocapability/capability"
 )
@@ -19,29 +18,30 @@ var (
 	namespaceList = Namespaces{}
 
 	capabilityList = Capabilities{
-		{Key: "SETPCAP", Value: capability.CAP_SETPCAP},
-		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE},
-		{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO},
-		{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT},
-		{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN},
-		{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE},
-		{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE},
-		{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME},
-		{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG},
-		{Key: "MKNOD", Value: capability.CAP_MKNOD},
-		{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE},
-		{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL},
-		{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE},
-		{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN},
-		{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN},
+		{Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: true},
+		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: true},
+		{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: true},
+		{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: true},
+		{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: true},
+		{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: true},
+		{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: true},
+		{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: true},
+		{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: true},
+		{Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: true},
+		{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: true},
+		{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: true},
+		{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: true},
+		{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: true},
+		{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: true},
 	}
 )
 
 type (
 	Namespace struct {
-		Key   string
-		Value int
-		File  string
+		Key     string `json:"key,omitempty"`
+		Enabled bool   `json:"enabled,omitempty"`
+		Value   int    `json:"value,omitempty"`
+		File    string `json:"file,omitempty"`
 	}
 	Namespaces []*Namespace
 )
@@ -50,23 +50,6 @@ func (ns *Namespace) String() string {
 	return ns.Key
 }
 
-func (ns *Namespace) MarshalJSON() ([]byte, error) {
-	return json.Marshal(ns.Key)
-}
-
-func (ns *Namespace) UnmarshalJSON(src []byte) error {
-	var nsName string
-	if err := json.Unmarshal(src, &nsName); err != nil {
-		return err
-	}
-	ret := GetNamespace(nsName)
-	if ret == nil {
-		return ErrUnkownNamespace
-	}
-	*ns = *ret
-	return nil
-}
-
 func GetNamespace(key string) *Namespace {
 	for _, ns := range namespaceList {
 		if ns.Key == key {
@@ -89,8 +72,9 @@ func (n Namespaces) Contains(ns string) bool {
 
 type (
 	Capability struct {
-		Key   string
-		Value capability.Cap
+		Key     string         `json:"key,omitempty"`
+		Enabled bool           `json:"enabled"`
+		Value   capability.Cap `json:"value,omitempty"`
 	}
 	Capabilities []*Capability
 )
@@ -99,23 +83,6 @@ func (c *Capability) String() string {
 	return c.Key
 }
 
-func (c *Capability) MarshalJSON() ([]byte, error) {
-	return json.Marshal(c.Key)
-}
-
-func (c *Capability) UnmarshalJSON(src []byte) error {
-	var capName string
-	if err := json.Unmarshal(src, &capName); err != nil {
-		return err
-	}
-	ret := GetCapability(capName)
-	if ret == nil {
-		return ErrUnkownCapability
-	}
-	*c = *ret
-	return nil
-}
-
 func GetCapability(key string) *Capability {
 	for _, capp := range capabilityList {
 		if capp.Key == key {
diff --git a/pkg/libcontainer/types_linux.go b/pkg/libcontainer/types_linux.go
index c14531df20..1f937e0c97 100644
--- a/pkg/libcontainer/types_linux.go
+++ b/pkg/libcontainer/types_linux.go
@@ -6,11 +6,11 @@ import (
 
 func init() {
 	namespaceList = Namespaces{
-		{Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"},
-		{Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"},
-		{Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"},
-		{Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"},
-		{Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"},
-		{Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"},
+		{Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt", Enabled: true},
+		{Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts", Enabled: true},
+		{Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc", Enabled: true},
+		{Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user", Enabled: true},
+		{Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid", Enabled: true},
+		{Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net", Enabled: true},
 	}
 }

From 43c3ee3ba154e2480191ed3743391810f23f29af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Djibril=20Kon=C3=A9?= <kone.djibril@gmail.com>
Date: Fri, 21 Mar 2014 00:40:58 +0100
Subject: [PATCH 181/384] Harmonize / across all name-related commands/Validate
 images names
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Djibril Koné <kone.djibril@gmail.com> (github: enokd)
---
 api/client.go             | 26 +++++++++++++++++++++++---
 registry/registry_test.go |  4 ++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/api/client.go b/api/client.go
index 07a3d25e5c..aed1ccabc6 100644
--- a/api/client.go
+++ b/api/client.go
@@ -207,6 +207,15 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	}
 	// Upload the build context
 	v := &url.Values{}
+
+	//Check if the given image name can be resolved
+	if *tag != "" {
+		repository, _ := utils.ParseRepositoryTag(*tag)
+		if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+			return err
+		}
+	}
+
 	v.Set("t", *tag)
 
 	if *suppressOutput {
@@ -1002,6 +1011,12 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 		repository, tag = utils.ParseRepositoryTag(cmd.Arg(1))
 	}
 	v := url.Values{}
+
+	//Check if the given image name can be resolved
+	if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+		return err
+	}
+
 	v.Set("repo", repository)
 	v.Set("tag", tag)
 	v.Set("fromSrc", src)
@@ -1452,9 +1467,9 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 		return nil
 	}
 
-	re := regexp.MustCompile("/{2}")
-	if re.MatchString(repository) {
-		return fmt.Errorf("Error: Bad image name. Please rename your image in the format <user>/<repo>")
+	//Check if the given image name can be resolved
+	if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+		return err
 	}
 
 	v := url.Values{}
@@ -1745,6 +1760,11 @@ func (cli *DockerCli) CmdTag(args ...string) error {
 	}
 
 	v := url.Values{}
+
+	//Check if the given image name can be resolved
+	if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+		return err
+	}
 	v.Set("repo", repository)
 	v.Set("tag", tag)
 
diff --git a/registry/registry_test.go b/registry/registry_test.go
index ebfb99b4c3..c072da41c5 100644
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@@ -206,4 +206,8 @@ func TestValidRepositoryName(t *testing.T) {
 		t.Log("Repository name should be invalid")
 		t.Fail()
 	}
+	if err := validateRepositoryName("docker///docker"); err == nil {
+		t.Log("Repository name should be invalid")
+		t.Fail()
+	}
 }

From 443a75d5f66e986e9d7740d3f2aaef080aef8ea0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 00:10:24 +0000
Subject: [PATCH 182/384] Allow caps to be toggled in native driver with plugin
 flag Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/capabilities/capabilities.go |  4 +-
 pkg/libcontainer/types.go                     | 41 +++++++++++--------
 runtime/execdriver/native/default_template.go | 31 ++++++++++++++
 runtime/execdriver/native/driver.go           | 12 ------
 4 files changed, 57 insertions(+), 31 deletions(-)

diff --git a/pkg/libcontainer/capabilities/capabilities.go b/pkg/libcontainer/capabilities/capabilities.go
index fbf73538e0..4b81e708c7 100644
--- a/pkg/libcontainer/capabilities/capabilities.go
+++ b/pkg/libcontainer/capabilities/capabilities.go
@@ -27,7 +27,9 @@ func DropCapabilities(container *libcontainer.Container) error {
 func getCapabilitiesMask(container *libcontainer.Container) []capability.Cap {
 	drop := []capability.Cap{}
 	for _, c := range container.CapabilitiesMask {
-		drop = append(drop, c.Value)
+		if !c.Enabled {
+			drop = append(drop, c.Value)
+		}
 	}
 	return drop
 }
diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go
index 87346348bc..7751e850b6 100644
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@@ -18,21 +18,21 @@ var (
 	namespaceList = Namespaces{}
 
 	capabilityList = Capabilities{
-		{Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: true},
-		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: true},
-		{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: true},
-		{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: true},
-		{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: true},
-		{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: true},
-		{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: true},
-		{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: true},
-		{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: true},
-		{Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: true},
-		{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: true},
-		{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: true},
-		{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: true},
-		{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: true},
-		{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: true},
+		{Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: false},
+		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: false},
+		{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: false},
+		{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: false},
+		{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: false},
+		{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: false},
+		{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: false},
+		{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: false},
+		{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: false},
+		{Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: false},
+		{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: false},
+		{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: false},
+		{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: false},
+		{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: false},
+		{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: false},
 	}
 )
 
@@ -86,7 +86,8 @@ func (c *Capability) String() string {
 func GetCapability(key string) *Capability {
 	for _, capp := range capabilityList {
 		if capp.Key == key {
-			return capp
+			cpy := *capp
+			return &cpy
 		}
 	}
 	return nil
@@ -95,10 +96,14 @@ func GetCapability(key string) *Capability {
 // Contains returns true if the specified Capability is
 // in the slice
 func (c Capabilities) Contains(capp string) bool {
+	return c.Get(capp) != nil
+}
+
+func (c Capabilities) Get(capp string) *Capability {
 	for _, cap := range c {
 		if cap.Key == capp {
-			return true
+			return cap
 		}
 	}
-	return false
+	return nil
 }
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index d744ab382f..d47a5eb8cd 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -6,6 +6,7 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"os"
+	"strings"
 )
 
 // createContainer populates and configures the container type with the
@@ -63,9 +64,39 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
 	}
 
+	configureCustomOptions(container, c.Config["native"])
+
 	return container
 }
 
+// configureCustomOptions takes string commands from the user and allows modification of the
+// container's default configuration.
+//
+// format: <key> <value>
+// i.e: cap +MKNOD cap -NET_ADMIN
+// i.e: cgroup devices.allow *:*
+func configureCustomOptions(container *libcontainer.Container, opts []string) {
+	for _, opt := range opts {
+		parts := strings.Split(strings.TrimSpace(opt), " ")
+		switch parts[0] {
+		case "cap":
+			value := strings.TrimSpace(parts[1])
+			c := container.CapabilitiesMask.Get(value[1:])
+			if c == nil {
+				continue
+			}
+			switch value[0] {
+			case '-':
+				c.Enabled = false
+			case '+':
+				c.Enabled = true
+			default:
+				// do error here
+			}
+		}
+	}
+}
+
 // getDefaultTemplate returns the docker default for
 // the libcontainer configuration file
 func getDefaultTemplate() *libcontainer.Container {
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index 0a09d324db..0d9297191c 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -75,9 +75,6 @@ func NewDriver(root, initPath string) (*driver, error) {
 }
 
 func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
-	if err := d.validateCommand(c); err != nil {
-		return -1, err
-	}
 	var (
 		term        nsinit.Terminal
 		container   = createContainer(c)
@@ -181,15 +178,6 @@ func (d *driver) removeContainerRoot(id string) error {
 	return os.RemoveAll(filepath.Join(d.root, id))
 }
 
-func (d *driver) validateCommand(c *execdriver.Command) error {
-	// we need to check the Config of the command to make sure that we
-	// do not have any of the lxc-conf variables
-	for _, conf := range c.Config["native"] {
-		log.Println(conf)
-	}
-	return nil
-}
-
 func getEnv(key string, env []string) string {
 	for _, pair := range env {
 		parts := strings.Split(pair, "=")

From 70f3b9f4ce67ee54ec226814cdd26db01f69378d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 00:23:34 +0000
Subject: [PATCH 183/384] Add ability to work with individual namespaces
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/command.go            |  4 +++-
 pkg/libcontainer/types.go                     | 11 ++++++++---
 runtime/execdriver/native/default_template.go | 16 ++++++++++++++--
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
index 5546065b6d..153a48ab59 100644
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@@ -39,7 +39,9 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 // flags on clone, unshare, and setns
 func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
 	for _, ns := range namespaces {
-		flag |= ns.Value
+		if ns.Enabled {
+			flag |= ns.Value
+		}
 	}
 	return flag
 }
diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go
index 7751e850b6..ffeb55a022 100644
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@@ -53,7 +53,8 @@ func (ns *Namespace) String() string {
 func GetNamespace(key string) *Namespace {
 	for _, ns := range namespaceList {
 		if ns.Key == key {
-			return ns
+			cpy := *ns
+			return &cpy
 		}
 	}
 	return nil
@@ -62,12 +63,16 @@ func GetNamespace(key string) *Namespace {
 // Contains returns true if the specified Namespace is
 // in the slice
 func (n Namespaces) Contains(ns string) bool {
+	return n.Get(ns) != nil
+}
+
+func (n Namespaces) Get(ns string) *Namespace {
 	for _, nsp := range n {
 		if nsp.Key == ns {
-			return true
+			return nsp
 		}
 	}
-	return false
+	return nil
 }
 
 type (
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index d47a5eb8cd..dbb7a45ae7 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -77,10 +77,12 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 // i.e: cgroup devices.allow *:*
 func configureCustomOptions(container *libcontainer.Container, opts []string) {
 	for _, opt := range opts {
-		parts := strings.Split(strings.TrimSpace(opt), " ")
+		var (
+			parts = strings.Split(strings.TrimSpace(opt), " ")
+			value = strings.TrimSpace(parts[1])
+		)
 		switch parts[0] {
 		case "cap":
-			value := strings.TrimSpace(parts[1])
 			c := container.CapabilitiesMask.Get(value[1:])
 			if c == nil {
 				continue
@@ -93,6 +95,16 @@ func configureCustomOptions(container *libcontainer.Container, opts []string) {
 			default:
 				// do error here
 			}
+		case "ns":
+			ns := container.Namespaces.Get(value[1:])
+			switch value[0] {
+			case '-':
+				ns.Enabled = false
+			case '+':
+				ns.Enabled = true
+			default:
+				// error
+			}
 		}
 	}
 }

From be5538d8a8820ac1192c7a5660e0d950927b42d0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 00:48:17 +0000
Subject: [PATCH 184/384] Allow containers to join the net namespace of other
 conatiners Docker-DCO-1.1-Signed-off-by: Michael Crosby
 <michael@crosbymichael.com> (github: crosbymichael)

---
 pkg/libcontainer/network/netns.go             | 10 +------
 runtime/execdriver/native/default_template.go | 28 +++++++++++++++++--
 runtime/execdriver/native/driver.go           | 14 ++++++----
 3 files changed, 35 insertions(+), 17 deletions(-)

diff --git a/pkg/libcontainer/network/netns.go b/pkg/libcontainer/network/netns.go
index 3eb8ee587a..7e311f22d8 100644
--- a/pkg/libcontainer/network/netns.go
+++ b/pkg/libcontainer/network/netns.go
@@ -14,13 +14,7 @@ type NetNS struct {
 }
 
 func (v *NetNS) Create(n *libcontainer.Network, nspid int, context libcontainer.Context) error {
-	nsname, exists := n.Context["nsname"]
-
-	if !exists {
-		return fmt.Errorf("nspath does not exist in network context")
-	}
-
-	context["nspath"] = fmt.Sprintf("/var/run/netns/%s", nsname)
+	context["nspath"] = n.Context["nspath"]
 	return nil
 }
 
@@ -29,12 +23,10 @@ func (v *NetNS) Initialize(config *libcontainer.Network, context libcontainer.Co
 	if !exists {
 		return fmt.Errorf("nspath does not exist in network context")
 	}
-
 	f, err := os.OpenFile(nspath, os.O_RDONLY, 0)
 	if err != nil {
 		return fmt.Errorf("failed get network namespace fd: %v", err)
 	}
-
 	if err := system.Setns(f.Fd(), syscall.CLONE_NEWNET); err != nil {
 		return fmt.Errorf("failed to setns current network namespace: %v", err)
 	}
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index dbb7a45ae7..890e260ad2 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -6,12 +6,13 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"os"
+	"path/filepath"
 	"strings"
 )
 
 // createContainer populates and configures the container type with the
 // data provided by the execdriver.Command
-func createContainer(c *execdriver.Command) *libcontainer.Container {
+func (d *driver) createContainer(c *execdriver.Command) *libcontainer.Container {
 	container := getDefaultTemplate()
 
 	container.Hostname = getEnv("HOSTNAME", c.Env)
@@ -64,7 +65,7 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
 	}
 
-	configureCustomOptions(container, c.Config["native"])
+	d.configureCustomOptions(container, c.Config["native"])
 
 	return container
 }
@@ -75,7 +76,8 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 // format: <key> <value>
 // i.e: cap +MKNOD cap -NET_ADMIN
 // i.e: cgroup devices.allow *:*
-func configureCustomOptions(container *libcontainer.Container, opts []string) {
+// i.e: net join <name>
+func (d *driver) configureCustomOptions(container *libcontainer.Container, opts []string) {
 	for _, opt := range opts {
 		var (
 			parts = strings.Split(strings.TrimSpace(opt), " ")
@@ -105,6 +107,26 @@ func configureCustomOptions(container *libcontainer.Container, opts []string) {
 			default:
 				// error
 			}
+		case "net":
+			switch strings.TrimSpace(parts[1]) {
+			case "join":
+				var (
+					id     = strings.TrimSpace(parts[2])
+					cmd    = d.activeContainers[id]
+					nspath = filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
+				)
+
+				container.Networks = append(container.Networks, &libcontainer.Network{
+					Type: "netns",
+					Context: libcontainer.Context{
+						"nspath": nspath,
+					},
+				})
+			default:
+				// error
+			}
+		default:
+			// error not defined
 		}
 	}
 }
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index 0d9297191c..b998db743d 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -57,8 +57,9 @@ func init() {
 }
 
 type driver struct {
-	root     string
-	initPath string
+	root             string
+	initPath         string
+	activeContainers map[string]*execdriver.Command
 }
 
 func NewDriver(root, initPath string) (*driver, error) {
@@ -69,15 +70,18 @@ func NewDriver(root, initPath string) (*driver, error) {
 		return nil, err
 	}
 	return &driver{
-		root:     root,
-		initPath: initPath,
+		root:             root,
+		initPath:         initPath,
+		activeContainers: make(map[string]*execdriver.Command),
 	}, nil
 }
 
 func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
+	d.activeContainers[c.ID] = c
+
 	var (
 		term        nsinit.Terminal
-		container   = createContainer(c)
+		container   = d.createContainer(c)
 		factory     = &dockerCommandFactory{c: c, driver: d}
 		stateWriter = &dockerStateWriter{
 			callback: startCallback,

From 79c11b19ecd506bd76db391b896cec0d4263183d Mon Sep 17 00:00:00 2001
From: alambike <alambike@gmail.com>
Date: Fri, 21 Mar 2014 03:13:06 +0100
Subject: [PATCH 185/384] Added Eixo::Docker to the list of libraries
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker-DCO-1.1-Signed-off-by: Javier Gómez <alambike@gmail.com> (github: alambike)
---
 docs/sources/reference/api/remote_api_client_libraries.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/api/remote_api_client_libraries.rst b/docs/sources/reference/api/remote_api_client_libraries.rst
index f74dd416bc..4a445db36f 100644
--- a/docs/sources/reference/api/remote_api_client_libraries.rst
+++ b/docs/sources/reference/api/remote_api_client_libraries.rst
@@ -49,3 +49,5 @@ and we will add the libraries here.
 +----------------------+----------------+--------------------------------------------+----------+
 | Perl                 | Net::Docker    | https://metacpan.org/pod/Net::Docker       | Active   |
 +----------------------+----------------+--------------------------------------------+----------+
+| Perl                 | Eixo::Docker   | https://github.com/alambike/eixo-docker    | Active   |
++----------------------+----------------+--------------------------------------------+----------+

From 4002eac8b8b4007de03e78dbd57232fac583d05b Mon Sep 17 00:00:00 2001
From: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
Date: Wed, 19 Mar 2014 12:05:54 +0900
Subject: [PATCH 186/384] Fix since time exit display when s.FinishedAt is zero

When s.FinishedAt is zero, the since time exit in docker ps doesn't display correct time.
For example
```
Exited (0) 292.471209 years ago
```
This patch fixes the since time exit to display nothing if s.FinishedAt is zero.

Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com> (github: ichik1)
---
 runtime/state.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/runtime/state.go b/runtime/state.go
index 1c682acd26..316b8a40f1 100644
--- a/runtime/state.go
+++ b/runtime/state.go
@@ -28,6 +28,9 @@ func (s *State) String() string {
 		}
 		return fmt.Sprintf("Up %s", utils.HumanDuration(time.Now().UTC().Sub(s.StartedAt)))
 	}
+	if s.FinishedAt.IsZero() {
+		return ""
+	}
 	return fmt.Sprintf("Exited (%d) %s ago", s.ExitCode, utils.HumanDuration(time.Now().UTC().Sub(s.FinishedAt)))
 }
 

From 7c726669cbcc0cfde12c6a9f03974bb672839271 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 08:10:07 +0000
Subject: [PATCH 187/384] Factor out the native driver config options
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/container.go                          |   4 +
 .../execdriver/native/configuration/caps.go   |  27 ++++
 .../execdriver/native/configuration/net.go    |  35 +++++
 runtime/execdriver/native/configuration/ns.go |  26 ++++
 .../execdriver/native/configuration/parse.go  |  37 +++++
 runtime/execdriver/native/create.go           |  70 ++++++++++
 runtime/execdriver/native/default_template.go | 126 ------------------
 runtime/execdriver/native/driver.go           |  12 +-
 8 files changed, 207 insertions(+), 130 deletions(-)
 create mode 100644 runtime/execdriver/native/configuration/caps.go
 create mode 100644 runtime/execdriver/native/configuration/net.go
 create mode 100644 runtime/execdriver/native/configuration/ns.go
 create mode 100644 runtime/execdriver/native/configuration/parse.go
 create mode 100644 runtime/execdriver/native/create.go

diff --git a/runtime/container.go b/runtime/container.go
index 488d905f4b..1f0f82eebb 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -364,6 +364,10 @@ func populateCommand(c *Container) {
 		driverConfig = c.hostConfig.PluginOptions
 	)
 
+	if driverConfig == nil {
+		driverConfig = make(map[string][]string)
+	}
+
 	en = &execdriver.Network{
 		Mtu:       c.runtime.config.Mtu,
 		Interface: nil,
diff --git a/runtime/execdriver/native/configuration/caps.go b/runtime/execdriver/native/configuration/caps.go
new file mode 100644
index 0000000000..f4de470684
--- /dev/null
+++ b/runtime/execdriver/native/configuration/caps.go
@@ -0,0 +1,27 @@
+package configuration
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"strings"
+)
+
+// i.e: cap +MKNOD cap -NET_ADMIN
+func parseCapOpt(container *libcontainer.Container, opts []string) error {
+	var (
+		value = strings.TrimSpace(opts[0])
+		c     = container.CapabilitiesMask.Get(value[1:])
+	)
+	if c == nil {
+		return fmt.Errorf("%s is not a valid capability", value[1:])
+	}
+	switch value[0] {
+	case '-':
+		c.Enabled = false
+	case '+':
+		c.Enabled = true
+	default:
+		return fmt.Errorf("%c is not a valid modifier for capabilities", value[0])
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/configuration/net.go b/runtime/execdriver/native/configuration/net.go
new file mode 100644
index 0000000000..cac7f658ba
--- /dev/null
+++ b/runtime/execdriver/native/configuration/net.go
@@ -0,0 +1,35 @@
+package configuration
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+// i.e: net join <name>
+func parseNetOpt(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
+	opt := strings.TrimSpace(opts[1])
+	switch opt {
+	case "join":
+		var (
+			id  = strings.TrimSpace(opts[2])
+			cmd = running[id]
+		)
+
+		if cmd == nil || cmd.Process == nil {
+			return fmt.Errorf("%s is not a valid running container to join", id)
+		}
+		nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
+		container.Networks = append(container.Networks, &libcontainer.Network{
+			Type: "netns",
+			Context: libcontainer.Context{
+				"nspath": nspath,
+			},
+		})
+	default:
+		return fmt.Errorf("%s is not a valid network option", opt)
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/configuration/ns.go b/runtime/execdriver/native/configuration/ns.go
new file mode 100644
index 0000000000..ff7f367196
--- /dev/null
+++ b/runtime/execdriver/native/configuration/ns.go
@@ -0,0 +1,26 @@
+package configuration
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"strings"
+)
+
+func parseNsOpt(container *libcontainer.Container, opts []string) error {
+	var (
+		value = strings.TrimSpace(opts[0])
+		ns    = container.Namespaces.Get(value[1:])
+	)
+	if ns == nil {
+		return fmt.Errorf("%s is not a valid namespace", value[1:])
+	}
+	switch value[0] {
+	case '-':
+		ns.Enabled = false
+	case '+':
+		ns.Enabled = true
+	default:
+		return fmt.Errorf("%c is not a valid modifier for namespaces", value[0])
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
new file mode 100644
index 0000000000..08b98fbd12
--- /dev/null
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -0,0 +1,37 @@
+package configuration
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"os/exec"
+	"strings"
+)
+
+// configureCustomOptions takes string commands from the user and allows modification of the
+// container's default configuration.
+//
+// format: <key> <...value>
+// i.e: cgroup devices.allow *:*
+func ParseConfiguration(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
+	for _, opt := range opts {
+		var (
+			err   error
+			parts = strings.Split(strings.TrimSpace(opt), " ")
+		)
+
+		switch parts[0] {
+		case "cap":
+			err = parseCapOpt(container, parts[1:])
+		case "ns":
+			err = parseNsOpt(container, parts[1:])
+		case "net":
+			err = parseNetOpt(container, running, parts[1:])
+		default:
+			return fmt.Errorf("%s is not a valid configuration option for the native driver", parts[0])
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/create.go b/runtime/execdriver/native/create.go
new file mode 100644
index 0000000000..7118edc91e
--- /dev/null
+++ b/runtime/execdriver/native/create.go
@@ -0,0 +1,70 @@
+package native
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/runtime/execdriver"
+	"github.com/dotcloud/docker/runtime/execdriver/native/configuration"
+	"os"
+)
+
+// createContainer populates and configures the container type with the
+// data provided by the execdriver.Command
+func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container, error) {
+	container := getDefaultTemplate()
+
+	container.Hostname = getEnv("HOSTNAME", c.Env)
+	container.Tty = c.Tty
+	container.User = c.User
+	container.WorkingDir = c.WorkingDir
+	container.Env = c.Env
+
+	loopbackNetwork := libcontainer.Network{
+		Mtu:     c.Network.Mtu,
+		Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
+		Gateway: "localhost",
+		Type:    "loopback",
+		Context: libcontainer.Context{},
+	}
+
+	container.Networks = []*libcontainer.Network{
+		&loopbackNetwork,
+	}
+
+	if c.Network.Interface != nil {
+		vethNetwork := libcontainer.Network{
+			Mtu:     c.Network.Mtu,
+			Address: fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
+			Gateway: c.Network.Interface.Gateway,
+			Type:    "veth",
+			Context: libcontainer.Context{
+				"prefix": "veth",
+				"bridge": c.Network.Interface.Bridge,
+			},
+		}
+		container.Networks = append(container.Networks, &vethNetwork)
+	}
+
+	container.Cgroups.Name = c.ID
+	if c.Privileged {
+		container.CapabilitiesMask = nil
+		container.Cgroups.DeviceAccess = true
+		container.Context["apparmor_profile"] = "unconfined"
+	}
+	if c.Resources != nil {
+		container.Cgroups.CpuShares = c.Resources.CpuShares
+		container.Cgroups.Memory = c.Resources.Memory
+		container.Cgroups.MemorySwap = c.Resources.MemorySwap
+	}
+	// check to see if we are running in ramdisk to disable pivot root
+	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
+
+	for _, m := range c.Mounts {
+		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
+	}
+
+	if err := configuration.ParseConfiguration(container, d.activeContainers, c.Config["native"]); err != nil {
+		return nil, err
+	}
+	return container, nil
+}
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index 890e260ad2..0dcd7db356 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -1,136 +1,10 @@
 package native
 
 import (
-	"fmt"
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
-	"github.com/dotcloud/docker/runtime/execdriver"
-	"os"
-	"path/filepath"
-	"strings"
 )
 
-// createContainer populates and configures the container type with the
-// data provided by the execdriver.Command
-func (d *driver) createContainer(c *execdriver.Command) *libcontainer.Container {
-	container := getDefaultTemplate()
-
-	container.Hostname = getEnv("HOSTNAME", c.Env)
-	container.Tty = c.Tty
-	container.User = c.User
-	container.WorkingDir = c.WorkingDir
-	container.Env = c.Env
-
-	loopbackNetwork := libcontainer.Network{
-		Mtu:     c.Network.Mtu,
-		Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
-		Gateway: "localhost",
-		Type:    "loopback",
-		Context: libcontainer.Context{},
-	}
-
-	container.Networks = []*libcontainer.Network{
-		&loopbackNetwork,
-	}
-
-	if c.Network.Interface != nil {
-		vethNetwork := libcontainer.Network{
-			Mtu:     c.Network.Mtu,
-			Address: fmt.Sprintf("%s/%d", c.Network.Interface.IPAddress, c.Network.Interface.IPPrefixLen),
-			Gateway: c.Network.Interface.Gateway,
-			Type:    "veth",
-			Context: libcontainer.Context{
-				"prefix": "veth",
-				"bridge": c.Network.Interface.Bridge,
-			},
-		}
-		container.Networks = append(container.Networks, &vethNetwork)
-	}
-
-	container.Cgroups.Name = c.ID
-	if c.Privileged {
-		container.CapabilitiesMask = nil
-		container.Cgroups.DeviceAccess = true
-		container.Context["apparmor_profile"] = "unconfined"
-	}
-	if c.Resources != nil {
-		container.Cgroups.CpuShares = c.Resources.CpuShares
-		container.Cgroups.Memory = c.Resources.Memory
-		container.Cgroups.MemorySwap = c.Resources.MemorySwap
-	}
-	// check to see if we are running in ramdisk to disable pivot root
-	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
-
-	for _, m := range c.Mounts {
-		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
-	}
-
-	d.configureCustomOptions(container, c.Config["native"])
-
-	return container
-}
-
-// configureCustomOptions takes string commands from the user and allows modification of the
-// container's default configuration.
-//
-// format: <key> <value>
-// i.e: cap +MKNOD cap -NET_ADMIN
-// i.e: cgroup devices.allow *:*
-// i.e: net join <name>
-func (d *driver) configureCustomOptions(container *libcontainer.Container, opts []string) {
-	for _, opt := range opts {
-		var (
-			parts = strings.Split(strings.TrimSpace(opt), " ")
-			value = strings.TrimSpace(parts[1])
-		)
-		switch parts[0] {
-		case "cap":
-			c := container.CapabilitiesMask.Get(value[1:])
-			if c == nil {
-				continue
-			}
-			switch value[0] {
-			case '-':
-				c.Enabled = false
-			case '+':
-				c.Enabled = true
-			default:
-				// do error here
-			}
-		case "ns":
-			ns := container.Namespaces.Get(value[1:])
-			switch value[0] {
-			case '-':
-				ns.Enabled = false
-			case '+':
-				ns.Enabled = true
-			default:
-				// error
-			}
-		case "net":
-			switch strings.TrimSpace(parts[1]) {
-			case "join":
-				var (
-					id     = strings.TrimSpace(parts[2])
-					cmd    = d.activeContainers[id]
-					nspath = filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
-				)
-
-				container.Networks = append(container.Networks, &libcontainer.Network{
-					Type: "netns",
-					Context: libcontainer.Context{
-						"nspath": nspath,
-					},
-				})
-			default:
-				// error
-			}
-		default:
-			// error not defined
-		}
-	}
-}
-
 // getDefaultTemplate returns the docker default for
 // the libcontainer configuration file
 func getDefaultTemplate() *libcontainer.Container {
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index b998db743d..4acc4b388c 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -59,7 +59,7 @@ func init() {
 type driver struct {
 	root             string
 	initPath         string
-	activeContainers map[string]*execdriver.Command
+	activeContainers map[string]*exec.Cmd
 }
 
 func NewDriver(root, initPath string) (*driver, error) {
@@ -72,16 +72,20 @@ func NewDriver(root, initPath string) (*driver, error) {
 	return &driver{
 		root:             root,
 		initPath:         initPath,
-		activeContainers: make(map[string]*execdriver.Command),
+		activeContainers: make(map[string]*exec.Cmd),
 	}, nil
 }
 
 func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallback execdriver.StartCallback) (int, error) {
-	d.activeContainers[c.ID] = c
+	// take the Command and populate the libcontainer.Container from it
+	container, err := d.createContainer(c)
+	if err != nil {
+		return -1, err
+	}
+	d.activeContainers[c.ID] = &c.Cmd
 
 	var (
 		term        nsinit.Terminal
-		container   = d.createContainer(c)
 		factory     = &dockerCommandFactory{c: c, driver: d}
 		stateWriter = &dockerStateWriter{
 			callback: startCallback,

From c9d7f858fd1c6e2d1287e28ee12952333b327c75 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 11:53:15 +0000
Subject: [PATCH 188/384] Change flag to -o and --opt
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/hostconfig.go                       |  4 ++--
 runconfig/parse.go                            | 20 ++++++++++++-------
 runtime/container.go                          |  2 +-
 runtime/execdriver/native/configuration/fs.go | 19 ++++++++++++++++++
 .../execdriver/native/configuration/parse.go  |  3 +++
 5 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 runtime/execdriver/native/configuration/fs.go

diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 8ee2288b4b..b564f98cd3 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -13,7 +13,7 @@ type HostConfig struct {
 	PortBindings    nat.PortMap
 	Links           []string
 	PublishAllPorts bool
-	PluginOptions   map[string][]string
+	DriverOptions   map[string][]string
 }
 
 type KeyValuePair struct {
@@ -29,7 +29,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
-	job.GetenvJson("PluginOptions", &hostConfig.PluginOptions)
+	job.GetenvJson("DriverOptions", &hostConfig.DriverOptions)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index afcaec304f..2f51dface2 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -45,7 +45,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
-		flPluginOpts  opts.ListOpts
+		flDriverOpts  opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id")
@@ -77,8 +77,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
 	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
-	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
-	cmd.Var(&flPluginOpts, []string{"-plugin"}, "Add custom plugin options")
+	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "#-lxc-conf"}, "Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flDriverOpts, []string{"o", "-opt"}, "Add custom driver options")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err
@@ -208,7 +208,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		WorkingDir:      *flWorkingDir,
 	}
 
-	pluginOptions := parsePluginOpts(flPluginOpts)
+	pluginOptions, err := parseDriverOpts(flDriverOpts)
+	if err != nil {
+		return nil, nil, cmd, err
+	}
 
 	hostConfig := &HostConfig{
 		Binds:           binds,
@@ -218,7 +221,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PortBindings:    portBindings,
 		Links:           flLinks.GetAll(),
 		PublishAllPorts: *flPublishAll,
-		PluginOptions:   pluginOptions,
+		DriverOptions:   pluginOptions,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
@@ -253,15 +256,18 @@ func parseLxcOpt(opt string) (string, string, error) {
 	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
 }
 
-func parsePluginOpts(opts opts.ListOpts) map[string][]string {
+func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
 	out := make(map[string][]string, len(opts.GetAll()))
 	for _, o := range opts.GetAll() {
 		parts := strings.SplitN(o, " ", 2)
+		if len(parts) < 2 {
+			return nil, fmt.Errorf("invalid opt format %s", o)
+		}
 		values, exists := out[parts[0]]
 		if !exists {
 			values = []string{}
 		}
 		out[parts[0]] = append(values, parts[1])
 	}
-	return out
+	return out, nil
 }
diff --git a/runtime/container.go b/runtime/container.go
index 1f0f82eebb..ee5045e374 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -361,7 +361,7 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 func populateCommand(c *Container) {
 	var (
 		en           *execdriver.Network
-		driverConfig = c.hostConfig.PluginOptions
+		driverConfig = c.hostConfig.DriverOptions
 	)
 
 	if driverConfig == nil {
diff --git a/runtime/execdriver/native/configuration/fs.go b/runtime/execdriver/native/configuration/fs.go
new file mode 100644
index 0000000000..76fb2f08da
--- /dev/null
+++ b/runtime/execdriver/native/configuration/fs.go
@@ -0,0 +1,19 @@
+package configuration
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/libcontainer"
+	"strings"
+)
+
+func parseFsOpts(container *libcontainer.Container, opts []string) error {
+	opt := strings.TrimSpace(opts[0])
+
+	switch opt {
+	case "readonly":
+		container.ReadonlyFs = true
+	default:
+		return fmt.Errorf("%s is not a valid filesystem option", opt)
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
index 08b98fbd12..083fd43371 100644
--- a/runtime/execdriver/native/configuration/parse.go
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -18,6 +18,9 @@ func ParseConfiguration(container *libcontainer.Container, running map[string]*e
 			err   error
 			parts = strings.Split(strings.TrimSpace(opt), " ")
 		)
+		if len(parts) < 2 {
+			return fmt.Errorf("invalid native driver opt %s", opt)
+		}
 
 		switch parts[0] {
 		case "cap":

From 146a212f71fe129f9d349c5c3e80ba4197e35850 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 12:38:50 +0000
Subject: [PATCH 189/384] Change syntax to use dots
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/parse.go                            |   3 +-
 .../execdriver/native/configuration/caps.go   |  27 -----
 runtime/execdriver/native/configuration/fs.go |  19 ----
 .../execdriver/native/configuration/net.go    |  35 ------
 runtime/execdriver/native/configuration/ns.go |  26 -----
 .../execdriver/native/configuration/parse.go  | 101 +++++++++++++++---
 6 files changed, 87 insertions(+), 124 deletions(-)
 delete mode 100644 runtime/execdriver/native/configuration/caps.go
 delete mode 100644 runtime/execdriver/native/configuration/fs.go
 delete mode 100644 runtime/execdriver/native/configuration/net.go
 delete mode 100644 runtime/execdriver/native/configuration/ns.go

diff --git a/runconfig/parse.go b/runconfig/parse.go
index 2f51dface2..b03f8732ee 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -256,10 +256,11 @@ func parseLxcOpt(opt string) (string, string, error) {
 	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
 }
 
+// options will come in the format of name.type=value
 func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
 	out := make(map[string][]string, len(opts.GetAll()))
 	for _, o := range opts.GetAll() {
-		parts := strings.SplitN(o, " ", 2)
+		parts := strings.SplitN(o, ".", 2)
 		if len(parts) < 2 {
 			return nil, fmt.Errorf("invalid opt format %s", o)
 		}
diff --git a/runtime/execdriver/native/configuration/caps.go b/runtime/execdriver/native/configuration/caps.go
deleted file mode 100644
index f4de470684..0000000000
--- a/runtime/execdriver/native/configuration/caps.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package configuration
-
-import (
-	"fmt"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"strings"
-)
-
-// i.e: cap +MKNOD cap -NET_ADMIN
-func parseCapOpt(container *libcontainer.Container, opts []string) error {
-	var (
-		value = strings.TrimSpace(opts[0])
-		c     = container.CapabilitiesMask.Get(value[1:])
-	)
-	if c == nil {
-		return fmt.Errorf("%s is not a valid capability", value[1:])
-	}
-	switch value[0] {
-	case '-':
-		c.Enabled = false
-	case '+':
-		c.Enabled = true
-	default:
-		return fmt.Errorf("%c is not a valid modifier for capabilities", value[0])
-	}
-	return nil
-}
diff --git a/runtime/execdriver/native/configuration/fs.go b/runtime/execdriver/native/configuration/fs.go
deleted file mode 100644
index 76fb2f08da..0000000000
--- a/runtime/execdriver/native/configuration/fs.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package configuration
-
-import (
-	"fmt"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"strings"
-)
-
-func parseFsOpts(container *libcontainer.Container, opts []string) error {
-	opt := strings.TrimSpace(opts[0])
-
-	switch opt {
-	case "readonly":
-		container.ReadonlyFs = true
-	default:
-		return fmt.Errorf("%s is not a valid filesystem option", opt)
-	}
-	return nil
-}
diff --git a/runtime/execdriver/native/configuration/net.go b/runtime/execdriver/native/configuration/net.go
deleted file mode 100644
index cac7f658ba..0000000000
--- a/runtime/execdriver/native/configuration/net.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package configuration
-
-import (
-	"fmt"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"os/exec"
-	"path/filepath"
-	"strings"
-)
-
-// i.e: net join <name>
-func parseNetOpt(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
-	opt := strings.TrimSpace(opts[1])
-	switch opt {
-	case "join":
-		var (
-			id  = strings.TrimSpace(opts[2])
-			cmd = running[id]
-		)
-
-		if cmd == nil || cmd.Process == nil {
-			return fmt.Errorf("%s is not a valid running container to join", id)
-		}
-		nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
-		container.Networks = append(container.Networks, &libcontainer.Network{
-			Type: "netns",
-			Context: libcontainer.Context{
-				"nspath": nspath,
-			},
-		})
-	default:
-		return fmt.Errorf("%s is not a valid network option", opt)
-	}
-	return nil
-}
diff --git a/runtime/execdriver/native/configuration/ns.go b/runtime/execdriver/native/configuration/ns.go
deleted file mode 100644
index ff7f367196..0000000000
--- a/runtime/execdriver/native/configuration/ns.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package configuration
-
-import (
-	"fmt"
-	"github.com/dotcloud/docker/pkg/libcontainer"
-	"strings"
-)
-
-func parseNsOpt(container *libcontainer.Container, opts []string) error {
-	var (
-		value = strings.TrimSpace(opts[0])
-		ns    = container.Namespaces.Get(value[1:])
-	)
-	if ns == nil {
-		return fmt.Errorf("%s is not a valid namespace", value[1:])
-	}
-	switch value[0] {
-	case '-':
-		ns.Enabled = false
-	case '+':
-		ns.Enabled = true
-	default:
-		return fmt.Errorf("%c is not a valid modifier for namespaces", value[0])
-	}
-	return nil
-}
diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
index 083fd43371..0003d724b3 100644
--- a/runtime/execdriver/native/configuration/parse.go
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -4,9 +4,86 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"os/exec"
+	"path/filepath"
 	"strings"
 )
 
+type Action func(*libcontainer.Container, interface{}, string) error
+
+var actions = map[string]Action{
+	"cap.add":     addCap,
+	"cap.drop":    dropCap,
+	"fs.readonly": readonlyFs,
+	"ns.add":      addNamespace,
+	"ns.drop":     dropNamespace,
+	"net.join":    joinNetNamespace,
+}
+
+func addCap(container *libcontainer.Container, context interface{}, value string) error {
+	c := container.CapabilitiesMask.Get(value)
+	if c == nil {
+		return fmt.Errorf("%s is not a valid capability", value)
+	}
+	c.Enabled = true
+	return nil
+}
+
+func dropCap(container *libcontainer.Container, context interface{}, value string) error {
+	c := container.CapabilitiesMask.Get(value)
+	if c == nil {
+		return fmt.Errorf("%s is not a valid capability", value)
+	}
+	c.Enabled = false
+	return nil
+}
+
+func addNamespace(container *libcontainer.Container, context interface{}, value string) error {
+	ns := container.Namespaces.Get(value)
+	if ns == nil {
+		return fmt.Errorf("%s is not a valid namespace", value[1:])
+	}
+	ns.Enabled = true
+	return nil
+}
+
+func dropNamespace(container *libcontainer.Container, context interface{}, value string) error {
+	ns := container.Namespaces.Get(value)
+	if ns == nil {
+		return fmt.Errorf("%s is not a valid namespace", value[1:])
+	}
+	ns.Enabled = false
+	return nil
+}
+
+func readonlyFs(container *libcontainer.Container, context interface{}, value string) error {
+	switch value {
+	case "1", "true":
+		container.ReadonlyFs = true
+	default:
+		container.ReadonlyFs = false
+	}
+	return nil
+}
+
+func joinNetNamespace(container *libcontainer.Container, context interface{}, value string) error {
+	var (
+		running = context.(map[string]*exec.Cmd)
+		cmd     = running[value]
+	)
+
+	if cmd == nil || cmd.Process == nil {
+		return fmt.Errorf("%s is not a valid running container to join", value)
+	}
+	nspath := filepath.Join("/proc", fmt.Sprint(cmd.Process.Pid), "ns", "net")
+	container.Networks = append(container.Networks, &libcontainer.Network{
+		Type: "netns",
+		Context: libcontainer.Context{
+			"nspath": nspath,
+		},
+	})
+	return nil
+}
+
 // configureCustomOptions takes string commands from the user and allows modification of the
 // container's default configuration.
 //
@@ -14,25 +91,17 @@ import (
 // i.e: cgroup devices.allow *:*
 func ParseConfiguration(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
 	for _, opt := range opts {
-		var (
-			err   error
-			parts = strings.Split(strings.TrimSpace(opt), " ")
-		)
-		if len(parts) < 2 {
-			return fmt.Errorf("invalid native driver opt %s", opt)
+		kv := strings.SplitN(opt, "=", 2)
+		if len(kv) < 2 {
+			return fmt.Errorf("invalid format for %s", opt)
 		}
 
-		switch parts[0] {
-		case "cap":
-			err = parseCapOpt(container, parts[1:])
-		case "ns":
-			err = parseNsOpt(container, parts[1:])
-		case "net":
-			err = parseNetOpt(container, running, parts[1:])
-		default:
-			return fmt.Errorf("%s is not a valid configuration option for the native driver", parts[0])
+		action, exists := actions[kv[0]]
+		if !exists {
+			return fmt.Errorf("%s is not a valid option for the native driver", kv[0])
 		}
-		if err != nil {
+
+		if err := action(container, running, kv[1]); err != nil {
 			return err
 		}
 	}

From 83618c2b81c561cd77fd70eca90b2b251f61fcc1 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 14:07:16 +0000
Subject: [PATCH 190/384] Add more native driver options
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 .../execdriver/native/configuration/parse.go  | 80 +++++++++++++++++--
 1 file changed, 74 insertions(+), 6 deletions(-)

diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
index 0003d724b3..1733b94426 100644
--- a/runtime/execdriver/native/configuration/parse.go
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -5,18 +5,70 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"os/exec"
 	"path/filepath"
+	"strconv"
 	"strings"
 )
 
 type Action func(*libcontainer.Container, interface{}, string) error
 
 var actions = map[string]Action{
-	"cap.add":     addCap,
-	"cap.drop":    dropCap,
-	"fs.readonly": readonlyFs,
-	"ns.add":      addNamespace,
-	"ns.drop":     dropNamespace,
-	"net.join":    joinNetNamespace,
+	"cap.add":  addCap,  // add a cap
+	"cap.drop": dropCap, // drop a cap
+
+	"ns.add":  addNamespace,  // add a namespace
+	"ns.drop": dropNamespace, // drop a namespace when cloning
+
+	"net.join": joinNetNamespace, // join another containers net namespace
+	//	"net.veth.mac": vethMacAddress,   // set the mac address for the veth
+
+	"cgroups.cpu_shares":  cpuShares,  // set the cpu shares
+	"cgroups.memory":      memory,     // set the memory limit
+	"cgroups.memory_swap": memorySwap, // set the memory swap limit
+
+	"apparmor_profile": apparmorProfile, // set the apparmor profile to apply
+
+	"fs.readonly": readonlyFs, // make the rootfs of the container read only
+}
+
+func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error {
+	container.Context["apparmor_profile"] = value
+	return nil
+}
+
+func cpuShares(container *libcontainer.Container, context interface{}, value string) error {
+	if container.Cgroups == nil {
+		return fmt.Errorf("cannot set cgroups when they are disabled")
+	}
+	v, err := strconv.ParseInt(value, 0, 64)
+	if err != nil {
+		return err
+	}
+	container.Cgroups.CpuShares = v
+	return nil
+}
+
+func memory(container *libcontainer.Container, context interface{}, value string) error {
+	if container.Cgroups == nil {
+		return fmt.Errorf("cannot set cgroups when they are disabled")
+	}
+	v, err := strconv.ParseInt(value, 0, 64)
+	if err != nil {
+		return err
+	}
+	container.Cgroups.Memory = v
+	return nil
+}
+
+func memorySwap(container *libcontainer.Container, context interface{}, value string) error {
+	if container.Cgroups == nil {
+		return fmt.Errorf("cannot set cgroups when they are disabled")
+	}
+	v, err := strconv.ParseInt(value, 0, 64)
+	if err != nil {
+		return err
+	}
+	container.Cgroups.MemorySwap = v
+	return nil
 }
 
 func addCap(container *libcontainer.Container, context interface{}, value string) error {
@@ -84,6 +136,22 @@ func joinNetNamespace(container *libcontainer.Container, context interface{}, va
 	return nil
 }
 
+func vethMacAddress(container *libcontainer.Container, context interface{}, value string) error {
+	var veth *libcontainer.Network
+
+	for _, network := range container.Networks {
+		if network.Type == "veth" {
+			veth = network
+			break
+		}
+	}
+	if veth == nil {
+		return fmt.Errorf("not veth configured for container")
+	}
+	veth.Context["mac"] = value
+	return nil
+}
+
 // configureCustomOptions takes string commands from the user and allows modification of the
 // container's default configuration.
 //

From 2c58a1e2886433a4266615b1f492f829e7a6f53f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 14:17:17 +0000
Subject: [PATCH 191/384] Change placement of readonly filesystem

We need to change it to read only at the very end so that bound,
copy dev nodes and other ops do not fail.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/libcontainer/nsinit/mount.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 61a90125e0..19dacfaa17 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -31,11 +31,6 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 	if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil {
 		return fmt.Errorf("mouting %s as bind %s", rootfs, err)
 	}
-	if readonly {
-		if err := system.Mount(rootfs, rootfs, "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil {
-			return fmt.Errorf("mounting %s as readonly %s", rootfs, err)
-		}
-	}
 	if err := mountSystem(rootfs); err != nil {
 		return fmt.Errorf("mount system %s", err)
 	}
@@ -81,6 +76,12 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 		}
 	}
 
+	if readonly {
+		if err := system.Mount("/", "/", "bind", syscall.MS_BIND|syscall.MS_REMOUNT|syscall.MS_RDONLY|syscall.MS_REC, ""); err != nil {
+			return fmt.Errorf("mounting %s as readonly %s", rootfs, err)
+		}
+	}
+
 	system.Umask(0022)
 
 	return nil

From 708ecd7da2125a47abb9678ed382893c7b30f10f Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 12 Mar 2014 01:58:53 -0600
Subject: [PATCH 192/384] Add mention of mounting cgroupfs properly to
 PACKAGERS.md

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/installation/binaries.rst | 6 ++++++
 hack/PACKAGERS.md                      | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst
index bfdfbe211f..a367a1a94c 100644
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -29,6 +29,12 @@ To run properly, docker needs the following software to be installed at runtime:
 - iptables version 1.4 or later
 - Git version 1.7 or later
 - XZ Utils 4.9 or later
+- a `properly mounted
+  <https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount>`_
+  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point `is
+  <https://github.com/dotcloud/docker/issues/2683>`_ `not
+  <https://github.com/dotcloud/docker/issues/3485>`_ `sufficient
+  <https://github.com/dotcloud/docker/issues/4568>`_)
 
 
 Check kernel dependencies
diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 5dcb120689..e525a838a1 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -239,6 +239,12 @@ installed and available at runtime:
 
 * iptables version 1.4 or later
 * XZ Utils version 4.9 or later
+* a [properly
+  mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
+  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
+  [is](https://github.com/dotcloud/docker/issues/2683)
+  [not](https://github.com/dotcloud/docker/issues/3485)
+  [sufficient](https://github.com/dotcloud/docker/issues/4568))
 
 Additionally, the Docker client needs the following software to be installed and
 available at runtime:

From 9a7be1b015a1ba79e5480d0ddddfa5954b994507 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 14:53:47 +0000
Subject: [PATCH 193/384] Add cpuset.cpus to cgroups and native driver options
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/cgroups/cgroups.go                        | 32 ++++++++++++++---
 .../execdriver/native/configuration/parse.go  | 35 +++++++++++++++----
 2 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index b40e1a31fa..9d485d1080 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -16,10 +16,11 @@ type Cgroup struct {
 	Name   string `json:"name,omitempty"`
 	Parent string `json:"parent,omitempty"`
 
-	DeviceAccess bool  `json:"device_access,omitempty"` // name of parent cgroup or slice
-	Memory       int64 `json:"memory,omitempty"`        // Memory limit (in bytes)
-	MemorySwap   int64 `json:"memory_swap,omitempty"`   // Total memory usage (memory + swap); set `-1' to disable swap
-	CpuShares    int64 `json:"cpu_shares,omitempty"`    // CPU shares (relative weight vs. other containers)
+	DeviceAccess bool   `json:"device_access,omitempty"` // name of parent cgroup or slice
+	Memory       int64  `json:"memory,omitempty"`        // Memory limit (in bytes)
+	MemorySwap   int64  `json:"memory_swap,omitempty"`   // Total memory usage (memory + swap); set `-1' to disable swap
+	CpuShares    int64  `json:"cpu_shares,omitempty"`    // CPU shares (relative weight vs. other containers)
+	CpusetCpus   string `json:"cpuset_cpus,omitempty"`   // CPU to use
 }
 
 // https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
@@ -98,6 +99,7 @@ func (c *Cgroup) Cleanup(root string) error {
 		get("memory"),
 		get("devices"),
 		get("cpu"),
+		get("cpuset"),
 	} {
 		os.RemoveAll(path)
 	}
@@ -150,6 +152,9 @@ func (c *Cgroup) Apply(pid int) error {
 	if err := c.setupCpu(cgroupRoot, pid); err != nil {
 		return err
 	}
+	if err := c.setupCpuset(cgroupRoot, pid); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -248,3 +253,22 @@ func (c *Cgroup) setupCpu(cgroupRoot string, pid int) (err error) {
 	}
 	return nil
 }
+
+func (c *Cgroup) setupCpuset(cgroupRoot string, pid int) (err error) {
+	if c.CpusetCpus != "" {
+		dir, err := c.Join(cgroupRoot, "cpuset", pid)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			if err != nil {
+				os.RemoveAll(dir)
+			}
+		}()
+
+		if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
index 1733b94426..090cb29660 100644
--- a/runtime/execdriver/native/configuration/parse.go
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -3,6 +3,7 @@ package configuration
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/libcontainer"
+	"github.com/dotcloud/docker/utils"
 	"os/exec"
 	"path/filepath"
 	"strconv"
@@ -19,17 +20,40 @@ var actions = map[string]Action{
 	"ns.drop": dropNamespace, // drop a namespace when cloning
 
 	"net.join": joinNetNamespace, // join another containers net namespace
-	//	"net.veth.mac": vethMacAddress,   // set the mac address for the veth
 
 	"cgroups.cpu_shares":  cpuShares,  // set the cpu shares
 	"cgroups.memory":      memory,     // set the memory limit
 	"cgroups.memory_swap": memorySwap, // set the memory swap limit
+	"cgroups.cpuset.cpus": cpusetCpus, // set the cpus used
 
 	"apparmor_profile": apparmorProfile, // set the apparmor profile to apply
 
 	"fs.readonly": readonlyFs, // make the rootfs of the container read only
 }
 
+// GetSupportedActions returns a list of all the avaliable actions supported by the driver
+// TODO: this should return a description also
+func GetSupportedActions() []string {
+	var (
+		i   int
+		out = make([]string, len(actions))
+	)
+	for k := range actions {
+		out[i] = k
+		i++
+	}
+	return out
+}
+
+func cpusetCpus(container *libcontainer.Container, context interface{}, value string) error {
+	if container.Cgroups == nil {
+		return fmt.Errorf("cannot set cgroups when they are disabled")
+	}
+	container.Cgroups.CpusetCpus = value
+
+	return nil
+}
+
 func apparmorProfile(container *libcontainer.Container, context interface{}, value string) error {
 	container.Context["apparmor_profile"] = value
 	return nil
@@ -39,7 +63,7 @@ func cpuShares(container *libcontainer.Container, context interface{}, value str
 	if container.Cgroups == nil {
 		return fmt.Errorf("cannot set cgroups when they are disabled")
 	}
-	v, err := strconv.ParseInt(value, 0, 64)
+	v, err := strconv.ParseInt(value, 10, 0)
 	if err != nil {
 		return err
 	}
@@ -51,7 +75,8 @@ func memory(container *libcontainer.Container, context interface{}, value string
 	if container.Cgroups == nil {
 		return fmt.Errorf("cannot set cgroups when they are disabled")
 	}
-	v, err := strconv.ParseInt(value, 0, 64)
+
+	v, err := utils.RAMInBytes(value)
 	if err != nil {
 		return err
 	}
@@ -138,7 +163,6 @@ func joinNetNamespace(container *libcontainer.Container, context interface{}, va
 
 func vethMacAddress(container *libcontainer.Container, context interface{}, value string) error {
 	var veth *libcontainer.Network
-
 	for _, network := range container.Networks {
 		if network.Type == "veth" {
 			veth = network
@@ -155,8 +179,7 @@ func vethMacAddress(container *libcontainer.Container, context interface{}, valu
 // configureCustomOptions takes string commands from the user and allows modification of the
 // container's default configuration.
 //
-// format: <key> <...value>
-// i.e: cgroup devices.allow *:*
+// TODO: this can be moved to a general utils or parser in pkg
 func ParseConfiguration(container *libcontainer.Container, running map[string]*exec.Cmd, opts []string) error {
 	for _, opt := range opts {
 		kv := strings.SplitN(opt, "=", 2)

From 10fdbc0467d1be6c7c731d3f35590d87ee42f96f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 24 Mar 2014 07:16:40 +0000
Subject: [PATCH 194/384] Add unit test for lxc conf merge and native opts
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/container.go                          |  10 +-
 runtime/execdriver/lxc/lxc_template.go        |   2 +-
 .../execdriver/native/configuration/parse.go  |  14 --
 .../native/configuration/parse_test.go        | 166 ++++++++++++++++++
 runtime/execdriver/native/create.go           |  66 ++++---
 .../native/{ => template}/default_template.go |   7 +-
 runtime/utils.go                              |  20 +++
 runtime/utils_test.go                         |  27 +++
 8 files changed, 265 insertions(+), 47 deletions(-)
 create mode 100644 runtime/execdriver/native/configuration/parse_test.go
 rename runtime/execdriver/native/{ => template}/default_template.go (88%)
 create mode 100644 runtime/utils_test.go

diff --git a/runtime/container.go b/runtime/container.go
index ee5045e374..be162c7a21 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -383,14 +383,8 @@ func populateCommand(c *Container) {
 		}
 	}
 
-	// merge in the lxc conf options into the generic config map
-	if lxcConf := c.hostConfig.LxcConf; lxcConf != nil {
-		lxc := driverConfig["lxc"]
-		for _, pair := range lxcConf {
-			lxc = append(lxc, fmt.Sprintf("%s = %s", pair.Key, pair.Value))
-		}
-		driverConfig["lxc"] = lxc
-	}
+	// TODO: this can be removed after lxc-conf is fully deprecated
+	mergeLxcConfIntoOptions(c.hostConfig, driverConfig)
 
 	resources := &execdriver.Resources{
 		Memory:     c.Config.Memory,
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index 7979e4f284..c5ba876dce 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -120,7 +120,7 @@ lxc.cgroup.cpu.shares = {{.Resources.CpuShares}}
 
 {{if .Config.lxc}}
 {{range $value := .Config.lxc}}
-{{$value}}
+lxc.{{$value}}
 {{end}}
 {{end}}
 `
diff --git a/runtime/execdriver/native/configuration/parse.go b/runtime/execdriver/native/configuration/parse.go
index 090cb29660..6d6c643919 100644
--- a/runtime/execdriver/native/configuration/parse.go
+++ b/runtime/execdriver/native/configuration/parse.go
@@ -31,20 +31,6 @@ var actions = map[string]Action{
 	"fs.readonly": readonlyFs, // make the rootfs of the container read only
 }
 
-// GetSupportedActions returns a list of all the avaliable actions supported by the driver
-// TODO: this should return a description also
-func GetSupportedActions() []string {
-	var (
-		i   int
-		out = make([]string, len(actions))
-	)
-	for k := range actions {
-		out[i] = k
-		i++
-	}
-	return out
-}
-
 func cpusetCpus(container *libcontainer.Container, context interface{}, value string) error {
 	if container.Cgroups == nil {
 		return fmt.Errorf("cannot set cgroups when they are disabled")
diff --git a/runtime/execdriver/native/configuration/parse_test.go b/runtime/execdriver/native/configuration/parse_test.go
new file mode 100644
index 0000000000..8001358766
--- /dev/null
+++ b/runtime/execdriver/native/configuration/parse_test.go
@@ -0,0 +1,166 @@
+package configuration
+
+import (
+	"github.com/dotcloud/docker/runtime/execdriver/native/template"
+	"testing"
+)
+
+func TestSetReadonlyRootFs(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"fs.readonly=true",
+		}
+	)
+
+	if container.ReadonlyFs {
+		t.Fatal("container should not have a readonly rootfs by default")
+	}
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if !container.ReadonlyFs {
+		t.Fatal("container should have a readonly rootfs")
+	}
+}
+
+func TestConfigurationsDoNotConflict(t *testing.T) {
+	var (
+		container1 = template.New()
+		container2 = template.New()
+		opts       = []string{
+			"cap.add=NET_ADMIN",
+		}
+	)
+
+	if err := ParseConfiguration(container1, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if !container1.CapabilitiesMask.Get("NET_ADMIN").Enabled {
+		t.Fatal("container one should have NET_ADMIN enabled")
+	}
+	if container2.CapabilitiesMask.Get("NET_ADMIN").Enabled {
+		t.Fatal("container two should not have NET_ADMIN enabled")
+	}
+}
+
+func TestCpusetCpus(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"cgroups.cpuset.cpus=1,2",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := "1,2"; container.Cgroups.CpusetCpus != expected {
+		t.Fatalf("expected %s got %s for cpuset.cpus", expected, container.Cgroups.CpusetCpus)
+	}
+}
+
+func TestAppArmorProfile(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"apparmor_profile=koye-the-protector",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+	if expected := "koye-the-protector"; container.Context["apparmor_profile"] != expected {
+		t.Fatalf("expected profile %s got %s", expected, container.Context["apparmor_profile"])
+	}
+}
+
+func TestCpuShares(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"cgroups.cpu_shares=1048",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := int64(1048); container.Cgroups.CpuShares != expected {
+		t.Fatalf("expected cpu shares %d got %d", expected, container.Cgroups.CpuShares)
+	}
+}
+
+func TestCgroupMemory(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"cgroups.memory=500m",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if expected := int64(500 * 1024 * 1024); container.Cgroups.Memory != expected {
+		t.Fatalf("expected memory %d got %d", expected, container.Cgroups.Memory)
+	}
+}
+
+func TestAddCap(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"cap.add=MKNOD",
+			"cap.add=SYS_ADMIN",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if !container.CapabilitiesMask.Get("MKNOD").Enabled {
+		t.Fatal("container should have MKNOD enabled")
+	}
+	if !container.CapabilitiesMask.Get("SYS_ADMIN").Enabled {
+		t.Fatal("container should have SYS_ADMIN enabled")
+	}
+}
+
+func TestDropCap(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"cap.drop=MKNOD",
+		}
+	)
+	// enabled all caps like in privileged mode
+	for _, c := range container.CapabilitiesMask {
+		c.Enabled = true
+	}
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if container.CapabilitiesMask.Get("MKNOD").Enabled {
+		t.Fatal("container should not have MKNOD enabled")
+	}
+}
+
+func TestDropNamespace(t *testing.T) {
+	var (
+		container = template.New()
+		opts      = []string{
+			"ns.drop=NEWNET",
+		}
+	)
+	if err := ParseConfiguration(container, nil, opts); err != nil {
+		t.Fatal(err)
+	}
+
+	if container.Namespaces.Get("NEWNET").Enabled {
+		t.Fatal("container should not have NEWNET enabled")
+	}
+}
diff --git a/runtime/execdriver/native/create.go b/runtime/execdriver/native/create.go
index 7118edc91e..7e663f0555 100644
--- a/runtime/execdriver/native/create.go
+++ b/runtime/execdriver/native/create.go
@@ -5,30 +5,53 @@ import (
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/native/configuration"
+	"github.com/dotcloud/docker/runtime/execdriver/native/template"
 	"os"
 )
 
 // createContainer populates and configures the container type with the
 // data provided by the execdriver.Command
 func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container, error) {
-	container := getDefaultTemplate()
+	container := template.New()
 
 	container.Hostname = getEnv("HOSTNAME", c.Env)
 	container.Tty = c.Tty
 	container.User = c.User
 	container.WorkingDir = c.WorkingDir
 	container.Env = c.Env
+	container.Cgroups.Name = c.ID
+	// check to see if we are running in ramdisk to disable pivot root
+	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
 
-	loopbackNetwork := libcontainer.Network{
-		Mtu:     c.Network.Mtu,
-		Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
-		Gateway: "localhost",
-		Type:    "loopback",
-		Context: libcontainer.Context{},
+	if err := d.createNetwork(container, c); err != nil {
+		return nil, err
 	}
+	if c.Privileged {
+		if err := d.setPrivileged(container); err != nil {
+			return nil, err
+		}
+	}
+	if err := d.setupCgroups(container, c); err != nil {
+		return nil, err
+	}
+	if err := d.setupMounts(container, c); err != nil {
+		return nil, err
+	}
+	if err := configuration.ParseConfiguration(container, d.activeContainers, c.Config["native"]); err != nil {
+		return nil, err
+	}
+	return container, nil
+}
 
+func (d *driver) createNetwork(container *libcontainer.Container, c *execdriver.Command) error {
 	container.Networks = []*libcontainer.Network{
-		&loopbackNetwork,
+		{
+			Mtu:     c.Network.Mtu,
+			Address: fmt.Sprintf("%s/%d", "127.0.0.1", 0),
+			Gateway: "localhost",
+			Type:    "loopback",
+			Context: libcontainer.Context{},
+		},
 	}
 
 	if c.Network.Interface != nil {
@@ -44,27 +67,30 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container
 		}
 		container.Networks = append(container.Networks, &vethNetwork)
 	}
+	return nil
+}
 
-	container.Cgroups.Name = c.ID
-	if c.Privileged {
-		container.CapabilitiesMask = nil
-		container.Cgroups.DeviceAccess = true
-		container.Context["apparmor_profile"] = "unconfined"
+func (d *driver) setPrivileged(container *libcontainer.Container) error {
+	for _, c := range container.CapabilitiesMask {
+		c.Enabled = true
 	}
+	container.Cgroups.DeviceAccess = true
+	container.Context["apparmor_profile"] = "unconfined"
+	return nil
+}
+
+func (d *driver) setupCgroups(container *libcontainer.Container, c *execdriver.Command) error {
 	if c.Resources != nil {
 		container.Cgroups.CpuShares = c.Resources.CpuShares
 		container.Cgroups.Memory = c.Resources.Memory
 		container.Cgroups.MemorySwap = c.Resources.MemorySwap
 	}
-	// check to see if we are running in ramdisk to disable pivot root
-	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
+	return nil
+}
 
+func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Command) error {
 	for _, m := range c.Mounts {
 		container.Mounts = append(container.Mounts, libcontainer.Mount{m.Source, m.Destination, m.Writable, m.Private})
 	}
-
-	if err := configuration.ParseConfiguration(container, d.activeContainers, c.Config["native"]); err != nil {
-		return nil, err
-	}
-	return container, nil
+	return nil
 }
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/template/default_template.go
similarity index 88%
rename from runtime/execdriver/native/default_template.go
rename to runtime/execdriver/native/template/default_template.go
index 0dcd7db356..b9eb87713e 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/template/default_template.go
@@ -1,13 +1,12 @@
-package native
+package template
 
 import (
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 )
 
-// getDefaultTemplate returns the docker default for
-// the libcontainer configuration file
-func getDefaultTemplate() *libcontainer.Container {
+// New returns the docker default configuration for libcontainer
+func New() *libcontainer.Container {
 	return &libcontainer.Container{
 		CapabilitiesMask: libcontainer.Capabilities{
 			libcontainer.GetCapability("SETPCAP"),
diff --git a/runtime/utils.go b/runtime/utils.go
index b343b5b10e..b983e67d41 100644
--- a/runtime/utils.go
+++ b/runtime/utils.go
@@ -1,9 +1,11 @@
 package runtime
 
 import (
+	"fmt"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/pkg/namesgenerator"
 	"github.com/dotcloud/docker/runconfig"
+	"strings"
 )
 
 func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostConfig) error {
@@ -30,6 +32,24 @@ func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostCon
 	return nil
 }
 
+func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig, driverConfig map[string][]string) {
+	if hostConfig == nil {
+		return
+	}
+
+	// merge in the lxc conf options into the generic config map
+	if lxcConf := hostConfig.LxcConf; lxcConf != nil {
+		lxc := driverConfig["lxc"]
+		for _, pair := range lxcConf {
+			// because lxc conf gets the driver name lxc.XXXX we need to trim it off
+			// and let the lxc driver add it back later if needed
+			parts := strings.SplitN(pair.Key, ".", 2)
+			lxc = append(lxc, fmt.Sprintf("%s=%s", parts[1], pair.Value))
+		}
+		driverConfig["lxc"] = lxc
+	}
+}
+
 type checker struct {
 	runtime *Runtime
 }
diff --git a/runtime/utils_test.go b/runtime/utils_test.go
new file mode 100644
index 0000000000..81c745c0d5
--- /dev/null
+++ b/runtime/utils_test.go
@@ -0,0 +1,27 @@
+package runtime
+
+import (
+	"github.com/dotcloud/docker/runconfig"
+	"testing"
+)
+
+func TestMergeLxcConfig(t *testing.T) {
+	var (
+		hostConfig = &runconfig.HostConfig{
+			LxcConf: []runconfig.KeyValuePair{
+				{Key: "lxc.cgroups.cpuset", Value: "1,2"},
+			},
+		}
+		driverConfig = make(map[string][]string)
+	)
+
+	mergeLxcConfIntoOptions(hostConfig, driverConfig)
+	if l := len(driverConfig["lxc"]); l > 1 {
+		t.Fatalf("expected lxc options len of 1 got %d", l)
+	}
+
+	cpuset := driverConfig["lxc"][0]
+	if expected := "cgroups.cpuset=1,2"; cpuset != expected {
+		t.Fatalf("expected %s got %s", expected, cpuset)
+	}
+}

From f1bd79ec97c125148c690d66ebd3ac5ab3f388b2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 24 Mar 2014 12:03:41 +0000
Subject: [PATCH 195/384] Revert "fix failing test to use kill instead of stop"

This reverts commit 4434dcee89f7d0d0239f6b492b24e940cdbafb21.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 integration/server_test.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/integration/server_test.go b/integration/server_test.go
index 617f81fa4d..a401f1306e 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -416,7 +416,7 @@ func TestRestartKillWait(t *testing.T) {
 	})
 }
 
-func TestCreateStartRestartKillStartKillRm(t *testing.T) {
+func TestCreateStartRestartStopStartKillRm(t *testing.T) {
 	eng := NewTestEngine(t)
 	srv := mkServerFromEngine(eng, t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()
@@ -456,7 +456,8 @@ func TestCreateStartRestartKillStartKillRm(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	job = eng.Job("kill", id)
+	job = eng.Job("stop", id)
+	job.SetenvInt("t", 15)
 	if err := job.Run(); err != nil {
 		t.Fatal(err)
 	}

From d503714285143013d9fa6932ee5775fd155d26d2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 24 Mar 2014 12:03:56 +0000
Subject: [PATCH 196/384] Revert "Disable automatic killing of containers when
 docker stop fails"

This reverts commit 8b5cf51d600dc4f3611cf063c52cf3448e7b01e5.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 api/client.go                                        |  6 +++---
 .../sources/reference/api/docker_remote_api_v1.9.rst |  4 ++--
 docs/sources/reference/commandline/cli.rst           |  6 +++---
 runtime/container.go                                 | 12 ++++++++++--
 4 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/api/client.go b/api/client.go
index ae9e7cef19..b39b102330 100644
--- a/api/client.go
+++ b/api/client.go
@@ -498,8 +498,8 @@ func (cli *DockerCli) CmdInfo(args ...string) error {
 }
 
 func (cli *DockerCli) CmdStop(args ...string) error {
-	cmd := cli.Subcmd("stop", "[OPTIONS] CONTAINER [CONTAINER...]", "Stop a running container (Send SIGTERM)")
-	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop.")
+	cmd := cli.Subcmd("stop", "[OPTIONS] CONTAINER [CONTAINER...]", "Stop a running container (Send SIGTERM, and then SIGKILL after grace period)")
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop before killing it.")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -526,7 +526,7 @@ func (cli *DockerCli) CmdStop(args ...string) error {
 
 func (cli *DockerCli) CmdRestart(args ...string) error {
 	cmd := cli.Subcmd("restart", "[OPTIONS] CONTAINER [CONTAINER...]", "Restart a running container")
-	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to wait for the container to stop. Default=10")
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
diff --git a/docs/sources/reference/api/docker_remote_api_v1.9.rst b/docs/sources/reference/api/docker_remote_api_v1.9.rst
index def38edd55..27812457bb 100644
--- a/docs/sources/reference/api/docker_remote_api_v1.9.rst
+++ b/docs/sources/reference/api/docker_remote_api_v1.9.rst
@@ -432,7 +432,7 @@ Stop a container
 
            HTTP/1.1 204 OK
 
-        :query t: number of seconds to wait for the container to stop
+        :query t: number of seconds to wait before killing the container
         :statuscode 204: no error
         :statuscode 404: no such container
         :statuscode 500: server error
@@ -457,7 +457,7 @@ Restart a container
 
            HTTP/1.1 204 OK
 
-        :query t: number of seconds to wait for the container to stop
+        :query t: number of seconds to wait before killing the container
         :statuscode 204: no error
         :statuscode 404: no such container
         :statuscode 500: server error
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index d398b16e53..757f3b239b 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1360,11 +1360,11 @@ This example shows 5 containers that might be set up to test a web application c
 
     Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
 
-    Stop a running container (Send SIGTERM)
+    Stop a running container (Send SIGTERM, and then SIGKILL after grace period)
 
-      -t, --time=10: Number of seconds to wait for the container to stop.
+      -t, --time=10: Number of seconds to wait for the container to stop before killing it.
 
-The main process inside the container will receive SIGTERM.
+The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL
 
 .. _cli_tag:
 
diff --git a/runtime/container.go b/runtime/container.go
index 6194a19c8c..bff9aea968 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -903,12 +903,20 @@ func (container *Container) Stop(seconds int) error {
 
 	// 1. Send a SIGTERM
 	if err := container.KillSig(15); err != nil {
-		return err
+		utils.Debugf("Error sending kill SIGTERM: %s", err)
+		log.Print("Failed to send SIGTERM to the process, force killing")
+		if err := container.KillSig(9); err != nil {
+			return err
+		}
 	}
 
 	// 2. Wait for the process to exit on its own
 	if err := container.WaitTimeout(time.Duration(seconds) * time.Second); err != nil {
-		return err
+		log.Printf("Container %v failed to exit within %d seconds of SIGTERM - using the force", container.ID, seconds)
+		// 3. If it doesn't, then send SIGKILL
+		if err := container.Kill(); err != nil {
+			return err
+		}
 	}
 	return nil
 }

From f41135bc11b9a4da896e5054a73afa112b2e835f Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 24 Mar 2014 12:39:56 +0000
Subject: [PATCH 197/384] As far as I know this code is not used or maintained
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 hack/infrastructure/docker-ci/Dockerfile      |  29 ---
 hack/infrastructure/docker-ci/MAINTAINERS     |   1 -
 hack/infrastructure/docker-ci/README.rst      |  65 -------
 hack/infrastructure/docker-ci/VERSION         |   1 -
 .../docker-ci/buildbot/github.py              | 176 ------------------
 .../docker-ci/buildbot/master.cfg             | 161 ----------------
 .../docker-ci/dcr/prod/docker-ci.yml          |  22 ---
 .../docker-ci/dcr/prod/settings.yml           |   5 -
 .../docker-ci/dcr/stage/docker-ci.yml         |  22 ---
 .../docker-ci/dcr/stage/settings.yml          |   5 -
 .../docker-ci/docker-coverage/gocoverage.sh   |  52 ------
 .../docker-ci/dockertest/docker               |   1 -
 .../docker-ci/dockertest/docker-registry      |   1 -
 .../docker-ci/dockertest/nightlyrelease       |  13 --
 .../docker-ci/dockertest/project              |   8 -
 .../docker-ci/functionaltests/test_index.py   |  61 ------
 .../functionaltests/test_registry.sh          |  27 ---
 .../infrastructure/docker-ci/nginx/nginx.conf |  12 --
 .../docker-ci/report/Dockerfile               |  28 ---
 .../docker-ci/report/deployment.py            | 130 -------------
 .../infrastructure/docker-ci/report/report.py | 145 ---------------
 hack/infrastructure/docker-ci/setup.sh        |  54 ------
 .../docker-ci/testbuilder/Dockerfile          |  12 --
 .../docker-ci/testbuilder/docker-registry.sh  |  12 --
 .../docker-ci/testbuilder/docker.sh           |  18 --
 .../docker-ci/testbuilder/testbuilder.sh      |  40 ----
 hack/infrastructure/docker-ci/tool/backup.py  |  47 -----
 27 files changed, 1148 deletions(-)
 delete mode 100644 hack/infrastructure/docker-ci/Dockerfile
 delete mode 100644 hack/infrastructure/docker-ci/MAINTAINERS
 delete mode 100644 hack/infrastructure/docker-ci/README.rst
 delete mode 100644 hack/infrastructure/docker-ci/VERSION
 delete mode 100644 hack/infrastructure/docker-ci/buildbot/github.py
 delete mode 100644 hack/infrastructure/docker-ci/buildbot/master.cfg
 delete mode 100644 hack/infrastructure/docker-ci/dcr/prod/docker-ci.yml
 delete mode 100644 hack/infrastructure/docker-ci/dcr/prod/settings.yml
 delete mode 100644 hack/infrastructure/docker-ci/dcr/stage/docker-ci.yml
 delete mode 100644 hack/infrastructure/docker-ci/dcr/stage/settings.yml
 delete mode 100755 hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh
 delete mode 120000 hack/infrastructure/docker-ci/dockertest/docker
 delete mode 120000 hack/infrastructure/docker-ci/dockertest/docker-registry
 delete mode 100755 hack/infrastructure/docker-ci/dockertest/nightlyrelease
 delete mode 100755 hack/infrastructure/docker-ci/dockertest/project
 delete mode 100755 hack/infrastructure/docker-ci/functionaltests/test_index.py
 delete mode 100755 hack/infrastructure/docker-ci/functionaltests/test_registry.sh
 delete mode 100644 hack/infrastructure/docker-ci/nginx/nginx.conf
 delete mode 100644 hack/infrastructure/docker-ci/report/Dockerfile
 delete mode 100755 hack/infrastructure/docker-ci/report/deployment.py
 delete mode 100755 hack/infrastructure/docker-ci/report/report.py
 delete mode 100755 hack/infrastructure/docker-ci/setup.sh
 delete mode 100644 hack/infrastructure/docker-ci/testbuilder/Dockerfile
 delete mode 100755 hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
 delete mode 100755 hack/infrastructure/docker-ci/testbuilder/docker.sh
 delete mode 100755 hack/infrastructure/docker-ci/testbuilder/testbuilder.sh
 delete mode 100755 hack/infrastructure/docker-ci/tool/backup.py

diff --git a/hack/infrastructure/docker-ci/Dockerfile b/hack/infrastructure/docker-ci/Dockerfile
deleted file mode 100644
index 5c6eec9663..0000000000
--- a/hack/infrastructure/docker-ci/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-# DOCKER-VERSION: 0.7.6
-# AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
-# DESCRIPTION:    docker-ci continuous integration service
-# TO_BUILD:       docker build -t docker-ci/docker-ci .
-# TO_RUN:         docker run --rm -i -t -p 8000:80 -p 2222:22 -v /run:/var/socket \
-#                     -v /data/docker-ci:/data/docker-ci docker-ci/docker-ci
-
-from ubuntu:12.04
-maintainer Daniel Mizyrycki <daniel@dotcloud.com>
-
-ENV DEBIAN_FRONTEND noninteractive
-RUN echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > \
-    /etc/apt/sources.list; apt-get update
-RUN apt-get install -y --no-install-recommends  python2.7 python-dev \
-    libevent-dev git supervisor ssh rsync less vim sudo gcc wget nginx
-RUN cd /tmp; wget http://python-distribute.org/distribute_setup.py
-RUN cd /tmp; python distribute_setup.py; easy_install pip; rm distribute_setup.py
-
-RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
-RUN echo 'deb http://get.docker.io/ubuntu docker main' > \
-      /etc/apt/sources.list.d/docker.list; apt-get update
-RUN apt-get install -y lxc-docker-0.8.0
-RUN pip install SQLAlchemy==0.7.10 buildbot buildbot-slave pyopenssl boto
-RUN ln -s /var/socket/docker.sock /run/docker.sock
-
-ADD . /docker-ci
-RUN /docker-ci/setup.sh
-
-ENTRYPOINT ["supervisord", "-n"]
diff --git a/hack/infrastructure/docker-ci/MAINTAINERS b/hack/infrastructure/docker-ci/MAINTAINERS
deleted file mode 100644
index 5dfc881420..0000000000
--- a/hack/infrastructure/docker-ci/MAINTAINERS
+++ /dev/null
@@ -1 +0,0 @@
-Daniel Mizyrycki <daniel@dotcloud.com> (@mzdaniel)
diff --git a/hack/infrastructure/docker-ci/README.rst b/hack/infrastructure/docker-ci/README.rst
deleted file mode 100644
index 07c1ffcec0..0000000000
--- a/hack/infrastructure/docker-ci/README.rst
+++ /dev/null
@@ -1,65 +0,0 @@
-=========
-docker-ci
-=========
-
-This directory contains docker-ci continuous integration system.
-As expected, it is a fully dockerized and deployed using
-docker-container-runner.
-docker-ci is based on Buildbot, a continuous integration system designed
-to automate the build/test cycle. By automatically rebuilding and testing
-the tree each time something has changed, build problems are pinpointed
-quickly, before other developers are inconvenienced by the failure.
-We are running buildbot at Rackspace to verify docker and docker-registry
-pass tests, and check for coverage code details.
-
-docker-ci instance is at https://docker-ci.docker.io/waterfall
-
-Inside docker-ci container we have the following directory structure:
-
-/docker-ci                       source code of docker-ci
-/data/backup/docker-ci/          daily backup (replicated over S3)
-/data/docker-ci/coverage/{docker,docker-registry}/    mapped to host volumes
-/data/buildbot/{master,slave}/   main docker-ci buildbot config and database
-/var/socket/{docker.sock}        host volume access to docker socket
-
-
-Production deployment
-=====================
-
-::
-
-  # Clone docker-ci repository
-  git clone https://github.com/dotcloud/docker
-  cd docker/hack/infrastructure/docker-ci
-
-  export DOCKER_PROD=[PRODUCTION_SERVER_IP]
-
-  # Create data host volume. (only once)
-  docker -H $DOCKER_PROD run -v /home:/data ubuntu:12.04 \
-    mkdir -p /data/docker-ci/coverage/docker
-  docker -H $DOCKER_PROD run -v /home:/data ubuntu:12.04 \
-    mkdir -p /data/docker-ci/coverage/docker-registry
-  docker -H $DOCKER_PROD run -v /home:/data ubuntu:12.04 \
-    chown -R 1000.1000 /data/docker-ci
-
-  # dcr deployment. Define credentials and special environment dcr variables
-  # ( retrieved at /hack/infrastructure/docker-ci/dcr/prod/docker-ci.yml )
-  export WEB_USER=[DOCKER-CI-WEBSITE-USERNAME]
-  export WEB_IRC_PWD=[DOCKER-CI-WEBSITE-PASSWORD]
-  export BUILDBOT_PWD=[BUILDSLAVE_PASSWORD]
-  export AWS_ACCESS_KEY=[DOCKER_RELEASE_S3_ACCESS]
-  export AWS_SECRET_KEY=[DOCKER_RELEASE_S3_SECRET]
-  export GPG_PASSPHRASE=[DOCKER_RELEASE_PASSPHRASE]
-  export BACKUP_AWS_ID=[S3_BUCKET_CREDENTIAL_ACCESS]
-  export BACKUP_AWS_SECRET=[S3_BUCKET_CREDENTIAL_SECRET]
-  export SMTP_USER=[MAILGUN_SMTP_USERNAME]
-  export SMTP_PWD=[MAILGUN_SMTP_PASSWORD]
-  export EMAIL_RCP=[EMAIL_FOR_BUILD_ERRORS]
-
-  # Build docker-ci and testbuilder docker images
-  docker -H $DOCKER_PROD build -t docker-ci/docker-ci .
-  (cd testbuilder; docker -H $DOCKER_PROD build --rm -t docker-ci/testbuilder .)
-
-  # Run docker-ci container ( assuming no previous container running )
-  (cd dcr/prod; dcr docker-ci.yml start)
-  (cd dcr/prod; dcr docker-ci.yml register docker-ci.docker.io)
diff --git a/hack/infrastructure/docker-ci/VERSION b/hack/infrastructure/docker-ci/VERSION
deleted file mode 100644
index b49b25336d..0000000000
--- a/hack/infrastructure/docker-ci/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-0.5.6
diff --git a/hack/infrastructure/docker-ci/buildbot/github.py b/hack/infrastructure/docker-ci/buildbot/github.py
deleted file mode 100644
index 5316e13282..0000000000
--- a/hack/infrastructure/docker-ci/buildbot/github.py
+++ /dev/null
@@ -1,176 +0,0 @@
-# This file is part of Buildbot.  Buildbot is free software: you can
-# redistribute it and/or modify it under the terms of the GNU General Public
-# License as published by the Free Software Foundation, version 2.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
-# details.
-#
-# You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Software Foundation, Inc., 51
-# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Copyright Buildbot Team Members
-
-#!/usr/bin/env python
-"""
-github_buildbot.py is based on git_buildbot.py
-
-github_buildbot.py will determine the repository information from the JSON
-HTTP POST it receives from github.com and build the appropriate repository.
-If your github repository is private, you must add a ssh key to the github
-repository for the user who initiated the build on the buildslave.
-
-"""
-
-import re
-import datetime
-from twisted.python import log
-import calendar
-
-try:
-    import json
-    assert json
-except ImportError:
-    import simplejson as json
-
-# python is silly about how it handles timezones
-class fixedOffset(datetime.tzinfo):
-    """
-    fixed offset timezone
-    """
-    def __init__(self, minutes, hours, offsetSign = 1):
-        self.minutes = int(minutes) * offsetSign
-        self.hours   = int(hours)   * offsetSign
-        self.offset  = datetime.timedelta(minutes = self.minutes,
-                                         hours   = self.hours)
-
-    def utcoffset(self, dt):
-        return self.offset
-
-    def dst(self, dt):
-        return datetime.timedelta(0)
-    
-def convertTime(myTestTimestamp):
-    #"1970-01-01T00:00:00+00:00"
-    # Normalize myTestTimestamp
-    if myTestTimestamp[-1] == 'Z':
-        myTestTimestamp = myTestTimestamp[:-1] + '-00:00'
-    matcher = re.compile(r'(\d\d\d\d)-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)([-+])(\d\d):(\d\d)')
-    result  = matcher.match(myTestTimestamp)
-    (year, month, day, hour, minute, second, offsetsign, houroffset, minoffset) = \
-        result.groups()
-    if offsetsign == '+':
-        offsetsign = 1
-    else:
-        offsetsign = -1
-    
-    offsetTimezone = fixedOffset( minoffset, houroffset, offsetsign )
-    myDatetime = datetime.datetime( int(year),
-                                    int(month),
-                                    int(day),
-                                    int(hour),
-                                    int(minute),
-                                    int(second),
-                                    0,
-                                    offsetTimezone)
-    return calendar.timegm( myDatetime.utctimetuple() )
-
-def getChanges(request, options = None):
-        """
-        Reponds only to POST events and starts the build process
-        
-        :arguments:
-            request
-                the http request object
-        """
-        payload = json.loads(request.args['payload'][0])
-        import urllib,datetime
-        fname = str(datetime.datetime.now()).replace(' ','_').replace(':','-')[:19]
-        # Github event debug
-        # open('github_{0}.json'.format(fname),'w').write(json.dumps(json.loads(urllib.unquote(request.args['payload'][0])), sort_keys = True, indent = 2))
-
-        if 'pull_request' in payload:
-            user = payload['pull_request']['user']['login']
-            repo = payload['pull_request']['head']['repo']['name']
-            repo_url = payload['pull_request']['head']['repo']['html_url']
-        else:
-            user = payload['repository']['owner']['name']
-            repo = payload['repository']['name']
-            repo_url = payload['repository']['url']
-        project = request.args.get('project', None)
-        if project:
-            project = project[0]
-        elif project is None:
-            project = ''
-        # This field is unused:
-        #private = payload['repository']['private']
-        changes = process_change(payload, user, repo, repo_url, project)
-        log.msg("Received %s changes from github" % len(changes))
-        return (changes, 'git')
-
-def process_change(payload, user, repo, repo_url, project):
-        """
-        Consumes the JSON as a python object and actually starts the build.
-        
-        :arguments:
-            payload
-                Python Object that represents the JSON sent by GitHub Service
-                Hook.
-        """
-        changes = []
-
-        newrev = payload['after'] if 'after' in payload else payload['pull_request']['head']['sha']
-        refname = payload['ref'] if 'ref' in payload else payload['pull_request']['head']['ref']
-
-        # We only care about regular heads, i.e. branches
-        match = re.match(r"^(refs\/heads\/|)([^/]+)$", refname)
-        if not match:
-            log.msg("Ignoring refname `%s': Not a branch" % refname)
-            return []
-
-        branch = match.groups()[1]
-        if re.match(r"^0*$", newrev):
-            log.msg("Branch `%s' deleted, ignoring" % branch)
-            return []
-        else: 
-            if 'pull_request' in payload:
-                if payload['action'] == 'closed':
-                    log.msg("PR#{} closed, ignoring".format(payload['number']))
-                    return []
-                changes = [{
-                    'category'   : 'github_pullrequest',
-                    'who'        : '{0} - PR#{1}'.format(user,payload['number']),
-                    'files'      : [],
-                    'comments'   : payload['pull_request']['title'],
-                    'revision'   : newrev,
-                    'when'       : convertTime(payload['pull_request']['updated_at']),
-                    'branch'     : branch,
-                    'revlink'    : '{0}/commit/{1}'.format(repo_url,newrev),
-                    'repository' : repo_url,
-                    'project'  : project  }]
-                return changes
-            for commit in payload['commits']:
-                files = []
-                if 'added' in commit:
-                    files.extend(commit['added'])
-                if 'modified' in commit:
-                    files.extend(commit['modified'])
-                if 'removed' in commit:
-                    files.extend(commit['removed'])
-                when =  convertTime( commit['timestamp'])
-                log.msg("New revision: %s" % commit['id'][:8])
-                chdict = dict(
-                    who      = commit['author']['name'] 
-                                + " <" + commit['author']['email'] + ">",
-                    files    = files,
-                    comments = commit['message'], 
-                    revision = commit['id'],
-                    when     = when,
-                    branch   = branch,
-                    revlink  = commit['url'], 
-                    repository = repo_url,
-                    project  = project)
-                changes.append(chdict) 
-            return changes
diff --git a/hack/infrastructure/docker-ci/buildbot/master.cfg b/hack/infrastructure/docker-ci/buildbot/master.cfg
deleted file mode 100644
index 75605da8ab..0000000000
--- a/hack/infrastructure/docker-ci/buildbot/master.cfg
+++ /dev/null
@@ -1,161 +0,0 @@
-import os, re
-from buildbot.buildslave import BuildSlave
-from buildbot.schedulers.forcesched import ForceScheduler
-from buildbot.schedulers.basic import SingleBranchScheduler
-from buildbot.schedulers.timed import Nightly
-from buildbot.changes import filter
-from buildbot.config import BuilderConfig
-from buildbot.process.factory import BuildFactory
-from buildbot.process.properties import Property
-from buildbot.steps.shell import ShellCommand
-from buildbot.status import html, words
-from buildbot.status.web import authz, auth
-from buildbot.status.mail import MailNotifier
-
-
-def ENV(x):
-    '''Promote an environment variable for global use returning its value'''
-    retval = os.environ.get(x, '')
-    globals()[x] = retval
-    return retval
-
-
-class TestCommand(ShellCommand):
-    '''Extend ShellCommand with optional summary logs'''
-    def __init__(self, *args, **kwargs):
-        super(TestCommand, self).__init__(*args, **kwargs)
-
-    def createSummary(self, log):
-        exit_status = re.sub(r'.+\n\+ exit (\d+).+',
-            r'\1', log.getText()[-100:], flags=re.DOTALL)
-        if exit_status != '0':
-            return
-        # Infer coverage path from log
-        if '+ COVERAGE_PATH' in log.getText():
-            path = re.sub(r'.+\+ COVERAGE_PATH=((.+?)-\d+).+',
-              r'\2/\1', log.getText(), flags=re.DOTALL)
-            url = '{}coverage/{}/index.html'.format(c['buildbotURL'], path)
-            self.addURL('coverage', url)
-        elif 'COVERAGE_FILE' in log.getText():
-            path = re.sub(r'.+\+ COVERAGE_FILE=((.+?)-\d+).+',
-              r'\2/\1', log.getText(), flags=re.DOTALL)
-            url = '{}coverage/{}/index.html'.format(c['buildbotURL'], path)
-            self.addURL('coverage', url)
-
-
-PORT_WEB = 8000      # Buildbot webserver port
-PORT_GITHUB = 8011   # Buildbot github hook port
-PORT_MASTER = 9989   # Port where buildbot master listen buildworkers
-
-BUILDBOT_URL = '//localhost:{}/'.format(PORT_WEB)
-DOCKER_REPO = 'https://github.com/docker-test/docker'
-DOCKER_TEST_ARGV = 'HEAD {}'.format(DOCKER_REPO)
-REGISTRY_REPO = 'https://github.com/docker-test/docker-registry'
-REGISTRY_TEST_ARGV = 'HEAD {}'.format(REGISTRY_REPO)
-if ENV('DEPLOYMENT') == 'staging':
-    BUILDBOT_URL = "//docker-ci-stage.docker.io/"
-if ENV('DEPLOYMENT') == 'production':
-    BUILDBOT_URL = '//docker-ci.docker.io/'
-    DOCKER_REPO = 'https://github.com/dotcloud/docker'
-    DOCKER_TEST_ARGV = ''
-    REGISTRY_REPO = 'https://github.com/dotcloud/docker-registry'
-    REGISTRY_TEST_ARGV = ''
-
-# Credentials set by setup.sh from deployment.py
-ENV('WEB_USER')
-ENV('WEB_IRC_PWD')
-ENV('BUILDBOT_PWD')
-ENV('SMTP_USER')
-ENV('SMTP_PWD')
-ENV('EMAIL_RCP')
-ENV('IRC_CHANNEL')
-
-
-c = BuildmasterConfig = {}
-
-c['title'] = "docker-ci"
-c['titleURL'] = "waterfall"
-c['buildbotURL'] = BUILDBOT_URL
-c['db'] = {'db_url':"sqlite:///state.sqlite"}
-c['slaves'] = [BuildSlave('buildworker', BUILDBOT_PWD)]
-c['slavePortnum'] = PORT_MASTER
-
-
-# Schedulers
-c['schedulers'] = [ForceScheduler(name='trigger', builderNames=[
-    'docker', 'docker-registry', 'nightlyrelease', 'backup'])]
-c['schedulers'] += [SingleBranchScheduler(name="docker", treeStableTimer=None,
-    change_filter=filter.ChangeFilter(branch='master',
-    repository=DOCKER_REPO), builderNames=['docker'])]
-c['schedulers'] += [SingleBranchScheduler(name="registry", treeStableTimer=None,
-    change_filter=filter.ChangeFilter(branch='master',
-    repository=REGISTRY_REPO), builderNames=['docker-registry'])]
-c['schedulers'] += [SingleBranchScheduler(name='docker-pr', treeStableTimer=None,
-    change_filter=filter.ChangeFilter(category='github_pullrequest',
-    project='docker'), builderNames=['docker-pr'])]
-c['schedulers'] += [SingleBranchScheduler(name='docker-registry-pr', treeStableTimer=None,
-    change_filter=filter.ChangeFilter(category='github_pullrequest',
-    project='docker-registry'), builderNames=['docker-registry-pr'])]
-c['schedulers'] += [Nightly(name='daily', branch=None, builderNames=[
-    'nightlyrelease', 'backup'], hour=7, minute=00)]
-
-
-# Builders
-
-# Backup
-factory = BuildFactory()
-factory.addStep(TestCommand(description='backup', logEnviron=False,
-    usePTY=True, command='/docker-ci/tool/backup.py'))
-c['builders'] = [BuilderConfig(name='backup',slavenames=['buildworker'],
-    factory=factory)]
-
-# Docker test
-factory = BuildFactory()
-factory.addStep(TestCommand(description='docker', logEnviron=False,
-    usePTY=True, command='/docker-ci/dockertest/docker {}'.format(DOCKER_TEST_ARGV)))
-c['builders'] += [BuilderConfig(name='docker',slavenames=['buildworker'],
-    factory=factory)]
-
-# Docker pull request test
-factory = BuildFactory()
-factory.addStep(TestCommand(description='docker-pr', logEnviron=False,
-    usePTY=True, command=['/docker-ci/dockertest/docker',
-    Property('revision'), Property('repository'), Property('branch')]))
-c['builders'] += [BuilderConfig(name='docker-pr',slavenames=['buildworker'],
-    factory=factory)]
-
-# docker-registry test
-factory = BuildFactory()
-factory.addStep(TestCommand(description='docker-registry', logEnviron=False,
-    usePTY=True, command='/docker-ci/dockertest/docker-registry {}'.format(REGISTRY_TEST_ARGV)))
-c['builders'] += [BuilderConfig(name='docker-registry',slavenames=['buildworker'],
-    factory=factory)]
-
-# Docker registry pull request test
-factory = BuildFactory()
-factory.addStep(TestCommand(description='docker-registry-pr', logEnviron=False,
-    usePTY=True, command=['/docker-ci/dockertest/docker-registry',
-    Property('revision'), Property('repository'), Property('branch')]))
-c['builders'] += [BuilderConfig(name='docker-registry-pr',slavenames=['buildworker'],
-    factory=factory)]
-
-# Docker nightly release
-factory = BuildFactory()
-factory.addStep(ShellCommand(description='NightlyRelease',logEnviron=False,
-    usePTY=True, command=['/docker-ci/dockertest/nightlyrelease']))
-c['builders'] += [BuilderConfig(name='nightlyrelease',slavenames=['buildworker'],
-    factory=factory)]
-
-# Status
-authz_cfg = authz.Authz(auth=auth.BasicAuth([(WEB_USER, WEB_IRC_PWD)]),
-    forceBuild='auth')
-c['status'] = [html.WebStatus(http_port=PORT_WEB, authz=authz_cfg)]
-c['status'].append(html.WebStatus(http_port=PORT_GITHUB, allowForce=True,
-    change_hook_dialects={ 'github': True }))
-c['status'].append(MailNotifier(fromaddr='docker-test@docker.io',
-    sendToInterestedUsers=False, extraRecipients=[EMAIL_RCP],
-    mode='failing', relayhost='smtp.mailgun.org', smtpPort=587, useTls=True,
-    smtpUser=SMTP_USER, smtpPassword=SMTP_PWD))
-c['status'].append(words.IRC("irc.freenode.net", "dockerqabot",
-    channels=[IRC_CHANNEL], password=WEB_IRC_PWD, allowForce=True,
-    notify_events={'exception':1, 'successToFailure':1, 'failureToSuccess':1}))
diff --git a/hack/infrastructure/docker-ci/dcr/prod/docker-ci.yml b/hack/infrastructure/docker-ci/dcr/prod/docker-ci.yml
deleted file mode 100644
index 523535446a..0000000000
--- a/hack/infrastructure/docker-ci/dcr/prod/docker-ci.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-docker-ci:
-  image: "docker-ci/docker-ci"
-  release_name: "docker-ci-0.5.6"
-  ports: ["80","2222:22","8011:8011"]
-  register: "80"
-  volumes: ["/run:/var/socket","/home/docker-ci:/data/docker-ci"]
-  command: []
-  env:
-    - "DEPLOYMENT=production"
-    - "IRC_CHANNEL=docker-testing"
-    - "BACKUP_BUCKET=backup-ci"
-    - "$WEB_USER"
-    - "$WEB_IRC_PWD"
-    - "$BUILDBOT_PWD"
-    - "$AWS_ACCESS_KEY"
-    - "$AWS_SECRET_KEY"
-    - "$GPG_PASSPHRASE"
-    - "$BACKUP_AWS_ID"
-    - "$BACKUP_AWS_SECRET"
-    - "$SMTP_USER"
-    - "$SMTP_PWD"
-    - "$EMAIL_RCP"
diff --git a/hack/infrastructure/docker-ci/dcr/prod/settings.yml b/hack/infrastructure/docker-ci/dcr/prod/settings.yml
deleted file mode 100644
index 9831afa6dd..0000000000
--- a/hack/infrastructure/docker-ci/dcr/prod/settings.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-default:
-  hipaches: ['192.168.100.67:6379']
-  daemons: ['192.168.100.67:4243']
-  use_ssh: False
-
diff --git a/hack/infrastructure/docker-ci/dcr/stage/docker-ci.yml b/hack/infrastructure/docker-ci/dcr/stage/docker-ci.yml
deleted file mode 100644
index 8eba84825c..0000000000
--- a/hack/infrastructure/docker-ci/dcr/stage/docker-ci.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-docker-ci:
-  image: "docker-ci/docker-ci"
-  release_name: "docker-ci-stage"
-  ports: ["80","2222:22","8011:8011"]
-  register: "80"
-  volumes: ["/run:/var/socket","/home/docker-ci:/data/docker-ci"]
-  command: []
-  env:
-    - "DEPLOYMENT=staging"
-    - "IRC_CHANNEL=docker-testing-staging"
-    - "BACKUP_BUCKET=ci-backup-stage"
-    - "$BACKUP_AWS_ID"
-    - "$BACKUP_AWS_SECRET"
-    - "$WEB_USER"
-    - "$WEB_IRC_PWD"
-    - "$BUILDBOT_PWD"
-    - "$AWS_ACCESS_KEY"
-    - "$AWS_SECRET_KEY"
-    - "$GPG_PASSPHRASE"
-    - "$SMTP_USER"
-    - "$SMTP_PWD"
-    - "$EMAIL_RCP"
diff --git a/hack/infrastructure/docker-ci/dcr/stage/settings.yml b/hack/infrastructure/docker-ci/dcr/stage/settings.yml
deleted file mode 100644
index a7d37acff3..0000000000
--- a/hack/infrastructure/docker-ci/dcr/stage/settings.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-default:
-  hipaches: ['192.168.100.65:6379']
-  daemons: ['192.168.100.65:4243']
-  use_ssh: False
-
diff --git a/hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh b/hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh
deleted file mode 100755
index fdacc290b4..0000000000
--- a/hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-export PATH='/go/bin':$PATH
-export DOCKER_PATH='/go/src/github.com/dotcloud/docker'
-
-# Signal coverage report name, parsed by docker-ci
-set -x
-COVERAGE_PATH=$(date +"docker-%Y%m%d%H%M%S")
-set +x
-
-REPORTS="/data/$COVERAGE_PATH"
-INDEX="$REPORTS/index.html"
-
-# Test docker
-cd $DOCKER_PATH
-./hack/make.sh test; exit_status=$?
-PROFILE_PATH="$(ls -d $DOCKER_PATH/bundles/* | sed -n '$ p')/test/coverprofiles"
-
-if [ "$exit_status" -eq "0" ]; then
-    # Download coverage dependencies
-    go get github.com/axw/gocov/gocov
-    go get -u github.com/matm/gocov-html
-
-    # Create coverage report
-    mkdir -p $REPORTS
-    cd $PROFILE_PATH
-    cat > $INDEX << "EOF"
-<!DOCTYPE html><head><meta charset="utf-8">
-<script type="text/javascript" src="//tablesorter.com/jquery-latest.js"></script>
-<script type="text/javascript" src="//tablesorter.com/__jquery.tablesorter.min.js"></script>
-<script type="text/javascript">$(document).ready(function() {
-$("table").tablesorter({ sortForce: [[1,0]] }); });</script>
-<style>table,th,td{border:1px solid black;}</style>
-<title>Docker Coverage Report</title>
-</head><body>
-<h1><strong>Docker Coverage Report</strong></h1>
-<table class="tablesorter">
-<thead><tr><th>package</th><th>pct</th></tr></thead><tbody>
-EOF
-    for profile in *; do
-        gocov convert $profile | gocov-html >$REPORTS/$profile.html
-        echo "<tr><td><a href=\"${profile}.html\">$profile</a></td><td>" >> $INDEX
-        go tool cover -func=$profile | sed -En '$ s/.+\t(.+)/\1/p' >> $INDEX
-        echo "</td></tr>" >> $INDEX
-    done
-    echo "</tbody></table></body></html>" >> $INDEX
-fi
-
-# Signal test and coverage result, parsed by docker-ci
-set -x
-exit $exit_status
-
diff --git a/hack/infrastructure/docker-ci/dockertest/docker b/hack/infrastructure/docker-ci/dockertest/docker
deleted file mode 120000
index e3f094ee63..0000000000
--- a/hack/infrastructure/docker-ci/dockertest/docker
+++ /dev/null
@@ -1 +0,0 @@
-project
\ No newline at end of file
diff --git a/hack/infrastructure/docker-ci/dockertest/docker-registry b/hack/infrastructure/docker-ci/dockertest/docker-registry
deleted file mode 120000
index e3f094ee63..0000000000
--- a/hack/infrastructure/docker-ci/dockertest/docker-registry
+++ /dev/null
@@ -1 +0,0 @@
-project
\ No newline at end of file
diff --git a/hack/infrastructure/docker-ci/dockertest/nightlyrelease b/hack/infrastructure/docker-ci/dockertest/nightlyrelease
deleted file mode 100755
index cface6c125..0000000000
--- a/hack/infrastructure/docker-ci/dockertest/nightlyrelease
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-if [ "$DEPLOYMENT" == "production" ]; then
-    AWS_S3_BUCKET='test.docker.io'
-else
-    AWS_S3_BUCKET='get-staging.docker.io'
-fi
-
-docker run --rm --privileged -v /run:/var/socket \
-    -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY \
-    -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE \
-    -e DOCKER_RELEASE=1 -e DEPLOYMENT=$DEPLOYMENT docker-ci/testbuilder docker
-
diff --git a/hack/infrastructure/docker-ci/dockertest/project b/hack/infrastructure/docker-ci/dockertest/project
deleted file mode 100755
index 8131ab533a..0000000000
--- a/hack/infrastructure/docker-ci/dockertest/project
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -x
-
-PROJECT_NAME=$(basename $0)
-
-docker run --rm -u sysadmin -e DEPLOYMENT=$DEPLOYMENT -v /run:/var/socket \
-    -v /home/docker-ci/coverage/$PROJECT_NAME:/data docker-ci/testbuilder $PROJECT_NAME $1 $2 $3
-
diff --git a/hack/infrastructure/docker-ci/functionaltests/test_index.py b/hack/infrastructure/docker-ci/functionaltests/test_index.py
deleted file mode 100755
index fd002c81e8..0000000000
--- a/hack/infrastructure/docker-ci/functionaltests/test_index.py
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/python
-
-import os
-username, password = os.environ['DOCKER_CREDS'].split(':')
-
-from selenium import webdriver
-from selenium.webdriver.common.by import By
-from selenium.webdriver.common.keys import Keys
-from selenium.webdriver.support.ui import Select
-from selenium.common.exceptions import NoSuchElementException
-import unittest, time, re
-
-class Docker(unittest.TestCase):
-    def setUp(self):
-        self.driver = webdriver.PhantomJS()
-        self.driver.implicitly_wait(30)
-        self.base_url = "http://www.docker.io/"
-        self.verificationErrors = []
-        self.accept_next_alert = True
-
-    def test_docker(self):
-        driver = self.driver
-        print "Login into {0} as login user {1} ...".format(self.base_url,username)
-        driver.get(self.base_url + "/")
-        driver.find_element_by_link_text("INDEX").click()
-        driver.find_element_by_link_text("login").click()
-        driver.find_element_by_id("id_username").send_keys(username)
-        driver.find_element_by_id("id_password").send_keys(password)
-        print "Checking login user ..."
-        driver.find_element_by_css_selector("input[type=\"submit\"]").click()
-        try: self.assertEqual("test", driver.find_element_by_css_selector("h3").text)
-        except AssertionError as e: self.verificationErrors.append(str(e))
-        print "Login user {0} found".format(username)
-
-    def is_element_present(self, how, what):
-        try: self.driver.find_element(by=how, value=what)
-        except NoSuchElementException, e: return False
-        return True
-
-    def is_alert_present(self):
-        try: self.driver.switch_to_alert()
-        except NoAlertPresentException, e: return False
-        return True
-
-    def close_alert_and_get_its_text(self):
-        try:
-            alert = self.driver.switch_to_alert()
-            alert_text = alert.text
-            if self.accept_next_alert:
-                alert.accept()
-            else:
-                alert.dismiss()
-            return alert_text
-        finally: self.accept_next_alert = True
-
-    def tearDown(self):
-        self.driver.quit()
-        self.assertEqual([], self.verificationErrors)
-
-if __name__ == "__main__":
-    unittest.main()
diff --git a/hack/infrastructure/docker-ci/functionaltests/test_registry.sh b/hack/infrastructure/docker-ci/functionaltests/test_registry.sh
deleted file mode 100755
index 58642529cc..0000000000
--- a/hack/infrastructure/docker-ci/functionaltests/test_registry.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-set -x
-
-# Cleanup
-rm -rf docker-registry
-
-# Setup the environment
-export SETTINGS_FLAVOR=test
-export DOCKER_REGISTRY_CONFIG=config_test.yml
-export PYTHONPATH=$(pwd)/docker-registry/test
-
-# Get latest docker registry
-git clone -q https://github.com/dotcloud/docker-registry.git
-cd docker-registry
-sed -Ei "s#(boto_bucket: ).+#\1_env:S3_BUCKET#" config_test.yml
-
-# Get dependencies
-pip install -q -r requirements.txt
-pip install -q -r test-requirements.txt
-pip install -q tox
-
-# Run registry tests
-tox || exit 1
-python -m unittest discover -p s3.py -s test || exit 1
-python -m unittest discover -p workflow.py -s test
-
diff --git a/hack/infrastructure/docker-ci/nginx/nginx.conf b/hack/infrastructure/docker-ci/nginx/nginx.conf
deleted file mode 100644
index 6649741134..0000000000
--- a/hack/infrastructure/docker-ci/nginx/nginx.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-server {
-    listen              80;
-    root /data/docker-ci;
-
-    location / {
-        proxy_pass http://localhost:8000/;
-    }
-
-    location /coverage {
-        root /data/docker-ci;
-    }
-}
diff --git a/hack/infrastructure/docker-ci/report/Dockerfile b/hack/infrastructure/docker-ci/report/Dockerfile
deleted file mode 100644
index 32600c4c58..0000000000
--- a/hack/infrastructure/docker-ci/report/Dockerfile
+++ /dev/null
@@ -1,28 +0,0 @@
-# VERSION:        0.22
-# DOCKER-VERSION  0.6.3
-# AUTHOR:         Daniel Mizyrycki <daniel@dotcloud.com>
-# DESCRIPTION:    Generate docker-ci daily report
-# COMMENTS:       The build process is initiated by deployment.py
-                  Report configuration is passed through ./credentials.json at
-#                 deployment time.
-# TO_BUILD:       docker build -t report .
-# TO_DEPLOY:      docker run report
-
-from ubuntu:12.04
-maintainer Daniel Mizyrycki <daniel@dotcloud.com>
-
-env PYTHONPATH /report
-
-
-# Add report dependencies
-run echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > \
-    /etc/apt/sources.list
-run apt-get update; apt-get install -y python2.7 python-pip ssh rsync
-
-# Set San Francisco timezone
-run echo "America/Los_Angeles" >/etc/timezone
-run dpkg-reconfigure --frontend noninteractive tzdata
-
-# Add report code and set default container command
-add . /report
-cmd "/report/report.py"
diff --git a/hack/infrastructure/docker-ci/report/deployment.py b/hack/infrastructure/docker-ci/report/deployment.py
deleted file mode 100755
index 5b2eaf3cab..0000000000
--- a/hack/infrastructure/docker-ci/report/deployment.py
+++ /dev/null
@@ -1,130 +0,0 @@
-#!/usr/bin/env python
-
-'''Deploy docker-ci report container on Digital Ocean.
-Usage:
-    export CONFIG_JSON='
-        { "DROPLET_NAME":        "Digital_Ocean_dropplet_name",
-          "DO_CLIENT_ID":        "Digital_Ocean_client_id",
-          "DO_API_KEY":          "Digital_Ocean_api_key",
-          "DOCKER_KEY_ID":       "Digital_Ocean_ssh_key_id",
-          "DOCKER_CI_KEY_PATH":  "docker-ci_private_key_path",
-          "DOCKER_CI_PUB":       "$(cat docker-ci_ssh_public_key.pub)",
-          "DOCKER_CI_ADDRESS"    "user@docker-ci_fqdn_server",
-          "SMTP_USER":           "SMTP_server_user",
-          "SMTP_PWD":            "SMTP_server_password",
-          "EMAIL_SENDER":        "Buildbot_mailing_sender",
-          "EMAIL_RCP":           "Buildbot_mailing_receipient" }'
-    python deployment.py
-'''
-
-import re, json, requests, base64
-from fabric import api
-from fabric.api import cd, run, put, sudo
-from os import environ as env
-from time import sleep
-from datetime import datetime
-
-# Populate environment variables
-CONFIG = json.loads(env['CONFIG_JSON'])
-for key in CONFIG:
-    env[key] = CONFIG[key]
-
-# Load DOCKER_CI_KEY
-env['DOCKER_CI_KEY'] = open(env['DOCKER_CI_KEY_PATH']).read()
-
-DROPLET_NAME = env.get('DROPLET_NAME','report')
-TIMEOUT = 120            # Seconds before timeout droplet creation
-IMAGE_ID = 1004145       # Docker on Ubuntu 13.04
-REGION_ID = 4            # New York 2
-SIZE_ID = 66             # memory 512MB
-DO_IMAGE_USER = 'root'   # Image user on Digital Ocean
-API_URL = 'https://api.digitalocean.com/'
-
-
-class digital_ocean():
-
-    def __init__(self, key, client):
-        '''Set default API parameters'''
-        self.key = key
-        self.client = client
-        self.api_url = API_URL
-
-    def api(self, cmd_path, api_arg={}):
-        '''Make api call'''
-        api_arg.update({'api_key':self.key, 'client_id':self.client})
-        resp = requests.get(self.api_url + cmd_path, params=api_arg).text
-        resp = json.loads(resp)
-        if resp['status'] != 'OK':
-            raise Exception(resp['error_message'])
-        return resp
-
-    def droplet_data(self, name):
-        '''Get droplet data'''
-        data = self.api('droplets')
-        data = [droplet for droplet in data['droplets']
-            if droplet['name'] == name]
-        return data[0] if data else {}
-
-def json_fmt(data):
-    '''Format json output'''
-    return json.dumps(data, sort_keys = True, indent = 2)
-
-
-do = digital_ocean(env['DO_API_KEY'], env['DO_CLIENT_ID'])
-
-# Get DROPLET_NAME data
-data = do.droplet_data(DROPLET_NAME)
-
-# Stop processing if DROPLET_NAME exists on Digital Ocean
-if data:
-    print ('Droplet: {} already deployed. Not further processing.'
-        .format(DROPLET_NAME))
-    exit(1)
-
-# Create droplet
-do.api('droplets/new', {'name':DROPLET_NAME, 'region_id':REGION_ID,
-    'image_id':IMAGE_ID, 'size_id':SIZE_ID,
-    'ssh_key_ids':[env['DOCKER_KEY_ID']]})
-
-# Wait for droplet to be created.
-start_time = datetime.now()
-while (data.get('status','') != 'active' and (
- datetime.now()-start_time).seconds < TIMEOUT):
-    data = do.droplet_data(DROPLET_NAME)
-    print data['status']
-    sleep(3)
-
-# Wait for the machine to boot
-sleep(15)
-
-# Get droplet IP
-ip = str(data['ip_address'])
-print 'droplet: {}    ip: {}'.format(DROPLET_NAME, ip)
-
-api.env.host_string = ip
-api.env.user = DO_IMAGE_USER
-api.env.key_filename = env['DOCKER_CI_KEY_PATH']
-
-# Correct timezone
-sudo('echo "America/Los_Angeles" >/etc/timezone')
-sudo('dpkg-reconfigure --frontend noninteractive tzdata')
-
-# Load JSON_CONFIG environment for Dockerfile
-CONFIG_JSON= base64.b64encode(
-    '{{"DOCKER_CI_PUB":     "{DOCKER_CI_PUB}",'
-    '  "DOCKER_CI_KEY":     "{DOCKER_CI_KEY}",'
-    '  "DOCKER_CI_ADDRESS": "{DOCKER_CI_ADDRESS}",'
-    '  "SMTP_USER":         "{SMTP_USER}",'
-    '  "SMTP_PWD":          "{SMTP_PWD}",'
-    '  "EMAIL_SENDER":      "{EMAIL_SENDER}",'
-    '  "EMAIL_RCP":         "{EMAIL_RCP}"}}'.format(**env))
-
-run('mkdir -p /data/report')
-put('./', '/data/report')
-with cd('/data/report'):
-    run('chmod 700 report.py')
-    run('echo "{}" > credentials.json'.format(CONFIG_JSON))
-    run('docker build -t report .')
-    run('rm credentials.json')
-    run("echo -e '30 09 * * * /usr/bin/docker run report\n' |"
-        " /usr/bin/crontab -")
diff --git a/hack/infrastructure/docker-ci/report/report.py b/hack/infrastructure/docker-ci/report/report.py
deleted file mode 100755
index 7018cabc27..0000000000
--- a/hack/infrastructure/docker-ci/report/report.py
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/usr/bin/python
-
-'''CONFIG_JSON is a json encoded string base64 environment variable. It is used
-to clone docker-ci database, generate docker-ci report and submit it by email.
-CONFIG_JSON data comes from the file /report/credentials.json inserted in this
-container by deployment.py:
-
-{ "DOCKER_CI_PUB":       "$(cat docker-ci_ssh_public_key.pub)",
-  "DOCKER_CI_KEY":       "$(cat docker-ci_ssh_private_key.key)",
-  "DOCKER_CI_ADDRESS":   "user@docker-ci_fqdn_server",
-  "SMTP_USER":           "SMTP_server_user",
-  "SMTP_PWD":            "SMTP_server_password",
-  "EMAIL_SENDER":        "Buildbot_mailing_sender",
-  "EMAIL_RCP":           "Buildbot_mailing_receipient" }  '''
-
-import os, re, json, sqlite3, datetime, base64
-import smtplib
-from datetime import timedelta
-from subprocess import call
-from os import environ as env
-
-TODAY = datetime.date.today()
-
-# Load credentials to the environment
-env['CONFIG_JSON'] = base64.b64decode(open('/report/credentials.json').read())
-
-# Remove SSH private key as it needs more processing
-CONFIG = json.loads(re.sub(r'("DOCKER_CI_KEY".+?"(.+?)",)','',
-    env['CONFIG_JSON'], flags=re.DOTALL))
-
-# Populate environment variables
-for key in CONFIG:
-    env[key] = CONFIG[key]
-
-# Load SSH private key
-env['DOCKER_CI_KEY'] = re.sub('^.+"DOCKER_CI_KEY".+?"(.+?)".+','\\1',
-    env['CONFIG_JSON'],flags=re.DOTALL)
-
-# Prevent rsync to validate host on first connection to docker-ci
-os.makedirs('/root/.ssh')
-open('/root/.ssh/id_rsa','w').write(env['DOCKER_CI_KEY'])
-os.chmod('/root/.ssh/id_rsa',0600)
-open('/root/.ssh/config','w').write('StrictHostKeyChecking no\n')
-
-
-# Sync buildbot database from docker-ci
-call('rsync {}:/data/buildbot/master/state.sqlite .'.format(
-    env['DOCKER_CI_ADDRESS']), shell=True)
-
-class SQL:
-    def __init__(self, database_name):
-        sql = sqlite3.connect(database_name)
-        # Use column names as keys for fetchall rows
-        sql.row_factory = sqlite3.Row
-        sql = sql.cursor()
-        self.sql = sql
-
-    def query(self,query_statement):
-        return self.sql.execute(query_statement).fetchall()
-
-sql = SQL("state.sqlite")
-
-
-class Report():
-
-    def __init__(self,period='',date=''):
-        self.data = []
-        self.period = 'date' if not period else period
-        self.date = str(TODAY) if not date else date
-        self.compute()
-
-    def compute(self):
-        '''Compute report'''
-        if self.period == 'week':
-            self.week_report(self.date)
-        else:
-            self.date_report(self.date)
-
-
-    def date_report(self,date):
-        '''Create a date test report'''
-        builds = []
-        # Get a queryset with all builds from date
-        rows = sql.query('SELECT * FROM builds JOIN buildrequests'
-            ' WHERE builds.brid=buildrequests.id and'
-            ' date(start_time, "unixepoch", "localtime") = "{0}"'
-            ' GROUP BY number'.format(date))
-        build_names = sorted(set([row['buildername'] for row in rows]))
-        # Create a report build line for a given build
-        for build_name in build_names:
-            tried = len([row['buildername']
-                for row in rows if row['buildername'] == build_name])
-            fail_tests = [row['buildername'] for row in rows if (
-                row['buildername'] == build_name and row['results'] != 0)]
-            fail = len(fail_tests)
-            fail_details = ''
-            fail_pct = int(100.0*fail/tried) if  tried != 0 else 100
-            builds.append({'name': build_name, 'tried': tried, 'fail': fail,
-                'fail_pct': fail_pct, 'fail_details':fail_details})
-        if builds:
-            self.data.append({'date': date, 'builds': builds})
-
-
-    def week_report(self,date):
-        '''Add the week's date test reports to report.data'''
-        date = datetime.datetime.strptime(date,'%Y-%m-%d').date()
-        last_monday = date - datetime.timedelta(days=date.weekday())
-        week_dates = [last_monday + timedelta(days=x) for x in range(7,-1,-1)]
-        for date in week_dates:
-            self.date_report(str(date))
-
-    def render_text(self):
-        '''Return rendered report in text format'''
-        retval = ''
-        fail_tests = {}
-        for builds in self.data:
-            retval += 'Test date: {0}\n'.format(builds['date'],retval)
-            table = ''
-            for build in builds['builds']:
-                table += ('Build {name:15}   Tried: {tried:4}   '
-                    ' Failures: {fail:4} ({fail_pct}%)\n'.format(**build))
-                if build['name'] in fail_tests:
-                    fail_tests[build['name']] += build['fail_details']
-                else:
-                    fail_tests[build['name']] = build['fail_details']
-            retval += '{0}\n'.format(table)
-            retval += '\n    Builds failing'
-            for fail_name in fail_tests:
-                retval += '\n' + fail_name + '\n'
-                for (fail_id,fail_url,rn_tests,nr_errors,log_errors,
-                 tracelog_errors) in fail_tests[fail_name]:
-                    retval += fail_url + '\n'
-            retval += '\n\n'
-        return retval
-
-
-# Send email
-smtp_from = env['EMAIL_SENDER']
-subject = '[docker-ci] Daily report for {}'.format(str(TODAY))
-msg = "From: {}\r\nTo: {}\r\nSubject: {}\r\n\r\n".format(
-    smtp_from, env['EMAIL_RCP'], subject)
-msg = msg + Report('week').render_text()
-server = smtplib.SMTP_SSL('smtp.mailgun.org')
-server.login(env['SMTP_USER'], env['SMTP_PWD'])
-server.sendmail(smtp_from, env['EMAIL_RCP'], msg)
diff --git a/hack/infrastructure/docker-ci/setup.sh b/hack/infrastructure/docker-ci/setup.sh
deleted file mode 100755
index 65a00f6dd0..0000000000
--- a/hack/infrastructure/docker-ci/setup.sh
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/env bash
-
-# Set timezone
-echo "GMT" >/etc/timezone
-dpkg-reconfigure --frontend noninteractive tzdata
-
-# Set ssh superuser
-mkdir -p /data/buildbot /var/run/sshd /run
-useradd -m -d /home/sysadmin -s /bin/bash -G sudo,docker -p '*' sysadmin
-sed -Ei 's/(\%sudo.*) ALL/\1 NOPASSWD:ALL/' /etc/sudoers
-cd /home/sysadmin
-mkdir .ssh
-chmod 700 .ssh
-cat > .ssh/authorized_keys << 'EOF'
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7ALVhwQ68q1SjrKaAduOuOEAcWmb8kDZf5qA7T1fM8AP07EDC7nSKRJ8PXUBGTOQfxm89coJDuSJsTAZ+1PvglXhA0Mq6+knc6ZrZY+SuZlDIDAk4TOdVPoDZnmR1YW2McxHkhcGIOKeC8MMig5NeEjtgQwXzauUSPqeh8HMlLZRMooFYyyluIpn7NaCLzyWjwAQz2s3KyI7VE7hl+ncCrW86v+dciEdwqtzNoUMFb3iDpPxaiCl3rv+SB7co/5eUDTs1FZvUcYMXKQuf8R+2ZKzXOpwr0Zs8sKQXvXavCeWykwGgXLBjVkvrDcHuDD6UXCW63UKgmRECpLZaMBVIIRWLEEgTS5OSQTcxpMVe5zUW6sDvXHTcdPwWrcn1dE9F/0vLC0HJ4ADKelLX5zyTpmXGbuZuntIf1JO67D/K/P++uV1rmVIH+zgtOf23w5rX2zKb4BSTqP0sv61pmWV7MEVoEz6yXswcTjS92tb775v7XLU9vKAkt042ORFdE4/++hejhL/Lj52IRgjt1CJZHZsR9JywJZrz3kYuf8eU2J2FYh0Cpz5gmf0f+12Rt4HztnZxGPP4KuMa66e4+hpx1jynjMZ7D5QUnNYEmuvJByopn8HSluuY/kS5MMyZCZtJLEPGX4+yECX0Di/S0vCRl2NyqfCBqS+yXXT5SA1nFw== docker-test@docker.io
-EOF
-chmod 600 .ssh/authorized_keys
-chown -R sysadmin .ssh
-
-# Fix docker group id for use of host dockerd by sysadmin
-sed -Ei 's/(docker:x:)[^:]+/\1999/' /etc/group
-
-# Create buildbot configuration
-cd /data/buildbot; buildbot create-master master
-cp -a /data/buildbot/master/master.cfg.sample \
-    /data/buildbot/master/master.cfg
-cd /data/buildbot; \
-    buildslave create-slave slave localhost:9989 buildworker pass
-cp /docker-ci/buildbot/master.cfg /data/buildbot/master
-
-# Patch github webstatus to capture pull requests
-cp /docker-ci/buildbot/github.py /usr/local/lib/python2.7/dist-packages/buildbot/status/web/hooks
-chown -R sysadmin.sysadmin /data
-
-# Create nginx configuration
-rm /etc/nginx/sites-enabled/default
-cp /docker-ci/nginx/nginx.conf /etc/nginx/conf.d/buildbot.conf
-/bin/echo -e '\ndaemon off;\n' >> /etc/nginx/nginx.conf
-
-# Set supervisord buildbot, nginx and sshd processes
-/bin/echo -e "\
-[program:buildmaster]\n\
-command=twistd --nodaemon --no_save -y buildbot.tac\n\
-directory=/data/buildbot/master\n\
-user=sysadmin\n\n\
-[program:buildworker]\n\
-command=twistd --nodaemon --no_save -y buildbot.tac\n\
-directory=/data/buildbot/slave\n\
-user=sysadmin\n" > \
-    /etc/supervisor/conf.d/buildbot.conf
-/bin/echo -e "[program:nginx]\ncommand=/usr/sbin/nginx\n" > \
-    /etc/supervisor/conf.d/nginx.conf
-/bin/echo -e "[program:sshd]\ncommand=/usr/sbin/sshd -D\n" > \
-    /etc/supervisor/conf.d/sshd.conf
diff --git a/hack/infrastructure/docker-ci/testbuilder/Dockerfile b/hack/infrastructure/docker-ci/testbuilder/Dockerfile
deleted file mode 100644
index 8fa9b4c797..0000000000
--- a/hack/infrastructure/docker-ci/testbuilder/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-# TO_BUILD:      docker build --no-cache -t docker-ci/testbuilder .
-# TO_RUN:        docker run --rm -u sysadmin \
-#                -v /run:/var/socket docker-ci/testbuilder docker-registry
-#
-
-FROM docker-ci/docker-ci
-ENV HOME /home/sysadmin
-
-RUN mkdir /testbuilder
-ADD . /testbuilder
-
-ENTRYPOINT ["/testbuilder/testbuilder.sh"]
diff --git a/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh b/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
deleted file mode 100755
index a73704c50b..0000000000
--- a/hack/infrastructure/docker-ci/testbuilder/docker-registry.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-set -x
-set -e
-PROJECT_PATH=$1
-
-# Build the docker project
-cd /data/$PROJECT_PATH
-sg docker -c "docker build -q -t registry ."
-cd test; sg docker -c "docker build -q -t docker-registry-test ."
-
-# Run the tests
-sg docker -c "docker run --rm -v /home/docker-ci/coverage/docker-registry:/data docker-registry-test"
diff --git a/hack/infrastructure/docker-ci/testbuilder/docker.sh b/hack/infrastructure/docker-ci/testbuilder/docker.sh
deleted file mode 100755
index c8f3c18eb9..0000000000
--- a/hack/infrastructure/docker-ci/testbuilder/docker.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-set -x
-set -e
-PROJECT_PATH=$1
-
-# Build the docker project
-cd /data/$PROJECT_PATH
-sg docker -c "docker build -q -t docker ."
-
-if [ "$DOCKER_RELEASE" == "1" ]; then
-    # Do nightly release
-    echo sg docker -c "docker run --rm --privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY= -e AWS_SECRET_KEY= -e GPG_PASSPHRASE= docker hack/release.sh"
-    set +x
-    sg docker -c "docker run --rm --privileged -v /run:/var/socket -e AWS_S3_BUCKET=$AWS_S3_BUCKET -e AWS_ACCESS_KEY=$AWS_ACCESS_KEY -e AWS_SECRET_KEY=$AWS_SECRET_KEY -e GPG_PASSPHRASE=$GPG_PASSPHRASE docker hack/release.sh"
-else
-    # Run the tests
-    sg docker -c "docker run --rm --privileged -v /home/docker-ci/coverage/docker:/data docker ./hack/infrastructure/docker-ci/docker-coverage/gocoverage.sh"
-fi
diff --git a/hack/infrastructure/docker-ci/testbuilder/testbuilder.sh b/hack/infrastructure/docker-ci/testbuilder/testbuilder.sh
deleted file mode 100755
index 70701343c2..0000000000
--- a/hack/infrastructure/docker-ci/testbuilder/testbuilder.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-# Download,  build and run a docker project tests
-# Environment variables: DEPLOYMENT
-
-cat $0
-set -e
-set -x
-
-PROJECT=$1
-COMMIT=${2-HEAD}
-REPO=${3-https://github.com/dotcloud/$PROJECT}
-BRANCH=${4-master}
-REPO_PROJ="https://github.com/docker-test/$PROJECT"
-if [ "$DEPLOYMENT" == "production" ]; then
-    REPO_PROJ="https://github.com/dotcloud/$PROJECT"
-fi
-set +x
-
-# Generate a random string of $1 characters
-function random {
-    cat /dev/urandom | tr -cd 'a-f0-9' | head -c $1
-}
-
-PROJECT_PATH="$PROJECT-tmp-$(random 12)"
-
-# Set docker-test git user
-set -x
-git config --global user.email "docker-test@docker.io"
-git config --global user.name "docker-test"
-
-# Fetch project
-git clone -q $REPO_PROJ -b master /data/$PROJECT_PATH
-cd /data/$PROJECT_PATH
-echo "Git commit: $(git rev-parse HEAD)"
-git fetch -q $REPO $BRANCH
-git merge --no-edit $COMMIT
-
-# Build the project dockertest
-/testbuilder/$PROJECT.sh $PROJECT_PATH
-rm -rf /data/$PROJECT_PATH
diff --git a/hack/infrastructure/docker-ci/tool/backup.py b/hack/infrastructure/docker-ci/tool/backup.py
deleted file mode 100755
index 2db633e526..0000000000
--- a/hack/infrastructure/docker-ci/tool/backup.py
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/env python
-
-import os,sys,json
-from datetime import datetime
-from filecmp import cmp
-from subprocess import check_call
-from boto.s3.key import Key
-from boto.s3.connection import S3Connection
-
-def ENV(x):
-    '''Promote an environment variable for global use returning its value'''
-    retval = os.environ.get(x, '')
-    globals()[x] = retval
-    return retval
-
-ROOT_PATH = '/data/backup/docker-ci'
-TODAY = str(datetime.today())[:10]
-BACKUP_FILE = '{}/docker-ci_{}.tgz'.format(ROOT_PATH, TODAY)
-BACKUP_LINK = '{}/docker-ci.tgz'.format(ROOT_PATH)
-ENV('BACKUP_BUCKET')
-ENV('BACKUP_AWS_ID')
-ENV('BACKUP_AWS_SECRET')
-
-'''Create full master buildbot backup, avoiding duplicates'''
-# Ensure backup path exist
-if not os.path.exists(ROOT_PATH):
-    os.makedirs(ROOT_PATH)
-# Make actual backups
-check_call('/bin/tar czf {} -C /data --exclude=backup --exclude=buildbot/slave'
-    ' . 1>/dev/null 2>&1'.format(BACKUP_FILE),shell=True)
-# remove previous dump if it is the same as the latest
-if (os.path.exists(BACKUP_LINK) and cmp(BACKUP_FILE, BACKUP_LINK) and
- os.path._resolve_link(BACKUP_LINK) != BACKUP_FILE):
-    os.unlink(os.path._resolve_link(BACKUP_LINK))
-# Recreate backup link pointing to latest backup
-try:
-    os.unlink(BACKUP_LINK)
-except:
-    pass
-os.symlink(BACKUP_FILE, BACKUP_LINK)
-
-# Make backup on S3
-bucket = S3Connection(BACKUP_AWS_ID,BACKUP_AWS_SECRET).get_bucket(BACKUP_BUCKET)
-k = Key(bucket)
-k.key = BACKUP_FILE
-k.set_contents_from_filename(BACKUP_FILE)
-bucket.copy_key(os.path.basename(BACKUP_LINK),BACKUP_BUCKET,BACKUP_FILE[1:])

