From fe07df2fcaecafc68c55776b5608a5b9566e8713 Mon Sep 17 00:00:00 2001 From: xu_lei_123 Date: Wed, 19 Apr 2023 21:43:42 +0800 Subject: [PATCH] update to 1.6.20 --- apply-patch | 19 +- containerd.spec | 21 +- ...-grpc-vendor-grpc-fix-grpc-map-panic.patch | 63 - ...ount-steal-time-when-calculating-Sys.patch | 44 - ...03-oci-oci-add-files-cgroups-support.patch | 51 - .../0004-runv-vendor-runv-compatibility.patch | 63 - .../0005-containerd-add-spec-for-build.patch | 69 - ...him-optimize-shim-lock-in-runtime-v1.patch | 320 - ...crease-reaper-buffer-size-and-non-bl.patch | 109 - ...untime-Use-named-pipes-for-shim-logs.patch | 578 -- ...-fix-pipe-in-broken-may-cause-shim-l.patch | 38 - ...-fix-pipe-in-broken-may-cause-shim-l.patch | 52 - ...-Add-timeout-and-cancel-to-shim-fifo.patch | 95 - ...0012-bump-bump-containerd-to-1.2.0.2.patch | 36 - ...port-log-init-pid-to-start-event-log.patch | 50 - ...end-exit-event-when-detect-container.patch | 84 - ...0015-restore-cleanup-container-pid-1.patch | 122 - ...eate-runc-delete-force-before-create.patch | 31 - ...g-init.exit-indicate-container-is-ex.patch | 65 - ...d-shim-Dump-log-to-file-when-docker-.patch | 42 - ...heck-shim-alive-when-containerd-is-r.patch | 47 - ...esend-pending-exit-events-on-restore.patch | 357 - ...d-Update-the-version-info-of-contain.patch | 59 - ...0022-containerd-bump-version-1.2.0.4.patch | 29 - ...ntainerd-set-create-and-exec-timeout.patch | 218 - ...te-cleanup-runc-dirty-files-on-start.patch | 54 - ...5-restore-skip-load-task-in-creating.patch | 74 - .../0026-exit-optimize-init.exit-record.patch | 96 - patch/0027-log-make-tester-happy.patch | 48 - ...-delete-task-in-containerd-restoring.patch | 33 - ...9-restore-delete-task-asynchronously.patch | 35 - ...fix-events-lost-when-loadTask-failed.patch | 45 - .../0031-containerd-enable-relro-flags.patch | 28 - .../0032-containerd-enable-bep-ldflags.patch | 45 - ...containerd-fix-opened-file-not-close.patch | 28 - ...4-containerd-add-buildid-in-Makefile.patch | 28 - ...d-fix-the-path-of-containerd.spec-in.patch | 82 - ...d-support-container-start-timeout-se.patch | 69 - ...7-containerd-Fix-fd-leak-of-shim-log.patch | 55 - ...d-fix-shim-std-logs-not-close-after-.patch | 59 - ...inerd-add-timeout-for-I-O-waitgroups.patch | 89 - ...inerd-support-kill-D-state-container.patch | 65 - ...ainerd-fix-shouldKillAllOnExit-check.patch | 43 - ...tainerd-modify-containerd-shim-to-ad.patch | 51 - ...d-add-shim-exit-when-bundle-dir-does.patch | 47 - ...containerd-call-runv-delete-directly.patch | 80 - ...d-close-inherit-shim.sock-fd-to-adap.patch | 34 - ...ontainerd-run-state-with-timeout-10s.patch | 77 - patch/0044-containerd-add-copyright.patch | 38 - ...d-change-tmpfile-directory-when-exec.patch | 29 - ...ntainerd-shim-disable-fast-gc-on-arm.patch | 53 - .../0046-containerd-support-hot-upgrade.patch | 630 -- ...ainerd-shim-exit-initiative-after-3s.patch | 30 - ...erd-modify-shim-initiative-exit-time.patch | 32 - ...m-initiative-exit-time-for-post-hook.patch | 84 - ...inerd-warp-and-process-return-errors.patch | 170 - ...nerd-add-timeout-for-containerd-shim.patch | 134 - ...nerd-modify-runtime-root-if-containe.patch | 266 - ...d-add-pid-check-to-avoid-poststop-ho.patch | 81 - ...ntainerd-clean-up-residual-container.patch | 100 - ...d-add-LLT-for-containerd-shim-timeou.patch | 115 - ...56-containerd-save-dumpstack-to-file.patch | 51 - ...inerd-add-timeout-for-delete-command.patch | 150 - ...rd-use-git-commit-to-store-commit-ID.patch | 26 - ...GO_GCFLAGS-to-containerd-shim-making.patch | 26 - ...t-disable-cgo-in-containerd-shim-mak.patch | 28 - ...-if-bundle-exists-before-create-bund.patch | 66 - ...nerd-use-path-based-socket-for-shims.patch | 318 - ...init-directly-if-runtime-kill-failed.patch | 37 - ...nerd-add-sys-symbol-to-support-riscv.patch | 7977 ----------------- ...-task-list-to-avoid-unnecessary-clea.patch | 30 - ...erd-add-blot-symbol-to-support-riscv.patch | 31 - patch/0065-containerd-fix-dead-loop.patch | 37 - ...p-dangling-shim-by-brand-new-context.patch | 41 - ...tial-panic-for-task-in-unknown-state.patch | 89 - ...containerd-compile-option-compliance.patch | 49 - patch/0069-containerd-add-check-in-spec.patch | 27 - ...container-init-process-if-runc-start.patch | 105 - ...ontainerd-shim-residual-when-kill-co.patch | 45 - ...tainerd-fix-deadlock-on-commit-error.patch | 60 - ...containerd-backport-upstream-patches.patch | 1212 --- ...-exec-event-missing-due-to-pid-reuse.patch | 71 - ...t-when-pause-contaienr-and-kill-shim.patch | 36 - ...tart-container-failed-with-id-exists.patch | 34 - patch/0077-containerd-drop-opt-package.patch | 25 - ...erd-bump-containerd-ttrpc-699c4e40d1.patch | 149 - ...rd-fix-race-access-for-mobySubcribed.patch | 47 - ...containerd-improve-log-for-debugging.patch | 137 - ...erd-reduce-permissions-for-bundle-di.patch | 138 - ...d-fix-publish-command-wait-block-for.patch | 25 - ...tainerd-optimize-cgo-compile-options.patch | 34 - ...erd-Use-fs.RootPath-when-mounting-vo.patch | 40 - ...id-lock-after-set-process-exited-to-.patch | 37 - ...-Limit-the-response-size-of-ExecSync.patch | 133 - ...t-manifest-provided-URLs-differently.patch | 65 - ...-Use-chmod-path-for-checking-symlink.patch | 30 - ...089-containerd-Add-lock-for-ListPids.patch | 31 - ...idate-document-type-before-unmarshal.patch | 117 - ...1-schema1-reject-ambiguous-documents.patch | 43 - ...nerd-add-CGO-sercurity-build-options.patch | 38 - ...-containerd-fix-version-number-wrong.patch | 36 - ...ontainerd-Fix-goroutine-leak-in-Exec.patch | 75 - patch/0095-oci-fix-additional-GIDs.patch | 198 - ...-stream-oci-layout-and-manifest.json.patch | 48 - series.conf | 104 - v1.2.0.zip | Bin 6508906 -> 0 bytes v1.6.20.zip | Bin 0 -> 11989915 bytes 107 files changed, 13 insertions(+), 17772 deletions(-) delete mode 100644 patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch delete mode 100644 patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch delete mode 100644 patch/0003-oci-oci-add-files-cgroups-support.patch delete mode 100644 patch/0004-runv-vendor-runv-compatibility.patch delete mode 100644 patch/0005-containerd-add-spec-for-build.patch delete mode 100644 patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch delete mode 100644 patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch delete mode 100644 patch/0008-runtime-Use-named-pipes-for-shim-logs.patch delete mode 100644 patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch delete mode 100644 patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch delete mode 100644 patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch delete mode 100644 patch/0012-bump-bump-containerd-to-1.2.0.2.patch delete mode 100644 patch/0013-log-support-log-init-pid-to-start-event-log.patch delete mode 100644 patch/0014-event-resend-exit-event-when-detect-container.patch delete mode 100644 patch/0015-restore-cleanup-container-pid-1.patch delete mode 100644 patch/0016-create-runc-delete-force-before-create.patch delete mode 100644 patch/0017-exit-using-init.exit-indicate-container-is-ex.patch delete mode 100644 patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch delete mode 100644 patch/0019-restore-check-shim-alive-when-containerd-is-r.patch delete mode 100644 patch/0020-events-resend-pending-exit-events-on-restore.patch delete mode 100644 patch/0021-containerd-Update-the-version-info-of-contain.patch delete mode 100644 patch/0022-containerd-bump-version-1.2.0.4.patch delete mode 100644 patch/0023-containerd-set-create-and-exec-timeout.patch delete mode 100644 patch/0024-create-cleanup-runc-dirty-files-on-start.patch delete mode 100644 patch/0025-restore-skip-load-task-in-creating.patch delete mode 100644 patch/0026-exit-optimize-init.exit-record.patch delete mode 100644 patch/0027-log-make-tester-happy.patch delete mode 100644 patch/0028-restore-delete-task-in-containerd-restoring.patch delete mode 100644 patch/0029-restore-delete-task-asynchronously.patch delete mode 100644 patch/0030-event-fix-events-lost-when-loadTask-failed.patch delete mode 100644 patch/0031-containerd-enable-relro-flags.patch delete mode 100644 patch/0032-containerd-enable-bep-ldflags.patch delete mode 100644 patch/0033-containerd-fix-opened-file-not-close.patch delete mode 100644 patch/0034-containerd-add-buildid-in-Makefile.patch delete mode 100644 patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch delete mode 100644 patch/0036-containerd-support-container-start-timeout-se.patch delete mode 100644 patch/0037-containerd-Fix-fd-leak-of-shim-log.patch delete mode 100644 patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch delete mode 100644 patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch delete mode 100644 patch/0038-containerd-support-kill-D-state-container.patch delete mode 100644 patch/0039-containerd-fix-shouldKillAllOnExit-check.patch delete mode 100644 patch/0039-containerd-modify-containerd-shim-to-ad.patch delete mode 100644 patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch delete mode 100644 patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch delete mode 100644 patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch delete mode 100644 patch/0043-containerd-run-state-with-timeout-10s.patch delete mode 100644 patch/0044-containerd-add-copyright.patch delete mode 100644 patch/0044-containerd-change-tmpfile-directory-when-exec.patch delete mode 100644 patch/0045-containerd-shim-disable-fast-gc-on-arm.patch delete mode 100644 patch/0046-containerd-support-hot-upgrade.patch delete mode 100644 patch/0047-containerd-shim-exit-initiative-after-3s.patch delete mode 100644 patch/0048-containerd-modify-shim-initiative-exit-time.patch delete mode 100644 patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch delete mode 100644 patch/0050-containerd-warp-and-process-return-errors.patch delete mode 100644 patch/0051-containerd-add-timeout-for-containerd-shim.patch delete mode 100644 patch/0052-containerd-modify-runtime-root-if-containe.patch delete mode 100644 patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch delete mode 100644 patch/0054-containerd-clean-up-residual-container.patch delete mode 100644 patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch delete mode 100644 patch/0056-containerd-save-dumpstack-to-file.patch delete mode 100644 patch/0057-containerd-add-timeout-for-delete-command.patch delete mode 100644 patch/0058-containerd-use-git-commit-to-store-commit-ID.patch delete mode 100644 patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch delete mode 100644 patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch delete mode 100644 patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch delete mode 100644 patch/0062-containerd-use-path-based-socket-for-shims.patch delete mode 100644 patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch delete mode 100644 patch/0064-containerd-add-sys-symbol-to-support-riscv.patch delete mode 100644 patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch delete mode 100644 patch/0065-containerd-add-blot-symbol-to-support-riscv.patch delete mode 100644 patch/0065-containerd-fix-dead-loop.patch delete mode 100644 patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch delete mode 100644 patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch delete mode 100644 patch/0068-containerd-compile-option-compliance.patch delete mode 100644 patch/0069-containerd-add-check-in-spec.patch delete mode 100644 patch/0070-containerd-kill-container-init-process-if-runc-start.patch delete mode 100644 patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch delete mode 100644 patch/0072-containerd-fix-deadlock-on-commit-error.patch delete mode 100644 patch/0073-containerd-backport-upstream-patches.patch delete mode 100644 patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch delete mode 100644 patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch delete mode 100644 patch/0076-containerd-fix-start-container-failed-with-id-exists.patch delete mode 100644 patch/0077-containerd-drop-opt-package.patch delete mode 100644 patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch delete mode 100644 patch/0079-containerd-fix-race-access-for-mobySubcribed.patch delete mode 100644 patch/0080-containerd-improve-log-for-debugging.patch delete mode 100644 patch/0081-containerd-reduce-permissions-for-bundle-di.patch delete mode 100644 patch/0082-containerd-fix-publish-command-wait-block-for.patch delete mode 100644 patch/0083-containerd-optimize-cgo-compile-options.patch delete mode 100644 patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch delete mode 100644 patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch delete mode 100644 patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch delete mode 100644 patch/0087-containerd-treat-manifest-provided-URLs-differently.patch delete mode 100644 patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch delete mode 100644 patch/0089-containerd-Add-lock-for-ListPids.patch delete mode 100644 patch/0090-images-validate-document-type-before-unmarshal.patch delete mode 100644 patch/0091-schema1-reject-ambiguous-documents.patch delete mode 100644 patch/0092-containerd-add-CGO-sercurity-build-options.patch delete mode 100644 patch/0093-containerd-fix-version-number-wrong.patch delete mode 100644 patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch delete mode 100644 patch/0095-oci-fix-additional-GIDs.patch delete mode 100644 patch/0096-importer-stream-oci-layout-and-manifest.json.patch delete mode 100644 series.conf delete mode 100644 v1.2.0.zip create mode 100644 v1.6.20.zip diff --git a/apply-patch b/apply-patch index 3a9f525..24d7d0b 100755 --- a/apply-patch +++ b/apply-patch @@ -7,14 +7,11 @@ set -ex -pkg=containerd-1.2.0 +pkg=containerd-1.6.20 cwd=$PWD src=$cwd/$pkg -unzip v1.2.0.zip -if [[ ! -d patch ]]; then - tar zxf patch.tar.gz -fi +unzip v1.6.20.zip cd $src git init @@ -24,16 +21,6 @@ git config user.email 'build@obs.com' git commit -m 'init build' cd $cwd -series=$cwd/series.conf -while IPF= read -r line -do - if [[ "$line" =~ ^patch* ]]; then - echo git apply $cwd/$line - cd $src && git apply $cwd/$line - fi -done <"$series" - -cd $cwd cp -rf $src/* . mv $src/.git $src/git -rm -rf containerd-1.2.0 +rm -rf containerd-1.6.18 diff --git a/containerd.spec b/containerd.spec index afd5548..df6ba7b 100644 --- a/containerd.spec +++ b/containerd.spec @@ -1,17 +1,13 @@ %global goipath github.com/containerd/containerd %global debug_package %{nil} -Version: 1.2.0 +Version: 1.6.20 Name: containerd -Release: 309 +Release: 1 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io -Source0: https://github.com/containerd/containerd/archive/v1.2.0.zip -Source1: patch.tar.gz -Source2: apply-patch -Source3: series.conf -Source4: git-commit -Source5: gen-commit.sh +Source0: https://github.com/containerd/containerd/archive/v1.6.20.zip +Source1: apply-patch BuildRequires: golang glibc-static make btrfs-progs-devel git @@ -25,9 +21,6 @@ low-level storage and network attachments, etc. %prep cp %{SOURCE0} . cp %{SOURCE1} . -cp %{SOURCE2} . -cp %{SOURCE3} . -cp %{SOURCE4} . %build echo %{VERSION}.%{RELEASE} > containerd_version @@ -55,6 +48,12 @@ install -p -m 755 bin/ctr $RPM_BUILD_ROOT/%{_bindir}/ctr %{_bindir}/ctr %changelog +* Wed Apr 19 2023 xulei - 1.6.20-1 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:update to 1.6.20 + * Mon Feb 27 2023 zhongjiawei - 1.2.0-309 - Type:CVE - ID:NA diff --git a/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch b/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch deleted file mode 100644 index d350d24..0000000 --- a/patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch +++ /dev/null @@ -1,63 +0,0 @@ -From fe090d706a522392e30dd4c44447f915ec99c1a0 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 15:16:53 +0800 -Subject: [PATCH 01/27] vendor: grpc: fix grpc map panic - -reason: Fix grpc map panic - -cherry-pick from containerd-0.2.8 - -a8cdda827867cec97568318368a7aa40097d0487 - -Fix grpc map panic - -Description: - In golang, if we read/write map in different goroutine, it may panic. - We need to add lock to protect the map data when read/write the map. - -Now the grpc map is only protected by a mutex while register, not -protected in reading process(handleStream function). - -This MR will use a RWMutex to protect this map. - -Change-Id: I786bd99234461c40fcb57621fd7c1fb4faa0c208 -Signed-off-by: jingrui ---- - vendor/google.golang.org/grpc/server.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go -index 4969331..77f7840 100644 ---- a/vendor/google.golang.org/grpc/server.go -+++ b/vendor/google.golang.org/grpc/server.go -@@ -90,7 +90,7 @@ type service struct { - type Server struct { - opts options - -- mu sync.Mutex // guards following -+ mu sync.RWMutex // guards following - lis map[net.Listener]bool - conns map[io.Closer]bool - serve bool -@@ -438,6 +438,8 @@ type ServiceInfo struct { - // Service names include the package names, in the form of .. - func (s *Server) GetServiceInfo() map[string]ServiceInfo { - ret := make(map[string]ServiceInfo) -+ s.mu.RLock() -+ defer s.mu.RUnlock() - for n, srv := range s.m { - methods := make([]MethodInfo, 0, len(srv.md)+len(srv.sd)) - for m := range srv.md { -@@ -1221,7 +1223,9 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str - } - service := sm[:pos] - method := sm[pos+1:] -+ s.mu.RLock() - srv, ok := s.m[service] -+ s.mu.RUnlock() - if !ok { - if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil { - s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo) --- -2.7.4.3 - diff --git a/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch b/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch deleted file mode 100644 index 57dc16b..0000000 --- a/patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 003dc7956765712fdf4a893c2d541af2e2d0f300 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 15:44:50 +0800 -Subject: [PATCH 02/27] sys: sys: count steal time when calculating - SystemCPUUsage - -reason: count steal time when calculating SystemCPUUsage - -cherry-pick from containerd-0.2.8 - -13f22eecd33d30520ace277822ac5f0acb387e75 - -containerd: count steal time when calculating SystemCPUUsage - -[Changelog]: when counting docker stat in virtual machines, now containerd do not count steal time when calculating SystemCPUUsage, which causes that cpuusage value larger than its actua$ -[Author]git - -Change-Id: I2b62c9508cbdc444d514116f4bea5aad3d292af5 -Signed-off-by: jingrui ---- - sys/proc.go | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/sys/proc.go b/sys/proc.go -index 496eb1f..82a6351 100644 ---- a/sys/proc.go -+++ b/sys/proc.go -@@ -61,11 +61,11 @@ func GetSystemCPUUsage() (uint64, error) { - parts := strings.Fields(line) - switch parts[0] { - case "cpu": -- if len(parts) < 8 { -+ if len(parts) < 9 { - return 0, fmt.Errorf("bad format of cpu stats") - } - var totalClockTicks uint64 -- for _, i := range parts[1:8] { -+ for _, i := range parts[1:9] { - v, err := strconv.ParseUint(i, 10, 64) - if err != nil { - return 0, fmt.Errorf("error parsing cpu stats") --- -2.7.4.3 - diff --git a/patch/0003-oci-oci-add-files-cgroups-support.patch b/patch/0003-oci-oci-add-files-cgroups-support.patch deleted file mode 100644 index 41c89e9..0000000 --- a/patch/0003-oci-oci-add-files-cgroups-support.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c9cc468949d80c663524f5b764e2c661af13bca2 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 22 Dec 2018 16:25:07 +0800 -Subject: [PATCH 03/27] oci: oci: add files cgroups support - -reason: Add file fds limit - -cherry-pick from containerd-0.2.8 - -29b822599b86f823d5a9f94df1cdceea485e0b19 - -Add file fds limit - -With the patch(https://lwn.net/Articles/604129/),we can limit the -num of open files in container. - -Change-Id: I72b45430dd7535727c4af9e190bbb345ba8ee316 -Signed-off-by: jingrui ---- - vendor/github.com/opencontainers/runtime-spec/specs-go/config.go | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -index f32698c..ac24cde 100644 ---- a/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -+++ b/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go -@@ -314,6 +314,12 @@ type LinuxPids struct { - Limit int64 `json:"limit"` - } - -+// Files for Linux cgroup 'files' resource management (https://lwn.net/Articles/604129/) -+type Files struct { -+ // Maximum number of open files". -+ Limit *int64 `json:"limit,omitempty"` -+} -+ - // LinuxNetwork identification and priority configuration - type LinuxNetwork struct { - // Set class identifier for container's network packets -@@ -340,6 +346,8 @@ type LinuxResources struct { - CPU *LinuxCPU `json:"cpu,omitempty"` - // Task resource restriction configuration. - Pids *LinuxPids `json:"pids,omitempty"` -+ // Files resource restriction configuration. -+ Files *Files `json:"files,omitempty"` - // BlockIO restriction configuration - BlockIO *LinuxBlockIO `json:"blockIO,omitempty"` - // Hugetlb limit (in bytes) --- -2.7.4.3 - diff --git a/patch/0004-runv-vendor-runv-compatibility.patch b/patch/0004-runv-vendor-runv-compatibility.patch deleted file mode 100644 index d86fadd..0000000 --- a/patch/0004-runv-vendor-runv-compatibility.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 5fa863a6ea74ed24cfcc0c16eaa5e5a4e77387ec Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 26 Dec 2018 12:08:20 +0800 -Subject: [PATCH 04/27] runv: vendor: runv compatibility - -reason: fix manslaughter of runtime delete process - -cherry-pick from containerd-0.2.8 - -reference: - -7906753998667b5a9fa9a996f4a0e41d4736d5c1 - -contaierd-17: fix manslaughter of runtime delete process - -fix manslaughter of runtime delete process - -f82956a89ca7d7cea3bdd5fcd4d4fd70c313f378 - -containerd-17: fix qemu remaining when dockerd restart - -fix qemu remaining when dockerd restart and container start concurrency - -Change-Id: Id23456e90961041194c946a289ae790327b874c8 -Signed-off-by: jingrui ---- - vendor/github.com/containerd/go-runc/command_linux.go | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/command_linux.go b/vendor/github.com/containerd/go-runc/command_linux.go -index 71b52f9..6ad27be 100644 ---- a/vendor/github.com/containerd/go-runc/command_linux.go -+++ b/vendor/github.com/containerd/go-runc/command_linux.go -@@ -20,9 +20,17 @@ import ( - "context" - "os" - "os/exec" -+ "strings" - "syscall" - ) - -+func (r *Runc) isrunv() bool { -+ if strings.Contains(r.Command, "runv") { -+ return true -+ } -+ return false -+} -+ - func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - command := r.Command - if command == "" { -@@ -33,7 +41,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - Setpgid: r.Setpgid, - } - cmd.Env = os.Environ() -- if r.PdeathSignal != 0 { -+ if r.PdeathSignal != 0 && !r.isrunv() { - cmd.SysProcAttr.Pdeathsig = r.PdeathSignal - } - --- -2.7.4.3 - diff --git a/patch/0005-containerd-add-spec-for-build.patch b/patch/0005-containerd-add-spec-for-build.patch deleted file mode 100644 index 3a67a02..0000000 --- a/patch/0005-containerd-add-spec-for-build.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 8e46f370733951e6decec6dd36b0c13308ced2c2 Mon Sep 17 00:00:00 2001 -From: caihaomin -Date: Mon, 21 Jan 2019 22:31:05 +0800 -Subject: [PATCH 05/27] containerd: add spec for build - -reason:add spec for build - -Change-Id: I42d9d32e4898c006194df1ead4735155b4785584 -Signed-off-by: caihaomin ---- - hack/containerd.spec | 46 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 46 insertions(+) - create mode 100644 hack/containerd.spec - -diff --git a/hack/containerd.spec b/hack/containerd.spec -new file mode 100644 -index 0000000..f53c37b ---- /dev/null -+++ b/hack/containerd.spec -@@ -0,0 +1,46 @@ -+%global goipath github.com/containerd/containerd -+%global debug_package %{nil} -+Version: 1.2.0 -+ -+Name: containerd -+Release: 1%{?dist} -+Summary: An industry-standard container runtime -+License: ASL 2.0 -+URL: https://containerd.io -+Source0: containerd-1.2.0.tar.gz -+ -+BuildRequires: golang glibc-static make -+BuildRequires: btrfs-progs-devel -+ -+ -+%description -+containerd is an industry-standard container runtime with an emphasis on -+simplicity, robustness and portability. It is available as a daemon for Linux -+and Windows, which can manage the complete container lifecycle of its host -+system: image transfer and storage, container execution and supervision, -+low-level storage and network attachments, etc. -+ -+ -+%prep -+%setup -c -n containerd -+ -+%build -+GO_BUILD_PATH=$PWD/_build -+install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath}) -+ln -fs $PWD $GO_BUILD_PATH/src/%{goipath} -+cd $GO_BUILD_PATH/src/%{goipath} -+export GOPATH=$GO_BUILD_PATH:%{gopath} -+export BUILDTAGS="no_btrfs no_cri" -+make -+ -+%install -+install -d $RPM_BUILD_ROOT/%{_bindir} -+install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd -+install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim -+ -+%files -+%{_bindir}/containerd -+%{_bindir}/containerd-shim -+ -+ -+%changelog --- -2.7.4.3 - diff --git a/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch b/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch deleted file mode 100644 index 5b46980..0000000 --- a/patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch +++ /dev/null @@ -1,320 +0,0 @@ -From 31621148229d56835575189c71e80339fba9f1fc Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:55:27 +0800 -Subject: [PATCH 06/27] shim: optimize shim lock in runtime v1 - -reason: apply lock only around process map of shim service, -avoid lock affect other procs operations. - -Cherry-pick from upstream c206da795 - -Change-Id: I33f0f6b3537673533fdb60afb7a0295ac9665f11 -Signed-off-by: Ace-Tang -Signed-off-by: lujingxiao ---- - runtime/v1/shim/service.go | 144 +++++++++++++++++++++++---------------------- - 1 file changed, 75 insertions(+), 69 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index d76d580..679982a 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -114,9 +114,6 @@ type Service struct { - - // Create a new initial process and container with the underlying OCI runtime - func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ *shimapi.CreateTaskResponse, err error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- - var mounts []proc.Mount - for _, m := range r.Rootfs { - mounts = append(mounts, proc.Mount{ -@@ -158,6 +155,10 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - return nil, errors.Wrapf(err, "failed to mount rootfs component %v", m) - } - } -+ -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ - process, err := newInit( - ctx, - s.config.Path, -@@ -187,11 +188,9 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - - // Start a process - func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi.StartResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Start(ctx); err != nil { - return nil, err -@@ -204,16 +203,16 @@ func (s *Service) Start(ctx context.Context, r *shimapi.StartRequest) (*shimapi. - - // Delete the initial process and container - func (s *Service) Delete(ctx context.Context, r *ptypes.Empty) (*shimapi.DeleteResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.Delete(ctx); err != nil { - return nil, err - } -+ s.mu.Lock() - delete(s.processes, s.id) -+ s.mu.Unlock() - s.platform.Close() - return &shimapi.DeleteResponse{ - ExitStatus: uint32(p.ExitStatus()), -@@ -227,11 +226,9 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq - if r.ID == s.id { - return nil, status.Errorf(codes.InvalidArgument, "cannot delete init process with DeleteProcess") - } -- s.mu.Lock() -- p := s.processes[r.ID] -- s.mu.Unlock() -- if p == nil { -- return nil, errors.Wrapf(errdefs.ErrNotFound, "process %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Delete(ctx); err != nil { - return nil, err -@@ -249,13 +246,14 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq - // Exec an additional process inside the container - func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*ptypes.Empty, error) { - s.mu.Lock() -- defer s.mu.Unlock() - - if p := s.processes[r.ID]; p != nil { -+ s.mu.Unlock() - return nil, errdefs.ToGRPCf(errdefs.ErrAlreadyExists, "id %s", r.ID) - } - - p := s.processes[s.id] -+ s.mu.Unlock() - if p == nil { - return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") - } -@@ -271,14 +269,14 @@ func (s *Service) Exec(ctx context.Context, r *shimapi.ExecProcessRequest) (*pty - if err != nil { - return nil, errdefs.ToGRPC(err) - } -+ s.mu.Lock() - s.processes[r.ID] = process -+ s.mu.Unlock() - return empty, nil - } - - // ResizePty of a process - func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() - if r.ID == "" { - return nil, errdefs.ToGRPCf(errdefs.ErrInvalidArgument, "id not provided") - } -@@ -286,7 +284,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (* - Width: uint16(r.Width), - Height: uint16(r.Height), - } -+ s.mu.Lock() - p := s.processes[r.ID] -+ s.mu.Unlock() - if p == nil { - return nil, errors.Errorf("process does not exist %s", r.ID) - } -@@ -298,11 +298,9 @@ func (s *Service) ResizePty(ctx context.Context, r *shimapi.ResizePtyRequest) (* - - // State returns runtime state information for a process - func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi.StateResponse, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - st, err := p.Status(ctx) - if err != nil { -@@ -338,11 +336,9 @@ func (s *Service) State(ctx context.Context, r *shimapi.StateRequest) (*shimapi. - - // Pause the container - func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Pause(ctx); err != nil { - return nil, err -@@ -352,11 +348,9 @@ func (s *Service) Pause(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, er - - // Resume the container - func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Resume(ctx); err != nil { - return nil, err -@@ -366,12 +360,10 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e - - // Kill a process with the provided signal - func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() - if r.ID == "" { -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -379,9 +371,9 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - return empty, nil - } - -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process id %s not found", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -422,11 +414,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh - - // CloseIO of a process - func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[r.ID] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process does not exist %s", r.ID) -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - if stdin := p.Stdin(); stdin != nil { - if err := stdin.Close(); err != nil { -@@ -438,11 +428,9 @@ func (s *Service) CloseIO(ctx context.Context, r *shimapi.CloseIORequest) (*ptyp - - // Checkpoint the container - func (s *Service) Checkpoint(ctx context.Context, r *shimapi.CheckpointTaskRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - var options runctypes.CheckpointOptions - if r.Options != nil { -@@ -475,11 +463,9 @@ func (s *Service) ShimInfo(ctx context.Context, r *ptypes.Empty) (*shimapi.ShimI - - // Update a running container - func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*ptypes.Empty, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - if err := p.(*proc.Init).Update(ctx, r.Resources); err != nil { - return nil, errdefs.ToGRPC(err) -@@ -489,11 +475,9 @@ func (s *Service) Update(ctx context.Context, r *shimapi.UpdateTaskRequest) (*pt - - // Wait for a process to exit - func (s *Service) Wait(ctx context.Context, r *shimapi.WaitRequest) (*shimapi.WaitResponse, error) { -- s.mu.Lock() -- p := s.processes[r.ID] -- s.mu.Unlock() -- if p == nil { -- return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getExecProcess(r.ID) -+ if err != nil { -+ return nil, err - } - p.Wait() - -@@ -563,11 +547,9 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - } - - func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { -- s.mu.Lock() -- defer s.mu.Unlock() -- p := s.processes[s.id] -- if p == nil { -- return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "container must be created") -+ p, err := s.getInitProcess() -+ if err != nil { -+ return nil, err - } - - ps, err := p.(*proc.Init).Runtime().Ps(ctx, id) -@@ -589,6 +571,30 @@ func (s *Service) forward(publisher events.Publisher) { - } - } - -+// getInitProcess returns initial process -+func (s *Service) getInitProcess() (rproc.Process, error) { -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ -+ p := s.processes[s.id] -+ if p == nil { -+ return nil, errdefs.ToGRPCf(errdefs.ErrFailedPrecondition, "container must be created") -+ } -+ return p, nil -+} -+ -+// getExecProcess returns exec process -+func (s *Service) getExecProcess(id string) (rproc.Process, error) { -+ s.mu.Lock() -+ defer s.mu.Unlock() -+ -+ p := s.processes[id] -+ if p == nil { -+ return nil, errdefs.ToGRPCf(errdefs.ErrNotFound, "process %s does not exist", id) -+ } -+ return p, nil -+} -+ - func getTopic(ctx context.Context, e interface{}) string { - switch e.(type) { - case *eventstypes.TaskCreate: --- -2.7.4.3 - diff --git a/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch b/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch deleted file mode 100644 index 5f17e23..0000000 --- a/patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 2e143a25ff02800afb569352c407cf71a9c0312b Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:56:19 +0800 -Subject: [PATCH 07/27] shim: Increase reaper buffer size and - non-blocking send - -reason: Fixes #2709 - -This increases the buffer size for process exit subscribers. It also -implements a non-blocking send on the subscriber channel. It is better -to drop an exit even than it is to block a shim for one slow subscriber. - -Cherry-pick from upstream 232a063496 - -Change-Id: Ibf9f06cc82945a8592fb02a87816d69d5dac2b6b -Signed-off-by: Michael Crosby -Signed-off-by: lujingxiao ---- - runtime/v1/shim/reaper.go | 14 +++++++++++--- - runtime/v2/shim/reaper_unix.go | 14 +++++++++++--- - 2 files changed, 22 insertions(+), 6 deletions(-) - -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 2937f1a..10d5c30 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -26,12 +26,13 @@ import ( - "github.com/containerd/containerd/sys" - runc "github.com/containerd/go-runc" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // ErrNoSuchProcess is returned when the process no longer exists - var ErrNoSuchProcess = errors.New("no such process") - --const bufferSize = 32 -+const bufferSize = 2048 - - // Reap should be called when the process receives an SIGCHLD. Reap will reap - // all exited processes and close their wait channels -@@ -41,13 +42,20 @@ func Reap() error { - Default.Lock() - for c := range Default.subscribers { - for _, e := range exits { -- c <- runc.Exit{ -+ select { -+ case c <- runc.Exit{ - Timestamp: now, - Pid: e.Pid, - Status: e.Status, -+ }: -+ default: -+ logrus.WithFields(logrus.Fields{ -+ "subscriber": c, -+ "pid": e.Pid, -+ "status": e.Status, -+ }).Warn("failed to send exit to subscriber") - } - } -- - } - Default.Unlock() - return err -diff --git a/runtime/v2/shim/reaper_unix.go b/runtime/v2/shim/reaper_unix.go -index 2937f1a..10d5c30 100644 ---- a/runtime/v2/shim/reaper_unix.go -+++ b/runtime/v2/shim/reaper_unix.go -@@ -26,12 +26,13 @@ import ( - "github.com/containerd/containerd/sys" - runc "github.com/containerd/go-runc" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // ErrNoSuchProcess is returned when the process no longer exists - var ErrNoSuchProcess = errors.New("no such process") - --const bufferSize = 32 -+const bufferSize = 2048 - - // Reap should be called when the process receives an SIGCHLD. Reap will reap - // all exited processes and close their wait channels -@@ -41,13 +42,20 @@ func Reap() error { - Default.Lock() - for c := range Default.subscribers { - for _, e := range exits { -- c <- runc.Exit{ -+ select { -+ case c <- runc.Exit{ - Timestamp: now, - Pid: e.Pid, - Status: e.Status, -+ }: -+ default: -+ logrus.WithFields(logrus.Fields{ -+ "subscriber": c, -+ "pid": e.Pid, -+ "status": e.Status, -+ }).Warn("failed to send exit to subscriber") - } - } -- - } - Default.Unlock() - return err --- -2.7.4.3 - diff --git a/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch b/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch deleted file mode 100644 index ba94785..0000000 --- a/patch/0008-runtime-Use-named-pipes-for-shim-logs.patch +++ /dev/null @@ -1,578 +0,0 @@ -From 9bdd5d485c6796c44356ae9482df8de467463feb Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 14:57:41 +0800 -Subject: [PATCH 08/27] runtime: Use named pipes for shim logs - -reason: TestDaemonRestart hangs if shim_debug is enabled -Relating to issue [#2606](https://github.com/containerd/containerd/issues/2606) - -Co-authored-by: Oliver Stenbom -Co-authored-by: Georgi Sabev -Co-authored-by: Giuseppe Capizzi -Co-authored-by: Danail Branekov - -Cherry-pick from upstream 1d4105cacf - -Change-Id: I0038401dda88c234750e8d1378a4dd97230400b0 -Signed-off-by: Oliver Stenbom -Signed-off-by: Georgi Sabev -Signed-off-by: Giuseppe Capizzi -Signed-off-by: Danail Branekov -Signed-off-by: lujingxiao ---- - client_test.go | 49 +++++++-- - cmd/containerd-shim/main_unix.go | 28 ++++++ - container_linux_test.go | 209 +++++++++++++++++++++++++++++++++++++++ - runtime/v1/linux/runtime.go | 26 +++++ - runtime/v1/shim.go | 38 +++++++ - runtime/v1/shim/client/client.go | 34 +++++-- - 6 files changed, 370 insertions(+), 14 deletions(-) - create mode 100644 runtime/v1/shim.go - -diff --git a/client_test.go b/client_test.go -index a6b1d59..1a4cf39 100644 ---- a/client_test.go -+++ b/client_test.go -@@ -21,6 +21,8 @@ import ( - "context" - "flag" - "fmt" -+ "io" -+ "io/ioutil" - "os" - "os/exec" - "testing" -@@ -36,11 +38,12 @@ import ( - ) - - var ( -- address string -- noDaemon bool -- noCriu bool -- supportsCriu bool -- testNamespace = "testing" -+ address string -+ noDaemon bool -+ noCriu bool -+ supportsCriu bool -+ testNamespace = "testing" -+ ctrdStdioFilePath string - - ctrd = &daemon{} - ) -@@ -76,13 +79,26 @@ func TestMain(m *testing.M) { - if !noDaemon { - sys.ForceRemoveAll(defaultRoot) - -- err := ctrd.start("containerd", address, []string{ -+ stdioFile, err := ioutil.TempFile("", "") -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "could not create a new stdio temp file: %s\n", err) -+ os.Exit(1) -+ } -+ defer func() { -+ stdioFile.Close() -+ os.Remove(stdioFile.Name()) -+ }() -+ ctrdStdioFilePath = stdioFile.Name() -+ stdioWriter := io.MultiWriter(stdioFile, buf) -+ -+ err = ctrd.start("containerd", address, []string{ - "--root", defaultRoot, - "--state", defaultState, - "--log-level", "debug", -- }, buf, buf) -+ "--config", createShimDebugConfig(), -+ }, stdioWriter, stdioWriter) - if err != nil { -- fmt.Fprintf(os.Stderr, "%s: %s", err, buf.String()) -+ fmt.Fprintf(os.Stderr, "%s: %s\n", err, buf.String()) - os.Exit(1) - } - } -@@ -137,6 +153,7 @@ func TestMain(m *testing.M) { - fmt.Fprintln(os.Stderr, "failed to wait for containerd", err) - } - } -+ - if err := sys.ForceRemoveAll(defaultRoot); err != nil { - fmt.Fprintln(os.Stderr, "failed to remove test root dir", err) - os.Exit(1) -@@ -343,3 +360,19 @@ func TestClientReconnect(t *testing.T) { - t.Errorf("client closed returned error %v", err) - } - } -+ -+func createShimDebugConfig() string { -+ f, err := ioutil.TempFile("", "containerd-config-") -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "Failed to create config file: %s\n", err) -+ os.Exit(1) -+ } -+ defer f.Close() -+ -+ if _, err := f.WriteString("[plugins.linux]\n\tshim_debug = true\n"); err != nil { -+ fmt.Fprintf(os.Stderr, "Failed to write to config file %s: %s\n", f.Name(), err) -+ os.Exit(1) -+ } -+ -+ return f.Name() -+} -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index ca0a90a..6c59cd1 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -23,6 +23,7 @@ import ( - "context" - "flag" - "fmt" -+ "io" - "net" - "os" - "os/exec" -@@ -36,6 +37,7 @@ import ( - - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/namespaces" -+ shimlog "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - "github.com/containerd/containerd/runtime/v1/shim" - shimapi "github.com/containerd/containerd/runtime/v1/shim/v1" -@@ -92,12 +94,38 @@ func main() { - runtime.GOMAXPROCS(2) - } - -+ stdout, stderr, err := openStdioKeepAlivePipes(workdirFlag) -+ if err != nil { -+ fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) -+ os.Exit(1) -+ } -+ defer func() { -+ stdout.Close() -+ stderr.Close() -+ }() -+ - if err := executeShim(); err != nil { - fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) - os.Exit(1) - } - } - -+// If containerd server process dies, we need the shim to keep stdout/err reader -+// FDs so that Linux does not SIGPIPE the shim process if it tries to use its end of -+// these pipes. -+func openStdioKeepAlivePipes(dir string) (io.ReadCloser, io.ReadCloser, error) { -+ background := context.Background() -+ keepStdoutAlive, err := shimlog.OpenShimStdoutLog(background, dir) -+ if err != nil { -+ return nil, nil, err -+ } -+ keepStderrAlive, err := shimlog.OpenShimStderrLog(background, dir) -+ if err != nil { -+ return nil, nil, err -+ } -+ return keepStdoutAlive, keepStderrAlive, nil -+} -+ - func executeShim() error { - // start handling signals as soon as possible so that things are properly reaped - // or if runtime exits before we hit the handler -diff --git a/container_linux_test.go b/container_linux_test.go -index 60b0336..fa764d7 100644 ---- a/container_linux_test.go -+++ b/container_linux_test.go -@@ -24,7 +24,9 @@ import ( - "fmt" - "io" - "io/ioutil" -+ "os" - "os/exec" -+ "path/filepath" - "runtime" - "strings" - "sync" -@@ -258,6 +260,213 @@ func TestDaemonRestart(t *testing.T) { - <-statusC - } - -+func TestShimDoesNotLeakPipes(t *testing.T) { -+ containerdPid := ctrd.cmd.Process.Pid -+ initialPipes, err := numPipes(containerdPid) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ client, err := newClient(t, address) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer client.Close() -+ -+ var ( -+ image Image -+ ctx, cancel = testContext() -+ id = t.Name() -+ ) -+ defer cancel() -+ -+ image, err = client.GetImage(ctx, testImage) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithImageConfig(image), withProcessArgs("sleep", "30"))) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ task, err := container.NewTask(ctx, empty()) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ exitChannel, err := task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Start(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Kill(ctx, syscall.SIGKILL); err != nil { -+ t.Fatal(err) -+ } -+ -+ <-exitChannel -+ -+ if _, err := task.Delete(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := container.Delete(ctx, WithSnapshotCleanup); err != nil { -+ t.Fatal(err) -+ } -+ -+ currentPipes, err := numPipes(containerdPid) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if initialPipes != currentPipes { -+ t.Errorf("Pipes have leaked after container has been deleted. Initially there were %d pipes, after container deletion there were %d pipes", initialPipes, currentPipes) -+ } -+} -+ -+func numPipes(pid int) (int, error) { -+ cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep pipe", pid)) -+ -+ var stdout bytes.Buffer -+ cmd.Stdout = &stdout -+ if err := cmd.Run(); err != nil { -+ return 0, err -+ } -+ return strings.Count(stdout.String(), "\n"), nil -+} -+ -+func TestDaemonReconnectsToShimIOPipesOnRestart(t *testing.T) { -+ client, err := newClient(t, address) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer client.Close() -+ -+ var ( -+ image Image -+ ctx, cancel = testContext() -+ id = t.Name() -+ ) -+ defer cancel() -+ -+ image, err = client.GetImage(ctx, testImage) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithImageConfig(image), withProcessArgs("sleep", "30"))) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer container.Delete(ctx, WithSnapshotCleanup) -+ -+ task, err := container.NewTask(ctx, empty()) -+ if err != nil { -+ t.Fatal(err) -+ } -+ defer task.Delete(ctx) -+ -+ _, err = task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Start(ctx); err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := ctrd.Restart(nil); err != nil { -+ t.Fatal(err) -+ } -+ -+ waitCtx, waitCancel := context.WithTimeout(ctx, 2*time.Second) -+ serving, err := client.IsServing(waitCtx) -+ waitCancel() -+ if !serving { -+ t.Fatalf("containerd did not start within 2s: %v", err) -+ } -+ -+ // After we restared containerd we write some messages to the log pipes, simulating shim writing stuff there. -+ // Then we make sure that these messages are available on the containerd log thus proving that the server reconnected to the log pipes -+ runtimeVersion := getRuntimeVersion() -+ logDirPath := getLogDirPath(runtimeVersion, id) -+ -+ switch runtimeVersion { -+ case "v1": -+ writeToFile(t, filepath.Join(logDirPath, "shim.stdout.log"), fmt.Sprintf("%s writing to stdout\n", id)) -+ writeToFile(t, filepath.Join(logDirPath, "shim.stderr.log"), fmt.Sprintf("%s writing to stderr\n", id)) -+ case "v2": -+ writeToFile(t, filepath.Join(logDirPath, "log"), fmt.Sprintf("%s writing to log\n", id)) -+ } -+ -+ statusC, err := task.Wait(ctx) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ if err := task.Kill(ctx, syscall.SIGKILL); err != nil { -+ t.Fatal(err) -+ } -+ -+ <-statusC -+ -+ stdioContents, err := ioutil.ReadFile(ctrdStdioFilePath) -+ if err != nil { -+ t.Fatal(err) -+ } -+ -+ switch runtimeVersion { -+ case "v1": -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to stdout", id)) { -+ t.Fatal("containerd did not connect to the shim stdout pipe") -+ } -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to stderr", id)) { -+ t.Fatal("containerd did not connect to the shim stderr pipe") -+ } -+ case "v2": -+ if !strings.Contains(string(stdioContents), fmt.Sprintf("%s writing to log", id)) { -+ t.Fatal("containerd did not connect to the shim log pipe") -+ } -+ } -+} -+ -+func writeToFile(t *testing.T, filePath, message string) { -+ writer, err := os.OpenFile(filePath, os.O_WRONLY, 0600) -+ if err != nil { -+ t.Fatal(err) -+ } -+ if _, err := writer.WriteString(message); err != nil { -+ t.Fatal(err) -+ } -+ if err := writer.Close(); err != nil { -+ t.Fatal(err) -+ } -+} -+ -+func getLogDirPath(runtimeVersion, id string) string { -+ switch runtimeVersion { -+ case "v1": -+ return filepath.Join(defaultRoot, "io.containerd.runtime.v1.linux", testNamespace, id) -+ case "v2": -+ return filepath.Join(defaultState, "io.containerd.runtime.v2.task", testNamespace, id) -+ default: -+ panic(fmt.Errorf("Unsupported runtime version %s", runtimeVersion)) -+ } -+} -+ -+func getRuntimeVersion() string { -+ switch rt := os.Getenv("TEST_RUNTIME"); rt { -+ case "io.containerd.runc.v1": -+ return "v2" -+ default: -+ return "v1" -+ } -+} -+ - func TestContainerPTY(t *testing.T) { - t.Parallel() - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index d19b8e5..e1b3cac 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -21,6 +21,7 @@ package linux - import ( - "context" - "fmt" -+ "io" - "io/ioutil" - "os" - "path/filepath" -@@ -40,6 +41,7 @@ import ( - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/runctypes" -+ "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - shim "github.com/containerd/containerd/runtime/v1/shim/v1" - runc "github.com/containerd/go-runc" -@@ -341,6 +343,30 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - -+ logDirPath := filepath.Join(r.root, ns, id) -+ -+ shimStdoutLog, err := v1.OpenShimStdoutLog(ctx, logDirPath) -+ if err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ "logDirPath": logDirPath, -+ }).Error("opening shim stdout log pipe") -+ continue -+ } -+ go io.Copy(os.Stdout, shimStdoutLog) -+ -+ shimStderrLog, err := v1.OpenShimStderrLog(ctx, logDirPath) -+ if err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ "logDirPath": logDirPath, -+ }).Error("opening shim stderr log pipe") -+ continue -+ } -+ go io.Copy(os.Stderr, shimStderrLog) -+ - t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle) - if err != nil { - log.G(ctx).WithError(err).Error("loading task type") -diff --git a/runtime/v1/shim.go b/runtime/v1/shim.go -new file mode 100644 -index 0000000..3942968 ---- /dev/null -+++ b/runtime/v1/shim.go -@@ -0,0 +1,38 @@ -+// +build !windows -+ -+/* -+ Copyright The containerd Authors. -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package v1 -+ -+import ( -+ "context" -+ "io" -+ "path/filepath" -+ -+ "github.com/containerd/fifo" -+ "golang.org/x/sys/unix" -+) -+ -+// OpenShimStdoutLog opens the shim log for reading -+func OpenShimStdoutLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) { -+ return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stdout.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+} -+ -+// OpenShimStderrLog opens the shim log -+func OpenShimStderrLog(ctx context.Context, logDirPath string) (io.ReadWriteCloser, error) { -+ return fifo.OpenFifo(ctx, filepath.Join(logDirPath, "shim.stderr.log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+} -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 015d88c..ef74030 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -37,6 +37,7 @@ import ( - - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/log" -+ v1 "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/shim" - shimapi "github.com/containerd/containerd/runtime/v1/shim/v1" - "github.com/containerd/containerd/sys" -@@ -62,7 +63,24 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - } - defer f.Close() - -- cmd, err := newCommand(binary, daemonAddress, debug, config, f) -+ var stdoutLog io.ReadWriteCloser -+ var stderrLog io.ReadWriteCloser -+ if debug { -+ stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stdout log") -+ } -+ -+ stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stderr log") -+ } -+ -+ go io.Copy(os.Stdout, stdoutLog) -+ go io.Copy(os.Stderr, stderrLog) -+ } -+ -+ cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) - if err != nil { - return nil, nil, err - } -@@ -77,6 +95,12 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - go func() { - cmd.Wait() - exitHandler() -+ if stdoutLog != nil { -+ stderrLog.Close() -+ } -+ if stdoutLog != nil { -+ stderrLog.Close() -+ } - }() - log.G(ctx).WithFields(logrus.Fields{ - "pid": cmd.Process.Pid, -@@ -104,7 +128,7 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - } - } - --func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File) (*exec.Cmd, error) { -+func newCommand(binary, daemonAddress string, debug bool, config shim.Config, socket *os.File, stdout, stderr io.Writer) (*exec.Cmd, error) { - selfExe, err := os.Executable() - if err != nil { - return nil, err -@@ -137,10 +161,8 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - cmd.SysProcAttr = getSysProcAttr() - cmd.ExtraFiles = append(cmd.ExtraFiles, socket) - cmd.Env = append(os.Environ(), "GOMAXPROCS=2") -- if debug { -- cmd.Stdout = os.Stdout -- cmd.Stderr = os.Stderr -- } -+ cmd.Stdout = stdout -+ cmd.Stderr = stderr - return cmd, nil - } - --- -2.7.4.3 - diff --git a/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch b/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch deleted file mode 100644 index e8f2b86..0000000 --- a/patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 77b025a48d9dc89666ef7c03709ef1fc2a4d0b34 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:00:12 +0800 -Subject: [PATCH 09/27] runtime: fix pipe in broken may cause shim - lock forever for runtime v2 - -reason: fix pipe in broken may cause shim lock forever for runtime v2 - -Cherry-pick from upstream b3438f7a6f - -Change-Id: I3c324050531a1e68a5c3a688a51408a121a3f9f1 -Signed-off-by: Lifubang -Signed-off-by: lujingxiao ---- - runtime/v2/runc/service_linux.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 5e30cfc..19d1fec 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -49,9 +49,10 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - cwg.Add(1) - go func() { - cwg.Done() -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- io.CopyBuffer(epollConsole, in, *p) -+ bp := bufPool.Get().(*[]byte) -+ defer bufPool.Put(bp) -+ io.CopyBuffer(epollConsole, in, *bp) -+ epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } - --- -2.7.4.3 - diff --git a/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch b/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch deleted file mode 100644 index e1a283c..0000000 --- a/patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch +++ /dev/null @@ -1,52 +0,0 @@ -From d0e57aafce7c98b3c9b3004c862d5a15180df86c Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:03:08 +0800 -Subject: [PATCH 10/27] runtime: fix pipe in broken may cause shim - lock forever for runtime v1 - -reason: fix pipe in broken may cause shim lock forever for runtime v1 - -Cherry-pick from upstream e76a8879eb - -Change-Id: Ie603b36f92c4a6cc41777a9cd1e6a19b8584eaf1 -Signed-off-by: Lifubang -Signed-off-by: lujingxiao ---- - runtime/v1/shim/service_linux.go | 8 +++++--- - runtime/v2/runc/service_linux.go | 1 + - 2 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/service_linux.go b/runtime/v1/shim/service_linux.go -index 18ae650..307e20d 100644 ---- a/runtime/v1/shim/service_linux.go -+++ b/runtime/v1/shim/service_linux.go -@@ -49,9 +49,11 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - cwg.Add(1) - go func() { - cwg.Done() -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- io.CopyBuffer(epollConsole, in, *p) -+ bp := bufPool.Get().(*[]byte) -+ defer bufPool.Put(bp) -+ io.CopyBuffer(epollConsole, in, *bp) -+ // we need to shutdown epollConsole when pipe broken -+ epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } - -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 19d1fec..1161673 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -52,6 +52,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - bp := bufPool.Get().(*[]byte) - defer bufPool.Put(bp) - io.CopyBuffer(epollConsole, in, *bp) -+ // we need to shutdown epollConsole when pipe broken - epollConsole.Shutdown(p.epoller.CloseConsole) - }() - } --- -2.7.4.3 - diff --git a/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch b/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch deleted file mode 100644 index 79b4204..0000000 --- a/patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 8eb1ab31006f3079d1bf95b4ab089e049a4f45f2 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:04:03 +0800 -Subject: [PATCH 11/27] runtime: Add timeout and cancel to shim fifo - open - -reason: Add timeout and cancel to shim fifo open -There is still a special case where the client side fails to open or -load causes things to be slow and the shim can lock up when this -happens. This adds a timeout to the context for this case to abort fifo -creation. - -Cherry-pick from upstream 18f57e20b0 - -Signed-off-by: Michael Crosby -(cherry picked from commit a2a4241979f615eb0a1084c7638c21f830f48ac5) -Signed-off-by: Andrew Hsu -Signed-off-by: lujingxiao - -Change-Id: Ic7f285b149f97f4d6526b3f2c28b6ac6790332b0 ---- - runtime/v1/linux/proc/exec.go | 5 +++++ - runtime/v1/linux/proc/init.go | 5 +++++ - 2 files changed, 10 insertions(+) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 96c425d..715a977 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -172,22 +172,27 @@ func (e *execProcess) start(ctx context.Context) (err error) { - e.stdin = sc - } - var copyWaitGroup sync.WaitGroup -+ ctx, cancel := context.WithTimeout(ctx, 30*time.Second) - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start console copy") - } - } else if !e.stdio.IsNull() { - if err := copyPipes(ctx, e.io, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(opts.PidFile) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime exec pid") - } - e.pid = pid -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5bf5f83..5b23671 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -168,18 +168,22 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - p.closers = append(p.closers, sc) - } - var copyWaitGroup sync.WaitGroup -+ ctx, cancel := context.WithTimeout(ctx, 30*time.Second) - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to start console copy") - } - p.console = console - } else if !hasNoIO(r) { - if err := copyPipes(ctx, p.io, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup); err != nil { -+ cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } -@@ -187,6 +191,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(pidFile) - if err != nil { -+ cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime container pid") - } - p.pid = pid --- -2.7.4.3 - diff --git a/patch/0012-bump-bump-containerd-to-1.2.0.2.patch b/patch/0012-bump-bump-containerd-to-1.2.0.2.patch deleted file mode 100644 index 2f8ac24..0000000 --- a/patch/0012-bump-bump-containerd-to-1.2.0.2.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ea92cca7c1d4dfbd6a563588a6ea9b56a764fc39 Mon Sep 17 00:00:00 2001 -From: lujingxiao -Date: Wed, 23 Jan 2019 15:31:56 +0800 -Subject: [PATCH 12/27] bump: bump containerd to 1.2.0.2 - -reason: bump containerd to 1.2.0.2 after cherry-picked patches from -upstream: -- runtime: Add timeout and cancel to shim fifo open -- runtime: fix pipe in broken may cause shim lock forever for runtime v1 -- runtime: fix pipe in broken may cause shim lock forever for runtime v2 -- runtime: Use named pipes for shim logs -- shim: Increase reaper buffer size and non-blocking send -- shim: optimize shim lock in runtime v1 - -Change-Id: Ibd7574e2ab18a2f783c694931101e1459bc779ad -Signed-off-by: lujingxiao ---- - hack/containerd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f53c37b..c7d358d 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 1%{?dist} -+Release: 2%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io --- -2.7.4.3 - diff --git a/patch/0013-log-support-log-init-pid-to-start-event-log.patch b/patch/0013-log-support-log-init-pid-to-start-event-log.patch deleted file mode 100644 index da79fdd..0000000 --- a/patch/0013-log-support-log-init-pid-to-start-event-log.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d4d3f8a239f4b4afd009d954453e585704ddb112 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 24 Jan 2019 11:55:10 +0800 -Subject: [PATCH 13/27] log: support log init pid to start event log - -reason: DFX support start event with init pid - -Change-Id: I8ae9c7a9652f694680979965829682416aed4055 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - runtime/v1/linux/task.go | 2 ++ - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index c7d358d..462d35e 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 2%{?dist} -+Release: 3%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 38da35c..1c650c4 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -36,6 +36,7 @@ import ( - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // Task on a linux based system -@@ -131,6 +132,7 @@ func (t *Task) Start(ctx context.Context) error { - t.cg = cg - t.mu.Unlock() - } -+ logrus.Infof("publish event %s for container %s with pid %d", runtime.TaskStartEventTopic, t.id, t.pid) - t.events.Publish(ctx, runtime.TaskStartEventTopic, &eventstypes.TaskStart{ - ContainerID: t.id, - Pid: uint32(t.pid), --- -2.7.4.3 - diff --git a/patch/0014-event-resend-exit-event-when-detect-container.patch b/patch/0014-event-resend-exit-event-when-detect-container.patch deleted file mode 100644 index de4a802..0000000 --- a/patch/0014-event-resend-exit-event-when-detect-container.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 200ae6f4b733f8a869aac36a730da90e79213387 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 18:40:59 +0800 -Subject: [PATCH 14/27] event: resend exit event when detect - containerd restarted - -reason: testCE_docker_containerd_ABN.026.sh -fix docker stop no effect. - -Change-Id: I024b2f6a03d74fcbb5623c696212dcbfb624b285 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 38 +++++++++++++++++++++++++++++++++++++- - 1 file changed, 37 insertions(+), 1 deletion(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 6c59cd1..d1f41b0 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -24,12 +24,14 @@ import ( - "flag" - "fmt" - "io" -+ "io/ioutil" - "net" - "os" - "os/exec" - "os/signal" - "runtime" - "runtime/debug" -+ "strconv" - "strings" - "sync" - "syscall" -@@ -263,7 +265,7 @@ type remoteEventsPublisher struct { - address string - } - --func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, event events.Event) error { - ns, _ := namespaces.Namespace(ctx) - encoded, err := typeurl.MarshalAny(event) - if err != nil { -@@ -288,3 +290,37 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event - } - return nil - } -+ -+func getContainerdPid() int { -+ pidFile := "/var/run/docker/containerd/containerd.pid" -+ data, err := ioutil.ReadFile(pidFile) -+ if err != nil { -+ return -1 -+ } -+ pid, err := strconv.Atoi(string(data)) -+ if err != nil { -+ return -1 -+ } -+ return pid -+} -+ -+func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event events.Event) error { -+ old := getContainerdPid() -+ for i := 1; i <= 10; i++ { -+ err := l.doPublish(ctx, topic, event) -+ logrus.Infof("try publish event(%d) %s %v %v", i, topic, event, err) -+ if err == nil { -+ new := getContainerdPid() -+ if old == new { -+ return nil -+ } -+ logrus.Warnf("containerd pid %d changed to %d", old, new) -+ old = new -+ } -+ if i == 10 { -+ return err -+ } -+ time.Sleep(time.Duration(i) * time.Second) -+ } -+ return nil -+} --- -2.7.4.3 - diff --git a/patch/0015-restore-cleanup-container-pid-1.patch b/patch/0015-restore-cleanup-container-pid-1.patch deleted file mode 100644 index 1cdfd22..0000000 --- a/patch/0015-restore-cleanup-container-pid-1.patch +++ /dev/null @@ -1,122 +0,0 @@ -From fd1c8dda8cc02b9aef28f1e3e4e51ab216338e2b Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sun, 10 Feb 2019 15:40:52 +0800 -Subject: [PATCH 15/27] restore: cleanup container pid=-1 - -reason: fix testCE_docker_hook_spec_ABN.050.sh -when containerd killed during task create, see Runtime.Create(). the -defer function will not execute, so shim residual. cleanup shim for -container pid=-1 - -Change-Id: Ie9a7f6dff5f8a922cc97c5fcf44664ab60ac1a7a -Signed-off-by: jingrui ---- - runtime/v1/linux/runtime.go | 10 +++++++--- - runtime/v1/linux/task.go | 26 ++++++++++++++++++++++++-- - 2 files changed, 31 insertions(+), 5 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index e1b3cac..3b66304 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -316,6 +316,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -+ log.G(ctx).Infof("load-task %s", id) - bundle := loadBundle( - id, - filepath.Join(r.state, ns, id), -@@ -372,6 +373,12 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).WithError(err).Error("loading task type") - continue - } -+ if pid == -1 { -+ _, err := t.DeleteForce(ctx) -+ log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) -+ continue -+ } -+ log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) - o = append(o, t) - } - return o, nil -@@ -380,9 +387,6 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string, pid int) error { - ctx = namespaces.WithNamespace(ctx, ns) - if err := r.terminate(ctx, bundle, ns, id); err != nil { -- if r.config.ShimDebug { -- return errors.Wrap(err, "failed to terminate task, leaving bundle for debugging") -- } - log.G(ctx).WithError(err).Warn("failed to terminate task") - } - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 1c650c4..6995156 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -21,6 +21,7 @@ package linux - import ( - "context" - "sync" -+ "time" - - "github.com/containerd/cgroups" - eventstypes "github.com/containerd/containerd/api/events" -@@ -37,6 +38,7 @@ import ( - "github.com/gogo/protobuf/types" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - ) - - // Task on a linux based system -@@ -86,10 +88,13 @@ func (t *Task) Namespace() string { - } - - // Delete the task and return the exit status --func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { -- return nil, errdefs.FromGRPC(err) -+ log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -+ if !force { -+ return nil, errdefs.FromGRPC(err) -+ } - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -@@ -98,6 +103,14 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - if err := t.bundle.Delete(); err != nil { - log.G(ctx).WithError(err).Error("failed to delete bundle") - } -+ -+ if rsp == nil { -+ rsp = &shim.DeleteResponse{} -+ rsp.ExitStatus = 128 + uint32(unix.SIGKILL) -+ rsp.ExitedAt = time.Now().UTC() -+ rsp.Pid = 0 -+ } -+ - t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{ - ContainerID: t.id, - ExitStatus: rsp.ExitStatus, -@@ -111,6 +124,15 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { - }, nil - } - -+// Delete the task and return the exit status -+func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -+ return t.delete(ctx, false) -+} -+ -+func (t *Task) DeleteForce(ctx context.Context) (*runtime.Exit, error) { -+ return t.delete(ctx, true) -+} -+ - // Start the task - func (t *Task) Start(ctx context.Context) error { - t.mu.Lock() --- -2.7.4.3 - diff --git a/patch/0016-create-runc-delete-force-before-create.patch b/patch/0016-create-runc-delete-force-before-create.patch deleted file mode 100644 index 3aa5ece..0000000 --- a/patch/0016-create-runc-delete-force-before-create.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e7827a737c42861afd6b41e2e7dc953c249278fc Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 11 Feb 2019 17:40:31 +0800 -Subject: [PATCH 16/27] create: runc delete force before create - -reason: testCE_docker_hook_spec_ABN.051.sh -kill -9 shim will generate residual runc files, cleanup runc files using -runc delete before create. - -Change-Id: I3efa3c4d0989ba8d688bcb6f35ba543b6ab91b2d -Signed-off-by: jingrui ---- - vendor/github.com/containerd/go-runc/runc.go | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 96262af..e688881 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -138,6 +138,8 @@ func (o *CreateOpts) args() (out []string, err error) { - - // Create creates a new container and returns its pid if it was created successfully - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { -+ r.Delete(context, id, &DeleteOpts{Force: true}) -+ - args := []string{"create", "--bundle", bundle} - if opts != nil { - oargs, err := opts.args() --- -2.7.4.3 - diff --git a/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch b/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch deleted file mode 100644 index 92c6ef4..0000000 --- a/patch/0017-exit-using-init.exit-indicate-container-is-ex.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f83e391aef03283b30431a960b66f720cf0d9dd3 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 11 Feb 2019 20:12:15 +0800 -Subject: [PATCH 17/27] exit: using init.exit indicate container is - exiting - -reason: testCE_docker_hook_spec_ABN.053.sh -kill dockerd during docker stop in post-stophook, containerd will load -task and treat as ok when shim response client. add init.exit to forbid -load exiting task. - -Change-Id: I8f03cd51088d43d4fb457b32981f3eebd8558f84 -Signed-off-by: jingrui ---- - runtime/v1/linux/proc/init.go | 1 + - runtime/v1/linux/runtime.go | 5 +++++ - runtime/v1/shim/service.go | 4 +++- - 3 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5b23671..caa31c3 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -43,6 +43,7 @@ import ( - - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" -+const InitExit = "init.exit" - - // Init represents an initial process for a container - type Init struct { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 3b66304..123d675 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -378,6 +378,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) - continue - } -+ if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -+ _, err := t.DeleteForce(ctx) -+ log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) -+ continue -+ } - log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) - o = append(o, t) - } -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 679982a..8c7984f 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -504,7 +504,9 @@ func (s *Service) checkProcesses(e runc.Exit) { - - for _, p := range s.processes { - if p.Pid() == e.Pid { -- -+ if ip, ok := p.(*proc.Init); ok { -+ ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) -+ } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { - // Ensure all children are killed --- -2.7.4.3 - diff --git a/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch b/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch deleted file mode 100644 index e911513..0000000 --- a/patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 7f483b7d5a6bd88ea35f5dcf1a5fea5d165044fe Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Tue, 12 Feb 2019 15:22:06 +0800 -Subject: [PATCH 18/27] containerd-shim: Dump log to file when docker - received signal - -reason: Dump stack log to file when docker received "kill -SIGUSR1 -PID" signal -The name of log files is "shim-stack-[time].log". -The log file can be found at: -/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/container-id/shim-stack-[time].log - -Change-Id: I6d7e03c9a0fd36e9a76f1dd45cfd5312985d03f8 -Signed-off-by: lixiang172 ---- - cmd/containerd-shim/main_unix.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index d1f41b0..38b3eb4 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -246,6 +246,8 @@ func handleSignals(logger *logrus.Entry, signals chan os.Signal, server *ttrpc.S - } - } - -+const stacksLogNameTemplate = "shim-stacks-%s.log" -+ - func dumpStacks(logger *logrus.Entry) { - var ( - buf []byte -@@ -258,6 +260,7 @@ func dumpStacks(logger *logrus.Entry) { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600) - logger.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } - --- -2.7.4.3 - diff --git a/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch b/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch deleted file mode 100644 index 4557c56..0000000 --- a/patch/0019-restore-check-shim-alive-when-containerd-is-r.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 112c2ef89b1085e95959285ce5328af5d74ba8db Mon Sep 17 00:00:00 2001 -From: xueshaojia -Date: Thu, 14 Feb 2019 10:48:14 +0800 -Subject: [PATCH 19/27] restore: check shim alive when containerd is - restarted - -reason: fix docker_containerd-shim:testCE_docker_containerd_shim_ABN.021.sh - When containerd is restarted, it will load all tasks.In some cases, the - containerd-shim is killed and the sock file will exist for a while. - Containerd should check the containerd-shim is available using the sock file. - If the containerd-shim server not responses, do r.cleanupAfterDeadShim - -Change-Id: I448c8caefa8c1252bd5cdcff79deb8eff1005903 -Signed-off-by: xueshaojia ---- - runtime/v1/linux/runtime.go | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 123d675..477cda0 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -343,6 +343,21 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - continue - } -+ ctxContact, cancel := context.WithTimeout(ctx, 5*time.Second) -+ defer cancel() -+ alive, err := s.IsAlive(ctxContact) -+ if !alive { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": ns, -+ }).Error("contacting to shim") -+ err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) -+ if err != nil { -+ log.G(ctx).WithError(err).WithField("bundle", bundle.path). -+ Error("cleaning up after dead shim") -+ } -+ continue -+ } - - logDirPath := filepath.Join(r.root, ns, id) - --- -2.7.4.3 - diff --git a/patch/0020-events-resend-pending-exit-events-on-restore.patch b/patch/0020-events-resend-pending-exit-events-on-restore.patch deleted file mode 100644 index 8d2b63b..0000000 --- a/patch/0020-events-resend-pending-exit-events-on-restore.patch +++ /dev/null @@ -1,357 +0,0 @@ -From 27762e8d75c00c8898c725873c17a23105ba5b7c Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Tue, 12 Feb 2019 17:03:11 +0800 -Subject: [PATCH 20/27] events: resend pending exit events on restore - -reason: fix exit event may lost. -testCE_docker_containerd_ABN.026.sh - -Change-Id: I5bcdf06ad4ee7b8a0ca782e610186f52e3d79bbd -Signed-off-by: jingrui ---- - events/events.go | 13 +++++ - events/exchange/exchange.go | 12 +++++ - events/exit.go | 79 +++++++++++++++++++++++++++++ - runtime/v1/linux/runtime.go | 56 +++++++++++++++++--- - runtime/v1/linux/task.go | 10 ++-- - runtime/v1/shim/service.go | 2 + - vendor/github.com/docker/go-events/queue.go | 8 +++ - 7 files changed, 167 insertions(+), 13 deletions(-) - create mode 100644 events/exit.go - -diff --git a/events/events.go b/events/events.go -index b7eb86f..aa07236 100644 ---- a/events/events.go -+++ b/events/events.go -@@ -22,6 +22,7 @@ import ( - - "github.com/containerd/typeurl" - "github.com/gogo/protobuf/types" -+ apievents "github.com/containerd/containerd/api/events" - ) - - // Envelope provides the packaging for an event. -@@ -32,6 +33,18 @@ type Envelope struct { - Event *types.Any - } - -+func (e *Envelope) ExitFile() string { -+ decoded, err := typeurl.UnmarshalAny(e.Event) -+ if err != nil { -+ return "" -+ } -+ -+ if e, ok := decoded.(*apievents.TaskExit); ok { -+ return ExitFile(e.ContainerID, e.Pid, e.ExitStatus) -+ } -+ -+ return "" -+} - // Field returns the value for the given fieldpath as a string, if defined. - // If the value is not defined, the second value will be false. - func (e *Envelope) Field(fieldpath []string) (string, bool) { -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index 95d21b7..540f180 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -49,6 +49,11 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} -+var mobySubcribed = false -+ -+func MobySubscribed() bool { -+ return mobySubcribed -+} - - // Forward accepts an envelope to be direcly distributed on the exchange. - // -@@ -161,6 +166,13 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - } - - e.broadcaster.Add(dst) -+ logrus.Infof("subscribe ctx=%v fs=%v", ctx, fs) -+ for _, s := range fs { -+ if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { -+ queue.Namespace = "moby" -+ mobySubcribed = true -+ } -+ } - - go func() { - defer closeAll() -diff --git a/events/exit.go b/events/exit.go -new file mode 100644 -index 0000000..e1ce089 ---- /dev/null -+++ b/events/exit.go -@@ -0,0 +1,79 @@ -+package events -+ -+import ( -+ "fmt" -+ "io/ioutil" -+ "os" -+ "path/filepath" -+ "strconv" -+ "strings" -+ "github.com/sirupsen/logrus" -+) -+ -+const ExitDir = "/var/run/docker/containerd/exit" -+const ExitStatusDefault = 137 -+ -+func ExitFile(cid string, pid uint32, status uint32) string { -+ return fmt.Sprintf("%s.%d.%d", cid, pid, status) -+} -+ -+func ExitInfo(ef string) (string, uint32, uint32) { -+ s := strings.Split(ef, ".") -+ if len(s) != 3 { -+ return "", 0, 0 -+ } -+ -+ cid := s[0] -+ pid, err := strconv.ParseUint(s[1], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ status, err := strconv.ParseUint(s[2], 10, 32) -+ if err != nil { -+ return "", 0, 0 -+ } -+ -+ return cid, uint32(pid), uint32(status) -+} -+ -+func ExitAddFile(ns string, ef string, reason string) { -+ os.MkdirAll(filepath.Join(ExitDir, ns), 0700) -+ err := ioutil.WriteFile(filepath.Join(ExitDir, ns, ef), []byte{}, 0600) -+ logrus.Infof("exit-add %s/%s [reason: %s] error=%v", ns, ef, reason, err) -+} -+ -+func ExitDelFile(ns string, ef string) { -+ err := os.RemoveAll(filepath.Join(ExitDir, ns, ef)) -+ logrus.Infof("exit-del %s/%s error=%v", ns, ef, err) -+} -+ -+func ExitGetFile(ns string, cid string, pid uint32, status uint32) string { -+ ef := ExitFile(cid, pid, status) -+ if _, err := os.Stat(filepath.Join(ExitDir, ns, ef)); err == nil { -+ return ef -+ } -+ return "" -+} -+ -+func ExitGetFiles(ns string) []string { -+ files, err := ioutil.ReadDir(filepath.Join(ExitDir, ns)) -+ if err != nil { -+ return []string{} -+ } -+ -+ names := []string{} -+ for _, f := range files { -+ names = append(names, f.Name()) -+ } -+ -+ return names -+} -+ -+func ExitPending(ns string, cid string, pid uint32) bool { -+ for _, ef := range ExitGetFiles(ns) { -+ if strings.Contains(ef, fmt.Sprintf("%s.