From 68dd722e3c54995e609b2524bad501ab1d4d15d6 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 24 Mar 2014 14:15:04 +0000
Subject: [PATCH 198/384] Promote btrfs Docker-DCO-1.1-Signed-off-by: Michael
 Crosby <michael@crosbymichael.com> (github: crosbymichael)

---
 runtime/graphdriver/driver.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/runtime/graphdriver/driver.go b/runtime/graphdriver/driver.go
index 89fd03a624..9ea7d1c94c 100644
--- a/runtime/graphdriver/driver.go
+++ b/runtime/graphdriver/driver.go
@@ -39,10 +39,9 @@ var (
 	// Slice of drivers that should be used in an order
 	priority = []string{
 		"aufs",
+		"btrfs",
 		"devicemapper",
 		"vfs",
-		// experimental, has to be enabled manually for now
-		"btrfs",
 	}
 )
 

From c7540b3e94d7712b6b91ba80de0155f20156f3f3 Mon Sep 17 00:00:00 2001
From: LK4D4 <lk4d4math@gmail.com>
Date: Mon, 24 Mar 2014 22:31:05 +0400
Subject: [PATCH 199/384] Workaround for hanging events. Fixes #4804

Docker-DCO-1.1-Signed-off-by: LK4D4 <lk4d4math@gmail.com> (github: LK4D4)
---
 server/server.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/server.go b/server/server.go
index 840a70357d..2cb3328d55 100644
--- a/server/server.go
+++ b/server/server.go
@@ -222,6 +222,10 @@ func (srv *Server) Events(job *engine.Job) engine.Status {
 
 	listener := make(chan utils.JSONMessage)
 	srv.Lock()
+	if old, ok := srv.listeners[from]; ok {
+		delete(srv.listeners, from)
+		close(old)
+	}
 	srv.listeners[from] = listener
 	srv.Unlock()
 	job.Stdout.Write(nil) // flush

From bb034c6b42c347ffdfae834960bf2386429e1980 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 24 Mar 2014 21:38:57 -0400
Subject: [PATCH 200/384] Add Chef usage documentation

Docker-DCO-1.1-Signed-off-by: Brian Flad <bflad417@gmail.com> (github: bflad)
---
 docs/sources/use/chef.rst  | 95 ++++++++++++++++++++++++++++++++++++++
 docs/sources/use/index.rst |  1 +
 2 files changed, 96 insertions(+)
 create mode 100644 docs/sources/use/chef.rst

diff --git a/docs/sources/use/chef.rst b/docs/sources/use/chef.rst
new file mode 100644
index 0000000000..54755ad3b3
--- /dev/null
+++ b/docs/sources/use/chef.rst
@@ -0,0 +1,95 @@
+:title: Chef Usage
+:description: Installating and using Docker via Chef
+:keywords: chef, installation, usage, docker, documentation
+
+.. _install_using_chef:
+
+Using Chef
+=============
+
+.. note::
+
+   Please note this is a community contributed installation path. The
+   only 'official' installation is using the :ref:`ubuntu_linux`
+   installation path. This version may sometimes be out of date.
+
+Requirements
+------------
+
+To use this guide you'll need a working installation of 
+`Chef <http://www.getchef.com/>`_. This cookbook supports a variety of 
+operating systems.
+
+Installation
+------------
+
+The cookbook is available on the `Chef Community Site
+<community.opscode.com/cookbooks/docker>`_ and can be installed
+using your favorite cookbook dependency manager.
+
+The source can be found on `GitHub
+<https://github.com/bflad/chef-docker>`_.
+
+Usage
+-----
+
+The cookbook provides recipes for installing Docker, configuring init
+for Docker, and resources for managing images and containers.
+It supports almost all Docker functionality.
+
+Installation
+~~~~~~~~~~~~
+
+.. code-block:: ruby
+
+  include_recipe 'docker'
+
+Images
+~~~~~~
+
+The next step is to pull a Docker image. For this, we have a resource:
+
+.. code-block:: ruby
+
+  docker_image 'samalba/docker-registry'
+
+This is equivalent to running:
+
+.. code-block:: bash
+
+  docker pull samalba/docker-registry
+
+There are attributes available to control how long the cookbook
+will allow for downloading (5 minute default).
+
+To remove images you no longer need:
+
+.. code-block:: ruby
+
+  docker_image 'samalba/docker-registry' do
+    action :remove
+  end
+
+Containers
+~~~~~~~~~~
+
+Now you have an image where you can run commands within a container
+managed by Docker.
+
+.. code-block:: ruby
+
+  docker_container 'samalba/docker-registry' do
+    detach true
+    port '5000:5000'
+    env 'SETTINGS_FLAVOR=local'
+    volume '/mnt/docker:/docker-storage'
+  end
+
+This is equivalent to running the following command, but under upstart:
+
+.. code-block:: bash
+
+  docker run --detach=true --publish='5000:5000' --env='SETTINGS_FLAVOR=local' --volume='/mnt/docker:/docker-storage' samalba/docker-registry
+
+The resources will accept a single string or an array of values
+for any docker flags that allow multiple values.
diff --git a/docs/sources/use/index.rst b/docs/sources/use/index.rst
index c1b7691cca..dcf6289b41 100644
--- a/docs/sources/use/index.rst
+++ b/docs/sources/use/index.rst
@@ -20,4 +20,5 @@ Contents:
    working_with_volumes
    working_with_links_names
    ambassador_pattern_linking
+   chef
    puppet

From 84e1fdf35d9d6493d389a8e8be3ab41190004b30 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 24 Mar 2014 21:43:26 -0400
Subject: [PATCH 201/384] docker load: add --input flag

for those that do not care to read from redirected stdin

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 api/client.go                              | 14 +++++++++++++-
 docs/sources/reference/commandline/cli.rst | 15 ++++++++++++---
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/api/client.go b/api/client.go
index f1a3f64f2a..f9e7445fd9 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2075,6 +2075,8 @@ func (cli *DockerCli) CmdSave(args ...string) error {
 
 func (cli *DockerCli) CmdLoad(args ...string) error {
 	cmd := cli.Subcmd("load", "", "Load an image from a tar archive on STDIN")
+	infile := cmd.String([]string{"i", "-input"}, "", "Read from a tar archive file, instead of STDIN")
+
 	if err := cmd.Parse(args); err != nil {
 		return err
 	}
@@ -2084,7 +2086,17 @@ func (cli *DockerCli) CmdLoad(args ...string) error {
 		return nil
 	}
 
-	if err := cli.stream("POST", "/images/load", cli.in, cli.out, nil); err != nil {
+	var (
+		input io.Reader = cli.in
+		err   error
+	)
+	if *infile != "" {
+		input, err = os.Open(*infile)
+		if err != nil {
+			return err
+		}
+	}
+	if err := cli.stream("POST", "/images/load", input, cli.out, nil); err != nil {
 		return err
 	}
 	return nil
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index f4a5e0882f..2626280dd0 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -881,10 +881,19 @@ Known Issues (kill)
 
 ::
 
-    Usage: docker load < repository.tar
+    Usage: docker load 
 
-    Loads a tarred repository from the standard input stream.
-    Restores both images and tags.
+    Load an image from a tar archive on STDIN
+
+      -i, --input"": Read from a tar archive file, instead of STDIN
+
+Loads a tarred repository from the standard input stream.
+Restores both images and tags.
+
+.. code-block:: bash
+
+   $ sudo docker load < busybox.tar
+   $ sudo docker load --input busybox.tar
 
 .. _cli_login:
 

From c84ff187c62060f20b7039a5005a44012898df7b Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Mon, 24 Mar 2014 22:29:54 -0400
Subject: [PATCH 202/384] Fix typo in Using Chef documentation description

Docker-DCO-1.1-Signed-off-by: Brian Flad <bflad417@gmail.com> (github: bflad)
---
 docs/sources/use/chef.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/use/chef.rst b/docs/sources/use/chef.rst
index 54755ad3b3..919eba7a8f 100644
--- a/docs/sources/use/chef.rst
+++ b/docs/sources/use/chef.rst
@@ -1,5 +1,5 @@
 :title: Chef Usage
-:description: Installating and using Docker via Chef
+:description: Installation and using Docker via Chef
 :keywords: chef, installation, usage, docker, documentation
 
 .. _install_using_chef:

From c6c7c03cddc852c42b9f047fbd5c2fb6cecf39eb Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 24 Mar 2014 23:31:59 -0400
Subject: [PATCH 203/384] docker load: doc clarification

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 2626280dd0..3c7bb47113 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -885,9 +885,9 @@ Known Issues (kill)
 
     Load an image from a tar archive on STDIN
 
-      -i, --input"": Read from a tar archive file, instead of STDIN
+      -i, --input="": Read from a tar archive file, instead of STDIN
 
-Loads a tarred repository from the standard input stream.
+Loads a tarred repository from a file or the standard input stream.
 Restores both images and tags.
 
 .. code-block:: bash

From a5ccb5b28d7e24a379f77ab7619f296aa500c8dd Mon Sep 17 00:00:00 2001
From: Ryan Thomas <rthomas@atlassian.com>
Date: Tue, 25 Mar 2014 14:45:11 +1100
Subject: [PATCH 204/384] Docker-DCO-1.1-Signed-off-by: Ryan Thomas
 <rthomas@atlassian.com> (github: rthomas)

---
 registry/registry.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/registry/registry.go b/registry/registry.go
index 346132bcc5..01583f97c2 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -41,7 +41,10 @@ func pingRegistryEndpoint(endpoint string) (bool, error) {
 		conn.SetDeadline(time.Now().Add(time.Duration(10) * time.Second))
 		return conn, nil
 	}
-	httpTransport := &http.Transport{Dial: httpDial}
+	httpTransport := &http.Transport{
+                Dial:    httpDial,
+                Proxy:   http.ProxyFromEnvironment,
+        }
 	client := &http.Client{Transport: httpTransport}
 	resp, err := client.Get(endpoint + "_ping")
 	if err != nil {

From 69087f2d2397b18d6dd2d7b994e24ea9814e4bcd Mon Sep 17 00:00:00 2001
From: noducks <onemannoducks@gmail.com>
Date: Sat, 22 Mar 2014 14:12:15 +0000
Subject: [PATCH 205/384] Reminder for OSX users not to use SUDO

Useful for those who haven't made it to the examples page yet. https://github.com/chadoh/docker/commit/dad4a998dc716e506c874ce0e792989b9df28748

Docker-DCO-1.1-Signed-off-by: No Ducks <onemannoducks@gmail.com> (github: noducks)
---
 docs/sources/use/basics.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/use/basics.rst b/docs/sources/use/basics.rst
index 447366f55a..4164e706f7 100644
--- a/docs/sources/use/basics.rst
+++ b/docs/sources/use/basics.rst
@@ -40,6 +40,8 @@ Repository to a local image cache.
    short form of the image ID. These short image IDs are the first 12
    characters of the full image ID - which can be found using ``docker
    inspect`` or ``docker images --no-trunc=true``
+   
+   **If you're using OS X** then you shouldn't use ``sudo``
 
 Running an interactive shell
 ----------------------------

From 293157b8b38dd5ea5fa49d90501cc3c86717da40 Mon Sep 17 00:00:00 2001
From: viirya <viirya@gmail.com>
Date: Sun, 23 Mar 2014 23:55:20 +0800
Subject: [PATCH 206/384] check if working dir is a directory and raise
 corresponding errors when making dir.

Docker-DCO-1.1-Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com> (github: viirya)
---
 integration/commands_test.go | 19 +++++++++++++++++
 runtime/container.go         | 41 ++++++++++++++++++++++++------------
 2 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/integration/commands_test.go b/integration/commands_test.go
index f1c5870755..7de7a227ea 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -252,6 +252,25 @@ func TestRunWorkdirExists(t *testing.T) {
 	}
 }
 
+// TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
+func TestRunWorkdirExistsAndIsFile(t *testing.T) {
+
+	cli := api.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	defer cleanup(globalEngine, t)
+
+	c := make(chan struct{})
+	go func() {
+		defer close(c)
+		if err := cli.CmdRun("-w", "/bin/cat", unitTestImageID, "pwd"); err == nil {
+			t.Fatal("should have failed to run when using /bin/cat as working dir.")
+		}
+	}()
+
+	setTimeout(t, "CmdRun timed out", 5*time.Second, func() {
+		<-c
+	})
+}
+
 func TestRunExit(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
diff --git a/runtime/container.go b/runtime/container.go
index 6194a19c8c..0e5e255bfc 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -535,8 +535,18 @@ func (container *Container) Start() (err error) {
 
 	if container.Config.WorkingDir != "" {
 		container.Config.WorkingDir = path.Clean(container.Config.WorkingDir)
-		if err := os.MkdirAll(path.Join(container.basefs, container.Config.WorkingDir), 0755); err != nil {
-			return nil
+
+		pthInfo, err := os.Stat(path.Join(container.basefs, container.Config.WorkingDir))
+		if err != nil {
+			if !os.IsNotExist(err) {
+				return err
+			}
+			if err := os.MkdirAll(path.Join(container.basefs, container.Config.WorkingDir), 0755); err != nil {
+				return err
+			}
+		}
+		if pthInfo != nil && !pthInfo.IsDir() {
+			return fmt.Errorf("Cannot mkdir: %s is not a directory", container.Config.WorkingDir)
 		}
 	}
 
@@ -950,10 +960,11 @@ func (container *Container) ExportRw() (archive.Archive, error) {
 		return nil, err
 	}
 	return utils.NewReadCloserWrapper(archive, func() error {
-		err := archive.Close()
-		container.Unmount()
-		return err
-	}), nil
+			err := archive.Close()
+			container.Unmount()
+			return err
+		}),
+		nil
 }
 
 func (container *Container) Export() (archive.Archive, error) {
@@ -967,10 +978,11 @@ func (container *Container) Export() (archive.Archive, error) {
 		return nil, err
 	}
 	return utils.NewReadCloserWrapper(archive, func() error {
-		err := archive.Close()
-		container.Unmount()
-		return err
-	}), nil
+			err := archive.Close()
+			container.Unmount()
+			return err
+		}),
+		nil
 }
 
 func (container *Container) WaitTimeout(timeout time.Duration) error {
@@ -1119,10 +1131,11 @@ func (container *Container) Copy(resource string) (io.ReadCloser, error) {
 		return nil, err
 	}
 	return utils.NewReadCloserWrapper(archive, func() error {
-		err := archive.Close()
-		container.Unmount()
-		return err
-	}), nil
+			err := archive.Close()
+			container.Unmount()
+			return err
+		}),
+		nil
 }
 
 // Returns true if the container exposes a certain port

From 8e434c314ef74618001cc95466c2b567fa0283e2 Mon Sep 17 00:00:00 2001
From: noducks <onemannoducks@gmail.com>
Date: Tue, 25 Mar 2014 10:26:45 +0000
Subject: [PATCH 207/384] Force flag to prevent file already exists error.

Docker-DCO-1.1-Signed-off-by: No Ducks <onemannoducks@gmail.com> (github: noducks)
---
 docs/sources/examples/mongodb.rst              | 2 +-
 docs/sources/examples/running_riak_service.rst | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/examples/mongodb.rst b/docs/sources/examples/mongodb.rst
index 3e37d74c30..930ab2ea9d 100644
--- a/docs/sources/examples/mongodb.rst
+++ b/docs/sources/examples/mongodb.rst
@@ -47,7 +47,7 @@ divert ``/sbin/initctl`` to ``/bin/true`` so it thinks everything is working.
 
     # Hack for initctl not being available in Ubuntu
     RUN dpkg-divert --local --rename --add /sbin/initctl
-    RUN ln -s /bin/true /sbin/initctl
+    RUN ln -sf /bin/true /sbin/initctl
 
 Afterwards we'll be able to update our apt repositories and install MongoDB
 
diff --git a/docs/sources/examples/running_riak_service.rst b/docs/sources/examples/running_riak_service.rst
index ae08a4b7f0..55e5e405c9 100644
--- a/docs/sources/examples/running_riak_service.rst
+++ b/docs/sources/examples/running_riak_service.rst
@@ -88,7 +88,7 @@ Almost there. Next, we add a hack to get us by the lack of ``initctl``:
     # Hack for initctl
     # See: https://github.com/dotcloud/docker/issues/1024
     RUN dpkg-divert --local --rename --add /sbin/initctl
-    RUN ln -s /bin/true /sbin/initctl
+    RUN ln -sf /bin/true /sbin/initctl
 
 Then, we expose the Riak Protocol Buffers and HTTP interfaces, along with SSH:
 

From 2517370088ad11765f99d75c16b58e93fe18f85a Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Tue, 25 Mar 2014 08:30:59 -0400
Subject: [PATCH 208/384] docker load: added example of a multiple tag image

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 3c7bb47113..687ce2f305 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -892,8 +892,21 @@ Restores both images and tags.
 
 .. code-block:: bash
 
+   $ sudo docker images
+   REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
    $ sudo docker load < busybox.tar
-   $ sudo docker load --input busybox.tar
+   $ sudo docker images
+   REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
+   busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+   $ sudo docker load --input fedora.tar
+   $ sudo docker images
+   REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
+   busybox             latest              769b9341d937        7 weeks ago         2.489 MB
+   fedora              rawhide             0d20aec6529d        7 weeks ago         387 MB
+   fedora              20                  58394af37342        7 weeks ago         385.5 MB
+   fedora              heisenbug           58394af37342        7 weeks ago         385.5 MB
+   fedora              latest              58394af37342        7 weeks ago         385.5 MB
+
 
 .. _cli_login:
 

From 576278102e0fa9166711f8cf23ec972fcccc085e Mon Sep 17 00:00:00 2001
From: Paul Annesley <paul@annesley.cc>
Date: Mon, 24 Mar 2014 21:21:37 -0700
Subject: [PATCH 209/384] install.sh (get.docker.io) aufs comment updated.

devicemapper has landed, but the TODO hasn't been actioned presumably
because aufs is still preferred over devicemapper when available[1].

Comment updated accordingly.

Citation [1]: https://github.com/crosbymichael/docker/blob/267ca39921c35826ccbdb84fbbc0690bfef385d7/runtime/graphdriver/driver.go#L40-L46

Docker-DCO-1.1-Signed-off-by: Paul Annesley <paul@annesley.cc> (github: pda)
---
 hack/install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/install.sh b/hack/install.sh
index 1fa8a47480..205b57ecc7 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -85,7 +85,7 @@ case "$lsb_dist" in
 			fi
 		}
 		
-		# TODO remove this section once device-mapper lands
+		# aufs is preferred over devicemapper; try to ensure the driver is available.
 		if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
 			kern_extras="linux-image-extra-$(uname -r)"
 			

From d36176652ef8f0220a1cff5dc00933400c69a562 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Mon, 24 Mar 2014 19:43:40 +0200
Subject: [PATCH 210/384] Bump to version v0.9.1

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

Conflicts:
	VERSION
---
 CHANGELOG.md | 40 ++++++++++++++++++++++++++++++++++++++++
 VERSION      |  2 +-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40ba3d32ac..c8ea94361b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,45 @@
 # Changelog
 
+## 0.9.1 (2014-03-24)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+
+#### Documentation
+- Fix external link on security of containers.
+
+#### Contrib
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+
+#### Hack
+- Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+
+#### Remote API
+- Fix content-type detection in `docker cp`.
+
+#### Runtime
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Only unshare the mount namespace for execin.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Merge existing config when committing.
+- Fix panic in monitor.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Improve deprecation message.
+- Fix attach exit on darwin.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time, unlock while sleeping).
+- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+
 ## 0.9.0 (2014-03-10)
 
 #### Builder
diff --git a/VERSION b/VERSION
index c70836ca5c..f374f6662e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.0-dev
+0.9.1

From b2721e05ce4d6026855718ad9b01eb7dec797cd2 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 26 Mar 2014 00:18:45 +0200
Subject: [PATCH 211/384] Change version to 0.9.1-dev

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index f374f6662e..dc9bff91aa 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.1
+0.9.1-dev

From baba9cde9542b480162d11bd30ca3a522fa6b4d0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 11:51:27 +0000
Subject: [PATCH 212/384] Return error when existing bridge does not match ip
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/networkdriver/bridge/driver.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/runtime/networkdriver/bridge/driver.go b/runtime/networkdriver/bridge/driver.go
index 41588b1c27..61e82dd481 100644
--- a/runtime/networkdriver/bridge/driver.go
+++ b/runtime/networkdriver/bridge/driver.go
@@ -93,6 +93,12 @@ func InitDriver(job *engine.Job) engine.Status {
 		network = addr.(*net.IPNet)
 	} else {
 		network = addr.(*net.IPNet)
+		// validate that the bridge ip matches the ip specified by BridgeIP
+		if bridgeIP != "" {
+			if !network.IP.Equal(net.ParseIP(bridgeIP)) {
+				return job.Errorf("bridge ip (%s) does not match existing bridge configuration %s", network.IP, bridgeIP)
+			}
+		}
 	}
 
 	// Configure iptables for link support

From 61f7d967ed635098abaf42fc411866bb198b97c5 Mon Sep 17 00:00:00 2001
From: Justin Simonelis <justin.simonelis@PTS-JSIMON2.toronto.exclamation.com>
Date: Wed, 26 Mar 2014 10:24:16 -0400
Subject: [PATCH 213/384] typo fix

---
 docs/sources/reference/builder.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 1c8331e98f..6462512da0 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -49,7 +49,7 @@ to be created - so ``RUN cd /tmp`` will not have any effect on the next
 instructions.
 
 Whenever possible, Docker will re-use the intermediate images, 
-accelerating ``docker build`` significantly (indicated by ``Using cache``:
+accelerating ``docker build`` significantly (indicated by ``Using cache``):
 
 .. code-block:: bash
 

From 72dc19fd7d339321a347dce4ea39d59fd503a4cc Mon Sep 17 00:00:00 2001
From: Justin Simonelis <justin.p.simonelis@gmail.com>
Date: Wed, 26 Mar 2014 10:30:57 -0400
Subject: [PATCH 214/384] authors update

---
 AUTHORS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AUTHORS b/AUTHORS
index df091d5950..1c58d953f6 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -170,6 +170,7 @@ Julien Barbier <write0@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>
 Justin Plock <jplock@users.noreply.github.com>
+Justin Simonelis <justin.p.simonelis@gmail.com>
 Karan Lyons <karan@karanlyons.com>
 Karl Grzeszczak <karlgrz@gmail.com>
 Kawsar Saiyeed <kawsar.saiyeed@projiris.com>

From 4746c761566d5d5d4754daf62d20c83cba0efee8 Mon Sep 17 00:00:00 2001
From: Paul Jimenez <pj@place.org>
Date: Tue, 25 Mar 2014 16:29:58 -0400
Subject: [PATCH 215/384] Include contributed completions in ubuntu PPA

Docker-DCO-1.1-Signed-off-by: Paul Jimenez <pj@place.org> (github: pjz)
---
 hack/make/ubuntu | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hack/make/ubuntu b/hack/make/ubuntu
index ebc12f27ec..403a6c7652 100644
--- a/hack/make/ubuntu
+++ b/hack/make/ubuntu
@@ -38,6 +38,14 @@ bundle_ubuntu() {
 	mkdir -p $DIR/lib/systemd/system
 	cp contrib/init/systemd/docker.service $DIR/lib/systemd/system/
 
+	# Include contributed completions
+	mkdir -p $DIR/etc/bash_completion.d
+	cp contrib/completion/bash/docker $DIR/etc/bash_completion.d/
+	mkdir -p $DIR/usr/share/zsh/vendor-completions
+	cp contrib/completion/zsh/_docker $DIR/usr/share/zsh/vendor-completions/
+	mkdir -p $DIR/etc/fish/completions
+	cp contrib/completion/fish/docker.fish $DIR/etc/fish/completions/
+
 	# Copy the binary
 	# This will fail if the binary bundle hasn't been built
 	mkdir -p $DIR/usr/bin

From e7f3234c1e4926c966f4c9e4cf08d9aae60d21bb Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Wed, 26 Mar 2014 09:05:21 -0700
Subject: [PATCH 216/384] Fix fish completion when having alias on awk or grep

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 contrib/completion/fish/docker.fish | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish
index 9c4339fe2b..ddec61cffa 100644
--- a/contrib/completion/fish/docker.fish
+++ b/contrib/completion/fish/docker.fish
@@ -26,20 +26,20 @@ end
 function __fish_print_docker_containers --description 'Print a list of docker containers' -a select
     switch $select
         case running
-            docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS="  +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
         case stopped
-            docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS="  +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n'
         case all
-            docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS="  +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n'
+            docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS="  +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n'
     end
 end
 
 function __fish_print_docker_images --description 'Print a list of docker images'
-    docker images | awk 'NR>1' | grep -v '<none>' | awk '{print $1":"$2}'
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1":"$2}'
 end
 
 function __fish_print_docker_repositories --description 'Print a list of docker repositories'
-    docker images | awk 'NR>1' | grep -v '<none>' | awk '{print $1}' | sort | uniq
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | sort | uniq
 end
 
 # common options

From 4c4356692580afb3971094e322aea64abe0e2500 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 18 Mar 2014 16:49:16 -0400
Subject: [PATCH 217/384] This patch adds SELinux labeling support.

docker will run the process(es) within the container with an SELinux label and will label
all of  the content within the container with mount label.  Any temporary file systems
created within the container need to be mounted with the same mount label.

The user can override the process label by specifying

-Z With a string of space separated options.

-Z "user=unconfined_u role=unconfined_r type=unconfined_t level=s0"

Would cause the process label to run with unconfined_u:unconfined_r:unconfined_t:s0"

By default the processes will run execute within the container as svirt_lxc_net_t.
All of the content in the container as svirt_sandbox_file_t.

The process mcs level is based of the PID of the docker process that is creating the container.

If you run the container in --priv mode, the labeling will be disabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 Dockerfile                                    |   2 +-
 graph/graph.go                                |   2 +-
 hack/PACKAGERS.md                             |   7 +
 pkg/label/label.go                            |  23 ++
 pkg/label/label_selinux.go                    |  69 ++++
 pkg/libcontainer/nsinit/execin.go             |  11 +-
 pkg/libcontainer/nsinit/init.go               |   8 +-
 pkg/libcontainer/nsinit/mount.go              |  22 +-
 pkg/selinux/selinux.go                        | 387 ++++++++++++++++++
 pkg/selinux/selinux_test.go                   |  64 +++
 runconfig/config.go                           |  11 +
 runconfig/parse.go                            |  20 +
 runtime/container.go                          |   1 +
 runtime/execdriver/driver.go                  |   5 +
 runtime/execdriver/lxc/lxc_template.go        |  20 +-
 runtime/execdriver/native/default_template.go |   2 +
 runtime/graphdriver/aufs/aufs.go              |   2 +-
 runtime/graphdriver/aufs/aufs_test.go         |  52 +--
 runtime/graphdriver/aufs/migrate.go           |   6 +-
 runtime/graphdriver/btrfs/btrfs.go            |   6 +-
 runtime/graphdriver/devmapper/deviceset.go    |   9 +-
 runtime/graphdriver/devmapper/driver.go       |  15 +-
 runtime/graphdriver/devmapper/driver_test.go  |  20 +-
 runtime/graphdriver/driver.go                 |   2 +-
 runtime/graphdriver/vfs/driver.go             |   2 +-
 runtime/runtime.go                            |   4 +-
 26 files changed, 700 insertions(+), 72 deletions(-)
 create mode 100644 pkg/label/label.go
 create mode 100644 pkg/label/label_selinux.go
 create mode 100644 pkg/selinux/selinux.go
 create mode 100644 pkg/selinux/selinux_test.go

diff --git a/Dockerfile b/Dockerfile
index 42438e3946..2de5b34171 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -87,7 +87,7 @@ RUN	git config --global user.email 'docker-dummy@example.com'
 
 VOLUME	/var/lib/docker
 WORKDIR	/go/src/github.com/dotcloud/docker
-ENV	DOCKER_BUILDTAGS	apparmor
+ENV	DOCKER_BUILDTAGS	apparmor selinux
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT	["hack/dind"]
diff --git a/graph/graph.go b/graph/graph.go
index 4349cac129..33aca486c6 100644
--- a/graph/graph.go
+++ b/graph/graph.go
@@ -189,7 +189,7 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i
 	}
 
 	// Create root filesystem in the driver
-	if err := graph.driver.Create(img.ID, img.Parent); err != nil {
+	if err := graph.driver.Create(img.ID, img.Parent, ""); err != nil {
 		return fmt.Errorf("Driver %s failed to create image rootfs %s: %s", graph.driver, img.ID, err)
 	}
 	// Mount the root filesystem so we can apply the diff/layer
diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 47e8413bf3..dc255c57ad 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -177,6 +177,13 @@ export DOCKER_BUILDTAGS='exclude_graphdriver_aufs'
 
 NOTE: if you need to set more than one build tag, space separate them.
 
+If you're building a binary that may need to be used on platforms that include
+SELinux, you will need to set `DOCKER_BUILDTAGS` as follows:
+
+```bash
+export DOCKER_BUILDTAGS='selinux'
+```
+
 ### Static Daemon
 
 If it is feasible within the constraints of your distribution, you should
diff --git a/pkg/label/label.go b/pkg/label/label.go
new file mode 100644
index 0000000000..ba1e9f48ea
--- /dev/null
+++ b/pkg/label/label.go
@@ -0,0 +1,23 @@
+// +build !selinux !linux
+
+package label
+
+func GenLabels(options string) (string, string, error) {
+	return "", "", nil
+}
+
+func FormatMountLabel(src string, MountLabel string) string {
+	return src
+}
+
+func SetProcessLabel(processLabel string) error {
+	return nil
+}
+
+func SetFileLabel(path string, fileLabel string) error {
+	return nil
+}
+
+func GetPidCon(pid int) (string, error) {
+	return "", nil
+}
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
new file mode 100644
index 0000000000..300a8b6d14
--- /dev/null
+++ b/pkg/label/label_selinux.go
@@ -0,0 +1,69 @@
+// +build selinux,linux
+
+package label
+
+import (
+	"fmt"
+	"github.com/dotcloud/docker/pkg/selinux"
+	"strings"
+)
+
+func GenLabels(options string) (string, string, error) {
+	processLabel, mountLabel := selinux.GetLxcContexts()
+	var err error
+	if processLabel == "" { // SELinux is disabled
+		return "", "", err
+	}
+	s := strings.Fields(options)
+	l := len(s)
+	if l > 0 {
+		pcon := selinux.NewContext(processLabel)
+		for i := 0; i < l; i++ {
+			o := strings.Split(s[i], "=")
+			pcon[o[0]] = o[1]
+		}
+		processLabel = pcon.Get()
+		mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
+	}
+	return processLabel, mountLabel, err
+}
+
+func FormatMountLabel(src string, MountLabel string) string {
+	var mountLabel string
+	if src != "" {
+		mountLabel = src
+		if MountLabel != "" {
+			mountLabel = fmt.Sprintf("%s,context=\"%s\"", mountLabel, MountLabel)
+		}
+	} else {
+		if MountLabel != "" {
+			mountLabel = fmt.Sprintf("context=\"%s\"", MountLabel)
+		}
+	}
+	return mountLabel
+}
+
+func SetProcessLabel(processLabel string) error {
+	if selinux.SelinuxEnabled() {
+		return selinux.Setexeccon(processLabel)
+	}
+	return nil
+}
+
+func GetProcessLabel() (string, error) {
+	if selinux.SelinuxEnabled() {
+		return selinux.Getexeccon()
+	}
+	return "", nil
+}
+
+func SetFileLabel(path string, fileLabel string) error {
+	if selinux.SelinuxEnabled() && fileLabel != "" {
+		return selinux.Setfilecon(path, fileLabel)
+	}
+	return nil
+}
+
+func GetPidCon(pid int) (string, error) {
+	return selinux.Getpidcon(pid)
+}
diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go
index f8b8931390..9017af06e9 100644
--- a/pkg/libcontainer/nsinit/execin.go
+++ b/pkg/libcontainer/nsinit/execin.go
@@ -4,6 +4,7 @@ package nsinit
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
 	"os"
@@ -32,7 +33,11 @@ func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []s
 		closeFds()
 		return -1, err
 	}
-
+	processLabel, err := label.GetPidCon(nspid)
+	if err != nil {
+		closeFds()
+		return -1, err
+	}
 	// foreach namespace fd, use setns to join an existing container's namespaces
 	for _, fd := range fds {
 		if fd > 0 {
@@ -80,6 +85,10 @@ dropAndExec:
 	if err := finalizeNamespace(container); err != nil {
 		return -1, err
 	}
+	err = label.SetProcessLabel(processLabel)
+	if err != nil {
+		return -1, err
+	}
 	if err := system.Execv(args[0], args[0:], container.Env); err != nil {
 		return -1, err
 	}
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 117ae875ed..5aa5f9f5b5 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -4,6 +4,7 @@ package nsinit
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/apparmor"
 	"github.com/dotcloud/docker/pkg/libcontainer/capabilities"
@@ -12,6 +13,7 @@ import (
 	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/pkg/user"
 	"os"
+	"runtime"
 	"syscall"
 )
 
@@ -57,7 +59,7 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 		return fmt.Errorf("parent death signal %s", err)
 	}
 	ns.logger.Println("setup mount namespace")
-	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot); err != nil {
+	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)
 	}
 	if err := setupNetwork(container, context); err != nil {
@@ -76,6 +78,10 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 			return err
 		}
 	}
+	runtime.LockOSThread()
+	if err := label.SetProcessLabel(container.Context["process_label"]); err != nil {
+		return fmt.Errorf("SetProcessLabel label %s", err)
+	}
 	ns.logger.Printf("execing %s\n", args[0])
 	return system.Execv(args[0], args[0:], container.Env)
 }
diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 61a90125e0..796143c68e 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -4,6 +4,7 @@ package nsinit
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/system"
 	"io/ioutil"
@@ -20,7 +21,7 @@ const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NOD
 //
 // There is no need to unmount the new mounts because as soon as the mount namespace
 // is no longer in use, the mounts will be removed automatically
-func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, console string, readonly, noPivotRoot bool) error {
+func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, console string, readonly, noPivotRoot bool, mountLabel string) error {
 	flag := syscall.MS_PRIVATE
 	if noPivotRoot {
 		flag = syscall.MS_SLAVE
@@ -36,7 +37,7 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 			return fmt.Errorf("mounting %s as readonly %s", rootfs, err)
 		}
 	}
-	if err := mountSystem(rootfs); err != nil {
+	if err := mountSystem(rootfs, mountLabel); err != nil {
 		return fmt.Errorf("mount system %s", err)
 	}
 
@@ -64,7 +65,7 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 	if err := setupDev(rootfs); err != nil {
 		return err
 	}
-	if err := setupPtmx(rootfs, console); err != nil {
+	if err := setupPtmx(rootfs, console, mountLabel); err != nil {
 		return err
 	}
 	if err := system.Chdir(rootfs); err != nil {
@@ -196,7 +197,7 @@ func setupDev(rootfs string) error {
 }
 
 // setupConsole ensures that the container has a proper /dev/console setup
-func setupConsole(rootfs, console string) error {
+func setupConsole(rootfs, console string, mountLabel string) error {
 	oldMask := system.Umask(0000)
 	defer system.Umask(oldMask)
 
@@ -220,6 +221,9 @@ func setupConsole(rootfs, console string) error {
 	if err := system.Mknod(dest, (st.Mode&^07777)|0600, int(st.Rdev)); err != nil {
 		return fmt.Errorf("mknod %s %s", dest, err)
 	}
+	if err := label.SetFileLabel(console, mountLabel); err != nil {
+		return fmt.Errorf("SetFileLabel Failed %s %s", dest, err)
+	}
 	if err := system.Mount(console, dest, "bind", syscall.MS_BIND, ""); err != nil {
 		return fmt.Errorf("bind %s to %s %s", console, dest, err)
 	}
@@ -228,7 +232,7 @@ func setupConsole(rootfs, console string) error {
 
 // mountSystem sets up linux specific system mounts like sys, proc, shm, and devpts
 // inside the mount namespace
-func mountSystem(rootfs string) error {
+func mountSystem(rootfs string, mountLabel string) error {
 	for _, m := range []struct {
 		source string
 		path   string
@@ -238,8 +242,8 @@ func mountSystem(rootfs string) error {
 	}{
 		{source: "proc", path: filepath.Join(rootfs, "proc"), device: "proc", flags: defaultMountFlags},
 		{source: "sysfs", path: filepath.Join(rootfs, "sys"), device: "sysfs", flags: defaultMountFlags},
-		{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: "mode=1777,size=65536k"},
-		{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: "newinstance,ptmxmode=0666,mode=620,gid=5"},
+		{source: "shm", path: filepath.Join(rootfs, "dev", "shm"), device: "tmpfs", flags: defaultMountFlags, data: label.FormatMountLabel("mode=1755,size=65536k", mountLabel)},
+		{source: "devpts", path: filepath.Join(rootfs, "dev", "pts"), device: "devpts", flags: syscall.MS_NOSUID | syscall.MS_NOEXEC, data: label.FormatMountLabel("newinstance,ptmxmode=0666,mode=620,gid=5", mountLabel)},
 	} {
 		if err := os.MkdirAll(m.path, 0755); err != nil && !os.IsExist(err) {
 			return fmt.Errorf("mkdirall %s %s", m.path, err)
@@ -253,7 +257,7 @@ func mountSystem(rootfs string) error {
 
 // setupPtmx adds a symlink to pts/ptmx for /dev/ptmx and
 // finishes setting up /dev/console
-func setupPtmx(rootfs, console string) error {
+func setupPtmx(rootfs, console string, mountLabel string) error {
 	ptmx := filepath.Join(rootfs, "dev/ptmx")
 	if err := os.Remove(ptmx); err != nil && !os.IsNotExist(err) {
 		return err
@@ -262,7 +266,7 @@ func setupPtmx(rootfs, console string) error {
 		return fmt.Errorf("symlink dev ptmx %s", err)
 	}
 	if console != "" {
-		if err := setupConsole(rootfs, console); err != nil {
+		if err := setupConsole(rootfs, console, mountLabel); err != nil {
 			return err
 		}
 	}
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
new file mode 100644
index 0000000000..5236d3fb87
--- /dev/null
+++ b/pkg/selinux/selinux.go
@@ -0,0 +1,387 @@
+package selinux
+
+import (
+	"bufio"
+	"crypto/rand"
+	"encoding/binary"
+	"fmt"
+	"github.com/dotcloud/docker/pkg/mount"
+	"github.com/dotcloud/docker/pkg/system"
+	"io"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+const (
+	Enforcing        = 1
+	Permissive       = 0
+	Disabled         = -1
+	selinuxDir       = "/etc/selinux/"
+	selinuxConfig    = selinuxDir + "config"
+	selinuxTypeTag   = "SELINUXTYPE"
+	selinuxTag       = "SELINUX"
+	selinuxPath      = "/sys/fs/selinux"
+	xattrNameSelinux = "security.selinux"
+	stRdOnly         = 0x01
+)
+
+var (
+	assignRegex           = regexp.MustCompile(`^([^=]+)=(.*)$`)
+	spaceRegex            = regexp.MustCompile(`^([^=]+) (.*)$`)
+	mcsList               = make(map[string]bool)
+	selinuxfs             = "unknown"
+	selinuxEnabled        = false
+	selinuxEnabledChecked = false
+)
+
+type SELinuxContext map[string]string
+
+func GetSelinuxMountPoint() string {
+	if selinuxfs != "unknown" {
+		return selinuxfs
+	}
+	selinuxfs = ""
+
+	mounts, err := mount.GetMounts()
+	if err != nil {
+		return selinuxfs
+	}
+	for _, mount := range mounts {
+		if mount.Fstype == "selinuxfs" {
+			selinuxfs = mount.Mountpoint
+			break
+		}
+	}
+	if selinuxfs != "" {
+		var buf syscall.Statfs_t
+		syscall.Statfs(selinuxfs, &buf)
+		if (buf.Flags & stRdOnly) == 1 {
+			selinuxfs = ""
+		}
+	}
+	return selinuxfs
+}
+
+func SelinuxEnabled() bool {
+	if selinuxEnabledChecked {
+		return selinuxEnabled
+	}
+	selinuxEnabledChecked = true
+	if fs := GetSelinuxMountPoint(); fs != "" {
+		if con, _ := Getcon(); con != "kernel" {
+			selinuxEnabled = true
+		}
+	}
+	return selinuxEnabled
+}
+
+func ReadConfig(target string) (value string) {
+	var (
+		val, key string
+		bufin    *bufio.Reader
+	)
+
+	in, err := os.Open(selinuxConfig)
+	if err != nil {
+		return ""
+	}
+	defer in.Close()
+
+	bufin = bufio.NewReader(in)
+
+	for done := false; !done; {
+		var line string
+		if line, err = bufin.ReadString('\n'); err != nil {
+			if err != io.EOF {
+				return ""
+			}
+			done = true
+		}
+		line = strings.TrimSpace(line)
+		if len(line) == 0 {
+			// Skip blank lines
+			continue
+		}
+		if line[0] == ';' || line[0] == '#' {
+			// Skip comments
+			continue
+		}
+		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
+			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+			if key == target {
+				return strings.Trim(val, "\"")
+			}
+		}
+	}
+	return ""
+}
+
+func GetSELinuxPolicyRoot() string {
+	return selinuxDir + ReadConfig(selinuxTypeTag)
+}
+
+func readCon(name string) (string, error) {
+	var val string
+
+	in, err := os.Open(name)
+	if err != nil {
+		return "", err
+	}
+	defer in.Close()
+
+	_, err = fmt.Fscanf(in, "%s", &val)
+	return val, err
+}
+
+func Setfilecon(path string, scon string) error {
+	return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
+}
+
+func Getfilecon(path string) (string, error) {
+	var scon []byte
+
+	cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
+	scon = make([]byte, cnt)
+	cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
+	return string(scon), err
+}
+
+func Setfscreatecon(scon string) error {
+	return writeCon("/proc/self/attr/fscreate", scon)
+}
+
+func Getfscreatecon() (string, error) {
+	return readCon("/proc/self/attr/fscreate")
+}
+
+func Getcon() (string, error) {
+	return readCon("/proc/self/attr/current")
+}
+
+func Getpidcon(pid int) (string, error) {
+	return readCon(fmt.Sprintf("/proc/%d/attr/current", pid))
+}
+
+func Getexeccon() (string, error) {
+	return readCon("/proc/self/attr/exec")
+}
+
+func writeCon(name string, val string) error {
+	if !SelinuxEnabled() {
+		return nil
+	}
+	out, err := os.OpenFile(name, os.O_WRONLY, 0)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+
+	if val != "" {
+		_, err = out.Write([]byte(val))
+	} else {
+		_, err = out.Write(nil)
+	}
+	return err
+}
+
+func Setexeccon(scon string) error {
+	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
+}
+
+func (c SELinuxContext) Get() string {
+	return fmt.Sprintf("%s:%s:%s:%s", c["user"], c["role"], c["type"], c["level"])
+}
+
+func NewContext(scon string) SELinuxContext {
+	c := make(SELinuxContext)
+
+	if len(scon) != 0 {
+		con := strings.SplitN(scon, ":", 4)
+		c["user"] = con[0]
+		c["role"] = con[1]
+		c["type"] = con[2]
+		c["level"] = con[3]
+	}
+	return c
+}
+
+func SelinuxGetEnforce() int {
+	var enforce int
+
+	enforceS, err := readCon(fmt.Sprintf("%s/enforce", selinuxPath))
+	if err != nil {
+		return -1
+	}
+
+	enforce, err = strconv.Atoi(string(enforceS))
+	if err != nil {
+		return -1
+	}
+	return enforce
+}
+
+func SelinuxGetEnforceMode() int {
+	switch ReadConfig(selinuxTag) {
+	case "enforcing":
+		return Enforcing
+	case "permissive":
+		return Permissive
+	}
+	return Disabled
+}
+
+func mcsAdd(mcs string) {
+	mcsList[mcs] = true
+}
+
+func mcsDelete(mcs string) {
+	mcsList[mcs] = false
+}
+
+func mcsExists(mcs string) bool {
+	return mcsList[mcs]
+}
+
+func IntToMcs(id int, catRange uint32) string {
+	var (
+		SETSIZE = int(catRange)
+		TIER    = SETSIZE
+		ORD     = id
+	)
+
+	if id < 1 || id > 523776 {
+		return ""
+	}
+
+	for ORD > TIER {
+		ORD = ORD - TIER
+		TIER -= 1
+	}
+	TIER = SETSIZE - TIER
+	ORD = ORD + TIER
+	return fmt.Sprintf("s0:c%d,c%d", TIER, ORD)
+}
+
+func uniqMcs(catRange uint32) string {
+	var (
+		n      uint32
+		c1, c2 uint32
+		mcs    string
+	)
+
+	for {
+		binary.Read(rand.Reader, binary.LittleEndian, &n)
+		c1 = n % catRange
+		binary.Read(rand.Reader, binary.LittleEndian, &n)
+		c2 = n % catRange
+		if c1 == c2 {
+			continue
+		} else {
+			if c1 > c2 {
+				t := c1
+				c1 = c2
+				c2 = t
+			}
+		}
+		mcs = fmt.Sprintf("s0:c%d,c%d", c1, c2)
+		if mcsExists(mcs) {
+			continue
+		}
+		mcsAdd(mcs)
+		break
+	}
+	return mcs
+}
+
+func FreeContext(con string) {
+	if con != "" {
+		scon := NewContext(con)
+		mcsDelete(scon["level"])
+	}
+}
+
+func GetLxcContexts() (processLabel string, fileLabel string) {
+	var (
+		val, key string
+		bufin    *bufio.Reader
+	)
+
+	if !SelinuxEnabled() {
+		return "", ""
+	}
+	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
+	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
+	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
+
+	in, err := os.Open(lxcPath)
+	if err != nil {
+		goto exit
+	}
+	defer in.Close()
+
+	bufin = bufio.NewReader(in)
+
+	for done := false; !done; {
+		var line string
+		if line, err = bufin.ReadString('\n'); err != nil {
+			if err == io.EOF {
+				done = true
+			} else {
+				goto exit
+			}
+		}
+		line = strings.TrimSpace(line)
+		if len(line) == 0 {
+			// Skip blank lines
+			continue
+		}
+		if line[0] == ';' || line[0] == '#' {
+			// Skip comments
+			continue
+		}
+		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
+			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
+			if key == "process" {
+				processLabel = strings.Trim(val, "\"")
+			}
+			if key == "file" {
+				fileLabel = strings.Trim(val, "\"")
+			}
+		}
+	}
+exit:
+	mcs := IntToMcs(os.Getpid(), 1024)
+	scon := NewContext(processLabel)
+	scon["level"] = mcs
+	processLabel = scon.Get()
+	scon = NewContext(fileLabel)
+	scon["level"] = mcs
+	fileLabel = scon.Get()
+	return processLabel, fileLabel
+}
+
+func SecurityCheckContext(val string) error {
+	return writeCon(fmt.Sprintf("%s.context", selinuxPath), val)
+}
+
+func CopyLevel(src, dest string) (string, error) {
+	if !SelinuxEnabled() {
+		return "", nil
+	}
+	if src == "" {
+		return "", nil
+	}
+	if err := SecurityCheckContext(src); err != nil {
+		return "", err
+	}
+	if err := SecurityCheckContext(dest); err != nil {
+		return "", err
+	}
+	scon := NewContext(src)
+	tcon := NewContext(dest)
+	tcon["level"] = scon["level"]
+	return tcon.Get(), nil
+}
diff --git a/pkg/selinux/selinux_test.go b/pkg/selinux/selinux_test.go
new file mode 100644
index 0000000000..6b59c1db11
--- /dev/null
+++ b/pkg/selinux/selinux_test.go
@@ -0,0 +1,64 @@
+package selinux_test
+
+import (
+	"github.com/dotcloud/docker/pkg/selinux"
+	"os"
+	"testing"
+)
+
+func testSetfilecon(t *testing.T) {
+	if selinux.SelinuxEnabled() {
+		tmp := "selinux_test"
+		out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
+		out.Close()
+		err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
+		if err == nil {
+			t.Log(selinux.Getfilecon(tmp))
+		} else {
+			t.Log("Setfilecon failed")
+			t.Fatal(err)
+		}
+		os.Remove(tmp)
+	}
+}
+
+func TestSELinux(t *testing.T) {
+	var (
+		err            error
+		plabel, flabel string
+	)
+
+	if selinux.SelinuxEnabled() {
+		t.Log("Enabled")
+		plabel, flabel = selinux.GetLxcContexts()
+		t.Log(plabel)
+		t.Log(flabel)
+		plabel, flabel = selinux.GetLxcContexts()
+		t.Log(plabel)
+		t.Log(flabel)
+		t.Log("getenforce ", selinux.SelinuxGetEnforce())
+		t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
+		pid := os.Getpid()
+		t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
+		t.Log(selinux.Getcon())
+		t.Log(selinux.Getfilecon("/etc/passwd"))
+		err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
+		if err == nil {
+			t.Log(selinux.Getfscreatecon())
+		} else {
+			t.Log("setfscreatecon failed", err)
+			t.Fatal(err)
+		}
+		err = selinux.Setfscreatecon("")
+		if err == nil {
+			t.Log(selinux.Getfscreatecon())
+		} else {
+			t.Log("setfscreatecon failed", err)
+			t.Fatal(err)
+		}
+		t.Log(selinux.Getpidcon(1))
+		t.Log(selinux.GetSelinuxMountPoint())
+	} else {
+		t.Log("Disabled")
+	}
+}
diff --git a/runconfig/config.go b/runconfig/config.go
index e961d659d7..c3ade575c5 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -1,8 +1,10 @@
 package runconfig
 
 import (
+	"encoding/json"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/runtime/execdriver"
 )
 
 // Note: the Config structure should hold only portable information about the container.
@@ -34,9 +36,17 @@ type Config struct {
 	Entrypoint      []string
 	NetworkDisabled bool
 	OnBuild         []string
+	Context         execdriver.Context
 }
 
 func ContainerConfigFromJob(job *engine.Job) *Config {
+	var context execdriver.Context
+	val := job.Getenv("Context")
+	if val != "" {
+		if err := json.Unmarshal([]byte(val), &context); err != nil {
+			panic(err)
+		}
+	}
 	config := &Config{
 		Hostname:        job.Getenv("Hostname"),
 		Domainname:      job.Getenv("Domainname"),
@@ -54,6 +64,7 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 		VolumesFrom:     job.Getenv("VolumesFrom"),
 		WorkingDir:      job.Getenv("WorkingDir"),
 		NetworkDisabled: job.GetenvBool("NetworkDisabled"),
+		Context:         context,
 	}
 	job.GetenvJson("ExposedPorts", &config.ExposedPorts)
 	job.GetenvJson("Volumes", &config.Volumes)
diff --git a/runconfig/parse.go b/runconfig/parse.go
index c2591722d5..23c66cd611 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -4,8 +4,10 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/opts"
+	"github.com/dotcloud/docker/pkg/label"
 	flag "github.com/dotcloud/docker/pkg/mflag"
 	"github.com/dotcloud/docker/pkg/sysinfo"
+	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"path"
@@ -32,6 +34,10 @@ func ParseSubcommand(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo)
 }
 
 func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {
+	var (
+		processLabel string
+		mountLabel   string
+	)
 	var (
 		// FIXME: use utils.ListOpts for attach and volumes?
 		flAttach  = opts.NewListOpts(opts.ValidateAttach)
@@ -60,6 +66,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flUser            = cmd.String([]string{"u", "-user"}, "", "Username or UID")
 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
+		flLabelOptions    = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system")
 
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")
@@ -150,6 +157,15 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		entrypoint = []string{*flEntrypoint}
 	}
 
+	if !*flPrivileged {
+		pLabel, mLabel, e := label.GenLabels(*flLabelOptions)
+		if e != nil {
+			return nil, nil, cmd, fmt.Errorf("Invalid security labels : %s", e)
+		}
+		processLabel = pLabel
+		mountLabel = mLabel
+	}
+
 	lxcConf, err := parseLxcConfOpts(flLxcOpts)
 	if err != nil {
 		return nil, nil, cmd, err
@@ -204,6 +220,10 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
 		Entrypoint:      entrypoint,
 		WorkingDir:      *flWorkingDir,
+		Context: execdriver.Context{
+			"mount_label":   mountLabel,
+			"process_label": processLabel,
+		},
 	}
 
 	hostConfig := &HostConfig{
diff --git a/runtime/container.go b/runtime/container.go
index bff9aea968..53d0aa666e 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -402,6 +402,7 @@ func populateCommand(c *Container) {
 		User:       c.Config.User,
 		Config:     driverConfig,
 		Resources:  resources,
+		Context:    c.Config.Context,
 	}
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
 }
diff --git a/runtime/execdriver/driver.go b/runtime/execdriver/driver.go
index 23e31ee8d9..dca889a82d 100644
--- a/runtime/execdriver/driver.go
+++ b/runtime/execdriver/driver.go
@@ -7,6 +7,10 @@ import (
 	"os/exec"
 )
 
+// Context is a generic key value pair that allows
+// arbatrary data to be sent
+type Context map[string]string
+
 var (
 	ErrNotRunning              = errors.New("Process could not be started")
 	ErrWaitTimeoutReached      = errors.New("Wait timeout reached")
@@ -121,6 +125,7 @@ type Command struct {
 	Arguments  []string   `json:"arguments"`
 	WorkingDir string     `json:"working_dir"`
 	ConfigPath string     `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
+	Context    Context    `json:"context"`     // generic context for specific options (apparmor, selinux)
 	Tty        bool       `json:"tty"`
 	Network    *Network   `json:"network"`
 	Config     []string   `json:"config"` //  generic values that specific drivers can consume
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index ce9d90469f..608fb22436 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -1,6 +1,7 @@
 package lxc
 
 import (
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"strings"
 	"text/template"
@@ -29,6 +30,10 @@ lxc.pts = 1024
 
 # disable the main console
 lxc.console = none
+{{if getProcessLabel .Context}}
+lxc.se_context = {{ getProcessLabel .Context}}
+{{$MOUNTLABEL := getMountLabel .Context}}
+{{end}}
 
 # no controlling tty at all
 lxc.tty = 1
@@ -85,8 +90,8 @@ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noe
 lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0
 {{end}}
 
-lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts newinstance,ptmxmode=0666,nosuid,noexec 0 0
-lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs size=65536k,nosuid,nodev,noexec 0 0
+lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" "$MOUNTLABEL"}} 0 0
+lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" "$MOUNTLABEL"}} 0 0
 
 {{range $value := .Mounts}}
 {{if $value.Writable}}
@@ -142,11 +147,22 @@ func getMemorySwap(v *execdriver.Resources) int64 {
 	return v.Memory * 2
 }
 
+func getProcessLabel(c execdriver.Context) string {
+	return c["process_label"]
+}
+
+func getMountLabel(c execdriver.Context) string {
+	return c["mount_label"]
+}
+
 func init() {
 	var err error
 	funcMap := template.FuncMap{
 		"getMemorySwap":     getMemorySwap,
+		"getProcessLabel":   getProcessLabel,
+		"getMountLabel":     getMountLabel,
 		"escapeFstabSpaces": escapeFstabSpaces,
+		"formatMountLabel":  label.FormatMountLabel,
 	}
 	LxcTemplateCompiled, err = template.New("lxc").Funcs(funcMap).Parse(LxcTemplate)
 	if err != nil {
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index d744ab382f..7e1e9ed86e 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -18,6 +18,8 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 	container.User = c.User
 	container.WorkingDir = c.WorkingDir
 	container.Env = c.Env
+	container.Context["mount_label"] = c.Context["mount_label"]
+	container.Context["process_label"] = c.Context["process_label"]
 
 	loopbackNetwork := libcontainer.Network{
 		Mtu:     c.Network.Mtu,
diff --git a/runtime/graphdriver/aufs/aufs.go b/runtime/graphdriver/aufs/aufs.go
index 6f05ddd025..401bbd8c86 100644
--- a/runtime/graphdriver/aufs/aufs.go
+++ b/runtime/graphdriver/aufs/aufs.go
@@ -134,7 +134,7 @@ func (a Driver) Exists(id string) bool {
 
 // Three folders are created for each id
 // mnt, layers, and diff
-func (a *Driver) Create(id, parent string) error {
+func (a *Driver) Create(id, parent string, mountLabel string) error {
 	if err := a.createDirsFor(id); err != nil {
 		return err
 	}
diff --git a/runtime/graphdriver/aufs/aufs_test.go b/runtime/graphdriver/aufs/aufs_test.go
index cb417c3b26..9cfdebd160 100644
--- a/runtime/graphdriver/aufs/aufs_test.go
+++ b/runtime/graphdriver/aufs/aufs_test.go
@@ -90,7 +90,7 @@ func TestCreateNewDir(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 }
@@ -99,7 +99,7 @@ func TestCreateNewDirStructure(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -120,7 +120,7 @@ func TestRemoveImage(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -145,7 +145,7 @@ func TestGetWithoutParent(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -172,7 +172,7 @@ func TestCleanupWithDir(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -185,7 +185,7 @@ func TestMountedFalseResponse(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -204,10 +204,10 @@ func TestMountedTrueReponse(t *testing.T) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -230,10 +230,10 @@ func TestMountWithParent(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -261,10 +261,10 @@ func TestRemoveMountedDir(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -300,7 +300,7 @@ func TestCreateWithInvalidParent(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", "docker"); err == nil {
+	if err := d.Create("1", "docker", ""); err == nil {
 		t.Fatalf("Error should not be nil with parent does not exist")
 	}
 }
@@ -309,7 +309,7 @@ func TestGetDiff(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -343,10 +343,10 @@ func TestChanges(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -392,7 +392,7 @@ func TestChanges(t *testing.T) {
 		t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind)
 	}
 
-	if err := d.Create("3", "2"); err != nil {
+	if err := d.Create("3", "2", ""); err != nil {
 		t.Fatal(err)
 	}
 	mntPoint, err = d.Get("3")
@@ -437,7 +437,7 @@ func TestDiffSize(t *testing.T) {
 	d := newDriver(t)
 	defer os.RemoveAll(tmp)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -479,7 +479,7 @@ func TestChildDiffSize(t *testing.T) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -515,7 +515,7 @@ func TestChildDiffSize(t *testing.T) {
 		t.Fatalf("Expected size to be %d got %d", size, diffSize)
 	}
 
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -534,7 +534,7 @@ func TestExists(t *testing.T) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -552,7 +552,7 @@ func TestStatus(t *testing.T) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -581,7 +581,7 @@ func TestApplyDiff(t *testing.T) {
 	defer os.RemoveAll(tmp)
 	defer d.Cleanup()
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -607,10 +607,10 @@ func TestApplyDiff(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := d.Create("2", ""); err != nil {
+	if err := d.Create("2", "", ""); err != nil {
 		t.Fatal(err)
 	}
-	if err := d.Create("3", "2"); err != nil {
+	if err := d.Create("3", "2", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -656,7 +656,7 @@ func TestMountMoreThan42Layers(t *testing.T) {
 		}
 		current = hash(current)
 
-		if err := d.Create(current, parent); err != nil {
+		if err := d.Create(current, parent, ""); err != nil {
 			t.Logf("Current layer %d", i)
 			t.Fatal(err)
 		}
diff --git a/runtime/graphdriver/aufs/migrate.go b/runtime/graphdriver/aufs/migrate.go
index 6018342d6c..400e260797 100644
--- a/runtime/graphdriver/aufs/migrate.go
+++ b/runtime/graphdriver/aufs/migrate.go
@@ -77,7 +77,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e
 				}
 
 				initID := fmt.Sprintf("%s-init", id)
-				if err := a.Create(initID, metadata.Image); err != nil {
+				if err := a.Create(initID, metadata.Image, ""); err != nil {
 					return err
 				}
 
@@ -90,7 +90,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e
 					return err
 				}
 
-				if err := a.Create(id, initID); err != nil {
+				if err := a.Create(id, initID, ""); err != nil {
 					return err
 				}
 			}
@@ -144,7 +144,7 @@ func (a *Driver) migrateImage(m *metadata, pth string, migrated map[string]bool)
 			return err
 		}
 		if !a.Exists(m.ID) {
-			if err := a.Create(m.ID, m.ParentID); err != nil {
+			if err := a.Create(m.ID, m.ParentID, ""); err != nil {
 				return err
 			}
 		}
diff --git a/runtime/graphdriver/btrfs/btrfs.go b/runtime/graphdriver/btrfs/btrfs.go
index b0530be92b..2a94a4089f 100644
--- a/runtime/graphdriver/btrfs/btrfs.go
+++ b/runtime/graphdriver/btrfs/btrfs.go
@@ -80,7 +80,7 @@ func getDirFd(dir *C.DIR) uintptr {
 	return uintptr(C.dirfd(dir))
 }
 
-func subvolCreate(path, name string) error {
+func subvolCreate(path, name string, mountLabel string) error {
 	dir, err := openDir(path)
 	if err != nil {
 		return err
@@ -155,13 +155,13 @@ func (d *Driver) subvolumesDirId(id string) string {
 	return path.Join(d.subvolumesDir(), id)
 }
 
-func (d *Driver) Create(id string, parent string) error {
+func (d *Driver) Create(id string, parent string, mountLabel string) error {
 	subvolumes := path.Join(d.home, "subvolumes")
 	if err := os.MkdirAll(subvolumes, 0700); err != nil {
 		return err
 	}
 	if parent == "" {
-		if err := subvolCreate(subvolumes, id); err != nil {
+		if err := subvolCreate(subvolumes, id, mountLabel); err != nil {
 			return err
 		}
 	} else {
diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index dfdb180bb2..762e982208 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
@@ -827,7 +828,7 @@ func (devices *DeviceSet) Shutdown() error {
 	return nil
 }
 
-func (devices *DeviceSet) MountDevice(hash, path string) error {
+func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error {
 	devices.Lock()
 	defer devices.Unlock()
 
@@ -859,9 +860,11 @@ func (devices *DeviceSet) MountDevice(hash, path string) error {
 
 	var flags uintptr = sysMsMgcVal
 
-	err := sysMount(info.DevName(), path, "ext4", flags, "discard")
+	mountOptions := label.FormatMountLabel("discard", mountLabel)
+	err := sysMount(info.DevName(), path, "ext4", flags, mountOptions)
 	if err != nil && err == sysEInval {
-		err = sysMount(info.DevName(), path, "ext4", flags, "")
+		mountOptions = label.FormatMountLabel(mountLabel, "")
+		err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
 	}
 	if err != nil {
 		return fmt.Errorf("Error mounting '%s' on '%s': %s", info.DevName(), path, err)
diff --git a/runtime/graphdriver/devmapper/driver.go b/runtime/graphdriver/devmapper/driver.go
index 33c7a0f483..1324ddab81 100644
--- a/runtime/graphdriver/devmapper/driver.go
+++ b/runtime/graphdriver/devmapper/driver.go
@@ -22,7 +22,8 @@ func init() {
 
 type Driver struct {
 	*DeviceSet
-	home string
+	home       string
+	MountLabel string
 }
 
 var Init = func(home string) (graphdriver.Driver, error) {
@@ -60,13 +61,13 @@ func (d *Driver) Cleanup() error {
 	return d.DeviceSet.Shutdown()
 }
 
-func (d *Driver) Create(id, parent string) error {
+func (d *Driver) Create(id, parent string, mountLabel string) error {
+	d.MountLabel = mountLabel
 	if err := d.DeviceSet.AddDevice(id, parent); err != nil {
 		return err
 	}
-
 	mp := path.Join(d.home, "mnt", id)
-	if err := d.mount(id, mp); err != nil {
+	if err := d.mount(id, mp, d.MountLabel); err != nil {
 		return err
 	}
 
@@ -116,7 +117,7 @@ func (d *Driver) Remove(id string) error {
 
 func (d *Driver) Get(id string) (string, error) {
 	mp := path.Join(d.home, "mnt", id)
-	if err := d.mount(id, mp); err != nil {
+	if err := d.mount(id, mp, d.MountLabel); err != nil {
 		return "", err
 	}
 
@@ -129,13 +130,13 @@ func (d *Driver) Put(id string) {
 	}
 }
 
-func (d *Driver) mount(id, mountPoint string) error {
+func (d *Driver) mount(id, mountPoint string, mountLabel string) error {
 	// Create the target directories if they don't exist
 	if err := osMkdirAll(mountPoint, 0755); err != nil && !osIsExist(err) {
 		return err
 	}
 	// Mount the device
-	return d.DeviceSet.MountDevice(id, mountPoint)
+	return d.DeviceSet.MountDevice(id, mountPoint, mountLabel)
 }
 
 func (d *Driver) Exists(id string) bool {
diff --git a/runtime/graphdriver/devmapper/driver_test.go b/runtime/graphdriver/devmapper/driver_test.go
index 9af71a00b3..4ca72db0ca 100644
--- a/runtime/graphdriver/devmapper/driver_test.go
+++ b/runtime/graphdriver/devmapper/driver_test.go
@@ -494,7 +494,7 @@ func TestDriverCreate(t *testing.T) {
 			"?ioctl.loopctlgetfree",
 		)
 
-		if err := d.Create("1", ""); err != nil {
+		if err := d.Create("1", "", ""); err != nil {
 			t.Fatal(err)
 		}
 		calls.Assert(t,
@@ -612,7 +612,7 @@ func TestDriverRemove(t *testing.T) {
 			"?ioctl.loopctlgetfree",
 		)
 
-		if err := d.Create("1", ""); err != nil {
+		if err := d.Create("1", "", ""); err != nil {
 			t.Fatal(err)
 		}
 
@@ -668,7 +668,7 @@ func TestCleanup(t *testing.T) {
 
 	mountPoints := make([]string, 2)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 	// Mount the id
@@ -678,7 +678,7 @@ func TestCleanup(t *testing.T) {
 	}
 	mountPoints[0] = p
 
-	if err := d.Create("2", "1"); err != nil {
+	if err := d.Create("2", "1", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -731,7 +731,7 @@ func TestNotMounted(t *testing.T) {
 	d := newDriver(t)
 	defer cleanup(d)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -749,7 +749,7 @@ func TestMounted(t *testing.T) {
 	d := newDriver(t)
 	defer cleanup(d)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := d.Get("1"); err != nil {
@@ -769,7 +769,7 @@ func TestInitCleanedDriver(t *testing.T) {
 	t.Skip("FIXME: not a unit test")
 	d := newDriver(t)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 	if _, err := d.Get("1"); err != nil {
@@ -797,7 +797,7 @@ func TestMountMountedDriver(t *testing.T) {
 	d := newDriver(t)
 	defer cleanup(d)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -816,7 +816,7 @@ func TestGetReturnsValidDevice(t *testing.T) {
 	d := newDriver(t)
 	defer cleanup(d)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
@@ -844,7 +844,7 @@ func TestDriverGetSize(t *testing.T) {
 	d := newDriver(t)
 	defer cleanup(d)
 
-	if err := d.Create("1", ""); err != nil {
+	if err := d.Create("1", "", ""); err != nil {
 		t.Fatal(err)
 	}
 
diff --git a/runtime/graphdriver/driver.go b/runtime/graphdriver/driver.go
index 89fd03a624..7bea704682 100644
--- a/runtime/graphdriver/driver.go
+++ b/runtime/graphdriver/driver.go
@@ -13,7 +13,7 @@ type InitFunc func(root string) (Driver, error)
 type Driver interface {
 	String() string
 
-	Create(id, parent string) error
+	Create(id, parent string, mountLabel string) error
 	Remove(id string) error
 
 	Get(id string) (dir string, err error)
diff --git a/runtime/graphdriver/vfs/driver.go b/runtime/graphdriver/vfs/driver.go
index 10a7b223a4..fe09560f24 100644
--- a/runtime/graphdriver/vfs/driver.go
+++ b/runtime/graphdriver/vfs/driver.go
@@ -42,7 +42,7 @@ func copyDir(src, dst string) error {
 	return nil
 }
 
-func (d *Driver) Create(id string, parent string) error {
+func (d *Driver) Create(id string, parent string, mountLabel string) error {
 	dir := d.dir(id)
 	if err := os.MkdirAll(path.Dir(dir), 0700); err != nil {
 		return err
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 0d3468e350..35bcad9781 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -467,7 +467,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 
 	initID := fmt.Sprintf("%s-init", container.ID)
-	if err := runtime.driver.Create(initID, img.ID); err != nil {
+	if err := runtime.driver.Create(initID, img.ID, config.Context["mount_label"]); err != nil {
 		return nil, nil, err
 	}
 	initPath, err := runtime.driver.Get(initID)
@@ -480,7 +480,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		return nil, nil, err
 	}
 
-	if err := runtime.driver.Create(container.ID, initID); err != nil {
+	if err := runtime.driver.Create(container.ID, initID, config.Context["mount_label"]); err != nil {
 		return nil, nil, err
 	}
 	resolvConf, err := utils.GetResolvConf()

From 0fb01fd8fe376a3518b1050ab62f2b3370d62535 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 13:55:45 +0000
Subject: [PATCH 218/384] Follow symlinks inside container root for build's ADD
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration/buildfile_test.go | 18 ++++++++++++++++++
 server/buildfile.go           |  9 +++++++++
 2 files changed, 27 insertions(+)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index 95d5abb8a7..ae2282f53f 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -998,3 +998,21 @@ func TestBuildOnBuildForbiddenMaintainerTrigger(t *testing.T) {
 		t.Fatal("Error should not be nil")
 	}
 }
+
+// gh #2446
+func TestBuildAddToSymlinkDest(t *testing.T) {
+	eng := NewTestEngine(t)
+	defer nuke(mkRuntimeFromEngine(eng, t))
+
+	_, err := buildImage(testContextTemplate{`
+        from {IMAGE}
+        run mkdir /foo
+        run ln -s /foo /bar
+        add foo /bar/
+        run stat /bar/foo
+        `,
+		[][2]string{{"foo", "HEYO"}}, nil}, t, eng, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/server/buildfile.go b/server/buildfile.go
index 5d5fda4d8e..6f95c2e593 100644
--- a/server/buildfile.go
+++ b/server/buildfile.go
@@ -395,9 +395,18 @@ func (b *buildFile) checkPathForAddition(orig string) error {
 
 func (b *buildFile) addContext(container *runtime.Container, orig, dest string, remote bool) error {
 	var (
+		err      error
 		origPath = path.Join(b.contextPath, orig)
 		destPath = path.Join(container.RootfsPath(), dest)
 	)
+
+	if destPath != container.RootfsPath() {
+		destPath, err = utils.FollowSymlinkInScope(destPath, container.RootfsPath())
+		if err != nil {
+			return err
+		}
+	}
+
 	// Preserve the trailing '/'
 	if strings.HasSuffix(dest, "/") {
 		destPath = destPath + "/"

From 67af7b3fb0b5e40a435b434c57291cb2989275ce Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 18 Mar 2014 17:50:40 -0700
Subject: [PATCH 219/384] Strip comments before parsing line continuations

Fixes #3898
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 integration/buildfile_test.go | 10 ++++++++++
 server/buildfile.go           | 25 +++++++++++++++++++------
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/integration/buildfile_test.go b/integration/buildfile_test.go
index 7f6e69ece3..23a1ff3d8e 100644
--- a/integration/buildfile_test.go
+++ b/integration/buildfile_test.go
@@ -311,6 +311,16 @@ RUN [ "$(cat /testfile)" = 'test!' ]
 		},
 		nil,
 	},
+	{
+		`
+FROM {IMAGE}
+# what \
+RUN mkdir /testing
+RUN touch /testing/other
+`,
+		nil,
+		nil,
+	},
 }
 
 // FIXME: test building with 2 successive overlapping ADD commands
diff --git a/server/buildfile.go b/server/buildfile.go
index af6702cc1d..309b854208 100644
--- a/server/buildfile.go
+++ b/server/buildfile.go
@@ -729,20 +729,19 @@ func (b *buildFile) Build(context io.Reader) (string, error) {
 	if len(fileBytes) == 0 {
 		return "", ErrDockerfileEmpty
 	}
-	dockerfile := string(fileBytes)
-	dockerfile = lineContinuation.ReplaceAllString(dockerfile, "")
-	stepN := 0
+	var (
+		dockerfile = lineContinuation.ReplaceAllString(stripComments(fileBytes), "")
+		stepN      = 0
+	)
 	for _, line := range strings.Split(dockerfile, "\n") {
 		line = strings.Trim(strings.Replace(line, "\t", " ", -1), " \t\r\n")
-		// Skip comments and empty line
-		if len(line) == 0 || line[0] == '#' {
+		if len(line) == 0 {
 			continue
 		}
 		if err := b.BuildStep(fmt.Sprintf("%d", stepN), line); err != nil {
 			return "", err
 		}
 		stepN += 1
-
 	}
 	if b.image != "" {
 		fmt.Fprintf(b.outStream, "Successfully built %s\n", utils.TruncateID(b.image))
@@ -779,6 +778,20 @@ func (b *buildFile) BuildStep(name, expression string) error {
 	return nil
 }
 
+func stripComments(raw []byte) string {
+	var (
+		out   []string
+		lines = strings.Split(string(raw), "\n")
+	)
+	for _, l := range lines {
+		if len(l) == 0 || l[0] == '#' {
+			continue
+		}
+		out = append(out, l)
+	}
+	return strings.Join(out, "\n")
+}
+
 func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {
 	return &buildFile{
 		runtime:       srv.runtime,

From 097aef2ca938012a5b42e0032b30267e27a92265 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 27 Mar 2014 04:24:31 +0000
Subject: [PATCH 220/384] Fix commit and import when no repository is specified
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 api/client.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/api/client.go b/api/client.go
index 1e6bf9d549..df3265a15a 100644
--- a/api/client.go
+++ b/api/client.go
@@ -1013,9 +1013,11 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 	}
 	v := url.Values{}
 
-	//Check if the given image name can be resolved
-	if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
-		return err
+	if repository != "" {
+		//Check if the given image name can be resolved
+		if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+			return err
+		}
 	}
 
 	v.Set("repo", repository)
@@ -1469,8 +1471,10 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 	}
 
 	//Check if the given image name can be resolved
-	if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
-		return err
+	if repository != "" {
+		if _, _, err := registry.ResolveRepositoryName(repository); err != nil {
+			return err
+		}
 	}
 
 	v := url.Values{}

From 2d270c4f06dbc2ee1293e3f81f6922df248ef8eb Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 27 Mar 2014 08:25:01 +0000
Subject: [PATCH 221/384] Fix compile and unit test errors after merge
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/cgroups/apply_raw.go               | 23 ++++++++++++++
 pkg/cgroups/cgroups.go                 | 19 ------------
 runconfig/hostconfig.go                |  5 ---
 runconfig/parse.go                     | 42 --------------------------
 runtime/container.go                   |  1 -
 runtime/execdriver/lxc/lxc_template.go | 25 ++++++++++-----
 runtime/utils_test.go                  |  3 +-
 7 files changed, 43 insertions(+), 75 deletions(-)

diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go
index 47a2a002b8..5fe317937a 100644
--- a/pkg/cgroups/apply_raw.go
+++ b/pkg/cgroups/apply_raw.go
@@ -49,6 +49,9 @@ func rawApply(c *Cgroup, pid int) (ActiveCgroup, error) {
 	if err := raw.setupCpu(c, pid); err != nil {
 		return nil, err
 	}
+	if err := raw.setupCpuset(c, pid); err != nil {
+		return nil, err
+	}
 	return raw, nil
 }
 
@@ -170,6 +173,25 @@ func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) {
 	return nil
 }
 
+func (raw *rawCgroup) setupCpuset(c *Cgroup, pid int) (err error) {
+	if c.CpusetCpus != "" {
+		dir, err := raw.join("cpuset", pid)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			if err != nil {
+				os.RemoveAll(dir)
+			}
+		}()
+
+		if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func (raw *rawCgroup) Cleanup() error {
 	get := func(subsystem string) string {
 		path, _ := raw.path(subsystem)
@@ -180,6 +202,7 @@ func (raw *rawCgroup) Cleanup() error {
 		get("memory"),
 		get("devices"),
 		get("cpu"),
+		get("cpuset"),
 	} {
 		if path != "" {
 			os.RemoveAll(path)
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index cdf268711a..5fe10346df 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -101,22 +101,3 @@ func (c *Cgroup) Apply(pid int) (ActiveCgroup, error) {
 		return rawApply(c, pid)
 	}
 }
-
-func (c *Cgroup) setupCpuset(cgroupRoot string, pid int) (err error) {
-	if c.CpusetCpus != "" {
-		dir, err := c.Join(cgroupRoot, "cpuset", pid)
-		if err != nil {
-			return err
-		}
-		defer func() {
-			if err != nil {
-				os.RemoveAll(dir)
-			}
-		}()
-
-		if err := writeFile(dir, "cpuset.cpus", c.CpusetCpus); err != nil {
-			return err
-		}
-	}
-	return nil
-}
diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 1a9ffbada5..9a92258644 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -17,11 +17,6 @@ type HostConfig struct {
 	DriverOptions   map[string][]string
 }
 
-type KeyValuePair struct {
-	Key   string
-	Value string
-}
-
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	hostConfig := &HostConfig{
 		ContainerIDFile: job.Getenv("ContainerIDFile"),
diff --git a/runconfig/parse.go b/runconfig/parse.go
index b89d6c4683..a330c6c869 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -4,10 +4,8 @@ import (
 	"fmt"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/opts"
-	"github.com/dotcloud/docker/pkg/label"
 	flag "github.com/dotcloud/docker/pkg/mflag"
 	"github.com/dotcloud/docker/pkg/sysinfo"
-	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
 	"path"
@@ -34,10 +32,6 @@ func ParseSubcommand(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo)
 }
 
 func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Config, *HostConfig, *flag.FlagSet, error) {
-	var (
-		processLabel string
-		mountLabel   string
-	)
 	var (
 		// FIXME: use utils.ListOpts for attach and volumes?
 		flAttach  = opts.NewListOpts(opts.ValidateAttach)
@@ -67,7 +61,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flUser            = cmd.String([]string{"u", "-user"}, "", "Username or UID")
 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
-		flLabelOptions    = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system")
 
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")
@@ -159,15 +152,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		entrypoint = []string{*flEntrypoint}
 	}
 
-	if !*flPrivileged {
-		pLabel, mLabel, e := label.GenLabels(*flLabelOptions)
-		if e != nil {
-			return nil, nil, cmd, fmt.Errorf("Invalid security labels : %s", e)
-		}
-		processLabel = pLabel
-		mountLabel = mLabel
-	}
-
 	lxcConf, err := parseKeyValueOpts(flLxcOpts)
 	if err != nil {
 		return nil, nil, cmd, err
@@ -222,10 +206,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
 		Entrypoint:      entrypoint,
 		WorkingDir:      *flWorkingDir,
-		Context: execdriver.Context{
-			"mount_label":   mountLabel,
-			"process_label": processLabel,
-		},
 	}
 
 	driverOptions, err := parseDriverOpts(flDriverOpts)
@@ -233,11 +213,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		return nil, nil, cmd, err
 	}
 
-	pluginOptions, err := parseDriverOpts(flDriverOpts)
-	if err != nil {
-		return nil, nil, cmd, err
-	}
-
 	hostConfig := &HostConfig{
 		Binds:           binds,
 		ContainerIDFile: *flContainerIDFile,
@@ -289,20 +264,3 @@ func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) {
 	}
 	return out, nil
 }
-
-// options will come in the format of name.type=value
-func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
-	out := make(map[string][]string, len(opts.GetAll()))
-	for _, o := range opts.GetAll() {
-		parts := strings.SplitN(o, ".", 2)
-		if len(parts) < 2 {
-			return nil, fmt.Errorf("invalid opt format %s", o)
-		}
-		values, exists := out[parts[0]]
-		if !exists {
-			values = []string{}
-		}
-		out[parts[0]] = append(values, parts[1])
-	}
-	return out, nil
-}
diff --git a/runtime/container.go b/runtime/container.go
index 656e9ae587..f37ffcd1e7 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -404,7 +404,6 @@ func populateCommand(c *Container) {
 		User:       c.Config.User,
 		Config:     driverConfig,
 		Resources:  resources,
-		Context:    c.Config.Context,
 	}
 	c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
 }
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index 230518bd7f..67095383ec 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -30,9 +30,9 @@ lxc.pts = 1024
 
 # disable the main console
 lxc.console = none
-{{if getProcessLabel .Context}}
-lxc.se_context = {{ getProcessLabel .Context}}
-{{$MOUNTLABEL := getMountLabel .Context}}
+{{if getProcessLabel .Config}}
+lxc.se_context = {{ getProcessLabel .Config}}
+{{$MOUNTLABEL := getMountLabel .Config}}
 {{end}}
 
 # no controlling tty at all
@@ -147,12 +147,23 @@ func getMemorySwap(v *execdriver.Resources) int64 {
 	return v.Memory * 2
 }
 
-func getProcessLabel(c execdriver.Context) string {
-	return c["process_label"]
+func getProcessLabel(c map[string][]string) string {
+	return getLabel(c, "process")
 }
 
-func getMountLabel(c execdriver.Context) string {
-	return c["mount_label"]
+func getMountLabel(c map[string][]string) string {
+	return getLabel(c, "mount")
+}
+
+func getLabel(c map[string][]string, name string) string {
+	label := c["label"]
+	for _, l := range label {
+		parts := strings.SplitN(l, "=", 2)
+		if parts[0] == name {
+			return parts[1]
+		}
+	}
+	return ""
 }
 
 func init() {
diff --git a/runtime/utils_test.go b/runtime/utils_test.go
index 81c745c0d5..833634cb47 100644
--- a/runtime/utils_test.go
+++ b/runtime/utils_test.go
@@ -2,13 +2,14 @@ package runtime
 
 import (
 	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/utils"
 	"testing"
 )
 
 func TestMergeLxcConfig(t *testing.T) {
 	var (
 		hostConfig = &runconfig.HostConfig{
-			LxcConf: []runconfig.KeyValuePair{
+			LxcConf: []utils.KeyValuePair{
 				{Key: "lxc.cgroups.cpuset", Value: "1,2"},
 			},
 		}

From bfa2141765c2a3866ca0f5237fc951f4c2db8b98 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 27 Mar 2014 08:57:01 +0000
Subject: [PATCH 222/384] Update lxc to use opts for selinux labels
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/execdriver/lxc/driver.go       | 24 ++++++++++++++++++++----
 runtime/execdriver/lxc/lxc_template.go | 10 +++++-----
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/runtime/execdriver/lxc/driver.go b/runtime/execdriver/lxc/driver.go
index 086e35f643..896f215366 100644
--- a/runtime/execdriver/lxc/driver.go
+++ b/runtime/execdriver/lxc/driver.go
@@ -3,6 +3,7 @@ package lxc
 import (
 	"fmt"
 	"github.com/dotcloud/docker/pkg/cgroups"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/utils"
 	"io/ioutil"
@@ -378,19 +379,34 @@ func rootIsShared() bool {
 }
 
 func (d *driver) generateLXCConfig(c *execdriver.Command) (string, error) {
-	root := path.Join(d.root, "containers", c.ID, "config.lxc")
+	var (
+		process, mount string
+		root           = path.Join(d.root, "containers", c.ID, "config.lxc")
+		labels         = c.Config["label"]
+	)
 	fo, err := os.Create(root)
 	if err != nil {
 		return "", err
 	}
 	defer fo.Close()
 
+	if len(labels) > 0 {
+		process, mount, err = label.GenLabels(labels[0])
+		if err != nil {
+			return "", err
+		}
+	}
+
 	if err := LxcTemplateCompiled.Execute(fo, struct {
 		*execdriver.Command
-		AppArmor bool
+		AppArmor     bool
+		ProcessLabel string
+		MountLabel   string
 	}{
-		Command:  c,
-		AppArmor: d.apparmor,
+		Command:      c,
+		AppArmor:     d.apparmor,
+		ProcessLabel: process,
+		MountLabel:   mount,
 	}); err != nil {
 		return "", err
 	}
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index 67095383ec..e5248375a8 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -30,9 +30,9 @@ lxc.pts = 1024
 
 # disable the main console
 lxc.console = none
-{{if getProcessLabel .Config}}
-lxc.se_context = {{ getProcessLabel .Config}}
-{{$MOUNTLABEL := getMountLabel .Config}}
+{{if .ProcessLabel}}
+lxc.se_context = {{ .ProcessLabel}}
+{{$MOUNTLABEL := .MountLabel}}
 {{end}}
 
 # no controlling tty at all
@@ -159,8 +159,8 @@ func getLabel(c map[string][]string, name string) string {
 	label := c["label"]
 	for _, l := range label {
 		parts := strings.SplitN(l, "=", 2)
-		if parts[0] == name {
-			return parts[1]
+		if strings.TrimSpace(parts[0]) == name {
+			return strings.TrimSpace(parts[1])
 		}
 	}
 	return ""

From 6c9a47f01c583e9c22b831eb426192148d29d792 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 27 Mar 2014 09:04:54 +0000
Subject: [PATCH 223/384] Update native driver to use labels from opts
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/execdriver/native/create.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/runtime/execdriver/native/create.go b/runtime/execdriver/native/create.go
index 7e663f0555..976416a8ca 100644
--- a/runtime/execdriver/native/create.go
+++ b/runtime/execdriver/native/create.go
@@ -2,6 +2,7 @@ package native
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/native/configuration"
@@ -37,6 +38,9 @@ func (d *driver) createContainer(c *execdriver.Command) (*libcontainer.Container
 	if err := d.setupMounts(container, c); err != nil {
 		return nil, err
 	}
+	if err := d.setupLabels(container, c); err != nil {
+		return nil, err
+	}
 	if err := configuration.ParseConfiguration(container, d.activeContainers, c.Config["native"]); err != nil {
 		return nil, err
 	}
@@ -94,3 +98,16 @@ func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Co
 	}
 	return nil
 }
+
+func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error {
+	labels := c.Config["label"]
+	if len(labels) > 0 {
+		process, mount, err := label.GenLabels(labels[0])
+		if err != nil {
+			return err
+		}
+		container.Context["mount_label"] = mount
+		container.Context["process_label"] = process
+	}
+	return nil
+}

From ad3e71d5c7e01dca229d4077cf8b019d8085c33a Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 27 Mar 2014 11:06:32 -0600
Subject: [PATCH 224/384] Adjust
 TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN"
 interfaces

This fixes the following, which I've been seeing on all my machines for as long as I can remember:

--- FAIL: TestOnlyLoopbackExistsWhenUsingDisableNetworkOption (0.36 seconds)
	container_test.go:1597: Wrong interface count in test container: expected [*: lo], got [1: lo 2: sit0]

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 integration/container_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index 663b350638..8ed5525c72 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1553,7 +1553,7 @@ func TestOnlyLoopbackExistsWhenUsingDisableNetworkOption(t *testing.T) {
 	runtime := mkRuntimeFromEngine(eng, t)
 	defer nuke(runtime)
 
-	config, hc, _, err := runconfig.Parse([]string{"-n=false", GetTestImage(runtime).ID, "ip", "addr", "show"}, nil)
+	config, hc, _, err := runconfig.Parse([]string{"-n=false", GetTestImage(runtime).ID, "ip", "addr", "show", "up"}, nil)
 	if err != nil {
 		t.Fatal(err)
 	}

From 73ee4879afd557a3ddd0740b0a281024060f2436 Mon Sep 17 00:00:00 2001
From: Michael Gorsuch <gorsuch@github.com>
Date: Thu, 27 Mar 2014 12:44:33 -0500
Subject: [PATCH 225/384] upstart: use exec here so upstart can monitor the
 process and not just a shell

Docker-DCO-1.1-Signed-off-by: Michael Gorsuch <michael.gorsuch@gmail.com> (github: gorsuch)
---
 contrib/init/upstart/docker.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/init/upstart/docker.conf b/contrib/init/upstart/docker.conf
index 907a536c9c..e27d77e145 100644
--- a/contrib/init/upstart/docker.conf
+++ b/contrib/init/upstart/docker.conf
@@ -37,5 +37,5 @@ script
 	if [ -f /etc/default/$UPSTART_JOB ]; then
 		. /etc/default/$UPSTART_JOB
 	fi
-	"$DOCKER" -d $DOCKER_OPTS
+	exec "$DOCKER" -d $DOCKER_OPTS
 end script

From d6c2188cae85549a40193273cb9893acefadf863 Mon Sep 17 00:00:00 2001
From: Ryan Thomas <rthomas@atlassian.com>
Date: Fri, 28 Mar 2014 06:31:04 +1100
Subject: [PATCH 226/384] Docker-DCO-1.1-Signed-off-by: Ryan Thomas
 <rthomas@atlassian.com> (github: rthomas)

---
 registry/registry.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/registry/registry.go b/registry/registry.go
index 01583f97c2..182ec78a76 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -42,9 +42,9 @@ func pingRegistryEndpoint(endpoint string) (bool, error) {
 		return conn, nil
 	}
 	httpTransport := &http.Transport{
-                Dial:    httpDial,
-                Proxy:   http.ProxyFromEnvironment,
-        }
+		Dial:  httpDial,
+		Proxy: http.ProxyFromEnvironment,
+	}
 	client := &http.Client{Transport: httpTransport}
 	resp, err := client.Get(endpoint + "_ping")
 	if err != nil {

From 9d2a77805139598b272ca6e5f55e3542e1221f26 Mon Sep 17 00:00:00 2001
From: Barnaby Gray <barnaby@pickle.me.uk>
Date: Thu, 27 Mar 2014 19:13:27 +0000
Subject: [PATCH 227/384] Update fish completions for docker master.

Docker-DCO-1.1-Signed-off-by: Barnaby Gray <barnaby@pickle.me.uk> (github: barnybug)
---
 contrib/completion/fish/docker.fish | 32 ++++++++++++++++-------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish
index ddec61cffa..edaa5ca8c6 100644
--- a/contrib/completion/fish/docker.fish
+++ b/contrib/completion/fish/docker.fish
@@ -39,23 +39,25 @@ function __fish_print_docker_images --description 'Print a list of docker images
 end
 
 function __fish_print_docker_repositories --description 'Print a list of docker repositories'
-    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | sort | uniq
+    docker images | command awk 'NR>1' | command grep -v '<none>' | command awk '{print $1}' | command sort | command uniq
 end
 
 # common options
 complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group"
 complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API'
 complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d "Attach containers to a pre-existing network bridge; use 'none' to disable container networking"
 complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b"
 complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers'
+complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver'
 complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward'
 complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules"
-complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available'
+complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available'
 complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file'
 complete -c docker -f -n '__fish_docker_no_subcommand' -s r -l restart -d 'Restart previously running containers'
 complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the docker runtime to use a specific storage driver'
@@ -71,7 +73,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_pri
 # build
 complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build a container from a Dockerfile'
 complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image'
-complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress verbose build output'
+complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers'
 complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build'
 complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success'
 
@@ -79,7 +81,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d '
 complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes"
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith <hannibal@a-team.com>"'
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message'
-complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: --run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
+complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')'
 complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container"
 
 # cp
@@ -100,16 +102,16 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_pri
 # history
 complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image'
 complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs'
 complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image"
 
 # images
 complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'show all images (by default filter out the intermediate images used to build)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate images used to build)'
 complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'only show numeric IDs'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'output graph in tree format'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'output graph in graphviz format'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'Output graph in graphviz format'
 complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository"
 
 # import
@@ -126,7 +128,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from insert' -a '(__fish_pri
 complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.'
 complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image"
-complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers running)' -d "Container"
+complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container"
 
 # kill
 complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container'
@@ -138,9 +140,9 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image
 
 # login
 complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or Login to the docker registry server'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'email'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'password'
-complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'username'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password'
+complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username'
 
 # logs
 complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container'
@@ -180,12 +182,14 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_pr
 
 # rm
 complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force removal of running container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container"
 
 # rmi
 complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images'
+complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force'
 complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image"
 
 # run
@@ -202,7 +206,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expo
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)'
-complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"'
+complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: <number><optional unit>, where unit = b, k, m or g)'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container'
 complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container'

From 4af79a36e283e94cb48442499534f996e27e0f29 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 12 Mar 2014 01:58:53 -0600
Subject: [PATCH 228/384] Add mention of mounting cgroupfs properly to
 PACKAGERS.md

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 docs/sources/installation/binaries.rst | 6 ++++++
 hack/PACKAGERS.md                      | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst
index a070599338..ae548e7657 100644
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -29,6 +29,12 @@ To run properly, docker needs the following software to be installed at runtime:
 - iptables version 1.4 or later
 - Git version 1.7 or later
 - XZ Utils 4.9 or later
+- a `properly mounted
+  <https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount>`_
+  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point `is
+  <https://github.com/dotcloud/docker/issues/2683>`_ `not
+  <https://github.com/dotcloud/docker/issues/3485>`_ `sufficient
+  <https://github.com/dotcloud/docker/issues/4568>`_)
 
 
 Check kernel dependencies
diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index dc255c57ad..7170c5ad25 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -266,6 +266,12 @@ installed and available at runtime:
 
 * iptables version 1.4 or later
 * XZ Utils version 4.9 or later
+* a [properly
+  mounted](https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount)
+  cgroupfs hierarchy (having a single, all-encompassing "cgroup" mount point
+  [is](https://github.com/dotcloud/docker/issues/2683)
+  [not](https://github.com/dotcloud/docker/issues/3485)
+  [sufficient](https://github.com/dotcloud/docker/issues/4568))
 
 Additionally, the Docker client needs the following software to be installed and
 available at runtime:

From 7a3070a6000963d12be9dcd2698d911b848a33b6 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 13 Mar 2014 17:03:09 +0100
Subject: [PATCH 229/384] Add --opt arguments for drivers

In order to handle special configuration for different drivers we
make the Config field a map to string array. This lets
us use it for lxc, by using the "lxc" key for those, and we can
later extend it easily for other backend-specific options.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runconfig/hostconfig.go                       | 10 ++---
 runconfig/parse.go                            | 45 +++++++++++++------
 runconfig/parse_test.go                       |  3 +-
 runtime/container.go                          | 14 +++---
 runtime/execdriver/driver.go                  | 30 ++++++-------
 runtime/execdriver/lxc/lxc_template.go        |  4 +-
 .../execdriver/lxc/lxc_template_unit_test.go  |  8 ++--
 runtime/execdriver/native/default_template.go |  1 +
 runtime/execdriver/native/driver.go           |  7 ++-
 runtime/utils.go                              | 20 +++++++++
 utils/utils.go                                | 13 ++++++
 11 files changed, 104 insertions(+), 51 deletions(-)

diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 6c8618ee81..9a92258644 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -3,21 +3,18 @@ package runconfig
 import (
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/utils"
 )
 
 type HostConfig struct {
 	Binds           []string
 	ContainerIDFile string
-	LxcConf         []KeyValuePair
+	LxcConf         []utils.KeyValuePair
 	Privileged      bool
 	PortBindings    nat.PortMap
 	Links           []string
 	PublishAllPorts bool
-}
-
-type KeyValuePair struct {
-	Key   string
-	Value string
+	DriverOptions   map[string][]string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -28,6 +25,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
+	job.GetenvJson("DriverOptions", &hostConfig.DriverOptions)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index 23c66cd611..43aecdb753 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -51,6 +51,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
+		flDriverOpts  opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id")
@@ -83,7 +84,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
 	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
-	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "#-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
+	cmd.Var(&flDriverOpts, []string{"o", "-opt"}, "Add custom driver options")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err
@@ -166,7 +168,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		mountLabel = mLabel
 	}
 
-	lxcConf, err := parseLxcConfOpts(flLxcOpts)
+	lxcConf, err := parseKeyValueOpts(flLxcOpts)
 	if err != nil {
 		return nil, nil, cmd, err
 	}
@@ -226,6 +228,11 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		},
 	}
 
+	driverOptions, err := parseDriverOpts(flDriverOpts)
+	if err != nil {
+		return nil, nil, cmd, err
+	}
+
 	hostConfig := &HostConfig{
 		Binds:           binds,
 		ContainerIDFile: *flContainerIDFile,
@@ -234,6 +241,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PortBindings:    portBindings,
 		Links:           flLinks.GetAll(),
 		PublishAllPorts: *flPublishAll,
+		DriverOptions:   driverOptions,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
@@ -248,22 +256,31 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	return config, hostConfig, cmd, nil
 }
 
-func parseLxcConfOpts(opts opts.ListOpts) ([]KeyValuePair, error) {
-	out := make([]KeyValuePair, opts.Len())
-	for i, o := range opts.GetAll() {
-		k, v, err := parseLxcOpt(o)
-		if err != nil {
-			return nil, err
+// options will come in the format of name.key=value or name.option
+func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
+	out := make(map[string][]string, len(opts.GetAll()))
+	for _, o := range opts.GetAll() {
+		parts := strings.SplitN(o, ".", 2)
+		if len(parts) < 2 {
+			return nil, fmt.Errorf("invalid opt format %s", o)
 		}
-		out[i] = KeyValuePair{Key: k, Value: v}
+		values, exists := out[parts[0]]
+		if !exists {
+			values = []string{}
+		}
+		out[parts[0]] = append(values, parts[1])
 	}
 	return out, nil
 }
 
-func parseLxcOpt(opt string) (string, string, error) {
-	parts := strings.SplitN(opt, "=", 2)
-	if len(parts) != 2 {
-		return "", "", fmt.Errorf("Unable to parse lxc conf option: %s", opt)
+func parseKeyValueOpts(opts opts.ListOpts) ([]utils.KeyValuePair, error) {
+	out := make([]utils.KeyValuePair, opts.Len())
+	for i, o := range opts.GetAll() {
+		k, v, err := utils.ParseKeyValueOpt(o)
+		if err != nil {
+			return nil, err
+		}
+		out[i] = utils.KeyValuePair{Key: k, Value: v}
 	}
-	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
+	return out, nil
 }
diff --git a/runconfig/parse_test.go b/runconfig/parse_test.go
index 2b89e88ec3..fd28c4593e 100644
--- a/runconfig/parse_test.go
+++ b/runconfig/parse_test.go
@@ -1,6 +1,7 @@
 package runconfig
 
 import (
+	"github.com/dotcloud/docker/utils"
 	"testing"
 )
 
@@ -8,7 +9,7 @@ func TestParseLxcConfOpt(t *testing.T) {
 	opts := []string{"lxc.utsname=docker", "lxc.utsname = docker "}
 
 	for _, o := range opts {
-		k, v, err := parseLxcOpt(o)
+		k, v, err := utils.ParseKeyValueOpt(o)
 		if err != nil {
 			t.FailNow()
 		}
diff --git a/runtime/container.go b/runtime/container.go
index 4cf307d823..656e9ae587 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -361,9 +361,13 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 func populateCommand(c *Container) {
 	var (
 		en           *execdriver.Network
-		driverConfig []string
+		driverConfig = c.hostConfig.DriverOptions
 	)
 
+	if driverConfig == nil {
+		driverConfig = make(map[string][]string)
+	}
+
 	en = &execdriver.Network{
 		Mtu:       c.runtime.config.Mtu,
 		Interface: nil,
@@ -379,11 +383,9 @@ func populateCommand(c *Container) {
 		}
 	}
 
-	if lxcConf := c.hostConfig.LxcConf; lxcConf != nil {
-		for _, pair := range lxcConf {
-			driverConfig = append(driverConfig, fmt.Sprintf("%s = %s", pair.Key, pair.Value))
-		}
-	}
+	// TODO: this can be removed after lxc-conf is fully deprecated
+	mergeLxcConfIntoOptions(c.hostConfig, driverConfig)
+
 	resources := &execdriver.Resources{
 		Memory:     c.Config.Memory,
 		MemorySwap: c.Config.MemorySwap,
diff --git a/runtime/execdriver/driver.go b/runtime/execdriver/driver.go
index dca889a82d..096ea0790d 100644
--- a/runtime/execdriver/driver.go
+++ b/runtime/execdriver/driver.go
@@ -116,21 +116,21 @@ type Mount struct {
 type Command struct {
 	exec.Cmd `json:"-"`
 
-	ID         string     `json:"id"`
-	Privileged bool       `json:"privileged"`
-	User       string     `json:"user"`
-	Rootfs     string     `json:"rootfs"`   // root fs of the container
-	InitPath   string     `json:"initpath"` // dockerinit
-	Entrypoint string     `json:"entrypoint"`
-	Arguments  []string   `json:"arguments"`
-	WorkingDir string     `json:"working_dir"`
-	ConfigPath string     `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
-	Context    Context    `json:"context"`     // generic context for specific options (apparmor, selinux)
-	Tty        bool       `json:"tty"`
-	Network    *Network   `json:"network"`
-	Config     []string   `json:"config"` //  generic values that specific drivers can consume
-	Resources  *Resources `json:"resources"`
-	Mounts     []Mount    `json:"mounts"`
+	ID         string              `json:"id"`
+	Privileged bool                `json:"privileged"`
+	User       string              `json:"user"`
+	Rootfs     string              `json:"rootfs"`   // root fs of the container
+	InitPath   string              `json:"initpath"` // dockerinit
+	Entrypoint string              `json:"entrypoint"`
+	Arguments  []string            `json:"arguments"`
+	WorkingDir string              `json:"working_dir"`
+	ConfigPath string              `json:"config_path"` // this should be able to be removed when the lxc template is moved into the driver
+	Context    Context             `json:"context"`     // generic context for specific options (apparmor, selinux)
+	Tty        bool                `json:"tty"`
+	Network    *Network            `json:"network"`
+	Config     map[string][]string `json:"config"` //  generic values that specific drivers can consume
+	Resources  *Resources          `json:"resources"`
+	Mounts     []Mount             `json:"mounts"`
 
 	Terminal     Terminal `json:"-"`             // standard or tty terminal
 	Console      string   `json:"-"`             // dev/console path
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index 608fb22436..f325ffcaef 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -123,8 +123,8 @@ lxc.cgroup.cpu.shares = {{.Resources.CpuShares}}
 {{end}}
 {{end}}
 
-{{if .Config}}
-{{range $value := .Config}}
+{{if .Config.lxc}}
+{{range $value := .Config.lxc}}
 {{$value}}
 {{end}}
 {{end}}
diff --git a/runtime/execdriver/lxc/lxc_template_unit_test.go b/runtime/execdriver/lxc/lxc_template_unit_test.go
index e613adf7a9..7f473a0502 100644
--- a/runtime/execdriver/lxc/lxc_template_unit_test.go
+++ b/runtime/execdriver/lxc/lxc_template_unit_test.go
@@ -75,9 +75,11 @@ func TestCustomLxcConfig(t *testing.T) {
 	command := &execdriver.Command{
 		ID:         "1",
 		Privileged: false,
-		Config: []string{
-			"lxc.utsname = docker",
-			"lxc.cgroup.cpuset.cpus = 0,1",
+		Config: map[string][]string{
+			"lxc": {
+				"lxc.utsname = docker",
+				"lxc.cgroup.cpuset.cpus = 0,1",
+			},
 		},
 		Network: &execdriver.Network{
 			Mtu:       1500,
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index 7e1e9ed86e..e11f2de1cf 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -58,6 +58,7 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 		container.Cgroups.Memory = c.Resources.Memory
 		container.Cgroups.MemorySwap = c.Resources.MemorySwap
 	}
+
 	// check to see if we are running in ramdisk to disable pivot root
 	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
 
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index bf7e8ccdec..db974cbf04 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -184,10 +184,9 @@ func (d *driver) removeContainerRoot(id string) error {
 func (d *driver) validateCommand(c *execdriver.Command) error {
 	// we need to check the Config of the command to make sure that we
 	// do not have any of the lxc-conf variables
-	for _, conf := range c.Config {
-		if strings.Contains(conf, "lxc") {
-			return fmt.Errorf("%s is not supported by the native driver", conf)
-		}
+	lxc := c.Config["lxc"]
+	if lxc != nil && len(lxc) > 0 {
+		return fmt.Errorf("lxc config options are not supported by the native driver")
 	}
 	return nil
 }
diff --git a/runtime/utils.go b/runtime/utils.go
index b343b5b10e..b983e67d41 100644
--- a/runtime/utils.go
+++ b/runtime/utils.go
@@ -1,9 +1,11 @@
 package runtime
 
 import (
+	"fmt"
 	"github.com/dotcloud/docker/nat"
 	"github.com/dotcloud/docker/pkg/namesgenerator"
 	"github.com/dotcloud/docker/runconfig"
+	"strings"
 )
 
 func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostConfig) error {
@@ -30,6 +32,24 @@ func migratePortMappings(config *runconfig.Config, hostConfig *runconfig.HostCon
 	return nil
 }
 
+func mergeLxcConfIntoOptions(hostConfig *runconfig.HostConfig, driverConfig map[string][]string) {
+	if hostConfig == nil {
+		return
+	}
+
+	// merge in the lxc conf options into the generic config map
+	if lxcConf := hostConfig.LxcConf; lxcConf != nil {
+		lxc := driverConfig["lxc"]
+		for _, pair := range lxcConf {
+			// because lxc conf gets the driver name lxc.XXXX we need to trim it off
+			// and let the lxc driver add it back later if needed
+			parts := strings.SplitN(pair.Key, ".", 2)
+			lxc = append(lxc, fmt.Sprintf("%s=%s", parts[1], pair.Value))
+		}
+		driverConfig["lxc"] = lxc
+	}
+}
+
 type checker struct {
 	runtime *Runtime
 }
diff --git a/utils/utils.go b/utils/utils.go
index 2702555973..1fe2e87b4f 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -25,6 +25,11 @@ import (
 	"time"
 )
 
+type KeyValuePair struct {
+	Key   string
+	Value string
+}
+
 // A common interface to access the Fatal method of
 // both testing.B and testing.T.
 type Fataler interface {
@@ -1071,3 +1076,11 @@ func ReadSymlinkedDirectory(path string) (string, error) {
 	}
 	return realPath, nil
 }
+
+func ParseKeyValueOpt(opt string) (string, string, error) {
+	parts := strings.SplitN(opt, "=", 2)
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("Unable to parse key/value option: %s", opt)
+	}
+	return strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]), nil
+}

From 7f7d8419a71d49b25e4d38196b36e93b568bb61d Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 14 Mar 2014 10:47:49 +0100
Subject: [PATCH 230/384] cgroups: Splity out Apply/Cleanup to separate
 file/interface

This leaves only the generic cgroup helper functions in cgroups.go and
will allow easy implementations of other cgroup managers.

This also wires up the call to Cleanup the cgroup which was missing
before.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 pkg/cgroups/apply_raw.go        | 189 ++++++++++++++++++++++++++++++++
 pkg/cgroups/cgroups.go          | 171 +----------------------------
 pkg/libcontainer/nsinit/exec.go |  16 ++-
 3 files changed, 205 insertions(+), 171 deletions(-)
 create mode 100644 pkg/cgroups/apply_raw.go

diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go
new file mode 100644
index 0000000000..bce96f4951
--- /dev/null
+++ b/pkg/cgroups/apply_raw.go
@@ -0,0 +1,189 @@
+package cgroups
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+)
+
+type rawCgroup struct {
+	root   string
+	cgroup string
+}
+
+func rawApply(c *Cgroup, pid int) (ActiveCgroup, error) {
+	// We have two implementation of cgroups support, one is based on
+	// systemd and the dbus api, and one is based on raw cgroup fs operations
+	// following the pre-single-writer model docs at:
+	// http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/
+	//
+	// we can pick any subsystem to find the root
+
+	cgroupRoot, err := FindCgroupMountpoint("cpu")
+	if err != nil {
+		return nil, err
+	}
+	cgroupRoot = filepath.Dir(cgroupRoot)
+
+	if _, err := os.Stat(cgroupRoot); err != nil {
+		return nil, fmt.Errorf("cgroups fs not found")
+	}
+
+	cgroup := c.Name
+	if c.Parent != "" {
+		cgroup = filepath.Join(c.Parent, cgroup)
+	}
+
+	raw := &rawCgroup{
+		root:   cgroupRoot,
+		cgroup: cgroup,
+	}
+
+	if err := raw.setupDevices(c, pid); err != nil {
+		return nil, err
+	}
+	if err := raw.setupMemory(c, pid); err != nil {
+		return nil, err
+	}
+	if err := raw.setupCpu(c, pid); err != nil {
+		return nil, err
+	}
+	return raw, nil
+}
+
+func (raw *rawCgroup) path(subsystem string) (string, error) {
+	initPath, err := GetInitCgroupDir(subsystem)
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(raw.root, subsystem, initPath, raw.cgroup), nil
+}
+
+func (raw *rawCgroup) join(subsystem string, pid int) (string, error) {
+	path, err := raw.path(subsystem)
+	if err != nil {
+		return "", err
+	}
+	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
+		return "", err
+	}
+	if err := writeFile(path, "tasks", strconv.Itoa(pid)); err != nil {
+		return "", err
+	}
+	return path, nil
+}
+
+func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
+	if !c.DeviceAccess {
+		dir, err := raw.join("devices", pid)
+		if err != nil {
+			return err
+		}
+
+		defer func() {
+			if err != nil {
+				os.RemoveAll(dir)
+			}
+		}()
+
+		if err := writeFile(dir, "devices.deny", "a"); err != nil {
+			return err
+		}
+
+		allow := []string{
+			// /dev/null, zero, full
+			"c 1:3 rwm",
+			"c 1:5 rwm",
+			"c 1:7 rwm",
+
+			// consoles
+			"c 5:1 rwm",
+			"c 5:0 rwm",
+			"c 4:0 rwm",
+			"c 4:1 rwm",
+
+			// /dev/urandom,/dev/random
+			"c 1:9 rwm",
+			"c 1:8 rwm",
+
+			// /dev/pts/ - pts namespaces are "coming soon"
+			"c 136:* rwm",
+			"c 5:2 rwm",
+
+			// tuntap
+			"c 10:200 rwm",
+		}
+
+		for _, val := range allow {
+			if err := writeFile(dir, "devices.allow", val); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (raw *rawCgroup) setupMemory(c *Cgroup, pid int) (err error) {
+	if c.Memory != 0 || c.MemorySwap != 0 {
+		dir, err := raw.join("memory", pid)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			if err != nil {
+				os.RemoveAll(dir)
+			}
+		}()
+
+		if c.Memory != 0 {
+			if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
+				return err
+			}
+			if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
+				return err
+			}
+		}
+		// By default, MemorySwap is set to twice the size of RAM.
+		// If you want to omit MemorySwap, set it to `-1'.
+		if c.MemorySwap != -1 {
+			if err := writeFile(dir, "memory.memsw.limit_in_bytes", strconv.FormatInt(c.Memory*2, 10)); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (raw *rawCgroup) setupCpu(c *Cgroup, pid int) (err error) {
+	// We always want to join the cpu group, to allow fair cpu scheduling
+	// on a container basis
+	dir, err := raw.join("cpu", pid)
+	if err != nil {
+		return err
+	}
+	if c.CpuShares != 0 {
+		if err := writeFile(dir, "cpu.shares", strconv.FormatInt(c.CpuShares, 10)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (raw *rawCgroup) Cleanup() error {
+	get := func(subsystem string) string {
+		path, _ := raw.path(subsystem)
+		return path
+	}
+
+	for _, path := range []string{
+		get("memory"),
+		get("devices"),
+		get("cpu"),
+	} {
+		if path != "" {
+			os.RemoveAll(path)
+		}
+	}
+	return nil
+}
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index b40e1a31fa..f35556f712 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -8,7 +8,6 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
 )
 
@@ -22,6 +21,10 @@ type Cgroup struct {
 	CpuShares    int64 `json:"cpu_shares,omitempty"`    // CPU shares (relative weight vs. other containers)
 }
 
+type ActiveCgroup interface {
+	Cleanup() error
+}
+
 // https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
 func FindCgroupMountpoint(subsystem string) (string, error) {
 	mounts, err := mount.GetMounts()
@@ -62,48 +65,6 @@ func GetInitCgroupDir(subsystem string) (string, error) {
 	return parseCgroupFile(subsystem, f)
 }
 
-func (c *Cgroup) Path(root, subsystem string) (string, error) {
-	cgroup := c.Name
-	if c.Parent != "" {
-		cgroup = filepath.Join(c.Parent, cgroup)
-	}
-	initPath, err := GetInitCgroupDir(subsystem)
-	if err != nil {
-		return "", err
-	}
-	return filepath.Join(root, subsystem, initPath, cgroup), nil
-}
-
-func (c *Cgroup) Join(root, subsystem string, pid int) (string, error) {
-	path, err := c.Path(root, subsystem)
-	if err != nil {
-		return "", err
-	}
-	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
-		return "", err
-	}
-	if err := writeFile(path, "tasks", strconv.Itoa(pid)); err != nil {
-		return "", err
-	}
-	return path, nil
-}
-
-func (c *Cgroup) Cleanup(root string) error {
-	get := func(subsystem string) string {
-		path, _ := c.Path(root, subsystem)
-		return path
-	}
-
-	for _, path := range []string{
-		get("memory"),
-		get("devices"),
-		get("cpu"),
-	} {
-		os.RemoveAll(path)
-	}
-	return nil
-}
-
 func parseCgroupFile(subsystem string, r io.Reader) (string, error) {
 	s := bufio.NewScanner(r)
 	for s.Scan() {
@@ -125,126 +86,6 @@ func writeFile(dir, file, data string) error {
 	return ioutil.WriteFile(filepath.Join(dir, file), []byte(data), 0700)
 }
 
-func (c *Cgroup) Apply(pid int) error {
-	// We have two implementation of cgroups support, one is based on
-	// systemd and the dbus api, and one is based on raw cgroup fs operations
-	// following the pre-single-writer model docs at:
-	// http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/
-	//
-	// we can pick any subsystem to find the root
-	cgroupRoot, err := FindCgroupMountpoint("cpu")
-	if err != nil {
-		return err
-	}
-	cgroupRoot = filepath.Dir(cgroupRoot)
-
-	if _, err := os.Stat(cgroupRoot); err != nil {
-		return fmt.Errorf("cgroups fs not found")
-	}
-	if err := c.setupDevices(cgroupRoot, pid); err != nil {
-		return err
-	}
-	if err := c.setupMemory(cgroupRoot, pid); err != nil {
-		return err
-	}
-	if err := c.setupCpu(cgroupRoot, pid); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *Cgroup) setupDevices(cgroupRoot string, pid int) (err error) {
-	if !c.DeviceAccess {
-		dir, err := c.Join(cgroupRoot, "devices", pid)
-		if err != nil {
-			return err
-		}
-
-		defer func() {
-			if err != nil {
-				os.RemoveAll(dir)
-			}
-		}()
-
-		if err := writeFile(dir, "devices.deny", "a"); err != nil {
-			return err
-		}
-
-		allow := []string{
-			// /dev/null, zero, full
-			"c 1:3 rwm",
-			"c 1:5 rwm",
-			"c 1:7 rwm",
-
-			// consoles
-			"c 5:1 rwm",
-			"c 5:0 rwm",
-			"c 4:0 rwm",
-			"c 4:1 rwm",
-
-			// /dev/urandom,/dev/random
-			"c 1:9 rwm",
-			"c 1:8 rwm",
-
-			// /dev/pts/ - pts namespaces are "coming soon"
-			"c 136:* rwm",
-			"c 5:2 rwm",
-
-			// tuntap
-			"c 10:200 rwm",
-		}
-
-		for _, val := range allow {
-			if err := writeFile(dir, "devices.allow", val); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (c *Cgroup) setupMemory(cgroupRoot string, pid int) (err error) {
-	if c.Memory != 0 || c.MemorySwap != 0 {
-		dir, err := c.Join(cgroupRoot, "memory", pid)
-		if err != nil {
-			return err
-		}
-		defer func() {
-			if err != nil {
-				os.RemoveAll(dir)
-			}
-		}()
-
-		if c.Memory != 0 {
-			if err := writeFile(dir, "memory.limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
-				return err
-			}
-			if err := writeFile(dir, "memory.soft_limit_in_bytes", strconv.FormatInt(c.Memory, 10)); err != nil {
-				return err
-			}
-		}
-		// By default, MemorySwap is set to twice the size of RAM.
-		// If you want to omit MemorySwap, set it to `-1'.
-		if c.MemorySwap != -1 {
-			if err := writeFile(dir, "memory.memsw.limit_in_bytes", strconv.FormatInt(c.Memory*2, 10)); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (c *Cgroup) setupCpu(cgroupRoot string, pid int) (err error) {
-	// We always want to join the cpu group, to allow fair cpu scheduling
-	// on a container basis
-	dir, err := c.Join(cgroupRoot, "cpu", pid)
-	if err != nil {
-		return err
-	}
-	if c.CpuShares != 0 {
-		if err := writeFile(dir, "cpu.shares", strconv.FormatInt(c.CpuShares, 10)); err != nil {
-			return err
-		}
-	}
-	return nil
+func (c *Cgroup) Apply(pid int) (ActiveCgroup, error) {
+	return rawApply(c, pid)
 }
diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go
index 61286cc13c..a44faafe0e 100644
--- a/pkg/libcontainer/nsinit/exec.go
+++ b/pkg/libcontainer/nsinit/exec.go
@@ -3,6 +3,7 @@
 package nsinit
 
 import (
+	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/pkg/libcontainer/network"
 	"github.com/dotcloud/docker/pkg/system"
@@ -61,10 +62,15 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	// Do this before syncing with child so that no children
 	// can escape the cgroup
 	ns.logger.Println("setting cgroups")
-	if err := ns.SetupCgroups(container, command.Process.Pid); err != nil {
+	activeCgroup, err := ns.SetupCgroups(container, command.Process.Pid)
+	if err != nil {
 		command.Process.Kill()
 		return -1, err
 	}
+	if activeCgroup != nil {
+		defer activeCgroup.Cleanup()
+	}
+
 	ns.logger.Println("setting up network")
 	if err := ns.InitializeNetworking(container, command.Process.Pid, syncPipe); err != nil {
 		command.Process.Kill()
@@ -85,13 +91,11 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	return status, err
 }
 
-func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) error {
+func (ns *linuxNs) SetupCgroups(container *libcontainer.Container, nspid int) (cgroups.ActiveCgroup, error) {
 	if container.Cgroups != nil {
-		if err := container.Cgroups.Apply(nspid); err != nil {
-			return err
-		}
+		return container.Cgroups.Apply(nspid)
 	}
-	return nil
+	return nil, nil
 }
 
 func (ns *linuxNs) InitializeNetworking(container *libcontainer.Container, nspid int, pipe *SyncPipe) error {

From 9294d7f2af6ecb7c18be11fb5043fad4a61d8f09 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 14 Mar 2014 11:45:29 +0100
Subject: [PATCH 231/384] cgroups: Join groups by writing to cgroups.procs, not
 tasks

cgroups.procs moves all the threads of the process, and "tasks" just
the one thread. I believe there is a risk that we move the main thread,
but then we accidentally fork off one of the other threads if the go
scheduler randomly switched to another thread. So, it seems safer (and
more correct) to use cgroups.procs.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 pkg/cgroups/apply_raw.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go
index bce96f4951..47a2a002b8 100644
--- a/pkg/cgroups/apply_raw.go
+++ b/pkg/cgroups/apply_raw.go
@@ -68,7 +68,7 @@ func (raw *rawCgroup) join(subsystem string, pid int) (string, error) {
 	if err := os.MkdirAll(path, 0755); err != nil && !os.IsExist(err) {
 		return "", err
 	}
-	if err := writeFile(path, "tasks", strconv.Itoa(pid)); err != nil {
+	if err := writeFile(path, "cgroup.procs", strconv.Itoa(pid)); err != nil {
 		return "", err
 	}
 	return path, nil

From d4725801b3401d04b3f35b5783bdc0fc362f7f00 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 21 Feb 2014 10:34:06 +0100
Subject: [PATCH 232/384] Vendor github.com/godbus/dbus and
 github.com/coreos/go-systemd

We need this to do systemd API calls.

We also add the static_build tag to make godbus not use
os/user which is problematic for static builds.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 hack/make.sh                                  |   2 +-
 hack/vendor.sh                                |   3 +
 .../github.com/coreos/go-systemd/.travis.yml  |   8 +
 .../src/github.com/coreos/go-systemd/LICENSE  | 191 ++++
 .../github.com/coreos/go-systemd/README.md    |  44 +
 .../coreos/go-systemd/activation/files.go     |  56 ++
 .../go-systemd/activation/files_test.go       |  84 ++
 .../coreos/go-systemd/activation/listeners.go |  38 +
 .../go-systemd/activation/listeners_test.go   |  88 ++
 .../github.com/coreos/go-systemd/dbus/dbus.go | 104 +++
 .../coreos/go-systemd/dbus/dbus_test.go       |  41 +
 .../coreos/go-systemd/dbus/methods.go         | 354 ++++++++
 .../coreos/go-systemd/dbus/methods_test.go    | 314 +++++++
 .../coreos/go-systemd/dbus/properties.go      | 220 +++++
 .../github.com/coreos/go-systemd/dbus/set.go  |  26 +
 .../coreos/go-systemd/dbus/set_test.go        |  26 +
 .../coreos/go-systemd/dbus/subscription.go    | 249 ++++++
 .../go-systemd/dbus/subscription_set.go       |  32 +
 .../go-systemd/dbus/subscription_set_test.go  |  67 ++
 .../go-systemd/dbus/subscription_test.go      |  90 ++
 .../examples/activation/activation.go         |  44 +
 .../examples/activation/httpserver/README.md  |  19 +
 .../activation/httpserver/hello.service       |  11 +
 .../activation/httpserver/hello.socket        |   5 +
 .../activation/httpserver/httpserver.go       |  26 +
 .../go-systemd/examples/activation/listen.go  |  50 ++
 .../go-systemd/fixtures/start-stop.service    |   5 +
 .../fixtures/subscribe-events-set.service     |   5 +
 .../fixtures/subscribe-events.service         |   5 +
 .../coreos/go-systemd/journal/send.go         | 168 ++++
 vendor/src/github.com/coreos/go-systemd/test  |   3 +
 vendor/src/github.com/godbus/dbus/LICENSE     |  25 +
 .../github.com/godbus/dbus/README.markdown    |  38 +
 .../godbus/dbus/_examples/eavesdrop.go        |  30 +
 .../godbus/dbus/_examples/introspect.go       |  21 +
 .../godbus/dbus/_examples/list-names.go       |  27 +
 .../godbus/dbus/_examples/notification.go     |  17 +
 .../github.com/godbus/dbus/_examples/prop.go  |  68 ++
 .../godbus/dbus/_examples/server.go           |  45 +
 .../godbus/dbus/_examples/signal.go           |  24 +
 vendor/src/github.com/godbus/dbus/auth.go     | 253 ++++++
 .../github.com/godbus/dbus/auth_external.go   |  26 +
 .../src/github.com/godbus/dbus/auth_sha1.go   | 102 +++
 vendor/src/github.com/godbus/dbus/call.go     | 147 ++++
 vendor/src/github.com/godbus/dbus/conn.go     | 601 +++++++++++++
 .../src/github.com/godbus/dbus/conn_darwin.go |  21 +
 .../src/github.com/godbus/dbus/conn_other.go  |  27 +
 .../src/github.com/godbus/dbus/conn_test.go   | 199 +++++
 vendor/src/github.com/godbus/dbus/dbus.go     | 258 ++++++
 vendor/src/github.com/godbus/dbus/decoder.go  | 228 +++++
 vendor/src/github.com/godbus/dbus/doc.go      |  63 ++
 vendor/src/github.com/godbus/dbus/encoder.go  | 179 ++++
 .../github.com/godbus/dbus/examples_test.go   |  50 ++
 vendor/src/github.com/godbus/dbus/export.go   | 302 +++++++
 vendor/src/github.com/godbus/dbus/homedir.go  |  28 +
 .../github.com/godbus/dbus/homedir_dynamic.go |  15 +
 .../github.com/godbus/dbus/homedir_static.go  |  45 +
 .../github.com/godbus/dbus/introspect/call.go |  27 +
 .../godbus/dbus/introspect/introspect.go      |  80 ++
 .../godbus/dbus/introspect/introspectable.go  |  74 ++
 vendor/src/github.com/godbus/dbus/message.go  | 346 ++++++++
 .../src/github.com/godbus/dbus/prop/prop.go   | 264 ++++++
 .../src/github.com/godbus/dbus/proto_test.go  | 369 ++++++++
 vendor/src/github.com/godbus/dbus/sig.go      | 257 ++++++
 vendor/src/github.com/godbus/dbus/sig_test.go |  70 ++
 .../godbus/dbus/transport_darwin.go           |   6 +
 .../godbus/dbus/transport_generic.go          |  35 +
 .../github.com/godbus/dbus/transport_unix.go  | 190 ++++
 .../godbus/dbus/transport_unix_test.go        |  49 ++
 .../godbus/dbus/transport_unixcred.go         |  22 +
 vendor/src/github.com/godbus/dbus/variant.go  | 129 +++
 .../github.com/godbus/dbus/variant_lexer.go   | 284 ++++++
 .../github.com/godbus/dbus/variant_parser.go  | 817 ++++++++++++++++++
 .../github.com/godbus/dbus/variant_test.go    |  78 ++
 74 files changed, 8313 insertions(+), 1 deletion(-)
 create mode 100644 vendor/src/github.com/coreos/go-systemd/.travis.yml
 create mode 100644 vendor/src/github.com/coreos/go-systemd/LICENSE
 create mode 100644 vendor/src/github.com/coreos/go-systemd/README.md
 create mode 100644 vendor/src/github.com/coreos/go-systemd/activation/files.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/activation/files_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/activation/listeners.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/methods.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/properties.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/set.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
 create mode 100644 vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
 create mode 100644 vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
 create mode 100644 vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
 create mode 100644 vendor/src/github.com/coreos/go-systemd/journal/send.go
 create mode 100755 vendor/src/github.com/coreos/go-systemd/test
 create mode 100644 vendor/src/github.com/godbus/dbus/LICENSE
 create mode 100644 vendor/src/github.com/godbus/dbus/README.markdown
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/introspect.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/list-names.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/notification.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/prop.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/server.go
 create mode 100644 vendor/src/github.com/godbus/dbus/_examples/signal.go
 create mode 100644 vendor/src/github.com/godbus/dbus/auth.go
 create mode 100644 vendor/src/github.com/godbus/dbus/auth_external.go
 create mode 100644 vendor/src/github.com/godbus/dbus/auth_sha1.go
 create mode 100644 vendor/src/github.com/godbus/dbus/call.go
 create mode 100644 vendor/src/github.com/godbus/dbus/conn.go
 create mode 100644 vendor/src/github.com/godbus/dbus/conn_darwin.go
 create mode 100644 vendor/src/github.com/godbus/dbus/conn_other.go
 create mode 100644 vendor/src/github.com/godbus/dbus/conn_test.go
 create mode 100644 vendor/src/github.com/godbus/dbus/dbus.go
 create mode 100644 vendor/src/github.com/godbus/dbus/decoder.go
 create mode 100644 vendor/src/github.com/godbus/dbus/doc.go
 create mode 100644 vendor/src/github.com/godbus/dbus/encoder.go
 create mode 100644 vendor/src/github.com/godbus/dbus/examples_test.go
 create mode 100644 vendor/src/github.com/godbus/dbus/export.go
 create mode 100644 vendor/src/github.com/godbus/dbus/homedir.go
 create mode 100644 vendor/src/github.com/godbus/dbus/homedir_dynamic.go
 create mode 100644 vendor/src/github.com/godbus/dbus/homedir_static.go
 create mode 100644 vendor/src/github.com/godbus/dbus/introspect/call.go
 create mode 100644 vendor/src/github.com/godbus/dbus/introspect/introspect.go
 create mode 100644 vendor/src/github.com/godbus/dbus/introspect/introspectable.go
 create mode 100644 vendor/src/github.com/godbus/dbus/message.go
 create mode 100644 vendor/src/github.com/godbus/dbus/prop/prop.go
 create mode 100644 vendor/src/github.com/godbus/dbus/proto_test.go
 create mode 100644 vendor/src/github.com/godbus/dbus/sig.go
 create mode 100644 vendor/src/github.com/godbus/dbus/sig_test.go
 create mode 100644 vendor/src/github.com/godbus/dbus/transport_darwin.go
 create mode 100644 vendor/src/github.com/godbus/dbus/transport_generic.go
 create mode 100644 vendor/src/github.com/godbus/dbus/transport_unix.go
 create mode 100644 vendor/src/github.com/godbus/dbus/transport_unix_test.go
 create mode 100644 vendor/src/github.com/godbus/dbus/transport_unixcred.go
 create mode 100644 vendor/src/github.com/godbus/dbus/variant.go
 create mode 100644 vendor/src/github.com/godbus/dbus/variant_lexer.go
 create mode 100644 vendor/src/github.com/godbus/dbus/variant_parser.go
 create mode 100644 vendor/src/github.com/godbus/dbus/variant_test.go

diff --git a/hack/make.sh b/hack/make.sh
index b77e9b7f44..dbb9dbfdfd 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -89,7 +89,7 @@ LDFLAGS='
 '
 LDFLAGS_STATIC='-linkmode external'
 EXTLDFLAGS_STATIC='-static'
-BUILDFLAGS=( -a -tags "netgo $DOCKER_BUILDTAGS" )
+BUILDFLAGS=( -a -tags "netgo static_build $DOCKER_BUILDTAGS" )
 