%d", cid, pid)) { -+ return true -+ } -+ } -+ return false -+} -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 477cda0..add4d52 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -31,6 +31,7 @@ import ( - "github.com/containerd/containerd/api/types" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/errdefs" -+ "github.com/containerd/containerd/events" - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/identifiers" - "github.com/containerd/containerd/log" -@@ -129,6 +130,7 @@ func New(ic *plugin.InitContext) (interface{}, error) { - return nil, err - } - } -+ go r.resendExitEvents(ic.Context, "moby") - return r, nil - } - -@@ -175,7 +177,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- bundle.Delete() -+ errd := bundle.Delete() -+ log.G(ctx).WithError(err).Errorf("revert: delete bundle error=%v", errd) - } - }() - -@@ -218,9 +221,8 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- if kerr := s.KillShim(ctx); kerr != nil { -- log.G(ctx).WithError(err).Error("failed to kill shim") -- } -+ kerr := s.KillShim(ctx) -+ log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) - } - }() - -@@ -305,6 +307,41 @@ func (r *Runtime) Get(ctx context.Context, id string) (runtime.Task, error) { - return r.tasks.Get(ctx, id) - } - -+func (r *Runtime) resendExitEvents(ctx context.Context, ns string) { -+ for { -+ time.Sleep(time.Second) -+ efs := events.ExitGetFiles(ns) -+ if len(efs) == 0 { -+ break -+ } -+ -+ if !exchange.MobySubscribed() { -+ logrus.Infof("waiting moby event stream ...") -+ continue -+ } -+ time.Sleep(time.Second) -+ -+ for _, ef := range efs { -+ cid, pid, status := events.ExitInfo(ef) -+ if cid == "" { -+ continue -+ } -+ -+ e := &eventstypes.TaskExit{ -+ ContainerID: cid, -+ ID: cid, -+ ExitStatus: status, -+ ExitedAt: time.Now().UTC(), -+ Pid: uint32(pid), -+ } -+ -+ ctx := namespaces.WithNamespace(context.Background(), ns) -+ err := r.events.Publish(ctx, runtime.TaskExitEventTopic, e) -+ logrus.Infof("resend exit event %v error=%v", e, err) -+ } -+ } -+} -+ - func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - dir, err := ioutil.ReadDir(filepath.Join(r.state, ns)) - if err != nil { -@@ -388,13 +425,16 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).WithError(err).Error("loading task type") - continue - } -- if pid == -1 { -- _, err := t.DeleteForce(ctx) -- log.G(ctx).Warnf("delete force %s Pid=-1 error=%v", id, err) -+ if pid <= 0 { -+ _, err := t.DeleteForce(ctx, 0) -+ log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) - continue - } - if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -- _, err := t.DeleteForce(ctx) -+ if !events.ExitPending(ns, t.id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } -+ _, err := t.DeleteForce(ctx, uint32(pid)) - log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) - continue - } -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index 6995156..b692ae7 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -88,7 +88,7 @@ func (t *Task) Namespace() string { - } - - // Delete the task and return the exit status --func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { -+func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { - log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -@@ -108,7 +108,7 @@ func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - rsp = &shim.DeleteResponse{} - rsp.ExitStatus = 128 + uint32(unix.SIGKILL) - rsp.ExitedAt = time.Now().UTC() -- rsp.Pid = 0 -+ rsp.Pid = pid - } - - t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{ -@@ -126,11 +126,11 @@ func (t *Task) delete(ctx context.Context, force bool) (*runtime.Exit, error) { - - // Delete the task and return the exit status - func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) { -- return t.delete(ctx, false) -+ return t.delete(ctx, false, 0) - } - --func (t *Task) DeleteForce(ctx context.Context) (*runtime.Exit, error) { -- return t.delete(ctx, true) -+func (t *Task) DeleteForce(ctx context.Context, pid uint32) (*runtime.Exit, error) { -+ return t.delete(ctx, true, pid) - } - - // Start the task -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 8c7984f..a2eb35b 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -505,6 +505,8 @@ func (s *Service) checkProcesses(e runc.Exit) { - for _, p := range s.processes { - if p.Pid() == e.Pid { - if ip, ok := p.(*proc.Init); ok { -+ ns := filepath.Base(filepath.Dir(ip.Bundle)) -+ events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) - } - if shouldKillAll { -diff --git a/vendor/github.com/docker/go-events/queue.go b/vendor/github.com/docker/go-events/queue.go -index 4bb770a..0608e7e 100644 ---- a/vendor/github.com/docker/go-events/queue.go -+++ b/vendor/github.com/docker/go-events/queue.go -@@ -5,12 +5,14 @@ import ( - "sync" - - "github.com/sirupsen/logrus" -+ topevents "github.com/containerd/containerd/events" - ) - - // Queue accepts all messages into a queue for asynchronous consumption - // by a sink. It is unbounded and thread safe but the sink must be reliable or - // events will be dropped. - type Queue struct { -+ Namespace string - dst Sink - events *list.List - cond *sync.Cond -@@ -83,6 +85,12 @@ func (eq *Queue) run() { - "event": event, - "sink": eq.dst, - }).WithError(err).Debug("eventqueue: dropped event") -+ } else { -+ if e, ok := event.(*topevents.Envelope); ok { -+ if ef := e.ExitFile(); ef != "" { -+ topevents.ExitDelFile(eq.Namespace, ef) -+ } -+ } - } - } - } --- -2.7.4.3 - diff --git a/patch/0021-containerd-Update-the-version-info-of-contain.patch b/patch/0021-containerd-Update-the-version-info-of-contain.patch deleted file mode 100644 index c1db668..0000000 --- a/patch/0021-containerd-Update-the-version-info-of-contain.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 818ef5fe43d3b9b4c53301800d545ce4c775afff Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Tue, 12 Feb 2019 11:37:37 +0800 -Subject: [PATCH 21/27] containerd: Update the version info of - containerd - -reason: Update the version info after type "containerd -v" -The version info now is defined by "containerd.spec" rather than -"version.go" - -Change-Id: I04c6b78737e09f93a3e84a100c88be19294a5c4f -Signed-off-by: lixiang172 ---- - Makefile | 8 ++++---- - version/version.go | 2 +- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/Makefile b/Makefile -index 35021fd..e38dfb3 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,8 +20,8 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always) --REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) -+VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" - GOOS ?= $(shell go env GOOS) -@@ -77,8 +77,8 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) -extldflags "-static"' -+GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -diff --git a/version/version.go b/version/version.go -index b2874bf..04b7097 100644 ---- a/version/version.go -+++ b/version/version.go -@@ -18,7 +18,7 @@ package version - - var ( - // Package is filled at linking time -- Package = "github.com/containerd/containerd" -+ Package = "" - - // Version holds the complete version number. Filled in at linking time. - Version = "1.2.0+unknown" --- -2.7.4.3 - diff --git a/patch/0022-containerd-bump-version-1.2.0.4.patch b/patch/0022-containerd-bump-version-1.2.0.4.patch deleted file mode 100644 index 515b1f8..0000000 --- a/patch/0022-containerd-bump-version-1.2.0.4.patch +++ /dev/null @@ -1,29 +0,0 @@ -From bea413085725db89439817284b63bb4061e62753 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 13 Feb 2019 22:03:08 +0800 -Subject: [PATCH 22/27] containerd: bump version 1.2.0.4 - -reason: bump version - -Change-Id: Iee2348e931a723929ccfe63b3539c812514acc90 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index 462d35e..f8d9084 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 3%{?dist} -+Release: 4%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io --- -2.7.4.3 - diff --git a/patch/0023-containerd-set-create-and-exec-timeout.patch b/patch/0023-containerd-set-create-and-exec-timeout.patch deleted file mode 100644 index f994109..0000000 --- a/patch/0023-containerd-set-create-and-exec-timeout.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 006bc6d0a9e0c233d0d14de53de0b18799c67081 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 15 Feb 2019 06:00:52 +0800 -Subject: [PATCH 23/27] containerd: set create and exec timeout - -reason:set create and exec timeout to avild block when command failed - -Change-Id: I6bc55f4ccc953bdc1d926ab940f0900811d68760 -Signed-off-by: xiadanni ---- - hack/containerd.spec | 2 +- - runtime/v1/shim/reaper.go | 50 +++++++++++++++++++++++++ - runtime/v2/shim/reaper_unix.go | 4 ++ - vendor/github.com/containerd/go-runc/monitor.go | 6 +++ - vendor/github.com/containerd/go-runc/runc.go | 31 +++++++++++++-- - 5 files changed, 88 insertions(+), 5 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f8d9084..f39c57a 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 4%{?dist} -+Release: 5%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 10d5c30..a2b90fe 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -19,8 +19,13 @@ - package shim - - import ( -+ "io/ioutil" - "os/exec" -+ "path/filepath" -+ "strconv" -+ "strings" - "sync" -+ "syscall" - "time" - - "github.com/containerd/containerd/sys" -@@ -100,6 +105,34 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - return -1, ErrNoSuchProcess - } - -+// WaitTimeout is used to skip the blocked command and kill the left process. -+func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, error) { -+ sch := make(chan int) -+ ech := make(chan error) -+ go func() { -+ for e := range ec { -+ if e.Pid == c.Process.Pid { -+ // make sure we flush all IO -+ c.Wait() -+ m.Unsubscribe(ec) -+ sch <- e.Status -+ return -+ } -+ } -+ }() -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ syscall.Kill(c.Process.Pid, syscall.SIGKILL) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid= %d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case status := <-sch: -+ return status, nil -+ case err := <-ech: -+ return -1, err -+ } -+} -+ - // Subscribe to process exit changes - func (m *Monitor) Subscribe() chan runc.Exit { - c := make(chan runc.Exit, bufferSize) -@@ -116,3 +149,20 @@ func (m *Monitor) Unsubscribe(c chan runc.Exit) { - close(c) - m.Unlock() - } -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -+ return true -+ } -+ return false -+} -diff --git a/runtime/v2/shim/reaper_unix.go b/runtime/v2/shim/reaper_unix.go -index 10d5c30..8bd7dd1 100644 ---- a/runtime/v2/shim/reaper_unix.go -+++ b/runtime/v2/shim/reaper_unix.go -@@ -100,6 +100,10 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - return -1, ErrNoSuchProcess - } - -+func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, error) { -+ return m.Wait(c, ec) -+} -+ - // Subscribe to process exit changes - func (m *Monitor) Subscribe() chan runc.Exit { - c := make(chan runc.Exit, bufferSize) -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index ff06a3f..2c184d2 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -40,6 +40,7 @@ type Exit struct { - type ProcessMonitor interface { - Start(*exec.Cmd) (chan Exit, error) - Wait(*exec.Cmd, chan Exit) (int, error) -+ WaitTimeout(*exec.Cmd, chan Exit, int64) (int, error) - } - - type defaultMonitor struct { -@@ -74,3 +75,8 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - e := <-ec - return e.Status, nil - } -+ -+func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -+ e := <-ec -+ return e.Status, nil -+} -\ No newline at end of file -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index e688881..fc64e8a 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -52,6 +52,8 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -+ execTimeout = 30 -+ createTimeout = 120 - ) - - // Runc is the client to the runc cli -@@ -155,7 +157,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - cmd.ExtraFiles = opts.ExtraFiles - - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true) -+ data, err := cmdOutputTimeout(cmd, true, createTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -172,7 +174,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, createTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -234,7 +236,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutput(cmd, true) -+ data, err := cmdOutputTimeout(cmd, true, execTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -251,7 +253,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.Wait(cmd, ec) -+ status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -707,3 +709,24 @@ func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) { - - return b.Bytes(), err - } -+ -+func cmdOutputTimeout(cmd *exec.Cmd, combined bool, timeout int64) ([]byte, error) { -+ b := getBuf() -+ defer putBuf(b) -+ -+ cmd.Stdout = b -+ if combined { -+ cmd.Stderr = b -+ } -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return nil, err -+ } -+ -+ status, err := Monitor.WaitTimeout(cmd, ec, timeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ -+ return b.Bytes(), err -+} --- -2.7.4.3 - diff --git a/patch/0024-create-cleanup-runc-dirty-files-on-start.patch b/patch/0024-create-cleanup-runc-dirty-files-on-start.patch deleted file mode 100644 index c951cea..0000000 --- a/patch/0024-create-cleanup-runc-dirty-files-on-start.patch +++ /dev/null @@ -1,54 +0,0 @@ -From f96039fcd94c5bc75dcec297668418811d60e785 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Tue, 19 Feb 2019 11:53:41 +0800 -Subject: [PATCH 24/27] create: cleanup runc dirty files on start - -reason: add check before cleanup runtime dirty files. - -Change-Id: I6f218fd8d19ed65d8b13ae1ea744b80574279f83 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 6 +++++- - 2 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index f39c57a..869012a 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 5%{?dist} -+Release: 6%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index fc64e8a..e66ea5b 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -30,6 +30,7 @@ import ( - "strings" - "syscall" - "time" -+ "github.com/sirupsen/logrus" - - specs "github.com/opencontainers/runtime-spec/specs-go" - ) -@@ -140,7 +141,10 @@ func (o *CreateOpts) args() (out []string, err error) { - - // Create creates a new container and returns its pid if it was created successfully - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { -- r.Delete(context, id, &DeleteOpts{Force: true}) -+ if _, err := os.Stat(filepath.Join(r.Root, id)); err == nil { -+ logrus.Warnf("cleanup residue runtime with bundle %s root=%s", bundle, r.Root) -+ r.Delete(context, id, &DeleteOpts{Force: true}) -+ } - - args := []string{"create", "--bundle", bundle} - if opts != nil { --- -2.7.4.3 - diff --git a/patch/0025-restore-skip-load-task-in-creating.patch b/patch/0025-restore-skip-load-task-in-creating.patch deleted file mode 100644 index 143f1c4..0000000 --- a/patch/0025-restore-skip-load-task-in-creating.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 869ceecb455640da5e90f7827f75275665e93e95 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 15:51:24 +0800 -Subject: [PATCH 25/27] restore: skip load task in creating - -load task in creating will stuck containerd restore process. - -Change-Id: I2f8b77a88d78597ef2be5122708fc8ab16fad956 -Signed-off-by: jingrui ---- - runtime/v1/linux/runtime.go | 5 ++--- - runtime/v1/shim/service.go | 6 ++++++ - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index add4d52..5647f94 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -353,7 +353,6 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - id := path.Name() -- log.G(ctx).Infof("load-task %s", id) - bundle := loadBundle( - id, - filepath.Join(r.state, ns, id), -@@ -361,6 +360,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - ) - ctx = namespaces.WithNamespace(ctx, ns) - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, proc.InitPidFile)) -+ log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { -@@ -426,8 +426,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - if pid <= 0 { -- _, err := t.DeleteForce(ctx, 0) -- log.G(ctx).Warnf("delete force %s Pid=%d error=%v", id, pid, err) -+ log.G(ctx).Warnf("skip load task in creating %s", id) - continue - } - if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index a2eb35b..d7fdcaf 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -26,6 +26,7 @@ import ( - "os" - "path/filepath" - "sync" -+ "time" - - "github.com/containerd/console" - eventstypes "github.com/containerd/containerd/api/events" -@@ -140,9 +141,14 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - rootfs := filepath.Join(r.Bundle, "rootfs") - defer func() { - if err != nil { -+ logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { - log.G(ctx).WithError(err2).Warn("Failed to cleanup rootfs mount") - } -+ go func() { -+ time.Sleep(10*time.Second) -+ os.Exit(0) -+ }() - } - }() - for _, rm := range mounts { --- -2.7.4.3 - diff --git a/patch/0026-exit-optimize-init.exit-record.patch b/patch/0026-exit-optimize-init.exit-record.patch deleted file mode 100644 index 80eaae2..0000000 --- a/patch/0026-exit-optimize-init.exit-record.patch +++ /dev/null @@ -1,96 +0,0 @@ -From c26316153098e72a9b30668befc36fcfcba3b76f Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 15:55:21 +0800 -Subject: [PATCH 26/27] exit: optimize init.exit record - -Change-Id: If1319f7d87defed16d1113337957f36b7320e9b9 -Signed-off-by: jingrui ---- - events/exit.go | 21 +++++++++++++++++++++ - runtime/v1/linux/proc/init.go | 1 - - runtime/v1/linux/runtime.go | 2 +- - runtime/v1/shim/service.go | 2 +- - 4 files changed, 23 insertions(+), 3 deletions(-) - -diff --git a/events/exit.go b/events/exit.go -index e1ce089..772dc24 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -7,11 +7,13 @@ import ( - "path/filepath" - "strconv" - "strings" -+ - "github.com/sirupsen/logrus" - ) - - const ExitDir = "/var/run/docker/containerd/exit" - const ExitStatusDefault = 137 -+const InitExit = "init.exit" - - func ExitFile(cid string, pid uint32, status uint32) string { - return fmt.Sprintf("%s.%d.%d", cid, pid, status) -@@ -77,3 +79,22 @@ func ExitPending(ns string, cid string, pid uint32) bool { - } - return false - } -+ -+func InitExitWrite(bundle string, pid int) { -+ if _, err := os.Stat(bundle); err != nil { -+ logrus.Infof("skip write init.exit %s error=%v", bundle, err) -+ return -+ } -+ err := ioutil.WriteFile(filepath.Join(bundle, InitExit), []byte(fmt.Sprintf("%d", pid)), 0600) -+ if err != nil { -+ logrus.Infof("failed write init.exit error=%s", bundle, err) -+ } -+} -+ -+func InitExitExist(bundle string) bool { -+ if _, err := os.Stat(filepath.Join(bundle, InitExit)); err == nil { -+ return true -+ } -+ return false -+} -+ -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index caa31c3..5b23671 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -43,7 +43,6 @@ import ( - - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" --const InitExit = "init.exit" - - // Init represents an initial process for a container - type Init struct { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 5647f94..e92904e 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -429,7 +429,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Warnf("skip load task in creating %s", id) - continue - } -- if _, err := os.Stat(filepath.Join(bundle.path, proc.InitExit)); err == nil { -+ if events.InitExitExist(bundle.path) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index d7fdcaf..f421fde 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -513,7 +513,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - if ip, ok := p.(*proc.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -- ioutil.WriteFile(filepath.Join(ip.Bundle, proc.InitExit), []byte(fmt.Sprintf("%d", e.Pid)), 0600) -+ events.InitExitWrite(ip.Bundle, e.Pid) - } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { --- -2.7.4.3 - diff --git a/patch/0027-log-make-tester-happy.patch b/patch/0027-log-make-tester-happy.patch deleted file mode 100644 index f3e9295..0000000 --- a/patch/0027-log-make-tester-happy.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a275b359b2e85d8f353eab12d538a94609171918 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 23 Feb 2019 18:32:00 +0800 -Subject: [PATCH 27/27] log: make tester happy - -reason: make tester happy -+ check_docker_error /tmp/tmp_11955/log2 b3357887148bc59212d30dba46d3eea9490cfe94594fa00aa7706c7addb92d91 -+ grep docker /tmp/tmp_11955/log2 -+ grep error -+ grep b3357887148bc59212d30dba46d3eea9490cfe94594fa00aa7706c7addb92d91 -+ grep -w 'container did not start before the specified timeout' - -Change-Id: Iddd40bd42212bf09f52c17f28119a6b5364f4de7 -Signed-off-by: jingrui ---- - hack/containerd.spec | 2 +- - runtime/v1/shim/reaper.go | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/hack/containerd.spec b/hack/containerd.spec -index 869012a..05f68c7 100644 ---- a/hack/containerd.spec -+++ b/hack/containerd.spec -@@ -3,7 +3,7 @@ - Version: 1.2.0 - - Name: containerd --Release: 6%{?dist} -+Release: 7%{?dist} - Summary: An industry-standard container runtime - License: ASL 2.0 - URL: https://containerd.io -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index a2b90fe..529a533 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -125,7 +125,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - if SameProcess(c, c.Process.Pid) { - syscall.Kill(c.Process.Pid, syscall.SIGKILL) - } -- return 0, errors.Errorf("timeout %ds for cmd(pid= %d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: - return status, nil - case err := <-ech: --- -2.7.4.3 - diff --git a/patch/0028-restore-delete-task-in-containerd-restoring.patch b/patch/0028-restore-delete-task-in-containerd-restoring.patch deleted file mode 100644 index e5b36a1..0000000 --- a/patch/0028-restore-delete-task-in-containerd-restoring.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1130a0bc101c3f59c99eb850b24d0799c216d677 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 22 Mar 2019 21:22:08 +0800 -Subject: [PATCH] restore: delete task in containerd restoring - -reason: delete task quickly when containerd is restoring to avoid container restart fail. - -Change-Id: Ide5e8c9bbd873addc6c35b9604e4cda03ca78b5e -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index e92904e..2a45aaa 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -426,7 +426,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - continue - } - if pid <= 0 { -- log.G(ctx).Warnf("skip load task in creating %s", id) -+ go func() { -+ log.G(ctx).Infof("del task in creating %s", id) -+ t.DeleteForce(ctx, uint32(pid)) -+ log.G(ctx).Infof("del task in creating %s done", id) -+ }() - continue - } - if events.InitExitExist(bundle.path) { --- -1.8.3.1 - diff --git a/patch/0029-restore-delete-task-asynchronously.patch b/patch/0029-restore-delete-task-asynchronously.patch deleted file mode 100644 index 2d3dc90..0000000 --- a/patch/0029-restore-delete-task-asynchronously.patch +++ /dev/null @@ -1,35 +0,0 @@ -From de14f9d00033a9596823e0ea953437f5f244cb74 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 23 Mar 2019 07:18:57 +0800 -Subject: [PATCH] restore: delete task asynchronously - -reason: set delete task to asynchronous to avoid containerd be killed when delete is blocking. - testCE_docker_hook_spec_ABN.059.sh - -Change-Id: I5fae8e60987b9617a835ea07710ca3c842efab14 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 2a45aaa..cca72fe 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -437,8 +437,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -- _, err := t.DeleteForce(ctx, uint32(pid)) -- log.G(ctx).Warnf("delete force %s Pid=%d(exiting) error=%v", id, pid, err) -+ go func(){ -+ log.G(ctx).Infof("delete force %s start, Pid=%d(exiting)", id, pid) -+ _, err := t.DeleteForce(ctx, uint32(pid)) -+ log.G(ctx).Infof("delete force %s done, Pid=%d(exiting) error=%v", id, pid, err) -+ }() - continue - } - log.G(ctx).Infof("load-task %s Pid=%d done", id, pid) --- -1.8.3.1 - diff --git a/patch/0030-event-fix-events-lost-when-loadTask-failed.patch b/patch/0030-event-fix-events-lost-when-loadTask-failed.patch deleted file mode 100644 index 959460d..0000000 --- a/patch/0030-event-fix-events-lost-when-loadTask-failed.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 375689497320d105aa2ed026710e20d9b0bd2a72 Mon Sep 17 00:00:00 2001 -From: jiangpengfei9 -Date: Mon, 1 Apr 2019 13:08:50 -0400 -Subject: [PATCH] event: fix events lost when loadTask failed - -reason: If containerd-shim and containerd process is killed, container will exit, -however containerd exit event which generates when containerd restart to reload -tasks can not publish to dockerd, because at the time of loading tasks the connection -between dockerd and containerd isn't established. - -So we add this unpublish exit event to file and resend this event after grpc connection -is established. - -Signed-off-by: jiangpengfei9 ---- - runtime/v1/linux/runtime.go | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index cca72fe..af823b2 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -373,6 +373,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - "id": id, - "namespace": ns, - }).Error("connecting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). -@@ -388,6 +391,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - "id": id, - "namespace": ns, - }).Error("contacting to shim") -+ if !events.ExitPending(ns, id, uint32(pid)) { -+ events.ExitAddFile(ns, events.ExitFile(id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") -+ } - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). --- -1.8.3.1 - diff --git a/patch/0031-containerd-enable-relro-flags.patch b/patch/0031-containerd-enable-relro-flags.patch deleted file mode 100644 index 2ee4f4b..0000000 --- a/patch/0031-containerd-enable-relro-flags.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2db6e4cda2e042fab327493c0fa095723d7c0352 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 15 Apr 2019 10:58:07 +0800 -Subject: [PATCH] containerd: enable relro flags - -Change-Id: I5f32e7bf794842a14e1644f7aa3115a65b1bc698 -Signed-off-by: jingrui ---- - Makefile | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index e38dfb38..921b2d50 100644 ---- a/Makefile -+++ b/Makefile -@@ -77,7 +77,8 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' \ -+ -ldflags=-extldflags=-zrelro -ldflags=-extldflags=-znow - SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing --- -2.17.1 - diff --git a/patch/0032-containerd-enable-bep-ldflags.patch b/patch/0032-containerd-enable-bep-ldflags.patch deleted file mode 100644 index e557af1..0000000 --- a/patch/0032-containerd-enable-bep-ldflags.patch +++ /dev/null @@ -1,45 +0,0 @@ -From da6ea77f9f47c740fe85e7e4d34889e131135b81 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 15 Apr 2019 23:44:55 +0800 -Subject: [PATCH] containerd: enable bep ldflags - -Change-Id: I820b100aa1420fc399878a905de14fb6a25ca1a4 -Signed-off-by: jingrui ---- - Makefile | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index 921b2d50..612330b4 100644 ---- a/Makefile -+++ b/Makefile -@@ -77,9 +77,12 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 - # Build tags seccomp and apparmor are needed by CRI plugin. - BUILDTAGS ?= seccomp apparmor - GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) --GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' \ -- -ldflags=-extldflags=-zrelro -ldflags=-extldflags=-znow --SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+ -+BEP_DIR=/tmp/containerd-build-bep -+BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep -+ -+GO_LDFLAGS=-ldflags '-s -w -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -@@ -166,8 +169,9 @@ FORCE: - - # Build a binary from a cmd. - bin/%: cmd/% FORCE -+ mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" -- @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< -+ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" --- -2.17.1 - diff --git a/patch/0033-containerd-fix-opened-file-not-close.patch b/patch/0033-containerd-fix-opened-file-not-close.patch deleted file mode 100644 index 8ba547c..0000000 --- a/patch/0033-containerd-fix-opened-file-not-close.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b5806942e2938d4800298df276f1a095b859bacb Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 19 Apr 2019 22:05:18 +0800 -Subject: [PATCH] containerd: fix opened file not close - -reason: fix opened file not close - -Change-Id: I69f53255eabd3dd2e87a61ba963fa8027870e014 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/proc/utils.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index 3d0334c..ab9f5fa 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -41,6 +41,7 @@ func getLastRuntimeError(r *runc.Runc) (string, error) { - if err != nil { - return "", err - } -+ defer f.Close() - - var ( - errMsg string --- -1.8.3.1 - diff --git a/patch/0034-containerd-add-buildid-in-Makefile.patch b/patch/0034-containerd-add-buildid-in-Makefile.patch deleted file mode 100644 index 8d92ee0..0000000 --- a/patch/0034-containerd-add-buildid-in-Makefile.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e61f2c1664c91b5c8a8cb48641002c7c471c1d45 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Tue, 23 Apr 2019 12:24:50 +0800 -Subject: [PATCH] containerd: add buildid in Makefile - -Change-Id: I1c2ff035db2a02d125139b9ff170f91e81181541 ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 612330b..a400899 100644 ---- a/Makefile -+++ b/Makefile -@@ -81,8 +81,8 @@ GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) - BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - --GO_LDFLAGS=-ldflags '-s -w -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") --- -2.7.4.3 - diff --git a/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch b/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch deleted file mode 100644 index 0f7659a..0000000 --- a/patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 8f97c7a7353c05a8b64ef9ee522ee62fba66a608 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Sun, 5 May 2019 19:50:56 +0800 -Subject: [PATCH] containerd: fix the path of containerd.spec in - Makefile - -Change-Id: I4ec87e5ddf256574513f977e53e4bdf050e0169c -Signed-off-by: zhangyu235 ---- - Makefile | 2 +- - hack/containerd.spec | 46 ---------------------------------------------- - 2 files changed, 1 insertion(+), 47 deletions(-) - delete mode 100644 hack/containerd.spec - -diff --git a/Makefile b/Makefile -index a400899..5de5cf7 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/hack/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') - REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" -diff --git a/hack/containerd.spec b/hack/containerd.spec -deleted file mode 100644 -index 05f68c7..0000000 ---- a/hack/containerd.spec -+++ /dev/null -@@ -1,46 +0,0 @@ --%global goipath github.com/containerd/containerd --%global debug_package %{nil} --Version: 1.2.0 -- --Name: containerd --Release: 7%{?dist} --Summary: An industry-standard container runtime --License: ASL 2.0 --URL: https://containerd.io --Source0: containerd-1.2.0.tar.gz -- --BuildRequires: golang glibc-static make --BuildRequires: btrfs-progs-devel -- -- --%description --containerd is an industry-standard container runtime with an emphasis on --simplicity, robustness and portability. It is available as a daemon for Linux --and Windows, which can manage the complete container lifecycle of its host --system: image transfer and storage, container execution and supervision, --low-level storage and network attachments, etc. -- -- --%prep --%setup -c -n containerd -- --%build --GO_BUILD_PATH=$PWD/_build --install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath}) --ln -fs $PWD $GO_BUILD_PATH/src/%{goipath} --cd $GO_BUILD_PATH/src/%{goipath} --export GOPATH=$GO_BUILD_PATH:%{gopath} --export BUILDTAGS="no_btrfs no_cri" --make -- --%install --install -d $RPM_BUILD_ROOT/%{_bindir} --install -p -m 755 bin/containerd $RPM_BUILD_ROOT/%{_bindir}/containerd --install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim -- --%files --%{_bindir}/containerd --%{_bindir}/containerd-shim -- -- --%changelog --- -2.7.4.3 - diff --git a/patch/0036-containerd-support-container-start-timeout-se.patch b/patch/0036-containerd-support-container-start-timeout-se.patch deleted file mode 100644 index 40c5310..0000000 --- a/patch/0036-containerd-support-container-start-timeout-se.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 1980e34108cf2fab407c4e0b45cb07fc06e15642 Mon Sep 17 00:00:00 2001 -From: lixiang172 -Date: Thu, 9 May 2019 21:36:56 +0800 -Subject: [PATCH] containerd: support container start timeout setting - -Change-Id: I8c958a1c16ed6c7a86e4c6299ad1ef81c7476120 -Signed-off-by: lixiang172 ---- - vendor/github.com/containerd/go-runc/runc.go | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index e66ea5b..6323bf2 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -30,9 +30,9 @@ import ( - "strings" - "syscall" - "time" -- "github.com/sirupsen/logrus" - - specs "github.com/opencontainers/runtime-spec/specs-go" -+ "github.com/sirupsen/logrus" - ) - - // Format is the type of log formatting options avaliable -@@ -54,7 +54,10 @@ const ( - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" - execTimeout = 30 -- createTimeout = 120 -+) -+ -+var ( -+ createTimeout int64 = 120 - ) - - // Runc is the client to the runc cli -@@ -72,6 +75,15 @@ type Runc struct { - Rootless *bool // nil stands for "auto" - } - -+func init() { -+ runtimeTimeout, err := convertTime(os.Getenv("DOCKER_RUNTIME_START_TIMEOUT")) -+ if err != nil { -+ logrus.Warnf("init error, wrong runtimeTimeout format: %v", err) -+ } else { -+ createTimeout = runtimeTimeout -+ } -+} -+ - // List returns all containers created inside the provided runc root directory - func (r *Runc) List(context context.Context) ([]*Container, error) { - data, err := cmdOutput(r.command(context, "list", "--format=json"), false) -@@ -734,3 +746,11 @@ func cmdOutputTimeout(cmd *exec.Cmd, combined bool, timeout int64) ([]byte, erro - - return b.Bytes(), err - } -+ -+func convertTime(timeout string) (int64, error) { -+ timeDura, err := time.ParseDuration(timeout) -+ if err != nil { -+ return 0, err -+ } -+ return timeDura.Nanoseconds() / 1e9, nil -+} --- -1.8.3.1 - diff --git a/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch b/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch deleted file mode 100644 index a621446..0000000 --- a/patch/0037-containerd-Fix-fd-leak-of-shim-log.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 26c6307f1cab31105583ef22c2da8fe44a8d45e4 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Fri, 17 May 2019 16:52:06 +0800 -Subject: [PATCH] containerd: Fix fd leak of shim log - -reason:Open shim v2 log with the flag `O_RDWR` will cause the `Read()` block -forever even if the pipe has been closed on the shim side. Then the -`io.Copy()` would never return and lead to a fd leak. -Fix typo when closing shim v1 log which causes the `stdouLog` leak. -Update `numPipes` function in test case to get the opened FIFO -correctly. - -Cherry-pick from upstream cf6e00854 -Reference from https://github.com/containerd/containerd/pull/3266 - -Change-Id: If83a4ca9b9ec0079ac0f0015d1f6768581571030 -Signed-off-by: Li Yuxuan -Signed-off-by: zhangyu235 ---- - container_linux_test.go | 2 +- - runtime/v1/shim/client/client.go | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/container_linux_test.go b/container_linux_test.go -index fa764d7..fdf6349 100644 ---- a/container_linux_test.go -+++ b/container_linux_test.go -@@ -329,7 +329,7 @@ func TestShimDoesNotLeakPipes(t *testing.T) { - } - - func numPipes(pid int) (int, error) { -- cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep pipe", pid)) -+ cmd := exec.Command("sh", "-c", fmt.Sprintf("lsof -p %d | grep FIFO", pid)) - - var stdout bytes.Buffer - cmd.Stdout = &stdout -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index ef74030..a819be6 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -96,9 +96,9 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - cmd.Wait() - exitHandler() - if stdoutLog != nil { -- stderrLog.Close() -+ stdoutLog.Close() - } -- if stdoutLog != nil { -+ if stderrLog != nil { - stderrLog.Close() - } - }() --- -2.7.4.3 - diff --git a/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch b/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch deleted file mode 100644 index 77aa6ca..0000000 --- a/patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d13733a390a987006bd5febb7d28a2d1c7873af2 Mon Sep 17 00:00:00 2001 -From: zhangyu235 -Date: Thu, 30 May 2019 09:27:00 +0800 -Subject: [PATCH] containerd: fix shim std logs not close after shim - exit - -reason:fix shim std logs not close after shim exit - -Change-Id: I980fb17b1d46de099b81529ea46681cf9f4bf09c -Signed-off-by: zhangyu235 ---- - runtime/v1/linux/runtime.go | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index af823b2..66914fe 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -361,7 +361,9 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - ctx = namespaces.WithNamespace(ctx, ns) - pid, _ := runc.ReadPidFile(filepath.Join(bundle.path, proc.InitPidFile)) - log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) -+ shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { -+ close(shimExit) - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). -@@ -426,6 +428,18 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - go io.Copy(os.Stderr, shimStderrLog) - -+ go func() { -+ select { -+ case <-shimExit: -+ if shimStdoutLog != nil { -+ shimStdoutLog.Close() -+ } -+ if shimStderrLog != nil { -+ shimStderrLog.Close() -+ } -+ } -+ }() -+ - t, err := newTask(id, ns, pid, s, r.events, r.tasks, bundle) - if err != nil { - log.G(ctx).WithError(err).Error("loading task type") -@@ -443,7 +457,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - if !events.ExitPending(ns, t.id, uint32(pid)) { - events.ExitAddFile(ns, events.ExitFile(t.id, uint32(pid), uint32(events.ExitStatusDefault)), "cleanup dirty task") - } -- go func(){ -+ go func() { - log.G(ctx).Infof("delete force %s start, Pid=%d(exiting)", id, pid) - _, err := t.DeleteForce(ctx, uint32(pid)) - log.G(ctx).Infof("delete force %s done, Pid=%d(exiting) error=%v", id, pid, err) --- -2.7.4.3 - diff --git a/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch b/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch deleted file mode 100644 index 9c7e857..0000000 --- a/patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch +++ /dev/null @@ -1,89 +0,0 @@ -From d886f6c03cca051b45fd77cc77d0cc870aed1aed Mon Sep 17 00:00:00 2001 -From: build -Date: Wed, 4 Sep 2019 05:21:06 -0400 -Subject: [PATCH] containerd: add timeout for I/O waitgroups - -reason: This and a combination of a couple Docker changes are needed to fully -resolve the issue on the Docker side. However, this ensures that after -processes exit, we still leave some time for the I/O to fully flush -before closing. Without this timeout, the delete methods would block -forever. - -Cherry-pick from upstream 245052243d -Reference from https://github.com/containerd/containerd/pull/3361 - -Signed-off-by: Michael Crosby ---- - runtime/v1/linux/proc/exec.go | 2 +- - runtime/v1/linux/proc/init.go | 2 +- - runtime/v1/linux/proc/utils.go | 20 ++++++++++++++++++++ - 3 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 715a977..08c581f 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -94,7 +94,7 @@ func (e *execProcess) setExited(status int) { - } - - func (e *execProcess) delete(ctx context.Context) error { -- e.wg.Wait() -+ waitTimeout(ctx, &e.wg, 2*time.Second) - if e.io != nil { - for _, c := range e.closers { - c.Close() -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 44d3f58..49fa8ec 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -263,7 +263,7 @@ func (p *Init) setExited(status int) { - } - - func (p *Init) delete(context context.Context) error { -- p.wg.Wait() -+ waitTimeout(context, &p.wg, 2*time.Second) - err := p.runtime.Delete(context, p.id, nil) - // ignore errors if a runtime has already deleted the process - // but we still hold metadata and pipes -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index ab9f5fa..d6f047c 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -19,10 +19,12 @@ - package proc - - import ( -+ "context" - "encoding/json" - "io" - "os" - "strings" -+ "sync" - "time" - - "github.com/containerd/containerd/errdefs" -@@ -103,3 +105,21 @@ func checkKillError(err error) error { - func hasNoIO(r *CreateConfig) bool { - return r.Stdin == "" && r.Stdout == "" && r.Stderr == "" - } -+ -+// waitTimeout handles waiting on a waitgroup with a specified timeout. -+// this is commonly used for waiting on IO to finish after a process has exited -+func waitTimeout(ctx context.Context, wg *sync.WaitGroup, timeout time.Duration) error { -+ ctx, cancel := context.WithTimeout(ctx, timeout) -+ defer cancel() -+ done := make(chan struct{}, 1) -+ go func() { -+ wg.Wait() -+ close(done) -+ }() -+ select { -+ case <-done: -+ return nil -+ case <-ctx.Done(): -+ return ctx.Err() -+ } -+} --- -2.20.1 - diff --git a/patch/0038-containerd-support-kill-D-state-container.patch b/patch/0038-containerd-support-kill-D-state-container.patch deleted file mode 100644 index bc94d1f..0000000 --- a/patch/0038-containerd-support-kill-D-state-container.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 8ab02b5aecb0fa04ad747988d838e1c4de535222 Mon Sep 17 00:00:00 2001 -From: Jing Rui -Date: Tue, 18 Jun 2019 00:12:41 +0800 -Subject: [PATCH] containerd: support kill D state container - -Change-Id: I057553f2b8d3f57b71e5ea79930067bb7071e524 -Signed-off-by: Jing Rui ---- - runtime/v1/shim/service.go | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index f421fdef..8adaf35b 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -26,6 +26,7 @@ import ( - "os" - "path/filepath" - "sync" -+ "syscall" - "time" - - "github.com/containerd/console" -@@ -366,11 +367,30 @@ func (s *Service) Resume(ctx context.Context, r *ptypes.Empty) (*ptypes.Empty, e - - // Kill a process with the provided signal - func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Empty, error) { -+ delayKill := func(p rproc.Process) { -+ if s.id != p.ID() || r.Signal != uint32(syscall.SIGKILL) { -+ return -+ } -+ -+ for i := 1; i < 5; i++ { -+ time.Sleep(10 * time.Second) -+ err := p.Kill(ctx, r.Signal, r.All) -+ logrus.Infof("delay kill %s retry %d error=%v", s.id, i, err) -+ } -+ -+ logrus.Infof("force exit shim %s ...", s.id) -+ p.SetExited(137) -+ err := p.Delete(ctx) -+ logrus.Infof("force exit shim %s error=%v", s.id, err) -+ os.Exit(0) -+ } -+ - if r.ID == "" { - p, err := s.getInitProcess() - if err != nil { - return nil, err - } -+ go delayKill(p) - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) - } -@@ -381,6 +401,7 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - if err != nil { - return nil, err - } -+ go delayKill(p) - if err := p.Kill(ctx, r.Signal, r.All); err != nil { - return nil, errdefs.ToGRPC(err) - } --- -2.17.1 - diff --git a/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch b/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch deleted file mode 100644 index 1f894bf..0000000 --- a/patch/0039-containerd-fix-shouldKillAllOnExit-check.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7741b1a960799b1724e92d23c6b2d9473ca71fee Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Thu, 31 Oct 2019 23:25:40 -0400 -Subject: [PATCH] containerd: fix shouldKillAllOnExit check - -reason: fix shouldKillAllOnExit check -v1 https://github.com/containerd/containerd/commit/fa5f744a790356472d4649b9ad1d955e36d0c7c0 -v2 https://github.com/containerd/containerd/commit/872296642ac395acbc4344f529fcf4c6fddb5de2 -Signed-off-by: Lifubang ---- - runtime/v1/shim/service.go | 2 +- - runtime/v2/runc/service.go | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index ac545ea..88f7e0d 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -578,7 +578,7 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { -- if ns.Type == specs.PIDNamespace { -+ if ns.Type == specs.PIDNamespace && ns.Path == "" { - return false, nil - } - } -diff --git a/runtime/v2/runc/service.go b/runtime/v2/runc/service.go -index e37fb29..82beb8d 100644 ---- a/runtime/v2/runc/service.go -+++ b/runtime/v2/runc/service.go -@@ -680,7 +680,7 @@ func shouldKillAllOnExit(bundlePath string) (bool, error) { - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { -- if ns.Type == specs.PIDNamespace { -+ if ns.Type == specs.PIDNamespace && ns.Path == "" { - return false, nil - } - } --- -2.20.1 - diff --git a/patch/0039-containerd-modify-containerd-shim-to-ad.patch b/patch/0039-containerd-modify-containerd-shim-to-ad.patch deleted file mode 100644 index e475ee3..0000000 --- a/patch/0039-containerd-modify-containerd-shim-to-ad.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5eef82c3c41eabb532cd7520acf7e8587b76d8b5 Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Wed, 10 Jul 2019 15:07:46 -0400 -Subject: [PATCH] containerd: modify containerd-shim to adapt runv - runtime - -reason: containerd-shim pass a too long runtime root path to runv runtime, which cause hyperstartgrpc.sock -file absolute path exceed the max length of Unix Socket(max length is 108). - -Signed-off-by: jiangpengfei ---- - runtime/v1/linux/proc/init.go | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 5b23671..d464147 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -44,6 +44,9 @@ import ( - // InitPidFile name of the file that contains the init pid - const InitPidFile = "init.pid" - -+// Default runv runtime root dir -+const defaultRunvRoot = "/run/runv" -+ - // Init represents an initial process for a container - type Init struct { - wg sync.WaitGroup -@@ -83,12 +86,18 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru - if root == "" { - root = RuncRoot - } -+ -+ rootPath := filepath.Join(root, namespace) -+ if strings.Contains(runtime, "runv") { -+ rootPath = defaultRunvRoot -+ } -+ - return &runc.Runc{ - Command: runtime, - Log: filepath.Join(path, "log.json"), - LogFormat: runc.JSON, - PdeathSignal: syscall.SIGKILL, -- Root: filepath.Join(root, namespace), -+ Root: rootPath, - Criu: criu, - SystemdCgroup: systemd, - } --- -1.8.3.1 - diff --git a/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch b/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch deleted file mode 100644 index b266393..0000000 --- a/patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 07605707cce769e4f4c79b700586b5c59ec0b15a Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 13 Jul 2019 06:32:54 +0800 -Subject: [PATCH] containerd: add shim exit when bundle dir does not - exist - -reason: when bundle dir is deleted, containerd-shim should exit to avoid -shim.sock is occupied when container restart next time. - -Change-Id: I956412598e17d15f25b91afe1cbb9e24463f04be -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/service.go | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 8adaf35..ac545ea 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -141,13 +141,23 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - } - rootfs := filepath.Join(r.Bundle, "rootfs") - defer func() { -+ go func() { -+ for i := 0; i < 60; i++ { -+ time.Sleep(time.Second) -+ _, err := os.Stat(r.Bundle) -+ if os.IsNotExist(err) { -+ logrus.Errorf("bundle dir: %v does not exist, containerd-shim exit", r.Bundle) -+ os.Exit(0) -+ } -+ } -+ }() - if err != nil { - logrus.Errorf("create init %s failed error=%v", r.ID, err) - if err2 := mount.UnmountAll(rootfs, 0); err2 != nil { - log.G(ctx).WithError(err2).Warn("Failed to cleanup rootfs mount") - } - go func() { -- time.Sleep(10*time.Second) -+ time.Sleep(10 * time.Second) - os.Exit(0) - }() - } --- -1.8.3.1 - diff --git a/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch b/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch deleted file mode 100644 index 910cb60..0000000 --- a/patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch +++ /dev/null @@ -1,80 +0,0 @@ -From be9c04e9a90be92437c12ce90c8ff6d4ec1d83b3 Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Thu, 18 Jul 2019 07:57:52 -0400 -Subject: [PATCH] containerd: fix containerd call runv delete directly - use wrong --root parameters - -reason: When containerd-shim process is killed abnormaly, containerd will exec runv -delete command directly, however it will use the wrong --root parameters which is not -compatible with runv runtime. - -Signed-off-by: jiangpengfei ---- - runtime/v1/linux/proc/init.go | 4 ++-- - runtime/v1/linux/runtime.go | 10 +++++++++- - 2 files changed, 11 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index d464147..44d3f58 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -45,7 +45,7 @@ import ( - const InitPidFile = "init.pid" - - // Default runv runtime root dir --const defaultRunvRoot = "/run/runv" -+const DefaultRunvRoot = "/run/runv" - - // Init represents an initial process for a container - type Init struct { -@@ -89,7 +89,7 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru - - rootPath := filepath.Join(root, namespace) - if strings.Contains(runtime, "runv") { -- rootPath = defaultRunvRoot -+ rootPath = DefaultRunvRoot - } - - return &runc.Runc{ -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 66914fe..f8e3074 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -25,6 +25,7 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "strings" - "time" - - eventstypes "github.com/containerd/containerd/api/events" -@@ -506,6 +507,7 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - if err != nil { - return err - } -+ - if err := rt.Delete(ctx, id, &runc.DeleteOpts{ - Force: true, - }); err != nil { -@@ -539,11 +541,17 @@ func (r *Runtime) getRuntime(ctx context.Context, ns, id string) (*runc.Runc, er - } - } - -+ rootPath := filepath.Join(root, ns) -+ -+ if strings.Contains(cmd, "runv") { -+ rootPath = proc.DefaultRunvRoot -+ } -+ - return &runc.Runc{ - Command: cmd, - LogFormat: runc.JSON, - PdeathSignal: unix.SIGKILL, -- Root: filepath.Join(root, ns), -+ Root: rootPath, - Debug: r.config.ShimDebug, - }, nil - } --- -1.8.3.1 - diff --git a/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch b/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch deleted file mode 100644 index 73af8e4..0000000 --- a/patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch +++ /dev/null @@ -1,34 +0,0 @@ -From dcef6fcbdc78f7e9c14bdcd58e79d3eac8bc1c1b Mon Sep 17 00:00:00 2001 -From: jiangpengfei -Date: Thu, 18 Jul 2019 15:44:12 -0400 -Subject: [PATCH] containerd: close inherit shim.sock fd to adapt runv - -reason: runv create prcess is created by containerd-shim process and will -inherit the abstract unix socket shim.sock fd from containerd-shim. -If pause container restart, qemu and runv-proxy process are still running, -and shim.sock fd doesn't close, so pause container can not reuse the shim.sock -path and restart failed! - -Signed-off-by: jiangpengfei ---- - cmd/containerd-shim/main_unix.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 38b3eb4..89f6be9 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -189,6 +189,10 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { - ) - if path == "" { - l, err = net.FileListener(os.NewFile(3, "socket")) -+ _, _, errnoValue := unix.Syscall(unix.SYS_FCNTL, 3, uintptr(unix.F_SETFD), unix.FD_CLOEXEC) -+ if errnoValue != 0 { -+ logrus.Errorf("SYS_FCNTL set fd 3 FD_CLOEXEC flag failed: %v", errnoValue) -+ } - path = "[inherited from parent]" - } else { - if len(path) > 106 { --- -1.8.3.1 - diff --git a/patch/0043-containerd-run-state-with-timeout-10s.patch b/patch/0043-containerd-run-state-with-timeout-10s.patch deleted file mode 100644 index cfe0706..0000000 --- a/patch/0043-containerd-run-state-with-timeout-10s.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7b9e8a793fa6c0ec67effac0bc53d55c275e13be Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 25 Jul 2019 19:29:50 +0800 -Subject: [PATCH] containerd: run state with timeout 10s - -Change-Id: Idf55f750c2e7c6a9268318f519f1c8bc1595e09e -Signed-off-by: jingrui ---- - Makefile | 4 ++-- - runtime/v1/linux/task.go | 3 --- - services/tasks/local.go | 11 +++++++++++ - 3 files changed, 13 insertions(+), 5 deletions(-) - -diff --git a/Makefile b/Makefile -index 5de5cf75..9e7f3ae3 100644 ---- a/Makefile -+++ b/Makefile -@@ -81,8 +81,8 @@ GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) - BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - --GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags '-s -w -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' -+SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index b692ae78..d2bbb764 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -92,9 +92,6 @@ func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exi - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { - log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -- if !force { -- return nil, errdefs.FromGRPC(err) -- } - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/services/tasks/local.go b/services/tasks/local.go -index ce9ee59d..990e8411 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -47,6 +47,7 @@ import ( - ptypes "github.com/gogo/protobuf/types" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - bolt "go.etcd.io/bbolt" - "google.golang.org/grpc" - "google.golang.org/grpc/codes" -@@ -185,9 +186,19 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc. - if err := l.monitor.Monitor(c); err != nil { - return nil, errors.Wrap(err, "monitor task") - } -+ -+ ctx, cancel := context.WithTimeout(ctx, 20*time.Second) -+ defer cancel() -+ - state, err := c.State(ctx) - if err != nil { - log.G(ctx).Error(err) -+ go func() { -+ ctx, cancel := context.WithTimeout(context.Background(), time.Second) -+ defer cancel() -+ _, err := c.Delete(ctx) -+ logrus.Errorf("failed get pid, delete force error=%v", err) -+ }() - } - return &api.CreateTaskResponse{ - ContainerID: r.ContainerID, --- -2.17.1 - diff --git a/patch/0044-containerd-add-copyright.patch b/patch/0044-containerd-add-copyright.patch deleted file mode 100644 index f40d272..0000000 --- a/patch/0044-containerd-add-copyright.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 80972f7d142540b886068d67a49794aaa7232fb5 Mon Sep 17 00:00:00 2001 -From: lixiang -Date: Fri, 6 Sep 2019 15:16:21 +0800 -Subject: [PATCH] containerd: add copyright - -reason: add copyright - -Change-Id: I93ef565c6bf10d6f8cb66d956dddbfbd14477138 -Signed-off-by: lixiang ---- - events/exit.go | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/events/exit.go b/events/exit.go -index 772dc24..d3b3027 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -1,3 +1,12 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019. All rights reserved. -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file -+Description: common functions -+Author: jingrui -+Create: 2019-02-12 -+*/ -+ - package events - - import ( -@@ -97,4 +106,3 @@ func InitExitExist(bundle string) bool { - } - return false - } -- --- -1.8.3.1 - diff --git a/patch/0044-containerd-change-tmpfile-directory-when-exec.patch b/patch/0044-containerd-change-tmpfile-directory-when-exec.patch deleted file mode 100644 index 4e1adbe..0000000 --- a/patch/0044-containerd-change-tmpfile-directory-when-exec.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8f3291f805c641a6fcf043eb8c4e1a2f4174b579 Mon Sep 17 00:00:00 2001 -From: wujibin -Date: Wed, 14 Aug 2019 17:18:24 +0800 -Subject: [PATCH] containerd: change tmpfile directory when exec - -reason: tmp file stored /tmp before change, if mountain of containers -are runing, the diretory will exist too many tmp file - -Change-Id: I1879ba9d09dca41a7571131d7447bf67356ea79c ---- - vendor/github.com/containerd/go-runc/runc.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 6323bf21..7a2a8c4d 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -229,7 +229,7 @@ func (o *ExecOpts) args() (out []string, err error) { - // Exec executres and additional process inside the container based on a full - // OCI Process specification - func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts *ExecOpts) error { -- f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "runc-process") -+ f, err := ioutil.TempFile(".", "runc-process") - if err != nil { - return err - } --- -2.19.0 - diff --git a/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch b/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch deleted file mode 100644 index ea8fc65..0000000 --- a/patch/0045-containerd-shim-disable-fast-gc-on-arm.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4a8367ce3a9a8321ceeffbf2934380b139a74f90 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Fri, 18 Oct 2019 14:49:47 +0800 -Subject: [PATCH] containerd: stw gc sweep for arm64 - -Change-Id: I855c13a21c72bf0e91563db7c11e1348a1a78d55 -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 5 ----- - runtime/v1/shim/client/client.go | 4 ++++ - 2 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 89f6be91..22283626 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -80,11 +80,6 @@ func init() { - - func main() { - debug.SetGCPercent(40) -- go func() { -- for range time.Tick(30 * time.Second) { -- debug.FreeOSMemory() -- } -- }() - - if debugFlag { - logrus.SetLevel(logrus.DebugLevel) -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index a819be6c..a4669d33 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -24,6 +24,7 @@ import ( - "net" - "os" - "os/exec" -+ "runtime" - "strings" - "sync" - "syscall" -@@ -161,6 +162,9 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - cmd.SysProcAttr = getSysProcAttr() - cmd.ExtraFiles = append(cmd.ExtraFiles, socket) - cmd.Env = append(os.Environ(), "GOMAXPROCS=2") -+ if runtime.GOARCH == "arm64" { -+ cmd.Env = append(cmd.Env, "GODEBUG=gcstoptheworld=2") -+ } - cmd.Stdout = stdout - cmd.Stderr = stderr - return cmd, nil --- -2.17.1 - diff --git a/patch/0046-containerd-support-hot-upgrade.patch b/patch/0046-containerd-support-hot-upgrade.patch deleted file mode 100644 index 9aac729..0000000 --- a/patch/0046-containerd-support-hot-upgrade.patch +++ /dev/null @@ -1,630 +0,0 @@ -From 4656fbac6e4a23cf4e2fcb332777fb17895e67ca Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Wed, 14 Aug 2019 10:51:19 +0800 -Subject: [PATCH] containerd: hot-upgrade support from - containerd-0.2.8 - -This patch support hot-upgrade from containerd-0.2.8. When restore -tasks, it will find containers started by containerd-0.2.8, then start -fake task create, the fake create will run a new shim process, the shim -process will manage the container created by runc. - -After restore legacy created tasks, each task will has 2 shim -process. So it support down-grade to docker-1.11.2 with container still -running. - -Change-Id: I94cd48cbf8ceb408dbc8849fe6916e0ec3d889b0 -Signed-off-by: jingrui ---- - legacy/legacy.go | 145 ++++++++++++++++++++ - runtime/v1/linux/leruntime.go | 243 ++++++++++++++++++++++++++++++++++ - runtime/v1/linux/proc/init.go | 27 +++- - runtime/v1/linux/proc/io.go | 11 +- - runtime/v1/linux/runtime.go | 5 + - runtime/v1/shim/service.go | 10 +- - services/containers/local.go | 19 ++- - 7 files changed, 452 insertions(+), 8 deletions(-) - create mode 100644 legacy/legacy.go - create mode 100644 runtime/v1/linux/leruntime.go - -diff --git a/legacy/legacy.go b/legacy/legacy.go -new file mode 100644 -index 00000000..fde9f709 ---- /dev/null -+++ b/legacy/legacy.go -@@ -0,0 +1,145 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019-2019. All rights reserved. -+Description: support containerd hot-upgrade from 0.2.8 -+Author: jingrui jingrui@huawei.com -+Create: 2019-09-20 -+*/ -+ -+package legacy -+ -+import ( -+ "encoding/json" -+ "fmt" -+ "io" -+ "io/ioutil" -+ "os" -+ "path/filepath" -+ "runtime" -+ "strings" -+ -+ "github.com/sirupsen/logrus" -+ "github.com/opencontainers/runtime-spec/specs-go" -+) -+ -+const ( -+ LegacyFile = "legacy" -+ Config120 = "/var/run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/" -+ Stdio120 = "/var/run/docker/containerd/" -+ Config028 = "/var/run/docker/libcontainerd/" -+ State028 = "/var/run/docker/libcontainerd/containerd/" -+ Runtime = "io.containerd.runtime.v1" -+) -+ -+// IsLegacy is used to check if im legacy. -+func IsLegacy(id string) bool { -+ lf := Config120 + id + "/" + LegacyFile -+ if _, err := os.Stat(lf); err == nil { -+ caller := "??" -+ if pc, file, line, ok := runtime.Caller(1); ok { -+ caller = fmt.Sprintf("%s:%d:%s()", file, line, runtime.FuncForPC(pc).Name()) -+ } -+ logrus.Infof("shim pretend to be 0.2.8 in %s", caller) -+ return true -+ } -+ return false -+} -+ -+// IsRunning is used to detect whether legacy container is running. -+func IsRunning(id string) bool { -+ path := State028 + id + "/init/pid" -+ bpid, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ path = State028 + id + "/init/starttime" -+ btime, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ path = fmt.Sprintf("/proc/%s/stat", string(bpid)) -+ bstat, err := ioutil.ReadFile(path) -+ if err != nil { -+ return false -+ } -+ -+ if !strings.Contains(string(bstat), string(btime)) { -+ return false -+ } -+ -+ return true -+} -+ -+// CopyFile used to copy a file. -+func CopyFile(dstName, srcName string) (written int64, err error) { -+ src, err := os.Open(srcName) -+ if err != nil { -+ return -+ } -+ defer src.Close() -+ -+ dst, err := os.OpenFile(dstName, os.O_WRONLY|os.O_CREATE, 0644) -+ if err != nil { -+ return -+ } -+ defer dst.Close() -+ -+ return io.Copy(dst, src) -+} -+ -+// InitBundle will copy files from 0.2.8 dirs to 1.2.0 dirs. -+func InitBundle(root string, id string) error { -+ err := os.MkdirAll(Config120+id, 0711) -+ if err != nil { -+ return err -+ } -+ err = os.MkdirAll(Stdio120+id, 0711) -+ if err != nil { -+ return err -+ } -+ err = os.MkdirAll(filepath.Join(root, "moby", id), 0711) -+ if err != nil { -+ return err -+ } -+ -+ err = ioutil.WriteFile(Config120+id+"/"+LegacyFile, []byte{}, 0644) -+ if err != nil { -+ return err -+ } -+ CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -+ CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ return nil -+} -+ -+// DeleteBundle will delete unused legacy bundle files. -+func DeleteBundle(id string) error { -+ err1 := os.RemoveAll(Config120 + id) -+ err2 := os.RemoveAll(Stdio120 + id) -+ if err1 != nil { -+ return err1 -+ } -+ if err2 != nil { -+ return err2 -+ } -+ -+ return nil -+} -+ -+// LoadSpec load config.json into spec. -+func LoadSpec(id string) (*specs.Spec, error) { -+ f, err := os.OpenFile(Config120+id+"/config.json", os.O_RDONLY, 0400) -+ if err != nil { -+ return nil, err -+ } -+ defer f.Close() -+ -+ spec := specs.Spec{} -+ dec := json.NewDecoder(f) -+ err = dec.Decode(&spec) -+ if err != nil { -+ return nil, err -+ } -+ -+ return &spec, nil -+} -diff --git a/runtime/v1/linux/leruntime.go b/runtime/v1/linux/leruntime.go -new file mode 100644 -index 00000000..5b887935 ---- /dev/null -+++ b/runtime/v1/linux/leruntime.go -@@ -0,0 +1,243 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2019-2019. All rights reserved. -+Description: support containerd hot-upgrade from 0.2.8 -+Author: jingrui jingrui@huawei.com -+Create: 2019-09-20 -+*/ -+ -+package linux -+ -+import ( -+ "context" -+ "fmt" -+ "io/ioutil" -+ goruntime "runtime" -+ -+ "github.com/containerd/containerd/api/types" -+ "github.com/containerd/containerd/containers" -+ "github.com/containerd/containerd/errdefs" -+ "github.com/containerd/containerd/legacy" -+ "github.com/containerd/containerd/log" -+ "github.com/containerd/containerd/namespaces" -+ "github.com/containerd/containerd/runtime" -+ "github.com/containerd/containerd/runtime/linux/runctypes" -+ shim "github.com/containerd/containerd/runtime/v1/shim/v1" -+ scontainers "github.com/containerd/containerd/services/containers" -+ "github.com/containerd/typeurl" -+ "github.com/sirupsen/logrus" -+) -+ -+func taskIsExist(tasks []*Task, id string) bool { -+ for _, t := range tasks { -+ if t.id == id { -+ return true -+ } -+ } -+ return false -+} -+ -+func loadCreateOpts(id string) runtime.CreateOpts { -+ opts := runtime.CreateOpts{ -+ IO: runtime.IO{ -+ Stdin: fmt.Sprintf("/var/run/docker/libcontainerd/%s/init-stdin", id), -+ Stdout: fmt.Sprintf("/var/run/docker/libcontainerd/%s/init-stdout", id), -+ }, -+ } -+ -+ return opts -+} -+ -+func (r *Runtime) legacyCreateMeta(ctx context.Context, id string) { -+ spec, err := legacy.LoadSpec(id) -+ if err != nil { -+ logrus.Errorf("load spec for %s failed %v", id, err) -+ return -+ } -+ -+ s, err := typeurl.MarshalAny(spec) -+ if err != nil { -+ logrus.Errorf("marshal-any for %s failed %v", id, err) -+ return -+ } -+ -+ c := containers.Container{ -+ ID: id, -+ Runtime: containers.RuntimeInfo{ -+ Name: fmt.Sprintf("%s.%s", legacy.Runtime, goruntime.GOOS), -+ }, -+ Spec: s, -+ } -+ -+ err = scontainers.CreateMeta(ctx, c) -+ if err != nil { -+ logrus.Infof("create meta for %s failed %v", c.ID, err) -+ } -+} -+ -+func (r *Runtime) legacyCreate(ctx context.Context, id string, opts runtime.CreateOpts) (*Task, error) { -+ namespace, err := namespaces.NamespaceRequired(ctx) -+ if err != nil { -+ return nil, err -+ } -+ if namespace != "moby" { -+ return nil, fmt.Errorf("legacy not support ns=%s", namespace) -+ } -+ -+ ropts := &runctypes.RuncOptions{} -+ bundle := loadBundle(id, -+ legacy.Config120+id, -+ legacy.Config120+id) -+ -+ defer func() { -+ if err != nil { -+ errd := bundle.Delete() -+ log.G(ctx).WithError(err).Errorf("revert: delete bundle error=%v", errd) -+ } -+ }() -+ -+ shimopt := ShimLocal(r.config, r.events) -+ -+ var cgroup string -+ if opts.TaskOptions != nil { -+ v, err := typeurl.UnmarshalAny(opts.TaskOptions) -+ if err != nil { -+ return nil, err -+ } -+ cgroup = v.(*runctypes.CreateOptions).ShimCgroup -+ } -+ exitHandler := func() { -+ log.G(ctx).WithField("id", id).Info("shim reaped") -+ t, err := r.tasks.Get(ctx, id) -+ if err != nil { -+ // Task was never started or was already successfully deleted -+ return -+ } -+ lc := t.(*Task) -+ -+ log.G(ctx).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": namespace, -+ }).Warn("cleaning up after killed shim") -+ if err = r.cleanupAfterDeadShim(context.Background(), bundle, namespace, id, lc.pid); err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "id": id, -+ "namespace": namespace, -+ }).Warn("failed to clean up after killed shim") -+ } -+ } -+ shimopt = ShimRemote(r.config, r.address, cgroup, exitHandler) -+ -+ s, err := bundle.NewShimClient(ctx, namespace, shimopt, ropts) -+ if err != nil { -+ return nil, err -+ } -+ -+ defer func() { -+ if err != nil { -+ kerr := s.KillShim(ctx) -+ log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) -+ } -+ }() -+ -+ rt := r.config.Runtime -+ if ropts != nil && ropts.Runtime != "" { -+ rt = ropts.Runtime -+ } -+ sopts := &shim.CreateTaskRequest{ -+ ID: id, -+ Bundle: bundle.path, -+ Runtime: rt, -+ Stdin: opts.IO.Stdin, -+ Stdout: opts.IO.Stdout, -+ Stderr: opts.IO.Stderr, -+ Terminal: opts.IO.Terminal, -+ Checkpoint: opts.Checkpoint, -+ Options: opts.TaskOptions, -+ } -+ for _, m := range opts.Rootfs { -+ sopts.Rootfs = append(sopts.Rootfs, &types.Mount{ -+ Type: m.Type, -+ Source: m.Source, -+ Options: m.Options, -+ }) -+ } -+ cr, err := s.Create(ctx, sopts) -+ if err != nil { -+ return nil, errdefs.FromGRPC(err) -+ } -+ t, err := newTask(id, namespace, int(cr.Pid), s, r.events, r.tasks, bundle) -+ if err != nil { -+ return nil, err -+ } -+ -+ // dont add task to tasklist, restoreTasks() will add it later. -+ -+ return t, nil -+} -+ -+func (r *Runtime) loadLegacyTask(id string) (*Task, error) { -+ logrus.Infof("load-letask id=%s", id) -+ err := legacy.InitBundle(r.root, id) -+ if err != nil { -+ logrus.Errorf("letask %s init bundle failed %s", id, err) -+ return nil, err -+ } -+ -+ defer func() { -+ if err != nil { -+ err1 := legacy.DeleteBundle(id) -+ logrus.Errorf("letask %s failed %v, drop bundle error=%s", id, err, err1) -+ } -+ }() -+ -+ ctx := namespaces.WithNamespace(context.Background(), "moby") -+ r.legacyCreateMeta(ctx, id) -+ task, err := r.legacyCreate(ctx, id, loadCreateOpts(id)) -+ if err != nil { -+ logrus.Errorf("letask %s create failed %v", id, err) -+ return nil, err -+ } -+ -+ return task, nil -+} -+ -+func (r *Runtime) loadLegacyTasks(tasks []*Task, ctx context.Context, ns string) ([]*Task, error) { -+ var o []*Task -+ -+ if ns != "moby" { -+ logrus.Infof("loadLegacyTasks ignore ns=%s", ns) -+ return o, nil -+ } -+ -+ dir, err := ioutil.ReadDir(legacy.State028) -+ if err != nil { -+ logrus.Infof("loadLegacyTasks skipped, no legacy residual") -+ return o, nil -+ } -+ -+ for _, path := range dir { -+ if !path.IsDir() { -+ continue -+ } -+ -+ id := path.Name() -+ if taskIsExist(tasks, id) { -+ logrus.Infof("letask %s already loaded", id) -+ continue -+ } -+ if !legacy.IsRunning(id) { -+ logrus.Infof("letask %s not running", id) -+ continue -+ } -+ -+ task, err := r.loadLegacyTask(id) -+ if err != nil { -+ logrus.Errorf("letask %s load failed %s", err) -+ continue -+ } -+ -+ o = append(o, task) -+ logrus.Infof("letask id=%s load ok", id) -+ } -+ return o, nil -+} -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 44d3f58b..ace98621 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -31,6 +31,7 @@ import ( - "time" - - "github.com/containerd/console" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/runtime/proc" -@@ -39,6 +40,7 @@ import ( - google_protobuf "github.com/gogo/protobuf/types" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // InitPidFile name of the file that contains the init pid -@@ -113,6 +115,19 @@ func New(id string, runtime *runc.Runc, stdio proc.Stdio) *Init { - waitBlock: make(chan struct{}), - } - p.initState = &createdState{p: p} -+ // legacy container is exist, set it running state directly. -+ if legacy.IsLegacy(id) { -+ p.initState = &runningState{p: p} -+ go func(id string) { -+ for { -+ time.Sleep(3 * time.Second) -+ if !legacy.IsRunning(id) { -+ logrus.Infof("legacy container %s exited", id) -+ os.Exit(0) -+ } -+ } -+ }(id) -+ } - return p - } - -@@ -122,6 +137,17 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - err error - socket *runc.Socket - ) -+ pidFile := filepath.Join(p.Bundle, InitPidFile) -+ -+ if legacy.IsLegacy(r.ID) { -+ pid, err := runc.ReadPidFile(pidFile) -+ if err != nil { -+ return errors.Wrap(err, "failed to retrieve OCI runtime container pid") -+ } -+ p.pid = pid -+ return nil -+ } -+ - if r.Terminal { - if socket, err = runc.NewTempConsoleSocket(); err != nil { - return errors.Wrap(err, "failed to create OCI runtime console socket") -@@ -136,7 +162,6 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - return errors.Wrap(err, "failed to create OCI runtime io pipes") - } - } -- pidFile := filepath.Join(p.Bundle, InitPidFile) - if r.Checkpoint != "" { - opts := &runc.RestoreOpts{ - CheckpointOpts: runc.CheckpointOpts{ -diff --git a/runtime/v1/linux/proc/io.go b/runtime/v1/linux/proc/io.go -index 71f6ee1b..36066270 100644 ---- a/runtime/v1/linux/proc/io.go -+++ b/runtime/v1/linux/proc/io.go -@@ -79,6 +79,9 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - }, - }, - } { -+ if i.name == "" { -+ continue -+ } - ok, err := isFifo(i.name) - if err != nil { - return err -@@ -89,10 +92,10 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - ) - if ok { - if fw, err = fifo.OpenFifo(ctx, i.name, syscall.O_WRONLY, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_WRONLY: opening %s failed: %s", i.name, err) - } - if fr, err = fifo.OpenFifo(ctx, i.name, syscall.O_RDONLY, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_RDONLY: opening %s failed: %s", i.name, err) - } - } else { - if sameFile != nil { -@@ -100,7 +103,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - continue - } - if fw, err = os.OpenFile(i.name, syscall.O_WRONLY|syscall.O_APPEND, 0); err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", i.name, err) -+ return fmt.Errorf("containerd-shim syscall.O_WRONLY|syscall.O_APPEND: opening %s failed: %s", i.name, err) - } - if stdout == stderr { - sameFile = fw -@@ -113,7 +116,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - } - f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { -- return fmt.Errorf("containerd-shim: opening %s failed: %s", stdin, err) -+ return fmt.Errorf("containerd-shim syscall.O_RDONLY|syscall.O_NONBLOCK: opening %s failed: %s", stdin, err) - } - cwg.Add(1) - go func() { -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index f8e30742..1b763fbc 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -300,6 +300,11 @@ func (r *Runtime) restoreTasks(ctx context.Context) ([]*Task, error) { - } - o = append(o, tasks...) - } -+ lo, err := r.loadLegacyTasks(o, ctx, "moby") -+ if err != nil { -+ logrus.Errorf("load legacy with error %v", err) -+ } -+ o = append(o, lo...) - return o, nil - } - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index ac545ea4..6411fdd9 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -34,6 +34,7 @@ import ( - "github.com/containerd/containerd/api/types/task" - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/events" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/namespaces" -@@ -381,7 +382,9 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - if s.id != p.ID() || r.Signal != uint32(syscall.SIGKILL) { - return - } -- -+ if legacy.IsLegacy(s.id) { -+ return -+ } - for i := 1; i < 5; i++ { - time.Sleep(10 * time.Second) - err := p.Kill(ctx, r.Signal, r.All) -@@ -676,6 +679,11 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace, criu st - - rootfs := filepath.Join(path, "rootfs") - runtime := proc.NewRunc(runtimeRoot, path, namespace, r.Runtime, criu, systemdCgroup) -+ // legacy container using /run/runc as runc root. -+ if legacy.IsLegacy(r.ID) { -+ runtime.Root = "/run/runc" -+ } -+ - p := proc.New(r.ID, runtime, rproc.Stdio{ - Stdin: r.Stdin, - Stdout: r.Stdout, -diff --git a/services/containers/local.go b/services/containers/local.go -index 95a09872..5934d5ad 100644 ---- a/services/containers/local.go -+++ b/services/containers/local.go -@@ -48,10 +48,11 @@ func init() { - if err != nil { - return nil, err - } -- return &local{ -+ helperLocal = local{ - db: m.(*metadata.DB), - publisher: ic.Events, -- }, nil -+ } -+ return &helperLocal, nil - }, - }) - } -@@ -243,3 +244,17 @@ func (s *localStream) SendMsg(m interface{}) error { - func (s *localStream) RecvMsg(m interface{}) error { - return nil - } -+ -+var helperLocal local // used for create meta only. -+// CreateMeta used only by legacy module to create meta. -+func CreateMeta(ctx context.Context, c containers.Container) error { -+ l := &helperLocal -+ err := l.withStoreUpdate(ctx, func(ctx context.Context, store containers.Store) error { -+ _, err := store.Create(ctx, c) -+ if err != nil { -+ return err -+ } -+ return nil -+ }) -+ return err -+} --- -2.17.1 - diff --git a/patch/0047-containerd-shim-exit-initiative-after-3s.patch b/patch/0047-containerd-shim-exit-initiative-after-3s.patch deleted file mode 100644 index f8e325c..0000000 --- a/patch/0047-containerd-shim-exit-initiative-after-3s.patch +++ /dev/null @@ -1,30 +0,0 @@ -From fe778eb160fc1e3a492b5304890af3843aa91f32 Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Tue, 5 Nov 2019 23:07:49 -0500 -Subject: [PATCH] containerd: containerd-shim exit initiative after 3s - -reason: containerd-shim exit initiative after 3s - -Signed-off-by: liuzekun ---- - runtime/v1/shim/service.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 326096c..3abaa99 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -548,6 +548,10 @@ func (s *Service) checkProcesses(e runc.Exit) { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) -+ go func() { -+ time.Sleep(3 * time.Second) -+ os.Exit(0) -+ }() - } - if shouldKillAll { - if ip, ok := p.(*proc.Init); ok { --- -2.20.1 - diff --git a/patch/0048-containerd-modify-shim-initiative-exit-time.patch b/patch/0048-containerd-modify-shim-initiative-exit-time.patch deleted file mode 100644 index f76982c..0000000 --- a/patch/0048-containerd-modify-shim-initiative-exit-time.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1735262dfdbc434c3e734c2a4b7e3c5407cd541f Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 16 Nov 2019 02:28:31 +0800 -Subject: [PATCH] containerd: modify shim initiative exit time - -reason: We set shim exit initiative after 3s of container init process -exiting, but poststop hook will run abnormally if it needs more than 3s. -So we modify the exit time to 120s to avoid this case, as poststop hook -is suggested not more than 120s. - -Change-Id: I3e78b6344fabb0687bc40c3b6da153f403a9f211 -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/service.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 3abaa99..9721660 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -549,7 +549,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) - go func() { -- time.Sleep(3 * time.Second) -+ time.Sleep(120 * time.Second) - os.Exit(0) - }() - } --- -1.8.3.1 - diff --git a/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch b/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch deleted file mode 100644 index 9876c45..0000000 --- a/patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch +++ /dev/null @@ -1,84 +0,0 @@ -From d2e10b3f23adf3338ee451c926167d18e5ac02e1 Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Thu, 21 Nov 2019 08:23:35 -0500 -Subject: [PATCH] contaienrd: modify shim initiative exit time for post hook - -reason: Modify shim initiative exit time for post hook. In consideration -of each post hook has a execution time with timeout(default 120s), we -should ensure enough time to call all post hook. - -Signed-off-by: liuzekun ---- - runtime/v1/shim/service.go | 29 ++++++++++++++++++++++------- - 1 file changed, 22 insertions(+), 7 deletions(-) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 9721660..cfba225 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -537,7 +537,7 @@ func (s *Service) checkProcesses(e runc.Exit) { - s.mu.Lock() - defer s.mu.Unlock() - -- shouldKillAll, err := shouldKillAllOnExit(s.bundle) -+ shouldKillAll, bundleSpec, err := shouldKillAllOnExit(s.bundle) - if err != nil { - log.G(s.context).WithError(err).Error("failed to check shouldKillAll") - } -@@ -549,8 +549,23 @@ func (s *Service) checkProcesses(e runc.Exit) { - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") - events.InitExitWrite(ip.Bundle, e.Pid) - go func() { -- time.Sleep(120 * time.Second) -- os.Exit(0) -+ t := 30 -+ defer func() { -+ time.Sleep(time.Duration(t) * time.Second) -+ os.Exit(0) -+ }() -+ if bundleSpec.Hooks == nil { -+ return -+ } -+ postStopHooks := bundleSpec.Hooks.Poststop -+ for _, postStopHook := range postStopHooks { -+ hookTimeout := postStopHook.Timeout -+ if hookTimeout == nil { -+ t += 120 -+ } else { -+ t += *hookTimeout -+ } -+ } - }() - } - if shouldKillAll { -@@ -575,23 +590,23 @@ func (s *Service) checkProcesses(e runc.Exit) { - } - } - --func shouldKillAllOnExit(bundlePath string) (bool, error) { -+func shouldKillAllOnExit(bundlePath string) (bool, specs.Spec, error) { - var bundleSpec specs.Spec - bundleConfigContents, err := ioutil.ReadFile(filepath.Join(bundlePath, "config.json")) - if err != nil { -- return false, err -+ return false, specs.Spec{}, err - } - json.Unmarshal(bundleConfigContents, &bundleSpec) - - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { - if ns.Type == specs.PIDNamespace && ns.Path == "" { -- return false, nil -+ return false, bundleSpec, nil - } - } - } - -- return true, nil -+ return true, bundleSpec, nil - } - - func (s *Service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { --- -2.20.1 - diff --git a/patch/0050-containerd-warp-and-process-return-errors.patch b/patch/0050-containerd-warp-and-process-return-errors.patch deleted file mode 100644 index fc20562..0000000 --- a/patch/0050-containerd-warp-and-process-return-errors.patch +++ /dev/null @@ -1,170 +0,0 @@ -From 20cb595625dcfdf89fdf766028625a7864674dec Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Mon, 23 Dec 2019 03:10:49 -0500 -Subject: [PATCH] containerd: wrap and process return errors - -reason: wrap and process return errors - -Signed-off-by: liuzekun ---- - cmd/containerd-shim/main_unix.go | 2 +- - events/exit.go | 4 ++-- - legacy/legacy.go | 8 +++++--- - runtime/v1/linux/leruntime.go | 5 ++++- - runtime/v1/linux/runtime.go | 7 +++++-- - runtime/v1/shim/reaper.go | 4 ++-- - runtime/v1/shim/service.go | 1 + - vendor/github.com/sirupsen/logrus/exported.go | 5 +++++ - 8 files changed, 25 insertions(+), 11 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 2228362..e9c1426 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -259,7 +259,7 @@ func dumpStacks(logger *logrus.Entry) { - bufferLen *= 2 - } - buf = buf[:stackSize] -- ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600) -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf(stacksLogNameTemplate, strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - logger.