 # A few more flags that are specific just to building a completely-static binary (see hack/make/binary)
 # PLEASE do not use these anywhere else.
diff --git a/hack/vendor.sh b/hack/vendor.sh
index ac996dde12..4200d90867 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -58,3 +58,6 @@ mv src/code.google.com/p/go/src/pkg/archive/tar tmp-tar
 rm -rf src/code.google.com/p/go
 mkdir -p src/code.google.com/p/go/src/pkg/archive
 mv tmp-tar src/code.google.com/p/go/src/pkg/archive/tar
+
+clone git github.com/godbus/dbus cb98efbb933d8389ab549a060e880ea3c375d213
+clone git github.com/coreos/go-systemd 4c14ed39b8a643ac44b4f95b5a53c00e94261475
diff --git a/vendor/src/github.com/coreos/go-systemd/.travis.yml b/vendor/src/github.com/coreos/go-systemd/.travis.yml
new file mode 100644
index 0000000000..8c9f56e44a
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/.travis.yml
@@ -0,0 +1,8 @@
+language: go
+go: 1.2
+
+install:
+ - echo "Skip install"
+
+script:
+ - ./test
diff --git a/vendor/src/github.com/coreos/go-systemd/LICENSE b/vendor/src/github.com/coreos/go-systemd/LICENSE
new file mode 100644
index 0000000000..37ec93a14f
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/LICENSE
@@ -0,0 +1,191 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright
+owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities
+that control, are controlled by, or are under common control with that entity.
+For the purposes of this definition, "control" means (i) the power, direct or
+indirect, to cause the direction or management of such entity, whether by
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising
+permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including
+but not limited to software source code, documentation source, and configuration
+files.
+
+"Object" form shall mean any form resulting from mechanical transformation or
+translation of a Source form, including but not limited to compiled object code,
+generated documentation, and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made
+available under the License, as indicated by a copyright notice that is included
+in or attached to the work (an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that
+is based on (or derived from) the Work and for which the editorial revisions,
+annotations, elaborations, or other modifications represent, as a whole, an
+original work of authorship. For the purposes of this License, Derivative Works
+shall not include works that remain separable from, or merely link (or bind by
+name) to the interfaces of, the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version
+of the Work and any modifications or additions to that Work or Derivative Works
+thereof, that is intentionally submitted to Licensor for inclusion in the Work
+by the copyright owner or by an individual or Legal Entity authorized to submit
+on behalf of the copyright owner. For the purposes of this definition,
+"submitted" means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems, and
+issue tracking systems that are managed by, or on behalf of, the Licensor for
+the purpose of discussing and improving the Work, but excluding communication
+that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf
+of whom a Contribution has been received by Licensor and subsequently
+incorporated within the Work.
+
+2. Grant of Copyright License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+3. Grant of Patent License.
+
+Subject to the terms and conditions of this License, each Contributor hereby
+grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,
+irrevocable (except as stated in this section) patent license to make, have
+made, use, offer to sell, sell, import, and otherwise transfer the Work, where
+such license applies only to those patent claims licensable by such Contributor
+that are necessarily infringed by their Contribution(s) alone or by combination
+of their Contribution(s) with the Work to which such Contribution(s) was
+submitted. If You institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work or a
+Contribution incorporated within the Work constitutes direct or contributory
+patent infringement, then any patent licenses granted to You under this License
+for that Work shall terminate as of the date such litigation is filed.
+
+4. Redistribution.
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof
+in any medium, with or without modifications, and in Source or Object form,
+provided that You meet the following conditions:
+
+You must give any other recipients of the Work or Derivative Works a copy of
+this License; and
+You must cause any modified files to carry prominent notices stating that You
+changed the files; and
+You must retain, in the Source form of any Derivative Works that You distribute,
+all copyright, patent, trademark, and attribution notices from the Source form
+of the Work, excluding those notices that do not pertain to any part of the
+Derivative Works; and
+If the Work includes a "NOTICE" text file as part of its distribution, then any
+Derivative Works that You distribute must include a readable copy of the
+attribution notices contained within such NOTICE file, excluding those notices
+that do not pertain to any part of the Derivative Works, in at least one of the
+following places: within a NOTICE text file distributed as part of the
+Derivative Works; within the Source form or documentation, if provided along
+with the Derivative Works; or, within a display generated by the Derivative
+Works, if and wherever such third-party notices normally appear. The contents of
+the NOTICE file are for informational purposes only and do not modify the
+License. You may add Your own attribution notices within Derivative Works that
+You distribute, alongside or as an addendum to the NOTICE text from the Work,
+provided that such additional attribution notices cannot be construed as
+modifying the License.
+You may add Your own copyright statement to Your modifications and may provide
+additional or different license terms and conditions for use, reproduction, or
+distribution of Your modifications, or for any such Derivative Works as a whole,
+provided Your use, reproduction, and distribution of the Work otherwise complies
+with the conditions stated in this License.
+
+5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted
+for inclusion in the Work by You to the Licensor shall be under the terms and
+conditions of this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify the terms of
+any separate license agreement you may have executed with Licensor regarding
+such Contributions.
+
+6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks,
+service marks, or product names of the Licensor, except as required for
+reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty.
+
+Unless required by applicable law or agreed to in writing, Licensor provides the
+Work (and each Contributor provides its Contributions) on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,
+including, without limitation, any warranties or conditions of TITLE,
+NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are
+solely responsible for determining the appropriateness of using or
+redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+8. Limitation of Liability.
+
+In no event and under no legal theory, whether in tort (including negligence),
+contract, or otherwise, unless required by applicable law (such as deliberate
+and grossly negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special, incidental,
+or consequential damages of any character arising as a result of this License or
+out of the use or inability to use the Work (including but not limited to
+damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has
+been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to
+offer, and charge a fee for, acceptance of support, warranty, indemnity, or
+other liability obligations and/or rights consistent with this License. However,
+in accepting such obligations, You may act only on Your own behalf and on Your
+sole responsibility, not on behalf of any other Contributor, and only if You
+agree to indemnify, defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason of your
+accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work
+
+To apply the Apache License to your work, attach the following boilerplate
+notice, with the fields enclosed by brackets "[]" replaced with your own
+identifying information. (Don't include the brackets!) The text should be
+enclosed in the appropriate comment syntax for the file format. We also
+recommend that a file or class name and description of purpose be included on
+the same "printed page" as the copyright notice for easier identification within
+third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/src/github.com/coreos/go-systemd/README.md b/vendor/src/github.com/coreos/go-systemd/README.md
new file mode 100644
index 0000000000..0ee09fec0a
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/README.md
@@ -0,0 +1,44 @@
+# go-systemd
+
+Go bindings to systemd. The project has three packages:
+
+- activation - for writing and using socket activation from Go
+- journal - for writing to systemd's logging service, journal
+- dbus - for starting/stopping/inspecting running services and units
+
+Go docs for the entire project are here:
+
+http://godoc.org/github.com/coreos/go-systemd
+
+## Socket Activation
+
+An example HTTP server using socket activation can be quickly setup by
+following this README on a Linux machine running systemd:
+
+https://github.com/coreos/go-systemd/tree/master/examples/activation/httpserver
+
+## Journal
+
+Using this package you can submit journal entries directly to systemd's journal taking advantage of features like indexed key/value pairs for each log entry.
+
+## D-Bus
+
+The D-Bus API lets you start, stop and introspect systemd units. The API docs are here:
+
+http://godoc.org/github.com/coreos/go-systemd/dbus
+
+### Debugging
+
+Create `/etc/dbus-1/system-local.conf` that looks like this:
+
+```
+<!DOCTYPE busconfig PUBLIC
+"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy user="root">
+        <allow eavesdrop="true"/>
+        <allow eavesdrop="true" send_destination="*"/>
+    </policy>
+</busconfig>
+```
diff --git a/vendor/src/github.com/coreos/go-systemd/activation/files.go b/vendor/src/github.com/coreos/go-systemd/activation/files.go
new file mode 100644
index 0000000000..74b4fc10f3
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/activation/files.go
@@ -0,0 +1,56 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package activation implements primitives for systemd socket activation.
+package activation
+
+import (
+	"os"
+	"strconv"
+	"syscall"
+)
+
+// based on: https://gist.github.com/alberts/4640792
+const (
+	listenFdsStart = 3
+)
+
+func Files(unsetEnv bool) []*os.File {
+	if unsetEnv {
+		// there is no way to unset env in golang os package for now
+		// https://code.google.com/p/go/issues/detail?id=6423
+		defer os.Setenv("LISTEN_PID", "")
+		defer os.Setenv("LISTEN_FDS", "")
+	}
+
+	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
+	if err != nil || pid != os.Getpid() {
+		return nil
+	}
+
+	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
+	if err != nil || nfds == 0 {
+		return nil
+	}
+
+	var files []*os.File
+	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
+		syscall.CloseOnExec(fd)
+		files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd)))
+	}
+
+	return files
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/activation/files_test.go b/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
new file mode 100644
index 0000000000..a1c6948fb2
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/activation/files_test.go
@@ -0,0 +1,84 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"bytes"
+	"io"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// correctStringWritten fails the text if the correct string wasn't written
+// to the other side of the pipe.
+func correctStringWritten(t *testing.T, r *os.File, expected string) bool {
+	bytes := make([]byte, len(expected))
+	io.ReadAtLeast(r, bytes, len(expected))
+
+	if string(bytes) != expected {
+		t.Fatalf("Unexpected string %s", string(bytes))
+	}
+
+	return true
+}
+
+// TestActivation forks out a copy of activation.go example and reads back two
+// strings from the pipes that are passed in.
+func TestActivation(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+
+	r1, w1, _ := os.Pipe()
+	r2, w2, _ := os.Pipe()
+	cmd.ExtraFiles = []*os.File{
+		w1,
+		w2,
+	}
+
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
+
+	err := cmd.Run()
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	correctStringWritten(t, r1, "Hello world")
+	correctStringWritten(t, r2, "Goodbye world")
+}
+
+func TestActivationNoFix(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2")
+
+	out, _ := cmd.CombinedOutput()
+	if bytes.Contains(out, []byte("No files")) == false {
+		t.Fatalf("Child didn't error out as expected")
+	}
+}
+
+func TestActivationNoFiles(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/activation.go")
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=0", "FIX_LISTEN_PID=1")
+
+	out, _ := cmd.CombinedOutput()
+	if bytes.Contains(out, []byte("No files")) == false {
+		t.Fatalf("Child didn't error out as expected")
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/activation/listeners.go b/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
new file mode 100644
index 0000000000..cdb2cf4bb4
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/activation/listeners.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"fmt"
+	"net"
+)
+
+// Listeners returns net.Listeners for all socket activated fds passed to this process.
+func Listeners(unsetEnv bool) ([]net.Listener, error) {
+	files := Files(unsetEnv)
+	listeners := make([]net.Listener, len(files))
+
+	for i, f := range files {
+		var err error
+		listeners[i], err = net.FileListener(f)
+		if err != nil {
+			return nil, fmt.Errorf("Error setting up FileListener for fd %d: %s", f.Fd(), err.Error())
+		}
+	}
+
+	return listeners, nil
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go b/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
new file mode 100644
index 0000000000..c3627d6d4d
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/activation/listeners_test.go
@@ -0,0 +1,88 @@
+/*
+Copyright 2014 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package activation
+
+import (
+	"io"
+	"net"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// correctStringWritten fails the text if the correct string wasn't written
+// to the other side of the pipe.
+func correctStringWrittenNet(t *testing.T, r net.Conn, expected string) bool {
+	bytes := make([]byte, len(expected))
+	io.ReadAtLeast(r, bytes, len(expected))
+
+	if string(bytes) != expected {
+		t.Fatalf("Unexpected string %s", string(bytes))
+	}
+
+	return true
+}
+
+// TestActivation forks out a copy of activation.go example and reads back two
+// strings from the pipes that are passed in.
+func TestListeners(t *testing.T) {
+	cmd := exec.Command("go", "run", "../examples/activation/listen.go")
+
+	l1, err := net.Listen("tcp", ":9999")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	l2, err := net.Listen("tcp", ":1234")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	t1 := l1.(*net.TCPListener)
+	t2 := l2.(*net.TCPListener)
+
+	f1, _ := t1.File()
+	f2, _  := t2.File()
+
+	cmd.ExtraFiles = []*os.File{
+		f1,
+		f2,
+	}
+
+	r1, err := net.Dial("tcp", "127.0.0.1:9999")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	r1.Write([]byte("Hi"))
+
+	r2, err := net.Dial("tcp", "127.0.0.1:1234")
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+	r2.Write([]byte("Hi"))
+
+	cmd.Env = os.Environ()
+	cmd.Env = append(cmd.Env, "LISTEN_FDS=2", "FIX_LISTEN_PID=1")
+
+	out, err := cmd.Output()
+	if err != nil {
+		println(string(out))
+		t.Fatalf(err.Error())
+	}
+
+	correctStringWrittenNet(t, r1, "Hello world")
+	correctStringWrittenNet(t, r2, "Goodbye world")
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go b/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
new file mode 100644
index 0000000000..91d7112145
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/dbus.go
@@ -0,0 +1,104 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Integration with the systemd D-Bus API.  See http://www.freedesktop.org/wiki/Software/systemd/dbus/
+package dbus
+
+import (
+	"os"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/godbus/dbus"
+)
+
+const signalBuffer = 100
+
+// ObjectPath creates a dbus.ObjectPath using the rules that systemd uses for
+// serializing special characters.
+func ObjectPath(path string) dbus.ObjectPath {
+	path = strings.Replace(path, ".", "_2e", -1)
+	path = strings.Replace(path, "-", "_2d", -1)
+	path = strings.Replace(path, "@", "_40", -1)
+
+	return dbus.ObjectPath(path)
+}
+
+// Conn is a connection to systemds dbus endpoint.
+type Conn struct {
+	sysconn     *dbus.Conn
+	sysobj      *dbus.Object
+	jobListener struct {
+		jobs map[dbus.ObjectPath]chan string
+		sync.Mutex
+	}
+	subscriber struct {
+		updateCh chan<- *SubStateUpdate
+		errCh    chan<- error
+		sync.Mutex
+		ignore      map[dbus.ObjectPath]int64
+		cleanIgnore int64
+	}
+	dispatch map[string]func(dbus.Signal)
+}
+
+// New() establishes a connection to the system bus and authenticates.
+func New() (*Conn, error) {
+	c := new(Conn)
+
+	if err := c.initConnection(); err != nil {
+		return nil, err
+	}
+
+	c.initJobs()
+	return c, nil
+}
+
+func (c *Conn) initConnection() error {
+	var err error
+	c.sysconn, err = dbus.SystemBusPrivate()
+	if err != nil {
+		return err
+	}
+
+	// Only use EXTERNAL method, and hardcode the uid (not username)
+	// to avoid a username lookup (which requires a dynamically linked
+	// libc)
+	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
+
+	err = c.sysconn.Auth(methods)
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	err = c.sysconn.Hello()
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	c.sysobj = c.sysconn.Object("org.freedesktop.systemd1", dbus.ObjectPath("/org/freedesktop/systemd1"))
+
+	// Setup the listeners on jobs so that we can get completions
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal', interface='org.freedesktop.systemd1.Manager', member='JobRemoved'")
+	c.initSubscription()
+	c.initDispatch()
+
+	return nil
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
new file mode 100644
index 0000000000..2e80f73ef7
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/dbus_test.go
@@ -0,0 +1,41 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"testing"
+)
+
+// TestObjectPath ensures path encoding of the systemd rules works.
+func TestObjectPath(t *testing.T) {
+	input := "/silly-path/to@a/unit..service"
+	output := ObjectPath(input)
+	expected := "/silly_2dpath/to_40a/unit_2e_2eservice"
+
+	if string(output) != expected {
+		t.Fatalf("Output '%s' did not match expected '%s'", output, expected)
+	}
+}
+
+// TestNew ensures that New() works without errors.
+func TestNew(t *testing.T) {
+	_, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/methods.go b/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
new file mode 100644
index 0000000000..11d5cda945
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/methods.go
@@ -0,0 +1,354 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"errors"
+	"github.com/godbus/dbus"
+)
+
+func (c *Conn) initJobs() {
+	c.jobListener.jobs = make(map[dbus.ObjectPath]chan string)
+}
+
+func (c *Conn) jobComplete(signal *dbus.Signal) {
+	var id uint32
+	var job dbus.ObjectPath
+	var unit string
+	var result string
+	dbus.Store(signal.Body, &id, &job, &unit, &result)
+	c.jobListener.Lock()
+	out, ok := c.jobListener.jobs[job]
+	if ok {
+		out <- result
+		delete(c.jobListener.jobs, job)
+	}
+	c.jobListener.Unlock()
+}
+
+func (c *Conn) startJob(job string, args ...interface{}) (<-chan string, error) {
+	c.jobListener.Lock()
+	defer c.jobListener.Unlock()
+
+	ch := make(chan string, 1)
+	var path dbus.ObjectPath
+	err := c.sysobj.Call(job, 0, args...).Store(&path)
+	if err != nil {
+		return nil, err
+	}
+	c.jobListener.jobs[path] = ch
+	return ch, nil
+}
+
+func (c *Conn) runJob(job string, args ...interface{}) (string, error) {
+	respCh, err := c.startJob(job, args...)
+	if err != nil {
+		return "", err
+	}
+	return <-respCh, nil
+}
+
+// StartUnit enqeues a start job and depending jobs, if any (unless otherwise
+// specified by the mode string).
+//
+// Takes the unit to activate, plus a mode string. The mode needs to be one of
+// replace, fail, isolate, ignore-dependencies, ignore-requirements. If
+// "replace" the call will start the unit and its dependencies, possibly
+// replacing already queued jobs that conflict with this. If "fail" the call
+// will start the unit and its dependencies, but will fail if this would change
+// an already queued job. If "isolate" the call will start the unit in question
+// and terminate all units that aren't dependencies of it. If
+// "ignore-dependencies" it will start a unit but ignore all its dependencies.
+// If "ignore-requirements" it will start a unit but only ignore the
+// requirement dependencies. It is not recommended to make use of the latter
+// two options.
+//
+// Result string: one of done, canceled, timeout, failed, dependency, skipped.
+// done indicates successful execution of a job. canceled indicates that a job
+// has been canceled  before it finished execution. timeout indicates that the
+// job timeout was reached. failed indicates that the job failed. dependency
+// indicates that a job this job has been depending on failed and the job hence
+// has been removed too. skipped indicates that a job was skipped because it
+// didn't apply to the units current state.
+func (c *Conn) StartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StartUnit", name, mode)
+}
+
+// StopUnit is similar to StartUnit but stops the specified unit rather
+// than starting it.
+func (c *Conn) StopUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StopUnit", name, mode)
+}
+
+// ReloadUnit reloads a unit.  Reloading is done only if the unit is already running and fails otherwise.
+func (c *Conn) ReloadUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadUnit", name, mode)
+}
+
+// RestartUnit restarts a service.  If a service is restarted that isn't
+// running it will be started.
+func (c *Conn) RestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.RestartUnit", name, mode)
+}
+
+// TryRestartUnit is like RestartUnit, except that a service that isn't running
+// is not affected by the restart.
+func (c *Conn) TryRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.TryRestartUnit", name, mode)
+}
+
+// ReloadOrRestart attempts a reload if the unit supports it and use a restart
+// otherwise.
+func (c *Conn) ReloadOrRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrRestartUnit", name, mode)
+}
+
+// ReloadOrTryRestart attempts a reload if the unit supports it and use a "Try"
+// flavored restart otherwise.
+func (c *Conn) ReloadOrTryRestartUnit(name string, mode string) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.ReloadOrTryRestartUnit", name, mode)
+}
+
+// StartTransientUnit() may be used to create and start a transient unit, which
+// will be released as soon as it is not running or referenced anymore or the
+// system is rebooted. name is the unit name including suffix, and must be
+// unique. mode is the same as in StartUnit(), properties contains properties
+// of the unit.
+func (c *Conn) StartTransientUnit(name string, mode string, properties ...Property) (string, error) {
+	return c.runJob("org.freedesktop.systemd1.Manager.StartTransientUnit", name, mode, properties, make([]PropertyCollection, 0))
+}
+
+// KillUnit takes the unit name and a UNIX signal number to send.  All of the unit's
+// processes are killed.
+func (c *Conn) KillUnit(name string, signal int32) {
+	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
+}
+
+// getProperties takes the unit name and returns all of its dbus object properties, for the given dbus interface
+func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]interface{}, error) {
+	var err error
+	var props map[string]dbus.Variant
+
+	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make(map[string]interface{}, len(props))
+	for k, v := range props {
+		out[k] = v.Value()
+	}
+
+	return out, nil
+}
+
+// GetUnitProperties takes the unit name and returns all of its dbus object properties.
+func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1.Unit")
+}
+
+func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
+	var err error
+	var prop dbus.Variant
+
+	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Property{Name: propertyName, Value: prop}, nil
+}
+
+func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
+}
+
+// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
+// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
+// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
+func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1."+unitType)
+}
+
+// SetUnitProperties() may be used to modify certain unit properties at runtime.
+// Not all properties may be changed at runtime, but many resource management
+// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
+// instantly, and stored on disk for future boots, unless runtime is true, in which
+// case the settings only apply until the next reboot. name is the name of the unit
+// to modify. properties are the settings to set, encoded as an array of property
+// name and value pairs.
+func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
+	return c.sysobj.Call("SetUnitProperties", 0, name, runtime, properties).Store()
+}
+
+func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1." + unitType, propertyName)
+}
+
+// ListUnits returns an array with all currently loaded units. Note that
+// units may be known by multiple names at the same time, and hence there might
+// be more unit names loaded than actual units behind them.
+func (c *Conn) ListUnits() ([]UnitStatus, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.ListUnits", 0).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	status := make([]UnitStatus, len(result))
+	statusInterface := make([]interface{}, len(status))
+	for i := range status {
+		statusInterface[i] = &status[i]
+	}
+
+	err = dbus.Store(resultInterface, statusInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return status, nil
+}
+
+type UnitStatus struct {
+	Name        string          // The primary unit name as string
+	Description string          // The human readable description string
+	LoadState   string          // The load state (i.e. whether the unit file has been loaded successfully)
+	ActiveState string          // The active state (i.e. whether the unit is currently started or not)
+	SubState    string          // The sub state (a more fine-grained version of the active state that is specific to the unit type, which the active state is not)
+	Followed    string          // A unit that is being followed in its state by this unit, if there is any, otherwise the empty string.
+	Path        dbus.ObjectPath // The unit object path
+	JobId       uint32          // If there is a job queued for the job unit the numeric job id, 0 otherwise
+	JobType     string          // The job type as string
+	JobPath     dbus.ObjectPath // The job object path
+}
+
+// EnableUnitFiles() may be used to enable one or more units in the system (by
+// creating symlinks to them in /etc or /run).
+//
+// It takes a list of unit files to enable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and two booleans: the first controls whether the unit shall
+// be enabled for runtime only (true, /run), or persistently (false, /etc).
+// The second one controls whether symlinks pointing to other units shall
+// be replaced if necessary.
+//
+// This call returns one boolean and an array with the changes made. The
+// boolean signals whether the unit files contained any enablement
+// information (i.e. an [Install]) section. The changes list consists of
+// structures with three strings: the type of the change (one of symlink
+// or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) EnableUnitFiles(files []string, runtime bool, force bool) (bool, []EnableUnitFileChange, error) {
+	var carries_install_info bool
+
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.EnableUnitFiles", 0, files, runtime, force).Store(&carries_install_info, &result)
+	if err != nil {
+		return false, nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]EnableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return false, nil, err
+	}
+
+	return carries_install_info, changes, nil
+}
+
+type EnableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// DisableUnitFiles() may be used to disable one or more units in the system (by
+// removing symlinks to them from /etc or /run).
+//
+// It takes a list of unit files to disable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and one boolean: whether the unit was enabled for runtime
+// only (true, /run), or persistently (false, /etc).
+//
+// This call returns an array with the changes made. The changes list
+// consists of structures with three strings: the type of the change (one of
+// symlink or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("DisableUnitFiles", 0, files, runtime).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]DisableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type DisableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
+// Reload instructs systemd to scan for and reload unit files. This is
+// equivalent to a 'systemctl daemon-reload'.
+func (c *Conn) Reload() error {
+	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
new file mode 100644
index 0000000000..9e2f22323f
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/methods_test.go
@@ -0,0 +1,314 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"fmt"
+	"github.com/guelfey/go.dbus"
+	"math/rand"
+	"os"
+	"path/filepath"
+	"reflect"
+	"testing"
+)
+
+func setupConn(t *testing.T) *Conn {
+	conn, err := New()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return conn
+}
+
+func setupUnit(target string, conn *Conn, t *testing.T) {
+	// Blindly stop the unit in case it is running
+	conn.StopUnit(target, "replace")
+
+	// Blindly remove the symlink in case it exists
+	targetRun := filepath.Join("/run/systemd/system/", target)
+	err := os.Remove(targetRun)
+
+	// 1. Enable the unit
+	abs, err := filepath.Abs("../fixtures/" + target)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	fixture := []string{abs}
+
+	install, changes, err := conn.EnableUnitFiles(fixture, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if install != false {
+		t.Fatal("Install was true")
+	}
+
+	if len(changes) < 1 {
+		t.Fatalf("Expected one change, got %v", changes)
+	}
+
+	if changes[0].Filename != targetRun {
+		t.Fatal("Unexpected target filename")
+	}
+}
+
+// Ensure that basic unit starting and stopping works.
+func TestStartStopUnit(t *testing.T) {
+	target := "start-stop.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+
+	// 2. Start the unit
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Job is not done, %v", job)
+	}
+
+	units, err := conn.ListUnits()
+
+	var unit *UnitStatus
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit == nil {
+		t.Fatalf("Test unit not found in list")
+	}
+
+	if unit.ActiveState != "active" {
+		t.Fatalf("Test unit not active")
+	}
+
+	// 3. Stop the unit
+	job, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	units, err = conn.ListUnits()
+
+	unit = nil
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit != nil {
+		t.Fatalf("Test unit found in list, should be stopped")
+	}
+}
+
+// Enables a unit and then immediately tears it down
+func TestEnableDisableUnit(t *testing.T) {
+	target := "enable-disable.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+
+	abs, err := filepath.Abs("../fixtures/" + target)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path := filepath.Join("/run/systemd/system/", target)
+
+	// 2. Disable the unit
+	changes, err := conn.DisableUnitFiles([]string{abs}, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes) != 1 {
+		t.Fatalf("Changes should include the path, %v", changes)
+	}
+	if changes[0].Filename != path {
+		t.Fatalf("Change should include correct filename, %+v", changes[0])
+	}
+	if changes[0].Destination != "" {
+		t.Fatalf("Change destination should be empty, %+v", changes[0])
+	}
+}
+
+// TestGetUnitProperties reads the `-.mount` which should exist on all systemd
+// systems and ensures that one of its properties is valid.
+func TestGetUnitProperties(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "-.mount"
+
+	info, err := conn.GetUnitProperties(unit)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	names := info["Wants"].([]string)
+
+	if len(names) < 1 {
+		t.Fatal("/ is unwanted")
+	}
+
+	if names[0] != "system.slice" {
+		t.Fatal("unexpected wants for /")
+	}
+
+	prop, err := conn.GetUnitProperty(unit, "Wants")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if prop.Name != "Wants" {
+		t.Fatal("unexpected property name")
+	}
+
+	val := prop.Value.Value().([]string)
+	if !reflect.DeepEqual(val, names) {
+		t.Fatal("unexpected property value")
+	}
+}
+
+// TestGetUnitPropertiesRejectsInvalidName attempts to get the properties for a
+// unit with an invalid name. This test should be run with --test.timeout set,
+// as a fail will manifest as GetUnitProperties hanging indefinitely.
+func TestGetUnitPropertiesRejectsInvalidName(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "//invalid#$^/"
+
+	_, err := conn.GetUnitProperties(unit)
+	if err == nil {
+		t.Fatal("Expected an error, got nil")
+	}
+
+	_, err = conn.GetUnitProperty(unit, "Wants")
+	if err == nil {
+		t.Fatal("Expected an error, got nil")
+	}
+}
+
+// TestSetUnitProperties changes a cgroup setting on the `tmp.mount`
+// which should exist on all systemd systems and ensures that the
+// property was set.
+func TestSetUnitProperties(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "tmp.mount"
+
+	if err := conn.SetUnitProperties(unit, true, Property{"CPUShares", dbus.MakeVariant(uint64(1023))}); err != nil {
+		t.Fatal(err)
+	}
+
+	info, err := conn.GetUnitTypeProperties(unit, "Mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	value := info["CPUShares"].(uint64)
+	if value != 1023 {
+		t.Fatal("CPUShares of unit is not 1023, %s", value)
+	}
+}
+
+// Ensure that basic transient unit starting and stopping works.
+func TestStartStopTransientUnit(t *testing.T) {
+	conn := setupConn(t)
+
+	props := []Property{
+		PropExecStart([]string{"/bin/sleep", "400"}, false),
+	}
+	target := fmt.Sprintf("testing-transient-%d.service", rand.Int())
+
+	// Start the unit
+	job, err := conn.StartTransientUnit(target, "replace", props...)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Job is not done, %v", job)
+	}
+
+	units, err := conn.ListUnits()
+
+	var unit *UnitStatus
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit == nil {
+		t.Fatalf("Test unit not found in list")
+	}
+
+	if unit.ActiveState != "active" {
+		t.Fatalf("Test unit not active")
+	}
+
+	// 3. Stop the unit
+	job, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	units, err = conn.ListUnits()
+
+	unit = nil
+	for _, u := range units {
+		if u.Name == target {
+			unit = &u
+		}
+	}
+
+	if unit != nil {
+		t.Fatalf("Test unit found in list, should be stopped")
+	}
+}
+
+func TestConnJobListener(t *testing.T) {
+	target := "start-stop.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+
+	jobSize := len(conn.jobListener.jobs)
+
+	_, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	currentJobSize := len(conn.jobListener.jobs)
+	if jobSize != currentJobSize {
+		t.Fatal("JobListener jobs leaked")
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/properties.go b/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
new file mode 100644
index 0000000000..a06ccda761
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/properties.go
@@ -0,0 +1,220 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"github.com/godbus/dbus"
+)
+
+// From the systemd docs:
+//
+// The properties array of StartTransientUnit() may take many of the settings
+// that may also be configured in unit files. Not all parameters are currently
+// accepted though, but we plan to cover more properties with future release.
+// Currently you may set the Description, Slice and all dependency types of
+// units, as well as RemainAfterExit, ExecStart for service units,
+// TimeoutStopUSec and PIDs for scope units, and CPUAccounting, CPUShares,
+// BlockIOAccounting, BlockIOWeight, BlockIOReadBandwidth,
+// BlockIOWriteBandwidth, BlockIODeviceWeight, MemoryAccounting, MemoryLimit,
+// DevicePolicy, DeviceAllow for services/scopes/slices. These fields map
+// directly to their counterparts in unit files and as normal D-Bus object
+// properties. The exception here is the PIDs field of scope units which is
+// used for construction of the scope only and specifies the initial PIDs to
+// add to the scope object.
+
+type Property struct {
+	Name  string
+	Value dbus.Variant
+}
+
+type PropertyCollection struct {
+	Name       string
+	Properties []Property
+}
+
+type execStart struct {
+	Path             string   // the binary path to execute
+	Args             []string // an array with all arguments to pass to the executed command, starting with argument 0
+	UncleanIsFailure bool     // a boolean whether it should be considered a failure if the process exits uncleanly
+}
+
+// PropExecStart sets the ExecStart service property.  The first argument is a
+// slice with the binary path to execute followed by the arguments to pass to
+// the executed command. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
+func PropExecStart(command []string, uncleanIsFailure bool) Property {
+	execStarts := []execStart{
+		execStart{
+			Path:             command[0],
+			Args:             command,
+			UncleanIsFailure: uncleanIsFailure,
+		},
+	}
+
+	return Property{
+		Name:  "ExecStart",
+		Value: dbus.MakeVariant(execStarts),
+	}
+}
+
+// PropRemainAfterExit sets the RemainAfterExit service property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.service.html#RemainAfterExit=
+func PropRemainAfterExit(b bool) Property {
+	return Property{
+		Name:  "RemainAfterExit",
+		Value: dbus.MakeVariant(b),
+	}
+}
+
+// PropDescription sets the Description unit property. See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit#Description=
+func PropDescription(desc string) Property {
+	return Property{
+		Name:  "Description",
+		Value: dbus.MakeVariant(desc),
+	}
+}
+
+func propDependency(name string, units []string) Property {
+	return Property{
+		Name:  name,
+		Value: dbus.MakeVariant(units),
+	}
+}
+
+// PropRequires sets the Requires unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requires=
+func PropRequires(units ...string) Property {
+	return propDependency("Requires", units)
+}
+
+// PropRequiresOverridable sets the RequiresOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresOverridable=
+func PropRequiresOverridable(units ...string) Property {
+	return propDependency("RequiresOverridable", units)
+}
+
+// PropRequisite sets the Requisite unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Requisite=
+func PropRequisite(units ...string) Property {
+	return propDependency("Requisite", units)
+}
+
+// PropRequisiteOverridable sets the RequisiteOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequisiteOverridable=
+func PropRequisiteOverridable(units ...string) Property {
+	return propDependency("RequisiteOverridable", units)
+}
+
+// PropWants sets the Wants unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Wants=
+func PropWants(units ...string) Property {
+	return propDependency("Wants", units)
+}
+
+// PropBindsTo sets the BindsTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#BindsTo=
+func PropBindsTo(units ...string) Property {
+	return propDependency("BindsTo", units)
+}
+
+// PropRequiredBy sets the RequiredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredBy=
+func PropRequiredBy(units ...string) Property {
+	return propDependency("RequiredBy", units)
+}
+
+// PropRequiredByOverridable sets the RequiredByOverridable unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiredByOverridable=
+func PropRequiredByOverridable(units ...string) Property {
+	return propDependency("RequiredByOverridable", units)
+}
+
+// PropWantedBy sets the WantedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy=
+func PropWantedBy(units ...string) Property {
+	return propDependency("WantedBy", units)
+}
+
+// PropBoundBy sets the BoundBy unit property.  See
+// http://www.freedesktop.org/software/systemd/main/systemd.unit.html#BoundBy=
+func PropBoundBy(units ...string) Property {
+	return propDependency("BoundBy", units)
+}
+
+// PropConflicts sets the Conflicts unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Conflicts=
+func PropConflicts(units ...string) Property {
+	return propDependency("Conflicts", units)
+}
+
+// PropConflictedBy sets the ConflictedBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#ConflictedBy=
+func PropConflictedBy(units ...string) Property {
+	return propDependency("ConflictedBy", units)
+}
+
+// PropBefore sets the Before unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=
+func PropBefore(units ...string) Property {
+	return propDependency("Before", units)
+}
+
+// PropAfter sets the After unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#After=
+func PropAfter(units ...string) Property {
+	return propDependency("After", units)
+}
+
+// PropOnFailure sets the OnFailure unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#OnFailure=
+func PropOnFailure(units ...string) Property {
+	return propDependency("OnFailure", units)
+}
+
+// PropTriggers sets the Triggers unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Triggers=
+func PropTriggers(units ...string) Property {
+	return propDependency("Triggers", units)
+}
+
+// PropTriggeredBy sets the TriggeredBy unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#TriggeredBy=
+func PropTriggeredBy(units ...string) Property {
+	return propDependency("TriggeredBy", units)
+}
+
+// PropPropagatesReloadTo sets the PropagatesReloadTo unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#PropagatesReloadTo=
+func PropPropagatesReloadTo(units ...string) Property {
+	return propDependency("PropagatesReloadTo", units)
+}
+
+// PropRequiresMountsFor sets the RequiresMountsFor unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.unit.html#RequiresMountsFor=
+func PropRequiresMountsFor(units ...string) Property {
+	return propDependency("RequiresMountsFor", units)
+}
+
+// PropSlice sets the Slice unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
+func PropSlice(slice string) Property {
+	return Property{
+		Name:  "Slice",
+		Value: dbus.MakeVariant(slice),
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set.go b/vendor/src/github.com/coreos/go-systemd/dbus/set.go
new file mode 100644
index 0000000000..88378b29a1
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/set.go
@@ -0,0 +1,26 @@
+package dbus
+
+type set struct {
+	data map[string]bool
+}
+
+func (s *set) Add(value string) {
+	s.data[value] = true
+}
+
+func (s *set) Remove(value string) {
+	delete(s.data, value)
+}
+
+func (s *set) Contains(value string) (exists bool) {
+	_, exists = s.data[value]
+	return
+}
+
+func (s *set) Length() (int) {
+	return len(s.data)
+}
+
+func newSet() (*set) {
+	return &set{make(map[string] bool)}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
new file mode 100644
index 0000000000..d8d174d0c4
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/set_test.go
@@ -0,0 +1,26 @@
+package dbus
+
+import (
+	"testing"
+)
+
+// TestBasicSetActions asserts that Add & Remove behavior is correct
+func TestBasicSetActions(t *testing.T) {
+	s := newSet()
+
+	if s.Contains("foo") {
+		t.Fatal("set should not contain 'foo'")
+	}
+
+	s.Add("foo")
+
+	if !s.Contains("foo") {
+		t.Fatal("set should contain 'foo'")
+	}
+
+	s.Remove("foo")
+
+	if s.Contains("foo") {
+		t.Fatal("set should not contain 'foo'")
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go b/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
new file mode 100644
index 0000000000..3d896d896f
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/subscription.go
@@ -0,0 +1,249 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package dbus
+
+import (
+	"errors"
+	"time"
+
+	"github.com/godbus/dbus"
+)
+
+const (
+	cleanIgnoreInterval = int64(10 * time.Second)
+	ignoreInterval      = int64(30 * time.Millisecond)
+)
+
+// Subscribe sets up this connection to subscribe to all systemd dbus events.
+// This is required before calling SubscribeUnits. When the connection closes
+// systemd will automatically stop sending signals so there is no need to
+// explicitly call Unsubscribe().
+func (c *Conn) Subscribe() error {
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',interface='org.freedesktop.systemd1.Manager',member='UnitNew'")
+	c.sysconn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',interface='org.freedesktop.DBus.Properties',member='PropertiesChanged'")
+
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Subscribe", 0).Store()
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	return nil
+}
+
+// Unsubscribe this connection from systemd dbus events.
+func (c *Conn) Unsubscribe() error {
+	err := c.sysobj.Call("org.freedesktop.systemd1.Manager.Unsubscribe", 0).Store()
+	if err != nil {
+		c.sysconn.Close()
+		return err
+	}
+
+	return nil
+}
+
+func (c *Conn) initSubscription() {
+	c.subscriber.ignore = make(map[dbus.ObjectPath]int64)
+}
+
+func (c *Conn) initDispatch() {
+	ch := make(chan *dbus.Signal, signalBuffer)
+
+	c.sysconn.Signal(ch)
+
+	go func() {
+		for {
+			signal := <-ch
+			switch signal.Name {
+			case "org.freedesktop.systemd1.Manager.JobRemoved":
+				c.jobComplete(signal)
+
+				unitName := signal.Body[2].(string)
+				var unitPath dbus.ObjectPath
+				c.sysobj.Call("org.freedesktop.systemd1.Manager.GetUnit", 0, unitName).Store(&unitPath)
+				if unitPath != dbus.ObjectPath("") {
+					c.sendSubStateUpdate(unitPath)
+				}
+			case "org.freedesktop.systemd1.Manager.UnitNew":
+				c.sendSubStateUpdate(signal.Body[1].(dbus.ObjectPath))
+			case "org.freedesktop.DBus.Properties.PropertiesChanged":
+				if signal.Body[0].(string) == "org.freedesktop.systemd1.Unit" {
+					// we only care about SubState updates, which are a Unit property
+					c.sendSubStateUpdate(signal.Path)
+				}
+			}
+		}
+	}()
+}
+
+// Returns two unbuffered channels which will receive all changed units every
+// interval.  Deleted units are sent as nil.
+func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitStatus, <-chan error) {
+	return c.SubscribeUnitsCustom(interval, 0, func(u1, u2 *UnitStatus) bool { return *u1 != *u2 }, nil)
+}
+
+// SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer
+// size of the channels, the comparison function for detecting changes and a filter
+// function for cutting down on the noise that your channel receives.
+func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func (string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
+	old := make(map[string]*UnitStatus)
+	statusChan := make(chan map[string]*UnitStatus, buffer)
+	errChan := make(chan error, buffer)
+
+	go func() {
+		for {
+			timerChan := time.After(interval)
+
+			units, err := c.ListUnits()
+			if err == nil {
+				cur := make(map[string]*UnitStatus)
+				for i := range units {
+					if filterUnit != nil && filterUnit(units[i].Name) {
+						continue
+					}
+					cur[units[i].Name] = &units[i]
+				}
+
+				// add all new or changed units
+				changed := make(map[string]*UnitStatus)
+				for n, u := range cur {
+					if oldU, ok := old[n]; !ok || isChanged(oldU, u) {
+						changed[n] = u
+					}
+					delete(old, n)
+				}
+
+				// add all deleted units
+				for oldN := range old {
+					changed[oldN] = nil
+				}
+
+				old = cur
+
+				if len(changed) != 0 {
+					statusChan <- changed
+				}
+			} else {
+				errChan <- err
+			}
+
+			<-timerChan
+		}
+	}()
+
+	return statusChan, errChan
+}
+
+type SubStateUpdate struct {
+	UnitName string
+	SubState string
+}
+
+// SetSubStateSubscriber writes to updateCh when any unit's substate changes.
+// Although this writes to updateCh on every state change, the reported state
+// may be more recent than the change that generated it (due to an unavoidable
+// race in the systemd dbus interface).  That is, this method provides a good
+// way to keep a current view of all units' states, but is not guaranteed to
+// show every state transition they go through.  Furthermore, state changes
+// will only be written to the channel with non-blocking writes.  If updateCh
+// is full, it attempts to write an error to errCh; if errCh is full, the error
+// passes silently.
+func (c *Conn) SetSubStateSubscriber(updateCh chan<- *SubStateUpdate, errCh chan<- error) {
+	c.subscriber.Lock()
+	defer c.subscriber.Unlock()
+	c.subscriber.updateCh = updateCh
+	c.subscriber.errCh = errCh
+}
+
+func (c *Conn) sendSubStateUpdate(path dbus.ObjectPath) {
+	c.subscriber.Lock()
+	defer c.subscriber.Unlock()
+	if c.subscriber.updateCh == nil {
+		return
+	}
+
+	if c.shouldIgnore(path) {
+		return
+	}
+
+	info, err := c.GetUnitProperties(string(path))
+	if err != nil {
+		select {
+		case c.subscriber.errCh <- err:
+		default:
+		}
+	}
+
+	name := info["Id"].(string)
+	substate := info["SubState"].(string)
+
+	update := &SubStateUpdate{name, substate}
+	select {
+	case c.subscriber.updateCh <- update:
+	default:
+		select {
+		case c.subscriber.errCh <- errors.New("update channel full!"):
+		default:
+		}
+	}
+
+	c.updateIgnore(path, info)
+}
+
+// The ignore functions work around a wart in the systemd dbus interface.
+// Requesting the properties of an unloaded unit will cause systemd to send a
+// pair of UnitNew/UnitRemoved signals.  Because we need to get a unit's
+// properties on UnitNew (as that's the only indication of a new unit coming up
+// for the first time), we would enter an infinite loop if we did not attempt
+// to detect and ignore these spurious signals.  The signal themselves are
+// indistinguishable from relevant ones, so we (somewhat hackishly) ignore an
+// unloaded unit's signals for a short time after requesting its properties.
+// This means that we will miss e.g. a transient unit being restarted
+// *immediately* upon failure and also a transient unit being started
+// immediately after requesting its status (with systemctl status, for example,
+// because this causes a UnitNew signal to be sent which then causes us to fetch
+// the properties).
+
+func (c *Conn) shouldIgnore(path dbus.ObjectPath) bool {
+	t, ok := c.subscriber.ignore[path]
+	return ok && t >= time.Now().UnixNano()
+}
+
+func (c *Conn) updateIgnore(path dbus.ObjectPath, info map[string]interface{}) {
+	c.cleanIgnore()
+
+	// unit is unloaded - it will trigger bad systemd dbus behavior
+	if info["LoadState"].(string) == "not-found" {
+		c.subscriber.ignore[path] = time.Now().UnixNano() + ignoreInterval
+	}
+}
+
+// without this, ignore would grow unboundedly over time
+func (c *Conn) cleanIgnore() {
+	now := time.Now().UnixNano()
+	if c.subscriber.cleanIgnore < now {
+		c.subscriber.cleanIgnore = now + cleanIgnoreInterval
+
+		for p, t := range c.subscriber.ignore {
+			if t < now {
+				delete(c.subscriber.ignore, p)
+			}
+		}
+	}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
new file mode 100644
index 0000000000..2625786052
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set.go
@@ -0,0 +1,32 @@
+package dbus
+
+import (
+	"time"
+)
+
+// SubscriptionSet returns a subscription set which is like conn.Subscribe but
+// can filter to only return events for a set of units.
+type SubscriptionSet struct {
+	*set
+	conn *Conn
+}
+
+
+func (s *SubscriptionSet) filter(unit string) bool {
+	return !s.Contains(unit)
+}
+
+// Subscribe starts listening for dbus events for all of the units in the set.
+// Returns channels identical to conn.SubscribeUnits.
+func (s *SubscriptionSet) Subscribe() (<-chan map[string]*UnitStatus, <-chan error) {
+	// TODO: Make fully evented by using systemd 209 with properties changed values
+	return s.conn.SubscribeUnitsCustom(time.Second, 0,
+		func(u1, u2 *UnitStatus) bool { return *u1 != *u2 },
+		func(unit string) bool { return s.filter(unit) },
+	)
+}
+
+// NewSubscriptionSet returns a new subscription set.
+func (conn *Conn) NewSubscriptionSet() (*SubscriptionSet) {
+	return &SubscriptionSet{newSet(), conn}
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
new file mode 100644
index 0000000000..db600850c2
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_set_test.go
@@ -0,0 +1,67 @@
+package dbus
+
+import (
+	"testing"
+	"time"
+)
+
+// TestSubscribeUnit exercises the basics of subscription of a particular unit.
+func TestSubscriptionSetUnit(t *testing.T) {
+	target := "subscribe-events-set.service"
+
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	subSet := conn.NewSubscriptionSet()
+	evChan, errChan := subSet.Subscribe()
+
+	subSet.Add(target)
+	setupUnit(target, conn, t)
+
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Couldn't start", target)
+	}
+
+	timeout := make(chan bool, 1)
+	go func() {
+		time.Sleep(3 * time.Second)
+		close(timeout)
+	}()
+
+	for {
+		select {
+		case changes := <-evChan:
+			tCh, ok := changes[target]
+
+			if !ok {
+				t.Fatal("Unexpected event %v", changes)
+			}
+
+			if tCh.ActiveState == "active" && tCh.Name == target {
+				goto success
+			}
+		case err = <-errChan:
+			t.Fatal(err)
+		case <-timeout:
+			t.Fatal("Reached timeout")
+		}
+	}
+
+success:
+	return
+}
+
+
diff --git a/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
new file mode 100644
index 0000000000..6f4d0b32a6
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/dbus/subscription_test.go
@@ -0,0 +1,90 @@
+package dbus
+
+import (
+	"testing"
+	"time"
+)
+
+// TestSubscribe exercises the basics of subscription
+func TestSubscribe(t *testing.T) {
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Unsubscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+// TestSubscribeUnit exercises the basics of subscription of a particular unit.
+func TestSubscribeUnit(t *testing.T) {
+	target := "subscribe-events.service"
+
+	conn, err := New()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Subscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = conn.Unsubscribe()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	evChan, errChan := conn.SubscribeUnits(time.Second)
+
+	setupUnit(target, conn, t)
+
+	job, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if job != "done" {
+		t.Fatal("Couldn't start", target)
+	}
+
+	timeout := make(chan bool, 1)
+	go func() {
+		time.Sleep(3 * time.Second)
+		close(timeout)
+	}()
+
+	for {
+		select {
+		case changes := <-evChan:
+			tCh, ok := changes[target]
+
+			// Just continue until we see our event.
+			if !ok {
+				continue
+			}
+
+			if tCh.ActiveState == "active" && tCh.Name == target {
+				goto success
+			}
+		case err = <-errChan:
+			t.Fatal(err)
+		case <-timeout:
+			t.Fatal("Reached timeout")
+		}
+	}
+
+success:
+	return
+}
+
+
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go b/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
new file mode 100644
index 0000000000..b3cf70ed84
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/activation.go
@@ -0,0 +1,44 @@
+// Activation example used by the activation unit tests.
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func fixListenPid() {
+	if os.Getenv("FIX_LISTEN_PID") != "" {
+		// HACK: real systemd would set LISTEN_PID before exec'ing but
+		// this is too difficult in golang for the purpose of a test.
+		// Do not do this in real code.
+		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
+	}
+}
+
+func main() {
+	fixListenPid()
+
+	files := activation.Files(false)
+
+	if len(files) == 0 {
+		panic("No files")
+	}
+
+	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
+		panic("Should not unset envs")
+	}
+
+	files = activation.Files(true)
+
+	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
+		panic("Can not unset envs")
+	}
+
+	// Write out the expected strings to the two pipes
+	files[0].Write([]byte("Hello world"))
+	files[1].Write([]byte("Goodbye world"))
+
+	return
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
new file mode 100644
index 0000000000..a350cca5e5
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/README.md
@@ -0,0 +1,19 @@
+## socket activated http server
+
+This is a simple example of using socket activation with systemd to serve a
+simple HTTP server on http://127.0.0.1:8076
+
+To try it out `go get` the httpserver and run it under the systemd-activate helper
+
+```
+export GOPATH=`pwd`
+go get github.com/coreos/go-systemd/examples/activation/httpserver
+sudo /usr/lib/systemd/systemd-activate -l 127.0.0.1:8076 ./bin/httpserver
+```
+
+Then curl the URL and you will notice that it starts up:
+
+```
+curl 127.0.0.1:8076
+hello socket activated world!
+```
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
new file mode 100644
index 0000000000..c8dea0f6b3
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Hello World HTTP
+Requires=network.target
+After=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/httpserver
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
new file mode 100644
index 0000000000..723ed7ed92
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/hello.socket
@@ -0,0 +1,5 @@
+[Socket]
+ListenStream=127.0.0.1:8076
+
+[Install]
+WantedBy=sockets.target
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
new file mode 100644
index 0000000000..380c325d61
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/httpserver/httpserver.go
@@ -0,0 +1,26 @@
+package main
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func HelloServer(w http.ResponseWriter, req *http.Request) {
+	io.WriteString(w, "hello socket activated world!\n")
+}
+
+func main() {
+	listeners, err := activation.Listeners(true)
+	if err != nil {
+		panic(err)
+	}
+
+	if len(listeners) != 1 {
+		panic("Unexpected number of socket activation fds")
+	}
+
+	http.HandleFunc("/", HelloServer)
+	http.Serve(listeners[0], nil)
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go b/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
new file mode 100644
index 0000000000..5850a8b796
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/examples/activation/listen.go
@@ -0,0 +1,50 @@
+// Activation example used by the activation unit tests.
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+func fixListenPid() {
+	if os.Getenv("FIX_LISTEN_PID") != "" {
+		// HACK: real systemd would set LISTEN_PID before exec'ing but
+		// this is too difficult in golang for the purpose of a test.
+		// Do not do this in real code.
+		os.Setenv("LISTEN_PID", fmt.Sprintf("%d", os.Getpid()))
+	}
+}
+
+func main() {
+	fixListenPid()
+
+	listeners, _ := activation.Listeners(false)
+
+	if len(listeners) == 0 {
+		panic("No listeners")
+	}
+
+	if os.Getenv("LISTEN_PID") == "" || os.Getenv("LISTEN_FDS") == "" {
+		panic("Should not unset envs")
+	}
+
+	listeners, err := activation.Listeners(true)
+	if err != nil {
+		panic(err)
+	}
+
+	if os.Getenv("LISTEN_PID") != "" || os.Getenv("LISTEN_FDS") != "" {
+		panic("Can not unset envs")
+	}
+
+	c0, _ := listeners[0].Accept()
+	c1, _ := listeners[1].Accept()
+
+	// Write out the expected strings to the two pipes
+	c0.Write([]byte("Hello world"))
+	c1.Write([]byte("Goodbye world"))
+
+	return
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service b/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/fixtures/start-stop.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service b/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events-set.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service b/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
new file mode 100644
index 0000000000..a1f8c36773
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/fixtures/subscribe-events.service
@@ -0,0 +1,5 @@
+[Unit]
+Description=start stop test
+
+[Service]
+ExecStart=/bin/sleep 400
diff --git a/vendor/src/github.com/coreos/go-systemd/journal/send.go b/vendor/src/github.com/coreos/go-systemd/journal/send.go
new file mode 100644
index 0000000000..a29bcbf0fa
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/journal/send.go
@@ -0,0 +1,168 @@
+/*
+Copyright 2013 CoreOS Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package journal provides write bindings to the systemd journal
+package journal
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"syscall"
+)
+
+// Priority of a journal message
+type Priority int
+
+const (
+	PriEmerg Priority = iota
+	PriAlert
+	PriCrit
+	PriErr
+	PriWarning
+	PriNotice
+	PriInfo
+	PriDebug
+)
+
+var conn net.Conn
+
+func init() {
+	var err error
+	conn, err = net.Dial("unixgram", "/run/systemd/journal/socket")
+	if err != nil {
+		conn = nil
+	}
+}
+
+// Enabled returns true iff the systemd journal is available for logging
+func Enabled() bool {
+	return conn != nil
+}
+
+// Send a message to the systemd journal. vars is a map of journald fields to
+// values.  Fields must be composed of uppercase letters, numbers, and
+// underscores, but must not start with an underscore. Within these
+// restrictions, any arbitrary field name may be used.  Some names have special
+// significance: see the journalctl documentation
+// (http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html)
+// for more details.  vars may be nil.
+func Send(message string, priority Priority, vars map[string]string) error {
+	if conn == nil {
+		return journalError("could not connect to journald socket")
+	}
+
+	data := new(bytes.Buffer)
+	appendVariable(data, "PRIORITY", strconv.Itoa(int(priority)))
+	appendVariable(data, "MESSAGE", message)
+	for k, v := range vars {
+		appendVariable(data, k, v)
+	}
+
+	_, err := io.Copy(conn, data)
+	if err != nil && isSocketSpaceError(err) {
+		file, err := tempFd()
+		if err != nil {
+			return journalError(err.Error())
+		}
+		_, err = io.Copy(file, data)
+		if err != nil {
+			return journalError(err.Error())
+		}
+
+		rights := syscall.UnixRights(int(file.Fd()))
+
+		/* this connection should always be a UnixConn, but better safe than sorry */
+		unixConn, ok := conn.(*net.UnixConn)
+		if !ok {
+			return journalError("can't send file through non-Unix connection")
+		}
+		unixConn.WriteMsgUnix([]byte{}, rights, nil)
+	} else if err != nil {
+		return journalError(err.Error())
+	}
+	return nil
+}
+
+func appendVariable(w io.Writer, name, value string) {
+	if !validVarName(name) {
+		journalError("variable name contains invalid character, ignoring")
+	}
+	if strings.ContainsRune(value, '\n') {
+		/* When the value contains a newline, we write:
+		 * - the variable name, followed by a newline
+		 * - the size (in 64bit little endian format)
+		 * - the data, followed by a newline
+		 */
+		fmt.Fprintln(w, name)
+		binary.Write(w, binary.LittleEndian, uint64(len(value)))
+		fmt.Fprintln(w, value)
+	} else {
+		/* just write the variable and value all on one line */
+		fmt.Fprintln(w, "%s=%s", name, value)
+	}
+}
+
+func validVarName(name string) bool {
+	/* The variable name must be in uppercase and consist only of characters,
+	 * numbers and underscores, and may not begin with an underscore. (from the docs)
+	 */
+
+	valid := name[0] != '_'
+	for _, c := range name {
+		valid = valid && ('A' <= c && c <= 'Z') || ('0' <= c && c <= '9') || c == '_'
+	}
+	return valid
+}
+
+func isSocketSpaceError(err error) bool {
+	opErr, ok := err.(*net.OpError)
+	if !ok {
+		return false
+	}
+
+	sysErr, ok := opErr.Err.(syscall.Errno)
+	if !ok {
+		return false
+	}
+
+	return sysErr == syscall.EMSGSIZE || sysErr == syscall.ENOBUFS
+}
+
+func tempFd() (*os.File, error) {
+	file, err := ioutil.TempFile("/dev/shm/", "journal.XXXXX")
+	if err != nil {
+		return nil, err
+	}
+	syscall.Unlink(file.Name())
+	if err != nil {
+		return nil, err
+	}
+	return file, nil
+}
+
+func journalError(s string) error {
+	s = "journal error: " + s
+	fmt.Fprintln(os.Stderr, s)
+	return errors.New(s)
+}
diff --git a/vendor/src/github.com/coreos/go-systemd/test b/vendor/src/github.com/coreos/go-systemd/test
new file mode 100755
index 0000000000..6e043658ae
--- /dev/null
+++ b/vendor/src/github.com/coreos/go-systemd/test
@@ -0,0 +1,3 @@
+#!/bin/sh -e
+
+go test -v ./...
diff --git a/vendor/src/github.com/godbus/dbus/LICENSE b/vendor/src/github.com/godbus/dbus/LICENSE
new file mode 100644
index 0000000000..06b252bcbc
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/LICENSE
@@ -0,0 +1,25 @@
+Copyright (c) 2013, Georg Reinke (<guelfey at gmail dot com>)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/src/github.com/godbus/dbus/README.markdown b/vendor/src/github.com/godbus/dbus/README.markdown
new file mode 100644
index 0000000000..3ab2116651
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/README.markdown
@@ -0,0 +1,38 @@
+dbus
+----
+
+dbus is a simple library that implements native Go client bindings for the
+D-Bus message bus system.
+
+### Features
+
+* Complete native implementation of the D-Bus message protocol
+* Go-like API (channels for signals / asynchronous method calls, Goroutine-safe connections)
+* Subpackages that help with the introspection / property interfaces
+
+### Installation
+
+This packages requires Go 1.1. If you installed it and set up your GOPATH, just run:
+
+```
+go get github.com/godbus/dbus
+```
+
+If you want to use the subpackages, you can install them the same way.
+
+### Usage
+
+The complete package documentation and some simple examples are available at
+[godoc.org](http://godoc.org/github.com/godbus/dbus). Also, the
+[_examples](https://github.com/godbus/dbus/tree/master/_examples) directory
+gives a short overview over the basic usage. 
+
+Please note that the API is considered unstable for now and may change without
+further notice.
+
+### License
+
+go.dbus is available under the Simplified BSD License; see LICENSE for the full
+text.
+
+Nearly all of the credit for this library goes to github.com/guelfey/go.dbus.
diff --git a/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go b/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
new file mode 100644
index 0000000000..11deef3cf8
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/eavesdrop.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	for _, v := range []string{"method_call", "method_return", "error", "signal"} {
+		call := conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+			"eavesdrop='true',type='"+v+"'")
+		if call.Err != nil {
+			fmt.Fprintln(os.Stderr, "Failed to add match:", call.Err)
+			os.Exit(1)
+		}
+	}
+	c := make(chan *dbus.Message, 10)
+	conn.Eavesdrop(c)
+	fmt.Println("Listening for everything")
+	for v := range c {
+		fmt.Println(v)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/introspect.go b/vendor/src/github.com/godbus/dbus/_examples/introspect.go
new file mode 100644
index 0000000000..a2af4e5f24
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/introspect.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"encoding/json"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	node, err := introspect.Call(conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus"))
+	if err != nil {
+		panic(err)
+	}
+	data, _ := json.MarshalIndent(node, "", "    ")
+	os.Stdout.Write(data)
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/list-names.go b/vendor/src/github.com/godbus/dbus/_examples/list-names.go
new file mode 100644
index 0000000000..ce1f7ec52e
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/list-names.go
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	var s []string
+	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&s)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to get list of owned names:", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Currently owned names on the session bus:")
+	for _, v := range s {
+		fmt.Println(v)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/notification.go b/vendor/src/github.com/godbus/dbus/_examples/notification.go
new file mode 100644
index 0000000000..5fe11d04c4
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/notification.go
@@ -0,0 +1,17 @@
+package main
+
+import "github.com/godbus/dbus"
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	obj := conn.Object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
+	call := obj.Call("org.freedesktop.Notifications.Notify", 0, "", uint32(0),
+		"", "Test", "This is a test of the DBus bindings for go.", []string{},
+		map[string]dbus.Variant{}, int32(5000))
+	if call.Err != nil {
+		panic(call.Err)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/prop.go b/vendor/src/github.com/godbus/dbus/_examples/prop.go
new file mode 100644
index 0000000000..e3408c53e9
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/prop.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"github.com/godbus/dbus/prop"
+	"os"
+)
+
+type foo string
+
+func (f foo) Foo() (string, *dbus.Error) {
+	fmt.Println(f)
+	return string(f), nil
+}
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	reply, err := conn.RequestName("com.github.guelfey.Demo",
+		dbus.NameFlagDoNotQueue)
+	if err != nil {
+		panic(err)
+	}
+	if reply != dbus.RequestNameReplyPrimaryOwner {
+		fmt.Fprintln(os.Stderr, "name already taken")
+		os.Exit(1)
+	}
+	propsSpec := map[string]map[string]*prop.Prop{
+		"com.github.guelfey.Demo": {
+			"SomeInt": {
+				int32(0),
+				true,
+				prop.EmitTrue,
+				func(c *prop.Change) *dbus.Error {
+					fmt.Println(c.Name, "changed to", c.Value)
+					return nil
+				},
+			},
+		},
+	}
+	f := foo("Bar")
+	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
+	props := prop.New(conn, "/com/github/guelfey/Demo", propsSpec)
+	n := &introspect.Node{
+		Name: "/com/github/guelfey/Demo",
+		Interfaces: []introspect.Interface{
+			introspect.IntrospectData,
+			prop.IntrospectData,
+			{
+				Name:       "com.github.guelfey.Demo",
+				Methods:    introspect.Methods(f),
+				Properties: props.Introspection("com.github.guelfey.Demo"),
+			},
+		},
+	}
+	conn.Export(introspect.NewIntrospectable(n), "/com/github/guelfey/Demo",
+		"org.freedesktop.DBus.Introspectable")
+	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
+
+	c := make(chan *dbus.Signal)
+	conn.Signal(c)
+	for _ = range c {
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/server.go b/vendor/src/github.com/godbus/dbus/_examples/server.go
new file mode 100644
index 0000000000..32b7b291c7
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/server.go
@@ -0,0 +1,45 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"os"
+)
+
+const intro = `
+<node>
+	<interface name="com.github.guelfey.Demo">
+		<method name="Foo">
+			<arg direction="out" type="s"/>
+		</method>
+	</interface>` + introspect.IntrospectDataString + `</node> `
+
+type foo string
+
+func (f foo) Foo() (string, *dbus.Error) {
+	fmt.Println(f)
+	return string(f), nil
+}
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		panic(err)
+	}
+	reply, err := conn.RequestName("com.github.guelfey.Demo",
+		dbus.NameFlagDoNotQueue)
+	if err != nil {
+		panic(err)
+	}
+	if reply != dbus.RequestNameReplyPrimaryOwner {
+		fmt.Fprintln(os.Stderr, "name already taken")
+		os.Exit(1)
+	}
+	f := foo("Bar!")
+	conn.Export(f, "/com/github/guelfey/Demo", "com.github.guelfey.Demo")
+	conn.Export(introspect.Introspectable(intro), "/com/github/guelfey/Demo",
+		"org.freedesktop.DBus.Introspectable")
+	fmt.Println("Listening on com.github.guelfey.Demo / /com/github/guelfey/Demo ...")
+	select {}
+}
diff --git a/vendor/src/github.com/godbus/dbus/_examples/signal.go b/vendor/src/github.com/godbus/dbus/_examples/signal.go
new file mode 100644
index 0000000000..8f3f809759
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/_examples/signal.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"fmt"
+	"github.com/godbus/dbus"
+	"os"
+)
+
+func main() {
+	conn, err := dbus.SessionBus()
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Failed to connect to session bus:", err)
+		os.Exit(1)
+	}
+
+	conn.BusObject().Call("org.freedesktop.DBus.AddMatch", 0,
+		"type='signal',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',sender='org.freedesktop.DBus'")
+
+	c := make(chan *dbus.Signal, 10)
+	conn.Signal(c)
+	for v := range c {
+		fmt.Println(v)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/auth.go b/vendor/src/github.com/godbus/dbus/auth.go
new file mode 100644
index 0000000000..98017b693e
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/auth.go
@@ -0,0 +1,253 @@
+package dbus
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"io"
+	"os"
+	"strconv"
+)
+
+// AuthStatus represents the Status of an authentication mechanism.
+type AuthStatus byte
+
+const (
+	// AuthOk signals that authentication is finished; the next command
+	// from the server should be an OK.
+	AuthOk AuthStatus = iota
+
+	// AuthContinue signals that additional data is needed; the next command
+	// from the server should be a DATA.
+	AuthContinue
+
+	// AuthError signals an error; the server sent invalid data or some
+	// other unexpected thing happened and the current authentication
+	// process should be aborted.
+	AuthError
+)
+
+type authState byte
+
+const (
+	waitingForData authState = iota
+	waitingForOk
+	waitingForReject
+)
+
+// Auth defines the behaviour of an authentication mechanism.
+type Auth interface {
+	// Return the name of the mechnism, the argument to the first AUTH command
+	// and the next status.
+	FirstData() (name, resp []byte, status AuthStatus)
+
+	// Process the given DATA command, and return the argument to the DATA
+	// command and the next status. If len(resp) == 0, no DATA command is sent.
+	HandleData(data []byte) (resp []byte, status AuthStatus)
+}
+
+// Auth authenticates the connection, trying the given list of authentication
+// mechanisms (in that order). If nil is passed, the EXTERNAL and
+// DBUS_COOKIE_SHA1 mechanisms are tried for the current user. For private
+// connections, this method must be called before sending any messages to the
+// bus. Auth must not be called on shared connections.
+func (conn *Conn) Auth(methods []Auth) error {
+	if methods == nil {
+		uid := strconv.Itoa(os.Getuid())
+		methods = []Auth{AuthExternal(uid), AuthCookieSha1(uid, getHomeDir())}
+	}
+	in := bufio.NewReader(conn.transport)
+	err := conn.transport.SendNullByte()
+	if err != nil {
+		return err
+	}
+	err = authWriteLine(conn.transport, []byte("AUTH"))
+	if err != nil {
+		return err
+	}
+	s, err := authReadLine(in)
+	if err != nil {
+		return err
+	}
+	if len(s) < 2 || !bytes.Equal(s[0], []byte("REJECTED")) {
+		return errors.New("dbus: authentication protocol error")
+	}
+	s = s[1:]
+	for _, v := range s {
+		for _, m := range methods {
+			if name, data, status := m.FirstData(); bytes.Equal(v, name) {
+				var ok bool
+				err = authWriteLine(conn.transport, []byte("AUTH"), []byte(v), data)
+				if err != nil {
+					return err
+				}
+				switch status {
+				case AuthOk:
+					err, ok = conn.tryAuth(m, waitingForOk, in)
+				case AuthContinue:
+					err, ok = conn.tryAuth(m, waitingForData, in)
+				default:
+					panic("dbus: invalid authentication status")
+				}
+				if err != nil {
+					return err
+				}
+				if ok {
+					if conn.transport.SupportsUnixFDs() {
+						err = authWriteLine(conn, []byte("NEGOTIATE_UNIX_FD"))
+						if err != nil {
+							return err
+						}
+						line, err := authReadLine(in)
+						if err != nil {
+							return err
+						}
+						switch {
+						case bytes.Equal(line[0], []byte("AGREE_UNIX_FD")):
+							conn.EnableUnixFDs()
+							conn.unixFD = true
+						case bytes.Equal(line[0], []byte("ERROR")):
+						default:
+							return errors.New("dbus: authentication protocol error")
+						}
+					}
+					err = authWriteLine(conn.transport, []byte("BEGIN"))
+					if err != nil {
+						return err
+					}
+					go conn.inWorker()
+					go conn.outWorker()
+					return nil
+				}
+			}
+		}
+	}
+	return errors.New("dbus: authentication failed")
+}
+
+// tryAuth tries to authenticate with m as the mechanism, using state as the
+// initial authState and in for reading input. It returns (nil, true) on
+// success, (nil, false) on a REJECTED and (someErr, false) if some other
+// error occured.
+func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, bool) {
+	for {
+		s, err := authReadLine(in)
+		if err != nil {
+			return err, false
+		}
+		switch {
+		case state == waitingForData && string(s[0]) == "DATA":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+				continue
+			}
+			data, status := m.HandleData(s[1])
+			switch status {
+			case AuthOk, AuthContinue:
+				if len(data) != 0 {
+					err = authWriteLine(conn.transport, []byte("DATA"), data)
+					if err != nil {
+						return err, false
+					}
+				}
+				if status == AuthOk {
+					state = waitingForOk
+				}
+			case AuthError:
+				err = authWriteLine(conn.transport, []byte("ERROR"))
+				if err != nil {
+					return err, false
+				}
+			}
+		case state == waitingForData && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForData && string(s[0]) == "ERROR":
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForData && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForData:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForOk && string(s[0]) == "OK":
+			if len(s) != 2 {
+				err = authWriteLine(conn.transport, []byte("CANCEL"))
+				if err != nil {
+					return err, false
+				}
+				state = waitingForReject
+			}
+			conn.uuid = string(s[1])
+			return nil, true
+		case state == waitingForOk && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForOk && (string(s[0]) == "DATA" ||
+			string(s[0]) == "ERROR"):
+
+			err = authWriteLine(conn.transport, []byte("CANCEL"))
+			if err != nil {
+				return err, false
+			}
+			state = waitingForReject
+		case state == waitingForOk:
+			err = authWriteLine(conn.transport, []byte("ERROR"))
+			if err != nil {
+				return err, false
+			}
+		case state == waitingForReject && string(s[0]) == "REJECTED":
+			return nil, false
+		case state == waitingForReject:
+			return errors.New("dbus: authentication protocol error"), false
+		default:
+			panic("dbus: invalid auth state")
+		}
+	}
+}
+
+// authReadLine reads a line and separates it into its fields.
+func authReadLine(in *bufio.Reader) ([][]byte, error) {
+	data, err := in.ReadBytes('\n')
+	if err != nil {
+		return nil, err
+	}
+	data = bytes.TrimSuffix(data, []byte("\r\n"))
+	return bytes.Split(data, []byte{' '}), nil
+}
+
+// authWriteLine writes the given line in the authentication protocol format
+// (elements of data separated by a " " and terminated by "\r\n").
+func authWriteLine(out io.Writer, data ...[]byte) error {
+	buf := make([]byte, 0)
+	for i, v := range data {
+		buf = append(buf, v...)
+		if i != len(data)-1 {
+			buf = append(buf, ' ')
+		}
+	}
+	buf = append(buf, '\r')
+	buf = append(buf, '\n')
+	n, err := out.Write(buf)
+	if err != nil {
+		return err
+	}
+	if n != len(buf) {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
diff --git a/vendor/src/github.com/godbus/dbus/auth_external.go b/vendor/src/github.com/godbus/dbus/auth_external.go
new file mode 100644
index 0000000000..7e376d3ef6
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/auth_external.go
@@ -0,0 +1,26 @@
+package dbus
+
+import (
+	"encoding/hex"
+)
+
+// AuthExternal returns an Auth that authenticates as the given user with the
+// EXTERNAL mechanism.
+func AuthExternal(user string) Auth {
+	return authExternal{user}
+}
+
+// AuthExternal implements the EXTERNAL authentication mechanism.
+type authExternal struct {
+	user string
+}
+
+func (a authExternal) FirstData() ([]byte, []byte, AuthStatus) {
+	b := make([]byte, 2*len(a.user))
+	hex.Encode(b, []byte(a.user))
+	return []byte("EXTERNAL"), b, AuthOk
+}
+
+func (a authExternal) HandleData(b []byte) ([]byte, AuthStatus) {
+	return nil, AuthError
+}
diff --git a/vendor/src/github.com/godbus/dbus/auth_sha1.go b/vendor/src/github.com/godbus/dbus/auth_sha1.go
new file mode 100644
index 0000000000..df15b46119
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/auth_sha1.go
@@ -0,0 +1,102 @@
+package dbus
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/hex"
+	"os"
+)
+
+// AuthCookieSha1 returns an Auth that authenticates as the given user with the
+// DBUS_COOKIE_SHA1 mechanism. The home parameter should specify the home
+// directory of the user.
+func AuthCookieSha1(user, home string) Auth {
+	return authCookieSha1{user, home}
+}
+
+type authCookieSha1 struct {
+	user, home string
+}
+
+func (a authCookieSha1) FirstData() ([]byte, []byte, AuthStatus) {
+	b := make([]byte, 2*len(a.user))
+	hex.Encode(b, []byte(a.user))
+	return []byte("DBUS_COOKIE_SHA1"), b, AuthContinue
+}
+
+func (a authCookieSha1) HandleData(data []byte) ([]byte, AuthStatus) {
+	challenge := make([]byte, len(data)/2)
+	_, err := hex.Decode(challenge, data)
+	if err != nil {
+		return nil, AuthError
+	}
+	b := bytes.Split(challenge, []byte{' '})
+	if len(b) != 3 {
+		return nil, AuthError
+	}
+	context := b[0]
+	id := b[1]
+	svchallenge := b[2]
+	cookie := a.getCookie(context, id)
+	if cookie == nil {
+		return nil, AuthError
+	}
+	clchallenge := a.generateChallenge()
+	if clchallenge == nil {
+		return nil, AuthError
+	}
+	hash := sha1.New()
+	hash.Write(bytes.Join([][]byte{svchallenge, clchallenge, cookie}, []byte{':'}))
+	hexhash := make([]byte, 2*hash.Size())
+	hex.Encode(hexhash, hash.Sum(nil))
+	data = append(clchallenge, ' ')
+	data = append(data, hexhash...)
+	resp := make([]byte, 2*len(data))
+	hex.Encode(resp, data)
+	return resp, AuthOk
+}
+
+// getCookie searches for the cookie identified by id in context and returns
+// the cookie content or nil. (Since HandleData can't return a specific error,
+// but only whether an error occured, this function also doesn't bother to
+// return an error.)
+func (a authCookieSha1) getCookie(context, id []byte) []byte {
+	file, err := os.Open(a.home + "/.dbus-keyrings/" + string(context))
+	if err != nil {
+		return nil
+	}
+	defer file.Close()
+	rd := bufio.NewReader(file)
+	for {
+		line, err := rd.ReadBytes('\n')
+		if err != nil {
+			return nil
+		}
+		line = line[:len(line)-1]
+		b := bytes.Split(line, []byte{' '})
+		if len(b) != 3 {
+			return nil
+		}
+		if bytes.Equal(b[0], id) {
+			return b[2]
+		}
+	}
+}
+
+// generateChallenge returns a random, hex-encoded challenge, or nil on error
+// (see above).
+func (a authCookieSha1) generateChallenge() []byte {
+	b := make([]byte, 16)
+	n, err := rand.Read(b)
+	if err != nil {
+		return nil
+	}
+	if n != 16 {
+		return nil
+	}
+	enc := make([]byte, 32)
+	hex.Encode(enc, b)
+	return enc
+}
diff --git a/vendor/src/github.com/godbus/dbus/call.go b/vendor/src/github.com/godbus/dbus/call.go
new file mode 100644
index 0000000000..1d2fbc7efd
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/call.go
@@ -0,0 +1,147 @@
+package dbus
+
+import (
+	"errors"
+	"strings"
+)
+
+// Call represents a pending or completed method call.
+type Call struct {
+	Destination string
+	Path        ObjectPath
+	Method      string
+	Args        []interface{}
+
+	// Strobes when the call is complete.
+	Done chan *Call
+
+	// After completion, the error status. If this is non-nil, it may be an
+	// error message from the peer (with Error as its type) or some other error.
+	Err error
+
+	// Holds the response once the call is done.
+	Body []interface{}
+}
+
+var errSignature = errors.New("dbus: mismatched signature")
+
+// Store stores the body of the reply into the provided pointers. It returns
+// an error if the signatures of the body and retvalues don't match, or if
+// the error status is not nil.
+func (c *Call) Store(retvalues ...interface{}) error {
+	if c.Err != nil {
+		return c.Err
+	}
+
+	return Store(c.Body, retvalues...)
+}
+
+// Object represents a remote object on which methods can be invoked.
+type Object struct {
+	conn *Conn
+	dest string
+	path ObjectPath
+}
+
+// Call calls a method with (*Object).Go and waits for its reply.
+func (o *Object) Call(method string, flags Flags, args ...interface{}) *Call {
+	return <-o.Go(method, flags, make(chan *Call, 1), args...).Done
+}
+
+// GetProperty calls org.freedesktop.DBus.Properties.GetProperty on the given
+// object. The property name must be given in interface.member notation.
+func (o *Object) GetProperty(p string) (Variant, error) {
+	idx := strings.LastIndex(p, ".")
+	if idx == -1 || idx+1 == len(p) {
+		return Variant{}, errors.New("dbus: invalid property " + p)
+	}
+
+	iface := p[:idx]
+	prop := p[idx+1:]
+
+	result := Variant{}
+	err := o.Call("org.freedesktop.DBus.Properties.Get", 0, iface, prop).Store(&result)
+
+	if err != nil {
+		return Variant{}, err
+	}
+
+	return result, nil
+}
+
+// Go calls a method with the given arguments asynchronously. It returns a
+// Call structure representing this method call. The passed channel will
+// return the same value once the call is done. If ch is nil, a new channel
+// will be allocated. Otherwise, ch has to be buffered or Go will panic.
+//
+// If the flags include FlagNoReplyExpected, ch is ignored and a Call structure
+// is returned of which only the Err member is valid.
+//
+// If the method parameter contains a dot ('.'), the part before the last dot
+// specifies the interface on which the method is called.
+func (o *Object) Go(method string, flags Flags, ch chan *Call, args ...interface{}) *Call {
+	iface := ""
+	i := strings.LastIndex(method, ".")
+	if i != -1 {
+		iface = method[:i]
+	}
+	method = method[i+1:]
+	msg := new(Message)
+	msg.Type = TypeMethodCall
+	msg.serial = o.conn.getSerial()
+	msg.Flags = flags & (FlagNoAutoStart | FlagNoReplyExpected)
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldPath] = MakeVariant(o.path)
+	msg.Headers[FieldDestination] = MakeVariant(o.dest)
+	msg.Headers[FieldMember] = MakeVariant(method)
+	if iface != "" {
+		msg.Headers[FieldInterface] = MakeVariant(iface)
+	}
+	msg.Body = args
+	if len(args) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(args...))
+	}
+	if msg.Flags&FlagNoReplyExpected == 0 {
+		if ch == nil {
+			ch = make(chan *Call, 10)
+		} else if cap(ch) == 0 {
+			panic("dbus: unbuffered channel passed to (*Object).Go")
+		}
+		call := &Call{
+			Destination: o.dest,
+			Path:        o.path,
+			Method:      method,
+			Args:        args,
+			Done:        ch,
+		}
+		o.conn.callsLck.Lock()
+		o.conn.calls[msg.serial] = call
+		o.conn.callsLck.Unlock()
+		o.conn.outLck.RLock()
+		if o.conn.closed {
+			call.Err = ErrClosed
+			call.Done <- call
+		} else {
+			o.conn.out <- msg
+		}
+		o.conn.outLck.RUnlock()
+		return call
+	}
+	o.conn.outLck.RLock()
+	defer o.conn.outLck.RUnlock()
+	if o.conn.closed {
+		return &Call{Err: ErrClosed}
+	}
+	o.conn.out <- msg
+	return &Call{Err: nil}
+}
+
+// Destination returns the destination that calls on o are sent to.
+func (o *Object) Destination() string {
+	return o.dest
+}
+
+// Path returns the path that calls on o are sent to.
+func (o *Object) Path() ObjectPath {
+	return o.path
+}
diff --git a/vendor/src/github.com/godbus/dbus/conn.go b/vendor/src/github.com/godbus/dbus/conn.go
new file mode 100644
index 0000000000..75dd22652a
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/conn.go
@@ -0,0 +1,601 @@
+package dbus
+
+import (
+	"errors"
+	"io"
+	"os"
+	"reflect"
+	"strings"
+	"sync"
+)
+
+const defaultSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
+
+var (
+	systemBus     *Conn
+	systemBusLck  sync.Mutex
+	sessionBus    *Conn
+	sessionBusLck sync.Mutex
+)
+
+// ErrClosed is the error returned by calls on a closed connection.
+var ErrClosed = errors.New("dbus: connection closed by user")
+
+// Conn represents a connection to a message bus (usually, the system or
+// session bus).
+//
+// Connections are either shared or private. Shared connections
+// are shared between calls to the functions that return them. As a result,
+// the methods Close, Auth and Hello must not be called on them.
+//
+// Multiple goroutines may invoke methods on a connection simultaneously.
+type Conn struct {
+	transport
+
+	busObj *Object
+	unixFD bool
+	uuid   string
+
+	names    []string
+	namesLck sync.RWMutex
+
+	serialLck  sync.Mutex
+	nextSerial uint32
+	serialUsed map[uint32]bool
+
+	calls    map[uint32]*Call
+	callsLck sync.RWMutex
+
+	handlers    map[ObjectPath]map[string]interface{}
+	handlersLck sync.RWMutex
+
+	out    chan *Message
+	closed bool
+	outLck sync.RWMutex
+
+	signals    []chan<- *Signal
+	signalsLck sync.Mutex
+
+	eavesdropped    chan<- *Message
+	eavesdroppedLck sync.Mutex
+}
+
+// SessionBus returns a shared connection to the session bus, connecting to it
+// if not already done.
+func SessionBus() (conn *Conn, err error) {
+	sessionBusLck.Lock()
+	defer sessionBusLck.Unlock()
+	if sessionBus != nil {
+		return sessionBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			sessionBus = conn
+		}
+	}()
+	conn, err = SessionBusPrivate()
+	if err != nil {
+		return
+	}
+	if err = conn.Auth(nil); err != nil {
+		conn.Close()
+		conn = nil
+		return
+	}
+	if err = conn.Hello(); err != nil {
+		conn.Close()
+		conn = nil
+	}
+	return
+}
+
+// SessionBusPrivate returns a new private connection to the session bus.
+func SessionBusPrivate() (*Conn, error) {
+	address := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
+	if address != "" && address != "autolaunch:" {
+		return Dial(address)
+	}
+
+	return sessionBusPlatform()
+}
+
+// SystemBus returns a shared connection to the system bus, connecting to it if
+// not already done.
+func SystemBus() (conn *Conn, err error) {
+	systemBusLck.Lock()
+	defer systemBusLck.Unlock()
+	if systemBus != nil {
+		return systemBus, nil
+	}
+	defer func() {
+		if conn != nil {
+			systemBus = conn
+		}
+	}()
+	conn, err = SystemBusPrivate()
+	if err != nil {
+		return
+	}
+	if err = conn.Auth(nil); err != nil {
+		conn.Close()
+		conn = nil
+		return
+	}
+	if err = conn.Hello(); err != nil {
+		conn.Close()
+		conn = nil
+	}
+	return
+}
+
+// SystemBusPrivate returns a new private connection to the system bus.
+func SystemBusPrivate() (*Conn, error) {
+	address := os.Getenv("DBUS_SYSTEM_BUS_ADDRESS")
+	if address != "" {
+		return Dial(address)
+	}
+	return Dial(defaultSystemBusAddress)
+}
+
+// Dial establishes a new private connection to the message bus specified by address.
+func Dial(address string) (*Conn, error) {
+	tr, err := getTransport(address)
+	if err != nil {
+		return nil, err
+	}
+	return newConn(tr)
+}
+
+// NewConn creates a new private *Conn from an already established connection.
+func NewConn(conn io.ReadWriteCloser) (*Conn, error) {
+	return newConn(genericTransport{conn})
+}
+
+// newConn creates a new *Conn from a transport.
+func newConn(tr transport) (*Conn, error) {
+	conn := new(Conn)
+	conn.transport = tr
+	conn.calls = make(map[uint32]*Call)
+	conn.out = make(chan *Message, 10)
+	conn.handlers = make(map[ObjectPath]map[string]interface{})
+	conn.nextSerial = 1
+	conn.serialUsed = map[uint32]bool{0: true}
+	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
+	return conn, nil
+}
+
+// BusObject returns the object owned by the bus daemon which handles
+// administrative requests.
+func (conn *Conn) BusObject() *Object {
+	return conn.busObj
+}
+
+// Close closes the connection. Any blocked operations will return with errors
+// and the channels passed to Eavesdrop and Signal are closed. This method must
+// not be called on shared connections.
+func (conn *Conn) Close() error {
+	conn.outLck.Lock()
+	close(conn.out)
+	conn.closed = true
+	conn.outLck.Unlock()
+	conn.signalsLck.Lock()
+	for _, ch := range conn.signals {
+		close(ch)
+	}
+	conn.signalsLck.Unlock()
+	conn.eavesdroppedLck.Lock()
+	if conn.eavesdropped != nil {
+		close(conn.eavesdropped)
+	}
+	conn.eavesdroppedLck.Unlock()
+	return conn.transport.Close()
+}
+
+// Eavesdrop causes conn to send all incoming messages to the given channel
+// without further processing. Method replies, errors and signals will not be
+// sent to the appropiate channels and method calls will not be handled. If nil
+// is passed, the normal behaviour is restored.
+//
+// The caller has to make sure that ch is sufficiently buffered;
+// if a message arrives when a write to ch is not possible, the message is
+// discarded.
+func (conn *Conn) Eavesdrop(ch chan<- *Message) {
+	conn.eavesdroppedLck.Lock()
+	conn.eavesdropped = ch
+	conn.eavesdroppedLck.Unlock()
+}
+
+// getSerial returns an unused serial.
+func (conn *Conn) getSerial() uint32 {
+	conn.serialLck.Lock()
+	defer conn.serialLck.Unlock()
+	n := conn.nextSerial
+	for conn.serialUsed[n] {
+		n++
+	}
+	conn.serialUsed[n] = true
+	conn.nextSerial = n + 1
+	return n
+}
+
+// Hello sends the initial org.freedesktop.DBus.Hello call. This method must be
+// called after authentication, but before sending any other messages to the
+// bus. Hello must not be called for shared connections.
+func (conn *Conn) Hello() error {
+	var s string
+	err := conn.busObj.Call("org.freedesktop.DBus.Hello", 0).Store(&s)
+	if err != nil {
+		return err
+	}
+	conn.namesLck.Lock()
+	conn.names = make([]string, 1)
+	conn.names[0] = s
+	conn.namesLck.Unlock()
+	return nil
+}
+
+// inWorker runs in an own goroutine, reading incoming messages from the
+// transport and dispatching them appropiately.
+func (conn *Conn) inWorker() {
+	for {
+		msg, err := conn.ReadMessage()
+		if err == nil {
+			conn.eavesdroppedLck.Lock()
+			if conn.eavesdropped != nil {
+				select {
+				case conn.eavesdropped <- msg:
+				default:
+				}
+				conn.eavesdroppedLck.Unlock()
+				continue
+			}
+			conn.eavesdroppedLck.Unlock()
+			dest, _ := msg.Headers[FieldDestination].value.(string)
+			found := false
+			if dest == "" {
+				found = true
+			} else {
+				conn.namesLck.RLock()
+				if len(conn.names) == 0 {
+					found = true
+				}
+				for _, v := range conn.names {
+					if dest == v {
+						found = true
+						break
+					}
+				}
+				conn.namesLck.RUnlock()
+			}
+			if !found {
+				// Eavesdropped a message, but no channel for it is registered.
+				// Ignore it.
+				continue
+			}
+			switch msg.Type {
+			case TypeMethodReply, TypeError:
+				serial := msg.Headers[FieldReplySerial].value.(uint32)
+				conn.callsLck.Lock()
+				if c, ok := conn.calls[serial]; ok {
+					if msg.Type == TypeError {
+						name, _ := msg.Headers[FieldErrorName].value.(string)
+						c.Err = Error{name, msg.Body}
+					} else {
+						c.Body = msg.Body
+					}
+					c.Done <- c
+					conn.serialLck.Lock()
+					delete(conn.serialUsed, serial)
+					conn.serialLck.Unlock()
+					delete(conn.calls, serial)
+				}
+				conn.callsLck.Unlock()
+			case TypeSignal:
+				iface := msg.Headers[FieldInterface].value.(string)
+				member := msg.Headers[FieldMember].value.(string)
+				// as per http://dbus.freedesktop.org/doc/dbus-specification.html ,
+				// sender is optional for signals.
+				sender, _ := msg.Headers[FieldSender].value.(string)
+				if iface == "org.freedesktop.DBus" && member == "NameLost" &&
+					sender == "org.freedesktop.DBus" {
+
+					name, _ := msg.Body[0].(string)
+					conn.namesLck.Lock()
+					for i, v := range conn.names {
+						if v == name {
+							copy(conn.names[i:], conn.names[i+1:])
+							conn.names = conn.names[:len(conn.names)-1]
+						}
+					}
+					conn.namesLck.Unlock()
+				}
+				signal := &Signal{
+					Sender: sender,
+					Path:   msg.Headers[FieldPath].value.(ObjectPath),
+					Name:   iface + "." + member,
+					Body:   msg.Body,
+				}
+				conn.signalsLck.Lock()
+				for _, ch := range conn.signals {
+					// don't block trying to send a signal
+					select {
+					case ch <- signal:
+					default:
+					}
+				}
+				conn.signalsLck.Unlock()
+			case TypeMethodCall:
+				go conn.handleCall(msg)
+			}
+		} else if _, ok := err.(InvalidMessageError); !ok {
+			// Some read error occured (usually EOF); we can't really do
+			// anything but to shut down all stuff and returns errors to all
+			// pending replies.
+			conn.Close()
+			conn.callsLck.RLock()
+			for _, v := range conn.calls {
+				v.Err = err
+				v.Done <- v
+			}
+			conn.callsLck.RUnlock()
+			return
+		}
+		// invalid messages are ignored
+	}
+}
+
+// Names returns the list of all names that are currently owned by this
+// connection. The slice is always at least one element long, the first element
+// being the unique name of the connection.
+func (conn *Conn) Names() []string {
+	conn.namesLck.RLock()
+	// copy the slice so it can't be modified
+	s := make([]string, len(conn.names))
+	copy(s, conn.names)
+	conn.namesLck.RUnlock()
+	return s
+}
+
+// Object returns the object identified by the given destination name and path.
+func (conn *Conn) Object(dest string, path ObjectPath) *Object {
+	return &Object{conn, dest, path}
+}
+
+// outWorker runs in an own goroutine, encoding and sending messages that are
+// sent to conn.out.
+func (conn *Conn) outWorker() {
+	for msg := range conn.out {
+		err := conn.SendMessage(msg)
+		conn.callsLck.RLock()
+		if err != nil {
+			if c := conn.calls[msg.serial]; c != nil {
+				c.Err = err
+				c.Done <- c
+			}
+			conn.serialLck.Lock()
+			delete(conn.serialUsed, msg.serial)
+			conn.serialLck.Unlock()
+		} else if msg.Type != TypeMethodCall {
+			conn.serialLck.Lock()
+			delete(conn.serialUsed, msg.serial)
+			conn.serialLck.Unlock()
+		}
+		conn.callsLck.RUnlock()
+	}
+}
+
+// Send sends the given message to the message bus. You usually don't need to
+// use this; use the higher-level equivalents (Call / Go, Emit and Export)
+// instead. If msg is a method call and NoReplyExpected is not set, a non-nil
+// call is returned and the same value is sent to ch (which must be buffered)
+// once the call is complete. Otherwise, ch is ignored and a Call structure is
+// returned of which only the Err member is valid.
+func (conn *Conn) Send(msg *Message, ch chan *Call) *Call {
+	var call *Call
+
+	msg.serial = conn.getSerial()
+	if msg.Type == TypeMethodCall && msg.Flags&FlagNoReplyExpected == 0 {
+		if ch == nil {
+			ch = make(chan *Call, 5)
+		} else if cap(ch) == 0 {
+			panic("dbus: unbuffered channel passed to (*Conn).Send")
+		}
+		call = new(Call)
+		call.Destination, _ = msg.Headers[FieldDestination].value.(string)
+		call.Path, _ = msg.Headers[FieldPath].value.(ObjectPath)
+		iface, _ := msg.Headers[FieldInterface].value.(string)
+		member, _ := msg.Headers[FieldMember].value.(string)
+		call.Method = iface + "." + member
+		call.Args = msg.Body
+		call.Done = ch
+		conn.callsLck.Lock()
+		conn.calls[msg.serial] = call
+		conn.callsLck.Unlock()
+		conn.outLck.RLock()
+		if conn.closed {
+			call.Err = ErrClosed
+			call.Done <- call
+		} else {
+			conn.out <- msg
+		}
+		conn.outLck.RUnlock()
+	} else {
+		conn.outLck.RLock()
+		if conn.closed {
+			call = &Call{Err: ErrClosed}
+		} else {
+			conn.out <- msg
+			call = &Call{Err: nil}
+		}
+		conn.outLck.RUnlock()
+	}
+	return call
+}
+
+// sendError creates an error message corresponding to the parameters and sends
+// it to conn.out.
+func (conn *Conn) sendError(e Error, dest string, serial uint32) {
+	msg := new(Message)
+	msg.Type = TypeError
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldErrorName] = MakeVariant(e.Name)
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = e.Body
+	if len(e.Body) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(e.Body...))
+	}
+	conn.outLck.RLock()
+	if !conn.closed {
+		conn.out <- msg
+	}
+	conn.outLck.RUnlock()
+}
+
+// sendReply creates a method reply message corresponding to the parameters and
+// sends it to conn.out.
+func (conn *Conn) sendReply(dest string, serial uint32, values ...interface{}) {
+	msg := new(Message)
+	msg.Type = TypeMethodReply
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	if dest != "" {
+		msg.Headers[FieldDestination] = MakeVariant(dest)
+	}
+	msg.Headers[FieldReplySerial] = MakeVariant(serial)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+	conn.outLck.RLock()
+	if !conn.closed {
+		conn.out <- msg
+	}
+	conn.outLck.RUnlock()
+}
+
+// Signal registers the given channel to be passed all received signal messages.
+// The caller has to make sure that ch is sufficiently buffered; if a message
+// arrives when a write to c is not possible, it is discarded.
+//
+// Multiple of these channels can be registered at the same time. Passing a
+// channel that already is registered will remove it from the list of the
+// registered channels.
+//
+// These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
+// channel for eavesdropped messages, this channel receives all signals, and
+// none of the channels passed to Signal will receive any signals.
+func (conn *Conn) Signal(ch chan<- *Signal) {
+	conn.signalsLck.Lock()
+	conn.signals = append(conn.signals, ch)
+	conn.signalsLck.Unlock()
+}
+
+// SupportsUnixFDs returns whether the underlying transport supports passing of
+// unix file descriptors. If this is false, method calls containing unix file
+// descriptors will return an error and emitted signals containing them will
+// not be sent.
+func (conn *Conn) SupportsUnixFDs() bool {
+	return conn.unixFD
+}
+
+// Error represents a D-Bus message of type Error.
+type Error struct {
+	Name string
+	Body []interface{}
+}
+
+func (e Error) Error() string {
+	if len(e.Body) >= 1 {
+		s, ok := e.Body[0].(string)
+		if ok {
+			return s
+		}
+	}
+	return e.Name
+}
+
+// Signal represents a D-Bus message of type Signal. The name member is given in
+// "interface.member" notation, e.g. org.freedesktop.D-Bus.NameLost.
+type Signal struct {
+	Sender string
+	Path   ObjectPath
+	Name   string
+	Body   []interface{}
+}
+
+// transport is a D-Bus transport.
+type transport interface {
+	// Read and Write raw data (for example, for the authentication protocol).
+	io.ReadWriteCloser
+
+	// Send the initial null byte used for the EXTERNAL mechanism.
+	SendNullByte() error
+
+	// Returns whether this transport supports passing Unix FDs.
+	SupportsUnixFDs() bool
+
+	// Signal the transport that Unix FD passing is enabled for this connection.
+	EnableUnixFDs()
+
+	// Read / send a message, handling things like Unix FDs.
+	ReadMessage() (*Message, error)
+	SendMessage(*Message) error
+}
+
+func getTransport(address string) (transport, error) {
+	var err error
+	var t transport
+
+	m := map[string]func(string) (transport, error){
+		"unix": newUnixTransport,
+	}
+	addresses := strings.Split(address, ";")
+	for _, v := range addresses {
+		i := strings.IndexRune(v, ':')
+		if i == -1 {
+			err = errors.New("dbus: invalid bus address (no transport)")
+			continue
+		}
+		f := m[v[:i]]
+		if f == nil {
+			err = errors.New("dbus: invalid bus address (invalid or unsupported transport)")
+		}
+		t, err = f(v[i+1:])
+		if err == nil {
+			return t, nil
+		}
+	}
+	return nil, err
+}
+
+// dereferenceAll returns a slice that, assuming that vs is a slice of pointers
+// of arbitrary types, containes the values that are obtained from dereferencing
+// all elements in vs.
+func dereferenceAll(vs []interface{}) []interface{} {
+	for i := range vs {
+		v := reflect.ValueOf(vs[i])
+		v = v.Elem()
+		vs[i] = v.Interface()
+	}
+	return vs
+}
+
+// getKey gets a key from a the list of keys. Returns "" on error / not found...
+func getKey(s, key string) string {
+	i := strings.Index(s, key)
+	if i == -1 {
+		return ""
+	}
+	if i+len(key)+1 >= len(s) || s[i+len(key)] != '=' {
+		return ""
+	}
+	j := strings.Index(s, ",")
+	if j == -1 {
+		j = len(s)
+	}
+	return s[i+len(key)+1 : j]
+}
diff --git a/vendor/src/github.com/godbus/dbus/conn_darwin.go b/vendor/src/github.com/godbus/dbus/conn_darwin.go
new file mode 100644
index 0000000000..b67bb1b81d
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/conn_darwin.go
@@ -0,0 +1,21 @@
+package dbus
+
+import (
+	"errors"
+	"os/exec"
+)
+
+func sessionBusPlatform() (*Conn, error) {
+	cmd := exec.Command("launchctl", "getenv", "DBUS_LAUNCHD_SESSION_BUS_SOCKET")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(b) == 0 {
+		return nil, errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	return Dial("unix:path=" + string(b[:len(b)-1]))
+}
diff --git a/vendor/src/github.com/godbus/dbus/conn_other.go b/vendor/src/github.com/godbus/dbus/conn_other.go
new file mode 100644
index 0000000000..f74b8758d4
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/conn_other.go
@@ -0,0 +1,27 @@
+// +build !darwin
+
+package dbus
+
+import (
+	"bytes"
+	"errors"
+	"os/exec"
+)
+
+func sessionBusPlatform() (*Conn, error) {
+	cmd := exec.Command("dbus-launch")
+	b, err := cmd.CombinedOutput()
+
+	if err != nil {
+		return nil, err
+	}
+
+	i := bytes.IndexByte(b, '=')
+	j := bytes.IndexByte(b, '\n')
+
+	if i == -1 || j == -1 {
+		return nil, errors.New("dbus: couldn't determine address of session bus")
+	}
+
+	return Dial(string(b[i+1 : j]))
+}
diff --git a/vendor/src/github.com/godbus/dbus/conn_test.go b/vendor/src/github.com/godbus/dbus/conn_test.go
new file mode 100644
index 0000000000..a2b14e8cc4
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/conn_test.go
@@ -0,0 +1,199 @@
+package dbus
+
+import "testing"
+
+func TestSessionBus(t *testing.T) {
+	_, err := SessionBus()
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSystemBus(t *testing.T) {
+	_, err := SystemBus()
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSend(t *testing.T) {
+	bus, err := SessionBus()
+	if err != nil {
+		t.Error(err)
+	}
+	ch := make(chan *Call, 1)
+	msg := &Message{
+		Type:  TypeMethodCall,
+		Flags: 0,
+		Headers: map[HeaderField]Variant{
+			FieldDestination: MakeVariant(bus.Names()[0]),
+			FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
+			FieldInterface:   MakeVariant("org.freedesktop.DBus.Peer"),
+			FieldMember:      MakeVariant("Ping"),
+		},
+	}
+	call := bus.Send(msg, ch)
+	<-ch
+	if call.Err != nil {
+		t.Error(call.Err)
+	}
+}
+
+type server struct{}
+
+func (server) Double(i int64) (int64, *Error) {
+	return 2 * i, nil
+}
+
+func BenchmarkCall(b *testing.B) {
+	b.StopTimer()
+	var s string
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	name := bus.Names()[0]
+	obj := bus.BusObject()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		err := obj.Call("org.freedesktop.DBus.GetNameOwner", 0, name).Store(&s)
+		if err != nil {
+			b.Fatal(err)
+		}
+		if s != name {
+			b.Errorf("got %s, wanted %s", s, name)
+		}
+	}
+}
+
+func BenchmarkCallAsync(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	name := bus.Names()[0]
+	obj := bus.BusObject()
+	c := make(chan *Call, 50)
+	done := make(chan struct{})
+	go func() {
+		for i := 0; i < b.N; i++ {
+			v := <-c
+			if v.Err != nil {
+				b.Error(v.Err)
+			}
+			s := v.Body[0].(string)
+			if s != name {
+				b.Errorf("got %s, wanted %s", s, name)
+			}
+		}
+		close(done)
+	}()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		obj.Go("org.freedesktop.DBus.GetNameOwner", 0, c, name)
+	}
+	<-done
+}
+
+func BenchmarkServe(b *testing.B) {
+	b.StopTimer()
+	srv, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	cli, err := SessionBusPrivate()
+	if err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Auth(nil); err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Hello(); err != nil {
+		b.Fatal(err)
+	}
+	benchmarkServe(b, srv, cli)
+}
+
+func BenchmarkServeAsync(b *testing.B) {
+	b.StopTimer()
+	srv, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+	cli, err := SessionBusPrivate()
+	if err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Auth(nil); err != nil {
+		b.Fatal(err)
+	}
+	if err = cli.Hello(); err != nil {
+		b.Fatal(err)
+	}
+	benchmarkServeAsync(b, srv, cli)
+}
+
+func BenchmarkServeSameConn(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	benchmarkServe(b, bus, bus)
+}
+
+func BenchmarkServeSameConnAsync(b *testing.B) {
+	b.StopTimer()
+	bus, err := SessionBus()
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	benchmarkServeAsync(b, bus, bus)
+}
+
+func benchmarkServe(b *testing.B, srv, cli *Conn) {
+	var r int64
+	var err error
+	dest := srv.Names()[0]
+	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
+	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		err = obj.Call("org.guelfey.DBus.Test.Double", 0, int64(i)).Store(&r)
+		if err != nil {
+			b.Fatal(err)
+		}
+		if r != 2*int64(i) {
+			b.Errorf("got %d, wanted %d", r, 2*int64(i))
+		}
+	}
+}
+
+func benchmarkServeAsync(b *testing.B, srv, cli *Conn) {
+	dest := srv.Names()[0]
+	srv.Export(server{}, "/org/guelfey/DBus/Test", "org.guelfey.DBus.Test")
+	obj := cli.Object(dest, "/org/guelfey/DBus/Test")
+	c := make(chan *Call, 50)
+	done := make(chan struct{})
+	go func() {
+		for i := 0; i < b.N; i++ {
+			v := <-c
+			if v.Err != nil {
+				b.Fatal(v.Err)
+			}
+			i, r := v.Args[0].(int64), v.Body[0].(int64)
+			if 2*i != r {
+				b.Errorf("got %d, wanted %d", r, 2*i)
+			}
+		}
+		close(done)
+	}()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		obj.Go("org.guelfey.DBus.Test.Double", 0, c, int64(i))
+	}
+	<-done
+}
diff --git a/vendor/src/github.com/godbus/dbus/dbus.go b/vendor/src/github.com/godbus/dbus/dbus.go
new file mode 100644
index 0000000000..2ce68735cd
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/dbus.go
@@ -0,0 +1,258 @@
+package dbus
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+)
+
+var (
+	byteType        = reflect.TypeOf(byte(0))
+	boolType        = reflect.TypeOf(false)
+	uint8Type       = reflect.TypeOf(uint8(0))
+	int16Type       = reflect.TypeOf(int16(0))
+	uint16Type      = reflect.TypeOf(uint16(0))
+	int32Type       = reflect.TypeOf(int32(0))
+	uint32Type      = reflect.TypeOf(uint32(0))
+	int64Type       = reflect.TypeOf(int64(0))
+	uint64Type      = reflect.TypeOf(uint64(0))
+	float64Type     = reflect.TypeOf(float64(0))
+	stringType      = reflect.TypeOf("")
+	signatureType   = reflect.TypeOf(Signature{""})
+	objectPathType  = reflect.TypeOf(ObjectPath(""))
+	variantType     = reflect.TypeOf(Variant{Signature{""}, nil})
+	interfacesType  = reflect.TypeOf([]interface{}{})
+	unixFDType      = reflect.TypeOf(UnixFD(0))
+	unixFDIndexType = reflect.TypeOf(UnixFDIndex(0))
+)
+
+// An InvalidTypeError signals that a value which cannot be represented in the
+// D-Bus wire format was passed to a function.
+type InvalidTypeError struct {
+	Type reflect.Type
+}
+
+func (e InvalidTypeError) Error() string {
+	return "dbus: invalid type " + e.Type.String()
+}
+
+// Store copies the values contained in src to dest, which must be a slice of
+// pointers. It converts slices of interfaces from src to corresponding structs
+// in dest. An error is returned if the lengths of src and dest or the types of
+// their elements don't match.
+func Store(src []interface{}, dest ...interface{}) error {
+	if len(src) != len(dest) {
+		return errors.New("dbus.Store: length mismatch")
+	}
+
+	for i := range src {
+		if err := store(src[i], dest[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func store(src, dest interface{}) error {
+	if reflect.TypeOf(dest).Elem() == reflect.TypeOf(src) {
+		reflect.ValueOf(dest).Elem().Set(reflect.ValueOf(src))
+		return nil
+	} else if hasStruct(dest) {
+		rv := reflect.ValueOf(dest).Elem()
+		switch rv.Kind() {
+		case reflect.Struct:
+			vs, ok := src.([]interface{})
+			if !ok {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			t := rv.Type()
+			ndest := make([]interface{}, 0, rv.NumField())
+			for i := 0; i < rv.NumField(); i++ {
+				field := t.Field(i)
+				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+					ndest = append(ndest, rv.Field(i).Addr().Interface())
+				}
+			}
+			if len(vs) != len(ndest) {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			err := Store(vs, ndest...)
+			if err != nil {
+				return errors.New("dbus.Store: type mismatch")
+			}
+		case reflect.Slice:
+			sv := reflect.ValueOf(src)
+			if sv.Kind() != reflect.Slice {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			rv.Set(reflect.MakeSlice(rv.Type(), sv.Len(), sv.Len()))
+			for i := 0; i < sv.Len(); i++ {
+				if err := store(sv.Index(i).Interface(), rv.Index(i).Addr().Interface()); err != nil {
+					return err
+				}
+			}
+		case reflect.Map:
+			sv := reflect.ValueOf(src)
+			if sv.Kind() != reflect.Map {
+				return errors.New("dbus.Store: type mismatch")
+			}
+			keys := sv.MapKeys()
+			rv.Set(reflect.MakeMap(sv.Type()))
+			for _, key := range keys {
+				v := reflect.New(sv.Type().Elem())
+				if err := store(v, sv.MapIndex(key).Interface()); err != nil {
+					return err
+				}
+				rv.SetMapIndex(key, v.Elem())
+			}
+		default:
+			return errors.New("dbus.Store: type mismatch")
+		}
+		return nil
+	} else {
+		return errors.New("dbus.Store: type mismatch")
+	}
+}
+
+func hasStruct(v interface{}) bool {
+	t := reflect.TypeOf(v)
+	for {
+		switch t.Kind() {
+		case reflect.Struct:
+			return true
+		case reflect.Slice, reflect.Ptr, reflect.Map:
+			t = t.Elem()
+		default:
+			return false
+		}
+	}
+}
+
+// An ObjectPath is an object path as defined by the D-Bus spec.
+type ObjectPath string
+
+// IsValid returns whether the object path is valid.
+func (o ObjectPath) IsValid() bool {
+	s := string(o)
+	if len(s) == 0 {
+		return false
+	}
+	if s[0] != '/' {
+		return false
+	}
+	if s[len(s)-1] == '/' && len(s) != 1 {
+		return false
+	}
+	// probably not used, but technically possible
+	if s == "/" {
+		return true
+	}
+	split := strings.Split(s[1:], "/")
+	for _, v := range split {
+		if len(v) == 0 {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// A UnixFD is a Unix file descriptor sent over the wire. See the package-level
+// documentation for more information about Unix file descriptor passsing.
+type UnixFD int32
+
+// A UnixFDIndex is the representation of a Unix file descriptor in a message.
+type UnixFDIndex uint32
+
+// alignment returns the alignment of values of type t.
+func alignment(t reflect.Type) int {
+	switch t {
+	case variantType:
+		return 1
+	case objectPathType:
+		return 4
+	case signatureType:
+		return 1
+	case interfacesType: // sometimes used for structs
+		return 8
+	}
+	switch t.Kind() {
+	case reflect.Uint8:
+		return 1
+	case reflect.Uint16, reflect.Int16:
+		return 2
+	case reflect.Uint32, reflect.Int32, reflect.String, reflect.Array, reflect.Slice, reflect.Map:
+		return 4
+	case reflect.Uint64, reflect.Int64, reflect.Float64, reflect.Struct:
+		return 8
+	case reflect.Ptr:
+		return alignment(t.Elem())
+	}
+	return 1
+}
+
+// isKeyType returns whether t is a valid type for a D-Bus dict.
+func isKeyType(t reflect.Type) bool {
+	switch t.Kind() {
+	case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64,
+		reflect.Int16, reflect.Int32, reflect.Int64, reflect.Float64,
+		reflect.String:
+
+		return true
+	}
+	return false
+}
+
+// isValidInterface returns whether s is a valid name for an interface.
+func isValidInterface(s string) bool {
+	if len(s) == 0 || len(s) > 255 || s[0] == '.' {
+		return false
+	}
+	elem := strings.Split(s, ".")
+	if len(elem) < 2 {
+		return false
+	}
+	for _, v := range elem {
+		if len(v) == 0 {
+			return false
+		}
+		if v[0] >= '0' && v[0] <= '9' {
+			return false
+		}
+		for _, c := range v {
+			if !isMemberChar(c) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// isValidMember returns whether s is a valid name for a member.
+func isValidMember(s string) bool {
+	if len(s) == 0 || len(s) > 255 {
+		return false
+	}
+	i := strings.Index(s, ".")
+	if i != -1 {
+		return false
+	}
+	if s[0] >= '0' && s[0] <= '9' {
+		return false
+	}
+	for _, c := range s {
+		if !isMemberChar(c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isMemberChar(c rune) bool {
+	return (c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') ||
+		(c >= 'a' && c <= 'z') || c == '_'
+}
diff --git a/vendor/src/github.com/godbus/dbus/decoder.go b/vendor/src/github.com/godbus/dbus/decoder.go
new file mode 100644
index 0000000000..ef50dcab98
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/decoder.go
@@ -0,0 +1,228 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+type decoder struct {
+	in    io.Reader
+	order binary.ByteOrder
+	pos   int
+}
+
+// newDecoder returns a new decoder that reads values from in. The input is
+// expected to be in the given byte order.
+func newDecoder(in io.Reader, order binary.ByteOrder) *decoder {
+	dec := new(decoder)
+	dec.in = in
+	dec.order = order
+	return dec
+}
+
+// align aligns the input to the given boundary and panics on error.
+func (dec *decoder) align(n int) {
+	if dec.pos%n != 0 {
+		newpos := (dec.pos + n - 1) & ^(n - 1)
+		empty := make([]byte, newpos-dec.pos)
+		if _, err := io.ReadFull(dec.in, empty); err != nil {
+			panic(err)
+		}
+		dec.pos = newpos
+	}
+}
+
+// Calls binary.Read(dec.in, dec.order, v) and panics on read errors.
+func (dec *decoder) binread(v interface{}) {
+	if err := binary.Read(dec.in, dec.order, v); err != nil {
+		panic(err)
+	}
+}
+
+func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) {
+	defer func() {
+		var ok bool
+		v := recover()
+		if err, ok = v.(error); ok {
+			if err == io.EOF || err == io.ErrUnexpectedEOF {
+				err = FormatError("unexpected EOF")
+			}
+		}
+	}()
+	vs = make([]interface{}, 0)
+	s := sig.str
+	for s != "" {
+		err, rem := validSingle(s, 0)
+		if err != nil {
+			return nil, err
+		}
+		v := dec.decode(s[:len(s)-len(rem)], 0)
+		vs = append(vs, v)
+		s = rem
+	}
+	return vs, nil
+}
+
+func (dec *decoder) decode(s string, depth int) interface{} {
+	dec.align(alignment(typeFor(s)))
+	switch s[0] {
+	case 'y':
+		var b [1]byte
+		if _, err := dec.in.Read(b[:]); err != nil {
+			panic(err)
+		}
+		dec.pos++
+		return b[0]
+	case 'b':
+		i := dec.decode("u", depth).(uint32)
+		switch {
+		case i == 0:
+			return false
+		case i == 1:
+			return true
+		default:
+			panic(FormatError("invalid value for boolean"))
+		}
+	case 'n':
+		var i int16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'i':
+		var i int32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 'x':
+		var i int64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'q':
+		var i uint16
+		dec.binread(&i)
+		dec.pos += 2
+		return i
+	case 'u':
+		var i uint32
+		dec.binread(&i)
+		dec.pos += 4
+		return i
+	case 't':
+		var i uint64
+		dec.binread(&i)
+		dec.pos += 8
+		return i
+	case 'd':
+		var f float64
+		dec.binread(&f)
+		dec.pos += 8
+		return f
+	case 's':
+		length := dec.decode("u", depth).(uint32)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		return string(b[:len(b)-1])
+	case 'o':
+		return ObjectPath(dec.decode("s", depth).(string))
+	case 'g':
+		length := dec.decode("y", depth).(byte)
+		b := make([]byte, int(length)+1)
+		if _, err := io.ReadFull(dec.in, b); err != nil {
+			panic(err)
+		}
+		dec.pos += int(length) + 1
+		sig, err := ParseSignature(string(b[:len(b)-1]))
+		if err != nil {
+			panic(err)
+		}
+		return sig
+	case 'v':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		var variant Variant
+		sig := dec.decode("g", depth).(Signature)
+		if len(sig.str) == 0 {
+			panic(FormatError("variant signature is empty"))
+		}
+		err, rem := validSingle(sig.str, 0)
+		if err != nil {
+			panic(err)
+		}
+		if rem != "" {
+			panic(FormatError("variant signature has multiple types"))
+		}
+		variant.sig = sig
+		variant.value = dec.decode(sig.str, depth+1)
+		return variant
+	case 'h':
+		return UnixFDIndex(dec.decode("u", depth).(uint32))
+	case 'a':
+		if len(s) > 1 && s[1] == '{' {
+			ksig := s[2:3]
+			vsig := s[3 : len(s)-1]
+			v := reflect.MakeMap(reflect.MapOf(typeFor(ksig), typeFor(vsig)))
+			if depth >= 63 {
+				panic(FormatError("input exceeds container depth limit"))
+			}
+			length := dec.decode("u", depth).(uint32)
+			// Even for empty maps, the correct padding must be included
+			dec.align(8)
+			spos := dec.pos
+			for dec.pos < spos+int(length) {
+				dec.align(8)
+				if !isKeyType(v.Type().Key()) {
+					panic(InvalidTypeError{v.Type()})
+				}
+				kv := dec.decode(ksig, depth+2)
+				vv := dec.decode(vsig, depth+2)
+				v.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
+			}
+			return v.Interface()
+		}
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		length := dec.decode("u", depth).(uint32)
+		v := reflect.MakeSlice(reflect.SliceOf(typeFor(s[1:])), 0, int(length))
+		// Even for empty arrays, the correct padding must be included
+		dec.align(alignment(typeFor(s[1:])))
+		spos := dec.pos
+		for dec.pos < spos+int(length) {
+			ev := dec.decode(s[1:], depth+1)
+			v = reflect.Append(v, reflect.ValueOf(ev))
+		}
+		return v.Interface()
+	case '(':
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		dec.align(8)
+		v := make([]interface{}, 0)
+		s = s[1 : len(s)-1]
+		for s != "" {
+			err, rem := validSingle(s, 0)
+			if err != nil {
+				panic(err)
+			}
+			ev := dec.decode(s[:len(s)-len(rem)], depth+1)
+			v = append(v, ev)
+			s = rem
+		}
+		return v
+	default:
+		panic(SignatureError{Sig: s})
+	}
+}
+
+// A FormatError is an error in the wire format.
+type FormatError string
+
+func (e FormatError) Error() string {
+	return "dbus: wire format error: " + string(e)
+}
diff --git a/vendor/src/github.com/godbus/dbus/doc.go b/vendor/src/github.com/godbus/dbus/doc.go
new file mode 100644
index 0000000000..deff554a38
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/doc.go
@@ -0,0 +1,63 @@
+/*
+Package dbus implements bindings to the D-Bus message bus system.
+
+To use the message bus API, you first need to connect to a bus (usually the
+session or system bus). The acquired connection then can be used to call methods
+on remote objects and emit or receive signals. Using the Export method, you can
+arrange D-Bus methods calls to be directly translated to method calls on a Go
+value.
+
+Conversion Rules
+
+For outgoing messages, Go types are automatically converted to the
+corresponding D-Bus types. The following types are directly encoded as their
+respective D-Bus equivalents:
+
+     Go type     | D-Bus type
+     ------------+-----------
+     byte        | BYTE
+     bool        | BOOLEAN
+     int16       | INT16
+     uint16      | UINT16
+     int32       | INT32
+     uint32      | UINT32
+     int64       | INT64
+     uint64      | UINT64
+     float64     | DOUBLE
+     string      | STRING
+     ObjectPath  | OBJECT_PATH
+     Signature   | SIGNATURE
+     Variant     | VARIANT
+     UnixFDIndex | UNIX_FD
+
+Slices and arrays encode as ARRAYs of their element type.
+
+Maps encode as DICTs, provided that their key type can be used as a key for
+a DICT.
+
+Structs other than Variant and Signature encode as a STRUCT containing their
+exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
+be skipped.
+
+Pointers encode as the value they're pointed to.
+
+Trying to encode any other type or a slice, map or struct containing an
+unsupported type will result in an InvalidTypeError.
+
+For incoming messages, the inverse of these rules are used, with the exception
+of STRUCTs. Incoming STRUCTS are represented as a slice of empty interfaces
+containing the struct fields in the correct order. The Store function can be
+used to convert such values to Go structs.
+
+Unix FD passing
+
+Handling Unix file descriptors deserves special mention. To use them, you should
+first check that they are supported on a connection by calling SupportsUnixFDs.
+If it returns true, all method of Connection will translate messages containing
+UnixFD's to messages that are accompanied by the given file descriptors with the
+UnixFD values being substituted by the correct indices. Similarily, the indices
+of incoming messages are automatically resolved. It shouldn't be necessary to use
+UnixFDIndex.
+
+*/
+package dbus
diff --git a/vendor/src/github.com/godbus/dbus/encoder.go b/vendor/src/github.com/godbus/dbus/encoder.go
new file mode 100644
index 0000000000..f9d2f05716
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/encoder.go
@@ -0,0 +1,179 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io"
+	"reflect"
+)
+
+// An encoder encodes values to the D-Bus wire format.
+type encoder struct {
+	out   io.Writer
+	order binary.ByteOrder
+	pos   int
+}
+
+// NewEncoder returns a new encoder that writes to out in the given byte order.
+func newEncoder(out io.Writer, order binary.ByteOrder) *encoder {
+	enc := new(encoder)
+	enc.out = out
+	enc.order = order
+	return enc
+}
+
+// Aligns the next output to be on a multiple of n. Panics on write errors.
+func (enc *encoder) align(n int) {
+	if enc.pos%n != 0 {
+		newpos := (enc.pos + n - 1) & ^(n - 1)
+		empty := make([]byte, newpos-enc.pos)
+		if _, err := enc.out.Write(empty); err != nil {
+			panic(err)
+		}
+		enc.pos = newpos
+	}
+}
+
+// Calls binary.Write(enc.out, enc.order, v) and panics on write errors.
+func (enc *encoder) binwrite(v interface{}) {
+	if err := binary.Write(enc.out, enc.order, v); err != nil {
+		panic(err)
+	}
+}
+
+// Encode encodes the given values to the underyling reader. All written values
+// are aligned properly as required by the D-Bus spec.
+func (enc *encoder) Encode(vs ...interface{}) (err error) {
+	defer func() {
+		err, _ = recover().(error)
+	}()
+	for _, v := range vs {
+		enc.encode(reflect.ValueOf(v), 0)
+	}
+	return nil
+}
+
+// encode encodes the given value to the writer and panics on error. depth holds
+// the depth of the container nesting.
+func (enc *encoder) encode(v reflect.Value, depth int) {
+	enc.align(alignment(v.Type()))
+	switch v.Kind() {
+	case reflect.Uint8:
+		var b [1]byte
+		b[0] = byte(v.Uint())
+		if _, err := enc.out.Write(b[:]); err != nil {
+			panic(err)
+		}
+		enc.pos++
+	case reflect.Bool:
+		if v.Bool() {
+			enc.encode(reflect.ValueOf(uint32(1)), depth)
+		} else {
+			enc.encode(reflect.ValueOf(uint32(0)), depth)
+		}
+	case reflect.Int16:
+		enc.binwrite(int16(v.Int()))
+		enc.pos += 2
+	case reflect.Uint16:
+		enc.binwrite(uint16(v.Uint()))
+		enc.pos += 2
+	case reflect.Int32:
+		enc.binwrite(int32(v.Int()))
+		enc.pos += 4
+	case reflect.Uint32:
+		enc.binwrite(uint32(v.Uint()))
+		enc.pos += 4
+	case reflect.Int64:
+		enc.binwrite(v.Int())
+		enc.pos += 8
+	case reflect.Uint64:
+		enc.binwrite(v.Uint())
+		enc.pos += 8
+	case reflect.Float64:
+		enc.binwrite(v.Float())
+		enc.pos += 8
+	case reflect.String:
+		enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth)
+		b := make([]byte, v.Len()+1)
+		copy(b, v.String())
+		b[len(b)-1] = 0
+		n, err := enc.out.Write(b)
+		if err != nil {
+			panic(err)
+		}
+		enc.pos += n
+	case reflect.Ptr:
+		enc.encode(v.Elem(), depth)
+	case reflect.Slice, reflect.Array:
+		if depth >= 64 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		var buf bytes.Buffer
+		bufenc := newEncoder(&buf, enc.order)
+
+		for i := 0; i < v.Len(); i++ {
+			bufenc.encode(v.Index(i), depth+1)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(alignment(v.Type().Elem()))
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	case reflect.Struct:
+		if depth >= 64 && v.Type() != signatureType {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		switch t := v.Type(); t {
+		case signatureType:
+			str := v.Field(0)
+			enc.encode(reflect.ValueOf(byte(str.Len())), depth+1)
+			b := make([]byte, str.Len()+1)
+			copy(b, str.String())
+			b[len(b)-1] = 0
+			n, err := enc.out.Write(b)
+			if err != nil {
+				panic(err)
+			}
+			enc.pos += n
+		case variantType:
+			variant := v.Interface().(Variant)
+			enc.encode(reflect.ValueOf(variant.sig), depth+1)
+			enc.encode(reflect.ValueOf(variant.value), depth+1)
+		default:
+			for i := 0; i < v.Type().NumField(); i++ {
+				field := t.Field(i)
+				if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+					enc.encode(v.Field(i), depth+1)
+				}
+			}
+		}
+	case reflect.Map:
+		// Maps are arrays of structures, so they actually increase the depth by
+		// 2.
+		if depth >= 63 {
+			panic(FormatError("input exceeds container depth limit"))
+		}
+		if !isKeyType(v.Type().Key()) {
+			panic(InvalidTypeError{v.Type()})
+		}
+		keys := v.MapKeys()
+		var buf bytes.Buffer
+		bufenc := newEncoder(&buf, enc.order)
+		for _, k := range keys {
+			bufenc.align(8)
+			bufenc.encode(k, depth+2)
+			bufenc.encode(v.MapIndex(k), depth+2)
+		}
+		enc.encode(reflect.ValueOf(uint32(buf.Len())), depth)
+		length := buf.Len()
+		enc.align(8)
+		if _, err := buf.WriteTo(enc.out); err != nil {
+			panic(err)
+		}
+		enc.pos += length
+	default:
+		panic(InvalidTypeError{v.Type()})
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/examples_test.go b/vendor/src/github.com/godbus/dbus/examples_test.go
new file mode 100644
index 0000000000..0218ac5598
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/examples_test.go
@@ -0,0 +1,50 @@
+package dbus
+
+import "fmt"
+
+func ExampleConn_Emit() {
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	conn.Emit("/foo/bar", "foo.bar.Baz", uint32(0xDAEDBEEF))
+}
+
+func ExampleObject_Call() {
+	var list []string
+
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	err = conn.BusObject().Call("org.freedesktop.DBus.ListNames", 0).Store(&list)
+	if err != nil {
+		panic(err)
+	}
+	for _, v := range list {
+		fmt.Println(v)
+	}
+}
+
+func ExampleObject_Go() {
+	conn, err := SessionBus()
+	if err != nil {
+		panic(err)
+	}
+
+	ch := make(chan *Call, 10)
+	conn.BusObject().Go("org.freedesktop.DBus.ListActivatableNames", 0, ch)
+	select {
+	case call := <-ch:
+		if call.Err != nil {
+			panic(err)
+		}
+		list := call.Body[0].([]string)
+		for _, v := range list {
+			fmt.Println(v)
+		}
+		// put some other cases here
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/export.go b/vendor/src/github.com/godbus/dbus/export.go
new file mode 100644
index 0000000000..1dd1591528
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/export.go
@@ -0,0 +1,302 @@
+package dbus
+
+import (
+	"errors"
+	"reflect"
+	"strings"
+	"unicode"
+)
+
+var (
+	errmsgInvalidArg = Error{
+		"org.freedesktop.DBus.Error.InvalidArgs",
+		[]interface{}{"Invalid type / number of args"},
+	}
+	errmsgNoObject = Error{
+		"org.freedesktop.DBus.Error.NoSuchObject",
+		[]interface{}{"No such object"},
+	}
+	errmsgUnknownMethod = Error{
+		"org.freedesktop.DBus.Error.UnknownMethod",
+		[]interface{}{"Unknown / invalid method"},
+	}
+)
+
+// Sender is a type which can be used in exported methods to receive the message
+// sender.
+type Sender string
+
+func exportedMethod(v interface{}, name string) reflect.Value {
+	if v == nil {
+		return reflect.Value{}
+	}
+	m := reflect.ValueOf(v).MethodByName(name)
+	if !m.IsValid() {
+		return reflect.Value{}
+	}
+	t := m.Type()
+	if t.NumOut() == 0 ||
+		t.Out(t.NumOut()-1) != reflect.TypeOf(&errmsgInvalidArg) {
+
+		return reflect.Value{}
+	}
+	return m
+}
+
+// handleCall handles the given method call (i.e. looks if it's one of the
+// pre-implemented ones and searches for a corresponding handler if not).
+func (conn *Conn) handleCall(msg *Message) {
+	name := msg.Headers[FieldMember].value.(string)
+	path := msg.Headers[FieldPath].value.(ObjectPath)
+	ifaceName, hasIface := msg.Headers[FieldInterface].value.(string)
+	sender, hasSender := msg.Headers[FieldSender].value.(string)
+	serial := msg.serial
+	if ifaceName == "org.freedesktop.DBus.Peer" {
+		switch name {
+		case "Ping":
+			conn.sendReply(sender, serial)
+		case "GetMachineId":
+			conn.sendReply(sender, serial, conn.uuid)
+		default:
+			conn.sendError(errmsgUnknownMethod, sender, serial)
+		}
+		return
+	}
+	if len(name) == 0 || unicode.IsLower([]rune(name)[0]) {
+		conn.sendError(errmsgUnknownMethod, sender, serial)
+	}
+	var m reflect.Value
+	if hasIface {
+		conn.handlersLck.RLock()
+		obj, ok := conn.handlers[path]
+		if !ok {
+			conn.sendError(errmsgNoObject, sender, serial)
+			conn.handlersLck.RUnlock()
+			return
+		}
+		iface := obj[ifaceName]
+		conn.handlersLck.RUnlock()
+		m = exportedMethod(iface, name)
+	} else {
+		conn.handlersLck.RLock()
+		if _, ok := conn.handlers[path]; !ok {
+			conn.sendError(errmsgNoObject, sender, serial)
+			conn.handlersLck.RUnlock()
+			return
+		}
+		for _, v := range conn.handlers[path] {
+			m = exportedMethod(v, name)
+			if m.IsValid() {
+				break
+			}
+		}
+		conn.handlersLck.RUnlock()
+	}
+	if !m.IsValid() {
+		conn.sendError(errmsgUnknownMethod, sender, serial)
+		return
+	}
+	t := m.Type()
+	vs := msg.Body
+	pointers := make([]interface{}, t.NumIn())
+	decode := make([]interface{}, 0, len(vs))
+	for i := 0; i < t.NumIn(); i++ {
+		tp := t.In(i)
+		val := reflect.New(tp)
+		pointers[i] = val.Interface()
+		if tp == reflect.TypeOf((*Sender)(nil)).Elem() {
+			val.Elem().SetString(sender)
+		} else {
+			decode = append(decode, pointers[i])
+		}
+	}
+	if len(decode) != len(vs) {
+		conn.sendError(errmsgInvalidArg, sender, serial)
+		return
+	}
+	if err := Store(vs, decode...); err != nil {
+		conn.sendError(errmsgInvalidArg, sender, serial)
+		return
+	}
+	params := make([]reflect.Value, len(pointers))
+	for i := 0; i < len(pointers); i++ {
+		params[i] = reflect.ValueOf(pointers[i]).Elem()
+	}
+	ret := m.Call(params)
+	if em := ret[t.NumOut()-1].Interface().(*Error); em != nil {
+		conn.sendError(*em, sender, serial)
+		return
+	}
+	if msg.Flags&FlagNoReplyExpected == 0 {
+		reply := new(Message)
+		reply.Type = TypeMethodReply
+		reply.serial = conn.getSerial()
+		reply.Headers = make(map[HeaderField]Variant)
+		if hasSender {
+			reply.Headers[FieldDestination] = msg.Headers[FieldSender]
+		}
+		reply.Headers[FieldReplySerial] = MakeVariant(msg.serial)
+		reply.Body = make([]interface{}, len(ret)-1)
+		for i := 0; i < len(ret)-1; i++ {
+			reply.Body[i] = ret[i].Interface()
+		}
+		if len(ret) != 1 {
+			reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
+		}
+		conn.outLck.RLock()
+		if !conn.closed {
+			conn.out <- reply
+		}
+		conn.outLck.RUnlock()
+	}
+}
+
+// Emit emits the given signal on the message bus. The name parameter must be
+// formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
+func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
+	if !path.IsValid() {
+		return errors.New("dbus: invalid object path")
+	}
+	i := strings.LastIndex(name, ".")
+	if i == -1 {
+		return errors.New("dbus: invalid method name")
+	}
+	iface := name[:i]
+	member := name[i+1:]
+	if !isValidMember(member) {
+		return errors.New("dbus: invalid method name")
+	}
+	if !isValidInterface(iface) {
+		return errors.New("dbus: invalid interface name")
+	}
+	msg := new(Message)
+	msg.Type = TypeSignal
+	msg.serial = conn.getSerial()
+	msg.Headers = make(map[HeaderField]Variant)
+	msg.Headers[FieldInterface] = MakeVariant(iface)
+	msg.Headers[FieldMember] = MakeVariant(member)
+	msg.Headers[FieldPath] = MakeVariant(path)
+	msg.Body = values
+	if len(values) > 0 {
+		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
+	}
+	conn.outLck.RLock()
+	defer conn.outLck.RUnlock()
+	if conn.closed {
+		return ErrClosed
+	}
+	conn.out <- msg
+	return nil
+}
+
+// Export registers the given value to be exported as an object on the
+// message bus.
+//
+// If a method call on the given path and interface is received, an exported
+// method with the same name is called with v as the receiver if the
+// parameters match and the last return value is of type *Error. If this
+// *Error is not nil, it is sent back to the caller as an error.
+// Otherwise, a method reply is sent with the other return values as its body.
+//
+// Any parameters with the special type Sender are set to the sender of the
+// dbus message when the method is called. Parameters of this type do not
+// contribute to the dbus signature of the method (i.e. the method is exposed
+// as if the parameters of type Sender were not there).
+//
+// Every method call is executed in a new goroutine, so the method may be called
+// in multiple goroutines at once.
+//
+// Method calls on the interface org.freedesktop.DBus.Peer will be automatically
+// handled for every object.
+//
+// Passing nil as the first parameter will cause conn to cease handling calls on
+// the given combination of path and interface.
+//
+// Export returns an error if path is not a valid path name.
+func (conn *Conn) Export(v interface{}, path ObjectPath, iface string) error {
+	if !path.IsValid() {
+		return errors.New("dbus: invalid path name")
+	}
+	conn.handlersLck.Lock()
+	if v == nil {
+		if _, ok := conn.handlers[path]; ok {
+			delete(conn.handlers[path], iface)
+			if len(conn.handlers[path]) == 0 {
+				delete(conn.handlers, path)
+			}
+		}
+		return nil
+	}
+	if _, ok := conn.handlers[path]; !ok {
+		conn.handlers[path] = make(map[string]interface{})
+	}
+	conn.handlers[path][iface] = v
+	conn.handlersLck.Unlock()
+	return nil
+}
+
+// ReleaseName calls org.freedesktop.DBus.ReleaseName. You should use only this
+// method to release a name (see below).
+func (conn *Conn) ReleaseName(name string) (ReleaseNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.ReleaseName", 0, name).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	if r == uint32(ReleaseNameReplyReleased) {
+		conn.namesLck.Lock()
+		for i, v := range conn.names {
+			if v == name {
+				copy(conn.names[i:], conn.names[i+1:])
+				conn.names = conn.names[:len(conn.names)-1]
+			}
+		}
+		conn.namesLck.Unlock()
+	}
+	return ReleaseNameReply(r), nil
+}
+
+// RequestName calls org.freedesktop.DBus.RequestName. You should use only this
+// method to request a name because package dbus needs to keep track of all
+// names that the connection has.
+func (conn *Conn) RequestName(name string, flags RequestNameFlags) (RequestNameReply, error) {
+	var r uint32
+	err := conn.busObj.Call("org.freedesktop.DBus.RequestName", 0, name, flags).Store(&r)
+	if err != nil {
+		return 0, err
+	}
+	if r == uint32(RequestNameReplyPrimaryOwner) {
+		conn.namesLck.Lock()
+		conn.names = append(conn.names, name)
+		conn.namesLck.Unlock()
+	}
+	return RequestNameReply(r), nil
+}
+
+// ReleaseNameReply is the reply to a ReleaseName call.
+type ReleaseNameReply uint32
+
+const (
+	ReleaseNameReplyReleased ReleaseNameReply = 1 + iota
+	ReleaseNameReplyNonExistent
+	ReleaseNameReplyNotOwner
+)
+
+// RequestNameFlags represents the possible flags for a RequestName call.
+type RequestNameFlags uint32
+
+const (
+	NameFlagAllowReplacement RequestNameFlags = 1 << iota
+	NameFlagReplaceExisting
+	NameFlagDoNotQueue
+)
+
+// RequestNameReply is the reply to a RequestName call.
+type RequestNameReply uint32
+
+const (
+	RequestNameReplyPrimaryOwner RequestNameReply = 1 + iota
+	RequestNameReplyInQueue
+	RequestNameReplyExists
+	RequestNameReplyAlreadyOwner
+)
diff --git a/vendor/src/github.com/godbus/dbus/homedir.go b/vendor/src/github.com/godbus/dbus/homedir.go
new file mode 100644
index 0000000000..0b745f9313
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/homedir.go
@@ -0,0 +1,28 @@
+package dbus
+
+import (
+	"os"
+	"sync"
+)
+
+var (
+	homeDir     string
+	homeDirLock sync.Mutex
+)
+
+func getHomeDir() string {
+	homeDirLock.Lock()
+	defer homeDirLock.Unlock()
+
+	if homeDir != "" {
+		return homeDir
+	}
+
+	homeDir = os.Getenv("HOME")
+	if homeDir != "" {
+		return homeDir
+	}
+
+	homeDir = lookupHomeDir()
+	return homeDir
+}
diff --git a/vendor/src/github.com/godbus/dbus/homedir_dynamic.go b/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
new file mode 100644
index 0000000000..2732081e73
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/homedir_dynamic.go
@@ -0,0 +1,15 @@
+// +build !static_build
+
+package dbus
+
+import (
+	"os/user"
+)
+
+func lookupHomeDir() string {
+	u, err := user.Current()
+	if err != nil {
+		return "/"
+	}
+	return u.HomeDir
+}
diff --git a/vendor/src/github.com/godbus/dbus/homedir_static.go b/vendor/src/github.com/godbus/dbus/homedir_static.go
new file mode 100644
index 0000000000..b9d9cb5525
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/homedir_static.go
@@ -0,0 +1,45 @@
+// +build static_build
+
+package dbus
+
+import (
+	"bufio"
+	"os"
+	"strconv"
+	"strings"
+)
+
+func lookupHomeDir() string {
+	myUid := os.Getuid()
+
+	f, err := os.Open("/etc/passwd")
+	if err != nil {
+		return "/"
+	}
+	defer f.Close()
+
+	s := bufio.NewScanner(f)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			break
+		}
+
+		line := strings.TrimSpace(s.Text())
+		if line == "" {
+			continue
+		}
+
+		parts := strings.Split(line, ":")
+
+		if len(parts) >= 6 {
+			uid, err := strconv.Atoi(parts[2])
+			if err == nil && uid == myUid {
+				return parts[5]
+			}
+		}
+	}
+
+	// Default to / if we can't get a better value
+	return "/"
+}
diff --git a/vendor/src/github.com/godbus/dbus/introspect/call.go b/vendor/src/github.com/godbus/dbus/introspect/call.go
new file mode 100644
index 0000000000..4aca2ea63e
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/introspect/call.go
@@ -0,0 +1,27 @@
+package introspect
+
+import (
+	"encoding/xml"
+	"github.com/godbus/dbus"
+	"strings"
+)
+
+// Call calls org.freedesktop.Introspectable.Introspect on a remote object
+// and returns the introspection data.
+func Call(o *dbus.Object) (*Node, error) {
+	var xmldata string
+	var node Node
+
+	err := o.Call("org.freedesktop.DBus.Introspectable.Introspect", 0).Store(&xmldata)
+	if err != nil {
+		return nil, err
+	}
+	err = xml.NewDecoder(strings.NewReader(xmldata)).Decode(&node)
+	if err != nil {
+		return nil, err
+	}
+	if node.Name == "" {
+		node.Name = string(o.Path())
+	}
+	return &node, nil
+}
diff --git a/vendor/src/github.com/godbus/dbus/introspect/introspect.go b/vendor/src/github.com/godbus/dbus/introspect/introspect.go
new file mode 100644
index 0000000000..dafcdb8b7a
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/introspect/introspect.go
@@ -0,0 +1,80 @@
+// Package introspect provides some utilities for dealing with the DBus
+// introspection format.
+package introspect
+
+import "encoding/xml"
+
+// The introspection data for the org.freedesktop.DBus.Introspectable interface.
+var IntrospectData = Interface{
+	Name: "org.freedesktop.DBus.Introspectable",
+	Methods: []Method{
+		{
+			Name: "Introspect",
+			Args: []Arg{
+				{"out", "s", "out"},
+			},
+		},
+	},
+}
+
+// The introspection data for the org.freedesktop.DBus.Introspectable interface,
+// as a string.
+const IntrospectDataString = `
+	<interface name="org.freedesktop.DBus.Introspectable">
+		<method name="Introspect">
+			<arg name="out" direction="out" type="s"/>
+		</method>
+	</interface>
+`
+
+// Node is the root element of an introspection.
+type Node struct {
+	XMLName    xml.Name    `xml:"node"`
+	Name       string      `xml:"name,attr,omitempty"`
+	Interfaces []Interface `xml:"interface"`
+	Children   []Node      `xml:"node,omitempty"`
+}
+
+// Interface describes a DBus interface that is available on the message bus.
+type Interface struct {
+	Name        string       `xml:"name,attr"`
+	Methods     []Method     `xml:"method"`
+	Signals     []Signal     `xml:"signal"`
+	Properties  []Property   `xml:"property"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Method describes a Method on an Interface as retured by an introspection.
+type Method struct {
+	Name        string       `xml:"name,attr"`
+	Args        []Arg        `xml:"arg"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Signal describes a Signal emitted on an Interface.
+type Signal struct {
+	Name        string       `xml:"name,attr"`
+	Args        []Arg        `xml:"arg"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Property describes a property of an Interface.
+type Property struct {
+	Name        string       `xml:"name,attr"`
+	Type        string       `xml:"type,attr"`
+	Access      string       `xml:"access,attr"`
+	Annotations []Annotation `xml:"annotation"`
+}
+
+// Arg represents an argument of a method or a signal.
+type Arg struct {
+	Name      string `xml:"name,attr,omitempty"`
+	Type      string `xml:"type,attr"`
+	Direction string `xml:"direction,attr,omitempty"`
+}
+
+// Annotation is an annotation in the introspection format.
+type Annotation struct {
+	Name  string `xml:"name,attr"`
+	Value string `xml:"value,attr"`
+}
diff --git a/vendor/src/github.com/godbus/dbus/introspect/introspectable.go b/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
new file mode 100644
index 0000000000..a2a965a343
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/introspect/introspectable.go
@@ -0,0 +1,74 @@
+package introspect
+
+import (
+	"encoding/xml"
+	"github.com/godbus/dbus"
+	"reflect"
+)
+
+// Introspectable implements org.freedesktop.Introspectable.
+//
+// You can create it by converting the XML-formatted introspection data from a
+// string to an Introspectable or call NewIntrospectable with a Node. Then,
+// export it as org.freedesktop.Introspectable on you object.
+type Introspectable string
+
+// NewIntrospectable returns an Introspectable that returns the introspection
+// data that corresponds to the given Node. If n.Interfaces doesn't contain the
+// data for org.freedesktop.DBus.Introspectable, it is added automatically.
+func NewIntrospectable(n *Node) Introspectable {
+	found := false
+	for _, v := range n.Interfaces {
+		if v.Name == "org.freedesktop.DBus.Introspectable" {
+			found = true
+			break
+		}
+	}
+	if !found {
+		n.Interfaces = append(n.Interfaces, IntrospectData)
+	}
+	b, err := xml.Marshal(n)
+	if err != nil {
+		panic(err)
+	}
+	return Introspectable(b)
+}
+
+// Introspect implements org.freedesktop.Introspectable.Introspect.
+func (i Introspectable) Introspect() (string, *dbus.Error) {
+	return string(i), nil
+}
+
+// Methods returns the description of the methods of v. This can be used to
+// create a Node which can be passed to NewIntrospectable.
+func Methods(v interface{}) []Method {
+	t := reflect.TypeOf(v)
+	ms := make([]Method, 0, t.NumMethod())
+	for i := 0; i < t.NumMethod(); i++ {
+		if t.Method(i).PkgPath != "" {
+			continue
+		}
+		mt := t.Method(i).Type
+		if mt.NumOut() == 0 ||
+			mt.Out(mt.NumOut()-1) != reflect.TypeOf(&dbus.Error{"", nil}) {
+
+			continue
+		}
+		var m Method
+		m.Name = t.Method(i).Name
+		m.Args = make([]Arg, 0, mt.NumIn()+mt.NumOut()-2)
+		for j := 1; j < mt.NumIn(); j++ {
+			if mt.In(j) != reflect.TypeOf((*dbus.Sender)(nil)).Elem() {
+				arg := Arg{"", dbus.SignatureOfType(mt.In(j)).String(), "in"}
+				m.Args = append(m.Args, arg)
+			}
+		}
+		for j := 0; j < mt.NumOut()-1; j++ {
+			arg := Arg{"", dbus.SignatureOfType(mt.Out(j)).String(), "out"}
+			m.Args = append(m.Args, arg)
+		}
+		m.Annotations = make([]Annotation, 0)
+		ms = append(ms, m)
+	}
+	return ms
+}
diff --git a/vendor/src/github.com/godbus/dbus/message.go b/vendor/src/github.com/godbus/dbus/message.go
new file mode 100644
index 0000000000..075d6e38ba
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/message.go
@@ -0,0 +1,346 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"reflect"
+	"strconv"
+)
+
+const protoVersion byte = 1
+
+// Flags represents the possible flags of a D-Bus message.
+type Flags byte
+
+const (
+	// FlagNoReplyExpected signals that the message is not expected to generate
+	// a reply. If this flag is set on outgoing messages, any possible reply
+	// will be discarded.
+	FlagNoReplyExpected Flags = 1 << iota
+	// FlagNoAutoStart signals that the message bus should not automatically
+	// start an application when handling this message.
+	FlagNoAutoStart
+)
+
+// Type represents the possible types of a D-Bus message.
+type Type byte
+
+const (
+	TypeMethodCall Type = 1 + iota
+	TypeMethodReply
+	TypeError
+	TypeSignal
+	typeMax
+)
+
+func (t Type) String() string {
+	switch t {
+	case TypeMethodCall:
+		return "method call"
+	case TypeMethodReply:
+		return "reply"
+	case TypeError:
+		return "error"
+	case TypeSignal:
+		return "signal"
+	}
+	return "invalid"
+}
+
+// HeaderField represents the possible byte codes for the headers
+// of a D-Bus message.
+type HeaderField byte
+
+const (
+	FieldPath HeaderField = 1 + iota
+	FieldInterface
+	FieldMember
+	FieldErrorName
+	FieldReplySerial
+	FieldDestination
+	FieldSender
+	FieldSignature
+	FieldUnixFDs
+	fieldMax
+)
+
+// An InvalidMessageError describes the reason why a D-Bus message is regarded as
+// invalid.
+type InvalidMessageError string
+
+func (e InvalidMessageError) Error() string {
+	return "dbus: invalid message: " + string(e)
+}
+
+// fieldType are the types of the various header fields.
+var fieldTypes = [fieldMax]reflect.Type{
+	FieldPath:        objectPathType,
+	FieldInterface:   stringType,
+	FieldMember:      stringType,
+	FieldErrorName:   stringType,
+	FieldReplySerial: uint32Type,
+	FieldDestination: stringType,
+	FieldSender:      stringType,
+	FieldSignature:   signatureType,
+	FieldUnixFDs:     uint32Type,
+}
+
+// requiredFields lists the header fields that are required by the different
+// message types.
+var requiredFields = [typeMax][]HeaderField{
+	TypeMethodCall:  {FieldPath, FieldMember},
+	TypeMethodReply: {FieldReplySerial},
+	TypeError:       {FieldErrorName, FieldReplySerial},
+	TypeSignal:      {FieldPath, FieldInterface, FieldMember},
+}
+
+// Message represents a single D-Bus message.
+type Message struct {
+	Type
+	Flags
+	Headers map[HeaderField]Variant
+	Body    []interface{}
+
+	serial uint32
+}
+
+type header struct {
+	Field byte
+	Variant
+}
+
+// DecodeMessage tries to decode a single message in the D-Bus wire format
+// from the given reader. The byte order is figured out from the first byte.
+// The possibly returned error can be an error of the underlying reader, an
+// InvalidMessageError or a FormatError.
+func DecodeMessage(rd io.Reader) (msg *Message, err error) {
+	var order binary.ByteOrder
+	var hlength, length uint32
+	var typ, flags, proto byte
+	var headers []header
+
+	b := make([]byte, 1)
+	_, err = rd.Read(b)
+	if err != nil {
+		return
+	}
+	switch b[0] {
+	case 'l':
+		order = binary.LittleEndian
+	case 'B':
+		order = binary.BigEndian
+	default:
+		return nil, InvalidMessageError("invalid byte order")
+	}
+
+	dec := newDecoder(rd, order)
+	dec.pos = 1
+
+	msg = new(Message)
+	vs, err := dec.Decode(Signature{"yyyuu"})
+	if err != nil {
+		return nil, err
+	}
+	if err = Store(vs, &typ, &flags, &proto, &length, &msg.serial); err != nil {
+		return nil, err
+	}
+	msg.Type = Type(typ)
+	msg.Flags = Flags(flags)
+
+	// get the header length separately because we need it later
+	b = make([]byte, 4)
+	_, err = io.ReadFull(rd, b)
+	if err != nil {
+		return nil, err
+	}
+	binary.Read(bytes.NewBuffer(b), order, &hlength)
+	if hlength+length+16 > 1<<27 {
+		return nil, InvalidMessageError("message is too long")
+	}
+	dec = newDecoder(io.MultiReader(bytes.NewBuffer(b), rd), order)
+	dec.pos = 12
+	vs, err = dec.Decode(Signature{"a(yv)"})
+	if err != nil {
+		return nil, err
+	}
+	if err = Store(vs, &headers); err != nil {
+		return nil, err
+	}
+
+	msg.Headers = make(map[HeaderField]Variant)
+	for _, v := range headers {
+		msg.Headers[HeaderField(v.Field)] = v.Variant
+	}
+
+	dec.align(8)
+	body := make([]byte, int(length))
+	if length != 0 {
+		_, err := io.ReadFull(rd, body)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if err = msg.IsValid(); err != nil {
+		return nil, err
+	}
+	sig, _ := msg.Headers[FieldSignature].value.(Signature)
+	if sig.str != "" {
+		buf := bytes.NewBuffer(body)
+		dec = newDecoder(buf, order)
+		vs, err := dec.Decode(sig)
+		if err != nil {
+			return nil, err
+		}
+		msg.Body = vs
+	}
+
+	return
+}
+
+// EncodeTo encodes and sends a message to the given writer. The byte order must
+// be either binary.LittleEndian or binary.BigEndian. If the message is not
+// valid or an error occurs when writing, an error is returned.
+func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error {
+	if err := msg.IsValid(); err != nil {
+		return err
+	}
+	var vs [7]interface{}
+	switch order {
+	case binary.LittleEndian:
+		vs[0] = byte('l')
+	case binary.BigEndian:
+		vs[0] = byte('B')
+	default:
+		return errors.New("dbus: invalid byte order")
+	}
+	body := new(bytes.Buffer)
+	enc := newEncoder(body, order)
+	if len(msg.Body) != 0 {
+		enc.Encode(msg.Body...)
+	}
+	vs[1] = msg.Type
+	vs[2] = msg.Flags
+	vs[3] = protoVersion
+	vs[4] = uint32(len(body.Bytes()))
+	vs[5] = msg.serial
+	headers := make([]header, 0, len(msg.Headers))
+	for k, v := range msg.Headers {
+		headers = append(headers, header{byte(k), v})
+	}
+	vs[6] = headers
+	var buf bytes.Buffer
+	enc = newEncoder(&buf, order)
+	enc.Encode(vs[:]...)
+	enc.align(8)
+	body.WriteTo(&buf)
+	if buf.Len() > 1<<27 {
+		return InvalidMessageError("message is too long")
+	}
+	if _, err := buf.WriteTo(out); err != nil {
+		return err
+	}
+	return nil
+}
+
+// IsValid checks whether msg is a valid message and returns an
+// InvalidMessageError if it is not.
+func (msg *Message) IsValid() error {
+	if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected) != 0 {
+		return InvalidMessageError("invalid flags")
+	}
+	if msg.Type == 0 || msg.Type >= typeMax {
+		return InvalidMessageError("invalid message type")
+	}
+	for k, v := range msg.Headers {
+		if k == 0 || k >= fieldMax {
+			return InvalidMessageError("invalid header")
+		}
+		if reflect.TypeOf(v.value) != fieldTypes[k] {
+			return InvalidMessageError("invalid type of header field")
+		}
+	}
+	for _, v := range requiredFields[msg.Type] {
+		if _, ok := msg.Headers[v]; !ok {
+			return InvalidMessageError("missing required header")
+		}
+	}
+	if path, ok := msg.Headers[FieldPath]; ok {
+		if !path.value.(ObjectPath).IsValid() {
+			return InvalidMessageError("invalid path name")
+		}
+	}
+	if iface, ok := msg.Headers[FieldInterface]; ok {
+		if !isValidInterface(iface.value.(string)) {
+			return InvalidMessageError("invalid interface name")
+		}
+	}
+	if member, ok := msg.Headers[FieldMember]; ok {
+		if !isValidMember(member.value.(string)) {
+			return InvalidMessageError("invalid member name")
+		}
+	}
+	if errname, ok := msg.Headers[FieldErrorName]; ok {
+		if !isValidInterface(errname.value.(string)) {
+			return InvalidMessageError("invalid error name")
+		}
+	}
+	if len(msg.Body) != 0 {
+		if _, ok := msg.Headers[FieldSignature]; !ok {
+			return InvalidMessageError("missing signature")
+		}
+	}
+	return nil
+}
+
+// Serial returns the message's serial number. The returned value is only valid
+// for messages received by eavesdropping.
+func (msg *Message) Serial() uint32 {
+	return msg.serial
+}
+
+// String returns a string representation of a message similar to the format of
+// dbus-monitor.
+func (msg *Message) String() string {
+	if err := msg.IsValid(); err != nil {
+		return "<invalid>"
+	}
+	s := msg.Type.String()
+	if v, ok := msg.Headers[FieldSender]; ok {
+		s += " from " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldDestination]; ok {
+		s += " to " + v.value.(string)
+	}
+	s += " serial " + strconv.FormatUint(uint64(msg.serial), 10)
+	if v, ok := msg.Headers[FieldReplySerial]; ok {
+		s += " reply_serial " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
+	}
+	if v, ok := msg.Headers[FieldUnixFDs]; ok {
+		s += " unixfds " + strconv.FormatUint(uint64(v.value.(uint32)), 10)
+	}
+	if v, ok := msg.Headers[FieldPath]; ok {
+		s += " path " + string(v.value.(ObjectPath))
+	}
+	if v, ok := msg.Headers[FieldInterface]; ok {
+		s += " interface " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldErrorName]; ok {
+		s += " error " + v.value.(string)
+	}
+	if v, ok := msg.Headers[FieldMember]; ok {
+		s += " member " + v.value.(string)
+	}
+	if len(msg.Body) != 0 {
+		s += "\n"
+	}
+	for i, v := range msg.Body {
+		s += "  " + MakeVariant(v).String()
+		if i != len(msg.Body)-1 {
+			s += "\n"
+		}
+	}
+	return s
+}
diff --git a/vendor/src/github.com/godbus/dbus/prop/prop.go b/vendor/src/github.com/godbus/dbus/prop/prop.go
new file mode 100644
index 0000000000..ed5bdf2243
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/prop/prop.go
@@ -0,0 +1,264 @@
+// Package prop provides the Properties struct which can be used to implement
+// org.freedesktop.DBus.Properties.
+package prop
+
+import (
+	"github.com/godbus/dbus"
+	"github.com/godbus/dbus/introspect"
+	"sync"
+)
+
+// EmitType controls how org.freedesktop.DBus.Properties.PropertiesChanged is
+// emitted for a property. If it is EmitTrue, the signal is emitted. If it is
+// EmitInvalidates, the signal is also emitted, but the new value of the property
+// is not disclosed.
+type EmitType byte
+
+const (
+	EmitFalse EmitType = iota
+	EmitTrue
+	EmitInvalidates
+)
+
+// ErrIfaceNotFound is the error returned to peers who try to access properties
+// on interfaces that aren't found.
+var ErrIfaceNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InterfaceNotFound", nil}
+
+// ErrPropNotFound is the error returned to peers trying to access properties
+// that aren't found.
+var ErrPropNotFound = &dbus.Error{"org.freedesktop.DBus.Properties.Error.PropertyNotFound", nil}
+
+// ErrReadOnly is the error returned to peers trying to set a read-only
+// property.
+var ErrReadOnly = &dbus.Error{"org.freedesktop.DBus.Properties.Error.ReadOnly", nil}
+
+// ErrInvalidArg is returned to peers if the type of the property that is being
+// changed and the argument don't match.
+var ErrInvalidArg = &dbus.Error{"org.freedesktop.DBus.Properties.Error.InvalidArg", nil}
+
+// The introspection data for the org.freedesktop.DBus.Properties interface.
+var IntrospectData = introspect.Interface{
+	Name: "org.freedesktop.DBus.Properties",
+	Methods: []introspect.Method{
+		{
+			Name: "Get",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"property", "s", "in"},
+				{"value", "v", "out"},
+			},
+		},
+		{
+			Name: "GetAll",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"props", "a{sv}", "out"},
+			},
+		},
+		{
+			Name: "Set",
+			Args: []introspect.Arg{
+				{"interface", "s", "in"},
+				{"property", "s", "in"},
+				{"value", "v", "in"},
+			},
+		},
+	},
+	Signals: []introspect.Signal{
+		{
+			Name: "PropertiesChanged",
+			Args: []introspect.Arg{
+				{"interface", "s", "out"},
+				{"changed_properties", "a{sv}", "out"},
+				{"invalidates_properties", "as", "out"},
+			},
+		},
+	},
+}
+
+// The introspection data for the org.freedesktop.DBus.Properties interface, as
+// a string.
+const IntrospectDataString = `
+	<interface name="org.freedesktop.DBus.Introspectable">
+		<method name="Get">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="property" direction="in" type="s"/>
+			<arg name="value" direction="out" type="v"/>
+		</method>
+		<method name="GetAll">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="props" direction="out" type="a{sv}"/>
+		</method>
+		<method name="Set">
+			<arg name="interface" direction="in" type="s"/>
+			<arg name="property" direction="in" type="s"/>
+			<arg name="value" direction="in" type="v"/>
+		</method>
+		<signal name="PropertiesChanged">
+			<arg name="interface" type="s"/>
+			<arg name="changed_properties" type="a{sv}"/>
+			<arg name="invalidates_properties" type="as"/>
+		</signal>
+	</interface>
+`
+
+// Prop represents a single property. It is used for creating a Properties
+// value.
+type Prop struct {
+	// Initial value. Must be a DBus-representable type.
+	Value interface{}
+
+	// If true, the value can be modified by calls to Set.
+	Writable bool
+
+	// Controls how org.freedesktop.DBus.Properties.PropertiesChanged is
+	// emitted if this property changes.
+	Emit EmitType
+
+	// If not nil, anytime this property is changed by Set, this function is
+	// called with an appropiate Change as its argument. If the returned error
+	// is not nil, it is sent back to the caller of Set and the property is not
+	// changed.
+	Callback func(*Change) *dbus.Error
+}
+
+// Change represents a change of a property by a call to Set.
+type Change struct {
+	Props *Properties
+	Iface string
+	Name  string
+	Value interface{}
+}
+
+// Properties is a set of values that can be made available to the message bus
+// using the org.freedesktop.DBus.Properties interface. It is safe for
+// concurrent use by multiple goroutines.
+type Properties struct {
+	m    map[string]map[string]*Prop
+	mut  sync.RWMutex
+	conn *dbus.Conn
+	path dbus.ObjectPath
+}
+
+// New returns a new Properties structure that manages the given properties.
+// The key for the first-level map of props is the name of the interface; the
+// second-level key is the name of the property. The returned structure will be
+// exported as org.freedesktop.DBus.Properties on path.
+func New(conn *dbus.Conn, path dbus.ObjectPath, props map[string]map[string]*Prop) *Properties {
+	p := &Properties{m: props, conn: conn, path: path}
+	conn.Export(p, path, "org.freedesktop.DBus.Properties")
+	return p
+}
+
+// Get implements org.freedesktop.DBus.Properties.Get.
+func (p *Properties) Get(iface, property string) (dbus.Variant, *dbus.Error) {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return dbus.Variant{}, ErrIfaceNotFound
+	}
+	prop, ok := m[property]
+	if !ok {
+		return dbus.Variant{}, ErrPropNotFound
+	}
+	return dbus.MakeVariant(prop.Value), nil
+}
+
+// GetAll implements org.freedesktop.DBus.Properties.GetAll.
+func (p *Properties) GetAll(iface string) (map[string]dbus.Variant, *dbus.Error) {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return nil, ErrIfaceNotFound
+	}
+	rm := make(map[string]dbus.Variant, len(m))
+	for k, v := range m {
+		rm[k] = dbus.MakeVariant(v.Value)
+	}
+	return rm, nil
+}
+
+// GetMust returns the value of the given property and panics if either the
+// interface or the property name are invalid.
+func (p *Properties) GetMust(iface, property string) interface{} {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	return p.m[iface][property].Value
+}
+
+// Introspection returns the introspection data that represents the properties
+// of iface.
+func (p *Properties) Introspection(iface string) []introspect.Property {
+	p.mut.RLock()
+	defer p.mut.RUnlock()
+	m := p.m[iface]
+	s := make([]introspect.Property, 0, len(m))
+	for k, v := range m {
+		p := introspect.Property{Name: k, Type: dbus.SignatureOf(v.Value).String()}
+		if v.Writable {
+			p.Access = "readwrite"
+		} else {
+			p.Access = "read"
+		}
+		s = append(s, p)
+	}
+	return s
+}
+
+// set sets the given property and emits PropertyChanged if appropiate. p.mut
+// must already be locked.
+func (p *Properties) set(iface, property string, v interface{}) {
+	prop := p.m[iface][property]
+	prop.Value = v
+	switch prop.Emit {
+	case EmitFalse:
+		// do nothing
+	case EmitInvalidates:
+		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
+			iface, map[string]dbus.Variant{}, []string{property})
+	case EmitTrue:
+		p.conn.Emit(p.path, "org.freedesktop.DBus.Properties.PropertiesChanged",
+			iface, map[string]dbus.Variant{property: dbus.MakeVariant(v)},
+			[]string{})
+	default:
+		panic("invalid value for EmitType")
+	}
+}
+
+// Set implements org.freedesktop.Properties.Set.
+func (p *Properties) Set(iface, property string, newv dbus.Variant) *dbus.Error {
+	p.mut.Lock()
+	defer p.mut.Unlock()
+	m, ok := p.m[iface]
+	if !ok {
+		return ErrIfaceNotFound
+	}
+	prop, ok := m[property]
+	if !ok {
+		return ErrPropNotFound
+	}
+	if !prop.Writable {
+		return ErrReadOnly
+	}
+	if newv.Signature() != dbus.SignatureOf(prop.Value) {
+		return ErrInvalidArg
+	}
+	if prop.Callback != nil {
+		err := prop.Callback(&Change{p, iface, property, newv.Value()})
+		if err != nil {
+			return err
+		}
+	}
+	p.set(iface, property, newv.Value())
+	return nil
+}
+
+// SetMust sets the value of the given property and panics if the interface or
+// the property name are invalid.
+func (p *Properties) SetMust(iface, property string, v interface{}) {
+	p.mut.Lock()
+	p.set(iface, property, v)
+	p.mut.Unlock()
+}
diff --git a/vendor/src/github.com/godbus/dbus/proto_test.go b/vendor/src/github.com/godbus/dbus/proto_test.go
new file mode 100644
index 0000000000..608a770d41
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/proto_test.go
@@ -0,0 +1,369 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"io/ioutil"
+	"math"
+	"reflect"
+	"testing"
+)
+
+var protoTests = []struct {
+	vs           []interface{}
+	bigEndian    []byte
+	littleEndian []byte
+}{
+	{
+		[]interface{}{int32(0)},
+		[]byte{0, 0, 0, 0},
+		[]byte{0, 0, 0, 0},
+	},
+	{
+		[]interface{}{true, false},
+		[]byte{0, 0, 0, 1, 0, 0, 0, 0},
+		[]byte{1, 0, 0, 0, 0, 0, 0, 0},
+	},
+	{
+		[]interface{}{byte(0), uint16(12), int16(32), uint32(43)},
+		[]byte{0, 0, 0, 12, 0, 32, 0, 0, 0, 0, 0, 43},
+		[]byte{0, 0, 12, 0, 32, 0, 0, 0, 43, 0, 0, 0},
+	},
+	{
+		[]interface{}{int64(-1), uint64(1<<64 - 1)},
+		bytes.Repeat([]byte{255}, 16),
+		bytes.Repeat([]byte{255}, 16),
+	},
+	{
+		[]interface{}{math.Inf(+1)},
+		[]byte{0x7f, 0xf0, 0, 0, 0, 0, 0, 0},
+		[]byte{0, 0, 0, 0, 0, 0, 0xf0, 0x7f},
+	},
+	{
+		[]interface{}{"foo"},
+		[]byte{0, 0, 0, 3, 'f', 'o', 'o', 0},
+		[]byte{3, 0, 0, 0, 'f', 'o', 'o', 0},
+	},
+	{
+		[]interface{}{Signature{"ai"}},
+		[]byte{2, 'a', 'i', 0},
+		[]byte{2, 'a', 'i', 0},
+	},
+	{
+		[]interface{}{[]int16{42, 256}},
+		[]byte{0, 0, 0, 4, 0, 42, 1, 0},
+		[]byte{4, 0, 0, 0, 42, 0, 0, 1},
+	},
+	{
+		[]interface{}{MakeVariant("foo")},
+		[]byte{1, 's', 0, 0, 0, 0, 0, 3, 'f', 'o', 'o', 0},
+		[]byte{1, 's', 0, 0, 3, 0, 0, 0, 'f', 'o', 'o', 0},
+	},
+	{
+		[]interface{}{MakeVariant(MakeVariant(Signature{"v"}))},
+		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
+		[]byte{1, 'v', 0, 1, 'g', 0, 1, 'v', 0},
+	},
+	{
+		[]interface{}{map[int32]bool{42: true}},
+		[]byte{0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1},
+		[]byte{8, 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, 0, 1, 0, 0, 0},
+	},
+	{
+		[]interface{}{map[string]Variant{}, byte(42)},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+	},
+	{
+		[]interface{}{[]uint64{}, byte(42)},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 42},
+	},
+}
+
+func TestProto(t *testing.T) {
+	for i, v := range protoTests {
+		buf := new(bytes.Buffer)
+		bigEnc := newEncoder(buf, binary.BigEndian)
+		bigEnc.Encode(v.vs...)
+		marshalled := buf.Bytes()
+		if bytes.Compare(marshalled, v.bigEndian) != 0 {
+			t.Errorf("test %d (marshal be): got '%v', but expected '%v'\n", i+1, marshalled,
+				v.bigEndian)
+		}
+		buf.Reset()
+		litEnc := newEncoder(buf, binary.LittleEndian)
+		litEnc.Encode(v.vs...)
+		marshalled = buf.Bytes()
+		if bytes.Compare(marshalled, v.littleEndian) != 0 {
+			t.Errorf("test %d (marshal le): got '%v', but expected '%v'\n", i+1, marshalled,
+				v.littleEndian)
+		}
+		unmarshalled := reflect.MakeSlice(reflect.TypeOf(v.vs),
+			0, 0)
+		for i := range v.vs {
+			unmarshalled = reflect.Append(unmarshalled,
+				reflect.New(reflect.TypeOf(v.vs[i])))
+		}
+		bigDec := newDecoder(bytes.NewReader(v.bigEndian), binary.BigEndian)
+		vs, err := bigDec.Decode(SignatureOf(v.vs...))
+		if err != nil {
+			t.Errorf("test %d (unmarshal be): %s\n", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(vs, v.vs) {
+			t.Errorf("test %d (unmarshal be): got %#v, but expected %#v\n", i+1, vs, v.vs)
+		}
+		litDec := newDecoder(bytes.NewReader(v.littleEndian), binary.LittleEndian)
+		vs, err = litDec.Decode(SignatureOf(v.vs...))
+		if err != nil {
+			t.Errorf("test %d (unmarshal le): %s\n", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(vs, v.vs) {
+			t.Errorf("test %d (unmarshal le): got %#v, but expected %#v\n", i+1, vs, v.vs)
+		}
+
+	}
+}
+
+func TestProtoMap(t *testing.T) {
+	m := map[string]uint8{
+		"foo": 23,
+		"bar": 2,
+	}
+	var n map[string]uint8
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(m)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"a{sy}"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &n); err != nil {
+		t.Fatal(err)
+	}
+	if len(n) != 2 || n["foo"] != 23 || n["bar"] != 2 {
+		t.Error("got", n)
+	}
+}
+
+func TestProtoVariantStruct(t *testing.T) {
+	var variant Variant
+	v := MakeVariant(struct {
+		A int32
+		B int16
+	}{1, 2})
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(v)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"v"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &variant); err != nil {
+		t.Fatal(err)
+	}
+	sl := variant.Value().([]interface{})
+	v1, v2 := sl[0].(int32), sl[1].(int16)
+	if v1 != int32(1) {
+		t.Error("got", v1, "as first int")
+	}
+	if v2 != int16(2) {
+		t.Error("got", v2, "as second int")
+	}
+}
+
+func TestProtoStructTag(t *testing.T) {
+	type Bar struct {
+		A int32
+		B chan interface{} `dbus:"-"`
+		C int32
+	}
+	var bar1, bar2 Bar
+	bar1.A = 234
+	bar2.C = 345
+	buf := new(bytes.Buffer)
+	enc := newEncoder(buf, binary.LittleEndian)
+	enc.Encode(bar1)
+	dec := newDecoder(buf, binary.LittleEndian)
+	vs, err := dec.Decode(Signature{"(ii)"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err = Store(vs, &bar2); err != nil {
+		t.Fatal(err)
+	}
+	if bar1 != bar2 {
+		t.Error("struct tag test: got", bar2)
+	}
+}
+
+func TestProtoStoreStruct(t *testing.T) {
+	var foo struct {
+		A int32
+		B string
+		c chan interface{}
+		D interface{} `dbus:"-"`
+	}
+	src := []interface{}{[]interface{}{int32(42), "foo"}}
+	err := Store(src, &foo)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestProtoStoreNestedStruct(t *testing.T) {
+	var foo struct {
+		A int32
+		B struct {
+			C string
+			D float64
+		}
+	}
+	src := []interface{}{
+		[]interface{}{
+			int32(42),
+			[]interface{}{
+				"foo",
+				3.14,
+			},
+		},
+	}
+	err := Store(src, &foo)
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMessage(t *testing.T) {
+	buf := new(bytes.Buffer)
+	message := new(Message)
+	message.Type = TypeMethodCall
+	message.serial = 32
+	message.Headers = map[HeaderField]Variant{
+		FieldPath:   MakeVariant(ObjectPath("/org/foo/bar")),
+		FieldMember: MakeVariant("baz"),
+	}
+	message.Body = make([]interface{}, 0)
+	err := message.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		t.Error(err)
+	}
+	_, err = DecodeMessage(buf)
+	if err != nil {
+		t.Error(err)
+	}
+}
+
+func TestProtoStructInterfaces(t *testing.T) {
+	b := []byte{42}
+	vs, err := newDecoder(bytes.NewReader(b), binary.LittleEndian).Decode(Signature{"(y)"})
+	if err != nil {
+		t.Fatal(err)
+	}
+	if vs[0].([]interface{})[0].(byte) != 42 {
+		t.Errorf("wrongs results (got %v)", vs)
+	}
+}
+
+// ordinary org.freedesktop.DBus.Hello call
+var smallMessage = &Message{
+	Type:   TypeMethodCall,
+	serial: 1,
+	Headers: map[HeaderField]Variant{
+		FieldDestination: MakeVariant("org.freedesktop.DBus"),
+		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/DBus")),
+		FieldInterface:   MakeVariant("org.freedesktop.DBus"),
+		FieldMember:      MakeVariant("Hello"),
+	},
+}
+
+// org.freedesktop.Notifications.Notify
+var bigMessage = &Message{
+	Type:   TypeMethodCall,
+	serial: 2,
+	Headers: map[HeaderField]Variant{
+		FieldDestination: MakeVariant("org.freedesktop.Notifications"),
+		FieldPath:        MakeVariant(ObjectPath("/org/freedesktop/Notifications")),
+		FieldInterface:   MakeVariant("org.freedesktop.Notifications"),
+		FieldMember:      MakeVariant("Notify"),
+		FieldSignature:   MakeVariant(Signature{"susssasa{sv}i"}),
+	},
+	Body: []interface{}{
+		"app_name",
+		uint32(0),
+		"dialog-information",
+		"Notification",
+		"This is the body of a notification",
+		[]string{"ok", "Ok"},
+		map[string]Variant{
+			"sound-name": MakeVariant("dialog-information"),
+		},
+		int32(-1),
+	},
+}
+
+func BenchmarkDecodeMessageSmall(b *testing.B) {
+	var err error
+	var rd *bytes.Reader
+
+	b.StopTimer()
+	buf := new(bytes.Buffer)
+	err = smallMessage.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		b.Fatal(err)
+	}
+	decoded := buf.Bytes()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		rd = bytes.NewReader(decoded)
+		_, err = DecodeMessage(rd)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkDecodeMessageBig(b *testing.B) {
+	var err error
+	var rd *bytes.Reader
+
+	b.StopTimer()
+	buf := new(bytes.Buffer)
+	err = bigMessage.EncodeTo(buf, binary.LittleEndian)
+	if err != nil {
+		b.Fatal(err)
+	}
+	decoded := buf.Bytes()
+	b.StartTimer()
+	for i := 0; i < b.N; i++ {
+		rd = bytes.NewReader(decoded)
+		_, err = DecodeMessage(rd)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkEncodeMessageSmall(b *testing.B) {
+	var err error
+	for i := 0; i < b.N; i++ {
+		err = smallMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
+
+func BenchmarkEncodeMessageBig(b *testing.B) {
+	var err error
+	for i := 0; i < b.N; i++ {
+		err = bigMessage.EncodeTo(ioutil.Discard, binary.LittleEndian)
+		if err != nil {
+			b.Fatal(err)
+		}
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/sig.go b/vendor/src/github.com/godbus/dbus/sig.go
new file mode 100644
index 0000000000..f45b53ce1b
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/sig.go
@@ -0,0 +1,257 @@
+package dbus
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+)
+
+var sigToType = map[byte]reflect.Type{
+	'y': byteType,
+	'b': boolType,
+	'n': int16Type,
+	'q': uint16Type,
+	'i': int32Type,
+	'u': uint32Type,
+	'x': int64Type,
+	't': uint64Type,
+	'd': float64Type,
+	's': stringType,
+	'g': signatureType,
+	'o': objectPathType,
+	'v': variantType,
+	'h': unixFDIndexType,
+}
+
+// Signature represents a correct type signature as specified by the D-Bus
+// specification. The zero value represents the empty signature, "".
+type Signature struct {
+	str string
+}
+
+// SignatureOf returns the concatenation of all the signatures of the given
+// values. It panics if one of them is not representable in D-Bus.
+func SignatureOf(vs ...interface{}) Signature {
+	var s string
+	for _, v := range vs {
+		s += getSignature(reflect.TypeOf(v))
+	}
+	return Signature{s}
+}
+
+// SignatureOfType returns the signature of the given type. It panics if the
+// type is not representable in D-Bus.
+func SignatureOfType(t reflect.Type) Signature {
+	return Signature{getSignature(t)}
+}
+
+// getSignature returns the signature of the given type and panics on unknown types.
+func getSignature(t reflect.Type) string {
+	// handle simple types first
+	switch t.Kind() {
+	case reflect.Uint8:
+		return "y"
+	case reflect.Bool:
+		return "b"
+	case reflect.Int16:
+		return "n"
+	case reflect.Uint16:
+		return "q"
+	case reflect.Int32:
+		if t == unixFDType {
+			return "h"
+		}
+		return "i"
+	case reflect.Uint32:
+		if t == unixFDIndexType {
+			return "h"
+		}
+		return "u"
+	case reflect.Int64:
+		return "x"
+	case reflect.Uint64:
+		return "t"
+	case reflect.Float64:
+		return "d"
+	case reflect.Ptr:
+		return getSignature(t.Elem())
+	case reflect.String:
+		if t == objectPathType {
+			return "o"
+		}
+		return "s"
+	case reflect.Struct:
+		if t == variantType {
+			return "v"
+		} else if t == signatureType {
+			return "g"
+		}
+		var s string
+		for i := 0; i < t.NumField(); i++ {
+			field := t.Field(i)
+			if field.PkgPath == "" && field.Tag.Get("dbus") != "-" {
+				s += getSignature(t.Field(i).Type)
+			}
+		}
+		return "(" + s + ")"
+	case reflect.Array, reflect.Slice:
+		return "a" + getSignature(t.Elem())
+	case reflect.Map:
+		if !isKeyType(t.Key()) {
+			panic(InvalidTypeError{t})
+		}
+		return "a{" + getSignature(t.Key()) + getSignature(t.Elem()) + "}"
+	}
+	panic(InvalidTypeError{t})
+}
+
+// ParseSignature returns the signature represented by this string, or a
+// SignatureError if the string is not a valid signature.
+func ParseSignature(s string) (sig Signature, err error) {
+	if len(s) == 0 {
+		return
+	}
+	if len(s) > 255 {
+		return Signature{""}, SignatureError{s, "too long"}
+	}
+	sig.str = s
+	for err == nil && len(s) != 0 {
+		err, s = validSingle(s, 0)
+	}
+	if err != nil {
+		sig = Signature{""}
+	}
+
+	return
+}
+
+// ParseSignatureMust behaves like ParseSignature, except that it panics if s
+// is not valid.
+func ParseSignatureMust(s string) Signature {
+	sig, err := ParseSignature(s)
+	if err != nil {
+		panic(err)
+	}
+	return sig
+}
+
+// Empty retruns whether the signature is the empty signature.
+func (s Signature) Empty() bool {
+	return s.str == ""
+}
+
+// Single returns whether the signature represents a single, complete type.
+func (s Signature) Single() bool {
+	err, r := validSingle(s.str, 0)
+	return err != nil && r == ""
+}
+
+// String returns the signature's string representation.
+func (s Signature) String() string {
+	return s.str
+}
+
+// A SignatureError indicates that a signature passed to a function or received
+// on a connection is not a valid signature.
+type SignatureError struct {
+	Sig    string
+	Reason string
+}
+
+func (e SignatureError) Error() string {
+	return fmt.Sprintf("dbus: invalid signature: %q (%s)", e.Sig, e.Reason)
+}
+
+// Try to read a single type from this string. If it was successfull, err is nil
+// and rem is the remaining unparsed part. Otherwise, err is a non-nil
+// SignatureError and rem is "". depth is the current recursion depth which may
+// not be greater than 64 and should be given as 0 on the first call.
+func validSingle(s string, depth int) (err error, rem string) {
+	if s == "" {
+		return SignatureError{Sig: s, Reason: "empty signature"}, ""
+	}
+	if depth > 64 {
+		return SignatureError{Sig: s, Reason: "container nesting too deep"}, ""
+	}
+	switch s[0] {
+	case 'y', 'b', 'n', 'q', 'i', 'u', 'x', 't', 'd', 's', 'g', 'o', 'v', 'h':
+		return nil, s[1:]
+	case 'a':
+		if len(s) > 1 && s[1] == '{' {
+			i := findMatching(s[1:], '{', '}')
+			if i == -1 {
+				return SignatureError{Sig: s, Reason: "unmatched '{'"}, ""
+			}
+			i++
+			rem = s[i+1:]
+			s = s[2:i]
+			if err, _ = validSingle(s[:1], depth+1); err != nil {
+				return err, ""
+			}
+			err, nr := validSingle(s[1:], depth+1)
+			if err != nil {
+				return err, ""
+			}
+			if nr != "" {
+				return SignatureError{Sig: s, Reason: "too many types in dict"}, ""
+			}
+			return nil, rem
+		}
+		return validSingle(s[1:], depth+1)
+	case '(':
+		i := findMatching(s, '(', ')')
+		if i == -1 {
+			return SignatureError{Sig: s, Reason: "unmatched ')'"}, ""
+		}
+		rem = s[i+1:]
+		s = s[1:i]
+		for err == nil && s != "" {
+			err, s = validSingle(s, depth+1)
+		}
+		if err != nil {
+			rem = ""
+		}
+		return
+	}
+	return SignatureError{Sig: s, Reason: "invalid type character"}, ""
+}
+
+func findMatching(s string, left, right rune) int {
+	n := 0
+	for i, v := range s {
+		if v == left {
+			n++
+		} else if v == right {
+			n--
+		}
+		if n == 0 {
+			return i
+		}
+	}
+	return -1
+}
+
+// typeFor returns the type of the given signature. It ignores any left over
+// characters and panics if s doesn't start with a valid type signature.
+func typeFor(s string) (t reflect.Type) {
+	err, _ := validSingle(s, 0)
+	if err != nil {
+		panic(err)
+	}
+
+	if t, ok := sigToType[s[0]]; ok {
+		return t
+	}
+	switch s[0] {
+	case 'a':
+		if s[1] == '{' {
+			i := strings.LastIndex(s, "}")
+			t = reflect.MapOf(sigToType[s[2]], typeFor(s[3:i]))
+		} else {
+			t = reflect.SliceOf(typeFor(s[1:]))
+		}
+	case '(':
+		t = interfacesType
+	}
+	return
+}
diff --git a/vendor/src/github.com/godbus/dbus/sig_test.go b/vendor/src/github.com/godbus/dbus/sig_test.go
new file mode 100644
index 0000000000..da37bc968e
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/sig_test.go
@@ -0,0 +1,70 @@
+package dbus
+
+import (
+	"testing"
+)
+
+var sigTests = []struct {
+	vs  []interface{}
+	sig Signature
+}{
+	{
+		[]interface{}{new(int32)},
+		Signature{"i"},
+	},
+	{
+		[]interface{}{new(string)},
+		Signature{"s"},
+	},
+	{
+		[]interface{}{new(Signature)},
+		Signature{"g"},
+	},
+	{
+		[]interface{}{new([]int16)},
+		Signature{"an"},
+	},
+	{
+		[]interface{}{new(int16), new(uint32)},
+		Signature{"nu"},
+	},
+	{
+		[]interface{}{new(map[byte]Variant)},
+		Signature{"a{yv}"},
+	},
+	{
+		[]interface{}{new(Variant), new([]map[int32]string)},
+		Signature{"vaa{is}"},
+	},
+}
+
+func TestSig(t *testing.T) {
+	for i, v := range sigTests {
+		sig := SignatureOf(v.vs...)
+		if sig != v.sig {
+			t.Errorf("test %d: got %q, expected %q", i+1, sig.str, v.sig.str)
+		}
+	}
+}
+
+var getSigTest = []interface{}{
+	[]struct {
+		b byte
+		i int32
+		t uint64
+		s string
+	}{},
+	map[string]Variant{},
+}
+
+func BenchmarkGetSignatureSimple(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		SignatureOf("", int32(0))
+	}
+}
+
+func BenchmarkGetSignatureLong(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		SignatureOf(getSigTest...)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/transport_darwin.go b/vendor/src/github.com/godbus/dbus/transport_darwin.go
new file mode 100644
index 0000000000..1bba0d6bf7
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/transport_darwin.go
@@ -0,0 +1,6 @@
+package dbus
+
+func (t *unixTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
diff --git a/vendor/src/github.com/godbus/dbus/transport_generic.go b/vendor/src/github.com/godbus/dbus/transport_generic.go
new file mode 100644
index 0000000000..46f8f49d69
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/transport_generic.go
@@ -0,0 +1,35 @@
+package dbus
+
+import (
+	"encoding/binary"
+	"errors"
+	"io"
+)
+
+type genericTransport struct {
+	io.ReadWriteCloser
+}
+
+func (t genericTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}
+
+func (t genericTransport) SupportsUnixFDs() bool {
+	return false
+}
+
+func (t genericTransport) EnableUnixFDs() {}
+
+func (t genericTransport) ReadMessage() (*Message, error) {
+	return DecodeMessage(t)
+}
+
+func (t genericTransport) SendMessage(msg *Message) error {
+	for _, v := range msg.Body {
+		if _, ok := v.(UnixFD); ok {
+			return errors.New("dbus: unix fd passing not enabled")
+		}
+	}
+	return msg.EncodeTo(t, binary.LittleEndian)
+}
diff --git a/vendor/src/github.com/godbus/dbus/transport_unix.go b/vendor/src/github.com/godbus/dbus/transport_unix.go
new file mode 100644
index 0000000000..d16229be40
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/transport_unix.go
@@ -0,0 +1,190 @@
+package dbus
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"io"
+	"net"
+	"syscall"
+)
+
+type oobReader struct {
+	conn *net.UnixConn
+	oob  []byte
+	buf  [4096]byte
+}
+
+func (o *oobReader) Read(b []byte) (n int, err error) {
+	n, oobn, flags, _, err := o.conn.ReadMsgUnix(b, o.buf[:])
+	if err != nil {
+		return n, err
+	}
+	if flags&syscall.MSG_CTRUNC != 0 {
+		return n, errors.New("dbus: control data truncated (too many fds received)")
+	}
+	o.oob = append(o.oob, o.buf[:oobn]...)
+	return n, nil
+}
+
+type unixTransport struct {
+	*net.UnixConn
+	hasUnixFDs bool
+}
+
+func newUnixTransport(keys string) (transport, error) {
+	var err error
+
+	t := new(unixTransport)
+	abstract := getKey(keys, "abstract")
+	path := getKey(keys, "path")
+	switch {
+	case abstract == "" && path == "":
+		return nil, errors.New("dbus: invalid address (neither path nor abstract set)")
+	case abstract != "" && path == "":
+		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: "@" + abstract, Net: "unix"})
+		if err != nil {
+			return nil, err
+		}
+		return t, nil
+	case abstract == "" && path != "":
+		t.UnixConn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: path, Net: "unix"})
+		if err != nil {
+			return nil, err
+		}
+		return t, nil
+	default:
+		return nil, errors.New("dbus: invalid address (both path and abstract set)")
+	}
+}
+
+func (t *unixTransport) EnableUnixFDs() {
+	t.hasUnixFDs = true
+}
+
+func (t *unixTransport) ReadMessage() (*Message, error) {
+	var (
+		blen, hlen uint32
+		csheader   [16]byte
+		headers    []header
+		order      binary.ByteOrder
+		unixfds    uint32
+	)
+	// To be sure that all bytes of out-of-band data are read, we use a special
+	// reader that uses ReadUnix on the underlying connection instead of Read
+	// and gathers the out-of-band data in a buffer.
+	rd := &oobReader{conn: t.UnixConn}
+	// read the first 16 bytes (the part of the header that has a constant size),
+	// from which we can figure out the length of the rest of the message
+	if _, err := io.ReadFull(rd, csheader[:]); err != nil {
+		return nil, err
+	}
+	switch csheader[0] {
+	case 'l':
+		order = binary.LittleEndian
+	case 'B':
+		order = binary.BigEndian
+	default:
+		return nil, InvalidMessageError("invalid byte order")
+	}
+	// csheader[4:8] -> length of message body, csheader[12:16] -> length of
+	// header fields (without alignment)
+	binary.Read(bytes.NewBuffer(csheader[4:8]), order, &blen)
+	binary.Read(bytes.NewBuffer(csheader[12:]), order, &hlen)
+	if hlen%8 != 0 {
+		hlen += 8 - (hlen % 8)
+	}
+
+	// decode headers and look for unix fds
+	headerdata := make([]byte, hlen+4)
+	copy(headerdata, csheader[12:])
+	if _, err := io.ReadFull(t, headerdata[4:]); err != nil {
+		return nil, err
+	}
+	dec := newDecoder(bytes.NewBuffer(headerdata), order)
+	dec.pos = 12
+	vs, err := dec.Decode(Signature{"a(yv)"})
+	if err != nil {
+		return nil, err
+	}
+	Store(vs, &headers)
+	for _, v := range headers {
+		if v.Field == byte(FieldUnixFDs) {
+			unixfds, _ = v.Variant.value.(uint32)
+		}
+	}
+	all := make([]byte, 16+hlen+blen)
+	copy(all, csheader[:])
+	copy(all[16:], headerdata[4:])
+	if _, err := io.ReadFull(rd, all[16+hlen:]); err != nil {
+		return nil, err
+	}
+	if unixfds != 0 {
+		if !t.hasUnixFDs {
+			return nil, errors.New("dbus: got unix fds on unsupported transport")
+		}
+		// read the fds from the OOB data
+		scms, err := syscall.ParseSocketControlMessage(rd.oob)
+		if err != nil {
+			return nil, err
+		}
+		if len(scms) != 1 {
+			return nil, errors.New("dbus: received more than one socket control message")
+		}
+		fds, err := syscall.ParseUnixRights(&scms[0])
+		if err != nil {
+			return nil, err
+		}
+		msg, err := DecodeMessage(bytes.NewBuffer(all))
+		if err != nil {
+			return nil, err
+		}
+		// substitute the values in the message body (which are indices for the
+		// array receiver via OOB) with the actual values
+		for i, v := range msg.Body {
+			if j, ok := v.(UnixFDIndex); ok {
+				if uint32(j) >= unixfds {
+					return nil, InvalidMessageError("invalid index for unix fd")
+				}
+				msg.Body[i] = UnixFD(fds[j])
+			}
+		}
+		return msg, nil
+	}
+	return DecodeMessage(bytes.NewBuffer(all))
+}
+
+func (t *unixTransport) SendMessage(msg *Message) error {
+	fds := make([]int, 0)
+	for i, v := range msg.Body {
+		if fd, ok := v.(UnixFD); ok {
+			msg.Body[i] = UnixFDIndex(len(fds))
+			fds = append(fds, int(fd))
+		}
+	}
+	if len(fds) != 0 {
+		if !t.hasUnixFDs {
+			return errors.New("dbus: unix fd passing not enabled")
+		}
+		msg.Headers[FieldUnixFDs] = MakeVariant(uint32(len(fds)))
+		oob := syscall.UnixRights(fds...)
+		buf := new(bytes.Buffer)
+		msg.EncodeTo(buf, binary.LittleEndian)
+		n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil)
+		if err != nil {
+			return err
+		}
+		if n != buf.Len() || oobn != len(oob) {
+			return io.ErrShortWrite
+		}
+	} else {
+		if err := msg.EncodeTo(t, binary.LittleEndian); err != nil {
+			return nil
+		}
+	}
+	return nil
+}
+
+func (t *unixTransport) SupportsUnixFDs() bool {
+	return true
+}
diff --git a/vendor/src/github.com/godbus/dbus/transport_unix_test.go b/vendor/src/github.com/godbus/dbus/transport_unix_test.go
new file mode 100644
index 0000000000..302233fc65
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/transport_unix_test.go
@@ -0,0 +1,49 @@
+package dbus
+
+import (
+	"os"
+	"testing"
+)
+
+const testString = `This is a test!
+This text should be read from the file that is created by this test.`
+
+type unixFDTest struct{}
+
+func (t unixFDTest) Test(fd UnixFD) (string, *Error) {
+	var b [4096]byte
+	file := os.NewFile(uintptr(fd), "testfile")
+	defer file.Close()
+	n, err := file.Read(b[:])
+	if err != nil {
+		return "", &Error{"com.github.guelfey.test.Error", nil}
+	}
+	return string(b[:n]), nil
+}
+
+func TestUnixFDs(t *testing.T) {
+	conn, err := SessionBus()
+	if err != nil {
+		t.Fatal(err)
+	}
+	r, w, err := os.Pipe()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer w.Close()
+	if _, err := w.Write([]byte(testString)); err != nil {
+		t.Fatal(err)
+	}
+	name := conn.Names()[0]
+	test := unixFDTest{}
+	conn.Export(test, "/com/github/guelfey/test", "com.github.guelfey.test")
+	var s string
+	obj := conn.Object(name, "/com/github/guelfey/test")
+	err = obj.Call("com.github.guelfey.test.Test", 0, UnixFD(r.Fd())).Store(&s)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s != testString {
+		t.Fatal("got", s, "wanted", testString)
+	}
+}
diff --git a/vendor/src/github.com/godbus/dbus/transport_unixcred.go b/vendor/src/github.com/godbus/dbus/transport_unixcred.go
new file mode 100644
index 0000000000..42a0e769ef
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/transport_unixcred.go
@@ -0,0 +1,22 @@
+// +build !darwin
+
+package dbus
+
+import (
+	"io"
+	"os"
+	"syscall"
+)
+
+func (t *unixTransport) SendNullByte() error {
+	ucred := &syscall.Ucred{Pid: int32(os.Getpid()), Uid: uint32(os.Getuid()), Gid: uint32(os.Getgid())}
+	b := syscall.UnixCredentials(ucred)
+	_, oobn, err := t.UnixConn.WriteMsgUnix([]byte{0}, b, nil)
+	if err != nil {
+		return err
+	}
+	if oobn != len(b) {
+		return io.ErrShortWrite
+	}
+	return nil
+}
diff --git a/vendor/src/github.com/godbus/dbus/variant.go b/vendor/src/github.com/godbus/dbus/variant.go
new file mode 100644
index 0000000000..b1b53ceb47
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/variant.go
@@ -0,0 +1,129 @@
+package dbus
+
+import (
+	"bytes"
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+// Variant represents the D-Bus variant type.
+type Variant struct {
+	sig   Signature
+	value interface{}
+}
+
+// MakeVariant converts the given value to a Variant. It panics if v cannot be
+// represented as a D-Bus type.
+func MakeVariant(v interface{}) Variant {
+	return Variant{SignatureOf(v), v}
+}
+
+// ParseVariant parses the given string as a variant as described at
+// https://developer.gnome.org/glib/unstable/gvariant-text.html. If sig is not
+// empty, it is taken to be the expected signature for the variant.
+func ParseVariant(s string, sig Signature) (Variant, error) {
+	tokens := varLex(s)
+	p := &varParser{tokens: tokens}
+	n, err := varMakeNode(p)
+	if err != nil {
+		return Variant{}, err
+	}
+	if sig.str == "" {
+		sig, err = varInfer(n)
+		if err != nil {
+			return Variant{}, err
+		}
+	}
+	v, err := n.Value(sig)
+	if err != nil {
+		return Variant{}, err
+	}
+	return MakeVariant(v), nil
+}
+
+// format returns a formatted version of v and whether this string can be parsed
+// unambigously.
+func (v Variant) format() (string, bool) {
+	switch v.sig.str[0] {
+	case 'b', 'i':
+		return fmt.Sprint(v.value), true
+	case 'n', 'q', 'u', 'x', 't', 'd', 'h':
+		return fmt.Sprint(v.value), false
+	case 's':
+		return strconv.Quote(v.value.(string)), true
+	case 'o':
+		return strconv.Quote(string(v.value.(ObjectPath))), false
+	case 'g':
+		return strconv.Quote(v.value.(Signature).str), false
+	case 'v':
+		s, unamb := v.value.(Variant).format()
+		if !unamb {
+			return "<@" + v.value.(Variant).sig.str + " " + s + ">", true
+		}
+		return "<" + s + ">", true
+	case 'y':
+		return fmt.Sprintf("%#x", v.value.(byte)), false
+	}
+	rv := reflect.ValueOf(v.value)
+	switch rv.Kind() {
+	case reflect.Slice:
+		if rv.Len() == 0 {
+			return "[]", false
+		}
+		unamb := true
+		buf := bytes.NewBuffer([]byte("["))
+		for i := 0; i < rv.Len(); i++ {
+			// TODO: slooow
+			s, b := MakeVariant(rv.Index(i).Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			if i != rv.Len()-1 {
+				buf.WriteString(", ")
+			}
+		}
+		buf.WriteByte(']')
+		return buf.String(), unamb
+	case reflect.Map:
+		if rv.Len() == 0 {
+			return "{}", false
+		}
+		unamb := true
+		buf := bytes.NewBuffer([]byte("{"))
+		for i, k := range rv.MapKeys() {
+			s, b := MakeVariant(k.Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			buf.WriteString(": ")
+			s, b = MakeVariant(rv.MapIndex(k).Interface()).format()
+			unamb = unamb && b
+			buf.WriteString(s)
+			if i != rv.Len()-1 {
+				buf.WriteString(", ")
+			}
+		}
+		buf.WriteByte('}')
+		return buf.String(), unamb
+	}
+	return `"INVALID"`, true
+}
+
+// Signature returns the D-Bus signature of the underlying value of v.
+func (v Variant) Signature() Signature {
+	return v.sig
+}
+
+// String returns the string representation of the underlying value of v as
+// described at https://developer.gnome.org/glib/unstable/gvariant-text.html.
+func (v Variant) String() string {
+	s, unamb := v.format()
+	if !unamb {
+		return "@" + v.sig.str + " " + s
+	}
+	return s
+}
+
+// Value returns the underlying value of v.
+func (v Variant) Value() interface{} {
+	return v.value
+}
diff --git a/vendor/src/github.com/godbus/dbus/variant_lexer.go b/vendor/src/github.com/godbus/dbus/variant_lexer.go
new file mode 100644
index 0000000000..332007d6f1
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/variant_lexer.go
@@ -0,0 +1,284 @@
+package dbus
+
+import (
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Heavily inspired by the lexer from text/template.
+
+type varToken struct {
+	typ varTokenType
+	val string
+}
+
+type varTokenType byte
+
+const (
+	tokEOF varTokenType = iota
+	tokError
+	tokNumber
+	tokString
+	tokBool
+	tokArrayStart
+	tokArrayEnd
+	tokDictStart
+	tokDictEnd
+	tokVariantStart
+	tokVariantEnd
+	tokComma
+	tokColon
+	tokType
+	tokByteString
+)
+
+type varLexer struct {
+	input  string
+	start  int
+	pos    int
+	width  int
+	tokens []varToken
+}
+
+type lexState func(*varLexer) lexState
+
+func varLex(s string) []varToken {
+	l := &varLexer{input: s}
+	l.run()
+	return l.tokens
+}
+
+func (l *varLexer) accept(valid string) bool {
+	if strings.IndexRune(valid, l.next()) >= 0 {
+		return true
+	}
+	l.backup()
+	return false
+}
+
+func (l *varLexer) backup() {
+	l.pos -= l.width
+}
+
+func (l *varLexer) emit(t varTokenType) {
+	l.tokens = append(l.tokens, varToken{t, l.input[l.start:l.pos]})
+	l.start = l.pos
+}
+
+func (l *varLexer) errorf(format string, v ...interface{}) lexState {
+	l.tokens = append(l.tokens, varToken{
+		tokError,
+		fmt.Sprintf(format, v...),
+	})
+	return nil
+}
+
+func (l *varLexer) ignore() {
+	l.start = l.pos
+}
+
+func (l *varLexer) next() rune {
+	var r rune
+
+	if l.pos >= len(l.input) {
+		l.width = 0
+		return -1
+	}
+	r, l.width = utf8.DecodeRuneInString(l.input[l.pos:])
+	l.pos += l.width
+	return r
+}
+
+func (l *varLexer) run() {
+	for state := varLexNormal; state != nil; {
+		state = state(l)
+	}
+}
+
+func (l *varLexer) peek() rune {
+	r := l.next()
+	l.backup()
+	return r
+}
+
+func varLexNormal(l *varLexer) lexState {
+	for {
+		r := l.next()
+		switch {
+		case r == -1:
+			l.emit(tokEOF)
+			return nil
+		case r == '[':
+			l.emit(tokArrayStart)
+		case r == ']':
+			l.emit(tokArrayEnd)
+		case r == '{':
+			l.emit(tokDictStart)
+		case r == '}':
+			l.emit(tokDictEnd)
+		case r == '<':
+			l.emit(tokVariantStart)
+		case r == '>':
+			l.emit(tokVariantEnd)
+		case r == ':':
+			l.emit(tokColon)
+		case r == ',':
+			l.emit(tokComma)
+		case r == '\'' || r == '"':
+			l.backup()
+			return varLexString
+		case r == '@':
+			l.backup()
+			return varLexType
+		case unicode.IsSpace(r):
+			l.ignore()
+		case unicode.IsNumber(r) || r == '+' || r == '-':
+			l.backup()
+			return varLexNumber
+		case r == 'b':
+			pos := l.start
+			if n := l.peek(); n == '"' || n == '\'' {
+				return varLexByteString
+			}
+			// not a byte string; try to parse it as a type or bool below
+			l.pos = pos + 1
+			l.width = 1
+			fallthrough
+		default:
+			// either a bool or a type. Try bools first.
+			l.backup()
+			if l.pos+4 <= len(l.input) {
+				if l.input[l.pos:l.pos+4] == "true" {
+					l.pos += 4
+					l.emit(tokBool)
+					continue
+				}
+			}
+			if l.pos+5 <= len(l.input) {
+				if l.input[l.pos:l.pos+5] == "false" {
+					l.pos += 5
+					l.emit(tokBool)
+					continue
+				}
+			}
+			// must be a type.
+			return varLexType
+		}
+	}
+}
+
+var varTypeMap = map[string]string{
+	"boolean":    "b",
+	"byte":       "y",
+	"int16":      "n",
+	"uint16":     "q",
+	"int32":      "i",
+	"uint32":     "u",
+	"int64":      "x",
+	"uint64":     "t",
+	"double":     "f",
+	"string":     "s",
+	"objectpath": "o",
+	"signature":  "g",
+}
+
+func varLexByteString(l *varLexer) lexState {
+	q := l.next()
+Loop:
+	for {
+		switch l.next() {
+		case '\\':
+			if r := l.next(); r != -1 {
+				break
+			}
+			fallthrough
+		case -1:
+			return l.errorf("unterminated bytestring")
+		case q:
+			break Loop
+		}
+	}
+	l.emit(tokByteString)
+	return varLexNormal
+}
+
+func varLexNumber(l *varLexer) lexState {
+	l.accept("+-")
+	digits := "0123456789"
+	if l.accept("0") {
+		if l.accept("x") {
+			digits = "0123456789abcdefABCDEF"
+		} else {
+			digits = "01234567"
+		}
+	}
+	for strings.IndexRune(digits, l.next()) >= 0 {
+	}
+	l.backup()
+	if l.accept(".") {
+		for strings.IndexRune(digits, l.next()) >= 0 {
+		}
+		l.backup()
+	}
+	if l.accept("eE") {
+		l.accept("+-")
+		for strings.IndexRune("0123456789", l.next()) >= 0 {
+		}
+		l.backup()
+	}
+	if r := l.peek(); unicode.IsLetter(r) {
+		l.next()
+		return l.errorf("bad number syntax: %q", l.input[l.start:l.pos])
+	}
+	l.emit(tokNumber)
+	return varLexNormal
+}
+
+func varLexString(l *varLexer) lexState {
+	q := l.next()
+Loop:
+	for {
+		switch l.next() {
+		case '\\':
+			if r := l.next(); r != -1 {
+				break
+			}
+			fallthrough
+		case -1:
+			return l.errorf("unterminated string")
+		case q:
+			break Loop
+		}
+	}
+	l.emit(tokString)
+	return varLexNormal
+}
+
+func varLexType(l *varLexer) lexState {
+	at := l.accept("@")
+	for {
+		r := l.next()
+		if r == -1 {
+			break
+		}
+		if unicode.IsSpace(r) {
+			l.backup()
+			break
+		}
+	}
+	if at {
+		if _, err := ParseSignature(l.input[l.start+1 : l.pos]); err != nil {
+			return l.errorf("%s", err)
+		}
+	} else {
+		if _, ok := varTypeMap[l.input[l.start:l.pos]]; ok {
+			l.emit(tokType)
+			return varLexNormal
+		}
+		return l.errorf("unrecognized type %q", l.input[l.start:l.pos])
+	}
+	l.emit(tokType)
+	return varLexNormal
+}
diff --git a/vendor/src/github.com/godbus/dbus/variant_parser.go b/vendor/src/github.com/godbus/dbus/variant_parser.go
new file mode 100644
index 0000000000..d20f5da6dd
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/variant_parser.go
@@ -0,0 +1,817 @@
+package dbus
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode/utf8"
+)
+
+type varParser struct {
+	tokens []varToken
+	i      int
+}
+
+func (p *varParser) backup() {
+	p.i--
+}
+
+func (p *varParser) next() varToken {
+	if p.i < len(p.tokens) {
+		t := p.tokens[p.i]
+		p.i++
+		return t
+	}
+	return varToken{typ: tokEOF}
+}
+
+type varNode interface {
+	Infer() (Signature, error)
+	String() string
+	Sigs() sigSet
+	Value(Signature) (interface{}, error)
+}
+
+func varMakeNode(p *varParser) (varNode, error) {
+	var sig Signature
+
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokNumber:
+			return varMakeNumNode(t, sig)
+		case tokString:
+			return varMakeStringNode(t, sig)
+		case tokBool:
+			if sig.str != "" && sig.str != "b" {
+				return nil, varTypeError{t.val, sig}
+			}
+			b, err := strconv.ParseBool(t.val)
+			if err != nil {
+				return nil, err
+			}
+			return boolNode(b), nil
+		case tokArrayStart:
+			return varMakeArrayNode(p, sig)
+		case tokVariantStart:
+			return varMakeVariantNode(p, sig)
+		case tokDictStart:
+			return varMakeDictNode(p, sig)
+		case tokType:
+			if sig.str != "" {
+				return nil, errors.New("unexpected type annotation")
+			}
+			if t.val[0] == '@' {
+				sig.str = t.val[1:]
+			} else {
+				sig.str = varTypeMap[t.val]
+			}
+		case tokByteString:
+			if sig.str != "" && sig.str != "ay" {
+				return nil, varTypeError{t.val, sig}
+			}
+			b, err := varParseByteString(t.val)
+			if err != nil {
+				return nil, err
+			}
+			return byteStringNode(b), nil
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+}
+
+type varTypeError struct {
+	val string
+	sig Signature
+}
+
+func (e varTypeError) Error() string {
+	return fmt.Sprintf("dbus: can't parse %q as type %q", e.val, e.sig.str)
+}
+
+type sigSet map[Signature]bool
+
+func (s sigSet) Empty() bool {
+	return len(s) == 0
+}
+
+func (s sigSet) Intersect(s2 sigSet) sigSet {
+	r := make(sigSet)
+	for k := range s {
+		if s2[k] {
+			r[k] = true
+		}
+	}
+	return r
+}
+
+func (s sigSet) Single() (Signature, bool) {
+	if len(s) == 1 {
+		for k := range s {
+			return k, true
+		}
+	}
+	return Signature{}, false
+}
+
+func (s sigSet) ToArray() sigSet {
+	r := make(sigSet, len(s))
+	for k := range s {
+		r[Signature{"a" + k.str}] = true
+	}
+	return r
+}
+
+type numNode struct {
+	sig Signature
+	str string
+	val interface{}
+}
+
+var numSigSet = sigSet{
+	Signature{"y"}: true,
+	Signature{"n"}: true,
+	Signature{"q"}: true,
+	Signature{"i"}: true,
+	Signature{"u"}: true,
+	Signature{"x"}: true,
+	Signature{"t"}: true,
+	Signature{"d"}: true,
+}
+
+func (n numNode) Infer() (Signature, error) {
+	if strings.ContainsAny(n.str, ".e") {
+		return Signature{"d"}, nil
+	}
+	return Signature{"i"}, nil
+}
+
+func (n numNode) String() string {
+	return n.str
+}
+
+func (n numNode) Sigs() sigSet {
+	if n.sig.str != "" {
+		return sigSet{n.sig: true}
+	}
+	if strings.ContainsAny(n.str, ".e") {
+		return sigSet{Signature{"d"}: true}
+	}
+	return numSigSet
+}
+
+func (n numNode) Value(sig Signature) (interface{}, error) {
+	if n.sig.str != "" && n.sig != sig {
+		return nil, varTypeError{n.str, sig}
+	}
+	if n.val != nil {
+		return n.val, nil
+	}
+	return varNumAs(n.str, sig)
+}
+
+func varMakeNumNode(tok varToken, sig Signature) (varNode, error) {
+	if sig.str == "" {
+		return numNode{str: tok.val}, nil
+	}
+	num, err := varNumAs(tok.val, sig)
+	if err != nil {
+		return nil, err
+	}
+	return numNode{sig: sig, val: num}, nil
+}
+
+func varNumAs(s string, sig Signature) (interface{}, error) {
+	isUnsigned := false
+	size := 32
+	switch sig.str {
+	case "n":
+		size = 16
+	case "i":
+	case "x":
+		size = 64
+	case "y":
+		size = 8
+		isUnsigned = true
+	case "q":
+		size = 16
+		isUnsigned = true
+	case "u":
+		isUnsigned = true
+	case "t":
+		size = 64
+		isUnsigned = true
+	case "d":
+		d, err := strconv.ParseFloat(s, 64)
+		if err != nil {
+			return nil, err
+		}
+		return d, nil
+	default:
+		return nil, varTypeError{s, sig}
+	}
+	base := 10
+	if strings.HasPrefix(s, "0x") {
+		base = 16
+		s = s[2:]
+	}
+	if strings.HasPrefix(s, "0") && len(s) != 1 {
+		base = 8
+		s = s[1:]
+	}
+	if isUnsigned {
+		i, err := strconv.ParseUint(s, base, size)
+		if err != nil {
+			return nil, err
+		}
+		var v interface{} = i
+		switch sig.str {
+		case "y":
+			v = byte(i)
+		case "q":
+			v = uint16(i)
+		case "u":
+			v = uint32(i)
+		}
+		return v, nil
+	}
+	i, err := strconv.ParseInt(s, base, size)
+	if err != nil {
+		return nil, err
+	}
+	var v interface{} = i
+	switch sig.str {
+	case "n":
+		v = int16(i)
+	case "i":
+		v = int32(i)
+	}
+	return v, nil
+}
+
+type stringNode struct {
+	sig Signature
+	str string      // parsed
+	val interface{} // has correct type
+}
+
+var stringSigSet = sigSet{
+	Signature{"s"}: true,
+	Signature{"g"}: true,
+	Signature{"o"}: true,
+}
+
+func (n stringNode) Infer() (Signature, error) {
+	return Signature{"s"}, nil
+}
+
+func (n stringNode) String() string {
+	return n.str
+}
+
+func (n stringNode) Sigs() sigSet {
+	if n.sig.str != "" {
+		return sigSet{n.sig: true}
+	}
+	return stringSigSet
+}
+
+func (n stringNode) Value(sig Signature) (interface{}, error) {
+	if n.sig.str != "" && n.sig != sig {
+		return nil, varTypeError{n.str, sig}
+	}
+	if n.val != nil {
+		return n.val, nil
+	}
+	switch {
+	case sig.str == "g":
+		return Signature{n.str}, nil
+	case sig.str == "o":
+		return ObjectPath(n.str), nil
+	case sig.str == "s":
+		return n.str, nil
+	default:
+		return nil, varTypeError{n.str, sig}
+	}
+}
+
+func varMakeStringNode(tok varToken, sig Signature) (varNode, error) {
+	if sig.str != "" && sig.str != "s" && sig.str != "g" && sig.str != "o" {
+		return nil, fmt.Errorf("invalid type %q for string", sig.str)
+	}
+	s, err := varParseString(tok.val)
+	if err != nil {
+		return nil, err
+	}
+	n := stringNode{str: s}
+	if sig.str == "" {
+		return stringNode{str: s}, nil
+	}
+	n.sig = sig
+	switch sig.str {
+	case "o":
+		n.val = ObjectPath(s)
+	case "g":
+		n.val = Signature{s}
+	case "s":
+		n.val = s
+	}
+	return n, nil
+}
+
+func varParseString(s string) (string, error) {
+	// quotes are guaranteed to be there
+	s = s[1 : len(s)-1]
+	buf := new(bytes.Buffer)
+	for len(s) != 0 {
+		r, size := utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && size == 1 {
+			return "", errors.New("invalid UTF-8")
+		}
+		s = s[size:]
+		if r != '\\' {
+			buf.WriteRune(r)
+			continue
+		}
+		r, size = utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && size == 1 {
+			return "", errors.New("invalid UTF-8")
+		}
+		s = s[size:]
+		switch r {
+		case 'a':
+			buf.WriteRune(0x7)
+		case 'b':
+			buf.WriteRune(0x8)
+		case 'f':
+			buf.WriteRune(0xc)
+		case 'n':
+			buf.WriteRune('\n')
+		case 'r':
+			buf.WriteRune('\r')
+		case 't':
+			buf.WriteRune('\t')
+		case '\n':
+		case 'u':
+			if len(s) < 4 {
+				return "", errors.New("short unicode escape")
+			}
+			r, err := strconv.ParseUint(s[:4], 16, 32)
+			if err != nil {
+				return "", err
+			}
+			buf.WriteRune(rune(r))
+			s = s[4:]
+		case 'U':
+			if len(s) < 8 {
+				return "", errors.New("short unicode escape")
+			}
+			r, err := strconv.ParseUint(s[:8], 16, 32)
+			if err != nil {
+				return "", err
+			}
+			buf.WriteRune(rune(r))
+			s = s[8:]
+		default:
+			buf.WriteRune(r)
+		}
+	}
+	return buf.String(), nil
+}
+
+var boolSigSet = sigSet{Signature{"b"}: true}
+
+type boolNode bool
+
+func (boolNode) Infer() (Signature, error) {
+	return Signature{"b"}, nil
+}
+
+func (b boolNode) String() string {
+	if b {
+		return "true"
+	}
+	return "false"
+}
+
+func (boolNode) Sigs() sigSet {
+	return boolSigSet
+}
+
+func (b boolNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "b" {
+		return nil, varTypeError{b.String(), sig}
+	}
+	return bool(b), nil
+}
+
+type arrayNode struct {
+	set      sigSet
+	children []varNode
+	val      interface{}
+}
+
+func (n arrayNode) Infer() (Signature, error) {
+	for _, v := range n.children {
+		csig, err := varInfer(v)
+		if err != nil {
+			continue
+		}
+		return Signature{"a" + csig.str}, nil
+	}
+	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
+}
+
+func (n arrayNode) String() string {
+	s := "["
+	for i, v := range n.children {
+		s += v.String()
+		if i != len(n.children)-1 {
+			s += ", "
+		}
+	}
+	return s + "]"
+}
+
+func (n arrayNode) Sigs() sigSet {
+	return n.set
+}
+
+func (n arrayNode) Value(sig Signature) (interface{}, error) {
+	if n.set.Empty() {
+		// no type information whatsoever, so this must be an empty slice
+		return reflect.MakeSlice(typeFor(sig.str), 0, 0).Interface(), nil
+	}
+	if !n.set[sig] {
+		return nil, varTypeError{n.String(), sig}
+	}
+	s := reflect.MakeSlice(typeFor(sig.str), len(n.children), len(n.children))
+	for i, v := range n.children {
+		rv, err := v.Value(Signature{sig.str[1:]})
+		if err != nil {
+			return nil, err
+		}
+		s.Index(i).Set(reflect.ValueOf(rv))
+	}
+	return s.Interface(), nil
+}
+
+func varMakeArrayNode(p *varParser, sig Signature) (varNode, error) {
+	var n arrayNode
+	if sig.str != "" {
+		n.set = sigSet{sig: true}
+	}
+	if t := p.next(); t.typ == tokArrayEnd {
+		return n, nil
+	} else {
+		p.backup()
+	}
+Loop:
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		cn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if cset := cn.Sigs(); !cset.Empty() {
+			if n.set.Empty() {
+				n.set = cset.ToArray()
+			} else {
+				nset := cset.ToArray().Intersect(n.set)
+				if nset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", cn.String())
+				}
+				n.set = nset
+			}
+		}
+		n.children = append(n.children, cn)
+		switch t := p.next(); t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokArrayEnd:
+			break Loop
+		case tokComma:
+			continue
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+	return n, nil
+}
+
+type variantNode struct {
+	n varNode
+}
+
+var variantSet = sigSet{
+	Signature{"v"}: true,
+}
+
+func (variantNode) Infer() (Signature, error) {
+	return Signature{"v"}, nil
+}
+
+func (n variantNode) String() string {
+	return "<" + n.n.String() + ">"
+}
+
+func (variantNode) Sigs() sigSet {
+	return variantSet
+}
+
+func (n variantNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "v" {
+		return nil, varTypeError{n.String(), sig}
+	}
+	sig, err := varInfer(n.n)
+	if err != nil {
+		return nil, err
+	}
+	v, err := n.n.Value(sig)
+	if err != nil {
+		return nil, err
+	}
+	return MakeVariant(v), nil
+}
+
+func varMakeVariantNode(p *varParser, sig Signature) (varNode, error) {
+	n, err := varMakeNode(p)
+	if err != nil {
+		return nil, err
+	}
+	if t := p.next(); t.typ != tokVariantEnd {
+		return nil, fmt.Errorf("unexpected %q", t.val)
+	}
+	vn := variantNode{n}
+	if sig.str != "" && sig.str != "v" {
+		return nil, varTypeError{vn.String(), sig}
+	}
+	return variantNode{n}, nil
+}
+
+type dictEntry struct {
+	key, val varNode
+}
+
+type dictNode struct {
+	kset, vset sigSet
+	children   []dictEntry
+	val        interface{}
+}
+
+func (n dictNode) Infer() (Signature, error) {
+	for _, v := range n.children {
+		ksig, err := varInfer(v.key)
+		if err != nil {
+			continue
+		}
+		vsig, err := varInfer(v.val)
+		if err != nil {
+			continue
+		}
+		return Signature{"a{" + ksig.str + vsig.str + "}"}, nil
+	}
+	return Signature{}, fmt.Errorf("can't infer type for %q", n.String())
+}
+
+func (n dictNode) String() string {
+	s := "{"
+	for i, v := range n.children {
+		s += v.key.String() + ": " + v.val.String()
+		if i != len(n.children)-1 {
+			s += ", "
+		}
+	}
+	return s + "}"
+}
+
+func (n dictNode) Sigs() sigSet {
+	r := sigSet{}
+	for k := range n.kset {
+		for v := range n.vset {
+			sig := "a{" + k.str + v.str + "}"
+			r[Signature{sig}] = true
+		}
+	}
+	return r
+}
+
+func (n dictNode) Value(sig Signature) (interface{}, error) {
+	set := n.Sigs()
+	if set.Empty() {
+		// no type information -> empty dict
+		return reflect.MakeMap(typeFor(sig.str)).Interface(), nil
+	}
+	if !set[sig] {
+		return nil, varTypeError{n.String(), sig}
+	}
+	m := reflect.MakeMap(typeFor(sig.str))
+	ksig := Signature{sig.str[2:3]}
+	vsig := Signature{sig.str[3 : len(sig.str)-1]}
+	for _, v := range n.children {
+		kv, err := v.key.Value(ksig)
+		if err != nil {
+			return nil, err
+		}
+		vv, err := v.val.Value(vsig)
+		if err != nil {
+			return nil, err
+		}
+		m.SetMapIndex(reflect.ValueOf(kv), reflect.ValueOf(vv))
+	}
+	return m.Interface(), nil
+}
+
+func varMakeDictNode(p *varParser, sig Signature) (varNode, error) {
+	var n dictNode
+
+	if sig.str != "" {
+		if len(sig.str) < 5 {
+			return nil, fmt.Errorf("invalid signature %q for dict type", sig)
+		}
+		ksig := Signature{string(sig.str[2])}
+		vsig := Signature{sig.str[3 : len(sig.str)-1]}
+		n.kset = sigSet{ksig: true}
+		n.vset = sigSet{vsig: true}
+	}
+	if t := p.next(); t.typ == tokDictEnd {
+		return n, nil
+	} else {
+		p.backup()
+	}
+Loop:
+	for {
+		t := p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		kn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if kset := kn.Sigs(); !kset.Empty() {
+			if n.kset.Empty() {
+				n.kset = kset
+			} else {
+				n.kset = kset.Intersect(n.kset)
+				if n.kset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", kn.String())
+				}
+			}
+		}
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokColon:
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		}
+		p.backup()
+		vn, err := varMakeNode(p)
+		if err != nil {
+			return nil, err
+		}
+		if vset := vn.Sigs(); !vset.Empty() {
+			if n.vset.Empty() {
+				n.vset = vset
+			} else {
+				n.vset = n.vset.Intersect(vset)
+				if n.vset.Empty() {
+					return nil, fmt.Errorf("can't parse %q with given type information", vn.String())
+				}
+			}
+		}
+		n.children = append(n.children, dictEntry{kn, vn})
+		t = p.next()
+		switch t.typ {
+		case tokEOF:
+			return nil, io.ErrUnexpectedEOF
+		case tokError:
+			return nil, errors.New(t.val)
+		case tokDictEnd:
+			break Loop
+		case tokComma:
+			continue
+		default:
+			return nil, fmt.Errorf("unexpected %q", t.val)
+		}
+	}
+	return n, nil
+}
+
+type byteStringNode []byte
+
+var byteStringSet = sigSet{
+	Signature{"ay"}: true,
+}
+
+func (byteStringNode) Infer() (Signature, error) {
+	return Signature{"ay"}, nil
+}
+
+func (b byteStringNode) String() string {
+	return string(b)
+}
+
+func (b byteStringNode) Sigs() sigSet {
+	return byteStringSet
+}
+
+func (b byteStringNode) Value(sig Signature) (interface{}, error) {
+	if sig.str != "ay" {
+		return nil, varTypeError{b.String(), sig}
+	}
+	return []byte(b), nil
+}
+
+func varParseByteString(s string) ([]byte, error) {
+	// quotes and b at start are guaranteed to be there
+	b := make([]byte, 0, 1)
+	s = s[2 : len(s)-1]
+	for len(s) != 0 {
+		c := s[0]
+		s = s[1:]
+		if c != '\\' {
+			b = append(b, c)
+			continue
+		}
+		c = s[0]
+		s = s[1:]
+		switch c {
+		case 'a':
+			b = append(b, 0x7)
+		case 'b':
+			b = append(b, 0x8)
+		case 'f':
+			b = append(b, 0xc)
+		case 'n':
+			b = append(b, '\n')
+		case 'r':
+			b = append(b, '\r')
+		case 't':
+			b = append(b, '\t')
+		case 'x':
+			if len(s) < 2 {
+				return nil, errors.New("short escape")
+			}
+			n, err := strconv.ParseUint(s[:2], 16, 8)
+			if err != nil {
+				return nil, err
+			}
+			b = append(b, byte(n))
+			s = s[2:]
+		case '0':
+			if len(s) < 3 {
+				return nil, errors.New("short escape")
+			}
+			n, err := strconv.ParseUint(s[:3], 8, 8)
+			if err != nil {
+				return nil, err
+			}
+			b = append(b, byte(n))
+			s = s[3:]
+		default:
+			b = append(b, c)
+		}
+	}
+	return append(b, 0), nil
+}
+
+func varInfer(n varNode) (Signature, error) {
+	if sig, ok := n.Sigs().Single(); ok {
+		return sig, nil
+	}
+	return n.Infer()
+}
diff --git a/vendor/src/github.com/godbus/dbus/variant_test.go b/vendor/src/github.com/godbus/dbus/variant_test.go
new file mode 100644
index 0000000000..da917c8e29
--- /dev/null
+++ b/vendor/src/github.com/godbus/dbus/variant_test.go
@@ -0,0 +1,78 @@
+package dbus
+
+import "reflect"
+import "testing"
+
+var variantFormatTests = []struct {
+	v interface{}
+	s string
+}{
+	{int32(1), `1`},
+	{"foo", `"foo"`},
+	{ObjectPath("/org/foo"), `@o "/org/foo"`},
+	{Signature{"i"}, `@g "i"`},
+	{[]byte{}, `@ay []`},
+	{[]int32{1, 2}, `[1, 2]`},
+	{[]int64{1, 2}, `@ax [1, 2]`},
+	{[][]int32{{3, 4}, {5, 6}}, `[[3, 4], [5, 6]]`},
+	{[]Variant{MakeVariant(int32(1)), MakeVariant(1.0)}, `[<1>, <@d 1>]`},
+	{map[string]int32{"one": 1, "two": 2}, `{"one": 1, "two": 2}`},
+	{map[int32]ObjectPath{1: "/org/foo"}, `@a{io} {1: "/org/foo"}`},
+	{map[string]Variant{}, `@a{sv} {}`},
+}
+
+func TestFormatVariant(t *testing.T) {
+	for i, v := range variantFormatTests {
+		if s := MakeVariant(v.v).String(); s != v.s {
+			t.Errorf("test %d: got %q, wanted %q", i+1, s, v.s)
+		}
+	}
+}
+
+var variantParseTests = []struct {
+	s string
+	v interface{}
+}{
+	{"1", int32(1)},
+	{"true", true},
+	{"false", false},
+	{"1.0", float64(1.0)},
+	{"0x10", int32(16)},
+	{"1e1", float64(10)},
+	{`"foo"`, "foo"},
+	{`"\a\b\f\n\r\t"`, "\x07\x08\x0c\n\r\t"},
+	{`"\u00e4\U0001f603"`, "\u00e4\U0001f603"},
+	{"[1]", []int32{1}},
+	{"[1, 2, 3]", []int32{1, 2, 3}},
+	{"@ai []", []int32{}},
+	{"[1, 5.0]", []float64{1, 5.0}},
+	{"[[1, 2], [3, 4.0]]", [][]float64{{1, 2}, {3, 4}}},
+	{`[@o "/org/foo", "/org/bar"]`, []ObjectPath{"/org/foo", "/org/bar"}},
+	{"<1>", MakeVariant(int32(1))},
+	{"[<1>, <2.0>]", []Variant{MakeVariant(int32(1)), MakeVariant(2.0)}},
+	{`[[], [""]]`, [][]string{{}, {""}}},
+	{`@a{ss} {}`, map[string]string{}},
+	{`{"foo": 1}`, map[string]int32{"foo": 1}},
+	{`[{}, {"foo": "bar"}]`, []map[string]string{{}, {"foo": "bar"}}},
+	{`{"a": <1>, "b": <"foo">}`,
+		map[string]Variant{"a": MakeVariant(int32(1)), "b": MakeVariant("foo")}},
+	{`b''`, []byte{0}},
+	{`b"abc"`, []byte{'a', 'b', 'c', 0}},
+	{`b"\x01\0002\a\b\f\n\r\t"`, []byte{1, 2, 0x7, 0x8, 0xc, '\n', '\r', '\t', 0}},
+	{`[[0], b""]`, [][]byte{{0}, {0}}},
+	{"int16 0", int16(0)},
+	{"byte 0", byte(0)},
+}
+
+func TestParseVariant(t *testing.T) {
+	for i, v := range variantParseTests {
+		nv, err := ParseVariant(v.s, Signature{})
+		if err != nil {
+			t.Errorf("test %d: parsing failed: %s", i+1, err)
+			continue
+		}
+		if !reflect.DeepEqual(nv.value, v.v) {
+			t.Errorf("test %d: got %q, wanted %q", i+1, nv, v.v)
+		}
+	}
+}

From cb43fd007133fc05b6bb2b0d3d58fef8b1e60537 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 18 Mar 2014 18:40:00 +0100
Subject: [PATCH 233/384] pkg/systemd: Drop our copy-pasted version of
 go-systemd/activation

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 pkg/systemd/activation/files.go     | 55 -----------------------------
 pkg/systemd/activation/listeners.go | 37 -------------------
 pkg/systemd/listendfd.go            |  2 +-
 3 files changed, 1 insertion(+), 93 deletions(-)
 delete mode 100644 pkg/systemd/activation/files.go
 delete mode 100644 pkg/systemd/activation/listeners.go

diff --git a/pkg/systemd/activation/files.go b/pkg/systemd/activation/files.go
deleted file mode 100644
index 0281146310..0000000000
--- a/pkg/systemd/activation/files.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-Copyright 2013 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-// Package activation implements primitives for systemd socket activation.
-package activation
-
-import (
-	"os"
-	"strconv"
-	"syscall"
-)
-
-// based on: https://gist.github.com/alberts/4640792
-const (
-	listenFdsStart = 3
-)
-
-func Files(unsetEnv bool) []*os.File {
-	if unsetEnv {
-		// there is no way to unset env in golang os package for now
-		// https://code.google.com/p/go/issues/detail?id=6423
-		defer os.Setenv("LISTEN_PID", "")
-		defer os.Setenv("LISTEN_FDS", "")
-	}
-
-	pid, err := strconv.Atoi(os.Getenv("LISTEN_PID"))
-	if err != nil || pid != os.Getpid() {
-		return nil
-	}
-
-	nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
-	if err != nil || nfds == 0 {
-		return nil
-	}
-
-	var files []*os.File
-	for fd := listenFdsStart; fd < listenFdsStart+nfds; fd++ {
-		syscall.CloseOnExec(fd)
-		files = append(files, os.NewFile(uintptr(fd), "LISTEN_FD_"+strconv.Itoa(fd)))
-	}
-
-	return files
-}
diff --git a/pkg/systemd/activation/listeners.go b/pkg/systemd/activation/listeners.go
deleted file mode 100644
index 3296a08361..0000000000
--- a/pkg/systemd/activation/listeners.go
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
-Copyright 2014 CoreOS Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-package activation
-
-import (
-	"fmt"
-	"net"
-)
-
-// Listeners returns net.Listeners for all socket activated fds passed to this process.
-func Listeners(unsetEnv bool) ([]net.Listener, error) {
-	files := Files(unsetEnv)
-	listeners := make([]net.Listener, len(files))
-
-	for i, f := range files {
-		var err error
-		listeners[i], err = net.FileListener(f)
-		if err != nil {
-			return nil, fmt.Errorf("Error setting up FileListener for fd %d: %s", f.Fd(), err.Error())
-		}
-	}
-
-	return listeners, nil
-}
diff --git a/pkg/systemd/listendfd.go b/pkg/systemd/listendfd.go
index f6044328c2..0fbc0a6ab6 100644
--- a/pkg/systemd/listendfd.go
+++ b/pkg/systemd/listendfd.go
@@ -5,7 +5,7 @@ import (
 	"net"
 	"strconv"
 
-	"github.com/dotcloud/docker/pkg/systemd/activation"
+	"github.com/coreos/go-systemd/activation"
 )
 
 // ListenFD returns the specified socket activated files as a slice of

From 1296d5ce9ad43d8d833f6e5661da45aef6d4c26b Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 21 Feb 2014 10:48:02 +0100
Subject: [PATCH 234/384] Add systemd.SdBooted()

This is a conversion of sd_booted() from libsystemd to go and checks
if the system was booted with systemd.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 pkg/systemd/booted.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 pkg/systemd/booted.go

diff --git a/pkg/systemd/booted.go b/pkg/systemd/booted.go
new file mode 100644
index 0000000000..2aae931ec1
--- /dev/null
+++ b/pkg/systemd/booted.go
@@ -0,0 +1,15 @@
+package systemd
+
+import (
+	"os"
+)
+
+// Conversion to Go of systemd's sd_booted()
+func SdBooted() bool {
+	s, err := os.Stat("/run/systemd/system")
+	if err != nil {
+		return false
+	}
+
+	return s.IsDir()
+}

From 6c7835050e53b733181ddfca6152c358fd625400 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 21 Feb 2014 14:35:43 +0100
Subject: [PATCH 235/384] cgroups: Add systemd implementation of cgroups

This implements cgroup.Apply() using the systemd apis.
We create a transient unit called "docker-$id.scope" that contains
the container processes. We also have a way to set unit specific
properties, currently only defining the Slice to put the
scope in.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 pkg/cgroups/apply_nosystemd.go                |  15 ++
 pkg/cgroups/apply_systemd.go                  | 158 ++++++++++++++++++
 pkg/cgroups/cgroups.go                        |  13 +-
 runtime/execdriver/native/default_template.go |  14 ++
 4 files changed, 199 insertions(+), 1 deletion(-)
 create mode 100644 pkg/cgroups/apply_nosystemd.go
 create mode 100644 pkg/cgroups/apply_systemd.go

diff --git a/pkg/cgroups/apply_nosystemd.go b/pkg/cgroups/apply_nosystemd.go
new file mode 100644
index 0000000000..f94d475907
--- /dev/null
+++ b/pkg/cgroups/apply_nosystemd.go
@@ -0,0 +1,15 @@
+// +build !linux
+
+package cgroups
+
+import (
+	"fmt"
+)
+
+func useSystemd() bool {
+	return false
+}
+
+func systemdApply(c *Cgroup, pid int) (ActiveCgroup, error) {
+	return nil, fmt.Errorf("Systemd not supported")
+}
diff --git a/pkg/cgroups/apply_systemd.go b/pkg/cgroups/apply_systemd.go
new file mode 100644
index 0000000000..c689d5753e
--- /dev/null
+++ b/pkg/cgroups/apply_systemd.go
@@ -0,0 +1,158 @@
+// +build linux
+
+package cgroups
+
+import (
+	"fmt"
+	systemd1 "github.com/coreos/go-systemd/dbus"
+	"github.com/dotcloud/docker/pkg/systemd"
+	"github.com/godbus/dbus"
+	"path/filepath"
+	"strings"
+	"sync"
+)
+
+type systemdCgroup struct {
+}
+
+var (
+	connLock              sync.Mutex
+	theConn               *systemd1.Conn
+	hasStartTransientUnit bool
+)
+
+func useSystemd() bool {
+	if !systemd.SdBooted() {
+		return false
+	}
+
+	connLock.Lock()
+	defer connLock.Unlock()
+
+	if theConn == nil {
+		var err error
+		theConn, err = systemd1.New()
+		if err != nil {
+			return false
+		}
+
+		// Assume we have StartTransientUnit
+		hasStartTransientUnit = true
+
+		// But if we get UnknownMethod error we don't
+		if _, err := theConn.StartTransientUnit("test.scope", "invalid"); err != nil {
+			if dbusError, ok := err.(dbus.Error); ok {
+				if dbusError.Name == "org.freedesktop.DBus.Error.UnknownMethod" {
+					hasStartTransientUnit = false
+				}
+			}
+		}
+	}
+
+	return hasStartTransientUnit
+}
+
+type DeviceAllow struct {
+	Node        string
+	Permissions string
+}
+
+func getIfaceForUnit(unitName string) string {
+	if strings.HasSuffix(unitName, ".scope") {
+		return "Scope"
+	}
+	if strings.HasSuffix(unitName, ".service") {
+		return "Service"
+	}
+	return "Unit"
+}
+
+func systemdApply(c *Cgroup, pid int) (ActiveCgroup, error) {
+	unitName := c.Parent + "-" + c.Name + ".scope"
+	slice := "system.slice"
+
+	var properties []systemd1.Property
+
+	for _, v := range c.UnitProperties {
+		switch v[0] {
+		case "Slice":
+			slice = v[1]
+		default:
+			return nil, fmt.Errorf("Unknown unit propery %s", v[0])
+		}
+	}
+
+	properties = append(properties,
+		systemd1.Property{"Slice", dbus.MakeVariant(slice)},
+		systemd1.Property{"Description", dbus.MakeVariant("docker container " + c.Name)},
+		systemd1.Property{"PIDs", dbus.MakeVariant([]uint32{uint32(pid)})})
+
+	if !c.DeviceAccess {
+		properties = append(properties,
+			systemd1.Property{"DevicePolicy", dbus.MakeVariant("strict")},
+			systemd1.Property{"DeviceAllow", dbus.MakeVariant([]DeviceAllow{
+				{"/dev/null", "rwm"},
+				{"/dev/zero", "rwm"},
+				{"/dev/full", "rwm"},
+				{"/dev/random", "rwm"},
+				{"/dev/urandom", "rwm"},
+				{"/dev/tty", "rwm"},
+				{"/dev/console", "rwm"},
+				{"/dev/tty0", "rwm"},
+				{"/dev/tty1", "rwm"},
+				{"/dev/pts/ptmx", "rwm"},
+				// There is no way to add /dev/pts/* here atm, so we hack this manually below
+				// /dev/pts/* (how to add this?)
+				// Same with tuntap, which doesn't exist as a node most of the time
+			})})
+	}
+
+	if c.Memory != 0 {
+		properties = append(properties,
+			systemd1.Property{"MemoryLimit", dbus.MakeVariant(uint64(c.Memory))})
+	}
+	// TODO: MemorySwap not available in systemd
+
+	if c.CpuShares != 0 {
+		properties = append(properties,
+			systemd1.Property{"CPUShares", dbus.MakeVariant(uint64(c.CpuShares))})
+	}
+
+	if _, err := theConn.StartTransientUnit(unitName, "replace", properties...); err != nil {
+		return nil, err
+	}
+
+	// To work around the lack of /dev/pts/* support above we need to manually add these
+	// so, ask systemd for the cgroup used
+	props, err := theConn.GetUnitTypeProperties(unitName, getIfaceForUnit(unitName))
+	if err != nil {
+		return nil, err
+	}
+
+	cgroup := props["ControlGroup"].(string)
+
+	if !c.DeviceAccess {
+		mountpoint, err := FindCgroupMountpoint("devices")
+		if err != nil {
+			return nil, err
+		}
+
+		path := filepath.Join(mountpoint, cgroup)
+
+		// /dev/pts/*
+		if err := writeFile(path, "devices.allow", "c 136:* rwm"); err != nil {
+			return nil, err
+		}
+		// tuntap
+		if err := writeFile(path, "devices.allow", "c 10:200 rwm"); err != nil {
+			return nil, err
+		}
+	}
+
+	return &systemdCgroup{}, nil
+}
+
+func (c *systemdCgroup) Cleanup() error {
+	// systemd cleans up, we don't need to do anything
+	return nil
+}
diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go
index f35556f712..8554ba9376 100644
--- a/pkg/cgroups/cgroups.go
+++ b/pkg/cgroups/cgroups.go
@@ -19,6 +19,8 @@ type Cgroup struct {
 	Memory       int64 `json:"memory,omitempty"`        // Memory limit (in bytes)
 	MemorySwap   int64 `json:"memory_swap,omitempty"`   // Total memory usage (memory + swap); set `-1' to disable swap
 	CpuShares    int64 `json:"cpu_shares,omitempty"`    // CPU shares (relative weight vs. other containers)
+
+	UnitProperties [][2]string `json:"unit_properties,omitempty"` // systemd unit properties
 }
 
 type ActiveCgroup interface {
@@ -87,5 +89,14 @@ func writeFile(dir, file, data string) error {
 }
 
 func (c *Cgroup) Apply(pid int) (ActiveCgroup, error) {
-	return rawApply(c, pid)
+	// We have two implementation of cgroups support, one is based on
+	// systemd and the dbus api, and one is based on raw cgroup fs operations
+	// following the pre-single-writer model docs at:
+	// http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups/
+
+	if useSystemd() {
+		return systemdApply(c, pid)
+	} else {
+		return rawApply(c, pid)
+	}
 }
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index e11f2de1cf..32886f2396 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -5,6 +5,7 @@ import (
 	"github.com/dotcloud/docker/pkg/cgroups"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
+	"github.com/dotcloud/docker/utils"
 	"os"
 )
 
@@ -59,6 +60,19 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 		container.Cgroups.MemorySwap = c.Resources.MemorySwap
 	}
 
+	if opts, ok := c.Config["unit"]; ok {
+		props := [][2]string{}
+		for _, opt := range opts {
+			key, value, err := utils.ParseKeyValueOpt(opt)
+			if err == nil {
+				props = append(props, [2]string{key, value})
+			} else {
+				props = append(props, [2]string{opt, ""})
+			}
+		}
+		container.Cgroups.UnitProperties = props
+	}
+
 	// check to see if we are running in ramdisk to disable pivot root
 	container.NoPivotRoot = os.Getenv("DOCKER_RAMDISK") != ""
 

From 64dd77fa0eb73ec4f395848982ccb60bb3bf8fc5 Mon Sep 17 00:00:00 2001
From: James Harrison Fisher <jameshfisher@gmail.com>
Date: Thu, 27 Mar 2014 23:02:44 +0000
Subject: [PATCH 236/384] Add missing port NAT configuration

Missing port translation causes last line to fail

Docker-DCO-1.1-Signed-off-by: James Fisher <jameshfisher@gmail.com> (github: jameshfisher)
---
 docs/sources/examples/mongodb.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/examples/mongodb.rst b/docs/sources/examples/mongodb.rst
index 930ab2ea9d..913dc2699a 100644
--- a/docs/sources/examples/mongodb.rst
+++ b/docs/sources/examples/mongodb.rst
@@ -86,10 +86,10 @@ the local port!
 .. code-block:: bash
 
     # Regular style
-    MONGO_ID=$(sudo docker run -d <yourname>/mongodb)
+    MONGO_ID=$(sudo docker run -P -d <yourname>/mongodb)
 
     # Lean and mean
-    MONGO_ID=$(sudo docker run -d <yourname>/mongodb --noprealloc --smallfiles)
+    MONGO_ID=$(sudo docker run -P -d <yourname>/mongodb --noprealloc --smallfiles)
 
     # Check the logs out
     sudo docker logs $MONGO_ID

From 792bb41e524615486ef8266b7bf4804b4fe178f1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 27 Mar 2014 16:38:27 -0400
Subject: [PATCH 237/384] Remount /var/lib/docker as --private to fix scaling
 issue

If an admin mounts all file systems as -rshared (Default on RHEL and Fedora)
we see a scaling problem as the number of container increase.