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } - -diff --git a/events/exit.go b/events/exit.go -index 772dc24..c0a3583 100644 ---- a/events/exit.go -+++ b/events/exit.go -@@ -48,13 +48,14 @@ func ExitInfo(ef string) (string, uint32, uint32) { - } - - func ExitAddFile(ns string, ef string, reason string) { -- os.MkdirAll(filepath.Join(ExitDir, ns), 0700) -+ logrus.Devour(os.MkdirAll(filepath.Join(ExitDir, ns), 0700)) - err := ioutil.WriteFile(filepath.Join(ExitDir, ns, ef), []byte{}, 0600) - logrus.Infof("exit-add %s/%s [reason: %s] error=%v", ns, ef, reason, err) - } - - func ExitDelFile(ns string, ef string) { - err := os.RemoveAll(filepath.Join(ExitDir, ns, ef)) -+ logrus.Devour(err) - logrus.Infof("exit-del %s/%s error=%v", ns, ef, err) - } - -diff --git a/legacy/legacy.go b/legacy/legacy.go -index fde9f70..219508c 100644 ---- a/legacy/legacy.go -+++ b/legacy/legacy.go -@@ -17,8 +17,8 @@ import ( - "runtime" - "strings" - -- "github.com/sirupsen/logrus" - "github.com/opencontainers/runtime-spec/specs-go" -+ "github.com/sirupsen/logrus" - ) - - const ( -@@ -107,8 +107,10 @@ func InitBundle(root string, id string) error { - if err != nil { - return err - } -- CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -- CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ _, err = CopyFile(Config120+id+"/config.json", Config028+id+"/config.json") -+ logrus.Devour(err) -+ _, err = CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") -+ logrus.Devour(err) - return nil - } - -diff --git a/runtime/v1/linux/leruntime.go b/runtime/v1/linux/leruntime.go -index 9c793a5..e8fbe61 100644 ---- a/runtime/v1/linux/leruntime.go -+++ b/runtime/v1/linux/leruntime.go -@@ -112,7 +112,10 @@ func (r *Runtime) legacyCreate(ctx context.Context, id string, opts runtime.Crea - // Task was never started or was already successfully deleted - return - } -- lc := t.(*Task) -+ lc, ok := t.(*Task) -+ if !ok { -+ log.G(ctx).WithField("id", id).Errorf("task t's type is %T, cannot convert to a *Task value", t) -+ } - - log.G(ctx).WithFields(logrus.Fields{ - "id": id, -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 1b763fb..c334bf4 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -43,7 +43,7 @@ import ( - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/runctypes" -- "github.com/containerd/containerd/runtime/v1" -+ v1 "github.com/containerd/containerd/runtime/v1" - "github.com/containerd/containerd/runtime/v1/linux/proc" - shim "github.com/containerd/containerd/runtime/v1/shim/v1" - runc "github.com/containerd/go-runc" -@@ -200,7 +200,10 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - // Task was never started or was already successfully deleted - return - } -- lc := t.(*Task) -+ lc, ok := t.(*Task) -+ if !ok { -+ log.G(ctx).WithField("id", id).Errorf("task t's type is %T, cannot convert to a *Task value", t) -+ } - - log.G(ctx).WithFields(logrus.Fields{ - "id": id, -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index 2846152..c657397 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -95,7 +95,7 @@ func (m *Monitor) Wait(c *exec.Cmd, ec chan runc.Exit) (int, error) { - for e := range ec { - if e.Pid == c.Process.Pid { - // make sure we flush all IO -- c.Wait() -+ logrus.Devour(c.Wait()) - m.Unsubscribe(ec) - return e.Status, nil - } -@@ -123,7 +123,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - select { - case <-time.After(time.Duration(sec) * time.Second): - if SameProcess(c, c.Process.Pid) { -- syscall.Kill(c.Process.Pid, syscall.SIGKILL) -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } - return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 4025a72..beb0ed8 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -146,6 +146,7 @@ func (s *Service) Create(ctx context.Context, r *shimapi.CreateTaskRequest) (_ * - for i := 0; i < 60; i++ { - time.Sleep(time.Second) - _, err := os.Stat(r.Bundle) -+ logrus.Devour(err) - if os.IsNotExist(err) { - logrus.Errorf("bundle dir: %v does not exist, containerd-shim exit", r.Bundle) - os.Exit(0) -diff --git a/vendor/github.com/sirupsen/logrus/exported.go b/vendor/github.com/sirupsen/logrus/exported.go -index 1aeaa90..46fa7f8 100644 ---- a/vendor/github.com/sirupsen/logrus/exported.go -+++ b/vendor/github.com/sirupsen/logrus/exported.go -@@ -191,3 +191,8 @@ func Panicln(args ...interface{}) { - func Fatalln(args ...interface{}) { - std.Fatalln(args...) - } -+ -+// Devour will do nothing and return directly -+func Devour(args ...interface{}) { -+ return -+} --- -2.20.1 - diff --git a/patch/0051-containerd-add-timeout-for-containerd-shim.patch b/patch/0051-containerd-add-timeout-for-containerd-shim.patch deleted file mode 100644 index 62125c1..0000000 --- a/patch/0051-containerd-add-timeout-for-containerd-shim.patch +++ /dev/null @@ -1,134 +0,0 @@ -From ea6e8c7b10fe1552d14fb9b0337d850a1f4a7178 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 3 Jan 2020 03:06:00 +0800 -Subject: [PATCH] containerd: add timeout for containerd-shim - -reason:add timeout for containerd-shim to avoid dead lock - -Change-Id: I7886eb9e73dc1a3c8b837687c8ac8361d67f5e4f -Signed-off-by: xiadanni1 ---- - runtime/v1/shim/reaper.go | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 37 ++++++++++++++++++++++------ - 2 files changed, 30 insertions(+), 9 deletions(-) - -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index c657397..d8e8274 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -125,7 +125,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - if SameProcess(c, c.Process.Pid) { - logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } -- return 0, errors.Errorf("container did not start before the specified timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) - case status := <-sch: - return status, nil - case err := <-ech: -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 7a2a8c4..430648d 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -53,7 +53,9 @@ const ( - Text Format = "text" - // DefaultCommand is the default command for Runc - DefaultCommand = "runc" -- execTimeout = 30 -+ defaultTimeout = 30 -+ startTimeout = 120 -+ updateTimeout = 60 - ) - - var ( -@@ -99,7 +101,7 @@ func (r *Runc) List(context context.Context) ([]*Container, error) { - - // State returns the state for the container provided by id - func (r *Runc) State(context context.Context, id string) (*Container, error) { -- data, err := cmdOutput(r.command(context, "state", id), true) -+ data, err := cmdOutputTimeout(r.command(context, "state", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -199,7 +201,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - - // Start will start an already created container - func (r *Runc) Start(context context.Context, id string) error { -- return r.runOrError(r.command(context, "start", id)) -+ return r.runOrErrorTimeout(r.command(context, "start", id), startTimeout) - } - - type ExecOpts struct { -@@ -252,7 +254,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - opts.Set(cmd) - } - if cmd.Stdout == nil && cmd.Stderr == nil { -- data, err := cmdOutputTimeout(cmd, true, execTimeout) -+ data, err := cmdOutputTimeout(cmd, true, defaultTimeout) - if err != nil { - return fmt.Errorf("%s: %s", err, data) - } -@@ -269,7 +271,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - } - } -- status, err := Monitor.WaitTimeout(cmd, ec, execTimeout) -+ status, err := Monitor.WaitTimeout(cmd, ec, defaultTimeout) - if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) - } -@@ -338,7 +340,7 @@ func (r *Runc) Kill(context context.Context, id string, sig int, opts *KillOpts) - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id, strconv.Itoa(sig))...)) -+ return r.runOrErrorTimeout(r.command(context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) - } - - // Stats return the stats for a container like cpu, memory, and io -@@ -414,7 +416,7 @@ func (r *Runc) Resume(context context.Context, id string) error { - - // Ps lists all the processes inside the container returning their pids - func (r *Runc) Ps(context context.Context, id string) ([]int, error) { -- data, err := cmdOutput(r.command(context, "ps", "--format", "json", id), true) -+ data, err := cmdOutputTimeout(r.command(context, "ps", "--format", "json", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -604,7 +606,7 @@ func (r *Runc) Update(context context.Context, id string, resources *specs.Linux - args := []string{"update", "--resources", "-", id} - cmd := r.command(context, args...) - cmd.Stdin = buf -- return r.runOrError(cmd) -+ return r.runOrErrorTimeout(cmd, updateTimeout) - } - - var ErrParseRuncVersion = errors.New("unable to parse runc version") -@@ -705,6 +707,25 @@ func (r *Runc) runOrError(cmd *exec.Cmd) error { - return nil - } - -+func (r *Runc) runOrErrorTimeout(cmd *exec.Cmd, runTimeout int64) error { -+ if cmd.Stdout != nil || cmd.Stderr != nil { -+ ec, err := Monitor.Start(cmd) -+ if err != nil { -+ return err -+ } -+ status, err := Monitor.WaitTimeout(cmd, ec, runTimeout) -+ if err == nil && status != 0 { -+ err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) -+ } -+ return err -+ } -+ data, err := cmdOutputTimeout(cmd, true, runTimeout) -+ if err != nil { -+ return fmt.Errorf("%s: %s", err, data) -+ } -+ return nil -+} -+ - func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) { - b := getBuf() - defer putBuf(b) --- -1.8.3.1 - diff --git a/patch/0052-containerd-modify-runtime-root-if-containe.patch b/patch/0052-containerd-modify-runtime-root-if-containe.patch deleted file mode 100644 index 92d5a63..0000000 --- a/patch/0052-containerd-modify-runtime-root-if-containe.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 3ccf18b7d72ef484093e8a6f578ef9381418bc54 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 17 Jan 2020 07:07:34 +0800 -Subject: [PATCH] containerd: modify runtime root if container is created by - 1.11.2 - -reason:if container is created by 1.11.2, runtime root is /run/runc, -so we need to modify the root dir when this container stops first time. - -Change-Id: If30e26a719ed61be0a08344860a066ab77b4cb40 -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 14 ++++--- - .../github.com/containerd/go-runc/command_linux.go | 4 +- - .../github.com/containerd/go-runc/command_other.go | 2 +- - vendor/github.com/containerd/go-runc/runc.go | 45 ++++++++++++---------- - 4 files changed, 37 insertions(+), 28 deletions(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index c334bf4..08e563d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -35,6 +35,7 @@ import ( - "github.com/containerd/containerd/events" - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/identifiers" -+ "github.com/containerd/containerd/legacy" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/metadata" - "github.com/containerd/containerd/mount" -@@ -521,11 +522,14 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - }); err != nil { - log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) - } -- if err := mount.Unmount(filepath.Join(bundle.path, "rootfs"), 0); err != nil { -- log.G(ctx).WithError(err).WithFields(logrus.Fields{ -- "path": bundle.path, -- "id": id, -- }).Warnf("unmount task rootfs") -+ -+ if !legacy.IsLegacy(id) { -+ if err := mount.Unmount(filepath.Join(bundle.path, "rootfs"), 0); err != nil { -+ log.G(ctx).WithError(err).WithFields(logrus.Fields{ -+ "path": bundle.path, -+ "id": id, -+ }).Warnf("unmount task rootfs") -+ } - } - return nil - } -diff --git a/vendor/github.com/containerd/go-runc/command_linux.go b/vendor/github.com/containerd/go-runc/command_linux.go -index 6ad27be..0aa6040 100644 ---- a/vendor/github.com/containerd/go-runc/command_linux.go -+++ b/vendor/github.com/containerd/go-runc/command_linux.go -@@ -31,12 +31,12 @@ func (r *Runc) isrunv() bool { - return false - } - --func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { -+func (r *Runc) command(id string, context context.Context, args ...string) *exec.Cmd { - command := r.Command - if command == "" { - command = DefaultCommand - } -- cmd := exec.CommandContext(context, command, append(r.args(), args...)...) -+ cmd := exec.CommandContext(context, command, append(r.args(id), args...)...) - cmd.SysProcAttr = &syscall.SysProcAttr{ - Setpgid: r.Setpgid, - } -diff --git a/vendor/github.com/containerd/go-runc/command_other.go b/vendor/github.com/containerd/go-runc/command_other.go -index b8fd4b8..21bb699 100644 ---- a/vendor/github.com/containerd/go-runc/command_other.go -+++ b/vendor/github.com/containerd/go-runc/command_other.go -@@ -29,7 +29,7 @@ func (r *Runc) command(context context.Context, args ...string) *exec.Cmd { - if command == "" { - command = DefaultCommand - } -- cmd := exec.CommandContext(context, command, append(r.args(), args...)...) -+ cmd := exec.CommandContext(context, command, append(r.args(""), args...)...) - cmd.Env = os.Environ() - return cmd - } -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 430648d..c1748ff 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -31,6 +31,7 @@ import ( - "syscall" - "time" - -+ "github.com/containerd/containerd/legacy" - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - ) -@@ -88,7 +89,7 @@ func init() { - - // List returns all containers created inside the provided runc root directory - func (r *Runc) List(context context.Context) ([]*Container, error) { -- data, err := cmdOutput(r.command(context, "list", "--format=json"), false) -+ data, err := cmdOutput(r.command("", context, "list", "--format=json"), false) - if err != nil { - return nil, err - } -@@ -101,7 +102,7 @@ func (r *Runc) List(context context.Context) ([]*Container, error) { - - // State returns the state for the container provided by id - func (r *Runc) State(context context.Context, id string) (*Container, error) { -- data, err := cmdOutputTimeout(r.command(context, "state", id), true, defaultTimeout) -+ data, err := cmdOutputTimeout(r.command(id, context, "state", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -168,7 +169,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -201,7 +202,7 @@ func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOp - - // Start will start an already created container - func (r *Runc) Start(context context.Context, id string) error { -- return r.runOrErrorTimeout(r.command(context, "start", id), startTimeout) -+ return r.runOrErrorTimeout(r.command(id, context, "start", id), startTimeout) - } - - type ExecOpts struct { -@@ -249,7 +250,7 @@ func (r *Runc) Exec(context context.Context, id string, spec specs.Process, opts - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -289,7 +290,7 @@ func (r *Runc) Run(context context.Context, id, bundle string, opts *CreateOpts) - } - args = append(args, oargs...) - } -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -317,7 +318,7 @@ func (r *Runc) Delete(context context.Context, id string, opts *DeleteOpts) erro - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(context, append(args, id)...)) -+ return r.runOrError(r.command(id, context, append(args, id)...)) - } - - // KillOpts specifies options for killing a container and its processes -@@ -340,12 +341,12 @@ func (r *Runc) Kill(context context.Context, id string, sig int, opts *KillOpts) - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrErrorTimeout(r.command(context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) -+ return r.runOrErrorTimeout(r.command(id, context, append(args, id, strconv.Itoa(sig))...), defaultTimeout) - } - - // Stats return the stats for a container like cpu, memory, and io - func (r *Runc) Stats(context context.Context, id string) (*Stats, error) { -- cmd := r.command(context, "events", "--stats", id) -+ cmd := r.command(id, context, "events", "--stats", id) - rd, err := cmd.StdoutPipe() - if err != nil { - return nil, err -@@ -367,7 +368,7 @@ func (r *Runc) Stats(context context.Context, id string) (*Stats, error) { - - // Events returns an event stream from runc for a container with stats and OOM notifications - func (r *Runc) Events(context context.Context, id string, interval time.Duration) (chan *Event, error) { -- cmd := r.command(context, "events", fmt.Sprintf("--interval=%ds", int(interval.Seconds())), id) -+ cmd := r.command(id, context, "events", fmt.Sprintf("--interval=%ds", int(interval.Seconds())), id) - rd, err := cmd.StdoutPipe() - if err != nil { - return nil, err -@@ -406,17 +407,17 @@ func (r *Runc) Events(context context.Context, id string, interval time.Duration - - // Pause the container with the provided id - func (r *Runc) Pause(context context.Context, id string) error { -- return r.runOrError(r.command(context, "pause", id)) -+ return r.runOrError(r.command(id, context, "pause", id)) - } - - // Resume the container with the provided id - func (r *Runc) Resume(context context.Context, id string) error { -- return r.runOrError(r.command(context, "resume", id)) -+ return r.runOrError(r.command(id, context, "resume", id)) - } - - // Ps lists all the processes inside the container returning their pids - func (r *Runc) Ps(context context.Context, id string) ([]int, error) { -- data, err := cmdOutputTimeout(r.command(context, "ps", "--format", "json", id), true, defaultTimeout) -+ data, err := cmdOutputTimeout(r.command(id, context, "ps", "--format", "json", id), true, defaultTimeout) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -429,7 +430,7 @@ func (r *Runc) Ps(context context.Context, id string) ([]int, error) { - - // Top lists all the processes inside the container returning the full ps data - func (r *Runc) Top(context context.Context, id string, psOptions string) (*TopResults, error) { -- data, err := cmdOutput(r.command(context, "ps", "--format", "table", id, psOptions), true) -+ data, err := cmdOutput(r.command(id, context, "ps", "--format", "table", id, psOptions), true) - if err != nil { - return nil, fmt.Errorf("%s: %s", err, data) - } -@@ -528,7 +529,7 @@ func (r *Runc) Checkpoint(context context.Context, id string, opts *CheckpointOp - for _, a := range actions { - args = a(args) - } -- return r.runOrError(r.command(context, append(args, id)...)) -+ return r.runOrError(r.command(id, context, append(args, id)...)) - } - - type RestoreOpts struct { -@@ -577,7 +578,7 @@ func (r *Runc) Restore(context context.Context, id, bundle string, opts *Restore - args = append(args, oargs...) - } - args = append(args, "--bundle", bundle) -- cmd := r.command(context, append(args, id)...) -+ cmd := r.command(id, context, append(args, id)...) - if opts != nil && opts.IO != nil { - opts.Set(cmd) - } -@@ -604,7 +605,7 @@ func (r *Runc) Update(context context.Context, id string, resources *specs.Linux - return err - } - args := []string{"update", "--resources", "-", id} -- cmd := r.command(context, args...) -+ cmd := r.command(id, context, args...) - cmd.Stdin = buf - return r.runOrErrorTimeout(cmd, updateTimeout) - } -@@ -619,7 +620,7 @@ type Version struct { - - // Version returns the runc and runtime-spec versions - func (r *Runc) Version(context context.Context) (Version, error) { -- data, err := cmdOutput(r.command(context, "--version"), false) -+ data, err := cmdOutput(r.command("", context, "--version"), false) - if err != nil { - return Version{}, err - } -@@ -658,9 +659,13 @@ func parseVersion(data []byte) (Version, error) { - return v, nil - } - --func (r *Runc) args() (out []string) { -+func (r *Runc) args(id string) (out []string) { - if r.Root != "" { -- out = append(out, "--root", r.Root) -+ if id != "" && legacy.IsLegacy(id) { -+ out = append(out, "--root", "/run/runc") -+ } else { -+ out = append(out, "--root", r.Root) -+ } - } - if r.Debug { - out = append(out, "--debug") --- -1.8.3.1 - diff --git a/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch b/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch deleted file mode 100644 index fddaf56..0000000 --- a/patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 489f69209650aa743ffd6e53571b822ad0b63c2d Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Sat, 18 Jan 2020 04:18:22 +0800 -Subject: [PATCH] containerd: add pid check to avoid poststop hook - execute twice - -reason:If start a container at docker 1.11.2, upgrade docker to 18.09, -downgrade to 1.11.2, stop/restart container, upgrade to 18.09 again, -poststop hook will execute again when containerd load task. -So we add pid check to avoid poststop hook execute twice. - -Change-Id: I8b88b69bfa0a4141bd9595da8ad4e786666e114b -Signed-off-by: xiadanni1 ---- - legacy/legacy.go | 21 +++++++++++++++++++++ - runtime/v1/linux/runtime.go | 10 ++++++---- - 2 files changed, 27 insertions(+), 4 deletions(-) - -diff --git a/legacy/legacy.go b/legacy/legacy.go -index 219508c..644f94a 100644 ---- a/legacy/legacy.go -+++ b/legacy/legacy.go -@@ -44,6 +44,25 @@ func IsLegacy(id string) bool { - return false - } - -+func IsSamePid(id string) bool { -+ pid120, err := ioutil.ReadFile(filepath.Join(Config120, id, "init.pid")) -+ if err != nil { -+ logrus.Infof("read 1.2.0 init.pid file error: %v", err) -+ return false -+ } -+ pid028, err := ioutil.ReadFile(filepath.Join(State028, id, "init", "pid")) -+ if err != nil { -+ logrus.Infof("read 0.2.8 pid file error: %v", err) -+ return false -+ } -+ logrus.Infof("pid1.2.0: %v, pid0.2.8: %v", string(pid120), string(pid028)) -+ if string(pid120) != string(pid028) { -+ return false -+ } -+ -+ return true -+} -+ - // IsRunning is used to detect whether legacy container is running. - func IsRunning(id string) bool { - path := State028 + id + "/init/pid" -@@ -111,6 +130,8 @@ func InitBundle(root string, id string) error { - logrus.Devour(err) - _, err = CopyFile(Config120+id+"/init.pid", State028+id+"/init/pid") - logrus.Devour(err) -+ _, err = CopyFile(Config120+id+"/starttime", State028+id+"/init/starttime") -+ logrus.Devour(err) - return nil - } - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 08e563d..96ad815 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -517,10 +517,12 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - return err - } - -- if err := rt.Delete(ctx, id, &runc.DeleteOpts{ -- Force: true, -- }); err != nil { -- log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) -+ if !legacy.IsLegacy(id) || legacy.IsSamePid(id) { -+ if err := rt.Delete(ctx, id, &runc.DeleteOpts{ -+ Force: true, -+ }); err != nil { -+ log.G(ctx).WithError(err).Warnf("delete runtime state %s", id) -+ } - } - - if !legacy.IsLegacy(id) { --- -1.8.3.1 - diff --git a/patch/0054-containerd-clean-up-residual-container.patch b/patch/0054-containerd-clean-up-residual-container.patch deleted file mode 100644 index 645b90f..0000000 --- a/patch/0054-containerd-clean-up-residual-container.patch +++ /dev/null @@ -1,100 +0,0 @@ -From a2310cbcff07f660b8d17584f687561b64bf27ad Mon Sep 17 00:00:00 2001 -From: zhangtianyang -Date: Thu, 27 Feb 2020 16:51:59 +0800 -Subject: [PATCH] containerd: clean up residual container after - shim abnormal exit - -reason:from update/revert test an occasional failure has been found that -shim process has exited but container is still running, then following exec -call all report ttrpc close error. -the triggering condition is uncertain. this patch will make up the clean -work of the residual container after such failure occurred to avoid -subsequent call errors. - -Change-Id: I0da9d4e46010cbe58f2fda21895caeb301936c47 -Signed-off-by: zhangtianyang ---- - runtime/v1/linux/runtime.go | 11 +++++++++++ - services/tasks/local.go | 25 +++++++++++++++++++++++++ - 2 files changed, 36 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 96ad815..47a0cb6 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -511,6 +511,17 @@ func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, - return nil - } - -+func (r *Runtime) CleanupAfterDeadShim(ctx context.Context, ns, id string) error { -+ bund := &bundle{id: id, -+ path: filepath.Join(r.state, ns, id), -+ workDir: filepath.Join(r.root, ns, id)} -+ pid, err := runc.ReadPidFile(filepath.Join(bund.path, proc.InitPidFile)) -+ if err != nil { -+ return fmt.Errorf("failed to read pid from %s", proc.InitPidFile) -+ } -+ return r.cleanupAfterDeadShim(ctx, bund, ns, id, pid) -+} -+ - func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) error { - rt, err := r.getRuntime(ctx, ns, id) - if err != nil { -diff --git a/services/tasks/local.go b/services/tasks/local.go -index 990e841..9818971 100644 ---- a/services/tasks/local.go -+++ b/services/tasks/local.go -@@ -24,6 +24,7 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "strings" - "time" - - api "github.com/containerd/containerd/api/services/tasks/v1" -@@ -41,6 +42,7 @@ import ( - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/plugin" - "github.com/containerd/containerd/runtime" -+ "github.com/containerd/containerd/runtime/v1/linux" - "github.com/containerd/containerd/runtime/v2" - "github.com/containerd/containerd/services" - "github.com/containerd/typeurl" -@@ -383,11 +385,34 @@ func (l *local) Kill(ctx context.Context, r *api.KillRequest, _ ...grpc.CallOpti - } - } - if err := p.Kill(ctx, r.Signal, r.All); err != nil { -+ if (r.Signal == 9 || r.Signal == 15) && strings.Contains(err.Error(), "ttrpc: client shutting down") { -+ // not sure under what conditions will cause such ttrpc error. since the error has -+ // happened, we have to make up the clean up work to avoid container residue. -+ cleanErr := l.cleanupResidualContainer(ctx, r, t.Namespace()) -+ log.G(ctx).WithField("clean error", cleanErr).Warnf( -+ "previous actions might encounter failure, try clean up the dead container.") -+ } - return nil, errdefs.ToGRPC(err) - } - return empty, nil - } - -+func (l *local) cleanupResidualContainer(ctx context.Context, r *api.KillRequest, namespace string) error { -+ container, err := l.getContainer(ctx, r.ContainerID) -+ if err != nil { -+ return fmt.Errorf("failed to get container %s, %v", r.ContainerID, err) -+ } -+ rt, err := l.getRuntime(container.Runtime.Name) -+ if err != nil { -+ return fmt.Errorf("failed to get runtime %s, %v", container.Runtime.Name, err) -+ } -+ lRuntime, ok := rt.(*linux.Runtime) -+ if !ok { -+ return fmt.Errorf("no clean work for runtime other than linux ones") -+ } -+ return lRuntime.CleanupAfterDeadShim(ctx, namespace, r.ContainerID) -+} -+ - func (l *local) ListPids(ctx context.Context, r *api.ListPidsRequest, _ ...grpc.CallOption) (*api.ListPidsResponse, error) { - t, err := l.getTask(ctx, r.ContainerID) - if err != nil { --- -1.8.3.1 - diff --git a/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch b/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch deleted file mode 100644 index 0daafda..0000000 --- a/patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 47e981ebb8996e432968ed68f08e3fc108210cd4 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 06:29:56 +0800 -Subject: [PATCH 1/2] containerd:add LLT for containerd-shim timeout - requirement - -reason:add LLT testcases for containerd-shim timeout requirement. - -Change-Id: If422542b72f3550d86a6eba6b19d0cdea2d2a660 -Signed-off-by: xiadanni1 - ---- - vendor/github.com/containerd/go-runc/runc_test.go | 90 +++++++++++++++++++++++ - 1 file changed, 90 insertions(+) - create mode 100644 vendor/github.com/containerd/go-runc/runc_test.go - -diff --git a/vendor/github.com/containerd/go-runc/runc_test.go b/vendor/github.com/containerd/go-runc/runc_test.go -new file mode 100644 -index 0000000..8f9212d ---- /dev/null -+++ b/vendor/github.com/containerd/go-runc/runc_test.go -@@ -0,0 +1,90 @@ -+package runc -+ -+import ( -+ "context" -+ "os" -+ "os/exec" -+ "testing" -+ -+ specs "github.com/opencontainers/runtime-spec/specs-go" -+) -+ -+func TestRuncCommandInvoke(t *testing.T) { -+ rc := &Runc{ -+ Command: "/bin/true", -+ } -+ ctx := context.Background() -+ id := "containerid" -+ bundle := "bundlepath" -+ -+ createOpts := CreateOpts{} -+ err := rc.Create(ctx, id, bundle, &createOpts) -+ if err != nil { -+ t.Errorf("Create command invoke error, %v", err) -+ } -+ -+ err = rc.Start(ctx, id) -+ if err != nil { -+ t.Errorf("Start command invoke error, %v", err) -+ } -+ -+ execSpec := specs.Process{} -+ nullIO, _ := NewNullIO() -+ execOpts := ExecOpts{IO: nullIO} -+ err = rc.Exec(ctx, id, execSpec, &execOpts) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ execOptsnil := ExecOpts{} -+ err = rc.Exec(ctx, id, execSpec, &execOptsnil) -+ if err != nil { -+ t.Errorf("Exec command invoke error, %v", err) -+ } -+ -+ killOpts := KillOpts{} -+ err = rc.Kill(ctx, id, 9, &killOpts) -+ if err != nil { -+ t.Errorf("Kill command invoke error, %v", err) -+ } -+ -+ resource := specs.LinuxResources{} -+ err = rc.Update(ctx, id, &resource) -+ if err != nil { -+ t.Errorf("Update command invoke error, %v", err) -+ } -+ -+ _, err = rc.State(ctx, id) -+ if err == nil { -+ t.Errorf("State command invoke should return error") -+ } -+ -+ _, err = rc.Ps(ctx, id) -+ if err == nil { -+ t.Errorf("Ps command invoke should return error") -+ } -+} -+ -+func TestRunOrErrorTimeout(t *testing.T) { -+ rc := &Runc{} -+ -+ cmd := exec.Cmd{Path: "/bin/bash2"} -+ cmd.Stdout = os.Stdout -+ err := rc.runOrErrorTimeout(&cmd, 10) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ cmd.Stdout = os.Stdout -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+ -+ cmd = exec.Cmd{Path: "/usr/bin/sleep", Args: []string{"2"}} -+ rc.runOrErrorTimeout(&cmd, 1) -+ if err == nil { -+ t.Errorf("runOrErrorTimeout should return error") -+ } -+} --- -1.8.3.1 - diff --git a/patch/0056-containerd-save-dumpstack-to-file.patch b/patch/0056-containerd-save-dumpstack-to-file.patch deleted file mode 100644 index 2a67217..0000000 --- a/patch/0056-containerd-save-dumpstack-to-file.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7db93cf813023f2a5ac209617aaae5c3f5c202d5 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 09:01:22 +0800 -Subject: [PATCH] containerd:save dumpstack to file - -Change-Id: I54a41a13b4523de279337a9ff208347859c0fb4d -Signed-off-by: xiadanni1 ---- - cmd/containerd/command/main_unix.go | 5 +++++ - runtime/v1/linux/runtime.go | 1 + - 2 files changed, 6 insertions(+) - -diff --git a/cmd/containerd/command/main_unix.go b/cmd/containerd/command/main_unix.go -index 12c1426..2f9398f 100644 ---- a/cmd/containerd/command/main_unix.go -+++ b/cmd/containerd/command/main_unix.go -@@ -20,8 +20,12 @@ package command - - import ( - "context" -+ "fmt" -+ "io/ioutil" - "os" - "runtime" -+ "strings" -+ "time" - - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/services/server" -@@ -79,5 +83,6 @@ func dumpStacks() { - bufferLen *= 2 - } - buf = buf[:stackSize] -+ logrus.Devour(ioutil.WriteFile(fmt.Sprintf("/var/run/docker/containerd/containerd-stacks-%s.log", strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)), buf, 0600)) - logrus.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf) - } -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 47a0cb6..5be785d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -481,6 +481,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - } - - func (r *Runtime) cleanupAfterDeadShim(ctx context.Context, bundle *bundle, ns, id string, pid int) error { -+ logrus.Infof("cleanup dead shim(legacy=%t): %s %d", legacy.IsLegacy(id), id, pid) - ctx = namespaces.WithNamespace(ctx, ns) - if err := r.terminate(ctx, bundle, ns, id); err != nil { - log.G(ctx).WithError(err).Warn("failed to terminate task") --- -1.8.3.1 - diff --git a/patch/0057-containerd-add-timeout-for-delete-command.patch b/patch/0057-containerd-add-timeout-for-delete-command.patch deleted file mode 100644 index 7a0cb9e..0000000 --- a/patch/0057-containerd-add-timeout-for-delete-command.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 313e7f972e887c715b8feaad332ffe505653c496 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 3 Mar 2020 06:31:18 +0800 -Subject: [PATCH] containerd:add timeout for delete command - -Change-Id: I620d2f19a8ac9086b5c83792a6fe49b0389da87d -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/task.go | 2 +- - runtime/v1/shim/reaper.go | 23 +-------------- - vendor/github.com/containerd/go-runc/monitor.go | 37 +++++++++++++++++++++++-- - vendor/github.com/containerd/go-runc/runc.go | 3 +- - 4 files changed, 38 insertions(+), 27 deletions(-) - -diff --git a/runtime/v1/linux/task.go b/runtime/v1/linux/task.go -index d2bbb76..d200e9d 100644 ---- a/runtime/v1/linux/task.go -+++ b/runtime/v1/linux/task.go -@@ -91,7 +91,7 @@ func (t *Task) Namespace() string { - func (t *Task) delete(ctx context.Context, force bool, pid uint32) (*runtime.Exit, error) { - rsp, err := t.shim.Delete(ctx, empty) - if err != nil { -- log.G(ctx).WithError(err).Error("failed to delete container, force=%t", force) -+ log.G(ctx).WithError(err).Errorf("failed to delete container, force=%t", force) - } - t.tasks.Delete(ctx, t.id) - if err := t.shim.KillShim(ctx); err != nil { -diff --git a/runtime/v1/shim/reaper.go b/runtime/v1/shim/reaper.go -index d8e8274..f5f8096 100644 ---- a/runtime/v1/shim/reaper.go -+++ b/runtime/v1/shim/reaper.go -@@ -19,11 +19,7 @@ - package shim - - import ( -- "io/ioutil" - "os/exec" -- "path/filepath" -- "strconv" -- "strings" - "sync" - "syscall" - "time" -@@ -122,7 +118,7 @@ func (m *Monitor) WaitTimeout(c *exec.Cmd, ec chan runc.Exit, sec int64) (int, e - }() - select { - case <-time.After(time.Duration(sec) * time.Second): -- if SameProcess(c, c.Process.Pid) { -+ if runc.SameProcess(c, c.Process.Pid) { - logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) - } - return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -@@ -149,20 +145,3 @@ func (m *Monitor) Unsubscribe(c chan runc.Exit) { - close(c) - m.Unlock() - } -- --func SameProcess(cmd *exec.Cmd, pid int) bool { -- bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -- if err != nil { -- return false -- } -- for i := range bytes { -- if bytes[i] == 0 { -- bytes[i] = 32 -- } -- } -- cmdline := string(bytes) -- if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -- return true -- } -- return false --} -diff --git a/vendor/github.com/containerd/go-runc/monitor.go b/vendor/github.com/containerd/go-runc/monitor.go -index 2c184d2..bb8bbab 100644 ---- a/vendor/github.com/containerd/go-runc/monitor.go -+++ b/vendor/github.com/containerd/go-runc/monitor.go -@@ -20,6 +20,13 @@ import ( - "os/exec" - "syscall" - "time" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" -+ -+ "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - var Monitor ProcessMonitor = &defaultMonitor{} -@@ -77,6 +84,30 @@ func (m *defaultMonitor) Wait(c *exec.Cmd, ec chan Exit) (int, error) { - } - - func (m *defaultMonitor) WaitTimeout(c *exec.Cmd, ec chan Exit, sec int64) (int, error) { -- e := <-ec -- return e.Status, nil --} -\ No newline at end of file -+ select { -+ case <-time.After(time.Duration(sec) * time.Second): -+ if SameProcess(c, c.Process.Pid) { -+ logrus.Devour(syscall.Kill(c.Process.Pid, syscall.SIGKILL)) -+ } -+ return 0, errors.Errorf("timeout %ds for cmd(pid=%d): %s, %s", sec, c.Process.Pid, c.Path, c.Args) -+ case e := <-ec: -+ return e.Status, nil -+ } -+} -+ -+func SameProcess(cmd *exec.Cmd, pid int) bool { -+ bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "cmdline")) -+ if err != nil { -+ return false -+ } -+ for i := range bytes { -+ if bytes[i] == 0 { -+ bytes[i] = 32 -+ } -+ } -+ cmdline := string(bytes) -+ if strings.EqualFold(cmdline, strings.Join(cmd.Args, " ")+" ") { -+ return true -+ } -+ return false -+} -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index c1748ff..1c96317 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -57,6 +57,7 @@ const ( - defaultTimeout = 30 - startTimeout = 120 - updateTimeout = 60 -+ deleteTimeout = 120 - ) - - var ( -@@ -318,7 +319,7 @@ func (r *Runc) Delete(context context.Context, id string, opts *DeleteOpts) erro - if opts != nil { - args = append(args, opts.args()...) - } -- return r.runOrError(r.command(id, context, append(args, id)...)) -+ return r.runOrErrorTimeout(r.command(id, context, append(args, id)...), deleteTimeout) - } - - // KillOpts specifies options for killing a container and its processes --- -1.8.3.1 - diff --git a/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch b/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch deleted file mode 100644 index 8cfc1c1..0000000 --- a/patch/0058-containerd-use-git-commit-to-store-commit-ID.patch +++ /dev/null @@ -1,26 +0,0 @@ -From fe8ce77e756f7f468ed65c8c42a9f91becabbf4e Mon Sep 17 00:00:00 2001 -From: liuzekun -Date: Wed, 10 Jun 2020 00:37:01 -0400 -Subject: [PATCH] containerd: use git-commit to store commit ID - -Signed-off-by: liuzekun ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 9e7f3ae..6011aa1 100644 ---- a/Makefile -+++ b/Makefile -@@ -21,7 +21,7 @@ DESTDIR=/usr/local - - # Used to populate variables in version package. - VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') --REVISION=$(shell echo commit:)$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) -+REVISION=$(shell cat ./git-commit | head -c 40) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" - GOOS ?= $(shell go env GOOS) --- -2.19.1 - diff --git a/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch b/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch deleted file mode 100644 index 7f0bf1c..0000000 --- a/patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 44079d9ee81c215d39ed81e39eb2ae31cf0ad453 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 11 Aug 2020 05:55:59 +0800 -Subject: [PATCH] add GO_GCFLAGS to containerd-shim making - -Signed-off-by: xiadanni1 ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 6011aa1..ba512ef 100644 ---- a/Makefile -+++ b/Makefile -@@ -175,7 +175,7 @@ bin/%: cmd/% FORCE - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- @CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ @CGO_ENABLED=0 go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch b/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch deleted file mode 100644 index baf09bd..0000000 --- a/patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6523d7e39a9bb45be632ff114c64329f43e1499a Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Wed, 12 Aug 2020 01:52:16 +0800 -Subject: [PATCH] containerd: do not disable cgo in containerd-shim making - -reason: for debuginfo - -Signed-off-by: xiadanni1 ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index ba512ef..f69559b 100644 ---- a/Makefile -+++ b/Makefile -@@ -175,7 +175,7 @@ bin/%: cmd/% FORCE - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- @CGO_ENABLED=0 go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch b/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch deleted file mode 100644 index 2969e08..0000000 --- a/patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c56df3dd08d709e8ee81675661527aac47a7cba2 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Fri, 6 Nov 2020 10:19:26 +0800 -Subject: [PATCH] containerd: check if bundle exists before create bundle - -reason: If container starts following tightly the last stop, bundle -directory may be deleted by the not yet completed stop, which may cause -container start fail. So we add bundle check during start to avoid this, -if bundle exists, wait for it to clean up. - -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/bundle.go | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index d73866a..b4f7b4c 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -23,12 +23,14 @@ import ( - "io/ioutil" - "os" - "path/filepath" -+ "time" - - "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/v1/shim" - "github.com/containerd/containerd/runtime/v1/shim/client" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // loadBundle loads an existing bundle from disk -@@ -46,6 +48,20 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - return nil, err - } - path = filepath.Join(path, id) -+ workDir = filepath.Join(workDir, id) -+ -+ for waitTime := 10 * time.Millisecond; ; waitTime *= 2 { -+ if _, err = os.Stat(workDir); err != nil { -+ break -+ } -+ logrus.Debugf("bundle-check: wait time %v", waitTime) -+ if waitTime > 2*time.Second { -+ logrus.Warnf("bundle-check: waiting cleanup bundle timeout, start anyway") -+ break -+ } -+ time.Sleep(waitTime) -+ } -+ - if err := os.Mkdir(path, 0711); err != nil { - return nil, err - } -@@ -54,7 +70,6 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - os.RemoveAll(path) - } - }() -- workDir = filepath.Join(workDir, id) - if err := os.MkdirAll(workDir, 0711); err != nil { - return nil, err - } --- -1.8.3.1 - diff --git a/patch/0062-containerd-use-path-based-socket-for-shims.patch b/patch/0062-containerd-use-path-based-socket-for-shims.patch deleted file mode 100644 index b96cd00..0000000 --- a/patch/0062-containerd-use-path-based-socket-for-shims.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 4185b832a4f89e671e6ecf201d21b75d866a48e4 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 14 Nov 2020 15:55:30 +0800 -Subject: [PATCH] use path based socket for shims - -Signed-off-by: jingrui ---- - cmd/containerd-shim/main_unix.go | 16 +++-- - cmd/ctr/commands/shim/shim.go | 2 + - runtime/v1/linux/bundle.go | 37 +++++++++- - runtime/v1/shim/client/client.go | 118 ++++++++++++++++++++++++++++--- - 4 files changed, 159 insertions(+), 14 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index e9c14263b..3a5bb6170 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -66,7 +66,7 @@ var ( - func init() { - flag.BoolVar(&debugFlag, "debug", false, "enable debug output in logs") - flag.StringVar(&namespaceFlag, "namespace", "", "namespace that owns the shim") -- flag.StringVar(&socketFlag, "socket", "", "abstract socket path to serve") -+ flag.StringVar(&socketFlag, "socket", "", "socket path to serve") - flag.StringVar(&addressFlag, "address", "", "grpc address back to main containerd") - flag.StringVar(&workdirFlag, "workdir", "", "path used to storge large temporary data") - flag.StringVar(&runtimeRootFlag, "runtime-root", proc.RuncRoot, "root directory for the runtime") -@@ -190,10 +190,18 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { - } - path = "[inherited from parent]" - } else { -- if len(path) > 106 { -- return errors.Errorf("%q: unix socket path too long (> 106)", path) -+ const ( -+ abstractSocketPrefix = "\x00" -+ socketPathLimit = 106 -+ ) -+ p := strings.TrimPrefix(path, "unix://") -+ if len(p) == len(path) { -+ p = abstractSocketPrefix + p - } -- l, err = net.Listen("unix", "\x00"+path) -+ if len(p) > socketPathLimit { -+ return errors.Errorf("%q: unix socket path too long (> %d)", p, socketPathLimit) -+ } -+ l, err = net.Listen("unix", p) - } - if err != nil { - return err -diff --git a/cmd/ctr/commands/shim/shim.go b/cmd/ctr/commands/shim/shim.go -index ec08cc68b..8ef068292 100644 ---- a/cmd/ctr/commands/shim/shim.go -+++ b/cmd/ctr/commands/shim/shim.go -@@ -23,6 +23,7 @@ import ( - "fmt" - "io/ioutil" - "net" -+ "strings" - - "github.com/containerd/console" - "github.com/containerd/containerd/cmd/ctr/commands" -@@ -231,6 +232,7 @@ func getTaskService(context *cli.Context) (task.TaskService, error) { - return nil, errors.New("socket path must be specified") - } - -+ bindSocket = strings.TrimPrefix(bindSocket, "unix://") - conn, err := net.Dial("unix", "\x00"+bindSocket) - if err != nil { - return nil, err -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index ef4200b29..0442246f9 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -20,6 +20,7 @@ package linux - - import ( - "context" -+ "fmt" - "io/ioutil" - "os" - "path/filepath" -@@ -117,7 +118,7 @@ func ShimLocal(c *Config, exchange *exchange.Exchange) ShimOpt { - // ShimConnect is a ShimOpt for connecting to an existing remote shim - func ShimConnect(c *Config, onClose func()) ShimOpt { - return func(b *bundle, ns string, ropts *runctypes.RuncOptions) (shim.Config, client.Opt) { -- return b.shimConfig(ns, c, ropts), client.WithConnect(b.shimAddress(ns), onClose) -+ return b.shimConfig(ns, c, ropts), client.WithConnect(b.decideShimAddress(ns), onClose) - } - } - -@@ -129,6 +130,11 @@ func (b *bundle) NewShimClient(ctx context.Context, namespace string, getClientO - - // Delete deletes the bundle from disk - func (b *bundle) Delete() error { -+ address, _ := b.loadAddress() -+ if address != "" { -+ // we don't care about errors here -+ client.RemoveSocket(address) -+ } - err := os.RemoveAll(b.path) - if err == nil { - return os.RemoveAll(b.workDir) -@@ -141,10 +147,37 @@ func (b *bundle) Delete() error { - return errors.Wrapf(err, "Failed to remove both bundle and workdir locations: %v", err2) - } - --func (b *bundle) shimAddress(namespace string) string { -+func (b *bundle) legacyShimAddress(namespace string) string { - return filepath.Join(string(filepath.Separator), "containerd-shim", namespace, b.id, "shim.sock") - } - -+const socketRoot = "/run/containerd" -+ -+func (b *bundle) shimAddress(namespace string) string { -+ return fmt.Sprintf("unix://%s", b.shimSock()) -+} -+ -+func (b *bundle) shimSock() string { -+ return filepath.Join(socketRoot, "s", b.id) -+} -+ -+func (b *bundle) loadAddress() (string, error) { -+ addressPath := filepath.Join(b.path, "address") -+ data, err := ioutil.ReadFile(addressPath) -+ if err != nil { -+ return "", err -+ } -+ return string(data), nil -+} -+ -+func (b *bundle) decideShimAddress(namespace string) string { -+ address, err := b.loadAddress() -+ if err != nil { -+ return b.legacyShimAddress(namespace) -+ } -+ return address -+} -+ - func (b *bundle) shimConfig(namespace string, c *Config, runcOptions *runctypes.RuncOptions) shim.Config { - var ( - criuPath string -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index a4669d33c..06453b35a 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -20,11 +20,14 @@ package client - - import ( - "context" -+ "fmt" - "io" - "net" - "os" - "os/exec" -+ "path/filepath" - "runtime" -+ "strconv" - "strings" - "sync" - "syscall" -@@ -55,9 +58,17 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - return func(ctx context.Context, config shim.Config) (_ shimapi.ShimService, _ io.Closer, err error) { - socket, err := newSocket(address) - if err != nil { -- return nil, nil, err -+ if !eaddrinuse(err) { -+ return nil, nil, err -+ } -+ if err := RemoveSocket(address); err != nil { -+ return nil, nil, errors.Wrap(err, "remove already used socket") -+ } -+ if socket, err = newSocket(address); err != nil { -+ return nil, nil, err -+ } - } -- defer socket.Close() -+ - f, err := socket.File() - if err != nil { - return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", address) -@@ -102,12 +113,22 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - if stderrLog != nil { - stderrLog.Close() - } -+ socket.Close() -+ RemoveSocket(address) - }() - log.G(ctx).WithFields(logrus.Fields{ - "pid": cmd.Process.Pid, - "address": address, - "debug": debug, - }).Infof("shim %s started", binary) -+ -+ if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -+ return nil, nil, err -+ } -+ if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil { -+ return nil, nil, err -+ } -+ - // set shim in cgroup if it is provided - if cgroup != "" { - if err := setCgroup(cgroup, cmd); err != nil { -@@ -170,25 +191,106 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so - return cmd, nil - } - -+// writeFile writes a address file atomically -+func writeFile(path, address string) error { -+ path, err := filepath.Abs(path) -+ if err != nil { -+ return err -+ } -+ tempPath := filepath.Join(filepath.Dir(path), fmt.Sprintf(".%s", filepath.Base(path))) -+ f, err := os.OpenFile(tempPath, os.O_RDWR|os.O_CREATE|os.O_EXCL|os.O_SYNC, 0666) -+ if err != nil { -+ return err -+ } -+ _, err = f.WriteString(address) -+ f.Close() -+ if err != nil { -+ return err -+ } -+ return os.Rename(tempPath, path) -+} -+ -+const ( -+ abstractSocketPrefix = "\x00" -+ socketPathLimit = 106 -+) -+ -+func eaddrinuse(err error) bool { -+ cause := errors.Cause(err) -+ netErr, ok := cause.(*net.OpError) -+ if !ok { -+ return false -+ } -+ if netErr.Op != "listen" { -+ return false -+ } -+ syscallErr, ok := netErr.Err.(*os.SyscallError) -+ if !ok { -+ return false -+ } -+ errno, ok := syscallErr.Err.(syscall.Errno) -+ if !ok { -+ return false -+ } -+ return errno == syscall.EADDRINUSE -+} -+ -+type socket string -+ -+func (s socket) isAbstract() bool { -+ return !strings.HasPrefix(string(s), "unix://") -+} -+ -+func (s socket) path() string { -+ path := strings.TrimPrefix(string(s), "unix://") -+ // if there was no trim performed, we assume an abstract socket -+ if len(path) == len(s) { -+ path = abstractSocketPrefix + path -+ } -+ return path -+} -+ - func newSocket(address string) (*net.UnixListener, error) { -- if len(address) > 106 { -- return nil, errors.Errorf("%q: unix socket path too long (> 106)", address) -+ if len(address) > socketPathLimit { -+ return nil, errors.Errorf("%q: unix socket path too long (> %d)", address, socketPathLimit) -+ } -+ var ( -+ sock = socket(address) -+ path = sock.path() -+ ) -+ if !sock.isAbstract() { -+ if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil { -+ return nil, errors.Wrapf(err, "%s", path) -+ } - } -- l, err := net.Listen("unix", "\x00"+address) -+ l, err := net.Listen("unix", path) - if err != nil { -- return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address) -+ return nil, errors.Wrapf(err, "failed to listen to unix socket %q (abstract: %t)", address, sock.isAbstract()) -+ } -+ if err := os.Chmod(path, 0600); err != nil { -+ l.Close() -+ return nil, err - } - - return l.(*net.UnixListener), nil - } - -+// RemoveSocket removes the socket at the specified address if -+// it exists on the filesystem -+func RemoveSocket(address string) error { -+ sock := socket(address) -+ if !sock.isAbstract() { -+ return os.Remove(sock.path()) -+ } -+ return nil -+} -+ - func connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error) { - return d(address, 100*time.Second) - } - - func annonDialer(address string, timeout time.Duration) (net.Conn, error) { -- address = strings.TrimPrefix(address, "unix://") -- return net.DialTimeout("unix", "\x00"+address, timeout) -+ return net.DialTimeout("unix", socket(address).path(), timeout) - } - - // WithConnect connects to an existing shim --- -2.17.1 - diff --git a/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch b/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch deleted file mode 100644 index a3e9bfc..0000000 --- a/patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3ec035244d33b4cb64adacb8133ae3e204cae55f Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Thu, 19 Nov 2020 15:49:53 +0800 -Subject: [PATCH] containerd: kill init directly if runtime kill failed - -Change-Id: I80a1c0c4f88530fe9732e6e9a2d1fb222ece118c -Signed-off-by: jingrui ---- - runtime/v1/shim/service.go | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index beb0ed8d5..7e07ab011 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -49,6 +49,7 @@ import ( - specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -+ "golang.org/x/sys/unix" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - ) -@@ -390,6 +391,10 @@ func (s *Service) Kill(ctx context.Context, r *shimapi.KillRequest) (*ptypes.Emp - time.Sleep(10 * time.Second) - err := p.Kill(ctx, r.Signal, r.All) - logrus.Infof("delay kill %s retry %d error=%v", s.id, i, err) -+ if err != nil { -+ err := unix.Kill(p.Pid(), syscall.SIGKILL) -+ logrus.Infof("delay kill-direct %s retry %d error=%v", s.id, i, err) -+ } - } - - logrus.Infof("force exit shim %s ...", s.id) --- -2.17.1 - diff --git a/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch b/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch deleted file mode 100644 index 3665d97..0000000 --- a/patch/0064-containerd-add-sys-symbol-to-support-riscv.patch +++ /dev/null @@ -1,7977 +0,0 @@ -From 7414e986b522f84f8a4bebefe2e23b02a94dbb38 Mon Sep 17 00:00:00 2001 -From: yangyanchao -Date: Tue, 15 Dec 2020 03:24:35 +0000 -Subject: [PATCH 1/2] containerd-add-sys-symbol-to-support-riscv - ---- - .../golang.org/x/sys/unix/asm_linux_riscv64.s | 26 + - .../x/sys/unix/syscall_linux_riscv64.go | 226 ++ - .../x/sys/unix/zerrors_linux_riscv64.go | 2826 +++++++++++++++++ - .../x/sys/unix/zsyscall_linux_riscv64.go | 2217 +++++++++++++ - .../x/sys/unix/zsysnum_linux_riscv64.go | 289 ++ - .../x/sys/unix/ztypes_linux_riscv64.go | 2334 ++++++++++++++ - 6 files changed, 7918 insertions(+) - create mode 100644 vendor/golang.org/x/sys/unix/asm_linux_riscv64.s - create mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go - create mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go - -diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -new file mode 100644 -index 0000000..5b740f7 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s -@@ -0,0 +1,26 @@ -+// Copyright 2019 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// +build riscv64,!gccgo -+ -+#include "textflag.h" -+ -+// -+// System calls for linux/riscv64. -+// -+// Where available, just jump to package syscall's implementation of -+// these functions. -+ -+TEXT ·Syscall(SB),NOSPLIT,$0-56 -+ JMP syscall·Syscall(SB) -+ -+TEXT ·Syscall6(SB),NOSPLIT,$0-80 -+ JMP syscall·Syscall6(SB) -+ -+TEXT ·RawSyscall(SB),NOSPLIT,$0-56 -+ JMP syscall·RawSyscall(SB) -+ -+TEXT ·RawSyscall6(SB),NOSPLIT,$0-80 -+ JMP syscall·RawSyscall6(SB) -+ -diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -new file mode 100644 -index 0000000..6230f64 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go -@@ -0,0 +1,226 @@ -+// Copyright 2018 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// +build riscv64,linux -+ -+package unix -+ -+import "unsafe" -+ -+func EpollCreate(size int) (fd int, err error) { -+ if size <= 0 { -+ return -1, EINVAL -+ } -+ return EpollCreate1(0) -+} -+ -+//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_PWAIT -+//sys Fadvise(fd int, offset int64, length int64, advice int) (err error) = SYS_FADVISE64 -+//sys Fchown(fd int, uid int, gid int) (err error) -+//sys Fstat(fd int, stat *Stat_t) (err error) -+//sys Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) -+//sys Fstatfs(fd int, buf *Statfs_t) (err error) -+//sys Ftruncate(fd int, length int64) (err error) -+//sysnb Getegid() (egid int) -+//sysnb Geteuid() (euid int) -+//sysnb Getgid() (gid int) -+//sysnb Getrlimit(resource int, rlim *Rlimit) (err error) -+//sysnb Getuid() (uid int) -+//sys Listen(s int, n int) (err error) -+//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64 -+//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64 -+//sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK -+ -+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) { -+ var ts *Timespec -+ if timeout != nil { -+ ts = &Timespec{Sec: timeout.Sec, Nsec: timeout.Usec * 1000} -+ } -+ return Pselect(nfd, r, w, e, ts, nil) -+} -+ -+//sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) -+//sys Setfsgid(gid int) (err error) -+//sys Setfsuid(uid int) (err error) -+//sysnb Setregid(rgid int, egid int) (err error) -+//sysnb Setresgid(rgid int, egid int, sgid int) (err error) -+//sysnb Setresuid(ruid int, euid int, suid int) (err error) -+//sysnb Setrlimit(resource int, rlim *Rlimit) (err error) -+//sysnb Setreuid(ruid int, euid int) (err error) -+//sys Shutdown(fd int, how int) (err error) -+//sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) -+ -+func Stat(path string, stat *Stat_t) (err error) { -+ return Fstatat(AT_FDCWD, path, stat, 0) -+} -+ -+func Lchown(path string, uid int, gid int) (err error) { -+ return Fchownat(AT_FDCWD, path, uid, gid, AT_SYMLINK_NOFOLLOW) -+} -+ -+func Lstat(path string, stat *Stat_t) (err error) { -+ return Fstatat(AT_FDCWD, path, stat, AT_SYMLINK_NOFOLLOW) -+} -+ -+//sys Statfs(path string, buf *Statfs_t) (err error) -+//sys SyncFileRange(fd int, off int64, n int64, flags int) (err error) -+//sys Truncate(path string, length int64) (err error) -+ -+func Ustat(dev int, ubuf *Ustat_t) (err error) { -+ return ENOSYS -+} -+ -+//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) -+//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) -+//sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) -+//sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) -+//sysnb getgroups(n int, list *_Gid_t) (nn int, err error) -+//sysnb setgroups(n int, list *_Gid_t) (err error) -+//sys getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) -+//sys setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) -+//sysnb socket(domain int, typ int, proto int) (fd int, err error) -+//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) -+//sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) -+//sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) -+//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) -+//sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) -+//sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) -+//sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) -+//sys mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) -+ -+//sysnb Gettimeofday(tv *Timeval) (err error) -+ -+func setTimespec(sec, nsec int64) Timespec { -+ return Timespec{Sec: sec, Nsec: nsec} -+} -+ -+func setTimeval(sec, usec int64) Timeval { -+ return Timeval{Sec: sec, Usec: usec} -+} -+ -+func futimesat(dirfd int, path string, tv *[2]Timeval) (err error) { -+ if tv == nil { -+ return utimensat(dirfd, path, nil, 0) -+ } -+ -+ ts := []Timespec{ -+ NsecToTimespec(TimevalToNsec(tv[0])), -+ NsecToTimespec(TimevalToNsec(tv[1])), -+ } -+ return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) -+} -+ -+func Time(t *Time_t) (Time_t, error) { -+ var tv Timeval -+ err := Gettimeofday(&tv) -+ if err != nil { -+ return 0, err -+ } -+ if t != nil { -+ *t = Time_t(tv.Sec) -+ } -+ return Time_t(tv.Sec), nil -+} -+ -+func Utime(path string, buf *Utimbuf) error { -+ tv := []Timeval{ -+ {Sec: buf.Actime}, -+ {Sec: buf.Modtime}, -+ } -+ return Utimes(path, tv) -+} -+ -+func utimes(path string, tv *[2]Timeval) (err error) { -+ if tv == nil { -+ return utimensat(AT_FDCWD, path, nil, 0) -+ } -+ -+ ts := []Timespec{ -+ NsecToTimespec(TimevalToNsec(tv[0])), -+ NsecToTimespec(TimevalToNsec(tv[1])), -+ } -+ return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) -+} -+ -+func Pipe(p []int) (err error) { -+ if len(p) != 2 { -+ return EINVAL -+ } -+ var pp [2]_C_int -+ err = pipe2(&pp, 0) -+ p[0] = int(pp[0]) -+ p[1] = int(pp[1]) -+ return -+} -+ -+//sysnb pipe2(p *[2]_C_int, flags int) (err error) -+ -+func Pipe2(p []int, flags int) (err error) { -+ if len(p) != 2 { -+ return EINVAL -+ } -+ var pp [2]_C_int -+ err = pipe2(&pp, flags) -+ p[0] = int(pp[0]) -+ p[1] = int(pp[1]) -+ return -+} -+ -+func (r *PtraceRegs) PC() uint64 { return r.Pc } -+ -+func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc } -+ -+func (iov *Iovec) SetLen(length int) { -+ iov.Len = uint64(length) -+} -+ -+func (msghdr *Msghdr) SetControllen(length int) { -+ msghdr.Controllen = uint64(length) -+} -+ -+func (cmsg *Cmsghdr) SetLen(length int) { -+ cmsg.Len = uint64(length) -+} -+ -+func InotifyInit() (fd int, err error) { -+ return InotifyInit1(0) -+} -+ -+func Dup2(oldfd int, newfd int) (err error) { -+ return Dup3(oldfd, newfd, 0) -+} -+ -+func Pause() error { -+ _, err := ppoll(nil, 0, nil, nil) -+ return err -+} -+ -+func Poll(fds []PollFd, timeout int) (n int, err error) { -+ var ts *Timespec -+ if timeout >= 0 { -+ ts = new(Timespec) -+ *ts = NsecToTimespec(int64(timeout) * 1e6) -+ } -+ if len(fds) == 0 { -+ return ppoll(nil, 0, ts, nil) -+ } -+ return ppoll(&fds[0], len(fds), ts, nil) -+} -+ -+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) { -+ return Renameat2(olddirfd, oldpath, newdirfd, newpath, 0) -+} -+ -+//sys kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) -+ -+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error { -+ cmdlineLen := len(cmdline) -+ if cmdlineLen > 0 { -+ // Account for the additional NULL byte added by -+ // BytePtrFromString in kexecFileLoad. The kexec_file_load -+ // syscall expects a NULL-terminated string. -+ cmdlineLen++ -+ } -+ return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags) -+} -diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -new file mode 100644 -index 0000000..0465451 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go -@@ -0,0 +1,2826 @@ -+// mkerrors.sh -Wall -Werror -static -I/tmp/include -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+// Code generated by cmd/cgo -godefs; DO NOT EDIT. -+// cgo -godefs -- -Wall -Werror -static -I/tmp/include _const.go -+ -+package unix -+ -+import "syscall" -+ -+const ( -+ AAFS_MAGIC = 0x5a3c69f0 -+ ADFS_SUPER_MAGIC = 0xadf5 -+ AFFS_SUPER_MAGIC = 0xadff -+ AFS_FS_MAGIC = 0x6b414653 -+ AFS_SUPER_MAGIC = 0x5346414f -+ AF_ALG = 0x26 -+ AF_APPLETALK = 0x5 -+ AF_ASH = 0x12 -+ AF_ATMPVC = 0x8 -+ AF_ATMSVC = 0x14 -+ AF_AX25 = 0x3 -+ AF_BLUETOOTH = 0x1f -+ AF_BRIDGE = 0x7 -+ AF_CAIF = 0x25 -+ AF_CAN = 0x1d -+ AF_DECnet = 0xc -+ AF_ECONET = 0x13 -+ AF_FILE = 0x1 -+ AF_IB = 0x1b -+ AF_IEEE802154 = 0x24 -+ AF_INET = 0x2 -+ AF_INET6 = 0xa -+ AF_IPX = 0x4 -+ AF_IRDA = 0x17 -+ AF_ISDN = 0x22 -+ AF_IUCV = 0x20 -+ AF_KCM = 0x29 -+ AF_KEY = 0xf -+ AF_LLC = 0x1a -+ AF_LOCAL = 0x1 -+ AF_MAX = 0x2d -+ AF_MPLS = 0x1c -+ AF_NETBEUI = 0xd -+ AF_NETLINK = 0x10 -+ AF_NETROM = 0x6 -+ AF_NFC = 0x27 -+ AF_PACKET = 0x11 -+ AF_PHONET = 0x23 -+ AF_PPPOX = 0x18 -+ AF_QIPCRTR = 0x2a -+ AF_RDS = 0x15 -+ AF_ROSE = 0xb -+ AF_ROUTE = 0x10 -+ AF_RXRPC = 0x21 -+ AF_SECURITY = 0xe -+ AF_SMC = 0x2b -+ AF_SNA = 0x16 -+ AF_TIPC = 0x1e -+ AF_UNIX = 0x1 -+ AF_UNSPEC = 0x0 -+ AF_VSOCK = 0x28 -+ AF_WANPIPE = 0x19 -+ AF_X25 = 0x9 -+ AF_XDP = 0x2c -+ ALG_OP_DECRYPT = 0x0 -+ ALG_OP_ENCRYPT = 0x1 -+ ALG_SET_AEAD_ASSOCLEN = 0x4 -+ ALG_SET_AEAD_AUTHSIZE = 0x5 -+ ALG_SET_IV = 0x2 -+ ALG_SET_KEY = 0x1 -+ ALG_SET_OP = 0x3 -+ ANON_INODE_FS_MAGIC = 0x9041934 -+ ARPHRD_6LOWPAN = 0x339 -+ ARPHRD_ADAPT = 0x108 -+ ARPHRD_APPLETLK = 0x8 -+ ARPHRD_ARCNET = 0x7 -+ ARPHRD_ASH = 0x30d -+ ARPHRD_ATM = 0x13 -+ ARPHRD_AX25 = 0x3 -+ ARPHRD_BIF = 0x307 -+ ARPHRD_CAIF = 0x336 -+ ARPHRD_CAN = 0x118 -+ ARPHRD_CHAOS = 0x5 -+ ARPHRD_CISCO = 0x201 -+ ARPHRD_CSLIP = 0x101 -+ ARPHRD_CSLIP6 = 0x103 -+ ARPHRD_DDCMP = 0x205 -+ ARPHRD_DLCI = 0xf -+ ARPHRD_ECONET = 0x30e -+ ARPHRD_EETHER = 0x2 -+ ARPHRD_ETHER = 0x1 -+ ARPHRD_EUI64 = 0x1b -+ ARPHRD_FCAL = 0x311 -+ ARPHRD_FCFABRIC = 0x313 -+ ARPHRD_FCPL = 0x312 -+ ARPHRD_FCPP = 0x310 -+ ARPHRD_FDDI = 0x306 -+ ARPHRD_FRAD = 0x302 -+ ARPHRD_HDLC = 0x201 -+ ARPHRD_HIPPI = 0x30c -+ ARPHRD_HWX25 = 0x110 -+ ARPHRD_IEEE1394 = 0x18 -+ ARPHRD_IEEE802 = 0x6 -+ ARPHRD_IEEE80211 = 0x321 -+ ARPHRD_IEEE80211_PRISM = 0x322 -+ ARPHRD_IEEE80211_RADIOTAP = 0x323 -+ ARPHRD_IEEE802154 = 0x324 -+ ARPHRD_IEEE802154_MONITOR = 0x325 -+ ARPHRD_IEEE802_TR = 0x320 -+ ARPHRD_INFINIBAND = 0x20 -+ ARPHRD_IP6GRE = 0x337 -+ ARPHRD_IPDDP = 0x309 -+ ARPHRD_IPGRE = 0x30a -+ ARPHRD_IRDA = 0x30f -+ ARPHRD_LAPB = 0x204 -+ ARPHRD_LOCALTLK = 0x305 -+ ARPHRD_LOOPBACK = 0x304 -+ ARPHRD_METRICOM = 0x17 -+ ARPHRD_NETLINK = 0x338 -+ ARPHRD_NETROM = 0x0 -+ ARPHRD_NONE = 0xfffe -+ ARPHRD_PHONET = 0x334 -+ ARPHRD_PHONET_PIPE = 0x335 -+ ARPHRD_PIMREG = 0x30b -+ ARPHRD_PPP = 0x200 -+ ARPHRD_PRONET = 0x4 -+ ARPHRD_RAWHDLC = 0x206 -+ ARPHRD_RAWIP = 0x207 -+ ARPHRD_ROSE = 0x10e -+ ARPHRD_RSRVD = 0x104 -+ ARPHRD_SIT = 0x308 -+ ARPHRD_SKIP = 0x303 -+ ARPHRD_SLIP = 0x100 -+ ARPHRD_SLIP6 = 0x102 -+ ARPHRD_TUNNEL = 0x300 -+ ARPHRD_TUNNEL6 = 0x301 -+ ARPHRD_VOID = 0xffff -+ ARPHRD_VSOCKMON = 0x33a -+ ARPHRD_X25 = 0x10f -+ AUTOFS_SUPER_MAGIC = 0x187 -+ B0 = 0x0 -+ B1000000 = 0x1008 -+ B110 = 0x3 -+ B115200 = 0x1002 -+ B1152000 = 0x1009 -+ B1200 = 0x9 -+ B134 = 0x4 -+ B150 = 0x5 -+ B1500000 = 0x100a -+ B1800 = 0xa -+ B19200 = 0xe -+ B200 = 0x6 -+ B2000000 = 0x100b -+ B230400 = 0x1003 -+ B2400 = 0xb -+ B2500000 = 0x100c -+ B300 = 0x7 -+ B3000000 = 0x100d -+ B3500000 = 0x100e -+ B38400 = 0xf -+ B4000000 = 0x100f -+ B460800 = 0x1004 -+ B4800 = 0xc -+ B50 = 0x1 -+ B500000 = 0x1005 -+ B57600 = 0x1001 -+ B576000 = 0x1006 -+ B600 = 0x8 -+ B75 = 0x2 -+ B921600 = 0x1007 -+ B9600 = 0xd -+ BALLOON_KVM_MAGIC = 0x13661366 -+ BDEVFS_MAGIC = 0x62646576 -+ BINDERFS_SUPER_MAGIC = 0x6c6f6f70 -+ BINFMTFS_MAGIC = 0x42494e4d -+ BLKBSZGET = 0x80081270 -+ BLKBSZSET = 0x40081271 -+ BLKFLSBUF = 0x1261 -+ BLKFRAGET = 0x1265 -+ BLKFRASET = 0x1264 -+ BLKGETSIZE = 0x1260 -+ BLKGETSIZE64 = 0x80081272 -+ BLKPBSZGET = 0x127b -+ BLKRAGET = 0x1263 -+ BLKRASET = 0x1262 -+ BLKROGET = 0x125e -+ BLKROSET = 0x125d -+ BLKRRPART = 0x125f -+ BLKSECTGET = 0x1267 -+ BLKSECTSET = 0x1266 -+ BLKSSZGET = 0x1268 -+ BOTHER = 0x1000 -+ BPF_A = 0x10 -+ BPF_ABS = 0x20 -+ BPF_ADD = 0x0 -+ BPF_ALU = 0x4 -+ BPF_AND = 0x50 -+ BPF_B = 0x10 -+ BPF_DIV = 0x30 -+ BPF_FS_MAGIC = 0xcafe4a11 -+ BPF_H = 0x8 -+ BPF_IMM = 0x0 -+ BPF_IND = 0x40 -+ BPF_JA = 0x0 -+ BPF_JEQ = 0x10 -+ BPF_JGE = 0x30 -+ BPF_JGT = 0x20 -+ BPF_JMP = 0x5 -+ BPF_JSET = 0x40 -+ BPF_K = 0x0 -+ BPF_LD = 0x0 -+ BPF_LDX = 0x1 -+ BPF_LEN = 0x80 -+ BPF_LL_OFF = -0x200000 -+ BPF_LSH = 0x60 -+ BPF_MAJOR_VERSION = 0x1 -+ BPF_MAXINSNS = 0x1000 -+ BPF_MEM = 0x60 -+ BPF_MEMWORDS = 0x10 -+ BPF_MINOR_VERSION = 0x1 -+ BPF_MISC = 0x7 -+ BPF_MOD = 0x90 -+ BPF_MSH = 0xa0 -+ BPF_MUL = 0x20 -+ BPF_NEG = 0x80 -+ BPF_NET_OFF = -0x100000 -+ BPF_OR = 0x40 -+ BPF_RET = 0x6 -+ BPF_RSH = 0x70 -+ BPF_ST = 0x2 -+ BPF_STX = 0x3 -+ BPF_SUB = 0x10 -+ BPF_TAX = 0x0 -+ BPF_TXA = 0x80 -+ BPF_W = 0x0 -+ BPF_X = 0x8 -+ BPF_XOR = 0xa0 -+ BRKINT = 0x2 -+ BS0 = 0x0 -+ BS1 = 0x2000 -+ BSDLY = 0x2000 -+ BTRFS_SUPER_MAGIC = 0x9123683e -+ BTRFS_TEST_MAGIC = 0x73727279 -+ CAN_BCM = 0x2 -+ CAN_EFF_FLAG = 0x80000000 -+ CAN_EFF_ID_BITS = 0x1d -+ CAN_EFF_MASK = 0x1fffffff -+ CAN_ERR_FLAG = 0x20000000 -+ CAN_ERR_MASK = 0x1fffffff -+ CAN_INV_FILTER = 0x20000000 -+ CAN_ISOTP = 0x6 -+ CAN_MAX_DLC = 0x8 -+ CAN_MAX_DLEN = 0x8 -+ CAN_MCNET = 0x5 -+ CAN_MTU = 0x10 -+ CAN_NPROTO = 0x7 -+ CAN_RAW = 0x1 -+ CAN_RAW_FILTER_MAX = 0x200 -+ CAN_RTR_FLAG = 0x40000000 -+ CAN_SFF_ID_BITS = 0xb -+ CAN_SFF_MASK = 0x7ff -+ CAN_TP16 = 0x3 -+ CAN_TP20 = 0x4 -+ CBAUD = 0x100f -+ CBAUDEX = 0x1000 -+ CFLUSH = 0xf -+ CGROUP2_SUPER_MAGIC = 0x63677270 -+ CGROUP_SUPER_MAGIC = 0x27e0eb -+ CIBAUD = 0x100f0000 -+ CLOCAL = 0x800 -+ CLOCK_BOOTTIME = 0x7 -+ CLOCK_BOOTTIME_ALARM = 0x9 -+ CLOCK_DEFAULT = 0x0 -+ CLOCK_EXT = 0x1 -+ CLOCK_INT = 0x2 -+ CLOCK_MONOTONIC = 0x1 -+ CLOCK_MONOTONIC_COARSE = 0x6 -+ CLOCK_MONOTONIC_RAW = 0x4 -+ CLOCK_PROCESS_CPUTIME_ID = 0x2 -+ CLOCK_REALTIME = 0x0 -+ CLOCK_REALTIME_ALARM = 0x8 -+ CLOCK_REALTIME_COARSE = 0x5 -+ CLOCK_TAI = 0xb -+ CLOCK_THREAD_CPUTIME_ID = 0x3 -+ CLOCK_TXFROMRX = 0x4 -+ CLOCK_TXINT = 0x3 -+ CLONE_CHILD_CLEARTID = 0x200000 -+ CLONE_CHILD_SETTID = 0x1000000 -+ CLONE_DETACHED = 0x400000 -+ CLONE_FILES = 0x400 -+ CLONE_FS = 0x200 -+ CLONE_IO = 0x80000000 -+ CLONE_NEWCGROUP = 0x2000000 -+ CLONE_NEWIPC = 0x8000000 -+ CLONE_NEWNET = 0x40000000 -+ CLONE_NEWNS = 0x20000 -+ CLONE_NEWPID = 0x20000000 -+ CLONE_NEWUSER = 0x10000000 -+ CLONE_NEWUTS = 0x4000000 -+ CLONE_PARENT = 0x8000 -+ CLONE_PARENT_SETTID = 0x100000 -+ CLONE_PTRACE = 0x2000 -+ CLONE_SETTLS = 0x80000 -+ CLONE_SIGHAND = 0x800 -+ CLONE_SYSVSEM = 0x40000 -+ CLONE_THREAD = 0x10000 -+ CLONE_UNTRACED = 0x800000 -+ CLONE_VFORK = 0x4000 -+ CLONE_VM = 0x100 -+ CMSPAR = 0x40000000 -+ CODA_SUPER_MAGIC = 0x73757245 -+ CR0 = 0x0 -+ CR1 = 0x200 -+ CR2 = 0x400 -+ CR3 = 0x600 -+ CRAMFS_MAGIC = 0x28cd3d45 -+ CRDLY = 0x600 -+ CREAD = 0x80 -+ CRTSCTS = 0x80000000 -+ CRYPTO_MAX_NAME = 0x40 -+ CRYPTO_MSG_MAX = 0x15 -+ CRYPTO_NR_MSGTYPES = 0x6 -+ CRYPTO_REPORT_MAXSIZE = 0x160 -+ CS5 = 0x0 -+ CS6 = 0x10 -+ CS7 = 0x20 -+ CS8 = 0x30 -+ CSIGNAL = 0xff -+ CSIZE = 0x30 -+ CSTART = 0x11 -+ CSTATUS = 0x0 -+ CSTOP = 0x13 -+ CSTOPB = 0x40 -+ CSUSP = 0x1a -+ DAXFS_MAGIC = 0x64646178 -+ DEBUGFS_MAGIC = 0x64626720 -+ DEVPTS_SUPER_MAGIC = 0x1cd1 -+ DT_BLK = 0x6 -+ DT_CHR = 0x2 -+ DT_DIR = 0x4 -+ DT_FIFO = 0x1 -+ DT_LNK = 0xa -+ DT_REG = 0x8 -+ DT_SOCK = 0xc -+ DT_UNKNOWN = 0x0 -+ DT_WHT = 0xe -+ ECHO = 0x8 -+ ECHOCTL = 0x200 -+ ECHOE = 0x10 -+ ECHOK = 0x20 -+ ECHOKE = 0x800 -+ ECHONL = 0x40 -+ ECHOPRT = 0x400 -+ ECRYPTFS_SUPER_MAGIC = 0xf15f -+ EFD_CLOEXEC = 0x80000 -+ EFD_NONBLOCK = 0x800 -+ EFD_SEMAPHORE = 0x1 -+ EFIVARFS_MAGIC = 0xde5e81e4 -+ EFS_SUPER_MAGIC = 0x414a53 -+ ENCODING_DEFAULT = 0x0 -+ ENCODING_FM_MARK = 0x3 -+ ENCODING_FM_SPACE = 0x4 -+ ENCODING_MANCHESTER = 0x5 -+ ENCODING_NRZ = 0x1 -+ ENCODING_NRZI = 0x2 -+ EPOLLERR = 0x8 -+ EPOLLET = 0x80000000 -+ EPOLLEXCLUSIVE = 0x10000000 -+ EPOLLHUP = 0x10 -+ EPOLLIN = 0x1 -+ EPOLLMSG = 0x400 -+ EPOLLONESHOT = 0x40000000 -+ EPOLLOUT = 0x4 -+ EPOLLPRI = 0x2 -+ EPOLLRDBAND = 0x80 -+ EPOLLRDHUP = 0x2000 -+ EPOLLRDNORM = 0x40 -+ EPOLLWAKEUP = 0x20000000 -+ EPOLLWRBAND = 0x200 -+ EPOLLWRNORM = 0x100 -+ EPOLL_CLOEXEC = 0x80000 -+ EPOLL_CTL_ADD = 0x1 -+ EPOLL_CTL_DEL = 0x2 -+ EPOLL_CTL_MOD = 0x3 -+ ETH_P_1588 = 0x88f7 -+ ETH_P_8021AD = 0x88a8 -+ ETH_P_8021AH = 0x88e7 -+ ETH_P_8021Q = 0x8100 -+ ETH_P_80221 = 0x8917 -+ ETH_P_802_2 = 0x4 -+ ETH_P_802_3 = 0x1 -+ ETH_P_802_3_MIN = 0x600 -+ ETH_P_802_EX1 = 0x88b5 -+ ETH_P_AARP = 0x80f3 -+ ETH_P_AF_IUCV = 0xfbfb -+ ETH_P_ALL = 0x3 -+ ETH_P_AOE = 0x88a2 -+ ETH_P_ARCNET = 0x1a -+ ETH_P_ARP = 0x806 -+ ETH_P_ATALK = 0x809b -+ ETH_P_ATMFATE = 0x8884 -+ ETH_P_ATMMPOA = 0x884c -+ ETH_P_AX25 = 0x2 -+ ETH_P_BATMAN = 0x4305 -+ ETH_P_BPQ = 0x8ff -+ ETH_P_CAIF = 0xf7 -+ ETH_P_CAN = 0xc -+ ETH_P_CANFD = 0xd -+ ETH_P_CONTROL = 0x16 -+ ETH_P_CUST = 0x6006 -+ ETH_P_DDCMP = 0x6 -+ ETH_P_DEC = 0x6000 -+ ETH_P_DIAG = 0x6005 -+ ETH_P_DNA_DL = 0x6001 -+ ETH_P_DNA_RC = 0x6002 -+ ETH_P_DNA_RT = 0x6003 -+ ETH_P_DSA = 0x1b -+ ETH_P_ECONET = 0x18 -+ ETH_P_EDSA = 0xdada -+ ETH_P_ERSPAN = 0x88be -+ ETH_P_ERSPAN2 = 0x22eb -+ ETH_P_FCOE = 0x8906 -+ ETH_P_FIP = 0x8914 -+ ETH_P_HDLC = 0x19 -+ ETH_P_HSR = 0x892f -+ ETH_P_IBOE = 0x8915 -+ ETH_P_IEEE802154 = 0xf6 -+ ETH_P_IEEEPUP = 0xa00 -+ ETH_P_IEEEPUPAT = 0xa01 -+ ETH_P_IFE = 0xed3e -+ ETH_P_IP = 0x800 -+ ETH_P_IPV6 = 0x86dd -+ ETH_P_IPX = 0x8137 -+ ETH_P_IRDA = 0x17 -+ ETH_P_LAT = 0x6004 -+ ETH_P_LINK_CTL = 0x886c -+ ETH_P_LOCALTALK = 0x9 -+ ETH_P_LOOP = 0x60 -+ ETH_P_LOOPBACK = 0x9000 -+ ETH_P_MACSEC = 0x88e5 -+ ETH_P_MAP = 0xf9 -+ ETH_P_MOBITEX = 0x15 -+ ETH_P_MPLS_MC = 0x8848 -+ ETH_P_MPLS_UC = 0x8847 -+ ETH_P_MVRP = 0x88f5 -+ ETH_P_NCSI = 0x88f8 -+ ETH_P_NSH = 0x894f -+ ETH_P_PAE = 0x888e -+ ETH_P_PAUSE = 0x8808 -+ ETH_P_PHONET = 0xf5 -+ ETH_P_PPPTALK = 0x10 -+ ETH_P_PPP_DISC = 0x8863 -+ ETH_P_PPP_MP = 0x8 -+ ETH_P_PPP_SES = 0x8864 -+ ETH_P_PREAUTH = 0x88c7 -+ ETH_P_PRP = 0x88fb -+ ETH_P_PUP = 0x200 -+ ETH_P_PUPAT = 0x201 -+ ETH_P_QINQ1 = 0x9100 -+ ETH_P_QINQ2 = 0x9200 -+ ETH_P_QINQ3 = 0x9300 -+ ETH_P_RARP = 0x8035 -+ ETH_P_SCA = 0x6007 -+ ETH_P_SLOW = 0x8809 -+ ETH_P_SNAP = 0x5 -+ ETH_P_TDLS = 0x890d -+ ETH_P_TEB = 0x6558 -+ ETH_P_TIPC = 0x88ca -+ ETH_P_TRAILER = 0x1c -+ ETH_P_TR_802_2 = 0x11 -+ ETH_P_TSN = 0x22f0 -+ ETH_P_WAN_PPP = 0x7 -+ ETH_P_WCCP = 0x883e -+ ETH_P_X25 = 0x805 -+ ETH_P_XDSA = 0xf8 -+ EXABYTE_ENABLE_NEST = 0xf0 -+ EXT2_SUPER_MAGIC = 0xef53 -+ EXT3_SUPER_MAGIC = 0xef53 -+ EXT4_SUPER_MAGIC = 0xef53 -+ EXTA = 0xe -+ EXTB = 0xf -+ EXTPROC = 0x10000 -+ F2FS_SUPER_MAGIC = 0xf2f52010 -+ FALLOC_FL_COLLAPSE_RANGE = 0x8 -+ FALLOC_FL_INSERT_RANGE = 0x20 -+ FALLOC_FL_KEEP_SIZE = 0x1 -+ FALLOC_FL_NO_HIDE_STALE = 0x4 -+ FALLOC_FL_PUNCH_HOLE = 0x2 -+ FALLOC_FL_UNSHARE_RANGE = 0x40 -+ FALLOC_FL_ZERO_RANGE = 0x10 -+ FANOTIFY_METADATA_VERSION = 0x3 -+ FAN_ACCESS = 0x1 -+ FAN_ACCESS_PERM = 0x20000 -+ FAN_ALLOW = 0x1 -+ FAN_ALL_CLASS_BITS = 0xc -+ FAN_ALL_EVENTS = 0x3b -+ FAN_ALL_INIT_FLAGS = 0x3f -+ FAN_ALL_MARK_FLAGS = 0xff -+ FAN_ALL_OUTGOING_EVENTS = 0x3403b -+ FAN_ALL_PERM_EVENTS = 0x30000 -+ FAN_AUDIT = 0x10 -+ FAN_CLASS_CONTENT = 0x4 -+ FAN_CLASS_NOTIF = 0x0 -+ FAN_CLASS_PRE_CONTENT = 0x8 -+ FAN_CLOEXEC = 0x1 -+ FAN_CLOSE = 0x18 -+ FAN_CLOSE_NOWRITE = 0x10 -+ FAN_CLOSE_WRITE = 0x8 -+ FAN_DENY = 0x2 -+ FAN_ENABLE_AUDIT = 0x40 -+ FAN_EVENT_METADATA_LEN = 0x18 -+ FAN_EVENT_ON_CHILD = 0x8000000 -+ FAN_MARK_ADD = 0x1 -+ FAN_MARK_DONT_FOLLOW = 0x4 -+ FAN_MARK_FILESYSTEM = 0x100 -+ FAN_MARK_FLUSH = 0x80 -+ FAN_MARK_IGNORED_MASK = 0x20 -+ FAN_MARK_IGNORED_SURV_MODIFY = 0x40 -+ FAN_MARK_INODE = 0x0 -+ FAN_MARK_MOUNT = 0x10 -+ FAN_MARK_ONLYDIR = 0x8 -+ FAN_MARK_REMOVE = 0x2 -+ FAN_MODIFY = 0x2 -+ FAN_NOFD = -0x1 -+ FAN_NONBLOCK = 0x2 -+ FAN_ONDIR = 0x40000000 -+ FAN_OPEN = 0x20 -+ FAN_OPEN_EXEC = 0x1000 -+ FAN_OPEN_EXEC_PERM = 0x40000 -+ FAN_OPEN_PERM = 0x10000 -+ FAN_Q_OVERFLOW = 0x4000 -+ FAN_REPORT_TID = 0x100 -+ FAN_UNLIMITED_MARKS = 0x20 -+ FAN_UNLIMITED_QUEUE = 0x10 -+ FD_CLOEXEC = 0x1 -+ FD_SETSIZE = 0x400 -+ FF0 = 0x0 -+ FF1 = 0x8000 -+ FFDLY = 0x8000 -+ FLUSHO = 0x1000 -+ FS_ENCRYPTION_MODE_ADIANTUM = 0x9 -+ FS_ENCRYPTION_MODE_AES_128_CBC = 0x5 -+ FS_ENCRYPTION_MODE_AES_128_CTS = 0x6 -+ FS_ENCRYPTION_MODE_AES_256_CBC = 0x3 -+ FS_ENCRYPTION_MODE_AES_256_CTS = 0x4 -+ FS_ENCRYPTION_MODE_AES_256_GCM = 0x2 -+ FS_ENCRYPTION_MODE_AES_256_XTS = 0x1 -+ FS_ENCRYPTION_MODE_INVALID = 0x0 -+ FS_ENCRYPTION_MODE_SPECK128_256_CTS = 0x8 -+ FS_ENCRYPTION_MODE_SPECK128_256_XTS = 0x7 -+ FS_IOC_GET_ENCRYPTION_POLICY = 0x400c6615 -+ FS_IOC_GET_ENCRYPTION_PWSALT = 0x40106614 -+ FS_IOC_SET_ENCRYPTION_POLICY = 0x800c6613 -+ FS_KEY_DESCRIPTOR_SIZE = 0x8 -+ FS_KEY_DESC_PREFIX = "fscrypt:" -+ FS_KEY_DESC_PREFIX_SIZE = 0x8 -+ FS_MAX_KEY_SIZE = 0x40 -+ FS_POLICY_FLAGS_PAD_16 = 0x2 -+ FS_POLICY_FLAGS_PAD_32 = 0x3 -+ FS_POLICY_FLAGS_PAD_4 = 0x0 -+ FS_POLICY_FLAGS_PAD_8 = 0x1 -+ FS_POLICY_FLAGS_PAD_MASK = 0x3 -+ FS_POLICY_FLAGS_VALID = 0x7 -+ FUTEXFS_SUPER_MAGIC = 0xbad1dea -+ F_ADD_SEALS = 0x409 -+ F_DUPFD = 0x0 -+ F_DUPFD_CLOEXEC = 0x406 -+ F_EXLCK = 0x4 -+ F_GETFD = 0x1 -+ F_GETFL = 0x3 -+ F_GETLEASE = 0x401 -+ F_GETLK = 0x5 -+ F_GETLK64 = 0x5 -+ F_GETOWN = 0x9 -+ F_GETOWN_EX = 0x10 -+ F_GETPIPE_SZ = 0x408 -+ F_GETSIG = 0xb -+ F_GET_FILE_RW_HINT = 0x40d -+ F_GET_RW_HINT = 0x40b -+ F_GET_SEALS = 0x40a -+ F_LOCK = 0x1 -+ F_NOTIFY = 0x402 -+ F_OFD_GETLK = 0x24 -+ F_OFD_SETLK = 0x25 -+ F_OFD_SETLKW = 0x26 -+ F_OK = 0x0 -+ F_RDLCK = 0x0 -+ F_SEAL_GROW = 0x4 -+ F_SEAL_SEAL = 0x1 -+ F_SEAL_SHRINK = 0x2 -+ F_SEAL_WRITE = 0x8 -+ F_SETFD = 0x2 -+ F_SETFL = 0x4 -+ F_SETLEASE = 0x400 -+ F_SETLK = 0x6 -+ F_SETLK64 = 0x6 -+ F_SETLKW = 0x7 -+ F_SETLKW64 = 0x7 -+ F_SETOWN = 0x8 -+ F_SETOWN_EX = 0xf -+ F_SETPIPE_SZ = 0x407 -+ F_SETSIG = 0xa -+ F_SET_FILE_RW_HINT = 0x40e -+ F_SET_RW_HINT = 0x40c -+ F_SHLCK = 0x8 -+ F_TEST = 0x3 -+ F_TLOCK = 0x2 -+ F_ULOCK = 0x0 -+ F_UNLCK = 0x2 -+ F_WRLCK = 0x1 -+ GENL_ADMIN_PERM = 0x1 -+ GENL_CMD_CAP_DO = 0x2 -+ GENL_CMD_CAP_DUMP = 0x4 -+ GENL_CMD_CAP_HASPOL = 0x8 -+ GENL_HDRLEN = 0x4 -+ GENL_ID_CTRL = 0x10 -+ GENL_ID_PMCRAID = 0x12 -+ GENL_ID_VFS_DQUOT = 0x11 -+ GENL_MAX_ID = 0x3ff -+ GENL_MIN_ID = 0x10 -+ GENL_NAMSIZ = 0x10 -+ GENL_START_ALLOC = 0x13 -+ GENL_UNS_ADMIN_PERM = 0x10 -+ GRND_NONBLOCK = 0x1 -+ GRND_RANDOM = 0x2 -+ HDIO_DRIVE_CMD = 0x31f -+ HDIO_DRIVE_CMD_AEB = 0x31e -+ HDIO_DRIVE_CMD_HDR_SIZE = 0x4 -+ HDIO_DRIVE_HOB_HDR_SIZE = 0x8 -+ HDIO_DRIVE_RESET = 0x31c -+ HDIO_DRIVE_TASK = 0x31e -+ HDIO_DRIVE_TASKFILE = 0x31d -+ HDIO_DRIVE_TASK_HDR_SIZE = 0x8 -+ HDIO_GETGEO = 0x301 -+ HDIO_GET_32BIT = 0x309 -+ HDIO_GET_ACOUSTIC = 0x30f -+ HDIO_GET_ADDRESS = 0x310 -+ HDIO_GET_BUSSTATE = 0x31a -+ HDIO_GET_DMA = 0x30b -+ HDIO_GET_IDENTITY = 0x30d -+ HDIO_GET_KEEPSETTINGS = 0x308 -+ HDIO_GET_MULTCOUNT = 0x304 -+ HDIO_GET_NICE = 0x30c -+ HDIO_GET_NOWERR = 0x30a -+ HDIO_GET_QDMA = 0x305 -+ HDIO_GET_UNMASKINTR = 0x302 -+ HDIO_GET_WCACHE = 0x30e -+ HDIO_OBSOLETE_IDENTITY = 0x307 -+ HDIO_SCAN_HWIF = 0x328 -+ HDIO_SET_32BIT = 0x324 -+ HDIO_SET_ACOUSTIC = 0x32c -+ HDIO_SET_ADDRESS = 0x32f -+ HDIO_SET_BUSSTATE = 0x32d -+ HDIO_SET_DMA = 0x326 -+ HDIO_SET_KEEPSETTINGS = 0x323 -+ HDIO_SET_MULTCOUNT = 0x321 -+ HDIO_SET_NICE = 0x329 -+ HDIO_SET_NOWERR = 0x325 -+ HDIO_SET_PIO_MODE = 0x327 -+ HDIO_SET_QDMA = 0x32e -+ HDIO_SET_UNMASKINTR = 0x322 -+ HDIO_SET_WCACHE = 0x32b -+ HDIO_SET_XFER = 0x306 -+ HDIO_TRISTATE_HWIF = 0x31b -+ HDIO_UNREGISTER_HWIF = 0x32a -+ HOSTFS_SUPER_MAGIC = 0xc0ffee -+ HPFS_SUPER_MAGIC = 0xf995e849 -+ HUGETLBFS_MAGIC = 0x958458f6 -+ HUPCL = 0x400 -+ IBSHIFT = 0x10 -+ ICANON = 0x2 -+ ICMPV6_FILTER = 0x1 -+ ICRNL = 0x100 -+ IEXTEN = 0x8000 -+ IFA_F_DADFAILED = 0x8 -+ IFA_F_DEPRECATED = 0x20 -+ IFA_F_HOMEADDRESS = 0x10 -+ IFA_F_MANAGETEMPADDR = 0x100 -+ IFA_F_MCAUTOJOIN = 0x400 -+ IFA_F_NODAD = 0x2 -+ IFA_F_NOPREFIXROUTE = 0x200 -+ IFA_F_OPTIMISTIC = 0x4 -+ IFA_F_PERMANENT = 0x80 -+ IFA_F_SECONDARY = 0x1 -+ IFA_F_STABLE_PRIVACY = 0x800 -+ IFA_F_TEMPORARY = 0x1 -+ IFA_F_TENTATIVE = 0x40 -+ IFA_MAX = 0xa -+ IFF_ALLMULTI = 0x200 -+ IFF_ATTACH_QUEUE = 0x200 -+ IFF_AUTOMEDIA = 0x4000 -+ IFF_BROADCAST = 0x2 -+ IFF_DEBUG = 0x4 -+ IFF_DETACH_QUEUE = 0x400 -+ IFF_DORMANT = 0x20000 -+ IFF_DYNAMIC = 0x8000 -+ IFF_ECHO = 0x40000 -+ IFF_LOOPBACK = 0x8 -+ IFF_LOWER_UP = 0x10000 -+ IFF_MASTER = 0x400 -+ IFF_MULTICAST = 0x1000 -+ IFF_MULTI_QUEUE = 0x100 -+ IFF_NAPI = 0x10 -+ IFF_NAPI_FRAGS = 0x20 -+ IFF_NOARP = 0x80 -+ IFF_NOFILTER = 0x1000 -+ IFF_NOTRAILERS = 0x20 -+ IFF_NO_PI = 0x1000 -+ IFF_ONE_QUEUE = 0x2000 -+ IFF_PERSIST = 0x800 -+ IFF_POINTOPOINT = 0x10 -+ IFF_PORTSEL = 0x2000 -+ IFF_PROMISC = 0x100 -+ IFF_RUNNING = 0x40 -+ IFF_SLAVE = 0x800 -+ IFF_TAP = 0x2 -+ IFF_TUN = 0x1 -+ IFF_TUN_EXCL = 0x8000 -+ IFF_UP = 0x1 -+ IFF_VNET_HDR = 0x4000 -+ IFF_VOLATILE = 0x70c5a -+ IFNAMSIZ = 0x10 -+ IGNBRK = 0x1 -+ IGNCR = 0x80 -+ IGNPAR = 0x4 -+ IMAXBEL = 0x2000 -+ INLCR = 0x40 -+ INPCK = 0x10 -+ IN_ACCESS = 0x1 -+ IN_ALL_EVENTS = 0xfff -+ IN_ATTRIB = 0x4 -+ IN_CLASSA_HOST = 0xffffff -+ IN_CLASSA_MAX = 0x80 -+ IN_CLASSA_NET = 0xff000000 -+ IN_CLASSA_NSHIFT = 0x18 -+ IN_CLASSB_HOST = 0xffff -+ IN_CLASSB_MAX = 0x10000 -+ IN_CLASSB_NET = 0xffff0000 -+ IN_CLASSB_NSHIFT = 0x10 -+ IN_CLASSC_HOST = 0xff -+ IN_CLASSC_NET = 0xffffff00 -+ IN_CLASSC_NSHIFT = 0x8 -+ IN_CLOEXEC = 0x80000 -+ IN_CLOSE = 0x18 -+ IN_CLOSE_NOWRITE = 0x10 -+ IN_CLOSE_WRITE = 0x8 -+ IN_CREATE = 0x100 -+ IN_DELETE = 0x200 -+ IN_DELETE_SELF = 0x400 -+ IN_DONT_FOLLOW = 0x2000000 -+ IN_EXCL_UNLINK = 0x4000000 -+ IN_IGNORED = 0x8000 -+ IN_ISDIR = 0x40000000 -+ IN_LOOPBACKNET = 0x7f -+ IN_MASK_ADD = 0x20000000 -+ IN_MASK_CREATE = 0x10000000 -+ IN_MODIFY = 0x2 -+ IN_MOVE = 0xc0 -+ IN_MOVED_FROM = 0x40 -+ IN_MOVED_TO = 0x80 -+ IN_MOVE_SELF = 0x800 -+ IN_NONBLOCK = 0x800 -+ IN_ONESHOT = 0x80000000 -+ IN_ONLYDIR = 0x1000000 -+ IN_OPEN = 0x20 -+ IN_Q_OVERFLOW = 0x4000 -+ IN_UNMOUNT = 0x2000 -+ IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 -+ IPPROTO_AH = 0x33 -+ IPPROTO_BEETPH = 0x5e -+ IPPROTO_COMP = 0x6c -+ IPPROTO_DCCP = 0x21 -+ IPPROTO_DSTOPTS = 0x3c -+ IPPROTO_EGP = 0x8 -+ IPPROTO_ENCAP = 0x62 -+ IPPROTO_ESP = 0x32 -+ IPPROTO_FRAGMENT = 0x2c -+ IPPROTO_GRE = 0x2f -+ IPPROTO_HOPOPTS = 0x0 -+ IPPROTO_ICMP = 0x1 -+ IPPROTO_ICMPV6 = 0x3a -+ IPPROTO_IDP = 0x16 -+ IPPROTO_IGMP = 0x2 -+ IPPROTO_IP = 0x0 -+ IPPROTO_IPIP = 0x4 -+ IPPROTO_IPV6 = 0x29 -+ IPPROTO_MH = 0x87 -+ IPPROTO_MPLS = 0x89 -+ IPPROTO_MTP = 0x5c -+ IPPROTO_NONE = 0x3b -+ IPPROTO_PIM = 0x67 -+ IPPROTO_PUP = 0xc -+ IPPROTO_RAW = 0xff -+ IPPROTO_ROUTING = 0x2b -+ IPPROTO_RSVP = 0x2e -+ IPPROTO_SCTP = 0x84 -+ IPPROTO_TCP = 0x6 -+ IPPROTO_TP = 0x1d -+ IPPROTO_UDP = 0x11 -+ IPPROTO_UDPLITE = 0x88 -+ IPV6_2292DSTOPTS = 0x4 -+ IPV6_2292HOPLIMIT = 0x8 -+ IPV6_2292HOPOPTS = 0x3 -+ IPV6_2292PKTINFO = 0x2 -+ IPV6_2292PKTOPTIONS = 0x6 -+ IPV6_2292RTHDR = 0x5 -+ IPV6_ADDRFORM = 0x1 -+ IPV6_ADDR_PREFERENCES = 0x48 -+ IPV6_ADD_MEMBERSHIP = 0x14 -+ IPV6_AUTHHDR = 0xa -+ IPV6_AUTOFLOWLABEL = 0x46 -+ IPV6_CHECKSUM = 0x7 -+ IPV6_DONTFRAG = 0x3e -+ IPV6_DROP_MEMBERSHIP = 0x15 -+ IPV6_DSTOPTS = 0x3b -+ IPV6_FREEBIND = 0x4e -+ IPV6_HDRINCL = 0x24 -+ IPV6_HOPLIMIT = 0x34 -+ IPV6_HOPOPTS = 0x36 -+ IPV6_IPSEC_POLICY = 0x22 -+ IPV6_JOIN_ANYCAST = 0x1b -+ IPV6_JOIN_GROUP = 0x14 -+ IPV6_LEAVE_ANYCAST = 0x1c -+ IPV6_LEAVE_GROUP = 0x15 -+ IPV6_MINHOPCOUNT = 0x49 -+ IPV6_MTU = 0x18 -+ IPV6_MTU_DISCOVER = 0x17 -+ IPV6_MULTICAST_ALL = 0x1d -+ IPV6_MULTICAST_HOPS = 0x12 -+ IPV6_MULTICAST_IF = 0x11 -+ IPV6_MULTICAST_LOOP = 0x13 -+ IPV6_NEXTHOP = 0x9 -+ IPV6_ORIGDSTADDR = 0x4a -+ IPV6_PATHMTU = 0x3d -+ IPV6_PKTINFO = 0x32 -+ IPV6_PMTUDISC_DO = 0x2 -+ IPV6_PMTUDISC_DONT = 0x0 -+ IPV6_PMTUDISC_INTERFACE = 0x4 -+ IPV6_PMTUDISC_OMIT = 0x5 -+ IPV6_PMTUDISC_PROBE = 0x3 -+ IPV6_PMTUDISC_WANT = 0x1 -+ IPV6_RECVDSTOPTS = 0x3a -+ IPV6_RECVERR = 0x19 -+ IPV6_RECVFRAGSIZE = 0x4d -+ IPV6_RECVHOPLIMIT = 0x33 -+ IPV6_RECVHOPOPTS = 0x35 -+ IPV6_RECVORIGDSTADDR = 0x4a -+ IPV6_RECVPATHMTU = 0x3c -+ IPV6_RECVPKTINFO = 0x31 -+ IPV6_RECVRTHDR = 0x38 -+ IPV6_RECVTCLASS = 0x42 -+ IPV6_ROUTER_ALERT = 0x16 -+ IPV6_RTHDR = 0x39 -+ IPV6_RTHDRDSTOPTS = 0x37 -+ IPV6_RTHDR_LOOSE = 0x0 -+ IPV6_RTHDR_STRICT = 0x1 -+ IPV6_RTHDR_TYPE_0 = 0x0 -+ IPV6_RXDSTOPTS = 0x3b -+ IPV6_RXHOPOPTS = 0x36 -+ IPV6_TCLASS = 0x43 -+ IPV6_TRANSPARENT = 0x4b -+ IPV6_UNICAST_HOPS = 0x10 -+ IPV6_UNICAST_IF = 0x4c -+ IPV6_V6ONLY = 0x1a -+ IPV6_XFRM_POLICY = 0x23 -+ IP_ADD_MEMBERSHIP = 0x23 -+ IP_ADD_SOURCE_MEMBERSHIP = 0x27 -+ IP_BIND_ADDRESS_NO_PORT = 0x18 -+ IP_BLOCK_SOURCE = 0x26 -+ IP_CHECKSUM = 0x17 -+ IP_DEFAULT_MULTICAST_LOOP = 0x1 -+ IP_DEFAULT_MULTICAST_TTL = 0x1 -+ IP_DF = 0x4000 -+ IP_DROP_MEMBERSHIP = 0x24 -+ IP_DROP_SOURCE_MEMBERSHIP = 0x28 -+ IP_FREEBIND = 0xf -+ IP_HDRINCL = 0x3 -+ IP_IPSEC_POLICY = 0x10 -+ IP_MAXPACKET = 0xffff -+ IP_MAX_MEMBERSHIPS = 0x14 -+ IP_MF = 0x2000 -+ IP_MINTTL = 0x15 -+ IP_MSFILTER = 0x29 -+ IP_MSS = 0x240 -+ IP_MTU = 0xe -+ IP_MTU_DISCOVER = 0xa -+ IP_MULTICAST_ALL = 0x31 -+ IP_MULTICAST_IF = 0x20 -+ IP_MULTICAST_LOOP = 0x22 -+ IP_MULTICAST_TTL = 0x21 -+ IP_NODEFRAG = 0x16 -+ IP_OFFMASK = 0x1fff -+ IP_OPTIONS = 0x4 -+ IP_ORIGDSTADDR = 0x14 -+ IP_PASSSEC = 0x12 -+ IP_PKTINFO = 0x8 -+ IP_PKTOPTIONS = 0x9 -+ IP_PMTUDISC = 0xa -+ IP_PMTUDISC_DO = 0x2 -+ IP_PMTUDISC_DONT = 0x0 -+ IP_PMTUDISC_INTERFACE = 0x4 -+ IP_PMTUDISC_OMIT = 0x5 -+ IP_PMTUDISC_PROBE = 0x3 -+ IP_PMTUDISC_WANT = 0x1 -+ IP_RECVERR = 0xb -+ IP_RECVFRAGSIZE = 0x19 -+ IP_RECVOPTS = 0x6 -+ IP_RECVORIGDSTADDR = 0x14 -+ IP_RECVRETOPTS = 0x7 -+ IP_RECVTOS = 0xd -+ IP_RECVTTL = 0xc -+ IP_RETOPTS = 0x7 -+ IP_RF = 0x8000 -+ IP_ROUTER_ALERT = 0x5 -+ IP_TOS = 0x1 -+ IP_TRANSPARENT = 0x13 -+ IP_TTL = 0x2 -+ IP_UNBLOCK_SOURCE = 0x25 -+ IP_UNICAST_IF = 0x32 -+ IP_XFRM_POLICY = 0x11 -+ ISIG = 0x1 -+ ISOFS_SUPER_MAGIC = 0x9660 -+ ISTRIP = 0x20 -+ IUCLC = 0x200 -+ IUTF8 = 0x4000 -+ IXANY = 0x800 -+ IXOFF = 0x1000 -+ IXON = 0x400 -+ JFFS2_SUPER_MAGIC = 0x72b6 -+ KEXEC_ARCH_386 = 0x30000 -+ KEXEC_ARCH_68K = 0x40000 -+ KEXEC_ARCH_AARCH64 = 0xb70000 -+ KEXEC_ARCH_ARM = 0x280000 -+ KEXEC_ARCH_DEFAULT = 0x0 -+ KEXEC_ARCH_IA_64 = 0x320000 -+ KEXEC_ARCH_MASK = 0xffff0000 -+ KEXEC_ARCH_MIPS = 0x80000 -+ KEXEC_ARCH_MIPS_LE = 0xa0000 -+ KEXEC_ARCH_PPC = 0x140000 -+ KEXEC_ARCH_PPC64 = 0x150000 -+ KEXEC_ARCH_S390 = 0x160000 -+ KEXEC_ARCH_SH = 0x2a0000 -+ KEXEC_ARCH_X86_64 = 0x3e0000 -+ KEXEC_FILE_NO_INITRAMFS = 0x4 -+ KEXEC_FILE_ON_CRASH = 0x2 -+ KEXEC_FILE_UNLOAD = 0x1 -+ KEXEC_ON_CRASH = 0x1 -+ KEXEC_PRESERVE_CONTEXT = 0x2 -+ KEXEC_SEGMENT_MAX = 0x10 -+ KEYCTL_ASSUME_AUTHORITY = 0x10 -+ KEYCTL_CHOWN = 0x4 -+ KEYCTL_CLEAR = 0x7 -+ KEYCTL_DESCRIBE = 0x6 -+ KEYCTL_DH_COMPUTE = 0x17 -+ KEYCTL_GET_KEYRING_ID = 0x0 -+ KEYCTL_GET_PERSISTENT = 0x16 -+ KEYCTL_GET_SECURITY = 0x11 -+ KEYCTL_INSTANTIATE = 0xc -+ KEYCTL_INSTANTIATE_IOV = 0x14 -+ KEYCTL_INVALIDATE = 0x15 -+ KEYCTL_JOIN_SESSION_KEYRING = 0x1 -+ KEYCTL_LINK = 0x8 -+ KEYCTL_NEGATE = 0xd -+ KEYCTL_PKEY_DECRYPT = 0x1a -+ KEYCTL_PKEY_ENCRYPT = 0x19 -+ KEYCTL_PKEY_QUERY = 0x18 -+ KEYCTL_PKEY_SIGN = 0x1b -+ KEYCTL_PKEY_VERIFY = 0x1c -+ KEYCTL_READ = 0xb -+ KEYCTL_REJECT = 0x13 -+ KEYCTL_RESTRICT_KEYRING = 0x1d -+ KEYCTL_REVOKE = 0x3 -+ KEYCTL_SEARCH = 0xa -+ KEYCTL_SESSION_TO_PARENT = 0x12 -+ KEYCTL_SETPERM = 0x5 -+ KEYCTL_SET_REQKEY_KEYRING = 0xe -+ KEYCTL_SET_TIMEOUT = 0xf -+ KEYCTL_SUPPORTS_DECRYPT = 0x2 -+ KEYCTL_SUPPORTS_ENCRYPT = 0x1 -+ KEYCTL_SUPPORTS_SIGN = 0x4 -+ KEYCTL_SUPPORTS_VERIFY = 0x8 -+ KEYCTL_UNLINK = 0x9 -+ KEYCTL_UPDATE = 0x2 -+ KEY_REQKEY_DEFL_DEFAULT = 0x0 -+ KEY_REQKEY_DEFL_GROUP_KEYRING = 0x6 -+ KEY_REQKEY_DEFL_NO_CHANGE = -0x1 -+ KEY_REQKEY_DEFL_PROCESS_KEYRING = 0x2 -+ KEY_REQKEY_DEFL_REQUESTOR_KEYRING = 0x7 -+ KEY_REQKEY_DEFL_SESSION_KEYRING = 0x3 -+ KEY_REQKEY_DEFL_THREAD_KEYRING = 0x1 -+ KEY_REQKEY_DEFL_USER_KEYRING = 0x4 -+ KEY_REQKEY_DEFL_USER_SESSION_KEYRING = 0x5 -+ KEY_SPEC_GROUP_KEYRING = -0x6 -+ KEY_SPEC_PROCESS_KEYRING = -0x2 -+ KEY_SPEC_REQKEY_AUTH_KEY = -0x7 -+ KEY_SPEC_REQUESTOR_KEYRING = -0x8 -+ KEY_SPEC_SESSION_KEYRING = -0x3 -+ KEY_SPEC_THREAD_KEYRING = -0x1 -+ KEY_SPEC_USER_KEYRING = -0x4 -+ KEY_SPEC_USER_SESSION_KEYRING = -0x5 -+ LINUX_REBOOT_CMD_CAD_OFF = 0x0 -+ LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef -+ LINUX_REBOOT_CMD_HALT = 0xcdef0123 -+ LINUX_REBOOT_CMD_KEXEC = 0x45584543 -+ LINUX_REBOOT_CMD_POWER_OFF = 0x4321fedc -+ LINUX_REBOOT_CMD_RESTART = 0x1234567 -+ LINUX_REBOOT_CMD_RESTART2 = 0xa1b2c3d4 -+ LINUX_REBOOT_CMD_SW_SUSPEND = 0xd000fce2 -+ LINUX_REBOOT_MAGIC1 = 0xfee1dead -+ LINUX_REBOOT_MAGIC2 = 0x28121969 -+ LOCK_EX = 0x2 -+ LOCK_NB = 0x4 -+ LOCK_SH = 0x1 -+ LOCK_UN = 0x8 -+ MADV_DODUMP = 0x11 -+ MADV_DOFORK = 0xb -+ MADV_DONTDUMP = 0x10 -+ MADV_DONTFORK = 0xa -+ MADV_DONTNEED = 0x4 -+ MADV_FREE = 0x8 -+ MADV_HUGEPAGE = 0xe -+ MADV_HWPOISON = 0x64 -+ MADV_KEEPONFORK = 0x13 -+ MADV_MERGEABLE = 0xc -+ MADV_NOHUGEPAGE = 0xf -+ MADV_NORMAL = 0x0 -+ MADV_RANDOM = 0x1 -+ MADV_REMOVE = 0x9 -+ MADV_SEQUENTIAL = 0x2 -+ MADV_UNMERGEABLE = 0xd -+ MADV_WILLNEED = 0x3 -+ MADV_WIPEONFORK = 0x12 -+ MAP_ANON = 0x20 -+ MAP_ANONYMOUS = 0x20 -+ MAP_DENYWRITE = 0x800 -+ MAP_EXECUTABLE = 0x1000 -+ MAP_FILE = 0x0 -+ MAP_FIXED = 0x10 -+ MAP_FIXED_NOREPLACE = 0x100000 -+ MAP_GROWSDOWN = 0x100 -+ MAP_HUGETLB = 0x40000 -+ MAP_HUGE_MASK = 0x3f -+ MAP_HUGE_SHIFT = 0x1a -+ MAP_LOCKED = 0x2000 -+ MAP_NONBLOCK = 0x10000 -+ MAP_NORESERVE = 0x4000 -+ MAP_POPULATE = 0x8000 -+ MAP_PRIVATE = 0x2 -+ MAP_SHARED = 0x1 -+ MAP_SHARED_VALIDATE = 0x3 -+ MAP_STACK = 0x20000 -+ MAP_SYNC = 0x80000 -+ MAP_TYPE = 0xf -+ MCL_CURRENT = 0x1 -+ MCL_FUTURE = 0x2 -+ MCL_ONFAULT = 0x4 -+ MFD_ALLOW_SEALING = 0x2 -+ MFD_CLOEXEC = 0x1 -+ MFD_HUGETLB = 0x4 -+ MFD_HUGE_16GB = -0x78000000 -+ MFD_HUGE_16MB = 0x60000000 -+ MFD_HUGE_1GB = 0x78000000 -+ MFD_HUGE_1MB = 0x50000000 -+ MFD_HUGE_256MB = 0x70000000 -+ MFD_HUGE_2GB = 0x7c000000 -+ MFD_HUGE_2MB = 0x54000000 -+ MFD_HUGE_32MB = 0x64000000 -+ MFD_HUGE_512KB = 0x4c000000 -+ MFD_HUGE_512MB = 0x74000000 -+ MFD_HUGE_64KB = 0x40000000 -+ MFD_HUGE_8MB = 0x5c000000 -+ MFD_HUGE_MASK = 0x3f -+ MFD_HUGE_SHIFT = 0x1a -+ MINIX2_SUPER_MAGIC = 0x2468 -+ MINIX2_SUPER_MAGIC2 = 0x2478 -+ MINIX3_SUPER_MAGIC = 0x4d5a -+ MINIX_SUPER_MAGIC = 0x137f -+ MINIX_SUPER_MAGIC2 = 0x138f -+ MNT_DETACH = 0x2 -+ MNT_EXPIRE = 0x4 -+ MNT_FORCE = 0x1 -+ MODULE_INIT_IGNORE_MODVERSIONS = 0x1 -+ MODULE_INIT_IGNORE_VERMAGIC = 0x2 -+ MSDOS_SUPER_MAGIC = 0x4d44 -+ MSG_BATCH = 0x40000 -+ MSG_CMSG_CLOEXEC = 0x40000000 -+ MSG_CONFIRM = 0x800 -+ MSG_CTRUNC = 0x8 -+ MSG_DONTROUTE = 0x4 -+ MSG_DONTWAIT = 0x40 -+ MSG_EOR = 0x80 -+ MSG_ERRQUEUE = 0x2000 -+ MSG_FASTOPEN = 0x20000000 -+ MSG_FIN = 0x200 -+ MSG_MORE = 0x8000 -+ MSG_NOSIGNAL = 0x4000 -+ MSG_OOB = 0x1 -+ MSG_PEEK = 0x2 -+ MSG_PROXY = 0x10 -+ MSG_RST = 0x1000 -+ MSG_SYN = 0x400 -+ MSG_TRUNC = 0x20 -+ MSG_TRYHARD = 0x4 -+ MSG_WAITALL = 0x100 -+ MSG_WAITFORONE = 0x10000 -+ MSG_ZEROCOPY = 0x4000000 -+ MS_ACTIVE = 0x40000000 -+ MS_ASYNC = 0x1 -+ MS_BIND = 0x1000 -+ MS_BORN = 0x20000000 -+ MS_DIRSYNC = 0x80 -+ MS_INVALIDATE = 0x2 -+ MS_I_VERSION = 0x800000 -+ MS_KERNMOUNT = 0x400000 -+ MS_LAZYTIME = 0x2000000 -+ MS_MANDLOCK = 0x40 -+ MS_MGC_MSK = 0xffff0000 -+ MS_MGC_VAL = 0xc0ed0000 -+ MS_MOVE = 0x2000 -+ MS_NOATIME = 0x400 -+ MS_NODEV = 0x4 -+ MS_NODIRATIME = 0x800 -+ MS_NOEXEC = 0x8 -+ MS_NOREMOTELOCK = 0x8000000 -+ MS_NOSEC = 0x10000000 -+ MS_NOSUID = 0x2 -+ MS_NOUSER = -0x80000000 -+ MS_POSIXACL = 0x10000 -+ MS_PRIVATE = 0x40000 -+ MS_RDONLY = 0x1 -+ MS_REC = 0x4000 -+ MS_RELATIME = 0x200000 -+ MS_REMOUNT = 0x20 -+ MS_RMT_MASK = 0x2800051 -+ MS_SHARED = 0x100000 -+ MS_SILENT = 0x8000 -+ MS_SLAVE = 0x80000 -+ MS_STRICTATIME = 0x1000000 -+ MS_SUBMOUNT = 0x4000000 -+ MS_SYNC = 0x4 -+ MS_SYNCHRONOUS = 0x10 -+ MS_UNBINDABLE = 0x20000 -+ MS_VERBOSE = 0x8000 -+ MTD_INODE_FS_MAGIC = 0x11307854 -+ NAME_MAX = 0xff -+ NCP_SUPER_MAGIC = 0x564c -+ NETLINK_ADD_MEMBERSHIP = 0x1 -+ NETLINK_AUDIT = 0x9 -+ NETLINK_BROADCAST_ERROR = 0x4 -+ NETLINK_CAP_ACK = 0xa -+ NETLINK_CONNECTOR = 0xb -+ NETLINK_CRYPTO = 0x15 -+ NETLINK_DNRTMSG = 0xe -+ NETLINK_DROP_MEMBERSHIP = 0x2 -+ NETLINK_ECRYPTFS = 0x13 -+ NETLINK_EXT_ACK = 0xb -+ NETLINK_FIB_LOOKUP = 0xa -+ NETLINK_FIREWALL = 0x3 -+ NETLINK_GENERIC = 0x10 -+ NETLINK_GET_STRICT_CHK = 0xc -+ NETLINK_INET_DIAG = 0x4 -+ NETLINK_IP6_FW = 0xd -+ NETLINK_ISCSI = 0x8 -+ NETLINK_KOBJECT_UEVENT = 0xf -+ NETLINK_LISTEN_ALL_NSID = 0x8 -+ NETLINK_LIST_MEMBERSHIPS = 0x9 -+ NETLINK_NETFILTER = 0xc -+ NETLINK_NFLOG = 0x5 -+ NETLINK_NO_ENOBUFS = 0x5 -+ NETLINK_PKTINFO = 0x3 -+ NETLINK_RDMA = 0x14 -+ NETLINK_ROUTE = 0x0 -+ NETLINK_RX_RING = 0x6 -+ NETLINK_SCSITRANSPORT = 0x12 -+ NETLINK_SELINUX = 0x7 -+ NETLINK_SMC = 0x16 -+ NETLINK_SOCK_DIAG = 0x4 -+ NETLINK_TX_RING = 0x7 -+ NETLINK_UNUSED = 0x1 -+ NETLINK_USERSOCK = 0x2 -+ NETLINK_XFRM = 0x6 -+ NETNSA_MAX = 0x5 -+ NETNSA_NSID_NOT_ASSIGNED = -0x1 -+ NFNETLINK_V0 = 0x0 -+ NFNLGRP_ACCT_QUOTA = 0x8 -+ NFNLGRP_CONNTRACK_DESTROY = 0x3 -+ NFNLGRP_CONNTRACK_EXP_DESTROY = 0x6 -+ NFNLGRP_CONNTRACK_EXP_NEW = 0x4 -+ NFNLGRP_CONNTRACK_EXP_UPDATE = 0x5 -+ NFNLGRP_CONNTRACK_NEW = 0x1 -+ NFNLGRP_CONNTRACK_UPDATE = 0x2 -+ NFNLGRP_MAX = 0x9 -+ NFNLGRP_NFTABLES = 0x7 -+ NFNLGRP_NFTRACE = 0x9 -+ NFNLGRP_NONE = 0x0 -+ NFNL_BATCH_MAX = 0x1 -+ NFNL_MSG_BATCH_BEGIN = 0x10 -+ NFNL_MSG_BATCH_END = 0x11 -+ NFNL_NFA_NEST = 0x8000 -+ NFNL_SUBSYS_ACCT = 0x7 -+ NFNL_SUBSYS_COUNT = 0xc -+ NFNL_SUBSYS_CTHELPER = 0x9 -+ NFNL_SUBSYS_CTNETLINK = 0x1 -+ NFNL_SUBSYS_CTNETLINK_EXP = 0x2 -+ NFNL_SUBSYS_CTNETLINK_TIMEOUT = 0x8 -+ NFNL_SUBSYS_IPSET = 0x6 -+ NFNL_SUBSYS_NFTABLES = 0xa -+ NFNL_SUBSYS_NFT_COMPAT = 0xb -+ NFNL_SUBSYS_NONE = 0x0 -+ NFNL_SUBSYS_OSF = 0x5 -+ NFNL_SUBSYS_QUEUE = 0x3 -+ NFNL_SUBSYS_ULOG = 0x4 -+ NFS_SUPER_MAGIC = 0x6969 -+ NILFS_SUPER_MAGIC = 0x3434 -+ NL0 = 0x0 -+ NL1 = 0x100 -+ NLA_ALIGNTO = 0x4 -+ NLA_F_NESTED = 0x8000 -+ NLA_F_NET_BYTEORDER = 0x4000 -+ NLA_HDRLEN = 0x4 -+ NLDLY = 0x100 -+ NLMSG_ALIGNTO = 0x4 -+ NLMSG_DONE = 0x3 -+ NLMSG_ERROR = 0x2 -+ NLMSG_HDRLEN = 0x10 -+ NLMSG_MIN_TYPE = 0x10 -+ NLMSG_NOOP = 0x1 -+ NLMSG_OVERRUN = 0x4 -+ NLM_F_ACK = 0x4 -+ NLM_F_ACK_TLVS = 0x200 -+ NLM_F_APPEND = 0x800 -+ NLM_F_ATOMIC = 0x400 -+ NLM_F_CAPPED = 0x100 -+ NLM_F_CREATE = 0x400 -+ NLM_F_DUMP = 0x300 -+ NLM_F_DUMP_FILTERED = 0x20 -+ NLM_F_DUMP_INTR = 0x10 -+ NLM_F_ECHO = 0x8 -+ NLM_F_EXCL = 0x200 -+ NLM_F_MATCH = 0x200 -+ NLM_F_MULTI = 0x2 -+ NLM_F_NONREC = 0x100 -+ NLM_F_REPLACE = 0x100 -+ NLM_F_REQUEST = 0x1 -+ NLM_F_ROOT = 0x100 -+ NOFLSH = 0x80 -+ NSFS_MAGIC = 0x6e736673 -+ OCFS2_SUPER_MAGIC = 0x7461636f -+ OCRNL = 0x8 -+ OFDEL = 0x80 -+ OFILL = 0x40 -+ OLCUC = 0x2 -+ ONLCR = 0x4 -+ ONLRET = 0x20 -+ ONOCR = 0x10 -+ OPENPROM_SUPER_MAGIC = 0x9fa1 -+ OPOST = 0x1 -+ OVERLAYFS_SUPER_MAGIC = 0x794c7630 -+ O_ACCMODE = 0x3 -+ O_APPEND = 0x400 -+ O_ASYNC = 0x2000 -+ O_CLOEXEC = 0x80000 -+ O_CREAT = 0x40 -+ O_DIRECT = 0x4000 -+ O_DIRECTORY = 0x10000 -+ O_DSYNC = 0x1000 -+ O_EXCL = 0x80 -+ O_FSYNC = 0x101000 -+ O_LARGEFILE = 0x0 -+ O_NDELAY = 0x800 -+ O_NOATIME = 0x40000 -+ O_NOCTTY = 0x100 -+ O_NOFOLLOW = 0x20000 -+ O_NONBLOCK = 0x800 -+ O_PATH = 0x200000 -+ O_RDONLY = 0x0 -+ O_RDWR = 0x2 -+ O_RSYNC = 0x101000 -+ O_SYNC = 0x101000 -+ O_TMPFILE = 0x410000 -+ O_TRUNC = 0x200 -+ O_WRONLY = 0x1 -+ PACKET_ADD_MEMBERSHIP = 0x1 -+ PACKET_AUXDATA = 0x8 -+ PACKET_BROADCAST = 0x1 -+ PACKET_COPY_THRESH = 0x7 -+ PACKET_DROP_MEMBERSHIP = 0x2 -+ PACKET_FANOUT = 0x12 -+ PACKET_FANOUT_CBPF = 0x6 -+ PACKET_FANOUT_CPU = 0x2 -+ PACKET_FANOUT_DATA = 0x16 -+ PACKET_FANOUT_EBPF = 0x7 -+ PACKET_FANOUT_FLAG_DEFRAG = 0x8000 -+ PACKET_FANOUT_FLAG_ROLLOVER = 0x1000 -+ PACKET_FANOUT_FLAG_UNIQUEID = 0x2000 -+ PACKET_FANOUT_HASH = 0x0 -+ PACKET_FANOUT_LB = 0x1 -+ PACKET_FANOUT_QM = 0x5 -+ PACKET_FANOUT_RND = 0x4 -+ PACKET_FANOUT_ROLLOVER = 0x3 -+ PACKET_FASTROUTE = 0x6 -+ PACKET_HDRLEN = 0xb -+ PACKET_HOST = 0x0 -+ PACKET_IGNORE_OUTGOING = 0x17 -+ PACKET_KERNEL = 0x7 -+ PACKET_LOOPBACK = 0x5 -+ PACKET_LOSS = 0xe -+ PACKET_MR_ALLMULTI = 0x2 -+ PACKET_MR_MULTICAST = 0x0 -+ PACKET_MR_PROMISC = 0x1 -+ PACKET_MR_UNICAST = 0x3 -+ PACKET_MULTICAST = 0x2 -+ PACKET_ORIGDEV = 0x9 -+ PACKET_OTHERHOST = 0x3 -+ PACKET_OUTGOING = 0x4 -+ PACKET_QDISC_BYPASS = 0x14 -+ PACKET_RECV_OUTPUT = 0x3 -+ PACKET_RESERVE = 0xc -+ PACKET_ROLLOVER_STATS = 0x15 -+ PACKET_RX_RING = 0x5 -+ PACKET_STATISTICS = 0x6 -+ PACKET_TIMESTAMP = 0x11 -+ PACKET_TX_HAS_OFF = 0x13 -+ PACKET_TX_RING = 0xd -+ PACKET_TX_TIMESTAMP = 0x10 -+ PACKET_USER = 0x6 -+ PACKET_VERSION = 0xa -+ PACKET_VNET_HDR = 0xf -+ PARENB = 0x100 -+ PARITY_CRC16_PR0 = 0x2 -+ PARITY_CRC16_PR0_CCITT = 0x4 -+ PARITY_CRC16_PR1 = 0x3 -+ PARITY_CRC16_PR1_CCITT = 0x5 -+ PARITY_CRC32_PR0_CCITT = 0x6 -+ PARITY_CRC32_PR1_CCITT = 0x7 -+ PARITY_DEFAULT = 0x0 -+ PARITY_NONE = 0x1 -+ PARMRK = 0x8 -+ PARODD = 0x200 -+ PENDIN = 0x4000 -+ PERF_EVENT_IOC_DISABLE = 0x2401 -+ PERF_EVENT_IOC_ENABLE = 0x2400 -+ PERF_EVENT_IOC_ID = 0x80082407 -+ PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x4008240b -+ PERF_EVENT_IOC_PAUSE_OUTPUT = 0x40042409 -+ PERF_EVENT_IOC_PERIOD = 0x40082404 -+ PERF_EVENT_IOC_QUERY_BPF = 0xc008240a -+ PERF_EVENT_IOC_REFRESH = 0x2402 -+ PERF_EVENT_IOC_RESET = 0x2403 -+ PERF_EVENT_IOC_SET_BPF = 0x40042408 -+ PERF_EVENT_IOC_SET_FILTER = 0x40082406 -+ PERF_EVENT_IOC_SET_OUTPUT = 0x2405 -+ PIPEFS_MAGIC = 0x50495045 -+ PPPIOCATTACH = 0x4004743d -+ PPPIOCATTCHAN = 0x40047438 -+ PPPIOCCONNECT = 0x4004743a -+ PPPIOCDETACH = 0x4004743c -+ PPPIOCDISCONN = 0x7439 -+ PPPIOCGASYNCMAP = 0x80047458 -+ PPPIOCGCHAN = 0x80047437 -+ PPPIOCGDEBUG = 0x80047441 -+ PPPIOCGFLAGS = 0x8004745a -+ PPPIOCGIDLE = 0x8010743f -+ PPPIOCGL2TPSTATS = 0x80487436 -+ PPPIOCGMRU = 0x80047453 -+ PPPIOCGNPMODE = 0xc008744c -+ PPPIOCGRASYNCMAP = 0x80047455 -+ PPPIOCGUNIT = 0x80047456 -+ PPPIOCGXASYNCMAP = 0x80207450 -+ PPPIOCNEWUNIT = 0xc004743e -+ PPPIOCSACTIVE = 0x40107446 -+ PPPIOCSASYNCMAP = 0x40047457 -+ PPPIOCSCOMPRESS = 0x4010744d -+ PPPIOCSDEBUG = 0x40047440 -+ PPPIOCSFLAGS = 0x40047459 -+ PPPIOCSMAXCID = 0x40047451 -+ PPPIOCSMRRU = 0x4004743b -+ PPPIOCSMRU = 0x40047452 -+ PPPIOCSNPMODE = 0x4008744b -+ PPPIOCSPASS = 0x40107447 -+ PPPIOCSRASYNCMAP = 0x40047454 -+ PPPIOCSXASYNCMAP = 0x4020744f -+ PPPIOCXFERUNIT = 0x744e -+ PRIO_PGRP = 0x1 -+ PRIO_PROCESS = 0x0 -+ PRIO_USER = 0x2 -+ PROC_SUPER_MAGIC = 0x9fa0 -+ PROT_EXEC = 0x4 -+ PROT_GROWSDOWN = 0x1000000 -+ PROT_GROWSUP = 0x2000000 -+ PROT_NONE = 0x0 -+ PROT_READ = 0x1 -+ PROT_WRITE = 0x2 -+ PR_CAPBSET_DROP = 0x18 -+ PR_CAPBSET_READ = 0x17 -+ PR_CAP_AMBIENT = 0x2f -+ PR_CAP_AMBIENT_CLEAR_ALL = 0x4 -+ PR_CAP_AMBIENT_IS_SET = 0x1 -+ PR_CAP_AMBIENT_LOWER = 0x3 -+ PR_CAP_AMBIENT_RAISE = 0x2 -+ PR_ENDIAN_BIG = 0x0 -+ PR_ENDIAN_LITTLE = 0x1 -+ PR_ENDIAN_PPC_LITTLE = 0x2 -+ PR_FPEMU_NOPRINT = 0x1 -+ PR_FPEMU_SIGFPE = 0x2 -+ PR_FP_EXC_ASYNC = 0x2 -+ PR_FP_EXC_DISABLED = 0x0 -+ PR_FP_EXC_DIV = 0x10000 -+ PR_FP_EXC_INV = 0x100000 -+ PR_FP_EXC_NONRECOV = 0x1 -+ PR_FP_EXC_OVF = 0x20000 -+ PR_FP_EXC_PRECISE = 0x3 -+ PR_FP_EXC_RES = 0x80000 -+ PR_FP_EXC_SW_ENABLE = 0x80 -+ PR_FP_EXC_UND = 0x40000 -+ PR_FP_MODE_FR = 0x1 -+ PR_FP_MODE_FRE = 0x2 -+ PR_GET_CHILD_SUBREAPER = 0x25 -+ PR_GET_DUMPABLE = 0x3 -+ PR_GET_ENDIAN = 0x13 -+ PR_GET_FPEMU = 0x9 -+ PR_GET_FPEXC = 0xb -+ PR_GET_FP_MODE = 0x2e -+ PR_GET_KEEPCAPS = 0x7 -+ PR_GET_NAME = 0x10 -+ PR_GET_NO_NEW_PRIVS = 0x27 -+ PR_GET_PDEATHSIG = 0x2 -+ PR_GET_SECCOMP = 0x15 -+ PR_GET_SECUREBITS = 0x1b -+ PR_GET_SPECULATION_CTRL = 0x34 -+ PR_GET_THP_DISABLE = 0x2a -+ PR_GET_TID_ADDRESS = 0x28 -+ PR_GET_TIMERSLACK = 0x1e -+ PR_GET_TIMING = 0xd -+ PR_GET_TSC = 0x19 -+ PR_GET_UNALIGN = 0x5 -+ PR_MCE_KILL = 0x21 -+ PR_MCE_KILL_CLEAR = 0x0 -+ PR_MCE_KILL_DEFAULT = 0x2 -+ PR_MCE_KILL_EARLY = 0x1 -+ PR_MCE_KILL_GET = 0x22 -+ PR_MCE_KILL_LATE = 0x0 -+ PR_MCE_KILL_SET = 0x1 -+ PR_MPX_DISABLE_MANAGEMENT = 0x2c -+ PR_MPX_ENABLE_MANAGEMENT = 0x2b -+ PR_PAC_APDAKEY = 0x4 -+ PR_PAC_APDBKEY = 0x8 -+ PR_PAC_APGAKEY = 0x10 -+ PR_PAC_APIAKEY = 0x1 -+ PR_PAC_APIBKEY = 0x2 -+ PR_PAC_RESET_KEYS = 0x36 -+ PR_SET_CHILD_SUBREAPER = 0x24 -+ PR_SET_DUMPABLE = 0x4 -+ PR_SET_ENDIAN = 0x14 -+ PR_SET_FPEMU = 0xa -+ PR_SET_FPEXC = 0xc -+ PR_SET_FP_MODE = 0x2d -+ PR_SET_KEEPCAPS = 0x8 -+ PR_SET_MM = 0x23 -+ PR_SET_MM_ARG_END = 0x9 -+ PR_SET_MM_ARG_START = 0x8 -+ PR_SET_MM_AUXV = 0xc -+ PR_SET_MM_BRK = 0x7 -+ PR_SET_MM_END_CODE = 0x2 -+ PR_SET_MM_END_DATA = 0x4 -+ PR_SET_MM_ENV_END = 0xb -+ PR_SET_MM_ENV_START = 0xa -+ PR_SET_MM_EXE_FILE = 0xd -+ PR_SET_MM_MAP = 0xe -+ PR_SET_MM_MAP_SIZE = 0xf -+ PR_SET_MM_START_BRK = 0x6 -+ PR_SET_MM_START_CODE = 0x1 -+ PR_SET_MM_START_DATA = 0x3 -+ PR_SET_MM_START_STACK = 0x5 -+ PR_SET_NAME = 0xf -+ PR_SET_NO_NEW_PRIVS = 0x26 -+ PR_SET_PDEATHSIG = 0x1 -+ PR_SET_PTRACER = 0x59616d61 -+ PR_SET_PTRACER_ANY = 0xffffffffffffffff -+ PR_SET_SECCOMP = 0x16 -+ PR_SET_SECUREBITS = 0x1c -+ PR_SET_SPECULATION_CTRL = 0x35 -+ PR_SET_THP_DISABLE = 0x29 -+ PR_SET_TIMERSLACK = 0x1d -+ PR_SET_TIMING = 0xe -+ PR_SET_TSC = 0x1a -+ PR_SET_UNALIGN = 0x6 -+ PR_SPEC_DISABLE = 0x4 -+ PR_SPEC_ENABLE = 0x2 -+ PR_SPEC_FORCE_DISABLE = 0x8 -+ PR_SPEC_INDIRECT_BRANCH = 0x1 -+ PR_SPEC_NOT_AFFECTED = 0x0 -+ PR_SPEC_PRCTL = 0x1 -+ PR_SPEC_STORE_BYPASS = 0x0 -+ PR_SVE_GET_VL = 0x33 -+ PR_SVE_SET_VL = 0x32 -+ PR_SVE_SET_VL_ONEXEC = 0x40000 -+ PR_SVE_VL_INHERIT = 0x20000 -+ PR_SVE_VL_LEN_MASK = 0xffff -+ PR_TASK_PERF_EVENTS_DISABLE = 0x1f -+ PR_TASK_PERF_EVENTS_ENABLE = 0x20 -+ PR_TIMING_STATISTICAL = 0x0 -+ PR_TIMING_TIMESTAMP = 0x1 -+ PR_TSC_ENABLE = 0x1 -+ PR_TSC_SIGSEGV = 0x2 -+ PR_UNALIGN_NOPRINT = 0x1 -+ PR_UNALIGN_SIGBUS = 0x2 -+ PSTOREFS_MAGIC = 0x6165676c -+ PTRACE_ATTACH = 0x10 -+ PTRACE_CONT = 0x7 -+ PTRACE_DETACH = 0x11 -+ PTRACE_EVENT_CLONE = 0x3 -+ PTRACE_EVENT_EXEC = 0x4 -+ PTRACE_EVENT_EXIT = 0x6 -+ PTRACE_EVENT_FORK = 0x1 -+ PTRACE_EVENT_SECCOMP = 0x7 -+ PTRACE_EVENT_STOP = 0x80 -+ PTRACE_EVENT_VFORK = 0x2 -+ PTRACE_EVENT_VFORK_DONE = 0x5 -+ PTRACE_GETEVENTMSG = 0x4201 -+ PTRACE_GETREGS = 0xc -+ PTRACE_GETREGSET = 0x4204 -+ PTRACE_GETSIGINFO = 0x4202 -+ PTRACE_GETSIGMASK = 0x420a -+ PTRACE_INTERRUPT = 0x4207 -+ PTRACE_KILL = 0x8 -+ PTRACE_LISTEN = 0x4208 -+ PTRACE_O_EXITKILL = 0x100000 -+ PTRACE_O_MASK = 0x3000ff -+ PTRACE_O_SUSPEND_SECCOMP = 0x200000 -+ PTRACE_O_TRACECLONE = 0x8 -+ PTRACE_O_TRACEEXEC = 0x10 -+ PTRACE_O_TRACEEXIT = 0x40 -+ PTRACE_O_TRACEFORK = 0x2 -+ PTRACE_O_TRACESECCOMP = 0x80 -+ PTRACE_O_TRACESYSGOOD = 0x1 -+ PTRACE_O_TRACEVFORK = 0x4 -+ PTRACE_O_TRACEVFORKDONE = 0x20 -+ PTRACE_PEEKDATA = 0x2 -+ PTRACE_PEEKSIGINFO = 0x4209 -+ PTRACE_PEEKSIGINFO_SHARED = 0x1 -+ PTRACE_PEEKTEXT = 0x1 -+ PTRACE_PEEKUSR = 0x3 -+ PTRACE_POKEDATA = 0x5 -+ PTRACE_POKETEXT = 0x4 -+ PTRACE_POKEUSR = 0x6 -+ PTRACE_SECCOMP_GET_FILTER = 0x420c -+ PTRACE_SECCOMP_GET_METADATA = 0x420d -+ PTRACE_SEIZE = 0x4206 -+ PTRACE_SETOPTIONS = 0x4200 -+ PTRACE_SETREGS = 0xd -+ PTRACE_SETREGSET = 0x4205 -+ PTRACE_SETSIGINFO = 0x4203 -+ PTRACE_SETSIGMASK = 0x420b -+ PTRACE_SINGLESTEP = 0x9 -+ PTRACE_SYSCALL = 0x18 -+ PTRACE_TRACEME = 0x0 -+ QNX4_SUPER_MAGIC = 0x2f -+ QNX6_SUPER_MAGIC = 0x68191122 -+ RAMFS_MAGIC = 0x858458f6 -+ RDTGROUP_SUPER_MAGIC = 0x7655821 -+ REISERFS_SUPER_MAGIC = 0x52654973 -+ RENAME_EXCHANGE = 0x2 -+ RENAME_NOREPLACE = 0x1 -+ RENAME_WHITEOUT = 0x4 -+ RLIMIT_AS = 0x9 -+ RLIMIT_CORE = 0x4 -+ RLIMIT_CPU = 0x0 -+ RLIMIT_DATA = 0x2 -+ RLIMIT_FSIZE = 0x1 -+ RLIMIT_LOCKS = 0xa -+ RLIMIT_MEMLOCK = 0x8 -+ RLIMIT_MSGQUEUE = 0xc -+ RLIMIT_NICE = 0xd -+ RLIMIT_NOFILE = 0x7 -+ RLIMIT_NPROC = 0x6 -+ RLIMIT_RSS = 0x5 -+ RLIMIT_RTPRIO = 0xe -+ RLIMIT_RTTIME = 0xf -+ RLIMIT_SIGPENDING = 0xb -+ RLIMIT_STACK = 0x3 -+ RLIM_INFINITY = 0xffffffffffffffff -+ RNDADDENTROPY = 0x40085203 -+ RNDADDTOENTCNT = 0x40045201 -+ RNDCLEARPOOL = 0x5206 -+ RNDGETENTCNT = 0x80045200 -+ RNDGETPOOL = 0x80085202 -+ RNDRESEEDCRNG = 0x5207 -+ RNDZAPENTCNT = 0x5204 -+ RTAX_ADVMSS = 0x8 -+ RTAX_CC_ALGO = 0x10 -+ RTAX_CWND = 0x7 -+ RTAX_FASTOPEN_NO_COOKIE = 0x11 -+ RTAX_FEATURES = 0xc -+ RTAX_FEATURE_ALLFRAG = 0x8 -+ RTAX_FEATURE_ECN = 0x1 -+ RTAX_FEATURE_MASK = 0xf -+ RTAX_FEATURE_SACK = 0x2 -+ RTAX_FEATURE_TIMESTAMP = 0x4 -+ RTAX_HOPLIMIT = 0xa -+ RTAX_INITCWND = 0xb -+ RTAX_INITRWND = 0xe -+ RTAX_LOCK = 0x1 -+ RTAX_MAX = 0x11 -+ RTAX_MTU = 0x2 -+ RTAX_QUICKACK = 0xf -+ RTAX_REORDERING = 0x9 -+ RTAX_RTO_MIN = 0xd -+ RTAX_RTT = 0x4 -+ RTAX_RTTVAR = 0x5 -+ RTAX_SSTHRESH = 0x6 -+ RTAX_UNSPEC = 0x0 -+ RTAX_WINDOW = 0x3 -+ RTA_ALIGNTO = 0x4 -+ RTA_MAX = 0x1d -+ RTCF_DIRECTSRC = 0x4000000 -+ RTCF_DOREDIRECT = 0x1000000 -+ RTCF_LOG = 0x2000000 -+ RTCF_MASQ = 0x400000 -+ RTCF_NAT = 0x800000 -+ RTCF_VALVE = 0x200000 -+ RTC_AF = 0x20 -+ RTC_AIE_OFF = 0x7002 -+ RTC_AIE_ON = 0x7001 -+ RTC_ALM_READ = 0x80247008 -+ RTC_ALM_SET = 0x40247007 -+ RTC_EPOCH_READ = 0x8008700d -+ RTC_EPOCH_SET = 0x4008700e -+ RTC_IRQF = 0x80 -+ RTC_IRQP_READ = 0x8008700b -+ RTC_IRQP_SET = 0x4008700c -+ RTC_MAX_FREQ = 0x2000 -+ RTC_PF = 0x40 -+ RTC_PIE_OFF = 0x7006 -+ RTC_PIE_ON = 0x7005 -+ RTC_PLL_GET = 0x80207011 -+ RTC_PLL_SET = 0x40207012 -+ RTC_RD_TIME = 0x80247009 -+ RTC_SET_TIME = 0x4024700a -+ RTC_UF = 0x10 -+ RTC_UIE_OFF = 0x7004 -+ RTC_UIE_ON = 0x7003 -+ RTC_VL_CLR = 0x7014 -+ RTC_VL_READ = 0x80047013 -+ RTC_WIE_OFF = 0x7010 -+ RTC_WIE_ON = 0x700f -+ RTC_WKALM_RD = 0x80287010 -+ RTC_WKALM_SET = 0x4028700f -+ RTF_ADDRCLASSMASK = 0xf8000000 -+ RTF_ADDRCONF = 0x40000 -+ RTF_ALLONLINK = 0x20000 -+ RTF_BROADCAST = 0x10000000 -+ RTF_CACHE = 0x1000000 -+ RTF_DEFAULT = 0x10000 -+ RTF_DYNAMIC = 0x10 -+ RTF_FLOW = 0x2000000 -+ RTF_GATEWAY = 0x2 -+ RTF_HOST = 0x4 -+ RTF_INTERFACE = 0x40000000 -+ RTF_IRTT = 0x100 -+ RTF_LINKRT = 0x100000 -+ RTF_LOCAL = 0x80000000 -+ RTF_MODIFIED = 0x20 -+ RTF_MSS = 0x40 -+ RTF_MTU = 0x40 -+ RTF_MULTICAST = 0x20000000 -+ RTF_NAT = 0x8000000 -+ RTF_NOFORWARD = 0x1000 -+ RTF_NONEXTHOP = 0x200000 -+ RTF_NOPMTUDISC = 0x4000 -+ RTF_POLICY = 0x4000000 -+ RTF_REINSTATE = 0x8 -+ RTF_REJECT = 0x200 -+ RTF_STATIC = 0x400 -+ RTF_THROW = 0x2000 -+ RTF_UP = 0x1 -+ RTF_WINDOW = 0x80 -+ RTF_XRESOLVE = 0x800 -+ RTM_BASE = 0x10 -+ RTM_DELACTION = 0x31 -+ RTM_DELADDR = 0x15 -+ RTM_DELADDRLABEL = 0x49 -+ RTM_DELCHAIN = 0x65 -+ RTM_DELLINK = 0x11 -+ RTM_DELMDB = 0x55 -+ RTM_DELNEIGH = 0x1d -+ RTM_DELNETCONF = 0x51 -+ RTM_DELNSID = 0x59 -+ RTM_DELQDISC = 0x25 -+ RTM_DELROUTE = 0x19 -+ RTM_DELRULE = 0x21 -+ RTM_DELTCLASS = 0x29 -+ RTM_DELTFILTER = 0x2d -+ RTM_F_CLONED = 0x200 -+ RTM_F_EQUALIZE = 0x400 -+ RTM_F_FIB_MATCH = 0x2000 -+ RTM_F_LOOKUP_TABLE = 0x1000 -+ RTM_F_NOTIFY = 0x100 -+ RTM_F_PREFIX = 0x800 -+ RTM_GETACTION = 0x32 -+ RTM_GETADDR = 0x16 -+ RTM_GETADDRLABEL = 0x4a -+ RTM_GETANYCAST = 0x3e -+ RTM_GETCHAIN = 0x66 -+ RTM_GETDCB = 0x4e -+ RTM_GETLINK = 0x12 -+ RTM_GETMDB = 0x56 -+ RTM_GETMULTICAST = 0x3a -+ RTM_GETNEIGH = 0x1e -+ RTM_GETNEIGHTBL = 0x42 -+ RTM_GETNETCONF = 0x52 -+ RTM_GETNSID = 0x5a -+ RTM_GETQDISC = 0x26 -+ RTM_GETROUTE = 0x1a -+ RTM_GETRULE = 0x22 -+ RTM_GETSTATS = 0x5e -+ RTM_GETTCLASS = 0x2a -+ RTM_GETTFILTER = 0x2e -+ RTM_MAX = 0x67 -+ RTM_NEWACTION = 0x30 -+ RTM_NEWADDR = 0x14 -+ RTM_NEWADDRLABEL = 0x48 -+ RTM_NEWCACHEREPORT = 0x60 -+ RTM_NEWCHAIN = 0x64 -+ RTM_NEWLINK = 0x10 -+ RTM_NEWMDB = 0x54 -+ RTM_NEWNDUSEROPT = 0x44 -+ RTM_NEWNEIGH = 0x1c -+ RTM_NEWNEIGHTBL = 0x40 -+ RTM_NEWNETCONF = 0x50 -+ RTM_NEWNSID = 0x58 -+ RTM_NEWPREFIX = 0x34 -+ RTM_NEWQDISC = 0x24 -+ RTM_NEWROUTE = 0x18 -+ RTM_NEWRULE = 0x20 -+ RTM_NEWSTATS = 0x5c -+ RTM_NEWTCLASS = 0x28 -+ RTM_NEWTFILTER = 0x2c -+ RTM_NR_FAMILIES = 0x16 -+ RTM_NR_MSGTYPES = 0x58 -+ RTM_SETDCB = 0x4f -+ RTM_SETLINK = 0x13 -+ RTM_SETNEIGHTBL = 0x43 -+ RTNH_ALIGNTO = 0x4 -+ RTNH_COMPARE_MASK = 0x19 -+ RTNH_F_DEAD = 0x1 -+ RTNH_F_LINKDOWN = 0x10 -+ RTNH_F_OFFLOAD = 0x8 -+ RTNH_F_ONLINK = 0x4 -+ RTNH_F_PERVASIVE = 0x2 -+ RTNH_F_UNRESOLVED = 0x20 -+ RTN_MAX = 0xb -+ RTPROT_BABEL = 0x2a -+ RTPROT_BGP = 0xba -+ RTPROT_BIRD = 0xc -+ RTPROT_BOOT = 0x3 -+ RTPROT_DHCP = 0x10 -+ RTPROT_DNROUTED = 0xd -+ RTPROT_EIGRP = 0xc0 -+ RTPROT_GATED = 0x8 -+ RTPROT_ISIS = 0xbb -+ RTPROT_KERNEL = 0x2 -+ RTPROT_MROUTED = 0x11 -+ RTPROT_MRT = 0xa -+ RTPROT_NTK = 0xf -+ RTPROT_OSPF = 0xbc -+ RTPROT_RA = 0x9 -+ RTPROT_REDIRECT = 0x1 -+ RTPROT_RIP = 0xbd -+ RTPROT_STATIC = 0x4 -+ RTPROT_UNSPEC = 0x0 -+ RTPROT_XORP = 0xe -+ RTPROT_ZEBRA = 0xb -+ RT_CLASS_DEFAULT = 0xfd -+ RT_CLASS_LOCAL = 0xff -+ RT_CLASS_MAIN = 0xfe -+ RT_CLASS_MAX = 0xff -+ RT_CLASS_UNSPEC = 0x0 -+ RUSAGE_CHILDREN = -0x1 -+ RUSAGE_SELF = 0x0 -+ RUSAGE_THREAD = 0x1 -+ SCM_CREDENTIALS = 0x2 -+ SCM_RIGHTS = 0x1 -+ SCM_TIMESTAMP = 0x1d -+ SCM_TIMESTAMPING = 0x25 -+ SCM_TIMESTAMPING_OPT_STATS = 0x36 -+ SCM_TIMESTAMPING_PKTINFO = 0x3a -+ SCM_TIMESTAMPNS = 0x23 -+ SCM_TXTIME = 0x3d -+ SCM_WIFI_STATUS = 0x29 -+ SC_LOG_FLUSH = 0x100000 -+ SECCOMP_MODE_DISABLED = 0x0 -+ SECCOMP_MODE_FILTER = 0x2 -+ SECCOMP_MODE_STRICT = 0x1 -+ SECURITYFS_MAGIC = 0x73636673 -+ SELINUX_MAGIC = 0xf97cff8c -+ SFD_CLOEXEC = 0x80000 -+ SFD_NONBLOCK = 0x800 -+ SHUT_RD = 0x0 -+ SHUT_RDWR = 0x2 -+ SHUT_WR = 0x1 -+ SIOCADDDLCI = 0x8980 -+ SIOCADDMULTI = 0x8931 -+ SIOCADDRT = 0x890b -+ SIOCATMARK = 0x8905 -+ SIOCBONDCHANGEACTIVE = 0x8995 -+ SIOCBONDENSLAVE = 0x8990 -+ SIOCBONDINFOQUERY = 0x8994 -+ SIOCBONDRELEASE = 0x8991 -+ SIOCBONDSETHWADDR = 0x8992 -+ SIOCBONDSLAVEINFOQUERY = 0x8993 -+ SIOCBRADDBR = 0x89a0 -+ SIOCBRADDIF = 0x89a2 -+ SIOCBRDELBR = 0x89a1 -+ SIOCBRDELIF = 0x89a3 -+ SIOCDARP = 0x8953 -+ SIOCDELDLCI = 0x8981 -+ SIOCDELMULTI = 0x8932 -+ SIOCDELRT = 0x890c -+ SIOCDEVPRIVATE = 0x89f0 -+ SIOCDIFADDR = 0x8936 -+ SIOCDRARP = 0x8960 -+ SIOCETHTOOL = 0x8946 -+ SIOCGARP = 0x8954 -+ SIOCGHWTSTAMP = 0x89b1 -+ SIOCGIFADDR = 0x8915 -+ SIOCGIFBR = 0x8940 -+ SIOCGIFBRDADDR = 0x8919 -+ SIOCGIFCONF = 0x8912 -+ SIOCGIFCOUNT = 0x8938 -+ SIOCGIFDSTADDR = 0x8917 -+ SIOCGIFENCAP = 0x8925 -+ SIOCGIFFLAGS = 0x8913 -+ SIOCGIFHWADDR = 0x8927 -+ SIOCGIFINDEX = 0x8933 -+ SIOCGIFMAP = 0x8970 -+ SIOCGIFMEM = 0x891f -+ SIOCGIFMETRIC = 0x891d -+ SIOCGIFMTU = 0x8921 -+ SIOCGIFNAME = 0x8910 -+ SIOCGIFNETMASK = 0x891b -+ SIOCGIFPFLAGS = 0x8935 -+ SIOCGIFSLAVE = 0x8929 -+ SIOCGIFTXQLEN = 0x8942 -+ SIOCGIFVLAN = 0x8982 -+ SIOCGMIIPHY = 0x8947 -+ SIOCGMIIREG = 0x8948 -+ SIOCGPGRP = 0x8904 -+ SIOCGPPPCSTATS = 0x89f2 -+ SIOCGPPPSTATS = 0x89f0 -+ SIOCGPPPVER = 0x89f1 -+ SIOCGRARP = 0x8961 -+ SIOCGSKNS = 0x894c -+ SIOCGSTAMP = 0x8906 -+ SIOCGSTAMPNS = 0x8907 -+ SIOCINQ = 0x541b -+ SIOCOUTQ = 0x5411 -+ SIOCOUTQNSD = 0x894b -+ SIOCPROTOPRIVATE = 0x89e0 -+ SIOCRTMSG = 0x890d -+ SIOCSARP = 0x8955 -+ SIOCSHWTSTAMP = 0x89b0 -+ SIOCSIFADDR = 0x8916 -+ SIOCSIFBR = 0x8941 -+ SIOCSIFBRDADDR = 0x891a -+ SIOCSIFDSTADDR = 0x8918 -+ SIOCSIFENCAP = 0x8926 -+ SIOCSIFFLAGS = 0x8914 -+ SIOCSIFHWADDR = 0x8924 -+ SIOCSIFHWBROADCAST = 0x8937 -+ SIOCSIFLINK = 0x8911 -+ SIOCSIFMAP = 0x8971 -+ SIOCSIFMEM = 0x8920 -+ SIOCSIFMETRIC = 0x891e -+ SIOCSIFMTU = 0x8922 -+ SIOCSIFNAME = 0x8923 -+ SIOCSIFNETMASK = 0x891c -+ SIOCSIFPFLAGS = 0x8934 -+ SIOCSIFSLAVE = 0x8930 -+ SIOCSIFTXQLEN = 0x8943 -+ SIOCSIFVLAN = 0x8983 -+ SIOCSMIIREG = 0x8949 -+ SIOCSPGRP = 0x8902 -+ SIOCSRARP = 0x8962 -+ SIOCWANDEV = 0x894a -+ SMACK_MAGIC = 0x43415d53 -+ SMART_AUTOSAVE = 0xd2 -+ SMART_AUTO_OFFLINE = 0xdb -+ SMART_DISABLE = 0xd9 -+ SMART_ENABLE = 0xd8 -+ SMART_HCYL_PASS = 0xc2 -+ SMART_IMMEDIATE_OFFLINE = 0xd4 -+ SMART_LCYL_PASS = 0x4f -+ SMART_READ_LOG_SECTOR = 0xd5 -+ SMART_READ_THRESHOLDS = 0xd1 -+ SMART_READ_VALUES = 0xd0 -+ SMART_SAVE = 0xd3 -+ SMART_STATUS = 0xda -+ SMART_WRITE_LOG_SECTOR = 0xd6 -+ SMART_WRITE_THRESHOLDS = 0xd7 -+ SMB_SUPER_MAGIC = 0x517b -+ SOCKFS_MAGIC = 0x534f434b -+ SOCK_CLOEXEC = 0x80000 -+ SOCK_DCCP = 0x6 -+ SOCK_DGRAM = 0x2 -+ SOCK_IOC_TYPE = 0x89 -+ SOCK_NONBLOCK = 0x800 -+ SOCK_PACKET = 0xa -+ SOCK_RAW = 0x3 -+ SOCK_RDM = 0x4 -+ SOCK_SEQPACKET = 0x5 -+ SOCK_STREAM = 0x1 -+ SOL_AAL = 0x109 -+ SOL_ALG = 0x117 -+ SOL_ATM = 0x108 -+ SOL_CAIF = 0x116 -+ SOL_CAN_BASE = 0x64 -+ SOL_DCCP = 0x10d -+ SOL_DECNET = 0x105 -+ SOL_ICMPV6 = 0x3a -+ SOL_IP = 0x0 -+ SOL_IPV6 = 0x29 -+ SOL_IRDA = 0x10a -+ SOL_IUCV = 0x115 -+ SOL_KCM = 0x119 -+ SOL_LLC = 0x10c -+ SOL_NETBEUI = 0x10b -+ SOL_NETLINK = 0x10e -+ SOL_NFC = 0x118 -+ SOL_PACKET = 0x107 -+ SOL_PNPIPE = 0x113 -+ SOL_PPPOL2TP = 0x111 -+ SOL_RAW = 0xff -+ SOL_RDS = 0x114 -+ SOL_RXRPC = 0x110 -+ SOL_SOCKET = 0x1 -+ SOL_TCP = 0x6 -+ SOL_TIPC = 0x10f -+ SOL_TLS = 0x11a -+ SOL_X25 = 0x106 -+ SOL_XDP = 0x11b -+ SOMAXCONN = 0x80 -+ SO_ACCEPTCONN = 0x1e -+ SO_ATTACH_BPF = 0x32 -+ SO_ATTACH_FILTER = 0x1a -+ SO_ATTACH_REUSEPORT_CBPF = 0x33 -+ SO_ATTACH_REUSEPORT_EBPF = 0x34 -+ SO_BINDTODEVICE = 0x19 -+ SO_BPF_EXTENSIONS = 0x30 -+ SO_BROADCAST = 0x6 -+ SO_BSDCOMPAT = 0xe -+ SO_BUSY_POLL = 0x2e -+ SO_CNX_ADVICE = 0x35 -+ SO_COOKIE = 0x39 -+ SO_DEBUG = 0x1 -+ SO_DETACH_BPF = 0x1b -+ SO_DETACH_FILTER = 0x1b -+ SO_DOMAIN = 0x27 -+ SO_DONTROUTE = 0x5 -+ SO_EE_CODE_TXTIME_INVALID_PARAM = 0x1 -+ SO_EE_CODE_TXTIME_MISSED = 0x2 -+ SO_EE_CODE_ZEROCOPY_COPIED = 0x1 -+ SO_EE_ORIGIN_ICMP = 0x2 -+ SO_EE_ORIGIN_ICMP6 = 0x3 -+ SO_EE_ORIGIN_LOCAL = 0x1 -+ SO_EE_ORIGIN_NONE = 0x0 -+ SO_EE_ORIGIN_TIMESTAMPING = 0x4 -+ SO_EE_ORIGIN_TXSTATUS = 0x4 -+ SO_EE_ORIGIN_TXTIME = 0x6 -+ SO_EE_ORIGIN_ZEROCOPY = 0x5 -+ SO_ERROR = 0x4 -+ SO_GET_FILTER = 0x1a -+ SO_INCOMING_CPU = 0x31 -+ SO_INCOMING_NAPI_ID = 0x38 -+ SO_KEEPALIVE = 0x9 -+ SO_LINGER = 0xd -+ SO_LOCK_FILTER = 0x2c -+ SO_MARK = 0x24 -+ SO_MAX_PACING_RATE = 0x2f -+ SO_MEMINFO = 0x37 -+ SO_NOFCS = 0x2b -+ SO_NO_CHECK = 0xb -+ SO_OOBINLINE = 0xa -+ SO_PASSCRED = 0x10 -+ SO_PASSSEC = 0x22 -+ SO_PEEK_OFF = 0x2a -+ SO_PEERCRED = 0x11 -+ SO_PEERGROUPS = 0x3b -+ SO_PEERNAME = 0x1c -+ SO_PEERSEC = 0x1f -+ SO_PRIORITY = 0xc -+ SO_PROTOCOL = 0x26 -+ SO_RCVBUF = 0x8 -+ SO_RCVBUFFORCE = 0x21 -+ SO_RCVLOWAT = 0x12 -+ SO_RCVTIMEO = 0x14 -+ SO_REUSEADDR = 0x2 -+ SO_REUSEPORT = 0xf -+ SO_RXQ_OVFL = 0x28 -+ SO_SECURITY_AUTHENTICATION = 0x16 -+ SO_SECURITY_ENCRYPTION_NETWORK = 0x18 -+ SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17 -+ SO_SELECT_ERR_QUEUE = 0x2d -+ SO_SNDBUF = 0x7 -+ SO_SNDBUFFORCE = 0x20 -+ SO_SNDLOWAT = 0x13 -+ SO_SNDTIMEO = 0x15 -+ SO_TIMESTAMP = 0x1d -+ SO_TIMESTAMPING = 0x25 -+ SO_TIMESTAMPNS = 0x23 -+ SO_TXTIME = 0x3d -+ SO_TYPE = 0x3 -+ SO_VM_SOCKETS_BUFFER_MAX_SIZE = 0x2 -+ SO_VM_SOCKETS_BUFFER_MIN_SIZE = 0x1 -+ SO_VM_SOCKETS_BUFFER_SIZE = 0x0 -+ SO_VM_SOCKETS_CONNECT_TIMEOUT = 0x6 -+ SO_VM_SOCKETS_NONBLOCK_TXRX = 0x7 -+ SO_VM_SOCKETS_PEER_HOST_VM_ID = 0x3 -+ SO_VM_SOCKETS_TRUSTED = 0x5 -+ SO_WIFI_STATUS = 0x29 -+ SO_ZEROCOPY = 0x3c -+ SPLICE_F_GIFT = 0x8 -+ SPLICE_F_MORE = 0x4 -+ SPLICE_F_MOVE = 0x1 -+ SPLICE_F_NONBLOCK = 0x2 -+ SQUASHFS_MAGIC = 0x73717368 -+ STACK_END_MAGIC = 0x57ac6e9d -+ STATX_ALL = 0xfff -+ STATX_ATIME = 0x20 -+ STATX_ATTR_APPEND = 0x20 -+ STATX_ATTR_AUTOMOUNT = 0x1000 -+ STATX_ATTR_COMPRESSED = 0x4 -+ STATX_ATTR_ENCRYPTED = 0x800 -+ STATX_ATTR_IMMUTABLE = 0x10 -+ STATX_ATTR_NODUMP = 0x40 -+ STATX_BASIC_STATS = 0x7ff -+ STATX_BLOCKS = 0x400 -+ STATX_BTIME = 0x800 -+ STATX_CTIME = 0x80 -+ STATX_GID = 0x10 -+ STATX_INO = 0x100 -+ STATX_MODE = 0x2 -+ STATX_MTIME = 0x40 -+ STATX_NLINK = 0x4 -+ STATX_SIZE = 0x200 -+ STATX_TYPE = 0x1 -+ STATX_UID = 0x8 -+ STATX__RESERVED = 0x80000000 -+ SYNC_FILE_RANGE_WAIT_AFTER = 0x4 -+ SYNC_FILE_RANGE_WAIT_BEFORE = 0x1 -+ SYNC_FILE_RANGE_WRITE = 0x2 -+ SYSFS_MAGIC = 0x62656572 -+ S_BLKSIZE = 0x200 -+ S_IEXEC = 0x40 -+ S_IFBLK = 0x6000 -+ S_IFCHR = 0x2000 -+ S_IFDIR = 0x4000 -+ S_IFIFO = 0x1000 -+ S_IFLNK = 0xa000 -+ S_IFMT = 0xf000 -+ S_IFREG = 0x8000 -+ S_IFSOCK = 0xc000 -+ S_IREAD = 0x100 -+ S_IRGRP = 0x20 -+ S_IROTH = 0x4 -+ S_IRUSR = 0x100 -+ S_IRWXG = 0x38 -+ S_IRWXO = 0x7 -+ S_IRWXU = 0x1c0 -+ S_ISGID = 0x400 -+ S_ISUID = 0x800 -+ S_ISVTX = 0x200 -+ S_IWGRP = 0x10 -+ S_IWOTH = 0x2 -+ S_IWRITE = 0x80 -+ S_IWUSR = 0x80 -+ S_IXGRP = 0x8 -+ S_IXOTH = 0x1 -+ S_IXUSR = 0x40 -+ TAB0 = 0x0 -+ TAB1 = 0x800 -+ TAB2 = 0x1000 -+ TAB3 = 0x1800 -+ TABDLY = 0x1800 -+ TASKSTATS_CMD_ATTR_MAX = 0x4 -+ TASKSTATS_CMD_MAX = 0x2 -+ TASKSTATS_GENL_NAME = "TASKSTATS" -+ TASKSTATS_GENL_VERSION = 0x1 -+ TASKSTATS_TYPE_MAX = 0x6 -+ TASKSTATS_VERSION = 0x9 -+ TCFLSH = 0x540b -+ TCGETA = 0x5405 -+ TCGETS = 0x5401 -+ TCGETS2 = 0x802c542a -+ TCGETX = 0x5432 -+ TCIFLUSH = 0x0 -+ TCIOFF = 0x2 -+ TCIOFLUSH = 0x2 -+ TCION = 0x3 -+ TCOFLUSH = 0x1 -+ TCOOFF = 0x0 -+ TCOON = 0x1 -+ TCP_CC_INFO = 0x1a -+ TCP_CM_INQ = 0x24 -+ TCP_CONGESTION = 0xd -+ TCP_COOKIE_IN_ALWAYS = 0x1 -+ TCP_COOKIE_MAX = 0x10 -+ TCP_COOKIE_MIN = 0x8 -+ TCP_COOKIE_OUT_NEVER = 0x2 -+ TCP_COOKIE_PAIR_SIZE = 0x20 -+ TCP_COOKIE_TRANSACTIONS = 0xf -+ TCP_CORK = 0x3 -+ TCP_DEFER_ACCEPT = 0x9 -+ TCP_FASTOPEN = 0x17 -+ TCP_FASTOPEN_CONNECT = 0x1e -+ TCP_FASTOPEN_KEY = 0x21 -+ TCP_FASTOPEN_NO_COOKIE = 0x22 -+ TCP_INFO = 0xb -+ TCP_INQ = 0x24 -+ TCP_KEEPCNT = 0x6 -+ TCP_KEEPIDLE = 0x4 -+ TCP_KEEPINTVL = 0x5 -+ TCP_LINGER2 = 0x8 -+ TCP_MAXSEG = 0x2 -+ TCP_MAXWIN = 0xffff -+ TCP_MAX_WINSHIFT = 0xe -+ TCP_MD5SIG = 0xe -+ TCP_MD5SIG_EXT = 0x20 -+ TCP_MD5SIG_FLAG_PREFIX = 0x1 -+ TCP_MD5SIG_MAXKEYLEN = 0x50 -+ TCP_MSS = 0x200 -+ TCP_MSS_DEFAULT = 0x218 -+ TCP_MSS_DESIRED = 0x4c4 -+ TCP_NODELAY = 0x1 -+ TCP_NOTSENT_LOWAT = 0x19 -+ TCP_QUEUE_SEQ = 0x15 -+ TCP_QUICKACK = 0xc -+ TCP_REPAIR = 0x13 -+ TCP_REPAIR_OFF = 0x0 -+ TCP_REPAIR_OFF_NO_WP = -0x1 -+ TCP_REPAIR_ON = 0x1 -+ TCP_REPAIR_OPTIONS = 0x16 -+ TCP_REPAIR_QUEUE = 0x14 -+ TCP_REPAIR_WINDOW = 0x1d -+ TCP_SAVED_SYN = 0x1c -+ TCP_SAVE_SYN = 0x1b -+ TCP_SYNCNT = 0x7 -+ TCP_S_DATA_IN = 0x4 -+ TCP_S_DATA_OUT = 0x8 -+ TCP_THIN_DUPACK = 0x11 -+ TCP_THIN_LINEAR_TIMEOUTS = 0x10 -+ TCP_TIMESTAMP = 0x18 -+ TCP_ULP = 0x1f -+ TCP_USER_TIMEOUT = 0x12 -+ TCP_WINDOW_CLAMP = 0xa -+ TCP_ZEROCOPY_RECEIVE = 0x23 -+ TCSAFLUSH = 0x2 -+ TCSBRK = 0x5409 -+ TCSBRKP = 0x5425 -+ TCSETA = 0x5406 -+ TCSETAF = 0x5408 -+ TCSETAW = 0x5407 -+ TCSETS = 0x5402 -+ TCSETS2 = 0x402c542b -+ TCSETSF = 0x5404 -+ TCSETSF2 = 0x402c542d -+ TCSETSW = 0x5403 -+ TCSETSW2 = 0x402c542c -+ TCSETX = 0x5433 -+ TCSETXF = 0x5434 -+ TCSETXW = 0x5435 -+ TCXONC = 0x540a -+ TIMER_ABSTIME = 0x1 -+ TIOCCBRK = 0x5428 -+ TIOCCONS = 0x541d -+ TIOCEXCL = 0x540c -+ TIOCGDEV = 0x80045432 -+ TIOCGETD = 0x5424 -+ TIOCGEXCL = 0x80045440 -+ TIOCGICOUNT = 0x545d -+ TIOCGISO7816 = 0x80285442 -+ TIOCGLCKTRMIOS = 0x5456 -+ TIOCGPGRP = 0x540f -+ TIOCGPKT = 0x80045438 -+ TIOCGPTLCK = 0x80045439 -+ TIOCGPTN = 0x80045430 -+ TIOCGPTPEER = 0x5441 -+ TIOCGRS485 = 0x542e -+ TIOCGSERIAL = 0x541e -+ TIOCGSID = 0x5429 -+ TIOCGSOFTCAR = 0x5419 -+ TIOCGWINSZ = 0x5413 -+ TIOCINQ = 0x541b -+ TIOCLINUX = 0x541c -+ TIOCMBIC = 0x5417 -+ TIOCMBIS = 0x5416 -+ TIOCMGET = 0x5415 -+ TIOCMIWAIT = 0x545c -+ TIOCMSET = 0x5418 -+ TIOCM_CAR = 0x40 -+ TIOCM_CD = 0x40 -+ TIOCM_CTS = 0x20 -+ TIOCM_DSR = 0x100 -+ TIOCM_DTR = 0x2 -+ TIOCM_LE = 0x1 -+ TIOCM_RI = 0x80 -+ TIOCM_RNG = 0x80 -+ TIOCM_RTS = 0x4 -+ TIOCM_SR = 0x10 -+ TIOCM_ST = 0x8 -+ TIOCNOTTY = 0x5422 -+ TIOCNXCL = 0x540d -+ TIOCOUTQ = 0x5411 -+ TIOCPKT = 0x5420 -+ TIOCPKT_DATA = 0x0 -+ TIOCPKT_DOSTOP = 0x20 -+ TIOCPKT_FLUSHREAD = 0x1 -+ TIOCPKT_FLUSHWRITE = 0x2 -+ TIOCPKT_IOCTL = 0x40 -+ TIOCPKT_NOSTOP = 0x10 -+ TIOCPKT_START = 0x8 -+ TIOCPKT_STOP = 0x4 -+ TIOCSBRK = 0x5427 -+ TIOCSCTTY = 0x540e -+ TIOCSERCONFIG = 0x5453 -+ TIOCSERGETLSR = 0x5459 -+ TIOCSERGETMULTI = 0x545a -+ TIOCSERGSTRUCT = 0x5458 -+ TIOCSERGWILD = 0x5454 -+ TIOCSERSETMULTI = 0x545b -+ TIOCSERSWILD = 0x5455 -+ TIOCSER_TEMT = 0x1 -+ TIOCSETD = 0x5423 -+ TIOCSIG = 0x40045436 -+ TIOCSISO7816 = 0xc0285443 -+ TIOCSLCKTRMIOS = 0x5457 -+ TIOCSPGRP = 0x5410 -+ TIOCSPTLCK = 0x40045431 -+ TIOCSRS485 = 0x542f -+ TIOCSSERIAL = 0x541f -+ TIOCSSOFTCAR = 0x541a -+ TIOCSTI = 0x5412 -+ TIOCSWINSZ = 0x5414 -+ TIOCVHANGUP = 0x5437 -+ TMPFS_MAGIC = 0x1021994 -+ TOSTOP = 0x100 -+ TPACKET_ALIGNMENT = 0x10 -+ TPACKET_HDRLEN = 0x34 -+ TP_STATUS_AVAILABLE = 0x0 -+ TP_STATUS_BLK_TMO = 0x20 -+ TP_STATUS_COPY = 0x2 -+ TP_STATUS_CSUMNOTREADY = 0x8 -+ TP_STATUS_CSUM_VALID = 0x80 -+ TP_STATUS_KERNEL = 0x0 -+ TP_STATUS_LOSING = 0x4 -+ TP_STATUS_SENDING = 0x2 -+ TP_STATUS_SEND_REQUEST = 0x1 -+ TP_STATUS_TS_RAW_HARDWARE = -0x80000000 -+ TP_STATUS_TS_SOFTWARE = 0x20000000 -+ TP_STATUS_TS_SYS_HARDWARE = 0x40000000 -+ TP_STATUS_USER = 0x1 -+ TP_STATUS_VLAN_TPID_VALID = 0x40 -+ TP_STATUS_VLAN_VALID = 0x10 -+ TP_STATUS_WRONG_FORMAT = 0x4 -+ TRACEFS_MAGIC = 0x74726163 -+ TS_COMM_LEN = 0x20 -+ TUNATTACHFILTER = 0x401054d5 -+ TUNDETACHFILTER = 0x401054d6 -+ TUNGETFEATURES = 0x800454cf -+ TUNGETFILTER = 0x801054db -+ TUNGETIFF = 0x800454d2 -+ TUNGETSNDBUF = 0x800454d3 -+ TUNGETVNETBE = 0x800454df -+ TUNGETVNETHDRSZ = 0x800454d7 -+ TUNGETVNETLE = 0x800454dd -+ TUNSETCARRIER = 0x400454e2 -+ TUNSETDEBUG = 0x400454c9 -+ TUNSETFILTEREBPF = 0x800454e1 -+ TUNSETGROUP = 0x400454ce -+ TUNSETIFF = 0x400454ca -+ TUNSETIFINDEX = 0x400454da -+ TUNSETLINK = 0x400454cd -+ TUNSETNOCSUM = 0x400454c8 -+ TUNSETOFFLOAD = 0x400454d0 -+ TUNSETOWNER = 0x400454cc -+ TUNSETPERSIST = 0x400454cb -+ TUNSETQUEUE = 0x400454d9 -+ TUNSETSNDBUF = 0x400454d4 -+ TUNSETSTEERINGEBPF = 0x800454e0 -+ TUNSETTXFILTER = 0x400454d1 -+ TUNSETVNETBE = 0x400454de -+ TUNSETVNETHDRSZ = 0x400454d8 -+ TUNSETVNETLE = 0x400454dc -+ UBI_IOCATT = 0x40186f40 -+ UBI_IOCDET = 0x40046f41 -+ UBI_IOCEBCH = 0x40044f02 -+ UBI_IOCEBER = 0x40044f01 -+ UBI_IOCEBISMAP = 0x80044f05 -+ UBI_IOCEBMAP = 0x40084f03 -+ UBI_IOCEBUNMAP = 0x40044f04 -+ UBI_IOCMKVOL = 0x40986f00 -+ UBI_IOCRMVOL = 0x40046f01 -+ UBI_IOCRNVOL = 0x51106f03 -+ UBI_IOCRSVOL = 0x400c6f02 -+ UBI_IOCSETVOLPROP = 0x40104f06 -+ UBI_IOCVOLCRBLK = 0x40804f07 -+ UBI_IOCVOLRMBLK = 0x4f08 -+ UBI_IOCVOLUP = 0x40084f00 -+ UDF_SUPER_MAGIC = 0x15013346 -+ UMOUNT_NOFOLLOW = 0x8 -+ USBDEVICE_SUPER_MAGIC = 0x9fa2 -+ UTIME_NOW = 0x3fffffff -+ UTIME_OMIT = 0x3ffffffe -+ V9FS_MAGIC = 0x1021997 -+ VDISCARD = 0xd -+ VEOF = 0x4 -+ VEOL = 0xb -+ VEOL2 = 0x10 -+ VERASE = 0x2 -+ VINTR = 0x0 -+ VKILL = 0x3 -+ VLNEXT = 0xf -+ VMADDR_CID_ANY = 0xffffffff -+ VMADDR_CID_HOST = 0x2 -+ VMADDR_CID_HYPERVISOR = 0x0 -+ VMADDR_CID_RESERVED = 0x1 -+ VMADDR_PORT_ANY = 0xffffffff -+ VMIN = 0x6 -+ VM_SOCKETS_INVALID_VERSION = 0xffffffff -+ VQUIT = 0x1 -+ VREPRINT = 0xc -+ VSTART = 0x8 -+ VSTOP = 0x9 -+ VSUSP = 0xa -+ VSWTC = 0x7 -+ VT0 = 0x0 -+ VT1 = 0x4000 -+ VTDLY = 0x4000 -+ VTIME = 0x5 -+ VWERASE = 0xe -+ WALL = 0x40000000 -+ WCLONE = 0x80000000 -+ WCONTINUED = 0x8 -+ WDIOC_GETBOOTSTATUS = 0x80045702 -+ WDIOC_GETPRETIMEOUT = 0x80045709 -+ WDIOC_GETSTATUS = 0x80045701 -+ WDIOC_GETSUPPORT = 0x80285700 -+ WDIOC_GETTEMP = 0x80045703 -+ WDIOC_GETTIMELEFT = 0x8004570a -+ WDIOC_GETTIMEOUT = 0x80045707 -+ WDIOC_KEEPALIVE = 0x80045705 -+ WDIOC_SETOPTIONS = 0x80045704 -+ WDIOC_SETPRETIMEOUT = 0xc0045708 -+ WDIOC_SETTIMEOUT = 0xc0045706 -+ WEXITED = 0x4 -+ WIN_ACKMEDIACHANGE = 0xdb -+ WIN_CHECKPOWERMODE1 = 0xe5 -+ WIN_CHECKPOWERMODE2 = 0x98 -+ WIN_DEVICE_RESET = 0x8 -+ WIN_DIAGNOSE = 0x90 -+ WIN_DOORLOCK = 0xde -+ WIN_DOORUNLOCK = 0xdf -+ WIN_DOWNLOAD_MICROCODE = 0x92 -+ WIN_FLUSH_CACHE = 0xe7 -+ WIN_FLUSH_CACHE_EXT = 0xea -+ WIN_FORMAT = 0x50 -+ WIN_GETMEDIASTATUS = 0xda -+ WIN_IDENTIFY = 0xec -+ WIN_IDENTIFY_DMA = 0xee -+ WIN_IDLEIMMEDIATE = 0xe1 -+ WIN_INIT = 0x60 -+ WIN_MEDIAEJECT = 0xed -+ WIN_MULTREAD = 0xc4 -+ WIN_MULTREAD_EXT = 0x29 -+ WIN_MULTWRITE = 0xc5 -+ WIN_MULTWRITE_EXT = 0x39 -+ WIN_NOP = 0x0 -+ WIN_PACKETCMD = 0xa0 -+ WIN_PIDENTIFY = 0xa1 -+ WIN_POSTBOOT = 0xdc -+ WIN_PREBOOT = 0xdd -+ WIN_QUEUED_SERVICE = 0xa2 -+ WIN_READ = 0x20 -+ WIN_READDMA = 0xc8 -+ WIN_READDMA_EXT = 0x25 -+ WIN_READDMA_ONCE = 0xc9 -+ WIN_READDMA_QUEUED = 0xc7 -+ WIN_READDMA_QUEUED_EXT = 0x26 -+ WIN_READ_BUFFER = 0xe4 -+ WIN_READ_EXT = 0x24 -+ WIN_READ_LONG = 0x22 -+ WIN_READ_LONG_ONCE = 0x23 -+ WIN_READ_NATIVE_MAX = 0xf8 -+ WIN_READ_NATIVE_MAX_EXT = 0x27 -+ WIN_READ_ONCE = 0x21 -+ WIN_RECAL = 0x10 -+ WIN_RESTORE = 0x10 -+ WIN_SECURITY_DISABLE = 0xf6 -+ WIN_SECURITY_ERASE_PREPARE = 0xf3 -+ WIN_SECURITY_ERASE_UNIT = 0xf4 -+ WIN_SECURITY_FREEZE_LOCK = 0xf5 -+ WIN_SECURITY_SET_PASS = 0xf1 -+ WIN_SECURITY_UNLOCK = 0xf2 -+ WIN_SEEK = 0x70 -+ WIN_SETFEATURES = 0xef -+ WIN_SETIDLE1 = 0xe3 -+ WIN_SETIDLE2 = 0x97 -+ WIN_SETMULT = 0xc6 -+ WIN_SET_MAX = 0xf9 -+ WIN_SET_MAX_EXT = 0x37 -+ WIN_SLEEPNOW1 = 0xe6 -+ WIN_SLEEPNOW2 = 0x99 -+ WIN_SMART = 0xb0 -+ WIN_SPECIFY = 0x91 -+ WIN_SRST = 0x8 -+ WIN_STANDBY = 0xe2 -+ WIN_STANDBY2 = 0x96 -+ WIN_STANDBYNOW1 = 0xe0 -+ WIN_STANDBYNOW2 = 0x94 -+ WIN_VERIFY = 0x40 -+ WIN_VERIFY_EXT = 0x42 -+ WIN_VERIFY_ONCE = 0x41 -+ WIN_WRITE = 0x30 -+ WIN_WRITEDMA = 0xca -+ WIN_WRITEDMA_EXT = 0x35 -+ WIN_WRITEDMA_ONCE = 0xcb -+ WIN_WRITEDMA_QUEUED = 0xcc -+ WIN_WRITEDMA_QUEUED_EXT = 0x36 -+ WIN_WRITE_BUFFER = 0xe8 -+ WIN_WRITE_EXT = 0x34 -+ WIN_WRITE_LONG = 0x32 -+ WIN_WRITE_LONG_ONCE = 0x33 -+ WIN_WRITE_ONCE = 0x31 -+ WIN_WRITE_SAME = 0xe9 -+ WIN_WRITE_VERIFY = 0x3c -+ WNOHANG = 0x1 -+ WNOTHREAD = 0x20000000 -+ WNOWAIT = 0x1000000 -+ WORDSIZE = 0x40 -+ WSTOPPED = 0x2 -+ WUNTRACED = 0x2 -+ XATTR_CREATE = 0x1 -+ XATTR_REPLACE = 0x2 -+ XCASE = 0x4 -+ XDP_COPY = 0x2 -+ XDP_FLAGS_DRV_MODE = 0x4 -+ XDP_FLAGS_HW_MODE = 0x8 -+ XDP_FLAGS_MASK = 0xf -+ XDP_FLAGS_MODES = 0xe -+ XDP_FLAGS_SKB_MODE = 0x2 -+ XDP_FLAGS_UPDATE_IF_NOEXIST = 0x1 -+ XDP_MMAP_OFFSETS = 0x1 -+ XDP_PGOFF_RX_RING = 0x0 -+ XDP_PGOFF_TX_RING = 0x80000000 -+ XDP_RX_RING = 0x2 -+ XDP_SHARED_UMEM = 0x1 -+ XDP_STATISTICS = 0x7 -+ XDP_TX_RING = 0x3 -+ XDP_UMEM_COMPLETION_RING = 0x6 -+ XDP_UMEM_FILL_RING = 0x5 -+ XDP_UMEM_PGOFF_COMPLETION_RING = 0x180000000 -+ XDP_UMEM_PGOFF_FILL_RING = 0x100000000 -+ XDP_UMEM_REG = 0x4 -+ XDP_ZEROCOPY = 0x4 -+ XENFS_SUPER_MAGIC = 0xabba1974 -+ XFS_SUPER_MAGIC = 0x58465342 -+ XTABS = 0x1800 -+ ZSMALLOC_MAGIC = 0x58295829 -+) -+ -+// Errors -+const ( -+ E2BIG = syscall.Errno(0x7) -+ EACCES = syscall.Errno(0xd) -+ EADDRINUSE = syscall.Errno(0x62) -+ EADDRNOTAVAIL = syscall.Errno(0x63) -+ EADV = syscall.Errno(0x44) -+ EAFNOSUPPORT = syscall.Errno(0x61) -+ EAGAIN = syscall.Errno(0xb) -+ EALREADY = syscall.Errno(0x72) -+ EBADE = syscall.Errno(0x34) -+ EBADF = syscall.Errno(0x9) -+ EBADFD = syscall.Errno(0x4d) -+ EBADMSG = syscall.Errno(0x4a) -+ EBADR = syscall.Errno(0x35) -+ EBADRQC = syscall.Errno(0x38) -+ EBADSLT = syscall.Errno(0x39) -+ EBFONT = syscall.Errno(0x3b) -+ EBUSY = syscall.Errno(0x10) -+ ECANCELED = syscall.Errno(0x7d) -+ ECHILD = syscall.Errno(0xa) -+ ECHRNG = syscall.Errno(0x2c) -+ ECOMM = syscall.Errno(0x46) -+ ECONNABORTED = syscall.Errno(0x67) -+ ECONNREFUSED = syscall.Errno(0x6f) -+ ECONNRESET = syscall.Errno(0x68) -+ EDEADLK = syscall.Errno(0x23) -+ EDEADLOCK = syscall.Errno(0x23) -+ EDESTADDRREQ = syscall.Errno(0x59) -+ EDOM = syscall.Errno(0x21) -+ EDOTDOT = syscall.Errno(0x49) -+ EDQUOT = syscall.Errno(0x7a) -+ EEXIST = syscall.Errno(0x11) -+ EFAULT = syscall.Errno(0xe) -+ EFBIG = syscall.Errno(0x1b) -+ EHOSTDOWN = syscall.Errno(0x70) -+ EHOSTUNREACH = syscall.Errno(0x71) -+ EHWPOISON = syscall.Errno(0x85) -+ EIDRM = syscall.Errno(0x2b) -+ EILSEQ = syscall.Errno(0x54) -+ EINPROGRESS = syscall.Errno(0x73) -+ EINTR = syscall.Errno(0x4) -+ EINVAL = syscall.Errno(0x16) -+ EIO = syscall.Errno(0x5) -+ EISCONN = syscall.Errno(0x6a) -+ EISDIR = syscall.Errno(0x15) -+ EISNAM = syscall.Errno(0x78) -+ EKEYEXPIRED = syscall.Errno(0x7f) -+ EKEYREJECTED = syscall.Errno(0x81) -+ EKEYREVOKED = syscall.Errno(0x80) -+ EL2HLT = syscall.Errno(0x33) -+ EL2NSYNC = syscall.Errno(0x2d) -+ EL3HLT = syscall.Errno(0x2e) -+ EL3RST = syscall.Errno(0x2f) -+ ELIBACC = syscall.Errno(0x4f) -+ ELIBBAD = syscall.Errno(0x50) -+ ELIBEXEC = syscall.Errno(0x53) -+ ELIBMAX = syscall.Errno(0x52) -+ ELIBSCN = syscall.Errno(0x51) -+ ELNRNG = syscall.Errno(0x30) -+ ELOOP = syscall.Errno(0x28) -+ EMEDIUMTYPE = syscall.Errno(0x7c) -+ EMFILE = syscall.Errno(0x18) -+ EMLINK = syscall.Errno(0x1f) -+ EMSGSIZE = syscall.Errno(0x5a) -+ EMULTIHOP = syscall.Errno(0x48) -+ ENAMETOOLONG = syscall.Errno(0x24) -+ ENAVAIL = syscall.Errno(0x77) -+ ENETDOWN = syscall.Errno(0x64) -+ ENETRESET = syscall.Errno(0x66) -+ ENETUNREACH = syscall.Errno(0x65) -+ ENFILE = syscall.Errno(0x17) -+ ENOANO = syscall.Errno(0x37) -+ ENOBUFS = syscall.Errno(0x69) -+ ENOCSI = syscall.Errno(0x32) -+ ENODATA = syscall.Errno(0x3d) -+ ENODEV = syscall.Errno(0x13) -+ ENOENT = syscall.Errno(0x2) -+ ENOEXEC = syscall.Errno(0x8) -+ ENOKEY = syscall.Errno(0x7e) -+ ENOLCK = syscall.Errno(0x25) -+ ENOLINK = syscall.Errno(0x43) -+ ENOMEDIUM = syscall.Errno(0x7b) -+ ENOMEM = syscall.Errno(0xc) -+ ENOMSG = syscall.Errno(0x2a) -+ ENONET = syscall.Errno(0x40) -+ ENOPKG = syscall.Errno(0x41) -+ ENOPROTOOPT = syscall.Errno(0x5c) -+ ENOSPC = syscall.Errno(0x1c) -+ ENOSR = syscall.Errno(0x3f) -+ ENOSTR = syscall.Errno(0x3c) -+ ENOSYS = syscall.Errno(0x26) -+ ENOTBLK = syscall.Errno(0xf) -+ ENOTCONN = syscall.Errno(0x6b) -+ ENOTDIR = syscall.Errno(0x14) -+ ENOTEMPTY = syscall.Errno(0x27) -+ ENOTNAM = syscall.Errno(0x76) -+ ENOTRECOVERABLE = syscall.Errno(0x83) -+ ENOTSOCK = syscall.Errno(0x58) -+ ENOTSUP = syscall.Errno(0x5f) -+ ENOTTY = syscall.Errno(0x19) -+ ENOTUNIQ = syscall.Errno(0x4c) -+ ENXIO = syscall.Errno(0x6) -+ EOPNOTSUPP = syscall.Errno(0x5f) -+ EOVERFLOW = syscall.Errno(0x4b) -+ EOWNERDEAD = syscall.Errno(0x82) -+ EPERM = syscall.Errno(0x1) -+ EPFNOSUPPORT = syscall.Errno(0x60) -+ EPIPE = syscall.Errno(0x20) -+ EPROTO = syscall.Errno(0x47) -+ EPROTONOSUPPORT = syscall.Errno(0x5d) -+ EPROTOTYPE = syscall.Errno(0x5b) -+ ERANGE = syscall.Errno(0x22) -+ EREMCHG = syscall.Errno(0x4e) -+ EREMOTE = syscall.Errno(0x42) -+ EREMOTEIO = syscall.Errno(0x79) -+ ERESTART = syscall.Errno(0x55) -+ ERFKILL = syscall.Errno(0x84) -+ EROFS = syscall.Errno(0x1e) -+ ESHUTDOWN = syscall.Errno(0x6c) -+ ESOCKTNOSUPPORT = syscall.Errno(0x5e) -+ ESPIPE = syscall.Errno(0x1d) -+ ESRCH = syscall.Errno(0x3) -+ ESRMNT = syscall.Errno(0x45) -+ ESTALE = syscall.Errno(0x74) -+ ESTRPIPE = syscall.Errno(0x56) -+ ETIME = syscall.Errno(0x3e) -+ ETIMEDOUT = syscall.Errno(0x6e) -+ ETOOMANYREFS = syscall.Errno(0x6d) -+ ETXTBSY = syscall.Errno(0x1a) -+ EUCLEAN = syscall.Errno(0x75) -+ EUNATCH = syscall.Errno(0x31) -+ EUSERS = syscall.Errno(0x57) -+ EWOULDBLOCK = syscall.Errno(0xb) -+ EXDEV = syscall.Errno(0x12) -+ EXFULL = syscall.Errno(0x36) -+) -+ -+// Signals -+const ( -+ SIGABRT = syscall.Signal(0x6) -+ SIGALRM = syscall.Signal(0xe) -+ SIGBUS = syscall.Signal(0x7) -+ SIGCHLD = syscall.Signal(0x11) -+ SIGCLD = syscall.Signal(0x11) -+ SIGCONT = syscall.Signal(0x12) -+ SIGFPE = syscall.Signal(0x8) -+ SIGHUP = syscall.Signal(0x1) -+ SIGILL = syscall.Signal(0x4) -+ SIGINT = syscall.Signal(0x2) -+ SIGIO = syscall.Signal(0x1d) -+ SIGIOT = syscall.Signal(0x6) -+ SIGKILL = syscall.Signal(0x9) -+ SIGPIPE = syscall.Signal(0xd) -+ SIGPOLL = syscall.Signal(0x1d) -+ SIGPROF = syscall.Signal(0x1b) -+ SIGPWR = syscall.Signal(0x1e) -+ SIGQUIT = syscall.Signal(0x3) -+ SIGSEGV = syscall.Signal(0xb) -+ SIGSTKFLT = syscall.Signal(0x10) -+ SIGSTOP = syscall.Signal(0x13) -+ SIGSYS = syscall.Signal(0x1f) -+ SIGTERM = syscall.Signal(0xf) -+ SIGTRAP = syscall.Signal(0x5) -+ SIGTSTP = syscall.Signal(0x14) -+ SIGTTIN = syscall.Signal(0x15) -+ SIGTTOU = syscall.Signal(0x16) -+ SIGURG = syscall.Signal(0x17) -+ SIGUSR1 = syscall.Signal(0xa) -+ SIGUSR2 = syscall.Signal(0xc) -+ SIGVTALRM = syscall.Signal(0x1a) -+ SIGWINCH = syscall.Signal(0x1c) -+ SIGXCPU = syscall.Signal(0x18) -+ SIGXFSZ = syscall.Signal(0x19) -+) -+ -+// Error table -+var errorList = [...]struct { -+ num syscall.Errno -+ name string -+ desc string -+}{ -+ {1, "EPERM", "operation not permitted"}, -+ {2, "ENOENT", "no such file or directory"}, -+ {3, "ESRCH", "no such process"}, -+ {4, "EINTR", "interrupted system call"}, -+ {5, "EIO", "input/output error"}, -+ {6, "ENXIO", "no such device or address"}, -+ {7, "E2BIG", "argument list too long"}, -+ {8, "ENOEXEC", "exec format error"}, -+ {9, "EBADF", "bad file descriptor"}, -+ {10, "ECHILD", "no child processes"}, -+ {11, "EAGAIN", "resource temporarily unavailable"}, -+ {12, "ENOMEM", "cannot allocate memory"}, -+ {13, "EACCES", "permission denied"}, -+ {14, "EFAULT", "bad address"}, -+ {15, "ENOTBLK", "block device required"}, -+ {16, "EBUSY", "device or resource busy"}, -+ {17, "EEXIST", "file exists"}, -+ {18, "EXDEV", "invalid cross-device link"}, -+ {19, "ENODEV", "no such device"}, -+ {20, "ENOTDIR", "not a directory"}, -+ {21, "EISDIR", "is a directory"}, -+ {22, "EINVAL", "invalid argument"}, -+ {23, "ENFILE", "too many open files in system"}, -+ {24, "EMFILE", "too many open files"}, -+ {25, "ENOTTY", "inappropriate ioctl for device"}, -+ {26, "ETXTBSY", "text file busy"}, -+ {27, "EFBIG", "file too large"}, -+ {28, "ENOSPC", "no space left on device"}, -+ {29, "ESPIPE", "illegal seek"}, -+ {30, "EROFS", "read-only file system"}, -+ {31, "EMLINK", "too many links"}, -+ {32, "EPIPE", "broken pipe"}, -+ {33, "EDOM", "numerical argument out of domain"}, -+ {34, "ERANGE", "numerical result out of range"}, -+ {35, "EDEADLK", "resource deadlock avoided"}, -+ {36, "ENAMETOOLONG", "file name too long"}, -+ {37, "ENOLCK", "no locks available"}, -+ {38, "ENOSYS", "function not implemented"}, -+ {39, "ENOTEMPTY", "directory not empty"}, -+ {40, "ELOOP", "too many levels of symbolic links"}, -+ {42, "ENOMSG", "no message of desired type"}, -+ {43, "EIDRM", "identifier removed"}, -+ {44, "ECHRNG", "channel number out of range"}, -+ {45, "EL2NSYNC", "level 2 not synchronized"}, -+ {46, "EL3HLT", "level 3 halted"}, -+ {47, "EL3RST", "level 3 reset"}, -+ {48, "ELNRNG", "link number out of range"}, -+ {49, "EUNATCH", "protocol driver not attached"}, -+ {50, "ENOCSI", "no CSI structure available"}, -+ {51, "EL2HLT", "level 2 halted"}, -+ {52, "EBADE", "invalid exchange"}, -+ {53, "EBADR", "invalid request descriptor"}, -+ {54, "EXFULL", "exchange full"}, -+ {55, "ENOANO", "no anode"}, -+ {56, "EBADRQC", "invalid request code"}, -+ {57, "EBADSLT", "invalid slot"}, -+ {59, "EBFONT", "bad font file format"}, -+ {60, "ENOSTR", "device not a stream"}, -+ {61, "ENODATA", "no data available"}, -+ {62, "ETIME", "timer expired"}, -+ {63, "ENOSR", "out of streams resources"}, -+ {64, "ENONET", "machine is not on the network"}, -+ {65, "ENOPKG", "package not installed"}, -+ {66, "EREMOTE", "object is remote"}, -+ {67, "ENOLINK", "link has been severed"}, -+ {68, "EADV", "advertise error"}, -+ {69, "ESRMNT", "srmount error"}, -+ {70, "ECOMM", "communication error on send"}, -+ {71, "EPROTO", "protocol error"}, -+ {72, "EMULTIHOP", "multihop attempted"}, -+ {73, "EDOTDOT", "RFS specific error"}, -+ {74, "EBADMSG", "bad message"}, -+ {75, "EOVERFLOW", "value too large for defined data type"}, -+ {76, "ENOTUNIQ", "name not unique on network"}, -+ {77, "EBADFD", "file descriptor in bad state"}, -+ {78, "EREMCHG", "remote address changed"}, -+ {79, "ELIBACC", "can not access a needed shared library"}, -+ {80, "ELIBBAD", "accessing a corrupted shared library"}, -+ {81, "ELIBSCN", ".lib section in a.out corrupted"}, -+ {82, "ELIBMAX", "attempting to link in too many shared libraries"}, -+ {83, "ELIBEXEC", "cannot exec a shared library directly"}, -+ {84, "EILSEQ", "invalid or incomplete multibyte or wide character"}, -+ {85, "ERESTART", "interrupted system call should be restarted"}, -+ {86, "ESTRPIPE", "streams pipe error"}, -+ {87, "EUSERS", "too many users"}, -+ {88, "ENOTSOCK", "socket operation on non-socket"}, -+ {89, "EDESTADDRREQ", "destination address required"}, -+ {90, "EMSGSIZE", "message too long"}, -+ {91, "EPROTOTYPE", "protocol wrong type for socket"}, -+ {92, "ENOPROTOOPT", "protocol not available"}, -+ {93, "EPROTONOSUPPORT", "protocol not supported"}, -+ {94, "ESOCKTNOSUPPORT", "socket type not supported"}, -+ {95, "ENOTSUP", "operation not supported"}, -+ {96, "EPFNOSUPPORT", "protocol family not supported"}, -+ {97, "EAFNOSUPPORT", "address family not supported by protocol"}, -+ {98, "EADDRINUSE", "address already in use"}, -+ {99, "EADDRNOTAVAIL", "cannot assign requested address"}, -+ {100, "ENETDOWN", "network is down"}, -+ {101, "ENETUNREACH", "network is unreachable"}, -+ {102, "ENETRESET", "network dropped connection on reset"}, -+ {103, "ECONNABORTED", "software caused connection abort"}, -+ {104, "ECONNRESET", "connection reset by peer"}, -+ {105, "ENOBUFS", "no buffer space available"}, -+ {106, "EISCONN", "transport endpoint is already connected"}, -+ {107, "ENOTCONN", "transport endpoint is not connected"}, -+ {108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"}, -+ {109, "ETOOMANYREFS", "too many references: cannot splice"}, -+ {110, "ETIMEDOUT", "connection timed out"}, -+ {111, "ECONNREFUSED", "connection refused"}, -+ {112, "EHOSTDOWN", "host is down"}, -+ {113, "EHOSTUNREACH", "no route to host"}, -+ {114, "EALREADY", "operation already in progress"}, -+ {115, "EINPROGRESS", "operation now in progress"}, -+ {116, "ESTALE", "stale file handle"}, -+ {117, "EUCLEAN", "structure needs cleaning"}, -+ {118, "ENOTNAM", "not a XENIX named type file"}, -+ {119, "ENAVAIL", "no XENIX semaphores available"}, -+ {120, "EISNAM", "is a named type file"}, -+ {121, "EREMOTEIO", "remote I/O error"}, -+ {122, "EDQUOT", "disk quota exceeded"}, -+ {123, "ENOMEDIUM", "no medium found"}, -+ {124, "EMEDIUMTYPE", "wrong medium type"}, -+ {125, "ECANCELED", "operation canceled"}, -+ {126, "ENOKEY", "required key not available"}, -+ {127, "EKEYEXPIRED", "key has expired"}, -+ {128, "EKEYREVOKED", "key has been revoked"}, -+ {129, "EKEYREJECTED", "key was rejected by service"}, -+ {130, "EOWNERDEAD", "owner died"}, -+ {131, "ENOTRECOVERABLE", "state not recoverable"}, -+ {132, "ERFKILL", "operation not possible due to RF-kill"}, -+ {133, "EHWPOISON", "memory page has hardware error"}, -+} -+ -+// Signal table -+var signalList = [...]struct { -+ num syscall.Signal -+ name string -+ desc string -+}{ -+ {1, "SIGHUP", "hangup"}, -+ {2, "SIGINT", "interrupt"}, -+ {3, "SIGQUIT", "quit"}, -+ {4, "SIGILL", "illegal instruction"}, -+ {5, "SIGTRAP", "trace/breakpoint trap"}, -+ {6, "SIGABRT", "aborted"}, -+ {7, "SIGBUS", "bus error"}, -+ {8, "SIGFPE", "floating point exception"}, -+ {9, "SIGKILL", "killed"}, -+ {10, "SIGUSR1", "user defined signal 1"}, -+ {11, "SIGSEGV", "segmentation fault"}, -+ {12, "SIGUSR2", "user defined signal 2"}, -+ {13, "SIGPIPE", "broken pipe"}, -+ {14, "SIGALRM", "alarm clock"}, -+ {15, "SIGTERM", "terminated"}, -+ {16, "SIGSTKFLT", "stack fault"}, -+ {17, "SIGCHLD", "child exited"}, -+ {18, "SIGCONT", "continued"}, -+ {19, "SIGSTOP", "stopped (signal)"}, -+ {20, "SIGTSTP", "stopped"}, -+ {21, "SIGTTIN", "stopped (tty input)"}, -+ {22, "SIGTTOU", "stopped (tty output)"}, -+ {23, "SIGURG", "urgent I/O condition"}, -+ {24, "SIGXCPU", "CPU time limit exceeded"}, -+ {25, "SIGXFSZ", "file size limit exceeded"}, -+ {26, "SIGVTALRM", "virtual timer expired"}, -+ {27, "SIGPROF", "profiling timer expired"}, -+ {28, "SIGWINCH", "window changed"}, -+ {29, "SIGIO", "I/O possible"}, -+ {30, "SIGPWR", "power failure"}, -+ {31, "SIGSYS", "bad system call"}, -+} -diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -new file mode 100644 -index 0000000..03143b2 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go -@@ -0,0 +1,2217 @@ -+// go run mksyscall.go -tags linux,riscv64 syscall_linux.go syscall_linux_riscv64.go -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build linux,riscv64 -+ -+package unix -+ -+import ( -+ "syscall" -+ "unsafe" -+) -+ -+var _ syscall.Errno -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func FanotifyInit(flags uint, event_f_flags uint) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_FANOTIFY_INIT, uintptr(flags), uintptr(event_f_flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) { -+ _, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fchmodat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ioctl(fd int, req uint, arg uintptr) (err error) { -+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_LINKAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_OPENAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_PPOLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Readlinkat(dirfd int, path string, buf []byte) (n int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(buf) > 0 { -+ _p1 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_READLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_SYMLINKAT, uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unlinkat(dirfd int, path string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_UNLINKAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_UTIMENSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getcwd(buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETCWD, uintptr(_p0), uintptr(len(buf)), 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func wait4(pid int, wstatus *_C_int, options int, rusage *Rusage) (wpid int, err error) { -+ r0, _, e1 := Syscall6(SYS_WAIT4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)), 0, 0) -+ wpid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func KeyctlInt(cmd int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err error) { -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func KeyctlBuffer(cmd int, arg2 int, buf []byte, arg5 int) (ret int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(buf)), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlJoin(cmd int, arg2 string) (ret int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg2) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlSearch(cmd int, arg2 int, arg3 string, arg4 string, arg5 int) (ret int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg3) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(arg4) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(arg5), 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlIOV(cmd int, arg2 int, payload []Iovec, arg5 int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(payload) > 0 { -+ _p0 = unsafe.Pointer(&payload[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(arg2), uintptr(_p0), uintptr(len(payload)), uintptr(arg5), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func keyctlDH(cmd int, arg2 *KeyctlDHParams, buf []byte) (ret int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_KEYCTL, uintptr(cmd), uintptr(unsafe.Pointer(arg2)), uintptr(_p0), uintptr(len(buf)), 0, 0) -+ ret = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(arg) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_REBOOT, uintptr(magic1), uintptr(magic2), uintptr(cmd), uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func mount(source string, target string, fstype string, flags uintptr, data *byte) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(source) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(target) -+ if err != nil { -+ return -+ } -+ var _p2 *byte -+ _p2, err = BytePtrFromString(fstype) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_MOUNT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(data)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Acct(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_ACCT, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func AddKey(keyType string, description string, payload []byte, ringid int) (id int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(keyType) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(description) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(payload) > 0 { -+ _p2 = unsafe.Pointer(&payload[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_ADD_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(payload)), uintptr(ringid), 0) -+ id = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Adjtimex(buf *Timex) (state int, err error) { -+ r0, _, e1 := Syscall(SYS_ADJTIMEX, uintptr(unsafe.Pointer(buf)), 0, 0) -+ state = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Chdir(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_CHDIR, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Chroot(path string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_CHROOT, uintptr(unsafe.Pointer(_p0)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockGetres(clockid int32, res *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockGettime(clockid int32, time *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_CLOCK_GETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) { -+ _, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Close(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_CLOSE, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func CopyFileRange(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_COPY_FILE_RANGE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func DeleteModule(name string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(name) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_DELETE_MODULE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Dup(oldfd int) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_DUP, uintptr(oldfd), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Dup3(oldfd int, newfd int, flags int) (err error) { -+ _, _, e1 := Syscall(SYS_DUP3, uintptr(oldfd), uintptr(newfd), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollCreate1(flag int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE1, uintptr(flag), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) { -+ _, _, e1 := RawSyscall6(SYS_EPOLL_CTL, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Eventfd(initval uint, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_EVENTFD2, uintptr(initval), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Exit(code int) { -+ Syscall(SYS_EXIT_GROUP, uintptr(code), 0, 0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) { -+ _, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off), uintptr(len), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchdir(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FCHDIR, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchmod(fd int, mode uint32) (err error) { -+ _, _, e1 := Syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_FCHOWNAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func fcntl(fd int, cmd int, arg int) (val int, err error) { -+ r0, _, e1 := Syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg)) -+ val = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fdatasync(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FDATASYNC, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_FGETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func FinitModule(fd int, params string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(params) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FINIT_MODULE, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Flistxattr(fd int, dest []byte) (sz int, err error) { -+ var _p0 unsafe.Pointer -+ if len(dest) > 0 { -+ _p0 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_FLISTXATTR, uintptr(fd), uintptr(_p0), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Flock(fd int, how int) (err error) { -+ _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fremovexattr(fd int, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FREMOVEXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_FSETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fsync(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getdents(fd int, buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETDENTS64, uintptr(fd), uintptr(_p0), uintptr(len(buf))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpgid(pid int) (pgid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETPGID, uintptr(pid), 0, 0) -+ pgid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpid() (pid int) { -+ r0, _, _ := RawSyscall(SYS_GETPID, 0, 0, 0) -+ pid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getppid() (ppid int) { -+ r0,_,_:=RawSyscall(SYS_GETPPID, 0, 0, 0) -+ ppid=int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getpriority(which int, who int) (prio int, err error) { -+ r0, _, e1 := Syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0) -+ prio = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrandom(buf []byte, flags int) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrusage(who int, rusage *Rusage) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getsid(pid int) (sid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETSID, uintptr(pid), 0, 0) -+ sid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Gettid() (tid int) { -+ r0, _, _ := RawSyscall(SYS_GETTID, 0, 0, 0) -+ tid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getxattr(path string, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(dest) > 0 { -+ _p2 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InitModule(moduleImage []byte, params string) (err error) { -+ var _p0 unsafe.Pointer -+ if len(moduleImage) > 0 { -+ _p0 = unsafe.Pointer(&moduleImage[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(params) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_INIT_MODULE, uintptr(_p0), uintptr(len(moduleImage)), uintptr(unsafe.Pointer(_p1))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(pathname) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_INOTIFY_ADD_WATCH, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask)) -+ watchdesc = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyInit1(flags int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT1, uintptr(flags), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) { -+ r0, _, e1 := RawSyscall(SYS_INOTIFY_RM_WATCH, uintptr(fd), uintptr(watchdesc), 0) -+ success = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Kill(pid int, sig syscall.Signal) (err error) { -+ _, _, e1 := RawSyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Klogctl(typ int, buf []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_SYSLOG, uintptr(typ), uintptr(_p0), uintptr(len(buf))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lgetxattr(path string, attr string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(dest) > 0 { -+ _p2 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_LGETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), 0, 0) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Listxattr(path string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Llistxattr(path string, dest []byte) (sz int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 unsafe.Pointer -+ if len(dest) > 0 { -+ _p1 = unsafe.Pointer(&dest[0]) -+ } else { -+ _p1 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_LLISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest))) -+ sz = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lremovexattr(path string, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_LREMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Lsetxattr(path string, attr string, data []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(data) > 0 { -+ _p2 = unsafe.Pointer(&data[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_LSETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func MemfdCreate(name string, flags int) (fd int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(name) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall(SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mkdirat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_MKDIRAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mknodat(dirfd int, path string, mode uint32, dev int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_MKNODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Nanosleep(time *Timespec, leftover *Timespec) (err error) { -+ _, _, e1 := Syscall(SYS_NANOSLEEP, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func PerfEventOpen(attr *PerfEventAttr, pid int, cpu int, groupFd int, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall6(SYS_PERF_EVENT_OPEN, uintptr(unsafe.Pointer(attr)), uintptr(pid), uintptr(cpu), uintptr(groupFd), uintptr(flags), 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func PivotRoot(newroot string, putold string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(newroot) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(putold) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_PIVOT_ROOT, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) { -+ _, _, e1 := RawSyscall6(SYS_PRLIMIT64, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_PRCTL, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pselect(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timespec, sigmask *Sigset_t) (n int, err error) { -+ r0, _, e1 := Syscall6(SYS_PSELECT6, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func read(fd int, p []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Removexattr(path string, attr string) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(oldpath) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(newpath) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_RENAMEAT2, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(keyType) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(description) -+ if err != nil { -+ return -+ } -+ var _p2 *byte -+ _p2, err = BytePtrFromString(callback) -+ if err != nil { -+ return -+ } -+ r0, _, e1 := Syscall6(SYS_REQUEST_KEY, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(destRingid), 0, 0) -+ id = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setdomainname(p []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_SETDOMAINNAME, uintptr(_p0), uintptr(len(p)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sethostname(p []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_SETHOSTNAME, uintptr(_p0), uintptr(len(p)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setpgid(pid int, pgid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setsid() (pid int, err error) { -+ r0, _, e1 := RawSyscall(SYS_SETSID, 0, 0, 0) -+ pid = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Settimeofday(tv *Timeval) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setns(fd int, nstype int) (err error) { -+ _, _, e1 := Syscall(SYS_SETNS, uintptr(fd), uintptr(nstype), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setpriority(which int, who int, prio int) (err error) { -+ _, _, e1 := Syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setxattr(path string, attr string, data []byte, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ var _p1 *byte -+ _p1, err = BytePtrFromString(attr) -+ if err != nil { -+ return -+ } -+ var _p2 unsafe.Pointer -+ if len(data) > 0 { -+ _p2 = unsafe.Pointer(&data[0]) -+ } else { -+ _p2 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Statx(dirfd int, path string, flags int, mask int, stat *Statx_t) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_STATX, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mask), uintptr(unsafe.Pointer(stat)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Syncfs(fd int) (err error) { -+ _, _, e1 := Syscall(SYS_SYNCFS, uintptr(fd), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sync() { -+ Syscall(SYS_SYNC, 0, 0, 0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Sysinfo(info *Sysinfo_t) (err error) { -+ _, _, e1 := RawSyscall(SYS_SYSINFO, uintptr(unsafe.Pointer(info)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) { -+ r0, _, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0) -+ n = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Tgkill(tgid int, tid int, sig syscall.Signal) (err error) { -+ _, _, e1 := RawSyscall(SYS_TGKILL, uintptr(tgid), uintptr(tid), uintptr(sig)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Times(tms *Tms) (ticks uintptr, err error) { -+ r0, _, e1 := RawSyscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0) -+ ticks = uintptr(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Umask(mask int) (oldmask int) { -+ r0, _, _ := RawSyscall(SYS_UMASK, uintptr(mask), 0, 0) -+ oldmask = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Uname(buf *Utsname) (err error) { -+ _, _, e1 := RawSyscall(SYS_UNAME, uintptr(unsafe.Pointer(buf)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unmount(target string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(target) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_UMOUNT2, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Unshare(flags int) (err error) { -+ _, _, e1 := Syscall(SYS_UNSHARE, uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func write(fd int, p []byte) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func exitThread(code int) (err error) { -+ _, _, e1 := Syscall(SYS_EXIT, uintptr(code), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func readlen(fd int, p *byte, np int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func writelen(fd int, p *byte, np int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_WRITE, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(np)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func munmap(addr uintptr, length uintptr) (err error) { -+ _, _, e1 := Syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Madvise(b []byte, advice int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MADVISE, uintptr(_p0), uintptr(len(b)), uintptr(advice)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mprotect(b []byte, prot int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mlock(b []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MLOCK, uintptr(_p0), uintptr(len(b)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Mlockall(flags int) (err error) { -+ _, _, e1 := Syscall(SYS_MLOCKALL, uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Msync(b []byte, flags int) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Munlock(b []byte) (err error) { -+ var _p0 unsafe.Pointer -+ if len(b) > 0 { -+ _p0 = unsafe.Pointer(&b[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall(SYS_MUNLOCK, uintptr(_p0), uintptr(len(b)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Munlockall() (err error) { -+ _, _, e1 := Syscall(SYS_MUNLOCKALL, 0, 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func faccessat(dirfd int, path string, mode