Basically every new container needs to have it new mounts in /var/lib/docker
shared to all other containers, this ends up with us only able to scale to
around 100 containers, before the system slows down.

By simply bind mounting /var/lib/docker on its and then setting it private,
the scaling issue goes away.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 runtime/runtime.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index 35bcad9781..b035f5df9f 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -10,6 +10,7 @@ import (
 	"github.com/dotcloud/docker/graph"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
+	"github.com/dotcloud/docker/pkg/mount"
 	"github.com/dotcloud/docker/pkg/sysinfo"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime/execdriver"
@@ -59,6 +60,22 @@ type Runtime struct {
 	execDriver     execdriver.Driver
 }
 
+// Mountpoints should be private to the container
+func remountPrivate(mountPoint string) error {
+
+	mounted, err := mount.Mounted(mountPoint)
+	if err != nil {
+		return err
+	}
+
+	if !mounted {
+		if err := mount.Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
+			return err
+		}
+	}
+	return mount.ForceMount("", mountPoint, "none", "private")
+}
+
 // List returns an array of all containers registered in the runtime.
 func (runtime *Runtime) List() []*Container {
 	containers := new(History)
@@ -654,6 +671,10 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 	}
 	utils.Debugf("Using graph driver %s", driver)
 
+	if err := remountPrivate(config.Root); err != nil {
+		return nil, err
+	}
+
 	runtimeRepo := path.Join(config.Root, "containers")
 
 	if err := os.MkdirAll(runtimeRepo, 0700); err != nil && !os.IsExist(err) {

From 66c5e19f9bd057644fab475499ea45bb428ba2b2 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Fri, 28 Mar 2014 15:58:14 +0100
Subject: [PATCH 238/384] devmapper: Ensure we shut down thin pool cleanly.

The change in commit a9fa1a13c3b0a654a96be01ff7ec19e8009b2094
made us only deactivate devices that were mounted. Unfortunately
this made us not deactivate the base device. Which caused
us to not be able to deactivate the pool.

This fixes that by always just deactivating the base device.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index 762e982208..731e9dab8b 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -821,6 +821,10 @@ func (devices *DeviceSet) Shutdown() error {
 		info.lock.Unlock()
 	}
 
+	if err := devices.deactivateDevice(""); err != nil {
+		utils.Debugf("Shutdown deactivate base , error: %s\n", err)
+	}
+
 	if err := devices.deactivatePool(); err != nil {
 		utils.Debugf("Shutdown deactivate pool , error: %s\n", err)
 	}

From 7d750180e49159ead712843a9cc1c0c58fd5c53c Mon Sep 17 00:00:00 2001
From: Justin Simonelis <justin.p.simonelis@gmail.com>
Date: Fri, 28 Mar 2014 15:15:54 -0500
Subject: [PATCH 239/384] Update AUTHORS

---
 AUTHORS | 1 -
 1 file changed, 1 deletion(-)

diff --git a/AUTHORS b/AUTHORS
index 1c58d953f6..df091d5950 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -170,7 +170,6 @@ Julien Barbier <write0@gmail.com>
 Julien Dubois <julien.dubois@gmail.com>
 Justin Force <justin.force@gmail.com>
 Justin Plock <jplock@users.noreply.github.com>
-Justin Simonelis <justin.p.simonelis@gmail.com>
 Karan Lyons <karan@karanlyons.com>
 Karl Grzeszczak <karlgrz@gmail.com>
 Kawsar Saiyeed <kawsar.saiyeed@projiris.com>

From 36dfa0c4ec90404f76a6ec73c89d199e279ee96c Mon Sep 17 00:00:00 2001
From: Jason Plum <jplum@devonit.com>
Date: Fri, 28 Mar 2014 18:02:17 -0400
Subject: [PATCH 240/384] Fix daemon's documentation for -bip flag

---
 docs/sources/reference/commandline/cli.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index b39cbc2e9f..3d2aac5233 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -74,7 +74,7 @@ Commands
       -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group
       --api-enable-cors=false: Enable CORS headers in the remote API
       -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking
-      --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b
+      -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b
       -d, --daemon=false: Enable daemon mode
       --dns=[]: Force docker to use specific DNS servers
       --dns-search=[]: Force Docker to use specific DNS search domains

From 04f5c75239cba156db70523bcd90657e5c7b5ddb Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Sat, 29 Mar 2014 00:48:47 +0000
Subject: [PATCH 241/384] Steve Wozniak is not boring.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 pkg/namesgenerator/names-generator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/namesgenerator/names-generator.go b/pkg/namesgenerator/names-generator.go
index dfece5d611..3776e59225 100644
--- a/pkg/namesgenerator/names-generator.go
+++ b/pkg/namesgenerator/names-generator.go
@@ -56,7 +56,7 @@ func GenerateRandomName(checker NameChecker) (string, error) {
 	retry := 5
 	rand.Seed(time.Now().UnixNano())
 	name := fmt.Sprintf("%s_%s", left[rand.Intn(len(left))], right[rand.Intn(len(right))])
-	for checker != nil && checker.Exists(name) && retry > 0 {
+	for checker != nil && checker.Exists(name) && retry > 0 || name == "boring_wozniak" /* Steve Wozniak is not boring */ {
 		name = fmt.Sprintf("%s%d", name, rand.Intn(10))
 		retry = retry - 1
 	}

From 6db32fdefdae49843ed9535b3af1099e6bd2755d Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Tue, 25 Feb 2014 18:17:48 +0200
Subject: [PATCH 242/384] initial version of cli integration tests

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 Makefile                                      |   7 +-
 hack/make.sh                                  |   1 +
 hack/make/test-integration-cli                |  37 +++
 .../TestBuildSixtySteps/Dockerfile            |  60 +++++
 integration-cli/docker_cli_build_test.go      |  28 ++
 integration-cli/docker_cli_commit_test.go     |  34 +++
 integration-cli/docker_cli_diff_test.go       |  66 +++++
 .../docker_cli_export_import_test.go          |  50 ++++
 integration-cli/docker_cli_images_test.go     |  20 ++
 integration-cli/docker_cli_info_test.go       |  29 ++
 integration-cli/docker_cli_kill_test.go       |  36 +++
 integration-cli/docker_cli_pull_test.go       |  30 +++
 integration-cli/docker_cli_push_test.go       |  48 ++++
 integration-cli/docker_cli_run_test.go        | 255 ++++++++++++++++++
 integration-cli/docker_cli_save_load_test.go  |  52 ++++
 integration-cli/docker_cli_search_test.go     |  25 ++
 integration-cli/docker_cli_tag_test.go        |  86 ++++++
 integration-cli/docker_cli_top_test.go        |  32 +++
 integration-cli/docker_cli_version_test.go    |  29 ++
 integration-cli/docker_test_vars.go           |  29 ++
 integration-cli/docker_utils.go               |  56 ++++
 integration-cli/utils.go                      | 109 ++++++++
 22 files changed, 1117 insertions(+), 2 deletions(-)
 create mode 100644 hack/make/test-integration-cli
 create mode 100644 integration-cli/build_tests/TestBuildSixtySteps/Dockerfile
 create mode 100644 integration-cli/docker_cli_build_test.go
 create mode 100644 integration-cli/docker_cli_commit_test.go
 create mode 100644 integration-cli/docker_cli_diff_test.go
 create mode 100644 integration-cli/docker_cli_export_import_test.go
 create mode 100644 integration-cli/docker_cli_images_test.go
 create mode 100644 integration-cli/docker_cli_info_test.go
 create mode 100644 integration-cli/docker_cli_kill_test.go
 create mode 100644 integration-cli/docker_cli_pull_test.go
 create mode 100644 integration-cli/docker_cli_push_test.go
 create mode 100644 integration-cli/docker_cli_run_test.go
 create mode 100644 integration-cli/docker_cli_save_load_test.go
 create mode 100644 integration-cli/docker_cli_search_test.go
 create mode 100644 integration-cli/docker_cli_tag_test.go
 create mode 100644 integration-cli/docker_cli_top_test.go
 create mode 100644 integration-cli/docker_cli_version_test.go
 create mode 100644 integration-cli/docker_test_vars.go
 create mode 100644 integration-cli/docker_utils.go
 create mode 100644 integration-cli/utils.go

diff --git a/Makefile b/Makefile
index b3bea8a31f..5656472213 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration
+.PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration test-integration-cli
 
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
 DOCKER_IMAGE := docker:$(GIT_BRANCH)
@@ -23,11 +23,14 @@ docs-shell: docs-build
 	docker run --rm -i -t -p 8000:8000 "$(DOCKER_DOCS_IMAGE)" bash
 
 test: build
-	$(DOCKER_RUN_DOCKER) hack/make.sh test test-integration
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary test test-integration test-integration-cli
 
 test-integration: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh test-integration
 
+test-integration-cli: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh binary test-integration-cli
+
 shell: build
 	$(DOCKER_RUN_DOCKER) bash
 
diff --git a/hack/make.sh b/hack/make.sh
index dbb9dbfdfd..447a00f039 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -139,6 +139,7 @@ find_dirs() {
 		\( \
 			-wholename './vendor' \
 			-o -wholename './integration' \
+			-o -wholename './integration-cli' \
 			-o -wholename './contrib' \
 			-o -wholename './pkg/mflag/example' \
 			-o -wholename './.git' \
diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
new file mode 100644
index 0000000000..5ab37a4021
--- /dev/null
+++ b/hack/make/test-integration-cli
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+DEST=$1
+DOCKERBIN=$DEST/../binary/docker-$VERSION
+DYNDOCKERBIN=$DEST/../dynbinary/docker-$VERSION
+DOCKERINITBIN=$DEST/../dynbinary/dockerinit-$VERSION
+
+set -e
+
+bundle_test_integration_cli() {
+	go_test_dir ./integration-cli
+}
+
+if [ -x "/usr/bin/docker" ]; then
+	echo "docker found at /usr/bin/docker"
+elif [ -x "$DOCKERBIN" ]; then
+	ln -s $DOCKERBIN /usr/bin/docker
+elif [ -x "$DYNDOCKERBIN" ]; then
+	ln -s $DYNDOCKERBIN /usr/bin/docker
+	ln -s $DOCKERINITBIN /usr/bin/dockerinit
+else
+	echo >&2 'error: binary or dynbinary must be run before test-integration-cli'
+	false
+fi
+
+
+docker -d -D -p $DEST/docker.pid &> $DEST/docker.log &
+sleep 2
+docker info
+DOCKERD_PID=`cat $DEST/docker.pid`
+
+bundle_test_integration_cli 2>&1 \
+	| tee $DEST/test.log
+
+kill $DOCKERD_PID
+wait $DOCKERD_PID
+
diff --git a/integration-cli/build_tests/TestBuildSixtySteps/Dockerfile b/integration-cli/build_tests/TestBuildSixtySteps/Dockerfile
new file mode 100644
index 0000000000..89b66f4f1d
--- /dev/null
+++ b/integration-cli/build_tests/TestBuildSixtySteps/Dockerfile
@@ -0,0 +1,60 @@
+FROM busybox
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
+RUN echo "foo"
diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go
new file mode 100644
index 0000000000..e6f3096892
--- /dev/null
+++ b/integration-cli/docker_cli_build_test.go
@@ -0,0 +1,28 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"path/filepath"
+	"testing"
+)
+
+func TestBuildSixtySteps(t *testing.T) {
+	buildDirectory := filepath.Join(workingDirectory, "build_tests", "TestBuildSixtySteps")
+	buildCmd := exec.Command(dockerBinary, "build", "-t", "foobuildsixtysteps", ".")
+	buildCmd.Dir = buildDirectory
+	out, exitCode, err := runCommandWithOutput(buildCmd)
+	errorOut(err, t, fmt.Sprintf("build failed to complete: %v %v", out, err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("failed to build the image")
+	}
+
+	go deleteImages("foobuildsixtysteps")
+
+	logDone("build - build an image with sixty build steps")
+}
+
+// TODO: TestCaching
+
+// TODO: TestADDCacheInvalidation
diff --git a/integration-cli/docker_cli_commit_test.go b/integration-cli/docker_cli_commit_test.go
new file mode 100644
index 0000000000..5ed55ef62a
--- /dev/null
+++ b/integration-cli/docker_cli_commit_test.go
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+func TestCommitAfterContainerIsDone(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-i", "-a", "stdin", "busybox", "echo", "foo")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, fmt.Sprintf("failed to run container: %v %v", out, err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	waitCmd := exec.Command(dockerBinary, "wait", cleanedContainerID)
+	_, _, err = runCommandWithOutput(waitCmd)
+	errorOut(err, t, fmt.Sprintf("error thrown while waiting for container: %s", out))
+
+	commitCmd := exec.Command(dockerBinary, "commit", cleanedContainerID)
+	out, _, err = runCommandWithOutput(commitCmd)
+	errorOut(err, t, fmt.Sprintf("failed to commit container to image: %v %v", out, err))
+
+	cleanedImageID := stripTrailingCharacters(out)
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", cleanedImageID)
+	out, _, err = runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("failed to inspect image: %v %v", out, err))
+
+	go deleteContainer(cleanedContainerID)
+	go deleteImages(cleanedImageID)
+
+	logDone("commit - echo foo and commit the image")
+}
diff --git a/integration-cli/docker_cli_diff_test.go b/integration-cli/docker_cli_diff_test.go
new file mode 100644
index 0000000000..5f8ba74161
--- /dev/null
+++ b/integration-cli/docker_cli_diff_test.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+// ensure that an added file shows up in docker diff
+func TestDiffFilenameShownInOutput(t *testing.T) {
+	containerCmd := `echo foo > /root/bar`
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", containerCmd)
+	cid, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
+
+	cleanCID := stripTrailingCharacters(cid)
+
+	diffCmd := exec.Command(dockerBinary, "diff", cleanCID)
+	out, _, err := runCommandWithOutput(diffCmd)
+	errorOut(err, t, fmt.Sprintf("failed to run diff: %v %v", out, err))
+
+	found := false
+	for _, line := range strings.Split(out, "\n") {
+		if strings.Contains("A /root/bar", line) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Errorf("couldn't find the new file in docker diff's output: %v", out)
+	}
+	go deleteContainer(cleanCID)
+
+	logDone("diff - check if created file shows up")
+}
+
+// test to ensure GH #3840 doesn't occur any more
+func TestDiffEnsureDockerinitFilesAreIgnored(t *testing.T) {
+	// this is a list of files which shouldn't show up in `docker diff`
+	dockerinitFiles := []string{"/etc/resolv.conf", "/etc/hostname", "/etc/hosts", "/.dockerinit", "/.dockerenv"}
+
+	// we might not run into this problem from the first run, so start a few containers
+	for i := 0; i < 20; i++ {
+		containerCmd := `echo foo > /root/bar`
+		runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", containerCmd)
+		cid, _, err := runCommandWithOutput(runCmd)
+		errorOut(err, t, fmt.Sprintf("%s", err))
+
+		cleanCID := stripTrailingCharacters(cid)
+
+		diffCmd := exec.Command(dockerBinary, "diff", cleanCID)
+		out, _, err := runCommandWithOutput(diffCmd)
+		errorOut(err, t, fmt.Sprintf("failed to run diff: %v %v", out, err))
+
+		go deleteContainer(cleanCID)
+
+		for _, filename := range dockerinitFiles {
+			if strings.Contains(out, filename) {
+				t.Errorf("found file which should've been ignored %v in diff output", filename)
+			}
+		}
+	}
+
+	logDone("diff - check if ignored files show up in diff")
+}
diff --git a/integration-cli/docker_cli_export_import_test.go b/integration-cli/docker_cli_export_import_test.go
new file mode 100644
index 0000000000..66ff1055ba
--- /dev/null
+++ b/integration-cli/docker_cli_export_import_test.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// export an image and try to import it into a new one
+func TestExportContainerAndImportImage(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true")
+	out, _, err := runCommandWithOutput(runCmd)
+	if err != nil {
+		t.Fatal("failed to create a container", out, err)
+	}
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", cleanedContainerID)
+	out, _, err = runCommandWithOutput(inspectCmd)
+	if err != nil {
+		t.Fatalf("output should've been a container id: %s %s ", cleanedContainerID, err)
+	}
+
+	exportCmdTemplate := `%v export %v > /tmp/testexp.tar`
+	exportCmdFinal := fmt.Sprintf(exportCmdTemplate, dockerBinary, cleanedContainerID)
+	exportCmd := exec.Command("bash", "-c", exportCmdFinal)
+	out, _, err = runCommandWithOutput(exportCmd)
+	errorOut(err, t, fmt.Sprintf("failed to export container: %v %v", out, err))
+
+	importCmdFinal := `cat /tmp/testexp.tar | docker import - testexp`
+	importCmd := exec.Command("bash", "-c", importCmdFinal)
+	out, _, err = runCommandWithOutput(importCmd)
+	errorOut(err, t, fmt.Sprintf("failed to import image: %v %v", out, err))
+
+	cleanedImageID := stripTrailingCharacters(out)
+
+	inspectCmd = exec.Command(dockerBinary, "inspect", cleanedImageID)
+	out, _, err = runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("output should've been an image id: %v %v", out, err))
+
+	go deleteImages("testexp")
+	go deleteContainer(cleanedContainerID)
+
+	os.Remove("/tmp/testexp.tar")
+
+	logDone("export - export a container")
+	logDone("import - import an image")
+}
diff --git a/integration-cli/docker_cli_images_test.go b/integration-cli/docker_cli_images_test.go
new file mode 100644
index 0000000000..17efc6f5c4
--- /dev/null
+++ b/integration-cli/docker_cli_images_test.go
@@ -0,0 +1,20 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestImagesEnsureImageIsListed(t *testing.T) {
+	imagesCmd := exec.Command(dockerBinary, "images")
+	out, _, err := runCommandWithOutput(imagesCmd)
+	errorOut(err, t, fmt.Sprintf("listing images failed with errors: %v", err))
+
+	if !strings.Contains(out, "busybox") {
+		t.Fatal("images should've listed busybox")
+	}
+
+	logDone("images - busybox should be listed")
+}
diff --git a/integration-cli/docker_cli_info_test.go b/integration-cli/docker_cli_info_test.go
new file mode 100644
index 0000000000..32aa3a2125
--- /dev/null
+++ b/integration-cli/docker_cli_info_test.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+// ensure docker info succeeds
+func TestInfoEnsureSucceeds(t *testing.T) {
+	versionCmd := exec.Command(dockerBinary, "info")
+	out, exitCode, err := runCommandWithOutput(versionCmd)
+	errorOut(err, t, fmt.Sprintf("encountered error while running docker info: %v", err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("failed to execute docker info")
+	}
+
+	stringsToCheck := []string{"Containers:", "Execution Driver:", "Kernel Version:"}
+
+	for _, linePrefix := range stringsToCheck {
+		if !strings.Contains(out, linePrefix) {
+			t.Errorf("couldn't find string %v in output", linePrefix)
+		}
+	}
+
+	logDone("info - verify that it works")
+}
diff --git a/integration-cli/docker_cli_kill_test.go b/integration-cli/docker_cli_kill_test.go
new file mode 100644
index 0000000000..676ccd0ca0
--- /dev/null
+++ b/integration-cli/docker_cli_kill_test.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestKillContainer(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", "sleep 10")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", cleanedContainerID)
+	inspectOut, _, err := runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("out should've been a container id: %v %v", inspectOut, err))
+
+	killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID)
+	out, _, err = runCommandWithOutput(killCmd)
+	errorOut(err, t, fmt.Sprintf("failed to kill container: %v %v", out, err))
+
+	listRunningContainersCmd := exec.Command(dockerBinary, "ps", "-q")
+	out, _, err = runCommandWithOutput(listRunningContainersCmd)
+	errorOut(err, t, fmt.Sprintf("failed to list running containers: %v", err))
+
+	if strings.Contains(out, cleanedContainerID) {
+		t.Fatal("killed container is still running")
+	}
+
+	go deleteContainer(cleanedContainerID)
+
+	logDone("kill - kill container running sleep 10")
+}
diff --git a/integration-cli/docker_cli_pull_test.go b/integration-cli/docker_cli_pull_test.go
new file mode 100644
index 0000000000..13b443f3d6
--- /dev/null
+++ b/integration-cli/docker_cli_pull_test.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+// pulling an image from the central registry should work
+func TestPullImageFromCentralRegistry(t *testing.T) {
+	pullCmd := exec.Command(dockerBinary, "pull", "busybox")
+	out, exitCode, err := runCommandWithOutput(pullCmd)
+	errorOut(err, t, fmt.Sprintf("%s %s", out, err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("pulling the busybox image from the registry has failed")
+	}
+	logDone("pull - pull busybox")
+}
+
+// pulling a non-existing image from the central registry should return a non-zero exit code
+func TestPullNonExistingImage(t *testing.T) {
+	pullCmd := exec.Command(dockerBinary, "pull", "fooblahblah1234")
+	_, exitCode, err := runCommandWithOutput(pullCmd)
+
+	if err == nil || exitCode == 0 {
+		t.Fatal("expected non-zero exit status when pulling non-existing image")
+	}
+	logDone("pull - pull fooblahblah1234 (non-existing image)")
+}
diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go
new file mode 100644
index 0000000000..8117c077bc
--- /dev/null
+++ b/integration-cli/docker_cli_push_test.go
@@ -0,0 +1,48 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+// these tests need a freshly started empty private docker registry
+
+// pulling an image from the central registry should work
+func TestPushBusyboxImage(t *testing.T) {
+	// skip this test until we're able to use a registry
+	t.Skip()
+	// tag the image to upload it tot he private registry
+	repoName := fmt.Sprintf("%v/busybox", privateRegistryURL)
+	tagCmd := exec.Command(dockerBinary, "tag", "busybox", repoName)
+	out, exitCode, err := runCommandWithOutput(tagCmd)
+	errorOut(err, t, fmt.Sprintf("%v %v", out, err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("image tagging failed")
+	}
+
+	pushCmd := exec.Command(dockerBinary, "push", repoName)
+	out, exitCode, err = runCommandWithOutput(pushCmd)
+	errorOut(err, t, fmt.Sprintf("%v %v", out, err))
+
+	go deleteImages(repoName)
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("pushing the image to the private registry has failed")
+	}
+	logDone("push - push busybox to private registry")
+}
+
+// pushing an image without a prefix should throw an error
+func TestPushUnprefixedRepo(t *testing.T) {
+	// skip this test until we're able to use a registry
+	t.Skip()
+	pushCmd := exec.Command(dockerBinary, "push", "busybox")
+	_, exitCode, err := runCommandWithOutput(pushCmd)
+
+	if err == nil || exitCode == 0 {
+		t.Fatal("pushing an unprefixed repo didn't result in a non-zero exit status")
+	}
+	logDone("push - push unprefixed busybox repo --> must fail")
+}
diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
new file mode 100644
index 0000000000..12915d72ff
--- /dev/null
+++ b/integration-cli/docker_cli_run_test.go
@@ -0,0 +1,255 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+// "test123" should be printed by docker run
+func TestDockerRunEchoStdout(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "echo", "test123")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	if out != "test123\n" {
+		t.Errorf("container should've printed 'test123'")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - echo test123")
+}
+
+// "test" should be printed
+func TestDockerRunEchoStdoutWithMemoryLimit(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-m", "2786432", "busybox", "echo", "test")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	if out != "test\n" {
+		t.Errorf("container should've printed 'test'")
+
+	}
+
+	deleteAllContainers()
+
+	logDone("run - echo with memory limit")
+}
+
+// "test" should be printed
+func TestDockerRunEchoStdoutWitCPULimit(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-c", "1000", "busybox", "echo", "test")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	if out != "test\n" {
+		t.Errorf("container should've printed 'test'")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - echo with CPU limit")
+}
+
+// "test" should be printed
+func TestDockerRunEchoStdoutWithCPUAndMemoryLimit(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-c", "1000", "-m", "2786432", "busybox", "echo", "test")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	if out != "test\n" {
+		t.Errorf("container should've printed 'test'")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - echo with CPU and memory limit")
+}
+
+// "test" should be printed
+func TestDockerRunEchoNamedContainer(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--name", "testfoonamedcontainer", "busybox", "echo", "test")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	if out != "test\n" {
+		t.Errorf("container should've printed 'test'")
+	}
+
+	if err := deleteContainer("testfoonamedcontainer"); err != nil {
+		t.Errorf("failed to remove the named container: %v", err)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - echo with named container")
+}
+
+// it should be possible to ping Google DNS resolver
+// this will fail when Internet access is unavailable
+func TestDockerRunPingGoogle(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "ping", "-c", "1", "8.8.8.8")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	errorOut(err, t, "container should've been able to ping 8.8.8.8")
+
+	deleteAllContainers()
+
+	logDone("run - ping 8.8.8.8")
+}
+
+// the exit code should be 0
+// some versions of lxc might make this test fail
+func TestDockerRunExitCodeZero(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "true")
+	exitCode, err := runCommand(runCmd)
+	errorOut(err, t, fmt.Sprintf("%s", err))
+
+	if exitCode != 0 {
+		t.Errorf("container should've exited with exit code 0")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - exit with 0")
+}
+
+// the exit code should be 1
+// some versions of lxc might make this test fail
+func TestDockerRunExitCodeOne(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "busybox", "false")
+	exitCode, err := runCommand(runCmd)
+	if err != nil && !strings.Contains("exit status 1", fmt.Sprintf("%s", err)) {
+		t.Fatal(err)
+	}
+	if exitCode != 1 {
+		t.Errorf("container should've exited with exit code 1")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - exit with 1")
+}
+
+// it should be possible to pipe in data via stdin to a process running in a container
+// some versions of lxc might make this test fail
+func TestRunStdinPipe(t *testing.T) {
+	runCmd := exec.Command("bash", "-c", `echo "blahblah" | docker run -i -a stdin busybox cat`)
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	out = stripTrailingCharacters(out)
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", out)
+	inspectOut, _, err := runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("out should've been a container id: %s %s", out, inspectOut))
+
+	waitCmd := exec.Command(dockerBinary, "wait", out)
+	_, _, err = runCommandWithOutput(waitCmd)
+	errorOut(err, t, fmt.Sprintf("error thrown while waiting for container: %s", out))
+
+	logsCmd := exec.Command(dockerBinary, "logs", out)
+	containerLogs, _, err := runCommandWithOutput(logsCmd)
+	errorOut(err, t, fmt.Sprintf("error thrown while trying to get container logs: %s", err))
+
+	containerLogs = stripTrailingCharacters(containerLogs)
+
+	if containerLogs != "blahblah" {
+		t.Errorf("logs didn't print the container's logs %s", containerLogs)
+	}
+
+	rmCmd := exec.Command(dockerBinary, "rm", out)
+	_, _, err = runCommandWithOutput(rmCmd)
+	errorOut(err, t, fmt.Sprintf("rm failed to remove container %s", err))
+
+	deleteAllContainers()
+
+	logDone("run - pipe in with -i -a stdin")
+}
+
+// the container's ID should be printed when starting a container in detached mode
+func TestDockerRunDetachedContainerIDPrinting(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	out = stripTrailingCharacters(out)
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", out)
+	inspectOut, _, err := runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("out should've been a container id: %s %s", out, inspectOut))
+
+	waitCmd := exec.Command(dockerBinary, "wait", out)
+	_, _, err = runCommandWithOutput(waitCmd)
+	errorOut(err, t, fmt.Sprintf("error thrown while waiting for container: %s", out))
+
+	rmCmd := exec.Command(dockerBinary, "rm", out)
+	rmOut, _, err := runCommandWithOutput(rmCmd)
+	errorOut(err, t, "rm failed to remove container")
+
+	rmOut = stripTrailingCharacters(rmOut)
+	if rmOut != out {
+		t.Errorf("rm didn't print the container ID %s %s", out, rmOut)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - print container ID in detached mode")
+}
+
+// the working directory should be set correctly
+func TestDockerRunWorkingDirectory(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-w", "/root", "busybox", "pwd")
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	out = stripTrailingCharacters(out)
+
+	if out != "/root" {
+		t.Errorf("-w failed to set working directory")
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "--workdir", "/root", "busybox", "pwd")
+	out, _, _, err = runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, out)
+
+	out = stripTrailingCharacters(out)
+
+	if out != "/root" {
+		t.Errorf("--workdir failed to set working directory")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - run with working directory set by -w")
+	logDone("run - run with working directory set by --workdir")
+}
+
+// pinging Google's DNS resolver should fail when we disable the networking
+func TestDockerRunWithoutNetworking(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--networking=false", "busybox", "ping", "-c", "1", "8.8.8.8")
+	out, _, exitCode, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 1 {
+		t.Fatal(out, err)
+	}
+	if exitCode != 1 {
+		t.Errorf("--networking=false should've disabled the network; the container shouldn't have been able to ping 8.8.8.8")
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "-n=false", "busybox", "ping", "-c", "1", "8.8.8.8")
+	out, _, exitCode, err = runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 1 {
+		t.Fatal(out, err)
+	}
+	if exitCode != 1 {
+		t.Errorf("-n=false should've disabled the network; the container shouldn't have been able to ping 8.8.8.8")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - disable networking with --networking=false")
+	logDone("run - disable networking with -n=false")
+}
diff --git a/integration-cli/docker_cli_save_load_test.go b/integration-cli/docker_cli_save_load_test.go
new file mode 100644
index 0000000000..7f04f7ca53
--- /dev/null
+++ b/integration-cli/docker_cli_save_load_test.go
@@ -0,0 +1,52 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+// save a repo and try to load it
+func TestSaveAndLoadRepo(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "true")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("failed to create a container: %v %v", out, err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	repoName := "foobar-save-load-test"
+
+	inspectCmd := exec.Command(dockerBinary, "inspect", cleanedContainerID)
+	out, _, err = runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("output should've been a container id: %v %v", cleanedContainerID, err))
+
+	commitCmd := exec.Command(dockerBinary, "commit", cleanedContainerID, repoName)
+	out, _, err = runCommandWithOutput(commitCmd)
+	errorOut(err, t, fmt.Sprintf("failed to commit container: %v %v", out, err))
+
+	saveCmdTemplate := `%v save %v > /tmp/foobar-save-load-test.tar`
+	saveCmdFinal := fmt.Sprintf(saveCmdTemplate, dockerBinary, repoName)
+	saveCmd := exec.Command("bash", "-c", saveCmdFinal)
+	out, _, err = runCommandWithOutput(saveCmd)
+	errorOut(err, t, fmt.Sprintf("failed to save repo: %v %v", out, err))
+
+	deleteImages(repoName)
+
+	loadCmdFinal := `cat /tmp/foobar-save-load-test.tar | docker load`
+	loadCmd := exec.Command("bash", "-c", loadCmdFinal)
+	out, _, err = runCommandWithOutput(loadCmd)
+	errorOut(err, t, fmt.Sprintf("failed to load repo: %v %v", out, err))
+
+	inspectCmd = exec.Command(dockerBinary, "inspect", repoName)
+	out, _, err = runCommandWithOutput(inspectCmd)
+	errorOut(err, t, fmt.Sprintf("the repo should exist after loading it: %v %v", out, err))
+
+	go deleteImages(repoName)
+	go deleteContainer(cleanedContainerID)
+
+	os.Remove("/tmp/foobar-save-load-test.tar")
+
+	logDone("save - save a repo")
+	logDone("load - load a repo")
+}
diff --git a/integration-cli/docker_cli_search_test.go b/integration-cli/docker_cli_search_test.go
new file mode 100644
index 0000000000..050aec51a6
--- /dev/null
+++ b/integration-cli/docker_cli_search_test.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+// search for repos named  "registry" on the central registry
+func TestSearchOnCentralRegistry(t *testing.T) {
+	searchCmd := exec.Command(dockerBinary)
+	out, exitCode, err := runCommandWithOutput(searchCmd)
+	errorOut(err, t, fmt.Sprintf("encountered error while searching: %v", err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("failed to search on the central registry")
+	}
+
+	if !strings.Contains(out, "registry") {
+		t.Fatal("couldn't find any repository named (or containing) 'registry'")
+	}
+
+	logDone("search - search for repositories named (or containing) 'registry'")
+}
diff --git a/integration-cli/docker_cli_tag_test.go b/integration-cli/docker_cli_tag_test.go
new file mode 100644
index 0000000000..67c28c570a
--- /dev/null
+++ b/integration-cli/docker_cli_tag_test.go
@@ -0,0 +1,86 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+// tagging a named image in a new unprefixed repo should work
+func TestTagUnprefixedRepoByName(t *testing.T) {
+	pullCmd := exec.Command(dockerBinary, "pull", "busybox")
+	out, exitCode, err := runCommandWithOutput(pullCmd)
+	errorOut(err, t, fmt.Sprintf("%s %s", out, err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("pulling the busybox image from the registry has failed")
+	}
+
+	tagCmd := exec.Command(dockerBinary, "tag", "busybox", "testfoobarbaz")
+	out, _, err = runCommandWithOutput(tagCmd)
+	errorOut(err, t, fmt.Sprintf("%v %v", out, err))
+
+	deleteImages("testfoobarbaz")
+
+	logDone("tag - busybox -> testfoobarbaz")
+}
+
+// tagging an image by ID in a new unprefixed repo should work
+func TestTagUnprefixedRepoByID(t *testing.T) {
+	getIDCmd := exec.Command(dockerBinary, "inspect", "-f", "{{.id}}", "busybox")
+	out, _, err := runCommandWithOutput(getIDCmd)
+	errorOut(err, t, fmt.Sprintf("failed to get the image ID of busybox: %v", err))
+
+	cleanedImageID := stripTrailingCharacters(out)
+	tagCmd := exec.Command(dockerBinary, "tag", cleanedImageID, "testfoobarbaz")
+	out, _, err = runCommandWithOutput(tagCmd)
+	errorOut(err, t, fmt.Sprintf("%s %s", out, err))
+
+	deleteImages("testfoobarbaz")
+
+	logDone("tag - busybox's image ID -> testfoobarbaz")
+}
+
+// ensure we don't allow the use of invalid tags; these tag operations should fail
+func TestTagInvalidUnprefixedRepo(t *testing.T) {
+	// skip this until we start blocking bad tags
+	t.Skip()
+
+	invalidRepos := []string{"-foo", "fo$z$", "Foo@3cc", "Foo$3", "Foo*3", "Fo^3", "Foo!3", "F)xcz(", "fo", "f"}
+
+	for _, repo := range invalidRepos {
+		tagCmd := exec.Command(dockerBinary, "tag", "busybox", repo)
+		_, _, err := runCommandWithOutput(tagCmd)
+		if err == nil {
+			t.Errorf("tag busybox %v should have failed", repo)
+			continue
+		}
+		logMessage := fmt.Sprintf("tag - busybox %v --> must fail", repo)
+		logDone(logMessage)
+	}
+}
+
+// ensure we allow the use of valid tags
+func TestTagValidPrefixedRepo(t *testing.T) {
+	pullCmd := exec.Command(dockerBinary, "pull", "busybox")
+	out, exitCode, err := runCommandWithOutput(pullCmd)
+	errorOut(err, t, fmt.Sprintf("%s %s", out, err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("pulling the busybox image from the registry has failed")
+	}
+
+	validRepos := []string{"fooo/bar", "fooaa/test"}
+
+	for _, repo := range validRepos {
+		tagCmd := exec.Command(dockerBinary, "tag", "busybox", repo)
+		_, _, err := runCommandWithOutput(tagCmd)
+		if err != nil {
+			t.Errorf("tag busybox %v should have worked: %s", repo, err)
+			continue
+		}
+		go deleteImages(repo)
+		logMessage := fmt.Sprintf("tag - busybox %v", repo)
+		logDone(logMessage)
+	}
+}
diff --git a/integration-cli/docker_cli_top_test.go b/integration-cli/docker_cli_top_test.go
new file mode 100644
index 0000000000..1895054ccc
--- /dev/null
+++ b/integration-cli/docker_cli_top_test.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestTop(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-i", "-d", "busybox", "sleep", "20")
+	out, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("failed to start the container: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+
+	topCmd := exec.Command(dockerBinary, "top", cleanedContainerID)
+	out, _, err = runCommandWithOutput(topCmd)
+	errorOut(err, t, fmt.Sprintf("failed to run top: %v %v", out, err))
+
+	killCmd := exec.Command(dockerBinary, "kill", cleanedContainerID)
+	_, err = runCommand(killCmd)
+	errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err))
+
+	go deleteContainer(cleanedContainerID)
+
+	if !strings.Contains(out, "sleep 20") {
+		t.Fatal("top should've listed sleep 20 in the process list")
+	}
+
+	logDone("top - sleep process should be listed")
+}
diff --git a/integration-cli/docker_cli_version_test.go b/integration-cli/docker_cli_version_test.go
new file mode 100644
index 0000000000..8adedd540b
--- /dev/null
+++ b/integration-cli/docker_cli_version_test.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+// ensure docker version works
+func TestVersionEnsureSucceeds(t *testing.T) {
+	versionCmd := exec.Command(dockerBinary, "version")
+	out, exitCode, err := runCommandWithOutput(versionCmd)
+	errorOut(err, t, fmt.Sprintf("encountered error while running docker version: %v", err))
+
+	if err != nil || exitCode != 0 {
+		t.Fatal("failed to execute docker version")
+	}
+
+	stringsToCheck := []string{"Client version:", "Go version (client):", "Git commit (client):", "Server version:", "Git commit (server):", "Go version (server):", "Last stable version:"}
+
+	for _, linePrefix := range stringsToCheck {
+		if !strings.Contains(out, linePrefix) {
+			t.Errorf("couldn't find string %v in output", linePrefix)
+		}
+	}
+
+	logDone("version - verify that it works and that the output is properly formatted")
+}
diff --git a/integration-cli/docker_test_vars.go b/integration-cli/docker_test_vars.go
new file mode 100644
index 0000000000..f8bd5c116b
--- /dev/null
+++ b/integration-cli/docker_test_vars.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"os"
+)
+
+// the docker binary to use
+var dockerBinary = "docker"
+
+// the private registry image to use for tests involving the registry
+var registryImageName = "registry"
+
+// the private registry to use for tests
+var privateRegistryURL = "127.0.0.1:5000"
+
+var workingDirectory string
+
+func init() {
+	if dockerBin := os.Getenv("DOCKER_BINARY"); dockerBin != "" {
+		dockerBinary = dockerBin
+	}
+	if registryImage := os.Getenv("REGISTRY_IMAGE"); registryImage != "" {
+		registryImageName = registryImage
+	}
+	if registry := os.Getenv("REGISTRY_URL"); registry != "" {
+		privateRegistryURL = registry
+	}
+	workingDirectory, _ = os.Getwd()
+}
diff --git a/integration-cli/docker_utils.go b/integration-cli/docker_utils.go
new file mode 100644
index 0000000000..8e9d0a23ff
--- /dev/null
+++ b/integration-cli/docker_utils.go
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+)
+
+func deleteContainer(container string) error {
+	container = strings.Replace(container, "\n", " ", -1)
+	container = strings.Trim(container, " ")
+	rmArgs := fmt.Sprintf("rm %v", container)
+	rmSplitArgs := strings.Split(rmArgs, " ")
+	rmCmd := exec.Command(dockerBinary, rmSplitArgs...)
+	exitCode, err := runCommand(rmCmd)
+	// set error manually if not set
+	if exitCode != 0 && err == nil {
+		err = fmt.Errorf("failed to remove container: `docker rm` exit is non-zero")
+	}
+
+	return err
+}
+
+func getAllContainers() (string, error) {
+	getContainersCmd := exec.Command(dockerBinary, "ps", "-q", "-a")
+	out, exitCode, err := runCommandWithOutput(getContainersCmd)
+	if exitCode != 0 && err == nil {
+		err = fmt.Errorf("failed to get a list of containers: %v\n", out)
+	}
+
+	return out, err
+}
+
+func deleteAllContainers() error {
+	containers, err := getAllContainers()
+	if err != nil {
+		fmt.Println(containers)
+		return err
+	}
+
+	if err = deleteContainer(containers); err != nil {
+		return err
+	}
+	return nil
+}
+
+func deleteImages(images string) error {
+	rmiCmd := exec.Command(dockerBinary, "rmi", images)
+	exitCode, err := runCommand(rmiCmd)
+	// set error manually if not set
+	if exitCode != 0 && err == nil {
+		err = fmt.Errorf("failed to remove image: `docker rmi` exit is non-zero")
+	}
+
+	return err
+}
diff --git a/integration-cli/utils.go b/integration-cli/utils.go
new file mode 100644
index 0000000000..680cc6cfcf
--- /dev/null
+++ b/integration-cli/utils.go
@@ -0,0 +1,109 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os/exec"
+	"strings"
+	"syscall"
+	"testing"
+)
+
+func getExitCode(err error) (int, error) {
+	exitCode := 0
+	if exiterr, ok := err.(*exec.ExitError); ok {
+		if procExit := exiterr.Sys().(syscall.WaitStatus); ok {
+			return procExit.ExitStatus(), nil
+		}
+	}
+	return exitCode, fmt.Errorf("failed to get exit code")
+}
+
+func runCommandWithOutput(cmd *exec.Cmd) (output string, exitCode int, err error) {
+	exitCode = 0
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		var exiterr error
+		if exitCode, exiterr = getExitCode(err); exiterr != nil {
+			// TODO: Fix this so we check the error's text.
+			// we've failed to retrieve exit code, so we set it to 127
+			exitCode = 127
+		}
+	}
+	output = string(out)
+	return
+}
+
+func runCommandWithStdoutStderr(cmd *exec.Cmd) (stdout string, stderr string, exitCode int, err error) {
+	exitCode = 0
+	var stderrBuffer bytes.Buffer
+	stderrPipe, err := cmd.StderrPipe()
+	if err != nil {
+		return "", "", -1, err
+	}
+	go io.Copy(&stderrBuffer, stderrPipe)
+	out, err := cmd.Output()
+
+	if err != nil {
+		var exiterr error
+		if exitCode, exiterr = getExitCode(err); exiterr != nil {
+			// TODO: Fix this so we check the error's text.
+			// we've failed to retrieve exit code, so we set it to 127
+			exitCode = 127
+		}
+	}
+	stdout = string(out)
+	stderr = string(stderrBuffer.Bytes())
+	return
+}
+
+func runCommand(cmd *exec.Cmd) (exitCode int, err error) {
+	exitCode = 0
+	err = cmd.Run()
+	if err != nil {
+		var exiterr error
+		if exitCode, exiterr = getExitCode(err); exiterr != nil {
+			// TODO: Fix this so we check the error's text.
+			// we've failed to retrieve exit code, so we set it to 127
+			exitCode = 127
+		}
+	}
+	return
+}
+
+func startCommand(cmd *exec.Cmd) (exitCode int, err error) {
+	exitCode = 0
+	err = cmd.Start()
+	if err != nil {
+		var exiterr error
+		if exitCode, exiterr = getExitCode(err); exiterr != nil {
+			// TODO: Fix this so we check the error's text.
+			// we've failed to retrieve exit code, so we set it to 127
+			exitCode = 127
+		}
+	}
+	return
+}
+
+func logDone(message string) {
+	fmt.Printf("[PASSED]: %s\n", message)
+}
+
+func stripTrailingCharacters(target string) string {
+	target = strings.Trim(target, "\n")
+	target = strings.Trim(target, " ")
+	return target
+}
+
+func errorOut(err error, t *testing.T, message string) {
+	if err != nil {
+		t.Fatal(message)
+	}
+}
+
+func errorOutOnNonNilError(err error, t *testing.T, message string) {
+	if err == nil {
+		t.Fatalf(message)
+	}
+}

From 3fb1fc0b7b225295b3059cb9a2f5fd9af7a73f36 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 20 Mar 2014 16:46:55 -0600
Subject: [PATCH 243/384] Small tweaks to the hack scripts to make them simpler

Please do with this as you please (including rebasing and/or squashing it), especially under clause (c) of the DCO.

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make/binary               |  1 +
 hack/make/test-integration-cli | 23 +++++++----------------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/hack/make/binary b/hack/make/binary
index 7b4d7b5b5b..041e4d1ee8 100755
--- a/hack/make/binary
+++ b/hack/make/binary
@@ -11,5 +11,6 @@ go build \
 	" \
 	./docker
 echo "Created binary: $DEST/docker-$VERSION"
+ln -sf "docker-$VERSION" "$DEST/docker"
 
 hash_files "$DEST/docker-$VERSION"
diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
index 5ab37a4021..d007fbaf6a 100644
--- a/hack/make/test-integration-cli
+++ b/hack/make/test-integration-cli
@@ -1,37 +1,28 @@
 #!/bin/bash
 
 DEST=$1
-DOCKERBIN=$DEST/../binary/docker-$VERSION
-DYNDOCKERBIN=$DEST/../dynbinary/docker-$VERSION
-DOCKERINITBIN=$DEST/../dynbinary/dockerinit-$VERSION
 
 set -e
 
+# subshell so that we can export PATH without breaking other things
+(
+export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH"
+
 bundle_test_integration_cli() {
 	go_test_dir ./integration-cli
 }
 
-if [ -x "/usr/bin/docker" ]; then
-	echo "docker found at /usr/bin/docker"
-elif [ -x "$DOCKERBIN" ]; then
-	ln -s $DOCKERBIN /usr/bin/docker
-elif [ -x "$DYNDOCKERBIN" ]; then
-	ln -s $DYNDOCKERBIN /usr/bin/docker
-	ln -s $DOCKERINITBIN /usr/bin/dockerinit
-else
+if ! command -v docker &> /dev/null; then
 	echo >&2 'error: binary or dynbinary must be run before test-integration-cli'
 	false
 fi
 
-
 docker -d -D -p $DEST/docker.pid &> $DEST/docker.log &
-sleep 2
-docker info
-DOCKERD_PID=`cat $DEST/docker.pid`
 
 bundle_test_integration_cli 2>&1 \
 	| tee $DEST/test.log
 
+DOCKERD_PID=$(cat $DEST/docker.pid)
 kill $DOCKERD_PID
 wait $DOCKERD_PID
-
+)

From 04d1e686398fff0784a47cb85c37db629d40f5b5 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Mon, 31 Mar 2014 11:05:21 +1000
Subject: [PATCH 244/384] OSX mktemp is different - hopfully this will now work
 on HP/UX >:}

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/installation/mac.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/installation/mac.rst b/docs/sources/installation/mac.rst
index f4c771cf9f..9ce3961f7e 100644
--- a/docs/sources/installation/mac.rst
+++ b/docs/sources/installation/mac.rst
@@ -66,7 +66,7 @@ Run the following commands to get it downloaded and set up:
 .. code-block:: bash
 
     # Get the docker client file
-    DIR=$(mktemp -d) && \
+    DIR=$(mktemp -d ${TMPDIR:-/tmp}/dockerdl.XXXXXXX) && \
     curl -f -o $DIR/ld.tgz https://get.docker.io/builds/Darwin/x86_64/docker-latest.tgz && \
     gunzip $DIR/ld.tgz && \
     tar xvf $DIR/ld.tar -C $DIR/ && \

From a2487aa683dc84938eb94c1ae29f8160d09441ea Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 31 Mar 2014 09:07:56 -0700
Subject: [PATCH 245/384] Reduce error level form harmless errors

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/client.go b/api/client.go
index df3265a15a..86858d0b30 100644
--- a/api/client.go
+++ b/api/client.go
@@ -2374,11 +2374,11 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 		}
 		if tcpc, ok := rwc.(*net.TCPConn); ok {
 			if err := tcpc.CloseWrite(); err != nil {
-				utils.Errorf("Couldn't send EOF: %s\n", err)
+				utils.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		} else if unixc, ok := rwc.(*net.UnixConn); ok {
 			if err := unixc.CloseWrite(); err != nil {
-				utils.Errorf("Couldn't send EOF: %s\n", err)
+				utils.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		}
 		// Discard errors due to pipe interruption
@@ -2387,14 +2387,14 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 
 	if stdout != nil || stderr != nil {
 		if err := <-receiveStdout; err != nil {
-			utils.Errorf("Error receiveStdout: %s", err)
+			utils.Debugf("Error receiveStdout: %s", err)
 			return err
 		}
 	}
 
 	if !cli.isTerminal {
 		if err := <-sendStdin; err != nil {
-			utils.Errorf("Error sendStdin: %s", err)
+			utils.Debugf("Error sendStdin: %s", err)
 			return err
 		}
 	}
@@ -2408,7 +2408,7 @@ func (cli *DockerCli) getTtySize() (int, int) {
 	}
 	ws, err := term.GetWinsize(cli.terminalFd)
 	if err != nil {
-		utils.Errorf("Error getting size: %s", err)
+		utils.Debugf("Error getting size: %s", err)
 		if ws == nil {
 			return 0, 0
 		}
@@ -2425,7 +2425,7 @@ func (cli *DockerCli) resizeTty(id string) {
 	v.Set("h", strconv.Itoa(height))
 	v.Set("w", strconv.Itoa(width))
 	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
-		utils.Errorf("Error resize: %s", err)
+		utils.Debugf("Error resize: %s", err)
 	}
 }
 

From a57900e35f2c30026a070fdfdbdb0ce99b35e1ff Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 18 Mar 2014 15:28:40 -0700
Subject: [PATCH 246/384] Allow volumes from to be individual files

Fixes #4741
Right now volumes from expected a dir and not a file so when the drivers
 tried to do the bind mount, the destination was a dir, not a file so it
 fails to run.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 runtime/volumes.go | 48 ++++++++++++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 19 deletions(-)

diff --git a/runtime/volumes.go b/runtime/volumes.go
index 1bbb14a369..5ac82ef089 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -88,7 +88,11 @@ func applyVolumesFrom(container *Container) error {
 				if _, exists := container.Volumes[volPath]; exists {
 					continue
 				}
-				if err := os.MkdirAll(filepath.Join(container.basefs, volPath), 0755); err != nil {
+				stat, err := os.Stat(filepath.Join(c.basefs, volPath))
+				if err != nil {
+					return err
+				}
+				if err := createIfNotExists(filepath.Join(container.basefs, volPath), stat.IsDir()); err != nil {
 					return err
 				}
 				container.Volumes[volPath] = id
@@ -208,24 +212,8 @@ func createVolumes(container *Container) error {
 		if err != nil {
 			return err
 		}
-
-		if _, err := os.Stat(rootVolPath); err != nil {
-			if os.IsNotExist(err) {
-				if volIsDir {
-					if err := os.MkdirAll(rootVolPath, 0755); err != nil {
-						return err
-					}
-				} else {
-					if err := os.MkdirAll(filepath.Dir(rootVolPath), 0755); err != nil {
-						return err
-					}
-					if f, err := os.OpenFile(rootVolPath, os.O_CREATE, 0755); err != nil {
-						return err
-					} else {
-						f.Close()
-					}
-				}
-			}
+		if err := createIfNotExists(rootVolPath, volIsDir); err != nil {
+			return err
 		}
 
 		// Do not copy or change permissions if we are mounting from the host
@@ -266,3 +254,25 @@ func createVolumes(container *Container) error {
 	}
 	return nil
 }
+
+func createIfNotExists(path string, isDir bool) error {
+	if _, err := os.Stat(path); err != nil {
+		if os.IsNotExist(err) {
+			if isDir {
+				if err := os.MkdirAll(path, 0755); err != nil {
+					return err
+				}
+			} else {
+				if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
+					return err
+				}
+				f, err := os.OpenFile(path, os.O_CREATE, 0755)
+				if err != nil {
+					return err
+				}
+				defer f.Close()
+			}
+		}
+	}
+	return nil
+}

From 28015f8e579e7bbe396f65b3343188ca03b06cbd Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 31 Mar 2014 17:41:40 +0000
Subject: [PATCH 247/384] Add integration test for volumes-from as file
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration-cli/docker_cli_run_test.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 12915d72ff..13959adea7 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -253,3 +253,21 @@ func TestDockerRunWithoutNetworking(t *testing.T) {
 	logDone("run - disable networking with --networking=false")
 	logDone("run - disable networking with -n=false")
 }
+
+// Regression test for #4741
+func TestDockerRunWithVolumesAsFiles(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", "/etc/hosts:/target-file", "busybox", "true")
+	out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal("1", out, stderr, err)
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "--volumes-from", "test-data", "busybox", "cat", "/target-file")
+	out, stderr, exitCode, err = runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal("2", out, stderr, err)
+	}
+	deleteAllContainers()
+
+	logDone("run - regression test for #4741 - volumes from as files")
+}

From 7808886744595af509b7b144890900674ea5ccfd Mon Sep 17 00:00:00 2001
From: Johannes 'fish' Ziemke <github@freigeist.org>
Date: Mon, 31 Mar 2014 13:14:56 +0200
Subject: [PATCH 248/384] Add more women
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added Adele Goldstine, Erna Schneider Hoover, Grace Hopper, Jean Bartik,
Jean E. Sammet, Karen Spärck Jones, Radia Perlman and Sophie Wilson.

Thanks to @jamtur01 for Sophie Kowalevski, Hypatia, Jane Goodall, Maria
Mayer, Rosalind Franklin, Gertrude Elion, Elizabeth Blackwell,
Marie-Jeanne de Lalande, Maria Kirch, Maria Ardinghelli, Jane Colden,
June Almeida, Mary Leakey, Lise Meitner, Johanna Mestorf.

Thanks to @xamebax for Françoise Barré-Sinoussi, Rachel Carson, Barbara
McClintock, Ada Yonath.

Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke <github@freigeist.org> (github: discordianfish)
---
 pkg/namesgenerator/names-generator.go | 29 ++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/pkg/namesgenerator/names-generator.go b/pkg/namesgenerator/names-generator.go
index dfece5d611..78f4d07358 100644
--- a/pkg/namesgenerator/names-generator.go
+++ b/pkg/namesgenerator/names-generator.go
@@ -15,33 +15,60 @@ var (
 	// Docker 0.7.x generates names from notable scientists and hackers.
 	//
 	// Ada Lovelace invented the first algorithm. http://en.wikipedia.org/wiki/Ada_Lovelace (thanks James Turnbull)
+	// Ada Yonath - an Israeli crystallographer, the first woman from the Middle East to win a Nobel prize in the sciences. http://en.wikipedia.org/wiki/Ada_Yonath
+	// Adele Goldstine, born Adele Katz, wrote the complete technical description for the first electronic digital computer, ENIAC. http://en.wikipedia.org/wiki/Adele_Goldstine
 	// Alan Turing was a founding father of computer science. http://en.wikipedia.org/wiki/Alan_Turing.
 	// Albert Einstein invented the general theory of relativity. http://en.wikipedia.org/wiki/Albert_Einstein
 	// Ambroise Pare invented modern surgery. http://en.wikipedia.org/wiki/Ambroise_Par%C3%A9
 	// Archimedes was a physicist, engineer and mathematician who invented too many things to list them here. http://en.wikipedia.org/wiki/Archimedes
+	// Barbara McClintock - a distinguished American cytogeneticist, 1983 Nobel Laureate in Physiology or Medicine for discovering transposons. http://en.wikipedia.org/wiki/Barbara_McClintock
 	// Benjamin Franklin is famous for his experiments in electricity and the invention of the lightning rod.
 	// Charles Babbage invented the concept of a programmable computer. http://en.wikipedia.org/wiki/Charles_Babbage.
 	// Charles Darwin established the principles of natural evolution. http://en.wikipedia.org/wiki/Charles_Darwin.
 	// Dennis Ritchie and Ken Thompson created UNIX and the C programming language. http://en.wikipedia.org/wiki/Dennis_Ritchie http://en.wikipedia.org/wiki/Ken_Thompson
 	// Douglas Engelbart gave the mother of all demos: http://en.wikipedia.org/wiki/Douglas_Engelbart
+	// Elizabeth Blackwell - American doctor and first American woman to receive a medical degree - http://en.wikipedia.org/wiki/Elizabeth_Blackwell
 	// Emmett Brown invented time travel. http://en.wikipedia.org/wiki/Emmett_Brown (thanks Brian Goff)
 	// Enrico Fermi invented the first nuclear reactor. http://en.wikipedia.org/wiki/Enrico_Fermi.
+	// Erna Schneider Hoover revolutionized modern communication by inventing a computerized telephon switching method. http://en.wikipedia.org/wiki/Erna_Schneider_Hoover
 	// Euclid invented geometry. http://en.wikipedia.org/wiki/Euclid
+	// Françoise Barré-Sinoussi - French virologist and Nobel Prize Laureate in Physiology or Medicine; her work was fundamental in identifying HIV as the cause of AIDS. http://en.wikipedia.org/wiki/Fran%C3%A7oise_Barr%C3%A9-Sinoussi
 	// Galileo was a founding father of modern astronomy, and faced politics and obscurantism to establish scientific truth.  http://en.wikipedia.org/wiki/Galileo_Galilei
+	// Gertrude Elion - American biochemist, pharmacologist and the 1988 recipient of the Nobel Prize in Medicine - http://en.wikipedia.org/wiki/Gertrude_Elion
+	// Grace Hopper developed the first compiler for a computer programming language and  is credited with popularizing the term "debugging" for fixing computer glitches. http://en.wikipedia.org/wiki/Grace_Hopper
 	// Henry Poincare made fundamental contributions in several fields of mathematics. http://en.wikipedia.org/wiki/Henri_Poincar%C3%A9
+	// Hypatia - Greek Alexandrine Neoplatonist philosopher in Egypt who was one of the earliest mothers of mathematics - http://en.wikipedia.org/wiki/Hypatia
 	// Isaac Newton invented classic mechanics and modern optics. http://en.wikipedia.org/wiki/Isaac_Newton
+	// Jane Colden - American botanist widely considered the first female American botanist - http://en.wikipedia.org/wiki/Jane_Colden
+	// Jane Goodall - British primatologist, ethologist, and anthropologist who is considered to be the world's foremost expert on chimpanzees - http://en.wikipedia.org/wiki/Jane_Goodall
+	// Jean Bartik, born Betty Jean Jennings, was one of the original programmers for the ENIAC computer. http://en.wikipedia.org/wiki/Jean_Bartik
+	// Jean E. Sammet developed FORMAC, the first widely used computer language for symbolic manipulation of mathematical formulas. http://en.wikipedia.org/wiki/Jean_E._Sammet
+	// Johanna Mestorf - German prehistoric archaeologist and first female museum director in Germany - http://en.wikipedia.org/wiki/Johanna_Mestorf
 	// John McCarthy invented LISP: http://en.wikipedia.org/wiki/John_McCarthy_(computer_scientist)
+	// June Almeida - Scottish virologist who took the first pictures of the rubella virus - http://en.wikipedia.org/wiki/June_Almeida
+	// Karen Spärck Jones came up with the concept of inverse document frequency, which is used in most search engines today. http://en.wikipedia.org/wiki/Karen_Sp%C3%A4rck_Jones
 	// Leonardo Da Vinci invented too many things to list here. http://en.wikipedia.org/wiki/Leonardo_da_Vinci.
 	// Linus Torvalds invented Linux and Git. http://en.wikipedia.org/wiki/Linus_Torvalds
+	// Lise Meitner - Austrian/Swedish physicist who was involved in the discovery of nuclear fission. The element meitnerium is named after her - http://en.wikipedia.org/wiki/Lise_Meitner
 	// Louis Pasteur discovered vaccination, fermentation and pasteurization. http://en.wikipedia.org/wiki/Louis_Pasteur.
 	// Malcolm McLean invented the modern shipping container: http://en.wikipedia.org/wiki/Malcom_McLean
+	// Maria Ardinghelli - Italian translator, mathematician and physicist - http://en.wikipedia.org/wiki/Maria_Ardinghelli
+	// Maria Kirch - German astronomer and first woman to discover a comet - http://en.wikipedia.org/wiki/Maria_Margarethe_Kirch
+	// Maria Mayer - American theoretical physicist and Nobel laureate in Physics for proposing the nuclear shell model of the atomic nucleus - http://en.wikipedia.org/wiki/Maria_Mayer
 	// Marie Curie discovered radioactivity. http://en.wikipedia.org/wiki/Marie_Curie.
+	// Marie-Jeanne de Lalande - French astronomer, mathematician and cataloguer of stars - http://en.wikipedia.org/wiki/Marie-Jeanne_de_Lalande
+	// Mary Leakey - British paleoanthropologist who discovered the first fossilized Proconsul skull - http://en.wikipedia.org/wiki/Mary_Leakey
 	// Muhammad ibn Jābir al-Ḥarrānī al-Battānī was a founding father of astronomy. http://en.wikipedia.org/wiki/Mu%E1%B8%A5ammad_ibn_J%C4%81bir_al-%E1%B8%A4arr%C4%81n%C4%AB_al-Batt%C4%81n%C4%AB
 	// Niels Bohr is the father of quantum theory. http://en.wikipedia.org/wiki/Niels_Bohr.
 	// Nikola Tesla invented the AC electric system and every gaget ever used by a James Bond villain. http://en.wikipedia.org/wiki/Nikola_Tesla
 	// Pierre de Fermat pioneered several aspects of modern mathematics. http://en.wikipedia.org/wiki/Pierre_de_Fermat
+	// Rachel Carson - American marine biologist and conservationist, her book Silent Spring and other writings are credited with advancing the global environmental movement. http://en.wikipedia.org/wiki/Rachel_Carson
+	// Radia Perlman is a software designer and network engineer and most famous for her invention of the spanning-tree protocol (STP). http://en.wikipedia.org/wiki/Radia_Perlman
 	// Richard Feynman was a key contributor to quantum mechanics and particle physics. http://en.wikipedia.org/wiki/Richard_Feynman
 	// Rob Pike was a key contributor to Unix, Plan 9, the X graphic system, utf-8, and the Go programming language. http://en.wikipedia.org/wiki/Rob_Pike
+	// Rosalind Franklin - British biophysicist and X-ray crystallographer whose research was critical to the understanding of DNA - http://en.wikipedia.org/wiki/Rosalind_Franklin
+	// Sophie Kowalevski - Russian mathematician responsible for important original contributions to analysis, differential equations and mechanics - http://en.wikipedia.org/wiki/Sofia_Kovalevskaya
+	// Sophie Wilson designed the first Acorn Micro-Computer and the instruction set for ARM processors. http://en.wikipedia.org/wiki/Sophie_Wilson
 	// Stephen Hawking pioneered the field of cosmology by combining general relativity and quantum mechanics. http://en.wikipedia.org/wiki/Stephen_Hawking
 	// Steve Wozniak invented the Apple I and Apple II. http://en.wikipedia.org/wiki/Steve_Wozniak
 	// Werner Heisenberg was a founding father of quantum mechanics. http://en.wikipedia.org/wiki/Werner_Heisenberg
@@ -49,7 +76,7 @@ var (
 	//	http://en.wikipedia.org/wiki/John_Bardeen
 	//	http://en.wikipedia.org/wiki/Walter_Houser_Brattain
 	//	http://en.wikipedia.org/wiki/William_Shockley
-	right = [...]string{"lovelace", "franklin", "tesla", "einstein", "bohr", "davinci", "pasteur", "nobel", "curie", "darwin", "turing", "ritchie", "torvalds", "pike", "thompson", "wozniak", "galileo", "euclid", "newton", "fermat", "archimedes", "poincare", "heisenberg", "feynman", "hawking", "fermi", "pare", "mccarthy", "engelbart", "babbage", "albattani", "ptolemy", "bell", "wright", "lumiere", "morse", "mclean", "brown", "bardeen", "brattain", "shockley"}
+	right = [...]string{"lovelace", "franklin", "tesla", "einstein", "bohr", "davinci", "pasteur", "nobel", "curie", "darwin", "turing", "ritchie", "torvalds", "pike", "thompson", "wozniak", "galileo", "euclid", "newton", "fermat", "archimedes", "poincare", "heisenberg", "feynman", "hawking", "fermi", "pare", "mccarthy", "engelbart", "babbage", "albattani", "ptolemy", "bell", "wright", "lumiere", "morse", "mclean", "brown", "bardeen", "brattain", "shockley", "goldstine", "hoover", "hopper", "bartik", "sammet", "jones", "perlman", "wilson", "kowalevski", "hypatia", "goodall", "mayer", "elion", "blackwell", "lalande", "kirch", "ardinghelli", "colden", "almeida", "leakey", "meitner", "mestorf", "rosalind", "sinoussi", "carson", "mcmclintock", "yonath"}
 )
 
 func GenerateRandomName(checker NameChecker) (string, error) {

From e4aaacc2351d2e1dd4b69afeeee2aeab9c625efe Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 31 Mar 2014 10:49:48 -0700
Subject: [PATCH 249/384] Fix expending buffer in StdCopy

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 utils/stdcopy.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/utils/stdcopy.go b/utils/stdcopy.go
index 3cb8ab02b3..8b43386140 100644
--- a/utils/stdcopy.go
+++ b/utils/stdcopy.go
@@ -108,12 +108,13 @@ func StdCopy(dstout, dsterr io.Writer, src io.Reader) (written int64, err error)
 
 		// Retrieve the size of the frame
 		frameSize = int(binary.BigEndian.Uint32(buf[StdWriterSizeIndex : StdWriterSizeIndex+4]))
+		Debugf("framesize: %d", frameSize)
 
 		// Check if the buffer is big enough to read the frame.
 		// Extend it if necessary.
 		if frameSize+StdWriterPrefixLen > bufLen {
-			Debugf("Extending buffer cap.")
-			buf = append(buf, make([]byte, frameSize-len(buf)+1)...)
+			Debugf("Extending buffer cap by %d (was %d)", frameSize+StdWriterPrefixLen-bufLen+1, len(buf))
+			buf = append(buf, make([]byte, frameSize+StdWriterPrefixLen-bufLen+1)...)
 			bufLen = len(buf)
 		}
 

From 2543912e7b5593722a6a22b9ceb6a23f6268e397 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 31 Mar 2014 11:55:55 -0600
Subject: [PATCH 250/384] Add "test-integration-cli" to our DEFAULT_BUNDLES
 list (make all)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hack/make.sh b/hack/make.sh
index 447a00f039..e81271370d 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -43,6 +43,7 @@ DEFAULT_BUNDLES=(
 	binary
 	test
 	test-integration
+	test-integration-cli
 	dynbinary
 	dyntest
 	dyntest-integration

From a7365a6237c45ed05d96ab11f36fde35d675b462 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 28 Mar 2014 22:59:29 +0000
Subject: [PATCH 251/384] split API into 2 go packages

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/{ => client}/client.go | 39 +++++++++++++++++++++-----------------
 api/common.go              |  2 +-
 api/{ => server}/server.go | 32 ++++++++++++++++---------------
 builtins/builtins.go       |  2 +-
 docker/docker.go           |  7 ++++---
 5 files changed, 45 insertions(+), 37 deletions(-)
 rename api/{ => client}/client.go (98%)
 rename api/{ => server}/server.go (98%)

diff --git a/api/client.go b/api/client/client.go
similarity index 98%
rename from api/client.go
rename to api/client/client.go
index 86858d0b30..29b49464c4 100644
--- a/api/client.go
+++ b/api/client/client.go
@@ -1,4 +1,4 @@
-package api
+package client
 
 import (
 	"bufio"
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
@@ -81,7 +82,7 @@ func (cli *DockerCli) CmdHelp(args ...string) error {
 			return nil
 		}
 	}
-	help := fmt.Sprintf("Usage: docker [OPTIONS] COMMAND [arg...]\n -H=[unix://%s]: tcp://host:port to bind/connect to or unix://path/to/socket to use\n\nA self-sufficient runtime for linux containers.\n\nCommands:\n", DEFAULTUNIXSOCKET)
+	help := fmt.Sprintf("Usage: docker [OPTIONS] COMMAND [arg...]\n -H=[unix://%s]: tcp://host:port to bind/connect to or unix://path/to/socket to use\n\nA self-sufficient runtime for linux containers.\n\nCommands:\n", api.DEFAULTUNIXSOCKET)
 	for _, command := range [][]string{
 		{"attach", "Attach to a running container"},
 		{"build", "Build a container from a Dockerfile"},
@@ -610,7 +611,7 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 			return err
 		}
 
-		container := &Container{}
+		container := &api.Container{}
 		err = json.Unmarshal(body, container)
 		if err != nil {
 			return err
@@ -797,9 +798,13 @@ func (cli *DockerCli) CmdPort(args ...string) error {
 		return nil
 	}
 
-	port := cmd.Arg(1)
-	proto := "tcp"
-	parts := strings.SplitN(port, "/", 2)
+	var (
+		port      = cmd.Arg(1)
+		proto     = "tcp"
+		parts     = strings.SplitN(port, "/", 2)
+		container api.Container
+	)
+
 	if len(parts) == 2 && len(parts[1]) != 0 {
 		port = parts[0]
 		proto = parts[1]
@@ -808,13 +813,13 @@ func (cli *DockerCli) CmdPort(args ...string) error {
 	if err != nil {
 		return err
 	}
-	var out Container
-	err = json.Unmarshal(body, &out)
+
+	err = json.Unmarshal(body, &container)
 	if err != nil {
 		return err
 	}
 
-	if frontends, exists := out.NetworkSettings.Ports[nat.Port(port+"/"+proto)]; exists && frontends != nil {
+	if frontends, exists := container.NetworkSettings.Ports[nat.Port(port+"/"+proto)]; exists && frontends != nil {
 		for _, frontend := range frontends {
 			fmt.Fprintf(cli.out, "%s:%s\n", frontend.HostIp, frontend.HostPort)
 		}
@@ -1425,7 +1430,7 @@ func (cli *DockerCli) CmdPs(args ...string) error {
 				outCommand = utils.Trunc(outCommand, 20)
 			}
 			ports.ReadListFrom([]byte(out.Get("Ports")))
-			fmt.Fprintf(w, "%s\t%s\t%s\t%s ago\t%s\t%s\t%s\t", outID, out.Get("Image"), outCommand, utils.HumanDuration(time.Now().UTC().Sub(time.Unix(out.GetInt64("Created"), 0))), out.Get("Status"), displayablePorts(ports), strings.Join(outNames, ","))
+			fmt.Fprintf(w, "%s\t%s\t%s\t%s ago\t%s\t%s\t%s\t", outID, out.Get("Image"), outCommand, utils.HumanDuration(time.Now().UTC().Sub(time.Unix(out.GetInt64("Created"), 0))), out.Get("Status"), api.DisplayablePorts(ports), strings.Join(outNames, ","))
 			if *size {
 				if out.GetInt("SizeRootFs") > 0 {
 					fmt.Fprintf(w, "%s (virtual %s)\n", utils.HumanSize(out.GetInt64("SizeRw")), utils.HumanSize(out.GetInt64("SizeRootFs")))
@@ -1606,7 +1611,7 @@ func (cli *DockerCli) CmdLogs(args ...string) error {
 		return err
 	}
 
-	container := &Container{}
+	container := &api.Container{}
 	err = json.Unmarshal(body, container)
 	if err != nil {
 		return err
@@ -1643,7 +1648,7 @@ func (cli *DockerCli) CmdAttach(args ...string) error {
 		return err
 	}
 
-	container := &Container{}
+	container := &api.Container{}
 	err = json.Unmarshal(body, container)
 	if err != nil {
 		return err
@@ -2159,7 +2164,7 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b
 	re := regexp.MustCompile("/+")
 	path = re.ReplaceAllString(path, "/")
 
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", APIVERSION, path), params)
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params)
 	if err != nil {
 		return nil, -1, err
 	}
@@ -2236,7 +2241,7 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h
 	re := regexp.MustCompile("/+")
 	path = re.ReplaceAllString(path, "/")
 
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", APIVERSION, path), in)
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in)
 	if err != nil {
 		return err
 	}
@@ -2281,7 +2286,7 @@ func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, h
 		return fmt.Errorf("Error: %s", bytes.TrimSpace(body))
 	}
 
-	if MatchesContentType(resp.Header.Get("Content-Type"), "application/json") {
+	if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") {
 		return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal)
 	}
 	if _, err := io.Copy(out, resp.Body); err != nil {
@@ -2300,7 +2305,7 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 	re := regexp.MustCompile("/+")
 	path = re.ReplaceAllString(path, "/")
 
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", APIVERSION, path), nil)
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil)
 	if err != nil {
 		return err
 	}
@@ -2484,7 +2489,7 @@ func getExitCode(cli *DockerCli, containerId string) (bool, int, error) {
 		}
 		return false, -1, nil
 	}
-	c := &Container{}
+	c := &api.Container{}
 	if err := json.Unmarshal(body, c); err != nil {
 		return false, -1, err
 	}
diff --git a/api/common.go b/api/common.go
index 5e5d2c5767..7273e5c56d 100644
--- a/api/common.go
+++ b/api/common.go
@@ -23,7 +23,7 @@ func ValidateHost(val string) (string, error) {
 }
 
 //TODO remove, used on < 1.5 in getContainersJSON
-func displayablePorts(ports *engine.Table) string {
+func DisplayablePorts(ports *engine.Table) string {
 	result := []string{}
 	ports.SetKey("PublicPort")
 	ports.Sort()
diff --git a/api/server.go b/api/server/server.go
similarity index 98%
rename from api/server.go
rename to api/server/server.go
index 29ea180030..18aefe42cd 100644
--- a/api/server.go
+++ b/api/server/server.go
@@ -1,4 +1,4 @@
-package api
+package server
 
 import (
 	"bufio"
@@ -10,14 +10,6 @@ import (
 	"encoding/json"
 	"expvar"
 	"fmt"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/pkg/listenbuffer"
-	"github.com/dotcloud/docker/pkg/systemd"
-	"github.com/dotcloud/docker/pkg/user"
-	"github.com/dotcloud/docker/pkg/version"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/utils"
-	"github.com/gorilla/mux"
 	"io"
 	"io/ioutil"
 	"log"
@@ -28,6 +20,16 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/listenbuffer"
+	"github.com/dotcloud/docker/pkg/systemd"
+	"github.com/dotcloud/docker/pkg/user"
+	"github.com/dotcloud/docker/pkg/version"
+	"github.com/dotcloud/docker/registry"
+	"github.com/dotcloud/docker/utils"
+	"github.com/gorilla/mux"
 )
 
 var (
@@ -315,7 +317,7 @@ func getContainersJSON(eng *engine.Engine, version version.Version, w http.Respo
 		for _, out := range outs.Data {
 			ports := engine.NewTable("", 0)
 			ports.ReadListFrom([]byte(out.Get("Ports")))
-			out.Set("Ports", displayablePorts(ports))
+			out.Set("Ports", api.DisplayablePorts(ports))
 		}
 		w.Header().Set("Content-Type", "application/json")
 		if _, err = outs.WriteListTo(w); err != nil {
@@ -638,7 +640,7 @@ func postContainersStart(eng *engine.Engine, version version.Version, w http.Res
 	job := eng.Job("start", name)
 	// allow a nil body for backwards compatibility
 	if r.Body != nil {
-		if MatchesContentType(r.Header.Get("Content-Type"), "application/json") {
+		if api.MatchesContentType(r.Header.Get("Content-Type"), "application/json") {
 			if err := job.DecodeEnv(r.Body); err != nil {
 				return err
 			}
@@ -885,7 +887,7 @@ func postContainersCopy(eng *engine.Engine, version version.Version, w http.Resp
 
 	var copyData engine.Env
 
-	if contentType := r.Header.Get("Content-Type"); MatchesContentType(contentType, "application/json") {
+	if contentType := r.Header.Get("Content-Type"); api.MatchesContentType(contentType, "application/json") {
 		if err := copyData.Decode(r.Body); err != nil {
 			return err
 		}
@@ -943,14 +945,14 @@ func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, local
 		}
 		version := version.Version(mux.Vars(r)["version"])
 		if version == "" {
-			version = APIVERSION
+			version = api.APIVERSION
 		}
 		if enableCors {
 			writeCorsHeaders(w, r)
 		}
 
-		if version.GreaterThan(APIVERSION) {
-			http.Error(w, fmt.Errorf("client and server don't have same version (client : %s, server: %s)", version, APIVERSION).Error(), http.StatusNotFound)
+		if version.GreaterThan(api.APIVERSION) {
+			http.Error(w, fmt.Errorf("client and server don't have same version (client : %s, server: %s)", version, api.APIVERSION).Error(), http.StatusNotFound)
 			return
 		}
 
diff --git a/builtins/builtins.go b/builtins/builtins.go
index 10ee9b19e6..109bc5b913 100644
--- a/builtins/builtins.go
+++ b/builtins/builtins.go
@@ -1,7 +1,7 @@
 package builtins
 
 import (
-	"github.com/dotcloud/docker/api"
+	api "github.com/dotcloud/docker/api/server"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runtime/networkdriver/bridge"
 	"github.com/dotcloud/docker/server"
diff --git a/docker/docker.go b/docker/docker.go
index e4ce8a0b74..e96c173d30 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/api/client"
 	"github.com/dotcloud/docker/builtins"
 	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
@@ -178,7 +179,7 @@ func main() {
 		protoAddrParts := strings.SplitN(flHosts.GetAll()[0], "://", 2)
 
 		var (
-			cli       *api.DockerCli
+			cli       *client.DockerCli
 			tlsConfig tls.Config
 		)
 		tlsConfig.InsecureSkipVerify = true
@@ -211,9 +212,9 @@ func main() {
 		}
 
 		if *flTls || *flTlsVerify {
-			cli = api.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
+			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
 		} else {
-			cli = api.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
+			cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, protoAddrParts[0], protoAddrParts[1], nil)
 		}
 
 		if err := cli.ParseCommands(flag.Args()...); err != nil {

From ae9ed84fdab4db5cec663bbd2d4ba8bcad897dcc Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 28 Mar 2014 23:21:55 +0000
Subject: [PATCH 252/384] split client in 2 files

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client/cli.go                     | 102 ++++++
 api/client/{client.go => commands.go} | 475 +-------------------------
 api/client/utils.go                   | 390 +++++++++++++++++++++
 3 files changed, 503 insertions(+), 464 deletions(-)
 create mode 100644 api/client/cli.go
 rename api/client/{client.go => commands.go} (83%)
 create mode 100644 api/client/utils.go

diff --git a/api/client/cli.go b/api/client/cli.go
new file mode 100644
index 0000000000..b58d3c3c75
--- /dev/null
+++ b/api/client/cli.go
@@ -0,0 +1,102 @@
+package client
+
+import (
+	"crypto/tls"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"reflect"
+	"strings"
+	"text/template"
+
+	flag "github.com/dotcloud/docker/pkg/mflag"
+	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/registry"
+)
+
+var funcMap = template.FuncMap{
+	"json": func(v interface{}) string {
+		a, _ := json.Marshal(v)
+		return string(a)
+	},
+}
+
+func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
+	methodName := "Cmd" + strings.ToUpper(name[:1]) + strings.ToLower(name[1:])
+	method := reflect.ValueOf(cli).MethodByName(methodName)
+	if !method.IsValid() {
+		return nil, false
+	}
+	return method.Interface().(func(...string) error), true
+}
+
+func (cli *DockerCli) ParseCommands(args ...string) error {
+	if len(args) > 0 {
+		method, exists := cli.getMethod(args[0])
+		if !exists {
+			fmt.Println("Error: Command not found:", args[0])
+			return cli.CmdHelp(args[1:]...)
+		}
+		return method(args[1:]...)
+	}
+	return cli.CmdHelp(args...)
+}
+
+func (cli *DockerCli) Subcmd(name, signature, description string) *flag.FlagSet {
+	flags := flag.NewFlagSet(name, flag.ContinueOnError)
+	flags.Usage = func() {
+		fmt.Fprintf(cli.err, "\nUsage: docker %s %s\n\n%s\n\n", name, signature, description)
+		flags.PrintDefaults()
+		os.Exit(2)
+	}
+	return flags
+}
+
+func (cli *DockerCli) LoadConfigFile() (err error) {
+	cli.configFile, err = registry.LoadConfig(os.Getenv("HOME"))
+	if err != nil {
+		fmt.Fprintf(cli.err, "WARNING: %s\n", err)
+	}
+	return err
+}
+
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsConfig *tls.Config) *DockerCli {
+	var (
+		isTerminal = false
+		terminalFd uintptr
+	)
+
+	if in != nil {
+		if file, ok := in.(*os.File); ok {
+			terminalFd = file.Fd()
+			isTerminal = term.IsTerminal(terminalFd)
+		}
+	}
+
+	if err == nil {
+		err = out
+	}
+	return &DockerCli{
+		proto:      proto,
+		addr:       addr,
+		in:         in,
+		out:        out,
+		err:        err,
+		isTerminal: isTerminal,
+		terminalFd: terminalFd,
+		tlsConfig:  tlsConfig,
+	}
+}
+
+type DockerCli struct {
+	proto      string
+	addr       string
+	configFile *registry.ConfigFile
+	in         io.ReadCloser
+	out        io.Writer
+	err        io.Writer
+	isTerminal bool
+	terminalFd uintptr
+	tlsConfig  *tls.Config
+}
diff --git a/api/client/client.go b/api/client/commands.go
similarity index 83%
rename from api/client/client.go
rename to api/client/commands.go
index 29b49464c4..49a5c008b3 100644
--- a/api/client/client.go
+++ b/api/client/commands.go
@@ -3,34 +3,16 @@ package client
 import (
 	"bufio"
 	"bytes"
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/archive"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/nat"
-	flag "github.com/dotcloud/docker/pkg/mflag"
-	"github.com/dotcloud/docker/pkg/signal"
-	"github.com/dotcloud/docker/pkg/term"
-	"github.com/dotcloud/docker/registry"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
-	"net"
 	"net/http"
-	"net/http/httputil"
 	"net/url"
 	"os"
 	"os/exec"
-	gosignal "os/signal"
 	"path"
-	"reflect"
-	"regexp"
 	goruntime "runtime"
 	"strconv"
 	"strings"
@@ -38,40 +20,19 @@ import (
 	"text/tabwriter"
 	"text/template"
 	"time"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/archive"
+	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/nat"
+	"github.com/dotcloud/docker/pkg/signal"
+	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/registry"
+	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/utils"
 )
 
-var funcMap = template.FuncMap{
-	"json": func(v interface{}) string {
-		a, _ := json.Marshal(v)
-		return string(a)
-	},
-}
-
-var (
-	ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
-)
-
-func (cli *DockerCli) getMethod(name string) (func(...string) error, bool) {
-	methodName := "Cmd" + strings.ToUpper(name[:1]) + strings.ToLower(name[1:])
-	method := reflect.ValueOf(cli).MethodByName(methodName)
-	if !method.IsValid() {
-		return nil, false
-	}
-	return method.Interface().(func(...string) error), true
-}
-
-func (cli *DockerCli) ParseCommands(args ...string) error {
-	if len(args) > 0 {
-		method, exists := cli.getMethod(args[0])
-		if !exists {
-			fmt.Println("Error: Command not found:", args[0])
-			return cli.CmdHelp(args[1:]...)
-		}
-		return method(args[1:]...)
-	}
-	return cli.CmdHelp(args...)
-}
-
 func (cli *DockerCli) CmdHelp(args ...string) error {
 	if len(args) > 0 {
 		method, exists := cli.getMethod(args[0])
@@ -2135,417 +2096,3 @@ func (cli *DockerCli) CmdLoad(args ...string) error {
 	}
 	return nil
 }
-
-func (cli *DockerCli) dial() (net.Conn, error) {
-	if cli.tlsConfig != nil && cli.proto != "unix" {
-		return tls.Dial(cli.proto, cli.addr, cli.tlsConfig)
-	}
-	return net.Dial(cli.proto, cli.addr)
-}
-
-func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) {
-	params := bytes.NewBuffer(nil)
-	if data != nil {
-		if env, ok := data.(engine.Env); ok {
-			if err := env.Encode(params); err != nil {
-				return nil, -1, err
-			}
-		} else {
-			buf, err := json.Marshal(data)
-			if err != nil {
-				return nil, -1, err
-			}
-			if _, err := params.Write(buf); err != nil {
-				return nil, -1, err
-			}
-		}
-	}
-	// fixme: refactor client to support redirect
-	re := regexp.MustCompile("/+")
-	path = re.ReplaceAllString(path, "/")
-
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params)
-	if err != nil {
-		return nil, -1, err
-	}
-	if passAuthInfo {
-		cli.LoadConfigFile()
-		// Resolve the Auth config relevant for this server
-		authConfig := cli.configFile.ResolveAuthConfig(registry.IndexServerAddress())
-		getHeaders := func(authConfig registry.AuthConfig) (map[string][]string, error) {
-			buf, err := json.Marshal(authConfig)
-			if err != nil {
-				return nil, err
-			}
-			registryAuthHeader := []string{
-				base64.URLEncoding.EncodeToString(buf),
-			}
-			return map[string][]string{"X-Registry-Auth": registryAuthHeader}, nil
-		}
-		if headers, err := getHeaders(authConfig); err == nil && headers != nil {
-			for k, v := range headers {
-				req.Header[k] = v
-			}
-		}
-	}
-	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
-	req.Host = cli.addr
-	if data != nil {
-		req.Header.Set("Content-Type", "application/json")
-	} else if method == "POST" {
-		req.Header.Set("Content-Type", "plain/text")
-	}
-	dial, err := cli.dial()
-	if err != nil {
-		if strings.Contains(err.Error(), "connection refused") {
-			return nil, -1, ErrConnectionRefused
-		}
-		return nil, -1, err
-	}
-	clientconn := httputil.NewClientConn(dial, nil)
-	resp, err := clientconn.Do(req)
-	if err != nil {
-		clientconn.Close()
-		if strings.Contains(err.Error(), "connection refused") {
-			return nil, -1, ErrConnectionRefused
-		}
-		return nil, -1, err
-	}
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
-		body, err := ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return nil, -1, err
-		}
-		if len(body) == 0 {
-			return nil, resp.StatusCode, fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(resp.StatusCode), req.URL)
-		}
-		return nil, resp.StatusCode, fmt.Errorf("Error: %s", bytes.TrimSpace(body))
-	}
-
-	wrapper := utils.NewReadCloserWrapper(resp.Body, func() error {
-		if resp != nil && resp.Body != nil {
-			resp.Body.Close()
-		}
-		return clientconn.Close()
-	})
-	return wrapper, resp.StatusCode, nil
-}
-
-func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error {
-	if (method == "POST" || method == "PUT") && in == nil {
-		in = bytes.NewReader([]byte{})
-	}
-
-	// fixme: refactor client to support redirect
-	re := regexp.MustCompile("/+")
-	path = re.ReplaceAllString(path, "/")
-
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in)
-	if err != nil {
-		return err
-	}
-	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
-	req.Host = cli.addr
-	if method == "POST" {
-		req.Header.Set("Content-Type", "plain/text")
-	}
-
-	if headers != nil {
-		for k, v := range headers {
-			req.Header[k] = v
-		}
-	}
-
-	dial, err := cli.dial()
-	if err != nil {
-		if strings.Contains(err.Error(), "connection refused") {
-			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
-		}
-		return err
-	}
-	clientconn := httputil.NewClientConn(dial, nil)
-	resp, err := clientconn.Do(req)
-	defer clientconn.Close()
-	if err != nil {
-		if strings.Contains(err.Error(), "connection refused") {
-			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
-		}
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
-		body, err := ioutil.ReadAll(resp.Body)
-		if err != nil {
-			return err
-		}
-		if len(body) == 0 {
-			return fmt.Errorf("Error :%s", http.StatusText(resp.StatusCode))
-		}
-		return fmt.Errorf("Error: %s", bytes.TrimSpace(body))
-	}
-
-	if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") {
-		return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal)
-	}
-	if _, err := io.Copy(out, resp.Body); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error {
-	defer func() {
-		if started != nil {
-			close(started)
-		}
-	}()
-	// fixme: refactor client to support redirect
-	re := regexp.MustCompile("/+")
-	path = re.ReplaceAllString(path, "/")
-
-	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil)
-	if err != nil {
-		return err
-	}
-	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
-	req.Header.Set("Content-Type", "plain/text")
-	req.Host = cli.addr
-
-	dial, err := cli.dial()
-	if err != nil {
-		if strings.Contains(err.Error(), "connection refused") {
-			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
-		}
-		return err
-	}
-	clientconn := httputil.NewClientConn(dial, nil)
-	defer clientconn.Close()
-
-	// Server hijacks the connection, error 'connection closed' expected
-	clientconn.Do(req)
-
-	rwc, br := clientconn.Hijack()
-	defer rwc.Close()
-
-	if started != nil {
-		started <- rwc
-	}
-
-	var receiveStdout chan error
-
-	var oldState *term.State
-
-	if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" {
-		oldState, err = term.SetRawTerminal(cli.terminalFd)
-		if err != nil {
-			return err
-		}
-		defer term.RestoreTerminal(cli.terminalFd, oldState)
-	}
-
-	if stdout != nil || stderr != nil {
-		receiveStdout = utils.Go(func() (err error) {
-			defer func() {
-				if in != nil {
-					if setRawTerminal && cli.isTerminal {
-						term.RestoreTerminal(cli.terminalFd, oldState)
-					}
-					// For some reason this Close call blocks on darwin..
-					// As the client exists right after, simply discard the close
-					// until we find a better solution.
-					if goruntime.GOOS != "darwin" {
-						in.Close()
-					}
-				}
-			}()
-
-			// When TTY is ON, use regular copy
-			if setRawTerminal {
-				_, err = io.Copy(stdout, br)
-			} else {
-				_, err = utils.StdCopy(stdout, stderr, br)
-			}
-			utils.Debugf("[hijack] End of stdout")
-			return err
-		})
-	}
-
-	sendStdin := utils.Go(func() error {
-		if in != nil {
-			io.Copy(rwc, in)
-			utils.Debugf("[hijack] End of stdin")
-		}
-		if tcpc, ok := rwc.(*net.TCPConn); ok {
-			if err := tcpc.CloseWrite(); err != nil {
-				utils.Debugf("Couldn't send EOF: %s\n", err)
-			}
-		} else if unixc, ok := rwc.(*net.UnixConn); ok {
-			if err := unixc.CloseWrite(); err != nil {
-				utils.Debugf("Couldn't send EOF: %s\n", err)
-			}
-		}
-		// Discard errors due to pipe interruption
-		return nil
-	})
-
-	if stdout != nil || stderr != nil {
-		if err := <-receiveStdout; err != nil {
-			utils.Debugf("Error receiveStdout: %s", err)
-			return err
-		}
-	}
-
-	if !cli.isTerminal {
-		if err := <-sendStdin; err != nil {
-			utils.Debugf("Error sendStdin: %s", err)
-			return err
-		}
-	}
-	return nil
-
-}
-
-func (cli *DockerCli) getTtySize() (int, int) {
-	if !cli.isTerminal {
-		return 0, 0
-	}
-	ws, err := term.GetWinsize(cli.terminalFd)
-	if err != nil {
-		utils.Debugf("Error getting size: %s", err)
-		if ws == nil {
-			return 0, 0
-		}
-	}
-	return int(ws.Height), int(ws.Width)
-}
-
-func (cli *DockerCli) resizeTty(id string) {
-	height, width := cli.getTtySize()
-	if height == 0 && width == 0 {
-		return
-	}
-	v := url.Values{}
-	v.Set("h", strconv.Itoa(height))
-	v.Set("w", strconv.Itoa(width))
-	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
-		utils.Debugf("Error resize: %s", err)
-	}
-}
-
-func (cli *DockerCli) monitorTtySize(id string) error {
-	cli.resizeTty(id)
-
-	sigchan := make(chan os.Signal, 1)
-	gosignal.Notify(sigchan, syscall.SIGWINCH)
-	go func() {
-		for _ = range sigchan {
-			cli.resizeTty(id)
-		}
-	}()
-	return nil
-}
-
-func (cli *DockerCli) Subcmd(name, signature, description string) *flag.FlagSet {
-	flags := flag.NewFlagSet(name, flag.ContinueOnError)
-	flags.Usage = func() {
-		fmt.Fprintf(cli.err, "\nUsage: docker %s %s\n\n%s\n\n", name, signature, description)
-		flags.PrintDefaults()
-		os.Exit(2)
-	}
-	return flags
-}
-
-func (cli *DockerCli) LoadConfigFile() (err error) {
-	cli.configFile, err = registry.LoadConfig(os.Getenv("HOME"))
-	if err != nil {
-		fmt.Fprintf(cli.err, "WARNING: %s\n", err)
-	}
-	return err
-}
-
-func waitForExit(cli *DockerCli, containerId string) (int, error) {
-	stream, _, err := cli.call("POST", "/containers/"+containerId+"/wait", nil, false)
-	if err != nil {
-		return -1, err
-	}
-
-	var out engine.Env
-	if err := out.Decode(stream); err != nil {
-		return -1, err
-	}
-	return out.GetInt("StatusCode"), nil
-}
-
-// getExitCode perform an inspect on the container. It returns
-// the running state and the exit code.
-func getExitCode(cli *DockerCli, containerId string) (bool, int, error) {
-	body, _, err := readBody(cli.call("GET", "/containers/"+containerId+"/json", nil, false))
-	if err != nil {
-		// If we can't connect, then the daemon probably died.
-		if err != ErrConnectionRefused {
-			return false, -1, err
-		}
-		return false, -1, nil
-	}
-	c := &api.Container{}
-	if err := json.Unmarshal(body, c); err != nil {
-		return false, -1, err
-	}
-	return c.State.Running, c.State.ExitCode, nil
-}
-
-func readBody(stream io.ReadCloser, statusCode int, err error) ([]byte, int, error) {
-	if stream != nil {
-		defer stream.Close()
-	}
-	if err != nil {
-		return nil, statusCode, err
-	}
-	body, err := ioutil.ReadAll(stream)
-	if err != nil {
-		return nil, -1, err
-	}
-	return body, statusCode, nil
-}
-
-func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string, tlsConfig *tls.Config) *DockerCli {
-	var (
-		isTerminal = false
-		terminalFd uintptr
-	)
-
-	if in != nil {
-		if file, ok := in.(*os.File); ok {
-			terminalFd = file.Fd()
-			isTerminal = term.IsTerminal(terminalFd)
-		}
-	}
-
-	if err == nil {
-		err = out
-	}
-	return &DockerCli{
-		proto:      proto,
-		addr:       addr,
-		in:         in,
-		out:        out,
-		err:        err,
-		isTerminal: isTerminal,
-		terminalFd: terminalFd,
-		tlsConfig:  tlsConfig,
-	}
-}
-
-type DockerCli struct {
-	proto      string
-	addr       string
-	configFile *registry.ConfigFile
-	in         io.ReadCloser
-	out        io.Writer
-	err        io.Writer
-	isTerminal bool
-	terminalFd uintptr
-	tlsConfig  *tls.Config
-}
diff --git a/api/client/utils.go b/api/client/utils.go
new file mode 100644
index 0000000000..c2c7b1780a
--- /dev/null
+++ b/api/client/utils.go
@@ -0,0 +1,390 @@
+package client
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	gosignal "os/signal"
+	"regexp"
+	goruntime "runtime"
+	"strconv"
+	"strings"
+	"syscall"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/term"
+	"github.com/dotcloud/docker/registry"
+	"github.com/dotcloud/docker/utils"
+)
+
+var (
+	ErrConnectionRefused = errors.New("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+)
+
+func (cli *DockerCli) dial() (net.Conn, error) {
+	if cli.tlsConfig != nil && cli.proto != "unix" {
+		return tls.Dial(cli.proto, cli.addr, cli.tlsConfig)
+	}
+	return net.Dial(cli.proto, cli.addr)
+}
+
+func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo bool) (io.ReadCloser, int, error) {
+	params := bytes.NewBuffer(nil)
+	if data != nil {
+		if env, ok := data.(engine.Env); ok {
+			if err := env.Encode(params); err != nil {
+				return nil, -1, err
+			}
+		} else {
+			buf, err := json.Marshal(data)
+			if err != nil {
+				return nil, -1, err
+			}
+			if _, err := params.Write(buf); err != nil {
+				return nil, -1, err
+			}
+		}
+	}
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), params)
+	if err != nil {
+		return nil, -1, err
+	}
+	if passAuthInfo {
+		cli.LoadConfigFile()
+		// Resolve the Auth config relevant for this server
+		authConfig := cli.configFile.ResolveAuthConfig(registry.IndexServerAddress())
+		getHeaders := func(authConfig registry.AuthConfig) (map[string][]string, error) {
+			buf, err := json.Marshal(authConfig)
+			if err != nil {
+				return nil, err
+			}
+			registryAuthHeader := []string{
+				base64.URLEncoding.EncodeToString(buf),
+			}
+			return map[string][]string{"X-Registry-Auth": registryAuthHeader}, nil
+		}
+		if headers, err := getHeaders(authConfig); err == nil && headers != nil {
+			for k, v := range headers {
+				req.Header[k] = v
+			}
+		}
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Host = cli.addr
+	if data != nil {
+		req.Header.Set("Content-Type", "application/json")
+	} else if method == "POST" {
+		req.Header.Set("Content-Type", "plain/text")
+	}
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return nil, -1, ErrConnectionRefused
+		}
+		return nil, -1, err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	resp, err := clientconn.Do(req)
+	if err != nil {
+		clientconn.Close()
+		if strings.Contains(err.Error(), "connection refused") {
+			return nil, -1, ErrConnectionRefused
+		}
+		return nil, -1, err
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return nil, -1, err
+		}
+		if len(body) == 0 {
+			return nil, resp.StatusCode, fmt.Errorf("Error: request returned %s for API route and version %s, check if the server supports the requested API version", http.StatusText(resp.StatusCode), req.URL)
+		}
+		return nil, resp.StatusCode, fmt.Errorf("Error: %s", bytes.TrimSpace(body))
+	}
+
+	wrapper := utils.NewReadCloserWrapper(resp.Body, func() error {
+		if resp != nil && resp.Body != nil {
+			resp.Body.Close()
+		}
+		return clientconn.Close()
+	})
+	return wrapper, resp.StatusCode, nil
+}
+
+func (cli *DockerCli) stream(method, path string, in io.Reader, out io.Writer, headers map[string][]string) error {
+	if (method == "POST" || method == "PUT") && in == nil {
+		in = bytes.NewReader([]byte{})
+	}
+
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), in)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Host = cli.addr
+	if method == "POST" {
+		req.Header.Set("Content-Type", "plain/text")
+	}
+
+	if headers != nil {
+		for k, v := range headers {
+			req.Header[k] = v
+		}
+	}
+
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	resp, err := clientconn.Do(req)
+	defer clientconn.Close()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 400 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+		if len(body) == 0 {
+			return fmt.Errorf("Error :%s", http.StatusText(resp.StatusCode))
+		}
+		return fmt.Errorf("Error: %s", bytes.TrimSpace(body))
+	}
+
+	if api.MatchesContentType(resp.Header.Get("Content-Type"), "application/json") {
+		return utils.DisplayJSONMessagesStream(resp.Body, out, cli.terminalFd, cli.isTerminal)
+	}
+	if _, err := io.Copy(out, resp.Body); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.ReadCloser, stdout, stderr io.Writer, started chan io.Closer) error {
+	defer func() {
+		if started != nil {
+			close(started)
+		}
+	}()
+	// fixme: refactor client to support redirect
+	re := regexp.MustCompile("/+")
+	path = re.ReplaceAllString(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("/v%s%s", api.APIVERSION, path), nil)
+	if err != nil {
+		return err
+	}
+	req.Header.Set("User-Agent", "Docker-Client/"+dockerversion.VERSION)
+	req.Header.Set("Content-Type", "plain/text")
+	req.Host = cli.addr
+
+	dial, err := cli.dial()
+	if err != nil {
+		if strings.Contains(err.Error(), "connection refused") {
+			return fmt.Errorf("Cannot connect to the Docker daemon. Is 'docker -d' running on this host?")
+		}
+		return err
+	}
+	clientconn := httputil.NewClientConn(dial, nil)
+	defer clientconn.Close()
+
+	// Server hijacks the connection, error 'connection closed' expected
+	clientconn.Do(req)
+
+	rwc, br := clientconn.Hijack()
+	defer rwc.Close()
+
+	if started != nil {
+		started <- rwc
+	}
+
+	var receiveStdout chan error
+
+	var oldState *term.State
+
+	if in != nil && setRawTerminal && cli.isTerminal && os.Getenv("NORAW") == "" {
+		oldState, err = term.SetRawTerminal(cli.terminalFd)
+		if err != nil {
+			return err
+		}
+		defer term.RestoreTerminal(cli.terminalFd, oldState)
+	}
+
+	if stdout != nil || stderr != nil {
+		receiveStdout = utils.Go(func() (err error) {
+			defer func() {
+				if in != nil {
+					if setRawTerminal && cli.isTerminal {
+						term.RestoreTerminal(cli.terminalFd, oldState)
+					}
+					// For some reason this Close call blocks on darwin..
+					// As the client exists right after, simply discard the close
+					// until we find a better solution.
+					if goruntime.GOOS != "darwin" {
+						in.Close()
+					}
+				}
+			}()
+
+			// When TTY is ON, use regular copy
+			if setRawTerminal {
+				_, err = io.Copy(stdout, br)
+			} else {
+				_, err = utils.StdCopy(stdout, stderr, br)
+			}
+			utils.Debugf("[hijack] End of stdout")
+			return err
+		})
+	}
+
+	sendStdin := utils.Go(func() error {
+		if in != nil {
+			io.Copy(rwc, in)
+			utils.Debugf("[hijack] End of stdin")
+		}
+		if tcpc, ok := rwc.(*net.TCPConn); ok {
+			if err := tcpc.CloseWrite(); err != nil {
+				utils.Errorf("Couldn't send EOF: %s\n", err)
+			}
+		} else if unixc, ok := rwc.(*net.UnixConn); ok {
+			if err := unixc.CloseWrite(); err != nil {
+				utils.Errorf("Couldn't send EOF: %s\n", err)
+			}
+		}
+		// Discard errors due to pipe interruption
+		return nil
+	})
+
+	if stdout != nil || stderr != nil {
+		if err := <-receiveStdout; err != nil {
+			utils.Errorf("Error receiveStdout: %s", err)
+			return err
+		}
+	}
+
+	if !cli.isTerminal {
+		if err := <-sendStdin; err != nil {
+			utils.Errorf("Error sendStdin: %s", err)
+			return err
+		}
+	}
+	return nil
+
+}
+
+func (cli *DockerCli) resizeTty(id string) {
+	height, width := cli.getTtySize()
+	if height == 0 && width == 0 {
+		return
+	}
+	v := url.Values{}
+	v.Set("h", strconv.Itoa(height))
+	v.Set("w", strconv.Itoa(width))
+	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
+		utils.Errorf("Error resize: %s", err)
+	}
+}
+
+func waitForExit(cli *DockerCli, containerId string) (int, error) {
+	stream, _, err := cli.call("POST", "/containers/"+containerId+"/wait", nil, false)
+	if err != nil {
+		return -1, err
+	}
+
+	var out engine.Env
+	if err := out.Decode(stream); err != nil {
+		return -1, err
+	}
+	return out.GetInt("StatusCode"), nil
+}
+
+// getExitCode perform an inspect on the container. It returns
+// the running state and the exit code.
+func getExitCode(cli *DockerCli, containerId string) (bool, int, error) {
+	body, _, err := readBody(cli.call("GET", "/containers/"+containerId+"/json", nil, false))
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if err != ErrConnectionRefused {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+	c := &api.Container{}
+	if err := json.Unmarshal(body, c); err != nil {
+		return false, -1, err
+	}
+	return c.State.Running, c.State.ExitCode, nil
+}
+
+func (cli *DockerCli) monitorTtySize(id string) error {
+	cli.resizeTty(id)
+
+	sigchan := make(chan os.Signal, 1)
+	gosignal.Notify(sigchan, syscall.SIGWINCH)
+	go func() {
+		for _ = range sigchan {
+			cli.resizeTty(id)
+		}
+	}()
+	return nil
+}
+
+func (cli *DockerCli) getTtySize() (int, int) {
+	if !cli.isTerminal {
+		return 0, 0
+	}
+	ws, err := term.GetWinsize(cli.terminalFd)
+	if err != nil {
+		utils.Errorf("Error getting size: %s", err)
+		if ws == nil {
+			return 0, 0
+		}
+	}
+	return int(ws.Height), int(ws.Width)
+}
+
+func readBody(stream io.ReadCloser, statusCode int, err error) ([]byte, int, error) {
+	if stream != nil {
+		defer stream.Close()
+	}
+	if err != nil {
+		return nil, statusCode, err
+	}
+	body, err := ioutil.ReadAll(stream)
+	if err != nil {
+		return nil, -1, err
+	}
+	return body, statusCode, nil
+}

From 185b040e49aa9ab74f8d9254c7ff86b2891e3708 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 28 Mar 2014 23:36:33 +0000
Subject: [PATCH 253/384] fix tests

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/api_unit_test.go           | 46 -----------------
 api/server/server_unit_test.go | 52 ++++++++++++++++++++
 integration/api_test.go        | 90 +++++++++++++++++-----------------
 integration/commands_test.go   | 50 +++++++++----------
 integration/https_test.go      |  8 +--
 5 files changed, 127 insertions(+), 119 deletions(-)
 create mode 100644 api/server/server_unit_test.go

diff --git a/api/api_unit_test.go b/api/api_unit_test.go
index 2b3e76e75c..678331d369 100644
--- a/api/api_unit_test.go
+++ b/api/api_unit_test.go
@@ -1,9 +1,6 @@
 package api
 
 import (
-	"fmt"
-	"net/http"
-	"net/http/httptest"
 	"testing"
 )
 
@@ -20,46 +17,3 @@ func TestJsonContentType(t *testing.T) {
 		t.Fail()
 	}
 }
-
-func TestGetBoolParam(t *testing.T) {
-	if ret, err := getBoolParam("true"); err != nil || !ret {
-		t.Fatalf("true -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("True"); err != nil || !ret {
-		t.Fatalf("True -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("1"); err != nil || !ret {
-		t.Fatalf("1 -> true, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam(""); err != nil || ret {
-		t.Fatalf("\"\" -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("false"); err != nil || ret {
-		t.Fatalf("false -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("0"); err != nil || ret {
-		t.Fatalf("0 -> false, nil | got %t %s", ret, err)
-	}
-	if ret, err := getBoolParam("faux"); err == nil || ret {
-		t.Fatalf("faux -> false, err | got %t %s", ret, err)
-	}
-}
-
-func TesthttpError(t *testing.T) {
-	r := httptest.NewRecorder()
-
-	httpError(r, fmt.Errorf("No such method"))
-	if r.Code != http.StatusNotFound {
-		t.Fatalf("Expected %d, got %d", http.StatusNotFound, r.Code)
-	}
-
-	httpError(r, fmt.Errorf("This accound hasn't been activated"))
-	if r.Code != http.StatusForbidden {
-		t.Fatalf("Expected %d, got %d", http.StatusForbidden, r.Code)
-	}
-
-	httpError(r, fmt.Errorf("Some error"))
-	if r.Code != http.StatusInternalServerError {
-		t.Fatalf("Expected %d, got %d", http.StatusInternalServerError, r.Code)
-	}
-}
diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go
new file mode 100644
index 0000000000..5ea5af411c
--- /dev/null
+++ b/api/server/server_unit_test.go
@@ -0,0 +1,52 @@
+package server
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestGetBoolParam(t *testing.T) {
+	if ret, err := getBoolParam("true"); err != nil || !ret {
+		t.Fatalf("true -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("True"); err != nil || !ret {
+		t.Fatalf("True -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("1"); err != nil || !ret {
+		t.Fatalf("1 -> true, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam(""); err != nil || ret {
+		t.Fatalf("\"\" -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("false"); err != nil || ret {
+		t.Fatalf("false -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("0"); err != nil || ret {
+		t.Fatalf("0 -> false, nil | got %t %s", ret, err)
+	}
+	if ret, err := getBoolParam("faux"); err == nil || ret {
+		t.Fatalf("faux -> false, err | got %t %s", ret, err)
+
+	}
+}
+
+func TesthttpError(t *testing.T) {
+	r := httptest.NewRecorder()
+
+	httpError(r, fmt.Errorf("No such method"))
+	if r.Code != http.StatusNotFound {
+		t.Fatalf("Expected %d, got %d", http.StatusNotFound, r.Code)
+	}
+
+	httpError(r, fmt.Errorf("This accound hasn't been activated"))
+	if r.Code != http.StatusForbidden {
+		t.Fatalf("Expected %d, got %d", http.StatusForbidden, r.Code)
+	}
+
+	httpError(r, fmt.Errorf("Some error"))
+	if r.Code != http.StatusInternalServerError {
+		t.Fatalf("Expected %d, got %d", http.StatusInternalServerError, r.Code)
+	}
+}
diff --git a/integration/api_test.go b/integration/api_test.go
index bac4efea53..d08617ea69 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -5,14 +5,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/dotcloud/docker/api"
-	"github.com/dotcloud/docker/dockerversion"
-	"github.com/dotcloud/docker/engine"
-	"github.com/dotcloud/docker/image"
-	"github.com/dotcloud/docker/runconfig"
-	"github.com/dotcloud/docker/runtime"
-	"github.com/dotcloud/docker/utils"
-	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 	"io"
 	"io/ioutil"
 	"net"
@@ -21,6 +13,16 @@ import (
 	"strings"
 	"testing"
 	"time"
+
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/api/server"
+	"github.com/dotcloud/docker/dockerversion"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/image"
+	"github.com/dotcloud/docker/runconfig"
+	"github.com/dotcloud/docker/runtime"
+	"github.com/dotcloud/docker/utils"
+	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
 func TestGetVersion(t *testing.T) {
@@ -35,7 +37,7 @@ func TestGetVersion(t *testing.T) {
 		t.Fatal(err)
 	}
 	// FIXME getting the version should require an actual running Server
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -77,7 +79,7 @@ func TestGetInfo(t *testing.T) {
 	}
 	r := httptest.NewRecorder()
 
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -125,7 +127,7 @@ func TestGetEvents(t *testing.T) {
 
 	r := httptest.NewRecorder()
 	setTimeout(t, "", 500*time.Millisecond, func() {
-		if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 			t.Fatal(err)
 		}
 		assertHttpNotError(r, t)
@@ -166,7 +168,7 @@ func TestGetImagesJSON(t *testing.T) {
 
 	r := httptest.NewRecorder()
 
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -201,7 +203,7 @@ func TestGetImagesJSON(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r2, req2); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r2, req2); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r2, t)
@@ -234,7 +236,7 @@ func TestGetImagesJSON(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := api.ServeRequest(eng, api.APIVERSION, r3, req3); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r3, req3); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r3, t)
@@ -259,7 +261,7 @@ func TestGetImagesHistory(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -283,7 +285,7 @@ func TestGetImagesByName(t *testing.T) {
 	}
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -327,7 +329,7 @@ func TestGetContainersJSON(t *testing.T) {
 	}
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -363,7 +365,7 @@ func TestGetContainersExport(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -401,7 +403,7 @@ func TestSaveImageAndThenLoad(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusOK {
@@ -415,7 +417,7 @@ func TestSaveImageAndThenLoad(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusOK {
@@ -428,7 +430,7 @@ func TestSaveImageAndThenLoad(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusNotFound {
@@ -441,7 +443,7 @@ func TestSaveImageAndThenLoad(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusOK {
@@ -454,7 +456,7 @@ func TestSaveImageAndThenLoad(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusOK {
@@ -481,7 +483,7 @@ func TestGetContainersChanges(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -548,7 +550,7 @@ func TestGetContainersTop(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -596,7 +598,7 @@ func TestGetContainersByName(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -631,7 +633,7 @@ func TestPostCommit(t *testing.T) {
 	}
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -667,7 +669,7 @@ func TestPostContainersCreate(t *testing.T) {
 	}
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -716,7 +718,7 @@ func TestPostContainersKill(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -755,7 +757,7 @@ func TestPostContainersRestart(t *testing.T) {
 		t.Fatal(err)
 	}
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -797,7 +799,7 @@ func TestPostContainersStart(t *testing.T) {
 	req.Header.Set("Content-Type", "application/json")
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -814,7 +816,7 @@ func TestPostContainersStart(t *testing.T) {
 	}
 
 	r = httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	// Starting an already started container should return an error
@@ -852,7 +854,7 @@ func TestRunErrorBindMountRootSource(t *testing.T) {
 	req.Header.Set("Content-Type", "application/json")
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusInternalServerError {
@@ -889,7 +891,7 @@ func TestPostContainersStop(t *testing.T) {
 		t.Fatal(err)
 	}
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -921,7 +923,7 @@ func TestPostContainersWait(t *testing.T) {
 		if err != nil {
 			t.Fatal(err)
 		}
-		if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 			t.Fatal(err)
 		}
 		assertHttpNotError(r, t)
@@ -979,7 +981,7 @@ func TestPostContainersAttach(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 			t.Fatal(err)
 		}
 		assertHttpNotError(r.ResponseRecorder, t)
@@ -1057,7 +1059,7 @@ func TestPostContainersAttachStderr(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 			t.Fatal(err)
 		}
 		assertHttpNotError(r.ResponseRecorder, t)
@@ -1114,7 +1116,7 @@ func TestDeleteContainers(t *testing.T) {
 		t.Fatal(err)
 	}
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -1133,7 +1135,7 @@ func TestOptionsRoute(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -1152,7 +1154,7 @@ func TestGetEnabledCors(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -1199,7 +1201,7 @@ func TestDeleteImages(t *testing.T) {
 	}
 
 	r := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusConflict {
@@ -1212,7 +1214,7 @@ func TestDeleteImages(t *testing.T) {
 	}
 
 	r2 := httptest.NewRecorder()
-	if err := api.ServeRequest(eng, api.APIVERSION, r2, req2); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r2, req2); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r2, t)
@@ -1264,7 +1266,7 @@ func TestPostContainersCopy(t *testing.T) {
 		t.Fatal(err)
 	}
 	req.Header.Add("Content-Type", "application/json")
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	assertHttpNotError(r, t)
@@ -1312,7 +1314,7 @@ func TestPostContainersCopyWhenContainerNotFound(t *testing.T) {
 		t.Fatal(err)
 	}
 	req.Header.Add("Content-Type", "application/json")
-	if err := api.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
 		t.Fatal(err)
 	}
 	if r.Code != http.StatusNotFound {
diff --git a/integration/commands_test.go b/integration/commands_test.go
index 7de7a227ea..2dc0ff384a 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -3,7 +3,7 @@ package docker
 import (
 	"bufio"
 	"fmt"
-	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/api/client"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/term"
@@ -121,7 +121,7 @@ func assertPipe(input, output string, r io.Reader, w io.Writer, count int) error
 func TestRunHostname(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -166,7 +166,7 @@ func TestRunHostname(t *testing.T) {
 func TestRunWorkdir(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -211,7 +211,7 @@ func TestRunWorkdir(t *testing.T) {
 func TestRunWorkdirExists(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -255,7 +255,7 @@ func TestRunWorkdirExists(t *testing.T) {
 // TestRunWorkdirExistsAndIsFile checks that if 'docker run -w' with existing file can be detected
 func TestRunWorkdirExistsAndIsFile(t *testing.T) {
 
-	cli := api.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -275,7 +275,7 @@ func TestRunExit(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -328,7 +328,7 @@ func TestRunDisconnect(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -374,7 +374,7 @@ func TestRunDisconnectTty(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c1 := make(chan struct{})
@@ -426,7 +426,7 @@ func TestRunAttachStdin(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -490,7 +490,7 @@ func TestRunDetach(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -537,7 +537,7 @@ func TestAttachDetach(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	ch := make(chan struct{})
@@ -570,7 +570,7 @@ func TestAttachDetach(t *testing.T) {
 
 	stdin, stdinPipe = io.Pipe()
 	stdout, stdoutPipe = io.Pipe()
-	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli = client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 
 	ch = make(chan struct{})
 	go func() {
@@ -618,7 +618,7 @@ func TestAttachDetachTruncatedID(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	// Discard the CmdRun output
@@ -636,7 +636,7 @@ func TestAttachDetachTruncatedID(t *testing.T) {
 
 	stdin, stdinPipe = io.Pipe()
 	stdout, stdoutPipe = io.Pipe()
-	cli = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli = client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 
 	ch := make(chan struct{})
 	go func() {
@@ -683,7 +683,7 @@ func TestAttachDisconnect(t *testing.T) {
 	stdin, stdinPipe := io.Pipe()
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	go func() {
@@ -752,7 +752,7 @@ func TestAttachDisconnect(t *testing.T) {
 func TestRunAutoRemove(t *testing.T) {
 	t.Skip("Fixme. Skipping test for now, race condition")
 	stdout, stdoutPipe := io.Pipe()
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -788,7 +788,7 @@ func TestRunAutoRemove(t *testing.T) {
 
 func TestCmdLogs(t *testing.T) {
 	t.Skip("Test not impemented")
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	if err := cli.CmdRun(unitTestImageID, "sh", "-c", "ls -l"); err != nil {
@@ -806,7 +806,7 @@ func TestCmdLogs(t *testing.T) {
 // Expected behaviour: error out when attempting to bind mount non-existing source paths
 func TestRunErrorBindNonExistingSource(t *testing.T) {
 
-	cli := api.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, nil, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -826,7 +826,7 @@ func TestRunErrorBindNonExistingSource(t *testing.T) {
 func TestImagesViz(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	image := buildTestImages(t, globalEngine)
@@ -876,7 +876,7 @@ func TestImagesViz(t *testing.T) {
 func TestImagesTree(t *testing.T) {
 	stdout, stdoutPipe := io.Pipe()
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	image := buildTestImages(t, globalEngine)
@@ -959,7 +959,7 @@ func TestRunCidFileCheckIDLength(t *testing.T) {
 	}
 	tmpCidFile := path.Join(tmpDir, "cid")
 
-	cli := api.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -1008,7 +1008,7 @@ func TestRunCidFileCleanupIfEmpty(t *testing.T) {
 	}
 	tmpCidFile := path.Join(tmpDir, "cid")
 
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 
 	c := make(chan struct{})
@@ -1038,7 +1038,7 @@ func TestContainerOrphaning(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	// setup a CLI and server
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	defer cleanup(globalEngine, t)
 	srv := mkServerFromEngine(globalEngine, t)
 
@@ -1098,8 +1098,8 @@ func TestCmdKill(t *testing.T) {
 	var (
 		stdin, stdinPipe   = io.Pipe()
 		stdout, stdoutPipe = io.Pipe()
-		cli                = api.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
-		cli2               = api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+		cli                = client.NewDockerCli(stdin, stdoutPipe, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
+		cli2               = client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto, testDaemonAddr, nil)
 	)
 	defer cleanup(globalEngine, t)
 
diff --git a/integration/https_test.go b/integration/https_test.go
index a1c855e1a9..0b4abea881 100644
--- a/integration/https_test.go
+++ b/integration/https_test.go
@@ -3,7 +3,7 @@ package docker
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/api/client"
 	"io/ioutil"
 	"testing"
 	"time"
@@ -35,7 +35,7 @@ func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config {
 
 // TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint
 func TestHttpsInfo(t *testing.T) {
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
 		testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
 
 	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
@@ -48,7 +48,7 @@ func TestHttpsInfo(t *testing.T) {
 // TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint
 // by using a rogue client certificate and checks that it fails with the expected error.
 func TestHttpsInfoRogueCert(t *testing.T) {
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
 		testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t))
 
 	setTimeout(t, "Reading command output time out", 10*time.Second, func() {
@@ -65,7 +65,7 @@ func TestHttpsInfoRogueCert(t *testing.T) {
 // TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint
 // which provides a rogue server certificate and checks that it fails with the expected error
 func TestHttpsInfoRogueServerCert(t *testing.T) {
-	cli := api.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
+	cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, testDaemonProto,
 		testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t))
 
 	setTimeout(t, "Reading command output time out", 10*time.Second, func() {

From 7697aad7b0537dade1d598cca5b7b1b420fa47c9 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 31 Mar 2014 18:08:46 +0000
Subject: [PATCH 254/384] apply Reduce error level form harmless errors

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client/utils.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/client/utils.go b/api/client/utils.go
index c2c7b1780a..4ef09ba783 100644
--- a/api/client/utils.go
+++ b/api/client/utils.go
@@ -276,11 +276,11 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 		}
 		if tcpc, ok := rwc.(*net.TCPConn); ok {
 			if err := tcpc.CloseWrite(); err != nil {
-				utils.Errorf("Couldn't send EOF: %s\n", err)
+				utils.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		} else if unixc, ok := rwc.(*net.UnixConn); ok {
 			if err := unixc.CloseWrite(); err != nil {
-				utils.Errorf("Couldn't send EOF: %s\n", err)
+				utils.Debugf("Couldn't send EOF: %s\n", err)
 			}
 		}
 		// Discard errors due to pipe interruption
@@ -289,14 +289,14 @@ func (cli *DockerCli) hijack(method, path string, setRawTerminal bool, in io.Rea
 
 	if stdout != nil || stderr != nil {
 		if err := <-receiveStdout; err != nil {
-			utils.Errorf("Error receiveStdout: %s", err)
+			utils.Debugf("Error receiveStdout: %s", err)
 			return err
 		}
 	}
 
 	if !cli.isTerminal {
 		if err := <-sendStdin; err != nil {
-			utils.Errorf("Error sendStdin: %s", err)
+			utils.Debugf("Error sendStdin: %s", err)
 			return err
 		}
 	}
@@ -313,7 +313,7 @@ func (cli *DockerCli) resizeTty(id string) {
 	v.Set("h", strconv.Itoa(height))
 	v.Set("w", strconv.Itoa(width))
 	if _, _, err := readBody(cli.call("POST", "/containers/"+id+"/resize?"+v.Encode(), nil, false)); err != nil {
-		utils.Errorf("Error resize: %s", err)
+		utils.Debugf("Error resize: %s", err)
 	}
 }
 
@@ -367,7 +367,7 @@ func (cli *DockerCli) getTtySize() (int, int) {
 	}
 	ws, err := term.GetWinsize(cli.terminalFd)
 	if err != nil {
-		utils.Errorf("Error getting size: %s", err)
+		utils.Debugf("Error getting size: %s", err)
 		if ws == nil {
 			return 0, 0
 		}

From 51d9a04f17d1c8c6c1a069227c1417b20283dda2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 31 Mar 2014 18:21:07 +0000
Subject: [PATCH 255/384] Make sure to set error reguardless of attach or stdin

Fixes #3364
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 api/client/commands.go                   |  2 +-
 integration-cli/docker_cli_start_test.go | 34 ++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 integration-cli/docker_cli_start_test.go

diff --git a/api/client/commands.go b/api/client/commands.go
index 49a5c008b3..49cd07700f 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -607,8 +607,8 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 		if err != nil {
 			if !*attach || !*openStdin {
 				fmt.Fprintf(cli.err, "%s\n", err)
-				encounteredError = fmt.Errorf("Error: failed to start one or more containers")
 			}
+			encounteredError = fmt.Errorf("Error: failed to start one or more containers")
 		} else {
 			if !*attach || !*openStdin {
 				fmt.Fprintf(cli.out, "%s\n", name)
diff --git a/integration-cli/docker_cli_start_test.go b/integration-cli/docker_cli_start_test.go
new file mode 100644
index 0000000000..c3059a66c4
--- /dev/null
+++ b/integration-cli/docker_cli_start_test.go
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"os/exec"
+	"testing"
+)
+
+// Regression test for #3364
+func TestDockerStartWithPortCollision(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--name", "fail", "-p", "25:25", "busybox", "true")
+	out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal(out, stderr, err)
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "--name", "conflict", "-dti", "-p", "25:25", "busybox", "sh")
+	out, stderr, exitCode, err = runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal(out, stderr, err)
+	}
+
+	startCmd := exec.Command(dockerBinary, "start", "-a", "fail")
+	out, stderr, exitCode, err = runCommandWithStdoutStderr(startCmd)
+	if err != nil && exitCode != 1 {
+		t.Fatal(out, err)
+	}
+
+	killCmd := exec.Command(dockerBinary, "kill", "conflict")
+	runCommand(killCmd)
+
+	deleteAllContainers()
+
+	logDone("start - -a=true error on port use")
+}

From cd51ac92bdf1ce0a1245f5b4565995631512ba64 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@hashbangbash.com>
Date: Sun, 16 Feb 2014 19:24:22 -0500
Subject: [PATCH 256/384] support for `docker run` environment variables file

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 12 ++++++
 pkg/opts/envfile.go                        | 44 ++++++++++++++++++++++
 runconfig/parse.go                         | 14 ++++++-
 3 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 pkg/opts/envfile.go

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 3d2aac5233..6a473ec461 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1152,6 +1152,7 @@ image is removed.
       --cidfile="": Write the container ID to the file
       -d, --detach=false: Detached mode: Run container in the background, print new container id
       -e, --env=[]: Set environment variables
+      --envfile="": Read in a line delimited file of ENV variables
       -h, --hostname="": Container host name
       -i, --interactive=false: Keep stdin open even if not attached
       --privileged=false: Give extended privileges to this container
@@ -1284,6 +1285,17 @@ This exposes port ``80`` of the container for use within a link without
 publishing the port to the host system's interfaces. :ref:`port_redirection`
 explains in detail how to manipulate ports in Docker.
 