uint32) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(events) > 0 { -+ _p0 = unsafe.Pointer(&events[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_EPOLL_PWAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fadvise(fd int, offset int64, length int64, advice int) (err error) { -+ _, _, e1 := Syscall6(SYS_FADVISE64, uintptr(fd), uintptr(offset), uintptr(length), uintptr(advice), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fchown(fd int, uid int, gid int) (err error) { -+ _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstat(fd int, stat *Stat_t) (err error) { -+ _, _, e1 := Syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstatat(fd int, path string, stat *Stat_t, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_FSTATAT, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Fstatfs(fd int, buf *Statfs_t) (err error) { -+ _, _, e1 := Syscall(SYS_FSTATFS, uintptr(fd), uintptr(unsafe.Pointer(buf)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Ftruncate(fd int, length int64) (err error) { -+ _, _, e1 := Syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getegid() (egid int) { -+ r0, _, _ := RawSyscall(SYS_GETEGID, 0, 0, 0) -+ egid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Geteuid() (euid int) { -+ r0, _, _ := RawSyscall(SYS_GETEUID, 0, 0, 0) -+ euid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getgid() (gid int) { -+ r0, _, _ := RawSyscall(SYS_GETGID, 0, 0, 0) -+ gid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getrlimit(resource int, rlim *Rlimit) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Getuid() (uid int) { -+ r0, _, _ := RawSyscall(SYS_GETUID, 0, 0, 0) -+ uid = int(r0) -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Listen(s int, n int) (err error) { -+ _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pread(fd int, p []byte, offset int64) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Pwrite(fd int, p []byte, offset int64) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Seek(fd int, offset int64, whence int) (off int64, err error) { -+ r0, _, e1 := Syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence)) -+ off = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { -+ r0, _, e1 := Syscall6(SYS_SENDFILE, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0) -+ written = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setfsgid(gid int) (err error) { -+ _, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setfsuid(uid int) (err error) { -+ _, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setregid(rgid int, egid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setresgid(rgid int, egid int, sgid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setresuid(ruid int, euid int, suid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setrlimit(resource int, rlim *Rlimit) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Setreuid(ruid int, euid int) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Shutdown(fd int, how int) (err error) { -+ _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error) { -+ r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags)) -+ n = int64(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Statfs(path string, buf *Statfs_t) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_STATFS, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func SyncFileRange(fd int, off int64, n int64, flags int) (err error) { -+ _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE, uintptr(fd), uintptr(off), uintptr(n), uintptr(flags), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Truncate(path string, length int64) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(path) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall(SYS_TRUNCATE, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) { -+ r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) { -+ r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { -+ _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) { -+ _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getgroups(n int, list *_Gid_t) (nn int, err error) { -+ r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) -+ nn = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func setgroups(n int, list *_Gid_t) (err error) { -+ _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) { -+ _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) { -+ _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func socket(domain int, typ int, proto int) (fd int, err error) { -+ r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto)) -+ fd = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) { -+ _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen))) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) { -+ var _p0 unsafe.Pointer -+ if len(p) > 0 { -+ _p0 = unsafe.Pointer(&p[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen))) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) { -+ var _p0 unsafe.Pointer -+ if len(buf) > 0 { -+ _p0 = unsafe.Pointer(&buf[0]) -+ } else { -+ _p0 = unsafe.Pointer(&_zero) -+ } -+ _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen)) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { -+ r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags)) -+ n = int(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) { -+ r0, _, e1 := Syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(offset)) -+ xaddr = uintptr(r0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func Gettimeofday(tv *Timeval) (err error) { -+ _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func pipe2(p *[2]_C_int, flags int) (err error) { -+ _, _, e1 := RawSyscall(SYS_PIPE2, uintptr(unsafe.Pointer(p)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -+ -+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -+ -+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) { -+ var _p0 *byte -+ _p0, err = BytePtrFromString(cmdline) -+ if err != nil { -+ return -+ } -+ _, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) -+ if e1 != 0 { -+ err = errnoErr(e1) -+ } -+ return -+} -diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -new file mode 100644 -index 0000000..38868fe ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go -@@ -0,0 +1,289 @@ -+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+package unix -+ -+const ( -+ SYS_IO_SETUP = 0 -+ SYS_IO_DESTROY = 1 -+ SYS_IO_SUBMIT = 2 -+ SYS_IO_CANCEL = 3 -+ SYS_IO_GETEVENTS = 4 -+ SYS_SETXATTR = 5 -+ SYS_LSETXATTR = 6 -+ SYS_FSETXATTR = 7 -+ SYS_GETXATTR = 8 -+ SYS_LGETXATTR = 9 -+ SYS_FGETXATTR = 10 -+ SYS_LISTXATTR = 11 -+ SYS_LLISTXATTR = 12 -+ SYS_FLISTXATTR = 13 -+ SYS_REMOVEXATTR = 14 -+ SYS_LREMOVEXATTR = 15 -+ SYS_FREMOVEXATTR = 16 -+ SYS_GETCWD = 17 -+ SYS_LOOKUP_DCOOKIE = 18 -+ SYS_EVENTFD2 = 19 -+ SYS_EPOLL_CREATE1 = 20 -+ SYS_EPOLL_CTL = 21 -+ SYS_EPOLL_PWAIT = 22 -+ SYS_DUP = 23 -+ SYS_DUP3 = 24 -+ SYS_FCNTL = 25 -+ SYS_INOTIFY_INIT1 = 26 -+ SYS_INOTIFY_ADD_WATCH = 27 -+ SYS_INOTIFY_RM_WATCH = 28 -+ SYS_IOCTL = 29 -+ SYS_IOPRIO_SET = 30 -+ SYS_IOPRIO_GET = 31 -+ SYS_FLOCK = 32 -+ SYS_MKNODAT = 33 -+ SYS_MKDIRAT = 34 -+ SYS_UNLINKAT = 35 -+ SYS_SYMLINKAT = 36 -+ SYS_LINKAT = 37 -+ SYS_UMOUNT2 = 39 -+ SYS_MOUNT = 40 -+ SYS_PIVOT_ROOT = 41 -+ SYS_NFSSERVCTL = 42 -+ SYS_STATFS = 43 -+ SYS_FSTATFS = 44 -+ SYS_TRUNCATE = 45 -+ SYS_FTRUNCATE = 46 -+ SYS_FALLOCATE = 47 -+ SYS_FACCESSAT = 48 -+ SYS_CHDIR = 49 -+ SYS_FCHDIR = 50 -+ SYS_CHROOT = 51 -+ SYS_FCHMOD = 52 -+ SYS_FCHMODAT = 53 -+ SYS_FCHOWNAT = 54 -+ SYS_FCHOWN = 55 -+ SYS_OPENAT = 56 -+ SYS_CLOSE = 57 -+ SYS_VHANGUP = 58 -+ SYS_PIPE2 = 59 -+ SYS_QUOTACTL = 60 -+ SYS_GETDENTS64 = 61 -+ SYS_LSEEK = 62 -+ SYS_READ = 63 -+ SYS_WRITE = 64 -+ SYS_READV = 65 -+ SYS_WRITEV = 66 -+ SYS_PREAD64 = 67 -+ SYS_PWRITE64 = 68 -+ SYS_PREADV = 69 -+ SYS_PWRITEV = 70 -+ SYS_SENDFILE = 71 -+ SYS_PSELECT6 = 72 -+ SYS_PPOLL = 73 -+ SYS_SIGNALFD4 = 74 -+ SYS_VMSPLICE = 75 -+ SYS_SPLICE = 76 -+ SYS_TEE = 77 -+ SYS_READLINKAT = 78 -+ SYS_FSTATAT = 79 -+ SYS_FSTAT = 80 -+ SYS_SYNC = 81 -+ SYS_FSYNC = 82 -+ SYS_FDATASYNC = 83 -+ SYS_SYNC_FILE_RANGE = 84 -+ SYS_TIMERFD_CREATE = 85 -+ SYS_TIMERFD_SETTIME = 86 -+ SYS_TIMERFD_GETTIME = 87 -+ SYS_UTIMENSAT = 88 -+ SYS_ACCT = 89 -+ SYS_CAPGET = 90 -+ SYS_CAPSET = 91 -+ SYS_PERSONALITY = 92 -+ SYS_EXIT = 93 -+ SYS_EXIT_GROUP = 94 -+ SYS_WAITID = 95 -+ SYS_SET_TID_ADDRESS = 96 -+ SYS_UNSHARE = 97 -+ SYS_FUTEX = 98 -+ SYS_SET_ROBUST_LIST = 99 -+ SYS_GET_ROBUST_LIST = 100 -+ SYS_NANOSLEEP = 101 -+ SYS_GETITIMER = 102 -+ SYS_SETITIMER = 103 -+ SYS_KEXEC_LOAD = 104 -+ SYS_INIT_MODULE = 105 -+ SYS_DELETE_MODULE = 106 -+ SYS_TIMER_CREATE = 107 -+ SYS_TIMER_GETTIME = 108 -+ SYS_TIMER_GETOVERRUN = 109 -+ SYS_TIMER_SETTIME = 110 -+ SYS_TIMER_DELETE = 111 -+ SYS_CLOCK_SETTIME = 112 -+ SYS_CLOCK_GETTIME = 113 -+ SYS_CLOCK_GETRES = 114 -+ SYS_CLOCK_NANOSLEEP = 115 -+ SYS_SYSLOG = 116 -+ SYS_PTRACE = 117 -+ SYS_SCHED_SETPARAM = 118 -+ SYS_SCHED_SETSCHEDULER = 119 -+ SYS_SCHED_GETSCHEDULER = 120 -+ SYS_SCHED_GETPARAM = 121 -+ SYS_SCHED_SETAFFINITY = 122 -+ SYS_SCHED_GETAFFINITY = 123 -+ SYS_SCHED_YIELD = 124 -+ SYS_SCHED_GET_PRIORITY_MAX = 125 -+ SYS_SCHED_GET_PRIORITY_MIN = 126 -+ SYS_SCHED_RR_GET_INTERVAL = 127 -+ SYS_RESTART_SYSCALL = 128 -+ SYS_KILL = 129 -+ SYS_TKILL = 130 -+ SYS_TGKILL = 131 -+ SYS_SIGALTSTACK = 132 -+ SYS_RT_SIGSUSPEND = 133 -+ SYS_RT_SIGACTION = 134 -+ SYS_RT_SIGPROCMASK = 135 -+ SYS_RT_SIGPENDING = 136 -+ SYS_RT_SIGTIMEDWAIT = 137 -+ SYS_RT_SIGQUEUEINFO = 138 -+ SYS_RT_SIGRETURN = 139 -+ SYS_SETPRIORITY = 140 -+ SYS_GETPRIORITY = 141 -+ SYS_REBOOT = 142 -+ SYS_SETREGID = 143 -+ SYS_SETGID = 144 -+ SYS_SETREUID = 145 -+ SYS_SETUID = 146 -+ SYS_SETRESUID = 147 -+ SYS_GETRESUID = 148 -+ SYS_SETRESGID = 149 -+ SYS_GETRESGID = 150 -+ SYS_SETFSUID = 151 -+ SYS_SETFSGID = 152 -+ SYS_TIMES = 153 -+ SYS_SETPGID = 154 -+ SYS_GETPGID = 155 -+ SYS_GETSID = 156 -+ SYS_SETSID = 157 -+ SYS_GETGROUPS = 158 -+ SYS_SETGROUPS = 159 -+ SYS_UNAME = 160 -+ SYS_SETHOSTNAME = 161 -+ SYS_SETDOMAINNAME = 162 -+ SYS_GETRLIMIT = 163 -+ SYS_SETRLIMIT = 164 -+ SYS_GETRUSAGE = 165 -+ SYS_UMASK = 166 -+ SYS_PRCTL = 167 -+ SYS_GETCPU = 168 -+ SYS_GETTIMEOFDAY = 169 -+ SYS_SETTIMEOFDAY = 170 -+ SYS_ADJTIMEX = 171 -+ SYS_GETPID = 172 -+ SYS_GETPPID = 173 -+ SYS_GETUID = 174 -+ SYS_GETEUID = 175 -+ SYS_GETGID = 176 -+ SYS_GETEGID = 177 -+ SYS_GETTID = 178 -+ SYS_SYSINFO = 179 -+ SYS_MQ_OPEN = 180 -+ SYS_MQ_UNLINK = 181 -+ SYS_MQ_TIMEDSEND = 182 -+ SYS_MQ_TIMEDRECEIVE = 183 -+ SYS_MQ_NOTIFY = 184 -+ SYS_MQ_GETSETATTR = 185 -+ SYS_MSGGET = 186 -+ SYS_MSGCTL = 187 -+ SYS_MSGRCV = 188 -+ SYS_MSGSND = 189 -+ SYS_SEMGET = 190 -+ SYS_SEMCTL = 191 -+ SYS_SEMTIMEDOP = 192 -+ SYS_SEMOP = 193 -+ SYS_SHMGET = 194 -+ SYS_SHMCTL = 195 -+ SYS_SHMAT = 196 -+ SYS_SHMDT = 197 -+ SYS_SOCKET = 198 -+ SYS_SOCKETPAIR = 199 -+ SYS_BIND = 200 -+ SYS_LISTEN = 201 -+ SYS_ACCEPT = 202 -+ SYS_CONNECT = 203 -+ SYS_GETSOCKNAME = 204 -+ SYS_GETPEERNAME = 205 -+ SYS_SENDTO = 206 -+ SYS_RECVFROM = 207 -+ SYS_SETSOCKOPT = 208 -+ SYS_GETSOCKOPT = 209 -+ SYS_SHUTDOWN = 210 -+ SYS_SENDMSG = 211 -+ SYS_RECVMSG = 212 -+ SYS_READAHEAD = 213 -+ SYS_BRK = 214 -+ SYS_MUNMAP = 215 -+ SYS_MREMAP = 216 -+ SYS_ADD_KEY = 217 -+ SYS_REQUEST_KEY = 218 -+ SYS_KEYCTL = 219 -+ SYS_CLONE = 220 -+ SYS_EXECVE = 221 -+ SYS_MMAP = 222 -+ SYS_FADVISE64 = 223 -+ SYS_SWAPON = 224 -+ SYS_SWAPOFF = 225 -+ SYS_MPROTECT = 226 -+ SYS_MSYNC = 227 -+ SYS_MLOCK = 228 -+ SYS_MUNLOCK = 229 -+ SYS_MLOCKALL = 230 -+ SYS_MUNLOCKALL = 231 -+ SYS_MINCORE = 232 -+ SYS_MADVISE = 233 -+ SYS_REMAP_FILE_PAGES = 234 -+ SYS_MBIND = 235 -+ SYS_GET_MEMPOLICY = 236 -+ SYS_SET_MEMPOLICY = 237 -+ SYS_MIGRATE_PAGES = 238 -+ SYS_MOVE_PAGES = 239 -+ SYS_RT_TGSIGQUEUEINFO = 240 -+ SYS_PERF_EVENT_OPEN = 241 -+ SYS_ACCEPT4 = 242 -+ SYS_RECVMMSG = 243 -+ SYS_ARCH_SPECIFIC_SYSCALL = 244 -+ SYS_WAIT4 = 260 -+ SYS_PRLIMIT64 = 261 -+ SYS_FANOTIFY_INIT = 262 -+ SYS_FANOTIFY_MARK = 263 -+ SYS_NAME_TO_HANDLE_AT = 264 -+ SYS_OPEN_BY_HANDLE_AT = 265 -+ SYS_CLOCK_ADJTIME = 266 -+ SYS_SYNCFS = 267 -+ SYS_SETNS = 268 -+ SYS_SENDMMSG = 269 -+ SYS_PROCESS_VM_READV = 270 -+ SYS_PROCESS_VM_WRITEV = 271 -+ SYS_KCMP = 272 -+ SYS_FINIT_MODULE = 273 -+ SYS_SCHED_SETATTR = 274 -+ SYS_SCHED_GETATTR = 275 -+ SYS_RENAMEAT2 = 276 -+ SYS_SECCOMP = 277 -+ SYS_GETRANDOM = 278 -+ SYS_MEMFD_CREATE = 279 -+ SYS_BPF = 280 -+ SYS_EXECVEAT = 281 -+ SYS_USERFAULTFD = 282 -+ SYS_MEMBARRIER = 283 -+ SYS_MLOCK2 = 284 -+ SYS_COPY_FILE_RANGE = 285 -+ SYS_PREADV2 = 286 -+ SYS_PWRITEV2 = 287 -+ SYS_PKEY_MPROTECT = 288 -+ SYS_PKEY_ALLOC = 289 -+ SYS_PKEY_FREE = 290 -+ SYS_STATX = 291 -+ SYS_IO_PGETEVENTS = 292 -+ SYS_RSEQ = 293 -+ SYS_KEXEC_FILE_LOAD = 294 -+ SYS_FUTIMESAT = 295 -+) -diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -new file mode 100644 -index 0000000..c37e476 ---- /dev/null -+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go -@@ -0,0 +1,2334 @@ -+// cgo -godefs -- -Wall -Werror -static -I/tmp/include linux/types.go | go run mkpost.go -+// Code generated by the command above; see README.md. DO NOT EDIT. -+ -+// +build riscv64,linux -+ -+package unix -+ -+const ( -+ sizeofPtr = 0x8 -+ sizeofShort = 0x2 -+ sizeofInt = 0x4 -+ sizeofLong = 0x8 -+ sizeofLongLong = 0x8 -+ PathMax = 0x1000 -+) -+ -+type ( -+ _C_short int16 -+ _C_int int32 -+ _C_long int64 -+ _C_long_long int64 -+) -+ -+type Timespec struct { -+ Sec int64 -+ Nsec int64 -+} -+ -+type Timeval struct { -+ Sec int64 -+ Usec int64 -+} -+ -+type Timex struct { -+ Modes uint32 -+ Offset int64 -+ Freq int64 -+ Maxerror int64 -+ Esterror int64 -+ Status int32 -+ Constant int64 -+ Precision int64 -+ Tolerance int64 -+ Time Timeval -+ Tick int64 -+ Ppsfreq int64 -+ Jitter int64 -+ Shift int32 -+ Stabil int64 -+ Jitcnt int64 -+ Calcnt int64 -+ Errcnt int64 -+ Stbcnt int64 -+ Tai int32 -+ _ [44]byte -+} -+ -+type Time_t int64 -+ -+type Tms struct { -+ Utime int64 -+ Stime int64 -+ Cutime int64 -+ Cstime int64 -+} -+ -+type Utimbuf struct { -+ Actime int64 -+ Modtime int64 -+} -+ -+type Rusage struct { -+ Utime Timeval -+ Stime Timeval -+ Maxrss int64 -+ Ixrss int64 -+ Idrss int64 -+ Isrss int64 -+ Minflt int64 -+ Majflt int64 -+ Nswap int64 -+ Inblock int64 -+ Oublock int64 -+ Msgsnd int64 -+ Msgrcv int64 -+ Nsignals int64 -+ Nvcsw int64 -+ Nivcsw int64 -+} -+ -+type Rlimit struct { -+ Cur uint64 -+ Max uint64 -+} -+ -+type _Gid_t uint32 -+ -+type Stat_t struct { -+ Dev uint64 -+ Ino uint64 -+ Mode uint32 -+ Nlink uint32 -+ Uid uint32 -+ Gid uint32 -+ Rdev uint64 -+ _ uint64 -+ Size int64 -+ Blksize int32 -+ _ int32 -+ Blocks int64 -+ Atim Timespec -+ Mtim Timespec -+ Ctim Timespec -+ _ [2]int32 -+} -+ -+type StatxTimestamp struct { -+ Sec int64 -+ Nsec uint32 -+ _ int32 -+} -+ -+type Statx_t struct { -+ Mask uint32 -+ Blksize uint32 -+ Attributes uint64 -+ Nlink uint32 -+ Uid uint32 -+ Gid uint32 -+ Mode uint16 -+ _ [1]uint16 -+ Ino uint64 -+ Size uint64 -+ Blocks uint64 -+ Attributes_mask uint64 -+ Atime StatxTimestamp -+ Btime StatxTimestamp -+ Ctime StatxTimestamp -+ Mtime StatxTimestamp -+ Rdev_major uint32 -+ Rdev_minor uint32 -+ Dev_major uint32 -+ Dev_minor uint32 -+ _ [14]uint64 -+} -+ -+type Dirent struct { -+ Ino uint64 -+ Off int64 -+ Reclen uint16 -+ Type uint8 -+ Name [256]uint8 -+ _ [5]byte -+} -+ -+type Fsid struct { -+ Val [2]int32 -+} -+ -+type Flock_t struct { -+ Type int16 -+ Whence int16 -+ Start int64 -+ Len int64 -+ Pid int32 -+ _ [4]byte -+} -+ -+type FscryptPolicy struct { -+ Version uint8 -+ Contents_encryption_mode uint8 -+ Filenames_encryption_mode uint8 -+ Flags uint8 -+ Master_key_descriptor [8]uint8 -+} -+ -+type FscryptKey struct { -+ Mode uint32 -+ Raw [64]uint8 -+ Size uint32 -+} -+ -+type KeyctlDHParams struct { -+ Private int32 -+ Prime int32 -+ Base int32 -+} -+ -+const ( -+ FADV_NORMAL = 0x0 -+ FADV_RANDOM = 0x1 -+ FADV_SEQUENTIAL = 0x2 -+ FADV_WILLNEED = 0x3 -+ FADV_DONTNEED = 0x4 -+ FADV_NOREUSE = 0x5 -+) -+ -+type RawSockaddrInet4 struct { -+ Family uint16 -+ Port uint16 -+ Addr [4]byte /* in_addr */ -+ Zero [8]uint8 -+} -+ -+type RawSockaddrInet6 struct { -+ Family uint16 -+ Port uint16 -+ Flowinfo uint32 -+ Addr [16]byte /* in6_addr */ -+ Scope_id uint32 -+} -+ -+type RawSockaddrUnix struct { -+ Family uint16 -+ Path [108]int8 -+} -+ -+type RawSockaddrLinklayer struct { -+ Family uint16 -+ Protocol uint16 -+ Ifindex int32 -+ Hatype uint16 -+ Pkttype uint8 -+ Halen uint8 -+ Addr [8]uint8 -+} -+ -+type RawSockaddrNetlink struct { -+ Family uint16 -+ Pad uint16 -+ Pid uint32 -+ Groups uint32 -+} -+ -+type RawSockaddrHCI struct { -+ Family uint16 -+ Dev uint16 -+ Channel uint16 -+} -+ -+type RawSockaddrL2 struct { -+ Family uint16 -+ Psm uint16 -+ Bdaddr [6]uint8 -+ Cid uint16 -+ Bdaddr_type uint8 -+ _ [1]byte -+} -+ -+type RawSockaddrRFCOMM struct { -+ Family uint16 -+ Bdaddr [6]uint8 -+ Channel uint8 -+ _ [1]byte -+} -+ -+type RawSockaddrCAN struct { -+ Family uint16 -+ Ifindex int32 -+ Addr [8]byte -+} -+ -+type RawSockaddrALG struct { -+ Family uint16 -+ Type [14]uint8 -+ Feat uint32 -+ Mask uint32 -+ Name [64]uint8 -+} -+ -+type RawSockaddrVM struct { -+ Family uint16 -+ Reserved1 uint16 -+ Port uint32 -+ Cid uint32 -+ Zero [4]uint8 -+} -+ -+type RawSockaddrXDP struct { -+ Family uint16 -+ Flags uint16 -+ Ifindex uint32 -+ Queue_id uint32 -+ Shared_umem_fd uint32 -+} -+ -+type RawSockaddrPPPoX [0x1e]byte -+ -+type RawSockaddr struct { -+ Family uint16 -+ Data [14]uint8 -+} -+ -+type RawSockaddrAny struct { -+ Addr RawSockaddr -+ Pad [96]uint8 -+} -+ -+type _Socklen uint32 -+ -+type Linger struct { -+ Onoff int32 -+ Linger int32 -+} -+ -+type Iovec struct { -+ Base *byte -+ Len uint64 -+} -+ -+type IPMreq struct { -+ Multiaddr [4]byte /* in_addr */ -+ Interface [4]byte /* in_addr */ -+} -+ -+type IPMreqn struct { -+ Multiaddr [4]byte /* in_addr */ -+ Address [4]byte /* in_addr */ -+ Ifindex int32 -+} -+ -+type IPv6Mreq struct { -+ Multiaddr [16]byte /* in6_addr */ -+ Interface uint32 -+} -+ -+type PacketMreq struct { -+ Ifindex int32 -+ Type uint16 -+ Alen uint16 -+ Address [8]uint8 -+} -+ -+type Msghdr struct { -+ Name *byte -+ Namelen uint32 -+ Iov *Iovec -+ Iovlen uint64 -+ Control *byte -+ Controllen uint64 -+ Flags int32 -+ _ [4]byte -+} -+ -+type Cmsghdr struct { -+ Len uint64 -+ Level int32 -+ Type int32 -+} -+ -+type Inet4Pktinfo struct { -+ Ifindex int32 -+ Spec_dst [4]byte /* in_addr */ -+ Addr [4]byte /* in_addr */ -+} -+ -+type Inet6Pktinfo struct { -+ Addr [16]byte /* in6_addr */ -+ Ifindex uint32 -+} -+ -+type IPv6MTUInfo struct { -+ Addr RawSockaddrInet6 -+ Mtu uint32 -+} -+ -+type ICMPv6Filter struct { -+ Data [8]uint32 -+} -+ -+type Ucred struct { -+ Pid int32 -+ Uid uint32 -+ Gid uint32 -+} -+ -+type TCPInfo struct { -+ State uint8 -+ Ca_state uint8 -+ Retransmits uint8 -+ Probes uint8 -+ Backoff uint8 -+ Options uint8 -+ Rto uint32 -+ Ato uint32 -+ Snd_mss uint32 -+ Rcv_mss uint32 -+ Unacked uint32 -+ Sacked uint32 -+ Lost uint32 -+ Retrans uint32 -+ Fackets uint32 -+ Last_data_sent uint32 -+ Last_ack_sent uint32 -+ Last_data_recv uint32 -+ Last_ack_recv uint32 -+ Pmtu uint32 -+ Rcv_ssthresh uint32 -+ Rtt uint32 -+ Rttvar uint32 -+ Snd_ssthresh uint32 -+ Snd_cwnd uint32 -+ Advmss uint32 -+ Reordering uint32 -+ Rcv_rtt uint32 -+ Rcv_space uint32 -+ Total_retrans uint32 -+} -+ -+type CanFilter struct { -+ Id uint32 -+ Mask uint32 -+} -+ -+const ( -+ SizeofSockaddrInet4 = 0x10 -+ SizeofSockaddrInet6 = 0x1c -+ SizeofSockaddrAny = 0x70 -+ SizeofSockaddrUnix = 0x6e -+ SizeofSockaddrLinklayer = 0x14 -+ SizeofSockaddrNetlink = 0xc -+ SizeofSockaddrHCI = 0x6 -+ SizeofSockaddrL2 = 0xe -+ SizeofSockaddrRFCOMM = 0xa -+ SizeofSockaddrCAN = 0x10 -+ SizeofSockaddrALG = 0x58 -+ SizeofSockaddrVM = 0x10 -+ SizeofSockaddrXDP = 0x10 -+ SizeofSockaddrPPPoX = 0x1e -+ SizeofLinger = 0x8 -+ SizeofIovec = 0x10 -+ SizeofIPMreq = 0x8 -+ SizeofIPMreqn = 0xc -+ SizeofIPv6Mreq = 0x14 -+ SizeofPacketMreq = 0x10 -+ SizeofMsghdr = 0x38 -+ SizeofCmsghdr = 0x10 -+ SizeofInet4Pktinfo = 0xc -+ SizeofInet6Pktinfo = 0x14 -+ SizeofIPv6MTUInfo = 0x20 -+ SizeofICMPv6Filter = 0x20 -+ SizeofUcred = 0xc -+ SizeofTCPInfo = 0x68 -+ SizeofCanFilter = 0x8 -+) -+ -+const ( -+ NDA_UNSPEC = 0x0 -+ NDA_DST = 0x1 -+ NDA_LLADDR = 0x2 -+ NDA_CACHEINFO = 0x3 -+ NDA_PROBES = 0x4 -+ NDA_VLAN = 0x5 -+ NDA_PORT = 0x6 -+ NDA_VNI = 0x7 -+ NDA_IFINDEX = 0x8 -+ NDA_MASTER = 0x9 -+ NDA_LINK_NETNSID = 0xa -+ NDA_SRC_VNI = 0xb -+ NTF_USE = 0x1 -+ NTF_SELF = 0x2 -+ NTF_MASTER = 0x4 -+ NTF_PROXY = 0x8 -+ NTF_EXT_LEARNED = 0x10 -+ NTF_OFFLOADED = 0x20 -+ NTF_ROUTER = 0x80 -+ NUD_INCOMPLETE = 0x1 -+ NUD_REACHABLE = 0x2 -+ NUD_STALE = 0x4 -+ NUD_DELAY = 0x8 -+ NUD_PROBE = 0x10 -+ NUD_FAILED = 0x20 -+ NUD_NOARP = 0x40 -+ NUD_PERMANENT = 0x80 -+ NUD_NONE = 0x0 -+ IFA_UNSPEC = 0x0 -+ IFA_ADDRESS = 0x1 -+ IFA_LOCAL = 0x2 -+ IFA_LABEL = 0x3 -+ IFA_BROADCAST = 0x4 -+ IFA_ANYCAST = 0x5 -+ IFA_CACHEINFO = 0x6 -+ IFA_MULTICAST = 0x7 -+ IFA_FLAGS = 0x8 -+ IFA_RT_PRIORITY = 0x9 -+ IFA_TARGET_NETNSID = 0xa -+ IFLA_UNSPEC = 0x0 -+ IFLA_ADDRESS = 0x1 -+ IFLA_BROADCAST = 0x2 -+ IFLA_IFNAME = 0x3 -+ IFLA_MTU = 0x4 -+ IFLA_LINK = 0x5 -+ IFLA_QDISC = 0x6 -+ IFLA_STATS = 0x7 -+ IFLA_COST = 0x8 -+ IFLA_PRIORITY = 0x9 -+ IFLA_MASTER = 0xa -+ IFLA_WIRELESS = 0xb -+ IFLA_PROTINFO = 0xc -+ IFLA_TXQLEN = 0xd -+ IFLA_MAP = 0xe -+ IFLA_WEIGHT = 0xf -+ IFLA_OPERSTATE = 0x10 -+ IFLA_LINKMODE = 0x11 -+ IFLA_LINKINFO = 0x12 -+ IFLA_NET_NS_PID = 0x13 -+ IFLA_IFALIAS = 0x14 -+ IFLA_NUM_VF = 0x15 -+ IFLA_VFINFO_LIST = 0x16 -+ IFLA_STATS64 = 0x17 -+ IFLA_VF_PORTS = 0x18 -+ IFLA_PORT_SELF = 0x19 -+ IFLA_AF_SPEC = 0x1a -+ IFLA_GROUP = 0x1b -+ IFLA_NET_NS_FD = 0x1c -+ IFLA_EXT_MASK = 0x1d -+ IFLA_PROMISCUITY = 0x1e -+ IFLA_NUM_TX_QUEUES = 0x1f -+ IFLA_NUM_RX_QUEUES = 0x20 -+ IFLA_CARRIER = 0x21 -+ IFLA_PHYS_PORT_ID = 0x22 -+ IFLA_CARRIER_CHANGES = 0x23 -+ IFLA_PHYS_SWITCH_ID = 0x24 -+ IFLA_LINK_NETNSID = 0x25 -+ IFLA_PHYS_PORT_NAME = 0x26 -+ IFLA_PROTO_DOWN = 0x27 -+ IFLA_GSO_MAX_SEGS = 0x28 -+ IFLA_GSO_MAX_SIZE = 0x29 -+ IFLA_PAD = 0x2a -+ IFLA_XDP = 0x2b -+ IFLA_EVENT = 0x2c -+ IFLA_NEW_NETNSID = 0x2d -+ IFLA_IF_NETNSID = 0x2e -+ IFLA_TARGET_NETNSID = 0x2e -+ IFLA_CARRIER_UP_COUNT = 0x2f -+ IFLA_CARRIER_DOWN_COUNT = 0x30 -+ IFLA_NEW_IFINDEX = 0x31 -+ IFLA_MIN_MTU = 0x32 -+ IFLA_MAX_MTU = 0x33 -+ IFLA_MAX = 0x33 -+ IFLA_INFO_KIND = 0x1 -+ IFLA_INFO_DATA = 0x2 -+ IFLA_INFO_XSTATS = 0x3 -+ IFLA_INFO_SLAVE_KIND = 0x4 -+ IFLA_INFO_SLAVE_DATA = 0x5 -+ RT_SCOPE_UNIVERSE = 0x0 -+ RT_SCOPE_SITE = 0xc8 -+ RT_SCOPE_LINK = 0xfd -+ RT_SCOPE_HOST = 0xfe -+ RT_SCOPE_NOWHERE = 0xff -+ RT_TABLE_UNSPEC = 0x0 -+ RT_TABLE_COMPAT = 0xfc -+ RT_TABLE_DEFAULT = 0xfd -+ RT_TABLE_MAIN = 0xfe -+ RT_TABLE_LOCAL = 0xff -+ RT_TABLE_MAX = 0xffffffff -+ RTA_UNSPEC = 0x0 -+ RTA_DST = 0x1 -+ RTA_SRC = 0x2 -+ RTA_IIF = 0x3 -+ RTA_OIF = 0x4 -+ RTA_GATEWAY = 0x5 -+ RTA_PRIORITY = 0x6 -+ RTA_PREFSRC = 0x7 -+ RTA_METRICS = 0x8 -+ RTA_MULTIPATH = 0x9 -+ RTA_FLOW = 0xb -+ RTA_CACHEINFO = 0xc -+ RTA_TABLE = 0xf -+ RTA_MARK = 0x10 -+ RTA_MFC_STATS = 0x11 -+ RTA_VIA = 0x12 -+ RTA_NEWDST = 0x13 -+ RTA_PREF = 0x14 -+ RTA_ENCAP_TYPE = 0x15 -+ RTA_ENCAP = 0x16 -+ RTA_EXPIRES = 0x17 -+ RTA_PAD = 0x18 -+ RTA_UID = 0x19 -+ RTA_TTL_PROPAGATE = 0x1a -+ RTA_IP_PROTO = 0x1b -+ RTA_SPORT = 0x1c -+ RTA_DPORT = 0x1d -+ RTN_UNSPEC = 0x0 -+ RTN_UNICAST = 0x1 -+ RTN_LOCAL = 0x2 -+ RTN_BROADCAST = 0x3 -+ RTN_ANYCAST = 0x4 -+ RTN_MULTICAST = 0x5 -+ RTN_BLACKHOLE = 0x6 -+ RTN_UNREACHABLE = 0x7 -+ RTN_PROHIBIT = 0x8 -+ RTN_THROW = 0x9 -+ RTN_NAT = 0xa -+ RTN_XRESOLVE = 0xb -+ RTNLGRP_NONE = 0x0 -+ RTNLGRP_LINK = 0x1 -+ RTNLGRP_NOTIFY = 0x2 -+ RTNLGRP_NEIGH = 0x3 -+ RTNLGRP_TC = 0x4 -+ RTNLGRP_IPV4_IFADDR = 0x5 -+ RTNLGRP_IPV4_MROUTE = 0x6 -+ RTNLGRP_IPV4_ROUTE = 0x7 -+ RTNLGRP_IPV4_RULE = 0x8 -+ RTNLGRP_IPV6_IFADDR = 0x9 -+ RTNLGRP_IPV6_MROUTE = 0xa -+ RTNLGRP_IPV6_ROUTE = 0xb -+ RTNLGRP_IPV6_IFINFO = 0xc -+ RTNLGRP_IPV6_PREFIX = 0x12 -+ RTNLGRP_IPV6_RULE = 0x13 -+ RTNLGRP_ND_USEROPT = 0x14 -+ SizeofNlMsghdr = 0x10 -+ SizeofNlMsgerr = 0x14 -+ SizeofRtGenmsg = 0x1 -+ SizeofNlAttr = 0x4 -+ SizeofRtAttr = 0x4 -+ SizeofIfInfomsg = 0x10 -+ SizeofIfAddrmsg = 0x8 -+ SizeofRtMsg = 0xc -+ SizeofRtNexthop = 0x8 -+ SizeofNdUseroptmsg = 0x10 -+ SizeofNdMsg = 0xc -+) -+ -+type NlMsghdr struct { -+ Len uint32 -+ Type uint16 -+ Flags uint16 -+ Seq uint32 -+ Pid uint32 -+} -+ -+type NlMsgerr struct { -+ Error int32 -+ Msg NlMsghdr -+} -+ -+type RtGenmsg struct { -+ Family uint8 -+} -+ -+type NlAttr struct { -+ Len uint16 -+ Type uint16 -+} -+ -+type RtAttr struct { -+ Len uint16 -+ Type uint16 -+} -+ -+type IfInfomsg struct { -+ Family uint8 -+ _ uint8 -+ Type uint16 -+ Index int32 -+ Flags uint32 -+ Change uint32 -+} -+ -+type IfAddrmsg struct { -+ Family uint8 -+ Prefixlen uint8 -+ Flags uint8 -+ Scope uint8 -+ Index uint32 -+} -+ -+type RtMsg struct { -+ Family uint8 -+ Dst_len uint8 -+ Src_len uint8 -+ Tos uint8 -+ Table uint8 -+ Protocol uint8 -+ Scope uint8 -+ Type uint8 -+ Flags uint32 -+} -+ -+type RtNexthop struct { -+ Len uint16 -+ Flags uint8 -+ Hops uint8 -+ Ifindex int32 -+} -+ -+type NdUseroptmsg struct { -+ Family uint8 -+ Pad1 uint8 -+ Opts_len uint16 -+ Ifindex int32 -+ Icmp_type uint8 -+ Icmp_code uint8 -+ Pad2 uint16 -+ Pad3 uint32 -+} -+ -+type NdMsg struct { -+ Family uint8 -+ Pad1 uint8 -+ Pad2 uint16 -+ Ifindex int32 -+ State uint16 -+ Flags uint8 -+ Type uint8 -+} -+ -+const ( -+ SizeofSockFilter = 0x8 -+ SizeofSockFprog = 0x10 -+) -+ -+type SockFilter struct { -+ Code uint16 -+ Jt uint8 -+ Jf uint8 -+ K uint32 -+} -+ -+type SockFprog struct { -+ Len uint16 -+ Filter *SockFilter -+} -+ -+type InotifyEvent struct { -+ Wd int32 -+ Mask uint32 -+ Cookie uint32 -+ Len uint32 -+} -+ -+const SizeofInotifyEvent = 0x10 -+ -+type PtraceRegs struct { -+ Pc uint64 -+ Ra uint64 -+ Sp uint64 -+ Gp uint64 -+ Tp uint64 -+ T0 uint64 -+ T1 uint64 -+ T2 uint64 -+ S0 uint64 -+ S1 uint64 -+ A0 uint64 -+ A1 uint64 -+ A2 uint64 -+ A3 uint64 -+ A4 uint64 -+ A5 uint64 -+ A6 uint64 -+ A7 uint64 -+ S2 uint64 -+ S3 uint64 -+ S4 uint64 -+ S5 uint64 -+ S6 uint64 -+ S7 uint64 -+ S8 uint64 -+ S9 uint64 -+ S10 uint64 -+ S11 uint64 -+ T3 uint64 -+ T4 uint64 -+ T5 uint64 -+ T6 uint64 -+} -+ -+type FdSet struct { -+ Bits [16]int64 -+} -+ -+type Sysinfo_t struct { -+ Uptime int64 -+ Loads [3]uint64 -+ Totalram uint64 -+ Freeram uint64 -+ Sharedram uint64 -+ Bufferram uint64 -+ Totalswap uint64 -+ Freeswap uint64 -+ Procs uint16 -+ Pad uint16 -+ Totalhigh uint64 -+ Freehigh uint64 -+ Unit uint32 -+ _ [0]uint8 -+ _ [4]byte -+} -+ -+type Utsname struct { -+ Sysname [65]byte -+ Nodename [65]byte -+ Release [65]byte -+ Version [65]byte -+ Machine [65]byte -+ Domainname [65]byte -+} -+ -+type Ustat_t struct { -+ Tfree int32 -+ Tinode uint64 -+ Fname [6]uint8 -+ Fpack [6]uint8 -+ _ [4]byte -+} -+ -+type EpollEvent struct { -+ Events uint32 -+ Fd int32 -+ Pad int32 -+} -+ -+const ( -+ AT_EMPTY_PATH = 0x1000 -+ AT_FDCWD = -0x64 -+ AT_NO_AUTOMOUNT = 0x800 -+ AT_REMOVEDIR = 0x200 -+ -+ AT_STATX_SYNC_AS_STAT = 0x0 -+ AT_STATX_FORCE_SYNC = 0x2000 -+ AT_STATX_DONT_SYNC = 0x4000 -+ -+ AT_SYMLINK_FOLLOW = 0x400 -+ AT_SYMLINK_NOFOLLOW = 0x100 -+ -+ AT_EACCESS = 0x200 -+) -+ -+type PollFd struct { -+ Fd int32 -+ Events int16 -+ Revents int16 -+} -+ -+const ( -+ POLLIN = 0x1 -+ POLLPRI = 0x2 -+ POLLOUT = 0x4 -+ POLLRDHUP = 0x2000 -+ POLLERR = 0x8 -+ POLLHUP = 0x10 -+ POLLNVAL = 0x20 -+) -+ -+type Sigset_t struct { -+ Val [16]uint64 -+} -+ -+type SignalfdSiginfo struct { -+ Signo uint32 -+ Errno int32 -+ Code int32 -+ Pid uint32 -+ Uid uint32 -+ Fd int32 -+ Tid uint32 -+ Band uint32 -+ Overrun uint32 -+ Trapno uint32 -+ Status int32 -+ Int int32 -+ Ptr uint64 -+ Utime uint64 -+ Stime uint64 -+ Addr uint64 -+ Addr_lsb uint16 -+ _ uint16 -+ Syscall int32 -+ Call_addr uint64 -+ Arch uint32 -+ _ [28]uint8 -+} -+ -+const PERF_IOC_FLAG_GROUP = 0x1 -+ -+type Termios struct { -+ Iflag uint32 -+ Oflag uint32 -+ Cflag uint32 -+ Lflag uint32 -+ Line uint8 -+ Cc [19]uint8 -+ Ispeed uint32 -+ Ospeed uint32 -+} -+ -+type Winsize struct { -+ Row uint16 -+ Col uint16 -+ Xpixel uint16 -+ Ypixel uint16 -+} -+ -+type Taskstats struct { -+ Version uint16 -+ Ac_exitcode uint32 -+ Ac_flag uint8 -+ Ac_nice uint8 -+ Cpu_count uint64 -+ Cpu_delay_total uint64 -+ Blkio_count uint64 -+ Blkio_delay_total uint64 -+ Swapin_count uint64 -+ Swapin_delay_total uint64 -+ Cpu_run_real_total uint64 -+ Cpu_run_virtual_total uint64 -+ Ac_comm [32]uint8 -+ Ac_sched uint8 -+ Ac_pad [3]uint8 -+ _ [4]byte -+ Ac_uid uint32 -+ Ac_gid uint32 -+ Ac_pid uint32 -+ Ac_ppid uint32 -+ Ac_btime uint32 -+ Ac_etime uint64 -+ Ac_utime uint64 -+ Ac_stime uint64 -+ Ac_minflt uint64 -+ Ac_majflt uint64 -+ Coremem uint64 -+ Virtmem uint64 -+ Hiwater_rss uint64 -+ Hiwater_vm uint64 -+ Read_char uint64 -+ Write_char uint64 -+ Read_syscalls uint64 -+ Write_syscalls uint64 -+ Read_bytes uint64 -+ Write_bytes uint64 -+ Cancelled_write_bytes uint64 -+ Nvcsw uint64 -+ Nivcsw uint64 -+ Ac_utimescaled uint64 -+ Ac_stimescaled uint64 -+ Cpu_scaled_run_real_total uint64 -+ Freepages_count uint64 -+ Freepages_delay_total uint64 -+ Thrashing_count uint64 -+ Thrashing_delay_total uint64 -+} -+ -+const ( -+ TASKSTATS_CMD_UNSPEC = 0x0 -+ TASKSTATS_CMD_GET = 0x1 -+ TASKSTATS_CMD_NEW = 0x2 -+ TASKSTATS_TYPE_UNSPEC = 0x0 -+ TASKSTATS_TYPE_PID = 0x1 -+ TASKSTATS_TYPE_TGID = 0x2 -+ TASKSTATS_TYPE_STATS = 0x3 -+ TASKSTATS_TYPE_AGGR_PID = 0x4 -+ TASKSTATS_TYPE_AGGR_TGID = 0x5 -+ TASKSTATS_TYPE_NULL = 0x6 -+ TASKSTATS_CMD_ATTR_UNSPEC = 0x0 -+ TASKSTATS_CMD_ATTR_PID = 0x1 -+ TASKSTATS_CMD_ATTR_TGID = 0x2 -+ TASKSTATS_CMD_ATTR_REGISTER_CPUMASK = 0x3 -+ TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK = 0x4 -+) -+ -+type CGroupStats struct { -+ Sleeping uint64 -+ Running uint64 -+ Stopped uint64 -+ Uninterruptible uint64 -+ Io_wait uint64 -+} -+ -+const ( -+ CGROUPSTATS_CMD_UNSPEC = 0x3 -+ CGROUPSTATS_CMD_GET = 0x4 -+ CGROUPSTATS_CMD_NEW = 0x5 -+ CGROUPSTATS_TYPE_UNSPEC = 0x0 -+ CGROUPSTATS_TYPE_CGROUP_STATS = 0x1 -+ CGROUPSTATS_CMD_ATTR_UNSPEC = 0x0 -+ CGROUPSTATS_CMD_ATTR_FD = 0x1 -+) -+ -+type Genlmsghdr struct { -+ Cmd uint8 -+ Version uint8 -+ Reserved uint16 -+} -+ -+const ( -+ CTRL_CMD_UNSPEC = 0x0 -+ CTRL_CMD_NEWFAMILY = 0x1 -+ CTRL_CMD_DELFAMILY = 0x2 -+ CTRL_CMD_GETFAMILY = 0x3 -+ CTRL_CMD_NEWOPS = 0x4 -+ CTRL_CMD_DELOPS = 0x5 -+ CTRL_CMD_GETOPS = 0x6 -+ CTRL_CMD_NEWMCAST_GRP = 0x7 -+ CTRL_CMD_DELMCAST_GRP = 0x8 -+ CTRL_CMD_GETMCAST_GRP = 0x9 -+ CTRL_ATTR_UNSPEC = 0x0 -+ CTRL_ATTR_FAMILY_ID = 0x1 -+ CTRL_ATTR_FAMILY_NAME = 0x2 -+ CTRL_ATTR_VERSION = 0x3 -+ CTRL_ATTR_HDRSIZE = 0x4 -+ CTRL_ATTR_MAXATTR = 0x5 -+ CTRL_ATTR_OPS = 0x6 -+ CTRL_ATTR_MCAST_GROUPS = 0x7 -+ CTRL_ATTR_OP_UNSPEC = 0x0 -+ CTRL_ATTR_OP_ID = 0x1 -+ CTRL_ATTR_OP_FLAGS = 0x2 -+ CTRL_ATTR_MCAST_GRP_UNSPEC = 0x0 -+ CTRL_ATTR_MCAST_GRP_NAME = 0x1 -+ CTRL_ATTR_MCAST_GRP_ID = 0x2 -+) -+ -+type cpuMask uint64 -+ -+const ( -+ _CPU_SETSIZE = 0x400 -+ _NCPUBITS = 0x40 -+) -+ -+const ( -+ BDADDR_BREDR = 0x0 -+ BDADDR_LE_PUBLIC = 0x1 -+ BDADDR_LE_RANDOM = 0x2 -+) -+ -+type PerfEventAttr struct { -+ Type uint32 -+ Size uint32 -+ Config uint64 -+ Sample uint64 -+ Sample_type uint64 -+ Read_format uint64 -+ Bits uint64 -+ Wakeup uint32 -+ Bp_type uint32 -+ Ext1 uint64 -+ Ext2 uint64 -+ Branch_sample_type uint64 -+ Sample_regs_user uint64 -+ Sample_stack_user uint32 -+ Clockid int32 -+ Sample_regs_intr uint64 -+ Aux_watermark uint32 -+ Sample_max_stack uint16 -+ _ uint16 -+} -+ -+type PerfEventMmapPage struct { -+ Version uint32 -+ Compat_version uint32 -+ Lock uint32 -+ Index uint32 -+ Offset int64 -+ Time_enabled uint64 -+ Time_running uint64 -+ Capabilities uint64 -+ Pmc_width uint16 -+ Time_shift uint16 -+ Time_mult uint32 -+ Time_offset uint64 -+ Time_zero uint64 -+ Size uint32 -+ _ [948]uint8 -+ Data_head uint64 -+ Data_tail uint64 -+ Data_offset uint64 -+ Data_size uint64 -+ Aux_head uint64 -+ Aux_tail uint64 -+ Aux_offset uint64 -+ Aux_size uint64 -+} -+ -+const ( -+ PerfBitDisabled uint64 = CBitFieldMaskBit0 -+ PerfBitInherit = CBitFieldMaskBit1 -+ PerfBitPinned = CBitFieldMaskBit2 -+ PerfBitExclusive = CBitFieldMaskBit3 -+ PerfBitExcludeUser = CBitFieldMaskBit4 -+ PerfBitExcludeKernel = CBitFieldMaskBit5 -+ PerfBitExcludeHv = CBitFieldMaskBit6 -+ PerfBitExcludeIdle = CBitFieldMaskBit7 -+ PerfBitMmap = CBitFieldMaskBit8 -+ PerfBitComm = CBitFieldMaskBit9 -+ PerfBitFreq = CBitFieldMaskBit10 -+ PerfBitInheritStat = CBitFieldMaskBit11 -+ PerfBitEnableOnExec = CBitFieldMaskBit12 -+ PerfBitTask = CBitFieldMaskBit13 -+ PerfBitWatermark = CBitFieldMaskBit14 -+ PerfBitPreciseIPBit1 = CBitFieldMaskBit15 -+ PerfBitPreciseIPBit2 = CBitFieldMaskBit16 -+ PerfBitMmapData = CBitFieldMaskBit17 -+ PerfBitSampleIDAll = CBitFieldMaskBit18 -+ PerfBitExcludeHost = CBitFieldMaskBit19 -+ PerfBitExcludeGuest = CBitFieldMaskBit20 -+ PerfBitExcludeCallchainKernel = CBitFieldMaskBit21 -+ PerfBitExcludeCallchainUser = CBitFieldMaskBit22 -+ PerfBitMmap2 = CBitFieldMaskBit23 -+ PerfBitCommExec = CBitFieldMaskBit24 -+ PerfBitUseClockID = CBitFieldMaskBit25 -+ PerfBitContextSwitch = CBitFieldMaskBit26 -+) -+ -+const ( -+ PERF_TYPE_HARDWARE = 0x0 -+ PERF_TYPE_SOFTWARE = 0x1 -+ PERF_TYPE_TRACEPOINT = 0x2 -+ PERF_TYPE_HW_CACHE = 0x3 -+ PERF_TYPE_RAW = 0x4 -+ PERF_TYPE_BREAKPOINT = 0x5 -+ -+ PERF_COUNT_HW_CPU_CYCLES = 0x0 -+ PERF_COUNT_HW_INSTRUCTIONS = 0x1 -+ PERF_COUNT_HW_CACHE_REFERENCES = 0x2 -+ PERF_COUNT_HW_CACHE_MISSES = 0x3 -+ PERF_COUNT_HW_BRANCH_INSTRUCTIONS = 0x4 -+ PERF_COUNT_HW_BRANCH_MISSES = 0x5 -+ PERF_COUNT_HW_BUS_CYCLES = 0x6 -+ PERF_COUNT_HW_STALLED_CYCLES_FRONTEND = 0x7 -+ PERF_COUNT_HW_STALLED_CYCLES_BACKEND = 0x8 -+ PERF_COUNT_HW_REF_CPU_CYCLES = 0x9 -+ -+ PERF_COUNT_HW_CACHE_L1D = 0x0 -+ PERF_COUNT_HW_CACHE_L1I = 0x1 -+ PERF_COUNT_HW_CACHE_LL = 0x2 -+ PERF_COUNT_HW_CACHE_DTLB = 0x3 -+ PERF_COUNT_HW_CACHE_ITLB = 0x4 -+ PERF_COUNT_HW_CACHE_BPU = 0x5 -+ PERF_COUNT_HW_CACHE_NODE = 0x6 -+ -+ PERF_COUNT_HW_CACHE_OP_READ = 0x0 -+ PERF_COUNT_HW_CACHE_OP_WRITE = 0x1 -+ PERF_COUNT_HW_CACHE_OP_PREFETCH = 0x2 -+ -+ PERF_COUNT_HW_CACHE_RESULT_ACCESS = 0x0 -+ PERF_COUNT_HW_CACHE_RESULT_MISS = 0x1 -+ -+ PERF_COUNT_SW_CPU_CLOCK = 0x0 -+ PERF_COUNT_SW_TASK_CLOCK = 0x1 -+ PERF_COUNT_SW_PAGE_FAULTS = 0x2 -+ PERF_COUNT_SW_CONTEXT_SWITCHES = 0x3 -+ PERF_COUNT_SW_CPU_MIGRATIONS = 0x4 -+ PERF_COUNT_SW_PAGE_FAULTS_MIN = 0x5 -+ PERF_COUNT_SW_PAGE_FAULTS_MAJ = 0x6 -+ PERF_COUNT_SW_ALIGNMENT_FAULTS = 0x7 -+ PERF_COUNT_SW_EMULATION_FAULTS = 0x8 -+ PERF_COUNT_SW_DUMMY = 0x9 -+ PERF_COUNT_SW_BPF_OUTPUT = 0xa -+ -+ PERF_SAMPLE_IP = 0x1 -+ PERF_SAMPLE_TID = 0x2 -+ PERF_SAMPLE_TIME = 0x4 -+ PERF_SAMPLE_ADDR = 0x8 -+ PERF_SAMPLE_READ = 0x10 -+ PERF_SAMPLE_CALLCHAIN = 0x20 -+ PERF_SAMPLE_ID = 0x40 -+ PERF_SAMPLE_CPU = 0x80 -+ PERF_SAMPLE_PERIOD = 0x100 -+ PERF_SAMPLE_STREAM_ID = 0x200 -+ PERF_SAMPLE_RAW = 0x400 -+ PERF_SAMPLE_BRANCH_STACK = 0x800 -+ -+ PERF_SAMPLE_BRANCH_USER = 0x1 -+ PERF_SAMPLE_BRANCH_KERNEL = 0x2 -+ PERF_SAMPLE_BRANCH_HV = 0x4 -+ PERF_SAMPLE_BRANCH_ANY = 0x8 -+ PERF_SAMPLE_BRANCH_ANY_CALL = 0x10 -+ PERF_SAMPLE_BRANCH_ANY_RETURN = 0x20 -+ PERF_SAMPLE_BRANCH_IND_CALL = 0x40 -+ PERF_SAMPLE_BRANCH_ABORT_TX = 0x80 -+ PERF_SAMPLE_BRANCH_IN_TX = 0x100 -+ PERF_SAMPLE_BRANCH_NO_TX = 0x200 -+ PERF_SAMPLE_BRANCH_COND = 0x400 -+ PERF_SAMPLE_BRANCH_CALL_STACK = 0x800 -+ PERF_SAMPLE_BRANCH_IND_JUMP = 0x1000 -+ PERF_SAMPLE_BRANCH_CALL = 0x2000 -+ PERF_SAMPLE_BRANCH_NO_FLAGS = 0x4000 -+ PERF_SAMPLE_BRANCH_NO_CYCLES = 0x8000 -+ PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000 -+ -+ PERF_FORMAT_TOTAL_TIME_ENABLED = 0x1 -+ PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2 -+ PERF_FORMAT_ID = 0x4 -+ PERF_FORMAT_GROUP = 0x8 -+ -+ PERF_RECORD_MMAP = 0x1 -+ PERF_RECORD_LOST = 0x2 -+ PERF_RECORD_COMM = 0x3 -+ PERF_RECORD_EXIT = 0x4 -+ PERF_RECORD_THROTTLE = 0x5 -+ PERF_RECORD_UNTHROTTLE = 0x6 -+ PERF_RECORD_FORK = 0x7 -+ PERF_RECORD_READ = 0x8 -+ PERF_RECORD_SAMPLE = 0x9 -+ PERF_RECORD_MMAP2 = 0xa -+ PERF_RECORD_AUX = 0xb -+ PERF_RECORD_ITRACE_START = 0xc -+ PERF_RECORD_LOST_SAMPLES = 0xd -+ PERF_RECORD_SWITCH = 0xe -+ PERF_RECORD_SWITCH_CPU_WIDE = 0xf -+ PERF_RECORD_NAMESPACES = 0x10 -+ -+ PERF_CONTEXT_HV = -0x20 -+ PERF_CONTEXT_KERNEL = -0x80 -+ PERF_CONTEXT_USER = -0x200 -+ -+ PERF_CONTEXT_GUEST = -0x800 -+ PERF_CONTEXT_GUEST_KERNEL = -0x880 -+ PERF_CONTEXT_GUEST_USER = -0xa00 -+ -+ PERF_FLAG_FD_NO_GROUP = 0x1 -+ PERF_FLAG_FD_OUTPUT = 0x2 -+ PERF_FLAG_PID_CGROUP = 0x4 -+ PERF_FLAG_FD_CLOEXEC = 0x8 -+) -+ -+const ( -+ CBitFieldMaskBit0 = 0x1 -+ CBitFieldMaskBit1 = 0x2 -+ CBitFieldMaskBit2 = 0x4 -+ CBitFieldMaskBit3 = 0x8 -+ CBitFieldMaskBit4 = 0x10 -+ CBitFieldMaskBit5 = 0x20 -+ CBitFieldMaskBit6 = 0x40 -+ CBitFieldMaskBit7 = 0x80 -+ CBitFieldMaskBit8 = 0x100 -+ CBitFieldMaskBit9 = 0x200 -+ CBitFieldMaskBit10 = 0x400 -+ CBitFieldMaskBit11 = 0x800 -+ CBitFieldMaskBit12 = 0x1000 -+ CBitFieldMaskBit13 = 0x2000 -+ CBitFieldMaskBit14 = 0x4000 -+ CBitFieldMaskBit15 = 0x8000 -+ CBitFieldMaskBit16 = 0x10000 -+ CBitFieldMaskBit17 = 0x20000 -+ CBitFieldMaskBit18 = 0x40000 -+ CBitFieldMaskBit19 = 0x80000 -+ CBitFieldMaskBit20 = 0x100000 -+ CBitFieldMaskBit21 = 0x200000 -+ CBitFieldMaskBit22 = 0x400000 -+ CBitFieldMaskBit23 = 0x800000 -+ CBitFieldMaskBit24 = 0x1000000 -+ CBitFieldMaskBit25 = 0x2000000 -+ CBitFieldMaskBit26 = 0x4000000 -+ CBitFieldMaskBit27 = 0x8000000 -+ CBitFieldMaskBit28 = 0x10000000 -+ CBitFieldMaskBit29 = 0x20000000 -+ CBitFieldMaskBit30 = 0x40000000 -+ CBitFieldMaskBit31 = 0x80000000 -+ CBitFieldMaskBit32 = 0x100000000 -+ CBitFieldMaskBit33 = 0x200000000 -+ CBitFieldMaskBit34 = 0x400000000 -+ CBitFieldMaskBit35 = 0x800000000 -+ CBitFieldMaskBit36 = 0x1000000000 -+ CBitFieldMaskBit37 = 0x2000000000 -+ CBitFieldMaskBit38 = 0x4000000000 -+ CBitFieldMaskBit39 = 0x8000000000 -+ CBitFieldMaskBit40 = 0x10000000000 -+ CBitFieldMaskBit41 = 0x20000000000 -+ CBitFieldMaskBit42 = 0x40000000000 -+ CBitFieldMaskBit43 = 0x80000000000 -+ CBitFieldMaskBit44 = 0x100000000000 -+ CBitFieldMaskBit45 = 0x200000000000 -+ CBitFieldMaskBit46 = 0x400000000000 -+ CBitFieldMaskBit47 = 0x800000000000 -+ CBitFieldMaskBit48 = 0x1000000000000 -+ CBitFieldMaskBit49 = 0x2000000000000 -+ CBitFieldMaskBit50 = 0x4000000000000 -+ CBitFieldMaskBit51 = 0x8000000000000 -+ CBitFieldMaskBit52 = 0x10000000000000 -+ CBitFieldMaskBit53 = 0x20000000000000 -+ CBitFieldMaskBit54 = 0x40000000000000 -+ CBitFieldMaskBit55 = 0x80000000000000 -+ CBitFieldMaskBit56 = 0x100000000000000 -+ CBitFieldMaskBit57 = 0x200000000000000 -+ CBitFieldMaskBit58 = 0x400000000000000 -+ CBitFieldMaskBit59 = 0x800000000000000 -+ CBitFieldMaskBit60 = 0x1000000000000000 -+ CBitFieldMaskBit61 = 0x2000000000000000 -+ CBitFieldMaskBit62 = 0x4000000000000000 -+ CBitFieldMaskBit63 = 0x8000000000000000 -+) -+ -+type SockaddrStorage struct { -+ Family uint16 -+ _ [118]uint8 -+ _ uint64 -+} -+ -+type TCPMD5Sig struct { -+ Addr SockaddrStorage -+ Flags uint8 -+ Prefixlen uint8 -+ Keylen uint16 -+ _ uint32 -+ Key [80]uint8 -+} -+ -+type HDDriveCmdHdr struct { -+ Command uint8 -+ Number uint8 -+ Feature uint8 -+ Count uint8 -+} -+ -+type HDGeometry struct { -+ Heads uint8 -+ Sectors uint8 -+ Cylinders uint16 -+ Start uint64 -+} -+ -+type HDDriveID struct { -+ Config uint16 -+ Cyls uint16 -+ Reserved2 uint16 -+ Heads uint16 -+ Track_bytes uint16 -+ Sector_bytes uint16 -+ Sectors uint16 -+ Vendor0 uint16 -+ Vendor1 uint16 -+ Vendor2 uint16 -+ Serial_no [20]uint8 -+ Buf_type uint16 -+ Buf_size uint16 -+ Ecc_bytes uint16 -+ Fw_rev [8]uint8 -+ Model [40]uint8 -+ Max_multsect uint8 -+ Vendor3 uint8 -+ Dword_io uint16 -+ Vendor4 uint8 -+ Capability uint8 -+ Reserved50 uint16 -+ Vendor5 uint8 -+ TPIO uint8 -+ Vendor6 uint8 -+ TDMA uint8 -+ Field_valid uint16 -+ Cur_cyls uint16 -+ Cur_heads uint16 -+ Cur_sectors uint16 -+ Cur_capacity0 uint16 -+ Cur_capacity1 uint16 -+ Multsect uint8 -+ Multsect_valid uint8 -+ Lba_capacity uint32 -+ Dma_1word uint16 -+ Dma_mword uint16 -+ Eide_pio_modes uint16 -+ Eide_dma_min uint16 -+ Eide_dma_time uint16 -+ Eide_pio uint16 -+ Eide_pio_iordy uint16 -+ Words69_70 [2]uint16 -+ Words71_74 [4]uint16 -+ Queue_depth uint16 -+ Words76_79 [4]uint16 -+ Major_rev_num uint16 -+ Minor_rev_num uint16 -+ Command_set_1 uint16 -+ Command_set_2 uint16 -+ Cfsse uint16 -+ Cfs_enable_1 uint16 -+ Cfs_enable_2 uint16 -+ Csf_default uint16 -+ Dma_ultra uint16 -+ Trseuc uint16 -+ TrsEuc uint16 -+ CurAPMvalues uint16 -+ Mprc uint16 -+ Hw_config uint16 -+ Acoustic uint16 -+ Msrqs uint16 -+ Sxfert uint16 -+ Sal uint16 -+ Spg uint32 -+ Lba_capacity_2 uint64 -+ Words104_125 [22]uint16 -+ Last_lun uint16 -+ Word127 uint16 -+ Dlf uint16 -+ Csfo uint16 -+ Words130_155 [26]uint16 -+ Word156 uint16 -+ Words157_159 [3]uint16 -+ Cfa_power uint16 -+ Words161_175 [15]uint16 -+ Words176_205 [30]uint16 -+ Words206_254 [49]uint16 -+ Integrity_word uint16 -+} -+ -+type Statfs_t struct { -+ Type int64 -+ Bsize int64 -+ Blocks uint64 -+ Bfree uint64 -+ Bavail uint64 -+ Files uint64 -+ Ffree uint64 -+ Fsid Fsid -+ Namelen int64 -+ Frsize int64 -+ Flags int64 -+ Spare [4]int64 -+} -+ -+const ( -+ ST_MANDLOCK = 0x40 -+ ST_NOATIME = 0x400 -+ ST_NODEV = 0x4 -+ ST_NODIRATIME = 0x800 -+ ST_NOEXEC = 0x8 -+ ST_NOSUID = 0x2 -+ ST_RDONLY = 0x1 -+ ST_RELATIME = 0x1000 -+ ST_SYNCHRONOUS = 0x10 -+) -+ -+type TpacketHdr struct { -+ Status uint64 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Sec uint32 -+ Usec uint32 -+ _ [4]byte -+} -+ -+type Tpacket2Hdr struct { -+ Status uint32 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Sec uint32 -+ Nsec uint32 -+ Vlan_tci uint16 -+ Vlan_tpid uint16 -+ _ [4]uint8 -+} -+ -+type Tpacket3Hdr struct { -+ Next_offset uint32 -+ Sec uint32 -+ Nsec uint32 -+ Snaplen uint32 -+ Len uint32 -+ Status uint32 -+ Mac uint16 -+ Net uint16 -+ Hv1 TpacketHdrVariant1 -+ _ [8]uint8 -+} -+ -+type TpacketHdrVariant1 struct { -+ Rxhash uint32 -+ Vlan_tci uint32 -+ Vlan_tpid uint16 -+ _ uint16 -+} -+ -+type TpacketBlockDesc struct { -+ Version uint32 -+ To_priv uint32 -+ Hdr [40]byte -+} -+ -+type TpacketBDTS struct { -+ Sec uint32 -+ Usec uint32 -+} -+ -+type TpacketHdrV1 struct { -+ Block_status uint32 -+ Num_pkts uint32 -+ Offset_to_first_pkt uint32 -+ Blk_len uint32 -+ Seq_num uint64 -+ Ts_first_pkt TpacketBDTS -+ Ts_last_pkt TpacketBDTS -+} -+ -+type TpacketReq struct { -+ Block_size uint32 -+ Block_nr uint32 -+ Frame_size uint32 -+ Frame_nr uint32 -+} -+ -+type TpacketReq3 struct { -+ Block_size uint32 -+ Block_nr uint32 -+ Frame_size uint32 -+ Frame_nr uint32 -+ Retire_blk_tov uint32 -+ Sizeof_priv uint32 -+ Feature_req_word uint32 -+} -+ -+type TpacketStats struct { -+ Packets uint32 -+ Drops uint32 -+} -+ -+type TpacketStatsV3 struct { -+ Packets uint32 -+ Drops uint32 -+ Freeze_q_cnt uint32 -+} -+ -+type TpacketAuxdata struct { -+ Status uint32 -+ Len uint32 -+ Snaplen uint32 -+ Mac uint16 -+ Net uint16 -+ Vlan_tci uint16 -+ Vlan_tpid uint16 -+} -+ -+const ( -+ TPACKET_V1 = 0x0 -+ TPACKET_V2 = 0x1 -+ TPACKET_V3 = 0x2 -+) -+ -+const ( -+ SizeofTpacketHdr = 0x20 -+ SizeofTpacket2Hdr = 0x20 -+ SizeofTpacket3Hdr = 0x30 -+ -+ SizeofTpacketStats = 0x8 -+ SizeofTpacketStatsV3 = 0xc -+) -+ -+const ( -+ NF_INET_PRE_ROUTING = 0x0 -+ NF_INET_LOCAL_IN = 0x1 -+ NF_INET_FORWARD = 0x2 -+ NF_INET_LOCAL_OUT = 0x3 -+ NF_INET_POST_ROUTING = 0x4 -+ NF_INET_NUMHOOKS = 0x5 -+) -+ -+const ( -+ NF_NETDEV_INGRESS = 0x0 -+ NF_NETDEV_NUMHOOKS = 0x1 -+) -+ -+const ( -+ NFPROTO_UNSPEC = 0x0 -+ NFPROTO_INET = 0x1 -+ NFPROTO_IPV4 = 0x2 -+ NFPROTO_ARP = 0x3 -+ NFPROTO_NETDEV = 0x5 -+ NFPROTO_BRIDGE = 0x7 -+ NFPROTO_IPV6 = 0xa -+ NFPROTO_DECNET = 0xc -+ NFPROTO_NUMPROTO = 0xd -+) -+ -+type Nfgenmsg struct { -+ Nfgen_family uint8 -+ Version uint8 -+ Res_id uint16 -+} -+ -+const ( -+ NFNL_BATCH_UNSPEC = 0x0 -+ NFNL_BATCH_GENID = 0x1 -+) -+ -+const ( -+ NFT_REG_VERDICT = 0x0 -+ NFT_REG_1 = 0x1 -+ NFT_REG_2 = 0x2 -+ NFT_REG_3 = 0x3 -+ NFT_REG_4 = 0x4 -+ NFT_REG32_00 = 0x8 -+ NFT_REG32_01 = 0x9 -+ NFT_REG32_02 = 0xa -+ NFT_REG32_03 = 0xb -+ NFT_REG32_04 = 0xc -+ NFT_REG32_05 = 0xd -+ NFT_REG32_06 = 0xe -+ NFT_REG32_07 = 0xf -+ NFT_REG32_08 = 0x10 -+ NFT_REG32_09 = 0x11 -+ NFT_REG32_10 = 0x12 -+ NFT_REG32_11 = 0x13 -+ NFT_REG32_12 = 0x14 -+ NFT_REG32_13 = 0x15 -+ NFT_REG32_14 = 0x16 -+ NFT_REG32_15 = 0x17 -+ NFT_CONTINUE = -0x1 -+ NFT_BREAK = -0x2 -+ NFT_JUMP = -0x3 -+ NFT_GOTO = -0x4 -+ NFT_RETURN = -0x5 -+ NFT_MSG_NEWTABLE = 0x0 -+ NFT_MSG_GETTABLE = 0x1 -+ NFT_MSG_DELTABLE = 0x2 -+ NFT_MSG_NEWCHAIN = 0x3 -+ NFT_MSG_GETCHAIN = 0x4 -+ NFT_MSG_DELCHAIN = 0x5 -+ NFT_MSG_NEWRULE = 0x6 -+ NFT_MSG_GETRULE = 0x7 -+ NFT_MSG_DELRULE = 0x8 -+ NFT_MSG_NEWSET = 0x9 -+ NFT_MSG_GETSET = 0xa -+ NFT_MSG_DELSET = 0xb -+ NFT_MSG_NEWSETELEM = 0xc -+ NFT_MSG_GETSETELEM = 0xd -+ NFT_MSG_DELSETELEM = 0xe -+ NFT_MSG_NEWGEN = 0xf -+ NFT_MSG_GETGEN = 0x10 -+ NFT_MSG_TRACE = 0x11 -+ NFT_MSG_NEWOBJ = 0x12 -+ NFT_MSG_GETOBJ = 0x13 -+ NFT_MSG_DELOBJ = 0x14 -+ NFT_MSG_GETOBJ_RESET = 0x15 -+ NFT_MSG_MAX = 0x19 -+ NFTA_LIST_UNPEC = 0x0 -+ NFTA_LIST_ELEM = 0x1 -+ NFTA_HOOK_UNSPEC = 0x0 -+ NFTA_HOOK_HOOKNUM = 0x1 -+ NFTA_HOOK_PRIORITY = 0x2 -+ NFTA_HOOK_DEV = 0x3 -+ NFT_TABLE_F_DORMANT = 0x1 -+ NFTA_TABLE_UNSPEC = 0x0 -+ NFTA_TABLE_NAME = 0x1 -+ NFTA_TABLE_FLAGS = 0x2 -+ NFTA_TABLE_USE = 0x3 -+ NFTA_CHAIN_UNSPEC = 0x0 -+ NFTA_CHAIN_TABLE = 0x1 -+ NFTA_CHAIN_HANDLE = 0x2 -+ NFTA_CHAIN_NAME = 0x3 -+ NFTA_CHAIN_HOOK = 0x4 -+ NFTA_CHAIN_POLICY = 0x5 -+ NFTA_CHAIN_USE = 0x6 -+ NFTA_CHAIN_TYPE = 0x7 -+ NFTA_CHAIN_COUNTERS = 0x8 -+ NFTA_CHAIN_PAD = 0x9 -+ NFTA_RULE_UNSPEC = 0x0 -+ NFTA_RULE_TABLE = 0x1 -+ NFTA_RULE_CHAIN = 0x2 -+ NFTA_RULE_HANDLE = 0x3 -+ NFTA_RULE_EXPRESSIONS = 0x4 -+ NFTA_RULE_COMPAT = 0x5 -+ NFTA_RULE_POSITION = 0x6 -+ NFTA_RULE_USERDATA = 0x7 -+ NFTA_RULE_PAD = 0x8 -+ NFTA_RULE_ID = 0x9 -+ NFT_RULE_COMPAT_F_INV = 0x2 -+ NFT_RULE_COMPAT_F_MASK = 0x2 -+ NFTA_RULE_COMPAT_UNSPEC = 0x0 -+ NFTA_RULE_COMPAT_PROTO = 0x1 -+ NFTA_RULE_COMPAT_FLAGS = 0x2 -+ NFT_SET_ANONYMOUS = 0x1 -+ NFT_SET_CONSTANT = 0x2 -+ NFT_SET_INTERVAL = 0x4 -+ NFT_SET_MAP = 0x8 -+ NFT_SET_TIMEOUT = 0x10 -+ NFT_SET_EVAL = 0x20 -+ NFT_SET_OBJECT = 0x40 -+ NFT_SET_POL_PERFORMANCE = 0x0 -+ NFT_SET_POL_MEMORY = 0x1 -+ NFTA_SET_DESC_UNSPEC = 0x0 -+ NFTA_SET_DESC_SIZE = 0x1 -+ NFTA_SET_UNSPEC = 0x0 -+ NFTA_SET_TABLE = 0x1 -+ NFTA_SET_NAME = 0x2 -+ NFTA_SET_FLAGS = 0x3 -+ NFTA_SET_KEY_TYPE = 0x4 -+ NFTA_SET_KEY_LEN = 0x5 -+ NFTA_SET_DATA_TYPE = 0x6 -+ NFTA_SET_DATA_LEN = 0x7 -+ NFTA_SET_POLICY = 0x8 -+ NFTA_SET_DESC = 0x9 -+ NFTA_SET_ID = 0xa -+ NFTA_SET_TIMEOUT = 0xb -+ NFTA_SET_GC_INTERVAL = 0xc -+ NFTA_SET_USERDATA = 0xd -+ NFTA_SET_PAD = 0xe -+ NFTA_SET_OBJ_TYPE = 0xf -+ NFT_SET_ELEM_INTERVAL_END = 0x1 -+ NFTA_SET_ELEM_UNSPEC = 0x0 -+ NFTA_SET_ELEM_KEY = 0x1 -+ NFTA_SET_ELEM_DATA = 0x2 -+ NFTA_SET_ELEM_FLAGS = 0x3 -+ NFTA_SET_ELEM_TIMEOUT = 0x4 -+ NFTA_SET_ELEM_EXPIRATION = 0x5 -+ NFTA_SET_ELEM_USERDATA = 0x6 -+ NFTA_SET_ELEM_EXPR = 0x7 -+ NFTA_SET_ELEM_PAD = 0x8 -+ NFTA_SET_ELEM_OBJREF = 0x9 -+ NFTA_SET_ELEM_LIST_UNSPEC = 0x0 -+ NFTA_SET_ELEM_LIST_TABLE = 0x1 -+ NFTA_SET_ELEM_LIST_SET = 0x2 -+ NFTA_SET_ELEM_LIST_ELEMENTS = 0x3 -+ NFTA_SET_ELEM_LIST_SET_ID = 0x4 -+ NFT_DATA_VALUE = 0x0 -+ NFT_DATA_VERDICT = 0xffffff00 -+ NFTA_DATA_UNSPEC = 0x0 -+ NFTA_DATA_VALUE = 0x1 -+ NFTA_DATA_VERDICT = 0x2 -+ NFTA_VERDICT_UNSPEC = 0x0 -+ NFTA_VERDICT_CODE = 0x1 -+ NFTA_VERDICT_CHAIN = 0x2 -+ NFTA_EXPR_UNSPEC = 0x0 -+ NFTA_EXPR_NAME = 0x1 -+ NFTA_EXPR_DATA = 0x2 -+ NFTA_IMMEDIATE_UNSPEC = 0x0 -+ NFTA_IMMEDIATE_DREG = 0x1 -+ NFTA_IMMEDIATE_DATA = 0x2 -+ NFTA_BITWISE_UNSPEC = 0x0 -+ NFTA_BITWISE_SREG = 0x1 -+ NFTA_BITWISE_DREG = 0x2 -+ NFTA_BITWISE_LEN = 0x3 -+ NFTA_BITWISE_MASK = 0x4 -+ NFTA_BITWISE_XOR = 0x5 -+ NFT_BYTEORDER_NTOH = 0x0 -+ NFT_BYTEORDER_HTON = 0x1 -+ NFTA_BYTEORDER_UNSPEC = 0x0 -+ NFTA_BYTEORDER_SREG = 0x1 -+ NFTA_BYTEORDER_DREG = 0x2 -+ NFTA_BYTEORDER_OP = 0x3 -+ NFTA_BYTEORDER_LEN = 0x4 -+ NFTA_BYTEORDER_SIZE = 0x5 -+ NFT_CMP_EQ = 0x0 -+ NFT_CMP_NEQ = 0x1 -+ NFT_CMP_LT = 0x2 -+ NFT_CMP_LTE = 0x3 -+ NFT_CMP_GT = 0x4 -+ NFT_CMP_GTE = 0x5 -+ NFTA_CMP_UNSPEC = 0x0 -+ NFTA_CMP_SREG = 0x1 -+ NFTA_CMP_OP = 0x2 -+ NFTA_CMP_DATA = 0x3 -+ NFT_RANGE_EQ = 0x0 -+ NFT_RANGE_NEQ = 0x1 -+ NFTA_RANGE_UNSPEC = 0x0 -+ NFTA_RANGE_SREG = 0x1 -+ NFTA_RANGE_OP = 0x2 -+ NFTA_RANGE_FROM_DATA = 0x3 -+ NFTA_RANGE_TO_DATA = 0x4 -+ NFT_LOOKUP_F_INV = 0x1 -+ NFTA_LOOKUP_UNSPEC = 0x0 -+ NFTA_LOOKUP_SET = 0x1 -+ NFTA_LOOKUP_SREG = 0x2 -+ NFTA_LOOKUP_DREG = 0x3 -+ NFTA_LOOKUP_SET_ID = 0x4 -+ NFTA_LOOKUP_FLAGS = 0x5 -+ NFT_DYNSET_OP_ADD = 0x0 -+ NFT_DYNSET_OP_UPDATE = 0x1 -+ NFT_DYNSET_F_INV = 0x1 -+ NFTA_DYNSET_UNSPEC = 0x0 -+ NFTA_DYNSET_SET_NAME = 0x1 -+ NFTA_DYNSET_SET_ID = 0x2 -+ NFTA_DYNSET_OP = 0x3 -+ NFTA_DYNSET_SREG_KEY = 0x4 -+ NFTA_DYNSET_SREG_DATA = 0x5 -+ NFTA_DYNSET_TIMEOUT = 0x6 -+ NFTA_DYNSET_EXPR = 0x7 -+ NFTA_DYNSET_PAD = 0x8 -+ NFTA_DYNSET_FLAGS = 0x9 -+ NFT_PAYLOAD_LL_HEADER = 0x0 -+ NFT_PAYLOAD_NETWORK_HEADER = 0x1 -+ NFT_PAYLOAD_TRANSPORT_HEADER = 0x2 -+ NFT_PAYLOAD_CSUM_NONE = 0x0 -+ NFT_PAYLOAD_CSUM_INET = 0x1 -+ NFT_PAYLOAD_L4CSUM_PSEUDOHDR = 0x1 -+ NFTA_PAYLOAD_UNSPEC = 0x0 -+ NFTA_PAYLOAD_DREG = 0x1 -+ NFTA_PAYLOAD_BASE = 0x2 -+ NFTA_PAYLOAD_OFFSET = 0x3 -+ NFTA_PAYLOAD_LEN = 0x4 -+ NFTA_PAYLOAD_SREG = 0x5 -+ NFTA_PAYLOAD_CSUM_TYPE = 0x6 -+ NFTA_PAYLOAD_CSUM_OFFSET = 0x7 -+ NFTA_PAYLOAD_CSUM_FLAGS = 0x8 -+ NFT_EXTHDR_F_PRESENT = 0x1 -+ NFT_EXTHDR_OP_IPV6 = 0x0 -+ NFT_EXTHDR_OP_TCPOPT = 0x1 -+ NFTA_EXTHDR_UNSPEC = 0x0 -+ NFTA_EXTHDR_DREG = 0x1 -+ NFTA_EXTHDR_TYPE = 0x2 -+ NFTA_EXTHDR_OFFSET = 0x3 -+ NFTA_EXTHDR_LEN = 0x4 -+ NFTA_EXTHDR_FLAGS = 0x5 -+ NFTA_EXTHDR_OP = 0x6 -+ NFTA_EXTHDR_SREG = 0x7 -+ NFT_META_LEN = 0x0 -+ NFT_META_PROTOCOL = 0x1 -+ NFT_META_PRIORITY = 0x2 -+ NFT_META_MARK = 0x3 -+ NFT_META_IIF = 0x4 -+ NFT_META_OIF = 0x5 -+ NFT_META_IIFNAME = 0x6 -+ NFT_META_OIFNAME = 0x7 -+ NFT_META_IIFTYPE = 0x8 -+ NFT_META_OIFTYPE = 0x9 -+ NFT_META_SKUID = 0xa -+ NFT_META_SKGID = 0xb -+ NFT_META_NFTRACE = 0xc -+ NFT_META_RTCLASSID = 0xd -+ NFT_META_SECMARK = 0xe -+ NFT_META_NFPROTO = 0xf -+ NFT_META_L4PROTO = 0x10 -+ NFT_META_BRI_IIFNAME = 0x11 -+ NFT_META_BRI_OIFNAME = 0x12 -+ NFT_META_PKTTYPE = 0x13 -+ NFT_META_CPU = 0x14 -+ NFT_META_IIFGROUP = 0x15 -+ NFT_META_OIFGROUP = 0x16 -+ NFT_META_CGROUP = 0x17 -+ NFT_META_PRANDOM = 0x18 -+ NFT_RT_CLASSID = 0x0 -+ NFT_RT_NEXTHOP4 = 0x1 -+ NFT_RT_NEXTHOP6 = 0x2 -+ NFT_RT_TCPMSS = 0x3 -+ NFT_HASH_JENKINS = 0x0 -+ NFT_HASH_SYM = 0x1 -+ NFTA_HASH_UNSPEC = 0x0 -+ NFTA_HASH_SREG = 0x1 -+ NFTA_HASH_DREG = 0x2 -+ NFTA_HASH_LEN = 0x3 -+ NFTA_HASH_MODULUS = 0x4 -+ NFTA_HASH_SEED = 0x5 -+ NFTA_HASH_OFFSET = 0x6 -+ NFTA_HASH_TYPE = 0x7 -+ NFTA_META_UNSPEC = 0x0 -+ NFTA_META_DREG = 0x1 -+ NFTA_META_KEY = 0x2 -+ NFTA_META_SREG = 0x3 -+ NFTA_RT_UNSPEC = 0x0 -+ NFTA_RT_DREG = 0x1 -+ NFTA_RT_KEY = 0x2 -+ NFT_CT_STATE = 0x0 -+ NFT_CT_DIRECTION = 0x1 -+ NFT_CT_STATUS = 0x2 -+ NFT_CT_MARK = 0x3 -+ NFT_CT_SECMARK = 0x4 -+ NFT_CT_EXPIRATION = 0x5 -+ NFT_CT_HELPER = 0x6 -+ NFT_CT_L3PROTOCOL = 0x7 -+ NFT_CT_SRC = 0x8 -+ NFT_CT_DST = 0x9 -+ NFT_CT_PROTOCOL = 0xa -+ NFT_CT_PROTO_SRC = 0xb -+ NFT_CT_PROTO_DST = 0xc -+ NFT_CT_LABELS = 0xd -+ NFT_CT_PKTS = 0xe -+ NFT_CT_BYTES = 0xf -+ NFT_CT_AVGPKT = 0x10 -+ NFT_CT_ZONE = 0x11 -+ NFT_CT_EVENTMASK = 0x12 -+ NFTA_CT_UNSPEC = 0x0 -+ NFTA_CT_DREG = 0x1 -+ NFTA_CT_KEY = 0x2 -+ NFTA_CT_DIRECTION = 0x3 -+ NFTA_CT_SREG = 0x4 -+ NFT_LIMIT_PKTS = 0x0 -+ NFT_LIMIT_PKT_BYTES = 0x1 -+ NFT_LIMIT_F_INV = 0x1 -+ NFTA_LIMIT_UNSPEC = 0x0 -+ NFTA_LIMIT_RATE = 0x1 -+ NFTA_LIMIT_UNIT = 0x2 -+ NFTA_LIMIT_BURST = 0x3 -+ NFTA_LIMIT_TYPE = 0x4 -+ NFTA_LIMIT_FLAGS = 0x5 -+ NFTA_LIMIT_PAD = 0x6 -+ NFTA_COUNTER_UNSPEC = 0x0 -+ NFTA_COUNTER_BYTES = 0x1 -+ NFTA_COUNTER_PACKETS = 0x2 -+ NFTA_COUNTER_PAD = 0x3 -+ NFTA_LOG_UNSPEC = 0x0 -+ NFTA_LOG_GROUP = 0x1 -+ NFTA_LOG_PREFIX = 0x2 -+ NFTA_LOG_SNAPLEN = 0x3 -+ NFTA_LOG_QTHRESHOLD = 0x4 -+ NFTA_LOG_LEVEL = 0x5 -+ NFTA_LOG_FLAGS = 0x6 -+ NFTA_QUEUE_UNSPEC = 0x0 -+ NFTA_QUEUE_NUM = 0x1 -+ NFTA_QUEUE_TOTAL = 0x2 -+ NFTA_QUEUE_FLAGS = 0x3 -+ NFTA_QUEUE_SREG_QNUM = 0x4 -+ NFT_QUOTA_F_INV = 0x1 -+ NFT_QUOTA_F_DEPLETED = 0x2 -+ NFTA_QUOTA_UNSPEC = 0x0 -+ NFTA_QUOTA_BYTES = 0x1 -+ NFTA_QUOTA_FLAGS = 0x2 -+ NFTA_QUOTA_PAD = 0x3 -+ NFTA_QUOTA_CONSUMED = 0x4 -+ NFT_REJECT_ICMP_UNREACH = 0x0 -+ NFT_REJECT_TCP_RST = 0x1 -+ NFT_REJECT_ICMPX_UNREACH = 0x2 -+ NFT_REJECT_ICMPX_NO_ROUTE = 0x0 -+ NFT_REJECT_ICMPX_PORT_UNREACH = 0x1 -+ NFT_REJECT_ICMPX_HOST_UNREACH = 0x2 -+ NFT_REJECT_ICMPX_ADMIN_PROHIBITED = 0x3 -+ NFTA_REJECT_UNSPEC = 0x0 -+ NFTA_REJECT_TYPE = 0x1 -+ NFTA_REJECT_ICMP_CODE = 0x2 -+ NFT_NAT_SNAT = 0x0 -+ NFT_NAT_DNAT = 0x1 -+ NFTA_NAT_UNSPEC = 0x0 -+ NFTA_NAT_TYPE = 0x1 -+ NFTA_NAT_FAMILY = 0x2 -+ NFTA_NAT_REG_ADDR_MIN = 0x3 -+ NFTA_NAT_REG_ADDR_MAX = 0x4 -+ NFTA_NAT_REG_PROTO_MIN = 0x5 -+ NFTA_NAT_REG_PROTO_MAX = 0x6 -+ NFTA_NAT_FLAGS = 0x7 -+ NFTA_MASQ_UNSPEC = 0x0 -+ NFTA_MASQ_FLAGS = 0x1 -+ NFTA_MASQ_REG_PROTO_MIN = 0x2 -+ NFTA_MASQ_REG_PROTO_MAX = 0x3 -+ NFTA_REDIR_UNSPEC = 0x0 -+ NFTA_REDIR_REG_PROTO_MIN = 0x1 -+ NFTA_REDIR_REG_PROTO_MAX = 0x2 -+ NFTA_REDIR_FLAGS = 0x3 -+ NFTA_DUP_UNSPEC = 0x0 -+ NFTA_DUP_SREG_ADDR = 0x1 -+ NFTA_DUP_SREG_DEV = 0x2 -+ NFTA_FWD_UNSPEC = 0x0 -+ NFTA_FWD_SREG_DEV = 0x1 -+ NFTA_OBJREF_UNSPEC = 0x0 -+ NFTA_OBJREF_IMM_TYPE = 0x1 -+ NFTA_OBJREF_IMM_NAME = 0x2 -+ NFTA_OBJREF_SET_SREG = 0x3 -+ NFTA_OBJREF_SET_NAME = 0x4 -+ NFTA_OBJREF_SET_ID = 0x5 -+ NFTA_GEN_UNSPEC = 0x0 -+ NFTA_GEN_ID = 0x1 -+ NFTA_GEN_PROC_PID = 0x2 -+ NFTA_GEN_PROC_NAME = 0x3 -+ NFTA_FIB_UNSPEC = 0x0 -+ NFTA_FIB_DREG = 0x1 -+ NFTA_FIB_RESULT = 0x2 -+ NFTA_FIB_FLAGS = 0x3 -+ NFT_FIB_RESULT_UNSPEC = 0x0 -+ NFT_FIB_RESULT_OIF = 0x1 -+ NFT_FIB_RESULT_OIFNAME = 0x2 -+ NFT_FIB_RESULT_ADDRTYPE = 0x3 -+ NFTA_FIB_F_SADDR = 0x1 -+ NFTA_FIB_F_DADDR = 0x2 -+ NFTA_FIB_F_MARK = 0x4 -+ NFTA_FIB_F_IIF = 0x8 -+ NFTA_FIB_F_OIF = 0x10 -+ NFTA_FIB_F_PRESENT = 0x20 -+ NFTA_CT_HELPER_UNSPEC = 0x0 -+ NFTA_CT_HELPER_NAME = 0x1 -+ NFTA_CT_HELPER_L3PROTO = 0x2 -+ NFTA_CT_HELPER_L4PROTO = 0x3 -+ NFTA_OBJ_UNSPEC = 0x0 -+ NFTA_OBJ_TABLE = 0x1 -+ NFTA_OBJ_NAME = 0x2 -+ NFTA_OBJ_TYPE = 0x3 -+ NFTA_OBJ_DATA = 0x4 -+ NFTA_OBJ_USE = 0x5 -+ NFTA_TRACE_UNSPEC = 0x0 -+ NFTA_TRACE_TABLE = 0x1 -+ NFTA_TRACE_CHAIN = 0x2 -+ NFTA_TRACE_RULE_HANDLE = 0x3 -+ NFTA_TRACE_TYPE = 0x4 -+ NFTA_TRACE_VERDICT = 0x5 -+ NFTA_TRACE_ID = 0x6 -+ NFTA_TRACE_LL_HEADER = 0x7 -+ NFTA_TRACE_NETWORK_HEADER = 0x8 -+ NFTA_TRACE_TRANSPORT_HEADER = 0x9 -+ NFTA_TRACE_IIF = 0xa -+ NFTA_TRACE_IIFTYPE = 0xb -+ NFTA_TRACE_OIF = 0xc -+ NFTA_TRACE_OIFTYPE = 0xd -+ NFTA_TRACE_MARK = 0xe -+ NFTA_TRACE_NFPROTO = 0xf -+ NFTA_TRACE_POLICY = 0x10 -+ NFTA_TRACE_PAD = 0x11 -+ NFT_TRACETYPE_UNSPEC = 0x0 -+ NFT_TRACETYPE_POLICY = 0x1 -+ NFT_TRACETYPE_RETURN = 0x2 -+ NFT_TRACETYPE_RULE = 0x3 -+ NFTA_NG_UNSPEC = 0x0 -+ NFTA_NG_DREG = 0x1 -+ NFTA_NG_MODULUS = 0x2 -+ NFTA_NG_TYPE = 0x3 -+ NFTA_NG_OFFSET = 0x4 -+ NFT_NG_INCREMENTAL = 0x0 -+ NFT_NG_RANDOM = 0x1 -+) -+ -+type RTCTime struct { -+ Sec int32 -+ Min int32 -+ Hour int32 -+ Mday int32 -+ Mon int32 -+ Year int32 -+ Wday int32 -+ Yday int32 -+ Isdst int32 -+} -+ -+type RTCWkAlrm struct { -+ Enabled uint8 -+ Pending uint8 -+ Time RTCTime -+} -+ -+type RTCPLLInfo struct { -+ Ctrl int32 -+ Value int32 -+ Max int32 -+ Min int32 -+ Posmult int32 -+ Negmult int32 -+ Clock int64 -+} -+ -+type BlkpgIoctlArg struct { -+ Op int32 -+ Flags int32 -+ Datalen int32 -+ Data *byte -+} -+ -+type BlkpgPartition struct { -+ Start int64 -+ Length int64 -+ Pno int32 -+ Devname [64]uint8 -+ Volname [64]uint8 -+ _ [4]byte -+} -+ -+const ( -+ BLKPG = 0x1269 -+ BLKPG_ADD_PARTITION = 0x1 -+ BLKPG_DEL_PARTITION = 0x2 -+ BLKPG_RESIZE_PARTITION = 0x3 -+) -+ -+const ( -+ NETNSA_NONE = 0x0 -+ NETNSA_NSID = 0x1 -+ NETNSA_PID = 0x2 -+ NETNSA_FD = 0x3 -+) -+ -+type XDPRingOffset struct { -+ Producer uint64 -+ Consumer uint64 -+ Desc uint64 -+} -+ -+type XDPMmapOffsets struct { -+ Rx XDPRingOffset -+ Tx XDPRingOffset -+ Fr XDPRingOffset -+ Cr XDPRingOffset -+} -+ -+type XDPUmemReg struct { -+ Addr uint64 -+ Len uint64 -+ Size uint32 -+ Headroom uint32 -+} -+ -+type XDPStatistics struct { -+ Rx_dropped uint64 -+ Rx_invalid_descs uint64 -+ Tx_invalid_descs uint64 -+} -+ -+type XDPDesc struct { -+ Addr uint64 -+ Len uint32 -+ Options uint32 -+} -+ -+const ( -+ NCSI_CMD_UNSPEC = 0x0 -+ NCSI_CMD_PKG_INFO = 0x1 -+ NCSI_CMD_SET_INTERFACE = 0x2 -+ NCSI_CMD_CLEAR_INTERFACE = 0x3 -+ NCSI_ATTR_UNSPEC = 0x0 -+ NCSI_ATTR_IFINDEX = 0x1 -+ NCSI_ATTR_PACKAGE_LIST = 0x2 -+ NCSI_ATTR_PACKAGE_ID = 0x3 -+ NCSI_ATTR_CHANNEL_ID = 0x4 -+ NCSI_PKG_ATTR_UNSPEC = 0x0 -+ NCSI_PKG_ATTR = 0x1 -+ NCSI_PKG_ATTR_ID = 0x2 -+ NCSI_PKG_ATTR_FORCED = 0x3 -+ NCSI_PKG_ATTR_CHANNEL_LIST = 0x4 -+ NCSI_CHANNEL_ATTR_UNSPEC = 0x0 -+ NCSI_CHANNEL_ATTR = 0x1 -+ NCSI_CHANNEL_ATTR_ID = 0x2 -+ NCSI_CHANNEL_ATTR_VERSION_MAJOR = 0x3 -+ NCSI_CHANNEL_ATTR_VERSION_MINOR = 0x4 -+ NCSI_CHANNEL_ATTR_VERSION_STR = 0x5 -+ NCSI_CHANNEL_ATTR_LINK_STATE = 0x6 -+ NCSI_CHANNEL_ATTR_ACTIVE = 0x7 -+ NCSI_CHANNEL_ATTR_FORCED = 0x8 -+ NCSI_CHANNEL_ATTR_VLAN_LIST = 0x9 -+ NCSI_CHANNEL_ATTR_VLAN_ID = 0xa -+) -+ -+type ScmTimestamping struct { -+ Ts [3]Timespec -+} -+ -+const ( -+ SOF_TIMESTAMPING_TX_HARDWARE = 0x1 -+ SOF_TIMESTAMPING_TX_SOFTWARE = 0x2 -+ SOF_TIMESTAMPING_RX_HARDWARE = 0x4 -+ SOF_TIMESTAMPING_RX_SOFTWARE = 0x8 -+ SOF_TIMESTAMPING_SOFTWARE = 0x10 -+ SOF_TIMESTAMPING_SYS_HARDWARE = 0x20 -+ SOF_TIMESTAMPING_RAW_HARDWARE = 0x40 -+ SOF_TIMESTAMPING_OPT_ID = 0x80 -+ SOF_TIMESTAMPING_TX_SCHED = 0x100 -+ SOF_TIMESTAMPING_TX_ACK = 0x200 -+ SOF_TIMESTAMPING_OPT_CMSG = 0x400 -+ SOF_TIMESTAMPING_OPT_TSONLY = 0x800 -+ SOF_TIMESTAMPING_OPT_STATS = 0x1000 -+ SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 -+ SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 -+ -+ SOF_TIMESTAMPING_LAST = 0x4000 -+ SOF_TIMESTAMPING_MASK = 0x7fff -+ -+ SCM_TSTAMP_SND = 0x0 -+ SCM_TSTAMP_SCHED = 0x1 -+ SCM_TSTAMP_ACK = 0x2 -+) -+ -+type SockExtendedErr struct { -+ Errno uint32 -+ Origin uint8 -+ Type uint8 -+ Code uint8 -+ Pad uint8 -+ Info uint32 -+ Data uint32 -+} -+ -+type FanotifyEventMetadata struct { -+ Event_len uint32 -+ Vers uint8 -+ Reserved uint8 -+ Metadata_len uint16 -+ Mask uint64 -+ Fd int32 -+ Pid int32 -+} -+ -+type FanotifyResponse struct { -+ Fd int32 -+ Response uint32 -+} -+ -+const ( -+ CRYPTO_MSG_BASE = 0x10 -+ CRYPTO_MSG_NEWALG = 0x10 -+ CRYPTO_MSG_DELALG = 0x11 -+ CRYPTO_MSG_UPDATEALG = 0x12 -+ CRYPTO_MSG_GETALG = 0x13 -+ CRYPTO_MSG_DELRNG = 0x14 -+ CRYPTO_MSG_GETSTAT = 0x15 -+) -+ -+const ( -+ CRYPTOCFGA_UNSPEC = 0x0 -+ CRYPTOCFGA_PRIORITY_VAL = 0x1 -+ CRYPTOCFGA_REPORT_LARVAL = 0x2 -+ CRYPTOCFGA_REPORT_HASH = 0x3 -+ CRYPTOCFGA_REPORT_BLKCIPHER = 0x4 -+ CRYPTOCFGA_REPORT_AEAD = 0x5 -+ CRYPTOCFGA_REPORT_COMPRESS = 0x6 -+ CRYPTOCFGA_REPORT_RNG = 0x7 -+ CRYPTOCFGA_REPORT_CIPHER = 0x8 -+ CRYPTOCFGA_REPORT_AKCIPHER = 0x9 -+ CRYPTOCFGA_REPORT_KPP = 0xa -+ CRYPTOCFGA_REPORT_ACOMP = 0xb -+ CRYPTOCFGA_STAT_LARVAL = 0xc -+ CRYPTOCFGA_STAT_HASH = 0xd -+ CRYPTOCFGA_STAT_BLKCIPHER = 0xe -+ CRYPTOCFGA_STAT_AEAD = 0xf -+ CRYPTOCFGA_STAT_COMPRESS = 0x10 -+ CRYPTOCFGA_STAT_RNG = 0x11 -+ CRYPTOCFGA_STAT_CIPHER = 0x12 -+ CRYPTOCFGA_STAT_AKCIPHER = 0x13 -+ CRYPTOCFGA_STAT_KPP = 0x14 -+ CRYPTOCFGA_STAT_ACOMP = 0x15 -+) -+ -+type CryptoUserAlg struct { -+ Name [64]uint8 -+ Driver_name [64]uint8 -+ Module_name [64]uint8 -+ Type uint32 -+ Mask uint32 -+ Refcnt uint32 -+ Flags uint32 -+} -+ -+type CryptoStatAEAD struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatAKCipher struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Verify_cnt uint64 -+ Sign_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatCipher struct { -+ Type [64]uint8 -+ Encrypt_cnt uint64 -+ Encrypt_tlen uint64 -+ Decrypt_cnt uint64 -+ Decrypt_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatCompress struct { -+ Type [64]uint8 -+ Compress_cnt uint64 -+ Compress_tlen uint64 -+ Decompress_cnt uint64 -+ Decompress_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatHash struct { -+ Type [64]uint8 -+ Hash_cnt uint64 -+ Hash_tlen uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatKPP struct { -+ Type [64]uint8 -+ Setsecret_cnt uint64 -+ Generate_public_key_cnt uint64 -+ Compute_shared_secret_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatRNG struct { -+ Type [64]uint8 -+ Generate_cnt uint64 -+ Generate_tlen uint64 -+ Seed_cnt uint64 -+ Err_cnt uint64 -+} -+ -+type CryptoStatLarval struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportLarval struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportHash struct { -+ Type [64]uint8 -+ Blocksize uint32 -+ Digestsize uint32 -+} -+ -+type CryptoReportCipher struct { -+ Type [64]uint8 -+ Blocksize uint32 -+ Min_keysize uint32 -+ Max_keysize uint32 -+} -+ -+type CryptoReportBlkCipher struct { -+ Type [64]uint8 -+ Geniv [64]uint8 -+ Blocksize uint32 -+ Min_keysize uint32 -+ Max_keysize uint32 -+ Ivsize uint32 -+} -+ -+type CryptoReportAEAD struct { -+ Type [64]uint8 -+ Geniv [64]uint8 -+ Blocksize uint32 -+ Maxauthsize uint32 -+ Ivsize uint32 -+} -+ -+type CryptoReportComp struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportRNG struct { -+ Type [64]uint8 -+ Seedsize uint32 -+} -+ -+type CryptoReportAKCipher struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportKPP struct { -+ Type [64]uint8 -+} -+ -+type CryptoReportAcomp struct { -+ Type [64]uint8 -+} --- -2.23.0 - diff --git a/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch b/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch deleted file mode 100644 index caea572..0000000 --- a/patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 53111d2f094b738a4b3a35bcec85f78324ca8509 Mon Sep 17 00:00:00 2001 -From: xiadanni1 -Date: Tue, 24 Nov 2020 11:00:32 +0800 -Subject: [PATCH] containerd: check task list to avoid unnecessary cleanup - -Signed-off-by: Lantao Liu -Signed-off-by: xiadanni1 ---- - runtime/v1/linux/runtime.go | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 5be785d..0feb587 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -374,6 +374,11 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { - close(shimExit) -+ if _, err := r.tasks.Get(ctx, id); err != nil { -+ // Task was never started or was already successfully deleted -+ return -+ } -+ - err := r.cleanupAfterDeadShim(ctx, bundle, ns, id, pid) - if err != nil { - log.G(ctx).WithError(err).WithField("bundle", bundle.path). --- -1.8.3.1 - diff --git a/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch b/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch deleted file mode 100644 index d59f2d2..0000000 --- a/patch/0065-containerd-add-blot-symbol-to-support-riscv.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d03e4a480ba9f954ebe077981202c811e21640e9 Mon Sep 17 00:00:00 2001 -From: yangyanchao -Date: Tue, 15 Dec 2020 03:24:47 +0000 -Subject: [PATCH 2/2] containerd-add-sys-symbol-to-support-riscv - ---- - vendor/go.etcd.io/bbolt/bolt_riscv64.go | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - create mode 100644 vendor/go.etcd.io/bbolt/bolt_riscv64.go - -diff --git a/vendor/go.etcd.io/bbolt/bolt_riscv64.go b/vendor/go.etcd.io/bbolt/bolt_riscv64.go -new file mode 100644 -index 0000000..5f1c364 ---- /dev/null -+++ b/vendor/go.etcd.io/bbolt/bolt_riscv64.go -@@ -0,0 +1,12 @@ -+// +build riscv64 -+ -+package bbolt -+ -+// maxMapSize represents the latgest mmap size supported by Bolt. -+const maxMapSize = 0xFFFFFFFFFFFF // 256TB -+ -+// maxAllocSize is the size used when creating array pointers. -+const maxAllocSize = 0x7FFFFFFF -+ -+// Are unaligned load/stores broken on this arch? -+var brokenUnaligned = false --- -2.23.0 - diff --git a/patch/0065-containerd-fix-dead-loop.patch b/patch/0065-containerd-fix-dead-loop.patch deleted file mode 100644 index e7311d2..0000000 --- a/patch/0065-containerd-fix-dead-loop.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b315a85a6695dfbe67767f21713c3ccfc7cae73e Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Mon, 1 Feb 2021 09:48:07 +0800 -Subject: [PATCH] containerd: fix dead loop - -Change-Id: I6b2ce4456ca8fe197683692721d150f4e5d7e3fe -Signed-off-by: jingrui ---- - runtime/v1/shim/client/client.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 06453b35a..9e63af4ea 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -393,15 +393,15 @@ func (c *Client) signalShim(ctx context.Context, sig syscall.Signal) error { - - func (c *Client) waitForExit(pid int) <-chan struct{} { - c.exitOnce.Do(func() { -- for { -+ for i := 0; i < 1000; i++ { - // use kill(pid, 0) here because the shim could have been reparented - // and we are no longer able to waitpid(pid, ...) on the shim - if err := unix.Kill(pid, 0); err == unix.ESRCH { -- close(c.exitCh) -- return -+ break - } - time.Sleep(10 * time.Millisecond) - } -+ close(c.exitCh) - }) - return c.exitCh - } --- -2.17.1 - diff --git a/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch b/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch deleted file mode 100644 index ecfe407..0000000 --- a/patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a530cb668134335d4e5d6595d5d5a9cb74e16428 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 19 Jan 2021 15:01:00 +0800 -Subject: [PATCH] containerd: cleanup dangling shim by brand new context - -Upstream:https://github.com/containerd/containerd/pull/4048 - -Signed-off-by: xiadanni ---- - runtime/v1/linux/runtime.go | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 0feb587..66f959d 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -66,6 +66,9 @@ const ( - configFilename = "config.json" - defaultRuntime = "runc" - defaultShim = "containerd-shim" -+ -+ // cleanupTimeout is default timeout for cleanup operations -+ cleanupTimeout = 1 * time.Minute - ) - - func init() { -@@ -226,7 +229,10 @@ func (r *Runtime) Create(ctx context.Context, id string, opts runtime.CreateOpts - } - defer func() { - if err != nil { -- kerr := s.KillShim(ctx) -+ deferCtx, deferCancel := context.WithTimeout( -+ namespaces.WithNamespace(context.TODO(), namespace), cleanupTimeout) -+ defer deferCancel() -+ kerr := s.KillShim(deferCtx) - log.G(ctx).WithError(err).Errorf("revert: kill shim error=%v", kerr) - } - }() --- -1.8.3.1 - diff --git a/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch b/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch deleted file mode 100644 index 5197dca..0000000 --- a/patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 4c9ec5f1eece90929eb3b525c28f3713b7153d7d Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 19 Jan 2021 20:34:45 +0800 -Subject: [PATCH] containerd:fix potential panic for task in unknown state - -Upstream:https://github.com/containerd/containerd/pull/3611 - -Signed-off-by: xiadanni ---- - cio/io_unix.go | 22 ++++++++++++---------- - container.go | 13 +++++++++++-- - 2 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/cio/io_unix.go b/cio/io_unix.go -index 3ab2a30..53b6b2d 100644 ---- a/cio/io_unix.go -+++ b/cio/io_unix.go -@@ -72,17 +72,19 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (*cio, error) { - } - - var wg = &sync.WaitGroup{} -- wg.Add(1) -- go func() { -- p := bufPool.Get().(*[]byte) -- defer bufPool.Put(p) -- -- io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p) -- pipes.Stdout.Close() -- wg.Done() -- }() -+ if fifos.Stdout != "" { -+ wg.Add(1) -+ go func() { -+ p := bufPool.Get().(*[]byte) -+ defer bufPool.Put(p) -+ -+ io.CopyBuffer(ioset.Stdout, pipes.Stdout, *p) -+ pipes.Stdout.Close() -+ wg.Done() -+ }() -+ } - -- if !fifos.Terminal { -+ if !fifos.Terminal && fifos.Stderr != "" { - wg.Add(1) - go func() { - p := bufPool.Get().(*[]byte) -diff --git a/container.go b/container.go -index 3c09b2d..63b074a 100644 ---- a/container.go -+++ b/container.go -@@ -25,6 +25,7 @@ import ( - - "github.com/containerd/containerd/api/services/tasks/v1" - "github.com/containerd/containerd/api/types" -+ tasktypes "github.com/containerd/containerd/api/types/task" - "github.com/containerd/containerd/cio" - "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/errdefs" -@@ -32,6 +33,7 @@ import ( - "github.com/containerd/typeurl" - prototypes "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - // Container is a metadata object for container resources and task creation -@@ -284,9 +286,16 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er - return nil, err - } - var i cio.IO -+ - if ioAttach != nil { -- if i, err = attachExistingIO(response, ioAttach); err != nil { -- return nil, err -+ if response.Process.Status == tasktypes.StatusUnknown { -+ logrus.Warnf("container %v loadTask: task get returns process status unknown", c.id) -+ } else { -+ // Do not attach IO for task in unknown state, because there -+ // are no fifo paths anyway. -+ if i, err = attachExistingIO(response, ioAttach); err != nil { -+ return nil, err -+ } - } - } - t := &task{ --- -1.8.3.1 - diff --git a/patch/0068-containerd-compile-option-compliance.patch b/patch/0068-containerd-compile-option-compliance.patch deleted file mode 100644 index 8f26e10..0000000 --- a/patch/0068-containerd-compile-option-compliance.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 0cda15b8d0241f9c15c0efe12d19877761f7b387 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 18 Mar 2021 10:29:02 +0800 -Subject: [PATCH] containerd: compile option compliance - -Signed-off-by: xiadanni ---- - Makefile | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index f69559b..102db9f 100644 ---- a/Makefile -+++ b/Makefile -@@ -82,7 +82,7 @@ BEP_DIR=/tmp/containerd-build-bep - BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep - - GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' --SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' -+SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' - - #Replaces ":" (*nix), ";" (windows) with newline for easy parsing - GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") -@@ -171,11 +171,21 @@ FORCE: - bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" -- go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ CGO_ENABLED=1 \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ -+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ -+ go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim - - bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim-runc-v1" --- -1.8.3.1 - diff --git a/patch/0069-containerd-add-check-in-spec.patch b/patch/0069-containerd-add-check-in-spec.patch deleted file mode 100644 index 2e96fe0..0000000 --- a/patch/0069-containerd-add-check-in-spec.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 27be5a04fc8b28e14ff296f5b9356ace8feb39ce Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 18 Feb 2021 20:28:52 +0800 -Subject: [PATCH] containerd: add check in spec - -Change-Id: I8ddf63ec1c4da479e90838678136237b5822d463 -Signed-off-by: xiadanni ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile b/Makefile -index 96c2370..511b6f2 100644 ---- a/Makefile -+++ b/Makefile -@@ -151,7 +151,7 @@ build: ## build the go packages - - test: ## run tests, except integration tests and tests that require root - @echo "$(WHALE) $@" -- @go test ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES}) -+ @go test ${TESTFLAGS} ./gc - - root-test: ## run tests, except integration tests - @echo "$(WHALE) $@" --- -1.8.3.1 - diff --git a/patch/0070-containerd-kill-container-init-process-if-runc-start.patch b/patch/0070-containerd-kill-container-init-process-if-runc-start.patch deleted file mode 100644 index 5418555..0000000 --- a/patch/0070-containerd-kill-container-init-process-if-runc-start.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 52d42e0b850cde3600028b00e19f5325a61ddad3 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 1 Feb 2021 19:36:53 +0800 -Subject: [PATCH] containerd: kill container init process if runc start returns - error - -Signed-off-by: xiadanni ---- - runtime/v1/linux/proc/init.go | 4 +++ - utils/utils.go | 61 +++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 65 insertions(+) - create mode 100644 utils/utils.go - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index de76682..669c108 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -35,6 +35,7 @@ import ( - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/runtime/proc" -+ "github.com/containerd/containerd/utils" - "github.com/containerd/fifo" - runc "github.com/containerd/go-runc" - google_protobuf "github.com/gogo/protobuf/types" -@@ -277,6 +278,9 @@ func (p *Init) Status(ctx context.Context) (string, error) { - - func (p *Init) start(context context.Context) error { - err := p.runtime.Start(context, p.id) -+ if err != nil { -+ utils.KillInitProcess(p.id, p.pid) -+ } - return p.runtimeError(err, "OCI runtime start failed") - } - -diff --git a/utils/utils.go b/utils/utils.go -new file mode 100644 -index 0000000..c57c6ca ---- /dev/null -+++ b/utils/utils.go -@@ -0,0 +1,61 @@ -+/* -+Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. -+Use of this source code is governed by Apache-2.0 -+license that can be found in the LICENSE file. -+Description: common functions -+Author: Danni Xia -+Create: 2021-01-30 -+*/ -+ -+package utils -+ -+import ( -+ "encoding/json" -+ "io/ioutil" -+ "path/filepath" -+ "strconv" -+ "strings" -+ "syscall" -+ -+ "github.com/sirupsen/logrus" -+) -+ -+type baseState struct { -+ InitProcessStartTime string `json:"init_process_start"` -+} -+ -+func KillInitProcess(cid string, pid int) { -+ if IsInitProcess(cid, pid) { -+ syscall.Kill(pid, syscall.SIGKILL) -+ } -+} -+ -+func IsInitProcess(cid string, pid int) bool { -+ stateBytes, err1 := ioutil.ReadFile(filepath.Join("/var/run/docker/runtime-runc/moby", cid, "state.json")) -+ statBytes, err2 := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat")) -+ if err1 != nil || err2 != nil { -+ return true -+ } -+ -+ s := strings.Split(string(statBytes), ")") -+ if len(s) < 1 { -+ return true -+ } -+ -+ statFields := strings.Split(strings.TrimSpace(s[len(s)-1]), " ") -+ if len(statFields) < 20 { -+ return true -+ } -+ -+ var baseState baseState -+ if err := json.Unmarshal(stateBytes, &baseState); err != nil { -+ return true -+ } -+ -+ if baseState.InitProcessStartTime == statFields[19] { -+ return true -+ } -+ -+ logrus.Warnf("process(pid:%d, start time:%s) is not container %s init process", pid, statFields[19], cid) -+ return false -+} --- -1.8.3.1 - diff --git a/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch b/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch deleted file mode 100644 index c6c4b6c..0000000 --- a/patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5d72fe2c0d6774e94cad6feacec87db703104fe7 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 19 Feb 2021 16:37:48 +0800 -Subject: [PATCH] containerd: fix containerd-shim residual when kill containerd - during starting container - -after shim process started, containerd will write shim socket address -to address file, but if containerd is killed before write file, new -containerd process could not get shim socket address, and will not -kill it even if that shim could not work. -so we write address file ahead of starting shim process. - -Signed-off-by: xiadanni ---- - runtime/v1/shim/client/client.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 9e63af4..bc9ac92 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -92,6 +92,10 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - go io.Copy(os.Stderr, stderrLog) - } - -+ if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -+ return nil, nil, err -+ } -+ - cmd, err := newCommand(binary, daemonAddress, debug, config, f, stdoutLog, stderrLog) - if err != nil { - return nil, nil, err -@@ -122,9 +126,6 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - "debug": debug, - }).Infof("shim %s started", binary) - -- if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { -- return nil, nil, err -- } - if err := writeFile(filepath.Join(config.Path, "shim.pid"), strconv.Itoa(cmd.Process.Pid)); err != nil { - return nil, nil, err - } --- -1.8.3.1 - diff --git a/patch/0072-containerd-fix-deadlock-on-commit-error.patch b/patch/0072-containerd-fix-deadlock-on-commit-error.patch deleted file mode 100644 index 4dbb496..0000000 --- a/patch/0072-containerd-fix-deadlock-on-commit-error.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 39183d7937d408afceb9456972ad3e42beb336c6 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Sat, 27 Feb 2021 11:19:22 +0800 -Subject: [PATCH] containerd:fix deadlock on commit error - -upstream:https://github.com/containerd/containerd/commit/5b9bd993a87008e06a34258f0672a78564adab13 -Signed-off-by: xiadanni ---- - content/local/writer.go | 5 +++-- - diff/walking/differ.go | 5 +++-- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/content/local/writer.go b/content/local/writer.go -index 223b145..3a94744 100644 ---- a/content/local/writer.go -+++ b/content/local/writer.go -@@ -74,6 +74,9 @@ func (w *writer) Write(p []byte) (n int, err error) { - } - - func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error { -+ // Ensure even on error the writer is fully closed -+ defer unlock(w.ref) -+ - var base content.Info - for _, opt := range opts { - if err := opt(&base); err != nil { -@@ -81,8 +84,6 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, - } - } - -- // Ensure even on error the writer is fully closed -- defer unlock(w.ref) - fp := w.fp - w.fp = nil - -diff --git a/diff/walking/differ.go b/diff/walking/differ.go -index a45a563..1c82860 100644 ---- a/diff/walking/differ.go -+++ b/diff/walking/differ.go -@@ -106,14 +106,15 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o - } - }() - if !newReference { -- if err := cw.Truncate(0); err != nil { -+ if err = cw.Truncate(0); err != nil { - return err - } - } - - if isCompressed { - dgstr := digest.SHA256.Digester() -- compressed, err := compression.CompressStream(cw, compression.Gzip) -+ var compressed io.WriteCloser -+ compressed, err = compression.CompressStream(cw, compression.Gzip) - if err != nil { - return errors.Wrap(err, "failed to get compressed stream") - } --- -1.8.3.1 - diff --git a/patch/0073-containerd-backport-upstream-patches.patch b/patch/0073-containerd-backport-upstream-patches.patch deleted file mode 100644 index 9bc3a8d..0000000 --- a/patch/0073-containerd-backport-upstream-patches.patch +++ /dev/null @@ -1,1212 +0,0 @@ -From 470a207ed468b5473d7833987791f01b467141a3 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Fri, 5 Feb 2021 15:10:27 +0800 -Subject: [PATCH] containerd: backport upstream patches - -2019-11-27 15:29:44 -0800 b97098762 Fix container pid. Lantao Liu lantaol@google.com -2019-06-21 15:28:16 -0400 f71f6d39b Robust pid locking for shim processes Michael Crosby crosbymichael.. -2019-06-20 16:13:51 -0400 42aba6e0f Add timeout for I/O waitgroups Michael Crosby crosbymichael.. -2019-02-01 02:08:49 -0800 5730c5003 Add a separate lock for pid. Lantao Liu lantaol@google.com -2019-01-31 18:59:29 -0800 b9b7ef32b Revert "use state machine management for exec.Pid()" Lantao Liu lantaol@google.com -2019-01-22 16:19:09 -0800 ab2cf0136 Use context.Background for `O_NONBLOCK` `OpenFifo`. Lantao Liu lantaol@google.com -2018-11-23 17:46:32 +0800 c42c8952b use state machine management for exec.Pid() Lifubang lifubang@acmcoder.com -2018-11-09 11:12:55 -0500 4c72befe0 Fix process locking and state management Michael Crosby crosbymichael.. - -Conflict:NA -Reference:https://github.com/containerd/containerd/pull/3755 - -Change-Id: Ic7f768e72a38383c1b89680333c9ee234ea217aa -Signed-off-by: jingrui ---- - runtime/proc/proc.go | 5 - - runtime/v1/linux/proc/exec.go | 77 +++++++++--- - runtime/v1/linux/proc/exec_state.go | 59 +++------ - runtime/v1/linux/proc/init.go | 155 +++++++++++++++++------ - runtime/v1/linux/proc/init_state.go | 182 +++++----------------------- - runtime/v1/linux/proc/io.go | 2 +- - runtime/v1/linux/proc/utils.go | 12 ++ - runtime/v2/runc/service_linux.go | 2 +- - runtime/v2/shim_unix.go | 2 +- - 9 files changed, 235 insertions(+), 261 deletions(-) - -diff --git a/runtime/proc/proc.go b/runtime/proc/proc.go -index 02bc9bda8..91ca59bb1 100644 ---- a/runtime/proc/proc.go -+++ b/runtime/proc/proc.go -@@ -40,7 +40,6 @@ func (s Stdio) IsNull() bool { - - // Process on a system - type Process interface { -- State - // ID returns the id for the process - ID() string - // Pid returns the pid for the process -@@ -57,10 +56,6 @@ type Process interface { - Status(context.Context) (string, error) - // Wait blocks until the process has exited - Wait() --} -- --// State of a process --type State interface { - // Resize resizes the process console - Resize(ws console.WinSize) error - // Start execution of the process -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index 08c581fbf..ea40cb5b8 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -31,6 +31,7 @@ import ( - "golang.org/x/sys/unix" - - "github.com/containerd/console" -+ "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/runtime/proc" - "github.com/containerd/fifo" - runc "github.com/containerd/go-runc" -@@ -41,7 +42,7 @@ import ( - type execProcess struct { - wg sync.WaitGroup - -- proc.State -+ execState execState - - mu sync.Mutex - id string -@@ -49,7 +50,7 @@ type execProcess struct { - io runc.IO - status int - exited time.Time -- pid int -+ pid safePid - closers []io.Closer - stdin io.Closer - stdio proc.Stdio -@@ -69,9 +70,7 @@ func (e *execProcess) ID() string { - } - - func (e *execProcess) Pid() int { -- e.mu.Lock() -- defer e.mu.Unlock() -- return e.pid -+ return e.pid.get() - } - - func (e *execProcess) ExitStatus() int { -@@ -86,6 +85,13 @@ func (e *execProcess) ExitedAt() time.Time { - return e.exited - } - -+func (e *execProcess) SetExited(status int) { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ e.execState.SetExited(status) -+} -+ - func (e *execProcess) setExited(status int) { - e.status = status - e.exited = time.Now() -@@ -93,6 +99,13 @@ func (e *execProcess) setExited(status int) { - close(e.waitBlock) - } - -+func (e *execProcess) Delete(ctx context.Context) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Delete(ctx) -+} -+ - func (e *execProcess) delete(ctx context.Context) error { - waitTimeout(ctx, &e.wg, 2*time.Second) - if e.io != nil { -@@ -107,6 +120,13 @@ func (e *execProcess) delete(ctx context.Context) error { - return nil - } - -+func (e *execProcess) Resize(ws console.WinSize) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Resize(ws) -+} -+ - func (e *execProcess) resize(ws console.WinSize) error { - if e.console == nil { - return nil -@@ -114,9 +134,21 @@ func (e *execProcess) resize(ws console.WinSize) error { - return e.console.Resize(ws) - } - -+func (e *execProcess) Kill(ctx context.Context, sig uint32, _ bool) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Kill(ctx, sig, false) -+} -+ - func (e *execProcess) kill(ctx context.Context, sig uint32, _ bool) error { -- pid := e.pid -- if pid != 0 { -+ pid := e.pid.get() -+ switch { -+ case pid == 0: -+ return errors.Wrap(errdefs.ErrFailedPrecondition, "process not created") -+ case !e.exited.IsZero(): -+ return errors.Wrapf(errdefs.ErrNotFound, "process already finished") -+ default: - if err := unix.Kill(pid, syscall.Signal(sig)); err != nil { - return errors.Wrapf(checkKillError(err), "exec kill error") - } -@@ -132,7 +164,20 @@ func (e *execProcess) Stdio() proc.Stdio { - return e.stdio - } - -+func (e *execProcess) Start(ctx context.Context) error { -+ e.mu.Lock() -+ defer e.mu.Unlock() -+ -+ return e.execState.Start(ctx) -+} -+ - func (e *execProcess) start(ctx context.Context) (err error) { -+ // The reaper may receive exit signal right after -+ // the container is started, before the e.pid is updated. -+ // In that case, we want to block the signal handler to -+ // access e.pid until it is updated. -+ e.pid.Lock() -+ defer e.pid.Unlock() - var ( - socket *runc.Socket - pidfile = filepath.Join(e.path, fmt.Sprintf("%s.pid", e.id)) -@@ -164,7 +209,7 @@ func (e *execProcess) start(ctx context.Context) (err error) { - return e.parent.runtimeError(err, "OCI runtime exec failed") - } - if e.stdio.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), e.stdio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", e.stdio.Stdin) - } -@@ -173,29 +218,26 @@ func (e *execProcess) start(ctx context.Context) (err error) { - } - var copyWaitGroup sync.WaitGroup - ctx, cancel := context.WithTimeout(ctx, 30*time.Second) -+ defer cancel() - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start console copy") - } - } else if !e.stdio.IsNull() { - if err := copyPipes(ctx, e.io, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(opts.PidFile) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime exec pid") - } -- e.pid = pid -+ e.pid.pid = pid - return nil - } - -@@ -212,12 +254,15 @@ func (e *execProcess) Status(ctx context.Context) (string, error) { - } - e.mu.Lock() - defer e.mu.Unlock() -- // if we don't have a pid then the exec process has just been created -- if e.pid == 0 { -+ // if we don't have a pid(pid=0) then the exec process has just been created -+ if e.pid.get() == 0 { - return "created", nil - } -+ if e.pid.get() == -1 { -+ return "stopped", nil -+ } - // if we have a pid and it can be signaled, the process is running -- if err := unix.Kill(e.pid, 0); err == nil { -+ if err := unix.Kill(e.pid.get(), 0); err == nil { - return "running", nil - } - // else if we have a pid but it can nolonger be signaled, it has stopped -diff --git a/runtime/v1/linux/proc/exec_state.go b/runtime/v1/linux/proc/exec_state.go -index ac5467552..12489501b 100644 ---- a/runtime/v1/linux/proc/exec_state.go -+++ b/runtime/v1/linux/proc/exec_state.go -@@ -25,6 +25,14 @@ import ( - "github.com/pkg/errors" - ) - -+type execState interface { -+ Resize(console.WinSize) error -+ Start(context.Context) error -+ Delete(context.Context) error -+ Kill(context.Context, uint32, bool) error -+ SetExited(int) -+} -+ - type execCreatedState struct { - p *execProcess - } -@@ -32,11 +40,11 @@ type execCreatedState struct { - func (s *execCreatedState) transition(name string) error { - switch name { - case "running": -- s.p.State = &execRunningState{p: s.p} -+ s.p.execState = &execRunningState{p: s.p} - case "stopped": -- s.p.State = &execStoppedState{p: s.p} -+ s.p.execState = &execStoppedState{p: s.p} - case "deleted": -- s.p.State = &deletedState{} -+ s.p.execState = &deletedState{} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -44,15 +52,10 @@ func (s *execCreatedState) transition(name string) error { - } - - func (s *execCreatedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *execCreatedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.start(ctx); err != nil { - return err - } -@@ -63,22 +66,15 @@ func (s *execCreatedState) Delete(ctx context.Context) error { - if err := s.p.delete(ctx); err != nil { - return err - } -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -+ - return s.transition("deleted") - } - - func (s *execCreatedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *execCreatedState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -93,7 +89,7 @@ type execRunningState struct { - func (s *execRunningState) transition(name string) error { - switch name { - case "stopped": -- s.p.State = &execStoppedState{p: s.p} -+ s.p.execState = &execStoppedState{p: s.p} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -101,37 +97,22 @@ func (s *execRunningState) transition(name string) error { - } - - func (s *execRunningState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *execRunningState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a running process") - } - - func (s *execRunningState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a running process") - } - - func (s *execRunningState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *execRunningState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -146,7 +127,7 @@ type execStoppedState struct { - func (s *execStoppedState) transition(name string) error { - switch name { - case "deleted": -- s.p.State = &deletedState{} -+ s.p.execState = &deletedState{} - default: - return errors.Errorf("invalid state transition %q to %q", stateName(s), name) - } -@@ -154,16 +135,10 @@ func (s *execStoppedState) transition(name string) error { - } - - func (s *execStoppedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resize a stopped container") - } - - func (s *execStoppedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a stopped process") - } - -@@ -171,15 +146,11 @@ func (s *execStoppedState) Delete(ctx context.Context) error { - if err := s.p.delete(ctx); err != nil { - return err - } -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -+ - return s.transition("deleted") - } - - func (s *execStoppedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - -diff --git a/runtime/v1/linux/proc/init.go b/runtime/v1/linux/proc/init.go -index 669c1085d..108234904 100644 ---- a/runtime/v1/linux/proc/init.go -+++ b/runtime/v1/linux/proc/init.go -@@ -52,8 +52,8 @@ const DefaultRunvRoot = "/run/runv" - - // Init represents an initial process for a container - type Init struct { -- wg sync.WaitGroup -- initState -+ wg sync.WaitGroup -+ initState initState - - // mu is used to ensure that `Start()` and `Exited()` calls return in - // the right order when invoked in separate go routines. -@@ -65,12 +65,12 @@ type Init struct { - - WorkDir string - -- id string -- Bundle string -- console console.Console -- Platform proc.Platform -- io runc.IO -- runtime *runc.Runc -+ id string -+ Bundle string -+ console console.Console -+ Platform proc.Platform -+ io runc.IO -+ runtime *runc.Runc - status int - exited time.Time - pid int -@@ -138,6 +138,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - err error - socket *runc.Socket - ) -+ - pidFile := filepath.Join(p.Bundle, InitPidFile) - - if legacy.IsLegacy(r.ID) { -@@ -195,7 +196,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - return p.runtimeError(err, "OCI runtime create failed") - } - if r.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), r.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", r.Stdin) - } -@@ -204,21 +205,19 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - } - var copyWaitGroup sync.WaitGroup - ctx, cancel := context.WithTimeout(ctx, 30*time.Second) -+ defer cancel() - if socket != nil { - console, err := socket.ReceiveMaster() - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve console master") - } - console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to start console copy") - } - p.console = console - } else if !hasNoIO(r) { - if err := copyPipes(ctx, p.io, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup); err != nil { -- cancel() - return errors.Wrap(err, "failed to start io pipe copy") - } - } -@@ -226,7 +225,6 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) error { - copyWaitGroup.Wait() - pid, err := runc.ReadPidFile(pidFile) - if err != nil { -- cancel() - return errors.Wrap(err, "failed to retrieve OCI runtime container pid") - } - p.pid = pid -@@ -266,6 +264,7 @@ func (p *Init) ExitedAt() time.Time { - func (p *Init) Status(ctx context.Context) (string, error) { - p.mu.Lock() - defer p.mu.Unlock() -+ - c, err := p.runtime.State(ctx, p.id) - if err != nil { - if strings.Contains(err.Error(), "does not exist") { -@@ -276,14 +275,30 @@ func (p *Init) Status(ctx context.Context) (string, error) { - return c.Status, nil - } - --func (p *Init) start(context context.Context) error { -- err := p.runtime.Start(context, p.id) -+// Start the init process -+func (p *Init) Start(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Start(ctx) -+} -+ -+func (p *Init) start(ctx context.Context) error { -+ err := p.runtime.Start(ctx, p.id) - if err != nil { - utils.KillInitProcess(p.id, p.pid) - } - return p.runtimeError(err, "OCI runtime start failed") - } - -+// SetExited of the init process with the next status -+func (p *Init) SetExited(status int) { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ p.initState.SetExited(status) -+} -+ - func (p *Init) setExited(status int) { - p.exited = time.Now() - p.status = status -@@ -291,9 +306,17 @@ func (p *Init) setExited(status int) { - close(p.waitBlock) - } - --func (p *Init) delete(context context.Context) error { -- waitTimeout(context, &p.wg, 2*time.Second) -- err := p.runtime.Delete(context, p.id, nil) -+// Delete the init process -+func (p *Init) Delete(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Delete(ctx) -+} -+ -+func (p *Init) delete(ctx context.Context) error { -+ waitTimeout(ctx, &p.wg, 2*time.Second) -+ err := p.runtime.Delete(ctx, p.id, nil) - // ignore errors if a runtime has already deleted the process - // but we still hold metadata and pipes - // -@@ -312,15 +335,28 @@ func (p *Init) delete(context context.Context) error { - } - p.io.Close() - } -- if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil { -- log.G(context).WithError(err2).Warn("failed to cleanup rootfs mount") -- if err == nil { -- err = errors.Wrap(err2, "failed rootfs umount") -+ if p.Rootfs != "" { -+ if err2 := mount.UnmountAll(p.Rootfs, 0); err2 != nil { -+ log.G(ctx).WithError(err2).Warn("failed to cleanup rootfs mount") -+ if err == nil { -+ err = errors.Wrap(err2, "failed rootfs umount") -+ } - } - } - return err - } - -+// Resize the init processes console -+func (p *Init) Resize(ws console.WinSize) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ if p.console == nil { -+ return nil -+ } -+ return p.console.Resize(ws) -+} -+ - func (p *Init) resize(ws console.WinSize) error { - if p.console == nil { - return nil -@@ -328,26 +364,43 @@ func (p *Init) resize(ws console.WinSize) error { - return p.console.Resize(ws) - } - --func (p *Init) pause(context context.Context) error { -- err := p.runtime.Pause(context, p.id) -- return p.runtimeError(err, "OCI runtime pause failed") -+// Pause the init process and all its child processes -+func (p *Init) Pause(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Pause(ctx) -+} -+ -+// Resume the init process and all its child processes -+func (p *Init) Resume(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Resume(ctx) - } - --func (p *Init) resume(context context.Context) error { -- err := p.runtime.Resume(context, p.id) -- return p.runtimeError(err, "OCI runtime resume failed") -+// Kill the init process -+func (p *Init) Kill(ctx context.Context, signal uint32, all bool) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Kill(ctx, signal, all) - } - --func (p *Init) kill(context context.Context, signal uint32, all bool) error { -- err := p.runtime.Kill(context, p.id, int(signal), &runc.KillOpts{ -+func (p *Init) kill(ctx context.Context, signal uint32, all bool) error { -+ err := p.runtime.Kill(ctx, p.id, int(signal), &runc.KillOpts{ - All: all, - }) - return checkKillError(err) - } - - // KillAll processes belonging to the init process --func (p *Init) KillAll(context context.Context) error { -- err := p.runtime.Kill(context, p.id, int(syscall.SIGKILL), &runc.KillOpts{ -+func (p *Init) KillAll(ctx context.Context) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ err := p.runtime.Kill(ctx, p.id, int(syscall.SIGKILL), &runc.KillOpts{ - All: true, - }) - return p.runtimeError(err, "OCI runtime killall failed") -@@ -363,8 +416,16 @@ func (p *Init) Runtime() *runc.Runc { - return p.runtime - } - -+// Exec returns a new child process -+func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Exec(ctx, path, r) -+} -+ - // exec returns a new exec'd process --func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) { -+func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { - // process exec request - var spec specs.Process - if err := json.Unmarshal(r.Spec.Value, &spec); err != nil { -@@ -385,18 +446,26 @@ func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.P - }, - waitBlock: make(chan struct{}), - } -- e.State = &execCreatedState{p: e} -+ e.execState = &execCreatedState{p: e} - return e, nil - } - --func (p *Init) checkpoint(context context.Context, r *CheckpointConfig) error { -+// Checkpoint the init process -+func (p *Init) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Checkpoint(ctx, r) -+} -+ -+func (p *Init) checkpoint(ctx context.Context, r *CheckpointConfig) error { - var actions []runc.CheckpointAction - if !r.Exit { - actions = append(actions, runc.LeaveRunning) - } - work := filepath.Join(p.WorkDir, "criu-work") - defer os.RemoveAll(work) -- if err := p.runtime.Checkpoint(context, p.id, &runc.CheckpointOpts{ -+ if err := p.runtime.Checkpoint(ctx, p.id, &runc.CheckpointOpts{ - WorkDir: work, - ImagePath: r.Path, - AllowOpenTCP: r.AllowOpenTCP, -@@ -407,19 +476,27 @@ func (p *Init) checkpoint(context context.Context, r *CheckpointConfig) error { - }, actions...); err != nil { - dumpLog := filepath.Join(p.Bundle, "criu-dump.log") - if cerr := copyFile(dumpLog, filepath.Join(work, "dump.log")); cerr != nil { -- log.G(context).Error(err) -+ log.G(ctx).Error(err) - } - return fmt.Errorf("%s path= %s", criuError(err), dumpLog) - } - return nil - } - --func (p *Init) update(context context.Context, r *google_protobuf.Any) error { -+// Update the processes resource configuration -+func (p *Init) Update(ctx context.Context, r *google_protobuf.Any) error { -+ p.mu.Lock() -+ defer p.mu.Unlock() -+ -+ return p.initState.Update(ctx, r) -+} -+ -+func (p *Init) update(ctx context.Context, r *google_protobuf.Any) error { - var resources specs.LinuxResources - if err := json.Unmarshal(r.Value, &resources); err != nil { - return err - } -- return p.runtime.Update(context, p.id, &resources) -+ return p.runtime.Update(ctx, p.id, &resources) - } - - // Stdio of the process -diff --git a/runtime/v1/linux/proc/init_state.go b/runtime/v1/linux/proc/init_state.go -index 6a6b448d3..e83934e9c 100644 ---- a/runtime/v1/linux/proc/init_state.go -+++ b/runtime/v1/linux/proc/init_state.go -@@ -30,16 +30,20 @@ import ( - runc "github.com/containerd/go-runc" - google_protobuf "github.com/gogo/protobuf/types" - "github.com/pkg/errors" -+ "github.com/sirupsen/logrus" - ) - - type initState interface { -- proc.State -- -+ Resize(console.WinSize) error -+ Start(context.Context) error -+ Delete(context.Context) error - Pause(context.Context) error - Resume(context.Context) error - Update(context.Context, *google_protobuf.Any) error - Checkpoint(context.Context, *CheckpointConfig) error - Exec(context.Context, string, *ExecConfig) (proc.Process, error) -+ Kill(context.Context, uint32, bool) error -+ SetExited(int) - } - - type createdState struct { -@@ -61,43 +65,26 @@ func (s *createdState) transition(name string) error { - } - - func (s *createdState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause task in created state") - } - - func (s *createdState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume task in created state") - } - --func (s *createdState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *createdState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - --func (s *createdState) Checkpoint(context context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *createdState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { - return errors.Errorf("cannot checkpoint a task in created state") - } - - func (s *createdState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *createdState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.start(ctx); err != nil { - return err - } -@@ -105,8 +92,6 @@ func (s *createdState) Start(ctx context.Context) error { - } - - func (s *createdState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -114,16 +99,10 @@ func (s *createdState) Delete(ctx context.Context) error { - } - - func (s *createdState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *createdState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -132,8 +111,6 @@ func (s *createdState) SetExited(status int) { - } - - func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - return s.p.exec(ctx, path, r) - } - -@@ -157,43 +134,26 @@ func (s *createdCheckpointState) transition(name string) error { - } - - func (s *createdCheckpointState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause task in created state") - } - - func (s *createdCheckpointState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume task in created state") - } - --func (s *createdCheckpointState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *createdCheckpointState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - --func (s *createdCheckpointState) Checkpoint(context context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *createdCheckpointState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { - return errors.Errorf("cannot checkpoint a task in created state") - } - - func (s *createdCheckpointState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *createdCheckpointState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - p := s.p - sio := p.stdio - -@@ -213,7 +173,7 @@ func (s *createdCheckpointState) Start(ctx context.Context) error { - return p.runtimeError(err, "OCI runtime restore failed") - } - if sio.Stdin != "" { -- sc, err := fifo.OpenFifo(ctx, sio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) -+ sc, err := fifo.OpenFifo(context.Background(), sio.Stdin, syscall.O_WRONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return errors.Wrapf(err, "failed to open stdin fifo %s", sio.Stdin) - } -@@ -247,8 +207,6 @@ func (s *createdCheckpointState) Start(ctx context.Context) error { - } - - func (s *createdCheckpointState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -256,16 +214,10 @@ func (s *createdCheckpointState) Delete(ctx context.Context) error { - } - - func (s *createdCheckpointState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *createdCheckpointState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -274,9 +226,6 @@ func (s *createdCheckpointState) SetExited(status int) { - } - - func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a created state") - } - -@@ -297,67 +246,42 @@ func (s *runningState) transition(name string) error { - } - - func (s *runningState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- if err := s.p.pause(ctx); err != nil { -- return err -+ if err := s.p.runtime.Pause(ctx, s.p.id); err != nil { -+ return s.p.runtimeError(err, "OCI runtime pause failed") - } -+ - return s.transition("paused") - } - - func (s *runningState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume a running process") - } - --func (s *runningState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *runningState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - - func (s *runningState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.checkpoint(ctx, r) - } - - func (s *runningState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *runningState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a running process") - } - - func (s *runningState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a running process") - } - - func (s *runningState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *runningState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - - if err := s.transition("stopped"); err != nil { -@@ -366,8 +290,6 @@ func (s *runningState) SetExited(status int) { - } - - func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - return s.p.exec(ctx, path, r) - } - -@@ -388,79 +310,54 @@ func (s *pausedState) transition(name string) error { - } - - func (s *pausedState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause a paused container") - } - - func (s *pausedState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- if err := s.p.resume(ctx); err != nil { -- return err -+ if err := s.p.runtime.Resume(ctx, s.p.id); err != nil { -+ return s.p.runtimeError(err, "OCI runtime resume failed") - } -+ - return s.transition("running") - } - --func (s *pausedState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -- return s.p.update(context, r) -+func (s *pausedState) Update(ctx context.Context, r *google_protobuf.Any) error { -+ return s.p.update(ctx, r) - } - - func (s *pausedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.checkpoint(ctx, r) - } - - func (s *pausedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.resize(ws) - } - - func (s *pausedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a paused process") - } - - func (s *pausedState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot delete a paused process") - } - - func (s *pausedState) Kill(ctx context.Context, sig uint32, all bool) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return s.p.kill(ctx, sig, all) - } - - func (s *pausedState) SetExited(status int) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - s.p.setExited(status) - -+ if err := s.p.runtime.Resume(context.Background(), s.p.id); err != nil { -+ logrus.WithError(err).Error("resuming exited container from paused state") -+ } -+ - if err := s.transition("stopped"); err != nil { - panic(err) - } - } - - func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a paused state") - } - -@@ -479,50 +376,30 @@ func (s *stoppedState) transition(name string) error { - } - - func (s *stoppedState) Pause(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot pause a stopped container") - } - - func (s *stoppedState) Resume(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resume a stopped container") - } - --func (s *stoppedState) Update(context context.Context, r *google_protobuf.Any) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- -+func (s *stoppedState) Update(ctx context.Context, r *google_protobuf.Any) error { - return errors.Errorf("cannot update a stopped container") - } - - func (s *stoppedState) Checkpoint(ctx context.Context, r *CheckpointConfig) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot checkpoint a stopped container") - } - - func (s *stoppedState) Resize(ws console.WinSize) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot resize a stopped container") - } - - func (s *stoppedState) Start(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return errors.Errorf("cannot start a stopped process") - } - - func (s *stoppedState) Delete(ctx context.Context) error { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() - if err := s.p.delete(ctx); err != nil { - return err - } -@@ -538,8 +415,5 @@ func (s *stoppedState) SetExited(status int) { - } - - func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { -- s.p.mu.Lock() -- defer s.p.mu.Unlock() -- - return nil, errors.Errorf("cannot exec in a stopped state") - } -diff --git a/runtime/v1/linux/proc/io.go b/runtime/v1/linux/proc/io.go -index 360662701..e620f5840 100644 ---- a/runtime/v1/linux/proc/io.go -+++ b/runtime/v1/linux/proc/io.go -@@ -114,7 +114,7 @@ func copyPipes(ctx context.Context, rio runc.IO, stdin, stdout, stderr string, w - if stdin == "" { - return nil - } -- f, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) -+ f, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return fmt.Errorf("containerd-shim syscall.O_RDONLY|syscall.O_NONBLOCK: opening %s failed: %s", stdin, err) - } -diff --git a/runtime/v1/linux/proc/utils.go b/runtime/v1/linux/proc/utils.go -index d6f047cee..7312dec68 100644 ---- a/runtime/v1/linux/proc/utils.go -+++ b/runtime/v1/linux/proc/utils.go -@@ -33,6 +33,18 @@ import ( - "golang.org/x/sys/unix" - ) - -+// safePid is a thread safe wrapper for pid. -+type safePid struct { -+ sync.Mutex -+ pid int -+} -+ -+func (s *safePid) get() int { -+ s.Lock() -+ defer s.Unlock() -+ return s.pid -+} -+ - // TODO(mlaventure): move to runc package? - func getLastRuntimeError(r *runc.Runc) (string, error) { - if r.Log == "" { -diff --git a/runtime/v2/runc/service_linux.go b/runtime/v2/runc/service_linux.go -index 116167352..195c23014 100644 ---- a/runtime/v2/runc/service_linux.go -+++ b/runtime/v2/runc/service_linux.go -@@ -42,7 +42,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console - } - - if stdin != "" { -- in, err := fifo.OpenFifo(ctx, stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) -+ in, err := fifo.OpenFifo(context.Background(), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0) - if err != nil { - return nil, err - } -diff --git a/runtime/v2/shim_unix.go b/runtime/v2/shim_unix.go -index 1a08be5d1..6738a7787 100644 ---- a/runtime/v2/shim_unix.go -+++ b/runtime/v2/shim_unix.go -@@ -28,5 +28,5 @@ import ( - ) - - func openShimLog(ctx context.Context, bundle *Bundle) (io.ReadCloser, error) { -- return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700) -+ return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDWR|unix.O_CREAT, 0700) - } --- -2.17.1 - diff --git a/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch b/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch deleted file mode 100644 index fe6a5a9..0000000 --- a/patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch +++ /dev/null @@ -1,71 +0,0 @@ -From dded5a0253fbfd3c75c6d73a890049c832374545 Mon Sep 17 00:00:00 2001 -From: jingrui -Date: Sat, 20 Feb 2021 09:06:22 +0800 -Subject: [PATCH] containerd: fix exec event missing due to pid reuse - -When many exec request exit at nearly sametime, the Exit can match with -wrong process and return directly, the event for right process will lost -in this case. - -time="2021-02-19T21:10:12.250841280+08:00" level=info msg=event Pid=11623 containerID=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 execID=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d module=libcontainerd namespace=moby topic=/tasks/exec-started -time="2021-02-19T21:10:12+08:00" level=info msg="try publish event(1) /tasks/exit &TaskExit{ContainerID:a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4,ID:0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d,Pid:11623,ExitStatus:0,ExitedAt:2021-02-19 21:10:12.27697416 +0800 CST m=+1893.164673481,} " -time="2021-02-19T21:11:02.944643980+08:00" level=debug msg="starting exec command 64cd335311e9b3c1c11e7360a374e3218efeb02e6578d7bc0811bad3f1820e16 in container a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4" -time="2021-02-19T21:11:06.201162360+08:00" level=debug msg="event published" ns=moby topic="/tasks/exec-started" type=containerd.events.TaskExecStarted -time="2021-02-19T21:11:57.961615320+08:00" level=warning msg="Ignoring Exit Event, no such exec command found" container=a32a1b7923db55ebdc7483e2b9cd986e5efc750b989ad3507eb866835e8e37f4 exec-id=0b412ecaed98f9ea71168599a9363b8aa3b047187eadaa74973bb6c63a66118d exec-pid=11623 - -From logs above, execID=0b412ecae with Pid=11623 exit and event -published, but new exec execID=64cd335 command reuse the Pid, but Exit -event still match previous execID=0b412ecae. so exit event for -execID=64cd335 will lost. - -Change-Id: If591a282a1cc0305758130a936ee8b92c88acc6c -Signed-off-by: jingrui ---- - runtime/v1/linux/proc/exec.go | 4 ++++ - runtime/v1/shim/service.go | 6 +++++- - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index ea40cb5b8..a5f40bd63 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -86,6 +86,10 @@ func (e *execProcess) ExitedAt() time.Time { - } - - func (e *execProcess) SetExited(status int) { -+ e.pid.Lock() -+ e.pid.pid = -1 -+ e.pid.Unlock() -+ - e.mu.Lock() - defer e.mu.Unlock() - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 7e07ab011..7d7327cd8 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -548,8 +548,13 @@ func (s *Service) checkProcesses(e runc.Exit) { - log.G(s.context).WithError(err).Error("failed to check shouldKillAll") - } - -+ match := 0 - for _, p := range s.processes { - if p.Pid() == e.Pid { -+ match++ -+ if match > 1 { -+ logrus.Warnf("exit for pid=%d match %d processes", e.Pid, match) -+ } - if ip, ok := p.(*proc.Init); ok { - ns := filepath.Base(filepath.Dir(ip.Bundle)) - events.ExitAddFile(ns, events.ExitFile(s.id, uint32(e.Pid), uint32(e.Status)), "init exited") -@@ -591,7 +596,6 @@ func (s *Service) checkProcesses(e runc.Exit) { - ExitStatus: uint32(e.Status), - ExitedAt: p.ExitedAt(), - } -- return - } - } - } --- -2.17.1 - diff --git a/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch b/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch deleted file mode 100644 index 0e47373..0000000 --- a/patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c10041fa37568bca00a25c055ee844d38e91fa95 Mon Sep 17 00:00:00 2001 -From: chenjiankun -Date: Mon, 19 Apr 2021 17:08:09 +0800 -Subject: [PATCH] docker: fix dm left when pause contaienr and kill shim - -when shim process be killed, we will delete the runtime, but if the -status is paused, it can't be delete. So we need to resume the shim -process before delete it. ---- - runtime/v1/linux/runtime.go | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index 66f959d..ca36748 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -541,6 +541,16 @@ func (r *Runtime) terminate(ctx context.Context, bundle *bundle, ns, id string) - } - - if !legacy.IsLegacy(id) || legacy.IsSamePid(id) { -+ -+ state, err := rt.State(ctx, id) -+ if err == nil && state.Status == "paused" { -+ logrus.Warnf("container %s status is paused, try to resume before delete", id) -+ err := rt.Resume(ctx, id) -+ if err != nil { -+ log.G(ctx).WithError(err).Errorf("runtime resume %s error", id) -+ } -+ } -+ - if err := rt.Delete(ctx, id, &runc.DeleteOpts{ - Force: true, - }); err != nil { --- -2.23.0 - diff --git a/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch b/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch deleted file mode 100644 index c53b218..0000000 --- a/patch/0076-containerd-fix-start-container-failed-with-id-exists.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 6936dda1f72b328cacfc29b52da780a29ef45385 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 8 Jul 2021 14:37:56 +0800 -Subject: [PATCH] containerd: fix start container failed with id exists - -reason: If container root path already exists when call runtime.Create, -we try to call runtime.Delete to cleanup it. But in case runtime.Delete -failed, root path will still exists which causes Create failed with error -"container with id exists". So remove path directly if Delete failed. - -Signed-off-by: xiadanni ---- - vendor/github.com/containerd/go-runc/runc.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/vendor/github.com/containerd/go-runc/runc.go b/vendor/github.com/containerd/go-runc/runc.go -index 1c96317..c089381 100644 ---- a/vendor/github.com/containerd/go-runc/runc.go -+++ b/vendor/github.com/containerd/go-runc/runc.go -@@ -159,7 +159,10 @@ func (o *CreateOpts) args() (out []string, err error) { - func (r *Runc) Create(context context.Context, id, bundle string, opts *CreateOpts) error { - if _, err := os.Stat(filepath.Join(r.Root, id)); err == nil { - logrus.Warnf("cleanup residue runtime with bundle %s root=%s", bundle, r.Root) -- r.Delete(context, id, &DeleteOpts{Force: true}) -+ if dErr := r.Delete(context, id, &DeleteOpts{Force: true}); dErr != nil { -+ logrus.Errorf("runtime force delete return err: %v, remove container root err: %v", -+ dErr, os.RemoveAll(filepath.Join(r.Root, id))) -+ } - } - - args := []string{"create", "--bundle", bundle} --- -2.27.0 - diff --git a/patch/0077-containerd-drop-opt-package.patch b/patch/0077-containerd-drop-opt-package.patch deleted file mode 100644 index 807f49e..0000000 --- a/patch/0077-containerd-drop-opt-package.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 81d14714bb90455964eac557f9b2172d7bc3e522 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Thu, 5 Aug 2021 15:24:21 +0800 -Subject: [PATCH] [Huawei]containerd: drop opt package - -Signed-off-by: xiadanni ---- - cmd/containerd/builtins.go | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go -index b120b60..17fa9f6 100644 ---- a/cmd/containerd/builtins.go -+++ b/cmd/containerd/builtins.go -@@ -30,7 +30,6 @@ import ( - _ "github.com/containerd/containerd/services/introspection" - _ "github.com/containerd/containerd/services/leases" - _ "github.com/containerd/containerd/services/namespaces" -- _ "github.com/containerd/containerd/services/opt" - _ "github.com/containerd/containerd/services/snapshots" - _ "github.com/containerd/containerd/services/tasks" - _ "github.com/containerd/containerd/services/version" --- -2.27.0 - diff --git a/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch b/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch deleted file mode 100644 index f686be5..0000000 --- a/patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 1c8a3bb488eb68523a3ae112854fcdd7326686cb Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Wed, 1 Sep 2021 07:23:17 +0800 -Subject: [PATCH] [backport]containerd:bump containerd/ttrpc - 699c4e40d1e7416e08bf7019c7ce2e9beced4636 - -full diff: https://github.com/containerd/ttrpc/compare/f02858b1457c5ca3aaec3a0803eb0d59f96e41d6...699c4e40d1e7416e08bf7019c7ce2e9beced4636 - -- containerd/ttrpc#33 Fix returns error message -- containerd/ttrpc#35 Make onclose an option - -Conflict:vendor.conf -Reference:https://github.com/containerd/containerd/commit/8c5779c32b70a0c55e1c94eb45b305897f7cf3f1 - -Signed-off-by: Sebastiaan van Stijn -Signed-off-by: xiadanni ---- - runtime/v1/shim/client/client.go | 3 +-- - runtime/v2/binary.go | 3 +-- - runtime/v2/shim.go | 3 +-- - vendor.conf | 2 +- - vendor/github.com/containerd/ttrpc/client.go | 21 ++++++++++++------- - .../github.com/containerd/ttrpc/services.go | 2 +- - 6 files changed, 19 insertions(+), 15 deletions(-) - -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index 48d62e537..6861df081 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -299,8 +299,7 @@ func WithConnect(address string, onClose func()) Opt { - if err != nil { - return nil, nil, err - } -- client := ttrpc.NewClient(conn) -- client.OnClose(onClose) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onClose)) - return shimapi.NewShimClient(client), conn, nil - } - } -diff --git a/runtime/v2/binary.go b/runtime/v2/binary.go -index 41de0d3e0..223b85300 100644 ---- a/runtime/v2/binary.go -+++ b/runtime/v2/binary.go -@@ -97,8 +97,7 @@ func (b *binary) Start(ctx context.Context) (_ *shim, err error) { - if err != nil { - return nil, err - } -- client := ttrpc.NewClient(conn) -- client.OnClose(func() { conn.Close() }) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() })) - return &shim{ - bundle: b.bundle, - client: client, -diff --git a/runtime/v2/shim.go b/runtime/v2/shim.go -index 982d1bb34..8e746712b 100644 ---- a/runtime/v2/shim.go -+++ b/runtime/v2/shim.go -@@ -75,8 +75,7 @@ func loadShim(ctx context.Context, bundle *Bundle, events *exchange.Exchange, rt - } - }() - -- client := ttrpc.NewClient(conn) -- client.OnClose(func() { conn.Close() }) -+ client := ttrpc.NewClient(conn, ttrpc.WithOnClose(func() { _ = conn.Close() })) - s := &shim{ - client: client, - task: task.NewTaskClient(client), -diff --git a/vendor.conf b/vendor.conf -index dbc3eecd9..0f76be3b0 100644 ---- a/vendor.conf -+++ b/vendor.conf -@@ -36,7 +36,7 @@ github.com/Microsoft/go-winio v0.4.11 - github.com/Microsoft/hcsshim v0.7.12 - google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 - golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 --github.com/containerd/ttrpc 2a805f71863501300ae1976d29f0454ae003e85a -+github.com/containerd/ttrpc 699c4e40d1e7416e08bf7019c7ce2e9beced4636 - github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 - gotest.tools v2.1.0 - github.com/google/go-cmp v0.1.0 -diff --git a/vendor/github.com/containerd/ttrpc/client.go b/vendor/github.com/containerd/ttrpc/client.go -index e40592dd7..bc2bbde1b 100644 ---- a/vendor/github.com/containerd/ttrpc/client.go -+++ b/vendor/github.com/containerd/ttrpc/client.go -@@ -48,7 +48,15 @@ type Client struct { - err error - } - --func NewClient(conn net.Conn) *Client { -+type ClientOpts func(c *Client) -+ -+func WithOnClose(onClose func()) ClientOpts { -+ return func(c *Client) { -+ c.closeFunc = onClose -+ } -+} -+ -+func NewClient(conn net.Conn, opts ...ClientOpts) *Client { - c := &Client{ - codec: codec{}, - conn: conn, -@@ -59,6 +67,10 @@ func NewClient(conn net.Conn) *Client { - closeFunc: func() {}, - } - -+ for _, o := range opts { -+ o(c) -+ } -+ - go c.run() - return c - } -@@ -135,11 +147,6 @@ func (c *Client) Close() error { - return nil - } - --// OnClose allows a close func to be called when the server is closed --func (c *Client) OnClose(closer func()) { -- c.closeFunc = closer --} -- - type message struct { - messageHeader - p []byte -@@ -249,7 +256,7 @@ func (c *Client) recv(resp *Response, msg *message) error { - } - - if msg.Type != messageTypeResponse { -- return errors.New("unkown message type received") -+ return errors.New("unknown message type received") - } - - defer c.channel.putmbuf(msg.p) -diff --git a/vendor/github.com/containerd/ttrpc/services.go b/vendor/github.com/containerd/ttrpc/services.go -index e90963825..fe1cade5a 100644 ---- a/vendor/github.com/containerd/ttrpc/services.go -+++ b/vendor/github.com/containerd/ttrpc/services.go -@@ -76,7 +76,7 @@ func (s *serviceSet) dispatch(ctx context.Context, serviceName, methodName strin - switch v := obj.(type) { - case proto.Message: - if err := proto.Unmarshal(p, v); err != nil { -- return status.Errorf(codes.Internal, "ttrpc: error unmarshaling payload: %v", err.Error()) -+ return status.Errorf(codes.Internal, "ttrpc: error unmarshalling payload: %v", err.Error()) - } - default: - return status.Errorf(codes.Internal, "ttrpc: error unsupported request type: %T", v) --- -2.27.0 - diff --git a/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch b/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch deleted file mode 100644 index 00d1d80..0000000 --- a/patch/0079-containerd-fix-race-access-for-mobySubcribed.patch +++ /dev/null @@ -1,47 +0,0 @@ -From fe8f7f5acac4f0fcf75218e26c1f3f874a77bf44 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Wed, 1 Sep 2021 07:29:43 +0800 -Subject: [PATCH] [Huawei]containerd:fix race access for mobySubcribed - -Signed-off-by: xiadanni ---- - events/exchange/exchange.go | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/events/exchange/exchange.go b/events/exchange/exchange.go -index 540f18054..ad642563a 100644 ---- a/events/exchange/exchange.go -+++ b/events/exchange/exchange.go -@@ -19,6 +19,7 @@ package exchange - import ( - "context" - "strings" -+ "sync/atomic" - "time" - - "github.com/containerd/containerd/errdefs" -@@ -49,10 +50,10 @@ func NewExchange() *Exchange { - var _ events.Publisher = &Exchange{} - var _ events.Forwarder = &Exchange{} - var _ events.Subscriber = &Exchange{} --var mobySubcribed = false -+var mobySubcribed = int32(0) - - func MobySubscribed() bool { -- return mobySubcribed -+ return atomic.LoadInt32(&mobySubcribed) == 1 - } - - // Forward accepts an envelope to be direcly distributed on the exchange. -@@ -170,7 +171,7 @@ func (e *Exchange) Subscribe(ctx context.Context, fs ...string) (ch <-chan *even - for _, s := range fs { - if !MobySubscribed() && s == "namespace==moby,topic~=|^/tasks/|" { - queue.Namespace = "moby" -- mobySubcribed = true -+ atomic.StoreInt32(&mobySubcribed, 1) - } - } - --- -2.27.0 - diff --git a/patch/0080-containerd-improve-log-for-debugging.patch b/patch/0080-containerd-improve-log-for-debugging.patch deleted file mode 100644 index d4708ad..0000000 --- a/patch/0080-containerd-improve-log-for-debugging.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 003a26f92ccfd6f296910874ed9ad55d652413cc Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Fri, 29 Oct 2021 16:37:28 +0800 -Subject: [PATCH] containerd: improve log for debugging - -add following logs for debugging -1. return event publish errors -2. redirect is used to make sure that containerd still can read the log - of shim after restart - -Conflict:NA -Reference: -https://github.com/containerd/containerd/pull/3179/commits/74eb0dc81221bffc192a349cf8b14fe7947b7a73 -https://github.com/containerd/containerd/pull/5293/commits/45df696bf3fe3eda15bbf0f2c00ddc2cfeddcdcc -https://github.com/containerd/containerd/commit/fbb80b9510db14a95b8ffa6c7842666ecf520489 - -Signed-off-by: xiadanni ---- - cmd/containerd-shim/main_unix.go | 23 ++++++++++++++++++++--- - runtime/v1/linux/runtime.go | 1 + - runtime/v1/shim/client/client.go | 22 ++++++++++------------ - 3 files changed, 31 insertions(+), 15 deletions(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index 3a5bb6170..a07932cef 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -61,6 +61,12 @@ var ( - criuFlag string - systemdCgroupFlag bool - containerdBinaryFlag string -+ -+ bufPool = sync.Pool{ -+ New: func() interface{} { -+ return bytes.NewBuffer(nil) -+ }, -+ } - ) - - func init() { -@@ -101,6 +107,10 @@ func main() { - stderr.Close() - }() - -+ // redirect the following output into fifo to make sure that containerd -+ // still can read the log after restart -+ logrus.SetOutput(stdout) -+ - if err := executeShim(); err != nil { - fmt.Fprintf(os.Stderr, "containerd-shim: %s\n", err) - os.Exit(1) -@@ -110,7 +120,7 @@ func main() { - // If containerd server process dies, we need the shim to keep stdout/err reader - // FDs so that Linux does not SIGPIPE the shim process if it tries to use its end of - // these pipes. --func openStdioKeepAlivePipes(dir string) (io.ReadCloser, io.ReadCloser, error) { -+func openStdioKeepAlivePipes(dir string) (io.ReadWriteCloser, io.ReadWriteCloser, error) { - background := context.Background() - keepStdoutAlive, err := shimlog.OpenShimStdoutLog(background, dir) - if err != nil { -@@ -287,16 +297,23 @@ func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, eve - } - cmd := exec.CommandContext(ctx, containerdBinaryFlag, "--address", l.address, "publish", "--topic", topic, "--namespace", ns) - cmd.Stdin = bytes.NewReader(data) -+ b := bufPool.Get().(*bytes.Buffer) -+ defer func() { -+ b.Reset() -+ bufPool.Put(b) -+ }() -+ cmd.Stdout = b -+ cmd.Stderr = b - c, err := shim.Default.Start(cmd) - if err != nil { - return err - } - status, err := shim.Default.Wait(cmd, c) - if err != nil { -- return err -+ return errors.Wrapf(err, "failed to publish event: %s", b.String()) - } - if status != 0 { -- return errors.New("failed to publish event") -+ return errors.Errorf("failed to publish event: %s", b.String()) - } - return nil - } -diff --git a/runtime/v1/linux/runtime.go b/runtime/v1/linux/runtime.go -index ca3674808..eb3927305 100644 ---- a/runtime/v1/linux/runtime.go -+++ b/runtime/v1/linux/runtime.go -@@ -379,6 +379,7 @@ func (r *Runtime) loadTasks(ctx context.Context, ns string) ([]*Task, error) { - log.G(ctx).Infof("load-task %s/%s/%s Pid=%d", r.state, ns, id, pid) - shimExit := make(chan struct{}) - s, err := bundle.NewShimClient(ctx, ns, ShimConnect(r.config, func() { -+ log.G(ctx).WithField("id", id).Info("shim reaped") - close(shimExit) - if _, err := r.tasks.Get(ctx, id); err != nil { - // Task was never started or was already successfully deleted -diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go -index eafb0d712..6861df081 100644 ---- a/runtime/v1/shim/client/client.go -+++ b/runtime/v1/shim/client/client.go -@@ -77,21 +77,19 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa - - var stdoutLog io.ReadWriteCloser - var stderrLog io.ReadWriteCloser -- if debug { -- stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -- if err != nil { -- return nil, nil, errors.Wrapf(err, "failed to create stdout log") -- } -- -- stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -- if err != nil { -- return nil, nil, errors.Wrapf(err, "failed to create stderr log") -- } -+ stdoutLog, err = v1.OpenShimStdoutLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stdout log") -+ } - -- go io.Copy(os.Stdout, stdoutLog) -- go io.Copy(os.Stderr, stderrLog) -+ stderrLog, err = v1.OpenShimStderrLog(ctx, config.WorkDir) -+ if err != nil { -+ return nil, nil, errors.Wrapf(err, "failed to create stderr log") - } - -+ go io.Copy(os.Stdout, stdoutLog) -+ go io.Copy(os.Stderr, stderrLog) -+ - if err := writeFile(filepath.Join(config.Path, "address"), address); err != nil { - return nil, nil, err - } --- -2.27.0 - diff --git a/patch/0081-containerd-reduce-permissions-for-bundle-di.patch b/patch/0081-containerd-reduce-permissions-for-bundle-di.patch deleted file mode 100644 index fbac4f8..0000000 --- a/patch/0081-containerd-reduce-permissions-for-bundle-di.patch +++ /dev/null @@ -1,138 +0,0 @@ -From fe70d9e0048502addcbeea5399f2da554a14bd78 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Tue, 9 Nov 2021 16:25:09 +0800 -Subject: [PATCH] [Backport]containerd:reduce permissions for bundle dir to fix - CVE-2021-41103 - -reduce permissions for bundle dir -reduce permissions on plugin directories -fix CVE-2021-41103 - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/6886c6a2ec0c70dde1aa64e77b64a5ad47b983c3 -https://github.com/containerd/containerd/commit/7c621e1fcc08bcf5a1a48b837342cc22eada1685 ---- - runtime/v1/linux/bundle.go | 56 +++++++++++++++++++++++++++++++++++++- - snapshots/btrfs/btrfs.go | 8 ++++-- - 2 files changed, 61 insertions(+), 3 deletions(-) - -diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go -index 0442246f9..90a10862e 100644 ---- a/runtime/v1/linux/bundle.go -+++ b/runtime/v1/linux/bundle.go -@@ -20,6 +20,7 @@ package linux - - import ( - "context" -+ "encoding/json" - "fmt" - "io/ioutil" - "os" -@@ -30,6 +31,7 @@ import ( - "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/v1/shim" - "github.com/containerd/containerd/runtime/v1/shim/client" -+ "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - ) -@@ -63,7 +65,7 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - time.Sleep(waitTime) - } - -- if err := os.Mkdir(path, 0711); err != nil { -+ if err := os.Mkdir(path, 0700); err != nil { - return nil, err - } - defer func() { -@@ -71,6 +73,9 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - os.RemoveAll(path) - } - }() -+ if err := prepareBundleDirectoryPermissions(path, spec); err != nil { -+ return nil, err -+ } - if err := os.MkdirAll(workDir, 0711); err != nil { - return nil, err - } -@@ -90,6 +95,55 @@ func newBundle(id, path, workDir string, spec []byte) (b *bundle, err error) { - }, err - } - -+// prepareBundleDirectoryPermissions prepares the permissions of the bundle -+// directory. When user namespaces are enabled, the permissions are modified -+// to allow the remapped root GID to access the bundle. -+func prepareBundleDirectoryPermissions(path string, spec []byte) error { -+ gid, err := remappedGID(spec) -+ if err != nil { -+ return err -+ } -+ if gid == 0 { -+ return nil -+ } -+ if err := os.Chown(path, -1, int(gid)); err != nil { -+ return err -+ } -+ return os.Chmod(path, 0710) -+} -+ -+// ociSpecUserNS is a subset of specs.Spec used to reduce garbage during -+// unmarshal. -+type ociSpecUserNS struct { -+ Linux *linuxSpecUserNS -+} -+ -+// linuxSpecUserNS is a subset of specs.Linux used to reduce garbage during -+// unmarshal. -+type linuxSpecUserNS struct { -+ GIDMappings []specs.LinuxIDMapping -+} -+ -+// remappedGID reads the remapped GID 0 from the OCI spec, if it exists. If -+// there is no remapping, remappedGID returns 0. If the spec cannot be parsed, -+// remappedGID returns an error. -+func remappedGID(spec []byte) (uint32, error) { -+ var ociSpec ociSpecUserNS -+ err := json.Unmarshal(spec, &ociSpec) -+ if err != nil { -+ return 0, err -+ } -+ if ociSpec.Linux == nil || len(ociSpec.Linux.GIDMappings) == 0 { -+ return 0, nil -+ } -+ for _, mapping := range ociSpec.Linux.GIDMappings { -+ if mapping.ContainerID == 0 { -+ return mapping.HostID, nil -+ } -+ } -+ return 0, nil -+} -+ - type bundle struct { - id string - path string -diff --git a/snapshots/btrfs/btrfs.go b/snapshots/btrfs/btrfs.go -index a89b55129..da6f8220e 100644 ---- a/snapshots/btrfs/btrfs.go -+++ b/snapshots/btrfs/btrfs.go -@@ -63,11 +63,15 @@ type snapshotter struct { - // root needs to be a mount point of btrfs. - func NewSnapshotter(root string) (snapshots.Snapshotter, error) { - // If directory does not exist, create it -- if _, err := os.Stat(root); err != nil { -+ if st, err := os.Stat(root); err != nil { - if !os.IsNotExist(err) { - return nil, err - } -- if err := os.Mkdir(root, 0755); err != nil { -+ if err := os.Mkdir(root, 0700); err != nil { -+ return nil, err -+ } -+ } else if st.Mode()&os.ModePerm != 0700 { -+ if err := os.Chmod(root, 0700); err != nil { - return nil, err - } - } --- -2.27.0 - diff --git a/patch/0082-containerd-fix-publish-command-wait-block-for.patch b/patch/0082-containerd-fix-publish-command-wait-block-for.patch deleted file mode 100644 index ec9f783..0000000 --- a/patch/0082-containerd-fix-publish-command-wait-block-for.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 31cd7bb5147c42384ffd28e9a64f0c5d5c4f7500 Mon Sep 17 00:00:00 2001 -From: chenjiankun -Date: Wed, 10 Nov 2021 16:10:37 +0800 -Subject: [PATCH] containerd: fix publish command wait block forever - ---- - cmd/containerd-shim/main_unix.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go -index a07932c..37b621e 100644 ---- a/cmd/containerd-shim/main_unix.go -+++ b/cmd/containerd-shim/main_unix.go -@@ -308,7 +308,7 @@ func (l *remoteEventsPublisher) doPublish(ctx context.Context, topic string, eve - if err != nil { - return err - } -- status, err := shim.Default.Wait(cmd, c) -+ status, err := shim.Default.WaitTimeout(cmd, c, 30) - if err != nil { - return errors.Wrapf(err, "failed to publish event: %s", b.String()) - } --- -2.27.0 - diff --git a/patch/0083-containerd-optimize-cgo-compile-options.patch b/patch/0083-containerd-optimize-cgo-compile-options.patch deleted file mode 100644 index fbe2c3c..0000000 --- a/patch/0083-containerd-optimize-cgo-compile-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4ae41b01ba2dfd05e8eae0adac6dc3d54c461117 Mon Sep 17 00:00:00 2001 -From: songyanting -Date: Mon, 24 Jan 2022 11:08:44 +0800 -Subject: [PATCH] [Huawei]containerd:optimize cgo compile options - -offering:EulerOS Server -Type:bugfix -CVE: -DTS/AR: -reason:optimize cgo compile options - -Signed-off-by: songyanting songyanting@huawei.com ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index a7d0888..49a90e6 100644 ---- a/Makefile -+++ b/Makefile -@@ -172,8 +172,8 @@ bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CFLAGS="-fstack-protector-strong" \ -+ CGO_CPPFLAGS="-fstack-protector-strong" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< --- -2.23.0 - diff --git a/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch b/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch deleted file mode 100644 index 130d407..0000000 --- a/patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 53c45a7abaea09e60e0175f192742c74d1be60e2 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 31 Mar 2022 21:30:15 +0800 -Subject: [PATCH] containerd:Use fs.RootPath when mounting volumes - -fix CVE-2022-23648 -upstream:https://github.com/containerd/containerd/commit/3406af86394c2426ce7f55d5f52be2b79f456211 - -Signed-off-by: Vanient ---- - .../containerd/cri/pkg/containerd/opts/container.go | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -index 7647c373c..2ea49b594 100644 ---- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go -@@ -20,7 +20,6 @@ import ( - "context" - "io/ioutil" - "os" -- "path/filepath" - - "github.com/containerd/containerd" - "github.com/containerd/containerd/containers" -@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts { - }() - - for host, volume := range volumeMounts { -- src := filepath.Join(root, volume) -+ src, err := fs.RootPath(root, volume) -+ if err != nil { -+ return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume) -+ } - if _, err := os.Stat(src); err != nil { - if os.IsNotExist(err) { - // Skip copying directory if it does not exist. --- -2.27.0 - diff --git a/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch b/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch deleted file mode 100644 index 4ab36bb..0000000 --- a/patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a6c7265aa68fca3a5023ad2b399799db583fffeb Mon Sep 17 00:00:00 2001 -From: zhangsong234 -Date: Tue, 14 Jun 2022 10:25:47 +0800 -Subject: [PATCH] containerd: put get pid lock after set process exited to avoid - deadlock. - -Signed-off-by: zhangsong234 ---- - runtime/v1/linux/proc/exec.go | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/runtime/v1/linux/proc/exec.go b/runtime/v1/linux/proc/exec.go -index a5f40bd..ff967b5 100644 ---- a/runtime/v1/linux/proc/exec.go -+++ b/runtime/v1/linux/proc/exec.go -@@ -86,14 +86,14 @@ func (e *execProcess) ExitedAt() time.Time { - } - - func (e *execProcess) SetExited(status int) { -- e.pid.Lock() -- e.pid.pid = -1 -- e.pid.Unlock() -- - e.mu.Lock() - defer e.mu.Unlock() - - e.execState.SetExited(status) -+ -+ e.pid.Lock() -+ e.pid.pid = -1 -+ e.pid.Unlock() - } - - func (e *execProcess) setExited(status int) { --- -2.27.0 - diff --git a/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch b/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch deleted file mode 100644 index e17da50..0000000 --- a/patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch +++ /dev/null @@ -1,133 +0,0 @@ -From cf3bde2b5a78d7ba8773eadcc3b28dfb0001aee0 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Mon, 4 Jul 2022 14:34:23 +0800 -Subject: [PATCH] containerd: Limit the response size of ExecSync - -fix CVE-2022-31030 -upstream:https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382 ---- - .../cri/pkg/server/container_execsync.go | 45 ++++++++++++++++- - .../cri/pkg/server/container_execsync_test.go | 49 +++++++++++++++++++ - 2 files changed, 92 insertions(+), 2 deletions(-) - create mode 100644 vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go - -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -index fd54120..1ef93e5 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -+++ b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -@@ -37,14 +37,55 @@ import ( - "github.com/containerd/cri/pkg/util" - ) - -+type cappedWriter struct { -+ w io.WriteCloser -+ remain int -+} -+ -+func (cw *cappedWriter) Write(p []byte) (int, error) { -+ if cw.remain <= 0 { -+ return len(p), nil -+ } -+ -+ end := cw.remain -+ if end > len(p) { -+ end = len(p) -+ } -+ written, err := cw.w.Write(p[0:end]) -+ cw.remain -= written -+ -+ if err != nil { -+ return written, err -+ } -+ return len(p), nil -+} -+ -+func (cw *cappedWriter) Close() error { -+ return cw.w.Close() -+} -+ -+func (cw *cappedWriter) isFull() bool { -+ return cw.remain <= 0 -+} -+ - // ExecSync executes a command in the container, and returns the stdout output. - // If command exits with a non-zero exit code, an error is returned. - func (c *criService) ExecSync(ctx context.Context, r *runtime.ExecSyncRequest) (*runtime.ExecSyncResponse, error) { -+ const maxStreamSize = 1024 * 1024 * 16 -+ - var stdout, stderr bytes.Buffer -+ -+ // cappedWriter truncates the output. In that case, the size of -+ // the ExecSyncResponse will hit the CRI plugin's gRPC response limit. -+ // Thus the callers outside of the containerd process (e.g. Kubelet) never see -+ // the truncated output. -+ cout := &cappedWriter{w: cioutil.NewNopWriteCloser(&stdout), remain: maxStreamSize} -+ cerr := &cappedWriter{w: cioutil.NewNopWriteCloser(&stderr), remain: maxStreamSize} -+ - exitCode, err := c.execInContainer(ctx, r.GetContainerId(), execOptions{ - cmd: r.GetCmd(), -- stdout: cioutil.NewNopWriteCloser(&stdout), -- stderr: cioutil.NewNopWriteCloser(&stderr), -+ stdout: cout, -+ stderr: cerr, - timeout: time.Duration(r.GetTimeout()) * time.Second, - }) - if err != nil { -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go b/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go -new file mode 100644 -index 0000000..c8641d0 ---- /dev/null -+++ b/vendor/github.com/containerd/cri/pkg/server/container_execsync_test.go -@@ -0,0 +1,49 @@ -+/* -+ Copyright The containerd Authors. -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ http://www.apache.org/licenses/LICENSE-2.0 -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package server -+ -+import ( -+ "bytes" -+ "testing" -+ -+ cioutil "github.com/containerd/containerd/pkg/ioutil" -+ "github.com/stretchr/testify/assert" -+) -+ -+func TestCWWrite(t *testing.T) { -+ var buf bytes.Buffer -+ cw := &cappedWriter{w: cioutil.NewNopWriteCloser(&buf), remain: 10} -+ -+ n, err := cw.Write([]byte("hello")) -+ assert.NoError(t, err) -+ assert.Equal(t, 5, n) -+ -+ n, err = cw.Write([]byte("helloworld")) -+ assert.NoError(t, err, "no errors even it hits the cap") -+ assert.Equal(t, 10, n, "no indication of partial write") -+ assert.True(t, cw.isFull()) -+ assert.Equal(t, []byte("hellohello"), buf.Bytes(), "the underlying writer is capped") -+ -+ _, err = cw.Write([]byte("world")) -+ assert.NoError(t, err) -+ assert.True(t, cw.isFull()) -+ assert.Equal(t, []byte("hellohello"), buf.Bytes(), "the underlying writer is capped") -+} -+ -+func TestCWClose(t *testing.T) { -+ var buf bytes.Buffer -+ cw := &cappedWriter{w: cioutil.NewNopWriteCloser(&buf), remain: 5} -+ err := cw.Close() -+ assert.NoError(t, err) -+} --- -2.30.0 - diff --git a/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch b/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch deleted file mode 100644 index 717e4a1..0000000 --- a/patch/0087-containerd-treat-manifest-provided-URLs-differently.patch +++ /dev/null @@ -1,65 +0,0 @@ -From eb6ab2e84ab184321bd649b4def182f93e62b6df Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 24 Jan 2022 19:03:30 +0800 -Subject: [PATCH] [Backport]treat manifest provided URLs differently - -fix CVE-2020-15157 - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 -https://github.com/containerd/containerd/commit/abbb17959f55bbb9b7eb37f965d7dad2f4ea8744 - -Signed-off-by: xiadanni ---- - remotes/docker/fetcher.go | 28 ++++++++++++++++++++-------- - 1 file changed, 20 insertions(+), 8 deletions(-) - -diff --git a/remotes/docker/fetcher.go b/remotes/docker/fetcher.go -index 4a2ce3c39..00e7a47c6 100644 ---- a/remotes/docker/fetcher.go -+++ b/remotes/docker/fetcher.go -@@ -56,6 +56,26 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R - } - - return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) { -+ if len(desc.URLs) > 0 { -+ db := *r.dockerBase -+ // Remove authorizer to avoid authentication when -+ // connecting to manifest provided URLs. -+ // Prevents https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c -+ db.auth = nil -+ nr := dockerFetcher{ -+ dockerBase: &db, -+ } -+ for _, u := range desc.URLs { -+ log.G(ctx).WithField("url", u).Debug("trying alternative url") -+ rc, err := nr.open(ctx, u, desc.MediaType, offset) -+ if err != nil { -+ log.G(ctx).WithField("error", err).Debug("error trying url") -+ continue // try one of the other urls. -+ } -+ -+ return rc, nil -+ } -+ } - for _, u := range urls { - rc, err := r.open(ctx, u, desc.MediaType, offset) - if err != nil { -@@ -142,14 +162,6 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int - func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) { - var urls []string - -- if len(desc.URLs) > 0 { -- // handle fetch via external urls. -- for _, u := range desc.URLs { -- log.G(ctx).WithField("url", u).Debug("adding alternative url") -- urls = append(urls, u) -- } -- } -- - switch desc.MediaType { - case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList, - images.MediaTypeDockerSchema1Manifest, --- -2.27.0 - diff --git a/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch b/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch deleted file mode 100644 index bc4cf4f..0000000 --- a/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 90a3fd55136fb18641c8221792b013ee1dbc17f5 Mon Sep 17 00:00:00 2001 -From: xiadanni -Date: Mon, 24 Jan 2022 19:15:14 +0800 -Subject: [PATCH] [Backport]Use chmod path for checking symlink - -fix CVE-2021-32760 -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/03aa748c11663e87a72fab92b7ab7c88c28bf13e - -Signed-off-by: xiadanni ---- - archive/tar_unix.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/archive/tar_unix.go b/archive/tar_unix.go -index 022dd6d4f..7f3857c7d 100644 ---- a/archive/tar_unix.go -+++ b/archive/tar_unix.go -@@ -127,7 +127,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { - - func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { - if hdr.Typeflag == tar.TypeLink { -- if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) { -+ if fi, err := os.Lstat(path); err == nil && (fi.Mode()&os.ModeSymlink == 0) { - if err := os.Chmod(path, hdrInfo.Mode()); err != nil { - return err - } --- -2.27.0 - diff --git a/patch/0089-containerd-Add-lock-for-ListPids.patch b/patch/0089-containerd-Add-lock-for-ListPids.patch deleted file mode 100644 index 9bfc877..0000000 --- a/patch/0089-containerd-Add-lock-for-ListPids.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9a92dd95046003cd661f8cd76429b2e424907a2a Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Mon, 21 Mar 2022 06:57:02 +0800 -Subject: [PATCH] [Backport]containerd: Add lock for ListPids - -Add the missing locks in ListPids -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/fcf3b275fcd404ddf5fe75d5629d2168742ec0d3 - -Signed-off-by: Vanient ---- - runtime/v1/shim/service.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/runtime/v1/shim/service.go b/runtime/v1/shim/service.go -index 7d7327cd8..435f02e3c 100644 ---- a/runtime/v1/shim/service.go -+++ b/runtime/v1/shim/service.go -@@ -434,6 +434,9 @@ func (s *Service) ListPids(ctx context.Context, r *shimapi.ListPidsRequest) (*sh - return nil, errdefs.ToGRPC(err) - } - var processes []*task.ProcessInfo -+ -+ s.mu.Lock() -+ defer s.mu.Unlock() - for _, pid := range pids { - pInfo := task.ProcessInfo{ - Pid: pid, --- -2.27.0 - diff --git a/patch/0090-images-validate-document-type-before-unmarshal.patch b/patch/0090-images-validate-document-type-before-unmarshal.patch deleted file mode 100644 index f4998f6..0000000 --- a/patch/0090-images-validate-document-type-before-unmarshal.patch +++ /dev/null @@ -1,117 +0,0 @@ -From e3e70b398ff362182797e2d73372f8f654ba9383 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 9 Jun 2022 10:45:47 +0800 -Subject: [PATCH 1/2] images: validate document type before unmarshal - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/eb9ba7ed8d46d48fb22362f9d91fff6fb837e37e - -Signed-off-by: Vanient ---- - images/image.go | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 55 insertions(+) - -diff --git a/images/image.go b/images/image.go -index f72684d82..ad12fe971 100644 ---- a/images/image.go -+++ b/images/image.go -@@ -19,6 +19,7 @@ package images - import ( - "context" - "encoding/json" -+ "fmt" - "sort" - "strings" - "time" -@@ -154,6 +155,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -+ } -+ - var manifest ocispec.Manifest - if err := json.Unmarshal(p, &manifest); err != nil { - return nil, err -@@ -194,6 +199,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -+ } -+ - var idx ocispec.Index - if err := json.Unmarshal(p, &idx); err != nil { - return nil, err -@@ -335,6 +344,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -+ } -+ - // TODO(stevvooe): We just assume oci manifest, for now. There may be - // subtle differences from the docker version. - var manifest ocispec.Manifest -@@ -350,6 +363,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -+ if err := validateMediaType(p, desc.MediaType); err != nil { -+ return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -+ } -+ - var index ocispec.Index - if err := json.Unmarshal(p, &index); err != nil { - return nil, err -@@ -371,6 +388,44 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return descs, nil - } - -+// unknownDocument represents a manifest, manifest list, or index that has not -+// yet been validated. -+type unknownDocument struct { -+ MediaType string `json:"mediaType,omitempty"` -+ Config json.RawMessage `json:"config,omitempty"` -+ Layers json.RawMessage `json:"layers,omitempty"` -+ Manifests json.RawMessage `json:"manifests,omitempty"` -+ FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1 -+} -+ -+// validateMediaType returns an error if the byte slice is invalid JSON or if -+// the media type identifies the blob as one format but it contains elements of -+// another format. -+func validateMediaType(b []byte, mt string) error { -+ var doc unknownDocument -+ if err := json.Unmarshal(b, &doc); err != nil { -+ return err -+ } -+ if len(doc.FSLayers) != 0 { -+ return fmt.Errorf("media-type: schema 1 not supported") -+ } -+ switch mt { -+ case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: -+ if len(doc.Manifests) != 0 || -+ doc.MediaType == MediaTypeDockerSchema2ManifestList || -+ doc.MediaType == ocispec.MediaTypeImageIndex { -+ return fmt.Errorf("media-type: expected manifest but found index (%s)", mt) -+ } -+ case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: -+ if len(doc.Config) != 0 || len(doc.Layers) != 0 || -+ doc.MediaType == MediaTypeDockerSchema2Manifest || -+ doc.MediaType == ocispec.MediaTypeImageManifest { -+ return fmt.Errorf("media-type: expected index but found manifest (%s)", mt) -+ } -+ } -+ return nil -+} -+ - // RootFS returns the unpacked diffids that make up and images rootfs. - // - // These are used to verify that a set of layers unpacked to the expected --- -2.27.0 - diff --git a/patch/0091-schema1-reject-ambiguous-documents.patch b/patch/0091-schema1-reject-ambiguous-documents.patch deleted file mode 100644 index d03ec24..0000000 --- a/patch/0091-schema1-reject-ambiguous-documents.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7a294fa5d943401ed3cb9149f69f1d12f372c374 Mon Sep 17 00:00:00 2001 -From: Vanient -Date: Thu, 9 Jun 2022 10:48:09 +0800 -Subject: [PATCH 2/2] schema1: reject ambiguous documents - -Conflict:NA -Reference:https://github.com/containerd/containerd/commit/70c88f507579277ab7af23b06666e3b57d4b4f2d - -Signed-off-by: Vanient ---- - remotes/docker/schema1/converter.go | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/remotes/docker/schema1/converter.go b/remotes/docker/schema1/converter.go -index 766c24a26..c618a33d5 100644 ---- a/remotes/docker/schema1/converter.go -+++ b/remotes/docker/schema1/converter.go -@@ -250,6 +250,9 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor) - if err := json.Unmarshal(b, &m); err != nil { - return err - } -+ if len(m.Manifests) != 0 || len(m.Layers) != 0 { -+ return errors.New("converter: expected schema1 document but found extra keys") -+ } - c.pulledManifest = &m - - return nil -@@ -466,8 +469,10 @@ type history struct { - } - - type manifest struct { -- FSLayers []fsLayer `json:"fsLayers"` -- History []history `json:"history"` -+ FSLayers []fsLayer `json:"fsLayers"` -+ History []history `json:"history"` -+ Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest -+ Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index - } - - type v1History struct { --- -2.27.0 - diff --git a/patch/0092-containerd-add-CGO-sercurity-build-options.patch b/patch/0092-containerd-add-CGO-sercurity-build-options.patch deleted file mode 100644 index 29ec5ab..0000000 --- a/patch/0092-containerd-add-CGO-sercurity-build-options.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f7d5384097fde1e448649fcacde0dd05b7f2e967 Mon Sep 17 00:00:00 2001 -From: zjw -Date: Mon, 20 Jun 2022 20:08:24 +0800 -Subject: [PATCH] containerd: containerd and containerd-shim add CGO security build options - ---- - Makefile | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/Makefile b/Makefile -index 49a90e6..2bc5dd5 100644 ---- a/Makefile -+++ b/Makefile -@@ -172,8 +172,8 @@ bin/%: cmd/% FORCE - mkdir -p $(BEP_DIR) - @echo "$(WHALE) $@${BINARY_SUFFIX}" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong" \ -- CGO_CPPFLAGS="-fstack-protector-strong" \ -+ CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< -@@ -181,8 +181,8 @@ bin/%: cmd/% FORCE - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ -+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim --- -2.30.0 - diff --git a/patch/0093-containerd-fix-version-number-wrong.patch b/patch/0093-containerd-fix-version-number-wrong.patch deleted file mode 100644 index f2a41d7..0000000 --- a/patch/0093-containerd-fix-version-number-wrong.patch +++ /dev/null @@ -1,36 +0,0 @@ -From aca59a554842337e5e03b300a5f358a3fa9c80e4 Mon Sep 17 00:00:00 2001 -From: zhongjiawei -Date: Wed, 16 Nov 2022 12:28:54 +0800 -Subject: [PATCH] containerd: fix version number wrong - ---- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index 2bc5dd5..44eeefc 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR=/usr/local - - # Used to populate variables in version package. --VERSION=$(shell echo version:)$(shell grep '^Version' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/').$(shell grep '^Release:' ${ROOTDIR}/containerd.spec | sed 's/[^0-9.]*\([0-9.]*\).