+.. code-block:: bash
+
+    $ sudo docker run -e MYVAR1 --env MYVAR2=foo --envfile ./env.list ubuntu bash
+
+This sets environmental variables to the container. For illustration all three
+flags are shown here. Where -e and --env can be repeated, take an environment 
+variable and value, or if no "=" is provided, then that variable's current
+value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the
+container). The --envfile flag takes a filename as an argument and expects each
+line to be a VAR=VAL format.
+
 .. code-block:: bash
 
     $ sudo docker run --name console -t -i ubuntu bash
diff --git a/pkg/opts/envfile.go b/pkg/opts/envfile.go
new file mode 100644
index 0000000000..004c320803
--- /dev/null
+++ b/pkg/opts/envfile.go
@@ -0,0 +1,44 @@
+package opts
+
+import (
+	"bufio"
+	"bytes"
+	"io"
+	"os"
+)
+
+/*
+Read in a line delimited file with environment variables enumerated
+*/
+func ParseEnvFile(filename string) ([]string, error) {
+	fh, err := os.Open(filename)
+	if err != nil {
+		return []string{}, err
+	}
+	var (
+		lines       []string = []string{}
+		line, chunk []byte
+	)
+	reader := bufio.NewReader(fh)
+	line, isPrefix, err := reader.ReadLine()
+
+	for err == nil {
+		if isPrefix {
+			chunk = append(chunk, line...)
+		} else if !isPrefix && len(chunk) > 0 {
+			line = chunk
+			chunk = []byte{}
+		} else {
+			chunk = []byte{}
+		}
+
+		if !isPrefix && len(line) > 0 && bytes.Contains(line, []byte("=")) {
+			lines = append(lines, string(line))
+		}
+		line, isPrefix, err = reader.ReadLine()
+	}
+	if err != nil && err != io.EOF {
+		return []string{}, err
+	}
+	return lines, nil
+}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index 43aecdb753..aa1ed6d174 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -68,6 +68,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
 		flLabelOptions    = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system")
+		flEnvFile         = cmd.String([]string{"#envfile", "-envfile"}, "", "Read in a line delimited file of ENV variables")
 
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")
@@ -199,6 +200,17 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		}
 	}
 
+	// collect all the environment variables for the container
+	envVariables := []string{}
+	envVariables = append(envVariables, flEnv.GetAll()...)
+	parsedVars, err := opts.ParseEnvFile(*flEnvFile)
+	if err != nil {
+		return nil, nil, cmd, err
+	}
+	envVariables = append(envVariables, parsedVars...)
+	// boo, there's no debug output for docker run
+	//utils.Debugf("Environment variables for the container: %#v", envVariables)
+
 	config := &Config{
 		Hostname:        hostname,
 		Domainname:      domainname,
@@ -213,7 +225,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		AttachStdin:     flAttach.Get("stdin"),
 		AttachStdout:    flAttach.Get("stdout"),
 		AttachStderr:    flAttach.Get("stderr"),
-		Env:             flEnv.GetAll(),
+		Env:             envVariables,
 		Cmd:             runCmd,
 		Dns:             flDns.GetAll(),
 		DnsSearch:       flDnsSearch.GetAll(),

From bfaa917a966fab1e2c92e70617320957a8d8b43b Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Tue, 18 Feb 2014 14:22:46 -0500
Subject: [PATCH 257/384] pkg/opts: Close the file handle

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 pkg/opts/envfile.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/opts/envfile.go b/pkg/opts/envfile.go
index 004c320803..65495a1585 100644
--- a/pkg/opts/envfile.go
+++ b/pkg/opts/envfile.go
@@ -15,6 +15,8 @@ func ParseEnvFile(filename string) ([]string, error) {
 	if err != nil {
 		return []string{}, err
 	}
+  defer fh.Close()
+
 	var (
 		lines       []string = []string{}
 		line, chunk []byte

From 586e6c5eb9cd21a95d4bbba051249c4b05b2011e Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Tue, 18 Feb 2014 15:41:28 -0500
Subject: [PATCH 258/384] --env-file instead of --envfile

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 2 +-
 runconfig/parse.go                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 6a473ec461..d8cf5965da 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1152,7 +1152,7 @@ image is removed.
       --cidfile="": Write the container ID to the file
       -d, --detach=false: Detached mode: Run container in the background, print new container id
       -e, --env=[]: Set environment variables
-      --envfile="": Read in a line delimited file of ENV variables
+      --env-file="": Read in a line delimited file of ENV variables
       -h, --hostname="": Container host name
       -i, --interactive=false: Keep stdin open even if not attached
       --privileged=false: Give extended privileges to this container
diff --git a/runconfig/parse.go b/runconfig/parse.go
index aa1ed6d174..6ebe9f2bc3 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -68,7 +68,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
 		flLabelOptions    = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system")
-		flEnvFile         = cmd.String([]string{"#envfile", "-envfile"}, "", "Read in a line delimited file of ENV variables")
+		flEnvFile         = cmd.String([]string{"#env-file", "-env-file"}, "", "Read in a line delimited file of ENV variables")
 
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")

From 4e0014f582617960bad513518d292b64da866f73 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 20 Feb 2014 15:34:45 -0500
Subject: [PATCH 259/384] go fmt

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 pkg/opts/envfile.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/opts/envfile.go b/pkg/opts/envfile.go
index 65495a1585..7c69f5d799 100644
--- a/pkg/opts/envfile.go
+++ b/pkg/opts/envfile.go
@@ -15,7 +15,7 @@ func ParseEnvFile(filename string) ([]string, error) {
 	if err != nil {
 		return []string{}, err
 	}
-  defer fh.Close()
+	defer fh.Close()
 
 	var (
 		lines       []string = []string{}

From bcba5246f993a74eece36aa4b25df5b5e486e15b Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Wed, 26 Feb 2014 16:05:25 -0500
Subject: [PATCH 260/384] Fixing doc references to --env-file

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index d8cf5965da..4e697766bc 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1287,13 +1287,13 @@ explains in detail how to manipulate ports in Docker.
 
 .. code-block:: bash
 
-    $ sudo docker run -e MYVAR1 --env MYVAR2=foo --envfile ./env.list ubuntu bash
+    $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
 
 This sets environmental variables to the container. For illustration all three
 flags are shown here. Where -e and --env can be repeated, take an environment 
 variable and value, or if no "=" is provided, then that variable's current
 value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the
-container). The --envfile flag takes a filename as an argument and expects each
+container). The --env-file flag takes a filename as an argument and expects each
 line to be a VAR=VAL format.
 
 .. code-block:: bash

From acf5289dddfbbd69e19714f53575eb5088c618f7 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 6 Mar 2014 12:55:47 -0500
Subject: [PATCH 261/384] make the --env-file accept multiple flags

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 runconfig/parse.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/runconfig/parse.go b/runconfig/parse.go
index 6ebe9f2bc3..e6e8b120d8 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -52,6 +52,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
 		flDriverOpts  opts.ListOpts
+		flEnvFile     opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
 		flDetach          = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: Run container in the background, print new container id")
@@ -68,7 +69,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flWorkingDir      = cmd.String([]string{"w", "-workdir"}, "", "Working directory inside the container")
 		flCpuShares       = cmd.Int64([]string{"c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
 		flLabelOptions    = cmd.String([]string{"Z", "-label"}, "", "Options to pass to underlying labeling system")
-		flEnvFile         = cmd.String([]string{"#env-file", "-env-file"}, "", "Read in a line delimited file of ENV variables")
 
 		// For documentation purpose
 		_ = cmd.Bool([]string{"#sig-proxy", "-sig-proxy"}, true, "Proxify all received signal to the process (even in non-tty mode)")
@@ -79,6 +79,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flVolumes, []string{"v", "-volume"}, "Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)")
 	cmd.Var(&flLinks, []string{"#link", "-link"}, "Add link to another container (name:alias)")
 	cmd.Var(&flEnv, []string{"e", "-env"}, "Set environment variables")
+	cmd.Var(&flEnvFile, []string{"#env-file", "-env-file"}, "Read in a line delimited file of ENV variables")
 
 	cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host (format: %s) (use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat))
 	cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host")
@@ -203,11 +204,13 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	// collect all the environment variables for the container
 	envVariables := []string{}
 	envVariables = append(envVariables, flEnv.GetAll()...)
-	parsedVars, err := opts.ParseEnvFile(*flEnvFile)
-	if err != nil {
-		return nil, nil, cmd, err
+	for _, ef := range flEnvFile.GetAll() {
+		parsedVars, err := opts.ParseEnvFile(ef)
+		if err != nil {
+			return nil, nil, cmd, err
+		}
+		envVariables = append(envVariables, parsedVars...)
 	}
-	envVariables = append(envVariables, parsedVars...)
 	// boo, there's no debug output for docker run
 	//utils.Debugf("Environment variables for the container: %#v", envVariables)
 

From 33dde1f7288781a3a36951309f963e6040a1a0f5 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Thu, 6 Mar 2014 17:49:47 -0500
Subject: [PATCH 262/384] env-file: update functionality and docs

Multiple flags allowed. Order prescribed. Examples provided. Multiline
accounted for.

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 47 +++++++++++++++++++---
 pkg/opts/envfile.go                        | 41 ++++++++-----------
 runconfig/parse.go                         |  3 +-
 3 files changed, 59 insertions(+), 32 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 4e697766bc..989ea38798 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1289,12 +1289,47 @@ explains in detail how to manipulate ports in Docker.
 
     $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash
 
-This sets environmental variables to the container. For illustration all three
-flags are shown here. Where -e and --env can be repeated, take an environment 
-variable and value, or if no "=" is provided, then that variable's current
-value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the
-container). The --env-file flag takes a filename as an argument and expects each
-line to be a VAR=VAL format.
+This sets environmental variables in the container. For illustration all three
+flags are shown here. Where ``-e``, ``--env`` take an environment variable and
+value, or if no "=" is provided, then that variable's current value is passed
+through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All
+three flags, ``-e``, ``--env``  and ``--env-file`` can be repeated.
+
+Regardless of the order of these three flags, the ``--env-file`` are processed
+first, and then ``-e``/``--env`` flags. So that they can override VAR as needed.
+
+.. code-block:: bash
+
+    $ cat ./env.list
+    TEST_FOO=BAR
+    $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO
+    TEST_FOO=This is a test
+
+The ``--env-file`` flag takes a filename as an argument and expects each line
+to be in the VAR=VAL format.  The VAL is Unquoted, so if you need a multi-line
+value, then use `\n` escape characters inside of a double quoted VAL. Single
+quotes are literal. An example of a file passed with ``--env-file``
+
+.. code-block:: bash
+
+    $ cat ./env.list
+    TEST_FOO=BAR
+    TEST_APP_DEST_HOST=10.10.0.127
+    TEST_APP_DEST_PORT=8888
+    TEST_SOME_MULTILINE_VAR="this is first line\nthis is second line"
+    TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline'
+    $ sudo docker run --env-file ./env.list busybox env
+    HOME=/
+    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    HOSTNAME=215d54a814bc
+    TEST_FOO=BAR
+    TEST_APP_DEST_HOST=10.10.0.127
+    TEST_APP_DEST_PORT=8888
+    TEST_SOME_MULTILINE_VAR=this is first line
+    this is second line
+    TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline'
+    container=lxc
+
 
 .. code-block:: bash
 
diff --git a/pkg/opts/envfile.go b/pkg/opts/envfile.go
index 7c69f5d799..d9afdd952c 100644
--- a/pkg/opts/envfile.go
+++ b/pkg/opts/envfile.go
@@ -2,9 +2,10 @@ package opts
 
 import (
 	"bufio"
-	"bytes"
-	"io"
+	"fmt"
 	"os"
+	"strconv"
+	"strings"
 )
 
 /*
@@ -17,30 +18,20 @@ func ParseEnvFile(filename string) ([]string, error) {
 	}
 	defer fh.Close()
 
-	var (
-		lines       []string = []string{}
-		line, chunk []byte
-	)
-	reader := bufio.NewReader(fh)
-	line, isPrefix, err := reader.ReadLine()
-
-	for err == nil {
-		if isPrefix {
-			chunk = append(chunk, line...)
-		} else if !isPrefix && len(chunk) > 0 {
-			line = chunk
-			chunk = []byte{}
-		} else {
-			chunk = []byte{}
+	lines := []string{}
+	scanner := bufio.NewScanner(fh)
+	for scanner.Scan() {
+		line := scanner.Text()
+		// line is not empty, and not starting with '#'
+		if len(line) > 0 && !strings.HasPrefix(line, "#") && strings.Contains(line, "=") {
+			data := strings.SplitN(line, "=", 2)
+			key := data[0]
+			val := data[1]
+			if str, err := strconv.Unquote(data[1]); err == nil {
+				val = str
+			}
+			lines = append(lines, fmt.Sprintf("%s=%s", key, val))
 		}
-
-		if !isPrefix && len(line) > 0 && bytes.Contains(line, []byte("=")) {
-			lines = append(lines, string(line))
-		}
-		line, isPrefix, err = reader.ReadLine()
-	}
-	if err != nil && err != io.EOF {
-		return []string{}, err
 	}
 	return lines, nil
 }
diff --git a/runconfig/parse.go b/runconfig/parse.go
index e6e8b120d8..d3e32bc2de 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -203,7 +203,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 
 	// collect all the environment variables for the container
 	envVariables := []string{}
-	envVariables = append(envVariables, flEnv.GetAll()...)
 	for _, ef := range flEnvFile.GetAll() {
 		parsedVars, err := opts.ParseEnvFile(ef)
 		if err != nil {
@@ -211,6 +210,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		}
 		envVariables = append(envVariables, parsedVars...)
 	}
+	// parse the '-e' and '--env' after, to allow override
+	envVariables = append(envVariables, flEnv.GetAll()...)
 	// boo, there's no debug output for docker run
 	//utils.Debugf("Environment variables for the container: %#v", envVariables)
 

From d9c257732e435cecdcc1ec8452f35e7614e4713f Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Fri, 7 Mar 2014 16:18:42 -0500
Subject: [PATCH 263/384] env-file: remove the unneeded deprecation markup

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 runconfig/parse.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runconfig/parse.go b/runconfig/parse.go
index d3e32bc2de..db4ac351a9 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -79,7 +79,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flVolumes, []string{"v", "-volume"}, "Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)")
 	cmd.Var(&flLinks, []string{"#link", "-link"}, "Add link to another container (name:alias)")
 	cmd.Var(&flEnv, []string{"e", "-env"}, "Set environment variables")
-	cmd.Var(&flEnvFile, []string{"#env-file", "-env-file"}, "Read in a line delimited file of ENV variables")
+	cmd.Var(&flEnvFile, []string{"-env-file"}, "Read in a line delimited file of ENV variables")
 
 	cmd.Var(&flPublish, []string{"p", "-publish"}, fmt.Sprintf("Publish a container's port to the host (format: %s) (use 'docker port' to see the actual mapping)", nat.PortSpecTemplateFormat))
 	cmd.Var(&flExpose, []string{"#expose", "-expose"}, "Expose a port from the container without publishing it to your host")

From ff4ac7441ba582c8c339b25b400c6756d9646ff1 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Tue, 11 Mar 2014 16:22:58 -0400
Subject: [PATCH 264/384] --env-file: simple line-delimited

match dock functionality, and not try to achieve shell-sourcing compatibility

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 docs/sources/reference/commandline/cli.rst | 26 ++++++++++++----------
 {pkg/opts => opts}/envfile.go              | 14 +++++-------
 2 files changed, 20 insertions(+), 20 deletions(-)
 rename {pkg/opts => opts}/envfile.go (60%)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 989ea38798..0c9db138c2 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1296,7 +1296,8 @@ through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All
 three flags, ``-e``, ``--env``  and ``--env-file`` can be repeated.
 
 Regardless of the order of these three flags, the ``--env-file`` are processed
-first, and then ``-e``/``--env`` flags. So that they can override VAR as needed.
+first, and then ``-e``/``--env`` flags. This way, the ``-e`` or ``--env`` will
+override variables as needed.
 
 .. code-block:: bash
 
@@ -1306,29 +1307,30 @@ first, and then ``-e``/``--env`` flags. So that they can override VAR as needed.
     TEST_FOO=This is a test
 
 The ``--env-file`` flag takes a filename as an argument and expects each line
-to be in the VAR=VAL format.  The VAL is Unquoted, so if you need a multi-line
-value, then use `\n` escape characters inside of a double quoted VAL. Single
-quotes are literal. An example of a file passed with ``--env-file``
+to be in the VAR=VAL format, mimicking the argument passed to ``--env``.
+Comment lines need only be prefixed with ``#``
+
+An example of a file passed with ``--env-file``
 
 .. code-block:: bash
 
     $ cat ./env.list
     TEST_FOO=BAR
+
+    # this is a comment
     TEST_APP_DEST_HOST=10.10.0.127
     TEST_APP_DEST_PORT=8888
-    TEST_SOME_MULTILINE_VAR="this is first line\nthis is second line"
-    TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline'
-    $ sudo docker run --env-file ./env.list busybox env
+
+    # pass through this variable from the caller
+    TEST_PASSTHROUGH
+    $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env
     HOME=/
     PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-    HOSTNAME=215d54a814bc
+    HOSTNAME=5198e0745561
     TEST_FOO=BAR
     TEST_APP_DEST_HOST=10.10.0.127
     TEST_APP_DEST_PORT=8888
-    TEST_SOME_MULTILINE_VAR=this is first line
-    this is second line
-    TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline'
-    container=lxc
+    TEST_PASSTHROUGH=howdy
 
 
 .. code-block:: bash
diff --git a/pkg/opts/envfile.go b/opts/envfile.go
similarity index 60%
rename from pkg/opts/envfile.go
rename to opts/envfile.go
index d9afdd952c..99a713e761 100644
--- a/pkg/opts/envfile.go
+++ b/opts/envfile.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 )
 
@@ -23,14 +22,13 @@ func ParseEnvFile(filename string) ([]string, error) {
 	for scanner.Scan() {
 		line := scanner.Text()
 		// line is not empty, and not starting with '#'
-		if len(line) > 0 && !strings.HasPrefix(line, "#") && strings.Contains(line, "=") {
-			data := strings.SplitN(line, "=", 2)
-			key := data[0]
-			val := data[1]
-			if str, err := strconv.Unquote(data[1]); err == nil {
-				val = str
+		if len(line) > 0 && !strings.HasPrefix(line, "#") {
+			if strings.Contains(line, "=") {
+				data := strings.SplitN(line, "=", 2)
+				lines = append(lines, fmt.Sprintf("%s=%s", data[0], data[1]))
+			} else {
+				lines = append(lines, fmt.Sprintf("%s=%s", line, os.Getenv(line)))
 			}
-			lines = append(lines, fmt.Sprintf("%s=%s", key, val))
 		}
 	}
 	return lines, nil

From 500c8ba4b66c35cf2c29aeb81a9392cc406835a4 Mon Sep 17 00:00:00 2001
From: Vincent Batts <vbatts@redhat.com>
Date: Mon, 17 Mar 2014 17:11:27 -0400
Subject: [PATCH 265/384] env-file: variable behavior

trim the front of variables. Error if there are other spaces present.
Leave the value alone.

Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
---
 opts/envfile.go | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/opts/envfile.go b/opts/envfile.go
index 99a713e761..19ee8955f9 100644
--- a/opts/envfile.go
+++ b/opts/envfile.go
@@ -25,11 +25,30 @@ func ParseEnvFile(filename string) ([]string, error) {
 		if len(line) > 0 && !strings.HasPrefix(line, "#") {
 			if strings.Contains(line, "=") {
 				data := strings.SplitN(line, "=", 2)
-				lines = append(lines, fmt.Sprintf("%s=%s", data[0], data[1]))
+
+				// trim the front of a variable, but nothing else
+				variable := strings.TrimLeft(data[0], whiteSpaces)
+				if strings.ContainsAny(variable, whiteSpaces) {
+					return []string{}, ErrBadEnvVariable{fmt.Sprintf("variable '%s' has white spaces", variable)}
+				}
+
+				// pass the value through, no trimming
+				lines = append(lines, fmt.Sprintf("%s=%s", variable, data[1]))
 			} else {
-				lines = append(lines, fmt.Sprintf("%s=%s", line, os.Getenv(line)))
+				// if only a pass-through variable is given, clean it up.
+				lines = append(lines, fmt.Sprintf("%s=%s", strings.TrimSpace(line), os.Getenv(line)))
 			}
 		}
 	}
 	return lines, nil
 }
+
+var whiteSpaces = " \t"
+
+type ErrBadEnvVariable struct {
+	msg string
+}
+
+func (e ErrBadEnvVariable) Error() string {
+	return fmt.Sprintf("poorly formatted environment: %s", e.msg)
+}

From f16372022875a6dfe9d53489bde635789dd865a6 Mon Sep 17 00:00:00 2001
From: Marc Abramowitz <marc@marc-abramowitz.com>
Date: Mon, 31 Mar 2014 10:39:02 -0700
Subject: [PATCH 266/384] Move installmirrors anchor in doc

so it's before "Mirrors" instead of "Docker and local DNS server
warnings"

Docker-DCO-1.1-Signed-off-by: Marc Abramowitz <msabramo@gmail.com> (github: msabramo)
---
 docs/sources/installation/ubuntulinux.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 85098e9552..44dba6b97e 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -282,8 +282,6 @@ incoming connections on the Docker port (default 4243):
 
    sudo ufw allow 4243/tcp
 
-.. _installmirrors:
-
 Docker and local DNS server warnings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -342,6 +340,8 @@ NetworkManager and Docker need to be restarted afterwards:
 
 .. warning:: This might make DNS resolution slower on some networks.
 
+.. _installmirrors:
+
 Mirrors
 ^^^^^^^
 

From f7ae3a1381fdc53042bebec085bb3f108bc05da3 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Mon, 31 Mar 2014 21:48:30 +0300
Subject: [PATCH 267/384] integration-cli: pull busybox before running

Make sure the busybox image is ready to be used when running the cli
integration tests.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 hack/make/test-integration-cli | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
index d007fbaf6a..5c6fc367fc 100644
--- a/hack/make/test-integration-cli
+++ b/hack/make/test-integration-cli
@@ -19,6 +19,10 @@ fi
 
 docker -d -D -p $DEST/docker.pid &> $DEST/docker.log &
 
+# pull the busybox image before running the tests
+sleep 2
+docker pull busybox
+
 bundle_test_integration_cli 2>&1 \
 	| tee $DEST/test.log
 

From 904bf049c1626567ee28a21bde4b68ab82c5ce77 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 31 Mar 2014 19:10:19 +0000
Subject: [PATCH 268/384] Force abs paths for host volumes
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration-cli/docker_cli_run_test.go | 12 ++++++++++++
 runtime/volumes.go                     |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 13959adea7..8d62108fed 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -271,3 +271,15 @@ func TestDockerRunWithVolumesAsFiles(t *testing.T) {
 
 	logDone("run - regression test for #4741 - volumes from as files")
 }
+
+// Regression test for #4830
+func TestDockerRunWithRelativePath(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-v", "tmp:/other-tmp", "busybox", "true")
+	if _, _, _, err := runCommandWithStdoutStderr(runCmd); err == nil {
+		t.Fatalf("relative path should result in an error")
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volume with relative path")
+}
diff --git a/runtime/volumes.go b/runtime/volumes.go
index 5ac82ef089..c504644ae8 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -172,6 +172,13 @@ func createVolumes(container *Container) error {
 		if bindMap, exists := binds[volPath]; exists {
 			isBindMount = true
 			srcPath = bindMap.SrcPath
+			srcAbs, err := filepath.Abs(srcPath)
+			if err != nil {
+				return err
+			}
+			if srcPath != srcAbs {
+				return fmt.Errorf("%s should be an absolute path", srcPath)
+			}
 			if strings.ToLower(bindMap.Mode) == "rw" {
 				srcRW = true
 			}

From 9709c31d1b500fb7cfdb02aaf62c7d8c187874cf Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 31 Mar 2014 19:21:57 +0000
Subject: [PATCH 269/384] fix import display

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 utils/jsonmessage.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/utils/jsonmessage.go b/utils/jsonmessage.go
index f84cc42c78..6be421be94 100644
--- a/utils/jsonmessage.go
+++ b/utils/jsonmessage.go
@@ -131,7 +131,7 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 		if jm.Progress != nil {
 			jm.Progress.terminalFd = terminalFd
 		}
-		if jm.Progress != nil || jm.ProgressMessage != "" {
+		if jm.ID != "" && (jm.Progress != nil || jm.ProgressMessage != "") {
 			line, ok := ids[jm.ID]
 			if !ok {
 				line = len(ids)
@@ -141,17 +141,15 @@ func DisplayJSONMessagesStream(in io.Reader, out io.Writer, terminalFd uintptr,
 			} else {
 				diff = len(ids) - line
 			}
-			if isTerminal {
+			if jm.ID != "" && isTerminal {
 				// <ESC>[{diff}A = move cursor up diff rows
 				fmt.Fprintf(out, "%c[%dA", 27, diff)
 			}
 		}
 		err := jm.Display(out, isTerminal)
-		if jm.ID != "" {
-			if isTerminal {
-				// <ESC>[{diff}B = move cursor down diff rows
-				fmt.Fprintf(out, "%c[%dB", 27, diff)
-			}
+		if jm.ID != "" && isTerminal {
+			// <ESC>[{diff}B = move cursor down diff rows
+			fmt.Fprintf(out, "%c[%dB", 27, diff)
 		}
 		if err != nil {
 			return err

From b430f4f45be27b9565027b5c89b2506577027e88 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Mon, 31 Mar 2014 19:31:21 +0000
Subject: [PATCH 270/384] add test

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 integration-cli/docker_cli_import_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 integration-cli/docker_cli_import_test.go

diff --git a/integration-cli/docker_cli_import_test.go b/integration-cli/docker_cli_import_test.go
new file mode 100644
index 0000000000..9b36aa9ce1
--- /dev/null
+++ b/integration-cli/docker_cli_import_test.go
@@ -0,0 +1,20 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"strings"
+	"testing"
+)
+
+func TestImportDisplay(t *testing.T) {
+	importCmd := exec.Command(dockerBinary, "import", "https://github.com/ewindisch/docker-cirros/raw/master/cirros-0.3.0-x86_64-lxc.tar.gz")
+	out, _, err := runCommandWithOutput(importCmd)
+	errorOut(err, t, fmt.Sprintf("import failed with errors: %v", err))
+
+	if n := len(strings.Split(out, "\n")); n != 3 {
+		t.Fatalf("display is messed up: %d '\\n' instead of 3", n)
+	}
+
+	logDone("import - cirros was imported and display is fine")
+}

From 5fb28eab3e670f225019174987424be31a0d0527 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 31 Mar 2014 11:40:39 -0700
Subject: [PATCH 271/384] Add regression test

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 integration-cli/docker_cli_logs_test.go | 76 +++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 integration-cli/docker_cli_logs_test.go

diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go
new file mode 100644
index 0000000000..f8fcbe8832
--- /dev/null
+++ b/integration-cli/docker_cli_logs_test.go
@@ -0,0 +1,76 @@
+package main
+
+import (
+	"fmt"
+	"os/exec"
+	"testing"
+)
+
+// This used to work, it test a log of PageSize-1 (gh#4851)
+func TestLogsContainerSmallerThanPage(t *testing.T) {
+	testLen := 32767
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n =; done; echo", testLen))
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+	exec.Command(dockerBinary, "wait", cleanedContainerID).Run()
+
+	logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, _, err = runCommandWithStdoutStderr(logsCmd)
+	errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err))
+
+	if len(out) != testLen+1 {
+		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
+	}
+
+	go deleteContainer(cleanedContainerID)
+
+	logDone("logs - logs container running echo smaller than page size")
+}
+
+// Regression test: When going over the PageSize, it used to panic (gh#4851)
+func TestLogsContainerBiggerThanPage(t *testing.T) {
+	testLen := 32768
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n =; done; echo", testLen))
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+	exec.Command(dockerBinary, "wait", cleanedContainerID).Run()
+
+	logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, _, err = runCommandWithStdoutStderr(logsCmd)
+	errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err))
+
+	if len(out) != testLen+1 {
+		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
+	}
+
+	go deleteContainer(cleanedContainerID)
+
+	logDone("logs - logs container running echo bigger than page size")
+}
+
+// Regression test: When going much over the PageSize, it used to block (gh#4851)
+func TestLogsContainerMuchBiggerThanPage(t *testing.T) {
+	testLen := 33000
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n =; done; echo", testLen))
+	out, _, _, err := runCommandWithStdoutStderr(runCmd)
+	errorOut(err, t, fmt.Sprintf("run failed with errors: %v", err))
+
+	cleanedContainerID := stripTrailingCharacters(out)
+	exec.Command(dockerBinary, "wait", cleanedContainerID).Run()
+
+	logsCmd := exec.Command(dockerBinary, "logs", cleanedContainerID)
+	out, _, _, err = runCommandWithStdoutStderr(logsCmd)
+	errorOut(err, t, fmt.Sprintf("failed to log container: %v %v", out, err))
+
+	if len(out) != testLen+1 {
+		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
+	}
+
+	go deleteContainer(cleanedContainerID)
+
+	logDone("logs - logs container running echo much bigger than page size")
+}

From 07b60d626acaddffb6a0b118bfc3f19631411d72 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 19 Mar 2014 18:52:38 +0000
Subject: [PATCH 272/384] symlink /etc/mtab and /proc/mounts

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 graph/graph.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/graph/graph.go b/graph/graph.go
index 4349cac129..a177cbd1e1 100644
--- a/graph/graph.go
+++ b/graph/graph.go
@@ -259,6 +259,7 @@ func SetupInitLayer(initLayer string) error {
 		"/etc/hosts":       "file",
 		"/etc/hostname":    "file",
 		"/dev/console":     "file",
+		"/etc/mtab":        "/proc/mounts",
 		// "var/run": "dir",
 		// "var/lock": "dir",
 	} {
@@ -285,6 +286,10 @@ func SetupInitLayer(initLayer string) error {
 						return err
 					}
 					f.Close()
+				default:
+					if err := os.Symlink(typ, path.Join(initLayer, pth)); err != nil {
+						return err
+					}
 				}
 			} else {
 				return err

From 289377b409b321a5a624af3517032c396df6c22f Mon Sep 17 00:00:00 2001
From: Josh Hawn <josh.hawn@docker.com>
Date: Mon, 31 Mar 2014 15:32:57 -0700
Subject: [PATCH 273/384] No longer expose gravatar_email in docker.io api

Docker.io API has replaced the gravatar_email field with a
gravatar_url field instead.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
---
 docs/sources/reference/api/docker_io_accounts_api.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/sources/reference/api/docker_io_accounts_api.rst b/docs/sources/reference/api/docker_io_accounts_api.rst
index 7976f1fddf..dc5c44d4a8 100644
--- a/docs/sources/reference/api/docker_io_accounts_api.rst
+++ b/docs/sources/reference/api/docker_io_accounts_api.rst
@@ -49,14 +49,14 @@ docker.io Accounts API
         {
             "id": 2,
             "username": "janedoe",
-            "url": "",
+            "url": "https://www.docker.io/api/v1.1/users/janedoe/",
             "date_joined": "2014-02-12T17:58:01.431312Z",
             "type": "User",
             "full_name": "Jane Doe",
             "location": "San Francisco, CA",
             "company": "Success, Inc.",
             "profile_url": "https://docker.io/",
-            "gravatar_email": "jane.doe+gravatar@example.com",
+            "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm"
             "email": "jane.doe@example.com",
             "is_active": true
         }
@@ -111,14 +111,14 @@ docker.io Accounts API
         {
             "id": 2,
             "username": "janedoe",
-            "url": "",
+            "url": "https://www.docker.io/api/v1.1/users/janedoe/",
             "date_joined": "2014-02-12T17:58:01.431312Z",
             "type": "User",
             "full_name": "Jane Doe",
             "location": "Private Island",
             "company": "Retired",
             "profile_url": "http://janedoe.com/",
-            "gravatar_email": "jane.doe+gravatar@example.com",
+            "gravatar_url": "https://secure.gravatar.com/avatar/0212b397124be4acd4e7dea9aa357.jpg?s=80&r=g&d=mm"
             "email": "jane.doe@example.com",
             "is_active": true
         }

From 4cdcea20474a9f42291fe6b6c6dee348343a7c05 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 31 Mar 2014 21:02:42 +0000
Subject: [PATCH 274/384] Set bridge mac addr on supported kernels

Fixes #3200
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/netlink/netlink_linux.go           | 51 ++++++++++++++++++++++++++
 pkg/netlink/netlink_unsupported.go     |  4 ++
 runtime/networkdriver/bridge/driver.go | 30 +++------------
 3 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/pkg/netlink/netlink_linux.go b/pkg/netlink/netlink_linux.go
index f8bb6bac3c..f4aa92ed34 100644
--- a/pkg/netlink/netlink_linux.go
+++ b/pkg/netlink/netlink_linux.go
@@ -5,6 +5,7 @@ package netlink
 import (
 	"encoding/binary"
 	"fmt"
+	"math/rand"
 	"net"
 	"syscall"
 	"unsafe"
@@ -17,10 +18,16 @@ const (
 	IFLA_INFO_DATA = 2
 	VETH_INFO_PEER = 1
 	IFLA_NET_NS_FD = 28
+	SIOC_BRADDBR   = 0x89a0
 )
 
 var nextSeqNr int
 
+type ifreqHwaddr struct {
+	IfrnName   [16]byte
+	IfruHwaddr syscall.RawSockaddr
+}
+
 func nativeEndian() binary.ByteOrder {
 	var x uint32 = 0x01020304
 	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
@@ -808,3 +815,47 @@ func NetworkCreateVethPair(name1, name2 string) error {
 	}
 	return s.HandleAck(wb.Seq)
 }
+
+// Create the actual bridge device.  This is more backward-compatible than
+// netlink.NetworkLinkAdd and works on RHEL 6.
+func CreateBridge(name string, setMacAddr bool) error {
+	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+	if err != nil {
+		// ipv6 issue, creating with ipv4
+		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+		if err != nil {
+			return err
+		}
+	}
+	defer syscall.Close(s)
+
+	nameBytePtr, err := syscall.BytePtrFromString(name)
+	if err != nil {
+		return err
+	}
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), SIOC_BRADDBR, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {
+		return err
+	}
+	if setMacAddr {
+		return setBridgeMacAddress(s, name)
+	}
+	return nil
+}
+
+func setBridgeMacAddress(s int, name string) error {
+	ifr := ifreqHwaddr{}
+	ifr.IfruHwaddr.Family = syscall.ARPHRD_ETHER
+	copy(ifr.IfrnName[:], name)
+
+	for i := 0; i < 6; i++ {
+		ifr.IfruHwaddr.Data[i] = int8(rand.Intn(255))
+	}
+
+	ifr.IfruHwaddr.Data[0] &^= 0x1 // clear multicast bit
+	ifr.IfruHwaddr.Data[0] |= 0x2  // set local assignment bit (IEEE802)
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), syscall.SIOCSIFHWADDR, uintptr(unsafe.Pointer(&ifr))); err != 0 {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/netlink/netlink_unsupported.go b/pkg/netlink/netlink_unsupported.go
index bd9e962d35..00a3b3fae8 100644
--- a/pkg/netlink/netlink_unsupported.go
+++ b/pkg/netlink/netlink_unsupported.go
@@ -59,3 +59,7 @@ func NetworkSetMaster(iface, master *net.Interface) error {
 func NetworkLinkDown(iface *net.Interface) error {
 	return ErrNotImplemented
 }
+
+func CreateBridge(name string, setMacAddr bool) error {
+	return ErrNotImplemented
+}
diff --git a/runtime/networkdriver/bridge/driver.go b/runtime/networkdriver/bridge/driver.go
index 61e82dd481..f7c3bc6b01 100644
--- a/runtime/networkdriver/bridge/driver.go
+++ b/runtime/networkdriver/bridge/driver.go
@@ -14,13 +14,10 @@ import (
 	"log"
 	"net"
 	"strings"
-	"syscall"
-	"unsafe"
 )
 
 const (
 	DefaultNetworkBridge = "docker0"
-	siocBRADDBR          = 0x89a0
 )
 
 // Network interface represents the networking stack of a container
@@ -281,28 +278,13 @@ func createBridge(bridgeIP string) error {
 	return nil
 }
 
-// Create the actual bridge device.  This is more backward-compatible than
-// netlink.NetworkLinkAdd and works on RHEL 6.
 func createBridgeIface(name string) error {
-	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
-	if err != nil {
-		utils.Debugf("Bridge socket creation failed IPv6 probably not enabled: %v", err)
-		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
-		if err != nil {
-			return fmt.Errorf("Error creating bridge creation socket: %s", err)
-		}
-	}
-	defer syscall.Close(s)
-
-	nameBytePtr, err := syscall.BytePtrFromString(name)
-	if err != nil {
-		return fmt.Errorf("Error converting bridge name %s to byte array: %s", name, err)
-	}
-
-	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), siocBRADDBR, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {
-		return fmt.Errorf("Error creating bridge: %s", err)
-	}
-	return nil
+	kv, err := utils.GetKernelVersion()
+	// only set the bridge's mac address if the kernel version is > 3.3
+	// before that it was not supported
+	setBridgeMacAddr := err == nil && (kv.Kernel >= 3 && kv.Major >= 3)
+	utils.Debugf("setting bridge mac address = %v", setBridgeMacAddr)
+	return netlink.CreateBridge(name, setBridgeMacAddr)
 }
 
 // Allocate a network interface

From 7a7f59210d5eb7a38a5fac8889010bd54576ea01 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 31 Mar 2014 23:12:08 +0000
Subject: [PATCH 275/384] Ensure secound part of the key is provided
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/parse.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/runconfig/parse.go b/runconfig/parse.go
index a330c6c869..da4e045cd0 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -243,6 +243,8 @@ func parseDriverOpts(opts opts.ListOpts) (map[string][]string, error) {
 		parts := strings.SplitN(o, ".", 2)
 		if len(parts) < 2 {
 			return nil, fmt.Errorf("invalid opt format %s", o)
+		} else if strings.TrimSpace(parts[0]) == "" {
+			return nil, fmt.Errorf("key cannot be empty %s", o)
 		}
 		values, exists := out[parts[0]]
 		if !exists {

From d52d24dd801f3ffe1b894226b8dba613de59bd87 Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Tue, 1 Apr 2014 00:28:44 +0000
Subject: [PATCH 276/384] remove setupDev from libcontainer

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 pkg/libcontainer/nsinit/mount.go | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 796143c68e..59f4a0e0d9 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -62,9 +62,6 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 	}
 	// In non-privileged mode, this fails. Discard the error.
 	setupLoopbackDevices(rootfs)
-	if err := setupDev(rootfs); err != nil {
-		return err
-	}
 	if err := setupPtmx(rootfs, console, mountLabel); err != nil {
 		return err
 	}
@@ -172,30 +169,6 @@ func copyDevNode(rootfs, node string) error {
 	return nil
 }
 
-// setupDev symlinks the current processes pipes into the
-// appropriate destination on the containers rootfs
-func setupDev(rootfs string) error {
-	for _, link := range []struct {
-		from string
-		to   string
-	}{
-		{"/proc/kcore", "/dev/core"},
-		{"/proc/self/fd", "/dev/fd"},
-		{"/proc/self/fd/0", "/dev/stdin"},
-		{"/proc/self/fd/1", "/dev/stdout"},
-		{"/proc/self/fd/2", "/dev/stderr"},
-	} {
-		dest := filepath.Join(rootfs, link.to)
-		if err := os.Remove(dest); err != nil && !os.IsNotExist(err) {
-			return fmt.Errorf("remove %s %s", dest, err)
-		}
-		if err := os.Symlink(link.from, dest); err != nil {
-			return fmt.Errorf("symlink %s %s", dest, err)
-		}
-	}
-	return nil
-}
-
 // setupConsole ensures that the container has a proper /dev/console setup
 func setupConsole(rootfs, console string, mountLabel string) error {
 	oldMask := system.Umask(0000)

From 3f0886c8c3084341e9ef454bf41445cfc22efca2 Mon Sep 17 00:00:00 2001
From: Sam Alba <sam.alba@gmail.com>
Date: Mon, 31 Mar 2014 17:56:25 -0700
Subject: [PATCH 277/384] Inverted layer checksum and tarsum.

The checksum of the payload has to be computed on the Gzip'ed content.

Docker-DCO-1.1-Signed-off-by: Sam Alba <sam.alba@gmail.com> (github: samalba)
---
 registry/registry.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/registry/registry.go b/registry/registry.go
index 182ec78a76..414283b82c 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -438,10 +438,10 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
 
 	h := sha256.New()
-	checksumLayer := &utils.CheckSum{Reader: layer, Hash: h}
-	tarsumLayer := &utils.TarSum{Reader: checksumLayer}
+	tarsumLayer := &utils.TarSum{Reader: layer}
+	checksumLayer := &utils.CheckSum{Reader: tarsumLayer, Hash: h}
 
-	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", tarsumLayer)
+	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", checksumLayer)
 	if err != nil {
 		return "", "", err
 	}

From de9fba71721f71f86d53cf94504b10dcea80a5bd Mon Sep 17 00:00:00 2001
From: Sam Alba <sam.alba@gmail.com>
Date: Mon, 31 Mar 2014 18:31:15 -0700
Subject: [PATCH 278/384] Payload checksum now match the checksum simple

Backported for backward compatibility.

Docker-DCO-1.1-Signed-off-by: Sam Alba <sam.alba@gmail.com> (github: samalba)
---
 registry/registry.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/registry/registry.go b/registry/registry.go
index 414283b82c..5ac04f9e7e 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -437,8 +437,10 @@ func (r *Registry) PushImageLayerRegistry(imgID string, layer io.Reader, registr
 
 	utils.Debugf("[registry] Calling PUT %s", registry+"images/"+imgID+"/layer")
 
-	h := sha256.New()
 	tarsumLayer := &utils.TarSum{Reader: layer}
+	h := sha256.New()
+	h.Write(jsonRaw)
+	h.Write([]byte{'\n'})
 	checksumLayer := &utils.CheckSum{Reader: tarsumLayer, Hash: h}
 
 	req, err := r.reqFactory.NewRequest("PUT", registry+"images/"+imgID+"/layer", checksumLayer)

From e648a186d68dcb3ee0d6123b041c5aa66438cc89 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Mon, 31 Mar 2014 18:50:10 -0700
Subject: [PATCH 279/384] Allow push of a single tag

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client/commands.go |  9 ++++++---
 api/server/server.go   |  1 +
 server/server.go       | 33 ++++++++++++++++++++++++---------
 3 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index 49cd07700f..ef9796b747 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -1000,7 +1000,7 @@ func (cli *DockerCli) CmdImport(args ...string) error {
 }
 
 func (cli *DockerCli) CmdPush(args ...string) error {
-	cmd := cli.Subcmd("push", "NAME", "Push an image or a repository to the registry")
+	cmd := cli.Subcmd("push", "NAME[:TAG]", "Push an image or a repository to the registry")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -1013,8 +1013,10 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 
 	cli.LoadConfigFile()
 
+	remote, tag := utils.ParseRepositoryTag(name)
+
 	// Resolve the Repository name from fqn to hostname + name
-	hostname, _, err := registry.ResolveRepositoryName(name)
+	hostname, _, err := registry.ResolveRepositoryName(remote)
 	if err != nil {
 		return err
 	}
@@ -1033,6 +1035,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 	}
 
 	v := url.Values{}
+	v.Set("tag", tag)
 	push := func(authConfig registry.AuthConfig) error {
 		buf, err := json.Marshal(authConfig)
 		if err != nil {
@@ -1042,7 +1045,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
 			base64.URLEncoding.EncodeToString(buf),
 		}
 
-		return cli.stream("POST", "/images/"+name+"/push?"+v.Encode(), nil, cli.out, map[string][]string{
+		return cli.stream("POST", "/images/"+remote+"/push?"+v.Encode(), nil, cli.out, map[string][]string{
 			"X-Registry-Auth": registryAuthHeader,
 		})
 	}
diff --git a/api/server/server.go b/api/server/server.go
index 18aefe42cd..5597d8b92c 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -517,6 +517,7 @@ func postImagesPush(eng *engine.Engine, version version.Version, w http.Response
 	job := eng.Job("push", vars["name"])
 	job.SetenvJson("metaHeaders", metaHeaders)
 	job.SetenvJson("authConfig", authConfig)
+	job.Setenv("tag", r.Form.Get("tag"))
 	if version.GreaterThan("1.0") {
 		job.SetenvBool("json", true)
 		streamJSON(job, w, true)
diff --git a/server/server.go b/server/server.go
index 2cb3328d55..3e97481e0e 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1401,7 +1401,7 @@ func (srv *Server) ImagePull(job *engine.Job) engine.Status {
 }
 
 // Retrieve the all the images to be uploaded in the correct order
-func (srv *Server) getImageList(localRepo map[string]string) ([]string, map[string][]string, error) {
+func (srv *Server) getImageList(localRepo map[string]string, requestedTag string) ([]string, map[string][]string, error) {
 	var (
 		imageList   []string
 		imagesSeen  map[string]bool     = make(map[string]bool)
@@ -1409,6 +1409,9 @@ func (srv *Server) getImageList(localRepo map[string]string) ([]string, map[stri
 	)
 
 	for tag, id := range localRepo {
+		if requestedTag != "" && requestedTag != tag {
+			continue
+		}
 		var imageListForThisTag []string
 
 		tagsByImage[id] = append(tagsByImage[id], tag)
@@ -1435,25 +1438,29 @@ func (srv *Server) getImageList(localRepo map[string]string) ([]string, map[stri
 		// append to main image list
 		imageList = append(imageList, imageListForThisTag...)
 	}
-
+	if len(imageList) == 0 {
+		return nil, nil, fmt.Errorf("No images found for the requested repository / tag")
+	}
 	utils.Debugf("Image list: %v", imageList)
 	utils.Debugf("Tags by image: %v", tagsByImage)
 
 	return imageList, tagsByImage, nil
 }
 
-func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, sf *utils.StreamFormatter) error {
+func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName, remoteName string, localRepo map[string]string, tag string, sf *utils.StreamFormatter) error {
 	out = utils.NewWriteFlusher(out)
 	utils.Debugf("Local repo: %s", localRepo)
-	imgList, tagsByImage, err := srv.getImageList(localRepo)
+	imgList, tagsByImage, err := srv.getImageList(localRepo, tag)
 	if err != nil {
 		return err
 	}
 
 	out.Write(sf.FormatStatus("", "Sending image list"))
 
-	var repoData *registry.RepositoryData
-	var imageIndex []*registry.ImgData
+	var (
+		repoData   *registry.RepositoryData
+		imageIndex []*registry.ImgData
+	)
 
 	for _, imgId := range imgList {
 		if tags, exists := tagsByImage[imgId]; exists {
@@ -1488,8 +1495,12 @@ func (srv *Server) pushRepository(r *registry.Registry, out io.Writer, localName
 		return err
 	}
 
+	nTag := 1
+	if tag == "" {
+		nTag = len(localRepo)
+	}
 	for _, ep := range repoData.Endpoints {
-		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, len(localRepo)))
+		out.Write(sf.FormatStatus("", "Pushing repository %s (%d tags)", localName, nTag))
 
 		for _, imgId := range imgList {
 			if r.LookupRemoteImage(imgId, ep, repoData.Tokens) {
@@ -1575,6 +1586,7 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 		metaHeaders map[string][]string
 	)
 
+	tag := job.Getenv("tag")
 	job.GetenvJson("authConfig", authConfig)
 	job.GetenvJson("metaHeaders", metaHeaders)
 	if _, err := srv.poolAdd("push", localName); err != nil {
@@ -1600,11 +1612,14 @@ func (srv *Server) ImagePush(job *engine.Job) engine.Status {
 	}
 
 	if err != nil {
-		reposLen := len(srv.runtime.Repositories().Repositories[localName])
+		reposLen := 1
+		if tag == "" {
+			reposLen = len(srv.runtime.Repositories().Repositories[localName])
+		}
 		job.Stdout.Write(sf.FormatStatus("", "The push refers to a repository [%s] (len: %d)", localName, reposLen))
 		// If it fails, try to get the repository
 		if localRepo, exists := srv.runtime.Repositories().Repositories[localName]; exists {
-			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, sf); err != nil {
+			if err := srv.pushRepository(r, job.Stdout, localName, remoteName, localRepo, tag, sf); err != nil {
 				return job.Error(err)
 			}
 			return engine.StatusOK

From 739d1244807bc3522a0af4dc3490305d6f037601 Mon Sep 17 00:00:00 2001
From: tjmehta <tj@init.me>
Date: Mon, 31 Mar 2014 22:21:52 -0700
Subject: [PATCH 280/384] make findNextPort circular, add all-ports-allocated
 error

Docker-DCO-1.1-Signed-off-by: Tejesh Mehta <tejesh.mehta@gmail.com> (github: tjmehta)
---
 runtime/networkdriver/portallocator/portallocator.go | 12 ++++++++----
 .../portallocator/portallocator_test.go              |  4 ++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/runtime/networkdriver/portallocator/portallocator.go b/runtime/networkdriver/portallocator/portallocator.go
index 4d698f2de2..9ecd447116 100644
--- a/runtime/networkdriver/portallocator/portallocator.go
+++ b/runtime/networkdriver/portallocator/portallocator.go
@@ -18,8 +18,8 @@ type (
 )
 
 var (
+	ErrAllPortsAllocated    = errors.New("all ports are allocated")
 	ErrPortAlreadyAllocated = errors.New("port has already been allocated")
-	ErrPortExceedsRange     = errors.New("port exceeds upper range")
 	ErrUnknownProtocol      = errors.New("unknown protocol")
 )
 
@@ -152,17 +152,21 @@ func equalsDefault(ip net.IP) bool {
 
 func findNextPort(proto string, allocated *collections.OrderedIntSet) (int, error) {
 	port := nextPort(proto)
+	startSearchPort := port
 	for allocated.Exists(port) {
 		port = nextPort(proto)
-	}
-	if port > EndPortRange {
-		return 0, ErrPortExceedsRange
+		if startSearchPort == port {
+			return 0, ErrAllPortsAllocated
+		}
 	}
 	return port, nil
 }
 
 func nextPort(proto string) int {
 	c := currentDynamicPort[proto] + 1
+	if c > EndPortRange {
+		c = BeginPortRange
+	}
 	currentDynamicPort[proto] = c
 	return c
 }
diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
index f01bcfc99e..8b4062c37c 100644
--- a/runtime/networkdriver/portallocator/portallocator_test.go
+++ b/runtime/networkdriver/portallocator/portallocator_test.go
@@ -110,8 +110,8 @@ func TestAllocateAllPorts(t *testing.T) {
 		}
 	}
 
-	if _, err := RequestPort(defaultIP, "tcp", 0); err != ErrPortExceedsRange {
-		t.Fatalf("Expected error %s got %s", ErrPortExceedsRange, err)
+	if _, err := RequestPort(defaultIP, "tcp", 0); err != ErrAllPortsAllocated {
+		t.Fatalf("Expected error %s got %s", ErrAllPortsAllocated, err)
 	}
 
 	_, err := RequestPort(defaultIP, "udp", 0)

From 40c6d00c97c737d9d3827f159518007803affcc7 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 1 Apr 2014 07:07:42 +0000
Subject: [PATCH 281/384] Update imports to be consistent
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/execdriver/native/create.go | 3 ++-
 runtime/utils_test.go               | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/runtime/execdriver/native/create.go b/runtime/execdriver/native/create.go
index 976416a8ca..71fab3e064 100644
--- a/runtime/execdriver/native/create.go
+++ b/runtime/execdriver/native/create.go
@@ -2,12 +2,13 @@ package native
 
 import (
 	"fmt"
+	"os"
+
 	"github.com/dotcloud/docker/pkg/label"
 	"github.com/dotcloud/docker/pkg/libcontainer"
 	"github.com/dotcloud/docker/runtime/execdriver"
 	"github.com/dotcloud/docker/runtime/execdriver/native/configuration"
 	"github.com/dotcloud/docker/runtime/execdriver/native/template"
-	"os"
 )
 
 // createContainer populates and configures the container type with the
diff --git a/runtime/utils_test.go b/runtime/utils_test.go
index 833634cb47..bdf3543a49 100644
--- a/runtime/utils_test.go
+++ b/runtime/utils_test.go
@@ -1,9 +1,10 @@
 package runtime
 
 import (
+	"testing"
+
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/utils"
-	"testing"
 )
 
 func TestMergeLxcConfig(t *testing.T) {

From f067e263677fc86f9610ca61fbe42f63efad91f2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 25 Mar 2014 23:21:07 +0000
Subject: [PATCH 282/384] Ensure that all containers are stopped cleanly at
 shutdown Docker-DCO-1.1-Signed-off-by: Michael Crosby
 <michael@crosbymichael.com> (github: crosbymichael)

---
 runtime/runtime.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index b035f5df9f..85880ff9ab 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -778,8 +778,31 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 	return runtime, nil
 }
 
+func (runtime *Runtime) shutdown() error {
+	group := sync.WaitGroup{}
+	utils.Debugf("starting clean shutdown of all containers...")
+	for _, container := range runtime.List() {
+		if container.State.IsRunning() {
+			utils.Debugf("stopping %s", container.ID)
+			group.Add(1)
+
+			go func() {
+				defer group.Done()
+				container.Stop(10)
+			}()
+		}
+	}
+	group.Wait()
+
+	return nil
+}
+
 func (runtime *Runtime) Close() error {
 	errorsStrings := []string{}
+	if err := runtime.shutdown(); err != nil {
+		utils.Errorf("runtime.shutdown(): %s", err)
+		errorsStrings = append(errorsStrings, err.Error())
+	}
 	if err := portallocator.ReleaseAll(); err != nil {
 		utils.Errorf("portallocator.ReleaseAll(): %s", err)
 		errorsStrings = append(errorsStrings, err.Error())

From 5b9069bd990dca0a35d8e490c6f6b56d27163bb8 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 00:04:55 +0000
Subject: [PATCH 283/384] Add kill for other drivers on restart
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/runtime.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index 85880ff9ab..4ece7d1533 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -174,6 +174,7 @@ func (runtime *Runtime) Register(container *Container) error {
 		if container.State.IsGhost() {
 			utils.Debugf("killing ghost %s", container.ID)
 
+			existingPid := container.State.Pid
 			container.State.SetGhost(false)
 			container.State.SetStopped(0)
 
@@ -181,9 +182,20 @@ func (runtime *Runtime) Register(container *Container) error {
 			// no ghost processes are left when docker dies
 			if container.ExecDriver == "" || strings.Contains(container.ExecDriver, "lxc") {
 				lxc.KillLxc(container.ID, 9)
-				if err := container.Unmount(); err != nil {
-					utils.Debugf("ghost unmount error %s", err)
+			} else {
+				// use the current driver and ensure that the container is dead x.x
+				cmd := &execdriver.Command{
+					ID: container.ID,
 				}
+				var err error
+				cmd.Process, err = os.FindProcess(existingPid)
+				if err != nil {
+					utils.Debugf("cannot find existing process for %d", existingPid)
+				}
+				runtime.execDriver.Kill(cmd, 9)
+			}
+			if err := container.Unmount(); err != nil {
+				utils.Debugf("ghost unmount error %s", err)
 			}
 		}
 

From 5bb82f6313d7f789783ffac854be85a44a56617e Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 06:48:16 +0000
Subject: [PATCH 284/384] Ensure a reliable way to kill ghost containers on
 reboot Docker-DCO-1.1-Signed-off-by: Michael Crosby
 <michael@crosbymichael.com> (github: crosbymichael)

---
 pkg/libcontainer/nsinit/exec.go     |  7 +++++-
 pkg/libcontainer/nsinit/state.go    | 16 +++++++++----
 pkg/system/proc.go                  | 26 +++++++++++++++++++++
 runtime/execdriver/driver.go        |  1 +
 runtime/execdriver/lxc/driver.go    |  4 ++++
 runtime/execdriver/native/driver.go | 36 ++++++++++++++++++++++++++---
 runtime/runtime.go                  |  2 +-
 7 files changed, 83 insertions(+), 9 deletions(-)
 create mode 100644 pkg/system/proc.go

diff --git a/pkg/libcontainer/nsinit/exec.go b/pkg/libcontainer/nsinit/exec.go
index 73842f729f..c07c45de3c 100644
--- a/pkg/libcontainer/nsinit/exec.go
+++ b/pkg/libcontainer/nsinit/exec.go
@@ -50,8 +50,13 @@ func (ns *linuxNs) Exec(container *libcontainer.Container, term Terminal, args [
 	if err := command.Start(); err != nil {
 		return -1, err
 	}
+
+	started, err := system.GetProcessStartTime(command.Process.Pid)
+	if err != nil {
+		return -1, err
+	}
 	ns.logger.Printf("writting pid %d to file\n", command.Process.Pid)
-	if err := ns.stateWriter.WritePid(command.Process.Pid); err != nil {
+	if err := ns.stateWriter.WritePid(command.Process.Pid, started); err != nil {
 		command.Process.Kill()
 		return -1, err
 	}
diff --git a/pkg/libcontainer/nsinit/state.go b/pkg/libcontainer/nsinit/state.go
index af38008c03..26d7fa4230 100644
--- a/pkg/libcontainer/nsinit/state.go
+++ b/pkg/libcontainer/nsinit/state.go
@@ -10,7 +10,7 @@ import (
 // StateWriter handles writing and deleting the pid file
 // on disk
 type StateWriter interface {
-	WritePid(pid int) error
+	WritePid(pid int, startTime string) error
 	DeletePid() error
 }
 
@@ -19,10 +19,18 @@ type DefaultStateWriter struct {
 }
 
 // writePidFile writes the namespaced processes pid to pid in the rootfs for the container
-func (d *DefaultStateWriter) WritePid(pid int) error {
-	return ioutil.WriteFile(filepath.Join(d.Root, "pid"), []byte(fmt.Sprint(pid)), 0655)
+func (d *DefaultStateWriter) WritePid(pid int, startTime string) error {
+	err := ioutil.WriteFile(filepath.Join(d.Root, "pid"), []byte(fmt.Sprint(pid)), 0655)
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(filepath.Join(d.Root, "start"), []byte(startTime), 0655)
 }
 
 func (d *DefaultStateWriter) DeletePid() error {
-	return os.Remove(filepath.Join(d.Root, "pid"))
+	err := os.Remove(filepath.Join(d.Root, "pid"))
+	if serr := os.Remove(filepath.Join(d.Root, "start")); err == nil {
+		err = serr
+	}
+	return err
 }
diff --git a/pkg/system/proc.go b/pkg/system/proc.go
new file mode 100644
index 0000000000..a492346c7f
--- /dev/null
+++ b/pkg/system/proc.go
@@ -0,0 +1,26 @@
+package system
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+// look in /proc to find the process start time so that we can verify
+// that this pid has started after ourself
+func GetProcessStartTime(pid int) (string, error) {
+	data, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
+	if err != nil {
+		return "", err
+	}
+	parts := strings.Split(string(data), " ")
+	// the starttime is located at pos 22
+	// from the man page
+	//
+	// starttime %llu (was %lu before Linux 2.6)
+	// (22)  The  time the process started after system boot.  In kernels before Linux 2.6, this
+	// value was expressed in jiffies.  Since Linux 2.6, the value is expressed in  clock  ticks
+	// (divide by sysconf(_SC_CLK_TCK)).
+	return parts[22-1], nil // starts at 1
+}
diff --git a/runtime/execdriver/driver.go b/runtime/execdriver/driver.go
index d067973419..27a575cb3a 100644
--- a/runtime/execdriver/driver.go
+++ b/runtime/execdriver/driver.go
@@ -84,6 +84,7 @@ type Driver interface {
 	Name() string                                 // Driver name
 	Info(id string) Info                          // "temporary" hack (until we move state from core to plugins)
 	GetPidsForContainer(id string) ([]int, error) // Returns a list of pids for the given container.
+	Terminate(c *Command) error                   // kill it with fire
 }
 
 // Network settings of the container
diff --git a/runtime/execdriver/lxc/driver.go b/runtime/execdriver/lxc/driver.go
index 896f215366..ef16dcc380 100644
--- a/runtime/execdriver/lxc/driver.go
+++ b/runtime/execdriver/lxc/driver.go
@@ -204,6 +204,10 @@ func (d *driver) Kill(c *execdriver.Command, sig int) error {
 	return KillLxc(c.ID, sig)
 }
 
+func (d *driver) Terminate(c *execdriver.Command) error {
+	return KillLxc(c.ID, 9)
+}
+
 func (d *driver) version() string {
 	var (
 		version string
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index 4acc4b388c..c5a3837615 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -117,9 +117,39 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 }
 
 func (d *driver) Kill(p *execdriver.Command, sig int) error {
-	err := syscall.Kill(p.Process.Pid, syscall.Signal(sig))
+	return syscall.Kill(p.Process.Pid, syscall.Signal(sig))
+}
+
+func (d *driver) Terminate(p *execdriver.Command) error {
+	// lets check the start time for the process
+	started, err := d.readStartTime(p)
+	if err != nil {
+		// if we don't have the data on disk then we can assume the process is gone
+		// because this is only removed after we know the process has stopped
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	currentStartTime, err := system.GetProcessStartTime(p.Process.Pid)
+	if err != nil {
+		return err
+	}
+	if started == currentStartTime {
+		err = syscall.Kill(p.Process.Pid, 9)
+	}
 	d.removeContainerRoot(p.ID)
 	return err
+
+}
+
+func (d *driver) readStartTime(p *execdriver.Command) (string, error) {
+	data, err := ioutil.ReadFile(filepath.Join(d.root, p.ID, "start"))
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
 }
 
 func (d *driver) Info(id string) execdriver.Info {
@@ -235,9 +265,9 @@ type dockerStateWriter struct {
 	callback execdriver.StartCallback
 }
 
-func (d *dockerStateWriter) WritePid(pid int) error {
+func (d *dockerStateWriter) WritePid(pid int, started string) error {
 	d.c.ContainerPid = pid
-	err := d.dsw.WritePid(pid)
+	err := d.dsw.WritePid(pid, started)
 	if d.callback != nil {
 		d.callback(d.c)
 	}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 4ece7d1533..1c99a02811 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -192,7 +192,7 @@ func (runtime *Runtime) Register(container *Container) error {
 				if err != nil {
 					utils.Debugf("cannot find existing process for %d", existingPid)
 				}
-				runtime.execDriver.Kill(cmd, 9)
+				runtime.execDriver.Terminate(cmd)
 			}
 			if err := container.Unmount(); err != nil {
 				utils.Debugf("ghost unmount error %s", err)

From 283daced0c919be760947d44d7e46c80e1054d64 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 06:55:46 +0000
Subject: [PATCH 285/384] Don't send prctl to be consistent with other drivers
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/init.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 85182326ee..c7c2addb18 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -54,11 +54,6 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 			return fmt.Errorf("setctty %s", err)
 		}
 	}
-	// this is our best effort to let the process know that the parent has died and that it
-	// should it should act on it how it sees fit
-	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
-		return fmt.Errorf("parent death signal %s", err)
-	}
 	if err := setupNetwork(container, context); err != nil {
 		return fmt.Errorf("setup networking %s", err)
 	}

From e36d89b0f9c8ba5b071374310ca632f6b2fdb7a1 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 26 Mar 2014 06:59:41 +0000
Subject: [PATCH 286/384] Ensure state is saved to disk after we kill the ghost
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/runtime.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index 1c99a02811..d5c1a96ada 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -197,6 +197,9 @@ func (runtime *Runtime) Register(container *Container) error {
 			if err := container.Unmount(); err != nil {
 				utils.Debugf("ghost unmount error %s", err)
 			}
+			if err := container.ToDisk(); err != nil {
+				utils.Debugf("saving ghost state to disk %s", err)
+			}
 		}
 
 		info := runtime.execDriver.Info(container.ID)

From 93779cc7fee4ee0690d9dd28eed478a418e79577 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 1 Apr 2014 00:11:17 +0000
Subject: [PATCH 287/384] Send sigterm and wait forever
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/container.go |  1 -
 runtime/runtime.go   | 11 ++++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/runtime/container.go b/runtime/container.go
index ed68fd0844..bd4a6f2bea 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -915,7 +915,6 @@ func (container *Container) Stop(seconds int) error {
 
 	// 1. Send a SIGTERM
 	if err := container.KillSig(15); err != nil {
-		utils.Debugf("Error sending kill SIGTERM: %s", err)
 		log.Print("Failed to send SIGTERM to the process, force killing")
 		if err := container.KillSig(9); err != nil {
 			return err
diff --git a/runtime/runtime.go b/runtime/runtime.go
index d5c1a96ada..9e8323279e 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -797,13 +797,18 @@ func (runtime *Runtime) shutdown() error {
 	group := sync.WaitGroup{}
 	utils.Debugf("starting clean shutdown of all containers...")
 	for _, container := range runtime.List() {
-		if container.State.IsRunning() {
-			utils.Debugf("stopping %s", container.ID)
+		c := container
+		if c.State.IsRunning() {
+			utils.Debugf("stopping %s", c.ID)
 			group.Add(1)
 
 			go func() {
 				defer group.Done()
-				container.Stop(10)
+				if err := c.KillSig(15); err != nil {
+					utils.Debugf("kill 15 error for %s - %s", c.ID, err)
+				}
+				c.Wait()
+				utils.Debugf("container stopped %s", c.ID)
 			}()
 		}
 	}

From 6b7cfc9e95af8510abc801a02cda7879e4f82518 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 1 Apr 2014 07:27:34 +0000
Subject: [PATCH 288/384] Update test to reallocate port
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 .../portallocator/portallocator_test.go             | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/runtime/networkdriver/portallocator/portallocator_test.go b/runtime/networkdriver/portallocator/portallocator_test.go
index 8b4062c37c..5a4765ddd4 100644
--- a/runtime/networkdriver/portallocator/portallocator_test.go
+++ b/runtime/networkdriver/portallocator/portallocator_test.go
@@ -118,6 +118,19 @@ func TestAllocateAllPorts(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+
+	// release a port in the middle and ensure we get another tcp port
+	port := BeginPortRange + 5
+	if err := ReleasePort(defaultIP, "tcp", port); err != nil {
+		t.Fatal(err)
+	}
+	newPort, err := RequestPort(defaultIP, "tcp", 0)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if newPort != port {
+		t.Fatalf("Expected port %d got %d", port, newPort)
+	}
 }
 
 func BenchmarkAllocatePorts(b *testing.B) {

From ac9b06ae95f1da8407934036ab1e4019a96a6b21 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 1 Apr 2014 08:18:52 +0000
Subject: [PATCH 289/384] Update sig message Docker-DCO-1.1-Signed-off-by:
 Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

---
 server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 278cab2b2a..65dbcca47b 100644
--- a/server/server.go
+++ b/server/server.go
@@ -54,7 +54,7 @@ func InitServer(job *engine.Job) engine.Status {
 	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
 	go func() {
 		sig := <-c
-		log.Printf("Received signal '%v', exiting\n", sig)
+		log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
 		utils.RemovePidFile(srv.runtime.Config().Pidfile)
 		srv.Close()
 		os.Exit(0)

From bd24eb07b6c3a9448d8b4a8b3ab0d9cd60995aaa Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Fri, 28 Mar 2014 18:40:16 -0700
Subject: [PATCH 290/384] Add $BINDIR to allow mounting the whole sources if
 needed (for development)

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 Makefile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index b3bea8a31f..717e73cb1a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,12 @@
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
 DOCKER_IMAGE := docker:$(GIT_BRANCH)
 DOCKER_DOCS_IMAGE := docker-docs:$(GIT_BRANCH)
-DOCKER_RUN_DOCKER := docker run --rm -i -t --privileged -e TESTFLAGS -v "$(CURDIR)/bundles:/go/src/github.com/dotcloud/docker/bundles" "$(DOCKER_IMAGE)"
+
+# to allow `make BINDDIR=. shell`
+BINDDIR := bundles
+
+DOCKER_RUN_DOCKER := docker run --rm -i -t --privileged -e TESTFLAGS -v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)" "$(DOCKER_IMAGE)"
+
 
 default: binary
 

From 4cb602afa0a905ceb0cccf49fe142c1c7b62087b Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 31 Mar 2014 20:22:28 -0600
Subject: [PATCH 291/384] Allow "SIG" prefix on signal names in `docker kill`
 ("SIGKILL", etc)

This way, we can use both `docker kill -s INT some_container` and `docker kill -s SIGINT some_container` and both will do nice things for us. :)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 integration/commands_test.go | 9 +++++++--
 server/server.go             | 4 ++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/integration/commands_test.go b/integration/commands_test.go
index 2dc0ff384a..15bb61b49c 100644
--- a/integration/commands_test.go
+++ b/integration/commands_test.go
@@ -1129,8 +1129,13 @@ func TestCmdKill(t *testing.T) {
 	})
 
 	setTimeout(t, "SIGUSR2 timed out", 2*time.Second, func() {
-		for i := 0; i < 10; i++ {
-			if err := cli2.CmdKill("--signal=USR2", container.ID); err != nil {
+		for i := 0; i < 20; i++ {
+			sig := "USR2"
+			if i%2 != 0 {
+				// Swap to testing "SIGUSR2" for every odd iteration
+				sig = "SIGUSR2"
+			}
+			if err := cli2.CmdKill("--signal="+sig, container.ID); err != nil {
 				t.Fatal(err)
 			}
 			if err := expectPipe("SIGUSR2", stdout); err != nil {
diff --git a/server/server.go b/server/server.go
index 2cb3328d55..d689c0304c 100644
--- a/server/server.go
+++ b/server/server.go
@@ -144,6 +144,10 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 		if err != nil {
 			// The signal is not a number, treat it as a string
 			sig = uint64(signal.SignalMap[job.Args[1]])
+			if sig == 0 && strings.HasPrefix(job.Args[1], "SIG") {
+				// If signal is prefixed with SIG, try with it stripped (ie, "SIGKILL", etc)
+				sig = uint64(signal.SignalMap[job.Args[1][3:]])
+			}
 			if sig == 0 {
 				return job.Errorf("Invalid signal: %s", job.Args[1])
 			}

From a03f83e3370f3859ebff172d504cc29817863b17 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Sat, 29 Mar 2014 22:12:34 -0700
Subject: [PATCH 292/384] Do not error when trying to start a started container

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 runtime/container.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/container.go b/runtime/container.go
index 656e9ae587..ca7b23e62b 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -426,7 +426,7 @@ func (container *Container) Start() (err error) {
 	defer container.Unlock()
 
 	if container.State.IsRunning() {
-		return fmt.Errorf("The container %s is already running.", container.ID)
+		return nil
 	}
 
 	defer func() {

From cff5f0357ea35245ac906a0326863ac1f8c47c61 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Sat, 29 Mar 2014 22:12:43 -0700
Subject: [PATCH 293/384] Minor cleanup

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client/commands.go | 14 +++++++++-----
 server/server.go       |  8 +++++---
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index 49cd07700f..01fc9a9106 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -549,9 +549,11 @@ func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
 }
 
 func (cli *DockerCli) CmdStart(args ...string) error {
-	cmd := cli.Subcmd("start", "CONTAINER [CONTAINER...]", "Restart a stopped container")
-	attach := cmd.Bool([]string{"a", "-attach"}, false, "Attach container's stdout/stderr and forward all signals to the process")
-	openStdin := cmd.Bool([]string{"i", "-interactive"}, false, "Attach container's stdin")
+	var (
+		cmd       = cli.Subcmd("start", "CONTAINER [CONTAINER...]", "Restart a stopped container")
+		attach    = cmd.Bool([]string{"a", "-attach"}, false, "Attach container's stdout/stderr and forward all signals to the process")
+		openStdin = cmd.Bool([]string{"i", "-interactive"}, false, "Attach container's stdin")
+	)
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -560,8 +562,10 @@ func (cli *DockerCli) CmdStart(args ...string) error {
 		return nil
 	}
 
-	var cErr chan error
-	var tty bool
+	var (
+		cErr chan error
+		tty  bool
+	)
 	if *attach || *openStdin {
 		if cmd.NArg() > 1 {
 			return fmt.Errorf("You cannot start and attach multiple containers at once.")
diff --git a/server/server.go b/server/server.go
index 2cb3328d55..af9976b4e2 100644
--- a/server/server.go
+++ b/server/server.go
@@ -2064,9 +2064,11 @@ func (srv *Server) ContainerStart(job *engine.Job) engine.Status {
 	if len(job.Args) < 1 {
 		return job.Errorf("Usage: %s container_id", job.Name)
 	}
-	name := job.Args[0]
-	runtime := srv.runtime
-	container := runtime.Get(name)
+	var (
+		name      = job.Args[0]
+		runtime   = srv.runtime
+		container = runtime.Get(name)
+	)
 
 	if container == nil {
 		return job.Errorf("No such container: %s", name)

From 7a50f03fa69fb81c27d361333fadbc9cccdd8948 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Sun, 30 Mar 2014 16:00:04 -0700
Subject: [PATCH 294/384] Update test to be consistent

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 integration/container_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index 8ed5525c72..d3d35734ed 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -350,7 +350,7 @@ func TestStart(t *testing.T) {
 	if !container.State.IsRunning() {
 		t.Errorf("Container should be running")
 	}
-	if err := container.Start(); err == nil {
+	if err := container.Start(); err != nil {
 		t.Fatalf("A running container should be able to be started")
 	}
 
@@ -385,7 +385,7 @@ func TestCpuShares(t *testing.T) {
 	if !container.State.IsRunning() {
 		t.Errorf("Container should be running")
 	}
-	if err := container.Start(); err == nil {
+	if err := container.Start(); err != nil {
 		t.Fatalf("A running container should be able to be started")
 	}
 

From f9b8161c60f58d383ca0eaf5a99865b83e4a41b8 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 1 Apr 2014 09:24:24 -0400
Subject: [PATCH 295/384] Remove hard coding of SELinux labels on systems
 without proper selinux policy.

If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 pkg/selinux/selinux.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 5236d3fb87..6453f37ea9 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -313,12 +313,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 		return "", ""
 	}
 	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
-	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
-	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
-
 	in, err := os.Open(lxcPath)
 	if err != nil {
-		goto exit
+		return "", ""
 	}
 	defer in.Close()
 
@@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 			}
 		}
 	}
+
+	if processLabel == "" || fileLabel == "" {
+		return "", ""
+	}
+
 exit:
 	mcs := IntToMcs(os.Getpid(), 1024)
 	scon := NewContext(processLabel)

From 2224e0d65adfbd08e53430a1d7c750491f788257 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 1 Apr 2014 10:03:29 -0400
Subject: [PATCH 296/384] In certain cases, setting the process label will not
 happen.

When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled.  We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled.  Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 pkg/label/label.go              | 3 +++
 pkg/label/label_selinux.go      | 4 ++++
 pkg/libcontainer/nsinit/init.go | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/pkg/label/label.go b/pkg/label/label.go
index ba1e9f48ea..be0d0ae079 100644
--- a/pkg/label/label.go
+++ b/pkg/label/label.go
@@ -21,3 +21,6 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return "", nil
 }
+
+func Init() {
+}
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
index 300a8b6d14..64a1720996 100644
--- a/pkg/label/label_selinux.go
+++ b/pkg/label/label_selinux.go
@@ -67,3 +67,7 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return selinux.Getpidcon(pid)
 }
+
+func Init() {
+	selinux.SelinuxEnabled()
+}
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 5aa5f9f5b5..e5d69f5453 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -58,6 +58,8 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
+
+	label.Init()
 	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)

From b8d660d946c5f0be3a4f01867b11f26a4f303293 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 1 Apr 2014 11:17:54 -0700
Subject: [PATCH 297/384] Update docs. Make PULL up to date, remove deprecated
 falg and update PUSH

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 docs/sources/reference/commandline/cli.rst | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 0c9db138c2..324b84b0ae 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1007,12 +1007,10 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
 ::
 
-    Usage: docker pull NAME
+    Usage: docker pull NAME[:TAG]
 
     Pull an image or a repository from the registry
 
-      -t, --tag="": Download tagged image in repository
-
 
 .. _cli_push:
 
@@ -1021,7 +1019,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa
 
 ::
 
-    Usage: docker push NAME
+    Usage: docker push NAME[:TAG]
 
     Push an image or a repository to the registry
 

From 4bf70317ed3c2467f444eac9b7865b170da6366c Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 1 Apr 2014 13:33:46 -0600
Subject: [PATCH 298/384] Simplify the kill "SIG" prefix stripping code

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 server/server.go | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/server/server.go b/server/server.go
index bcaaad742b..96a37527c0 100644
--- a/server/server.go
+++ b/server/server.go
@@ -142,12 +142,8 @@ func (srv *Server) ContainerKill(job *engine.Job) engine.Status {
 		// The largest legal signal is 31, so let's parse on 5 bits
 		sig, err = strconv.ParseUint(job.Args[1], 10, 5)
 		if err != nil {
-			// The signal is not a number, treat it as a string
-			sig = uint64(signal.SignalMap[job.Args[1]])
-			if sig == 0 && strings.HasPrefix(job.Args[1], "SIG") {
-				// If signal is prefixed with SIG, try with it stripped (ie, "SIGKILL", etc)
-				sig = uint64(signal.SignalMap[job.Args[1][3:]])
-			}
+			// The signal is not a number, treat it as a string (either like "KILL" or like "SIGKILL")
+			sig = uint64(signal.SignalMap[strings.TrimPrefix(job.Args[1], "SIG")])
 			if sig == 0 {
 				return job.Errorf("Invalid signal: %s", job.Args[1])
 			}

From dcf2b72f5b6732a4b9b1897cb2b3f7019e3d547e Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Tue, 1 Apr 2014 21:07:40 +0000
Subject: [PATCH 299/384] add test

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 integration-cli/docker_cli_diff_test.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/integration-cli/docker_cli_diff_test.go b/integration-cli/docker_cli_diff_test.go
index 5f8ba74161..0ae9cca38d 100644
--- a/integration-cli/docker_cli_diff_test.go
+++ b/integration-cli/docker_cli_diff_test.go
@@ -64,3 +64,28 @@ func TestDiffEnsureDockerinitFilesAreIgnored(t *testing.T) {
 
 	logDone("diff - check if ignored files show up in diff")
 }
+
+func TestDiffEnsureOnlyKmsgAndPtmx(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "-d", "busybox", "sleep 0")
+	cid, _, err := runCommandWithOutput(runCmd)
+	errorOut(err, t, fmt.Sprintf("%s", err))
+	cleanCID := stripTrailingCharacters(cid)
+
+	diffCmd := exec.Command(dockerBinary, "diff", cleanCID)
+	out, _, err := runCommandWithOutput(diffCmd)
+	errorOut(err, t, fmt.Sprintf("failed to run diff: %v %v", out, err))
+	go deleteContainer(cleanCID)
+
+	expected := map[string]bool{
+		"C /dev":      true,
+		"A /dev/full": true, // busybox
+		"C /dev/ptmx": true, // libcontainer
+		"A /dev/kmsg": true, // lxc
+	}
+
+	for _, line := range strings.Split(out, "\n") {
+		if line != "" && !expected[line] {
+			t.Errorf("'%s' is shown in the diff but shouldn't", line)
+		}
+	}
+}

From 026aebdebbaa05eab25134949ed5d5bda655ba67 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 1 Apr 2014 14:17:31 -0700
Subject: [PATCH 300/384] Change ownership to root for ADD file/directory

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 server/buildfile.go | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/server/buildfile.go b/server/buildfile.go
index 5b098ce3e9..b4a860ad4d 100644
--- a/server/buildfile.go
+++ b/server/buildfile.go
@@ -419,10 +419,22 @@ func (b *buildFile) addContext(container *runtime.Container, orig, dest string,
 		return err
 	}
 
+	chownR := func(destPath string, uid, gid int) error {
+		return filepath.Walk(destPath, func(path string, info os.FileInfo, err error) error {
+			if err := os.Lchown(path, uid, gid); err != nil {
+				return err
+			}
+			return nil
+		})
+	}
+
 	if fi.IsDir() {
 		if err := archive.CopyWithTar(origPath, destPath); err != nil {
 			return err
 		}
+		if err := chownR(destPath, 0, 0); err != nil {
+			return err
+		}
 		return nil
 	}
 
@@ -452,6 +464,10 @@ func (b *buildFile) addContext(container *runtime.Container, orig, dest string,
 	if err := archive.CopyWithTar(origPath, destPath); err != nil {
 		return err
 	}
+
+	if err := chownR(destPath, 0, 0); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -486,28 +502,36 @@ func (b *buildFile) CmdAdd(args string) error {
 	)
 
 	if utils.IsURL(orig) {
+		// Initiate the download
 		isRemote = true
 		resp, err := utils.Download(orig)
 		if err != nil {
 			return err
 		}
+
+		// Create a tmp dir
 		tmpDirName, err := ioutil.TempDir(b.contextPath, "docker-remote")
 		if err != nil {
 			return err
 		}
+
+		// Create a tmp file within our tmp dir
 		tmpFileName := path.Join(tmpDirName, "tmp")
 		tmpFile, err := os.OpenFile(tmpFileName, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
 		if err != nil {
 			return err
 		}
 		defer os.RemoveAll(tmpDirName)
-		if _, err = io.Copy(tmpFile, resp.Body); err != nil {
+
+		// Download and dump result to tmp file
+		if _, err := io.Copy(tmpFile, resp.Body); err != nil {
 			tmpFile.Close()
 			return err
 		}
-		origPath = path.Join(filepath.Base(tmpDirName), filepath.Base(tmpFileName))
 		tmpFile.Close()
 
+		origPath = path.Join(filepath.Base(tmpDirName), filepath.Base(tmpFileName))
+
 		// Process the checksum
 		r, err := archive.Tar(tmpFileName, archive.Uncompressed)
 		if err != nil {

From 3ee37f547f4685ab88bfc39517cc18c1911451e5 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 1 Apr 2014 15:46:52 -0700
Subject: [PATCH 301/384] Update Version to not use string anymore

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/common.go               |  7 ++++---
 api/server/server.go        |  2 +-
 pkg/version/version.go      | 14 +++++++-------
 pkg/version/version_test.go |  2 +-
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/api/common.go b/api/common.go
index 7273e5c56d..44bd901379 100644
--- a/api/common.go
+++ b/api/common.go
@@ -3,15 +3,16 @@ package api
 import (
 	"fmt"
 	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/pkg/version"
 	"github.com/dotcloud/docker/utils"
 	"mime"
 	"strings"
 )
 
 const (
-	APIVERSION        = "1.10"
-	DEFAULTHTTPHOST   = "127.0.0.1"
-	DEFAULTUNIXSOCKET = "/var/run/docker.sock"
+	APIVERSION        version.Version = "1.10"
+	DEFAULTHTTPHOST                   = "127.0.0.1"
+	DEFAULTUNIXSOCKET                 = "/var/run/docker.sock"
 )
 
 func ValidateHost(val string) (string, error) {
diff --git a/api/server/server.go b/api/server/server.go
index 5597d8b92c..93dd2094b6 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -940,7 +940,7 @@ func makeHttpHandler(eng *engine.Engine, logging bool, localMethod string, local
 
 		if strings.Contains(r.Header.Get("User-Agent"), "Docker-Client/") {
 			userAgent := strings.Split(r.Header.Get("User-Agent"), "/")
-			if len(userAgent) == 2 && !dockerVersion.Equal(userAgent[1]) {
+			if len(userAgent) == 2 && !dockerVersion.Equal(version.Version(userAgent[1])) {
 				utils.Debugf("Warning: client and server don't have the same version (client: %s, server: %s)", userAgent[1], dockerVersion)
 			}
 		}
diff --git a/pkg/version/version.go b/pkg/version/version.go
index 3721d64aa8..5ff9d2ed2a 100644
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -7,10 +7,10 @@ import (
 
 type Version string
 
-func (me Version) compareTo(other string) int {
+func (me Version) compareTo(other Version) int {
 	var (
 		meTab    = strings.Split(string(me), ".")
-		otherTab = strings.Split(other, ".")
+		otherTab = strings.Split(string(other), ".")
 	)
 	for i, s := range meTab {
 		var meInt, otherInt int
@@ -31,22 +31,22 @@ func (me Version) compareTo(other string) int {
 	return 0
 }
 
-func (me Version) LessThan(other string) bool {
+func (me Version) LessThan(other Version) bool {
 	return me.compareTo(other) == -1
 }
 
-func (me Version) LessThanOrEqualTo(other string) bool {
+func (me Version) LessThanOrEqualTo(other Version) bool {
 	return me.compareTo(other) <= 0
 }
 
-func (me Version) GreaterThan(other string) bool {
+func (me Version) GreaterThan(other Version) bool {
 	return me.compareTo(other) == 1
 }
 
-func (me Version) GreaterThanOrEqualTo(other string) bool {
+func (me Version) GreaterThanOrEqualTo(other Version) bool {
 	return me.compareTo(other) >= 0
 }
 
-func (me Version) Equal(other string) bool {
+func (me Version) Equal(other Version) bool {
 	return me.compareTo(other) == 0
 }
diff --git a/pkg/version/version_test.go b/pkg/version/version_test.go
index 4bebd0c434..27c0536c2f 100644
--- a/pkg/version/version_test.go
+++ b/pkg/version/version_test.go
@@ -5,7 +5,7 @@ import (
 )
 
 func assertVersion(t *testing.T, a, b string, result int) {
-	if r := Version(a).compareTo(b); r != result {
+	if r := Version(a).compareTo(Version(b)); r != result {
 		t.Fatalf("Unexpected version comparison result. Found %d, expected %d", r, result)
 	}
 }

From 9c0c4aeda47fcebc4470f7ba786749af2999ec78 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 1 Apr 2014 17:42:54 -0600
Subject: [PATCH 302/384] Add basic initial "check-config" script to contrib

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/check-config.sh | 102 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100755 contrib/check-config.sh

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
new file mode 100755
index 0000000000..62606aca04
--- /dev/null
+++ b/contrib/check-config.sh
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+set -e
+
+# bits of this were adapted from lxc-checkconfig
+# see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
+
+: ${CONFIG:=/proc/config.gz}
+: ${GREP:=zgrep}
+
+if [ ! -e "$CONFIG" ]; then
+	echo >&2 "warning: $CONFIG does not exist, searching other paths for kernel config..."
+	if [ -e "/boot/config-$(uname -r)" ]; then
+		CONFIG="/boot/config-$(uname -r)"
+	elif [ -e '/usr/src/linux/.config' ]; then
+		CONFIG='/usr/src/linux/.config'
+	else
+		echo >&2 "error: cannot find kernel config"
+		echo >&2 "  try running this script again, specifying the kernel config:"
+		echo >&2 "    CONFIG=/path/to/kernel/.config $0"
+		exit 1
+	fi
+fi
+
+is_set() {
+	$GREP "CONFIG_$1=[y|m]" $CONFIG > /dev/null
+}
+
+color() {
+	color=
+	prefix=
+	if [ "$1" = 'bold' ]; then
+		prefix='1;'
+		shift
+	fi
+	case "$1" in
+		green) color='32' ;;
+		red)   color='31' ;;
+		gray)  color='30' ;;
+		reset) color='' ;;
+	esac
+	echo -en '\033['"$prefix$color"m
+}
+
+check_flag() {
+	if is_set "$1"; then
+		color green
+		echo -n enabled
+	else
+		color bold red
+		echo -n missing
+	fi
+	color reset
+}
+
+check_flags() {
+	for flag in "$@"; do
+		echo "- CONFIG_$flag: $(check_flag "$flag")"
+	done
+} 
+
+echo
+
+# TODO check that the cgroupfs hierarchy is properly mounted
+
+echo 'Generally Necessary:'
+flags=(
+	NAMESPACES {NET,PID,IPC,UTS}_NS
+	DEVPTS_MULTIPLE_INSTANCES
+	CGROUPS CGROUP_DEVICE
+	MACVLAN VETH BRIDGE
+	IP_NF_TARGET_MASQUERADE NETFILTER_XT_MATCH_{ADDRTYPE,CONNTRACK}
+	NF_NAT NF_NAT_NEEDED
+)
+check_flags "${flags[@]}"
+echo
+
+echo 'Optional Features:'
+flags=(
+	MEMCG_SWAP
+	RESOURCE_COUNTERS
+)
+check_flags "${flags[@]}"
+
+echo '- Storage Drivers:'
+{
+	echo '- "aufs":'
+	check_flags AUFS_FS | sed 's/^/  /'
+	if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
+		echo "    $(color bold gray)(note that some kernels include AUFS patches but not the AUFS_FS flag)$(color reset)"
+	fi
+
+	echo '- "btrfs":'
+	check_flags BTRFS_FS | sed 's/^/  /'
+
+	echo '- "devicemapper":'
+	check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS | sed 's/^/  /'
+} | sed 's/^/  /'
+echo
+
+#echo 'Potential Future Features:'
+#check_flags USER_NS
+#echo

From b246fc33ae4f05b5084fed8fc9f1034e36d87d78 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 1 Apr 2014 17:30:02 -0700
Subject: [PATCH 303/384] Add API version to `docker version`

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 api/client/commands.go                     |  4 ++++
 integration-cli/docker_cli_version_test.go | 12 +++++++++++-
 server/server.go                           |  2 ++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index eddfad5c30..53b8822d69 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -357,6 +357,7 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	if dockerversion.VERSION != "" {
 		fmt.Fprintf(cli.out, "Client version: %s\n", dockerversion.VERSION)
 	}
+	fmt.Fprintf(cli.out, "Client API version: %s\n", api.APIVERSION)
 	fmt.Fprintf(cli.out, "Go version (client): %s\n", goruntime.Version())
 	if dockerversion.GITCOMMIT != "" {
 		fmt.Fprintf(cli.out, "Git commit (client): %s\n", dockerversion.GITCOMMIT)
@@ -379,6 +380,9 @@ func (cli *DockerCli) CmdVersion(args ...string) error {
 	}
 	out.Close()
 	fmt.Fprintf(cli.out, "Server version: %s\n", remoteVersion.Get("Version"))
+	if apiVersion := remoteVersion.Get("ApiVersion"); apiVersion != "" {
+		fmt.Fprintf(cli.out, "Server API version: %s\n", apiVersion)
+	}
 	fmt.Fprintf(cli.out, "Git commit (server): %s\n", remoteVersion.Get("GitCommit"))
 	fmt.Fprintf(cli.out, "Go version (server): %s\n", remoteVersion.Get("GoVersion"))
 	release := utils.GetReleaseVersion()
diff --git a/integration-cli/docker_cli_version_test.go b/integration-cli/docker_cli_version_test.go
index 8adedd540b..f18d5bede6 100644
--- a/integration-cli/docker_cli_version_test.go
+++ b/integration-cli/docker_cli_version_test.go
@@ -17,7 +17,17 @@ func TestVersionEnsureSucceeds(t *testing.T) {
 		t.Fatal("failed to execute docker version")
 	}
 
-	stringsToCheck := []string{"Client version:", "Go version (client):", "Git commit (client):", "Server version:", "Git commit (server):", "Go version (server):", "Last stable version:"}
+	stringsToCheck := []string{
+		"Client version:",
+		"Client API version:",
+		"Go version (client):",
+		"Git commit (client):",
+		"Server version:",
+		"Server API version:",
+		"Git commit (server):",
+		"Go version (server):",
+		"Last stable version:",
+	}
 
 	for _, linePrefix := range stringsToCheck {
 		if !strings.Contains(out, linePrefix) {
diff --git a/server/server.go b/server/server.go
index 65dbcca47b..a47434f73f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -3,6 +3,7 @@ package server
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/archive"
 	"github.com/dotcloud/docker/daemonconfig"
 	"github.com/dotcloud/docker/dockerversion"
@@ -823,6 +824,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 func (srv *Server) DockerVersion(job *engine.Job) engine.Status {
 	v := &engine.Env{}
 	v.Set("Version", dockerversion.VERSION)
+	v.Set("ApiVersion", api.APIVERSION)
 	v.Set("GitCommit", dockerversion.GITCOMMIT)
 	v.Set("GoVersion", goruntime.Version())
 	v.Set("Os", goruntime.GOOS)

From d7ec39a4cfbee7b68e0c7973fb629da6f54d873c Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Wed, 2 Apr 2014 01:19:26 +0000
Subject: [PATCH 304/384] <3

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index a47434f73f..1c6c561375 100644
--- a/server/server.go
+++ b/server/server.go
@@ -824,7 +824,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 func (srv *Server) DockerVersion(job *engine.Job) engine.Status {
 	v := &engine.Env{}
 	v.Set("Version", dockerversion.VERSION)
-	v.Set("ApiVersion", api.APIVERSION)
+	v.SetJson("ApiVersion", api.APIVERSION)
 	v.Set("GitCommit", dockerversion.GITCOMMIT)
 	v.Set("GoVersion", goruntime.Version())
 	v.Set("Os", goruntime.GOOS)

From b51fe1783347c1bf679870925a271531a925b7e9 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 1 Apr 2014 22:43:38 -0600
Subject: [PATCH 305/384] Update Makefile with several improvements

Especially but not limited to:
- make BINDDIR= ... - for when you don't want a bind mount at all
- make DOCSPORT=9000 docs - for when you want a not-8000 docs port
- when we can't determine a branch name, we don't try to "docker build -t docker: ." anymore - we just "docker build -t docker ." (thus allowing Docker to assume ":latest")

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 Makefile | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 9f8e70b7fe..776d57951f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,17 @@
 .PHONY: all binary build cross default docs docs-build docs-shell shell test test-integration test-integration-cli
 
-GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
-DOCKER_IMAGE := docker:$(GIT_BRANCH)
-DOCKER_DOCS_IMAGE := docker-docs:$(GIT_BRANCH)
-
-# to allow `make BINDDIR=. shell`
+# to allow `make BINDDIR=. shell` or `make BINDDIR= test`
 BINDDIR := bundles
+# to allow `make DOCSPORT=9000 docs`
+DOCSPORT := 8000
 
-DOCKER_RUN_DOCKER := docker run --rm -i -t --privileged -e TESTFLAGS -v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)" "$(DOCKER_IMAGE)"
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)")
 
+DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
+DOCKER_RUN_DOCS := docker run --rm -it -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)"
 
 default: binary
 
@@ -22,10 +25,10 @@ cross: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary cross
 
 docs: docs-build
-	docker run --rm -i -t -p 8000:8000 "$(DOCKER_DOCS_IMAGE)"
+	$(DOCKER_RUN_DOCS)
 
 docs-shell: docs-build
-	docker run --rm -i -t -p 8000:8000 "$(DOCKER_DOCS_IMAGE)" bash
+	$(DOCKER_RUN_DOCS) bash
 
 test: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary test test-integration test-integration-cli

From 2b64453adbfdf715542b0b4274ed13e6f2a444da Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Wed, 2 Apr 2014 16:52:07 +1000
Subject: [PATCH 306/384] add RHEL6 kernel version, and a 3.8 hint to the
 binaries doc

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/installation/binaries.rst | 3 +++
 docs/sources/installation/rhel.rst     | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/sources/installation/binaries.rst b/docs/sources/installation/binaries.rst
index ae548e7657..7ba8c596ef 100644
--- a/docs/sources/installation/binaries.rst
+++ b/docs/sources/installation/binaries.rst
@@ -43,6 +43,9 @@ Check kernel dependencies
 Docker in daemon mode has specific kernel requirements. For details,
 check your distribution in :ref:`installation_list`.
 
+In general, a 3.8 Linux kernel (or higher) is preferred, as some of the 
+prior versions have known issues that are triggered by Docker.
+
 Note that Docker also has a client mode, which can run on virtually
 any Linux kernel (it even builds on OSX!).
 
diff --git a/docs/sources/installation/rhel.rst b/docs/sources/installation/rhel.rst
index 7930da6309..151fba6f1f 100644
--- a/docs/sources/installation/rhel.rst
+++ b/docs/sources/installation/rhel.rst
@@ -22,6 +22,9 @@ for the RHEL distribution.
 Also note that due to the current Docker limitations, Docker is able to run
 only on the **64 bit** architecture.
 
+You will need `RHEL 6.5`_ or higher, with a RHEL 6 kernel version 2.6.32-431 or higher
+as this has specific kernel fixes to allow Docker to work.
+
 Installation
 ------------
 
@@ -78,4 +81,5 @@ If you have any issues - please report them directly in the `Red Hat Bugzilla fo
 .. _EPEL installation instructions: https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F
 .. _Red Hat Bugzilla for docker-io component : https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=docker-io
 .. _bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1043676
+.. _RHEL 6.5: https://access.redhat.com/site/articles/3078#RHEL6
 

From e5394e35c7a8f730ac76d24dee74d769049a0428 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 10:21:53 +0200
Subject: [PATCH 307/384] devmapper: Pass info rather than hash to
 activateDeviceIfNeeded

There is no need to look this up again, we have it already in all callers.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index 731e9dab8b..b323627ac2 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -235,12 +235,8 @@ func (devices *DeviceSet) registerDevice(id int, hash string, size uint64) (*Dev
 	return info, nil
 }
 
-func (devices *DeviceSet) activateDeviceIfNeeded(hash string) error {
-	utils.Debugf("activateDeviceIfNeeded(%v)", hash)
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
-	}
+func (devices *DeviceSet) activateDeviceIfNeeded(info *DevInfo) error {
+	utils.Debugf("activateDeviceIfNeeded(%v)", info.Hash)
 
 	if devinfo, _ := getInfo(info.Name()); devinfo != nil && devinfo.Exists != 0 {
 		return nil
@@ -343,7 +339,7 @@ func (devices *DeviceSet) setupBaseImage() error {
 
 	utils.Debugf("Creating filesystem on base device-manager snapshot")
 
-	if err = devices.activateDeviceIfNeeded(""); err != nil {
+	if err = devices.activateDeviceIfNeeded(info); err != nil {
 		utils.Debugf("\n--->Err: %s\n", err)
 		return err
 	}
@@ -605,7 +601,7 @@ func (devices *DeviceSet) deleteDevice(hash string) error {
 	// This is a workaround for the kernel not discarding block so
 	// on the thin pool when we remove a thinp device, so we do it
 	// manually
-	if err := devices.activateDeviceIfNeeded(hash); err == nil {
+	if err := devices.activateDeviceIfNeeded(info); err == nil {
 		if err := BlockDeviceDiscard(info.DevName()); err != nil {
 			utils.Debugf("Error discarding block on device: %s (ignoring)\n", err)
 		}
@@ -858,7 +854,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 		return nil
 	}
 
-	if err := devices.activateDeviceIfNeeded(hash); err != nil {
+	if err := devices.activateDeviceIfNeeded(info); err != nil {
 		return fmt.Errorf("Error activating devmapper device for '%s': %s", hash, err)
 	}
 
@@ -1028,7 +1024,7 @@ func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
 		TransactionId: info.TransactionId,
 	}
 
-	if err := devices.activateDeviceIfNeeded(hash); err != nil {
+	if err := devices.activateDeviceIfNeeded(info); err != nil {
 		return nil, fmt.Errorf("Error activating devmapper device for '%s': %s", hash, err)
 	}
 

From 8e39b35c7cd02bbb644b7faf2a434de0098e6dea Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 10:24:26 +0200
Subject: [PATCH 308/384] devmapper: Pass info rather than hash to deleteDevice

All the callers already have the info, no need for an extra lookup.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index b323627ac2..c74db036d2 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -313,7 +313,7 @@ func (devices *DeviceSet) setupBaseImage() error {
 
 	if oldInfo != nil && !oldInfo.Initialized {
 		utils.Debugf("Removing uninitialized base image")
-		if err := devices.deleteDevice(""); err != nil {
+		if err := devices.deleteDevice(oldInfo); err != nil {
 			utils.Debugf("\n--->Err: %s\n", err)
 			return err
 		}
@@ -592,12 +592,7 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 	return nil
 }
 
-func (devices *DeviceSet) deleteDevice(hash string) error {
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("hash %s doesn't exists", hash)
-	}
-
+func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 	// This is a workaround for the kernel not discarding block so
 	// on the thin pool when we remove a thinp device, so we do it
 	// manually
@@ -652,7 +647,7 @@ func (devices *DeviceSet) DeleteDevice(hash string) error {
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
-	return devices.deleteDevice(hash)
+	return devices.deleteDevice(info)
 }
 
 func (devices *DeviceSet) deactivatePool() error {

From 5955846774c9b43291d6de0584fa8c3f62414c43 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 10:31:34 +0200
Subject: [PATCH 309/384] devmapper: Pass info rather than hash to
 deactivateDevice()

We already have the info in most cases, no need to look this up multiple times.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 33 +++++++++-------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index c74db036d2..fa6b259b63 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -666,20 +666,16 @@ func (devices *DeviceSet) deactivatePool() error {
 	return nil
 }
 
-func (devices *DeviceSet) deactivateDevice(hash string) error {
-	utils.Debugf("[devmapper] deactivateDevice(%s)", hash)
+func (devices *DeviceSet) deactivateDevice(info *DevInfo) error {
+	utils.Debugf("[devmapper] deactivateDevice(%s)", info.Hash)
 	defer utils.Debugf("[devmapper] deactivateDevice END")
 
 	// Wait for the unmount to be effective,
 	// by watching the value of Info.OpenCount for the device
-	if err := devices.waitClose(hash); err != nil {
-		utils.Errorf("Warning: error waiting for device %s to close: %s\n", hash, err)
+	if err := devices.waitClose(info); err != nil {
+		utils.Errorf("Warning: error waiting for device %s to close: %s\n", info.Hash, err)
 	}
 
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
-	}
 	devinfo, err := getInfo(info.Name())
 	if err != nil {
 		utils.Debugf("\n--->Err: %s\n", err)
@@ -760,11 +756,7 @@ func (devices *DeviceSet) waitRemove(devname string) error {
 // waitClose blocks until either:
 // a) the device registered at <device_set_prefix>-<hash> is closed,
 // or b) the 10 second timeout expires.
-func (devices *DeviceSet) waitClose(hash string) error {
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
-	}
+func (devices *DeviceSet) waitClose(info *DevInfo) error {
 	i := 0
 	for ; i < 1000; i += 1 {
 		devinfo, err := getInfo(info.Name())
@@ -772,7 +764,7 @@ func (devices *DeviceSet) waitClose(hash string) error {
 			return err
 		}
 		if i%100 == 0 {
-			utils.Debugf("Waiting for unmount of %s: opencount=%d", hash, devinfo.OpenCount)
+			utils.Debugf("Waiting for unmount of %s: opencount=%d", info.Hash, devinfo.OpenCount)
 		}
 		if devinfo.OpenCount == 0 {
 			break
@@ -782,7 +774,7 @@ func (devices *DeviceSet) waitClose(hash string) error {
 		devices.Lock()
 	}
 	if i == 1000 {
-		return fmt.Errorf("Timeout while waiting for device %s to close", hash)
+		return fmt.Errorf("Timeout while waiting for device %s to close", info.Hash)
 	}
 	return nil
 }
@@ -805,15 +797,18 @@ func (devices *DeviceSet) Shutdown() error {
 				utils.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
 			}
 
-			if err := devices.deactivateDevice(info.Hash); err != nil {
+			if err := devices.deactivateDevice(info); err != nil {
 				utils.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
 			}
 		}
 		info.lock.Unlock()
 	}
 
-	if err := devices.deactivateDevice(""); err != nil {
-		utils.Debugf("Shutdown deactivate base , error: %s\n", err)
+	info := devices.Devices[""]
+	if info != nil {
+		if err := devices.deactivateDevice(info); err != nil {
+			utils.Debugf("Shutdown deactivate base , error: %s\n", err)
+		}
 	}
 
 	if err := devices.deactivatePool(); err != nil {
@@ -920,7 +915,7 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 	}
 	utils.Debugf("[devmapper] Unmount done")
 
-	if err := devices.deactivateDevice(hash); err != nil {
+	if err := devices.deactivateDevice(info); err != nil {
 		return err
 	}
 

From 74edcaf1e84aa8bf35e496b2bead833172a79fca Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 10:34:44 +0200
Subject: [PATCH 310/384] devmapper: Pass info rather than hash to
 setInitialized

We already have this at the caller, no need to look up again.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index fa6b259b63..12407af1b2 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -864,7 +864,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 	info.mountPath = path
 	info.floating = false
 
-	return devices.setInitialized(hash)
+	return devices.setInitialized(info)
 }
 
 func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
@@ -955,12 +955,7 @@ func (devices *DeviceSet) HasActivatedDevice(hash string) bool {
 	return devinfo != nil && devinfo.Exists != 0
 }
 
-func (devices *DeviceSet) setInitialized(hash string) error {
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
-	}
-
+func (devices *DeviceSet) setInitialized(info *DevInfo) error {
 	info.Initialized = true
 	if err := devices.saveMetadata(); err != nil {
 		info.Initialized = false

From e01b71cebeb96755641a18762dea5b843f107bee Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 10:45:40 +0200
Subject: [PATCH 311/384] devmapper: Add lookupDevice() helper

This centralizes the lookup of devices so it is only done in one place.
This will be needed later when we change the locking for it.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 55 +++++++++++++---------
 1 file changed, 32 insertions(+), 23 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index 12407af1b2..4faf997002 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -214,6 +214,14 @@ func (devices *DeviceSet) saveMetadata() error {
 	return nil
 }
 
+func (devices *DeviceSet) lookupDevice(hash string) (*DevInfo, error) {
+	info := devices.Devices[hash]
+	if info == nil {
+		return nil, fmt.Errorf("Unknown device %s", hash)
+	}
+	return info, nil
+}
+
 func (devices *DeviceSet) registerDevice(id int, hash string, size uint64) (*DevInfo, error) {
 	utils.Debugf("registerDevice(%v, %v)", id, hash)
 	info := &DevInfo{
@@ -306,7 +314,7 @@ func (devices *DeviceSet) loadMetaData() error {
 }
 
 func (devices *DeviceSet) setupBaseImage() error {
-	oldInfo := devices.Devices[""]
+	oldInfo, _ := devices.lookupDevice("")
 	if oldInfo != nil && oldInfo.Initialized {
 		return nil
 	}
@@ -565,13 +573,13 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 	devices.Lock()
 	defer devices.Unlock()
 
-	if devices.Devices[hash] != nil {
-		return fmt.Errorf("hash %s already exists", hash)
+	if info, _ := devices.lookupDevice(hash); info != nil {
+		return fmt.Errorf("device %s already exists", hash)
 	}
 
-	baseInfo := devices.Devices[baseHash]
-	if baseInfo == nil {
-		return fmt.Errorf("Error adding device for '%s': can't find device for parent '%s'", hash, baseHash)
+	baseInfo, err := devices.lookupDevice(baseHash)
+	if err != nil {
+		return err
 	}
 
 	baseInfo.lock.Lock()
@@ -639,9 +647,9 @@ func (devices *DeviceSet) DeleteDevice(hash string) error {
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
+	info, err := devices.lookupDevice(hash)
+	if err != nil {
+		return err
 	}
 
 	info.lock.Lock()
@@ -804,7 +812,7 @@ func (devices *DeviceSet) Shutdown() error {
 		info.lock.Unlock()
 	}
 
-	info := devices.Devices[""]
+	info, _ := devices.lookupDevice("")
 	if info != nil {
 		if err := devices.deactivateDevice(info); err != nil {
 			utils.Debugf("Shutdown deactivate base , error: %s\n", err)
@@ -822,9 +830,9 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("Unknown device %s", hash)
+	info, err := devices.lookupDevice(hash)
+	if err != nil {
+		return err
 	}
 
 	info.lock.Lock()
@@ -851,7 +859,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 	var flags uintptr = sysMsMgcVal
 
 	mountOptions := label.FormatMountLabel("discard", mountLabel)
-	err := sysMount(info.DevName(), path, "ext4", flags, mountOptions)
+	err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
 	if err != nil && err == sysEInval {
 		mountOptions = label.FormatMountLabel(mountLabel, "")
 		err = sysMount(info.DevName(), path, "ext4", flags, mountOptions)
@@ -873,9 +881,9 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
-	if info == nil {
-		return fmt.Errorf("UnmountDevice: no such device %s\n", hash)
+	info, err := devices.lookupDevice(hash)
+	if err != nil {
+		return err
 	}
 
 	info.lock.Lock()
@@ -928,14 +936,15 @@ func (devices *DeviceSet) HasDevice(hash string) bool {
 	devices.Lock()
 	defer devices.Unlock()
 
-	return devices.Devices[hash] != nil
+	info, _ := devices.lookupDevice(hash)
+	return info != nil
 }
 
 func (devices *DeviceSet) HasInitializedDevice(hash string) bool {
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
+	info, _ := devices.lookupDevice(hash)
 	return info != nil && info.Initialized
 }
 
@@ -943,7 +952,7 @@ func (devices *DeviceSet) HasActivatedDevice(hash string) bool {
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
+	info, _ := devices.lookupDevice(hash)
 	if info == nil {
 		return false
 	}
@@ -995,9 +1004,9 @@ func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
 	devices.Lock()
 	defer devices.Unlock()
 
-	info := devices.Devices[hash]
-	if info == nil {
-		return nil, fmt.Errorf("No device %s", hash)
+	info, err := devices.lookupDevice(hash)
+	if err != nil {
+		return nil, err
 	}
 
 	info.lock.Lock()

From 70826e8b3fee27b971852aad89053507c6866d3e Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 11:05:30 +0200
Subject: [PATCH 312/384] devmapper: Add lock to protext Devices map

Currently access to the Devices map is serialized by the main
DeviceSet lock, but we need to access it outside that lock, so we
add a separate lock for this and grab that everywhere we modify
or read the map.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 27 +++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index 4faf997002..f972c34bb1 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -51,7 +51,8 @@ type DevInfo struct {
 }
 
 type MetaData struct {
-	Devices map[string]*DevInfo `json:devices`
+	Devices     map[string]*DevInfo `json:devices`
+	devicesLock sync.Mutex          `json:"-"` // Protects all read/writes to Devices map
 }
 
 type DeviceSet struct {
@@ -179,7 +180,9 @@ func (devices *DeviceSet) allocateTransactionId() uint64 {
 }
 
 func (devices *DeviceSet) saveMetadata() error {
+	devices.devicesLock.Lock()
 	jsonData, err := json.Marshal(devices.MetaData)
+	devices.devicesLock.Unlock()
 	if err != nil {
 		return fmt.Errorf("Error encoding metadata to json: %s", err)
 	}
@@ -215,6 +218,8 @@ func (devices *DeviceSet) saveMetadata() error {
 }
 
 func (devices *DeviceSet) lookupDevice(hash string) (*DevInfo, error) {
+	devices.devicesLock.Lock()
+	defer devices.devicesLock.Unlock()
 	info := devices.Devices[hash]
 	if info == nil {
 		return nil, fmt.Errorf("Unknown device %s", hash)
@@ -233,10 +238,15 @@ func (devices *DeviceSet) registerDevice(id int, hash string, size uint64) (*Dev
 		devices:       devices,
 	}
 
+	devices.devicesLock.Lock()
 	devices.Devices[hash] = info
+	devices.devicesLock.Unlock()
+
 	if err := devices.saveMetadata(); err != nil {
 		// Try to remove unused device
+		devices.devicesLock.Lock()
 		delete(devices.Devices, hash)
+		devices.devicesLock.Unlock()
 		return nil, err
 	}
 
@@ -632,10 +642,14 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 	}
 
 	devices.allocateTransactionId()
+	devices.devicesLock.Lock()
 	delete(devices.Devices, info.Hash)
+	devices.devicesLock.Unlock()
 
 	if err := devices.saveMetadata(); err != nil {
+		devices.devicesLock.Lock()
 		devices.Devices[info.Hash] = info
+		devices.devicesLock.Unlock()
 		utils.Debugf("Error saving meta data: %s\n", err)
 		return err
 	}
@@ -795,7 +809,15 @@ func (devices *DeviceSet) Shutdown() error {
 	utils.Debugf("[devmapper] Shutting down DeviceSet: %s", devices.root)
 	defer utils.Debugf("[deviceset %s] shutdown END", devices.devicePrefix)
 
+	var devs []*DevInfo
+
+	devices.devicesLock.Lock()
 	for _, info := range devices.Devices {
+		devs = append(devs, info)
+	}
+	devices.devicesLock.Unlock()
+
+	for _, info := range devs {
 		info.lock.Lock()
 		if info.mountCount > 0 {
 			// We use MNT_DETACH here in case it is still busy in some running
@@ -979,12 +1001,15 @@ func (devices *DeviceSet) List() []string {
 	devices.Lock()
 	defer devices.Unlock()
 
+	devices.devicesLock.Lock()
 	ids := make([]string, len(devices.Devices))
 	i := 0
 	for k := range devices.Devices {
 		ids[i] = k
 		i++
 	}
+	devices.devicesLock.Unlock()
+
 	return ids
 }
 

From 2ffef1b7eb618162673c6ffabccb9ca57c7dfce3 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 1 Apr 2014 11:28:21 +0200
Subject: [PATCH 313/384] devmapper: Avoid AB-BA deadlock

We currently drop the global lock while holding a per-device lock when
waiting for device removal, and then we re-aquire it when the sleep is done.
This is causing a AB-BA deadlock if anyone at the same time tries to do any
operation on that device like this:

thread A:             thread B
grabs global lock
grabs device lock
releases global lock
sleeps
                      grabs global lock
                      blocks on device lock
wakes up
blocks on global lock

To trigger this you can for instance do:

ID=`docker run -d fedora sleep 5`
cd /var/lib/docker/devicemapper/mnt/$ID
docker wait $ID
docker rm $ID &
docker rm $ID

The unmount will fail due to the mount being busy thus causing the
timeout and the second rm will then trigger the deadlock.