*/\1/') -+VERSION=$(shell echo version:)$(shell cat ./containerd_version) - REVISION=$(shell cat ./git-commit | head -c 40) - - ifneq "$(strip $(shell command -v go 2>/dev/null))" "" -@@ -181,8 +181,8 @@ bin/%: cmd/% FORCE - bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 - @echo "$(WHALE) bin/containerd-shim" - CGO_ENABLED=1 \ -- CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -- CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ -+ CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ - CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ - CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ - go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim --- -2.30.0 - diff --git a/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch b/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch deleted file mode 100644 index d47d1c4..0000000 --- a/patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 13c66a426dcbb0ecef601c386b116ad7a960896a Mon Sep 17 00:00:00 2001 -From: Danny Canter -Date: Mon, 28 Nov 2022 14:45:34 -0800 -Subject: [PATCH] CRI stream server: Fix goroutine leak in Exec - -In the CRI streaming server, a goroutine (`handleResizeEvents`) is launched -to handle terminal resize events if a TTY is asked for with an exec; this -is the sender of terminal resize events. Another goroutine is launched -shortly after successful process startup to actually do something with -these events, however the issue arises if the exec process fails to start -for any reason that would have `process.Start` return non-nil. The receiver -goroutine never gets launched so the sender is stuck blocked on a channel send -infinitely. - -This could be used in a malicious manner by repeatedly launching execs -with a command that doesn't exist in the image, as a single goroutine -will get leaked on every invocation which will slowly grow containerd's -memory usage. - -Signed-off-by: Danny Canter -(cherry picked from commit f012617edfd887a29345888d65640a7ccd7c72ce) ---- - .../kubelet/server/remotecommand/httpstream.go | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go b/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -index 387ad3d5a..9591a5426 100644 ---- a/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go -@@ -17,6 +17,7 @@ limitations under the License. - package remotecommand - - import ( -+ gocontext "context" - "encoding/json" - "errors" - "fmt" -@@ -116,7 +117,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp - - if ctx.resizeStream != nil { - ctx.resizeChan = make(chan remotecommand.TerminalSize) -- go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) -+ go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) - } - - return ctx, true -@@ -410,7 +411,7 @@ WaitForStreams: - // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. - func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } - --func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { -+func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { - defer runtime.HandleCrash() - - decoder := json.NewDecoder(stream) -@@ -419,7 +420,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS - if err := decoder.Decode(&size); err != nil { - break - } -- channel <- size -+ -+ select { -+ case channel <- size: -+ case <-ctx.Done(): -+ // To avoid leaking this routine, exit if the http request finishes. This path -+ // would generally be hit if starting the process fails and nothing is started to -+ // ingest these resize events. -+ return -+ } - } - } - --- -2.30.0 - diff --git a/patch/0095-oci-fix-additional-GIDs.patch b/patch/0095-oci-fix-additional-GIDs.patch deleted file mode 100644 index 5aa148d..0000000 --- a/patch/0095-oci-fix-additional-GIDs.patch +++ /dev/null @@ -1,198 +0,0 @@ -From f73de44a5b70c85458af955d74f45492ff07926a Mon Sep 17 00:00:00 2001 -From: Akihiro Suda -Date: Sat, 24 Dec 2022 20:09:04 +0900 -Subject: [PATCH] oci: fix additional GIDs - -Test suite: -```yaml - ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-no-option - annotations: - description: "Equivalent of `docker run` (no option)" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]'] ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-group-add-1-group-add-1234 - annotations: - description: "Equivalent of `docker run --group-add 1 --group-add 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]'] - securityContext: - supplementalGroups: [1, 1234] ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234 - annotations: - description: "Equivalent of `docker run --user 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]'] - securityContext: - runAsUser: 1234 ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234-1234 - annotations: - description: "Equivalent of `docker run --user 1234:1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]'] - securityContext: - runAsUser: 1234 - runAsGroup: 1234 ---- -apiVersion: v1 -kind: Pod -metadata: - name: test-user-1234-group-add-1234 - annotations: - description: "Equivalent of `docker run --user 1234 --group-add 1234`" -spec: - restartPolicy: Never - containers: - - name: main - image: ghcr.io/containerd/busybox:1.28 - args: ['sh', '-euxc', - '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]'] - securityContext: - runAsUser: 1234 - supplementalGroups: [1234] -``` - -Signed-off-by: Akihiro Suda -Signed-off-by: zhongjiawei ---- - oci/spec_opts.go | 33 +++++++++++++++++++ - .../cri/pkg/server/container_create.go | 3 +- - 2 files changed, 35 insertions(+), 1 deletion(-) - -diff --git a/oci/spec_opts.go b/oci/spec_opts.go -index 8b599f805..718c48246 100644 ---- a/oci/spec_opts.go -+++ b/oci/spec_opts.go -@@ -84,6 +84,17 @@ func setCapabilities(s *Spec) { - } - } - -+// ensureAdditionalGids ensures that the primary GID is also included in the additional GID list. -+func ensureAdditionalGids(s *Spec) { -+ setProcess(s) -+ for _, f := range s.Process.User.AdditionalGids { -+ if f == s.Process.User.GID { -+ return -+ } -+ } -+ s.Process.User.AdditionalGids = append([]uint32{s.Process.User.GID}, s.Process.User.AdditionalGids...) -+} -+ - // WithDefaultSpec returns a SpecOpts that will populate the spec with default - // values. - // -@@ -459,7 +470,21 @@ func WithNamespacedCgroup() SpecOpts { - // user, uid, user:group, uid:gid, uid:group, user:gid - func WithUser(userstr string) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) error { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil -+ -+ // For LCOW it's a bit harder to confirm that the user actually exists on the host as a rootfs isn't -+ // mounted on the host and shared into the guest, but rather the rootfs is constructed entirely in the -+ // guest itself. To accommodate this, a spot to place the user string provided by a client as-is is needed. -+ // The `Username` field on the runtime spec is marked by Platform as only for Windows, and in this case it -+ // *is* being set on a Windows host at least, but will be used as a temporary holding spot until the guest -+ // can use the string to perform these same operations to grab the uid:gid inside. -+ if s.Windows != nil && s.Linux != nil { -+ s.Process.User.Username = userstr -+ return nil -+ } -+ - parts := strings.Split(userstr, ":") - switch len(parts) { - case 1: -@@ -538,7 +563,9 @@ func WithUser(userstr string) SpecOpts { - // WithUIDGID allows the UID and GID for the Process to be set - func WithUIDGID(uid, gid uint32) SpecOpts { - return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - s.Process.User.UID = uid - s.Process.User.GID = gid - return nil -@@ -551,7 +578,9 @@ func WithUIDGID(uid, gid uint32) SpecOpts { - // additionally sets the gid to 0, and does not return an error. - func WithUserID(uid uint32) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - if c.Snapshotter == "" && c.SnapshotKey == "" { - if !isRootfsAbs(s.Root.Path) { - return errors.Errorf("rootfs absolute path is required") -@@ -604,7 +633,9 @@ func WithUserID(uid uint32) SpecOpts { - // it returns error. - func WithUsername(username string) SpecOpts { - return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) { -+ defer ensureAdditionalGids(s) - setProcess(s) -+ s.Process.User.AdditionalGids = nil - if s.Linux != nil { - if c.Snapshotter == "" && c.SnapshotKey == "" { - if !isRootfsAbs(s.Root.Path) { -@@ -659,7 +690,9 @@ func WithAdditionalGIDs(userstr string) SpecOpts { - return nil - } - setProcess(s) -+ s.Process.User.AdditionalGids = nil - setAdditionalGids := func(root string) error { -+ defer ensureAdditionalGids(s) - var username string - uid, err := strconv.Atoi(userstr) - if err == nil { -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create.go b/vendor/github.com/containerd/cri/pkg/server/container_create.go -index e29cb40f8..ffa6cd614 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/container_create.go -+++ b/vendor/github.com/containerd/cri/pkg/server/container_create.go -@@ -230,7 +230,8 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta - // Because it is still useful to get additional gids for uid 0. - userstr = strconv.FormatInt(securityContext.GetRunAsUser().GetValue(), 10) - } -- specOpts = append(specOpts, customopts.WithAdditionalGIDs(userstr)) -+ specOpts = append(specOpts, customopts.WithDevices(c.os, config, c.config.DeviceOwnershipFromSecurityContext), -+ customopts.WithCapabilities(securityContext, c.allCaps)) - - apparmorSpecOpts, err := generateApparmorSpecOpts( - securityContext.GetApparmorProfile(), --- -2.33.0 - diff --git a/patch/0096-importer-stream-oci-layout-and-manifest.json.patch b/patch/0096-importer-stream-oci-layout-and-manifest.json.patch deleted file mode 100644 index 6d915bc..0000000 --- a/patch/0096-importer-stream-oci-layout-and-manifest.json.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d86db0de932912591e4a3884305547162b87f885 Mon Sep 17 00:00:00 2001 -From: Samuel Karp -Date: Mon, 27 Feb 2023 15:02:01 +0800 -Subject: [PATCH] importer: stream oci-layout and manifest.json - -Signed-off-by: Samuel Karp ---- - images/archive/importer.go | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/images/archive/importer.go b/images/archive/importer.go -index da83275..443b886 100644 ---- a/images/archive/importer.go -+++ b/images/archive/importer.go -@@ -23,7 +23,6 @@ import ( - "context" - "encoding/json" - "io" -- "io/ioutil" - "path" - - "github.com/containerd/containerd/archive/compression" -@@ -192,15 +191,14 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader) (oc - return writeManifest(ctx, store, idx, ocispec.MediaTypeImageIndex) - } - -+const ( -+ kib = 1024 -+ mib = 1024 * kib -+ jsonLimit = 20 * mib -+) -+ - func onUntarJSON(r io.Reader, j interface{}) error { -- b, err := ioutil.ReadAll(r) -- if err != nil { -- return err -- } -- if err := json.Unmarshal(b, j); err != nil { -- return err -- } -- return nil -+ return json.NewDecoder(io.LimitReader(r, jsonLimit)).Decode(j) - } - - func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) { --- -2.33.0 - diff --git a/series.conf b/series.conf deleted file mode 100644 index b0352ea..0000000 --- a/series.conf +++ /dev/null @@ -1,104 +0,0 @@ -patch/0006-shim-optimize-shim-lock-in-runtime-v1.patch -patch/0007-shim-Increase-reaper-buffer-size-and-non-bl.patch -patch/0008-runtime-Use-named-pipes-for-shim-logs.patch -patch/0009-runtime-fix-pipe-in-broken-may-cause-shim-l.patch -patch/0010-runtime-fix-pipe-in-broken-may-cause-shim-l.patch -patch/0011-runtime-Add-timeout-and-cancel-to-shim-fifo.patch -patch/0037-containerd-Fix-fd-leak-of-shim-log.patch - -patch/0001-grpc-vendor-grpc-fix-grpc-map-panic.patch -patch/0002-sys-sys-count-steal-time-when-calculating-Sys.patch -patch/0003-oci-oci-add-files-cgroups-support.patch -patch/0004-runv-vendor-runv-compatibility.patch -patch/0005-containerd-add-spec-for-build.patch -patch/0012-bump-bump-containerd-to-1.2.0.2.patch -patch/0013-log-support-log-init-pid-to-start-event-log.patch -patch/0014-event-resend-exit-event-when-detect-container.patch -patch/0015-restore-cleanup-container-pid-1.patch -patch/0016-create-runc-delete-force-before-create.patch -patch/0017-exit-using-init.exit-indicate-container-is-ex.patch -patch/0018-containerd-shim-Dump-log-to-file-when-docker-.patch -patch/0019-restore-check-shim-alive-when-containerd-is-r.patch -patch/0020-events-resend-pending-exit-events-on-restore.patch -patch/0021-containerd-Update-the-version-info-of-contain.patch -patch/0022-containerd-bump-version-1.2.0.4.patch -patch/0023-containerd-set-create-and-exec-timeout.patch -patch/0024-create-cleanup-runc-dirty-files-on-start.patch -patch/0025-restore-skip-load-task-in-creating.patch -patch/0026-exit-optimize-init.exit-record.patch -patch/0027-log-make-tester-happy.patch -patch/0028-restore-delete-task-in-containerd-restoring.patch -patch/0029-restore-delete-task-asynchronously.patch -patch/0030-event-fix-events-lost-when-loadTask-failed.patch -patch/0031-containerd-enable-relro-flags.patch -patch/0032-containerd-enable-bep-ldflags.patch -patch/0033-containerd-fix-opened-file-not-close.patch -patch/0034-containerd-add-buildid-in-Makefile.patch -patch/0035-containerd-fix-the-path-of-containerd.spec-in.patch -patch/0036-containerd-support-container-start-timeout-se.patch -patch/0037-containerd-fix-shim-std-logs-not-close-after-.patch -patch/0038-containerd-support-kill-D-state-container.patch -patch/0039-containerd-modify-containerd-shim-to-ad.patch -patch/0040-containerd-add-shim-exit-when-bundle-dir-does.patch -patch/0041-containerd-fix-containerd-call-runv-delete-directly.patch -patch/0042-containerd-close-inherit-shim.sock-fd-to-adap.patch -patch/0043-containerd-run-state-with-timeout-10s.patch -patch/0044-containerd-add-copyright.patch -patch/0038-containerd-add-timeout-for-I-O-waitgroups.patch -patch/0039-containerd-fix-shouldKillAllOnExit-check.patch -patch/0044-containerd-change-tmpfile-directory-when-exec.patch -patch/0045-containerd-shim-disable-fast-gc-on-arm.patch -patch/0046-containerd-support-hot-upgrade.patch -patch/0047-containerd-shim-exit-initiative-after-3s.patch -patch/0048-containerd-modify-shim-initiative-exit-time.patch -patch/0049-contaienrd-modify-shim-initiative-exit-time-for-post-hook.patch -patch/0050-containerd-warp-and-process-return-errors.patch -patch/0051-containerd-add-timeout-for-containerd-shim.patch -patch/0052-containerd-modify-runtime-root-if-containe.patch -patch/0053-containerd-add-pid-check-to-avoid-poststop-ho.patch -patch/0054-containerd-clean-up-residual-container.patch -patch/0055-containerd-add-LLT-for-containerd-shim-timeou.patch -patch/0056-containerd-save-dumpstack-to-file.patch -patch/0057-containerd-add-timeout-for-delete-command.patch -patch/0058-containerd-use-git-commit-to-store-commit-ID.patch -patch/0059-containerd-add-GO_GCFLAGS-to-containerd-shim-making.patch -patch/0060-containerd-do-not-disable-cgo-in-containerd-shim-mak.patch -patch/0061-containerd-check-if-bundle-exists-before-create-bund.patch -patch/0062-containerd-use-path-based-socket-for-shims.patch -patch/0063-containerd-kill-init-directly-if-runtime-kill-failed.patch -patch/0064-containerd-add-sys-symbol-to-support-riscv.patch -patch/0065-containerd-add-blot-symbol-to-support-riscv.patch -patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch -patch/0065-containerd-fix-dead-loop.patch -patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch -patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch -patch/0068-containerd-compile-option-compliance.patch -patch/0069-containerd-add-check-in-spec.patch -patch/0070-containerd-kill-container-init-process-if-runc-start.patch -patch/0071-containerd-fix-containerd-shim-residual-when-kill-co.patch -patch/0072-containerd-fix-deadlock-on-commit-error.patch -patch/0073-containerd-backport-upstream-patches.patch -patch/0074-containerd-fix-exec-event-missing-due-to-pid-reuse.patch -patch/0075-containerd-fix-dm-left-when-pause-contaienr-and-kill-shim.patch -patch/0076-containerd-fix-start-container-failed-with-id-exists.patch -patch/0077-containerd-drop-opt-package.patch -patch/0078-containerd-bump-containerd-ttrpc-699c4e40d1.patch -patch/0079-containerd-fix-race-access-for-mobySubcribed.patch -patch/0080-containerd-improve-log-for-debugging.patch -patch/0081-containerd-reduce-permissions-for-bundle-di.patch -patch/0082-containerd-fix-publish-command-wait-block-for.patch -patch/0083-containerd-optimize-cgo-compile-options.patch -patch/0084-containerd-Use-fs.RootPath-when-mounting-vo.patch -patch/0085-containerd-put-get-pid-lock-after-set-process-exited-to-.patch -patch/0086-containerd-Limit-the-response-size-of-ExecSync.patch -patch/0087-containerd-treat-manifest-provided-URLs-differently.patch -patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch -patch/0089-containerd-Add-lock-for-ListPids.patch -patch/0090-images-validate-document-type-before-unmarshal.patch -patch/0091-schema1-reject-ambiguous-documents.patch -patch/0092-containerd-add-CGO-sercurity-build-options.patch -patch/0093-containerd-fix-version-number-wrong.patch -patch/0094-containerd-Fix-goroutine-leak-in-Exec.patch -patch/0095-oci-fix-additional-GIDs.patch -patch/0096-importer-stream-oci-layout-and-manifest.json.patch -# end diff --git a/v1.2.0.zip b/v1.2.0.zip deleted file mode 100644 index 724bf394bd7162f785ba610c34d47eaaacd32813..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6508906 zcmeEuQ;;apmSx$tZQHhO+qP}qvTeKSmTlXvx@FsQ2mN|p&+Cqui20n1$c+5ic``EA z+B$osf;2D)6u^H!;zBiK|HsY$x*!5T0vOxdxfoj7nL3%!GSV^8G0>~3fC2z+1J7$K z{4YC*|6vDcO0Y5q1OVUx1^|Hfuk7dy9UR)%ikU}%kQU^+zNs=jBZHS=Jc(8E6K2pl5RTAhW%3Bvrr9qn(mP~qS!zwpa z=gPF~WK*F6I=e5hektZ*Y8FcX0V%yF{Qw9nGn#V(fn`Y9N-)s0|I23xaqZ6&QhG*e;=H1S9#mZV`2# z9Olw<#u`&Zz5%b*^j5ekhH4%rHC2+iI*4j@aD$R4bFe6wgmrf}`E zK76~(VdHt0ew=JL8qKxJHd3=u)kk;bb?3Oh9yzKs#h(Uuq8;H6_DYSF0f_g$Kehxh z8*1e{3Y*NYX}9pN^;aW68$jJEQ*)8&mI2ooGGgoH&OFRNUS7H+%!ZvDPVG9vUdaX1koe3x>Pva>K#*Y!S*GaJb#9*4v*l7mVDb(XAfSo1$d<4IIOJ zIzX+PR#>S!`RF6V2*@#v3F|qt}rS-tqKe%!DOLvT@>V z0gDPyvD2PdeCqAmVn-CVn2=top^IGH42`&12iyM}DgI9~Vg5@}m|MD7xElRuq&gG* zB}wv^R3;z*095~#y`-|Ts;It-sH}pFpo%D+t;s(KmZK~i|CeChAL=mdqTVz_c#fgm$i1lEyX0+TRvzKe>+CwopP62$Y;0vp3zI%+4QH4F*+MUReR&An`Nr zVR0UGuZxj-!Y*C1f|i5(V$W#p*)iNQu%#Ob{2;bcMiBQza= zEk-`5`WnImwxY?Phryy@EKrG-R^SOzYd}zIZm0>uK^`zAM(DJh9k4tF5H=RlqHc*% z*^z!1qlegPvm}UeQ|vQGnyd#YlZh~CH>4p5LBWZ3{lQ|1KXXwOuJ8ktfEl1hPhmx% zRTeuXas1V}>mPP?e__@cy!>w1^ySp1ZM%YiwTa15*t)HtqgLC#;DVdoW=<-tG$iWT z?2~_uf{XbIkoaPlnXrp=aBseVWQ#+tKa!bqc-_AA4NZ*H$|^wM06JX8H-1Ya@|NlO)&&A{(oNkgIPgx z=kL0~fB*o*|9WkETT>T98%sMEQztqrXM4MUyo2tq2D?E5gfMr0P@_l`Q9Q23QbqiH zrLkk{;@G8vcnlv0vrqi}EWq$as*CjgBKLJzih|BgV zKtmx?$q@#L@%z}-=?SrN_0|a3TM~9Y5QTVR9-I7mJp-zl?Ivr0f2bE z%ob3ldcl&2J|x+|k@L1hq}R(Brg?I^g1CxF??kc}Il=Ms%22 zF!C;p#_EI3_XgscfE3zx4q+c{#qil-!Bw<>ELb|7DeLPC*~95jBqQ1zQ$2i?m1N7N zY>R66Dn(1g2s*=IP-)dZ>{W^yHdvF9B6X21+AG(~@?O zY_+wCIiBPn;qM(ZIjtVEQJ_#w(FLWB}-VtRc24FdP>~qTdhEApGY{?y` zu#Z5T)ipOZl`s|&#x?D;A)X}dukCkojeDf%wwg~LjgP1dscM@MOKd#C*xVh|JRzRod(z0hIiu04DymbA4VCgIUXw1Y?Rcdc1X(mV z*vd|kgUkwCvbu4P;qXA+pqyAberL;-COO9#08S+K0a>E1Z!k?X&lI1cymMfFkB9a* zqLk`S*~TUM)>fBmP<)nM+M58Rly4!|rPSjb79zJd6;6d3IlI9=(no5nYT@HPP!4zU zg#J0*=@B|hcj%%27QUCa%&3oa)QId(mJThyzixfi-0vOddvfdTDe;R$qH(x7a1$8oMhzSqsqkfo>61)2eRQ~`KCe?jHsm+k8?^ZJW62dm zmED&U7EJjt=LuPeD3t8B@b)71Z3+V6mr+z^PwM52?ae;CyEPD9MUbv&UxFOdyxk`J zI8r_XCmn6qH35KBllyfPoK~VKjh?h+VZQk@iOl+d{2Mm6KX~__5qz!oI*ASr08onn z0D$u^neO6b=w|8s&)K5Jw$nKWQqPNWxsy_vTN=|JcEa&SZ4h9>PcRrr8(YOj5}Uw= z7*cHE>A`p#h+o+za%N`c_5iMJ?@3GBd0GY&!?Xx~eZy+|fM#ud1~ z)KS1Y)BtFmplM1e&^E2<8_#UWaCL_gF?Bts(3#<(w6zos!OgH5Qrtv_%=uA4ji$Ch zK)r~*f%<|iC>dYPaj6U~|jW%TQaR_cU`(lIrihX>Nln0XZ4ZcR+BMu8Kn1MKgE;_+V-{$M06512!3zueEa&n7IA`ON zlvBX@{Yuc{OIltklgk0vUf3ll-StR4BK*em4HCQKSN{Ws^R|SnrNp*jSon@ro&;=C zhXGarVFCEUDn2qbFLQ1cN$O=kTAlnelH4%{$uLhdLKE&&JFl0}YfzX|a*gfc`io|d znl9P6gdo4NzywqhBy!G(AX36XZ=wJ)bT2cxoX~|r&g0Pep(Lic3FdcqAlniSV9l)U zW=)XZoDlj=oAAjV|K7np%`BY&rVfdvC*Zd?xo7Nee~MPe@c?dyGJi%mr?Vf>kupf$ zZ@p?+93X9o_+6_FPVG&ST4GQ7@}4eulRGOUqPhHd8!RN+sj|97pm$4a@Fl#tp^3j~ zxM{C5rW2Y%l{dS{EeCx_GO z_u7le!MMo?K~7J!GCDzc`_Z5Z{3Bcq@(8nG zOQC$EpVS`wM+@+f@0--7iKeDW567DPgrP$fv*`*yNV6wj`~5fU48MGfA8*CRfvF$@ z8h?_<;{_MQ0|*HLl;eQ#cBvP>%X|y|fW{S>)#j!Eo6qjJW`d!08;^SQFIlMs5bk+BY#IvL z0{i*IhVofQye9@F4l{iZwVY^PJGc?32_}gWXBr)HUVDC4dFOM4I1*8m!;&N>OnG$w zs5}}c4xLFg>GaPWBZ2pML-RT<$qk>r^H@4_aCXs+P)f4R!T#cDUcJsopk=F>h(r3+ za4Ds)5%2NtXgeD!ulpr9@)85O9XgM5Fy(q^dD7sv42QL>W0ov$+F6=VNvBX|R9 zIp*Z`?U=awrYhPCIdvlV;yL#mGFOe(-;x$TnskPi^Au1os=x1?f zwmNk-WLMya7`v&SBlmk}`PL_)$>*mJk&Cl+4_s*UhO7d+z z=d`Uj{ETb7dXyL^DO z6IRdjc*nNp4tVL<(b(wWR)?Itp1pdysNkta?%L>E&UBUiWsCdr6NSl>FGEv1xhgMJ z>qWty9b+(@C+@|056&^w%9fp$YcwTVb60qD>!M$0cO`1=dS?1mnGM*RIi;&;EmIyD zizi>I!St1efg>lm^q5vIr^Nfp08kwtT-ohK$?x z4#Rzww&xDQC42uvZrCx?7DfRN0N_vgpF~z6RY@5UNjdTVy-b|e(steyOZ8*(6OGTt z(xwAUMja)tT2U@}MO)@*olrVhUnq?snj1Z(pA;Uq29iqXSc7;2`CIUfM@!a<+lV0M6F0(~9h$tavMKD(`O=cgCiYcdN zWo=fJmrkO_P(q7*f6^&Q`5Mw*AReo4rY;b!#a{X?*Jl9bmpv}QP08sqR{>uE9*ep5 zJ9ut_Uahvu8f0b+({Hq(=+t$-Zvv$_g%PK4rdgL3D&VT8o>B29l9r^F12h`J@ipz1 z*7X6Ix9Pl=GQWir)Q^uXiPn`>-iA4^ZG6yE!vuj98T zc}n`BH29lc{jwqE0ljoQXH3zP8jH48075cx8Q@$Mt~N^Hg#nYcR%>=*Vg=}v{)&F=I_j<05Xrh#lS&7%-OSR#+{j8=DRNw^GE!M* zOr+^1Vk3lU6htG0rnonx=n9(; zv}$&hpm5u2fB0g*f?Uqe9 zY9R=6zwi)Aj4S<~^GzLDova4vIpIBbXA zA?L@vhqATp8Nt!;P53ur?{ICOcRtXW$97mA!=U%fjXNxW$Y<$?kYu0Ui8Yrjj>{lI zF~0f4dfrGyMHSOp^fyC2B-b=cknvbxb0uwRm`q01nO71`=RE|HHn!oH80(#5V75?@ zaZdO0)E)xVR7fUTN-32QF@u4hw&+mu+7krm%mM=aOj4DMS$0uQ_nZtJIK8HJ?eg}3 z%J~diTfe}3tq!pUZvIj~ujnvGJKS&*o#-%(e@JwO?I}rRAWn*~TWJuNC=6XV1fc}X zDMhC#VZT8qoHYw+OA)NVmK%Jif2RdFLzS23mdMn23;NkeD+4qk!mwoAfDjB1yM~Ob zmI9YCa*bI<7m1=GV0fz5{S_!i=$<&$Bq-WCg^sP4uC_g|kza-Vv;hK7?1%w*nNX=W z!E=tl`w;8;5p~cuapS$ef)2`;%&yMrt*7rhbLFg`l8{Hi7$g8HJHDUi3z23a(jz{c zC*r!ZlxwOyd}K#Zr(}epDbU0FCu1@~cE119h&~z|lrWsL$*9EGTp%tC12D5fdtf5; zCP@(m4rwLtT1H}DBF?_I#9jo3K%QMirq01y3@N*V>s=I}g68d5?su+tC@ zc@FFcQyD&G*j@VT66!m=3%Rqy(YC|){(UG{Z`T@ZJ|D=(7Tyyo9UD7Y2v8kZq@s-i zCP-_Owyd}<;{;Dw%fONTGBK4Deoh5-pCoXGH+g~(&qV+Vs$rtuSs}?q&U~#Rs#ocZ zccz{5juAjkh~(uAff~c zYAo#eO@42;sf^w7cCbnz+60C{KT5xrEwTwz$_b6!kX`wJe*%KL(rYxY4xJ$qL8QSH zPfu%SglXQNjMEKU6ybBq(cK`WL7Hq9o<-iVCWAvCNq{w{VS*B*){Mmv6m=yrauBbR zMk+b2ZQ4cJ2~FRQ!Ru6$S3sf_r0Kh}uMDQ7D~_<4k;^feW=yz`V*>icW5!>Skz>x7 zruKk)!6irAsJbVDl;>#H0%(}U%=n^t1bK% zN92(TH5=~y$@_uXR+|33Jv4OTh~KoV9+9}4`5cJ6%(1wNG^NK~pY}Gy1!RpzAj(gZ zon=w%sZY(8>ZFFhKxhaqux6S4A-4U`#84I_8E!oIYTmgSeRiV7{QQ}Lz?NV3feDoOJzv?>Uy)pCzaPrG5(^)TDLa4iCuH-63Q(`>X3roI9doCXGoAhly5zVn=m=2h z0Y^1&APW_$>%8}nm9wl9-VZELN~~#oSgN_7za5+XQy>Spf>zhU>llh0mY{6qtm<^Y z)-E~`07*{6^jbTfr#e}cPo|8c?bD8x=><0ZO;^3uljd6beWWMkW*9c~iv$Rrk4Ksk zZDOc%wkM0YO1!W`?*L)3@BX$Jm=$p;tS~5l zjFW@kVs8*wW0t_DvcD?G6&COeh((gi-&WZlmp&YvXB+JadeF&#^amOZvVH>vBhLO3KRFtKs6I)p2cHw<*l}uKANxwx8TzU~H*u)vc-~I>l+@~kfz)`r=!>1W zHC+v%6Lr^^N(x0s|IDvK*d5AyP@Y|x!p3V0En}Gjg|p~T2ewYstN_$JYaIJBxz;gA zB~LG1uPx8M8}c{>G630erGru883v49m|HCEscu|A!PJ#d;X6Kejd(+c^Uud z;^+F=V$x+s#&>?1d>$V+-?*HdynL_!I|qv7ta^OX;Son}rW!fnDx@J5^k(f7X8dZ4y;7(icb?uprl=-$Aky zk?2w>q3?6@=!>=iVcKJTMi3%6ekh9W*nA-2UMO@sV-=fn?5w7r*zp}OIRPmOoB8D) z+-wGt9St%5Woi)Su%{$s$kK}Z(4gT?cUaf&Sj?Uv(-sv#!Bdfr({hWs2&13{7Tp4n znRcUI;@8v6eS~iBxAaMmUB$rV#K6d^rtPImS&`KPegeCt!=%Ig6@SUE>r=kyFt=_m z#oo2dT%zfBJz&6gYhRL|P|Ay?_{~yWN0!iMwE5}y!L)8>&DUJVCzIxr`qi`>&$Wfb zU?0rUFG$^#1pv))Q_H$?-tEp&OGY|X7}1rK4tYFNM&@-c;>{&7r(|f4sUGfU?CD`9 zTWn9sLNO<*+H&mskQmNTx$cKs64)B}imZ(h20AfY1xZ6OQHveZW(VQgST!3T4ZSI| zBYxlbr{mM=PnHL{x)LwUMNNy3aLstY9`KWff=?#vqm0pU$$L#+ z5`z5+j5#0;b$N8Z|?d8CrsXf zi(BN@!mo;~=eBJ9&;5iR57nLC+v)+Li#C38`3xD+oeco#Zyd4xzP3dkVA2-K^--*chulAEpF z-__#D8%PfJ_H=q4a)5h~^xvCKP21HEy6IF;ma5QmKg$~BvgCZY{goqnC+(7-DSCV# z{&bq7UxgRA^Y{4qa^U<)e9pk`^xnSJyMCh9d2?v{wk1ZZ(!P84bM5re*r{VX*#6S; z+1f%i@_jM%_5Zk|_0yeGZkwDQ^m=;`{|p21VMcGOT*<)`;AZzfUe0(Uo(|cZEJdtI z%)!_z4{oeMZmbfq?1)m2+|Xd;QiZ7UvaW0xs)MG7%ByL{uHK1z?fxaF^1GyR=$V48 z(u8m~z{h%ITkn%V1{R-%$9$qeb=#pbt-(AhrIcT*dlP;DhszYS90dBw0mTXDdF0%G z(NAxt1a(jk4v1}A6B4=;m-p!E7iGR%BceOWyG&%mAaLTd)L3FM2yGwCZ8f^_9$;O* zT3j1gFx(1D=r6TUcvwo^J%o}eczuy@~h1`fDiTi z!TF93z#6!|0CtTNppgVlRa^{075yp5XBoNU$GusOWVHsg-;*=7&UJ(O&ErM2V#%hW zc=&n&UO=`j!lD8D=px_s^HeyVmBn78a1X$ZvTezR6GQ2npT{yN7aut2=gf9}m&?~El@Lx9l1u3$t=sJo0!LKo}C*n6U(fnv$8i8wsg9KDu;PR3Q^G~xz{HsGzZ19lO zW#CUuvvH6YN>|er!jd0Gw**Q0F!wIT1Dzj(lK7Z>xRVFlH!G#28F4;7*YaY%e88Z< zUlUo#a0Vo#Df2rWV$uO@xcsZt)Bs50mDrs&Lq2C6Dg;=D0cc9#NiiJ>^Rd$b@#1br zQiH--GgRS#SI`<2=2oJA2LYFpuRqr_(|}lnGn|CJ9u?l8UVeg%FQpHYdq-kph9w21S>)dCr#s=}A3Y3E zej@pTcC_NN=Z!JD;YPZt3RA6FV&qq)rxk_T2#uSks>&oj5`4*kX$!UJ=QuN|stsOb z1xTndl@u);voc{h&rq_!H9bFiYJ)iL8PR`ywS*f=o_>x7dxS){vRncVmGu!~)bS)k zBEf8htqI!AQ|=i{G!j^1uXjZ@*o@WggM-HlbXRam_*0xK54sWI@EM~9La*HJ-Jo?O z0;-tNI_j}Y#b5?o>hZVA(QQF*@+i$n8-C&&V4_iiCCO(67y2~m6()LD;Byw1zYaG87TM@ z2PG{b$-2Pbe?2-eYD4N&vvn#8Mw~=3RvqgG9H$)@SIKj=hNS0(^%jXhpF;M862ri2 z9U;yUb>YgHIWKtMy5J{v+7yWkI#H6n;~MgX5Oqq-bU7>`QlDAVx1)5_&Xt!_b_>}X zHwuUODmsybjd0h%yRLF6m{Akt0W?t#F)n!Klb0MK_r)mm$@1IQvTsMHHsRLnY*gU! zO6N1E8LG_}J03qhWi3WW$G2L~#;lQLQc+Vd1tlX8L)aSC*W&iC6WnYJ{vCje25y_|DMhxyyV6!DK1%|(_)-x9{;EGcKZCHsZJ^Wy zqh2wG%*E0UJMr2Y&}tz9SJ;q&c)fr*?MqzmBgoNR_LG)=Lq620?<8j37}UP+WEqwW71;(_P>$xFJ`^MMSCSD203*ORV=i6hM`L zug5){p*|p*RGnBQ7oz`R>(0Taup{0yFH_>J?RC6VwPe@ z@}HPI^rFP@c1yr`EsET9Kn4x@J_jJ=<*!J6in0d7Irc3{*-V@#7;&hd^GM2|j55Qe z2^bX07Gl1oA!5YG>GYm~s*bLGD55u^8VPg=tx!EM{pdB&3-$8V7*IV~(Jd3?!p<8V zDWf4aWfUMB<-l!!`y|jb@j5}xh-}z^M-*|t=KFqRtH%~wGo)XcCDe-5B484Qs#K%8 zb+W*`h-z;DJN;l>pQZF3B*i0|anGaA9eV-omK{VuYO>!)t`UB+aaELjIj%_j3YoB; zx6Hin_sA42FN^B^PYU9O5rUot-7(0wcsp#oLw;i{P#|l+;9?3lWS`BLwl=8(lV~7% zIIj#Sy8~e5;L&Yz*rfv%_Q6OmH{8za640nYc`7F)KtjzEmSpi`#}m+xP-$)69HDQtBvMIY~?AA|gM2$eSc{f&22E$FNNeU%XJl0#}?@*3C%S7bT>&DIa7d#(`{CI<{-9}Id@WU1;LGb4Qc zq2*_TVQy#JZ;QeuRRr4-Ltf;7q<-~3P$&np2~{z~oUzre15We|uPhs#4yHp!jh#fw z`g5fcmdeUa9zLb0<7Li_DH3>gIkFFlK;~_#NmMwR>@$gxQpPy4BTNm-oM#|paBsPp zxc+~}K(T6v&E9tcdWid;y;x@Qxh>J6^3vf78DSIFW zSjKb?*p1x!ftBiwY$Dy}78UpKeZv&QOLJ8+1bG1MSt3-qE#LIcnqO|+0sR3fU_gcl zY0P*!m_o9Fm9HFQT#f zV~wUEpXeRxKoj`4u0tG<7;?e;-gtRtc|`zx4hmu ze(n1?k1nU$Lt}So0(^O|sVvq2Z%;X>bHJkCX0vuLOU$12v5KJc3Eib3uxF*+H_vnK ziFj-QtZpDSax0&&kujHlc&lZO{6VidnWh=t+5Pi(_YnoXd)285yMssH=onSNza#L` z0P|K=cu;N*k?YE43CXUJARx@gWUfNDD9|_Myd$D*d)Ooyo19-i=7pLJieu6KF%<%r zvTe{)q^k`=8}1b>sA%(U@~!`rlMFt=*ssx+!2I-@)sJ&2j z!CN$dVD>g}`)V8zxDi66$3?;HG{o?;Mz19oNv)4nb^_oo#DPgzJs$Huc;^O+2C{rq zp!z8X0bx4KFiXre9+q zXW!&nD~fEXRE0YSr~@$7(Zx;{T0=wvb;PMlUGQpT+f4nOVA5f9IoYasL}+JDMmCGc zvCjm=n*|yzNgl#!u$VV6T=xNbw6~3PyC1P|zH+Yvgsh{0A+;kx^+gticcxXv9LngQ zQQt1S51{ZP=*M(_LWqDoMd}z=UNz14bUGe*frlM!j*NMcDnyyJv24f2eMkjzaD>EP zhS5QGffu!Guk8fPwH{b~&fBH-cM*gb*8z?`eNk}k{=oB$rhSVyqF5lU+ZHW}ggUTG zi$Y|IacH$+13m)u5k__{zSR5JXRW1h^RIp``vd%Q6)Sq~{=5nU0ANV+p9~Yq8d{s0 zS=#*jxaYLiw%g_iVh>ub5wJ4hK2iV;d8}}#97SZJhm0~6<*=izcwirBB!)krfMVm+ zh29IK*S7en_7md!^feHOtyD`+aqMgZ+)NZ~#goaV4(su`E785ie9_2%MQipLH46z@ z=#d7jXGfgnAYR0}v~FTPiOKdKYu-GbzFsEtUciLs^jp?(8;uILy7R2vvV3C_SMTeXI08&-9vmqT zE`*JamVI;^cCPecsTFx<_ABq1yzz+ftYFD=%Xffx`@MASV&`DJ3S(b!WgH0+mhdDV z%OPlN__>p$Z#2=g1h2UQX*raRC30kd!ioHLQOfhlN}#7#MIctv8$?Kb_I2k7Dj?Kk zI~MFC<9j^FfSz?U%PdIhR95TtX)yKsI`_jRRv_rLTdnz}mu+yZV;;tK>9^}0FFQd$ zJtRr^quADDkD}Z&%9phHnhTDnXmek+rD7i;m3x?`|JHssV%#H~8jImx#@IA~i$k$C z{6h2%z1WXLm|7piDyI%X&h&tUXSNxC#n{_iq=|qLHshkZ$-%>i*I>VS45V;(nmAuC z*p#!sGr!@P$-shVqO*C+d%0cCI#fxvV!KsDoIIlLCjo|@h0>7L2krqUdBtgd$WeJ> zbFLFaQyP%8upjhYh>tHgkGk%1q3 z=;_ACK?+!MV0(na7=>6dF*35A|IqBsXH-+N&@=|Q{~<#|<3Yt$wEj}Go{~*dar-A zu2{AUYW=nQ^Sa6JdgU>fMDPETR!i9Yu{~41sh0}Zw4zW}>e{}(!&1Egd)3TvmbOOE za&nYgoisr;8g zXr?AhG$HALv~BRgdJ&9L73=A(6eUpV15Mtsp8>3?;JApHj?~+d=X3=a7I%cNQ8T06 z1#1GhX!^2MZoy4NBs#}jOM_f%o6B>Q?{_=TQ^%5M8DJycKH8j7F8j14_F2C;v=4JebU9Q@`;PCbsV>uhvm|V!VfF*A^LUk8`xo9rG zCU@$np@A=Di#&Pc#ylI_EYK%)(i2^gawl?_$<{j7Sf5RPaF#+A*6ewwOA!t!REkFdbv8QKabzT0z$?R}}kO*;!FP%Oc`q0Db^RUAq3w7pR@Yo?F>L2+$;IOa7T%3J&impc+@K%MBTz*Yz#K+{T1f!`8M&z;~oP2ZN#YctMf zfbZZkEmHj~vNm&xM(KL#P2MjWTuBokB#ux^w>eV3VHFu2t$Kk=GlvLA#e%>L37m18 zDhF3)FhVfUxL1?7ZNcmRCZH3^m;$Q9E%6Q#9 zJga;x0j@*Hunb`B`3q`r$DMbE+#Z@GV}LMM?BuIPro3J-1zgn%9kZOZrIx2uMOE$P zBVj2`GdgTj2?CQ|0p^UMjvR`eaBMU=VB6wQjZ(@8G1FuFn`_X5EJZ*k)Hv(t$jd<`=jiD*D|y3!5=CpuJ4FJOIeW^83&@B6IQHAUJpQfs=KkJM1A<~%3^TSH3-WpfluNmsAj z0I53{JEZ|Ed?gBLaj-PK$B~>cxv%cEZk$P8V~d6?c&f$~TD2Mq9|zvGtM=r|T*BUI zrl%#&0<8l_D+>@z7Oht+dxl1XT--*iz~JnxxH&j@H$ECZ>dP43jk5>+r)pNa!5CkQ zJqw{mi(&420m?&;ASDZOo6aS(JCS|g0m2jYovHH?!@4e`U|rlB_!EV`@6+ku^ft5> zFhP6ziXPwhZTR{5dF8`Qi(ElXQduspWF5#s)fcoR(3@z zo@khr9>2Q9i197F)r|1S-e6g2SH9k^;aQDZe*2P+d-9CGtE43TLhjq%;NxkEe;GS5 z>o(ltTgyehWW(K9b8d3R#kO>LZmBg&tZn1LIKu1upmv7APCvecb}FncGCX5WiBXQy z4W~1MHn+yX$GY-M%%#_iV+V|q__NA5CX%Q;+IG%%u_oSXSTF@3$Kp7(CG0)SIAZ#? zZDozkt$7?9A7N_v6F8VxPu_GD3m(?`-Ynd%pGDOpZHYYjjN=$CDgmj)v+ODp zp|1owK=nMsutO>d!+b&8x{*|T-mMG#t$IFsa%0om?t=i+KwK6k|B1g}$H(}ky zm7MN4*40?;y0{*C1@(paj|VR9(*$av70Qm>RjsM$7)s}WsXdRG<_+}Vbx}?6B;oo| zgmt0jy?&4m)pd?M6@iWG#x;P(w_?e_D#R3iMsf`O$1RQ zPhP}41-?Yhw=)ykuHr~ogLwy@QF#c&GcjLsVrcI_!GKPzgA%?|W+5`Sh)QuMQ}k4ty~kukXXGa(U;A zZQsedm&csXANHBLX7Qggj$dsUZGTcGEwZh!bOWL>5P#ajb{LMQ^qb!8Uh3Hm*ufto zHS9HCdO;I<44&iZaUNtxKQG$f&gHGv%-AKP>=umQCu_pt^?5#>e_QfxO$<${jj=VQ zCB$v0dkg&7(4XIY?ZUX4SAT*3b6FJNsgFAISBG}^S7$}=uQvDott_H5F?4db{C6Rm zX`+0576ZcY?6Go8A|4W}e`V!)!7`ps;P3^v$=l@dm^_h(ibI;s@`Rj1=|i0q(TVBmZ3GAAuZY8) zs08XG;QLh#!eC$}1#&c{*Gfa|2qn4s+5Op46P!7fT$+R`@9bK`1%3IpRXvc1EhQchd+jOiQ@LZoLHmM`a5m%%-X;m)4sW)9Q>UXi>S(BzW+n5eE97r z@!vsl^cNI_|0O8QoJ>uPoc~>j`+tcFtN)LR|3|1e@{+54J-M8N$89H&!NU{jlHMPj zUbfZl%-ksOUq{pD3%-b%U*Y}(5I-}xF@Xb2bq9)egYF*55%w~!##!kcz!USI%_N?yV? za)O=06)4X@Bw1L8f;TCR(G^`r8nr7Gw5kn%v0^z?$F`Key7Of8%d?~=heQvHbG!tN z-&rtyq47Lh1?XK0Qh^7HvJpbVxFkO&~$%lzpA;{xA&JY)lGvNlV!eWOC?k^*|fUyOCDYf*6;C!nH*d!y7IRIKP z0@^(!qBZM3CZx5$|3Jb!m?oQC6Oln*5E>V|B>P zK=I~gvA3uwFZa9tMV|#P z{j{2xv+Mh*<8JL@?AP+=agsl(U&}dq^+OlLRElEu zOnel6?v;S9EwR-t=FD!M_p%EbKvywUt^J`Z1tyG~8Q`)Qn zcuk69>SD0)g@K(&DEY`8S$oDzPDR;o0F>b^|?X3JU9fXIsI9c%&r8(rtvoC&mT>)5t!+qSKala6iMNyqHi zcw^hPZQFKkf4X({seS&#sI_K|ImR>X{13N3Ex4!a!xFQFr9hh`NcM0LI)!>wgHnJQ zq=bHMyl7A{m6ut#dc=X5@hm-$#Q?hFM&uWwwJJQw)HxV< ziU?{x*GM8TL{+wyY{UY!gZo!9XjwW1K`W$G`=5&%4dJE0=~Si6CA6nv_QU?z0BIA* z4WKpiQLjkc`PvGExG76b?|@QqQ1m{L+>&Bmca6qD&`&JK5e~@1>DYHY2dx^2Aype; zKsXCN4+Ln)-Uea5oOUvox1f^{Y_7KD%Rj#vvGq+fek3Vh1^v;uX24cSzbjUHCg_M*av9Nj?E zBdcpY4)t$*4I50k>sYz9#<GOSMM!Zr5JjVsyFx=VMzFL}7Ajj< zV-@+sDW_HoUW3TEXQ@Q*RCeK+Q{gtD7C3wo6FI9a!#1)RdC}=@uH&rD)9t zTN3PiO#&s*l6TqQGHSiog&XY`2q9c@j4Q7U4O0L9H&8kG_pH>fykA0)E@^m6CNt+% zJ7Hw7tdB0D)1+o8a?%v^9|XqIi|v4uu2L z?sqo}0zetX0XQylJx;@&0(Q+#|BH^Wc)^9p{LiQdru;w13`%n9lF|yQ|FhWDrLAMX zF^cYo;6J3cUBE%4s_Zt$uxJ9j;^+oS_G`cmhE8_?CxO(`DzWeg&Xo4*`^E1BE}X=Y zGWIIZr|#J8c$3k&lN3dj3jnKLvd>k4(O#>(n9;CgWh!GH+U{5`fU&p0mMeCAaqF!#}D-l&xKYjR~BqRO{UE#!v z%7$3e%@S`K0b5wT6>3AKa*PDsstSf!b=b_&$%jgNMQm<5mTSuNY|yC0QK^#?FwP@J zUpzFG%1Q2*M3+?TM&pRCmq`1I$!n-Y^887KQa0aK4U1Cd$-7wAP+$Y9MU5ndh7(*v z+zJNW>fSvADaK7Ye>9l8p-I5G6>(9YHJ||Lx?pR)5j>ZD)UF9Hg zIGCE!*OYoVm0^T!AGS&azwb&t>5815QVKh1SzZ2O1VbciD&K5&bxyrj|66geij(NLA^T}dxVlo#UD0x>&T`57Jm z%dA?5W47;*;Wtpy6duVuS6ie^3bkcEm9;ubX@o7kFIj&2c%%q**fbpQJZ(0h+1Q9c zo6+QOE{a!XifX-?ZL^+j$(VYR-K4}poF{UyTgw_cecFY%&!8=pCy8~l@DGFf2&8$> zteXY%@rjpmirzSMwz{PqM>OW85p;e%w}{>{kMiIq{@o1b{va*~mN$g46)WZircMX^ zs{K>m_7KcStJToE=w&VLg&F}WTSaq4y;@Ou^j}w#%}!5%bAM8kI|8r8LnV~YpLQ4F zA!+zNR^3@T@R}oSH71X?c_IAnLPK+;If$9vymtBmZ*85L=w(I;N=e9?9m1iul?i;u z$xYkF`#iIjG=a8sBCO4G<_oFWnka5dWM!|a2DwQzUXWL_^mJn**K_q~@i~pRi()Hl zFuf5ub?P=2W1ru6#U#(@w>dd)RjPec<`lp-)`_%7oqmQHStcVW0c_MtE)Jg@RLCGB z2_c-FNftL(Asdx^p@;N?J;=(Vo)A$57&&+Zy=wzF5EDdE0@W&Ke1zJqEw7xF_=3^E z`SKd+q;f@nN=T0qbDaC~v6$&IhxY>})#YY>Ii#_ZV5%aG5Qx^oS+Nu_Nz1e|qen}t z=2cMN07pK={J1ikdPY#|f=-Soh$BGs9!(m>nxyM(H*k0udmTdH?ww*~@ejl%meb|e ztx+6;l9@AYZEUg)UQojtX-i&G|K-nCC?vQ`K;oD2fk6tGh1e5+mx1fQ3^2Dwu{3H- zJ%Vax9p|iaA*P^#^r^yp-0(>O46hfIVS6`S;-X1~7jDCHhEdSLW7v z1m}OFtb){8K~evuwTOlss`~>Ze!|`YcETxqL5MmjaVt`2$XH4Sn|$CmgAs z3egzj@;dTIY(|0<#?TsuNs1WOci}H%r%KqPg0ci_h;Z+%h>er2;xJQV+}lF)%wG=S zfFptjiD`PcM#|pxV-S;HS+HP@jv_PSB~g064}zVHUIu0F_>I2cNdCknoVUJR3t?K5 zxjO8vG6VCCdXRkE3{8Y(qkmx)IiBwTE2N!#jrmx^!`AoDO-tBU^{*q0&HXsX?1h$XSH%6)X_Bct3w zwmU_E(X$25Tbr1FsFr*Bt(m|eEPY2GB#3#hnOE4v4{`x3^Hk2 zP4jqAw4_gw(~xo{EIPI!!T0;#l$2I_K5>NZD(%v3lRR z>Nw_vR;F@^Ir;vrlo{>m8Cjvl70^mbna%S~pZzn^8T?O2kK$9QSS5><`0Hrr%kk;wH_dC;I++){bOXB0tb&aN& zvS{Vm%&+s1LlEthoh`>8fx+B|yi@fBxm67kc8|b;}NZMg>7uvyqn;tLF3-eHM$J8YgLbssGm=?cV4)0+TP-<k$U|iZpTB3KUR-#7YF`izuL+*w zSHY!sZO~Tu$=AWEfL(bVKIp_g-?~Z}N-Z*Lc|Cozm%qJN>z4CJX%h zgXn4kmn1AGk5yD*@TP=N(%cjEFRGAXk3MOoqWHwjuX1Kx1hZjwE~0M~%!d4ET;9*o zPh1~Clf}$4Q!;GcK8pvby*|9=Q=$7JW0e!8RGTH~)p`Pt4=4xy_jFLEFZf@Ha8l2ND4O(zwuc)N&uF^ z%6CLF2xu;OlDc8rEbUvvAOSEmGKK5wf(vuJ+s~hN?$T=-GxqKW?_HzqX_)wZbsSfC zPGGW;GEv_%;GcF1_C~=I$@Mlj5e8w9xsRo==YQC{;t-a*b(XJ_LJ`sxdwr}cnbK+z ztWGPUw2how$(Ppjta=tyrg9A4&ATTw9&8*&SUw~xV{!!v1z&K{oN;h{MB2Mx%=g00 zkB{enIv`^8zATiX@4V+^L~to~Mh+ZeT%K8&e?ds-RjUEyqfie{{8E~zx*o~gt}Rd( z=coT@4{XHM2;~7}A)nsOV@F&;U+SmR7;%CDlnkObcg~hxlb2YVJf$$YrOltVHFa+- z8Uo>X&1to4Df;@E_fcq{etfw>(wK1~;W}pRts%}w3bZ8aP_m?x;0{GCQ#|gybqb2z zXZVH#f)Bcz;@(=(&hp)Tc4MFW%^tIziU&C7?Z4u($uIP*1rv{VSXtfn<4e$>Qn*|XvOOQReQZ~-3hofLMbh=;tc>dD zcwDg5?gItgyB~N$OXwgnc@Ic@JLx-^PVZ61m-B2PQc{ofly!T(Z&YqE!giBZ46~Zs zgbjnW`gj}tKxv2$|E4tQM087@cG~ClX_#j2lhZi`Va%cE;vx}yN*TdY^bHpkmu@r; z63Ef!`e=z;M4m67^g8wwDyTd1hQ_*s_k#QIk%@dq^;L#~2U+3RoC;w*26uY~Ar3y9 z@nTKUF=FF#j4PWkI#B1K;2?D>?&@$W_6dtC*_HY(CZ$q{)HLsoW(DyqVim${MBSFG zW-XVePSQI~yd5eTm<=Zk>Xh&dQ!b-frWsT8_Ymc&N6LF=#5Mssb6x|S(j}B2!tx^bmfonUb^CJ;Ym72yRhy!sDAo4!Hi7uhD8pFt5nq~#?kerif$ z^8G0}>h#Y?A0Eo2O0Nwxrv8^P^XqKnRqh}6<>a3`fb-vs85MD1G5P<1gH~zVs^X5M zerLU*M;x}yS#lJ2{&ny51jp> zsY-0M!cd(E=J((-d3~+0G~GyF-DDWvsrQ#F?YVZziBc_LL$bv6teA2uNS`h2I9oM1 ziJ?n6qOFL!`>_kOUikO<}Qse3&VcT+S=+@I=LSjdLl40gy;A0E}x%&ZJPAcX^ z74+iBn%N+j$OF(z^oTe-;gVS&(AT$PFi!F7T%&GFF!pk8;Wl6NiBfSe&`PHOQO!a- zMPd#R1kxb^l+BwcSL{IBX=Uw~j?o@c5uB60Z=_3vS6h-C z%F=YmwCg?q+Cw(Rjs-+++{f5}*m5^p{W~meDGGh!7LQ86x?BV+BB@ums@3Pq@7c}X z&E?kdP!JjZ)Fw63bqRWnsy@OBNzMk(V=`k=)zwyNg^L`(EA2Phcw;$V*HNoTopTD{ zjb-!S?>`g!stDFwb1xVbv<)i7!|pp9JgTx<2FVCDIH}_z(=;E32FjyDn2#Vi5*7o$ z&Y}JXM|E_7QV#7Y<_7CoQqd*Z9`F$~#OtiSjQmSog}VT~P#(FRZI`J{&a(hbg2G)k zHy)7?g<03CO98>9$0zfsL@94tUYXsl{u`sipD%U@8{BV&?GQ~tkea%`Hr#AKimS~y zU`*4=wl{$D;ArflP><^8z~WpW0b2-3Bx#p_MuD7SKR`4K+>26aC~h&Vo7&ViReeJR zibO@{ly8RrcZ6lLf@TEnQZh}PmxQc!5*7q-d}2&H%g{t~xdQ|WkCbo*+9YSn#??>= zt$au{4!OKKOHlpqgqe zXYZr7lauHlli@v9 zB3N>!P>@({)v^W^QjVw`=U5_mZRE=Sq+%JnO7sXSBd9-nF6>5YYmzeH{hHE+9ThQ2 zBm!d@#28>Ul@V%vpnW)Rch|?nl+W>Tg_Hwl8ym6Ya#HYz+e+%zg07vp?pg?O1|7ndODr^RbVG+APsK|1hHqRzL z6!#!Fv~$(avy3&!D=n90(GU(ow~#uSte~Jb3S3>kY}p2@OvN-qc$f}&R_mr+5&?H1 zF^*vldoNVE$;Jl0mkn~${O6#4d{s&aBXI45ZCXJ>A5zie`|LFPU`^IuN#LOxU8C<6 zttTv#E(68^%2vLV1bDg$tk{qGgI=vNWAwZKIM0qq=qiQVDU-r@qIzqc$^-I3o3yXK zM$<2 z-71QUW`B$d`KOcdh&h!{3GT_5L$hXX4rpJW8OoDbIrDILMgz>wt!0CwYYD^6b$HyxmoPPEW??l zZ>f{UKfo-92Q@mU!qLX4>4s|L89g&n0`X&y#)I{-qB8=-l->)x>1#|_2VF+4JRvXO z*wF{Db-m)YM)s_SVN+%yKfQ1tIrNYN+=_;(y#4<|wmGlPyM40liSr!VmYFHG8}cG< zYVMHg`#+G2d`c{~{xf)5Xe9FF9Jt9=y& z6w&lMDo#J2nOv@Eviki*TB(2_xeAsYs+qN3qtIQ)q{9`m6~&*(ogea?xf??Nq9BRV zM?Tv1*G7qM`vzo|jc3Hk3ogTliE_)ETE0*%gV~`QoH6)65cobxDBXot0K|M&OFJY^ z^ZR1~uvNI;>!|wV{K=0B6Ndu=fL(dWurk|<;}QFeNx6#SAI<>Swqrw!kn6jRk*o|i{8?abyCao1 z3B&=JUt_=;|B;*Us2L3-TgSg=F=?K9XQP|jX|8DzaP$i9 z{+^{g(yRW;6U9}u5)M7#!AZ3*cb?TTtYpN99$H7uMi7gUg%|z4GWd1ijHmkQ;p=p7 z{Nt&c-*o|w@XRiKVZB;dZOnyU#9_TjCCB4mbq%$It7XXg5zQ|ISNjA+4$=GO-09g1 zUge#fbeEQY1`E6enKMJO&vkoOH0Ib(#EyAelAW7|-^8al_yt>QX~jP(3@{b)h{ryo!q;DN3S* z$-n&Mq*iR7-^aXD`Pwj55<-V^;|fOo>K*uFhexVQFIH$|CHZhx0kBH)R)wvMQ4T-R zv}={oBX@~c4`CqNL??Q;`x?u^FjzZFnZg1%EP$nA{R*JH$)|c8CD$#*-SZrArgB5> zN5x4kTi&9qJHA4TLg6irh#3wUe1M4axSGDBgW$k)N$W?WUZK-KkRY=toqYRoQqr zs8xc}uLUN+17-ZH%k=pAGx72qDL>t=P50}S9>7GbheL5o6OwOOQ&o}xOpQ$xQ11V-m>UdK!@cmJmEmI zpH6At8*Zdhdi%)0v--y|&u|b2hYp(5cUOk)_hgMFXruM;$yni#dFyd=ko;H^QFbxi zVeBE!Wx8M?z7EHn1P8Y;VE*@lSr6!0*rrGoCvucHXB>Af%(P}{r7EWi#B%9;)Yc7f zitfodldjI=?^Q!?Nx_>xaoX1%y&$`3R?DV+d%}XBEY`IJc%iIYO8fIAZqzHz9U-T{ zW$-$k<3^@k$mk%TXq#kSxG+(2dA>g;BY3<$0&X?(<(Ua5QY}lHXD)ta%!eo!=el@S z=&-9F*^;?U@x0b{ zbLqVH5=qu3O%_?dG6Y^>isuS|xA@8TC~WI+-!+iWUKRNFa zW>vnmoi*M~NhsFy4P*@WKi>plJoXLZc?v~WWw~SErQ#i%Abpus8lyYz>wf)Ieh{z? ziK>aRr3z(Qv$G|6mP1*CC@eDNURMo)yyhg@TPoZp`Gr?oL~jI_(TYdo#If4iA7zEC@s(qNo$5T;386McC$Fybl*nw>SvBTDyB1D=G>%NbXw_NSxBQ-6vdjj;2>_vg^!#3C&Vt%_e+05AEG zo($35Ow#p6J#wXo;PE4s!8^$YgufnXu}YC8C5ql&rvL<*WRx&*#DicI&k>s&hjoet@UvDnO0Z~jUc9Wm4`gaSf|o|lq7*bvo7tMS z*|Qlka2QvbHyEBqwrzCJ-jhJs3qMMhK8BM&^%e2ftKZfz_*L7R-e(&z1pn&$$$y@i z@5ijbUUWT;Kdmp5ELPFV`qrAlzOSP}n#YNl0Cpac!oiN0q}B54N7a;{lx%In6=A!W zhvYY0`29VAzrp@xEBAeiWMiTxC1@-*~{h)!>qQMGve&i85{ z$M&_BCe-}Jzo;`h8_ckVDnhd$EU|T|WxPLq+^cG)@UtvW7+S02=Vf7c_LStNZfz(J zwE(ct)?@{2%_3&&O}nSYK&}xrxW|W5ozLS-XT734GuM#m#h zuOJuF+gp|?B}6;e#ZC>S$+!O|(IAv;>(rUd^ax4psA1Ukx-t9K-ZBOc)Xe!N;;gQc z{$&&G381Wp9f%zY%sHKs{%H&rx~$8)g#37+4DYu8T1iXuULg#ds<$YgaNN0%`|S3I z*&`5)z1vHP%C)E%Zb{1MYsx#_9ZKcTtZ_y{tUl2@k^yDMd0LRv>65CC=%eZv=CG%o z{l&5MeSfCXV^+1-ExN)H_%H|q8xn5}%+t{z#@ot|SADvb;MQhEthN>RN1Ws`MB86A zJvZ}uFhk;fGm_b`h+#PdO$WS@rb(I@>MX&NKKp;8hoYh;FDmcVi7DvbYqwf~XP{nR{ah za~Kv0jpZvm5(GC{R!AY%eMscAK18*LrQ43HbVZg)zBZGmBYjs%m{ ze0$i6;fBObCU=<)*j<7(Ip|k0id1M3(5KI(&#jW|lWe=4@T!)O5JdgMa^|a&kXf&0 z7AODsCB}3&|B`+}lj1L`FiJWsJNo+Zd-x>Mn->j9U7WQY0pNU^=V6z49!R7$i(*fx zWP$=AW>)U1n>F(L*ikO%vv*0xr@GK&QL5>W4Ee{Whr>}c#u9IdNb#2Ui7G#=__3w} z&Tr`&+!S*7TQ!fNI z$<+2!W2_#n>{`+QjC$K~BxeL}_ijkyVg}J+FOc~Ob4B&Z#!l3PYW_m1fKdWH*4MKV zh9;f;nu?>Rdu-wws${`J$EJ{#2C@6GtrwUxIq8Ur`tr=j@m~p)7vRobb?NrXP8Io= z_#+2VN4n$-^h;#A|DeO{e-!5BdZ$%-f@#5i*13U78$COZt%U6~9;~)?g0Q0h5@4je z;+fhJkzCEw*u|RnXiAHDrhKOTCYAP?A}phkhzHR;VKOOC8DNp2$~)>!??!fgr_Uq& ziURucIywkm`$D=+ii!)tH~TGvSYloES%U($3fFuvQZ;}b3j~2w`MsV;eOw}92 z)llMzf-b68A+DDJC=2E>G+fg}L18ODFJx#CNQiu|r#HS{2L44YHr<`R!MRsAO%ZT>$UsDo}~@Y}52?Smme_KU{zNWo_3j5)p%m zFj{a;O8acZQm&=@Pp7u;R7BuQLOV;Mb&mDh(+M2RLeMM1Q2?;jBL8~2WuZ}2f3r>b zp@!TUx?ix`PRAB^TL7Ymz3W=WPiRPh+H~3 z&bUE*UVTaGV3A$0Gc0Co&NPaAWbW#wLx6&MAQq@wtqEd7WgCcJD5@djYF)4hD>hIX zbsVW6GK!9rUlzD_tP?9fD)0896edjQQL;uNJWv+`f^okn)!Uyja>C&l^d4f6;|PLv zrTREuW7X6tdT&PlFl*mf0)U{Z=uYAKE#Y^V;pn%|aysRp`T2wRC#xUN&+}{{EYhqX zaocy89O}dbxzGlAN=;49bm&Lrj}`3Kk%)m{$9t4t=WO8I(v7K$j|BVU8FpdI?ZgG` z@#775;l)mG*-a%m#L7fRDdOLc2ET2y=ziSUd8dJAbip4)BfqDQDQc*U#^g^&!L$eS zA8hU)zYl%!53{U%R^x;BKfR!eG|n$3_m4do)RTs^VHmJqf}mm*^um_$z9j}-AK#YA zw=Fi4y8Rcd&^ze9qGqk%EbD>dS^PP$Z{Q2ap53qf;?MW*YYTJAt+xx|ij3blF(Gk3 zZs;n*AunnDI$u?1w%Y@%mYn@S7Qcb<==O*p1l4-TLkGK!sjz(=zK@a<*`XYeI}+vxPKdS8MBQGD=D* zRGVVVukQ14t6b32QFgfkq&dWG=@l9BrRky<_aTKew09joy;Xm&%$i) zk!bc_)5{ou8Opli=OQ8f27`sXXkQS&z_Nm&$#Ka$|I@%OA*p+Loi}cUZdMlt?BRgi znR3hI+ynXVm=L5xV~D56&Cyej$%4&FrG~6ff=qqJpm;q5Sx_*XfcuY+MmM3-vZoV{ zIn3H&>@n>V^&5ZE@J!s`5P|YeZh(x78*`{dnnWF3!P0bVZ0*LPph-NKXtUv^8yoSa zHjX$d{5d;9>InUu&y~{rq#Aa;Z8zd!%^YbnJ`yGwQKx9#aoJG=c+3OXcj866F_nC& zO5qOx+PliK#?sv^2an2>&(nDQA9@Y8aR#ak33cD>CX%cRIe@arkZ;gyEAjUU1K(?3 zGEwF%;!Jrwb%Ue&-%w~J#D!U83de}>98&p#2uzL`sJdREvN?O=Bf{kicHpj(#&bmf zMYh0To+0?Ry&(zB(mz!D;(0H=%9{irh5FE&qBs3c7E7kn7=#i7KaUJmA1{>63z|?#;aKX?OhM zSJgd%QH#Q*R;2?D70y)Z@PtSo~#Lb(y11f-?XgO&T`SYMRxjX{)INg;+7rlZw`>Sr|G-M9`)#NP7@ z%kF?we0l8c_HE(~V@jO+3qkXNMCuz*1VqKUH?r>U{PB?be1RAAhgT#gQ!I?@0e@{Agz{**-&JEi_)=-zeU;7*4lf z2&lX!j0;i{>rFvgsnb>n66g+9n8Vf(YQN&kh@6f31fH0GiC&qWnRg|oe^}8xb_;(^ z<}v#o4b=NXB#Muv5pK)bvKx7J?lXTj>4)Zcvag>JF!?2|M}CsJ+wNbdT}|cqi;(FB zMfcG0xUWTaF_3a5*yufuQu{6>ORve*yMuz78q6Ab+KE5$5EKpG5x2ZKT2TViyi?;M~WIw5lPLiKx=8^76=`6)+1dl&Jv-&l8=1w?&|Ma)_SJI^7c>)p=GJ zlmaY+n3+WI3ku{*sVoOq3y(>JL~>xmRR69KeSx3f!Vk4{$}HeMQ6>5$Hz=x>{1z<* z6;msDPiI-Q6hlk^3u>-s0po2CQ_wS`j8M479wgti4zVF|-e07N_f5K~qbjP%Dg}Xx z1@+c6e|RlJJL2Qew85QE=$jE;g6W0Ho;11c+U3OvLku!<-j={NeqyUt0C`hw3cT^8 ztwKN|BL7IVLdSvl>Rf@#Jb9>!Wd4h3tx>lUGeFr?a%{e4m-?mGW0nDe{-$bM&U8ee z2o~&i0KJwmi48?J+XyVCnu!IY(wVXEpR3HDlTs1yQgC9C2=)dLx~FR6?~AM&vc{>+cfm+<18ab}CRm33`Ie6O@l)1vlii+w8DL~4Z zKyx837mX?km0|}vSaSDj?jm8mzib{HGHIcQi8^T+ zf9}Gq^c4R_`vG>_V+#Ajh_7LE7~Cmg)Qx}Ui)?A+7gg>?>2+YZz}c;*n_wy8zi~V@ zk8i5F-X`;1(YO8gUp=6xG*;q}IYFOSeX)of7LY5W*HlAIdAh*;kR@@~<=2bs|V)?Fdys80BIT zEC!7UpyCMst*OBe3|;2S;#Yt+Lo5Zo@lZSEl(c8DSOFy_Jk$%dfFGUQ3b*j4(JfcO zkr;Q!P_RY`6t%WCgoKUM1(1on8!?IgWI=-HjB`K!6lLq^15KpkG&FEB`-n?Y&Tic;@KUB|o8bfF}38UW5BzCskjiZ9VR zmL@*!uPo1>v#v@HGs-`)ZZhtXpCKU2z1+!^k3gsX!Z3u;)sFb-%n-AbrT}!k_xHNW zq=)uXpgbW=u`tHRLTiNe>+XExu>^&OGR1K!niO=`1RddtwQ2Njcv@$Z;bL&1QcBzM zEP4;t0qIf&*S;=}v)w#ET3QmTx>@$MRjr-!rRI0q+H8DI=|hLs50$Mlj#|EdL<4vA zt;0h1*&zo|i>Eo!NB4AS65K{ILSL)J9Lw=&#sW#0aFV!BHWXt|@_m??$aQlIyMbK( z?;h~0h|OJ!f8%`J*I&II1&L9b;_OXQ#c;|jj*^CeyF)M|=4HR*d~Lu4aSL}}_w#iC z+YDtR`4;uzH2X4axBNqf)8+{3tyrK1e5WkN&Z-!tjcB>*qXg_?NgAL9pJvVFG__-p;Km#A^dj#5%zjCxNp(^J+om;j-yK&=N3Eq3>72beMF=|9fX~p@cAbINf&;RPk zQa6hDIsR)0iGlwgH5C=be?b&srT1yd?MgeZW3WzKKc}ESlBJt*y6r&zHW-Qmhp;B|cVH`!p|0tj|nr0inp) zBIHlFY|%})7%3?M|LncgOfWU#vy`_4Mbbz|4PZVJ_6c>zw_qL8&CZ3 zF;W?5MdTV9Z2*M%e1Z%bH`5E-Bj?zT6ykh>1R(;ILVI~@hN{;@WQ7Re4{ZBHOiG3y z^;wDVu7ygb`bIX{TEdcd^RLilHu_(FeJ5w=`;M5fPh>^pWM>|uP@H+14GN;8zk%QZ z?HM!uhKmR|)qDJI>)Hs`j_-X1w1NjZLBc!^Q-S!$wJS%$5H$E=W#HL|id$3ZBp^D? z{KJS;8eywIg7>X`JZTFV#({!Ea;?+K>7=)73DRnm0Pk^(hH^L2=()^T+IXea$>^}=*)SY zE4=eD?MhvzN71lYbvdR%=p9_=g1s65K7ZEuj`Z6O;YRZNt7n6y;f0ZbP|=i%k8f7i z^V8d(NJ0Ty(|^zq>K%h4hF6}ZE;TD1*eovR$yx)|%!D2+f(JUykL-T|QqzegLrVM= zyZ9a)TYj2cPA87?+Am^pOx$nCIn&FubHe|$Yq8f6#GL*~7WJQG|0~E_MO{Jkf9f?x zZNuuHUVV3Ju(U?ORc^fV5T#{h^BO}bl2JfXkM6V=Q`Pi3*LrTSJ+tYG|46Erc{c z@OI?TBb4{8UQM2X$3>lnPoR0Hg{OM4-!bR(qG#JG&)p9OKag&Oc(?E;O%v~0&%x|E zfiFrX4Hl&qB9!!n)wvib?p}fvtyTMR@xJraoL=_ALj4){3!L&{mQ%Uo9g*=*k@0Zv>ATd%Um2g z80^1aq8O+QWFu*FSRn35Hc?JEKxRdU4jTzcR3)fbY1woMB}%*?#a&5i@xO3)i@96t}K0iMS?VlY|XJ-j{U6f_< zQN>@d8k;nV`+aim?(JH8XzGcyP(Mn9hjHF^77=>b4dc(0q+OHRSEd|3KKL7AJ8}84 zaZUhna7*hCA9?Wc72lzZkQplagGtlh*4PA1<{jZjptHc@9QRJE<{#dRpcHy6q->I- z3~GXj7X@QAMTy$og$*O~r0-Aa#FGL(xSw2OJbBDv@PkFvq(D z7oB=iTbk6#CeTQ)S@(u_OBmEB&fAA2(|L2A6_?_`R@x>!d`wMpb}Q#v3&zh^D-#Ag zHeu5ZEuCj?JMQeyA${JcQJNO8eC>+PGXRz$#TjA)YgV?! zQBm98sc^In;v5^^n+l~~4XXr4>kLuA3zzz|Dri)Ghm?p)DuA!!CW;P3mTkB=p`ys)lD$y>esYK%`LH>ggM z&L4BsSUMQ`z5;bYCE*%9N~Kn^@0HNi9+d#77olmhCA5F6{oDpy&)n)I@ASLATc?II z^c%MJgWaV`hmD$nL2#nXPQ;){{ANcgWsOPulXepR_SvnNa}K&y;YmvCERigh<0M6$ z;T^a&t_)Y{541>bfr69&9kt^SSz5mvlA85p0-&b&DfabOE(38&9=6YHn>a^FB1u2} zg#!t1KyyN>?oPIziKO+)9ah0(sp5H8#;1~+b(B$;n&delbxTB!l|vMNA^bd@=Py7S z=9%*BP=dT<`z_yqxnjmrHj-l;h+JO6Id<7*Wfq=E9s0=iI_i;yP!}_|(PfAx6ex0# zr^TtOwq#*5pmi0%V`{00;Ski+ZU*~WxeE4aqftXyQxYN^a0u(4U4+}eXcUyV$I1^f zf?msiaap1=b3&ZaM5oI=o5E=Wd>f)=0-Lt&D8`P-k-6`tEVCREy;}*4%=LO(`>PAO zh*0Z=OV^Yb6AHmhdF~9D!eOiM3kbh3$-}~Wp4mMh2NieXEs$^I_w&En-xm1}-uBq% z-@Z-fLJNBSjPcsl#O+*yxo+b(1-7nYjkwf~;hEx%OIIep=!yG|Xd+B1JvCRmf1y0m z&|prVD$3vjCsIfq189oD1N_4=M0gh!Z(x{g}$a4F2l_Vl?f&J za4}pVO97Aj{iP5u5{ArXV5mJ@>oL3cKt2k6fD+uz9qW_1btPDlhR_|O9AZoX>Tijk zTE2#|_rywB^K~>CRt|e;LQxCLgRe6cEYdS!W}GqNQ1Rf}$IiB;pmjJZ@|)|OhHkC}dqHwGZJ*H^xebH~yp21>>-3Z{nPuDATvx0g*{;u*(dg&;-W-nCUQ7 zPl~n;Wyn&!n2iTRMC6(5hMQ-nH-Sva`qn`gR$*!SRxlc?|I%jQ-tHTgQ=^31vsSvM zvr~N-MQ2l?-19n$qk-;`euHl1KO#tR3$E0X7~(Bz6ms5)y`((W8uz)HgCmP!#vb(2 zbw3J28f|8Z`4eHudM`4Rm!BFjdVP1t$|f+fP*N!})w=in?k431h+SP@2lr!NBd-xa zIVJx^b$}!K^DyR^(C60-);_^~9fhW?*MP5bMRnH@0ca@{=S+2az-C#l9*$oBeWg_o ztnSo;+`wWvT8pIr+=QhVHfnS&u9=whl4_dVog(d@6AWuNj2t+#+A6mZ1m9~v>nF_w z`cYp|ALDJG9xHNZe{Y9fr^_RPUTNhr-;iJmo1RDj8>n3YgNFMsyx6$f zf(tZVKdNL8>g>OcE3g_3qek%FuJdpuVmNNxQ(~t6gT*)QLG9jrXY65Gj9D4i)kDM_ zPXsD$(-#qj0`?{*nnzMNTlLO=%;~vjDd|wHNga@%5WYyBt@LjT(L8suKzsX|!M66Ct zRW@z39`~>C%4$1_A|iCH6z4f*mPl_!Vrd>w;;n8yP@%WS%D3Tb4-SELPz7D|O8!tH`; ztwIXrpr|?}DZzOQ4?Ji%f#MB0&RqZYGr8n#HAzn=hCqzI>m?%|?M^7Ju-Y>_gzf^$ z7COAi@|}aEP^ych`S6CftCM+-62q)dV~;IGT{6xb<^PzC z3j`Dus4ffiPakOi=}^6aojJqbvkw0Ce>4TdMpYLk5D>T#@PD2P^ZvO^^o;a&hV)Kf zoc{hQ=Q`4ktDMN4lht-l{5OuZJlDg!X4++ajU!3%EAe4TgsC;64w56GrZjI}P+t*z zK>?@z6%)oP(;{gVyMx7D^YwtxAE5DmT{iiD7}U&4@EVO>23izEb>(8J+1Qube7om_*H!IaF)8btZsvvNYDK1;m z5uaw4N1(rE^z1st#U(GKtC)GvuhIRdp+}$WXkao(4A#ZPgW25#0J-GE#Gu}X%?E}ws}t5BA_^j>&%@$soQvYF}Z1iHMD_7PT zo*sz3{e*M=j7&U&H*gmGaTizDJ)X2fX4+)X5eBd&hanEpk*AW$$?;tB7#chO{bh+G zG%kY}9~uMDo7My*Oda(vj>iL^qOK^WrNMuwR~S{#xKw!>1wzUsf&fcPsCW#tq(goO{0qc=Es^pxnHP>hMvej$gE%ijYXgby4X4=d3BE8_Su z*W`erSqPr(1N!SB<6AA`=~YaBf~ozi*RQYJ&Gk21*M8u{F4)j03d*{vM2et#f_LE> zrD#SM)9H`Q5JDjyPzj^D2i+18mOv!^uT&`y#qO;dH4a_7BWw_RhVALUFj&d0ANR}msqU!y3B>R6ql^i|e=y{P^2VKcwsVu)~Y_JBeT31{&q5L%L zOB~mEK2<%xu2a4nnuvYI_gE}?(&BU3tY`71e(*)B9s-u(MdQrFbbJPIhhT@bd=v$0 z$gE|**G$;*-h&Hp_frSox513fRZ#1G$eABDVm!GDC|g9|*&kv}pAdQMK(>mSw*%ok z9oq(vG8E0mlokDLbm&E>rmNQOSK!;ES+YRW^VBuI?%%aaSUxtu@GjU>6vzkpqI3$G zRd%cdYQ)!*>BEDd!a3(zb zXT=JLtCny_FPDGNV)djz8ZR)YuBbD2H2+l*9ozox(0q4HEz%sK)wv{N!ns$Br;v{+ z9+t9DhcYuiMsQ!gDh`=R`8gQN(kc02XtFDNx7+gpo*^>J5Il&@L%a@SvSCzrnxII% zZtBBcRwCG*KYo}*Y|8-}jE;V;cgO;US?Fb&j3Z?+)l?BBMI>a0+6+{yguuBSHeJBB zxGavUuV34j9QT+Uq1#fG8SsMyotpN>Ejj4=^sW>rYPA%G5enEj> zw-()7&~$JY?&Bs}N-fSSx1{}=Eg6|-?RHVx-&kLFQm|0o!yBhRbY#6G_9QCL#exW< z8Xg=!MPXuZ@L&!bZZ;;P&hD>ifNJIPb2xjXT&i$I`=xTA>FNl&!UUm2+!xN}RLTzo zV-bjpujyg%;*S>8oG3ysW^qullaxN9mW%2l;iwYW62|4ziViy8Kz?SsHYYoWOt{Nw zSeax~8FP?>ZA-eC3iplpGNuZ06IR>DtzHyf@}phRF7ex!X5%CU1upYcuU9X-J9pui z!dBamXE57K`9xfJr+VO$mTp(Kxcqb}#U&>w$XV4#9ox?^5WP50m zWm_c$y)J#fC;PR^unlp%NdP=|h9pRM4Hoy<3EDjdT3@@qj~$r0(k}6~Ze*%t_4Ey0 zrOyvTL8O#CpWK0kMyWEfgb|giv~x*Fu3V76BNl@ID=o5LGv(lZy8M&#I+BxlRpPK% z7#mx_6Q8trsCoxJaEaJM%R_}Tkh@TyUS3{xV!Qx$ryh~-#O>BiF`7whGK{Zg0bzao zgOV_%kT0i(@&cu&i!@>NZ6#gfu5}O9v7Rx0z=9DgN%}WAEmne8knYd4aZ=0*-$T=64MpOlYq+QJD}5l^FG^tO3pJ1dik{O zrQJifpfQ^mhj9=kwwb%vKXD!_|4H{Mer7Eqe>wzMLH`5o^$V16TcWpb2MBMzgPJ~q zN(;0`!D~TgrLT2sTms{Q1CirhS!d(d*=7mU<)2fMliPD2l`uF@Jk;V5n4BDyRuaIb zR}v2RD`yHi+f**_HEthe@TLve!o}qInFeD-Bsi*$6)m_OE$9ougFmvtWZMP7<0z48 z*H>w<70Wpx7;V&N*xeN=eSbLr(uOza#n#l`xYtQ8Qo3KqVajE_Zu&T#S40YP9#CO! zZC!*#Qc9JOi<2}7IaLvlE|jwZUe3?QI@)-+Pk1uN-_+?{<1eowd{da&n_Hyl1shzJ zn@G>{i{yjmtrULB1x#2Bm${%#Lww_uToTXz5}GNjb?#g!k7*(*flY*<<47HWi@M?zrsXT-^L9)z37a zc_VpGJdymVs#+he={P2@1S0mL5KXh9EvK`KP21gK(BVv7yRJq_k6{xu zV@VTR%T(8fS*MH?EM|}>G^)cBlL^_iMlzg8rP@wF&<_NmiV1zN1Ndtf8tV$Im}c+m zp)l=t6q*uLLE$M(sD)7We>ok~jlrrEap2@nW1~_`mGa>0-YE=RAq0L)V&8S_^- zCJ6VxVxjRvw=>X}#%NyZ;NncFJUh~&M^G{Ow)CTfb+2~0_CD^5VuUx-C`S80`1ZBD ze?AwqN#}WB)#ePFKz1!WaJYTsK_l8*GgU9sg#loi`8mR7Sv3mmdaKH2Aa$Tl+av|b zVoQhmRwT&}y?Gsy>$b$Ehap;eZCdc?Rlo81v&>R?zr$4y{>6~?%cJ}|LkayzVS&lG-Kz5GBa5Jh<2P5lLeVc zBet`B^pqm4m)lIh6XvESVtVvmeA!baPE~KDsbj%1O&TMe6 zu>)(|tIPB zG7n8EV5XK5I7D`2msa&c!h-)P@F>SH&2*ffr$aPfFYIoDW!&SR%d~!49C-z9KDS{` zmczSn*qEPpUg9}2fc2OaEzRR@xpK)^@odJF>$US-ik-b`gY!exa;IRbMkC*90CzT7k>m`IO@3-c0!FkvDy_5@ITK$n8j%(^$KKAWOvL3#v= zgqBgh_<&3?2wyzJphIWMD}qHuvjr;*`}v3k1L!LUVX|rdWPL-bIf-G7Bhv_MBdeff zS;1n|+A9J)TpYNQxb3!y2o)*b>XKMgrw zi@EYvySOz6=b_zN0Us(U_46`5n(L1R~(&) zpr$EpCf6&$7%!**OH=JdqiUK`9^tqQC6Oy)e>zg3l8@I)z?R)f-=yPDi}{YpQMm*sSn;l08|Mey&6;V|7APeyv-yGf((CROLDJnKq=g6d4DOMS1Eu zj8(MncV%D!qn?ztiS7qz4UqQ-o<#B{j&JM2;c|frzG>q|XW{4Qibz`P58a?{^y-dv z9r8+B>bh5Faq(bv0?H(^PYA8ZW)`QuDLwW(f-f=AyrU8bP=$Na%2Ko7>)nbNz6xSu z#xiP?CbA+biuY)C-uaLv!beZ^SbIT> zh9T3DXo+=o?D+&t(3lEWXH#NSGTD(rBJpct#RuE=OnF) zkI(bYK5A-DOwr3yGpb}Fp>G!RjC(&+!uebl?zUtTTZGdai>10shSn-SRHCBY3sY7& z$V$#`%V#VQj>+0NmV0_=vdeReHhmsx!12}*=AjbUPhL_hS~+sL+0KxtuQ0cxayZ;C zbCmrWiZ~TnOe&&4fa|_*qiUs<2wiIgA-1`zYa3KgtkB zzBbVr6|^bp2=W+E$1t+4tt%_87fd|Ui>EUo{1c7J)!EtAktI!ZYWcaIs+GEu$5(VDB_{_ zraEWH=@kdYt)SYnUcX`l465iejuov6PkSLEjF0(Zdxmonuog1Yk8^|IHYJCPcq@2Dem@0 z6>OO1v5HC}I&b%tFYw~SLGxCahEyP_$qs_Lh(v{{6IKxk^%Xc| z9j(!~IM05HGkDACqmh&jZEZg79g)fj-pvV4u3h#SLsTjk7X}U-_-diaaToZ)i?^)e z9G#w?l#eb|ORGyOplO-*AD@E7Z9x>N2fl_s*V*54-}cqm<6SOA3Y1(dkTE#Ao~UjH zz_biet9tI!H6^A~fg_c%v;Mj3cG}c$pE?$Z6B3msS~*&mqvL4exd?}Gj$2B*+$Kaa z-Ehc;7bAY==FczY?6Hxfq%fGZ=tOg}a$9H0>T#{zrtMd8tbW9JQ!K-G-P{5RC74|i z#KsrhbB@&g)bz9$-g*1X{3-lOKYg-cc)H|+9JAIG|(1>SL3Kp}$U_EC$ zS)~4enozCmBwi6Z$I39tY{FxFhxhWaQW=}Uj^_)eBZwBah<%O(l#5QbhOsv#>y3eT zqguIc7=k_(I=TS^S7%k}eTEGlkU^ysB&(XeUsEOmj+#7+LI;uJ>vRLcWfoE%x%<+Z^&n-X& zr6_jgW<;lI9CvRD_RY+x;k&F=Ddq-J;b<#ta|(;X?GQ=cwX$3biziFto^ab57E-c@ zu8!j0yY%A!Yzd)_z=gH5Wp@0^-<13VvG&uoK=7C?*|j8dTKURw*MjA)bG#2&RlJmz z?%4E!P^?{4V}K;TO)ZNh2idrUU)wcTa&Uw0n7SY_1<&$SKCZ&qh)Oq>)e}o&z9olaje;f% zHzFz$^||ssdtR$KCw)!{P_uS>UT~sPGw}DhjzY>)33-QHh$OW;LJ6&pD`x%&{Y&Zn zmCkgU3(`z16~Q$LXn{Z{*7lRnTNGsXcF@cLh?*JJ<-Uyx1uV|IAK;f%yGceKQ+Vcy zp`g^d2M{RIg_A%r%8wl7)Mrr3I8{}FQ3M7|?9e$*slS2xu_!gqq{xdkD1-$cTShvF zLhrRGQi=wj_iYo(DuG;G5#6;Gml)weYg;O5+x5DuV|RaXdMbuZBB3f24moS%GT+!q6zysuw2@5C1Ei32z#}XNO!_CymwV zp%V0yY>2ypdei!xws zeXfb=kXmiIiA5t8+*-LU6184oCNw^G2JI?JKzq#QfET>tkTa{6CY-nvT!SURr>_p4 z^GEH^>C^D<*@L~%fV{)RbTUGPhZbfnKIFxb&LwhbU)K7O-TP~_r=nK`T`8+y_VF4f zXm_T^e-HvYWXYUTMpWU8ao9&BPvB_=lVVkM$LNiAJx9cV=43(h;dO+;-qGQ!_);>7 z1CuKZQgSn2x500lvQR}ijl zv$ckTKNW=fZv~N3sv`VDK?o^vFo`SmiU11IIt{Gw4+TN{Q$aMng{lDxGJnFI`2D;5@A@iC_?(;YMqy)|-KK z8HC&k8}nu{DbE<92M=CNL07j4`AEZtViq`2Uoo<}uz=O<`x)6UCG6=~a9q`Ow3;xNote$ z)l)E_!^h`td`ItUl=^*=k1uU#_W|N6zQLfYOA=Z8B4^$9zUezb7z@|q=lJ=KQdLY! zLU66lPuNnSF8fuBE=xLT*Q(#B!V=ZKW$3;?ZoBvma@z!;&LG-#b3j%$sPQma#x;VD z3Hj#vO-MrrAMi%lP!LRT&34zr*H-P8QSlK5)hWS)mz|5p)iG0ZB<7*j&T^)UJ^S9H zHiQ?Zh;gi~(2>=ko$-r-Y&P=x;{{+u zz%GP>dG-8QGSaM{1s;&X$7vw{3&UQCkgw(&b6JRW$6_C=6WMuxGstm3+@*v&cDdbo zQ^^lG;xx&1T@BOOgPtE61SD>Tld}V<)!6ayPN(wRnWsVFE{Yz8?K>gHcasc)FN;{jji>4-qB|S(eF_c>*#uCb8GERON_agOOf?A%73xEx*G?*3C{Q~^lM=5Th$D?9Ax%^1RwGzo*Xhu5>1Z4zd zRx|zvshRGKZ!|@V=wp(8^*mffFOAStqDG|2BNv#OJ2#0Zc5+c(tlz&W@5bm7Opu7w zFm+^E;DP&jc2RX?+2AqL$8!-2tS09bjYFOk)k({ZV8&<7qj!gdl(v6dzxVFu(=40emV}cYGJCgsDUzQM>NM* zCpx<_OWCE(=F;>MGX2QU(G8l-4ZrtIBe?INwjo-B4R`_sr=q=es7qr!jf zZYODoi|rMdKRi8tpFV}UPd;fOI>BhK6HzhblsEq%@8EZNqZ(yHDY-pG_ARB+{lXnb zf)jIN2tf#k`*n;@(q_a!x!hfZgb0^P<^F{8D$@=>t>KU%hnkSF^W8y~0S@9Blvaax zJpJw<5`Q|#S*r#v-$BbC4zl;#L0kb2lJL(CqAFHeQG|CZzTRv{VB(7jJc+bgH z^^E#@UVP<$cPS0TrUe2?+NrdR@sztw$7sh!-Y(cqi zG$(3fVp`UKf)+$fF^|DBWR5me%u%~TB38$w2Q%Bw?|xre#q*VZyn(spV{OrZq4y+B zzG#JR6wn;;p|-~YH&7*^A%nuk;>dRbxYg<{!9xwZr&(y0^=g2FkP_9$KLZ@Z&!2Po zZwJZ$CkI*i7Y8W>IEbJQz(Ew>9VGbOLCoJB{WE0r7>8p$nOd2s!68EyfJq@3#F&hn3r$axaLXIByLHb!JPxOF2 zMDtbnP(hn4z0L6rlJOd5vguHLF{q+_h6iJCxrhjGzxqm$a3GEw=?)tLgtLXVsfM^x zdG)~xZ3`!fH050R1x^3bRDDg(VGUq=#s1him2?u3RK5n_qsX zE87o55e|+*S#!inS#z6NYT1*v)%}ZDHlN8kB(!o3+OH1%xFX&-=yrRHO$sR`J) z#EGU?yg?j^F%#a*mzhEd&&kWj+)rYIj*#h zU*wC8C(_QL)D|@qrWQpP9OS{Sf72!rWcj2C>Suv7_Ix)*%afJtUlRXw?fJDIURVWk zxXA@RI1T!q3AZdrwRQYT8ob^lk(Y5D1C&U~T(IglgB1PAAVl-;3|@dKDcfOYd&`0_y>c8Pb<>Eo*%P0d5y#A$Sy914cJ99uo2C1A{QY57{u(>sH# z)ZQn2iF;=dj`o50|HL4Xe=$h^UksvGUcC!o5Y^2<+TRSKRpsbW(+weU)m2t3zT-+m zfMtF>fv-*pq?&VBxuMJ)h3-5qn3--K=1|m3jDABXDl_h4F@QAIv+86<3T?ubir5m& z$efZo@q3UaPx(~CBbA4&{`xkb%zCSI zvakk*0`q4W0X6=7StMP&&*qymU)2wwcEQc_wsi}Xma}X!wbQW77l$Lg!k(RP*gy5M z+bJ2VNpoAOnBm)Isk&Uzs-*}o)=8__Me5Y2bHML!v@djh>hvahXAtFoWsviwDP^=; zFlJ2jXH)SpUZtVyHQw#YEy-lzCY^Im)2_ODz);$*5p4!ANc=m4?7TC` znX)2Se~&h@6jK?QN$Wd<$SeJ3kmq*>DSu~>X8?ng6@6M=bg17wz}r_7hUADYnj2`h zw#JaDQ}Z;+Us2NuP88Mf4EW1QDLJ)tA{eH`Ze zC1m}cL^q!i{gVSrB_B~$n7S^Izbk@b-GY-p)JJL(J z0wc3L^a~5}Nz1+U(1H=w_;!}XJu!M>Evf4VRn=y@7iVdxjokts!Gt#F(GJQ2rEH0p zH9k~2%LDDwH6+ugI#V9eI=fvCbQGFLU?BGf&sA!PLK(1ul!LaEQrV2{P7WSoFl}G0 zt^DMI2`6%feDSBIRG#Ycbifm$X>kVCa5^{&)8`}E8p>H-CuI<^TV0p$jxBX@&t;e_ z#&%cBKicjsWX-vn@xOV-weZb7mF#DWXxB1k|s#8^cTBYrYx*k3~Zo1uu z2m35Iqdtm~#`JpgMixY?H&TM$1-<2Z#xcmqHqb$-o?ld5OU*uD z0H*bl3-B#6WHXwxTedfcKo|+Z27yK}x(xdU=6NKU@-5Tw)Q`&aRR${fg^qX$jt5^}&)5?eIIoEy74LJus zk-V&*kFh@sxsRwfp;n~~C_{AU>-G_p{g-q!j&HOBbXd$FP1xitmQxgr$BYjW_PQ$Gm z&lptd=-%8+qqai&r>&vUW5l#RsjLhrV49#q0Pg$gx5-9rvqUvvSuIT9!<$o7=`l$D zq7_!E4?OP>i5`?!WNoZN!_$?XX4LBJb#{WXUc0e$Btt{9AX+@DJ#p!*lMpg5jdaWv zl+^$)NN4RMS8;bL9I4sYd|m_{QyZRgLWlC z9WfjaWmO$RE^mOirE7ju0J2I~f2@oNM!78W+__{!gj6$+0vi#3_*I2t)sYP>Y9DNp zo(ehTCHKU9#AgakLP@JZ7dr8~-!CEpx1?x%WU1k%l7u3-G`~W6pu(`5k(7z7@wA{? zRgx7pSAM`Lv(=Zyj~leE=5Rk`=Gs6Whtbs2K9?R$Ru^|g8lJh|-*v4VNiZOcGP=8! zP$O{R&cXD0AqSm-URIJuq$`9#w<}?lh_`p_M|sq{=y{Ch;wQ(@sJbSF@CFwSpG>Qm zOeZwv=3QFp%x~R%sb$UNi zAsOLS^lWm#`LlBdspw$j(e?#0zPX$6k=HF5Vw{e#qGsI!pQXBP-B4)evg&7B+XxN2 z36G>!DlFM+d17zOuA1z_lE%D0hspu6^-31?O98PX24sDl@*IP(L6W6Z8hqPMJ-C6* z*Ywr>Rls+o$hQ^+wP>^C40T@ctFP@uw@W{}N99r2+vRY-;@{}QM72UI5&56#qYjn7 zPnyW)aoWv(jX=XZSr1jVInxUdt}FBa^a4skFQKiaJuRXWUaTOPr!^z+fkyG-B+U)O+aP62I$80s#*@dqiUp}8&7lh&B-LNe zFgpdUyYm)LJNMBFOS^n#@71E=WUv!wn7>)wi#gBSku0>9U)(`=<3#voq{Ff*UqWHu z`%~^uUn&f3CaF?HBUufMl20-sz(|v~4wYym5r)A^8=SC2iW~`Fz2_N?Dtie}788O5 z3H2_VU}6c5Jr~L#MQ)`uzBedaodUt$&B7OZs=m%n8TRP#me^BzC*nW|a4meO^Rf&1WQQ#-X-mMn0YRV|cQWxRC@|JxIG*>y-JEhwh`ShC z)~=F>U0r|K1<;EE96cHJD-mEiP<*qT+$)Ox+YE7H>B*uOEb zKt6RAAu=Ms>W&hlIE|s5kR4gRm`WCvc>1Hy=9kcYJ-u71hhoz+k@k?N>hul`K}+SD z%yg)HL++nPU-Y`@qK1to)&-5`NG){m!Oqi|cH3;4&58?Z_s+m0Mb)wwSp~7D58+l& z=kMM8#l`TvbZ09{$|onYrqB8v&mF*Piwtsmhq9Tk`*shANrAj-aTe-DPs&qZ;RF2z z66WF$7@TC!>}8;36LrT602lQ=Lz{={kl;Uun&46vwd*%O#nQv=H$gNQiT0RDHe^JV zLsN^$5Bseis32L>*?A$vQ@K_`A8Zav=N$DD|D%0<>Yu4=aCr7 z1{As3Co!#3kz5{0Sd`9u@n8LJI0j{P4BH=tPqyT2ZIbwuJ2e#iw5(hCtl|k&ZD@e} z5cl~sZDsO($7P``K+q8bLw!}F*MS^c{BC8LFY#26xnI&5_hZor|C|FM)?LB8J)t@G z>yt9ig=1e%9Jm&7hr{v!D1t10mZ_)XseqllwMh)2X+di4{a5^15+;fC-ZU}Xx82^xM z()u7+nEc(DnXoWbJdlu>Qmz$>Q2#-nWVw)-&AOlD#c%mY1IPy{5_RUge7Ku&%Du}+ z#=CsP|1BRe@A8rSE+3HZ^6~T!`Ctaf2kN_g;JwQS#JhYD1LOnuT|Q6?SX8ord8}x* zkorBwR2n{N_n>{dULP)sA)Dx@zRB24VhyBzNL1*lP*$)? z_+{{{n12=v;#Rc>J#D~K!}C!o5s20kvcm=~u|mYp+&T=#Mjb}_1Low9xqPxk_<(Lh z{~VB+II1FuI;)_9)^9b)6vyAo!fDL|JxXBG5eE>QJH(SbSfM>DXr4;kztMPgJWSKS z`q6Er;m_23wN4SV8mTu)gYc56W=9C7YD=>wV4d%ri2-YvSI?`Vfs0|08l^T(19ruZ ztgg)HVkkM@sj5bKeg1d(`010Uya137Hk1ERKA8Wjd}ul5bE11^>&1@zZJxjf>d7ts8X5Koej(PgP@*#$O{!hvD^V2i%*&LtzOSreP!Qex$bv!c--s*esAcLj!e zHLk3lba~eZE$}$JWUr#*AHX-KE$-*-eYjE9E)0Z&w#K38)|A&Sm$z*%yXeAbQ$J_4 zOs_Wj|KfUK3T|JawLYZG(w&6PcFRbAvk}xCj6NI^nZV_$URI*I8)BbgUyItH*h4%|9@-FHM*p17$?USkL;9%GH2#LD&b-bsjgBI9P zGQXQDAT9W(ppRSx_fIWcbD$1jHs5%ELUs^Sz~0!BMF{F9GlS&Az}V8S{}@JkC3PPL zA_z}BQ(2ivjIKZghF;9#D72VO0;aR9Ci%hEP|^I>ZV&Xe%U;++2gJSzV#nmim7N=3 z0e%4`IN1a?D!HlMq;Sq)cMeIuojhV57vJHsIy79(?)XN}8}5M~x(ObBZORR;O>49( zW|TAy0zQEmpm7!aon1r_1KkAXKWtqoKI5XB@1Fu>bY%0r+EEq_PUcwxplA#RF<57Cf9+{O1M zJ~fs~=cH(7xOPhWb_3(0bC+ADvIwO`*F$cc)Y1_VutD0Jfb}+eIXFm>jS!W}Frkjz zjAUF}1A(;uDij0P$q2N`^)KvE{h!&x8O6+hqP_~i9*tPdF48*bf3ioTNSCUsYbAg^ zEdH52w%^%f8lSQK&a~z-lkGQqGzxKL0obD&z#cRJ_E>#qkB4{mutljyBl)=7hISqx zF8fdH0ri_b*suOzk6b1tNdSAaz!r+OIV@W8oY9YeLADArG=@r=J;kqFU!=cMAIyvq z#sZQ10iN6NV1Z#GJCo$g1u4%uSfkO-4=n}X6z#&g}_Ky;XHxC+&wr zdx&+V8;%Pj#CWKp$9#HMkApNdS|`82XCh6#9I{SJ=JDK&BEj^$3|8Vh1xbn{{FmBZ z^LoS}95!opVDO6_zZ0Ra;N!)rk~k?!F8wzvUwKM3t(_b)>R>)S#>Q$>2Y)t;9OWqM zkf@tE;}A8%R(NVrrY-wwuDox7t>0GaaCu?VO36lj^Ka;pu(x|~ABvg2 z!iUvwv{s9pIJpBjIJ2H1$o1fXYPHY?{Yvdv*~SHOp5jl1w9}8F`Y{9F#cr}TGNl7_p?PGm-*O*63N;2xl_}}Yah4o}OHQCYQu2AG%stZJ$W^xuy3M5)g`pIpn_D*_R3kh3)-4J0Wn z+u(x#MVJw6a^4S9f`XW$t^+P?aOn{u#UwJm7Ugv6u^`r8`Qwc>;;>xUd7X9w|F%cq z&BBTs2l|avq$MFZhQnTx({}1@9G0$s;LW{)4pQPjM)kE*i z;<#PM<}RyO1e)s-bUZ6B;t3@mXr^ixs4I!22-F$@R`{n#zM4kamXn$gIT)h9$f%z+ zxt{X3f1-gL@gmUsXc`oGv;dWeK?}Q%c^f9p@7?WWrt1ZoOQ#_R48s@6cR1BmWfUS8*W%_&fpVp|TQ2XuD&;%jEmhXb{a0Qu&ls z8@;^Owq;TN*~%UIFQEe*8%&fjC`E2MPeg^Vsn@4P%&p`O)!d=_TSH8y+aNR-`1lUg zBkIdOi|Z8>YZBQ27ZEYOIQxk=B7eRnj(HD@)^+2XuF8&$P7H13OV%ksZqei*^9>`= zRQclaJeOLHD4f+y-;_o_{gsp~qG1P=%YEKAOxQ?2nzHusx+bf)G`48Ne(tf#B*pOP zps1b-Ca-~N+)J}i^2M%vjj#5AAeB20B@{h8$CEaWC^*VSd$w@S>0nM<3JyNj0-b*w zHj}a#03$lTVWf8QH;iQVf8~3=&XS7yX<_4LJ?!-kBc`?!4lAvb02q;#L|=i@m|anvB>>IUfMxh9*Z`OG;BJ<5{(Venj>^u~>%|Zvw=7^!nkQI9cHa>TUPXjP z$K=PMaQ(q=7(pd+%m`Ssps>!(tS}#~p_#y35$3~jouKBzKf~N3eZE-5?hIz@jj_17 zyLz}T0jnuwOo2mgK15x ztWJ#FzEH3fF12Ts$18m1U(Ax+9|~1TB@3&{ z&|I0}STz#TocbgeP7U|TLdI1sDeyvPs#<*mxu!-M##K(tQ5bjn@@=RpA#vr#l)sXX zJRQ$yrC^oG*s_b~vr)?BD7o^sALX|Vv+#5LQVYC&s^Nqbs6#db#sF`0@(W*2 z_xE2OiR#?Hkv9epkBpWQp--pNVhE+^KfnU=4Au&R6XOt-#&M|O(% z4Rg`VM(a8{of&r*pWGJOmFK$hnfv=xrPjSpiQ-a&bUL$r=4v?D2Ito|m321cE-kmw zkJ1<{-=%=BK=^F$ixlnaOHRR0v;~ysSj0lrhvE^L*jBkPWAxE=Q$>_&$JhDai& zJzThYYZ@dCt|;d|h&xi6wxMa3%5{6h|PXs+Zy)R#qIu!8NF=8kk*5KcscH^;)L1x+aGS zFQY3sykp45pBS?K2Zq3#8~%YI)|qP&*cyw&4H01v01TPzVYkCGSDQRv;12R=chg+{ zUbm(XtuslF=WKPxzTa+N@^FAQ-&vOTYCehz-BR{Cd+($9sx7Cx*PfTC#q%xKoZ1NF zZw)DV*O0<3NdpRlCg^t!>CZ_~+Fbtn+Vc^prT48bnLZ`L1uZ%YpdocnxO7Hm^tUIP zB`vd%bM=T6v+myB8TLSCj&P+~PCvk9Yd@B(vbN}MS27gMd=7P}1PL!rmi<05r-!ER zxn61n9hTTanrJvDHD<+j;zFKVsQ!FY0CmgMnMTY`FifFx%jC8?m&$Lw*)b!R;+nAe zlSrF4jTz^*u|b4!d}BAxeu9uZI`^j*ph`^|J=SzSrm-%|vH#GELSR?mMl|$bO@jh~ zd%o5|ver7qAGNg3xx)ti`JU8uc13BYEMy--|BAlNVj-R0%qy#iVJ!|UItkaglv8XS z%eDbUfEvXlm^0UHBqnSEVVK#&=T8o)edmz1KRJZsPY&rhnMftiy8&x7qK>(U6-(OYbqA{js8erY*m$F8Nee769 z;_40@oDEf%V371bmeCQ9+}$*}Xs@znZp{Rw!bPOE*tC5{Rd0;rc`~Wv6}xV1Edx*2;p_tW+|?oH5EHlSshM!}U6 zqGFRPtRIgDBkH;DJ?pSo(z zVi1nCyPJHz|3qClw*RwP2C9}$0BR^&hJ2ObXHJ?hEUMDqO-Pb{N@=jEb#fTL9iRy@ zxETdBA@K1gjrf-)1kIFp857Wia0>lyLfF4@r~;ahPiYOQ ztnW?8_5h#>S@;N@wF=MvR}&JI18740>ff7?s}F!CL|7TngwQ=RXog_8#Hwl!p4UTJ zItNzx&e_L)Dtj=$d0;*DtB(sNGM-JG zGLP9}tS6Niufm&eI~Q&ew+SLvy$zM9Wk&6m@z@t@qO=-#cY;?kOegiHinxv8HomLK zDxe5Ly`+xN833qAH4{KZT!2F7-&JHvOshI!Wk3%14;5*1$UYnSLq)=b04k!?V;}~& zmQ|fluz|QPFtJcPn6F0K$bnfW0s-9Wat`OdPUNqFevHgf)<{ ziO}~5r1gXL2U?Vh$01v?$rUT^p%ff9VSea$fhi5Cw8_!`%8OCavaDM|Wk<{K#bp>P zaG9Viw&)jx4isyH^PJ4KzC(`ZFyN?JesF-|4HSMEkS_q zaNwY6tds)NXwtL2?A%1RFUpue3j9<<*>}#*%@FmIg-7EcGY_h%u1mc4GLOs8qh}do z--f=LJijaGe~dy9KLMhU!2cSBOzi#dL?Jeu|94SHWIRAdqG|pwqmc2I1$*;9q7age z`Sy8{uYW}$H-ASVrT-}kk=Xwu3ek9ak3up-{yho_|G=C0IX7iCjK+itEv|y<6l9QO zR$j30_E-H<7?!wwHYx8j<^pMx@&Rdm7nfd#4d5bnUt9$n?cjim1rbFM|LY zac%<8NSjjAGr9JVm}<=qjqN*)Fopapjf@)6uL(N6(?}M8Mp%B+$f2m|@CF=qXcb@e zu`jFPB+eaG+3GELW*GNFdy$sHVpcX^{&M)?%09G_?4WRPY?skV=-{~6N1$gTwu zISwW)Txc90%1Vk#y`!|1-DcD@@{TlVBD(cEv=QVsao#(aanAok**68*7OqK_U3JQ~ zZQHhO+paog+qP}n<|*@(ZFB10iJ9qpJ36}OZSB~x|A)19toSnX%S?G`k$(GoA|1>L zIy%eo@SypGMMq9s$}$*%VldmxJJgi{$o>73M#oq7L| zMpXYHjT9F!8OjuuczFCn8Y%pTG*Z0a?!VDLn1-~vfDr-ABUyL;Hbr?alpp`=zOq~M zQPCSfs=f}wYy8$lrux|V900;fMKG^D0=nz6%76n2mdNw+B4Yv;KYg$0#|WY{%KHZj zA0w)02@>A|Z1D^%?xwn!MabfD{~ywbj5%d&t=TNSC%)eQmPURT{zDq6D8!nall!MM z0`-5Tk@Np8jST%qX~gkI8Y#&9S{;^GgbGMpql)*XXzB$M%XAf2r!>a(riJe_F1X>Z2Wexg=EyT!{?zY@m zZ|}FFU)KvU#o(27Jc4c(FXeV#bGnAQL>9@|=ab7sO(Vc*tE*5sfj zohdbbd}6lsi9!sy>mlVXOv?v^%AILsfxvY=6Eh-B9aM=XUcW^6QhWdLnj-TA=@icLTL zvu(wsM-N>jNV(>=JCMI>sVYn=(49!Sp@l=PY-d zg$lbiI^$wX(K@H+&8@DtKS6*i4{p%BZ>m7QhBTxpBmiG@OAHaEu4#k0+~Dvc!17IU>5^15^{g}z5@QDlY_4-6&9=l z=Q;jFJ(^Qq5{gQNM$gmdO&A5D1x>3%W;-!-77K!7@W%>?3PkFblt72u$!NDapbn+f zzfCtSmWPdai%L-3TwuAm2Q!{gr-zJ6L&*9{s*s;kDSMm3BVB<$nwA_1tI7L2(F2eV zd49P{$Dvg%G|+eV0C! zjLbKvNgC$}6N=;;vcv1nnm)iGc&Gm|!*~-<*%-P`ulcHuK-xp$1?Zz?X z)Ru)#U!MmJ6CW={;OQJAKllM85saT)(ZfD>c2U{$j;W;z{1wV@gFLk zncaWLXghaW7jOBt{)*78U_?U<@W9|Bl~tjPrP zE5G2ax#)7*jAu#;7!AWmk(EVRCW0H*KYM3HK*HUsQg)SP#I_E7li)^OYnLv*36w7p zOU}-=o40kce6gom*N-CI3So2{VFb)zf!qRqo(wURhjc&G>D`Q9?s1Wa3l{DBwr5t2mBFmUN_a~&(JZro2 z4~$Y2pYo&m@2qf2ZRx?)@fi`6+7b)&(Ls6NWo*@(8Co*NYE^QtsDN?eu#mke9Ahi(dOn{@`@3?vU_I8)Oz_XSMLmxJUPmWvp@$W!cX~* zUD?Ne=OTNI@k!_4dCxEuB)`~zG@n;pLBphYs$^h&%n`zDSyIR;UV=noS^VlZb`CmF zeNABpQo}Z>9x!?>1cm8|DTyI7hp89yuOs5qcBBkdKmL0b#yc4#!#oef*P?;ZdwvsJ zd0(LMXA9J*V*3SUQVn>qviPV43W(VmoSQQb1}9+927l2aw+4N9$y=07e@Ut-OMdXA zCve2Unj((@3_<>dDAf|QiZz09273kioc- z7hWNhB4MIRm9Ab|JABkAY!7>Usku${1GQZt>-T=KjsNMAV}}}}OQL?lFr@qvZ+3n< z?CmLxqbtsXxG}2?VFrwAkwF2NZnJ!&VjH@g=IZWS3o>gZeqd^QnxYaxQ7KZELAg73 zD+sfma4Ho65>x(BmF)^_X^RtW)uI2NKsAs*cbU)^3-X!~O9a&yRTzsQ<~nMq0~02a z5~$?APP2>rSTyW-zrRmmezNB}>zQ7M1ZR?}62^alqC-Q3D>fc=V%z0Q@C_nr7;-jY zUQW%WBc-GPRVx`mom5eE|Lz-T4^i?=Nvx?-CUMymCufzkkXGab zW^R>H$|&hfOj@Ruu+U~jtM7%O!rJZnQ%r3|l*%YkF2&L+qf>EuHB^k_ND&TE01yp? z=2(2E3m3?oI4*YMX5)}tAtIn|7gj;znAsIt3u$~(eljPjF3*aPa3jf9DwU%IL>{3w9|C^M9a zG5E^xZN0fctnOmP5?Ex_g&(-9BKgXelhtnNGDeJR{Z+7rI!{9qbrq{^P8SefA^ID6 zPGkx}A81h)m=`t1)**#Ud05l#L~ALYUZ9I3Yow6|A0rnEe}5mwPt%*v`G`b-7t<qjCIrF3@9)AxV-6`y^!B8!%fd%M`<#3_8{$Pm=Q*PMF zIMMIKQyd6lws1ilguRrhS!h#3ejsc4p>`%<4#T)1B7k{)On^Vw007PJx5&H;PhhOP zWkP}B@s1bTgshwNA=T)%h5*hE?85=jhx}=yo*f23fKSN#3HVA$E}aCHGyZ2v?1>LVSH->ex8vfl)`-^J#3)@32_PRNGdf37fXlSv^|QmTK|}=Nbc?U4LT~6Xh43%&y`4( z* z4ZXo9WIdAR9+xYRuGc?gou?SYwgN-#XUN)UFC2Z32q+5^{(+vh{G93-rJu7MOMNT$ zow{U?V!OAwSOgDu)7jyL=t}i+_pm62ldd;>)-|RJqTOJ~Uw|Y|PXzldIkEu$q8vCS z5_n7RLM&4rTbM`1SngFdYs5D))U8V~z9gyBM$*v*DSm%S4&*I(eHPeIfNuhZ4jSGa z&jj+zAGl1rVFC`jdi#$WZ)M389b^L0z?pt0}1B0|=|(?4Q?29{e(@ocLZD9NvPvY4rFSJO}xvH6RLcHbI2~R+??2UcuSufD_ zyTRpY-Hrs`lQpZE7(7C+$>27H3A z!q3rL28Zyu#H5iFlR8c=mQi7nMAV(k0Ut0rR97O|sf)*icZ~2ePoI>Q1 zS7(!S_q7r}{fnz~WVJCp{OC6{{lAd3_dhfr=d0H74VsYo5cDuDsb}Vr2iq@NktrPz zqnFRSvw~u%tfbsev^U_FNG#eq8Y;6>e@B075583B5G*du%#ysn{|fLJ4qqAuHA?>d zn%AFEs_HMZS&4_~FQ+Sbe_vP@IQo$IV(qQeJlS+%u* zwoC`Imu&Q&o*gmP6gF(SEWQ=4rJ%~0BlgV2MMt_KHM&R4Q2#TmNZN*pwzZ;qPj3}= z8?n{YqjT1xR+o2ubC^mdf0P~1XnC_noXG(1O!xRwq78GebuIHZ{$sgZCqx}{I*Z&w ztH2l?E)6Cp1$?fst{kzm-QgZ4y9^1u|9$CbjzEc=)_z}Hm4fX@g`36gVEL4d=biIXdo&+=``;rIU+#UvF zU{6^&EY+ftK(e=?V`}5k-!Z|o{9rD(&=-WyJAdlo2~3i20AD~_Qze^d1H_@ew(w&0$aXUU&)rc_1Vx zGGUP3I}O715p{S-x~g#T(Z7H$JZ*dh?>`rZ8jy#}mN%Y}=e`5M5-h;;aPc-RYhx29 zqhbB_MiePj_GDkN$MT0shHIM;>6)S64{MXaBX2W3@c3Pb<(E%mjUafo6gSqXnu(R9bUv>^sL4 zT^b;V-w%fC{HyVP*n%f~u`0~~-|je_lEZcLUZ#Z4Ha|#L({edbEM!Mxs|e&nG17MV z_tYnWMz|H;By7PAz6Z2;>z%)R3pHimIcs2?st@Wlxr2a{J=%yC>CuVEnLs-j!R-m2C#|+a{EZA2i(-6yt z;Aw$-sDESc9;|pugQxU8I^yL+WMgte7(UF3(|)SB$Dk^9DaJHp>X(E|`K$7;cbJ$_tU8)2A-;MF0cuiz#@vd? z57*TlmGvEc^!V?mdic_;SUuA?d_`}wJsf_~f$5uV@45siU`BhhH$h>Fw6h3?r|T8A zwc9GRiW@GDdO{9`jlPadnTH%QlWPpNt(+*xzI)$~=aHw<*g`YToVA}8q;v!eM0o<9 zN=9%fyQSo3FfGajTd}@!;b(#->t}MN6l9KH!SATXItD3yLq#!tUdqojo&U`m*^Y9q ztQmMyi7%-0b6hb6H$N0JzYjHkRdM)>Z!?&dj8{6X24?l{b8And7m$7(Rq;o#Ir{Nz z!Lq{*Z^`*eX6U)6^ZfgmVe=i$02A}z&7OU=SEtBMZNm0vGuHYtTOyehJ zXo#sU#gf^?p7I7AMn|HO(3^1GwTGJno9DqA_1QE9>rX>OWGs8m7~V< zo%B`;ePZpkEw_I~$lKaC+2Poa9>0e;@LsE1kiM2-67sDs_d@5b0ctg>K+_J(#z0vBq(R93Nfh#1aGsdwwuJv9=KDeSyx@|}{tD)1oioqM>aaObEw>EL%efe}Ri+zGx0_bC zvlirA-E zY6bYb0NC=nj%+mmRf^OwwR`HSU^csF0d)Ae`YKe|McneWC{7By%LgmJMh+;gc^0Q# z9xuU_mf@_Om6A5vBGG-cbte8o)b%tcg1o(~bgG{e^AC}M7ju)?-?Ij-H&#}gv*aQ3 zKHuZr>*Kb^HIX8P<2lbwl086=Mv>fiU}zIjsnkpScpSvJL{x>S;uI;MH)0!pppO<8 zgiO9&d8SUGb7s>CAkUcLzkn2fT$HEe`v^w+ngMvs*Tx&fE}r0MMzjq*ch^1UN~~hn ze_@Ce8J0=`J%vx@3;5*Zayx{HL|Wfzq0(?;fmwq`o55L&m6{Fm?&5RNL>ijB^qq}e z`p)hJfnFml@pi^16K#QSPTuQ*w%Y-Z2^^tcD9o`7!uSJsa5^7`uaWcvBMx#{=GKdO zdvYgY=+;zb#AP@6nhmDo?3aoVW%mFT)CVS#%GKk}TDJIgqQGN_4279dXbp}B5}YX6 zWol{`L6ySK@NrkZW$C+H7>A2*ZWb-Wi9H4x)kwV5w?8Jm!0jAMRaHuM za!+ZYS>RxB=2*Mbc&Si6QD@*b-7S+}6y7JDi2+A-g)@`Pd7Co-J0Z>S*C`8*UC#pw zj@*xB?_u(GSH&L<_Nig^G*aC}?a>{v2=?IM%_@JRC(Z?J<8T)qnDwRZM(I z;R4(8uX2C?PHMXdpPuGxd)3~xMrpkeI$Rf=qawqPyY=hef{`c}P|I+BDDc>y+Ohu+ z7Shqq`Twzy$#MO%LG*Rdqk<#c&JlPNN zN3Gjm{8aA4=cWZqQUrK&edq1naL=j~e0&Xb@z|nJf%h5t9FVKQ+_vw+7GkI*(ku4f z4)Fp6?!A4q$ayVgI@&#b`%JM~fCy}P`qBY;I>oHa_82&0!1@V3NyA-2q(nW=m!5|Y zw?kp^ys0{Nz)szJ+X|!wV=EaT`ErJ9$8-@rZlBI$;X-+|90Ab*AtwS z&h-@L^C|(dKuG};WK@CJ%ucA_#Q5H|&H9S?cV2{l{97sEA6hG}BS-*%aC`s&ivI!W z`$HiA8|AyCaVobjj{2STfx?o~VZwI0i+zB(uwZUZtjaZQnUVhKr*41Yc++B})q<3V z@%8K>);k;Pteeak#&X58r-K!X8XiwJIL$l;dZ1rcMCDlR= zJ3E4|)NJp5eq5uqyO%D)Is4s_G)2LqTi5y1x%s+O;#35mxQwowdOZ~@Jqh%3pg?M1 z<8tc0*F%cprD-chRU;#{N>iPs-@KpKhHjaFt}234J9!`=bX(oyu(|HWqIrDIP9a5P zTyazUI#XVl{Fa0#V`QCTq|GCJ_}nCkdB`R<^fr*4`jX8_7wFg|V_diqId$@ZF)XEl z9BVIASpQ0llo2tK5j+ywpgcH6fp$>+4PTZ9MhXNWTrp;|mNALrByM6$kiRR!CFQVz zJZS2knNAov;!blLk}j1{LMnbh%NGenu?iZ)c>{|ME!A*F7=Oql0idjjL0)Teglw?9caX?!wg7I6O=17sT2@u)-MfM55lPAl_O?<%soAAzC63JaT2N+T258tj?PpHB7 z!ST6cjIqfhp@K42-ETD`=%-I@FaX)opp-FGd(VT>U(fzC9@3}pC~;dPfh zLS>;KO+h1eNh6Hv0c3Qw$F63y6Z~5kc0U4|h4iVIP%SW(y!&$0Nkdii{ZT-Ki_ed!}t@gLuz5M_5fIq4b*qF9y4osMLog z?v~z>Dfoj<nlouci0^Uxk(RiPm3CxrmC-saCk4#b^$iP};S=4RN4bdJp$AnBUG zFb^u<-iq5L=H>MgV6}=3dl@1i>k38gCq@$cr zDR{>shGlbsX7LTyq9HZOY?x9wQuilJ!MD|1h|fJvS~g=wK?3c_qY3PI>?8pr&;Hx(z5XF7|d zRh9kDUeBGb?ix<~-H1iT&VZZ!>Teby?~s;9TO$|oY}zs&hb4m?@Q+)7)?gEOCFLvm zR9>mIFG^ahsPrkJ*-)*K8 zsj+WyJLX@+C80A(lWSAwOcC=nX{K$v|Vq5OzTNBmJ z{V_yoyVaAn6}zB8xCA10K;d-1C0#?QE0UH+;gq8|Esjp6m93kv?G>Ig+qVq=$mHy$ zCdQy;1pIU^=N}!%klHh&!nbG-{tl*)GkRXy-HO>p`#U+&3iJXBLN#N9UK7}6lI4jp zp;c$yHwD$cop4u)TFGDe$gU!?91cgt%|Zwi%>uRSuA$3EdrD0+VQS}ZtAkeFgx(=% zNAY=f2Nu-zH8{iSkYmw}7GsO`a;ssp&rT#{hm+bk(teiKCWiOs<|#b9@`hZDtfPGE z&0J;4W}(Ou9ar4Lv)gB>=3t63vmscKb{x@(DX`9BA31{3tD2&#W=F2JizMa0O!0jr=cv$;9=>@j7 z@U7nMHbPXL0E6RYqs+rcg@nN)rH!xBHZM&wk&o?5Pw-_AwkS(byx`aO)t1t5(l8}C z6^>ko?%@Yhw4IqI80IK-LeCmf8^+i63F^|t?%_i*)fD+h2+WoE-%7`_yE>l8T5+S{ zUY7W1>6WPXT6EGDlcp5KVpW1VMD1%f(M(%T%Z4(f%=8yXea&5~_V<9|ta51Ab673t zoDP$78=)zc8K=^Tbl5$#;6D1WVxzm~)+G;caL=1+%uh{n2zuPx28 z_?}B^N#06OXc2ubmh3p^5g_V z0eOK*Nlbc}Vfq0tLt~%cg*mboV(fCL^YP*W^2M}xykkV2`Dbx?#Dp4>%)1zPOPj9a zB_+-&s=b6cFyffke^${0;#$Rp#f53B$-0#8!&i_DUBeqzDis!FcUTa+2)yW-`wdL` z`>H;3!W~aA5H9fUJ%yP}_Q6PT13@WnbdZ89cH9g9&|`Vf`#N%#r4J-o_Ub{;r?tSn zjWp}hP)kp!I@uzVlgm$GHFRf5t;Z*w-G&Jbp+msnzBRjC_X+0;a8wZ4SOQF-8*TFv z*sK$Q5;a`;VIR2kjpaYOn}6tIjq(uLN(K;Lf*kDlAxBXOmBXZ}{j#)Bn-B$y zaWwFw8Z|W=D;{M=Qmn(bK|=g1BQwNPV+jYOah6c*gSfKqNR$h90XXVocy|yhA;7;U z=m~eKPbhQdEy`vT*vP`DE8AvZF9T12oV{4=QkkEh0e8PTJEM)W~?n2^~6imDt|NJN5|McE4)Qs(07OcAMl zatBt@q0YqOLS)&j52=>k@7BeoM&D2xW&*@TsYV3CldB?FL9t>po)O(W44%@3Mx(qj zdjX$-k+}Sh5?e`C4S-%VYCI<@F3hE0b`Pw#0M})joHze`T=*uIsb?#fc2iOELay!EG_8a<6gc=!i)9LKzoOR6I;cZ z*eIZdE3Uf2r_22-rm$@bNJ4WONH;SI36f}-uv$~E5~c=`?IQvO$Kq0C!n`O~A$D?! z(H$S&m(QmV#)b(}7tKnP9fne?^*xh&HVO^x;UhhPWl`0U!OPWr5lhE8~^~NHUI$GfAhR8Yz)jy z{ta7QVq4j5v^+I_Qn`aV*P*W5Qnl=}fQB@Kde%1&u3!2>IAUoOVCzgK;E&5LP=9~o z<_JY3(TvJwBHJ7TsSw|F8FG~an^&BYV;D9-qO=yXC z=*nTcfyG80ojvO33|YuVrJKZ|eEf27Z@4)fQJnkYHbd2p@NZAlqnFaI=8WKgP9P2| zxk%t*BK2=_#!IkgfGt4mwPa}m2s1zdGV_3XU@{%g6iiBbCvX$s^-z*Fw*T?lUBJB=AI47>3t|8#nnV&y{H%fIlsIJ6_nEzd_L|C0XdoX`hm<}rjAqd3G2Dyww2ysZ?YFbppe0c%edyMI%yz>XRgKVDKH|~O z#0HzdEelxa;7O`%-mut+KVh?*edir7I`vDih9KS#q{9N*0_ONT-QDZ>`oO#4&&&+j z4a+eV<+DT2z^nDKn`+i~K&bcDYi5_D-0xb9xVB4cejq)jyaGo&V9KmnR(&+su%bY6 zcuBwcvX`&^Qh}8F2OjlSg_(6xuWA2byVxaT}c zbT_4B)(&u$0f36u)j3^I?uQ~+rui0hQ{?-7ouTxoK))Q2Hkg4p8NWm%)2`-x(?WOH=`UqfJO~hyA>tUJ2Xb+w zJ8|HRi-Vx%VQHC>FcX$=oo=x8m4-=tH@YUr(n}`5OU}9SpOEqT5fayE4=H1;Rn5AD zUl$x!RLmN$AcX3|sB#B!_0VSH0!DRaDfVpk1EoOVXg&d2kuVS;nSM`=RT9kDzwq7R zV${rG=7eho7lgDzP{nBa;$72P!#WK@pt$@9ELkWEsB`KWs9A|~sGl{?cO3N9ADftX z1I4X0p3+%m1^CfjvnSPXEGuNMg>3LFW3eqO3Vnp~Rc-dq3~AgL3#7dGj`^6DDh#xQ zwTP6-p?Mu0zqs10_`QVm>nGE13%a4n(;^_S`bl1&85CRRnGNss$Y9oUEfCy=xs|;A zoj7Cg^YmTsN%Nwpi~8~>6H@g0vEYx-~^6`N^xoRtfKH4K)V5c6gXsaZ5g}Wsl#%kxFGw6vOT43vE_hJ<=R+ zN5H*rZX9p3#d}p`|DJ4bEf{o5@LGzgJW^_-disnyhGEf_oM~}K-is{KX*iBEnazQ1 z<_#iBLcA#)xeI+-nlt+y7*p61hingE0pSKhnbcEl$KL`yUQ8WVg{7v2EK-HQzzI?A zC_?^az7cN+6)QXtp$=OC<=?G^p=C>HBp8(5p)sNP$T+chE=HwZCLaz>P`j6g|D@R= zmdW*J`$%u*sDjalAhQ-y5kMEExi3z@9mv86rIWG&8(j~hQ-4!eje<(UyDKnwy`UNb zrf)Wvcf3vOIsj|+bl4LhP$u=%=S(V3jFfb+QnEpQyPR@!-@ixTZ_EQo#Kg7 z)}$>uvZvU!%4VGhij&gz(sS5w6o6mUq=Rfq0uk3EdV#*#7hbSC+bSMW0|Q2X$P%Pf zvOv?Smd=(s;SxA*xgpsEVL@e%E6>gO8gX9iBjnMT!&ELsW)*ifqr|mNkSM>>LcJ9q zNK%dSQy#3F6xxC>0pz64vo0>|-% z?KbBRri@7%DU15pNpFH5yd5d5j1|MSJxRr|T;f-HY!=0xRD=z30O7~vK9$)Z6{pcc z-tIh33&e+}Z`d^7^4pMaoFU9aQw4f|4xagsK<-FV2HhfZ)9+4@&%qZ&6~x6>#MmLA zuDU4Hp*>)f-=ZIsfJBbhhZ}03>%w6|nGpWbUY1>jG$dy?&yY&fKNJm~z73zZNhE1h zfaDQUU8wql)N;iw5!x-@tkDkjk$ExswF{Ow7N@IRRmf1Fdp%jH1)|1UQw2EyKHFO{ zk?W^_d`Pez)aVg7#z{p zk_edeLB|qx$t59_aGT=M*8~wxBNw=h%O6`vEkhlQHZ4LmL)GCLj4qbyg(vu$Faw;S zp}0Hhi5(PUlR8vy>*R3KIVKbd5-)xVSnjl(BeX+d**$8y6{NBmQh{-yL7rZ@fkjmR za@2*nCoDAN*^2_0uvm+71C-3I(J+~_QmjI!9GQIl#ggO9SgGnCFx#`*)p#ZNDh$QsLq z=ddc+{AQXK<1l5hm6jXDv1CBih&mlCHXF!qUI6hbV9yb*B8|Z?OKr2)xgdy6N<>=w4yITZgd6La@FHA+h{J1=%x-KVOe%%H zrMVM3^zaM96-1=>hepaso4_NiXoOsh_djszWnOYow}LvgyooNJAXfG!(0eJ2k}^nS z{;r_cM6Ud_|MhYu++|sqRduB?F^@bumbCi3MGTQGWt&j+KSs8gE=jKK_cTJ>J6LSjU0k_VH(0KfSk5<_&St0hFQs(NI@(RUwmv9O z>tw2*(pM&=-TDITXsGu3uj6eYoA2Dt!+N~e$J!#Ne$G#?w2ExwZC%9L_KdV`{`2BV zjO{zF`s(Y%^tbap&+z>}FBtKAG!W{kQ5`APBrP=zl!7{qPntpRLx zMJitq!fB(7{CV?@B#dfSD^=K0yJ6`pP!Xm<>^+MXhLwJ6a5NRM_$BT=)24e2y~>ZK zyS>4no@CfrmYvWwJJoEmTP>DX zH!9HDqu_J<_JO2c_W!}#;qXzeLHU&FJE9bXR0nG)dxNN}<+{stcu9;p=9#DK$zf>NYGwF+zeImd zq`*f`n+Hh5ly(JTJ6>P_{hHAD8(mD>hXhLJ7sdk)_F34uz8{kN<*v(|m;}NIM#MQo z4A)q~{wKq>8w8@nuMkI67W^Q8Qh@_bQp|0}5)PvmP{PJK^w%G25F#QU>oN}f;twI!(2I(S18k4P=E~>hU-QDrhDDwb zJJ4N>s)?c9o`)mbB&rbMIiP4nK;T5e7!Jn$tTF8i^$ennU0jqUr7L+)G$^o%881$zHxP;T zJ;{+1W6Ivqbywt-FY(NnRq@j>?HzjLV6eTIIeD=ny!5h5%RqTVhpZg*Q&C&%XBX}H z7sqbjfWkGq&z9S@OI4K@K_Tv5 zhFMJLD#i?=L(cS+#+Zx!IIN2K*{UZ@bad(UbT@qd9DR05Ayp{Ccxc3W-&i?Z z#1LI0SE`W4!3*Iqtwr`E_nHu@;fcw)!X2GWVVCz}iE?#36UB5^tNMA)F3G4kLoL)) z_ZK;n3_8}9TI5p4Y$`x%+y2s6Z39O7z0&pp4u$s72kq8g5aGO~_sv=?Icu+D zEE#u}6q!U)(bTiL>+p42qCKi8M&vF<`>oOpDuo-?QgLG4uZyU= z<(D;y1uC*JEdrM4RKd7Zw(w16-B8`;jIH6UZiTiNg1-R#2%(_vUV7DGxFg2;X}8yk zuWT)(ZWwas)t<;^F8*~)4&_F_M-9Ja3hk{8l$B?P>|Osi>cST?kBQr9MT@y)qf&fgNScy-$17xpT^Vuty^9R%Giz zq@G=T4E$okx)6775f?mq1zbsLhnH~QK~Aam+iP9r2{5#imv4dt0|P5reeG0*<8om_w5lz%LK`o-p&x zxIN$z?rz~-x5~#`bum5Fs1|T?Hws>8aFa-qUlSr!xJn^6Y6=xD0Qu>R#pt>7*qvA{ zHk>eG-%CRyd11cy#|wZ`u2(l=r*I-ZIx|dgZU^_&*2e38f&ui6xG%Y=HIkd?r&mMV zd=cm)%^QbQ++I~YpC8I#{j04?4&cvdj3@$VibxIRUKVcS>N=89P)c}fpy8sZQOyrR zc^aK7Q`;1HJPj?tCPv2PCV$~A7B>eK0M+l6Xm7eaWXcyR{_Y)2)6>e zU>lTA3} z(AAT-in75{#QMeC64F^pehHZ57u9Z3PShu#s*kER`_3!vMzYC~36m;+(2h zQ(Sqni2?TPFn@Jl&R({(ZDe-dNINW>Mbn=eblj8oNt-4q#|J-j39B$0mfeZy zK|$WxX!T#u-ZF9ox}g-BwhB#6Bq&BQP3qel^V zzYFU%a)zcm?*546q~1m4A4~nL#l{Z6GSsDBa6}E6&4R7d?IFxSz8ToO%G|r|*7NnR z7$~VjbN4a(aS@`-@F}y=Z?r!yprTJ{so4clszPJn)Fl;@!2foJp^)=%6-1D!LeGo{ z?$#Usf%P5(QSCplzT=5;Dxp(OcXO^ifE7`G#4KUWiiBX3cM#|P=6gD@!ZerRmlYUF znBD!G!73qR5N93G_E9n*OdE^qe%myilXk_cQ7C4!3N-^RdJc~fP3EVV$_nOZJ191f z*=Gz5V+kc3E@u)l&U)bbnR+H`x43r;E6-1;Wr<%Q{K7&n*|%y0lD?Y zQUYkQfL}y}<7^tzD7Uj!u&Ji3AHrF+QDByMq%l8{D#xk{{gS5FqoZBC4IY0}OSO4q zU5)TIWVe?$T4eiJrG{LJ(UY-8=;d3NttWUTKVye>$Rhx0o=Y$i2Fl#~q@Ai>txiN? zq0~HQ4~TOux`D(YvsZ52Ba@=jbzv+D>%|lA%w3&U;Htl${xdK|p z8*Vv$_Q4-!thd(M`aU?FKS69Q#}`7t%WF!asb8LHIML}YtECop2CUjyD6PrusR*p0 zf&dNeE25{do)4?dtrqa}esFyQ3K@3Pfw&)!J9Ty)R-Kltf#YeS?yD~8n6Oo~#qZIc zL>oUl&H6|H1tjUNPugY*H9b;D;oVC_LwI4fcCCN|fx85YJ}hL7PjT4Q->MfvUxteCxC&E<+R&+#zU*HJR+Pi4qiXSpcJAEq9tcK60hT8`xv_$3QHj zgAumB^0aHz;iwEbJE00M$hp+*2}l`^Qn}SVeyd`Mcp%|v; z#NR_g(L3FM+A+I4_|j)m0$sqv35_tLq;XX1)m!$o{f%JE6h#bZrq_=3h;8k-TG5h; zC+UL91f=qYK4=|gYfEo^F@?-j%jjjBCGzEBi#&Wq0CTK?Q z;pDq@L}!v$S(r+>aP`7?-OMvnr=DffL`hoK+ukJU9TTJ%K!^>1dLMey{GY{c9eSmy zVty)on;nU6WNWbXBGHbkwCzZw^K|xsI3Q@H80jj6XJDXSiaW1h-C#SR8#htDW4hSi z41mchq0bVc7OYdwgp+~~MYxA?*p9eV>u0%Un)eJv-#uU={%b|PE98!Bpkzoph%<{k&_{ySRZa%{g#>JkvHV4(?{|UQZ;4Pku+YPe-nAcAOuq7@z17ULPne-2c89 zImr24m16%{z!Tui_5DVQ{Uf)`J8~B@@ANxkXj%DPAZ!2Wm|2VC*slQ>^WCl~ru#wR z?Qv5(cD^7bHT6C+Dc$=eEG4^ff~%hGnBU38IufIb(*ouY1KGx&9KKc>vhPZM-^ydH zeJOv9lnnyrR23S!@bO39ZnIJWS7jbe4gXr zV+paDnl2M2XAtxC|lVzawmXJa=Y@op3#RphH@uso>tLUk2Mtn3H>EL_lL6u4k?=6q@tD@$~|pfgJ>+xDhOt4`3AOP2(EK$yY<~C5eaT zqotwMv`|aO(3Rt5OHD2A!+kg2KFgGd3#5$=#ZKI%Ab%FftM>hK1agWD3}_p;jjp9< z76lj4RfZ+i_*oZu{*}JsI4}NNG=&ipSS=G&w6ayEv0Xq2@ zH6_Gyu)%_m@WWkE{^^4vWr7rWu zHbzFJ5h6}==Q!Ihbg2s{6sZPe#feO^AN2e$+JlpU2H}a=g_(_w^*S@)XR`oZQVyyl zM6xn1v>i`f6@cp^n4CuBfa!tl8cvuu8%X&wk|(~E1$KG z|4mpTY2z14j38*Eqc{0H@w&(9n1dJ61+@_o7X z_>>D206;$fuU`MZX!VXZ`gV?Hw*P5`zQX*K>qYJx9x0#y6yjkD7iT9caq`WP@LgAn z&lPvU`PCGU7EJ~dK*YyiwSV8R#%R+J%ikBs(Ar?*J^tc7BPXL)92nSs#$bv8jbU0_ z(BsghLZP|>(Kb}72fggExTxocOsCh2PUrjc)Q8N&F5lr8!^5G{zEtDwxDiq;F5*oCD6V<>xswJjwBoc$NBjn=F$Z|ie71y? z{;9&y1OXzul&p|8qzSF}tmE;iLE8P)sFkla!#zjV+gWl&e+k(Sw-#dg+O;<55|Rp{nv5wubdP?GP+Hc++P=m%Dk{yz z&kh7#nqFv3GS!uRjk%5DXYTQPY&H;omx$9Pn@(HfYh!&4B6K}RaTL7}X<6>boNb^@>(0Ow7!4-pgb=mo4z^JG^UnhF ztvPOtEBwxdt>Dr2LY3tzSZStlZJh|`i*?!dzX+2NmJl@;~hTvp^>RS=(i&O#(7v54Eb_hrH}TU z$q04Rs7DC!RBRd(3B(xMGeUe}pZ}C1N#m4XAc_S);2eK<8G;J3r zY58k)1F^vsh)wz?U>?;skWR&iCd2OyKsL^!FtNLq@4o zOi^XP)bbJX!a?0klD+n^^P9~Ct%rCNFf*4|5qR0X{Zt zF2swtzh)pQo{Dht_K*5wN%XE}dnX#-@sX*8qi6IYzr8@nw~Vp0zQz~=LNr?-v=Vog zLxw)+W8^g2JNrPjO^cNQO7N#ys3P?>a|9YFGhwc3hj1aLrIkA6)KP?q*9VdU>}$2! z;qv%ItG0%i0=dzBtbz0(Y0$(22{ceA({W;`1?O8MZa)~hwTshI7juGOyQe+U3YQi( zQM(tL`7wo#J3)V`QO$Aq&3NHNE$@u|W^sTyrb@ULMbomam)G*%m=S&n+=vJMoQpeM-|zX?qxpFPgfJ@kn_}2{^~6Fpohx6x z2C-?m{>~TZp$WvZJ)TV6Y8!{aPNLyFy8dR0Fr0jyTqD!7$~DGm4IHL;JN1a<=}Vf+ zTbwEbRPkiBWP!*!?J+ZCo{{I?aVa?KmC)BV%)4?cw8H>_zoYN#FykrkwZy;XwK(F{ z1eXc*^`%7HvP`O^on^iy`qWiEi@5a>C``*b2bA7l}@{0?@G zC07g%(mPqak=pWI0hQ^<_Hp|arzcyK_6MIBa27IIUM%?puVwr%U4Yx0IvNsqa6_`8 z4{^7GV=QHxM1h|hWc|8XucOA2syZl&TMH1T&{&%a6n-@_g(PU{9EVBjZVfK)&^-Z& zro_)u#|rT}H1YoQpE}u4q-e4p7O|+Em>?M+Momw^tNuMp%muu$^3<7LqE%6{Wez|@ z)K6KsJ=+v01|_XW50ts!%(anaVB6b4IqC<3x_b7G6o6Xk#NS@Fy*<}z)ExeqHow6H z#8wh)4*&_pu(s7@jJvIamU3iAc^nVWu!Xu=NHBKdYF`)Ral@CIL#EqAAU z^0o<5>DEt$KPSi$HVYhd;;4b=3Ph3%OmF-0me0@_H@rP&w-x9w*$QjC;WlRd4v zNGte6IkK0ffX(z$+7vgurw2S|I zdMV3Zyk2^RzaG*YkPGDqAPFjcnR(BUJsI!P6d1HOSBJAq&waqB9I=CLS99A_%8;&W zV2WZC!8&E@ThJ$Tg|Gvz%&Qm?Ja0i4$HpKxdxKl37^qe{r!@^y$VxlW)IGetlx4kt zG%8*`@aARAM`ov&l}J2=QY@LSN$r&lDf;q&kb#nQtvoM^d8tGt@}PTK6n^tWA$@$x zniVn?l!%;{$#Ca$Jb_`9l`uTn8Cy)S9a~4JoxV_0+-Pl933;VE95(*&2?HI@hL5P6FRb58cynSe&?I}XtF6Bth75!rN9*YP_GAZZrh%SnT#`2)GAo-|Qd$rFD_>Vp1Y-t2eK`R_-@;M|INLtj`?rmD z2~^F3CeoX3qx!OGob7#V``Gg7qHsQ(XWEoZpE|?oXd3ta3PQMH!Qyh2*K~s+SxjF` z)t|K3!624=Yqm#wb`)9UJs61T*;oo^iGMDBaDn5P7ADjO4Du0Nlc*CC*J$(I=yW1l z|7fJ}Qlw;_`)(}f%ZVI&y36 zI<cx9nmac+{J=t%H_5xf)Q3qlUnknXEXwiZ(uGj(18M=`R&xR9U#dIyhv$Rkhj@6|84x0NVJa7}RXTfox zZ*a)4HjX3{-5y=BJzqtFAH*zr9PBBF!>SO`Ss>aUq4!z`WgUEclW7y7I}yVO4@BTH z7vP(KyICQQ3AT%jQ%@RLQFF{iOIrH%8GHf+J#w@%-(bj1cZp?@{c3 zz=!W5^+){HV7BauVY?)dqC#gQXMsxg$s7!4nX^xyrfBXcrg3fR>_4msW?~PFSnd$UQaFZ&Do$hQ&Hw$5X`hL`V@92O!POF%}RdITfa*0P8 z`2eC3eE;hnBk@QL8IhtxXa| z3hj6Dvatb(oj)di?Qdji+sA;Z3|h0a>o@eqeBQkGukxm!QPh$8qRj;iIMv8tgCpW6C;zt;F6;}?mBf>Zpn%5=LA7=BN&g^ca}V%kSZfWH0Y27_Cj*2F z8XXRZ7d-8v_B4Hmj&gVMf$%uOwvUwc&QN}wg>))M(`ZUA0XK0qQ z3eJ`gS0%IMH&wa&a$*jtzWdF3(+`xFY))IPrO+x3qx)WErp1NqR;aA$ob;RE*&**q zHuqj^a}W-7)kr8C6@(J0V*dBz*C<5a?NtYEvcC4uRF217d8rHaE@LQUs2~;a&O8GR zP18KD*hmKHa>l~kF*q0bcXiJ3*90@JPv%>-oCBt+b5txbR`NjsZK2Tj-a5oVTkE>b z7J)*q9K)G;8lx*ZbOSN8Cv{S08>>kYxfW=pif|01yHc5n_-DU&DrD`&vTk>MO}J$E z2(H4tZ9Z7|W@rDoB*_>hPBgG9%9|fvX{Q%yml~okyo++suCM4ruVFOjUVBlYs&zM0 zAw~Pi7qYq-%?0Q7o`<>!mTJKAI8hS~rkj^zAgGNnS>mm`t!+}|e=*j0D;Si~U@ z%6S6f01dP?rb$eMGIdZA_%Uhzu;q!;NOvp1iBuz1t>*bwB*L)aL)|!PNRnX|ar`{1 z4kWTn$sn=X#}j$j36=07vyO4aY%LQCi5#rrD<8t8PlYb@Sd)o)>`m)W0d8V{w+bmc(IO%#6)& z@#vf{ap)Z$Q;`a%#k0xQDSa^S)VnbL+JM{Qz@PW`Egm$L$zK#q>x)(SXZ5OK|DZ|~ zKD52owPi3oKO3waKe{DV%EU4`SkU5H&9X-mbXA0gsPFev)Oy@c8#3hS`YTU`k)NNbnP!LsSkD9?5&Q529*1I zgx%%}7s?Cs;4{pca&#t2OG|R^jmp|0a95q?J^{=-S8mmHBB1c32i~_N%y9B;O!#jJ z3-_A+wgii)v(r^)tF=Yv0te<0IFzjWHMtBe8jC2r92ktFd-#Q6PaM>gwnwFu6USI- z2lr71rko%%`v?^KHOCB!@~x`PefT>U?{Z@r(WH-uv^;s59JaP2MujQ|_M-NA>Qt6= z$ZTEnmUGni=ELSVui@I322T~Gz@mgY zWQXMO>mx>L=y&B}XG0_Sx;TpBnYxrpc*X%6WfIKG7-FnN)r8fjFgdgLkE4v0etyro zTQ41ML)&U$ra@i5{5a4QiMOV5*-%Bi2TUTMaenM9Vzea)S zQQ%$39>-mHC`9v(H+tKX-{EsW;}ZcB1jfB~TIuQv9Bdq~byxre6gnCQ;I&oK=gQ)T z>q=H=a2?8&yJ%nc#9a5V;%JiXX9a^HL_Crk4l!OJP)qaNy^ab0e1u|W%6RalZ5MA9 z4bHrpz_PENsf$w3q&41OAkf44I}h&1i&OQa58gFLiPP9dyjha0IR26DWF<-+g+F;_|O0?i%+gSv)*dU|prOrdh+jipi# ze3;&gR9%YcM#afENN|4cf7tmKN7)4F{dmoL%OQ6Bp4(2ZbB(#mE6Us8_Q1DoA>z88 z&>`?*J3T#}mMRu1n`Choh%u3I%zJM%z~79J!X>BZIP@JQyIFDQ=6=W7Wmm|AtQ+6&kT z&_Jx(m(80ZdY9#4xO4ndm}OUnVNT$yTkv(SQ&Kt zfo_>hiNUPtDlcw7IVaL2M(Ga*&`7`l*NIv+K#Bg+dtc2Kp{egqS5*F(J@3qD3}Ohv zJ-;}Z+8Qt7tCWdRWkAiZDX1@9EuT#`!L3oJWHNtW%x_-4vp&Dj_-Jl+!yJV}Kx15y zllN7BuX~W|KIP<=%+OyB;u=tMoF1aHCBdn+S+2||*}8VdPhE{; z?=Pu&+xnmhE0hivAl7;6F^HzlkOwe^%_ooQVF+%&5sIE&o>1H2 z^c`;HuG@fsXRAuW`mgGbeL3^Gxt^In1|w*Clb)3snL(`i)^g4v!6*C+vEWzNGhx?x zPY%u>Z+0&*n0aEqI7 z&*~pIAM0SaAL}j7M(bW2``%XPKcO9W)@y8QlN|eU)f#u9!0DyNR@;~4td!C0>!m1| z1e9x5oDNph8}hjqx2GIhAh9tUZmM^o_#H<5gd&#SWC>p5gwaR!FtRMEXH_$V(PqW? zF>IBXH*=fTN^KiB(k#mi!X&Hr*rbQ|dtmTsK??a4Jra_K-n;%?T&7c~wD0Rovtl1c zANcM#G`7!oY@%<@`i_nFKqSB}7UmHYHuNGU<7VV}0d zt>Eei1hO2BRHBO`+Ngh#Z`t%~*p454 zUvZ(=RNTb=jVHd_a?@k}u&I-xHb+#Z#C1{I?<#@T@O5!cyUqwE07DsLSm4$tOvAfb zDK+vsIGtR7a6_EQ#0A}sZ`&D=BjvVlBQ3pD(XU!XY5B-pdRza^SxB7MtLIv2P! z_4>FR6I0s6O(>uLn@9B7r6b^3W2vDz_dEo(Tv`7URlNU-?$QNZUfTQnuQc}!6CCgNo>~p_1i19Fvfnz};Z)p6F z*OC1x8~9;rYF}aj$=SXw3Qb-WV){G^{kQ~4HfmGL2R*?^no>a(CvMV8%6FTXB)6xXo8RdvW-|ny}@|j=gp&ERAJGO zcN_-~vX`#Dm~joe+VjVve`my&++t~}LVE6VpaE|GR==#r3PU7)35zTcHHE^H34Z*c zxcx}HBF24&n#d_YAzWnA(Izj?BaBI!t8J`60>`R5z+*}4ln=HTHSoG1cdgRS(+ZdCe>?E{yQ)6UXfsjOuuPgzBl~$wajh#pmNHT!XRq))wpVqvcIshr~E#J zMo*$2Z){M5u=AG5GH++u`mOX;{QP&Rk|}}l1c<*|$Fu9llc{^PpE_4}j~@67)vf@q z49scxW=I3jvv_Hx$)?2yd8bR37)ydFWz@OsC8_iE8~XrD&LfP>@1E;|ogPx@h6U39 zJQ7Idz2g;+kQhUBi=LN=rRJ_UdA~17|K7WsVcZk2>FNGt#>W)5u5BPM+kvNigP1{y zhxp+!y;JBf9nY>CKKZUuZY$*bN3ln^2ipcwCNvU(MkM@Q0OsS9BReL3k35RJ|8-An zIpIbBCfuzkr#&o;pgaUAKF{~ac!W&&_)1(A!q^h;T66K58+HIDJM)vP=Pw zdtj4GQAfJ+`#Q5}UVdu!RB?9#mqn6`SUIja9>ByX+=1F$SvnUFKVtfWcXOe23$1l+ zbSi{~$khJ@<&k2X>N6dHXAWfx_5d2o5>F8CJstHcsaDxn`cUa$+l=KO`~dk8Y@DRF zrdD@&wW62%afm!eLFlE`y&{2AN6NNk?`KmrX$q;A7%k=?0rUSl1h#E;#T zl-s^HBGO+RYT zd+&vggh<`xlboWxJdWpuaZNrC*?GW072JNtN;uHo9V&R}lOJWEnwUHR*P@kHBDiqa z?Ji&234;C?&un$wEUQ^HMA#kLCSh2l{+u_kQ|wga>-36&w#{7fylMUhAnfXSqC?0H_JBGTw4`Bn2qDnYMtQD*3 zn>)kGbq%j}E+}yKo#J&3YL`?foDp!=+mg2F6vbWiYX@1+;e5Dm%aRD;;x~fW@!{%2 z`XpULW{oq-tB1;dL#dCiBZWkpV7f8Vhe!vC^gP^EcV~7H^=@aTfO91<^0~RC**GFk ziJh9Qr8(ImUxh&5FchUi3i5);z>DxOa>6jme2;#DPAwSatGnK8n47}fzs+@6zUxBr z6S>_Vi>M5|b}3j;6p(7+m@!e8`0K=d`pr3x0wZ2Td~TL)Ll;BqVgQC=?;q>%pvX32 zWTT{yRrdy7)et~35;KrRyG6K1KVA!cFilu5g!9N3kD067&lX22S;X^GtM;W_tumep zgUY;?)myt%3k%-WpYB~!!GnMKB5$e`f`cHw$U@M-f?Qwg1TL2Tt{#s{f9elf_yG*x zC;t{3xaC{#kuj-p>-AhxkyDi<1Jas_x~05WZ2l(gaTo{%>uE>SA=ho2d-7Dm{a8@^%1AjD zwLH$g2YJcAWkP^l41<`8ApJy!8}Z|e_~biJW;1$z_Rj~^NKjgHzhl*GZ#$8bKhUridRqmJRGiE+`y;f%t7 zz^k{^!jMwrDf#*W{-F|X1r9P)+6owFBH-FR#h%;7Ww zBkeOp*d)*>$-|-nX$+GG_9mKHZ-qX2Y}y;BgAb^-0nWfHo?FCvM==1v-Xm+@l`GIu z?WovTetxpMypU_jW5%|2m`g29mjGBnGn)@Wd9*eMw1XmzBdku_hi<&qT(3hRU$=_) zos&yo$HrFMUKoZI-*FNBSjRC#YSII^A@|UTnNL1@M>eDcWMof3SX^ z1T@>HBLd8{vQA*`LivNX2c(wADF8XcA$Y~~7jBQ^F*q+;8W^@PSuo^JB9%88W!F7Tg)?p5u-m%$0HVCv? zbj&(_SsOIAv-zWGzJ$BDAEK5`nr$WG%7XiaB~{yTyzm=-Cgx`UY{y;B4q$=~&%y;FFy-Sb z8l;lYqs*^~9bmj|8HEt!Sx5d6eDuK!A1t*h2OWxLLFX5V7C;bE0{Als+yrueQCc<- zom%El9O7hc2~1z@93{gGqz1^TmuZROWe9!R1Wkp%i$%}J_m9K(wC?m87$M*=3Hpc% zha|+8Pm~h{8bcB4Se<5A*m56=eqq3i;2fR zpU4Z=UO_wH5J_7C+uoBRLaVN_QftRu1!tz>`xc~ihL!{3g;b@6QCEU9Bpf^7G6=BG z$6gUr0QiiSD&71%=6M?^XN4tTD=)HiV@pwo!_4hcAtM-ZE7w+q-7Bgn%vk-)_MnBRDt zDOfovY%jmLAdMi>V%Rs(D)EnD!!ba3B=kDdxRLT4!Dt1dGTtB2LVG%40UQIXUa@V- zx$v;(AK?G#>q_^GqB{8%gHS>LfAx<4AqG_`O4}~*{pCK;t-CK18$}VHARY%qhUHe` zpT#V%Y~r?8QNO8lG0j8X?_qTLj9axp{99sme9*;eJN&&C>xp0quNe|J;f5@%g5sg> zM;7Zi?o0V=iVo&FQL>(kdxdbI-G`*K+L%91YLo>%wP1@%3T}is(a(r4?@Oq>>QtDc zITZJE=7`7PEm9`u*1R>3>YGK%O>l%YmNRfJO%!i|bTTKt0__B+CTGg;uXNS-%IloY zAAl2d7E=|a!7)qlV@c5HF$Qt~OwHK3gEc9{5BiX96e zcP?=3qX%m?r;15g!ARL;9fk-I)0`QSq_GLTW)Z;u=|S143HBlpz71@OV`h5a@Ay5s zgn+_H_Kbo&P&EWI0?eBNrLSp>t1@@9pxzyKh~3384$*HAd<(&p>1YT!2evCNKWr+R zhx=idBJKk-Cg_u5O`Vuln1-J{e(d>S-GwO1j@X#oW|N><#?3Vis`p!MiY%HugJlo& zC6~DQ~8zek%r-9XZ03uxPr>*^1zF|VRfyWWx~RZggX%r z_k#fCThV}OQ^jvV`>b1Qk}cEQGrBvoE5p(45BIdwvB#$NRL4@E-oX1lp!+w{U_!gh;A0)z9gJHo|5pgEWG_QhV{*OIX&d&S z2bD!*D#3J3@$=j1payoKhV_E<(1(Xj{98v|*6itRcjE|mz;>bI&dABt^_w?wzg;cT0zK=LcNNRHEr8mF0(K_|Bq=r4)Q$32qSgCk+~x4Xw199_TaYBB=S| z4@CHXB^*zUaXPL5!-gfiY)XfIo>>`#@XPGkbBK>gUQAImb|I(J^ecm~~>vv^vv_u)X?yw(>8-kpM=-c;JWS=+O{>7fp%N;AxCo7-p(_+7vEkDhi8&b+oW^2rV2uW!l&5>Jrgi%2~~)cpb7gH zEXI!e^w!3{_{Ranrk3jiyo-Po`rei}l20dv0jK~9%9dv9bqxNS=-(IsZbZ_h^7?dA zOyyrd$dzo?B8!D&Kx)ex!dK>|%GRGwdjS6)djSt^Ap2sleUsN)J9q9voI)~C;%N*d z5>vYwf!vYaT*3l7xxe}B+$U>lkT7)zQ``MNSjW03CfGRjsrOVi?J>Vy_arIdaB$7= z3`+9o;DwKp&_G4bT@(P3|bw7!5a$8qq;5N}fBKpt5&BzF84qS8^?X(&~E4*=i9T@!9 zH-9WlHyywZyOubdenh4_m4WI&CVEXULN|2mkHw4}U8pWBXbmZK!w&chr8A;gz;t8v z_{MTGdaH}1c19i-F>tupd$VAVimPi?G^vV3?aO8kLfOf8*MWE0-W<-0?HmqW=c8%e zO%}7H?E?H`Ge3K_9G*-K@{2g7Ny5ek2*An9b1#mgw=H5LGNIT(2l7>*h_r9WpN-Yu zz+}P8UI^ce{a{p<+o>y@0!N8FdPQ-VcIP(eBB2h46-&-bnkhE~t8fEjh~$L}oT{xA znp?GztXKhbAemRtyryRhR1@j>WM6i0Ii^|nvEA9skh!bF1$I-6)MfrmVPnd*dl}T4*Dy-54K&U_%XsQz`CyxM<)I;%d zV5&5&fQHI?s8Eo~?Yz-niEf-T^-6&?+qv5;A*O`juKMZXsiM0E9+CV0?2;%(UFKr! z)8#w|jujZxtHkF)DTdrcmprFv0iYzoHVKJAxiego$~ovgeC*F2NLI@oklz%JRUPa= zSE&Ky@cTnp?Mk@5AWZ_Wa8+Hk-+hpRo8$N?1k8>q_7l=a6>^Xr1#RX1T0@z<+ED)I z8i>!NHs>T35V7`Hbt;lADq@auQLOP7lb~vGu41ZzwxHELTp9!+L_};0_HjO3n+y}B zrJ0SBJU={a|G4wM6}DJ~zWiHUOC?~zIMx9cwRStW#^$7n$*tP|1e#ZTRJYUx1?)w6 zA~xn-&1_~J76XYi$=I3^1rZjNZ?nUG;$?=ITn#~$BK}QP(*_mLzwro_pckCljCQ*4 zSQZ|tdi`OFJgE?H-lCeudFbc;v9RL6g!~~AY)cG@WwjS)vz`6fZsI2ult*)N30GK? z;yjLOw?E>U1fYl1kwEo6jltH^?eF3$cNx29GZWUhnT z^{%vn&7X3tk)~CsrYM-oTW^#Yx^w~Wt6`L5IimrViz@Ulh6eez4 zy?~c%bg_btXBN$0gdZ0+pBHkpyp#^o?(BD(@^ldcqya2ZKvumyz;$O^9vzUQ)TQ?o zHq5$BPZo<2K6 zT+sOX@&kKZ?rKv6?FkyW=iWC%g#`nJ0Mg2rxSN;6qQya~7B$FJ>H6j>k3tncg2_zJ zlu|F_n}|5FY5x!Vza`&r0VBN_vig_1y6l0nxZ-X5#g}T6RD;vw;zn|){3h}#FO4Gc zFT09O?)qcgG>&}4FqDW~PpWwQkZ2pNg`!2L<3%kA7}z)q6rMfkEV2@@Rx|Ae3z@9b z`k791_Px`rA%E`oyKIT*4+|T2>oG6sV1)@&+i8dO_L=JfVQF!cbqMu^^>rym5d}pu zK~^f~#FjgD7!3sed__vA;BiNFpY*afy_2ZGEAr&qh*)MxVk_FjfagkEH?~d^J@a9d277mm@r}-}3 z+*#V1nkr@LR?LDut8iS!iQxTl8oxDvJUK(R#VK^2TLaa;9FRCs_c4dHJ zQcp~G8Wdl?FgPL(ol>zR#SWXVZubphpB-lkbmi(iE$D2`fw44a>oMQ!lxv+P8}fn#P%FVH*Q&^djl-a2|DzW7^9`*s5P?>)bkblc?LsD=VwO^t zO}_)CrhB}yF&~6L4*hybBz&4$8O}*n<#9YrlZuMI*^T6LdT+;oWoo-?O1QupioAm% z6tC)bfi%1hwxRjfyuaEp!~v|i!JbZ`;##(K)@CGz`pQ^SWcai5Jde(L zN3chyyT)2y!=@gj_6!ZSv(+WbQKxD?yRUeT_&KB;~SB#t`4?NDy2;?A1?cfS}w+rZCY3QcOH z3vx_$5eGoS8y2 z^M+v#RX`CXDbju8i@L~qo?B%`kl{&fL`epV5|dWU=Po39MQZQ&g%A()-RT4@xMQTs z5A^OEi)lR8J6-cKsji7TANX2a=?s_;%}s)IQ`-me_S1MIF?k=F0u#E)6K5LEXO!0E zx%R*Vh`4rz?)an6)|7}~SXY}}gq!WNJkhILZ2QcRhEGJU3+sye<)KGldbczk7Rwnl zW?tFFw43oDG09lYWo*J*=(bIWycCEgA#8c>aAOP}KCy~3H^$?;^`os5S({o} z1gaVH$*d}vIf};fvHj=MX(ajgt*j+Taf{p$$Jf`GB_Ex}bl$A_p_aR$ub$g&&v^=D z;VUAH8PNCHf6Dm~Ys9GV2is2yPP)RVxTI$VJVp zOW#X08sYhHXsYw~(haa3r5|=ZnINxkLrT+6fGQuxLmhFUKNL_bsmzuSCMabWuIS|0Wuf9tcK$Ole3GRonmqc= z^nj?R=7kuIks{fk{m4xhfJRbWxB})=042xYOV&#*3o*4$3Fol`WK+_=pK$!ThfOf4 z7>*F&!ULj5L!j&5BnCzqzgEwFGOD?prD24Bp^Ai*Qu-~?k&eKYjM8c&n{ut8kyGxn z@k1M)GNQ8hv#O++7RaVIr7;m2)H&`ALpL)mi$P{@z_Q#o$w~)F!u*NOo$C_xYowRN z47vsO(NY#r>QBa?ey7z4MRkc&(HgmGgs^lDs`Op7kCQEbHot#nId5&Wxa-l+ltal) zf>Lj)aCEs|WO+Kr^1e!CA3;7`=AVT7TJG|y#}O;+rgWusjlV!gc-riV*`#gaSACOM zRe=!Xzj8>U_Q_2jylyRQN$Uuf#CMs>AxK?9YctlBNJ>!VDzIIQFp1v*60X^UNYXT; zaL;@hj5AT(2zornE*+zmh$6Wg$FkaVpTug8$lP1sV2<`dx}k{F9=@biuA%>NH+2CB zTbi?mM41)VtVvuSmccSX0Ygvw*Wr+JIc|w$!njcs&X2vQpxCc3+)3S`hR4@L&=8bY zs;;TNGG6ymOp<1!joa}q)MCZT!m%(O%v^WIH1t+5{`*nwLW#2}I90y@Xq8@)29-qQShhT;gZwNRHSYq&hk71$qU zh2{z5D!`nuce!1jARtLcs;1AkkvH1|Dz~nK&!76a8J%Be>*KqeGOhz#scP^?A@mx= zwx%>1Ye6jXYc7Xel$*x{_KVq7_j9%&Hw`{(=QS0)JD_Ajh^lIuu;OxXcvpk7V!#A% zS6!X#FzEJvYXf9HrUpw-Q+o!8mS@WtQXbM)G3o|+l9c87{NB}pG%@pY(s@SO!R3bp zXK8u|x84P3>EH>bV@rdp`|RdJ6mzoXl=iiAvSy{&`;xPds_L6x+?vF^3bA0=kHr$* z;j3~4x6AV5u5?nHKt^+kL{I7H<`+m667rJ(S*3%t_`;rC<}%)-w4Gyxr-ufM97lAE z;dm3Kx3&N$IWNfb4(K%0r_(f{#xheYQrm;WQX5I15cuh^VtigH9Bh{ZD`j()1c-Wz zuI)|t4vKwo<}`eeY#rI)6%Pk(^amrS`f*l1L`y@D$iPiLyPrq@8tRb^O$|vwPcXs! z0JiqDzy~t9tFyDKBV)SIx>zH^Kv$fcPO9!