We fix this by adding a lock ordering such that the device locks
are always grabbed before the global lock. This is safe since the
device lookups now have a separate lock.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 runtime/graphdriver/devmapper/deviceset.go | 58 +++++++++++++---------
 1 file changed, 35 insertions(+), 23 deletions(-)

diff --git a/runtime/graphdriver/devmapper/deviceset.go b/runtime/graphdriver/devmapper/deviceset.go
index f972c34bb1..97d670a3d9 100644
--- a/runtime/graphdriver/devmapper/deviceset.go
+++ b/runtime/graphdriver/devmapper/deviceset.go
@@ -47,6 +47,11 @@ type DevInfo struct {
 	// sometimes release that lock while sleeping. In that case
 	// this per-device lock is still held, protecting against
 	// other accesses to the device that we're doing the wait on.
+	//
+	// WARNING: In order to avoid AB-BA deadlocks when releasing
+	// the global lock while holding the per-device locks all
+	// device locks must be aquired *before* the device lock, and
+	// multiple device locks should be aquired parent before child.
 	lock sync.Mutex `json:"-"`
 }
 
@@ -580,13 +585,6 @@ func (devices *DeviceSet) initDevmapper(doInit bool) error {
 }
 
 func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
-	devices.Lock()
-	defer devices.Unlock()
-
-	if info, _ := devices.lookupDevice(hash); info != nil {
-		return fmt.Errorf("device %s already exists", hash)
-	}
-
 	baseInfo, err := devices.lookupDevice(baseHash)
 	if err != nil {
 		return err
@@ -595,6 +593,13 @@ func (devices *DeviceSet) AddDevice(hash, baseHash string) error {
 	baseInfo.lock.Lock()
 	defer baseInfo.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
+	if info, _ := devices.lookupDevice(hash); info != nil {
+		return fmt.Errorf("device %s already exists", hash)
+	}
+
 	deviceId := devices.allocateDeviceId()
 
 	if err := devices.createSnapDevice(devices.getPoolDevName(), deviceId, baseInfo.Name(), baseInfo.DeviceId); err != nil {
@@ -658,9 +663,6 @@ func (devices *DeviceSet) deleteDevice(info *DevInfo) error {
 }
 
 func (devices *DeviceSet) DeleteDevice(hash string) error {
-	devices.Lock()
-	defer devices.Unlock()
-
 	info, err := devices.lookupDevice(hash)
 	if err != nil {
 		return err
@@ -669,6 +671,9 @@ func (devices *DeviceSet) DeleteDevice(hash string) error {
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
 	return devices.deleteDevice(info)
 }
 
@@ -802,8 +807,6 @@ func (devices *DeviceSet) waitClose(info *DevInfo) error {
 }
 
 func (devices *DeviceSet) Shutdown() error {
-	devices.Lock()
-	defer devices.Unlock()
 
 	utils.Debugf("[deviceset %s] shutdown()", devices.devicePrefix)
 	utils.Debugf("[devmapper] Shutting down DeviceSet: %s", devices.root)
@@ -827,31 +830,36 @@ func (devices *DeviceSet) Shutdown() error {
 				utils.Debugf("Shutdown unmounting %s, error: %s\n", info.mountPath, err)
 			}
 
+			devices.Lock()
 			if err := devices.deactivateDevice(info); err != nil {
 				utils.Debugf("Shutdown deactivate %s , error: %s\n", info.Hash, err)
 			}
+			devices.Unlock()
 		}
 		info.lock.Unlock()
 	}
 
 	info, _ := devices.lookupDevice("")
 	if info != nil {
+		info.lock.Lock()
+		devices.Lock()
 		if err := devices.deactivateDevice(info); err != nil {
 			utils.Debugf("Shutdown deactivate base , error: %s\n", err)
 		}
+		devices.Unlock()
+		info.lock.Unlock()
 	}
 
+	devices.Lock()
 	if err := devices.deactivatePool(); err != nil {
 		utils.Debugf("Shutdown deactivate pool , error: %s\n", err)
 	}
+	devices.Unlock()
 
 	return nil
 }
 
 func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error {
-	devices.Lock()
-	defer devices.Unlock()
-
 	info, err := devices.lookupDevice(hash)
 	if err != nil {
 		return err
@@ -860,6 +868,9 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
 	if info.mountCount > 0 {
 		if path != info.mountPath {
 			return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path)
@@ -900,8 +911,6 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro
 func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 	utils.Debugf("[devmapper] UnmountDevice(hash=%s, mode=%d)", hash, mode)
 	defer utils.Debugf("[devmapper] UnmountDevice END")
-	devices.Lock()
-	defer devices.Unlock()
 
 	info, err := devices.lookupDevice(hash)
 	if err != nil {
@@ -911,6 +920,9 @@ func (devices *DeviceSet) UnmountDevice(hash string, mode UnmountMode) error {
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
 	if mode == UnmountFloat {
 		if info.floating {
 			return fmt.Errorf("UnmountDevice: can't float floating reference %s\n", hash)
@@ -971,9 +983,6 @@ func (devices *DeviceSet) HasInitializedDevice(hash string) bool {
 }
 
 func (devices *DeviceSet) HasActivatedDevice(hash string) bool {
-	devices.Lock()
-	defer devices.Unlock()
-
 	info, _ := devices.lookupDevice(hash)
 	if info == nil {
 		return false
@@ -982,6 +991,9 @@ func (devices *DeviceSet) HasActivatedDevice(hash string) bool {
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
 	devinfo, _ := getInfo(info.Name())
 	return devinfo != nil && devinfo.Exists != 0
 }
@@ -1026,9 +1038,6 @@ func (devices *DeviceSet) deviceStatus(devName string) (sizeInSectors, mappedSec
 }
 
 func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
-	devices.Lock()
-	defer devices.Unlock()
-
 	info, err := devices.lookupDevice(hash)
 	if err != nil {
 		return nil, err
@@ -1037,6 +1046,9 @@ func (devices *DeviceSet) GetDeviceStatus(hash string) (*DevStatus, error) {
 	info.lock.Lock()
 	defer info.lock.Unlock()
 
+	devices.Lock()
+	defer devices.Unlock()
+
 	status := &DevStatus{
 		DeviceId:      info.DeviceId,
 		Size:          info.Size,

From aec989bd0801657efeeb81bafb2c6c61f60de6d4 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Wed, 2 Apr 2014 02:44:12 -0600
Subject: [PATCH 314/384] Add more color and cgroupfs hierarchy verification to
 check-config.sh

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/check-config.sh | 111 +++++++++++++++++++++++++++-------------
 1 file changed, 75 insertions(+), 36 deletions(-)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 62606aca04..f225443138 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -7,62 +7,101 @@ set -e
 : ${CONFIG:=/proc/config.gz}
 : ${GREP:=zgrep}
 
-if [ ! -e "$CONFIG" ]; then
-	echo >&2 "warning: $CONFIG does not exist, searching other paths for kernel config..."
-	if [ -e "/boot/config-$(uname -r)" ]; then
-		CONFIG="/boot/config-$(uname -r)"
-	elif [ -e '/usr/src/linux/.config' ]; then
-		CONFIG='/usr/src/linux/.config'
-	else
-		echo >&2 "error: cannot find kernel config"
-		echo >&2 "  try running this script again, specifying the kernel config:"
-		echo >&2 "    CONFIG=/path/to/kernel/.config $0"
-		exit 1
-	fi
-fi
-
 is_set() {
 	$GREP "CONFIG_$1=[y|m]" $CONFIG > /dev/null
 }
 
+# see http://en.wikipedia.org/wiki/ANSI_escape_code#Colors
+declare -A colors=(
+	[black]=30
+	[red]=31
+	[green]=32
+	[yellow]=33
+	[blue]=34
+	[magenta]=35
+	[cyan]=36
+	[white]=37
+)
 color() {
-	color=
-	prefix=
+	color=()
 	if [ "$1" = 'bold' ]; then
-		prefix='1;'
+		color+=( '1' )
 		shift
 	fi
-	case "$1" in
-		green) color='32' ;;
-		red)   color='31' ;;
-		gray)  color='30' ;;
-		reset) color='' ;;
-	esac
-	echo -en '\033['"$prefix$color"m
+	if [ $# -gt 0 ] && [ "${colors[$1]}" ]; then
+		color+=( "${colors[$1]}" )
+	fi
+	local IFS=';'
+	echo -en '\033['"${color[*]}"m
+}
+wrap_color() {
+	text="$1"
+	shift
+	color "$@"
+	echo -n "$text"
+	color reset
+	echo
+}
+
+wrap_good() {
+	echo "$(wrap_color "$1" white): $(wrap_color "$2" green)"
+}
+wrap_bad() {
+	echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)"
+}
+wrap_warning() {
+	wrap_color >&2 "$*" red
 }
 
 check_flag() {
 	if is_set "$1"; then
-		color green
-		echo -n enabled
+		wrap_good "CONFIG_$1" 'enabled'
 	else
-		color bold red
-		echo -n missing
+		wrap_bad "CONFIG_$1" 'missing'
 	fi
-	color reset
 }
 
 check_flags() {
 	for flag in "$@"; do
-		echo "- CONFIG_$flag: $(check_flag "$flag")"
+		echo "- $(check_flag "$flag")"
 	done
 } 
 
+if [ ! -e "$CONFIG" ]; then
+	wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config..."
+	for tryConfig in \
+		'/proc/config.gz' \
+		"/boot/config-$(uname -r)" \
+		'/usr/src/linux/.config' \
+	; do
+		if [ -e "$tryConfig" ]; then
+			CONFIG="$tryConfig"
+			break
+		fi
+	done
+	if [ ! -e "$CONFIG" ]; then
+		wrap_warning "error: cannot find kernel config"
+		wrap_warning "  try running this script again, specifying the kernel config:"
+		wrap_warning "    CONFIG=/path/to/kernel/.config $0"
+		exit 1
+	fi
+fi
+
+wrap_color "info: reading kernel config from $CONFIG ..." white
 echo
 
-# TODO check that the cgroupfs hierarchy is properly mounted
-
 echo 'Generally Necessary:'
+
+echo -n '- '
+cgroupCpuDir="$(awk '/[, ]cpu[, ]/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)"
+cgroupDir="$(dirname "$cgroupCpuDir")"
+if [ -d "$cgroupDir/cpu" ]; then
+	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"
+else
+	echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupCpuDir]"
+	echo "    $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)"
+fi
+
 flags=(
 	NAMESPACES {NET,PID,IPC,UTS}_NS
 	DEVPTS_MULTIPLE_INSTANCES
@@ -83,16 +122,16 @@ check_flags "${flags[@]}"
 
 echo '- Storage Drivers:'
 {
-	echo '- "aufs":'
+	echo '- "'$(wrap_color 'aufs' blue)'":'
 	check_flags AUFS_FS | sed 's/^/  /'
 	if ! is_set AUFS_FS && grep -q aufs /proc/filesystems; then
-		echo "    $(color bold gray)(note that some kernels include AUFS patches but not the AUFS_FS flag)$(color reset)"
+		echo "    $(wrap_color '(note that some kernels include AUFS patches but not the AUFS_FS flag)' bold black)"
 	fi
 
-	echo '- "btrfs":'
+	echo '- "'$(wrap_color 'btrfs' blue)'":'
 	check_flags BTRFS_FS | sed 's/^/  /'
 
-	echo '- "devicemapper":'
+	echo '- "'$(wrap_color 'devicemapper' blue)'":'
 	check_flags BLK_DEV_DM DM_THIN_PROVISIONING EXT4_FS | sed 's/^/  /'
 } | sed 's/^/  /'
 echo

From 3b3f4bf052e442543ec5772875ce7fbc77924596 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Wed, 2 Apr 2014 05:56:11 -0700
Subject: [PATCH 315/384] Return correct exit code upon signal + SIGQUIT now
 quits without cleanup

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 server/server.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/server/server.go b/server/server.go
index 1c6c561375..d6fa7a0c2a 100644
--- a/server/server.go
+++ b/server/server.go
@@ -54,11 +54,16 @@ func InitServer(job *engine.Job) engine.Status {
 	c := make(chan os.Signal, 1)
 	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
 	go func() {
-		sig := <-c
-		log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
-		utils.RemovePidFile(srv.runtime.Config().Pidfile)
-		srv.Close()
-		os.Exit(0)
+		for sig := range c {
+			log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
+			switch sig {
+			case os.Interrupt, syscall.SIGTERM:
+				utils.RemovePidFile(srv.runtime.Config().Pidfile)
+				srv.Close()
+			case syscall.SIGQUIT:
+			}
+			os.Exit(128 + int(sig.(syscall.Signal)))
+		}
 	}()
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
 	job.Eng.Hack_SetGlobalVar("httpapi.runtime", srv.runtime)

From f80fd5da09013d7cd25a0f246ffffd7b6c064073 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 2 Apr 2014 13:07:11 +0000
Subject: [PATCH 316/384] Fix configuration test for MKNOD
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/execdriver/native/template/default_template.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go
index 6828812336..a1ecb04d76 100644
--- a/runtime/execdriver/native/template/default_template.go
+++ b/runtime/execdriver/native/template/default_template.go
@@ -7,7 +7,7 @@ import (
 
 // New returns the docker default configuration for libcontainer
 func New() *libcontainer.Container {
-	return &libcontainer.Container{
+	container := &libcontainer.Container{
 		CapabilitiesMask: libcontainer.Capabilities{
 			libcontainer.GetCapability("SETPCAP"),
 			libcontainer.GetCapability("SYS_MODULE"),
@@ -23,6 +23,7 @@ func New() *libcontainer.Container {
 			libcontainer.GetCapability("MAC_OVERRIDE"),
 			libcontainer.GetCapability("MAC_ADMIN"),
 			libcontainer.GetCapability("NET_ADMIN"),
+			libcontainer.GetCapability("MKNOD"),
 		},
 		Namespaces: libcontainer.Namespaces{
 			libcontainer.GetNamespace("NEWNS"),
@@ -39,4 +40,6 @@ func New() *libcontainer.Container {
 			"apparmor_profile": "docker-default",
 		},
 	}
+	container.CapabilitiesMask.Get("MKNOD").Enabled = true
+	return container
 }

From 18ef3cc24a933cbf403c2aaf8b374cfc84a722a4 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 2 Apr 2014 13:12:52 +0000
Subject: [PATCH 317/384] Remove loopback setup for native driver
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/mount.go | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index e2975d0a9a..4b5a42b1ac 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -55,8 +55,6 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 	if err := copyDevNodes(rootfs); err != nil {
 		return fmt.Errorf("copy dev nodes %s", err)
 	}
-	// In non-privileged mode, this fails. Discard the error.
-	setupLoopbackDevices(rootfs)
 	if err := setupPtmx(rootfs, console, mountLabel); err != nil {
 		return err
 	}
@@ -142,19 +140,6 @@ func copyDevNodes(rootfs string) error {
 	return nil
 }
 
-func setupLoopbackDevices(rootfs string) error {
-	for i := 0; ; i++ {
-		if err := copyDevNode(rootfs, fmt.Sprintf("loop%d", i)); err != nil {
-			if !os.IsNotExist(err) {
-				return err
-			}
-			break
-		}
-
-	}
-	return nil
-}
-
 func copyDevNode(rootfs, node string) error {
 	stat, err := os.Stat(filepath.Join("/dev", node))
 	if err != nil {

From a9d6eef2386a3d08840e2a30bd8d6f2ae3679688 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 2 Apr 2014 13:22:51 +0000
Subject: [PATCH 318/384] Remove racy test causing tests to stall
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration-cli/docker_cli_start_test.go | 34 ------------------------
 1 file changed, 34 deletions(-)
 delete mode 100644 integration-cli/docker_cli_start_test.go

diff --git a/integration-cli/docker_cli_start_test.go b/integration-cli/docker_cli_start_test.go
deleted file mode 100644
index c3059a66c4..0000000000
--- a/integration-cli/docker_cli_start_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package main
-
-import (
-	"os/exec"
-	"testing"
-)
-
-// Regression test for #3364
-func TestDockerStartWithPortCollision(t *testing.T) {
-	runCmd := exec.Command(dockerBinary, "run", "--name", "fail", "-p", "25:25", "busybox", "true")
-	out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd)
-	if err != nil && exitCode != 0 {
-		t.Fatal(out, stderr, err)
-	}
-
-	runCmd = exec.Command(dockerBinary, "run", "--name", "conflict", "-dti", "-p", "25:25", "busybox", "sh")
-	out, stderr, exitCode, err = runCommandWithStdoutStderr(runCmd)
-	if err != nil && exitCode != 0 {
-		t.Fatal(out, stderr, err)
-	}
-
-	startCmd := exec.Command(dockerBinary, "start", "-a", "fail")
-	out, stderr, exitCode, err = runCommandWithStdoutStderr(startCmd)
-	if err != nil && exitCode != 1 {
-		t.Fatal(out, err)
-	}
-
-	killCmd := exec.Command(dockerBinary, "kill", "conflict")
-	runCommand(killCmd)
-
-	deleteAllContainers()
-
-	logDone("start - -a=true error on port use")
-}

From 63c7941172376e81c5e17206f39d7c78c0e95b69 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 2 Apr 2014 16:00:12 +0300
Subject: [PATCH 319/384] docs: explain what docker run -a does

This adds a bit of documentation for the `-a` flag for docker run.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 docs/sources/reference/commandline/cli.rst | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 324b84b0ae..64dff1e1c2 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -1359,6 +1359,35 @@ ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in
 read-only or read-write mode, respectively. By default, the volumes are mounted
 in the same mode (read write or read only) as the reference container.
 
+The ``-a`` flag tells ``docker run`` to bind to the container's stdin, stdout
+or stderr. This makes it possible to manipulate the output and input as needed.
+
+.. code-block:: bash
+
+   $ sudo echo "test" | docker run -i -a stdin ubuntu cat -
+
+This pipes data into a container and prints the container's ID by attaching
+only to the container's stdin.
+
+.. code-block:: bash
+
+   $ sudo docker run -a stderr ubuntu echo test
+
+This isn't going to print anything unless there's an error because we've only
+attached to the stderr of the container. The container's logs still store
+what's been written to stderr and stdout.
+
+.. code-block:: bash
+
+   $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild
+
+This is how piping a file into a container could be done for a build.
+The container's ID will be printed after the build is done and the build logs
+could be retrieved using ``docker logs``. This is useful if you need to pipe
+a file or something else into a container and retrieve the container's ID once
+the container has finished running.
+
+
 A complete example
 ..................
 

From 32ad78b0430079dcc53c245826a244afa2d9b6b6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 1 Apr 2014 09:24:24 -0400
Subject: [PATCH 320/384] Remove hard coding of SELinux labels on systems
 without proper selinux policy.

If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 pkg/selinux/selinux.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 5236d3fb87..5362308617 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -312,13 +312,10 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 	if !SelinuxEnabled() {
 		return "", ""
 	}
-	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
-	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
-	processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
-
+	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
 	in, err := os.Open(lxcPath)
 	if err != nil {
-		goto exit
+		return "", ""
 	}
 	defer in.Close()
 
@@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 			}
 		}
 	}
+
+	if processLabel == "" || fileLabel == "" {
+		return "", ""
+	}
+
 exit:
 	mcs := IntToMcs(os.Getpid(), 1024)
 	scon := NewContext(processLabel)

From d76ac4d429e474a7c79f7aab396e318f4e176025 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 1 Apr 2014 10:03:29 -0400
Subject: [PATCH 321/384] In certain cases, setting the process label will not
 happen.

When the code attempts to set the ProcessLabel, it checks if SELinux Is
enabled.  We have seen a case with some of our patches where the code
is fooled by the container to think that SELinux is not enabled.  Calling
label.Init before setting up the rest of the container, tells the library that
SELinux is enabled and everything works fine.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 pkg/label/label.go              | 3 +++
 pkg/label/label_selinux.go      | 4 ++++
 pkg/libcontainer/nsinit/init.go | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/pkg/label/label.go b/pkg/label/label.go
index ba1e9f48ea..be0d0ae079 100644
--- a/pkg/label/label.go
+++ b/pkg/label/label.go
@@ -21,3 +21,6 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return "", nil
 }
+
+func Init() {
+}
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
index 300a8b6d14..64a1720996 100644
--- a/pkg/label/label_selinux.go
+++ b/pkg/label/label_selinux.go
@@ -67,3 +67,7 @@ func SetFileLabel(path string, fileLabel string) error {
 func GetPidCon(pid int) (string, error) {
 	return selinux.Getpidcon(pid)
 }
+
+func Init() {
+	selinux.SelinuxEnabled()
+}
diff --git a/pkg/libcontainer/nsinit/init.go b/pkg/libcontainer/nsinit/init.go
index 5aa5f9f5b5..e5d69f5453 100644
--- a/pkg/libcontainer/nsinit/init.go
+++ b/pkg/libcontainer/nsinit/init.go
@@ -58,6 +58,8 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol
 	if err := system.ParentDeathSignal(uintptr(syscall.SIGTERM)); err != nil {
 		return fmt.Errorf("parent death signal %s", err)
 	}
+
+	label.Init()
 	ns.logger.Println("setup mount namespace")
 	if err := setupNewMountNamespace(rootfs, container.Mounts, console, container.ReadonlyFs, container.NoPivotRoot, container.Context["mount_label"]); err != nil {
 		return fmt.Errorf("setup mount namespace %s", err)

From ca4224762b5fe9a319b6c1724ee16d1552403269 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 2 Apr 2014 13:56:30 -0400
Subject: [PATCH 322/384] Fix SELinux issue with missing Contexts in lxc
 execdriver

There is a bug in the SELinux patch for the lxc execdriver, that
causes lxc containers to blow up whether or not SELinux is enabled.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
---
 daemonconfig/config.go                 | 3 +--
 runtime/execdriver/lxc/lxc_template.go | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/daemonconfig/config.go b/daemonconfig/config.go
index 6cb3659e18..1abb6f8b89 100644
--- a/daemonconfig/config.go
+++ b/daemonconfig/config.go
@@ -1,10 +1,9 @@
 package daemonconfig
 
 import (
-	"net"
-
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runtime/networkdriver"
+	"net"
 )
 
 const (
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index f325ffcaef..83723285d0 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -32,8 +32,8 @@ lxc.pts = 1024
 lxc.console = none
 {{if getProcessLabel .Context}}
 lxc.se_context = {{ getProcessLabel .Context}}
-{{$MOUNTLABEL := getMountLabel .Context}}
 {{end}}
+{{$MOUNTLABEL := getMountLabel .Context}}
 
 # no controlling tty at all
 lxc.tty = 1
@@ -90,8 +90,8 @@ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noe
 lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0
 {{end}}
 
-lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" "$MOUNTLABEL"}} 0 0
-lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" "$MOUNTLABEL"}} 0 0
+lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" $MOUNTLABEL}} 0 0
+lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" $MOUNTLABEL}} 0 0
 
 {{range $value := .Mounts}}
 {{if $value.Writable}}

From 94233a204f82f857536c16f36f94d3a8ff0069dd Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Wed, 2 Apr 2014 16:52:49 +0000
Subject: [PATCH 323/384] Fix lxc label handleing

This also improves the logic around formatting the labels for selinux
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/label/label.go                     |  2 +-
 pkg/label/label_selinux.go             | 30 +++++++++++++-------------
 runtime/execdriver/lxc/lxc_template.go | 13 +----------
 3 files changed, 17 insertions(+), 28 deletions(-)

diff --git a/pkg/label/label.go b/pkg/label/label.go
index be0d0ae079..38f026bc5a 100644
--- a/pkg/label/label.go
+++ b/pkg/label/label.go
@@ -6,7 +6,7 @@ func GenLabels(options string) (string, string, error) {
 	return "", "", nil
 }
 
-func FormatMountLabel(src string, MountLabel string) string {
+func FormatMountLabel(src string, mountLabel string) string {
 	return src
 }
 
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
index 64a1720996..d807b2b408 100644
--- a/pkg/label/label_selinux.go
+++ b/pkg/label/label_selinux.go
@@ -10,12 +10,15 @@ import (
 
 func GenLabels(options string) (string, string, error) {
 	processLabel, mountLabel := selinux.GetLxcContexts()
-	var err error
 	if processLabel == "" { // SELinux is disabled
-		return "", "", err
+		return "", "", nil
 	}
-	s := strings.Fields(options)
-	l := len(s)
+
+	var (
+		err error
+		s   = strings.Fields(options)
+		l   = len(s)
+	)
 	if l > 0 {
 		pcon := selinux.NewContext(processLabel)
 		for i := 0; i < l; i++ {
@@ -28,19 +31,16 @@ func GenLabels(options string) (string, string, error) {
 	return processLabel, mountLabel, err
 }
 
-func FormatMountLabel(src string, MountLabel string) string {
-	var mountLabel string
-	if src != "" {
-		mountLabel = src
-		if MountLabel != "" {
-			mountLabel = fmt.Sprintf("%s,context=\"%s\"", mountLabel, MountLabel)
-		}
-	} else {
-		if MountLabel != "" {
-			mountLabel = fmt.Sprintf("context=\"%s\"", MountLabel)
+func FormatMountLabel(src string, mountLabel string) string {
+	if mountLabel != "" {
+		switch src {
+		case "":
+			src = fmt.Sprintf("%s,context=%s", src, mountLabel)
+		default:
+			src = fmt.Sprintf("context=%s", mountLabel)
 		}
 	}
-	return mountLabel
+	return src
 }
 
 func SetProcessLabel(processLabel string) error {
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index e3582e2369..c49753c6aa 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -32,9 +32,8 @@ lxc.pts = 1024
 lxc.console = none
 {{if .ProcessLabel}}
 lxc.se_context = {{ .ProcessLabel}}
-{{$MOUNTLABEL := .MountLabel}}
 {{end}}
-{{$MOUNTLABEL := getMountLabel .Context}}
+{{$MOUNTLABEL := .MountLabel}}
 
 # no controlling tty at all
 lxc.tty = 1
@@ -152,14 +151,6 @@ func getMemorySwap(v *execdriver.Resources) int64 {
 	return v.Memory * 2
 }
 
-func getProcessLabel(c map[string][]string) string {
-	return getLabel(c, "process")
-}
-
-func getMountLabel(c map[string][]string) string {
-	return getLabel(c, "mount")
-}
-
 func getLabel(c map[string][]string, name string) string {
 	label := c["label"]
 	for _, l := range label {
@@ -175,8 +166,6 @@ func init() {
 	var err error
 	funcMap := template.FuncMap{
 		"getMemorySwap":     getMemorySwap,
-		"getProcessLabel":   getProcessLabel,
-		"getMountLabel":     getMountLabel,
 		"escapeFstabSpaces": escapeFstabSpaces,
 		"formatMountLabel":  label.FormatMountLabel,
 	}

From e2779e11db113c5551094dba8079d44d8a210e41 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 3 Apr 2014 04:40:38 +0000
Subject: [PATCH 324/384] Remove runtime options from config
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/config.go | 12 ------------
 runtime/runtime.go  |  4 ++--
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/runconfig/config.go b/runconfig/config.go
index c3ade575c5..4b334c6848 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -1,10 +1,8 @@
 package runconfig
 
 import (
-	"encoding/json"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/nat"
-	"github.com/dotcloud/docker/runtime/execdriver"
 )
 
 // Note: the Config structure should hold only portable information about the container.
@@ -36,17 +34,9 @@ type Config struct {
 	Entrypoint      []string
 	NetworkDisabled bool
 	OnBuild         []string
-	Context         execdriver.Context
 }
 
 func ContainerConfigFromJob(job *engine.Job) *Config {
-	var context execdriver.Context
-	val := job.Getenv("Context")
-	if val != "" {
-		if err := json.Unmarshal([]byte(val), &context); err != nil {
-			panic(err)
-		}
-	}
 	config := &Config{
 		Hostname:        job.Getenv("Hostname"),
 		Domainname:      job.Getenv("Domainname"),
@@ -64,7 +54,6 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 		VolumesFrom:     job.Getenv("VolumesFrom"),
 		WorkingDir:      job.Getenv("WorkingDir"),
 		NetworkDisabled: job.GetenvBool("NetworkDisabled"),
-		Context:         context,
 	}
 	job.GetenvJson("ExposedPorts", &config.ExposedPorts)
 	job.GetenvJson("Volumes", &config.Volumes)
@@ -86,6 +75,5 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 	if Entrypoint := job.GetenvList("Entrypoint"); Entrypoint != nil {
 		config.Entrypoint = Entrypoint
 	}
-
 	return config
 }
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 9e8323279e..842dbf8b0b 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -499,7 +499,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	}
 
 	initID := fmt.Sprintf("%s-init", container.ID)
-	if err := runtime.driver.Create(initID, img.ID, config.Context["mount_label"]); err != nil {
+	if err := runtime.driver.Create(initID, img.ID, ""); err != nil {
 		return nil, nil, err
 	}
 	initPath, err := runtime.driver.Get(initID)
@@ -512,7 +512,7 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		return nil, nil, err
 	}
 
-	if err := runtime.driver.Create(container.ID, initID, config.Context["mount_label"]); err != nil {
+	if err := runtime.driver.Create(container.ID, initID, ""); err != nil {
 		return nil, nil, err
 	}
 	resolvConf, err := utils.GetResolvConf()

From 8b450a93b8bb3b1cd0c32754dd499ec0c9b66537 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Thu, 3 Apr 2014 06:34:57 +0000
Subject: [PATCH 325/384] Remove driver wide mount label for dm
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/graphdriver/devmapper/driver.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/runtime/graphdriver/devmapper/driver.go b/runtime/graphdriver/devmapper/driver.go
index 1324ddab81..35fe883f26 100644
--- a/runtime/graphdriver/devmapper/driver.go
+++ b/runtime/graphdriver/devmapper/driver.go
@@ -22,8 +22,7 @@ func init() {
 
 type Driver struct {
 	*DeviceSet
-	home       string
-	MountLabel string
+	home string
 }
 
 var Init = func(home string) (graphdriver.Driver, error) {
@@ -62,12 +61,11 @@ func (d *Driver) Cleanup() error {
 }
 
 func (d *Driver) Create(id, parent string, mountLabel string) error {
-	d.MountLabel = mountLabel
 	if err := d.DeviceSet.AddDevice(id, parent); err != nil {
 		return err
 	}
 	mp := path.Join(d.home, "mnt", id)
-	if err := d.mount(id, mp, d.MountLabel); err != nil {
+	if err := d.mount(id, mp); err != nil {
 		return err
 	}
 
@@ -117,7 +115,7 @@ func (d *Driver) Remove(id string) error {
 
 func (d *Driver) Get(id string) (string, error) {
 	mp := path.Join(d.home, "mnt", id)
-	if err := d.mount(id, mp, d.MountLabel); err != nil {
+	if err := d.mount(id, mp); err != nil {
 		return "", err
 	}
 
@@ -130,13 +128,13 @@ func (d *Driver) Put(id string) {
 	}
 }
 
-func (d *Driver) mount(id, mountPoint string, mountLabel string) error {
+func (d *Driver) mount(id, mountPoint string) error {
 	// Create the target directories if they don't exist
 	if err := osMkdirAll(mountPoint, 0755); err != nil && !osIsExist(err) {
 		return err
 	}
 	// Mount the device
-	return d.DeviceSet.MountDevice(id, mountPoint, mountLabel)
+	return d.DeviceSet.MountDevice(id, mountPoint, "")
 }
 
 func (d *Driver) Exists(id string) bool {

From 8c4617e0ae3b9c7e5167883ca171ad8e23fc06b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20R=C3=B6thlisberger?= <david@rothlis.net>
Date: Thu, 3 Apr 2014 09:40:28 +0100
Subject: [PATCH 326/384] docs: Fix typo in hello world example

---
 docs/sources/examples/hello_world.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/examples/hello_world.rst b/docs/sources/examples/hello_world.rst
index 507056da85..39d7abea2c 100644
--- a/docs/sources/examples/hello_world.rst
+++ b/docs/sources/examples/hello_world.rst
@@ -127,7 +127,7 @@ Attach to the container to see the results in real-time.
   process to see what is going on.
 - **"--sig-proxy=false"** Do not forward signals to the container; allows
   us to exit the attachment using Control-C without stopping the container.
-- **$container_id** The Id of the container we want to attach too.
+- **$container_id** The Id of the container we want to attach to.
 
 Exit from the container attachment by pressing Control-C.
 

From 75633a0451a98bf0c803e742625c4de27dbcc2e8 Mon Sep 17 00:00:00 2001
From: Michael Neale <michael.neale@gmail.com>
Date: Thu, 3 Apr 2014 17:33:34 +1100
Subject: [PATCH 327/384] explained what authConfig actually is.

Docker-DCO-1.1-Signed-off-by: Michael Neale <michael.neale@gmail.com> (github: michaelneale)
---
 docs/sources/reference/api/docker_remote_api.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/sources/reference/api/docker_remote_api.rst b/docs/sources/reference/api/docker_remote_api.rst
index ca7463f351..7fa8468f3c 100644
--- a/docs/sources/reference/api/docker_remote_api.rst
+++ b/docs/sources/reference/api/docker_remote_api.rst
@@ -22,6 +22,8 @@ Docker Remote API
 - Since API version 1.2, the auth configuration is now handled client
   side, so the client has to send the authConfig as POST in
   /images/(name)/push
+- authConfig, set as the ``X-Registry-Auth`` header, is currently a Base64 encoded (json) string with credentials:  
+  ``{'username': string, 'password': string, 'email': string, 'serveraddress' : string}``
 
 2. Versions
 ===========

From cd910cb6858541b432e20b650fad262772c9ef18 Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Wed, 2 Apr 2014 18:00:13 -0700
Subject: [PATCH 328/384] Allow force sigint and allow sigquit after sigint

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 server/server.go | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/server/server.go b/server/server.go
index d6fa7a0c2a..fae50094c2 100644
--- a/server/server.go
+++ b/server/server.go
@@ -54,15 +54,29 @@ func InitServer(job *engine.Job) engine.Status {
 	c := make(chan os.Signal, 1)
 	gosignal.Notify(c, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
 	go func() {
+		interruptCount := 0
 		for sig := range c {
-			log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
-			switch sig {
-			case os.Interrupt, syscall.SIGTERM:
-				utils.RemovePidFile(srv.runtime.Config().Pidfile)
-				srv.Close()
-			case syscall.SIGQUIT:
-			}
-			os.Exit(128 + int(sig.(syscall.Signal)))
+			go func() {
+				log.Printf("Received signal '%v', starting shutdown of docker...\n", sig)
+				switch sig {
+				case os.Interrupt, syscall.SIGTERM:
+					// If the user really wants to interrupt, let him do so.
+					if interruptCount < 3 {
+						interruptCount++
+						// Initiate the cleanup only once
+						if interruptCount == 1 {
+							utils.RemovePidFile(srv.runtime.Config().Pidfile)
+							srv.Close()
+						} else {
+							return
+						}
+					} else {
+						log.Printf("Force shutdown of docker, interrupting cleanup\n")
+					}
+				case syscall.SIGQUIT:
+				}
+				os.Exit(128 + int(sig.(syscall.Signal)))
+			}()
 		}
 	}()
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)

From bd94f84ded944ab69c18cf9d23c35deee3b15963 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 3 Apr 2014 16:27:07 +0200
Subject: [PATCH 329/384] Fix --volumes-from mount failure

As explained in https://github.com/dotcloud/docker/issues/4979
--volumes-from fails with ENOFILE errors.

This is because the code tries to look at the "from" volume without
ensuring that it is mounted yet. We fix this by mounting the containers
before stating in it.

Also includes a regression test.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 integration-cli/docker_cli_run_test.go | 18 ++++++++++++++++++
 runtime/volumes.go                     |  7 ++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index 8d62108fed..fbb09737fc 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -272,6 +272,24 @@ func TestDockerRunWithVolumesAsFiles(t *testing.T) {
 	logDone("run - regression test for #4741 - volumes from as files")
 }
 
+// Regression test for #4979
+func TestDockerRunWithVolumesFromExited(t *testing.T) {
+	runCmd := exec.Command(dockerBinary, "run", "--name", "test-data", "--volume", "/some/dir", "busybox", "touch", "/some/dir/file")
+	out, stderr, exitCode, err := runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal("1", out, stderr, err)
+	}
+
+	runCmd = exec.Command(dockerBinary, "run", "--volumes-from", "test-data", "busybox", "cat", "/some/dir/file")
+	out, stderr, exitCode, err = runCommandWithStdoutStderr(runCmd)
+	if err != nil && exitCode != 0 {
+		t.Fatal("2", out, stderr, err)
+	}
+	deleteAllContainers()
+
+	logDone("run - regression test for #4979 - volumes-from on exited container")
+}
+
 // Regression test for #4830
 func TestDockerRunWithRelativePath(t *testing.T) {
 	runCmd := exec.Command(dockerBinary, "run", "-v", "tmp:/other-tmp", "busybox", "true")
diff --git a/runtime/volumes.go b/runtime/volumes.go
index c504644ae8..0b6f3734e0 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -81,9 +81,14 @@ func applyVolumesFrom(container *Container) error {
 
 			c := container.runtime.Get(specParts[0])
 			if c == nil {
-				return fmt.Errorf("Container %s not found. Impossible to mount its volumes", container.ID)
+				return fmt.Errorf("Container %s not found. Impossible to mount its volumes", specParts[0])
 			}
 
+			if err := c.Mount(); err != nil {
+				return fmt.Errorf("Container %s failed to mount. Impossible to mount its volumes", specParts[0])
+			}
+			defer c.Unmount()
+
 			for volPath, id := range c.Volumes {
 				if _, exists := container.Volumes[volPath]; exists {
 					continue

From 9712f8127a9ac47a3679e20faea08fb971ee1ecc Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 3 Apr 2014 11:46:24 -0600
Subject: [PATCH 330/384] Update contrib/check-config.sh to use zcat and grep
 if zgrep isn't available

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/check-config.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index f225443138..3b1ff8ad85 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -5,10 +5,15 @@ set -e
 # see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in
 
 : ${CONFIG:=/proc/config.gz}
-: ${GREP:=zgrep}
+
+if ! command -v zgrep &> /dev/null; then
+	zgrep() {
+		zcat "$2" | grep "$1"
+	}
+fi
 
 is_set() {
-	$GREP "CONFIG_$1=[y|m]" $CONFIG > /dev/null
+	zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null
 }
 
 # see http://en.wikipedia.org/wiki/ANSI_escape_code#Colors

From fee16d42163822bb23a51c5ebcb1115efc761947 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Thu, 3 Apr 2014 11:52:19 -0600
Subject: [PATCH 331/384] Update contrib/check-config.sh cgroupfs check to
 allow for something like '... cgroup rw,cpu' (looking at you, boot2docker)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 contrib/check-config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 3b1ff8ad85..53bf708404 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -98,7 +98,7 @@ echo
 echo 'Generally Necessary:'
 
 echo -n '- '
-cgroupCpuDir="$(awk '/[, ]cpu[, ]/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)"
+cgroupCpuDir="$(awk '/[, ]cpu([, ]|$)/ && $8 == "cgroup" { print $5 }' /proc/$$/mountinfo | head -n1)"
 cgroupDir="$(dirname "$cgroupCpuDir")"
 if [ -d "$cgroupDir/cpu" ]; then
 	echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]"

From c94111b61988ad32d87f99d4421cbcde018c3fb4 Mon Sep 17 00:00:00 2001
From: Kevin Wallace <kevin@pentabarf.net>
Date: Sun, 1 Dec 2013 15:27:24 -0800
Subject: [PATCH 332/384] Allow non-privileged containers to create device
 nodes.

Such nodes could already be created by importing a tarball to a container; now
they can be created from within the container itself.

This gives non-privileged containers the mknod kernel capability, and modifies
their cgroup settings to allow creation of *any* node, not just whitelisted
ones.  Use of such nodes is still controlled by the existing cgroup whitelist.

Docker-DCO-1.1-Signed-off-by: Kevin Wallace <kevin@pentabarf.net> (github: kevinwallace)
---
 integration/container_test.go                          | 8 ++++----
 pkg/cgroups/apply_raw.go                               | 4 ++++
 runtime/execdriver/lxc/init.go                         | 1 -
 runtime/execdriver/lxc/lxc_template.go                 | 4 ++++
 runtime/execdriver/native/template/default_template.go | 1 -
 5 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index d3d35734ed..c64f9e610b 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1619,16 +1619,16 @@ func TestPrivilegedCanMount(t *testing.T) {
 	}
 }
 
-func TestPrivilegedCannotMknod(t *testing.T) {
+func TestUnprivilegedCanMknod(t *testing.T) {
 	eng := NewTestEngine(t)
 	runtime := mkRuntimeFromEngine(eng, t)
 	defer runtime.Nuke()
-	if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mknod /tmp/sda b 8 0 || echo ok"}, t); output != "ok\n" {
-		t.Fatal("Could mknod into secure container")
+	if output, _ := runContainer(eng, runtime, []string{"_", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok"}, t); output != "ok\n" {
+		t.Fatal("Couldn't mknod into secure container")
 	}
 }
 
-func TestPrivilegedCannotMount(t *testing.T) {
+func TestUnprivilegedCannotMount(t *testing.T) {
 	eng := NewTestEngine(t)
 	runtime := mkRuntimeFromEngine(eng, t)
 	defer runtime.Nuke()
diff --git a/pkg/cgroups/apply_raw.go b/pkg/cgroups/apply_raw.go
index 5fe317937a..220f08f1dc 100644
--- a/pkg/cgroups/apply_raw.go
+++ b/pkg/cgroups/apply_raw.go
@@ -95,6 +95,10 @@ func (raw *rawCgroup) setupDevices(c *Cgroup, pid int) (err error) {
 		}
 
 		allow := []string{
+			// allow mknod for any device
+			"c *:* m",
+			"b *:* m",
+
 			// /dev/null, zero, full
 			"c 1:3 rwm",
 			"c 1:5 rwm",
diff --git a/runtime/execdriver/lxc/init.go b/runtime/execdriver/lxc/init.go
index a64bca15b2..c1933a5e43 100644
--- a/runtime/execdriver/lxc/init.go
+++ b/runtime/execdriver/lxc/init.go
@@ -144,7 +144,6 @@ func setupCapabilities(args *execdriver.InitArgs) error {
 		capability.CAP_SYS_RESOURCE,
 		capability.CAP_SYS_TIME,
 		capability.CAP_SYS_TTY_CONFIG,
-		capability.CAP_MKNOD,
 		capability.CAP_AUDIT_WRITE,
 		capability.CAP_AUDIT_CONTROL,
 		capability.CAP_MAC_OVERRIDE,
diff --git a/runtime/execdriver/lxc/lxc_template.go b/runtime/execdriver/lxc/lxc_template.go
index e5248375a8..bad3249b31 100644
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@@ -44,6 +44,10 @@ lxc.cgroup.devices.allow = a
 # no implicit access to devices
 lxc.cgroup.devices.deny = a
 
+# but allow mknod for any device
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
diff --git a/runtime/execdriver/native/template/default_template.go b/runtime/execdriver/native/template/default_template.go
index b9eb87713e..6828812336 100644
--- a/runtime/execdriver/native/template/default_template.go
+++ b/runtime/execdriver/native/template/default_template.go
@@ -18,7 +18,6 @@ func New() *libcontainer.Container {
 			libcontainer.GetCapability("SYS_RESOURCE"),
 			libcontainer.GetCapability("SYS_TIME"),
 			libcontainer.GetCapability("SYS_TTY_CONFIG"),
-			libcontainer.GetCapability("MKNOD"),
 			libcontainer.GetCapability("AUDIT_WRITE"),
 			libcontainer.GetCapability("AUDIT_CONTROL"),
 			libcontainer.GetCapability("MAC_OVERRIDE"),

From e21607341cd8dc575098bd09a3c992da166f7884 Mon Sep 17 00:00:00 2001
From: Kevin Wallace <kevin@pentabarf.net>
Date: Sun, 1 Dec 2013 15:33:44 -0800
Subject: [PATCH 333/384] Add myself to AUTHORS.

Docker-DCO-1.1-Signed-off-by: Kevin Wallace <kevin@pentabarf.net> (github: kevinwallace)
---
 AUTHORS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AUTHORS b/AUTHORS
index df091d5950..6e34065266 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -177,6 +177,7 @@ Keli Hu <dev@keli.hu>
 Ken Cochrane <kencochrane@gmail.com>
 Kevin Clark <kevin.clark@gmail.com>
 Kevin J. Lynagh <kevin@keminglabs.com>
+Kevin Wallace <kevin@pentabarf.net>
 Keyvan Fatehi <keyvanfatehi@gmail.com>
 kim0 <email.ahmedkamal@googlemail.com>
 Kim BKC Carlbacker <kim.carlbacker@gmail.com>

From 3c36f82f181c4ce3b65dd15c4b6cb5699ea75075 Mon Sep 17 00:00:00 2001
From: Rajat Pandit <rp@rajatpandit.com>
Date: Thu, 3 Apr 2014 20:54:57 +0100
Subject: [PATCH 334/384] Update nodejs_web_app.rst

---
 docs/sources/examples/nodejs_web_app.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/examples/nodejs_web_app.rst b/docs/sources/examples/nodejs_web_app.rst
index a9e9b1c5e3..87bc1d5aaa 100644
--- a/docs/sources/examples/nodejs_web_app.rst
+++ b/docs/sources/examples/nodejs_web_app.rst
@@ -50,7 +50,7 @@ Then, create an ``index.js`` file that defines a web app using the
       res.send('Hello World\n');
     });
 
-    app.listen(PORT)
+    app.listen(PORT);
     console.log('Running on http://localhost:' + PORT);
 
 

From 32d6041cc30a636de2f8da89f778c4b6c7d4df19 Mon Sep 17 00:00:00 2001
From: Rajat Pandit <rp@rajatpandit.com>
Date: Thu, 3 Apr 2014 21:05:50 +0100
Subject: [PATCH 335/384] Update nodejs_web_app.rst

---
 docs/sources/examples/nodejs_web_app.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sources/examples/nodejs_web_app.rst b/docs/sources/examples/nodejs_web_app.rst
index a9e9b1c5e3..e880db555f 100644
--- a/docs/sources/examples/nodejs_web_app.rst
+++ b/docs/sources/examples/nodejs_web_app.rst
@@ -18,7 +18,7 @@ https://github.com/gasi/docker-node-hello.
 Create Node.js app
 ++++++++++++++++++
 
-First, create a ``package.json`` file that describes your app and its
+First, create a directory ``src`` where all the files would live. Then create a ``package.json`` file that describes your app and its
 dependencies:
 
 .. code-block:: json

From 887eeb2b022a4c6d3de8c9bfc586ee82855d3cb9 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Thu, 3 Apr 2014 21:55:33 +0000
Subject: [PATCH 336/384] Skip login tests because of external dependency to a
 hosted service.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 integration/auth_test.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/integration/auth_test.go b/integration/auth_test.go
index 1d9d450573..8109bbb130 100644
--- a/integration/auth_test.go
+++ b/integration/auth_test.go
@@ -16,6 +16,7 @@ import (
 // - Integration tests should have side-effects limited to the host environment being tested.
 
 func TestLogin(t *testing.T) {
+	t.Skip("FIXME: please remove dependency on external services")
 	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")
 	defer os.Setenv("DOCKER_INDEX_URL", "")
 	authConfig := &registry.AuthConfig{
@@ -34,6 +35,7 @@ func TestLogin(t *testing.T) {
 }
 
 func TestCreateAccount(t *testing.T) {
+	t.Skip("FIXME: please remove dependency on external services")
 	tokenBuffer := make([]byte, 16)
 	_, err := rand.Read(tokenBuffer)
 	if err != nil {

From 7c3b955b907c33238c1c155ae8860b2cec929c8b Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Thu, 3 Apr 2014 22:02:03 +0000
Subject: [PATCH 337/384] Deprecate 'docker images --tree' and 'docker images
 --viz'

* The commands are no longer listed or documented.
* The commands still work but print a deprecation warning.
* The commands should be removed in a future version.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 api/client/commands.go                     |  9 +++--
 docs/sources/reference/commandline/cli.rst | 42 ----------------------
 2 files changed, 7 insertions(+), 44 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index 53b8822d69..93627613a5 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -1137,8 +1137,9 @@ func (cli *DockerCli) CmdImages(args ...string) error {
 	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
 	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (by default filter out the intermediate images used to build)")
 	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
-	flViz := cmd.Bool([]string{"v", "#viz", "-viz"}, false, "Output graph in graphviz format")
-	flTree := cmd.Bool([]string{"t", "#tree", "-tree"}, false, "Output graph in tree format")
+	// FIXME: --viz and --tree are deprecated. Remove them in a future version.
+	flViz := cmd.Bool([]string{"#v", "#viz", "#-viz"}, false, "Output graph in graphviz format")
+	flTree := cmd.Bool([]string{"#t", "#tree", "#-tree"}, false, "Output graph in tree format")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil
@@ -1150,6 +1151,7 @@ func (cli *DockerCli) CmdImages(args ...string) error {
 
 	filter := cmd.Arg(0)
 
+	// FIXME: --viz and --tree are deprecated. Remove them in a future version.
 	if *flViz || *flTree {
 		body, _, err := readBody(cli.call("GET", "/images/json?all=1", nil, false))
 		if err != nil {
@@ -1260,6 +1262,7 @@ func (cli *DockerCli) CmdImages(args ...string) error {
 	return nil
 }
 
+// FIXME: --viz and --tree are deprecated. Remove them in a future version.
 func (cli *DockerCli) WalkTree(noTrunc bool, images *engine.Table, byParent map[string]*engine.Table, prefix string, printNode func(cli *DockerCli, noTrunc bool, image *engine.Env, prefix string)) {
 	length := images.Len()
 	if length > 1 {
@@ -1286,6 +1289,7 @@ func (cli *DockerCli) WalkTree(noTrunc bool, images *engine.Table, byParent map[
 	}
 }
 
+// FIXME: --viz and --tree are deprecated. Remove them in a future version.
 func (cli *DockerCli) printVizNode(noTrunc bool, image *engine.Env, prefix string) {
 	var (
 		imageID  string
@@ -1309,6 +1313,7 @@ func (cli *DockerCli) printVizNode(noTrunc bool, image *engine.Env, prefix strin
 	}
 }
 
+// FIXME: --viz and --tree are deprecated. Remove them in a future version.
 func (cli *DockerCli) printTreeNode(noTrunc bool, image *engine.Env, prefix string) {
 	var imageID string
 	if noTrunc {
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 64dff1e1c2..6ff66feeb7 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -600,8 +600,6 @@ To see how the ``docker:latest`` image was built:
       -a, --all=false: Show all images (by default filter out the intermediate images used to build)
       --no-trunc=false: Don't truncate output
       -q, --quiet=false: Only show numeric IDs
-      -t, --tree=false: Output graph in tree format
-      -v, --viz=false: Output graph in graphviz format
 
 Listing the most recently created images
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -637,46 +635,6 @@ Listing the full length image IDs
 	tryout                        latest              2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074   23 hours ago        131.5 MB
 	<none>                        <none>              5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df   24 hours ago        1.089 GB
 
-Displaying images visually
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. code-block:: bash
-
-    $ sudo docker images --viz | dot -Tpng -o docker.png
-
-.. image:: docker_images.gif
-   :alt: Example inheritance graph of Docker images.
-
-
-Displaying image hierarchy
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. code-block:: bash
-
-    $ sudo docker images --tree
-
-    ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise
-    └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB)
-      └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal
-        ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB)
-        │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB)
-        │   └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB)
-        │     └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB)
-        │       └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB)
-        │         └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest
-        └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB)
-          └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB)
-            └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB)
-              └─b1b0235328dd Size: 363.3 MB (virtual 640.2 MB)
-                └─7cb05d1acb3b Size: 20.48 kB (virtual 640.2 MB)
-                  └─47bf6f34832d Size: 20.48 kB (virtual 640.2 MB)
-                    └─f165104e82ed Size: 12.29 kB (virtual 640.2 MB)
-                      └─d9cf85a47b7e Size: 1.911 MB (virtual 642.2 MB)
-                        └─3ee562df86ca Size: 17.07 kB (virtual 642.2 MB)
-                          └─b05fc2d00e4a Size: 24.96 kB (virtual 642.2 MB)
-                            └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB)
-                              └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest
-
 .. _cli_import:
 
 ``import``

From 6cf137860102b8df5db75dd68924375a7b74c1c3 Mon Sep 17 00:00:00 2001
From: Goffert van Gool <goffert@phusion.nl>
Date: Thu, 3 Apr 2014 20:47:49 +0200
Subject: [PATCH 338/384] Fix typo in names-generator

Docker-DCO-1.1-Signed-off-by: Goffert van Gool <ruphin@ruphin.net> (github: ruphin)
---
 pkg/namesgenerator/names-generator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/namesgenerator/names-generator.go b/pkg/namesgenerator/names-generator.go
index cb18eb8c06..07fadf8171 100644
--- a/pkg/namesgenerator/names-generator.go
+++ b/pkg/namesgenerator/names-generator.go
@@ -76,7 +76,7 @@ var (
 	//	http://en.wikipedia.org/wiki/John_Bardeen
 	//	http://en.wikipedia.org/wiki/Walter_Houser_Brattain
 	//	http://en.wikipedia.org/wiki/William_Shockley
-	right = [...]string{"lovelace", "franklin", "tesla", "einstein", "bohr", "davinci", "pasteur", "nobel", "curie", "darwin", "turing", "ritchie", "torvalds", "pike", "thompson", "wozniak", "galileo", "euclid", "newton", "fermat", "archimedes", "poincare", "heisenberg", "feynman", "hawking", "fermi", "pare", "mccarthy", "engelbart", "babbage", "albattani", "ptolemy", "bell", "wright", "lumiere", "morse", "mclean", "brown", "bardeen", "brattain", "shockley", "goldstine", "hoover", "hopper", "bartik", "sammet", "jones", "perlman", "wilson", "kowalevski", "hypatia", "goodall", "mayer", "elion", "blackwell", "lalande", "kirch", "ardinghelli", "colden", "almeida", "leakey", "meitner", "mestorf", "rosalind", "sinoussi", "carson", "mcmclintock", "yonath"}
+	right = [...]string{"lovelace", "franklin", "tesla", "einstein", "bohr", "davinci", "pasteur", "nobel", "curie", "darwin", "turing", "ritchie", "torvalds", "pike", "thompson", "wozniak", "galileo", "euclid", "newton", "fermat", "archimedes", "poincare", "heisenberg", "feynman", "hawking", "fermi", "pare", "mccarthy", "engelbart", "babbage", "albattani", "ptolemy", "bell", "wright", "lumiere", "morse", "mclean", "brown", "bardeen", "brattain", "shockley", "goldstine", "hoover", "hopper", "bartik", "sammet", "jones", "perlman", "wilson", "kowalevski", "hypatia", "goodall", "mayer", "elion", "blackwell", "lalande", "kirch", "ardinghelli", "colden", "almeida", "leakey", "meitner", "mestorf", "rosalind", "sinoussi", "carson", "mcclintock", "yonath"}
 )
 
 func GenerateRandomName(checker NameChecker) (string, error) {

From 615ac8feb27b2b3db0c06b37ecd87b710eabffef Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Thu, 3 Apr 2014 23:47:58 +0000
Subject: [PATCH 339/384] Deprecate 'docker insert'

'docker insert' is an old command which predates 'docker build'. We no
longer recommend using it, it is not actively maintained, and can be
replaced with the combination of 'docker build' and 'ADD'.

This removes the command from usage and documentation, and prints a
warning when it is called.

The command still works but it will be removed in a future version.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 api/client/commands.go                     |  3 ++-
 api/server/server.go                       |  1 +
 docs/sources/reference/commandline/cli.rst | 28 ----------------------
 integration/server_test.go                 |  1 +
 server/server.go                           |  3 +++
 5 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index 53b8822d69..168252a1b7 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -56,7 +56,6 @@ func (cli *DockerCli) CmdHelp(args ...string) error {
 		{"images", "List images"},
 		{"import", "Create a new filesystem image from the contents of a tarball"},
 		{"info", "Display system-wide information"},
-		{"insert", "Insert a file in an image"},
 		{"inspect", "Return low-level information on a container"},
 		{"kill", "Kill a running container"},
 		{"load", "Load an image from a tar archive"},
@@ -85,7 +84,9 @@ func (cli *DockerCli) CmdHelp(args ...string) error {
 	return nil
 }
 
+// FIXME: 'insert' is deprecated.
 func (cli *DockerCli) CmdInsert(args ...string) error {
+	fmt.Fprintf(os.Stderr, "Warning: '%s' is deprecated and will be removed in a future version. Please use 'docker build' and 'ADD' instead.\n")
 	cmd := cli.Subcmd("insert", "IMAGE URL PATH", "Insert a file from URL in the IMAGE at PATH")
 	if err := cmd.Parse(args); err != nil {
 		return nil
diff --git a/api/server/server.go b/api/server/server.go
index 93dd2094b6..c6eafaf265 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -458,6 +458,7 @@ func getImagesSearch(eng *engine.Engine, version version.Version, w http.Respons
 	return job.Run()
 }
 
+// FIXME: 'insert' is deprecated as of 0.10, and should be removed in a future version.
 func postImagesInsert(eng *engine.Engine, version version.Version, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 	if err := parseForm(r); err != nil {
 		return err
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index 64dff1e1c2..09ef6e0679 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -753,34 +753,6 @@ preserved.
 	WARNING: No swap limit support
 
 
-.. _cli_insert:
-
-``insert``
-----------
-
-::
-
-    Usage: docker insert IMAGE URL PATH
-
-    Insert a file from URL in the IMAGE at PATH
-
-Use the specified ``IMAGE`` as the parent for a new image which adds a
-:ref:`layer <layer_def>` containing the new file. The ``insert`` command does
-not modify the original image, and the new image has the contents of the parent
-image, plus the new file.
-
-
-Examples
-~~~~~~~~
-
-Insert file from GitHub
-.......................
-
-.. code-block:: bash
-
-    $ sudo docker insert 8283e18b24bc https://raw.github.com/metalivedev/django/master/postinstall /tmp/postinstall.sh
-    06fd35556d7b
-
 .. _cli_inspect:
 
 ``inspect``
diff --git a/integration/server_test.go b/integration/server_test.go
index a401f1306e..4ad5ec0f92 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -640,6 +640,7 @@ func TestImagesFilter(t *testing.T) {
 	}
 }
 
+// FIXE: 'insert' is deprecated and should be removed in a future version.
 func TestImageInsert(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()
diff --git a/server/server.go b/server/server.go
index fae50094c2..9cabf17889 100644
--- a/server/server.go
+++ b/server/server.go
@@ -82,6 +82,7 @@ func InitServer(job *engine.Job) engine.Status {
 	job.Eng.Hack_SetGlobalVar("httpapi.server", srv)
 	job.Eng.Hack_SetGlobalVar("httpapi.runtime", srv.runtime)
 
+	// FIXME: 'insert' is deprecated and should be removed in a future version.
 	for name, handler := range map[string]engine.Handler{
 		"export":           srv.ContainerExport,
 		"create":           srv.ContainerCreate,
@@ -641,7 +642,9 @@ func (srv *Server) ImagesSearch(job *engine.Job) engine.Status {
 	return engine.StatusOK
 }
 
+// FIXME: 'insert' is deprecated and should be removed in a future version.
 func (srv *Server) ImageInsert(job *engine.Job) engine.Status {
+	fmt.Fprintf(job.Stderr, "Warning: '%s' is deprecated and will be removed in a future version. Please use 'build' and 'ADD' instead.\n", job.Name)
 	if len(job.Args) != 3 {
 		return job.Errorf("Usage: %s IMAGE URL PATH\n", job.Name)
 	}

From c8f437aee0d90d4955a6aaa35f8e0b74e7ac99a3 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Thu, 3 Apr 2014 23:14:51 +0000
Subject: [PATCH 340/384] api/server: replace an integration test with a unit
 test using engine mocking.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 api/server/server_unit_test.go | 61 ++++++++++++++++++++++++++++++++++
 integration/api_test.go        | 37 ---------------------
 2 files changed, 61 insertions(+), 37 deletions(-)

diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go
index 5ea5af411c..c14fd8ba9e 100644
--- a/api/server/server_unit_test.go
+++ b/api/server/server_unit_test.go
@@ -2,8 +2,13 @@ package server
 
 import (
 	"fmt"
+	"github.com/dotcloud/docker/api"
+	"github.com/dotcloud/docker/engine"
+	"github.com/dotcloud/docker/utils"
+	"io"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"testing"
 )
 
@@ -50,3 +55,59 @@ func TesthttpError(t *testing.T) {
 		t.Fatalf("Expected %d, got %d", http.StatusInternalServerError, r.Code)
 	}
 }
+
+func TestGetVersion(t *testing.T) {
+	tmp, err := utils.TestDirectory("")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	eng, err := engine.New(tmp)
+	if err != nil {
+		t.Fatal(err)
+	}
+	var called bool
+	eng.Register("version", func(job *engine.Job) engine.Status {
+		called = true
+		v := &engine.Env{}
+		v.Set("Version", "42.1")
+		v.Set("ApiVersion", "1.1.1.1.1")
+		v.Set("GoVersion", "2.42")
+		v.Set("Os", "Linux")
+		v.Set("Arch", "x86_64")
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+
+	r := httptest.NewRecorder()
+	req, err := http.NewRequest("GET", "/version", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// FIXME getting the version should require an actual running Server
+	if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		t.Fatal(err)
+	}
+	if !called {
+		t.Fatalf("handler was not called")
+	}
+	out := engine.NewOutput()
+	v, err := out.AddEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := io.Copy(out, r.Body); err != nil {
+		t.Fatal(err)
+	}
+	out.Close()
+	expected := "42.1"
+	if result := v.Get("Version"); result != expected {
+		t.Errorf("Expected version %s, %s found", expected, result)
+	}
+	expected = "application/json"
+	if result := r.HeaderMap.Get("Content-Type"); result != expected {
+		t.Errorf("Expected Content-Type %s, %s found", expected, result)
+	}
+}
diff --git a/integration/api_test.go b/integration/api_test.go
index d08617ea69..61697af8a1 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -16,7 +16,6 @@ import (
 
 	"github.com/dotcloud/docker/api"
 	"github.com/dotcloud/docker/api/server"
-	"github.com/dotcloud/docker/dockerversion"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/runconfig"
@@ -25,42 +24,6 @@ import (
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
-func TestGetVersion(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkRuntimeFromEngine(eng, t).Nuke()
-
-	var err error
-	r := httptest.NewRecorder()
-
-	req, err := http.NewRequest("GET", "/version", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	// FIXME getting the version should require an actual running Server
-	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r, t)
-
-	out := engine.NewOutput()
-	v, err := out.AddEnv()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := io.Copy(out, r.Body); err != nil {
-		t.Fatal(err)
-	}
-	out.Close()
-	expected := dockerversion.VERSION
-	if result := v.Get("Version"); result != expected {
-		t.Errorf("Expected version %s, %s found", expected, result)
-	}
-	expected = "application/json"
-	if result := r.HeaderMap.Get("Content-Type"); result != expected {
-		t.Errorf("Expected Content-Type %s, %s found", expected, result)
-	}
-}
-
 func TestGetInfo(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()

From 76057addb255e6f14dd03c276317abc759a15a80 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Thu, 3 Apr 2014 23:15:56 +0000
Subject: [PATCH 341/384] engine: fix engine.Env.Encode() to stop auto-guessing
 types.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 engine/env.go      | 20 +-------------------
 engine/env_test.go | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/engine/env.go b/engine/env.go
index c43a5ec971..1da3ae52e0 100644
--- a/engine/env.go
+++ b/engine/env.go
@@ -194,25 +194,7 @@ func (env *Env) SetAuto(k string, v interface{}) {
 }
 
 func (env *Env) Encode(dst io.Writer) error {
-	m := make(map[string]interface{})
-	for k, v := range env.Map() {
-		var val interface{}
-		if err := json.Unmarshal([]byte(v), &val); err == nil {
-			// FIXME: we fix-convert float values to int, because
-			// encoding/json decodes integers to float64, but cannot encode them back.
-			// (See http://golang.org/src/pkg/encoding/json/decode.go#L46)
-			if fval, isFloat := val.(float64); isFloat {
-				val = int(fval)
-			}
-			m[k] = val
-		} else {
-			m[k] = v
-		}
-	}
-	if err := json.NewEncoder(dst).Encode(&m); err != nil {
-		return err
-	}
-	return nil
+	return json.NewEncoder(dst).Encode(env.Map())
 }
 
 func (env *Env) WriteTo(dst io.Writer) (n int64, err error) {
diff --git a/engine/env_test.go b/engine/env_test.go
index c7079ff942..da7d919f03 100644
--- a/engine/env_test.go
+++ b/engine/env_test.go
@@ -95,3 +95,21 @@ func TestEnviron(t *testing.T) {
 		t.Fatalf("bar not found in the environ")
 	}
 }
+
+func TestEnvWriteTo(t *testing.T) {
+	e := &Env{}
+	inputKey := "Version"
+	inputVal := "42.1"
+	e.Set(inputKey, inputVal)
+	out := NewOutput()
+	e2, err := out.AddEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	e.WriteTo(out)
+	result := e2.Get(inputKey)
+	expected := inputVal
+	if expected != result {
+		t.Fatalf("%#v\n", result)
+	}
+}

From 2cb560988b111ee736c4ab22588d2091cb04075e Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Fri, 4 Apr 2014 00:02:44 +0000
Subject: [PATCH 342/384] api/server: convert TestGetInfo from an integration
 test to a unit test.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 api/server/server_unit_test.go | 67 ++++++++++++++++++++++++++++++++++
 integration/api_test.go        | 41 ---------------------
 2 files changed, 67 insertions(+), 41 deletions(-)

diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go
index c14fd8ba9e..3fc1cea064 100644
--- a/api/server/server_unit_test.go
+++ b/api/server/server_unit_test.go
@@ -111,3 +111,70 @@ func TestGetVersion(t *testing.T) {
 		t.Errorf("Expected Content-Type %s, %s found", expected, result)
 	}
 }
+
+func TestGetInfo(t *testing.T) {
+	tmp, err := utils.TestDirectory("")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+	eng, err := engine.New(tmp)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var called bool
+	eng.Register("info", func(job *engine.Job) engine.Status {
+		called = true
+		v := &engine.Env{}
+		v.SetInt("Containers", 1)
+		v.SetInt("Images", 42000)
+		if _, err := v.WriteTo(job.Stdout); err != nil {
+			return job.Error(err)
+		}
+		return engine.StatusOK
+	})
+
+	r := httptest.NewRecorder()
+	req, err := http.NewRequest("GET", "/info", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// FIXME getting the version should require an actual running Server
+	if err := ServeRequest(eng, api.APIVERSION, r, req); err != nil {
+		t.Fatal(err)
+	}
+	if !called {
+		t.Fatalf("handler was not called")
+	}
+
+	out := engine.NewOutput()
+	i, err := out.AddEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, err := io.Copy(out, r.Body); err != nil {
+		t.Fatal(err)
+	}
+	out.Close()
+	{
+		expected := 42000
+		result := i.GetInt("Images")
+		if expected != result {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+	{
+		expected := 1
+		result := i.GetInt("Containers")
+		if expected != result {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+	{
+		expected := "application/json"
+		if result := r.HeaderMap.Get("Content-Type"); result != expected {
+			t.Fatalf("%#v\n", result)
+		}
+	}
+}
diff --git a/integration/api_test.go b/integration/api_test.go
index 61697af8a1..26441a2668 100644
--- a/integration/api_test.go
+++ b/integration/api_test.go
@@ -24,47 +24,6 @@ import (
 	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
 )
 
-func TestGetInfo(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkRuntimeFromEngine(eng, t).Nuke()
-
-	job := eng.Job("images")
-	initialImages, err := job.Stdout.AddListTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if err := job.Run(); err != nil {
-		t.Fatal(err)
-	}
-	req, err := http.NewRequest("GET", "/info", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-	r := httptest.NewRecorder()
-
-	if err := server.ServeRequest(eng, api.APIVERSION, r, req); err != nil {
-		t.Fatal(err)
-	}
-	assertHttpNotError(r, t)
-
-	out := engine.NewOutput()
-	i, err := out.AddEnv()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if _, err := io.Copy(out, r.Body); err != nil {
-		t.Fatal(err)
-	}
-	out.Close()
-	if images := i.GetInt("Images"); images != initialImages.Len() {
-		t.Errorf("Expected images: %d, %d found", initialImages.Len(), images)
-	}
-	expected := "application/json"
-	if result := r.HeaderMap.Get("Content-Type"); result != expected {
-		t.Errorf("Expected Content-Type %s, %s found", expected, result)
-	}
-}
-
 func TestGetEvents(t *testing.T) {
 	eng := NewTestEngine(t)
 	srv := mkServerFromEngine(eng, t)

From b2b9334f27e1a773b77241efa214af2e87439d3b Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Fri, 4 Apr 2014 00:08:51 +0000
Subject: [PATCH 343/384] remove hack in version

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index fae50094c2..a6a0c14a84 100644
--- a/server/server.go
+++ b/server/server.go
@@ -843,7 +843,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 func (srv *Server) DockerVersion(job *engine.Job) engine.Status {
 	v := &engine.Env{}
 	v.Set("Version", dockerversion.VERSION)
-	v.SetJson("ApiVersion", api.APIVERSION)
+	v.Set("ApiVersion", string(api.APIVERSION))
 	v.Set("GitCommit", dockerversion.GITCOMMIT)
 	v.Set("GoVersion", goruntime.Version())
 	v.Set("Os", goruntime.GOOS)

From e09274476f889c08416a819dfb28f2c425868c6b Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 4 Apr 2014 03:22:32 +0300
Subject: [PATCH 344/384] cli integration: sync container & image deletion

This makes container and image removal in the tests run synchronously.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 integration-cli/docker_cli_build_test.go         | 2 +-
 integration-cli/docker_cli_commit_test.go        | 4 ++--
 integration-cli/docker_cli_diff_test.go          | 6 +++---
 integration-cli/docker_cli_export_import_test.go | 4 ++--
 integration-cli/docker_cli_kill_test.go          | 2 +-
 integration-cli/docker_cli_logs_test.go          | 6 +++---
 integration-cli/docker_cli_push_test.go          | 2 +-
 integration-cli/docker_cli_save_load_test.go     | 4 ++--
 integration-cli/docker_cli_tag_test.go           | 2 +-
 integration-cli/docker_cli_top_test.go           | 2 +-
 10 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/integration-cli/docker_cli_build_test.go b/integration-cli/docker_cli_build_test.go
index e6f3096892..7cd42dc69c 100644
--- a/integration-cli/docker_cli_build_test.go
+++ b/integration-cli/docker_cli_build_test.go
@@ -18,7 +18,7 @@ func TestBuildSixtySteps(t *testing.T) {
 		t.Fatal("failed to build the image")
 	}
 
-	go deleteImages("foobuildsixtysteps")
+	deleteImages("foobuildsixtysteps")
 
 	logDone("build - build an image with sixty build steps")
 }
diff --git a/integration-cli/docker_cli_commit_test.go b/integration-cli/docker_cli_commit_test.go
index 5ed55ef62a..51adaac9df 100644
--- a/integration-cli/docker_cli_commit_test.go
+++ b/integration-cli/docker_cli_commit_test.go
@@ -27,8 +27,8 @@ func TestCommitAfterContainerIsDone(t *testing.T) {
 	out, _, err = runCommandWithOutput(inspectCmd)
 	errorOut(err, t, fmt.Sprintf("failed to inspect image: %v %v", out, err))
 
-	go deleteContainer(cleanedContainerID)
-	go deleteImages(cleanedImageID)
+	deleteContainer(cleanedContainerID)
+	deleteImages(cleanedImageID)
 
 	logDone("commit - echo foo and commit the image")
 }
diff --git a/integration-cli/docker_cli_diff_test.go b/integration-cli/docker_cli_diff_test.go
index 0ae9cca38d..478ebd2df1 100644
--- a/integration-cli/docker_cli_diff_test.go
+++ b/integration-cli/docker_cli_diff_test.go
@@ -30,7 +30,7 @@ func TestDiffFilenameShownInOutput(t *testing.T) {
 	if !found {
 		t.Errorf("couldn't find the new file in docker diff's output: %v", out)
 	}
-	go deleteContainer(cleanCID)
+	deleteContainer(cleanCID)
 
 	logDone("diff - check if created file shows up")
 }
@@ -53,7 +53,7 @@ func TestDiffEnsureDockerinitFilesAreIgnored(t *testing.T) {
 		out, _, err := runCommandWithOutput(diffCmd)
 		errorOut(err, t, fmt.Sprintf("failed to run diff: %v %v", out, err))
 
-		go deleteContainer(cleanCID)
+		deleteContainer(cleanCID)
 
 		for _, filename := range dockerinitFiles {
 			if strings.Contains(out, filename) {
@@ -74,7 +74,7 @@ func TestDiffEnsureOnlyKmsgAndPtmx(t *testing.T) {
 	diffCmd := exec.Command(dockerBinary, "diff", cleanCID)
 	out, _, err := runCommandWithOutput(diffCmd)
 	errorOut(err, t, fmt.Sprintf("failed to run diff: %v %v", out, err))
-	go deleteContainer(cleanCID)
+	deleteContainer(cleanCID)
 
 	expected := map[string]bool{
 		"C /dev":      true,
diff --git a/integration-cli/docker_cli_export_import_test.go b/integration-cli/docker_cli_export_import_test.go
index 66ff1055ba..2e443cd39e 100644
--- a/integration-cli/docker_cli_export_import_test.go
+++ b/integration-cli/docker_cli_export_import_test.go
@@ -40,8 +40,8 @@ func TestExportContainerAndImportImage(t *testing.T) {
 	out, _, err = runCommandWithOutput(inspectCmd)
 	errorOut(err, t, fmt.Sprintf("output should've been an image id: %v %v", out, err))
 
-	go deleteImages("testexp")
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
+	deleteImages("testexp")
 
 	os.Remove("/tmp/testexp.tar")
 
diff --git a/integration-cli/docker_cli_kill_test.go b/integration-cli/docker_cli_kill_test.go
index 676ccd0ca0..b8265d8cfb 100644
--- a/integration-cli/docker_cli_kill_test.go
+++ b/integration-cli/docker_cli_kill_test.go
@@ -30,7 +30,7 @@ func TestKillContainer(t *testing.T) {
 		t.Fatal("killed container is still running")
 	}
 
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
 
 	logDone("kill - kill container running sleep 10")
 }
diff --git a/integration-cli/docker_cli_logs_test.go b/integration-cli/docker_cli_logs_test.go
index f8fcbe8832..8fcf4d7333 100644
--- a/integration-cli/docker_cli_logs_test.go
+++ b/integration-cli/docker_cli_logs_test.go
@@ -24,7 +24,7 @@ func TestLogsContainerSmallerThanPage(t *testing.T) {
 		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
 	}
 
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
 
 	logDone("logs - logs container running echo smaller than page size")
 }
@@ -47,7 +47,7 @@ func TestLogsContainerBiggerThanPage(t *testing.T) {
 		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
 	}
 
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
 
 	logDone("logs - logs container running echo bigger than page size")
 }
@@ -70,7 +70,7 @@ func TestLogsContainerMuchBiggerThanPage(t *testing.T) {
 		t.Fatalf("Expected log length of %d, received %d\n", testLen+1, len(out))
 	}
 
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
 
 	logDone("logs - logs container running echo much bigger than page size")
 }
diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go
index 8117c077bc..160bb9e286 100644
--- a/integration-cli/docker_cli_push_test.go
+++ b/integration-cli/docker_cli_push_test.go
@@ -26,7 +26,7 @@ func TestPushBusyboxImage(t *testing.T) {
 	out, exitCode, err = runCommandWithOutput(pushCmd)
 	errorOut(err, t, fmt.Sprintf("%v %v", out, err))
 
-	go deleteImages(repoName)
+	deleteImages(repoName)
 
 	if err != nil || exitCode != 0 {
 		t.Fatal("pushing the image to the private registry has failed")
diff --git a/integration-cli/docker_cli_save_load_test.go b/integration-cli/docker_cli_save_load_test.go
index 7f04f7ca53..d728c7de95 100644
--- a/integration-cli/docker_cli_save_load_test.go
+++ b/integration-cli/docker_cli_save_load_test.go
@@ -42,8 +42,8 @@ func TestSaveAndLoadRepo(t *testing.T) {
 	out, _, err = runCommandWithOutput(inspectCmd)
 	errorOut(err, t, fmt.Sprintf("the repo should exist after loading it: %v %v", out, err))
 
-	go deleteImages(repoName)
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
+	deleteImages(repoName)
 
 	os.Remove("/tmp/foobar-save-load-test.tar")
 
diff --git a/integration-cli/docker_cli_tag_test.go b/integration-cli/docker_cli_tag_test.go
index 67c28c570a..d75b7db385 100644
--- a/integration-cli/docker_cli_tag_test.go
+++ b/integration-cli/docker_cli_tag_test.go
@@ -79,7 +79,7 @@ func TestTagValidPrefixedRepo(t *testing.T) {
 			t.Errorf("tag busybox %v should have worked: %s", repo, err)
 			continue
 		}
-		go deleteImages(repo)
+		deleteImages(repo)
 		logMessage := fmt.Sprintf("tag - busybox %v", repo)
 		logDone(logMessage)
 	}
diff --git a/integration-cli/docker_cli_top_test.go b/integration-cli/docker_cli_top_test.go
index 1895054ccc..73d590cf06 100644
--- a/integration-cli/docker_cli_top_test.go
+++ b/integration-cli/docker_cli_top_test.go
@@ -22,7 +22,7 @@ func TestTop(t *testing.T) {
 	_, err = runCommand(killCmd)
 	errorOut(err, t, fmt.Sprintf("failed to kill container: %v", err))
 
-	go deleteContainer(cleanedContainerID)
+	deleteContainer(cleanedContainerID)
 
 	if !strings.Contains(out, "sleep 20") {
 		t.Fatal("top should've listed sleep 20 in the process list")

From bea71245c8165e0dfdc6b2485c548c04f4d3edd3 Mon Sep 17 00:00:00 2001
From: Dan Stine <sw@stinemail.com>
Date: Fri, 4 Apr 2014 08:12:17 -0400
Subject: [PATCH 345/384] fixed two readme typos

---
 pkg/libcontainer/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md
index e967f6d76d..3bf79549e3 100644
--- a/pkg/libcontainer/README.md
+++ b/pkg/libcontainer/README.md
@@ -3,7 +3,7 @@
 #### background
 
 libcontainer specifies configuration options for what a container is.  It provides a native Go implementation 
-for using linux namespaces with no external dependencies.  libcontainer provides many convience functions for working with namespaces, networking, and management.  
+for using linux namespaces with no external dependencies.  libcontainer provides many convenience functions for working with namespaces, networking, and management.  
 
 
 #### container
@@ -91,7 +91,7 @@ Sample `container.json` file:
 ```
 
 Using this configuration and the current directory holding the rootfs for a process, one can use libcontainer to exec the container. Running the life of the namespace, a `pid` file 
-is written to the current directory with the pid of the namespaced process to the external world.  A client can use this pid to wait, kill, or perform other operation with the container.  If a user tries to run an new process inside an existing container with a live namespace the namespace will be joined by the new process.
+is written to the current directory with the pid of the namespaced process to the external world.  A client can use this pid to wait, kill, or perform other operation with the container.  If a user tries to run a new process inside an existing container with a live namespace the namespace will be joined by the new process.
 
 
 You may also specify an alternate root place where the `container.json` file is read and where the `pid` file will be saved.

From 62b08f557db91cc5cd12ea9ceb0a4d8cf3d6e0f1 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 4 Apr 2014 19:03:07 +0300
Subject: [PATCH 346/384] cli integration: allow driver selection via vars

This makes it possible to choose the graphdriver and the execdriver
which is going to be used for the cli integration tests.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 Makefile                       | 2 +-
 hack/make/test-integration-cli | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 776d57951f..d49aa3b667 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 DOCKER_MOUNT := $(if $(BINDDIR),-v "$(CURDIR)/$(BINDDIR):/go/src/github.com/dotcloud/docker/$(BINDDIR)")
 
-DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
+DOCKER_RUN_DOCKER := docker run --rm -it --privileged -e TESTFLAGS -e DOCKER_GRAPHDRIVER -e DOCKER_EXECDRIVER $(DOCKER_MOUNT) "$(DOCKER_IMAGE)"
 DOCKER_RUN_DOCS := docker run --rm -it -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)"
 
 default: binary
diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
index 5c6fc367fc..1760171dd5 100644
--- a/hack/make/test-integration-cli
+++ b/hack/make/test-integration-cli
@@ -7,6 +7,8 @@ set -e
 # subshell so that we can export PATH without breaking other things
 (
 export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH"
+DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
+DOCKER_EXECDRIVER=${DOCKER_EXECDRIVER:-native}
 
 bundle_test_integration_cli() {
 	go_test_dir ./integration-cli
@@ -17,7 +19,8 @@ if ! command -v docker &> /dev/null; then
 	false
 fi
 
-docker -d -D -p $DEST/docker.pid &> $DEST/docker.log &
+echo "running cli integration tests using graphdriver: '$DOCKER_GRAPHDRIVER' and execdriver: '$DOCKER_EXECDRIVER'" 
+docker -d -D -s $DOCKER_GRAPHDRIVER -e $DOCKER_EXECDRIVER -p $DEST/docker.pid &> $DEST/docker.log &
 
 # pull the busybox image before running the tests
 sleep 2

From 22152ccc47e641050da85b80cebf2912b42fd122 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Fri, 4 Apr 2014 19:06:55 +0300
Subject: [PATCH 347/384] cli integration: fix wait race

The wait at the end of cli integration script could end up failing if
the process had already exited. This was making it look like the tests
have failed.

This change fixes the problem.

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 hack/make/test-integration-cli | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
index 1760171dd5..18e4ee6602 100644
--- a/hack/make/test-integration-cli
+++ b/hack/make/test-integration-cli
@@ -31,5 +31,5 @@ bundle_test_integration_cli 2>&1 \
 
 DOCKERD_PID=$(cat $DEST/docker.pid)
 kill $DOCKERD_PID
-wait $DOCKERD_PID
+wait $DOCKERD_PID || true
 )

From 95e6fd819bbef09032bf680e0f7dadd7fbf44559 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 4 Apr 2014 11:29:56 -0700
Subject: [PATCH 348/384] Revert "engine: fix engine.Env.Encode() to stop
 auto-guessing types."

This reverts commit 76057addb255e6f14dd03c276317abc759a15a80.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 engine/env.go      | 20 +++++++++++++++++++-
 engine/env_test.go | 18 ------------------
 2 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/engine/env.go b/engine/env.go
index 1da3ae52e0..c43a5ec971 100644
--- a/engine/env.go
+++ b/engine/env.go
@@ -194,7 +194,25 @@ func (env *Env) SetAuto(k string, v interface{}) {
 }
 
 func (env *Env) Encode(dst io.Writer) error {
-	return json.NewEncoder(dst).Encode(env.Map())
+	m := make(map[string]interface{})
+	for k, v := range env.Map() {
+		var val interface{}
+		if err := json.Unmarshal([]byte(v), &val); err == nil {
+			// FIXME: we fix-convert float values to int, because
+			// encoding/json decodes integers to float64, but cannot encode them back.
+			// (See http://golang.org/src/pkg/encoding/json/decode.go#L46)
+			if fval, isFloat := val.(float64); isFloat {
+				val = int(fval)
+			}
+			m[k] = val
+		} else {
+			m[k] = v
+		}
+	}
+	if err := json.NewEncoder(dst).Encode(&m); err != nil {
+		return err
+	}
+	return nil
 }
 
 func (env *Env) WriteTo(dst io.Writer) (n int64, err error) {
diff --git a/engine/env_test.go b/engine/env_test.go
index da7d919f03..c7079ff942 100644
--- a/engine/env_test.go
+++ b/engine/env_test.go
@@ -95,21 +95,3 @@ func TestEnviron(t *testing.T) {
 		t.Fatalf("bar not found in the environ")
 	}
 }
-
-func TestEnvWriteTo(t *testing.T) {
-	e := &Env{}
-	inputKey := "Version"
-	inputVal := "42.1"
-	e.Set(inputKey, inputVal)
-	out := NewOutput()
-	e2, err := out.AddEnv()
-	if err != nil {
-		t.Fatal(err)
-	}
-	e.WriteTo(out)
-	result := e2.Get(inputKey)
-	expected := inputVal
-	if expected != result {
-		t.Fatalf("%#v\n", result)
-	}
-}

From 4c6cf9e27fd0ee6c09e836f03722d1c679b6bd29 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 4 Apr 2014 11:35:07 -0700
Subject: [PATCH 349/384] Use setjson hack again for version
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 api/server/server_unit_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/server/server_unit_test.go b/api/server/server_unit_test.go
index 3fc1cea064..3dbba640ff 100644
--- a/api/server/server_unit_test.go
+++ b/api/server/server_unit_test.go
@@ -70,7 +70,7 @@ func TestGetVersion(t *testing.T) {
 	eng.Register("version", func(job *engine.Job) engine.Status {
 		called = true
 		v := &engine.Env{}
-		v.Set("Version", "42.1")
+		v.SetJson("Version", "42.1")
 		v.Set("ApiVersion", "1.1.1.1.1")
 		v.Set("GoVersion", "2.42")
 		v.Set("Os", "Linux")

From 07887f65de7f909e56bf965b3875a1dd46bd3619 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 4 Apr 2014 11:38:03 -0700
Subject: [PATCH 350/384] Revert "remove hack in version"

This reverts commit b2b9334f27e1a773b77241efa214af2e87439d3b.

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 server/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 55ac10fd0d..9cabf17889 100644
--- a/server/server.go
+++ b/server/server.go
@@ -846,7 +846,7 @@ func (srv *Server) DockerInfo(job *engine.Job) engine.Status {
 func (srv *Server) DockerVersion(job *engine.Job) engine.Status {
 	v := &engine.Env{}
 	v.Set("Version", dockerversion.VERSION)
-	v.Set("ApiVersion", string(api.APIVERSION))
+	v.SetJson("ApiVersion", api.APIVERSION)
 	v.Set("GitCommit", dockerversion.GITCOMMIT)
 	v.Set("GoVersion", goruntime.Version())
 	v.Set("Os", goruntime.GOOS)

From da8aa712d28cb7177b0fe5b4cc9d7de33ea1da60 Mon Sep 17 00:00:00 2001
From: Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
Date: Sat, 5 Apr 2014 10:09:04 +0900
Subject: [PATCH 351/384] Remove archive/stat_unsupported.go because it is not
 used

LUtimesNano and all other functions were implemented on pkg/system after
d6114c0da0e844199e3d23c60a04434566fb5392.

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
---
 archive/stat_unsupported.go | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 archive/stat_unsupported.go

diff --git a/archive/stat_unsupported.go b/archive/stat_unsupported.go
deleted file mode 100644
index 004fa0f0a4..0000000000
--- a/archive/stat_unsupported.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// +build !linux !amd64
-
-package archive
-
-import "syscall"
-
-func getLastAccess(stat *syscall.Stat_t) syscall.Timespec {
-	return syscall.Timespec{}
-}
-
-func getLastModification(stat *syscall.Stat_t) syscall.Timespec {
-	return syscall.Timespec{}
-}
-
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	return ErrNotImplemented
-}
-
-func UtimesNano(path string, ts []syscall.Timespec) error {
-	return ErrNotImplemented
-}

From 794b5de749fceea906222917e90bbc19e131ecc3 Mon Sep 17 00:00:00 2001
From: Kato Kazuyoshi <kato.kazuyoshi@gmail.com>
Date: Sat, 5 Apr 2014 10:29:40 +0900
Subject: [PATCH 352/384] Don't assume the file system has sub-second precision
 timestamp

For example, FreeBSD doesn't have that
(see http://lists.freebsd.org/pipermail/freebsd-fs/2012-February/013677.html).

Docker-DCO-1.1-Signed-off-by: Kato Kazuyoshi <kato.kazuyoshi@gmail.com> (github: kzys)
---
 archive/changes_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/archive/changes_test.go b/archive/changes_test.go
index 1302b76f47..34c0f0da64 100644
--- a/archive/changes_test.go
+++ b/archive/changes_test.go
@@ -138,7 +138,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	}
 
 	// Rewrite a file
-	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileN\n"), 0777); err != nil {
+	if err := ioutil.WriteFile(path.Join(root, "file2"), []byte("fileNN\n"), 0777); err != nil {
 		t.Fatal(err)
 	}
 
@@ -146,12 +146,12 @@ func mutateSampleDir(t *testing.T, root string) {
 	if err := os.RemoveAll(path.Join(root, "file3")); err != nil {
 		t.Fatal(err)
 	}
-	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileM\n"), 0404); err != nil {
+	if err := ioutil.WriteFile(path.Join(root, "file3"), []byte("fileMM\n"), 0404); err != nil {
 		t.Fatal(err)
 	}
 
 	// Touch file
-	if err := os.Chtimes(path.Join(root, "file4"), time.Now(), time.Now()); err != nil {
+	if err := os.Chtimes(path.Join(root, "file4"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
 		t.Fatal(err)
 	}
 
@@ -195,7 +195,7 @@ func mutateSampleDir(t *testing.T, root string) {
 	}
 
 	// Touch dir
-	if err := os.Chtimes(path.Join(root, "dir3"), time.Now(), time.Now()); err != nil {
+	if err := os.Chtimes(path.Join(root, "dir3"), time.Now().Add(time.Second), time.Now().Add(time.Second)); err != nil {
 		t.Fatal(err)
 	}
 }

From e35c23311fce853fab318527789f11cc8c150ea2 Mon Sep 17 00:00:00 2001
From: Michael Brown <michael@netdirect.ca>
Date: Mon, 7 Apr 2014 02:02:11 -0400
Subject: [PATCH 353/384] apparmor: docker-default: Include base abstraction

Encountered problems on 14.04 relating to signals between container
processes being blocked by apparmor. The base abstraction contains
appropriate rules to allow this communication.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
---
 pkg/libcontainer/apparmor/setup.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go
index 4e1c95143a..cc786de9aa 100644
--- a/pkg/libcontainer/apparmor/setup.go
+++ b/pkg/libcontainer/apparmor/setup.go
@@ -18,6 +18,7 @@ const DefaultProfile = `
 @{PROC}=/proc/
 
 profile docker-default flags=(attach_disconnected,mediate_deleted) {
+  #include <abstractions/base>
   network,
   capability,
   file,

From 320b3e0d211d389addda02998a0f47839827b2af Mon Sep 17 00:00:00 2001
From: Michael Brown <michael@netdirect.ca>
Date: Mon, 7 Apr 2014 02:47:43 -0400
Subject: [PATCH 354/384] apparmor: abstractions/base expects pid variable

Add 'pid' variable pointing to 'self' to allow parsing of profile to succeed

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
---
 pkg/libcontainer/apparmor/setup.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go
index cc786de9aa..d9deec470e 100644
--- a/pkg/libcontainer/apparmor/setup.go
+++ b/pkg/libcontainer/apparmor/setup.go
@@ -16,6 +16,7 @@ const DefaultProfile = `
 #@{HOMEDIRS}+=
 @{multiarch}=*-linux-gnu*
 @{PROC}=/proc/
+@{pid}=self
 
 profile docker-default flags=(attach_disconnected,mediate_deleted) {
   #include <abstractions/base>

From 726206f2aa45b8a537ae6d6c819f21befc2e0aca Mon Sep 17 00:00:00 2001
From: Michael Brown <michael@netdirect.ca>
Date: Mon, 7 Apr 2014 03:04:27 -0400
Subject: [PATCH 355/384] apparmor: pull in variables from tunables/global

The variables that were defined at the top of the apparmor profile are best
pulled in via the <tunables/global> include.

Docker-DCO-1.1-Signed-off-by: Michael Brown <michael.brown@discourse.org> (github: Supermathie)
---
 pkg/libcontainer/apparmor/setup.go | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go
index d9deec470e..4c664598ad 100644
--- a/pkg/libcontainer/apparmor/setup.go
+++ b/pkg/libcontainer/apparmor/setup.go
@@ -11,13 +11,8 @@ import (
 const DefaultProfilePath = "/etc/apparmor.d/docker"
 const DefaultProfile = `
 # AppArmor profile from lxc for containers.
-@{HOME}=@{HOMEDIRS}/*/ /root/
-@{HOMEDIRS}=/home/
-#@{HOMEDIRS}+=
-@{multiarch}=*-linux-gnu*
-@{PROC}=/proc/
-@{pid}=self
 
+#include <tunables/global>
 profile docker-default flags=(attach_disconnected,mediate_deleted) {
   #include <abstractions/base>
   network,

From 87ea27e80b131ca11d74c89446d4992af0f6c5b9 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Mon, 7 Apr 2014 17:18:45 +1000
Subject: [PATCH 356/384] intermediate image layers are used for more than the
 build

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 api/client/commands.go                     | 2 +-
 contrib/completion/fish/docker.fish        | 2 +-
 docs/sources/reference/commandline/cli.rst | 9 ++++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index 2007ae9c2d..bd23b3c7fd 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -1136,7 +1136,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {
 func (cli *DockerCli) CmdImages(args ...string) error {
 	cmd := cli.Subcmd("images", "[OPTIONS] [NAME]", "List images")
 	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
-	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (by default filter out the intermediate images used to build)")
+	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (by default filter out the intermediate image layers)")
 	noTrunc := cmd.Bool([]string{"#notrunc", "-no-trunc"}, false, "Don't truncate output")
 	// FIXME: --viz and --tree are deprecated. Remove them in a future version.
 	flViz := cmd.Bool([]string{"#v", "#viz", "#-viz"}, false, "Output graph in graphviz format")
diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish
index edaa5ca8c6..e3bb72aebe 100644
--- a/contrib/completion/fish/docker.fish
+++ b/contrib/completion/fish/docker.fish
@@ -107,7 +107,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_pr
 
 # images
 complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images'
-complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate images used to build)'
+complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)'
 complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output"
 complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs'
 complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format'
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index da643f249a..c0487302dd 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -597,10 +597,17 @@ To see how the ``docker:latest`` image was built:
 
     List images
 
-      -a, --all=false: Show all images (by default filter out the intermediate images used to build)
+      -a, --all=false: Show all images (by default filter out the intermediate image layers)
       --no-trunc=false: Don't truncate output
       -q, --quiet=false: Only show numeric IDs
 
+The default ``docker images`` will show all top level images, their repository
+and tags, and their virtual size.
+
+Docker images have intermediate layers that increase reuseability, decrease 
+disk usage, and speed up ``docker build`` by allowing each step to be cached.
+These intermediate layers are not shown by default.
+
 Listing the most recently created images
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

From c987aa09d81a6916e3893c41b7ec2880570b5c65 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 11:01:35 -0700
Subject: [PATCH 357/384] Move history to separate file
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/history.go | 30 ++++++++++++++++++++++++++++++
 runtime/runtime.go | 27 ---------------------------
 2 files changed, 30 insertions(+), 27 deletions(-)
 create mode 100644 runtime/history.go

diff --git a/runtime/history.go b/runtime/history.go
new file mode 100644
index 0000000000..835ac9c11e
--- /dev/null
+++ b/runtime/history.go
@@ -0,0 +1,30 @@
+package runtime
+
+import (
+	"sort"
+)
+
+// History is a convenience type for storing a list of containers,
+// ordered by creation date.
+type History []*Container
+
+func (history *History) Len() int {
+	return len(*history)
+}
+
+func (history *History) Less(i, j int) bool {
+	containers := *history
+	return containers[j].When().Before(containers[i].When())
+}
+
+func (history *History) Swap(i, j int) {
+	containers := *history
+	tmp := containers[i]
+	containers[i] = containers[j]
+	containers[j] = tmp
+}
+
+func (history *History) Add(container *Container) {
+	*history = append(*history, container)
+	sort.Sort(history)
+}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 842dbf8b0b..f4c4b09a39 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -26,7 +26,6 @@ import (
 	"os"
 	"path"
 	"regexp"
-	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -62,7 +61,6 @@ type Runtime struct {
 
 // Mountpoints should be private to the container
 func remountPrivate(mountPoint string) error {
-
 	mounted, err := mount.Mounted(mountPoint)
 	if err != nil {
 		return err
@@ -973,28 +971,3 @@ func (runtime *Runtime) ContainerGraph() *graphdb.Database {
 func (runtime *Runtime) SetServer(server Server) {
 	runtime.srv = server
 }
-
-// History is a convenience type for storing a list of containers,
-// ordered by creation date.
-type History []*Container
-
-func (history *History) Len() int {
-	return len(*history)
-}
-
-func (history *History) Less(i, j int) bool {
-	containers := *history
-	return containers[j].When().Before(containers[i].When())
-}
-
-func (history *History) Swap(i, j int) {
-	containers := *history
-	tmp := containers[i]
-	containers[i] = containers[j]
-	containers[j] = tmp
-}
-
-func (history *History) Add(container *Container) {
-	*history = append(*history, container)
-	sort.Sort(history)
-}

From dc7fefc16bfcc4e6d0ccb30233e50b0ab3d172f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= <jp@enix.org>
Date: Thu, 3 Apr 2014 13:50:19 -0700
Subject: [PATCH 358/384] Use https://get.docker.io/ubuntu consistently
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The install script (on https://get.docker.io/) installs an APT sources.list
entry referencing an HTTPS repository, and takes care of installing the
apt-transport-https package. However, the Debian/Ubuntu specific installation
script (on https://get.docker.io/ubuntu) used an HTTPS repository but without
installing that package, causing the installation to fail on some platforms.

This will use HTTPS everywhere, and updates the documentation accordingly.

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)

Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni <jerome@docker.com> (github: jpetazzo)
---
 docs/sources/installation/ubuntulinux.rst | 15 +++++++++++++--
 hack/release.sh                           |  5 +++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs/sources/installation/ubuntulinux.rst b/docs/sources/installation/ubuntulinux.rst
index 44dba6b97e..51f303e88a 100644
--- a/docs/sources/installation/ubuntulinux.rst
+++ b/docs/sources/installation/ubuntulinux.rst
@@ -68,7 +68,18 @@ easy. **See the** :ref:`installmirrors` **section below if you are not in
 the United States.** Other sources of the Debian packages may be
 faster for you to install.
 
-First add the Docker repository key to your local keychain.
+First, check that your APT system can deal with ``https`` URLs:
+the file ``/usr/lib/apt/methods/https`` should exist. If it doesn't,
+you need to install the package ``apt-transport-https``.
+
+.. code-block:: bash
+
+   [ -e /usr/lib/apt/methods/https ] || {
+     apt-get update
+     apt-get install apt-transport-https
+   }
+
+Then, add the Docker repository key to your local keychain.
 
 .. code-block:: bash
 
@@ -82,7 +93,7 @@ continue installation.*
 
 .. code-block:: bash
 
-   sudo sh -c "echo deb http://get.docker.io/ubuntu docker main\
+   sudo sh -c "echo deb https://get.docker.io/ubuntu docker main\
    > /etc/apt/sources.list.d/docker.list"
    sudo apt-get update
    sudo apt-get install lxc-docker
diff --git a/hack/release.sh b/hack/release.sh
index 6f9df8c7e6..84e1c42383 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -273,6 +273,11 @@ EOF
 	# Upload repo
 	s3cmd --acl-public sync $APTDIR/ s3://$BUCKET/ubuntu/
 	cat <<EOF | write_to_s3 s3://$BUCKET/ubuntu/index
+# Check that HTTPS transport is available to APT
+if [ ! -e /usr/lib/apt/methods/https ]; then
+	apt-get update
+	apt-get install -y apt-transport-https
+fi
 # Add the repository to your APT sources
 echo deb $(s3_url)/ubuntu docker main > /etc/apt/sources.list.d/docker.list
 # Then import the repository key

From 1277885420b069abd7468fe3e69deb4fb0a3f4fc Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 12:20:23 -0700
Subject: [PATCH 359/384] Clean runtime create and make it simple
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runtime/runtime.go | 156 ++++++++++++++++++++++++++++++---------------
 1 file changed, 103 insertions(+), 53 deletions(-)

diff --git a/runtime/runtime.go b/runtime/runtime.go
index f4c4b09a39..d35e2d653a 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -371,53 +371,86 @@ func (runtime *Runtime) restore() error {
 
 // Create creates a new container from the given configuration with a given name.
 func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Container, []string, error) {
-	// Lookup image
+	var (
+		container *Container
+		warnings  []string
+	)
+
 	img, err := runtime.repositories.LookupImage(config.Image)
 	if err != nil {
 		return nil, nil, err
 	}
+	if err := runtime.checkImageDepth(img); err != nil {
+		return nil, nil, err
+	}
+	if warnings, err = runtime.mergeAndVerifyConfig(config, img); err != nil {
+		return nil, nil, err
+	}
+	if container, err = runtime.newContainer(name, config, img); err != nil {
+		return nil, nil, err
+	}
+	if err := runtime.createRootfs(container, img); err != nil {
+		return nil, nil, err
+	}
+	if err := runtime.setupContainerDns(container, config); err != nil {
+		return nil, nil, err
+	}
+	if err := container.ToDisk(); err != nil {
+		return nil, nil, err
+	}
+	if err := runtime.Register(container); err != nil {
+		return nil, nil, err
+	}
+	return container, warnings, nil
+}
 
+func (runtime *Runtime) checkImageDepth(img *image.Image) error {
 	// We add 2 layers to the depth because the container's rw and
 	// init layer add to the restriction
 	depth, err := img.Depth()
 	if err != nil {
-		return nil, nil, err
+		return err
 	}
-
 	if depth+2 >= MaxImageDepth {
-		return nil, nil, fmt.Errorf("Cannot create container with more than %d parents", MaxImageDepth)
+		return fmt.Errorf("Cannot create container with more than %d parents", MaxImageDepth)
 	}
+	return nil
+}
 
-	checkDeprecatedExpose := func(config *runconfig.Config) bool {
-		if config != nil {
-			if config.PortSpecs != nil {
-				for _, p := range config.PortSpecs {
-					if strings.Contains(p, ":") {
-						return true
-					}
+func (runtime *Runtime) checkDeprecatedExpose(config *runconfig.Config) bool {
+	if config != nil {
+		if config.PortSpecs != nil {
+			for _, p := range config.PortSpecs {
+				if strings.Contains(p, ":") {
+					return true
 				}
 			}
 		}
-		return false
 	}
+	return false
+}
 
+func (runtime *Runtime) mergeAndVerifyConfig(config *runconfig.Config, img *image.Image) ([]string, error) {
 	warnings := []string{}
-	if checkDeprecatedExpose(img.Config) || checkDeprecatedExpose(config) {
+	if runtime.checkDeprecatedExpose(img.Config) || runtime.checkDeprecatedExpose(config) {
 		warnings = append(warnings, "The mapping to public ports on your host via Dockerfile EXPOSE (host:port:port) has been deprecated. Use -p to publish the ports.")
 	}
-
 	if img.Config != nil {
 		if err := runconfig.Merge(config, img.Config); err != nil {
-			return nil, nil, err
+			return nil, err
 		}
 	}
-
 	if len(config.Entrypoint) == 0 && len(config.Cmd) == 0 {
-		return nil, nil, fmt.Errorf("No command specified")
+		return nil, fmt.Errorf("No command specified")
 	}
+	return warnings, nil
+}
 
-	// Generate id
-	id := utils.GenerateRandomID()
+func (runtime *Runtime) generateIdAndName(name string) (string, string, error) {
+	var (
+		err error
+		id  = utils.GenerateRandomID()
+	)
 
 	if name == "" {
 		name, err = generateRandomName(runtime)
@@ -426,47 +459,51 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		}
 	} else {
 		if !validContainerNamePattern.MatchString(name) {
-			return nil, nil, fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars)
+			return "", "", fmt.Errorf("Invalid container name (%s), only %s are allowed", name, validContainerNameChars)
 		}
 	}
-
 	if name[0] != '/' {
 		name = "/" + name
 	}
-
 	// Set the enitity in the graph using the default name specified
 	if _, err := runtime.containerGraph.Set(name, id); err != nil {
 		if !graphdb.IsNonUniqueNameError(err) {
-			return nil, nil, err
+			return "", "", err
 		}
 
 		conflictingContainer, err := runtime.GetByName(name)
 		if err != nil {
 			if strings.Contains(err.Error(), "Could not find entity") {
-				return nil, nil, err
+				return "", "", err
 			}
 
 			// Remove name and continue starting the container
 			if err := runtime.containerGraph.Delete(name); err != nil {
-				return nil, nil, err
+				return "", "", err
 			}
 		} else {
 			nameAsKnownByUser := strings.TrimPrefix(name, "/")
-			return nil, nil, fmt.Errorf(
+			return "", "", fmt.Errorf(
 				"Conflict, The name %s is already assigned to %s. You have to delete (or rename) that container to be able to assign %s to a container again.", nameAsKnownByUser,
 				utils.TruncateID(conflictingContainer.ID), nameAsKnownByUser)
 		}
 	}
+	return id, name, nil
+}
 
+func (runtime *Runtime) generateHostname(id string, config *runconfig.Config) {
 	// Generate default hostname
 	// FIXME: the lxc template no longer needs to set a default hostname
 	if config.Hostname == "" {
 		config.Hostname = id[:12]
 	}
+}
 
-	var args []string
-	var entrypoint string
-
+func (runtime *Runtime) getEntrypointAndArgs(config *runconfig.Config) (string, []string) {
+	var (
+		entrypoint string
+		args       []string
+	)
 	if len(config.Entrypoint) != 0 {
 		entrypoint = config.Entrypoint[0]
 		args = append(config.Entrypoint[1:], config.Cmd...)
@@ -474,6 +511,21 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		entrypoint = config.Cmd[0]
 		args = config.Cmd[1:]
 	}
+	return entrypoint, args
+}
+
+func (runtime *Runtime) newContainer(name string, config *runconfig.Config, img *image.Image) (*Container, error) {
+	var (
+		id  string
+		err error
+	)
+	id, name, err = runtime.generateIdAndName(name)
+	if err != nil {
+		return nil, err
+	}
+
+	runtime.generateHostname(id, config)
+	entrypoint, args := runtime.getEntrypointAndArgs(config)
 
 	container := &Container{
 		// FIXME: we should generate the ID here instead of receiving it as an argument
@@ -490,42 +542,50 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		ExecDriver:      runtime.execDriver.Name(),
 	}
 	container.root = runtime.containerRoot(container.ID)
+	return container, nil
+}
+
+func (runtime *Runtime) createRootfs(container *Container, img *image.Image) error {
 	// Step 1: create the container directory.
 	// This doubles as a barrier to avoid race conditions.
 	if err := os.Mkdir(container.root, 0700); err != nil {
-		return nil, nil, err
+		return err
 	}
-
 	initID := fmt.Sprintf("%s-init", container.ID)
 	if err := runtime.driver.Create(initID, img.ID, ""); err != nil {
-		return nil, nil, err
+		return err
 	}
 	initPath, err := runtime.driver.Get(initID)
 	if err != nil {
-		return nil, nil, err
+		return err
 	}
 	defer runtime.driver.Put(initID)
 
 	if err := graph.SetupInitLayer(initPath); err != nil {
-		return nil, nil, err
+		return err
 	}
 
 	if err := runtime.driver.Create(container.ID, initID, ""); err != nil {
-		return nil, nil, err
+		return err
 	}
+	return nil
+}
+
+func (runtime *Runtime) setupContainerDns(container *Container, config *runconfig.Config) error {
 	resolvConf, err := utils.GetResolvConf()
 	if err != nil {
-		return nil, nil, err
+		return err
 	}
-
 	if len(config.Dns) == 0 && len(runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
 		runtime.config.Dns = DefaultDns
 	}
 
 	// If custom dns exists, then create a resolv.conf for the container
 	if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(runtime.config.DnsSearch) > 0 {
-		dns := utils.GetNameservers(resolvConf)
-		dnsSearch := utils.GetSearchDomains(resolvConf)
+		var (
+			dns       = utils.GetNameservers(resolvConf)
+			dnsSearch = utils.GetSearchDomains(resolvConf)
+		)
 		if len(config.Dns) > 0 {
 			dns = config.Dns
 		} else if len(runtime.config.Dns) > 0 {
@@ -539,33 +599,23 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
 		f, err := os.Create(container.ResolvConfPath)
 		if err != nil {
-			return nil, nil, err
+			return err
 		}
 		defer f.Close()
 		for _, dns := range dns {
 			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
-				return nil, nil, err
+				return err
 			}
 		}
 		if len(dnsSearch) > 0 {
 			if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil {
-				return nil, nil, err
+				return err
 			}
 		}
 	} else {
 		container.ResolvConfPath = "/etc/resolv.conf"
 	}
-
-	// Step 2: save the container json
-	if err := container.ToDisk(); err != nil {
-		return nil, nil, err
-	}
-
-	// Step 3: register the container
-	if err := runtime.Register(container); err != nil {
-		return nil, nil, err
-	}
-	return container, warnings, nil
+	return nil
 }
 
 // Commit creates a new filesystem image from the current state of a container.

From 30f22ee9e3ea1012ca663a0383c8c9c2330c52cc Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@dotcloud.com>
Date: Fri, 4 Apr 2014 00:57:41 +0000
Subject: [PATCH 360/384] Convert a legacy integration test to a clean v2 CLI
 integration test.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 integration-cli/docker_cli_images_test.go | 38 +++++++++++++++
 integration-cli/docker_utils.go           |  7 +++
 integration-cli/utils.go                  |  4 ++
 integration/server_test.go                | 59 -----------------------
 4 files changed, 49 insertions(+), 59 deletions(-)

diff --git a/integration-cli/docker_cli_images_test.go b/integration-cli/docker_cli_images_test.go
index 17efc6f5c4..82b70bab40 100644
--- a/integration-cli/docker_cli_images_test.go
+++ b/integration-cli/docker_cli_images_test.go
@@ -18,3 +18,41 @@ func TestImagesEnsureImageIsListed(t *testing.T) {
 
 	logDone("images - busybox should be listed")
 }
+
+func TestCLIImageTagRemove(t *testing.T) {
+	imagesBefore, _, _ := cmd(t, "images", "-a")
+	cmd(t, "tag", "busybox", "utest:tag1")
+	cmd(t, "tag", "busybox", "utest/docker:tag2")
+	cmd(t, "tag", "busybox", "utest:5000/docker:tag3")
+	{
+		imagesAfter, _, _ := cmd(t, "images", "-a")
+		if nLines(imagesAfter) != nLines(imagesBefore)+3 {
+			t.Fatalf("before: %#s\n\nafter: %#s\n", imagesBefore, imagesAfter)
+		}
+	}
+	cmd(t, "rmi", "utest/docker:tag2")
+	{
+		imagesAfter, _, _ := cmd(t, "images", "-a")
+		if nLines(imagesAfter) != nLines(imagesBefore)+2 {
+			t.Fatalf("before: %#s\n\nafter: %#s\n", imagesBefore, imagesAfter)
+		}
+
+	}
+	cmd(t, "rmi", "utest:5000/docker:tag3")
+	{
+		imagesAfter, _, _ := cmd(t, "images", "-a")
+		if nLines(imagesAfter) != nLines(imagesBefore)+1 {
+			t.Fatalf("before: %#s\n\nafter: %#s\n", imagesBefore, imagesAfter)
+		}
+
+	}
+	cmd(t, "rmi", "utest:tag1")
+	{
+		imagesAfter, _, _ := cmd(t, "images", "-a")
+		if nLines(imagesAfter) != nLines(imagesBefore)+0 {
+			t.Fatalf("before: %#s\n\nafter: %#s\n", imagesBefore, imagesAfter)
+		}
+
+	}
+	logDone("tag,rmi- tagging the same images multiple times then removing tags")
+}
diff --git a/integration-cli/docker_utils.go b/integration-cli/docker_utils.go
index 8e9d0a23ff..6da86c9753 100644
--- a/integration-cli/docker_utils.go
+++ b/integration-cli/docker_utils.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os/exec"
 	"strings"
+	"testing"
 )
 
 func deleteContainer(container string) error {
@@ -54,3 +55,9 @@ func deleteImages(images string) error {
 
 	return err
 }
+
+func cmd(t *testing.T, args ...string) (string, int, error) {
+	out, status, err := runCommandWithOutput(exec.Command(dockerBinary, args...))
+	errorOut(err, t, fmt.Sprintf("'%s' failed with errors: %v (%v)", strings.Join(args, " "), err, out))
+	return out, status, err
+}
diff --git a/integration-cli/utils.go b/integration-cli/utils.go
index 680cc6cfcf..ae7af52687 100644
--- a/integration-cli/utils.go
+++ b/integration-cli/utils.go
@@ -107,3 +107,7 @@ func errorOutOnNonNilError(err error, t *testing.T, message string) {
 		t.Fatalf(message)
 	}
 }
+
+func nLines(s string) int {
+	return strings.Count(s, "\n")
+}
diff --git a/integration/server_test.go b/integration/server_test.go
index 4ad5ec0f92..9137e8031b 100644
--- a/integration/server_test.go
+++ b/integration/server_test.go
@@ -9,65 +9,6 @@ import (
 	"time"
 )
 
-func TestImageTagImageDelete(t *testing.T) {
-	eng := NewTestEngine(t)
-	defer mkRuntimeFromEngine(eng, t).Nuke()
-
-	srv := mkServerFromEngine(eng, t)
-
-	initialImages := getAllImages(eng, t)
-	if err := eng.Job("tag", unitTestImageName, "utest", "tag1").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("tag", unitTestImageName, "utest/docker", "tag2").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := eng.Job("tag", unitTestImageName, "utest:5000/docker", "tag3").Run(); err != nil {
-		t.Fatal(err)
-	}
-
-	images := getAllImages(eng, t)
-
-	nExpected := len(initialImages.Data[0].GetList("RepoTags")) + 3
-	nActual := len(images.Data[0].GetList("RepoTags"))
-	if nExpected != nActual {
-		t.Errorf("Expected %d images, %d found", nExpected, nActual)
-	}
-
-	if err := srv.DeleteImage("utest/docker:tag2", engine.NewTable("", 0), true, false, false); err != nil {
-		t.Fatal(err)
-	}
-
-	images = getAllImages(eng, t)
-
-	nExpected = len(initialImages.Data[0].GetList("RepoTags")) + 2
-	nActual = len(images.Data[0].GetList("RepoTags"))
-	if nExpected != nActual {
-		t.Errorf("Expected %d images, %d found", nExpected, nActual)
-	}
-
-	if err := srv.DeleteImage("utest:5000/docker:tag3", engine.NewTable("", 0), true, false, false); err != nil {
-		t.Fatal(err)
-	}
-
-	images = getAllImages(eng, t)
-
-	nExpected = len(initialImages.Data[0].GetList("RepoTags")) + 1
-	nActual = len(images.Data[0].GetList("RepoTags"))
-
-	if err := srv.DeleteImage("utest:tag1", engine.NewTable("", 0), true, false, false); err != nil {
-		t.Fatal(err)
-	}
-
-	images = getAllImages(eng, t)
-
-	if images.Len() != initialImages.Len() {
-		t.Errorf("Expected %d image, %d found", initialImages.Len(), images.Len())
-	}
-}
-
 func TestCreateRm(t *testing.T) {
 	eng := NewTestEngine(t)
 	defer mkRuntimeFromEngine(eng, t).Nuke()

From ffebcb660f666e3a2a7be6b838ebd55f524d5b5d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 12:40:41 -0700
Subject: [PATCH 361/384] Move -o cli flag and DriverConfig from HostConfig
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/hostconfig.go |  2 --
 runconfig/parse.go      | 10 +---------
 runtime/container.go    |  6 +-----
 3 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 9a92258644..55a308a5b8 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -14,7 +14,6 @@ type HostConfig struct {
 	PortBindings    nat.PortMap
 	Links           []string
 	PublishAllPorts bool
-	DriverOptions   map[string][]string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -25,7 +24,6 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
-	job.GetenvJson("DriverOptions", &hostConfig.DriverOptions)
 	if Binds := job.GetenvList("Binds"); Binds != nil {
 		hostConfig.Binds = Binds
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index c93ec26ed1..3ca326fca6 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -45,7 +45,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		flDnsSearch   = opts.NewListOpts(opts.ValidateDomain)
 		flVolumesFrom opts.ListOpts
 		flLxcOpts     opts.ListOpts
-		flDriverOpts  opts.ListOpts
 		flEnvFile     opts.ListOpts
 
 		flAutoRemove      = cmd.Bool([]string{"#rm", "-rm"}, false, "Automatically remove the container when it exits (incompatible with -d)")
@@ -79,8 +78,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 	cmd.Var(&flDns, []string{"#dns", "-dns"}, "Set custom dns servers")
 	cmd.Var(&flDnsSearch, []string{"-dns-search"}, "Set custom dns search domains")
 	cmd.Var(&flVolumesFrom, []string{"#volumes-from", "-volumes-from"}, "Mount volumes from the specified container(s)")
-	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "#-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
-	cmd.Var(&flDriverOpts, []string{"o", "-opt"}, "Add custom driver options")
+	cmd.Var(&flLxcOpts, []string{"#lxc-conf", "-lxc-conf"}, "(lxc exec-driver only) Add custom lxc options --lxc-conf=\"lxc.cgroup.cpuset.cpus = 0,1\"")
 
 	if err := cmd.Parse(args); err != nil {
 		return nil, nil, cmd, err
@@ -224,11 +222,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		WorkingDir:      *flWorkingDir,
 	}
 
-	driverOptions, err := parseDriverOpts(flDriverOpts)
-	if err != nil {
-		return nil, nil, cmd, err
-	}
-
 	hostConfig := &HostConfig{
 		Binds:           binds,
 		ContainerIDFile: *flContainerIDFile,
@@ -237,7 +230,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PortBindings:    portBindings,
 		Links:           flLinks.GetAll(),
 		PublishAllPorts: *flPublishAll,
-		DriverOptions:   driverOptions,
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
diff --git a/runtime/container.go b/runtime/container.go
index bd4a6f2bea..a5a2f25c64 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -361,12 +361,8 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s
 func populateCommand(c *Container) {
 	var (
 		en           *execdriver.Network
-		driverConfig = c.hostConfig.DriverOptions
-	)
-
-	if driverConfig == nil {
 		driverConfig = make(map[string][]string)
-	}
+	)
 
 	en = &execdriver.Network{
 		Mtu:       c.runtime.config.Mtu,

From b1e98e06dc62b0d25f98ea9a2fd94e41cc1d20e2 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 13:29:24 -0700
Subject: [PATCH 362/384] Remove selinux build tag
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2de5b34171..42438e3946 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -87,7 +87,7 @@ RUN	git config --global user.email 'docker-dummy@example.com'
 
 VOLUME	/var/lib/docker
 WORKDIR	/go/src/github.com/dotcloud/docker
-ENV	DOCKER_BUILDTAGS	apparmor selinux
+ENV	DOCKER_BUILDTAGS	apparmor
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT	["hack/dind"]

From aaf018017c88a707b35115a9411e4069d9356748 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 14:09:46 -0700
Subject: [PATCH 363/384] Add more label checks for selinux enabled
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 Dockerfile                 |  2 +-
 pkg/label/label_selinux.go | 36 ++++++++++++++++++++----------------
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 42438e3946..2de5b34171 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -87,7 +87,7 @@ RUN	git config --global user.email 'docker-dummy@example.com'
 
 VOLUME	/var/lib/docker
 WORKDIR	/go/src/github.com/dotcloud/docker
-ENV	DOCKER_BUILDTAGS	apparmor
+ENV	DOCKER_BUILDTAGS	apparmor selinux
 
 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT	["hack/dind"]
diff --git a/pkg/label/label_selinux.go b/pkg/label/label_selinux.go
index d807b2b408..9f7463f79b 100644
--- a/pkg/label/label_selinux.go
+++ b/pkg/label/label_selinux.go
@@ -9,30 +9,31 @@ import (
 )
 
 func GenLabels(options string) (string, string, error) {
-	processLabel, mountLabel := selinux.GetLxcContexts()
-	if processLabel == "" { // SELinux is disabled
+	if !selinux.SelinuxEnabled() {
 		return "", "", nil
 	}
-
-	var (
-		err error
-		s   = strings.Fields(options)
-		l   = len(s)
-	)
-	if l > 0 {
-		pcon := selinux.NewContext(processLabel)
-		for i := 0; i < l; i++ {
-			o := strings.Split(s[i], "=")
-			pcon[o[0]] = o[1]
+	var err error
+	processLabel, mountLabel := selinux.GetLxcContexts()
+	if processLabel != "" {
+		var (
+			s = strings.Fields(options)
+			l = len(s)
+		)
+		if l > 0 {
+			pcon := selinux.NewContext(processLabel)
+			for i := 0; i < l; i++ {
+				o := strings.Split(s[i], "=")
+				pcon[o[0]] = o[1]
+			}
+			processLabel = pcon.Get()
+			mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
 		}
-		processLabel = pcon.Get()
-		mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
 	}
 	return processLabel, mountLabel, err
 }
 
 func FormatMountLabel(src string, mountLabel string) string {
-	if mountLabel != "" {
+	if selinux.SelinuxEnabled() && mountLabel != "" {
 		switch src {
 		case "":
 			src = fmt.Sprintf("%s,context=%s", src, mountLabel)
@@ -65,6 +66,9 @@ func SetFileLabel(path string, fileLabel string) error {
 }
 
 func GetPidCon(pid int) (string, error) {
+	if !selinux.SelinuxEnabled() {
+		return "", nil
+	}
 	return selinux.Getpidcon(pid)
 }
 

From 82f37b874ea17c5e0040f3e41dc761c88d576e33 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 14:43:50 -0700
Subject: [PATCH 364/384] Ensure that selinux is disabled by default

This also includes some portability changes so that the package can be
imported with the top level runtime.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 daemonconfig/config.go      |  2 ++
 pkg/selinux/selinux.go      | 16 ++++++----------
 pkg/selinux/selinux_test.go |  5 +----
 pkg/system/calls_linux.go   |  4 ++++
 pkg/system/unsupported.go   |  4 ++++
 runtime/runtime.go          |  4 ++++
 6 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/daemonconfig/config.go b/daemonconfig/config.go
index 1abb6f8b89..146916d79a 100644
--- a/daemonconfig/config.go
+++ b/daemonconfig/config.go
@@ -28,6 +28,7 @@ type Config struct {
 	ExecDriver                  string
 	Mtu                         int
 	DisableNetwork              bool
+	EnableSelinuxSupport        bool
 }
 
 // ConfigFromJob creates and returns a new DaemonConfig object
@@ -45,6 +46,7 @@ func ConfigFromJob(job *engine.Job) *Config {
 		InterContainerCommunication: job.GetenvBool("InterContainerCommunication"),
 		GraphDriver:                 job.Getenv("GraphDriver"),
 		ExecDriver:                  job.Getenv("ExecDriver"),
+		EnableSelinuxSupport:        false, // FIXME: hardcoded default to disable selinux for .10 release
 	}
 	if dns := job.GetenvList("Dns"); dns != nil {
 		config.Dns = dns
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 5362308617..d2d90b1b37 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -39,6 +39,11 @@ var (
 
 type SELinuxContext map[string]string
 
+// SetDisabled disables selinux support for the package
+func SetDisabled() {
+	selinuxEnabled, selinuxEnabledChecked = false, true
+}
+
 func GetSelinuxMountPoint() string {
 	if selinuxfs != "unknown" {
 		return selinuxfs
@@ -140,15 +145,6 @@ func Setfilecon(path string, scon string) error {
 	return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
 }
 
-func Getfilecon(path string) (string, error) {
-	var scon []byte
-
-	cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
-	scon = make([]byte, cnt)
-	cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
-	return string(scon), err
-}
-
 func Setfscreatecon(scon string) error {
 	return writeCon("/proc/self/attr/fscreate", scon)
 }
@@ -188,7 +184,7 @@ func writeCon(name string, val string) error {
 }
 
 func Setexeccon(scon string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
+	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
 }
 
 func (c SELinuxContext) Get() string {
diff --git a/pkg/selinux/selinux_test.go b/pkg/selinux/selinux_test.go
index 6b59c1db11..181452ae75 100644
--- a/pkg/selinux/selinux_test.go
+++ b/pkg/selinux/selinux_test.go
@@ -12,9 +12,7 @@ func testSetfilecon(t *testing.T) {
 		out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
 		out.Close()
 		err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
-		if err == nil {
-			t.Log(selinux.Getfilecon(tmp))
-		} else {
+		if err != nil {
 			t.Log("Setfilecon failed")
 			t.Fatal(err)
 		}
@@ -41,7 +39,6 @@ func TestSELinux(t *testing.T) {
 		pid := os.Getpid()
 		t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
 		t.Log(selinux.Getcon())
-		t.Log(selinux.Getfilecon("/etc/passwd"))
 		err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
 		if err == nil {
 			t.Log(selinux.Getfscreatecon())
diff --git a/pkg/system/calls_linux.go b/pkg/system/calls_linux.go
index 43c00ed554..cc4727aaa2 100644
--- a/pkg/system/calls_linux.go
+++ b/pkg/system/calls_linux.go
@@ -143,3 +143,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
 	}
 	cmd.SysProcAttr.Cloneflags = flag
 }
+
+func Gettid() int {
+	return syscall.Gettid()
+}
diff --git a/pkg/system/unsupported.go b/pkg/system/unsupported.go
index eb3ec7ee92..c52a1e5d00 100644
--- a/pkg/system/unsupported.go
+++ b/pkg/system/unsupported.go
@@ -13,3 +13,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
 func UsetCloseOnExec(fd uintptr) error {
 	return ErrNotSupportedPlatform
 }
+
+func Gettid() int {
+	return 0
+}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index d35e2d653a..864874c8e4 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -11,6 +11,7 @@ import (
 	"github.com/dotcloud/docker/image"
 	"github.com/dotcloud/docker/pkg/graphdb"
 	"github.com/dotcloud/docker/pkg/mount"
+	"github.com/dotcloud/docker/pkg/selinux"
 	"github.com/dotcloud/docker/pkg/sysinfo"
 	"github.com/dotcloud/docker/runconfig"
 	"github.com/dotcloud/docker/runtime/execdriver"
@@ -723,6 +724,9 @@ func NewRuntime(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, erro
 }
 
 func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*Runtime, error) {
+	if !config.EnableSelinuxSupport {
+		selinux.SetDisabled()
+	}
 
 	// Set the default driver
 	graphdriver.DefaultDriver = config.GraphDriver

From 028d44d12683b170704537c3435361ae8a4e74d8 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 14:59:44 -0700
Subject: [PATCH 365/384] Remove and unexport selinux functions
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/selinux/selinux.go      | 25 +++++++++----------------
 pkg/selinux/selinux_test.go |  2 --
 2 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index d2d90b1b37..edabc4f7dd 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -44,7 +44,7 @@ func SetDisabled() {
 	selinuxEnabled, selinuxEnabledChecked = false, true
 }
 
-func GetSelinuxMountPoint() string {
+func getSelinuxMountPoint() string {
 	if selinuxfs != "unknown" {
 		return selinuxfs
 	}
@@ -75,15 +75,15 @@ func SelinuxEnabled() bool {
 		return selinuxEnabled
 	}
 	selinuxEnabledChecked = true
-	if fs := GetSelinuxMountPoint(); fs != "" {
-		if con, _ := Getcon(); con != "kernel" {
+	if fs := getSelinuxMountPoint(); fs != "" {
+		if con, _ := getcon(); con != "kernel" {
 			selinuxEnabled = true
 		}
 	}
 	return selinuxEnabled
 }
 
-func ReadConfig(target string) (value string) {
+func readConfig(target string) (value string) {
 	var (
 		val, key string
 		bufin    *bufio.Reader
@@ -124,8 +124,8 @@ func ReadConfig(target string) (value string) {
 	return ""
 }
 
-func GetSELinuxPolicyRoot() string {
-	return selinuxDir + ReadConfig(selinuxTypeTag)
+func getSELinuxPolicyRoot() string {
+	return selinuxDir + readConfig(selinuxTypeTag)
 }
 
 func readCon(name string) (string, error) {
@@ -153,7 +153,7 @@ func Getfscreatecon() (string, error) {
 	return readCon("/proc/self/attr/fscreate")
 }
 
-func Getcon() (string, error) {
+func getcon() (string, error) {
 	return readCon("/proc/self/attr/current")
 }
 
@@ -220,7 +220,7 @@ func SelinuxGetEnforce() int {
 }
 
 func SelinuxGetEnforceMode() int {
-	switch ReadConfig(selinuxTag) {
+	switch readConfig(selinuxTag) {
 	case "enforcing":
 		return Enforcing
 	case "permissive":
@@ -292,13 +292,6 @@ func uniqMcs(catRange uint32) string {
 	return mcs
 }
 
-func FreeContext(con string) {
-	if con != "" {
-		scon := NewContext(con)
-		mcsDelete(scon["level"])
-	}
-}
-
 func GetLxcContexts() (processLabel string, fileLabel string) {
 	var (
 		val, key string
@@ -308,7 +301,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 	if !SelinuxEnabled() {
 		return "", ""
 	}
-	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
+	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
 	in, err := os.Open(lxcPath)
 	if err != nil {
 		return "", ""
diff --git a/pkg/selinux/selinux_test.go b/pkg/selinux/selinux_test.go
index 181452ae75..fde6ab147d 100644
--- a/pkg/selinux/selinux_test.go
+++ b/pkg/selinux/selinux_test.go
@@ -38,7 +38,6 @@ func TestSELinux(t *testing.T) {
 		t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
 		pid := os.Getpid()
 		t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
-		t.Log(selinux.Getcon())
 		err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
 		if err == nil {
 			t.Log(selinux.Getfscreatecon())
@@ -54,7 +53,6 @@ func TestSELinux(t *testing.T) {
 			t.Fatal(err)
 		}
 		t.Log(selinux.Getpidcon(1))
-		t.Log(selinux.GetSelinuxMountPoint())
 	} else {
 		t.Log("Disabled")
 	}

From da8231a26bc4532ded49f93a82e731694ee6587c Mon Sep 17 00:00:00 2001
From: William Henry <whenry@redhat.com>
Date: Fri, 4 Apr 2014 11:57:58 -0600
Subject: [PATCH 366/384] Added man pages for several docker commands.

Docker-DCO-1.1-Signed-off-by: William Henry <whenry@redhat.com> (github: ipbabble)

	new file:   contrib/man/man1/docker-attach.1
	new file:   contrib/man/man1/docker-build.1
	new file:   contrib/man/man1/docker-images.1
	new file:   contrib/man/man1/docker-info.1
	new file:   contrib/man/man1/docker-inspect.1
	new file:   contrib/man/man1/docker-rm.1
	new file:   contrib/man/man1/docker-rmi.1
	new file:   contrib/man/man1/docker-run.1
	new file:   contrib/man/man1/docker-tag.1
	new file:   contrib/man/man1/docker.1
---
 contrib/man/man1/docker-attach.1  |  56 ++++++
 contrib/man/man1/docker-build.1   |  65 +++++++
 contrib/man/man1/docker-images.1  |  84 +++++++++
 contrib/man/man1/docker-info.1    |  39 +++++
 contrib/man/man1/docker-inspect.1 | 237 +++++++++++++++++++++++++
 contrib/man/man1/docker-rm.1      |  45 +++++
 contrib/man/man1/docker-rmi.1     |  29 ++++
 contrib/man/man1/docker-run.1     | 277 ++++++++++++++++++++++++++++++
 contrib/man/man1/docker-tag.1     |  49 ++++++
 contrib/man/man1/docker.1         | 172 +++++++++++++++++++
 10 files changed, 1053 insertions(+)
 create mode 100644 contrib/man/man1/docker-attach.1
 create mode 100644 contrib/man/man1/docker-build.1
 create mode 100644 contrib/man/man1/docker-images.1
 create mode 100644 contrib/man/man1/docker-info.1
 create mode 100644 contrib/man/man1/docker-inspect.1
 create mode 100644 contrib/man/man1/docker-rm.1
 create mode 100644 contrib/man/man1/docker-rmi.1
 create mode 100644 contrib/man/man1/docker-run.1
 create mode 100644 contrib/man/man1/docker-tag.1
 create mode 100644 contrib/man/man1/docker.1

diff --git a/contrib/man/man1/docker-attach.1 b/contrib/man/man1/docker-attach.1
new file mode 100644
index 0000000000..f0879d7507
--- /dev/null
+++ b/contrib/man/man1/docker-attach.1
@@ -0,0 +1,56 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-attach.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-attach \- Attach to a running container
+.SH SYNOPSIS
+.B docker attach
+\fB--no-stdin\fR[=\fIfalse\fR] 
+\fB--sig-proxy\fR[=\fItrue\fR] 
+container
+.SH DESCRIPTION
+If you \fBdocker run\fR a container in detached mode (\fB-d\fR), you can reattach to the detached container with \fBdocker attach\fR using the container's ID or name.
+.sp
+You can detach from the container again (and leave it running) with CTRL-c (for a quiet exit) or CTRL-\ to get a stacktrace of the Docker client when it quits. When you detach from the container the exit code will be returned to the client.
+.SH "OPTIONS"
+.TP
+.B --no-stdin=\fItrue\fR|\fIfalse\fR: 
+When set to true, do not attach to stdin. The default is \fIfalse\fR.
+.TP
+.B --sig-proxy=\fItrue\fR|\fIfalse\fR: 
+When set to true, proxify all received signal to the process (even in non-tty mode). The default is \fItrue\fR.
+.sp
+.SH EXAMPLES
+.sp
+.PP
+.B Attaching to a container
+.TP
+In this example the top command is run inside a container, from an image called fedora, in detached mode. The ID from the container is passed into the \fBdocker attach\fR command:
+.sp
+.nf
+.RS
+# ID=$(sudo docker run -d fedora /usr/bin/top -b)
+# sudo docker attach $ID
+top - 02:05:52 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+Cpu(s):  0.1%us,  0.2%sy,  0.0%ni, 99.7%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+Mem:    373572k total,   355560k used,    18012k free,    27872k buffers
+Swap:   786428k total,        0k used,   786428k free,   221740k cached
+
+PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+1 root      20   0 17200 1116  912 R    0  0.3   0:00.03 top
+
+top - 02:05:55 up  3:05,  0 users,  load average: 0.01, 0.02, 0.05
+Tasks:   1 total,   1 running,   0 sleeping,   0 stopped,   0 zombie
+Cpu(s):  0.0%us,  0.2%sy,  0.0%ni, 99.8%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
+Mem:    373572k total,   355244k used,    18328k free,    27872k buffers
+Swap:   786428k total,        0k used,   786428k free,   221776k cached
+
+PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
+1 root      20   0 17208 1144  932 R    0  0.3   0:00.03 top
+.RE
+.fi
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-build.1 b/contrib/man/man1/docker-build.1
new file mode 100644
index 0000000000..6546b7be2a
--- /dev/null
+++ b/contrib/man/man1/docker-build.1
@@ -0,0 +1,65 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-build.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-build \- Build a container image from a Dockerfile source at PATH
+.SH SYNOPSIS
+.B docker build 
+[\fB--no-cache\fR[=\fIfalse\fR] 
+[\fB-q\fR|\fB--quiet\fR[=\fIfalse\fR] 
+[\fB--rm\fR[=\fitrue\fR]]
+[\fB-t\fR|\fB--tag\fR=\fItag\fR] 
+PATH | URL | -
+.SH DESCRIPTION
+This will read the Dockerfile from the directory specified in \fBPATH\fR. It also sends any other files and directories found in the current directory to the Docker daemon. The contents of this directory would be used by ADD command found within the Dockerfile. 
+Warning, this will send a lot of data to the Docker daemon if the current directory contains a lot of data.
+If the absolute path is provided instead of ‘.’, only the files and directories required by the ADD commands from the Dockerfile will be added to the context and transferred to the Docker daemon.
+.sp
+When a single Dockerfile is given as URL, then no context is set. When a Git repository is set as URL, the repository is used as context.
+.SH "OPTIONS"
+.TP
+.B -q, --quiet=\fItrue\fR|\fIfalse\fR: 
+When set to true, suppress verbose build output. Default is \fIfalse\fR.
+.TP
+.B --rm=\fItrue\fr|\fIfalse\fR:
+When true, remove intermediate containers that are created during the build process. The default is true.
+.TP
+.B -t, --tag=\fItag\fR: 
+Tag to be applied to the resulting image on successful completion of the build.
+.TP
+.B --no-cache=\fItrue\fR|\fIfalse\fR
+When set to true, do not use a cache when building the image. The default is \fIfalse\fR.
+.sp
+.SH EXAMPLES
+.sp
+.sp
+.B Building an image from current directory
+.TP
+USing a Dockerfile, Docker images are built using the build command:
+.sp
+.RS
+docker build .
+.RE
+.sp
+If, for some reasone, you do not what to remove the intermediate containers created during the build you must set--rm=false.
+.sp
+.RS
+docker build --rm=false .
+.sp
+.RE
+.sp
+A good practice is to make a subdirectory with a related name and create the Dockerfile in that directory. E.g. a directory called mongo may contain a Dockerfile for a MongoDB image, or a directory called httpd may contain an Dockerfile for an Apache web server. 
+.sp
+It is also good practice to add the files required for the image to the subdirectory. These files will be then specified with the `ADD` instruction in the Dockerfile. Note: if you include a tar file, which is good practice, then Docker will automatically extract the contents of the tar file specified in the `ADD` instruction into the specified target.  
+.sp
+.B Building an image container using a URL
+.TP
+This will clone the Github repository and use it as context. The Dockerfile at the root of the repository is used as Dockerfile. This only works if the Github repository is a dedicated repository. Note that you can specify an arbitrary Git repository by using the ‘git://’ schema. 
+.sp
+.RS
+docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-images.1 b/contrib/man/man1/docker-images.1
new file mode 100644
index 0000000000..e540ba2b79
--- /dev/null
+++ b/contrib/man/man1/docker-images.1
@@ -0,0 +1,84 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-images.1
+.\"
+.TH "DOCKER" "1" "April 2014" "0.1" "Docker"
+.SH NAME
+docker-images \- List the images in the local repository 
+.SH SYNOPSIS
+.B docker images
+[\fB-a\fR|\fB--all\fR=\fIfalse\fR] 
+[\fB--no-trunc\fR[=\fIfalse\fR] 
+[\fB-q\fR|\fB--quiet\fR[=\fIfalse\fR] 
+[\fB-t\fR|\fB--tree\fR=\fIfalse\fR] 
+[\fB-v\fR|\fB--viz\fR=\fIfalse\fR] 
+[NAME]
+.SH DESCRIPTION
+This command lists the images stored in the local Docker repository. 
+.sp
+By default, intermediate images, used during builds, are not listed. Some of the output, e.g. image ID, is truncated, for space reasons. However the truncated image ID, and often the first few characters, are enough to be used in other Docker commands that use the image ID. The output includes repository, tag, image ID, date created and the virtual size. 
+.sp
+The title REPOSITORY for the first title may seem confusing. It is essentially the image name. However, because you can tag a specific image, and multiple tags (image instances) can be associated with a single name, the name is really a repository for all tagged images of the same name. 
+.SH "OPTIONS"
+.TP
+.B -a, --all=\fItrue\fR|\fIfalse\fR: 
+When set to true, also include all intermediate images in the list. The default is false.
+.TP
+.B --no-trunc=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the full image ID and not the truncated ID. The default is false.
+.TP
+.B -q, --quiet=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the complete image ID as part of the output. The default is false.
+.TP
+.B -t, --tree=\fItrue\fR|\fIfalse\fR: 
+When set to true, list the images in a tree dependency tree (hierarchy) format. The default is false.
+.TP
+.B -v, --viz=\fItrue\fR|\fIfalse\fR
+When set to true, list the graph in graphviz format. The default is \fIfalse\fR.
+.sp
+.SH EXAMPLES
+.sp
+.B Listing the images
+.TP
+To list the images in a local repository (not the registry) run:
+.sp
+.RS
+docker images
+.RE
+.sp
+The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, IMAGE ID, CREATED, and VIRTUAL SIZE.
+.sp
+To get a verbose list of images which contains all the intermediate images used in builds use \fB-a\fR:
+.sp
+.RS
+docker images -a
+.RE
+.sp
+.B List images dependency tree hierarchy
+.TP
+To list the images in the local repository (not the registry) in a dependency tree format then use the \fB-t\fR|\fB--tree=true\fR option. 
+.sp
+.RS
+docker images -t 
+.RE
+.sp
+This displays a staggered hierarchy tree where the less indented image is the oldest with dependent image layers branching inward (to the right) on subsequent lines. The newest or top level image layer is listed last in any tree branch. 
+.sp
+.B List images in GraphViz format
+.TP
+To display the list in a format consumable by a GraphViz tools run with \fB-v\fR|\fB--viz=true\fR. For example to produce a .png graph file of the hierarchy use: 
+.sp
+.RS
+docker images --viz | dot -Tpng -o docker.png
+.sp
+.RE
+.sp
+.B Listing only the shortened image IDs
+.TP
+Listing just the shortened image IDs. This can be useful for some automated tools.
+.sp
+.RS
+docker images -q
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-info.1 b/contrib/man/man1/docker-info.1
new file mode 100644
index 0000000000..dca2600af0
--- /dev/null
+++ b/contrib/man/man1/docker-info.1
@@ -0,0 +1,39 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-info.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-info \- Display system wide information
+.SH SYNOPSIS
+.B docker info
+.SH DESCRIPTION
+This command displays system wide information regarding the Docker installation. Information displayed includes the number of containers and images, pool name, data file, metadata file, data space used, total data space, metadata space used, total metadata space, execution driver, and the kernel version.
+.sp
+The data file is where the images are stored and the metadata file is where the meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where /var/lib/docker is mounted.    
+.SH "OPTIONS"
+There are no available options.
+.sp
+.SH EXAMPLES
+.sp
+.B Display Docker system information
+.TP
+Here is a sample output:
+.sp
+.RS
+ # docker info
+ Containers: 18
+ Images: 95
+ Storage Driver: devicemapper
+  Pool Name: docker-8:1-170408448-pool
+  Data file: /var/lib/docker/devicemapper/devicemapper/data
+  Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
+  Data Space Used: 9946.3 Mb
+  Data Space Total: 102400.0 Mb
+  Metadata Space Used: 9.9 Mb
+  Metadata Space Total: 2048.0 Mb
+ Execution Driver: native-0.1
+ Kernel Version: 3.10.0-116.el7.x86_64
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-inspect.1 b/contrib/man/man1/docker-inspect.1
new file mode 100644
index 0000000000..225125e564
--- /dev/null
+++ b/contrib/man/man1/docker-inspect.1
@@ -0,0 +1,237 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-inspect.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-inspect \- Return low-level information on a container/image
+.SH SYNOPSIS
+.B docker inspect 
+[\fB-f\fR|\fB--format\fR="" 
+CONTAINER|IMAGE [CONTAINER|IMAGE...]
+.SH DESCRIPTION
+This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. 
+.SH "OPTIONS"
+.TP
+.B -f, --format="": 
+The text/template package of Go describes all the details of the format. See examples section
+.SH EXAMPLES
+.sp
+.PP
+.B Getting information on a container
+.TP
+To get information on a container use it's ID or instance name
+.sp
+.fi
+.RS
+#docker inspect 1eb5fabf5a03
+
+[{
+    "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b",
+    "Created": "2014-04-04T21:33:52.02361335Z",
+    "Path": "/usr/sbin/nginx",
+    "Args": [],
+    "Config": {
+        "Hostname": "1eb5fabf5a03",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": {
+            "80/tcp": {}
+        },
+        "Tty": true,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": [
+            "/usr/sbin/nginx"
+        ],
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "summit/nginx",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": {
+            "mount_label": "system_u:object_r:svirt_sandbox_file_t:s0:c0,c650",
+            "process_label": "system_u:system_r:svirt_lxc_net_t:s0:c0,c650"
+        }
+    },
+    "State": {
+        "Running": true,
+        "Pid": 858,
+        "ExitCode": 0,
+        "StartedAt": "2014-04-04T21:33:54.16259207Z",
+        "FinishedAt": "0001-01-01T00:00:00Z",
+        "Ghost": false
+    },
+    "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6",
+    "NetworkSettings": {
+        "IPAddress": "172.17.0.2",
+        "IPPrefixLen": 16,
+        "Gateway": "172.17.42.1",
+        "Bridge": "docker0",
+        "PortMapping": null,
+        "Ports": {
+            "80/tcp": [
+                {
+                    "HostIp": "0.0.0.0",
+                    "HostPort": "80"
+                }
+            ]
+        }
+    },
+    "ResolvConfPath": "/etc/resolv.conf",
+    "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname",
+    "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts",
+    "Name": "/ecstatic_ptolemy",
+    "Driver": "devicemapper",
+    "ExecDriver": "native-0.1",
+    "Volumes": {},
+    "VolumesRW": {},
+    "HostConfig": {
+        "Binds": null,
+        "ContainerIDFile": "",
+        "LxcConf": [],
+        "Privileged": false,
+        "PortBindings": {
+            "80/tcp": [
+                {
+                    "HostIp": "0.0.0.0",
+                    "HostPort": "80"
+                }
+            ]
+        },
+        "Links": null,
+        "PublishAllPorts": false,
+        "DriverOptions": {
+            "lxc": null
+        },
+        "CliAddress": ""
+    }
+.RE
+.nf
+.sp
+.B Getting the IP address of a container instance
+.TP
+To get the IP address of a container use:
+.sp
+.fi
+.RS
+# docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03
+
+172.17.0.2
+.RE
+.nf
+.sp
+.B Listing all port bindings
+.TP
+One can loop over arrays and maps in the results to produce simple text output:
+.sp
+.fi
+.RS
+# docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03
+
+80/tcp -> 80 
+.RE
+.nf
+.sp
+.B Getting information on an image
+.TP
+Use an image's ID or name (e.g. repository/name[:tag]) to get information on it.
+.sp
+.fi
+.RS
+docker inspect 58394af37342
+[{
+    "id": "58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9",
+    "parent": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+    "created": "2014-02-03T16:10:40.500814677Z",
+    "container": "f718f19a28a5147da49313c54620306243734bafa63c76942ef6f8c4b4113bc5",
+    "container_config": {
+        "Hostname": "88807319f25e",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": [
+            "/bin/sh",
+            "-c",
+            "#(nop) ADD fedora-20-medium.tar.xz in /"
+        ],
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": null
+    },
+    "docker_version": "0.6.3",
+    "author": "Lokesh Mandvekar \u003clsm5@redhat.com\u003e - ./buildcontainers.sh",
+    "config": {
+        "Hostname": "88807319f25e",
+        "Domainname": "",
+        "User": "",
+        "Memory": 0,
+        "MemorySwap": 0,
+        "CpuShares": 0,
+        "AttachStdin": false,
+        "AttachStdout": false,
+        "AttachStderr": false,
+        "PortSpecs": null,
+        "ExposedPorts": null,
+        "Tty": false,
+        "OpenStdin": false,
+        "StdinOnce": false,
+        "Env": [
+            "HOME=/",
+            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        ],
+        "Cmd": null,
+        "Dns": null,
+        "DnsSearch": null,
+        "Image": "8abc22fbb04266308ff408ca61cb8f6f4244a59308f7efc64e54b08b496c58db",
+        "Volumes": null,
+        "VolumesFrom": "",
+        "WorkingDir": "",
+        "Entrypoint": null,
+        "NetworkDisabled": false,
+        "OnBuild": null,
+        "Context": null
+    },
+    "architecture": "x86_64",
+    "Size": 385520098
+}]
+.RE
+.nf
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-rm.1 b/contrib/man/man1/docker-rm.1
new file mode 100644
index 0000000000..b06e014d3b
--- /dev/null
+++ b/contrib/man/man1/docker-rm.1
@@ -0,0 +1,45 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-rm.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-rm \- Remove one or more containers.
+.SH SYNOPSIS
+.B docker rm 
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+[\fB-l\fR|\fB--link\fR[=\fIfalse\fR] 
+[\fB-v\fR|\fB--volumes\fR[=\fIfalse\fR] 
+CONTAINER [CONTAINER...]
+.SH DESCRIPTION
+This will remove one or more containers from the host node. The container name or ID can be used. This does not remove images. You cannot remove a running container unless you use the \fB-f\fR option. To see all containers on a host use the \fBdocker ps -a\fR command.
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the removal of the container. The default is \fIfalse\fR.
+.TP
+.B -l, --link=\fItrue\fR|\fIfalse\fR: 
+When set to true, remove the specified link and not the underlying container. The default is \fIfalse\fR.
+.TP
+.B -v, --volumes=\fItrue\fR|\fIfalse\fR: 
+When set to true, remove the volumes associated to the container. The default is \fIfalse\fR.
+.SH EXAMPLES
+.sp
+.PP
+.B Removing a container using its ID
+.TP
+To remove a container using its ID, find either from a \fBdocker ps -a\fR command, or use the ID returned from the \fBdocker run\fR command, or retrieve it from a file used to store it using the \fBdocker run --cidfile\fR:
+.sp
+.RS
+docker rm abebf7571666
+.RE
+.sp
+.B Removing a container using the container name:
+.TP
+The name of the container can be found using the \fBdocker ps -a\fR command. The use that name as follows:
+.sp
+.RS
+docker rm hopeful_morse
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-rmi.1 b/contrib/man/man1/docker-rmi.1
new file mode 100644
index 0000000000..6f33446ecd
--- /dev/null
+++ b/contrib/man/man1/docker-rmi.1
@@ -0,0 +1,29 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-run.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-rmi \- Remove one or more images.
+.SH SYNOPSIS
+.B docker rmi
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+IMAGE [IMAGE...]
+.SH DESCRIPTION
+This will remove one or more images from the host node. This does not remove images from a registry. You cannot remove an image of a running container unless you use the \fB-f\fR option. To see all images on a host use the \fBdocker images\fR command.
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the removal of the image. The default is \fIfalse\fR.
+.SH EXAMPLES
+.sp
+.PP
+.B Removing an image
+.TP
+Here is an example of removing and image:
+.sp
+.RS
+docker rmi fedora/httpd
+.RE
+.sp
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-run.1 b/contrib/man/man1/docker-run.1
new file mode 100644
index 0000000000..fd449374e3
--- /dev/null
+++ b/contrib/man/man1/docker-run.1
@@ -0,0 +1,277 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-run.1
+.\"
+.TH "DOCKER" "1" "MARCH 2014" "0.1" "Docker"
+.SH NAME
+docker-run \- Run a process in an isolated container
+.SH SYNOPSIS
+.B docker run 
+[\fB-a\fR|\fB--attach\fR[=]] [\fB-c\fR|\fB--cpu-shares\fR[=0] [\fB-m\fR|\fB--memory\fR=\fImemory-limit\fR]
+[\fB--cidfile\fR=\fIfile\fR] [\fB-d\fR|\fB--detach\fR[=\fIfalse\fR]] [\fB--dns\fR=\fIIP-address\fR]
+[\fB--name\fR=\fIname\fR] [\fB-u\fR|\fB--user\fR=\fIusername\fR|\fIuid\fR]
+[\fB--link\fR=\fIname\fR:\fIalias\fR] 
+[\fB-e\fR|\fB--env\fR=\fIenvironment\fR] [\fB--entrypoint\fR=\fIcommand\fR] 
+[\fB--expose\fR=\fIport\fR] [\fB-P\fR|\fB--publish-all\fR[=\fIfalse\fR]]
+[\fB-p\fR|\fB--publish\fR=\fIport-mappping\fR] [\fB-h\fR|\fB--hostname\fR=\fIhostname\fR]
+[\fB--rm\fR[=\fIfalse\fR]] [\fB--priviledged\fR[=\fIfalse\fR]
+[\fB-i\fR|\fB--interactive\fR[=\fIfalse\fR] 
+[\fB-t\fR|\fB--tty\fR[=\fIfalse\fR]] [\fB--lxc-conf\fR=\fIoptions\fR]
+[\fB-n\fR|\fB--networking\fR[=\fItrue\fR]]
+[\fB-v\fR|\fB--volume\fR=\fIvolume\fR] [\fB--volumes-from\fR=\fIcontainer-id\fR]
+[\fB-w\fR|\fB--workdir\fR=\fIdirectory\fR] [\fB--sig-proxy\fR[=\fItrue\fR]]
+IMAGE [COMMAND] [ARG...]
+.SH DESCRIPTION
+.PP
+Run a process in a new container. \fBdocker run\fR starts a process with its own file system, its own networking, and its own isolated process tree. The \fIIMAGE\fR which starts the process may define defaults related to the process that will be run in the container, the networking to expose, and more, but \fBdocker run\fR gives final control to the operator or administrator who starts the container from the image. For that reason \fBdocker run\fR has more options than any other docker command.
+
+If the \fIIMAGE\fR is not already loaded then \fBdocker run\fR will pull the \fIIMAGE\fR, and all image dependencies, from the repository in the same way running \fBdocker pull\fR \fIIMAGE\fR, before it starts the container from that image.
+
+
+.SH "OPTIONS"
+
+.TP
+.B  -a, --attach=\fIstdin\fR|\fIstdout\fR|\fIstderr\fR: 
+Attach to stdin, stdout or stderr. In foreground mode (the default when -d is not specified), \fBdocker run\fR can start the process in the container and attach the console to the process’s standard input, output, and standard error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. The \fB-a\fR option can be set for each of stdin, stdout, and stderr.  
+
+.TP
+.B  -c, --cpu-shares=0: 
+CPU shares in relative weight. You can increase the priority of a container with the -c option. By default, all containers run at the same priority and get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via \fBdocker run\fR.
+
+.TP
+.B -m, --memory=\fImemory-limit\fR: 
+Allows you to constrain the memory available to a container. If the host supports swap memory, then the -m memory setting can be larger than physical RAM. The memory limit format: <number><optional unit>, where unit = b, k, m or g.
+
+.TP
+.B --cidfile=\fIfile\fR: 
+Write the container ID to the file specified.
+
+.TP
+.B  -d, --detach=\fItrue\fR|\fIfalse\fR: 
+Detached mode. This runs the container in the background. It outputs the new container's id and and error messages. At any time you can run \fBdocker ps\fR in the other shell to view a list of the running containers. You can reattach to a detached container with \fBdocker attach\fR. If you choose to run a container in the detached mode, then you cannot use the -rm option.
+
+.TP
+.B --dns=\fIIP-address\fR: 
+Set custom DNS servers. This option can be used to override the DNS configuration passed to the container. Typically this is necessary when the host DNS configuration is invalid for the container (eg. 127.0.0.1). When this is the case the \fB-dns\fR flags is necessary for every run.
+
+.TP
+.B  -e, --env=\fIenvironment\fR: 
+Set environment variables. This option allows you to specify arbitrary environment variables that are available for the process that will be launched inside of the container. 
+
+.TP
+.B --entrypoint=\ficommand\fR: 
+This option allows you to overwrite the default entrypoint of the image that is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND because it specifies what executable to run when the container starts, but it is (purposely) more difficult to override. The ENTRYPOINT gives a container its default nature or behavior, so that when you set an ENTRYPOINT you can run the container as if it were that binary, complete with default options, and you can pass in more options via the COMMAND. But, sometimes an operator may want to run something else inside the container, so you can override the default ENTRYPOINT at runtime by using a \fB--entrypoint\fR and a string to specify the new ENTRYPOINT. 
+
+.TP
+.B --expose=\fIport\fR: 
+Expose a port from the container without publishing it to your host. A containers port can be exposed to other containers in three ways: 1) The developer can expose the port using the EXPOSE parameter of the Dockerfile, 2) the operator can use the \fB--expose\fR option with \fBdocker run\fR, or 3) the container can be started with the \fB--link\fR.
+
+.TP
+.B  -P, --publish-all=\fItrue\fR|\fIfalse\fR: 
+When set to true publish all exposed ports to the host interfaces. The default is false. If the operator uses -P (or -p) then Docker will make the exposed port accessible on the host and the ports will be available to any client that can reach the host. To find the map between the host ports and the exposed ports, use \fBdocker port\fR. 
+
+.TP
+.B -p, --publish=[]: 
+Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)
+
+.TP
+.B -h , --hostname=\fIhostname\fR: 
+Sets the container host name that is available inside the container.
+  
+.TP
+.B -i , --interactive=\fItrue\fR|\fIfalse\fR: 
+When set to true, keep stdin open even if not attached. The default is false.
+
+.TP
+.B --link=\fIname\fR:\fIalias\fR: 
+Add link to another container. The format is name:alias. If the operator uses \fB--link\fR when starting the new client container, then the client container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. 
+
+.TP
+.B -n, --networking=\fItrue\fR|\fIfalse\fR: 
+By default, all containers have networking enabled (true) and can make outgoing connections. The operator can disable networking with \fB--networking\fR to false. This disables all incoming and outgoing networking. In cases like this, I/O can only be performed through files or by using STDIN/STDOUT.
+
+Also by default, the container will use the same DNS servers as the host. but you canThe operator may override this with \fB-dns\fR. 
+
+.TP
+.B  --name=\fIname\fR: 
+Assign a name to the container. The operator can identify a container in three ways:
+.sp
+.nf
+UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”)
+UUID short identifier (“f78375b1c487”)
+Name (“jonah”)
+.fi
+.sp
+The UUID identifiers come from the Docker daemon, and if a name is not assigned to the container with \fB--name\fR then the daemon will also generate a random string name. The name is useful when defining links (see \fB--link\fR) (or any other place you need to identify a container). This works for both background and foreground Docker containers.
+
+.TP
+.B --privileged=\fItrue\fR|\fIfalse\fR: 
+Give extended privileges to this container. By default, Docker containers are “unprivileged” (=false) and cannot, for example, run a Docker daemon inside the Docker container. This is because by default a container is not allowed to access any devices. A “privileged” container is given access to all devices.
+
+When the operator executes \fBdocker run -privileged\fR, Docker will enable access to all devices on the host as well as set some configuration in AppArmor (\fB???\fR) to allow the container nearly all the same access to the host as processes running outside of a container on the host.
+
+.TP
+.B --rm=\fItrue\fR|\fIfalse\fR: 
+If set to \fItrue\fR the container is automatically removed when it exits. The default is \fIfalse\fR. This option is incompatible with \fB-d\fR.
+
+.TP
+.B --sig-proxy=\fItrue\fR|\fIfalse\fR: 
+When set to true, proxify all received signals to the process (even in non-tty mode). The default is true.
+  
+.TP
+.B -t, --tty=\fItrue\fR|\fIfalse\fR: 
+When set to true Docker can allocate a pseudo-tty and attach to the standard input of any container. This can be used, for example, to run a throwaway interactive shell. The default is value is false.
+
+.TP
+.B -u, --user=\fIusername\fR,\fRuid\fR: 
+Set a username or UID for the container.
+
+.TP
+.B -v, --volume=\fIvolume\fR: 
+Bind mount a volume to the container. The \fB-v\fR option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the \fB--volumes-from\fR option. See examples.
+
+.TP
+.B --volumes-from=\fIcontainer-id\fR: 
+Will mount volumes from the specified container identified by container-id. Once a volume is mounted in a one container it can be shared with other containers using the \fB--volumes-from\fR option when running those other containers. The volumes can be shared even if the original container with the mount is not running. 
+
+.TP
+.B -w, --workdir=\fIdirectory\fR: 
+Working directory inside the container. The default working directory for running binaries within a container is the root directory (/). The developer can set a different default with the Dockerfile WORKDIR instruction. The operator can override the working directory by using the \fB-w\fR option. 
+
+.TP
+.B IMAGE: 
+The image name or ID.
+
+.TP
+.B COMMAND: 
+The command or program to run inside the image.
+
+.TP
+.B ARG: 
+The arguments for the command to be run in the container.
+
+.SH EXAMPLES
+.sp
+.sp
+.B Exposing log messages from the container to the host's log
+.TP
+If you want messages that are logged in your container to show up in the host's syslog/journal then you should bind mount the /var/log directory as follows.
+.sp
+.RS
+docker run -v /dev/log:/dev/log -i -t fedora /bin/bash
+.RE
+.sp
+From inside the container you can test this by sending a message to the log.
+.sp
+.RS
+logger "Hello from my container"
+.sp
+.RE
+Then exit and check the journal.
+.RS
+.sp
+exit
+.sp
+journalctl -b | grep hello
+.RE
+.sp
+This should list the message sent to logger.
+.sp
+.B Attaching to one or more from STDIN, STDOUT, STDERR
+.TP
+If you do not specify -a then Docker will attach everything (stdin,stdout,stderr). You can specify to which of the three standard streams (stdin, stdout, stderr) you’d like to connect instead, as in:
+.sp
+.RS
+docker run -a stdin -a stdout -i -t fedora /bin/bash
+.RE
+.sp
+.B Linking Containers
+.TP
+The link feature allows multiple containers to communicate with each other. For example, a container whose Dockerfile has exposed port 80 can be run and named as follows: 
+.sp
+.RS
+docker run --name=link-test -d -i -t fedora/httpd
+.RE
+.sp
+.TP
+A second container, in this case called linker, can communicate with the httpd container, named link-test, by running with the \fB--link=<name>:<alias>\fR
+.sp
+.RS
+docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash
+.RE
+.sp
+.TP
+Now the container linker is linked to container link-test with the alias lt. Running the \fBenv\fR command in the linker container shows environment variables with the LT (alias) context (\fBLT_\fR)
+.sp
+.nf
+.RS
+# env
+HOSTNAME=668231cb0978
+TERM=xterm
+LT_PORT_80_TCP=tcp://172.17.0.3:80
+LT_PORT_80_TCP_PORT=80
+LT_PORT_80_TCP_PROTO=tcp
+LT_PORT=tcp://172.17.0.3:80
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+PWD=/
+LT_NAME=/linker/lt
+SHLVL=1
+HOME=/
+LT_PORT_80_TCP_ADDR=172.17.0.3
+_=/usr/bin/env
+.RE
+.fi
+.sp
+.TP 
+When linking two containers Docker will use the exposed ports of the container to create a secure tunnel for the parent to access. 
+.TP
+.sp
+.B Mapping Ports for External Usage
+.TP
+The exposed port of an application can be mapped to a host port using the \fB-p\fR flag. For example a httpd port 80 can be mapped to the host port 8080 using the following:
+.sp
+.RS
+docker run -p 8080:80 -d -i -t fedora/httpd
+.RE
+.sp
+.TP
+.B Creating and Mounting a Data Volume Container
+.TP
+Many applications require the sharing of persistent data across several containers. Docker allows you to create a Data Volume Container that other containers can mount from. For example, create a named container that contains directories /var/volume1 and /tmp/volume2. The image will need to contain these directories so a couple of RUN mkdir instructions might be required for you fedora-data image: 
+.sp
+.RS
+docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true
+.sp
+docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash
+.RE
+.sp
+.TP
+Multiple -volumes-from parameters will bring together multiple data volumes from multiple containers. And it's possible to mount the volumes that came from the DATA container in yet another container via the fedora-container1 intermidiery container, allowing to abstract the actual data source from users of that data:
+.sp
+.RS
+docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash
+.RE
+.TP
+.sp
+.B Mounting External Volumes
+.TP
+To mount a host directory as a container volume, specify the absolute path to the directory and the absolute path for the container directory separated by a colon:  
+.sp
+.RS
+docker run -v /var/db:/data1 -i -t fedora bash
+.RE
+.sp
+.TP
+When using SELinux, be aware that the host has no knowledge of container SELinux policy. Therefore, in the above example, if SELinux policy is enforced, the /var/db directory is not writable to the container. A "Permission Denied" message will occur and an avc: message in the host's syslog. 
+.sp
+.TP
+To work around this, at time of writing this man page, the following command needs to be run in order for the proper SELinux policy type label to be attached to the host directory:  
+.sp
+.RS
+chcon -Rt svirt_sandbox_file_t /var/db
+.RE
+.sp
+.TP
+Now, writing to the /data1 volume in the container will be allowed and the changes will also be reflected on the host in /var/db.
+.sp 
+.SH HISTORY
+March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker-tag.1 b/contrib/man/man1/docker-tag.1
new file mode 100644
index 0000000000..df85a1e8c1
--- /dev/null
+++ b/contrib/man/man1/docker-tag.1
@@ -0,0 +1,49 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker-tag.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker-tag \- Tag an image in the repository
+.SH SYNOPSIS
+.B docker tag 
+[\fB-f\fR|\fB--force\fR[=\fIfalse\fR] 
+\fBIMAGE\fR [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+.SH DESCRIPTION
+This will tag an image in the repository. 
+.SH "OPTIONS"
+.TP
+.B -f, --force=\fItrue\fR|\fIfalse\fR: 
+When set to true, force the tag name. The default is \fIfalse\fR.
+.TP
+.B REGISTRYHOST:
+The hostname of the registry if required. This may also include the port separated by a ':'
+.TP
+.B USERNAME:
+The username or other qualifying identifier for the image.
+.TP
+.B NAME:
+The image name. 
+.TP
+.B TAG:
+The tag you are assigning to the image.
+.SH EXAMPLES
+.sp
+.PP
+.B Tagging an image
+.TP
+Here is an example where an image is tagged  with the tag 'Version-1.0' :
+.sp
+.RS
+docker tag 0e5574283393 fedora/httpd:Version-1.0
+.RE
+.sp
+.B Tagging an image for an internal repository
+.TP
+To push an image to an internal Registry and not the default docker.io based registry you must tag it with the registry hostname and port (if needed).
+.sp
+.RS
+docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0
+.RE
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.
diff --git a/contrib/man/man1/docker.1 b/contrib/man/man1/docker.1
new file mode 100644
index 0000000000..4a36e5baf5
--- /dev/null
+++ b/contrib/man/man1/docker.1
@@ -0,0 +1,172 @@
+.\" Process this file with
+.\" nroff -man -Tascii docker.1
+.\"
+.TH "DOCKER" "1" "APRIL 2014" "0.1" "Docker"
+.SH NAME
+docker \- Docker image and container command line interface
+.SH SYNOPSIS
+.B docker [OPTIONS] [COMMAND] [arg...]
+.SH DESCRIPTION
+\fBdocker\fR has two distinct functions. It is used for starting the Docker daemon and to run the CLI (i.e., to command the daemon to manage images, containers etc.) So \fBdocker\fR is both a server as deamon and a client to the daemon through the CLI.
+.sp
+To run the Docker deamon you do not specify any of the commands listed below but must specify the \fB-d\fR option.  The other options listed below are for the daemon only.
+.sp
+The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguements. 
+.sp
+To see the man page for a command run \fBman docker <command>\fR.
+.SH "OPTIONS"
+.B \-D=false: 
+Enable debug mode
+.TP
+.B\-H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or unix://[/path/to/socket] to use. 
+When host=[0.0.0.0], port=[4243] or path
+=[/var/run/docker.sock] is omitted, default values are used.
+.TP
+.B \-\-api-enable-cors=false
+Enable CORS headers in the remote API
+.TP
+.B \-b=""
+Attach containers to a pre\-existing network bridge; use 'none' to disable container networking
+.TP
+.B \-\-bip=""
+Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b
+.TP
+.B \-d=false
+Enable daemon mode
+.TP
+.B \-\-dns=""
+Force Docker to use specific DNS servers
+.TP
+.B \-g="/var/lib/docker"
+Path to use as the root of the Docker runtime
+.TP
+.B \-\-icc=true
+Enable inter\-container communication
+.TP
+.B \-\-ip="0.0.0.0"
+Default IP address to use when binding container ports
+.TP
+.B \-\-iptables=true
+Disable Docker's addition of iptables rules
+.TP
+.B \-\-mtu=1500
+Set the containers network mtu
+.TP
+.B \-p="/var/run/docker.pid"
+Path to use for daemon PID file
+.TP
+.B \-r=true
+Restart previously running containers
+.TP
+.B \-s=""
+Force the Docker runtime to use a specific storage driver
+.TP
+.B \-v=false
+Print version information and quit
+.SH "COMMANDS"
+.TP
+.B attach 
+Attach to a running container
+.TP
+.B build 
+Build a container from a Dockerfile
+.TP
+.B commit 
+Create a new image from a container's changes
+.TP
+.B cp 
+Copy files/folders from the containers filesystem to the host at path
+.TP
+.B diff 
+Inspect changes on a container's filesystem
+    
+.TP
+.B events
+Get real time events from the server
+.TP
+.B export 
+Stream the contents of a container as a tar archive
+.TP
+.B history
+Show the history of an image
+.TP
+.B images
+List images
+.TP
+.B import 
+Create a new filesystem image from the contents of a tarball
+.TP
+.B info 
+Display system-wide information
+.TP
+.B insert 
+Insert a file in an image
+.TP
+.B inspect  
+Return low-level information on a container
+.TP
+.B kill 
+Kill a running container (which includes the wrapper process and everything inside it) 
+.TP
+.B load 
+Load an image from a tar archive
+.TP
+.B login 
+Register or Login to a Docker registry server
+.TP
+.B logs 
+Fetch the logs of a container
+.TP
+.B port 
+Lookup the public-facing port which is NAT-ed to PRIVATE_PORT
+.TP
+.B ps 
+List containers
+.TP
+.B pull 
+Pull an image or a repository from a Docker registry server
+.TP
+.B push 
+Push an image or a repository to a Docker registry server
+.TP
+.B restart 
+Restart a running container
+.TP
+.B rm 
+Remove one or more containers
+.TP
+.B rmi 
+Remove one or more images
+.TP
+.B run 
+Run a command in a new container
+.TP
+.B save 
+Save an image to a tar archive
+.TP
+.B search 
+Search for an image in the Docker index
+.TP
+.B start 
+Start a stopped container
+.TP
+.B stop 
+Stop a running container
+.TP
+.B tag 
+Tag an image into a repository
+.TP
+.B top 
+Lookup the running processes of a container
+.TP
+.B version
+Show the Docker version information
+.TP
+.B wait 
+Block until a container stops, then print its exit code
+.SH EXAMPLES
+.sp
+For specific examples please see the man page for the specific Docker command.
+.sp
+.SH HISTORY
+April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on dockier.io source material and internal work.

From b6042f252dd8a0c7a75da481b667f89c2e4ab071 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 18:23:22 -0700
Subject: [PATCH 367/384] Ensure that ro mounts are remounted
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 integration-cli/docker_cli_run_test.go | 11 +++++++++++
 pkg/libcontainer/nsinit/mount.go       | 11 +++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index fbb09737fc..d085574741 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -301,3 +301,14 @@ func TestDockerRunWithRelativePath(t *testing.T) {
 
 	logDone("run - volume with relative path")
 }
+
+func TestVolumesMountedAsReadonly(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "-v", "/test:/test:ro", "busybox", "touch", "/test/somefile")
+	if code, err := runCommand(cmd); err == nil || code == 0 {
+		t.Fatalf("run should fail because volume is ro: exit code %d", code)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volumes as readonly mount")
+}
diff --git a/pkg/libcontainer/nsinit/mount.go b/pkg/libcontainer/nsinit/mount.go
index 4b5a42b1ac..3b0cf13bc9 100644
--- a/pkg/libcontainer/nsinit/mount.go
+++ b/pkg/libcontainer/nsinit/mount.go
@@ -37,14 +37,21 @@ func setupNewMountNamespace(rootfs string, bindMounts []libcontainer.Mount, cons
 	}
 
 	for _, m := range bindMounts {
-		flags := syscall.MS_BIND | syscall.MS_REC
+		var (
+			flags = syscall.MS_BIND | syscall.MS_REC
+			dest  = filepath.Join(rootfs, m.Destination)
+		)
 		if !m.Writable {
 			flags = flags | syscall.MS_RDONLY
 		}
-		dest := filepath.Join(rootfs, m.Destination)
 		if err := system.Mount(m.Source, dest, "bind", uintptr(flags), ""); err != nil {
 			return fmt.Errorf("mounting %s into %s %s", m.Source, dest, err)
 		}
+		if !m.Writable {
+			if err := system.Mount(m.Source, dest, "bind", uintptr(flags|syscall.MS_REMOUNT), ""); err != nil {
+				return fmt.Errorf("remounting %s into %s %s", m.Source, dest, err)
+			}
+		}
 		if m.Private {
 			if err := system.Mount("", dest, "none", uintptr(syscall.MS_PRIVATE), ""); err != nil {
 				return fmt.Errorf("mounting %s private %s", dest, err)

From 9c4d10b9a91b9f11794ceb094331496c733410bb Mon Sep 17 00:00:00 2001
From: Dan Stine <sw@stinemail.com>
Date: Mon, 7 Apr 2014 22:09:15 -0400
Subject: [PATCH 368/384] fixed three more typos

---
 pkg/libcontainer/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/libcontainer/README.md b/pkg/libcontainer/README.md
index 3bf79549e3..d6d0fbae44 100644
--- a/pkg/libcontainer/README.md
+++ b/pkg/libcontainer/README.md
@@ -3,7 +3,7 @@
 #### background
 
 libcontainer specifies configuration options for what a container is.  It provides a native Go implementation 
-for using linux namespaces with no external dependencies.  libcontainer provides many convenience functions for working with namespaces, networking, and management.  
+for using Linux namespaces with no external dependencies.  libcontainer provides many convenience functions for working with namespaces, networking, and management.  
 
 
 #### container
@@ -91,7 +91,7 @@ Sample `container.json` file:
 ```
 
 Using this configuration and the current directory holding the rootfs for a process, one can use libcontainer to exec the container. Running the life of the namespace, a `pid` file 
-is written to the current directory with the pid of the namespaced process to the external world.  A client can use this pid to wait, kill, or perform other operation with the container.  If a user tries to run a new process inside an existing container with a live namespace the namespace will be joined by the new process.
+is written to the current directory with the pid of the namespaced process to the external world.  A client can use this pid to wait, kill, or perform other operation with the container.  If a user tries to run a new process inside an existing container with a live namespace, the namespace will be joined by the new process.
 
 
 You may also specify an alternate root place where the `container.json` file is read and where the `pid` file will be saved.
@@ -99,7 +99,7 @@ You may also specify an alternate root place where the `container.json` file is
 #### nsinit
 
 `nsinit` is a cli application used as the reference implementation of libcontainer.  It is able to 
-spawn or join new containers giving the current directory.  To use `nsinit` cd into a linux 
+spawn or join new containers giving the current directory.  To use `nsinit` cd into a Linux 
 rootfs and copy a `container.json` file into the directory with your specified configuration.
 
 To execute `/bin/bash` in the current directory as a container just run:

From 919dbbe44df0722ca35538223a9c89e71856ec88 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 19:12:22 -0700
Subject: [PATCH 369/384] Move DNS options to hostconfig

The local resolver warning needed to be moved at daemon start because it
was only show for the first container started anyways before having a
default value set.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 runconfig/compare.go     | 12 --------
 runconfig/config.go      |  8 -----
 runconfig/config_test.go | 41 -------------------------
 runconfig/hostconfig.go  |  9 +++++-
 runconfig/merge.go       | 19 ------------
 runconfig/parse.go       |  4 +--
 runtime/container.go     | 53 ++++++++++++++++++++++++++++++++
 runtime/runtime.go       | 66 ++++++++++------------------------------
 server/server.go         |  9 ------
 9 files changed, 79 insertions(+), 142 deletions(-)

diff --git a/runconfig/compare.go b/runconfig/compare.go
index 6ed7405246..122687f669 100644
--- a/runconfig/compare.go
+++ b/runconfig/compare.go
@@ -19,8 +19,6 @@ func Compare(a, b *Config) bool {
 		return false
 	}
 	if len(a.Cmd) != len(b.Cmd) ||
-		len(a.Dns) != len(b.Dns) ||
-		len(a.DnsSearch) != len(b.DnsSearch) ||
 		len(a.Env) != len(b.Env) ||
 		len(a.PortSpecs) != len(b.PortSpecs) ||
 		len(a.ExposedPorts) != len(b.ExposedPorts) ||
@@ -34,16 +32,6 @@ func Compare(a, b *Config) bool {
 			return false
 		}
 	}
-	for i := 0; i < len(a.Dns); i++ {
-		if a.Dns[i] != b.Dns[i] {
-			return false
-		}
-	}
-	for i := 0; i < len(a.DnsSearch); i++ {
-		if a.DnsSearch[i] != b.DnsSearch[i] {
-			return false
-		}
-	}
 	for i := 0; i < len(a.Env); i++ {
 		if a.Env[i] != b.Env[i] {
 			return false
diff --git a/runconfig/config.go b/runconfig/config.go
index 4b334c6848..9db545976b 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -25,8 +25,6 @@ type Config struct {
 	StdinOnce       bool // If true, close stdin after the 1 attached client disconnects.
 	Env             []string
 	Cmd             []string
-	Dns             []string
-	DnsSearch       []string
 	Image           string // Name of the image as it was passed by the operator (eg. could be symbolic)
 	Volumes         map[string]struct{}
 	VolumesFrom     string
@@ -66,12 +64,6 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 	if Cmd := job.GetenvList("Cmd"); Cmd != nil {
 		config.Cmd = Cmd
 	}
-	if Dns := job.GetenvList("Dns"); Dns != nil {
-		config.Dns = Dns
-	}
-	if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
-		config.DnsSearch = DnsSearch
-	}
 	if Entrypoint := job.GetenvList("Entrypoint"); Entrypoint != nil {
 		config.Entrypoint = Entrypoint
 	}
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index 784341b08c..d5ab75b3b9 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -163,32 +163,18 @@ func TestCompare(t *testing.T) {
 	volumes1 := make(map[string]struct{})
 	volumes1["/test1"] = struct{}{}
 	config1 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		DnsSearch:   []string{"foo", "bar"},
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	config2 := Config{
-		Dns:         []string{"0.0.0.0", "2.2.2.2"},
-		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"1111:1111", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
 		Volumes:     volumes1,
 	}
 	config3 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
 		Volumes:     volumes1,
 	}
 	config4 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "22222222",
@@ -197,24 +183,11 @@ func TestCompare(t *testing.T) {
 	volumes2 := make(map[string]struct{})
 	volumes2["/test2"] = struct{}{}
 	config5 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		DnsSearch:   []string{"foo", "bar"},
 		PortSpecs:   []string{"0000:0000", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "11111111",
 		Volumes:     volumes2,
 	}
-	config6 := Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
-		DnsSearch:   []string{"foos", "bars"},
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	if Compare(&config1, &config2) {
-		t.Fatalf("Compare should return false, Dns are different")
-	}
 	if Compare(&config1, &config3) {
 		t.Fatalf("Compare should return false, PortSpecs are different")
 	}
@@ -224,9 +197,6 @@ func TestCompare(t *testing.T) {
 	if Compare(&config1, &config5) {
 		t.Fatalf("Compare should return false, Volumes are different")
 	}
-	if Compare(&config1, &config6) {
-		t.Fatalf("Compare should return false, DnsSearch are different")
-	}
 	if !Compare(&config1, &config1) {
 		t.Fatalf("Compare should return true")
 	}
@@ -237,7 +207,6 @@ func TestMerge(t *testing.T) {
 	volumesImage["/test1"] = struct{}{}
 	volumesImage["/test2"] = struct{}{}
 	configImage := &Config{
-		Dns:         []string{"1.1.1.1", "2.2.2.2"},
 		PortSpecs:   []string{"1111:1111", "2222:2222"},
 		Env:         []string{"VAR1=1", "VAR2=2"},
 		VolumesFrom: "1111",
@@ -247,7 +216,6 @@ func TestMerge(t *testing.T) {
 	volumesUser := make(map[string]struct{})
 	volumesUser["/test3"] = struct{}{}
 	configUser := &Config{
-		Dns:       []string{"2.2.2.2", "3.3.3.3"},
 		PortSpecs: []string{"3333:2222", "3333:3333"},
 		Env:       []string{"VAR2=3", "VAR3=3"},
 		Volumes:   volumesUser,
@@ -257,15 +225,6 @@ func TestMerge(t *testing.T) {
 		t.Error(err)
 	}
 
-	if len(configUser.Dns) != 3 {
-		t.Fatalf("Expected 3 dns, 1.1.1.1, 2.2.2.2 and 3.3.3.3, found %d", len(configUser.Dns))
-	}
-	for _, dns := range configUser.Dns {
-		if dns != "1.1.1.1" && dns != "2.2.2.2" && dns != "3.3.3.3" {
-			t.Fatalf("Expected 1.1.1.1 or 2.2.2.2 or 3.3.3.3, found %s", dns)
-		}
-	}
-
 	if len(configUser.ExposedPorts) != 3 {
 		t.Fatalf("Expected 3 ExposedPorts, 1111, 2222 and 3333, found %d", len(configUser.ExposedPorts))
 	}
diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 55a308a5b8..5c5e291bad 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -14,6 +14,8 @@ type HostConfig struct {
 	PortBindings    nat.PortMap
 	Links           []string
 	PublishAllPorts bool
+	Dns             []string
+	DnsSearch       []string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -30,6 +32,11 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	if Links := job.GetenvList("Links"); Links != nil {
 		hostConfig.Links = Links
 	}
-
+	if Dns := job.GetenvList("Dns"); Dns != nil {
+		hostConfig.Dns = Dns
+	}
+	if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
+		hostConfig.DnsSearch = DnsSearch
+	}
 	return hostConfig
 }
diff --git a/runconfig/merge.go b/runconfig/merge.go
index a154d4caf5..7a089855b2 100644
--- a/runconfig/merge.go
+++ b/runconfig/merge.go
@@ -94,25 +94,6 @@ func Merge(userConf, imageConf *Config) error {
 	if userConf.Cmd == nil || len(userConf.Cmd) == 0 {
 		userConf.Cmd = imageConf.Cmd
 	}
-	if userConf.Dns == nil || len(userConf.Dns) == 0 {
-		userConf.Dns = imageConf.Dns
-	} else {
-		dnsSet := make(map[string]struct{}, len(userConf.Dns))
-		for _, dns := range userConf.Dns {
-			dnsSet[dns] = struct{}{}
-		}
-		for _, dns := range imageConf.Dns {
-			if _, exists := dnsSet[dns]; !exists {
-				userConf.Dns = append(userConf.Dns, dns)
-			}
-		}
-	}
-	if userConf.DnsSearch == nil || len(userConf.DnsSearch) == 0 {
-		userConf.DnsSearch = imageConf.DnsSearch
-	} else {
-		//duplicates aren't an issue here
-		userConf.DnsSearch = append(userConf.DnsSearch, imageConf.DnsSearch...)
-	}
 	if userConf.Entrypoint == nil || len(userConf.Entrypoint) == 0 {
 		userConf.Entrypoint = imageConf.Entrypoint
 	}
diff --git a/runconfig/parse.go b/runconfig/parse.go
index 3ca326fca6..58d6c9ebb9 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -213,8 +213,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		AttachStderr:    flAttach.Get("stderr"),
 		Env:             envVariables,
 		Cmd:             runCmd,
-		Dns:             flDns.GetAll(),
-		DnsSearch:       flDnsSearch.GetAll(),
 		Image:           image,
 		Volumes:         flVolumes.GetMap(),
 		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
@@ -230,6 +228,8 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PortBindings:    portBindings,
 		Links:           flLinks.GetAll(),
 		PublishAllPorts: *flPublishAll,
+		Dns:             flDns.GetAll(),
+		DnsSearch:       flDnsSearch.GetAll(),
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
diff --git a/runtime/container.go b/runtime/container.go
index a5a2f25c64..c8053b146c 100644
--- a/runtime/container.go
+++ b/runtime/container.go
@@ -430,6 +430,12 @@ func (container *Container) Start() (err error) {
 		}
 	}()
 
+	if container.ResolvConfPath == "" {
+		if err := container.setupContainerDns(); err != nil {
+			return err
+		}
+	}
+
 	if err := container.Mount(); err != nil {
 		return err
 	}
@@ -1174,3 +1180,50 @@ func (container *Container) DisableLink(name string) {
 		}
 	}
 }
+
+func (container *Container) setupContainerDns() error {
+	var (
+		config  = container.hostConfig
+		runtime = container.runtime
+	)
+	resolvConf, err := utils.GetResolvConf()
+	if err != nil {
+		return err
+	}
+	// If custom dns exists, then create a resolv.conf for the container
+	if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(runtime.config.DnsSearch) > 0 {
+		var (
+			dns       = utils.GetNameservers(resolvConf)
+			dnsSearch = utils.GetSearchDomains(resolvConf)
+		)
+		if len(config.Dns) > 0 {
+			dns = config.Dns
+		} else if len(runtime.config.Dns) > 0 {
+			dns = runtime.config.Dns
+		}
+		if len(config.DnsSearch) > 0 {
+			dnsSearch = config.DnsSearch
+		} else if len(runtime.config.DnsSearch) > 0 {
+			dnsSearch = runtime.config.DnsSearch
+		}
+		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
+		f, err := os.Create(container.ResolvConfPath)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		for _, dns := range dns {
+			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
+				return err
+			}
+		}
+		if len(dnsSearch) > 0 {
+			if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil {
+				return err
+			}
+		}
+	} else {
+		container.ResolvConfPath = "/etc/resolv.conf"
+	}
+	return nil
+}
diff --git a/runtime/runtime.go b/runtime/runtime.go
index 864874c8e4..98903cfa08 100644
--- a/runtime/runtime.go
+++ b/runtime/runtime.go
@@ -24,6 +24,7 @@ import (
 	"github.com/dotcloud/docker/utils"
 	"io"
 	"io/ioutil"
+	"log"
 	"os"
 	"path"
 	"regexp"
@@ -393,9 +394,6 @@ func (runtime *Runtime) Create(config *runconfig.Config, name string) (*Containe
 	if err := runtime.createRootfs(container, img); err != nil {
 		return nil, nil, err
 	}
-	if err := runtime.setupContainerDns(container, config); err != nil {
-		return nil, nil, err
-	}
 	if err := container.ToDisk(); err != nil {
 		return nil, nil, err
 	}
@@ -572,53 +570,6 @@ func (runtime *Runtime) createRootfs(container *Container, img *image.Image) err
 	return nil
 }
 
-func (runtime *Runtime) setupContainerDns(container *Container, config *runconfig.Config) error {
-	resolvConf, err := utils.GetResolvConf()
-	if err != nil {
-		return err
-	}
-	if len(config.Dns) == 0 && len(runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		runtime.config.Dns = DefaultDns
-	}
-
-	// If custom dns exists, then create a resolv.conf for the container
-	if len(config.Dns) > 0 || len(runtime.config.Dns) > 0 || len(config.DnsSearch) > 0 || len(runtime.config.DnsSearch) > 0 {
-		var (
-			dns       = utils.GetNameservers(resolvConf)
-			dnsSearch = utils.GetSearchDomains(resolvConf)
-		)
-		if len(config.Dns) > 0 {
-			dns = config.Dns
-		} else if len(runtime.config.Dns) > 0 {
-			dns = runtime.config.Dns
-		}
-		if len(config.DnsSearch) > 0 {
-			dnsSearch = config.DnsSearch
-		} else if len(runtime.config.DnsSearch) > 0 {
-			dnsSearch = runtime.config.DnsSearch
-		}
-		container.ResolvConfPath = path.Join(container.root, "resolv.conf")
-		f, err := os.Create(container.ResolvConfPath)
-		if err != nil {
-			return err
-		}
-		defer f.Close()
-		for _, dns := range dns {
-			if _, err := f.Write([]byte("nameserver " + dns + "\n")); err != nil {
-				return err
-			}
-		}
-		if len(dnsSearch) > 0 {
-			if _, err := f.Write([]byte("search " + strings.Join(dnsSearch, " ") + "\n")); err != nil {
-				return err
-			}
-		}
-	} else {
-		container.ResolvConfPath = "/etc/resolv.conf"
-	}
-	return nil
-}
-
 // Commit creates a new filesystem image from the current state of a container.
 // The image can optionally be tagged into a repository
 func (runtime *Runtime) Commit(container *Container, repository, tag, comment, author string, config *runconfig.Config) (*image.Image, error) {
@@ -839,6 +790,9 @@ func NewRuntimeFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*
 		eng:            eng,
 	}
 
+	if err := runtime.checkLocaldns(); err != nil {
+		return nil, err
+	}
 	if err := runtime.restore(); err != nil {
 		return nil, err
 	}
@@ -1025,3 +979,15 @@ func (runtime *Runtime) ContainerGraph() *graphdb.Database {
 func (runtime *Runtime) SetServer(server Server) {
 	runtime.srv = server
 }
+
+func (runtime *Runtime) checkLocaldns() error {
+	resolvConf, err := utils.GetResolvConf()
+	if err != nil {
+		return err
+	}
+	if len(runtime.config.Dns) == 0 && utils.CheckLocalDns(resolvConf) {
+		log.Printf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", DefaultDns)
+		runtime.config.Dns = DefaultDns
+	}
+	return nil
+}
diff --git a/server/server.go b/server/server.go
index 9cabf17889..0feaff4eac 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1731,15 +1731,6 @@ func (srv *Server) ContainerCreate(job *engine.Job) engine.Status {
 		job.Errorf("Your kernel does not support swap limit capabilities. Limitation discarded.\n")
 		config.MemorySwap = -1
 	}
-	resolvConf, err := utils.GetResolvConf()
-	if err != nil {
-		return job.Error(err)
-	}
-	if !config.NetworkDisabled && len(config.Dns) == 0 && len(srv.runtime.Config().Dns) == 0 && utils.CheckLocalDns(resolvConf) {
-		job.Errorf("Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : %v\n", runtime.DefaultDns)
-		config.Dns = runtime.DefaultDns
-	}
-
 	container, buildWarnings, err := srv.runtime.Create(config, name)
 	if err != nil {
 		if srv.runtime.Graph().IsNotExist(err) {

From 603088be928564be2d863a897fbc1729adc74814 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Apr 2014 21:20:03 -0600
Subject: [PATCH 370/384] Fix edge case in bind mount absolute path detection

`filepath.Abs` does more than just `filepath.IsAbs` - namely, `filepath.Clean`, which resolves things like `.../.` or `.../../...`, and causes even an absolute path like `/some/path/../absolute` to fail (or, in my case, `/path/to/docker/.`)

Just using `filepath.IsAbs` directly is a much cheaper check, too. :)

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 runtime/volumes.go | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/runtime/volumes.go b/runtime/volumes.go
index 0b6f3734e0..40db177174 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -177,12 +177,8 @@ func createVolumes(container *Container) error {
 		if bindMap, exists := binds[volPath]; exists {
 			isBindMount = true
 			srcPath = bindMap.SrcPath
-			srcAbs, err := filepath.Abs(srcPath)
-			if err != nil {
-				return err
-			}
-			if srcPath != srcAbs {
-				return fmt.Errorf("%s should be an absolute path", srcPath)
+			if !filepath.IsAbs(srcPath) {
+				return fmt.Errorf("%s must be an absolute path", srcPath)
 			}
 			if strings.ToLower(bindMap.Mode) == "rw" {
 				srcRW = true

From 886eb85dec7f4e9e193151befa7e6b4213ea67a0 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Apr 2014 22:22:03 -0600
Subject: [PATCH 371/384] Update RELEASE_BUNDLES to include integration tests

Previously, running just "hack/release.sh" only ran the unit tests.  This updates that to run the unit tests, then the integration tests, then build the binaries, then run the cli integration tests (so we're literally testing the binary we're about to release, which is super freaking cool IMO <3).

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/release.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hack/release.sh b/hack/release.sh
index 84e1c42383..d77d454e27 100755
--- a/hack/release.sh
+++ b/hack/release.sh
@@ -53,9 +53,13 @@ RELEASE_BUNDLES=(
 )
 
 if [ "$1" != '--release-regardless-of-test-failure' ]; then
-	RELEASE_BUNDLES=( test "${RELEASE_BUNDLES[@]}" )
+	RELEASE_BUNDLES=(
+		test test-integration
+		"${RELEASE_BUNDLES[@]}"
+		test-integration-cli
+	)
 fi
-	
+
 VERSION=$(cat VERSION)
 BUCKET=$AWS_S3_BUCKET
 

From e6a64af966698d8b9dfe8721ca4404fc06331d69 Mon Sep 17 00:00:00 2001
From: Sven Dowideit <SvenDowideit@fosiki.com>
Date: Tue, 8 Apr 2014 14:25:57 +1000
Subject: [PATCH 372/384] use the docs sidebar to be the TOC means that level 2
 headings are the most important

Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
---
 docs/sources/reference/builder.rst | 62 ++++++++++++++----------------
 1 file changed, 29 insertions(+), 33 deletions(-)

diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 6462512da0..4858a0b17c 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -13,12 +13,10 @@ Dockerfile Reference
 to create an image. Executing ``docker build`` will run your steps and
 commit them along the way, giving you a final image.
 
-.. contents:: Table of Contents
-
 .. _dockerfile_usage:
 
-1. Usage
-========
+Usage
+=====
 
 To :ref:`build <cli_build>` an image from a source repository, create
 a description file called ``Dockerfile`` at the root of your
@@ -71,8 +69,8 @@ When you're done with your build, you're ready to look into
 
 .. _dockerfile_format:
 
-2. Format
-=========
+Format
+======
 
 Here is the format of the Dockerfile:
 
@@ -99,16 +97,14 @@ allows statements like:
 
 .. _dockerfile_instructions:
 
-3. Instructions
-===============
 
 Here is the set of instructions you can use in a ``Dockerfile`` for
 building images.
 
 .. _dockerfile_from:
 
-3.1 FROM
---------
+``FROM``
+========
 
     ``FROM <image>``
 
@@ -134,8 +130,8 @@ assumed. If the used tag does not exist, an error will be returned.
 
 .. _dockerfile_maintainer:
 
-3.2 MAINTAINER
---------------
+``MAINTAINER``
+==============
 
     ``MAINTAINER <name>``
 
@@ -144,8 +140,8 @@ the generated images.
 
 .. _dockerfile_run:
 
-3.3 RUN
--------
+``RUN``
+=======
 
 RUN has 2 forms:
 
@@ -174,8 +170,8 @@ Known Issues (RUN)
 
 .. _dockerfile_cmd:
 
-3.4 CMD
--------
+``CMD``
+=======
 
 CMD has three forms:
 
@@ -229,8 +225,8 @@ override the default specified in CMD.
 
 .. _dockerfile_expose:
 
-3.5 EXPOSE
-----------
+``EXPOSE``
+==========
 
     ``EXPOSE <port> [<port>...]``
 
@@ -241,8 +237,8 @@ functionally equivalent to running ``docker commit --run '{"PortSpecs":
 
 .. _dockerfile_env:
 
-3.6 ENV
--------
+``ENV``
+=======
 
     ``ENV <key> <value>``
 
@@ -262,8 +258,8 @@ from the resulting image. You can view the values using ``docker inspect``, and
 
 .. _dockerfile_add:
 
-3.7 ADD
--------
+``ADD``
+=======
 
     ``ADD <src> <dest>``
 
@@ -329,8 +325,8 @@ The copy obeys the following rules:
 
 .. _dockerfile_entrypoint:
 
-3.8 ENTRYPOINT
---------------
+``ENTRYPOINT``
+==============
 
 ENTRYPOINT has two forms:
 
@@ -378,8 +374,8 @@ this optional but default, you could use a CMD:
 
 .. _dockerfile_volume:
 
-3.9 VOLUME
-----------
+``VOLUME``
+==========
 
     ``VOLUME ["/data"]``
 
@@ -389,8 +385,8 @@ and mounting instructions via docker client, refer to :ref:`volume_def` document
 
 .. _dockerfile_user:
 
-3.10 USER
----------
+``USER``
+========
 
     ``USER daemon``
 
@@ -399,8 +395,8 @@ the image.
 
 .. _dockerfile_workdir:
 
-3.11 WORKDIR
-------------
+``WORKDIR``
+===========
 
     ``WORKDIR /path/to/workdir``
 
@@ -418,8 +414,8 @@ instruction.  For example:
 
 The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``.
 
-3.11 ONBUILD
-------------
+``ONBUILD``
+===========
 
     ``ONBUILD [INSTRUCTION]``
 
@@ -480,7 +476,7 @@ For example you might add something like this:
 
 .. _dockerfile_examples:
 
-4. Dockerfile Examples
+Dockerfile Examples
 ======================
 
 .. code-block:: bash

From 4c3eb7db675c7f8f15ef0d55e99a6699908f930c Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Mon, 7 Apr 2014 23:10:40 -0600
Subject: [PATCH 373/384] Update test-integration-cli bundlescript for
 consistency with other bundlescripts and slightly more verbose logging of
 which commands were executed

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 hack/make/test-integration-cli | 49 +++++++++++++++++++---------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/hack/make/test-integration-cli b/hack/make/test-integration-cli
index 18e4ee6602..b0506d261a 100644
--- a/hack/make/test-integration-cli
+++ b/hack/make/test-integration-cli
@@ -4,9 +4,6 @@ DEST=$1
 
 set -e
 
-# subshell so that we can export PATH without breaking other things
-(
-export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH"
 DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
 DOCKER_EXECDRIVER=${DOCKER_EXECDRIVER:-native}
 
@@ -14,22 +11,30 @@ bundle_test_integration_cli() {
 	go_test_dir ./integration-cli
 }
 
-if ! command -v docker &> /dev/null; then
-	echo >&2 'error: binary or dynbinary must be run before test-integration-cli'
-	false
-fi
-
-echo "running cli integration tests using graphdriver: '$DOCKER_GRAPHDRIVER' and execdriver: '$DOCKER_EXECDRIVER'" 
-docker -d -D -s $DOCKER_GRAPHDRIVER -e $DOCKER_EXECDRIVER -p $DEST/docker.pid &> $DEST/docker.log &
-
-# pull the busybox image before running the tests
-sleep 2
-docker pull busybox
-
-bundle_test_integration_cli 2>&1 \
-	| tee $DEST/test.log
-
-DOCKERD_PID=$(cat $DEST/docker.pid)
-kill $DOCKERD_PID
-wait $DOCKERD_PID || true
-)
+# subshell so that we can export PATH without breaking other things
+(
+	export PATH="$DEST/../binary:$DEST/../dynbinary:$PATH"
+	
+	if ! command -v docker &> /dev/null; then
+		echo >&2 'error: binary or dynbinary must be run before test-integration-cli'
+		false
+	fi
+	
+	( set -x; exec \
+		docker --daemon --debug \
+		--storage-driver "$DOCKER_GRAPHDRIVER" \
+		--exec-driver "$DOCKER_EXECDRIVER" \
+		--pidfile "$DEST/docker.pid" \
+			&> "$DEST/docker.log"
+	) &
+	
+	# pull the busybox image before running the tests
+	sleep 2
+	( set -x; docker pull busybox )
+	
+	bundle_test_integration_cli
+	
+	DOCKERD_PID=$(set -x; cat $DEST/docker.pid)
+	( set -x; kill $DOCKERD_PID )
+	wait $DOCKERD_PID || true
+) 2>&1 | tee $DEST/test.log

From 8b2bcd9a4bddf1b99ca201d81ac0a67c2b09fbe0 Mon Sep 17 00:00:00 2001
From: shin- <joffrey@dotcloud.com>
Date: Tue, 8 Apr 2014 16:53:16 +0200
Subject: [PATCH 374/384] Added specific error message when hitting 401 over
 HTTP on push Docker-DCO-1.1-Signed-off-by: Joffrey F <joffrey@docker.com>
 (github: shin-)

---
 registry/registry.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/registry/registry.go b/registry/registry.go
index 5ac04f9e7e..817c08afa9 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -417,6 +417,9 @@ func (r *Registry) PushImageJSONRegistry(imgData *ImgData, jsonRaw []byte, regis
 		return fmt.Errorf("Failed to upload metadata: %s", err)
 	}
 	defer res.Body.Close()
+	if res.StatusCode == 401 && strings.HasPrefix(registry, "http://") {
+		return utils.NewHTTPRequestError("HTTP code 401, Docker will not send auth headers over HTTP.", res)
+	}
 	if res.StatusCode != 200 {
 		errBody, err := ioutil.ReadAll(res.Body)
 		if err != nil {

From cf655ca98d9c230d02454a39e815fc6b11ac5aed Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 8 Apr 2014 09:42:47 -0600
Subject: [PATCH 375/384] Update DOCKER_CROSSPLATFORMS to be more readable

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 2de5b34171..ec95bad293 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -68,7 +68,10 @@ ENV	GOPATH	/go:/go/src/github.com/dotcloud/docker/vendor
 RUN	cd /usr/local/go/src && ./make.bash --no-clean 2>&1
 
 # Compile Go for cross compilation
-ENV	DOCKER_CROSSPLATFORMS	linux/386 linux/arm darwin/amd64 darwin/386 freebsd/amd64 freebsd/386 freebsd/arm
+ENV	DOCKER_CROSSPLATFORMS	\
+	linux/386 linux/arm \
+	darwin/amd64 darwin/386 \
+	freebsd/amd64 freebsd/386 freebsd/arm
 # (set an explicit GOARM of 5 for maximum compatibility)
 ENV	GOARM	5
 RUN	cd /usr/local/go/src && bash -xc 'for platform in $DOCKER_CROSSPLATFORMS; do GOOS=${platform%/*} GOARCH=${platform##*/} ./make.bash --no-clean 2>&1; done'

From 4f828d67f00449182eaada50dfba37e00f8f01ef Mon Sep 17 00:00:00 2001
From: "Guillaume J. Charmes" <guillaume@charmes.net>
Date: Tue, 8 Apr 2014 10:10:51 -0700
Subject: [PATCH 376/384] Backup current docker apparmor profile and replace it
 with the new one

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume@charmes.net> (github: creack)
---
 pkg/libcontainer/apparmor/setup.go  | 36 +++++++++++++++++++++++++----
 runtime/execdriver/native/driver.go |  8 ++++---
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/pkg/libcontainer/apparmor/setup.go b/pkg/libcontainer/apparmor/setup.go
index 4c664598ad..548e72f550 100644
--- a/pkg/libcontainer/apparmor/setup.go
+++ b/pkg/libcontainer/apparmor/setup.go
@@ -2,13 +2,17 @@ package apparmor
 
 import (
 	"fmt"
+	"io"
 	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 )
 
-const DefaultProfilePath = "/etc/apparmor.d/docker"
+const (
+	DefaultProfilePath = "/etc/apparmor.d/docker"
+)
+
 const DefaultProfile = `
 # AppArmor profile from lxc for containers.
 
@@ -73,14 +77,38 @@ profile docker-default flags=(attach_disconnected,mediate_deleted) {
 }
 `
 
-func InstallDefaultProfile() error {
+func InstallDefaultProfile(backupPath string) error {
 	if !IsEnabled() {
 		return nil
 	}
 
-	// If the profile already exists, let it be.
+	// If the profile already exists, check if we already have a backup
+	// if not, do the backup and override it. (docker 0.10 upgrade changed the apparmor profile)
+	// see gh#5049, apparmor blocks signals in ubuntu 14.04
 	if _, err := os.Stat(DefaultProfilePath); err == nil {
-		return nil
+		if _, err := os.Stat(backupPath); err == nil {
+			// If both the profile and the backup are present, do nothing
+			return nil
+		}
+		// Make sure the directory exists
+		if err := os.MkdirAll(path.Dir(backupPath), 0755); err != nil {
+			return err
+		}
+
+		// Create the backup file
+		f, err := os.Create(backupPath)
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		src, err := os.Open(DefaultProfilePath)
+		if err != nil {
+			return err
+		}
+		defer src.Close()
+		if _, err := io.Copy(f, src); err != nil {
+			return err
+		}
 	}
 
 	// Make sure /etc/apparmor.d exists
diff --git a/runtime/execdriver/native/driver.go b/runtime/execdriver/native/driver.go
index c5a3837615..d18865e508 100644
--- a/runtime/execdriver/native/driver.go
+++ b/runtime/execdriver/native/driver.go
@@ -21,8 +21,9 @@ import (
 )
 
 const (
-	DriverName = "native"
-	Version    = "0.1"
+	DriverName                = "native"
+	Version                   = "0.1"
+	BackupApparmorProfilePath = "apparmor/docker.back" // relative to docker root
 )
 
 func init() {
@@ -66,7 +67,8 @@ func NewDriver(root, initPath string) (*driver, error) {
 	if err := os.MkdirAll(root, 0700); err != nil {
 		return nil, err
 	}
-	if err := apparmor.InstallDefaultProfile(); err != nil {
+	// native driver root is at docker_root/execdriver/native. Put apparmor at docker_root
+	if err := apparmor.InstallDefaultProfile(filepath.Join(root, "../..", BackupApparmorProfilePath)); err != nil {
 		return nil, err
 	}
 	return &driver{

From fa5223dab5b9f5cef2a0a341ee5065fec9c6d663 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Tue, 8 Apr 2014 11:59:02 -0700
Subject: [PATCH 377/384] Added Fedora installation method

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
---
 hack/install.sh | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/hack/install.sh b/hack/install.sh
index 205b57ecc7..575f328292 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -72,8 +72,35 @@ fi
 if [ -z "$lsb_dist" ] && [ -r /etc/debian_version ]; then
 	lsb_dist='Debian'
 fi
+if [ -z "$lsb_dist" ] && [ -r /etc/fedora-release ]; then
+	lsb_dist='Fedora'
+fi
 
 case "$lsb_dist" in
+	Fedora)
+		(
+			set -x
+			$sh_c 'sleep 3; yum -y -q install docker-io'
+		)
+		if command_exists docker && [ -e /var/run/docker.sock ]; then
+			(
+				set -x
+				$sh_c 'docker run busybox echo "Docker has been successfully installed!"'
+			) || true
+		fi
+		your_user=your-user
+		[ "$user" != 'root' ] && your_user="$user"
+		echo
+		echo 'If you would like to use Docker as a non-root user, you should now consider'
+		echo 'adding your user to the "docker" group with something like:'
+		echo
+		echo '  sudo usermod -aG docker' $your_user
+		echo
+		echo 'Remember that you will have to log out and back in for this to take effect!'
+		echo
+		exit 0
+		;;
+
 	Ubuntu|Debian)
 		export DEBIAN_FRONTEND=noninteractive
 		

From a2aa902ec194169431fea6784c4a7cdab25aaf24 Mon Sep 17 00:00:00 2001
From: James Turnbull <james@lovedthanlost.net>
Date: Tue, 8 Apr 2014 11:59:36 -0700
Subject: [PATCH 378/384] Removed extra whitespace

Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
---
 hack/install.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/hack/install.sh b/hack/install.sh
index 575f328292..43248cf2c0 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -103,7 +103,7 @@ case "$lsb_dist" in
 
 	Ubuntu|Debian)
 		export DEBIAN_FRONTEND=noninteractive
-		
+
 		did_apt_get_update=
 		apt_get_update() {
 			if [ -z "$did_apt_get_update" ]; then
@@ -111,21 +111,21 @@ case "$lsb_dist" in
 				did_apt_get_update=1
 			fi
 		}
-		
+
 		# aufs is preferred over devicemapper; try to ensure the driver is available.
 		if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
 			kern_extras="linux-image-extra-$(uname -r)"
-			
+
 			apt_get_update
 			( set -x; $sh_c 'sleep 3; apt-get install -y -q '"$kern_extras" ) || true
-			
+
 			if ! grep -q aufs /proc/filesystems && ! $sh_c 'modprobe aufs'; then
 				echo >&2 'Warning: tried to install '"$kern_extras"' (for AUFS)'
 				echo >&2 ' but we still have no AUFS.  Docker may not work. Proceeding anyways!'
 				( set -x; sleep 10 )
 			fi
 		fi
-		
+
 		if [ ! -e /usr/lib/apt/methods/https ]; then
 			apt_get_update
 			( set -x; $sh_c 'sleep 3; apt-get install -y -q apt-transport-https' )
@@ -165,7 +165,7 @@ case "$lsb_dist" in
 		echo
 		exit 0
 		;;
-		
+
 	Gentoo)
 		if [ "$url" = "https://test.docker.io/" ]; then
 			echo >&2
@@ -180,7 +180,7 @@ case "$lsb_dist" in
 			echo >&2
 			exit 1
 		fi
-		
+
 		(
 			set -x
 			$sh_c 'sleep 3; emerge app-emulation/docker'

From 168f8aba74d9c2996acec6fe1b93a2301523e305 Mon Sep 17 00:00:00 2001
From: Solomon Hykes <solomon@docker.com>
Date: Tue, 8 Apr 2014 09:49:48 -0700
Subject: [PATCH 379/384] Early deprecation warning for 'docker commit --run'

Warn users of the planned deprecation of 'docker commit --run', and hide
it from the docs and usage message. The option continues to work.

Note that an alternative to 'commit --run' is being implemented but is
not yet available. We are printing the warning anyway because on
the basis that it never hurts to give more advance warning.

The 'commit --run' flag is a leftover from the very early days of Docker,
and has several problems:

1) It is very user unfriendly. You have to pass a literal json dict
which is poorly documented and changes regularly (see PortSpecs vs
ExposedPorts). The merge behavior is not clear and also changes
regularly. it's not possible to unset a value.

2) It overlaps with the Dockerfile syntax. There are 2 ways to set
a default command, expose a port or change an env variable. Some
things can be done in a Dockerfile but not in --run. Some things
can be done in --run but not in a Dockerfile. It would be better
to push a single syntax, allow using it both in a file and via
the command line, and make improvements in a single place.

3) It exposes data structures which should not be publicly exposed.
There are several planned improvements to Docker which require moving
around the content and schema of the various Config, Image and Container
structures. The less of those we expose in public interfaces, the easier
it is to move things around without a reverse compatibility nightmare.

Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
---
 api/client/commands.go                     |  4 +-
 docs/sources/reference/builder.rst         | 12 ++-
 docs/sources/reference/commandline/cli.rst | 92 ----------------------
 3 files changed, 8 insertions(+), 100 deletions(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index bd23b3c7fd..ef6bbd055a 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -1433,7 +1433,8 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 	cmd := cli.Subcmd("commit", "[OPTIONS] CONTAINER [REPOSITORY[:TAG]]", "Create a new image from a container's changes")
 	flComment := cmd.String([]string{"m", "-message"}, "", "Commit message")
 	flAuthor := cmd.String([]string{"a", "#author", "-author"}, "", "Author (eg. \"John Hannibal Smith <hannibal@a-team.com>\"")
-	flConfig := cmd.String([]string{"#run", "-run"}, "", "Config automatically applied when the image is run. "+`(ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')`)
+	// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
+	flConfig := cmd.String([]string{"#run", "#-run"}, "", "this option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
 	if err := cmd.Parse(args); err != nil {
 		return nil
 	}
@@ -1471,6 +1472,7 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 		env    engine.Env
 	)
 	if *flConfig != "" {
+		fmt.Fprintf(cli.err, "WARNING: 'commit --run' is deprecated and will be removed in a future version, in favor of inline Dockerfile-compatible commands.\n")
 		config = &runconfig.Config{}
 		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
 			return err
diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst
index 4858a0b17c..e8897d1b09 100644
--- a/docs/sources/reference/builder.rst
+++ b/docs/sources/reference/builder.rst
@@ -188,9 +188,7 @@ omit the executable, in which case you must specify an ENTRYPOINT as
 well.
 
 When used in the shell or exec formats, the ``CMD`` instruction sets
-the command to be executed when running the image.  This is
-functionally equivalent to running ``docker commit --run '{"Cmd":
-<command>}'`` outside the builder.
+the command to be executed when running the image.
 
 If you use the *shell* form of the CMD, then the ``<command>`` will
 execute in ``/bin/sh -c``:
@@ -230,10 +228,10 @@ override the default specified in CMD.
 
     ``EXPOSE <port> [<port>...]``
 
-The ``EXPOSE`` instruction exposes ports for use within links. This is
-functionally equivalent to running ``docker commit --run '{"PortSpecs":
-["<port>", "<port2>"]}'`` outside the builder. Refer to
-:ref:`port_redirection` for detailed information.
+The ``EXPOSE`` instructions informs Docker that the container will listen
+on the specified network ports at runtime. Docker uses this information
+to interconnect containers using links (see :ref:`links <working_with_links_names>`),
+and to setup port redirection on the host system (see :ref:`port_redirection`).
 
 .. _dockerfile_env:
 
diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst
index c0487302dd..c0df5f8175 100644
--- a/docs/sources/reference/commandline/cli.rst
+++ b/docs/sources/reference/commandline/cli.rst
@@ -316,8 +316,6 @@ by using the ``git://`` schema.
 
       -m, --message="": Commit message
       -a, --author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
-      --run="": Configuration changes to be applied when the image is launched with `docker run`.
-               (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
 
 .. _cli_commit_examples:
 
@@ -336,96 +334,6 @@ Commit an existing container
 	REPOSITORY                        TAG                 ID                  CREATED             VIRTUAL SIZE
 	SvenDowideit/testimage            version3            f5283438590d        16 seconds ago      335.7 MB
 
-Change the command that a container runs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Sometimes you have an application container running just a service and you need
-to make a quick change and then change it back.
-
-In this example, we run a container with ``ls`` and then change the image to
-run ``ls /etc``.
-
-.. code-block:: bash
-
-        $ docker run -t --name test ubuntu ls
-        bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
-        $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2
-        933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb
-        $ docker run -t test2
-        adduser.conf            gshadow          login.defs           rc0.d
-        alternatives            gshadow-         logrotate.d          rc1.d
-        apt                     host.conf        lsb-base             rc2.d
-        ...
-
-Merged configs example
-......................
-
-Say you have a Dockerfile like so:
-
-.. code-block:: bash
-
-        ENV MYVAR foobar
-        RUN apt-get install openssh
-        EXPOSE 22
-        CMD ["/usr/sbin/sshd -D"]
-        ...
-
-If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit.
-
-.. code-block:: bash
-
-        $ docker build -t me/foo .
-        $ docker run -t -i me/foo /bin/bash
-        foo-container$ [make changes in the container]
-        foo-container$ exit
-        $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar
-        ...
-
-The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"].
-
-Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container.
-
-Full --run example
-..................
-
-The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID``
-or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are
-not overridden in the JSON hash will be merged in.
-
-(Multiline is okay within a single quote ``'``)
-
-.. code-block:: bash
-
-  $ sudo docker commit --run='
-  {
-      "Entrypoint" : null,
-      "Privileged" : false,
-      "User" : "",
-      "VolumesFrom" : "",
-      "Cmd" : ["cat", "-e", "/etc/resolv.conf"],
-      "Dns" : ["8.8.8.8", "8.8.4.4"],
-      "DnsSearch" : ["example.com"],
-      "MemorySwap" : 0,
-      "AttachStdin" : false,
-      "AttachStderr" : false,
-      "CpuShares" : 0,
-      "OpenStdin" : false,
-      "Volumes" : null,
-      "Hostname" : "122612f45831",
-      "PortSpecs" : ["22", "80", "443"],
-      "Image" : "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
-      "Tty" : false,
-      "Env" : [
-         "HOME=/",
-         "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-      ],
-      "StdinOnce" : false,
-      "Domainname" : "",
-      "WorkingDir" : "/",
-      "NetworkDisabled" : false,
-      "Memory" : 0,
-      "AttachStdout" : false
-  }' $CONTAINER_ID
 
 .. _cli_cp:
 

From 77a04357a1b66b9e5b2bae2efc0192b927f926fe Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 8 Apr 2014 20:56:30 +0000
Subject: [PATCH 380/384] Remove restart ghost test

We do not allow ghosts anymore and this test does not add any value
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 integration/container_test.go | 28 ----------------------------
 1 file changed, 28 deletions(-)

diff --git a/integration/container_test.go b/integration/container_test.go
index c64f9e610b..d089e7dc45 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1714,31 +1714,3 @@ func TestMultipleVolumesFrom(t *testing.T) {
 		t.Fail()
 	}
 }
-
-func TestRestartGhost(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-
-	container, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:   GetTestImage(runtime).ID,
-			Cmd:     []string{"sh", "-c", "echo -n bar > /test/foo"},
-			Volumes: map[string]struct{}{"/test": {}},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := container.Kill(); err != nil {
-		t.Fatal(err)
-	}
-
-	container.State.SetGhost(true)
-
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-}

From 9260c06f7a7cb172205dc45af96870ec0d02ebcd Mon Sep 17 00:00:00 2001
From: Victor Vieux <victor.vieux@docker.com>
Date: Tue, 8 Apr 2014 20:58:19 +0000
Subject: [PATCH 381/384] remove double deprecation warning

Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
---
 api/client/commands.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/api/client/commands.go b/api/client/commands.go
index ef6bbd055a..443917d3fb 100644
--- a/api/client/commands.go
+++ b/api/client/commands.go
@@ -1472,7 +1472,6 @@ func (cli *DockerCli) CmdCommit(args ...string) error {
 		env    engine.Env
 	)
 	if *flConfig != "" {
-		fmt.Fprintf(cli.err, "WARNING: 'commit --run' is deprecated and will be removed in a future version, in favor of inline Dockerfile-compatible commands.\n")
 		config = &runconfig.Config{}
 		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
 			return err

From af9746412b6070063f105ae97eba1f8fbd56bd22 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 8 Apr 2014 09:26:09 +0000
Subject: [PATCH 382/384] Move volumesfrom to hostconfig

This also migrates the volumes from integration tests into the new cli
integration test framework.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 integration-cli/docker_cli_run_test.go |  72 +++++++
 integration/container_test.go          | 262 -------------------------
 runconfig/compare.go                   |   3 +-
 runconfig/config.go                    |   2 -
 runconfig/config_test.go               |  41 ++--
 runconfig/hostconfig.go                |   2 +
 runconfig/merge.go                     |   3 -
 runconfig/parse.go                     |   2 +-
 runtime/volumes.go                     |   7 +-
 9 files changed, 92 insertions(+), 302 deletions(-)

diff --git a/integration-cli/docker_cli_run_test.go b/integration-cli/docker_cli_run_test.go
index d085574741..b0805dd35c 100644
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -312,3 +312,75 @@ func TestVolumesMountedAsReadonly(t *testing.T) {
 
 	logDone("run - volumes as readonly mount")
 }
+
+func TestVolumesFromInReadonlyMode(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "true")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent:ro", "busybox", "touch", "/test/file")
+	if code, err := runCommand(cmd); err == nil || code == 0 {
+		t.Fatalf("run should fail because volume is ro: exit code %d", code)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volumes from as readonly mount")
+}
+
+// Regression test for #1201
+func TestVolumesFromInReadWriteMode(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "true")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent", "busybox", "touch", "/test/file")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volumes from as read write mount")
+}
+
+// Test for #1351
+func TestApplyVolumesFromBeforeVolumes(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--name", "parent", "-v", "/test", "busybox", "touch", "/test/foo")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent", "-v", "/test", "busybox", "cat", "/test/foo")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - volumes from mounted first")
+}
+
+func TestMultipleVolumesFrom(t *testing.T) {
+	cmd := exec.Command(dockerBinary, "run", "--name", "parent1", "-v", "/test", "busybox", "touch", "/test/foo")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--name", "parent2", "-v", "/other", "busybox", "touch", "/other/bar")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	cmd = exec.Command(dockerBinary, "run", "--volumes-from", "parent1", "--volumes-from", "parent2",
+		"busybox", "sh", "-c", "cat /test/foo && cat /other/bar")
+	if _, err := runCommand(cmd); err != nil {
+		t.Fatal(err)
+	}
+
+	deleteAllContainers()
+
+	logDone("run - multiple volumes from")
+}
diff --git a/integration/container_test.go b/integration/container_test.go
index d089e7dc45..43f51c1e5f 100644
--- a/integration/container_test.go
+++ b/integration/container_test.go
@@ -1273,123 +1273,6 @@ func TestBindMounts(t *testing.T) {
 	}
 }
 
-// Test that -volumes-from supports both read-only mounts
-func TestFromVolumesInReadonlyMode(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-	container, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:   GetTestImage(runtime).ID,
-			Cmd:     []string{"/bin/echo", "-n", "foobar"},
-			Volumes: map[string]struct{}{"/test": {}},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !container.VolumesRW["/test"] {
-		t.Fail()
-	}
-
-	container2, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:       GetTestImage(runtime).ID,
-			Cmd:         []string{"/bin/echo", "-n", "foobar"},
-			VolumesFrom: container.ID + ":ro",
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container2)
-
-	_, err = container2.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if container.Volumes["/test"] != container2.Volumes["/test"] {
-		t.Logf("container volumes do not match: %s | %s ",
-			container.Volumes["/test"],
-			container2.Volumes["/test"])
-		t.Fail()
-	}
-
-	_, exists := container2.VolumesRW["/test"]
-	if !exists {
-		t.Logf("container2 is missing '/test' volume: %s", container2.VolumesRW)
-		t.Fail()
-	}
-
-	if container2.VolumesRW["/test"] != false {
-		t.Log("'/test' volume mounted in read-write mode, expected read-only")
-		t.Fail()
-	}
-}
-
-// Test that VolumesRW values are copied to the new container.  Regression test for #1201
-func TestVolumesFromReadonlyMount(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-	container, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:   GetTestImage(runtime).ID,
-			Cmd:     []string{"/bin/echo", "-n", "foobar"},
-			Volumes: map[string]struct{}{"/test": {}},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !container.VolumesRW["/test"] {
-		t.Fail()
-	}
-
-	container2, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:       GetTestImage(runtime).ID,
-			Cmd:         []string{"/bin/echo", "-n", "foobar"},
-			VolumesFrom: container.ID,
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container2)
-
-	_, err = container2.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if container.Volumes["/test"] != container2.Volumes["/test"] {
-		t.Fail()
-	}
-
-	actual, exists := container2.VolumesRW["/test"]
-	if !exists {
-		t.Fail()
-	}
-
-	if container.VolumesRW["/test"] != actual {
-		t.Fail()
-	}
-}
-
 // Test that restarting a container with a volume does not create a new volume on restart. Regression test for #819.
 func TestRestartWithVolumes(t *testing.T) {
 	runtime := mkRuntime(t)
@@ -1434,73 +1317,6 @@ func TestRestartWithVolumes(t *testing.T) {
 	}
 }
 
-// Test for #1351
-func TestVolumesFromWithVolumes(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-
-	container, _, err := runtime.Create(&runconfig.Config{
-		Image:   GetTestImage(runtime).ID,
-		Cmd:     []string{"sh", "-c", "echo -n bar > /test/foo"},
-		Volumes: map[string]struct{}{"/test": {}},
-	},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-
-	for key := range container.Config.Volumes {
-		if key != "/test" {
-			t.Fail()
-		}
-	}
-
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := container.Volumes["/test"]
-	if expected == "" {
-		t.Fail()
-	}
-
-	container2, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:       GetTestImage(runtime).ID,
-			Cmd:         []string{"cat", "/test/foo"},
-			VolumesFrom: container.ID,
-			Volumes:     map[string]struct{}{"/test": {}},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container2)
-
-	output, err := container2.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if string(output) != "bar" {
-		t.Fail()
-	}
-
-	if container.Volumes["/test"] != container2.Volumes["/test"] {
-		t.Fail()
-	}
-
-	// Ensure it restarts successfully
-	_, err = container2.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestContainerNetwork(t *testing.T) {
 	runtime := mkRuntime(t)
 	defer nuke(runtime)
@@ -1636,81 +1452,3 @@ func TestUnprivilegedCannotMount(t *testing.T) {
 		t.Fatal("Could mount into secure container")
 	}
 }
-
-func TestMultipleVolumesFrom(t *testing.T) {
-	runtime := mkRuntime(t)
-	defer nuke(runtime)
-
-	container, _, err := runtime.Create(&runconfig.Config{
-		Image:   GetTestImage(runtime).ID,
-		Cmd:     []string{"sh", "-c", "echo -n bar > /test/foo"},
-		Volumes: map[string]struct{}{"/test": {}},
-	},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container)
-
-	for key := range container.Config.Volumes {
-		if key != "/test" {
-			t.Fail()
-		}
-	}
-
-	_, err = container.Output()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	expected := container.Volumes["/test"]
-	if expected == "" {
-		t.Fail()
-	}
-
-	container2, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:   GetTestImage(runtime).ID,
-			Cmd:     []string{"sh", "-c", "echo -n bar > /other/foo"},
-			Volumes: map[string]struct{}{"/other": {}},
-		},
-		"",
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container2)
-
-	for key := range container2.Config.Volumes {
-		if key != "/other" {
-			t.FailNow()
-		}
-	}
-	if _, err := container2.Output(); err != nil {
-		t.Fatal(err)
-	}
-
-	container3, _, err := runtime.Create(
-		&runconfig.Config{
-			Image:       GetTestImage(runtime).ID,
-			Cmd:         []string{"/bin/echo", "-n", "foobar"},
-			VolumesFrom: strings.Join([]string{container.ID, container2.ID}, ","),
-		}, "")
-
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer runtime.Destroy(container3)
-
-	if _, err := container3.Output(); err != nil {
-		t.Fatal(err)
-	}
-
-	if container3.Volumes["/test"] != container.Volumes["/test"] {
-		t.Fail()
-	}
-	if container3.Volumes["/other"] != container2.Volumes["/other"] {
-		t.Fail()
-	}
-}
diff --git a/runconfig/compare.go b/runconfig/compare.go
index 122687f669..5c1bf46575 100644
--- a/runconfig/compare.go
+++ b/runconfig/compare.go
@@ -14,8 +14,7 @@ func Compare(a, b *Config) bool {
 		a.MemorySwap != b.MemorySwap ||
 		a.CpuShares != b.CpuShares ||
 		a.OpenStdin != b.OpenStdin ||
-		a.Tty != b.Tty ||
-		a.VolumesFrom != b.VolumesFrom {
+		a.Tty != b.Tty {
 		return false
 	}
 	if len(a.Cmd) != len(b.Cmd) ||
diff --git a/runconfig/config.go b/runconfig/config.go
index 9db545976b..33a7882b6f 100644
--- a/runconfig/config.go
+++ b/runconfig/config.go
@@ -27,7 +27,6 @@ type Config struct {
 	Cmd             []string
 	Image           string // Name of the image as it was passed by the operator (eg. could be symbolic)
 	Volumes         map[string]struct{}
-	VolumesFrom     string
 	WorkingDir      string
 	Entrypoint      []string
 	NetworkDisabled bool
@@ -49,7 +48,6 @@ func ContainerConfigFromJob(job *engine.Job) *Config {
 		OpenStdin:       job.GetenvBool("OpenStdin"),
 		StdinOnce:       job.GetenvBool("StdinOnce"),
 		Image:           job.Getenv("Image"),
-		VolumesFrom:     job.Getenv("VolumesFrom"),
 		WorkingDir:      job.Getenv("WorkingDir"),
 		NetworkDisabled: job.GetenvBool("NetworkDisabled"),
 	}
diff --git a/runconfig/config_test.go b/runconfig/config_test.go
index d5ab75b3b9..f71528ff8e 100644
--- a/runconfig/config_test.go
+++ b/runconfig/config_test.go
@@ -163,37 +163,25 @@ func TestCompare(t *testing.T) {
 	volumes1 := make(map[string]struct{})
 	volumes1["/test1"] = struct{}{}
 	config1 := Config{
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
+		PortSpecs: []string{"1111:1111", "2222:2222"},
+		Env:       []string{"VAR1=1", "VAR2=2"},
+		Volumes:   volumes1,
 	}
 	config3 := Config{
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes1,
-	}
-	config4 := Config{
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "22222222",
-		Volumes:     volumes1,
+		PortSpecs: []string{"0000:0000", "2222:2222"},
+		Env:       []string{"VAR1=1", "VAR2=2"},
+		Volumes:   volumes1,
 	}
 	volumes2 := make(map[string]struct{})
 	volumes2["/test2"] = struct{}{}
 	config5 := Config{
-		PortSpecs:   []string{"0000:0000", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "11111111",
-		Volumes:     volumes2,
+		PortSpecs: []string{"0000:0000", "2222:2222"},
+		Env:       []string{"VAR1=1", "VAR2=2"},
+		Volumes:   volumes2,
 	}
 	if Compare(&config1, &config3) {
 		t.Fatalf("Compare should return false, PortSpecs are different")
 	}
-	if Compare(&config1, &config4) {
-		t.Fatalf("Compare should return false, VolumesFrom are different")
-	}
 	if Compare(&config1, &config5) {
 		t.Fatalf("Compare should return false, Volumes are different")
 	}
@@ -207,10 +195,9 @@ func TestMerge(t *testing.T) {
 	volumesImage["/test1"] = struct{}{}
 	volumesImage["/test2"] = struct{}{}
 	configImage := &Config{
-		PortSpecs:   []string{"1111:1111", "2222:2222"},
-		Env:         []string{"VAR1=1", "VAR2=2"},
-		VolumesFrom: "1111",
-		Volumes:     volumesImage,
+		PortSpecs: []string{"1111:1111", "2222:2222"},
+		Env:       []string{"VAR1=1", "VAR2=2"},
+		Volumes:   volumesImage,
 	}
 
 	volumesUser := make(map[string]struct{})
@@ -251,10 +238,6 @@ func TestMerge(t *testing.T) {
 		}
 	}
 
-	if configUser.VolumesFrom != "1111" {
-		t.Fatalf("Expected VolumesFrom to be 1111, found %s", configUser.VolumesFrom)
-	}
-
 	ports, _, err := nat.ParsePortSpecs([]string{"0000"})
 	if err != nil {
 		t.Error(err)
diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 5c5e291bad..127c06d9cb 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -16,6 +16,7 @@ type HostConfig struct {
 	PublishAllPorts bool
 	Dns             []string
 	DnsSearch       []string
+	VolumesFrom     string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -23,6 +24,7 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 		ContainerIDFile: job.Getenv("ContainerIDFile"),
 		Privileged:      job.GetenvBool("Privileged"),
 		PublishAllPorts: job.GetenvBool("PublishAllPorts"),
+		VolumesFrom:     job.Getenv("VolumesFrom"),
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
diff --git a/runconfig/merge.go b/runconfig/merge.go
index 7a089855b2..1240dbcacd 100644
--- a/runconfig/merge.go
+++ b/runconfig/merge.go
@@ -100,9 +100,6 @@ func Merge(userConf, imageConf *Config) error {
 	if userConf.WorkingDir == "" {
 		userConf.WorkingDir = imageConf.WorkingDir
 	}
-	if userConf.VolumesFrom == "" {
-		userConf.VolumesFrom = imageConf.VolumesFrom
-	}
 	if userConf.Volumes == nil || len(userConf.Volumes) == 0 {
 		userConf.Volumes = imageConf.Volumes
 	} else {
diff --git a/runconfig/parse.go b/runconfig/parse.go
index 58d6c9ebb9..b76f59a360 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -215,7 +215,6 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		Cmd:             runCmd,
 		Image:           image,
 		Volumes:         flVolumes.GetMap(),
-		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
 		Entrypoint:      entrypoint,
 		WorkingDir:      *flWorkingDir,
 	}
@@ -230,6 +229,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PublishAllPorts: *flPublishAll,
 		Dns:             flDns.GetAll(),
 		DnsSearch:       flDnsSearch.GetAll(),
+		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
diff --git a/runtime/volumes.go b/runtime/volumes.go
index 40db177174..e74442e1b5 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -59,8 +59,9 @@ func setupMountsForContainer(container *Container, envPath string) error {
 }
 
 func applyVolumesFrom(container *Container) error {
-	if container.Config.VolumesFrom != "" {
-		for _, containerSpec := range strings.Split(container.Config.VolumesFrom, ",") {
+	volumesFrom := container.hostConfig.VolumesFrom
+	if volumesFrom != "" {
+		for _, containerSpec := range strings.Split(volumesFrom, ",") {
 			var (
 				mountRW   = true
 				specParts = strings.SplitN(containerSpec, ":", 2)
@@ -68,7 +69,7 @@ func applyVolumesFrom(container *Container) error {
 
 			switch len(specParts) {
 			case 0:
-				return fmt.Errorf("Malformed volumes-from specification: %s", container.Config.VolumesFrom)
+				return fmt.Errorf("Malformed volumes-from specification: %s", volumesFrom)
 			case 2:
 				switch specParts[1] {
 				case "ro":

From b4f2821e6d4ba6f6073365a244681df21f5d4472 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Tue, 8 Apr 2014 10:02:17 +0000
Subject: [PATCH 383/384] Make volumes-from a slice instead of string split
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 runconfig/hostconfig.go | 6 ++++--
 runconfig/parse.go      | 2 +-
 runtime/volumes.go      | 6 +++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/runconfig/hostconfig.go b/runconfig/hostconfig.go
index 127c06d9cb..3235bf1f4e 100644
--- a/runconfig/hostconfig.go
+++ b/runconfig/hostconfig.go
@@ -16,7 +16,7 @@ type HostConfig struct {
 	PublishAllPorts bool
 	Dns             []string
 	DnsSearch       []string
-	VolumesFrom     string
+	VolumesFrom     []string
 }
 
 func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
@@ -24,7 +24,6 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 		ContainerIDFile: job.Getenv("ContainerIDFile"),
 		Privileged:      job.GetenvBool("Privileged"),
 		PublishAllPorts: job.GetenvBool("PublishAllPorts"),
-		VolumesFrom:     job.Getenv("VolumesFrom"),
 	}
 	job.GetenvJson("LxcConf", &hostConfig.LxcConf)
 	job.GetenvJson("PortBindings", &hostConfig.PortBindings)
@@ -40,5 +39,8 @@ func ContainerHostConfigFromJob(job *engine.Job) *HostConfig {
 	if DnsSearch := job.GetenvList("DnsSearch"); DnsSearch != nil {
 		hostConfig.DnsSearch = DnsSearch
 	}
+	if VolumesFrom := job.GetenvList("VolumesFrom"); VolumesFrom != nil {
+		hostConfig.VolumesFrom = VolumesFrom
+	}
 	return hostConfig
 }
diff --git a/runconfig/parse.go b/runconfig/parse.go
index b76f59a360..d395b49e80 100644
--- a/runconfig/parse.go
+++ b/runconfig/parse.go
@@ -229,7 +229,7 @@ func parseRun(cmd *flag.FlagSet, args []string, sysInfo *sysinfo.SysInfo) (*Conf
 		PublishAllPorts: *flPublishAll,
 		Dns:             flDns.GetAll(),
 		DnsSearch:       flDnsSearch.GetAll(),
-		VolumesFrom:     strings.Join(flVolumesFrom.GetAll(), ","),
+		VolumesFrom:     flVolumesFrom.GetAll(),
 	}
 
 	if sysInfo != nil && flMemory > 0 && !sysInfo.SwapLimit {
diff --git a/runtime/volumes.go b/runtime/volumes.go
index e74442e1b5..004f1bb024 100644
--- a/runtime/volumes.go
+++ b/runtime/volumes.go
@@ -60,8 +60,8 @@ func setupMountsForContainer(container *Container, envPath string) error {
 
 func applyVolumesFrom(container *Container) error {
 	volumesFrom := container.hostConfig.VolumesFrom
-	if volumesFrom != "" {
-		for _, containerSpec := range strings.Split(volumesFrom, ",") {
+	if len(volumesFrom) > 0 {
+		for _, containerSpec := range volumesFrom {
 			var (
 				mountRW   = true
 				specParts = strings.SplitN(containerSpec, ":", 2)
@@ -69,7 +69,7 @@ func applyVolumesFrom(container *Container) error {
 
 			switch len(specParts) {
 			case 0:
-				return fmt.Errorf("Malformed volumes-from specification: %s", volumesFrom)
+				return fmt.Errorf("Malformed volumes-from specification: %s", containerSpec)
 			case 2:
 				switch specParts[1] {
 				case "ro":

From dc9c28f51d669d6b09e81c2381f800f1a33bb659 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Wed, 9 Apr 2014 00:49:33 +0300
Subject: [PATCH 384/384] Bump version to v0.10.0

Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
---
 CHANGELOG.md | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++
 VERSION      |   2 +-
 2 files changed, 138 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8ea94361b..8743d3a7db 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,142 @@
 # Changelog
 
+## 0.10.0 (2014-04-08)
+
+#### Builder
+- Fix printing multiple messages on a single line. Fixes broken output during builds.
+- Follow symlinks inside container's root for ADD build instructions.
+- Fix EXPOSE caching.
+
+#### Documentation
+- Add the new options of `docker ps` to the documentation.
+- Add the options of `docker restart` to the documentation.
+- Update daemon docs and help messages for --iptables and --ip-forward.
+- Updated apt-cacher-ng docs example.
+- Remove duplicate description of --mtu from docs.
+- Add missing -t and -v for `docker images` to the docs.
+- Add fixes to the cli docs.
+- Update libcontainer docs.
+- Update images in docs to remove references to AUFS and LXC.
+- Update the nodejs_web_app in the docs to use the new epel RPM address.
+- Fix external link on security of containers.
+- Update remote API docs.
+- Add image size to history docs.
+- Be explicit about binding to all interfaces in redis example.
+- Document DisableNetwork flag in the 1.10 remote api.
+- Document that `--lxc-conf` is lxc only.
+- Add chef usage documentation.
+- Add example for an image with multiple for `docker load`.
+- Explain what `docker run -a` does in the docs.
+
+#### Contrib
+- Add variable for DOCKER_LOGFILE to sysvinit and use append instead of overwrite in opening the logfile.
+- Fix init script cgroup mounting workarounds to be more similar to cgroupfs-mount and thus work properly.
+- Remove inotifywait hack from the upstart host-integration example because it's not necessary any more.
+- Add check-config script to contrib.
+- Fix fish shell completion.
+
+#### Hack
+* Clean up "go test" output from "make test" to be much more readable/scannable.
+* Excluse more "definitely not unit tested Go source code" directories from hack/make/test.
++ Generate md5 and sha256 hashes when building, and upload them via hack/release.sh.
+- Include contributed completions in Ubuntu PPA.
++ Add cli integration tests.
+* Add tweaks to the hack scripts to make them simpler.
+
+#### Remote API
++ Add TLS auth support for API.
+* Move git clone from daemon to client.
+- Fix content-type detection in docker cp.
+* Split API into 2 go packages.
+
+#### Runtime
+* Support hairpin NAT without going through Docker server.
+- devicemapper: succeed immediately when removing non-existing devices.
+- devicemapper: improve handling of devicemapper devices (add per device lock, increase sleep time and unlock while sleeping).
+- devicemapper: increase timeout in waitClose to 10 seconds.
+- devicemapper: ensure we shut down thin pool cleanly.
+- devicemapper: pass info, rather than hash to activateDeviceIfNeeded, deactivateDevice, setInitialized, deleteDevice.
+- devicemapper: avoid AB-BA deadlock.
+- devicemapper: make shutdown better/faster.
+- improve alpha sorting in mflag.
+- Remove manual http cookie management because the cookiejar is being used.
+- Use BSD raw mode on Darwin. Fixes nano, tmux and others.
+- Add FreeBSD support for the client.
+- Merge auth package into registry.
+- Add deprecation warning for -t on `docker pull`.
+- Remove goroutine leak on error.
+- Update parseLxcInfo to comply with new lxc1.0 format.
+- Fix attach exit on darwin.
+- Improve deprecation message.
+- Retry to retrieve the layer metadata up to 5 times for `docker pull`.
+- Only unshare the mount namespace for execin.
+- Merge existing config when committing.
+- Disable daemon startup timeout.
+- Fix issue #4681: add loopback interface when networking is disabled.
+- Add failing test case for issue #4681.
+- Send SIGTERM to child, instead of SIGKILL.
+- Show the driver and the kernel version in `docker info` even when not in debug mode.
+- Always symlink /dev/ptmx for libcontainer. This fixes console related problems.
+- Fix issue caused by the absence of /etc/apparmor.d.
+- Don't leave empty cidFile behind when failing to create the container.
+- Mount cgroups automatically if they're not mounted already.
+- Use mock for search tests.
+- Update to double-dash everywhere.
+- Move .dockerenv parsing to lxc driver.
+- Move all bind-mounts in the container inside the namespace.
+- Don't use separate bind mount for container.
+- Always symlink /dev/ptmx for libcontainer.
+- Don't kill by pid for other drivers.
+- Add initial logging to libcontainer.
+* Sort by port in `docker ps`.
+- Move networking drivers into runtime top level package.
++ Add --no-prune to `docker rmi`.
++ Add time since exit in `docker ps`.
+- graphdriver: add build tags.
+- Prevent allocation of previously allocated ports & prevent improve port allocation.
+* Add support for --since/--before in `docker ps`.
+- Clean up container stop.
++ Add support for configurable dns search domains.
+- Add support for relative WORKDIR instructions.
+- Add --output flag for docker save.
+- Remove duplication of DNS entries in config merging.
+- Add cpuset.cpus to cgroups and native driver options.
+- Remove docker-ci.
+- Promote btrfs. btrfs is no longer considered experimental.
+- Add --input flag to `docker load`.
+- Return error when existing bridge doesn't match IP address.
+- Strip comments before parsing line continuations to avoid interpreting instructions as comments.
+- Fix TestOnlyLoopbackExistsWhenUsingDisableNetworkOption to ignore "DOWN" interfaces.
+- Add systemd implementation of cgroups and make containers show up as systemd units.
+- Fix commit and import when no repository is specified.
+- Remount /var/lib/docker as --private to fix scaling issue.
+- Use the environment's proxy when pinging the remote registry.
+- Reduce error level from harmless errors.
+* Allow --volumes-from to be individual files.
+- Fix expanding buffer in StdCopy.
+- Set error regardless of attach or stdin. This fixes #3364.
+- Add support for --env-file to load environment variables from files.
+- Symlink /etc/mtab and /proc/mounts.
+- Allow pushing a single tag.
+- Shut down containers cleanly at shutdown and wait forever for the containers to shut down. This makes container shutdown on daemon shutdown work properly via SIGTERM.
+- Don't throw error when starting an already running container.
+- Fix dynamic port allocation limit.
+- remove setupDev from libcontainer.
+- Add API version to `docker version`.
+- Return correct exit code when receiving signal and make SIGQUIT quit without cleanup.
+- Fix --volumes-from mount failure.
+- Allow non-privileged containers to create device nodes.
+- Skip login tests because of external dependency on a hosted service.
+- Deprecate `docker images --tree` and `docker images --viz`.
+- Deprecate `docker insert`.
+- Include base abstraction for apparmor. This fixes some apparmor related problems on Ubuntu 14.04.
+- Add specific error message when hitting 401 over HTTP on push.
+- Fix absolute volume check.
+- Remove volumes-from from the config.
+- Move DNS options to hostconfig.
+- Update the apparmor profile for libcontainer.
+- Add deprecation notice for `docker commit -run`.
+
 ## 0.9.1 (2014-03-24)
 
 #### Builder
diff --git a/VERSION b/VERSION
index dc9bff91aa..78bc1abd14 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.1-dev
+0.10.0