-Sy#38pzB0=fw`O#)5$*p!r5swBsY-L zhxq6}NKu{j(s?9A3+4CsT&>JY=UnNkOrm&|z_TH=)2ITgwyA@$B>!ZtWpG((LqL{` zhN-mR>0=@3n}|~jD=GGY@3n_**r2P*7ZF9mo=mkb5i%-|jobfdNqc?9^6FR9WS%Kl z6m-~6K*ecE(!V*dYLq#Zo_BYXZg_)x7U%Oag^z3O9@iCh5g79l*X+y zkX6j@e_Mzi#dxvKd)=zPjfECZWrZd_(Z@gBtALDAzEqR{AJX1A$d@2$)9k)&+qP}n zxNY0EZQHhOyKmd>-)-Br_kO!O-|Wm66FVDQQBjc*S@l-_la-Nm-g6#__@ZbK-c;kl zjHM_VGb*&C8mfz5V~X^oGjXJ)`mHdVRt*uK;#zSbeIp|inL z&nAB+^_8}U7Cf`O`qO5u+2P79x>G>zgCMD9T+ED1N=&yX&sKbMcIFXMlCHeM=Qe0jTyYkAJy6%n+L^|7@N47^-$>%R) zL?(CGyigL9n9y~W^JBBuGAZI>FFeNVK80M{={+;MmD}IRb;iZi8uw}JJ8L&(nIaTg z3%Q`p`mRFj^!w@JrcCHJ1zna&t#tFiuCiDTy6rkFPDITow&AcN>-g%=0$7daa2~0u zHXgupqqv`Y%Cr^N^78qL0nsOakDyKD#)QKY`%TUx$7aMNf!g~v zYbk2=PqY3Wbf9LD_h!iu(QQ4VO(J)T^FG4Na4N`(4LUrK=weSYFj!4QhAbp4IdR)j zSHKFDg4<=EthJNvz9W$a??6>7g*LS_N!qP6!?@Du^7pf zlzINEPQF1^d~+&cRl4XAxG^}KfwI1c6$Qd4-Ei?fP5mHJn27LD-K+Ja({oj0$b|w&;&pYIH3>(UxnIH!OsYJ_zYI-?6;rYTMQ91W zbPk?yTU*K|V)=Byzy;|mXF(lbZ$8K9MX1lVM<8bZ*T2~DwavS#7-wq!w>LgNM=P{q zEC^y=Vy{o#g&Z`~d@ao%B6Yg}ad$or)dTWtr-})=qU`VW5d|gapyVYUJj`g+4YS@2 zkpcPn^*nb#l`>vHRrc1RF1MIO+;-uVV;h^@$ON(+-U;vRVL>HlsJa9}6&POp+`7@P zH4%CCkX?(jZ(}=#yGj%NeSf8Zo>x+=8P%&p{fpMSu8IC%Yf`0j496A^1(KW++C!uS z9DvN$?4;x3fvwk^sbMV!Gg`vLSJjf`>RJST89K|hG zTnq&jART(Wh2cr6%>aY*ZKaea63WhbkSQ9kgkm~U+ZLe*qsy87)h=|pi_#3N)nSdv zC}E(dwhnXO+vFrKPB1KCNV?fJRY7g(#Z2xzU0GPCkPsS!gYaZIBAK9Q z)kiK0T1#kET$<{DNCIOP&gg7cG>xEvOe!5q*@~jSlq18Bt>Rq7VD~yys71qW`wj_Z zRKOmuh+bRDDoyZUb*)tN9fo|ga0a|5%JFGB0*Jq&@q(ZwW$H5Ur<-t+{tk`CaY}Kh z>6(bqY|81bhcfn6Ua;M77Ax-B>P|?k#Oj`1w6?q5ao7N_JtoAV`3!>^Dc7+r@nRZ# zwR&>OzOC4N6jVQBz-c^l1NI z2lfBZb7T6iL;SxWC)fIctTg06K)5WxK)nASCI9;i{^#^5UrT2kiKJ)qef3A;A+3QR zK^@TeM%=xIL(eBKpOB->uY!5$SnKs)8;7|%hpc0VeUDeFZ z%=tZ42)Ov*0^}k{Inf%^!?Li!gK~`76q?9bfSP|d zTQ+4#?9*}*m}5i>u}GJNDDi&6(Icn~i(PYw>c ziHWCS7*c1NOk4s)bt0u0(JY~bk;VvCXkR~Wh?n$#5P$R{ShcycW|KJ499{_ymT`a2 z-0nN_?TvK?xbk4q=FTgBbK!KA|3^bFBGN&AV&VzLy5RoG(6r5DN!pY*m+T=X7E6V$ zm~a>VjB!2vr=n`1*b-f3PlO;N4Db&SJZBZ^;K`LYGkWKFD-@C*h#P{scDG>6diFrd zl^@}5CF(tLcxgtiwDV_Hm%>fvw@tKv#|n%Nll(7`+5A!#q*w`KjVBMveb}EI4o5;ba^-=-3B*e`5uk=6ejuZm zwcXxdTbiy8$&oD!cBIWUNa4zNKD;*b06VtVeAdXhDhI;MI2NW{Q;wCFKW7Acg0f0F z<7kk-M&ps3h^(w|C6d8tS#uCZ0lYaopacA{1GsABO`@ZSJa_|ph6!;$$QDtIKpdPs z&=fH9s+{0Bp-lARIuZu)1#8?_5TtE|57tRkK4e0ipeg}Z{GhTR@TOX9aJLH%lGJEx zh@XmhmE#6bB1I*K<-i3-19Tq$mb&?90Ak7S1WRV%ZzYr^hvzWYkJa*hd1HFBntdoa zrS~KIv^Ws9C%n@^Ln6*9xsvc9B{&Mc6x0In<|{q9+Mdz%tc&%bI3ObMF@tHsTZU1T zMa-FW%$W5tL0cj0@a9M2zy#J`{@D!sm}r93YwR3lUTjS@fv0Iewut5>@}ehFNwG@z zf@#7C!HY-1ghvlbKF~K>8KZ$>8cU7DO+OlcQ2SHLf$O6kT>`6%4k#hh%o-FN>59aT zb*hT)Yuzr~&*zge_(;l3ibzxR(@lJ0xs!yTI91#sW{|srU$|#SWc={P4NlLl& z(V@f55bS50QpLxlND4(p_%lpV+$9*YE_sn&XqhLVPyMbSat@Y#)`>U#NTW6L80>k* z$`23_sd9mdKpJmzm9PBCOzIGgvU85Y31$wb6Zo7hzwEmCabHt=UaR%nkeqU04! zP&``Gj&_Wwia})6&&3C{E7`%Hg;RcV^Jr(;w`>6?hp$$!JZaLyB3 zXd=rRRTP@yl_asJmwFLfB&Ep4!I^%EO&ST!5m$&n$LcwFHrUJuhhkS3QKuLFrBgP@ zOr;9=E77K-2fS}jle$107xZ^o`pxweKuEoM9(d3nKiIB(O8B@N-#%DdVyIluCu}D} zi}Ze)bthc1;KMtW#1&KD>lw|=5yW8+?BKe~jR7#iSN_XPGBX;3`_>q`kIIdrJ9NmM zqR$jNMJP(8o0ibD4OF}sfgB6rhg!snM=gG`V}?Z(a_1a;^on#+qVsZ!OPB0iCkSE*zY7C>mPWLB%~iO;=cg)B>k~`w@b!(zfLD zm)h-?rr2bRReMIhiVW>4ryEbz`)OJ`C#`5kKIqLlbFdYZaZ$4NBm^g_R5Fw(~@_>;X>biHG@&rl_iOSi$-a-C(v+BK`qAO#u%3Y16_n` zMu)xu222lBHgy9PihY%(KR%?w>4M(R+7`ti}%+yM_mOa?-m$vlBXhHm(fjNn7$q zY~{GHtLxxw+o~FE2}&kIa^|j|wrgX~VgW&Jm;#yv)u9opwIBe~T-O9Z%g4iuyMOer z6gvBnt7wl$dEJ@7f%W^@9%JO9NN=SZW+}#=j~k}k5G&uI=dl)noq<4iOfte9OIM4B zWbA#jWriMm!V_`ct|_1M*YysJg?Yn>9WyxJ-w9PxaPN0vI9s#O2j|4Q*2I*yrSM-R zIS;<5CF-am_OuP74a$-9#LsHjp9BfRJY&lq!;pv~5BXzY+AtjZY|vg-+F2Vwu}G7Yp00y`E1yEQC8% zEIW{NsFv%@wzUt7bl8@@vkj=0G4gq@>l2R%!3)DH_?Emu8r44bc`tJts`)&H0y4ht zn>c{w!?l?v`1Zf&>U>-NagjNEd2aciP#2ZxDcbsb89Jt(n3Y0eWh}Yov?Z;(+^LG6 z4(YCnZ)eFJhjfRqJ7IUm@4`7DW{tinFw4#Ct5ys4YB+us&lxIj*{-!*TXk4*JmpyV z;;HsxxkH@Gaji{_w4$iy#T&ax$uo;@rK0_Qxp#8!ILhQYNk4A8`@0GHIqvYnfHN>G zRlwUHi*Z`Gdvr>LJIUgLLOExDfaXQ%!R6&7;TdN4>xi*R_y`Y)x*Vi_!*<6pLTAKP z92oYSA%34OV}{_&i!#R}Vgu^TY~INoMf{y!0QrHf2FFFAXQW<2_yIeJz|UVyF1huG z>`AXDCGFdy?$?|IQ3YlaV#ttIiY`X#%0RE7x}g28Yc1-Fie}>c`0Y_`m$`n=pg0I^ z;nr7Aj-eA7hkMD?gLke_ONL!yHP+|sy!i%;}g^5_E|gjf5nA_bMjUGPF$C zR63l0#A#LApP$Gzy zT~}gXxv9_n-c-17!2_G6cC^d%ZlUqkaJnQ|@4MD;?O7@oZ;Kv54=ioP3ZI9!mg$>& zk!lYI{%iCbxo=KRP;U=#+E$n7D67eTu^|o}O9mSw@+a6ypxrD_m9? zSyo@Q91g3P46Cp9r)d`cJ%1~lvZyd!DjuxAE$G>&6%@UW<5_LaT1;(LeG4&hSSug& z{KNH6=$%7QPGIur-kA0+tU4lQ6r~_Dn{`Etb#S@FFZWr1@()({0}lFoDi?&;BolKY zkZ?@%mf_Q1D%`{MlEo%6?><)SwCx%?%T6k7J{|R3sFC6j=#it5Smctio!L__P(<5- z!hH1P2?pYB$uM(wtI3EvunkDh_u+4F!D}M|{6MokSfO^VHgMrtML$ZX8w?G{OmoS@H*W+A zr^O~YiNaNlLYmB^LK4Te240ochNl&}qH5wovt?&Z)v`yjqZ%6ovSeXzjhwzFK9$M@ zlLx)XRd6Lar?|*#K)IcR!@^zWDCO_k$9bVimyUc|*-G@sJ&@F14|rAlY8x^&$KLnM zp#^0#0ao0Z(E*C!;`2=c{J7_Rthj&OU~!wEzGV)NE*1!I63zMd6T1~{y!ijEdlM|q z1ty?-Z)I(BhKSne6o+5Vt8HOMiRxUw2-iNFvzZ`LCHlyloEpNWMkxg3 zlOkM_>t8BR0cOGqA02mGw=L&Hh4j|%vFkQ9MCQ)r-_-i(wS;EGh4~u%mH!$JmlSCT zQc;-S$?54Wy06}|^ga=tgZ`=?K}w00BAsvaL1yc%g&v3!~_DIQ@zVmgb#7{ zry!PmbIDT}ZhI>!dk6r8z%D3ckOEga1pQ)A;9rx*uhrnQQo(nodg;PDoRP)5DmC?Q zaw{JL-?9a>MUBA(t_^bCa9421#g72GMYW#`-#a zqQ}biE?ZkHcs!(W87^)mvUD^r8vgWy0`_{aeOjGv(HLA%(4+!A^c453$Z)DYm7*JK zZl}n^xpHmC&#b`8X?UHp+v$3ZC*c~NeG$b?)B|lM)%i5jD!UHW+{CrhWF})sA?8)30sh6hdijC=l(e9uC11)_IT%k2C^0)X<0p3^rp_qAfdK~l!k2S#QKXP(-*b-QTYzyWX?1* znCy2ob7yNfo@h&3NF=0L4pg;d=2W$;7j6|5ynl60K8x_3a^)^P#kd|*nTwhGB^z^Y z?`%_~OH1p^6}7a?T<(*=iEy95m)2=?p~?b~V|qw(?NuK-io96u>pd@BZx^N8v=EFT zTArdZBI+U@T((I)p7O|k$Jy^RY9*RDTlU#&%IEF~m)+C{mOl8!NkC7lTE8)CwKln_ z%&q$&h0)TQ;iS=G+Ac+zTk#E9_;B*KsThNE=63j~I`>ST=kZkFR|3@Q&8qQf^=ncX z;CBYCuJ#preJv}QTVV2`l)$s7RN*DfkbMwb0q#3^Q1jqmamE?LMHj*xR5{X z$a21JliOa{Fc+MyOI;3!*IuuchX@biOYOtDrjA>#Cq3@`>9bU04v$#9k4ID?O6F-S zwa4X&dG?qC!GQs?mSODXEGpV&wWABb+xW<_5^ukw7&@CxkRWvT96AGqVJ~V>wOR{` zlgJu9tDn+;u$Vq^r~2rfpzZ$Dqm-7HpV8^3o28LiJ;$X^rRS^XhLLhJ*=6A4|DxF$ zbj2Av>2gtrZHGQ^SlapVnt$Mg?=Afuv?(5v8||tW>DA$(D@?wEn1W`-m6`4aQ_h;# z`^~(+X^bM!uc@!}ty=MX#bw_Thn78Iw4%mbH#&*6p%HJ7@Tffar<>`e67=2{gD-%W zrp+|tesOg2D>%%ZWKa2QXKmAOfA{=)Nm?BEH^{N_j<3l~eBUZv9NB(Ez6xJN~Gx0zJFQPndx-~#BZOiaq(UjV`Ku;uh-oLx(MIeJCh?n-C>Y#zVkP$jic(e zNWHu)Ygh|1eL@fSwmSq;GpsgmiIvno^^3%}>QnyG$4!A;OS%HemIh;yw?f=iC{^mX z?Pyvc5sG=&&OX)x{B$`y)9t;1i03Cu**y`g0rNkBJ)w#j885HdkIm~^JL+~((cX~nEM#kPJYS+W-8T~xCT9-_K z%S}&aEsyC5cJxkUQr@D<0@`Y1uTxg&Ql{}jZ<%i!-0+ToCj!9@jMsduo2TYuitUsU zt{K#L8^hUM`^_0vSAiDWll1wNjM{;B`=`pR`%}DKQ^X_T9(2g9ZJU`?6WTWDr_*HE zD?>4lJ3%kVRi~ev^8;qbTapV`?*rS!j#J`yeVqO7PZ>NLe>s90jQ%IRnz%&YOduZR z#FudxZPg~XhN*uqm}5WKH8OZ!J`63;;MFY|NI+{~BaebdJGmQ@?3Td&3uVq&zv(?< zl$WgGXm@%uh?u9}%w_V$#3hz((%lTLNwvSiY~p)ues;GE@a~Sk7bFfJIiokns9V9m zJwp0bnZdnH?G?9jl|BfK@u#b$V=Q2bI>hh%el8^4&Nk~v&%?ypWL6z##Dch}=8Yle zdn4kS2}pOQKC6CFe=J#RtF}th?!MZCGjEun^-UG8PtuKz#8e()Ckfe1-F2=O<|n57 z-Y;hpj#jvr+&-wrQATo0?&0G0sMTi_okR8Y!yQ=LlO2OFuK?Hu+`bF)WDp`jwSCvV+(LEWR#uvAmGu2>1$*Td|vqb#j~JI0^(^` zYQBsAyE1O0gtXR#AE1ez;3;fw=Lg;xAJFp<=c^Q5zH6XZXTi{Z~m}LZ`neSL?CQ+Y7jA%k1 zvga!GZvuG`xjk}tzkD+&9xv{te^X9I_~GLFn?J8aTZ!b?Sbvac0c?MWj6eX38Lq)? zuvVGj5sLD|zDh`Np z_~+ zvV>hR9?)tSK=Pf$Amw!ieE&^k>c80g8QWhC;_6r{U=^FyRF8^%l+7+!l?LAqZd7)p zX0^d8SsLM2q_(1FX}|2T-nSB)bv3;~Vmt-apiPl!?Q&{Cva&8iwBW5xSvpbd(6>n? zzIBq99=M*k^tjSMoi!!2R+T=%vtBCua;{UqdH?EH`|<7A2K0czN72w5!gx>3%aIm6*UTd@dYiU~^@X1(8JGY0^b_U%zB`2j`qkImqyCuhNAl zzS&tK9`FZ5kOlp!O9HY<}28nJ>*S)(nXC>-g1=j_;Bn{BI4`^djf|+4kSKE)Kxj9JYFO zqcz1R4|C^5hY4BCN-xQi(F#?P?GI22!=QGI(d#vJb*G3W*j{P4`Fifnzy3l*e6jlR z>K>@^zI_C0pq(`bU1bP3gV82TkH*TUCJ z*Us&+8n0IA39a$l*NvZ}hi$HBFhb+#UJ&)~l3J=`wVeb1_AxgU!ENd{Z0k4B*M59~ zUHm(3^&7$#-a?*BhXAxLx_KM8BP24hFCZj{nzMdU&uX1gpw?k8-M@N?M~>RKj$nVp z%ag`53Emlywd)Ef*YO+rBYN+|Y%Z|;oryj+T-BSxjZo>y0h-r6rKfN!mr705QVtdE zJ`-nZm*k~KN!0dtieXV`>p`2rMDj-M$FAg$@8hcVj2i;uw`{!Q1>1s+-D8-n;bXUm zAbrdR{o4IIwdz>VceihR_QJ&U&eF?f?{ z^oE6+_LG_H3;$^H;%xi`5&ZbRU@~Q#o4Q# zkB7B+ypMZ&UnZ*m#ii!QRo{uX3f003^s}$@C$>`2#(TFQs4ZBE%GP&!eo!zzTr_aH_7X3 z34e6j{42Em*t*9O2A*Tr(>EeC@iZLM7r70;)KbiUJME0|^?{x$B+R<9-J7kF9reB+ zN7{2p)va`>=LMhTi&bgoPMHL(1-k^CtlijC4Am`|L=s-8mu1<6st}r>e$;%miEgSS zjAFqB+40X&?Qm*xWiV_LVN)EIZOkYm6pXY2r0cA;0n(MJ6Vie*_%cEYwf?TSkJ#na zz%wcfvIm&Q-|F;E6@FYf<`#Veesn)=dV~G5NsHKa+G&hsS^E28pW-0eemMQ)He>k1 zau9?7xs6~sxn9t05Dn`#=DVb$W$hf@%(cb*={`5e!aOY7A67xN3&RnC^m9Jnlz0NZ z9fR&e#$W%ao~mOP5nnS63UtbU`7=WAIIC1Km?#;$AR$nI;lN6qMcr$ic3(*61A=W~ zWt;C(6}Gvg(dXM>F*jt{;V}AM@*uWad2n=V#AGct@xr8{7x|cTVCR<|`Lx1~{1+C;=8A{2!%$vXBYMx9#INSrw0|6^RLR9%F&63nvk^ zT(k=%^9fG!96k9u)Ai9}6={Ksn>`;y4e8?j9~8mzDCa(;@C|pd<=?Q1`hNqo{x~_< zTyhWwzS|lhE+&bvGfz1EWfRG4Q9-J$+2J_&C|M*yzN;{&bg@W_@Bs5Q-p031I4YgU z4P-hnFwlTMeJG*Zt3aE2hddj1jK|DbT;wj9S!xSK%oDtXkO(u4pUs;G6xZFwpfssv zf5*v_r6mYSWQd5o^O6+}7c$Y}07lWOP5hog?k==_l9X7Mmqei$q7LB?(44l!vvoJeThJg zf1{V1vB4hEGhH`O$mAaqvNZ{s0d^0UD-z}Yn(jVFNgE?&_L|I};b_XE^*B)a#&M7O zYGmT^TT{u2lN!c3&+{9RAb5g_kaWi+4$1!O73S@n!!Fmvt>>07t9x{71E#=j13m~W zM$``COLm;0G>_} zorJ0{m~$}s!Ns!QC1Ww;By7%i_Ati+;OEc+Uiq@nawTzzLEs%Ot9^o)mW%nbdAZ@nu6tU|q2dItKPQ^!Ea(p;f^O$nv4OCdW#%^=9FyftA=p;3u;zj#MlUgAh z8nwDyUg464sm&it2eA!Kzt<3_rL(YHG2%7Q2GOK`I((IF^7Vf&p2`;Q~Zpk8KHcP6qk4NoO9=> zG=Ewt2?ekG3#;ushf=e-n`&zf(=butTtM49NZpOcRyhezmJ=B^Rxpe3dW;Tt8)nLo z$EX4ucAzlHa3IYfk-A%tEcqX4L=YMJy2eo8Alerm@mO5Y&bhtM!J((jK%E*>J^2J3 znuc!2hd*GN{nqQwt&?$Fm{>xcj|6TtJ_DHr_Nmc5@Xu24_#((byk!soH8`iL68G6iIk6AcWe8z1hZgjh_!urdR+^ zo^s464h;u7ql(cR8z{w&P&;i4pdUif&ddyQ8dTb8Hxf$mfzUX({v~6ORK^9;9CdLW zh^87MLLsmrc%fdSyNWv<@t36loDfC4H38l{y0s>q-whPbTr1|ES`lVqj-Eq+La~CX&uxTusp0^imxjd)&c^OQzg86cNJF8|%t61JKpV zDPRFB!T?PBSXfZ-G=GQCaWbLoSlYknoq4UYadA3%w;3o0z(ePxoITE%Cz}H!KoMf0 z7~VBU*Ssm|6W*A#Bodg0D=0Z->(zj86Wu>*CTNbkM0}wXh)Yuw&q7IvfqT>)|Hf27(B&p+j}504dIY^P-lp95rqHZ(5Uk z|GM#8vdr%Mbu_1`8*TFWMC!)m|4eF*JTn0igaiU&!~pvL`o{GK z-OAtz>XG%9*TSIMDuea{OGWX63JG30k*#(grX5NvMtytF!A|H(r`eX!C1@Zs3}>>i zn1?-jqa12GlFdSx2Y;P@PBk|Rt*$xMirO-j$2!R!rEZ*Sy;)&DtUNQVp8GY>N8~20 z?fclSrH#;@X^-d=G1d;Y=(<}?3|BYmN;mhr$DW5f{8Xt`*Lg0<`1{^07I+^8Uxr&A zW#R?3iPv0Z+i>k_Tr^;*H?-@|a;E4X6{KUOd2TWQPkl!JVMyQKuoT=~uC+_S=!I@d z6oMwGDHhSbFdOg1?6nGEC$>pZuvg_vN+PAj)7s2IkT)~jdhsZSXfD@id`_%jVzyiR*(i~GI$Aa zeo~{84va+`1xId6)IKGe)r@y;#13{q2IqpD*V`q~JW(Y~y;tOy-Z`s7p%F78+!!Xt z04CB^_ul5h%NmrNtW@Gi@&z&ycMux(6Q8RD=1w@mq_Cuk1PF0M>6?~Vm74$|GFo%z z5{7T{Ti?MBmN3$HhpyYEAmz5MwNPjfWs5s>h&#rJtRpCtt;~YB_|rWP3|7~XX|B%& z7}5!viu_$zwvk|t83DHbeGmK%Ur4iQLAeZ5T}$E#+6|B{FNM++)SI%K3}$KD*Q9ab zt&yD@n@du#d1i3>5o*yV?&`tz}iL5kE+dswxRTr)~-&kuR)VIG*m zhLm-heNNk1GhNa@i{DX*E>PhR__OrK`RODA)*sS6YypcQ&g?6|LJ6TirrUp!UuQmF z^HvUc?14k92NE*+TTdu2Ju=u-fW#reQS)y*s{T2#-=^VmELgbo7dtB{x!)$y@o10; z(@rIPp+AzqH6n^;+a#^F@9!2kBLDo{r-eR%^C72n(v8zMN#PcmX|*^h$w*|yDNPeL zjOU$9R4C?2@1`?(O+#X;eFN-(lHVElvYct;^Cu~i4A@=}0-0bj=4#nL{)uG!;-FMJ z#`GV^uA)A)aAo#K8dwsqCmwkus=5`w&eSbQ)WSrd#RRQ$+uDZ91Bu`KU@~B;<8LFx z-5DFm2$F^aql(~RLnep6#wW=e(St&5NYehH6iR9Y7=Sbkd>Pl)LvxqS7kOcbCbwwdOd^2vnRx!i`yhbb0Ypl;BQCaKv7C}SRi?20gw)1&4WXy18T}UAM z8;O+g)`u9Ok}|=Z%{}s3!G59QO!P);kP`B#ky?vf1m;*3p)WBj%*i(na^b#fObZah zIOFpFHVLORDG%6mCd7XC8;?XxE4`x)$FToQ?FP@E-cA-_iygPySGHv&=J}!*M*e_> zj(`|@yN?B&oSh~@__L5}0&?&g9EvY8wy1HSXA1ZYC_6vB-|wW z^uqS-CvkJ$vPd(SmfD`+1d0V;be!0##8x9=%w)i@j5adFRF%4AT}djYS4Ps<4gq^2 zE&pZ0AV7DI678as=VMzIoRNLY!AauVGKt8ar9f81y34365&SEXXwTZDI?k55gt(XC z{`!Xz7c^w1koH_6fLKBPSMAwzXU&Nh=0~X|NrFiN*BAI^vyaLYaW2&sl`#vw3H~&{ z6}ssif$`?M~pR-C0TCYA7U#^v{V!NwVxJHapJm&|_aG>YDczO!&hvjJg6+Hdh zvg7c8xqn2}i3oaQ0s=Yg6(^aBnHeD4MfSuzRCo~j=b5SrUG1(5^84R`xC$p^PhgEi zQkkoV!eZS2rXTQ1a995RFFnZJk3ur`e;&x(EKw7@z6@3r&C6_*6WnpBOYO{k z=w?t9L!l@vU%!Psr|7N)r1PUz;A%+%|J<|j2_jvf-T56ThU#a4qh+!@D8f=R z$}kAUwMwwR{yjrG0qOq=VSHssn-aHmEG>V@pk9FKt!(_Z5TO@hq2tSDYkQumjMQB9 zBiU-GQ8fO#e}#+h`kb;hc0W$allSrY=`MNc2gBpTZgJ#izLp1>6_9Y*6HQwQ`J@99 zUBLaZ>9RPy&-0P z&%zcph7qcRL)ROj_(oSBUJ;y9vw1|P1Vy7u7hZUv_t$AuT$4g8tDJRkOk(g88Rv#c ztY+ta`BuPm@r)v>yLzV5J%eYtu=l^CSN^M~|9?pq`5!#}rgkp>)qVe8#s2pa1pY(p zf9>W^MpAZ+VFdzOoCXGB|KD=+|KEE5VdekV{4YNK3+D~-v>WrY`hhAdC8Z$+;-}R= zl}=={dOJLk%5CQNgGa4G$SDoPP^QLGhBScBIthjyd$PsOR5xRp`|xAQyVdEw8YeQ?Io$hqHeXpT z^}VT8kJ=Tl&VW?OdR7Y$M%%riGF+Hef?Ob$W6D~d`hJ~slv}j^`wzyl zOW?@<2G(&^u_?y#xMqPUSG2ghrnsK%zaZ$r0!6Vj?b9&)^n$C|foba5b*akoTF?4C zpW1H)E^tFyiS_h#eavZ(kez+!P$NEo7(^#gXj0tmqX_`#w>ew*+9O?8@}CYhl``VUdbEPDQIQ!-S4s38zC;c zwgGd53<#x;8=Zvt9)E{sIXWPBWF}@VR%BO2m7^CXJB#jtQDuRQ>5_aHmfFM;9i$*5 z*%w_c&?{v6*pU~lmTY(my4BH?XWw(U)1eQK$qYrd$N@3cKc6#Y?NF3w#Wfv_g{HR} zdL@_CumdHEcR&^6LwAvoO28{eE^2D9*^jsrNdA%iF8PhDp=b7^6jlRi0RifO7)ttc z=ZXDX#H>s!`m8e7E$hl~P9qJtqiMm|Q?1ER01d+=i>vOGBG1gmj3@uNk|VPBb|yhc z?=ce$k}ltZD)2ArrfN(VPqyUVkKVG(Qc{^-p90UPmlOiMAjW!>yk)gWaA62GF)3u_ z;E3wbS~2`((n0`m&OZ2XwJs`GGFWB2v zuIR~YYBuCmx-d_hh#`gGo?l+G1MAwr6`IISz>`t7+qa&mg|EM-WwfMH~%Rb8>Z&iwB0=;GAH2 zT(7t)chI=lHPrBR?Ryedvx}G5kK(gBmE}`|M+KD#`_c14rqI&NQaH^N5KPFO%Iz=K zfzG3Tb}Ck|x?q9)yJZfRJGi7+g^Gj*^rsB=s{&*PfS#DkrWI?#Yl(O>$JjJT@{F@p z*>pja_*x^pO?cZL^fQ~Z07xT6A;`?rO?Xx&e&L>|HqQ;|eDw?`mp3MKpgj#f)P^F5s z&~bP+TVyY=RKW}zy4=ezQJ6=8@>60x5**8%+wgB>D#dRyY|6F7*da%^L|G^JZ01ix z2~8OW!Y#tGst{|83xC{Es!p-V?4pahsL#Q{?K7lH;X$O3xa0&f-Tj+}L~-L=j$NrN zC?Dq-;(28ON^af@L0vXA(=ckMCxx+JnNWPM#ZMB$yWU!BJk)_Ig}*zY=KS-6Z^9>k z7CPn*;Te^W9jzXChJ-EOPlk3^ct|JQar+-{b>$RaheTBI#&3(LVN=LhjgD&snQDuS z6cl-~_JD@`kEL>a!qKt(pP^tIs%2mgrihmu(vmXsT7DI_*3LWSW~fTeaG&oCUowx6 zDso(pDUutC`r;ONVM$a@ns%y^^=WZUnB6uJG~iefVyJPX7M54!4&8YO7A#*XlsX2O z_MS~4g$IP0K*GhQ2q8gSXQM*6LUpMj-R2=9#~R$ zrS&gwsC{?^Um^_v!zQ8`B|@Ki8L^Xk;K&+yk^W_mA+iK9bTvwzm5v~dxi9XumgB5d zZ#35lRVRc&sM>NmRD+iB=m#iSJAk^MPfyeZ;Gi1PQT3vEg@DlXIbE>j`~9FJsO+VH zA$v2oTCHHq1sf(gjb+-OyB7cPFAmd{0V$-YtWmM*`l4O3QQw$}7wpT*63?Wzkdxx= zlw`KtfgO%?qSGmTc5Y<@LCVS+jJ{~R2WwHX-E;w-pY~(MB+c(2f#!u3UUD#_gkfEG z_r8hr{;D0>$(kwic6>CZ;jnnzey{0E%)BT2iCa7z6Jq7g*O`A+C#1NU<4_WM1`zr)WTi&LuXbHR9XUB=i=T2Ozp*X!qteFv*9q2a4RUktgo!_9I#?x*~0@aZ&TN{9-2d*fO$QYDdU_Nd}^$8;Ai^aRu zcYIF)urj|ck=>w->7%V98?v$$(6^fgTNtg;ifmHFG@*m{jlsT%%`3w=@fCfwDQC|c zsRf29=E+D@9RE^_{+)FPfyS@avZ4-r%I>gaivMmhx5_ zUU#KtciJAaDCae+XOWbHT;x0{VfLDEo<0F88a84_QRsLTn2>KzZRQm%<@_m>PD5j= z#+M+G6Ncrlr8r}z4iB4xRIK2O*?&?>(xnF-^AW7%!8s`RjtF%r&cl{ylcMxiv_+h& z;!uSt&QWWNR9`TcH~&I!p7K&+%Z1O`)c04$XL39N?yJ?7fNRz3fvD2nQz#0|jkE9% zSl<=peG73+;*aH$jz5=+dR6jdd60AJCxzJ5T#A-`&^oVzcBygy@cGu&EGIa`RVMaY zF&(n=fm^j{>2QKBM!vVS7o{a~1yO%SZJjRXSubx*m=7;E-HO=Hb+2_F|;y#&0_*nbwUEKluF~ zN`l<&61)}4urc0)^Xo{(Vo{|A3DrZHoVNI$x77)K{qgVg;M_izWTMQR3)L`itKexQ zDq8MoAz}^)3e5>TrL8^09MknkYZUPwr$%pXKdTHZQHi3oZM6%lB(q1 zO66f!KlQ49>fO8d`oFKpyP(m)Mk{NL=hK!;Wm6}zCFmL5rt)^q5EiueUY0t2)Sf3i zRFb$$woOec4CM{R1F-DSl|s$Fqou@XGi|#e8@t?@0gnvX74=Jj7IvdaS+&yemqiJU z&;cGy=$`3H?uej{@B52s79O~e9CGbEte^8D4W$HOXgo+>@<5zC%lGWJS$ zt>F)?$gnho<%1!Nr$lhPjr?V}H2$b$hJzaygc4yD(n z@IH;}#lqu_Quwdv<9lFkqx13AN@cDb3)}p|5Y76T`xzaPbf+_Vry<*98Ehw+Ct^}y zzAt)-P~B6VaBN<5*6}Ll0Asa(`W|#A$+MTd>(<3v_Ek9g;=B(xC6OxZ!=y z1ng6LN$IAiDTOrfl#ET;pFpFd_$Da3{V|;ql%650#9R`{M0f*m(s%zi!;xIdcS^gz zYvcyDs;7TYCx3)GFh_^L|p;~mwZCZd?F3N_|r<54mzxW{9!3Lj;6BO{tU zFOD>yV6G(8kTuUKXPzGe^A;Jy=muCzWEz*zgz)5)I5L}NojV{qLITrF(?pzpfX?Um zH&5?d3o*{jQiNsl{xFjpS%I!dMR;$961aqXtd)A6Ld2r*iNLq;i-4E6rsn`Xg@JQ5 z>4g4Gt!4pRJEPa$vetHMbW{9IhiO??bb*x~(tv3__9c8>^w)Rp(>;OpyX3tn~D3!lmScjV5@~)C;kn(AyviI0=sNQJsyQS}@^eB>wUCVPj970=N^SC{ zq{SLR$BXtIU|qa?3A*H#jSr6zjmJroktdQAxrax_!Z(Uo`srS1ne0TkDy9th7@}Zg zU=pDRO0t^n-`lbtls7 zM{oBaH4n_TrEO6voRErpAqBPw?OX9&0wnmX1SMvZ%~^HR$TiVleT`{LS>6fs0UkU| zg>j61_ncO+LS~D{Qr#yN-EY1%C(yo$tE9KA{Hu(6+ol^-Y;m5^Pc5e8Q`V_$jMI4} ztwB2Of8r$yaaA-yA0TQi-bMR8Fp(fUk^%~m zWY%}Ye9LBKj@YbRoIZkh(f;5iFr*z4x+d)o$#LQoq#_LUo$SIN3hqPTnM594h=?={ z&*2B3a=yGBO_F3A5@ytJnqbO%V;zNCA5kn=$>sh%=M<9|6SB|AIY+mDPdzYvjk+kl z@@qfK)88)c)`p`!SRufwz;0S(oW;4H+PE{z3GaFuC8%>E{j+-tD2k>cp9t-M&HJv{kWp zbaM-QF5VSJT1GLO4ODot;9iy4+LAXqgB$eZ?2x2e?@}(l=mJ{RGK1Re+(IO!!hXWz zN#ol08jP`VH7g36vk6^B8% zRWW@{GDa?ju<;%ik61y3_a0;?thwbg7a*dxJZ5JM+`-8&R@A5xo?UrR>>^`&)@DjuhN+5-P(=F+|Tzn3N z>*nP#It{YD?8L3DvC6xvz@_w%lc-bw8_h5|d0*V4GeMeFE;W$2vy@)3g`~i9S;U&b z)1sb(I1WnPR2z`u+;Q z|4qA$^c%vSx1v?DL#t%BI&uxDkC}F7-}yb8==fDT>Q(faxkI&BtuevWHE3!gkrLvT zx0IQ%%uX!T@YIu7xMN+#j(s^j(rLqXLY36O|5cG0MoJ&=7o9h8LO_1{;cr40ur*`c z2(OonEK~bHNoJ|+#PbN7IB#ReII&18${f7#&vFn(+%r(dkk<74h@PzW78#_w1Pd|N z!mO;k(C6&=4nl>!0w#e&^p|K6+kzYv1;`nL2)1WPohsfCwI zJ`LAcxj~A0<$Yxz>*H*~Rhvixu_SG7=vPgU{AE3Z@htq($V2;2w`Tgb*bkIz$*ceE z`hs?jft3g7*7gR)euj-zVibohDlb|o;nD6r^`@9=GpCX{&D+ob=yF}cCfEq?cI)Q7 zZQ}1p;Rfnw>cM zpZVx&jq}D+wxUx|n$+NbYPA}REreRqt{IAIYC#nF0a|LdmV;<{B0)Txl6XaP_S9eXEqy)rPNULNSlW#|0KKV z=>X%)4$Sxmk#`(%w&YAe%3S~10A-j7=Dl~tDo**B`&ocgCp9d%Z~CzA=*WBCQbTPZ zqUT+-91MyADx_PYO?%w>0g+4w57S5vdmwi_xYm+xTsY1uHh2lT>a;MELEaDLz8_HP z2su9r6;8X?hRNk`jMzh+ZcjIp=NsMTr%^JyNs5liUY{SYG*k3_{{r*d_al!yJwTD0 z9Zo!PaNECT%JUjN8>)Pf;QWU|XeZ4IERx$;=|;hWCH{Vy3{NI;Wb;{WW`(aIz`7y_ zpdE8?rB_@=j&Y3d3)8Tk*TT`%z+NVO&aegZFY-HyEy!OuSBxIgLSMQu8=Y{=uWw=a zXSE-)wHlWqzXz+E5ijX*$NAX(e|Ljgvx6jhbf&-d)1hb%Gi?O;l(y0lxuXBf;EPL} zP-%KeB@y0{v>o|V=3uC*$p57`g}G7roh}liw^iPomeXQRDokMn#EcD4)tiYH%>!ke z<$1|s2_oUJJbpKCRT~KNpe21Xr#~5-Y9qzB8GX4+)U)z(cHVD5^dnl3ASb(8v?4g4NJWh7e7+A2}MVem5VNr8Fm7;Tc{G@3#`U(HGO$Z}D@kOVUPpyyB z3<4!n%^wIXNpTzz+DS)8tUuj$6YhU~_)B+f`g%&)Vh{I{V7W3oJg9WtAF1L+K#BbJ z%R5E4twFlmYkgwe&n0ag4TnpYMX0OGGlkMl=o*|m2x?n)m-S`Dz6yRD8LMhtEB5&J zk~8XF9hE06Ik^PpAu9a6={?ABStj#&mMrDLl>HJ1!5EbJP&lp+CNNi}<7-iFH0^AP z#EFy9<8H>yYjyN{&kv<9i8rU(|GVl0@6jya*JKgcur5hTeDYjEm9+gSht~rtv=Qu8 zp9WkfIB*@N(P`EG%_5~;RcXD^_|z7}L8ScV4LFS6@$Vn-E2x>`!16bI8jqqDrqp!1 z5~lmCdXFlo?7<0SC35oW2O;80t0%xc*;y^1YpOU>BVo*l>)!B?*uIIfUjDe!8fnXlhIQ76&(5-n@r5sD;s>f6dLPi z-jAf`*E6{+&?l~oS#|!_7%UKnnTPz%!V zuq&K^48~;d1*6&0FYPLp`P1##KsQ7ZB1` zwK-DW>Nx~T-jW~jX?;9;7it^a>ZS$g!JN?Zs>bw^dK$~JbT=!W@{)|#ZLPQ^)06v# zhB;z>l&%Ix^t(ullPl}*7R(dH^^Yv&57p{at)hkNPpM*bbc)yc(KeTB`R=&-L}0DY z=YVQ(U;WA7w}~YCi%Tksm5b%oIVq~AAx*DKyGRAK-ZgejAGIo#eTW;KO~dLHWGl(( zP2>(Ab&YvEy`LDVxFu+hboYtrG7b0WfvZV$6=kF;?x$poJnsW4HFjppsd|@Nm3reI zCQ#;3q|J?h6tdejwf;b~WD#rM@m!2;NPU5RHvYe+ONnZMbRW1$WZf7p(c*zw`EN-{ zoSiAAmL8hEVu|MJPtgOWq>`pW4LvPbMI!G9%T?Y9N1o;U+7gOyhAa|xD;bzfa-7oq zQ;FTo=B0m?V%R3h<4n$X3pu9=MN0)$%Exixs!F`*Uj`JmSqpNVn9vZUMzwA!)(+}t zKGCXgmkdy`ZsvfeU%4vf`Rvl&<$7s{176j&j`){Eo5WNf-AZ=+@Gh-tU3c>fKH$CQG{3Bim9pnYxJ`cCrV=(0?YdRi)|~oXDv%y5XBIIL@|( z%B`t}**3OJ(k>IKr{cU_#O@IO$mq09+v4sfG4eMFd@}@IT__!So8453sGFTNpNDc9 zKiyx{#UQ#p)X3yY5%!j_%L0CilE(~4<*Gm@`pt?I=O5O&=L7y~8cl#qw*16c;VP@AnnE%lML@JM@Scb#+zPum^NQ+h5KO;|syZ#t!Bo{$;m9Om1t(speuGLxE9kAwTl^=zOZDv4AC-{Ym#Kop_iwiN|kGlrlo=w8`u z7-YZs9tdUtMyJ9S$^1yeDjvUP^>;?q1NA4WdXW`^And@GRKK%c*O-}Re1^!lcV4b^ z9)0$}igmlQ743&>nm+DuA2YADzYC1>?|nE;(Ob@`rZl1-_{vJT5qyCODsPa}Op9vu z1E$P1E5t~c#WdjXCbk~1l?jiVJ`C$}7pJ1jHYKZ;ruU^bGoEm+9X*U?exWO6{7l(9hB{Yx0p1rkq=St&>F1`Aa=tBQ9-37{7)sc<%M{|yc zOLxj_vBqZK)T4=BCB@cBJh9HHLS9B5=Z8~T>htGaF8^&khK@KGtK{z*Ol~%-J03o1 zHwJ&M#>YiR{`QRy$*F;z1+1yL;kpl+7{9W28=!&b6#1J|Ep1c9D=0Ca55(h>Uh|tu zKKw>i>k_r;)OCDD+^ttf&KVhB&WqvlkGgE#`M6c64jU=M*!J7>&imx;0H)H`UrwwE zVBq$omxLe696*EOxw5#=-+3@dzr^qqGG)U50_#Le3D$@r_7V{tsaCD zQ?#7Jn52@7&)I~Z=^OM~U*<)wuR%8N&|K5ULDw(H*)&G<-$$CcOyBJ6y-xkxkGEFb zjV~ibP!BPQ;Mgr_%kJ|r^|N2TXU*TVhgo<^_0MaY(C^3DemcSwg$QTA}@n`#0uLq5y4Ao5(|#+I5R=+ zS_ydC+=XD@mo4!yaY8ywK>+;bWd>l^=#z2rdih_(n5tq`HkICLIu=!e*NjUbujF*T zC>I&mL8j(4d)^c)8FYyHj<-<>kgBw@{>H-9T<$Y+8&S>(id)RrrR&FW5eLAyB&D4|eM29a6paB+S|kwPccOT`$azk^7c;dy+xveH#MYBqz|a zFV_5IhOW5wxDiVYP~Xi7$>CrBV%2n7&*PW6%slsBUwr!C#$l{wnqP-HI4#y;ahuBB z#Ojos3*Gu^yqZDP`QtL!XGqKnPK58NW)?5h?sdh*#=JLsZ_I7+nH%k+$gTFPm9iA$ zyy&y6$K0I6WwjHsH_^a_>4&!j_qQa7j|wIS?6PtYcIC!fW+=)a=>yqgtw7XvDxWP+RVN;HrehUKA? z+$$#&N>ztt2V5|Ynic@VR+Ig=l*jg~^82};j}Op-rWZT<_1@I`?!AXJsF3!>f^}~K zoD~!l>dsy%B7@{ULTs?1xBV3XV@9jqMkOXj8xz)>iuKA`2{%j)*^fUH+EBL%7Q;hx^wTCt zeTiRh3RyCvQlRZIc=QaX>$tw9vA;S*&nF}7_3eZox{r8a{fc%jJW~hlI~Q-7TDUF{ zT0RhqW= z<=nR~)k$@u$-&D$0d{oIT3%*(;bk*}7xu5lk9Ax$)l4++x}M5mCFJ-S6P9{L?hk}s zFocpja0<5rE1h*O(`P5Rh$o6hBm1-w&d)WM-{1`$V;^k9>l@Ux^ev+ZlNXMcl*w8T zLUOV+1-Gy(52y6D!VIYEodMsF<@j2+mq6DEL#)5ll9zoiN5GkK_g2x?zRq!kP0MB` zmsHh!)Sn!MnYXyhF4kTT_0?4`tfFlA4O}(L4%M+%ua6znU44!tpEXC|t2r~!wZZw% zz4sNq&>AkqRWG#0E>LYPD0Q}5ewmzm8`!V9)~^YmEAx+5VzbRz>m{jOv(nS!8sCSI zHf83%s;z|ugf(P~Xy$IR4au_Gyr>^PH`ce`(XZF6nKHNo&s$%Fb^&2~$2mteo03*D zluz)g%N9dPa>Peru`8*Z<{)wTCdR%@g*z91R9fE-A?$-#&9&##bynUN)h)|*Q>v@q zXot;RxIZpSwV!t`_`c%&bS#f1F)CPBJFoq#w1K2qXPTNIJ8HSRDzsnJ+RRM@uQ~CG zeY27-j!kf4HGaT#FDK3H_!)Y^RkP5XO8A0CrF>LR)z5A#ev)PWr;N^C7ZpXZM%Zpu zk{5SPv3JV&MsFtviyLwbD2TkF5TF^CV7JJYcMrBfik1$IT6(ZOgQb{ubc53$=YwKM zb7vlAWi%C)HFgvg9#1_dr593bctYNly9i2Z1|?Ac#>X^64V?m?!u~7W9YiJ3SB!!5 zk`B7H9LfF?=o$+2lz$lMJS$dqVGb9~zvEU$PpcoxjBylu-^nA-nMOVR?x*vgScBQ< zn?~*p7and%i}YV;LGoZ$J9EwH2>ymld8ysN{634_DqkO}DamgI-WA zd>d+=F{3U`c0OWZm&n`j4^Q^rb8g>ruT=OSrc%7RVZ}ehSHeLZaj(W7?$);Qmh*d0 z%la6)qML*EUvTvwyg!r_d^mcd?1@mE=%{jwW9?V2o;2eEqvvl^bvmSQ$nZfrx(SETIqA7{%`?U}=-)BGs`=sR*Am?P>^J zXge_T^nbh4Z&Q7BzpzDIE6WBdq17-mKx~9$;i$|bF&XG?)ibH(>SGHdFB!%xiUCn- zX~BERg+_FQLi}!KC+R`bIV(@-{=e>KCM}I$*qXz%wCrdpEzKzlseVrXv2}TPR8GpY zJEJ|yYD1YZs}?+~?tj~&u9zA1%y$no=f>O@R=PpstMh)Zxk6vQ>hcc9iaj;&dNrrG zK`!5Re~{U@Y~OZQ?9x0Dyyjo9L-TeWf?uvAubs(Y*=ma!Iihe z6QNAUu^z-v6CB3B&ZwRuo<`IMDrM11@UA-qK*c9t#8tnd@?^CbXUywIO@otmlgOUH ziBhLs+4o5~HRIO0MA;jdBbKNxzb-I=sxzAOD?E5+ymQ9dm1w@i-~y9SQs9+W9M=wv z(~*E0a1joJ-f-5bWWQ%r4oZ&poRm34BKF zqT)mCLv%C3i8;7=S#c>YTraHZ)gZV=d-REgA-IX(TuY|CcbfOQsU}`oS@~$qlyq*V@;yY&UmtKDXPA{L{()YM1%* z;-Px#|AU9OxN95tgLnUoCdAEQ%>abAbSgL+O>mG8{?+I zhZw|nkWcP2$%o*a7Kb-`asRwh?q7IM6Nl!s&SeT>qaB!s@dQbHDWE+XyG2NWw|Fr7 zIfEfyFx-UyxLb%UYCrV$IrV@CA4AkG;}=(DoR5v*(5D9HAzf?KybubPcDtw~YQNQ( zns?zlE6ZU3GKx#Ri<~Aj8%c50SxVFAQ-*uy6-{7F#Wf{XX;!{-yGD%|RW_Q`Nwa&` zN950W#Td8SbM<^(UI9=>-uDtBkuj6ay%|vc_lf z81fOE9wZgv{uwVWI4&@v(q$0mO6w4~aWooWB2IH95{|&xE!W~*d_@#H^xCu^S97+UOw)Y01BegHasn&KoF>x zqou_9sN_g-%O#?L2*a+C74u#59MsT)86U!=tU(X?OU;93FaRD3BLp;*)j>Svb#t}4 zJ#KitD$&r9PbItnfT2lxRgh1mkGeQM3L&7sm63qDr-5D>F@nyhBbVzif#fS`LH|Fj zB4T=+u!u13B^V+GqtpsW;kp}Bq7n%(`ATGmJQE8Xb{vM_@6yE6oWmGIdLHhF|FzIq z!%*I^5F!~dN4>vn7Hf2KBqVt_f^5+xcb6e7V4yk5M^Iuu-OzHK2`L=%UuBpJ-V_UG z^a5^YWgmUWz(pPuM3?IDy%q+{gm)CU^x8gjmxNA1|2s7XXEV$eXURT6e7t!Lvbq9Z zGgg6*J2eFKEyylYbij)xLWrB9Lq~i47^F({ebAD1mlbkDV4~Fcg=T8tn+7)$9*2vu zr207o><_P%B?NLVn@=_2r4~`hjeL0HN^w`=aeF5uwO0{NQ4V`T2JIuB1LZxWH29)a zvDi+&dD8(Lj&zU)MH=2Jdw0n-jx9{pD+6;tgW*1JgNC_abwo#xRkl5idNPs)!*gQe z0q^<;-1Z=pG;YI&2cQ&SipE=G?m9ODA@yOs@hcp~c(y%eVUPf7Kqm0g*lhj$euQiY z&`Z9^sx!FkNC-l-_p-L(91M11{qrb0&ZfW%4yZ7!eJf&f!`Th^6sgl&Rw z5O5u`gy7)dvyG?f>?!buwM8Let|kP`aar!M!Mdb2I7yu|T>dW!dR*z-kUa2(Lx$G3 z>zxplb5Ox8@UZ>T#aNt8O}E5w+$QB50C|EZ-j*T`-qy6RAw($#!AxjVkxO+|vQ_00 zHivKcZQx^Aq;G_11kr)RAx%B7a4+(O*_!QzCw~A0eF(_Ll8SB3H3SkvI5>60!139X zhSpk4@bR9OG*o#G?-g47fobT9!hOPIC{NviwsPOprhW6WHzJZa zq--{jJ=Eb|Fv%mif@6(Jvj)tBq0eFZ!ilZm5TFxHiVSguS&RY7$l}tWlx+kc#R9Rw zdK!=0kc}mg;A3ehA!+N=lLd6kPO>FW306Egg zQ~|VyBaq3wHhRG~pm8}Vk8_mR^?453|H@PFZ$~4yI^e8BC_aBDy%|VVXmvz0fl4l*I%x1E4Ez2>?hyy3=#OzEchdw_k!_3I~6S0;R}% ztsckYgw4z`+Nzn$LoK)0kG&J&9sNTf_Lf^?gdJ|xhRt;k+=CVXjdw22#Qhh3R5d^+ z8yma>8!&3%Aps=atY5)sYCa*`r3gE?Yc5NBV;W{pOc0&JKTMF$>mV4tjq~YmEN)-{ zGPz9vbdvbq5kEv(IP%@!GO)a4;CLX+EKTU454%Bh1FQqf-Sg_UED<=fgM_)WU~<`2fAxMm=2>^}$s zeHTUMye*Pw9%oB2J_$-qK-xzf_N&~u+@zLA%B@b>|tdD zWd3{r6ud6cjMa~A+X{$NZZ-eARfSh5JAn@*1M5D307)AAgW=RHzC(JB`x z#~6`a5Y%WtNXdL4K(oLJc$|x(pdrGqA#!QA z3tG4d&P0R)k=pjn;As352d^|tBE=0Rin|l}8X|iR>-La}`e8S+A6BGyz8clVF3X2X#xHpgHHcTM0{CO%WjJe%~$sqYCsN-0h3)OW7w7*8p8qz#2kUZ zAt8(if&T!UP0k}b=v2-13P>@vI=-^AB(+Axlk4Sv{tk<1 z$Qe&00vut6s}B(kQ@)P`{g?#@m6GjO1AiHc^7D7Ixt}RqK0d`2kkz z{K{lEY{h~Mupd`5qa{Qg6h&Ef#Jnpv>TBQ5kKx}+F~rX5ikFg(0noZM@pL(~;43QN zB_F*6WwW=_>VJI%X7>b96mmkh9r}3w7WSWV->PDJa=(8}mov)tBYLEa84N19n^2*) z;1aG<%UC>(GU`IRL(SLNs>PpFFeL^- zdyT3WAIo?61DE%*y60^O)&+Gh`%lPZrSaa<-T{E2SK9Q=krfPyLh|9dMYwTQ>p-ks zjrvW&VF>LbM7`>g(G67XvxMA0sW#wfBYwb52{bP}j06Mo26kZUT9?&Ac{%*!5*{X*TvXj8&sgE<7HTV^sJ?B&T(&R~AGOh(2t$}x9EaKqx=ByK%#U%~uRckFba?xoK0>=uF z8ve9W1d~cS(S_WS6K5ss#a45CyI4vs;EmnVR0SsiC4kw(y9CV^SM@QoyO&}1;Ta-I zo~hcv-3`uZ?1hAN;Ms)5mQ0>zlR<#p(!%eG5Vjy>OSRG;SxSfAK!qHZN%~@(qYfHZ0 zd4F~f_VhT>j@ZK4Jmqp7QagknNSTmLXk)3azyc5#SM%8I)@R6`ol*v}o@9DS(hf{|I zwj~O7K#al;RRB`2k29HwQ(ySR~O>HHh zcVSG}4o}*?(W+30cpnEqjo%o_%G8H*F%;AG91Fx?ym)n{K3`E}aJW)YG~FK-XQ56; zypSy%2IHYQB3hKSQaOxLKBZl#gj4$x{oyDedt_c|gZL@imzE7Pq6^V5#0$Xjb_04P zv3#nMPlZAqJh>~R1GMo%zO%zurIdjEhO9S0Lf(i~bB;(vryaWdDg($|@AhDRBwtmm zy|5Q-==Vi@j4J(&YiD>wyg`&@e_HmIq`48N#fu4?8OlF|o9guHSdIcF`s+z{KQDi0 z(axGWe!;y6R=mG{$@~Mtc&zV!FX&QE|qt<#C91CNb-iwXFOeqb3ey!da*MY)-Sz^~SHe8i(xZx;_ zGZWKCx_;wjf$xo&(KP7F9cqaSE&j;cMuta(k2R^%^F7=5n13@SN&>Ytx~}mmY#Z|d zwQGd-nvE+HeLk||%YQyyBl>97t{xBG>=%v~+z3JXB~JJ8`!eqET1&SEO+a6AZ$j9{ zmB4B|lE9+rFD5lgVofyd)!Fe+&vQS#{BFpkbSzu2=8CxhNgAs2ohG-Bs&e!XE*)BuNP?EV)D(*X1{ztvCf%dG?Z5^H@2Y_d+PS+k z;L%5NjS3d^KF#u>wT(C!r6IGI2haNx`uFVm$Ed!SUVSPBTIIAFyiy90LD<7Wh5(KK zsq-6HW2gq(R3Q{%#Pp8Vr@h*;? zk`S9BxSdB2==%IKZr2+f6^!h9>nz}e%r_plCIoR_tkbUIU6S(?F>d8bGAfYNoQ@WB zeg=&`888uVRqj3|Dv)&G5VygcizxFV*OqC&i}V)^1)YbAlKExi>bcn^CxExwGxK0X zAU4AqMBzxYc#raz|KK8ySAE`h;;L6~Ljd}{u70&-kghE&MTpTi*pfO6?hVlFqwuBXql3YH_7RQ=nPe{1X?lls6Xf4N8J*(#o0w?aT^(KRK#X1K=mQ2iLo&PYtG@y zxn-t}kZ)Y#2Oz#k+R~kk5^5m$_UJsgc_sDjq#9FpIU`c!1i5Cx5#U*p40DGFfbj;! zH8HKvfD*HBo1E7RCmrqc;B`g!)z?kh)+D`NKPS(ZYN=w7?|ft?li9Ms-e3vFwi0B2 zqoR(S)2^MR>5`b|kWj%i6M-6}QX>kL%W+6cG)iX7I;V~F+@pnpfMeFpOCT+8N2fSu7Y@H09^vB4@?Tn~+L5Lv`N((rV4+8YjhT`cOI>jYL zByPqo?pp}OYZ&2&FOOBp&FJqoHE3nx?-K?5L9(P{`#q!~KOackG1bxbLu2dQzgPA` zoQ~!h?JMdh!G5O(H4?Ozr15g2rCJUObHWqViyx)?5E=w!TEj>#EeoVN4E#G{8c)1c z@^lqS|D+;W^u!fIoB~PYNW^eFkg3Xk>>_>z;YZAEsYo!d0S11ON0Up|R-b@7t=T%XE{l)HS3jpqyOJXD6{LA2aP zI2u6a3Csq#45}&Ii}vwL5nUjiN-yUg9uIWakVXM~sFyy%Zb`R8uo z(m?z>pWOwc)S#ke)+TJSQVz5))?$ZAZLm^r(=x z2+WYB)GESO5l&=(y$E58hqMnml*i~{LZ{uY?Sd9cN9O+hQU6(W8B&MPy`*|1^Z||l zp*;=ziwMkb1!D>>J1(2|%Z)A5%6mh=sqsvwz@)E&X^1-hTmykutqm~@BP@ADC+_r2s!3tFbz9a?PQ@IsN z62PgoiEl_K6V`H`wzN_Onb2K`PN14L?)g#4aAc)L#~W7VA4jE^{-c!9$1i@T__PN7 zcf8RDjQjtKQIq&TWm6bin411qs2Tq`g5y6b{hyH;^h{YPJZJy_Fn<5AWB;{f{VVq0 zi~jGh44q4-jj@zp>z_#7ip0QReO=!^5~bt}61Q$viGQB)b$CiUB6;XbO>u1reJ}6t z-dhjn%1%KHap@cP5hYaEi&2lCne#>3fY;Yyxd{4U^%16L$MdNDopwGq;CbJQ(XvQ@6SSZ*jMKCnZbmq zmv07$ms6V$za)2Ms!us8uU_{;Cp#L@mM8|~98%b*L}5b?XrS~+$~YTUDlc+QI5wdm zmh|v1X;VcI1CmBT6T90@P+>MR-4ck?@h1(EQzj(jbQ1yy2M^9{QMKL)ziH!?%uVZz zq4eNSHG!F@hwKaQ2EBC64K=EL9>_Rf%_cUvG(drvBry7G1sBGDW&=(@)AB2C8bQ^M-Uk0@FHShsZJir z+lGI5hw32v4-5u!-c^7qOn4F}r~#UUjT_HdK)oT;OC&NP7zEyQAnB8dWE~UwbUYD( z@XXSmGLzd=BWDjl3rpTtq#Bv&sWbsGrdP!&C^8T*r;|7c5czThF%;GU?v%o_%se;} z1||vU9vC7Nh%n8V^>cDPIJLLxf-uFwupD|)!v@78p&7uTs^hB!@f4@vNDUPn9z)o{ z(9JkaQc^3{iD!y>=Xi(#fV5{!oI&?bhtt~vc|ed$)QAX?2|-g0Xo}_7a0Ba0_$0Tg z0Js{q8rJv|{YZNE$de;v8+J`H0swFWK#0%t%S#WJ9*-Lolc5F_*CYTESb)2<)n5Gj zsFPRiOXwRFuwR4Jq&2y&S`>h^~gLE0j_4XjLM=k*2KCEfU4oV%>s7W)e z1X2F0Ri+Mng)lPb0UMAryO73UBU(Vely-?0dB~B)+eC}^cP*BcuwYxbskNRX+RA{bAywZ&*xqTVMs1Qd0 zw{aHpzo45VSD}SLl_(_&EF*MzQ9x{#!3%D7zap4|);cj=C2+@3hzNrigUTm7e`h<8 zTDiSlNF&u66Ci2YJesCDCFO9tCTxes!eRB3&@C~S z)VgyZY~Yp}5<{W#0+LuU=FDkX$dkt0zNCRhO${W%fuJUfJX_D`IBdoeZDJW_tFa#> zbU3^yT#&q}C1m0(04PKJWFCfKY7ti>i-kt%xP^jYbXVGnV6>mQ!$_h->ai|gqxRvP zP$|HxiswsoPM?_|v9*Tsv6&r3VO5{vQ0qTaX)N`Z|8z;0{6O9NA*jwe0E90Y^L()#N zTrwP%0sts_R8s80-^&Pu7BJKk3ySAQ!n<$ zQX)ov{~i6HVOW*8U{lf!D68H4jnSpk~@(RmFW@O!~MQ1(DVHS7R6yoT+CrQ+0 zwPpq1_OmfCG-263RuJQIX_icxml|}D+tRbP55wvWeTZclvf~F3AGvZTibv>jHc%sZ zqLmP=aG1_jiuEf}`(8XtSXQKyRc?KPqdZp5Q9>}X>F#5VbHSOc|4d6j_QDxafk4M@C z1o6Qyt0wtAL@FYff)$wIY?iU2Gz4SdO@Nu=KfV4=82LCG4E9n7DlfKBMu?zi>K4V@ zghu_sva&y9(EBFjV1aM%05}G{jbusX3a{)*v>%@P^2hu+ogjRoOveLpq4KhZ*b)UQS=qW|pgH{?n_KX&r0e`E#P`-Y!k^BQSd z`b2;vma6hyRtozU#S$y@6F*upvPKJX()j9v2FHYPg=;cX*K9?M1;`-)8ZY^+kti7^ z(awh#%;(xQ8mHE26zQpy%!nM~2@Xdmu|Odg4mtss=LG5iW$a89o>WiFBKX&coRB)1 zUBMkmxKlj|lYfz7fmJb`kwpU3o$_C5HX}xu@>^hjpc6yo2k3yJ==@~0*Z1GP^@~?4 zZX>C5ZFDlhcy%x^4#= zS({wg{C#K~j=YBL;eX2sBdrieyfQf2Yf07*(lSLU5ovWXVYzEqAirJ-!&Gd50xc!l z14z0JM0j>5yZb}o+3h@FU<;~!a|&`^_Zb6znfxf9Gyq5b2FRiP5F$n-oq)e71MAP} zd!s=#|IG<1%%iqFgUCJ`jlf4P=&|VzcH)CQSPZFfOh$@~S_la0hXWci4Hu}n+E-;h zN*QYsCfNC24;CV%!!iV;4eQ22Rx%w7 z--y~w@hMwG{Z-=N71|NXm4EZ?BYOdz93y)*Vi^&f=#rA zGN%NZH&SAgs)c)PK+?9%gsnxTi4cJI_#>IJt%$I^%-J}kI=Tr7?E~Y=H^@uy-%U!Z zucezBfZ7vIv>Ofc`46|hhgr;T_QZFNXRmY^_X96Exc5pc9qZg8*(3LFk~xZtvw9O8dL&YvaCW{p+F&~fuerc=6L~tR(nrZz!9@17fYwKCg0gtQFMm z!4vAxX;fV{V9dr-%w3cu%>f`S=oDT(!+Ia_whP+Fv{iQXsckXMSFX%kOUmAA`E549 zzseQcxc?rlE?p|4{c{osCW$y_00GGht{oz&=;!t~#K6b*M`9!BoFK6N`_bn2!Umesa9XmyYtPG;MbBb{c39k7Lv2nqXQ=%O*FvuZ{q8Vg(HCLU(%6 zLj_Sv39{!8(c@lil`mo;3-@ZXlM!2Qt>=zSvA_-vqGnDgPN7IRfiniYx8_E z8yq|yH-kuCL!G*|$w9YS3@N5_hg1>Y=3v3Fcr^=!b{Zz~aOViIimR4x1FG&vre@SI ze${`{-M=+W3@`6a^EFYwi&iQzziyEF?+Q4smuCdoVdtbF!^+aPP5~CnQ97%}Vp#3o zDB2;PRO2~>;Y*ia)4vh}7*r5F-9Ha&9oFvrt(TX(;t~>Lpn}9Gx%??acmM53A=e^rsn)6m0 z?eWvepv6@AuSvaehVM@Jc+=Q>sgEJmxL51yXO39QnHN||>vob2wGKYJVEW1o)_+Wz z>g)zXBZIFoQ6qU7w34Z(FoQ@6U~Du0UFfFFTG^yY9EVhf7OCsQ9%PSv$xC)Dpxv-v z3ID7;Gx9^D=V z>&sEzF$_6zEG3U07t`~0_rf-3+1d1dW|vr#6M(D9o?JgOem>zgG_rW!zuI+)rR5-y zB(QmSTk8Vn&VYiI83L$D>lzqyR)TAqR?B_}d}XX-&|MC~m-fg@Y@s}__BSpOv9-Ii z{QwGrw@K+i9sClYi)b-V10cP^uUgb}rAT_Y9^XGQ3^wAk4HjI{jpudYy!Rf^<#)H} zg6Kkn9q#|G$3iw2>IiY!VQ+|&KAUR8>Ph;8z~4Z5(Vx!szfmZs+p^K-LZHjTo``m5 zT98}Q*+Y`o_mO}IIy`2Xc0I)El?z0p0gp6QfHKAC8TuZGhs^0R=h3DA;R~eGTr&#+ zq!9MrRYuNcf-D-3;}t*FUGIJbts3yg`*7(mF4G|ZWRbHjk`_Ayqi4)9P&?TKKG6_- zBJb#?J)1J-98daYvOb_m4rM6?^Vc(9+HDmY2Va+L9fN-M`RBx)2K?$e%p|8cO$S($ zr4gou)%G=s7D5Nb2h>)|-zsjh%GsVGaF&G<2b6#&51dyi{O&9kk3t z=^o(n6aMl*zitioEM``Qro|a&s?x%bA>bp$Bb2OHzVVquYIvZ_o^n^waHSt6ySJ9J z+lPGdO8vQ+68t~IJRbw68G}D5 z&Al%TrW{_Okr{)>ywn!%q~CQp+rQ7!-8T9*^LM_Puvjs_#@!oro73wzaCm3uqrgSK zP;n<}n$*%tgRFTakhxcG<~_hwom?Dpi?iFRf|Ft!D)HgQFP&YShs&t1*Znm4#rklzyWVqzd(BiDj+zaBOl65 z9%!t4CeALaYG_&qZmeMSrs&wZtvxJ6nbYgb=Gf?uzc0e7d-Nu~Z z9M{3-%P02}t#89^Mei*pL(TN6`0^M&Xy~nPPR-R_D^|JJQA`#svu9}WcE4%7JmrPI zW%|m-`?~sa0ZX06<@;D44?h^RD)r0fx&QXOelj5Wd`X^Shgz*dER!bZZ53OBGPtun!{c*og9MNM;O(V>th}V8J{TfHBPO z?AY6GY0kvidtB)GkV?4a#!u08CHY1Pt`_GyIp4LfyQAUw>>T#cPIEDZLoJDb3FXC3hCEuNQn;>a%t%w8{fz5$AU0Kp8dQNqkS*8b14`k-Jrb zt`GVl)D?d&2)o9{W6|`syZ3KdJRSad!I&|m**c%V5`_v$0Ox}l-M&SfD7$w!=d@kAHb2wu5k%^Sv$9W7xFvqWG%g!6m_ z76~Qsh%r8fLTb6ed9yw#*{1K-x`s~Dxnj((anHPjV57oKGLEfpnid#kwxVAe#8 z3wU9#aWTl;xJIaXjYhD>MWH`Nz$6z*65`h&LOUFmWN`h5*jho~r>&*5L?!*}% z2%2%8qSfF!hx}>AME5F*Qxb4zYK)YfqXgK2FrH!Nj4qO$Z5Fp~0Im3Cegf(#jI{C8 zVcr_eL>c)>o+okwMiA@mT2YM_^6c!d>p|h88@gNK&-~LBBIRg!81+l-;#Q8y4SL}? z5@^o& z;M2%z`5ZFG0Na|`Jy-QzAs!l0>2pot>kBth7g3*Lwp{JUJK&O`vX4A68DNGQITPJODeBxn^wZJ8Z6#;6b*B1>`*cA|*VX%Gh01Kcl!-(CO6rg?f zLhI!wq`)V=76TGiazI5rV{&v2Ibofe@390m zD_dmA4B79ID5*d$sHd-z!eMd|IoR~uosWm25Yi-Daa zDb_Its{%Abf@7HB3x(l@V}Se4VZy99`UU^b#Z5Gh@@qRl005QX|NANF|5VmgtlV$A zNe{y_swZ%?1e6(Fy;(l#57Z4~PA763Y&hSds_VDWdF-N~uD}5 z3#@!!ek2w+!7!;BY^$Bxj9CGE_NAb%5}Ylf2Wz^t?*~Bqu|a_ywONQV0%pS8bYij4 z!insJq${$I3K`pr*if;Tf=2+(e=QI4gx>^WU{ia>G4f#;v3IvS9LQ)#uHOm|t@D88 z0gtU5Uxz~u@_(ndx+C*a_SAqR&%p-0?@AF18)W54Jo^Xn9lCl zA&g{)>nRsn0T^Ah1l>v%8Qkbn;L*Pe|7KORk-A48CF_+I)6KGRNW#&OM!l}p4<>(J zC$c2nLSo3t^v`Hv6Pq9rT-f+Z2+1@?`+iAgs>m=r^6fcAk#n2rLkUG_N$5JqYK%v} zf>MQd3MP#-d#H8D@J6dX%?1Qs%fn0jC<=9GS)ILUjK@3C{!g(SSk>MmMT$h9wX(AH zEOrU3&q2J#?@-3ZR(VHI^_@qJ@%TGm0$%Yo#)4KFi_dnZi+8OVY#Nv;p8=U=%m=FY zyPXqb@zJdGeO0W+EiP*lC|tYr3xx!cQn@}3xazi)Gx6{ZyUaOGvX3UTBmFC*B5pf& z_FR*|@h9vBQRJ4ipr5?WD_*6t+TjavwKf)(85rCV6pEC+;K&b%6Bym7u)8hBFJ3WH zEDHTO-T~lHl9G*7CWVJ82j8@8{aruBcF7gljBfujF`k7SF@^H9vsV03?9oNuzi z7ZM)VF~_=r5SB|9esIht^GJC9uqDIuJUHS=I$fM(;t^U-@!@HM{aHaPi(LmYDj$`8bPwm|4e+4j+|F6dSA0sAt^COWQKmdU9e|wtte zor*Fj0N^(8yp~CVKx`&GLh$WZL}}KB3Y1Fhb-1Y#s*6ZPpKG%iFmRNl^(w2u<1Lq| zl0~6o{gubhNjJl~4v@at)$lz%*b-4b3n%%?5$BN;M)acvk_!A*!poAu3N8mo{E2FF zgEp1c7vbr;xwj4L^j* z%VaU0_*eTUGgC5yOz0$3p=!&alOi+>a2ECiP5Sw}1NJ(+mb()8NJkU~+|RwX^ug(_ zpY_BgJ5WZ3;`(talw~lz$BMER#0TZ2UHDj*oQFdOx=Ta7efyys`5kl@2Xd2FSdaIp zKO!EzpyN$N@ZIX@$YC-uiAA=!S|ZLy`E0c*UBxM0wj>#NrYs0xPNbzIh}7-KpKk@a zFs_J9_u)ZMm-Bw@3rDn43Dkpf%Re#XoQZG=$)4}IUz9qr`euA1aDu_P*t?u9h){Aj z)OF1DY+*-q|MzPAul1=aJcV!g|EMCkCjbER|HhR6*LC^-K^7PPgDn1{`slD|V@DmD z;r0Bbv;@0p=mb^*X8H`6K+>?}=om{-OORn~f8TxO{vgqi%_7JLqbwH`ufBP_+2z=BX1RPnH=LDA9EkK6-^=lwG^a~l=X@~fAzNjnc<6rS&wdV*YixgQTYnpVh+~;7d=eM9Xt)x#%S9iSCZCrQP(Kp*g($oqsY-6J^_`qmCwcw2XS4wMSKfQNgNbzU`9Lfd% zOT%e5#_h`5XrLg4{{#S7E zufdjA_8OS8z-@2A0AC{H`1237A_5SaIuH~$iJk|?)IFgjGKv!EI}|bH40qjz2Bx4s zNJ4-p&MoRZb;<$L8VZYolY-n**qs?E!yalYzq^yYyDoxikNh;A18E_|G*d{O{~#Hr z9zc}41T8IqhC$zhV39Ffk-TY|IA&bFnSQ^CKhkRk0*%Lh+I{Xh-=f}~^!~-=ms|QV zexE#kzq+US?=klyPGX)y5bu2(=erkOLZr-tkW>!6(qeHW z(srdOlQv0@Io;46B$Y#Pnavzw=kJt+LD13hiUFU* z6!awFw7&f3AY{cV>L1wx5L?}WC~8#=!Fmg?gks0#%Z6CN`pXH6QHSgqmVK^Nh0k*Rf}u$wTn7BwyQp@mW&?U#h!=*AX3aI1*XE0x^(RZ1EHI$ z>k8V|jOGbf^g-3pwvz3l)t7B~tJd>4 z2P!>4jQT_8timJF;VU_Em~^NqfH8p@{VA(f^MwE^D61HkziGF}NyO31;BpJuM>Z&) z4scZCSO8@jnrZA{&k(FN12r;6P?+&0sgXC^iDF_!{@gMvE#T6FiO+cl?Fj%I%=Y3!L!dNBMH`GU!qVN@ zSGbCNKvGc2cC${Yrw8Xv6+2F=hH6v9_yI$0YNVSE*Qq(Yh4w!c1?_C$_`0lK;x$iQ zevkcDs%kGi`$iGf5p2C-MPg~{-n5j|Tfrhd;-0~>meDeg5Hnxm>wZ0Cn6ehu$php& z@v>CpjI3HJl9QwA4rmdU6_b(2d94L-cJnD=lbSjflHxPT7v7ZooqMiS*_xs*00C}b z)*FaeU6*8(H55$&xeMHcWP~Ba52TX6tJ(pz{2caJ?g!A7aCrv=>;8}4jA6ll^hKIX^elA9N2g7XV$zbu6TIULU70wNuOv4v^I5) zIzLYenVOHs z7CH)6{x;D3egSWF>ymu0J$$*B<<<_;7OIcDY;}zgS|h7?Pe*>rbc5DECIJc{^uU1@ zx{*Mlh&)U{!%F;46NyM(LwF!87T`A!k4(vx_H-VndzC~pCqelQ542kWphz&duQ{*m zt<%88`)ewT@0UwGW(+_Q$nq03dc25^U=@5KMjzPd{JN$(g<_Q>b^o{!bAaE-yHX8r zL4=_53vcIBMx0aZD`i!CXjtGVXLCjSZl8cO)Zt7kSaXe--PW<3uEJe9aQ zGdCP)t8FAi51ytc0XDfyZ!tvA#jv0YrlDks7>WM8?U1WuoYm_|0a58?z(p^X>quVT zYVpcklStw6WrbTzVEL%V+;#jy8&h%avFns_(F+{&>(m<#)$a69r~Rhn*(m!oiK5l5 zsCaXBCW1X>V@2o$%SP>j-XY^wRj&1lb6wnUg}+U5jmY*!JWlc{CnZ&(!ym&)VsVH3 z(?X3C9V4EizqaaI6YkJP+|=m!9ry}2@^2M6yK4Jd!y(bzH=zSBCj+j7VawUqp##r! znr$mb{gf#WO}BNWFkR<5tms%9?UYpSNY<&m*vx8@`Lyt_BsaD82R}6T4bW(B&E4Pv+J?r6*xH5o zoq@Qt_CXM>5-BzEquAX7m%5$CYdK1ug_2!VC?p1w7QRZg^dg?#EXO`S*4x9c{HhLL zOftde)s@DE6J9|@%LgfjVcy9!UFNcC2^tGD9@=HsRAk(y#r0#w7-X$>z%aZuS$K$>i=JRvG)v zoO-=5;|yjKQ2>T@>H}N89X5;C@=qNP#u>UdR!lpT-rjF^ITF|R>PV)s5Nb7gZ!b6#)cLSFKB zwMlM_^wgR}C(&+)dS`rRO}vdk`dP2ioXO!5*Oj##PjRlZTH69yo7NF-xIaDE&JF9g zBaX9~bqXSgDHhtXvLFV@Jq5$%uXFlDvN8g*dXaPaQRe<>iwWJ?s+fT3&gDT4ih0wE zp0xS7#W8$nU;E>NkioJuXOt~7w(q9K^&#Wwi<$aid(+&q*CB#+WSI)b=XUvRhDCB> zvoN_RmK^IX>yUVml*P>hx_LNiewz}uVbJ+J*s)CF$|=K(SgM03FtGqJeWunPMX zMSi#0pfm3oug$Mjc{A)|{-;g4M%Ln0xJeVO>M>%P)&2_4TJ_ymOoLzMUJFxT5a`T! z2c0f=cLRWh-vgd>?QJ0hR2jlk=M00mCtDLPa3_fK#0eJl7t7QtTci5~Ge7jH$vZFB zqAL7OVYZvg|E4rncHds}zFpwvGU_5}!S$$>J@Py#_?2Q)p5UzGYiPKGM@#AD&z?>JJ zobGEX#V_iMq5LBGG;@!nTWa}KdU$mfWb~0S5x=kq&Kdkts|<%XXpOS4tb&v;QqU6} zUTgDvhHr>Z8T&}N`2qaX9@)6>yM6;!KBH&q?tXuhB@JJ8`7+0}JvR1DoE8HkbyS4H zx8+NVaP~brBh^kX-GIq6NgNs)$49W}F6tFhJlyXObT+ja?ma}sTaX&AbOv#`Aun){ zzDKS4rLv6n-5;O%J5v$48vhmZHPVeZ12J{AJy6~)`PO&Rdc{iIMZi2`ZOyy2*@jJ; zh+B(e;B^YvlTtAW{1c51&4o;Pi45-IN>#DiR6zp}AJdDNZA=jd>Qh~6C_7qT2#`vF zEI$a&x8o4P9g=uvwO1~jqbTWft<-*Hja75_=k>a)ZLD%$Gm4)HU?T<;&}R~`z`o*T zmRBxP40>x1q~BI)>#G}_uIG6#r8mag4S*hkz~!+H4A-DG1D6htBrC&pFeav>cTu}D ziUvw^*xZ<$c-vAl&MZkVK<#LtHXgbeN+!?r6A?@efJ&W+i16#zFIFbKYK*@#-8NSJ zozrVlKtwCKBZnG3p$Cb|F_IR&dAYxXjxbd2q&O)dz-}9kmZ!E%UXB?etpC z?&nwO6cVzWF>7p+h!3}A?QPAI`o>yb5faX}=U8~&Ric+JE{oxA3Y6xZxEE-IKl&?>2oPIqx@J()u#t!tI-(@oHwLG>iX=iP6i{~>hLJT21| z+V#?X+FUVv%g|`k@PX!-xxwMPrsTe+G$&^n8{DeBptaml?)A+(xDp)_dgbD_KFM3@ zF{ZiewZa(7b4#bCfwn7{;+T8EL*3sKOQOE56_2)ox7>y1;Wkdvt1TV}+~dLSDqaq*%K39*eLX(f=x{Tcvw^{4C9=0#FGq+yA8 z?k`FB)KBSOl#Zci#t&A>HJ@6oH@iq+xBI*Y!ESgr`vN?@%aMdX*s7nnmOGq&oNy}E zDqj`@v@7biVD`#@SFSDC`q=vm;%Be@*8i*^7?Rbkm@199l67>(^03f-euVKeGY7*j zH>z97Ou8`aF0WFMRr@jm)$N8boqq_*Q2Nxq5}H$meLI^a``mxh*&>%~2S>|n*|47* zOP|={U?xE@(B?HS)-g&di4poEbiwq_p`dB)bL(mIg3HLF=u&4*NEMf{N8D`Rq#$bx z)LU-P(A}1PmcfjQIx_RXR>@MIs5VAEKLdZNK)+Xb7=D2xh$Q4Dv*Mr7$ugpU-tn&v zs?zuC{lrIqnnwxn{-t=279IYI@!@kK#R4`*edrj{mtZ4vOBy2M?K|XxMTH5|H(iY` zIq{F?i(Lb6juxi$OK*#S`54ZT%^)9m*U7a?>=3}>A)OOlV9Hug5NZiXGS)05Viw}k+GskVa3^pQjyag3h`S;@;2?5*@CQo-%Qt#u_zaR6(uJ%>_*uj95WjX5 zhjCZ;Gpyz|Jr~c6Gfto1=6!YM5jg!clG>-QHI^!aHU{OkG*Li{WRBzX6AI=c&`2(?qr<%-g1fv$!z+_7(~>80b7ki%>sUg z7|+Yy5CIR2ed~i1R*D^KX!=P!AuBe-<@Q0w@q4daH8Fqc0;M0FF z#+IIwa?P-{u>rUe*=lfp;K37T%eo^U){36UqOX2R$=Wy;JPSKapf6{y@0ggWMbv1) zDBCy+Hss2f7063aV^@GUr}7G0u5-q`kKBGwYZ2CalTlS(V36I=aol zq`fDoEfJV%B0vcCBsAEH6bp_ID0FU;BOHe$2n6bWF~oCjA0!vJ8;aIdmmHE29NB$^HaN@{`HJ3o+F+y zb%w%X8tNZ)ByE5Cn_2amIZ=p7a*bXgDyUVGD^yTam@#hnG!U|0B6Q+0xhz!nNSQE_ zRYC&nbxbRup#loB8K2#b*SM!W>gfds#{Kl#4|YxlZFp|0*g|01E{ywPmAKfbRG33; z9_g$B{olD9rkDn`81`BQ?FO(YChG!7+;;u_K9es4vPuY!x`xNCoztd6ju2eRMFQa1 zO03;^f13UCno%`#4ix>y@=b?p@VavS;czJ^wg zucG5-b~4@ddR5LvL5F7mpE_b$Ye#FxhD~$m-}KqYc_syAjSH27UuC*rqSvax21{j{7OFHy%yI>0oAyx08NeJncJj`nei7h z88$OyJD<3e_=t$(uRUG(tFThvD81H0JeSC1UM~w0|ko z-!&RiC^e_b@1JXLU$@~25sb+OtqPy2dUYaP3?jO&qvfg>S6-f1DlhxgTVk$fug3AC z{V$il{{#pdDDHzFb@zuo@0adhtK2-{z1)4k+0OPEKsBmJ|a3?kkXyJ;h zdzcR&9<2SdW8!BFt+=@a%BI%Gx}fu z{ySP|t<`FO@{ z8Tn^7OmDXfxz^YFyGDnL8%2USR>y;K=KINz*S2&1X)bzT={_LL?B{&yYfyLudN+AI zpU-7xKUYNUdzqBCd1Jq|IcOK>6=?%R57CzpM~D=S9BRm&H+@Wfs?DuamCHTb&}`cU zNlYnTcT6}U{Lk1?ldF9lCPVyka3cAE1+y38STM|xGAZPXkZi33$k!))`a*8+q~Ekj z0-9!m1`6rgd8m5enAA5^w8tu+scySfKEv%tV=jHE@GJA?Lk!;pKkfY2OC2i}dx7d> zX(PGpI&gulI#RrY`1BsiPhrk;jSj4DMUCr6hDkq(cs)4J#r-T$u2oL~-#}zG?rr z3y3OLEC4yDweaoh?t(t)Jinu0Im(RIRmfyh)XtjCJ!z=%BH2Z50iz2XcX?}tu4k$ufX?ssy zXtLBI7{!EvcK2p~PA<9Qbvs+^4efU^2iw0Rk;%|y<640XH*4eOi0uT&TJ%CY0JrCU z==fadjKv+hJMUDwfTB$i9ChP*vp|3(FT@BUCL;oL_h-x%e4DH|4IgT@90p6^vHgb9DsnHK#*XHf?jg7M`Oq) zC6_J3XapP}99Y1gyvuR>#`Ll&o^{@Ggg~I zR&k2i4x)+(hpbySih~5eqBYG#F@8~)e}3E67Ern%mebJ$s*LqT)U1?iIk~@^lH17+g!Ise~0#JeAY0J`Dz(fRLU*CR7>Bms}07N4fC_hYq`iBXe9;wIm`-{%lzvNVZ7$iG*RjbdewOMCO z)qG9YRgH!Cf^bmx1gvbac&H($IZbpXAZeJrtZ|WvJ_a^!t^JW2feM~SP=-8+@sZWXBI+jX6MxdeH+%v2K;8olvQ}$5|dECRl2@5D}FP zvr5{E#-YlvwV0p;RBDNGqk;KmU-f#UYJ#NBKvkCaYO>jt#M%t4m=0BX;_Aj!3D1bl zQuKC4bsCI!tBS{F<$_q&qQ-cw6Q?OM(B_2@()yHP2Xk7v?gw8 ziUAd@mspeLDDPGiu+7GUW{0|KgGO|R6C*qj;(iS<%9Cs!5>ARkmXC9N@Gx>}skX{= z0IRZ&zAVnIG3vY79|%FNNg2oo0la02cl5GDVa7yS)zH?REufs+|mnouyR&8h=A{Ri=^wMFuhZPAXhRMl}7=gvTv;lF4~b)17NtVjz|U@X$N z<{A0Kk??n7jPMKGwngX)1+K^?vQSJoYCe_@1qUf&!b#FL_ZOC6krL<44X~<4^wmIx z_+h+@AvlkD`ci5 zI*@U~HIpO+4>`y+QG0;%z`Hat`aF&#a+(~TFdY`G!$fyjA$DSsySck|B;rK>5M|Ac+#wB~dF$cA3SpH#K$xl>J1Z^xm4e zDoBjY*^aR?^&UxKhloQw@wbQs>v6e{PNffHWmU=CXK>scu{t?Uh{JKa=~Uv z&+`eCqljy zTNzz#q77X@q-EQBvRsd%p`J|@GK5~~-=ieATJMSj+?|?pl$mVNjND#3QbGqvN)ZHk zL!DI!#HZ?`8$4t3=<8FChPzOURLdZ<0;Lw}!6ytQw<%EXP{^uQ98xZUllBI$Kq&*G z=E6DA5bv4qCv$!`7_yX^5OA-iOtIIT3l2gd+~k9Qmk#_pBm?bmLq|+L9LfR(2PaLA z7<`P1tTWrnrb;Cr(`|)XCp;ergu|)aor00F+;>b{NkS=>+l)lB%R28X!o{C1uYq}) zsU(A5S3}jK1IM8O_*nU6Ejt%dY}d#h9FSKLpOgO8({>Y03mOpNQBTpro2XD@o)fXi zgg7x9ttg_z65)b^UX&RWX1nR4As>faCdA7R=EpUN z$^ez95so%yU+!w3s1-xr7t8{-DPynEkU?U^w`MEulp3q-aQw`u#_ndY{d)?Zp z-(k$Bwf?F9$uO_8VON^(H~#l!2ELVWvI~{!AOzwr*&&%y@wrP5wf!pM;r&^)atO(5 z(sqAU0W^iU88`QbtFkM>zeOl3TGfFhrp2e2QUxnG${N&4up_>#A+onc7>N!ltu#I7 zsB*WJn*(c>*ReF#vSlv?6?WyS0T19N_ILlUuK$+5CvSMqR-bc=2$ft1kOXs7jm%2P z@Su(an{51%-(Okp>4Bb=)jnEKQBG?>OQ~k8OvYGJdt74xpy^(HL0>?K<^ zC{>%v4wPpL#&~-qfL2;cZ~k)!OL@(kh-^ef~eiIJ8L z!jxYmP`auHOH`Er_0F!sHD;nFgV8DOw_jpQND@0teT=Ri#lOix*R%{N$q!uMn5jFR zBI&9r2CA&zK>;J>r&PfiBw9B}R-Vs|PE96K$=e6h%4vvZ_kBSGqr*dLP#jX&2})PjxI(pCP`PZ_$xB4$5c8AlXPU?xUf1KlZ}ygKXCwV|{$)G<%v5qhH|K6l<|?Wet#?uQoB^d&q+bRp%C zb#cr)EWEP|S%JIHTsTSPX#pWo#~B!Hi1xA$yA=p6#6$dmpDngK?sfitarh3nVRpom z{Ytdn)zwNsq&?9vgti)9qu`|B21Nn2{O6* z!|OKVX+!H^q2){sUU@8~*L%F&vrC7!k1y{|Q*P|)`?~ATyZCmOXmaiBJ$dt&0co?k>&5 z=o+jgE)1@sUexc*j9}q8>MPTvREqGOjIxjnF+7}=vId1M`dB3ElJRy( z92dWB%`IhEn(_8@DQTktR4=Id<2Xem1APbUa(~p#Z}nIdDl26VN-kvO!#Uux;)aq! z4|GnbaZo_^SCuKCK=2WrNlOqL2^c|$p)XAo`b za5<6O&W>s%`9AhayX2D%+~CD_lA*9L>hpPxJvaa&Zf5sEHG8THm#Is5V+#w`AE+-tNv8aqFe!$Vi&j7PFnI!}9DmEjDN1NDJ8g z$q**{X5TfZHS*4p%o>_igfTv5F}P+a9q@_ME%nOF>XVLJt6D2Mu{zKOT8VZFAuLq- zCF=j4iBq#H$(uDc)*9-{S&*+f3@B<~s7JJD29?9Thtj%Q?Gq|4RFZbmkD(KGR2{Bq zy3vB6BTrWemPl$II)-7PtVBr4d^*Rd;Ph<+n-%J1K@3AlQkfhmv3#rdV>j}es$ibI z-V_}&_k0=(YkPh*eWknMhrY;*PO5`*jh7ynLUyWvQk7~|-UNyAsSn-yE^oSI{rB68 zd?NJ~Y_gAm+2u|46ahH`oErNJRT{S1^qdHVgxgHs#ThW&qWS5ucLHHoBx^RRgcPnp zyzW|nI+S6WblrBZQr#&AKZ=v8Nub4zb6zvG1HN2?fvyW>evRy?yVRP`Xq1-buRjmK z&^DzCy?}_~oX;tDFMguFY1mJbrDjL9bh&pa`Et&U^JMX?y2heCxV0IXz4_D|j!aHK_5MHNJZUh2Sdk5Wf}Je%c!URD<53DYtgLKC>QI z=cy&9fprao!1p(IW9+sFP!8zRXp|bV`fyK&>C!X*LV%AM#Ya zrdPeFOttvjvji=+6m10ZOwc77BQ6_S>99_q+q|k-XXdnY&CJ_7D~>N-HYhiMmTI9p zYSl#_M+d)F^4ssX*6``pT7!JFN4X(VRiT*&mxf4V4|Um1_I@q?kiq#dy!_c$#@$4bvJw#TvL(B6(C}*QQH>wIxfCi(*b$>_v37P+s-<1*Y zUG#b}E%#o>z#}12ip`#JlU&;S78aBA*2@%6(?2S6FYR0t!pGu3A)7#XVnh#tCrrMw z4hG=R|9j4|-#b%kTta{SiY1J_a_zIl)=&3#7t=9?9-iDmM0^XdXd&N5A^a<KJKxDSK<+KDdog`QZ${|&u6vS+(Yo*&#Gk_zAfD}XA5Eri zZul0x3i4*ctVJv_Lj4}~uLBs9kPh7sq1>y&I{osam1&;pV}Wq$l)a#p+3ZC?f%GZC z#QTtYB+!$pcWa6#7UMYlqY;Kho{DH0Zh5nAqO01x8??r<2)2&Y5WY#a^>779J6hXx zERjlj_rw@g(1~~5!zq7p5=Iy_i2v%TJNLYKMQYIvO#qMjFJjmzsmQSK>*o#aV%961 zNQxEKhJPuCh>N{!*DP}(Om??TUgE2%>VZ=R|1;Ku?b)GN$pV-`_y8YDV&W7xc0bml zC&q+%D#zv$^KI8$bytw)MuxWIKjDI;Rj5i)qTj7FTh_#Sv~-PyTIX-m@#&T;Z*c2s zfYs_VMg021OIClAplSpv{VL0mmVv3h^nK@ zZKloYy07Yz+0o5ty{4c3h87iW1DD|QNa?>Yf})!8)+tU%Y-}t?6GF~QWe9AJJM7cS z=ds9>`gY?Q-Ynqtw!3BRy*q@VknHHdIf(>dS>jz zhiXT*ttIo|H*kx!Xq}RmaZ^pPj1OL)(4y>&Z4Ct7YkIXolv~;eT}sSpk~QBOk0`U` zF$=HT8;o!43XM+|$9%@Wj3rOLZ1r4bw6}67YZoNxx-@c(*{lROw!p|Aoz8h^bN{_D z=m6%{yiGmg`$OV6H^3AhJJDXmzc2BdpK2ne36>A_x;bgI*&@oglH{#&G$_OkD6%Ww z`*fMNhgXUj!)@;>F#*tm6KSa!4rBN|jSZiD4nGq!N_`a@j~-}p)|1$;kd4+6%*;$}_BAsz zGjp5WW~TThnVGzdqM1ZlWRcxfEq;|$rK^(8cfO-wT5HcJxR!o-x4_5GyY}ALRTgs} zeCw^lhoytDebC%!YO9Alqt*jwIAqp*gVO5D`FJv3{}J1#-+;IA8XK6h(M_~r-c7EZ z@O|=;Qu3b|!8fpnMO2lsQ*9Y}481r)&Wb0MOMADior}yaAufMplAf(Ww^i<)vc{T6DI=NdO{ z9JU(3?cwXC%4BJ+n3KMn=q5u&XxB_z>LZ;ga;L`xW|8;AU4|3~UvwgoRa(wQucw-Z z-DvL0^u4;rf`7m}5UDvBarF0CTeaTcdtlkgZHBR@Xc0Mnr!sS&4@p4NLFQYxGu0=K zG(6F)GgTUXlO$8|f)CiQ?`;BXEd!Pg?T@#LjCyctu51&~wD~2i6Bq)XE}z5NzmM#m zAqlf*-Ekf~p@yC5vmFV}pWhHzMO=&A4DxvQCx@B9epU3uui0daIBT4GI=}8kdNv=0 z(YMY6fVH5w4FiIC((1!i>@jy#_^VIC{Kk7+1${SqCY<>tP2ZF7N5wui<>`+OnsH!N1zwwh1=i$+vc+Jav=cSxRhvn!S0CVBY^!f~*pPWVV!T#|avR^x%AD;C4 z{p&O5NnFCCG&2{5^f zr;E&?#i~cX>ur1c5Tk_4=@kMrxn-4b=2$KYI96RT`63G!p^(VmbS<6K9EiA)_8Dl# zb0=7w4ERwa#i$YN`&B&=3xcL`VXL%z_q+%v?uUyz@&ueZMsFO^A6ANQGOpwKSQepTEp%sJKvWe*kh<$@%NProy80-TsV2*1&U1rgd z1u1rTFu?Q>t2a@Kh!$R*c|uaX<(|j3S5bc^m{2%?0&Y!2+_>7~OQWcJLKpr#PXShb zpk^(})kpwv7Y4(GElLyBK(Bk$Hr4Pg#y1iA9-cfj zw6RXj8R8;axM{>j{u!%&5wX1rg)UP#kaLn$*6m)5MBAY0JGjlYT>O)5T_7nJE`>fp zFt3D62m#g9^G%DHY%mX1eg-9!C3PLjlLrw9YB0YD3r-@nyOPw%)ARa9VCGkB(Zj*o zF47!o(J|vl;hsQ;s3=~p4xB6-cAL7Wth}}k*0BicpNQd91yos4x7=6aYG6o?U#G}3 z+G6dMC4U`ZxD+u)dbqKn47lcd=K_pTD|Fn79hnYS$1>|XvxCI65Pv;*l<)cNXOJ1KY?<6IHRxi-lnV^i{>q+qGnK@5L`n5KN41i4aI|xxHyH$X8VZ&RX_7HWFYol19ZEZn=4EoEIYsj@X|?kXy!^B^{Wa`RRX>vvyTvySgF7F9 zI-y~#IV42ZN2QF9K+YrG#y@e6RgnjaTY4(nN@vu|i2L?>8z0kKA6oenf_h>!B_CPb z6Xf>YTpvL**iWB&lrxna);~5{W6%{>JCAXh-AaIta!uy~04=T@>q9)SgiGo9I$A(B zuI1EjZsBm#udZoaBTe#jsKLTDf7sf5Dt!s9YVP1GUK}Uwu)8{Rg6)WBatSFmZsPJJ z$6}f5C0ta#&!j|(KRsh3Lu_+xb3D4P82Uq=nwVs?#*LVIVwQ(-QN855k~SVZ06H-Z zJ+91|@#ldBhgsIib6>X6mvhYFQ=z^6m8vBg%XI`ohBF4PAxP4MFpaQW2qerXHG%c7 zHR$im?7iNXfFjB;uuy#L;e;-G297gpM8}*y!9spEmV?PY=kPMaJXreXR^(lk6v<1S zbH|S&qu9zWRt6@5G6FVMe=0P_!VC(Wz=G2hDmYcqJG3H2Ut{>b^E_f=m2!)5ibOF9 z3RGS;vtDF%PgGt+%w!!~ndrK`Yndab$R&QqCN`R%2j&JU&Tz|tiYZRW!>W|l!_ci0 zoEefX;S{yVoW5RSz79O|@qgYYEA(mQTTPCOXL30doxlHkM56JBp>YQ98s}P%7}O^= zr}MJ;zUwpy$8}fr5ZO?7eRaEE{{I{!Tl03#`hf!hks5NCDq3y} zWfZhbwb5I+sJ2+_ek21t+{YJ&LnQP{rmP@$7B+#TW-ksWO6J+tn0=&kGkNPIo7&H# zwgo4l%m28Ielk~w?m?P_D0Ot8;cXCP3@U%bF(EAzf+SfaeN~9oE^b93(VQtpITL;L z2w1dnlsiLbMQhW3CYB*$pbs%|OW?!1P80!PiU2&OsNnd&XfPCJdh;8Y({}8A9(`!& zlF-i360xWFl{gR2{%FurIb{o5LHu+IH~9Mm<6%Kt&dv2jBQmo^Qm%gHRIbofN`~9H zk~?Twnc2uh{wE89C%KbycUK39nj)+i%D4En_%((cUhr^*?K@6@vGIa0j{ z4H4Y0B)8K2$3eB;YIoqyR2f}B8l>4Z!El*~XOzO3N4?=C& zgm>LbenuZVGX$X;+!R>hl_R1LOvj=+s#^?15-QpTADx`(Kff$ zw>eUhY?Y7ImTS`Y&6t*_{$NgpAMBYRY(|hrZJ0&?+PP4GH2^KLae)szhn_kiC^-u? zP3-Tak2Y9xb2M#a=g7b`kb|ry5$RW+cf4fIN93nEPitMXq0&aCQx+6hw=ly}c#z{C z(r%;*p|0wb=mBZLeNjkhT4VCzre6im5FiU7u7wgi*FmlFy-Y0RB_0&BU(#o>M*-Pw z?4^C9*uPE*;Q`_9QCUCBB%&Z+;7-jYM4O<@u%WI@HH!dZ?^zXKDT?9 zO52fz>3)`ZdehMtZ^)2KjDxT!j|rXL>+xH=>_8XQmZ_FjQH#Hnmo6$$MW@n6!(H{s zV#C;`4_m#Ji1wVV4?RdYD;%BH`5&7_UT*+`BZQBqEkSUCJ}GJNmK*Mv54v&F!;aKw zX%}KxDcV<6=fTlitm@h@zf`o^FQvhv-!XU9Rjlc-MAS#=r|ko_Vrg&ppHW==Cm^zaI`V&wrnNHs{PO!o)2zPHG}iyk8~uk>{eKc( zd;@Al|029_tE8#&vXQsRRGm{3foW8YLx5wTs_$y1oa(tsFIB2^5;V)*@wrOSB>`d^ z&c%Ha7T`s~E($i1tr6u5?c>NJQ*<4Hx0I(P+e#Ehvb0kruDvsffpp4^88&^z;V(3B z#jEzy6OT&Da8Mz)KxObmL3}*%AeprmW(#Pl;$Kflv4dg`GhB0alPnrpSR244B2Ct* zb2{ULE$9!z%_9W!PBFdXDYNR6jX4M0=$-&NzEl0mOL{@Qn$7cs&ak2{RBmW*4na*| zt3^Quan=Ej^6iAlpom_;L2tYMKo;HPxMHK_8stbArO)X(sJxOthJ>+{af&*{Z}iVY zRmJL}F=NG@zkjWHj^2FrmWP`A?c%0tIw{YL)W=WhZ*QT$B5%#$6PryCyR?3wLXnM- zRp?q(hIbRV9Q_>AwrV{PD?Ig6;w@mOKWrokB6T;x|0@5{%eEfvbC}NEwhi}y`aWB44|{PXM}C0=SOzt!78ivLI1L(V+Ou|J|*G{ zpCFkiQ+g}S^)%6N!;G0!5!W$Wtw*eoBYx+JCO;T@KOI`YDru*@a9^>a!+S`2!Yx^< z$74x;YVzd7p88VbWfW@4D4E*4;N9<3p{JP}WMY8u&<7`P$`PuG?E28hGrH?USK9#Z zbWWEl3uYw-opqoNou67ypF#cWh)i7a5tU|UzP;E8g1K&=pkR@S1b=zJL4xeZ4N6Z`3%Yl_%Rzr#4N`b?FkS-Bx~P+`%Wyq zub7jWsF^&m#?$jV59R5Aoe0JxTimc%MeU4cABu=z64z(==z=OZkN`MZW2DFYMZ6Ej z-9qC}3?myz4`C5{x^uGh3nwW*NOA@^^X=Ujm*#7=%CshiDEUI+$y=fTKJYL@470!8wlF-Ar(qIg6aMbNiRAcd?mC|kf-zTbVZ~=f_6cj0D=9zE=6w5AQiOX z28@yB3mQ!sLn{r1Y{8s4bLdu}R-AUj8jI4CVeaMbJb5)|Ep2`p`9HmKB?%HUCAPbi zKHg)BSogAYOb0e6A2!m=oChX>SYSsQB$&zj44E{mGx^-e!S4tFvCJvn@ap;cO~`9a z&(kS_^;tBa9k{^oqs2iB+(FfF$lOsQdjzowXPQWs_@-87`_GJoPK;UaWtc>9OPq3T z$Y~+OPmqi%A})bSNBISGIOV-j6S}Po+jju_)9@UNP_POnHcCHSVOU%$d`X%y(KtcR zvw33f0u<4qJTVmSBIYPAYV%p1<53Wj(s*hN30xwwzR2Z{dy*@w?-#PJkcMi}FR)Kk+Ep^x$$2egbKtG5mV^TH6U_R`J zY+pu!{-JCUziX$ulk)U2?pd@TPPV5sG@5A@Q)qDj^z37=%Z+qvo@hP$pGBEQI-Y2I zzlQKOfE3HQhW{dS6tmFgXg~<;{J@hDtEA4>g@tL}Mk3$?8rL=@ahV<5(n?Rj;D_-d`Dn z5^=8d#LjfLV3A8s>0;-@Cm5pzL;!^&Ymh1x;3V^qdg*yVhoy3SjxfHjM(XvVSS7bD zx{%$^93~e&&Nx(qm5N^A)ykkq(Gg^q_PZNO1<$;Pxn3O}P{{(zQGpgvup58kirx95 znJ9T#u)EwJ=q-L zv65pmE=(2kyJBnUx7TKHMw7T1DH|qvAa;5}npDs4;(+sCzo2#D13UnvXKYA~54lnu zt)UGU-}69SZ3)G|6YBBH#`fj~G*7NP9t;d^o+l}t>s=OKlV9r9t?F~18B(|&NdCc1 z+?Sa)EiNt6Rw#FHnwXope2i(p- zrp_eMxGBevit|+4puizB^J0`0xrKfs+p&_-O`A+cIFf!e$u?R(zx+AlX;z3w_h~Vx zfFKem-8&6sxiO3#XPdy=HbO(*9pzFCb+y^N^DR$TV<_5s?dmLNuq`r@05~B8bi$C& zP=&NUe&FCR1e%HFl|DnH3UNAWvT>o*cUn}v`r1Oa?+F)r;L;~KN9+qwtZq?ZpveF# zM^_ZR;@yCW-fVZw`vmQFAwT12zRsbdK$7LM60E>HR5sceOG#m_1;Eqg2_TZy+}&_k z|8hHKsS+edhQ-(khA+%@_rt`<0B7546G^A3E)yM^klFhfowMcoQr>?QR>htsOK4)L zaZx4oyt8APMj8QWGZU_`10_?DLlx7UPR*l{7GYDekrYymtl1#W0 z|Bec9gU#HgEnUzjsiFv)5QDx*yKLJP&xGQZ(o2R><*eo$D5L5gi_ zI=$9UZwyJyMv{CO&^pY_w#^bybA7^#+@DKLQ49pdRw(#cS%ds+n=-89wdCe8-GHo; zPXf0?t?721cUB1IRB9=HM@V4f#`CSsSBCxK`%`gm)~j@P2(j-uK;#*i=3PXqAGdW% zO9Z9Yw2{BPW$=Obp8Q4Pf*iMP?wBmo)7g+h)rQ_;0R`>4Y(xjM zs5R&s95{iH^3AJ+i+&gOt%NxRjPLAhA$y)HU0A{M4+Wl+Sqp+k>|umcK%u{KB>|%? z7mA9d?EEI$5?j^>X_xuh;L>I{Iz`3yIXdQ!>FoKB``P5DQ__Vu^bhJp;b3hFq)6KSuGhXvFtV>RLcD%%=v)5mV=Tl_tzDbK_etui5 zJK?i(+Fd*xTkl>y+VOXlpkf&r&g|2;5l59W3kI#Ju(`N=_tQ)0>GwiZy_I+O#*Yan z;fmlEa_%2QkTP${J7 ziMrL{e_oBBCV3o z=wvS-ROuWSQipc1%I3Li_e(TB+Q6y1cG|?SFz?S&PS}RNPG#12zjTAJ^rJrfP`mX&V$Mu^++rI^b#v2Gh(8h?Be+D$%xdORU55c zJ`(6r7srLL=S^@}plx`jKqsC!@7XSsXrDsnIDpH{M1rhHhrQLDv%P z{qPZbU%;gft5f_k*E~w+xY;amyYHV^OHQ`Bv}p>a(d` ztsphGwS>Mc`Y6-m(ra)Q!XS3czTB@->d4&;CrE0hll*S%JUul_kj?yYmuPG#2bSRHzi1pA@?Uk7J}vFj9Qfm z`iRk02{MMIuHwP3?g(sUo?id#Z`s51mIW5q!;5zRFN&jZ)0>=3R>g5q5`WaP4@jkF zr1^G`=rp>Gk+nCAbqlo(J3UMvTu3C4_s#^mtV`pm8bff})qPGZ<8B)@T6MoTb1Pdt zjk#NPjT%Q^#{ERm+NvE$d;0q7f%>c~edydfPbxt+$)6|CH4Qx9bu_6IYSoB@98tob z4!z4_WiLg~icNwNYB;zCKkR~JdiW`7So^#MZxE#wd^6DyLs!8q$_ImQsHK-E`mQiO z@Ft{jNrGGOw=)cly#i&d^>Ah1rtTwFR*NTkVnb>mhGlQyQj-VVWvgH$42FE*-1?eI zjjE|pzlR3;CFFviqOdfnr{B6D=6<0R#x0?2&pzoqGxC$DSq0Cy0M+84Jw9K!mtnhl z*|RGhlZml}BWMf6{zzicoIKTlz)LLc@KUyi-(OQ8-KAF6+nOfGl>0N76}g!ejt|mj zggSyBL92n6=+ ztJr3W%QE|mTy@dlKO&5eU9TH0nerMcZKTZIo$V30a?T6f3T%d9ngQw6rs#cT*tM`zZeP44E z+kgjiEM#1uF#tgi_D~bzd@%iK;gbnTO^VP@G3+gfeNoLzLV;=Qt$(hY*Wua%Te~DL zgJH&ix6C7pJs-%Qyb$k8pOdK1Uy-|IPt;~* zD?>R8liCv{TkGhU9(T^~uiU)fV;WC}vVab8gHW?vlpP`8s#T`)b(U7p<>dfd?MBL3 zm4i#R-qXI6cxnT?jhGOrRnAsr+!wEjR3S%I|Bx$Nv_7H0QnHo$kDt*!)34fD`dJQB zV4GZ^WAyXzEp=&T7+zOSU~LV&m6}Y&A>rD?HUCU%#m(eUCUNn}^KB<$HCbWq9(xK}J;OO`iu&Z<%&E*v#S&w&)# zYvm+I*`-By8`d)ld_O6lbQ%3XHzZ)?i==$GFE=VWb~yc$;Pge}86 zlI6(j@Y{Uam9MyBRMKzCxLC5x-`ih_aOD9_t&P_Hjt-CL81Tf6tFN z-@v?GzAsVnF266KoiIVKLXT6DStM&^rK!m&>=tB0E#1)wH_rIH8fQe-)A6SK&`DZNJ+k*Gq(d!~sXyci~&m;xhix_9H=faw6s%}Mw3ac~wYeOb67 zqShBp^>gZnC%+#?N4^#!XxZo+f|Ok0+om2)>}#L4V>JS=qNs6=um^cY?31GO9ngQf z-5<4I{K2?7%RkT)t;F6Fy;^>0<5JO|r@)kLyqhI1UBSyLgHivo0ST*H)(2l>&X%te zZuJ^~%-P4ESO@`}aYWlQ_Cc39K3w#!wpWS|&+fK43#oFLd7SC@;_ASFc0Y0co+d-) zFSJE!SvEr`&=aJ$ajN4sfYH8&S(^je?#8C)?E!C@%-(yhhhG~ERQtAw=OA4s3TKfn zANPjm%2h1K=UP}Pe+el})DpMy7tfb0@D-)j__cGTLY^LGtNq1dv|=#U>aF0JfyGtP@|+GsuuM+FdB; zWlH8ZgAi#HkK;9R6POfgf2<(A(3nCvy-SxwZ5ya(wQMm5=QV*4Zg^H$r%ZfvQ$vWb zNW)s#6=sSmR>YI1^yS;-Bz6wH=e!Q@19rupXP5yj^O%@MSbWV=ZNu8)=aKwmvSd2q z)Ag+|gT-P{{5vS}R53(e7{<~|45(xDw0m9TFD^6OnFbDi$S)FzgG*P)<3y~E*0n?~ zyq-?I&>&(rp%tb+DVV{Y zl|7#QeKGg2+nX7yy|{^lb2UpeRrcuX#(37VqrNS`um!McVACB&KM2$v6GVOkmZ!{` z*a3K5AJchr6ovc7?JXJFN(=|6nCY9Q|AoJ>sTcT(fD_Ape>#r5w;L}EE+20GGSO>f zHp)=|%sU?)EVT<3ceC1jr_+!Igk*u>aosC-6;O;5Ta6b@kxR&?!qI#w96JJP>JF>9 z9FP-UW;g39u>gc{M04=jdq$o^F;Q>rV<9`h`B_V`jMM+-8)8v`va517XkgP3JpFLSF^(n z1WOmM$)S4#UrT}M5ix?|jWfwC{D~ve$?H6p)(;&Flsh95mpBrD6DB%i^ebkVu!~>8 ztYxlor%7Ecm6%&TEo*2MYptaN!7>-8B(LmMfp6DEUiQKwyT{|q!-%sQz=)NM7iR57 zhy8u?lijk|xYs0rV2Ay~Mm_`fHT7vCmuFswdt?2Z)o9^~Twz%2oj)3ju7|3>kvZj3 zZNS`m>56g*Po8O4F!0iVH}gQ_Tu`Q0Tk4F}l|0jPosy5MxDV6Y&Fg1GG6YXT;(ZZT z;8;^L>kH=D-yAFwrWZy-R{wqrMn+!b?k`VIr2FhF%=609(0NGMAaU0?AwyD;(jbN9 zXygi-#nod)joB0#n(g`}j>G*=OsElhWaL5t^*MU6#@Wn5Bd5P0W6AGWoNNi(LS2nO z8`2yWHvt~T77aBz)ety9w-^~!4%R?~pn27Cw70;V=)Z00P574<`l?Cz3a zA_&bM2F%F!|9PT-Yct_R5bRrL4)cE_4)`bVAVy8rev=J}*W7=ow+yqc$#nrS|MW4j zG=ScAwz#Yps&(E%G@VE_as8om)c*=6^1EgVuhm;ens8@!G?j%FRuppAQ8^{%2&B|)W;}&rZJ~4;c7n=YK2uC;qrDk>b#PzxziAqZ&`LU+XVXybKVr3 zR^Mk@rGm}@U@H>W7r`83>Zg950$)|R)hqYI(cHG6p0PzE`l4cC5;Y}+c@`aqs?mvi z)J1E<0!-MmuYb-Ktd^Xigmzrglf1*$3G*?o!>fhkZw;p}lP9&!sKC>wp_cR# z_k?D(2O8BO_EhdWP_=kwSRT&O^U2)zWxbssvuMk)c$LI3xCOjY7F)f3iN9p-ug8Zg zGyL@@-3rj%I>YrquxiA%NiRYZ??PWH2r5p7sdYhUEeS9?{lzu4WocuQd< z*FN=z%-THR3F8mWuB;T}`mZh>X$`;wZf`~&8k}D%{{D^hb?{wWu~j3aQQzB&fLUdq z^90_lIsL6}@#SOq_}*{Cv6%#+V=>UoGJz6oD8NHa*|wmb1@-_8A}SeG1C8KsRn-%{ z=e1e)`_C614JvMI;!d4|VpXzhVY;Prazoxfe-I2YXg1BJkBDrxFeQgEH6G_Ps<&g3 z)Es#O4O{cMD1!w(El*H|{RN)hi(i3%sHO zw|9)azL5$_!r;8}kv~{*Ds@l70RZBF#Y8DQQ8Wau<)3ADCX7>gJR@|`HLDdAzOu_h z#XQtKbGue7ikOK2oh7lB@}Kdg{X(FI-%hGri`Pn-2_T4sTuwcUHb6pK0sgp29as0G z9|~;{G_GVGG(dHI^t-ai^lFU7vi8J%vjJ!@zZ1AUShD`FF<62w)5B^v)OHmzrGYvZ(hHK8@DMg^8WT$5~|2YzP> z69vEfU`I^!^6ZedS5>9uU*G5eNIx2KzQY)nuZchYU9Q`bB=&At-z=`EsE_W?c8fR) zYKK+R@=P1&sCKJ3u*qciCIl<};{4>R{`^`Vp=8f^RgP7g@&_HWHI=VNjDs05iD882fu5`bjd=!r9$H*YYhl~%6{)qckp zsaF4|zr~81yD0Vys(S1o$*A1%H@q$HzQr+~4HWM2C~b~$QOcwVRwLssd|G@xQ&_3j z6d_;T{MOifmvxZKiTb_z0Hw62@xA)sNHOfZlNOPFbKzFq?3}%4!n`EEUok3YN)?J9 z!t`^=&F!z4jEU=6aij;vOm3JHp)g~LB}_k3nZ5(~`tQpw)B(OkjdE*dwi|g?4WfBRMU=5DU;NIUn5`da1-S; zY#zLAG3s3mCXLy%J~k}ZXccTXn!v2=gN~5E2?FAqF zf=9XI;fJpd*yRim-(r@CnK6Ai7{^p_#}K1&ikx7PwF=NwKH6W5RRT;5;paItm|;pj zz&HhDFfUv*AmhNs5v!`3JbN+(tqak&OY&B$gwrNy1)jg+L3W+U24JB~$)$$CP1rRU zI*=IG;3?6t#FV^DP8c;DjtT}Zu?c9VXqZ2VKgHj1x|P~4IX;xhD4}LiCE|^+)Z|e{ zk|v}QkSTNG(TS1czCxj1ov>TW0?1`_Dc>h5IEHTGX$WTsJ&P}~g_MzjSf&k6NsH^$ zg+4~0(3kzmu^qpYZ=xj2%8f{KO=_poTZ(HfmlpjWUs4AaDq(>h*d|U~6Le?ftSP&l zc^otw__Hh2&`)rNX)C^N4HziPSN`K#mPd*<)W6J#8s3JmCKyEbmCYX$TwjV+w2W5l zNu7o-gtW>mZ@HzB3)1|41ynMCMjyG2meFO`2{B^kNb|lFyQx;b+>N5gRCq|qSqdGN zGFh{T4*93;pQ1U4pwib4rf5~Fqx|;!(*O|JZQyxJk=Y_iH+2MY#=++=D5t%-QARSA z-33#~Bu56%&XAN=W<75RCSu5k37rDL2tcm`mlz5ON^)oelrpEh1qKEQ1$;>ZvfBk%=#G`9$dEoOy{m?;dRqUMC)26BNcKsA(7&(~MFA zuc)r&>V5B;HaC)!0M0+{9R1uBOTKuBN2IatSIb1g+z~tS)=xaGu*kC)gjo0@Q(Sh#b6=P1Vl^QdTJ1c$G)vOke|KxsDj7 zErq49K=p(|!yeTE4P$kcLUA1lyF|4`Tx^G6U_Dx+)dMvIi-m!~mzC#M<>b!9R_ej6 zgq1cH2VIQ0O99W8Dhor>d+M^9gF?HWOSJ%9-JDuk!NQJESJ!-C3XsCemJkl97!Vn7+FJXmD;JO`G-BDiW3(Z06W^6;y>y7?x`F6(GHi<$zR zdc_P4*1D#o>cW|MzSDyA(uim^+Qo26YTV7j#zG&kkNumyA*2iJL~rY1SUm^6(f`PQ zi6R%Q(H{ZyglBJ9_`>Q`#t0x=y=Ie`ekEvMC+JzmNl>5(d9z?YvdB{jR?KZ@U6lSi z11W&%<|hNK`(w07pEiREU!s2N7g>-pxf2=5Q3dL^lhX(WM`iT~x9zHTm=6U+h|cOr ztZBEnfX{AjYD+U^-d6o^MD{T3ef+v6+vY{*MHvQ^)|tCD2#goi`X!q;VrH;Avx|&# zMV1w#Smtlr{MZnjq{R#Ra`6l<^Kw@g!Xw2(#p6Fpl{u7iH%BU1Q(jmQs7_4SR{JEz zF4Z_;9#A13zyU;b@R~%R&Yod2$Mqpv*0uUaAZkY7YT6Y@H`diEeC^gf!&=I97{f(S zH|c`CN_zoRu)Z8?4caV7vv~t>+0;gP7?r4cEH*MSfrH?qC%>HK=^LuDt>LAJc9y8L z#>}gO+}OsJ=0&+14|>sTSJ34rUIbRkT5h9$^2S8AO&R$B3#x+Tt-jOgK8>rm-{T!AIJ)Pu!nTP(!gpLT@#nH)Io# zF$8D`;C+F=2P2itsRgx=nAjduwcsiS;8?>wDljTC={y{6;KUF4N`P+bcc#dwoj}{! zQWU$ZEB2lbZw^}% zs}4o&G>c@?zyy@e%HEZJ@)Gyl95TzlRtW(=xi+rWEihwh<$XbGg^eO%9tt{ng70ai zIPjdp6wlX{vS}7z(7TiVCE~PvN9G&@pYXQ%8z=}9EkhOLqW0U%rjJLxS2rFgmEC`n z#J!hFyR@ieE#IX>k->T+*DHKJFvJUWEe~Wtrhb_PWS(4}MDsiU*bj?(`1DY-HOJ zVW8Q1AtYp`ogp5EMRPw~W8sZGJj-Om4#nh!*L6I>LiItgaCBBr7Ygdihjp*$ zvHZjX3;zY9FhQEv({jf6oY-+5Wu|xm`plu&YmrekBL4W2+v@G9gwMN(&r6q4NAOoA zWn>E_F?S}PC!qcMps`YolrV|x_qW^P?b~euw`6irwV)P&m$12U$0w^ zkB^SG{&Ge>AP7!+S$^mH5ORj~QYHOy6kaxCu)xo`J~9~m;iq?Qqa@msK%96~TE z1}}GEnJ>1C3z*iNuF|U6;^k8M+%KP#JqD*q?l0e?J!ZyUc7LT`tKwUmlvZ5wED()q zjUgD0IRjj3M`BxrHKrndHGP;UEn4QZH(1~j4kMKJxb3=&__WnBT>t~zo6R`$JO`Vz z$!%%@w;|?zkL8dbmYoV@4LlAIuLHcij`dFaK_873ODRa5rO~LgAMo)`sQ~@qu{9Lb z!O;~5&8oeIUT*bJt_EC>lArIyviM6{JfAELF+Dxf@27FS_?|$ii>*aa*-nsF(w>z_ zD)-4Zqrr+Z4JbRbXZhpip?%}vXz-;{7FXC;X>tho6?c_Q&vXs+tC)G9)PPGjxSf6y zYqcK<1OyY~CCOEcL14@KMGiD?5_5_r135;*yasACv3Y{x9UNz6v#Gy}boGS3Jrl~~ zrxIjn^nFS6dT^cvO(-`m@hcriNz*U0KfZv2Ab)DX59;-=6LzWH*IJ>I^qUpj(||H< z7006C7ke#!Ppe=TzEX_CNGoKNCJB)b<<(XVjhB{?<*b?xvk`Ar&@rmAnpKQ4q_Oc|cLYil8H#Bi-ik*(x%5r$d0?6c0AZLjgxuR7aSOkw^o zD$u%LQB2j@G|rQQL4UqJD-nInK2oxaT(+IW8xGX&pno{X!t8FJ6LUv<`xEn_K&e@w z>BAtRA&XsoT8&XZTW@30R%+iyo?2Lls5Q0v^60VP}?iJT!uW zO-fj+xWzj&0Tb>Qi%(VG$!#p~u8EF1bWrQcb8pUK+Gh9|^`meD?W^qEGx&=WQo0N6 z?Sl-Wo=)X{(N3@OWCFp!|Difenu$$T^OK|s;p&`(!_W9hHoLrvW!#&wbiV&J4ndfU ztBchdeME2>%t)o!njZ+W&lsQjU%wo7-}8e7s_ zthtbeLKnQt{2hG%iTOh7UF;)lNaDTDVoAHayku(xAW!4M8uN-CE-+tlrPlJrjZnCm zpGGb}s-H&wEIB=PQ#l8{+cMZ%gSk(3pTS{yv)PH2Pn!99<%GdiW0Smt8t5abT~tJR zwyIs6!JGq}<#jq%ptsSz5qe54FSqLyWKW~1p^s8L4)@YoiTYY4wRm27ASL}wn|47P ziw_wawKLMmnR^8)>`D2`g=AY?`%0Fm1QOiFM4-MJ0ARHk*tx0KLj$ovEt$xf;yuxM zXWE_eji#M#U-S4XwffOf;;pd$xr`T8!d32?d6=`hLgAcON9*G|4PxtMyja>2LhFn5 zE<7pqyW3pRr+nxn=ejh)|5xz`Ii2tE!thU;M4I)H(+vU}mP&XgY8t-SPJ+N6F(z|1 z_||Ul#D;>WWyKFRb5$IO&%~L(gKPSsk-rp1NbPXNHg(U9f46L(JL8@^a2-F z#XZ;oXNJ|kVuW+f-=yf&)ww*Q4n7A{`HS58Ks+XGpS#=Nni_lYM9C#Mu=>`C*FLvK zCO^+4%;sFSQs#zFzg)|ra_c0jFyaRbUL%RuFZ;57%Nafder<2OBu}E5e&_{T2y<_a zkm2v_9tfVX?U1OQEhPDXgv{n&14q8}rHkcogMB_ci?w@dW zRkA-Mw9|jP84kUJtxq8hDahq0n9Pa%uEAhs;ry>Nf%s(sqKOt}r$65Jum_Ml+gg49 z#wOD`>lzAgQNK0_rPE7B_Y@{?K#B^oMg(&BsoMWx&uZI2E~tRn8|`&5&Q=3`;3{Ui zlB&`J{ob^MsbSM|kCt00Y6fYBXqk)`rXJruHbLie=6gMCVmJ-`rO-zZ&k2fXC*QE3 zbUnS#LQRG|I?N_IG&t$)nM5#xid0}NJ&0939TU`ePhc^5HXfISto*OI4{Ayhxxu;5K3Lk3D($Bmc@1f=aJZ z90P0c)*8_?5J}eV8qjn-9q4+HVYW+ZYD2R<8OOtO)}Lne6WsmA=Aw18u#~l0Vm*ON z>KPwi9oGL4H#C*btf=GkSbXF(G-r7f&Z9TeH$q_xsl64hCVP|P*e%pWtGAE`O&Vp*KN9iqv19+ARap0)nAzP5WLjfDY?^P!uvYgVn#}#$dOr1V&*F) zGb2^)WoGI<`rL)jgn{c97ZyXxw;?=YZ#U7&>(Ut~JaVZx{YYW%oeba|U&H%j6X(<{ z&bd*P{jZmQn{MO%+5Aw9^~<;SPQ7#IoG^^z?=_4yyT_DszGp7npuKYkn3mR_r?^k@ zP%M5od$f}M4hqweu5Jl)ZLvB!nABd)`kEuZ7dNVQuf1uENcrLle%bOTtoji-^2Z6f z+eOH{-!4ko&~>METRE!Jro0M$B7Y=w4F~beZn7b`uXCVvXSLYkbU!usIX(IMnU5dc zVroG==+4^i)Lr7-+t(iQI=P; zynJ#{%KCCjRdw|!PRW~F2k*_EDaD8FnSSVev-CE4n^JE`G@L|C6MIL^YPcq@Vy`rM zQm*H!uBFqeyU!}uK8H;j-+n3P@pcz;PZM0xa117CUyt{yPhkp-XQVO-g}*KQ#aOeO z7em!yR^v~9EzIXF(Q;Ni?i+YMgR`M7X0X3d9wETHD*KxIr6h9=R zaqx^JDx@rDN}*9-==Yfg9xq_~EXb%I3J^UZ3VO*iAWSC&=QeG{gqw zpSx6|Mffv@GXJx~xEVey~6+9PT*taSp^D7I*2e)gIZZ2gdcInJT0MAicbAO05W4;zxXxN4gSKD(J!q1*IV9{V zP4Jaew!Fy|KWt}_Tj9;*Bq*et!&+z>VCfhXNE8X1%)_`q&ho{+d4xZuLrx)ih#!Vz znJ+r;3nbhsYTEKO>J35A1a03kcN#njNZukJ)ed`GNDwh+AcMGwM_^nnI|r`6muSbM zy@Q0{-(Ka&j#(?=JPE|CTo3VDf4lfW~3A zHs+5AniLFivXF4VVO?DWgRXdd=fD=8K@WGhMhqr!@!p7vgAJB>F!+PI=hE6 z5BRVS6dtBCoFhs7^D{?Qd>!BDl;Cjqfa3&{93D?-XCIyu2k`|qHr%jU+3)(OY{o!- z7K8_hSUPezuSvpD!7<6MWp-i&-B97F;wX#hxgK_fd(MFQMMDv!aXjN{>(pA~Rs8qN zlr}XSkK_v*bcj7*;&ewRi;8Na)WYOU9L|y-)u%BXhs@gUjuBK$v?hY&*>0X70&(Xs zUftO;UbKV6)#-q-PmhPWdcEv(rGioB1H=#tjC~c8s9c-9snIqm1RwQyk#PDt&z>V@ z?Sa#ZFwOf)YCJ6JIpe`VRl=sJcz~h>t#VBy!Y&Ldu1mCeD+3?k& zj>IyZxw054IfNKev@_mgyBO4Zp;S(eTi*7u&Ol?HwU5I{xc#)n=`6=Ga*A`n znCM^hDiIsyVXAyMzA5P_b}@uz;0ccvMv&TY4N!^Tk)GPU#7M-FbG&ATLMQj>0pRyP z)lryi^vVutAjcGJ@l<}G!eR6DGm# z=kQ~xp2IlhX9t@gmN+g)s|jkIu+F#%Z8y}@z5J(}6Xne`~_pf>KKuc}yr&p6Vc zQ=B?jt9v??Ej}@qg|hh$#yz$`>@;O2KY+8d4~lb@9pPYN>Z~3QCnU-dpsBmB7o%}i zx}u}Q`4$s_JSLj$$kZRBji{z$N=~<@hB8g5OZpU$*Q1~o9x6K!E!Oq>iSQfoKjH+d ziOjsSA0_2H#Q!&(@E@>xmWpib{Ew3dd$&xmV)47>QamIcd?A0v-6c4%?zL6nYwjM4U!D?2^aMUsPp6QsfdZrj;%uH0?w z@H{pO5Zrf+zw`SCK7TH_num$7Z;&fTuCa7sKr$f?edgi-fh zgw*UJ)-+ExpNnM5I+q<&*R|SeIWao@P!sLY;boU*;zB+K8e~BcPZ3dnNA)3l1I6}E zX73Rc>U>81(Ml$t#GWGlA<)JW|pnWv({AM$ z?Th#;Nz$NrE@1{Ip?|SJ1IyMio@%IZq^Io2ek^ufDO)sxy#esjsNyqf>6)~Hj9E z&2H1}vzt%H>j2}q-H{S2DL1a(Z!imlR9joxZDD>xxD{74jnZ-8FLfwnJM41I5vQ(G zok2cb;DLG2VC~XMDO&UuI!hP(yzB;=2$eHpxUuHa7ZO}Yjii=frYYc2r?Q$GA`8U6 zOk-tU=>)c_X6G!PF}m$dtE$ak!eZHE=Oe-+kqIwqC$Jdbt_mt2#|3}`=AxnzYwEh5 zj^WX`gp*4i!QUG;sQ!vc^_pI}C%xR~M*?oP@dJBnXLOE|Ow3*g6#5Zz6J$=(^9<#( z=b4f^7ZI@V)bjNpvC2#emZ&akA`iP#Z)*=2j^%z?`CmZ)<0tyh{Fm~-6t3DC+L}5$ z7#jbdG2s7Ni~YaE``>e51A$UwS1cf)q$waE?*E%d{0aF#Z}6Y!;kolVThq7ACz{58 zcY)AL{#a{a&SE>A%(9)coZCc9+xSZ)m}VWJA}Q6heE$83mkElT3pSEOP3f3FB?6Gx z;qgBPzS)%v{Y3T7jP@KrA>YTt-mI}iHm`k$i{Zr{-fx-o^Xu2^_8ivx_&C#TUplQ} z$tI=aH{K^`PmNx)<2h|{OyUIob^A~~#d1=}lLkpA&mGUad%A$6f6V(>9(`feIQ9JB zO(5nlor^>22ux$h@J7)?ZCLJovuh|PEtahytC<)z;2#q``s!e_osJ+0<)^J6A+Z4( z4jm3kqr{OV(?Wd5gh7UsBY)xaj}v#^>3OLAzNWr2Z&|dt(&hFk(1N~^3eP;sLg?}6 z$v%=C6xMqTPDL0GV@u7m>s<0v@0bx=4ac6d)?7y28?_kHh9t%0j9n*RK-6)0;QR{d zAAK75M>TNyB0y2d+YMZAHLD3f=z>mJ!iFv)xKm^hkWsJqm7^#nV)s38?qXlVwjxGX zCzDE=!av{1kC?$%UReKe#0ZmPHSe2jv|fquoR2U^h%>nkGW3>KMxzg-b+SnJpi`EQ z(+@uUeJ6Aei2qQ^l-S)**e;|tnF^&~1OCkxHVWMB48@Drs)L0uL|}Gm!zBy!8bvOd zDX{ZK#9)`22t>9QHF!ha3PYe|M)|zf*qT@qdy&~Q`?V-J2TM*96ZpMO4@TI{K>{@6 zhxSU**B&Ww1o6ucX7`f@mMoK#63iZbAU-Zk{1h(L977HQ|8N6{84Qzy;)q+50fw_3 z#2G4&)WBH;GF3xNM?lW$K9xBnD&8y=(LX5^_aN%6KGPh^6P%CE(*rcTH(bdLbQOh6 z#$F?e3>kF{j(Cc<;S?$=I1lOx#HBFJtX6+de{Xw$J&i@b==(qt2IL`);J1@_su!0W zPAomOYB{t<9Z?*3lo?R+I#w}FIMoxS_<*LbOX6+AqV?c>1*y@8j!(nQhhf$ycXUBL z7hVLp;1K!zMe$du8&Lj7Kjtk1+Qo4IB<5x~7#U8U{;$?uxB=$`#W+$qr+xv=&;TS= zbW2zwi4$B3;1Ik3QQl;T@7=yX2%wp6M{*pX@L51K=OQ3>A8X*$b%M_iVR)xT%|2%oU?@8m595;*ZR;B|)#P|GCT!KvKDDbevGgw+AfKoBy(0y7}t zkz5DJ7(#s%k&;b4@UA`wO-_8O^_7?${USd^FV;_w*5rF6Ug_N-<rRY+2xHq*^M zCY0Hsi#0QQUWVQgg&xqozX`+Y$Q)!n*rbWztXS((=^(e#LCcQZ8F=DjGt|Wisg)Y*OCGkn%^s83S2Vg15}U5y3W@#j#lBb=Y8V_??5X}@HdhdkeAYZzMfltize`S+(fU~ItDD-qIKk;j4a#Q ztqKibz>BOi%$$%WZI2n&E}@!)n~vr?!EzYh5PCV!(~8q;u>WS&6jfhz+JSYm_v&MHK$2cN z@R0^)a7>w&@jH{#5GcrC^KWj$Z&5=f8dw+xbZIohiV4Y~nLA}?I9Qn(?7uP=<#3gh zg#yZDG2I;&lyEZTFl=eS_8RNJ6zkXsp+O+P-GLf3Sx)LJgr@2k0p5Zij+W40!13g7 zRHQL$7l7%S!sa+7HIP8&tdPJY4c6ei!Xg%5N?L|+!S>Qb6Iw0F!}&d^v8l8Y+U zs2J-pAk;MsR&l&HGx#3q^m*A%C1U^jmCD_95(1{&+GVwzMl3v-76DFXQL6d)KDe3l zBu$8&%}jF$GaaABPh{}-`~aAd{<(;6U`ao%SBG>w&HPMqO03-|re1biB7$2@bf`|S zHIm5K@RQ)49s`s5F_g=oK=eq&v!?^8BS^I&%@OTB!~ATidA7>JXZ<01m`~>iG8YW zd?MJ5u;#1_HT`{h4HxtN$JoZw(xgn!*!0}J`ms5gLe};gj249krxuKyYls=h;%jAP zUT`3wfV5P_+=2|~RaSHMSSqE>`8tGL<}=C%+28yf<9BV-K(IgEH~Bu z2Lbo)kph5WWVvea{k?-XyPBejX}diXNde3RzQWD4T)!k%JB`jP=7|6r+E;fq>|`ia9?JX+o=K$UgyX&7lP6f6;6s}GDr&92$!E)vt?06xboR zlcpyihO5~;ng_n;ZSG~vpjMHf={DvX7*0d=QCV4$(w^|fkc!-YYK_3={Lm)%r5^}M zW~Z>=mDYgIT=PIAxIyE87;C}~0lPzh4(0DpcoAqJLJd2?m+-qKge#bGB5)4JSVDK~ zQP`yh7h3H4lH6|VpesIA+TV*yRJIdk0|v`(o4#CnHRY9p>#4foy;YZO_X+g|YWF*n znt+4t2-Q4iZ`cpdI=N#qa~gNM$RT!p;p(L{+SxjtyoxPPTEzz4N6mtIt$fS%1MLFm z|F-5Tox?O-IVdj{#b8rfJ(`(Dmri_5$U(ZatiAJ+&b8oq{RiQfB!R@uA|X<{Bp$HN z{}qeknYRO%2?Mmb1zadQd+wM5%>-|2k=S58>yi=)PY6@XPek5In5SRrY*2zsjMf*2 z9mR{3)*MFl8`KFX{%E^g1ao4Jlv^JQzN{HrTFq|UPvK;dL?|8~_DDV%aBnOa>zB1F zhW*R7H!r20;R9ffQS1JcI|Yxa9~TQ|&(bx^3jLi3=rF2xQf&+{Sno(&TBuJkTi?*x z%fW9>OZ)@J%o-%|7j5&vykAE=g{Dy)E-ix)!@s4ZCblEtdxZfb zE{)P<%~95PWgcYQg|o?v^K)?wdNmJNjECS*M=@p9pMSyx6(6Lf>9jB6sYPZH5J(x_*irG@A zCMdKj%~ENl)e@9372>XSQq&fd*2+iQd*;(%*mh4bcoNuBphFm5@h}c}5rt)hfuhkrF@Mh_!uo=F ztYjFD(k~#FM4=UFD&`t0#qYlpv2Nd$_1K_C86nKfeO@L{pAU=fW7 zNRywwwQPh?F`l|(^k^fosHTsJ`v>WK2NC^a zVIYW;!7<-FSIPT?%Bjb;D~&Y`ph|~GA>hfJ8lF;*&PvR;UXhRzo=1nzF0aiVrH3U< zp7d=UC^4yi{5`48kRHkGUes0>Ww!5kOdLI-+U6t5sI{2(+8L-H%#M+?`j;EyBg9Ud z*!tgL6OU4L^^#eEqD<_hEmsWbB3e9+ z_y)>&Q%QLjaMi#Z;R6%fo9rF#-jkxpy(7Q zU^S=kfB%GZn{_FD3U6A)v*?>}9-0*q-mE#l;>ly)A6|`g{afId@vEFVFQvYSA3u1{ zd}?FxZTfFPad<4PrzpXj&@JN-n3Wif5TTH`R!R*W#)$Jg^MJmkUa`Q9HI zdtPfv>I!UkUM&FUw#|sVO4Hi~Q|jHUhR3QN3{SqdWMm6Ibgk@z@_8XAo5vTS&P(23 z9~!5k&VQYZJ|vC53cYc0c4$aM*6CjumgZ=yqB4zI0}M`c}`2}kde9Yewos->*|YWI@LdBsjE~C zL_?(>o%W|ozXN7J*S)zPM8Wg!lJr!|4x_ZoDPk3Wj~|VCu~9XVvssX?pLIu=s3t%9 zEavO|E1u9+1*l3iREqH@u2)JIPLsq|I&ODyP-~eGbu1iynObPCw@sV)XxHCzqL^CV zxGHY3YKq_xBiblbMfSmi=tOGEN(2TW5q!>}W+Y7dUl}HDR~Y`nBjfR(@{)b>_q?Ca z{niz3dJVwEWfS!r#|H5UY+OLuDM#w*xxMcba7m>T4gB?bZn$13qJ;-xJb8%4?nOI2k|NbqMTM6w{ix3tU)JPwZ*+vXIM<*j~D)Tr<%2 zmXD)%>8q*bjZCLOmSKHM<7qWZWl(7;coH4X)U$a7U5m^I>99RDNg*;}&Ka!D3i|S8 zcKeUTxAKJF{{9syMb^Z6_1v=Hibc9>b~0Ia#19Xqk2cw|=^k5UO^PG^>=Fkrxi2NSZ#@>ErbTQu1y|&UefobuNthStHeBcb{4xzC&L-o=Kz`xyVTLB)(cO$ zn}3tJ`YOZ-h@EbXEQq$dzrMJ>`%MFB(X5dgg3w!bXQ9y5yC+JNUGBjQdD*YgsV=(d zxGOztaMjm|DM<76ZxA1;J3A1w^?7e{+-MC7zq&`(i4oi0d(hrR82apX+c~+KPh9rt zuWNOzKHDG_YA|3z+yJFEk5==T+TeibYuB4afBGjiq~N|_k7J|JL>xQ{c_F-7Nhvuc zsY}4PhyeaY6Ew%l{V2|jFDDq+kD*G1@vC~d$LwUboEJLo z&Z_rYErAHAO3?UlP4ANvLd~P<>{SWVwnr<;00#lnp|tz%B@SL4%Vqt+z&7EXNG;C< z>QgL+>X6p~O6Pu1*bEf{GH{er`4_f=YJrVAiQA;ASPwkIN~2_P3ZRH`vGtLM2H8WF zYE#s4C9e4iu~^UjT!QlNW;E5*@TUFsf%zT#u%0>8Vw_^{>pc{y$>=WUXgRji^zN|3H7*H0KXF_& zs%NE4j7A4ZJGS9S*Hs#p1yaF{R2j(fjKo%b8OF)61Js1H7KQA$+9JIr<;FWUE@qv!T9A==gK&?eD! zOGtI<2=&OTEng!5Zv9aM4Y21Ph}&oH)lchu+dWOOz4zK1Kuk{S_Tav0(wCoVGi*(P zPlML&gVfz4P1SnaI*&xl*A+g87kJX2W7UgS?h)O^Sw{W$+J_6xI_b$<(B@T`?|Y3w zd#0_L4*H#40cWNUpXlQ$!Q00F^j*r&{J@*^1HxlJB%405E`C~EzN@aV>kKz_A=ESa zzyV}NJM|-cWuO=N?>;ZH^f<@Hn;$;sm}jTG@Sh^v#8rOORPPt%yX*?^ zlT+J9tPPAlDvJ*KaNWg5E!!y{XHqMEqR+I;HI?+I6*$kTHu{54|80S%GH4?|dL6mK zt}rn1a~*s=<3>u2FZ8>Z)XEc{i)!`d3h@KAu*GR-3@l>DnfVIJJFJ$Sv=@5nvK~z9 z^*Wy8cGI@+OEPwITMn;DD7>i7J% zQgbQ$+~&UcDQrDCbqiCD{%)ts7!bA}r>>yJG+1V*5H~8*riHt)VzDiI%pd|EggRusFi5s3YH}7#0`-Vu<|Csin&HVw! zoE&CD%ojc2a|6~K^{&l>*jd(~U6H#c1c{s7G5U`=`h+K5njcRPcqn^+v+VR88pX#i zSOnNQOy+qAof}4Z4H|Nw@Zt||0YOxghZrlI^{=ehAeQ~nae{;BH;xfHvw|ND2A3U< zsT|PnyZ?0-RnZaB$9zkh2+w~HIs!vh}=Rirrw8#N$3dy`jQxQPYh)v;0{u=DRMYA7JxKT zNH-dGz{3*1tWJZd8!pq^Lp-P`=>HFuM-)Oh(;**o_>?jQk9Zb1hKJO)#mR4)m^_Ed zIy>KmoTA!4-$B;vAzn~DGL;Xwt(@R0&rs4LmW2QrhdeX)f{zIs=|zDYGI~k06c^|8 zb!>4?LDv*C&@X4t;4d<+Ga6Gtmyx8CWCH;q{wfY3;kO3#0WyN(6EH40O1w98j0s&r z*v5(C#$HKvT3FuB3892Hj^bfJ zdHCc{UwM$|Ivb?*-;i1{g&L$c@Nt>PRwsRFChiSu z6&LmpW;)P%jqWB5>C#Fn2$8@H7)Zz^3(7y?Qiv#`C!B~qbsZ^DDbN*#Rte?C4pW8@ zxEkd?nkqm694Sgz#7Axc9VRRh&U5SY4Ll-qp~B$kr=Ug*B;@V@V`z18tRZhK2i=I{ zF68pii5PiOfl=zfUPpOO@np%Q^aw;%8>O@f35dLWmohZWGJF#yDZ-KiP^>d+*5m>< zVJbeB2N7c#k`XA-U@sys7xlIV%5*h~% z0thV}yaZ57kj1*Hxv2c4y)>4BLbnqN-Y{VD4x}KvE63!Nlq-SL*>P)SL*IxG<1!=i zv&6vow^*cLyu1-yD%5zve;P`FC$Y1Ou)-@!{9nH)S`L0w=?ItB8VDdfK$D}MsMJ&V zK;?=gaX~~tM0iSFEF>#pJNz4Z2n&GA=~9vUEoco}3WgL$dE$boh|VPl11f~|IuXCG z7-anOu~a$5gApx)29l|=NFjCw_8?i&YiHzzh)JO>@cxQ`lt@3L^-bs>?NT|R41xCU z&rTP;Wz1KRNCQN4(S(wZasH)df?7=ilCtcXC6I2(KMH0cyW|y*2qsPR5r9$BEdUcw zusV$;II-Fy`cSaqCUGWYm0JFgIKPm)1v``&qy0-nQESAHt?N+v%oB#)6!G>m`z{vYHG3MeL6Ll*lG zp;_@qBOVX?{|jsV2Z~*(rW?D@g6f<76;aMNDUtP;p0F1L83etu0SY8Qx619bB4x2RO708FZ*Y!EjJOHGIn~mBf-h3)E9r6(vw2E z8BGtR*4)-hRF$Su6deO9DqVTja2_2o9G_nR1T3E0#U5hwn0)?Q!X26vj?hVZjM>v~ z*?KyfK&_`Fc|C%6m2`<%Ly-PPduB+z5R}!1!>OKtbycHB!uCzfy*xan!xpJTpv)SK z%w;UN5pc;J-Os=q0Ddr^3i`dAwfk!%ux0zSXJNHrlIuz8E^dPhCctS5&V)O$kK`++ zF!2;`o0Vti^?)zbqvkPi>CYf0M{`|nyReciKIK1P1loUnUNDXk1aJ)jlj!`{e!i~A z1;weCD1MnUi1pOhR&QzhtY1Tj-KJFRJE-1>)l*#%km|2TntY#1p&qo~WILfi$J_FR zem7Bjty8h&7Cb8sF!yV$Ac^?$J^y{%SnAu=j|VvMQ4{Au^Miy6Vnn|la|#S;-$P3X zH$O!wDN~?mj=3r>Kc&pbxsY~Ik`90>L#Hp%tIp+h2nk{z?8P;UE`U5!-Z)ZSso(_< z{+V6x#Kx1PZR$l<(omx1`cG@`J-zlaQoidgp^Ol3e8wuBvJ{;FH2zzS7gr`y>iZ|qlflNZIEK9MB9Ivan)q&FeM%qu2pY?TM%h)Izo@o-_u@Q z;rf}yJE}UWL$E&7)x<^<^5p9^P2I5LYCpHz-(he_jIuK=q#tnc=QG%P9J8UhtDQCPK7heZY zj@)#x9E=l!ewzf}NqKD4Q0xK?UF?E5*7NrN7_$Czu>i$?N#dRD3>};;>|LDyPnxV# z|6hdr-zC+=Ok9 z1edtHuGjA;G(YCqVWvM4Ui$7Uu4h1ia zy!hOOr|Wc{n#-7oO*Myt9PMK~*N+zS87e-RsZe>+8?39f<4O-kLD#bDnzb~w zx6ith3c=7T)EL-(C}HeAGG^OVBoQI<^PhNG$hdVcyUzLWukt`$w-cFX2y1D%Z=U9# zZl2bY#s2YD2;`WXOt`iT;(sOSXuA1k&6N4@_g>USKjvN(#cnuW z7<5$zp~whv43 zLP&5=j-eL;30k#7v>`f@Uw-OB)&aI(ugQVJXGfAXfh>6eFLyZBTk2T zenD9skNkTd`N0luc98n6 zGler~JJR6{oJCP=ai^pE)B2k-n3QK2#9(il6yF~ydlB}hgYf{~tl?X5a3Q-S;W)#N zk3_^3EPMhAvJ@&*q>*s+H|Cf5OXx?T(Ny_~JzwNsAY3x&m{#&fe%>5UVLtwUQldtY zpI4B=N05%q%8GDS0AA1A>K!I1e#of2QRbyS*VAFlPvzzHmM@=Q@5>u4TfMF?mZeUv zo!X`9BNcb=nmf=1lHT(Caj5tK7uA5yCCc)z$D?O<`|ro%wSO0lgUj9eoi8aL8%Q}h z-)~=w+w=#`RWDEH>&w;po&Mi@?2fw`#eSF3)yQ`QKf^NA9p$C+Pg)QM{HPpNNlQ#$He1pmQwg*e<>pVv$bb2Eq{=2@>?0yiAaF(xWMAP3oyR;$v#T)B$?Dyg*Tf`%! zHR@gNzYU{V8YE;^a5>2Qj#_|=0dNw;M~bJB>hsAjUE?P*mA21#J~&%NZ- zl(<oujZR?86vK5X8CSH;SFNB;0lC@Vsbuq9=^8B&o7%OtaD=_ zR|P&yNG!{J)*@Ss&sIskObFd)pbern)|6(SuTm=`t+cvqN6)~s&KR4d>kk{V2GrE-ax{r&apO3;p$k zHgCQlv-`c#Jq~DS_oGd?=Rb4xCH;ejtQ{H1MFoxRWQD&%zi6D;kSoHWPwt7fb^T_I z&ebnE)pdGSxT{O7EL9RJkCB?Nl1IJHa^5;d=Cy4~KNqd(+e~JY5I^GSdC)&fUpR)) zkCUdwcB2s5C{jp$L=!u)7!!&GlMW^wsGjW(A%I#`hH<>|(9WU7p+`Hu{Q+Lv<4aKEL(xTPNMVLj#>*1xgUM%x?Y?@;l{Y%pg!C7{a z(m!uMjIb%hy#oBbYm9U-k7@;dP-$bAx9{15q0p6;ybSAJuw|Y7;>~ex>8w(;kuuA- z-@xQD)>bA{@~Bb4ZeH68eJe*JHI>R!?CfEnnV!CcOnYyZkm3}sN|9nKdced9ut_8S zM@Ppv0|PvCVZbU-w970@(DRo+O^PrMy)YkGoWt*y_4f zOpk2zCS>*&Y++%xeikxo;xe^VOP&gj`X`{6UT34LbfhY4cdk1!*2PCTIlk7(Qm-m* zcC9}$l^*sJ`uryqF9WT2qgN|P<4;o0p0&n21;87-WsuX!11%>j=e@ZFVTwmQ&YFAv z^Oy{MS#(C|%bEFJRDD$uzF)4L4$|0I8G`op>dM~$_Vsnh9`GR_qIHSmXZ05lGKRZ& z#jjqW$gD-xlcD4<{X@2_>K*^@W_1Jw2E8>L=DbnRCs93x=UUfAqp4Tq3ZvGn9@^Gx z|8~7pMWyp)!~}E*WhGv)IkkZFh2F#*b~hcP&zP}U#zAj{9NU5wQl#7nVacK?PWj8T z=m@rqt{4X?Dw0zx=rN09EKGS~8d(IxseX`t5|%MHHG`Fi_P{)rD!ssEYVgCx&EmJpyQ&VjdI_mSI#=}3 zE~ODqXs=~B(Q$85VSE+{5WoM#>E9sD%GA9f62|f;&yk*?>Pw!CZ8fV5iU@9KR4iS# zu4J-Rj@Po5D$Q-x;j!cLIjxP;f-D!ZD{R&sHQ}N=r#G?LSb;t;xCl7S1l#oK96v@3llB32zP{q009!uT!LgaCbv0S*D% z$x!noosH>lbxIAYgc(nAE6JpKY1#mO2H+{oBBQo+R~oXkbs|lER!A#bZ^KC>X+!F6 z=$_t!KJroPYAIY>|Ec5oMCUu!Y4czapM6s>T-}?&Y1|-I8;|67MunLgNTI))P^9s2 zDYCgWi^+cUabMk=z-bILRv?X}2S=hkM+2_q@+t--c}g;6T*Fe49$+QFxFL)*N-Xl; zH1_7Ny5e0xWm&?1;F5_|5{Mx~PcB;&68JxTcNlOaSAdth;Q4-%9W_ph!@vHKlwvI? zos$LKgw(N9>L2|;^Qfo)^$zGFUr018^i8?>BYKELvE;HUl%%@%k8-2Fb;;;qQcG`M zwm^nNTpg0u^G>`N=w28nIDw>VmzOfoPFTmwlNGP~=vI`2r_&TSR71ZLF1|_qcYE$C4G*sZJ8oOvk%%q4>xzn`y=cKh>N9Et8-BMb4w-A?HJFe}Pg9Hl zuT{^qS(vK`3HpjkQbP5`B~5UR~DBjh=byR6O)`V>OpH znuaBtq`Ff2d*z0oKBMuPo!ESUjw*kBwBwVKWd)Y^<10@BqOFqWq3zOWXgY5Ihu%=Y>M;=|WJXVKUoRhn3# zCo*MO2}ypHAix*)^gqMhI6zknbWcV5f!RMm}*bPQ#AKKJ4DVa7t%$Csl25WE1MM5r1Ss>F+7azTjHXY@_*)&YPo| zQae&h#5&3(=+k@PBR{IT|254)Ea@HI(0jYvrSP+2ap)?Z2guE&;MLcW=eXQBnpRXt zNzO4MS|u(N4Klra_i2%^h9CJSRljxL4!D00;~(nZWc1t0>FFarEJ`ub}Zx zYGshqcD54S>@&YL24VfqjHorwAXP*K^E=kRU~1%UMwgn?A&Bb8LIb&mqm0{s8dEgE z2+P+pDe9GuX<)g#=`jt;k`$Qg*vYIfgx{Q!SdZ6I-n-HT?X!5_y({QoyDh$6(6Ok; z58pS{^$F{<=EX5aO%d{OZo(9`xZsxt!&rSY&dGN8zx=U*imo>To3~c-|bgJx7fEJ2Q$VO8_Jgx zxwJbf^^;;tTyt<-GmaMbRVYlzF3(Ilk3ui!9j@s3-YiG#gD$U9ukbH!n8v{ZPZov5 z#g|6o=rFopp;sxvAD4joySDkt2fSga>9?ANn73L{V^0>n3qJ^%4~V{)Ju2c4tpF7q zC%f2OZIR4i(V_KzvqPf&zj}q_m!|RiFX&Exa=B&_5EVr#cxXQea{nHz&$fF|`1gp; z$oqSQgkUx(bCexf{Hry7uwXD2Re@SehM-aty4;ZHV2vjE48V#itoI?YjMa`QtS|N{ zIKPX=on&|G$gg)`IEO;zbgAH&CV!~XD_}!$fiIfjwRSE3fV-k&a_vpL=e9ckd7+b2 z(=Fc(%y39+vAqB(f~f6BMz2jzG+Si0$SlF>-=VVudXEjLy!Wir_TjRDTgdWS5A}?Q zCVrQH*m-rBLl802*1y(SxUDXNgFH{V8XBVAeZ=VTCbcS~(BAfB>EAeuAe#;WzN9lT zdjniyp;us6o}F~h#6s=S6_Xx#QFjx1m2JAU5l~CfPN{E2RNjIWuGDx0n)+aWjFd`u z`)4Wk9*D$iuha+5@5)h?-?puv#+jGCUXO`s*?%yQ>HGfLW8%`}Y}jYDin?^Z>H|_% z%m6tHz*u?-&pGS-4ctHOP<*M%N88~_^A$rNaq(odX<HZ)qmQDyZ)XH1hs~o5iz(ZX&DCmD+i#m~pQq07 zOYQ0?hh{1C%0VYPdO$V5;)I$vzKYER09zW%v?`{Bgo>6HneNn{8tBaNrwF4Ez-#=A zxFf`dK6h?kR;wPRZes+)UNEe)D=adFje>&hTd$AI(;r|8m)}3lU+KAkUWhKiZ>g<=5M}P?KsSLp3ptwR7o`4><{z%1>Qg=ELHC++V#=Y6^vFW% z7$hZZcOnrd$t7t~rA`yN76matA^nVbU#$G9)iPm(4k)r7(mpqTCJ;-IHh?2TM$cZd9|a894yd!3_VwV>US+zivwj9d)~bx z{@XPF&ku!2rwM>XL$T zrUn_r|L$}J`$j9kN+mBpZ_8S3@_Sz6z1Q71P`lz8%G_Nr%MDa{ zedyG0>fC459dvA@<^`cfTNFM6Of-4;^RKXCsVC@JOQqd~MD zb6YNUwop4Q+cM_o#p6A^j16poH&>-<@8;y*X6oQW^3A$z`+8xvQ=}2$&H;MJEZ=5j zjoAH%J5juwB^d$g9{@JG;)QH6Q^T=eN&Py@b(84*Pfc1le~wcv-{vI+z4V&tW}VGc zxGj@*y`$1jA_q;i`odJB)Zug4mw)Zn*hzr}zX>QzZJk!6@pb~=F$kt;y-j7jsZv2{WC^;liJ* zFl#67hx%XomwTm?CntUQgLP>gTGor-yhTW~Oz*O>wz%g4LDD zY*GI9%0E<=xxJG1tL)^=Pi`+_zU?#eKM&D7O|2pdhZx3#@xz^iG(aapgeN=1^1a{g z2uTy9A$Ek-Kb6k8l|_Gh3~^~%YZt!rzz(7=VkPB|IHG`>wai%&+p5YF65U2=e#zrm zD5Qur;x3Uoz(1*(&<8Y~S%Nl)U-9x*9R6wb$A}d4qAR7A$9bqMUtG3&atx-A znFaNHjyQOE|6=6VB;QXl#f7)KD4QPJJ zG~p)cZW}G5Kt%Yw4`*Z(-qyv7X|xGm2S;9$(exCn{!(r$}E*IfHZ8^jw-bCn!a2fVzHj0W%Bk#gS|Ks#??9cj~Cen znmMP6dxQe~^us@gXhM77RRfb=woM8V_O?o-Z7l@uzSA#|sDkfHg_y2G2RYjmV%^B{ znlILMViW;K>b8fHdHPdtvjcVAELM}Zf6+|OfyEc{3mIzoj5FPxlVIUmMmRGGv4;oD zL33W}h1rx^t*A7kP&x9_oS6~pCiWDC5OmG@&=;iXjWGU z2`_W1j%5w`6Y-vYciJxKbz}h^KGQYdYw2fg+GGB`X@P%IqyQbN9U-a~{*sg74bor1 z$V2wuAe9?#gdeS&X3e~NZW*{r?x>}9&8qep?%#7W(n7e6elFR-`Go9fqtsoK{~{5+^_n@2B*avvd$bxyp& z^5~84;fFeKa&)2G?4(yO16pWJLlUTLRxGI3FkYZhJ7X;dA?hv%amYIl)7AL4@{OCTf2qZ`KX}L`qtrP2M&L*c_V#EJp(Q z(yMJ$5i}$ox~jLiNVt+?T^ZMjcJp19Rmxbw_eG%&K9)nYl z6TRsxgiq7AVXb+SX4;75{GWsJ(29trQJQ}jK_P-n z^M&^6zpv`!iV<7uz$m`?q}Vd;eYDBD;B8b~(9u!F8dGrCD)!Kqn&jZNSFPqGTn{Fa_tXqOsxecORN76 zY46x1S`ek_mTlX%ZQHhO+qP}d20y zH8Lq9x-46ctPa(+Ls)Zc{SegK&Cr086$5x%*s#>}w_>Y%?_e6+w=Wh?%`Y#k9>IYx zw+*|Ijy|G)IbF*e#!&WU6YQE=Q}yei1}AFfcCM}3;AmTy!#GOHC7r90+kM@W%dmL* zMlEl$n>6{hC2H=z+%w!iyPq|CPaH1)1bgtoiIq%)xWmg29{2yKd7_30+xZ6v>&*Pk zhM%OflDK4wiO#x=$$Geu95RWGicla4oqE4ubY{M5SZnxcaPrdlF_U7A?r z+Q~OtuaQWaBiuljJQGHZ5YnvYZ{<(ZASQ83n3<*b>W_$X~L4T;?`(raI>f89|wh%jTx4ffOKzq4XBd&m+*IK3QFBe zncg0})pE7KnZ3jQ)0j?;mdd9xFWZY1fv{nQ$f`f8JN z>fUiudB8@@rbV>&y;Gl2p=H5@3iSlW*FgML3e%JUKkw6m z9P9WYf>&=q!om;5>`yPmd|l7rJR9*yoX>Te@6yQ-i&$1u{)h7hC-R35X;8TrHG91n zNKP1phu?hGZCc_oez6)HMtIymZ4yPV2|ZJf-@^AbS1ooM#bG(pzHe==GXC1oKW<06 zh));z<9$8EZ!ZCVa29s|!;AxKH~V%#icG#9EQV@yJSDTaSYf|M-CD&Vwkie-XJZWZCi$=Z7yJ2@(POpMWI+o#kUuQbycPSnw;@i zfjGPPxX06P1?>vaB)AW)Sn|g=lZr<=%{UlTTw$vV7*{|@;C?s~IMy^di5)y$&cSwV zEJcGzM;!Oaz;#0al=+Me+SpP&Up%~X>Hr!V5KnJg*aTt#a}k(M7w@%|;Ax0kStAjL{w3g=LZu2s;=>$_{)1Oe~IC`%~BqvB)3044MLdkUKRZUG&gT7kY6`CKoI z54^H)hrtfCe^kgZVft%}RYPWj|A5iO)O@1Gnn|qgCmIAB6U2HwNw(vWVX@lx@F?v87QkS8VCj-8Ao9;aoMR!iFxWFj?p4G;-GYZ_@#^5IERk9{ z98RtqUKC@SJpnM~VVM0prv@O>At@ul08p>uy=i3tlA%kg0KWxHAs^jMR3mWN7SG^P zu#mI`YZ_vsT@x_us|^R6-Favp6@+UCVjhpsE7Rt=g`tLnLCM8ALxeGOlRt!t11uhH z4kEV1zS}b?;TPtB7Zali#nX1sn=1%Jo&tu!>4jD-v~EWZ*})qXwECCdKkm>pmc;@V z4H4QEfsEVVT)ynFwcyLBzL&kPC6|(@jRl+`1z_4&-Ss4KK}e)4KZGTPjWriwEjWc? zKsNLjUm)H^*b_-!pHsl%2nw5Kg4Rm`&J1`B{|wU^z`UFU)ZYWc7*4qSRu1A0;u3)3 zgdxXsGh+60Er7Cs^XxJ*xN>!**~)UkEC&EYpmTGDISgCx8G-q&q?R!N1R!r4`|MJe zDBJ^_AF2*A6kr9RH25ll+FFr^V{T6vC{hC8kXRKHs}Sd*%(sMgHJo06M*wL!b%XMZ zm^82?>`*vwky(e4334hM8Eb$*QIrab-OLZ30tjK>jB|BEBqIE9gdz~10?_$4H#o_8 z_71556iyx%wI_@qmVo00CctRV2y9TklE_AhB&Q*&X;I-N35E+yn~_XwY=#GPZfi>z z0F-x8P*+DBY=v$71fVSQl}JgsN~NU9&V^y;X<||_DT!eTtp>@<%zjP0USuZ`lK8K> zivTjFh2JD;&$-?o!bP42E|$!3qLIW=1J4akv0hblI&O`RE3|e<2i#(_W%n01@73uNh($ye$I3@xDM6rK!AqV@R|mK~-u5+0;kct@ugqlw88J^-VW+T(S$ z^A2;8K1q0nivr>nz7hQ($(*lI$q=yd4DqJGM$m90FOwJm*zHF~PXO5s5cy;%q4m&~ zon`eS>_6xI4`=!G@K~-$x0wbJBBm}ryQ4!&a;KVL5$=`$}DUeJc zj%t6K-5|Q+s`IYbyv2SYw|t@f;O9+!E<; z(+oEaQ!+PmNdbN~D^Cqt;Oz&cmslf0CxK%D#`%Qw%2ZmR@O{G+Z-9mNFajhO6p#7^ z@CZd#Fa)sxN)vnR35drX)-)0;z`v|T2{l89MsLfERr*w-!ChdGG}&;m^>&?6y@9Z) z&M+(&2AnkY^(29PSd{9HHQ_w^*5KHmp{fWb?-_OsluB-S=h|;-Z~Xra?EM#G%t!Pd z4EW0!*TDn)Kk#t>8)AH{E^U9vhQK%0XSA0Lgt5T403g~48pHw`vu%RjCHJgA1EW=D zJ9tn`ay(4?zRN8v)p|58$97&Q3Xf*$bdtS4#ZJ6Xn`-`Y3->;1Rk!;*>%}{CPnzvK z&iV&(yOBc?ga|7U15*3dYz(*L~(66_e|Pc{$&Ro1!hm_KI$D6rq0Skkh!6k z(hL(_tUf;#D{^;69I5kPanYWHEl;v(Vaa{;W0L8Xsn%?(UM6CuKDI4WrSwUA0Iv;? zLe#0J_PEI|^1)@ozihwIlSwu|NS^6!={tNXheX+2RB)_8onECV?&mspBU!k78n&6I zQtZ>a`L}nZBL~=DU(3|saG)8Bx+S5%bbSXHgw%L#qU~lt5?{PT>xUvJ0{2XVP z3`{At8j4QM1T;r7lr@-s`OYZZo==CAGAnt=aV96_XHx(Nugoa(kS>=;x1+``LcWee zjHZib$S|-(us&gPWI8cozzxMw-{6i{7jX0tM%Bqa>aSb^dRMaM-kyKdbH8pV4WcA> z$|OR5OaX1#NaFW;7H29ET#wxgtLl4b$p#&M|b61mu zqz8S2%4hHAr=LD9oI!UDRZnEv;z>(HA6_SP%I{at_{OfMnJJ@Dypb&&BUzQI|caDPy}{MsWMN%(k`gWL^vxn zxsZH1{~MjK746F!!X|GNQl`WO9iR^iw$qAoGb?a?g6GtE#FCAdL$wPL8-H+qQBQQ`GA>9pc>jn6bsJ&GJGv&m4jfrSS7cs$!)chA3olDVBb- z|Mv~^e%&mp41Hg(qu=NLarX26c_s3zdo^R1lU?`iv)vNj$HQVnAB1i^bLL$9%>p;<+Qklb z(;kaUu=~KdFF5{&(&YaBxq3Kw-PRrVOBm-p_!u-!x(h_lo%zg}9hWJ!dF1Hz&`@xC zp+!x$oci|`q`hW;P9?kX!1DgU0NXnS$aZI-5$^k6d$X&&=^RdIpdD1o(+|``Uyq>) zKjRW1!r_Uo_P3omGfLdTJpj06AvN>1|eH#r=~0{;!oxPo6L<{DvtI#e$YmxkIJ z61MMsR3}8Z#6diYv~;1OcSblIQe5)lg3l%XChui%AJRUR_>86Be*K<~(G|yW@(9OI zrx`E0tRYWX{K#$7@ruSi<#pcWWUR*a-|jzPa|D0n=}H5FIkS+_+hPRsxu><`2z*D7)^0eD ziS_JT0+&5-Nxl_X;_`wcQ9Z|)%_|yrpsu)A09W` zSG(iARqMRVVu`=gMQxXMnlW^pzpd(UIdf3$lhx{v5>s|Z$|%1{kNzH1ulUi|?cnnl ztx@0Jju&;Q9W0H9&X+j$9E|58B(D!)+a!7~?uDY;wPVF@x?q$N1lvz>uB(tei}93q zwGt!Ji7k=%-b4h4kB(s%SGb%9;nl>&wfrwaZ2DpN@jG~U5aVxtuZ!06+urtrK+EpW z)33i;D94lUZ6F4n#^ojbX`Xt1 zBd5WPj)18(T?hteYzo1x-vb{0G>KRY*UqJh9m7Z0)4-kWYg3sbb_Zqm)wM2Czpp%+ zzb#IwTJMnl$v$s1F}kyK$o~pGF?m(T|Blbc+ksG+VYwIK@BjUzy71KMk9L1lN6Gx8 zMco>bsg@*Z0^!3fd&`w`YdGmYd4>6-Wb}>&8)%SJ&-I7Y^v!)=*aQ|vGe=S@qdg;K zl>Ahb5vc%v5zivC^_PjDigIupN7xu@OAh}QyQjiq?~$n8}i?DRH%D(C=7pRsSbUGSpJO2?7|G@`Ca<+j86|j^?uw->uO6t zTXiX256M5%Ak#EU#+}AiP}MX?;yn0zJCV)?PwtIwm+ALXSn8F0oxIO<(v&sTkQI%* z*CZs=mhnbbTpvX0#pk77vizVl)=0KiOLo)6B^y*^a_2!8JT5~ROVZ|yJTgeRvLApgeS6e*~T#2Od9#I-4I=MC(NYi9=qT1BU6?P-jtaKV?Nr&q& zt)c?^yBZ}l@(6+Tsi-j~zy1;l;)Z5&i6q;Y0YRi-vx&!v5$SBCDD90B=}qp5wv^@M zVeHLsolQOT-Ta)9r@81g&9<_YQXZ&{lq4IQ3B$pp^KOVWMzv~1$adVX4D&70jbT6l z{fAVoE%~Gq%9gap1hDDRsGhkfSvw)b>+hp!p;js;@v=r!pu!8IG`i%VXbKid;g+lu zb%hqo!PqBn%Vm40-g~bi40VuRM^?ET#}QWC^+H}QBk>^|CfA+%?udRBbACb$o9Zg#6&&k=zh>aS07L#(;!QFdvBEN_zr}UU- zx4rjF8sb1Uj|g6|u(G3^UZ^jGu0|TK7`Mz0vhoB(eT1{3Iw7!UgYpK&Iy;8W%s669 zq7o`I4j8wD(kio(9Ji#pI-DeM={-Zvr9T$D2H)^^NV;94!XI9We1jPOVA}jlbZ2im zz-k|8+nauX=({pnKa;_#ffPz&LH$+?gVtn_?cijT)>+^ecwsdbM2MI}o+r(aM$z&L zmxVUn!9p8c)Av+eHt7UgIjtmUnLIa~!re%dbg7FzNnlm|v-AalOCZ_V2RaZHrxt6u zO@dW+p}gdiDfao2aiTwFNsdq4FtS_`or*ldYZA^h=eZyWCDkNh>`1Lhz_w2|`sywD zRZ|ZB0;Dc7HaKC<-aJxr)kw7KZjB5(k|WFGwC-C|^~@oHZy#}vwsZVlQEk_AD%zr2 zWim>kSZw^XLdVtTB;K&rCF@%-+tTxssfu19e!+B>{Qk?|ZuVKd&y&z)6rGU6MeX3z z`2{TZ>#oHvJ@Jy2!=0?FLpEIL*E;Ghcs3i#myiByIKYKq%t%S?*a-V`KihU(ook|E z3g5Lpr$|xVh=?_jn(I7|^H;9tO){(LDl_rkIZJ#&5S8PfME9b|L*$hZ9crs=B(k;I zB+q3EZ%3M7Z-=i$E{p3wc|S0PF8hO_H1{RY%qI3(;98=K*Af>OLSzKWP?Q0osEEP- z!3F{#nv`tp{H5-x>~1CPI3po5bHBT(AuwZu8+J45H54t8E;3M6+az_t9qOlR9kKWESWXRo8X}tnDgmDBoT8PD(^j>Y zC{2H2o9hdd=9i_iDXDr;=txL^KSR(!Ml<|7ui4HRKO~XNDN8!N2u4DUp=KF(N>K9; z&&~K;1^IOg|M;Kk>Vr(IEn?52yes+(kFpS-PVokDsWWljal77=!xJtEzSBZ_?pQ_+ zdcB?$@hJx)O-oJM*dx~ExLK^$tWKSVHAmZ*s5u?k;AtDV6DLiby^T)FI;q8^I^;4kHF+fPW+9qN&rn#>*(a!2jS+PkIms7C zbiOOMX6th#c8R(iORVQ2@Eg4a8hds2Bas|G#2d0!aS|JOf9h? zmLoOgNZOm&Wk)1gYPA-aptThud5)%43o;jPifE)59?OFy?bqglv*;6-MLFl=Sg$iR z_^{hfS2U{}39Tb3cPx-qshmru%F%gebq;qI2bo9|{rMvv zH`4G=RmY`2yMxRhOs7E$2$XQNREAicV>zq>!%Jo1L(%q!}w!Roo|KVV%glgK%h| z_BB>DHF}MpdsRGZRejMTTOqYp__l&#j%w^hC9$OZ8I|tOwt{hxVJua(p=#n>M$2`X z7BX(FqV*GP@`Xa)nSJbJwd=Ne`1iriO2zPoT9Ye8bTJe(DKt@=@s z*M&r;txrlYi}KtQy|(FKt_NtZMVn5PV&~c&(Dq&HVj11|9mB0zs1&2uEuwAH3mc8Q zQ))iiG$Zp)FS2*Gbtr8|yyVtxElM~s$}j7iYD_F6r=HF3yl_imD7~#Y2Cniwbuo;B zK1gS*-H&%o*6Sx)p0kqr=Hy6ZSA4)%?sfG{>h{@u*e`ioxFu>V%f?k4}INrPy1;#2Z`tr)P z9s=9qEA=+L+T>!+L2QP%S9Bhm9{bCB_rmPe+jC7^cMsD2I9+pEyHVF$3LEti)Osh$jzn zr?Ujh*vPC$FfgeJ%qV=7T?nN&6g^5GhOrpS*h8(sG@CQEsVC1Y0Gpcc+k#nBLvC1( zkRqL~D~Pc#^+9~@>|W9P3mDy?MnV+XM2YneuPMMLw3@|^Djy(N4`uPFDo{=DI09*l zu4EBO)ttGZDpeAT#0*5qIjzLd;PjWEXnBMVUYs5-Mz#pwfGr6SIsVB!Z0vl2e+7LwlopeDpJ*HXqFskI5*6;^RDu=s@ z&w4aFp2<-7W23@0@b?s3NZ(Yf>MTXf`1%D7g2`F0=xxmruYkf?1;jeHynYVG5zYAB z7tPd6bFgc>ABfGgu4H$Siq$T#S2MDW5X22$QG73)x>yb8@tNu{-xNLcw;096p?OGC z`zzN}8Y^-`wGK1>!AcaHFm6IBs{a#4-s9S2&-{S1jdeC5Vo#}m0K#jHK$6s?}6rOtl^$ViQKRG|-#=G!+m zHO`yR`Wue3GH#g8;g&q4YCECrnJA3RiBnXoP7U2Doi{|hVc2wE@KM0YQ)G)m4c~d1 zIy6KPr;S1qVWpUbP|nfc}iho6L{fk~Rwfg`5~Q{Pya$aO&Y?Tzb1&U#8mfA85&;Jahq zE|MNUeEc~<9ojrrioadzj>WmBd>$bGkNb7*7u)pw7sEbQ@{jX7Pf`*ZsRxK58Dok#p81Jw-U;Ma>Bj;mb*$VBb%TiPyW?T_;`#+cd- zm#(s@HUroO-A1y1Jx$US|KwSuNhvzuQm&#LhdzctNBwf|U1L22^O6X5yvb49&qi*Q zYUkyM1(2I@lElo3{>dD|QM%ZFfk^Qk8P}C7jvC-K1#g89NAS^_%ioz|3I$i;3M}V| z`)^{jrdthRo2mLwqWhx=7r!o&Yeo6(3f-0WjlQ0bSzJ>BF@ZO#z67dhz(wn?XPvCIayRWg-_-#o;6aY;LZIhK@3%jr1-pGmF#C+hBIM*qIw^`N~O zeWTWd{^d0>s+sA1j_Xm+eE$rXIe9-uOL852VAuD;0AXu=ZQ(8YR_u_0YLd6ECBwhy zF0Y!wnLv){=tj)@F_azBru}z@ggqqE?o-xa0Nz4$}Mc3@c3Z!i@> zV$pZJ*PW#eHzPe$!RtO~9oDqWNovQV<9VQW*D{mA;wy8rcE3=y?Mg}u{0T>#8E?A8-iN&pI!rX{Dp)7}+7crc4U*Ood zp_d5+KYVZp7S#`Cw*%y_D9guV>+&J*{1+JHf*sDZ+1scF6C(0SiKO2S+aYW4G$A)! zItMX7=&vsd3OQLM-4dgRA{r}0A|mJ-JfhJO%8C*%yj&Y9y{lmGIZ_)5kZ>rx68@3K zqDeJfHv_0b?Zn+=>;4=bNuV}+a} z4NW}B-HNGt$}7Z;l8^!FsUmb#gG&z3Bn&v&8hDqJPp*`4}}o} z5PMd!Q}&H`5r0kKi+E`>zyU8tb>3aCFA(|U78iLGN)fU5Jhbm~IKmi zCbnl>Wtneej;FE`K6i1UD;7xdZXWj5D$1~4G-h%EH5=sQT2SU3&je{mukt_>m{BVOoNaih5Ham35kle?My&{v zT8lzLXu5|eP9}s`5>2gV5b>#+ENhLegaS)OYC^q4!#8LtV=}EMJdU?W?x<4E@-Y~T zln+un;!s1+{=|DgM7fr5*4ZU8gc5S^ZGPR<%l_WjpWfy3{`=GI8vs4Crd&N0QdW}t zEHE0T0}3_&>8=l}I%7*j;4}yznMop=7*UDb*E=&FbHhzFy~LlMN0TNy1ofDhQj`)D z>Ye9XEY88_p`fb8Nh$^_tw(KadF7&JW$rB81Z0W;sBd#)jLz&n9qcP7^k9@G-S1CV zZFL!E0g5I6cRlI=fA?O+CN?cIuE=+y^fz*w>`l~S&4962E6Gm7-GF+}NVy;RjM>VW zCLXw9BlmSt># zW$4k=RV)$@@d+GI%^g*uJc$bBHJKi?V58oF=_4yvm7P@AW`16(z71ki+^p;%b31U3 z=Bf-gyt2aOu^#FLTf|@>^L{gB5uSyzY35cG(QE|q~8|_iQW#Qbhpd z)*YA039FDn1|!PrmmBQi?lQLbi5MP;@OCr_sx9j_&gWA`t-Cq)#AC~Ca9sONFZgt& zvR62s)ZcE?2kY}VSh1dua7UEq7LE>f8NpXcnd zCZg*SW&2ZEp#|9=y!_nH?YFMZ=O<@z-o4;zi1c3Xo17O%TCA)1YSh(%x)&X2=AWMC zLBmggu*wUxa%rBbfrrhU`xnrU`lBk7WPJZGN;2%on>{&8!LM`^Qoj9lBqx}km#s*- zff%_Q^O^PVeR=W&mYAywB))@pgcn-s`FThjO3_dDr!|}VzuP)imWa=tV@WUWyPUj^ zR?Q0G@|Sw^!Y4BY3C02BS4I%eA~Cq zG0?>rb0@44U>4PC=mDFFS_U(ZJOtt`c&TU`)H=cjW_U&4x=yL>v!^*D$;xe&3rO7la=q7QAenO2ybx$UOj0gj%Fkw^KAX~n8D8b4`ZtcRXz>4hxm zp-PN2G|D8*0OMVuaqP9f+^Pg4uA%tuqGT*eaBl+OXxKurJ{g3c#&zj9spIg&6&>?5 z;iDaOj1>BzAm#;=QGT=Jk=@Cj*0o};F0OrfpDf12h+~=-cIkt5n#Q)?^~-MqANJPD z`ur;(a(Q<*1fB)U0|Lk1f9NLiaa!HpYZ@r;9}s)R*|_y=CFCm}LeGTg@h6GA{AzVl zbE^JvHb44kI`p=TNFJ9%Ppt_%giSWfy~9|+oER(QE$8fellIycWUu4HERInpII^@t zrRSon4(QrAwyFQNsK?uO$^-E7S@$&Cl$jE6cggm0oy)7Q^k#>yi`iAh)zyLC@%(!{ z_G+1bQ0;eCb}_yoj)I+=!L_HkVv}>r(TK*8lfnWYkxzXg?5ci27}#xmC9Ij5xT$e0 zEa{w|wRUAcY!dJ94=h$^8BC0{a^-Mk({7Cxp?c%sQmsMSdrzhoasZg`A$Zz5gk&5^ zFtL4TmSBSvVM~f|a(yOyaXYRIZgm5d45loTOm|hIZ?_P-u^1|w7?qp|E0ND75f~hP z&@@rdnj^@%oL-(Pq^jp3IbKN|X{FXUE#+qaRewyV6HD)R)XQP|0QJ=%s@7D$t;xP! zgGr^e#s+BJ1z4@g$wRgr|fQ8b3k5-yEDv9Dz2dDuCll3%Ldv4exWy<94GPgpY@L`>#A1r4`&l}gW@ zbnt9=H;*!rr7Ge4UJQ8t9nj4A)qtIe>KiPPEYExIBZb{HND~ER=~PZebFHdj`iniSjS6}>Zuj5JEMCe9hODVPFrxsW6T?Q z2hY=kc;yd6J*Lt#VF~MI)AW7ydY-L7CqKcqjdyEjcD$Z9yXHTqjJCVO;*N6(*zz#! zIJTC_Xw3(&*ufdYos$cxKFwlHCmZVtLLYVK>}h0e&yrZZeV}2o8qM&lnoB#S?jG%M zmVZY!44tX&PHOjjM<=;Cusm&#ax+ys7E@X7PHeARgWR08|5)sHCN%x$4W_v{t3BK3 z@m-pbe=yt*jteaeXO1E*bf}-~gannIxY=v#fb7`Vv+7@u+1ay%Y)L~mP9TnyYnIgf zAQq@>y<0X$F>U^0I$V1ECk!#2H?4dJBAKjy2DVU?^_4|ty4;TBNQOvV!vnMt`A69Y2K8rogW{2t6%YR}OwrIHWrt^ka z-Gij!N(xPTYns1h9;fM`-~FH$6M( z=ZEsbJ!)@lIJy{q82u(s;MbAyo>q=9wsavmeD`u)U8r&sf+q|#;(T#yqs9F?_1&>jyuPB!wAZ1*&kD9| z&vhgn2UT6CDdbi->DYgj$It4r3SKCJcDiL{q%Q4`8Z`rxkK5?pww3&dhpPa@|FDp@ z^Fl`U(UaS);aqtu%`^NSf8avV6~5vAva6LP#^>UzQD^BNJ61b4DSYuiWY8!LvdN@S z_rjG#qB5&TCg5H9$zN0L(U|Pw>iIH4X1_nrhUWK%P-@8U)*N?|LX^dN7Fl2b1<~qP zNY{Fk)HG9D38|?KuPH0}UNTZUZh1^8@r}@`TAVJrVx*Zou{D*$@?Ij9-tR8>D3KbE$XFfMD#X{cz=WJe*qm|FoVWHKl6wQ=45f5|QyGFfVX@l|85filZB9C^VC( zO_va6!Jv1(relv87sE9hK7Y27>7l(>NUYcgq1$?EzUZK$#3`Xo&i3~-7d)d~F>9`+iyR#VkfQ}ls^grJ1 z2fAL|4rr6mwRg{Tna|7Qyu15EvUec2pqVKNfdA$^o}_{z`5+U`6re{xfq3 zb1dXI`Up$gSlr-8(|1QmK)&zG#p}w|GZRYO3l_)ks&jg>%R^{%&wyO$Lu!JHm*aaT zqixh1GrZdb{q{ohVz2(0D^)eG@rf%@)qCVXSLc3o`dvT@IxZ&j&ER@`8cC9-PUn4K z|4)ah6UCogslNlojk3<2bQu%be=O$vN(2*dmNlw3}b>?rnMu5xZMN`rQHdTFI`GkNZ=<1K|%~T zCO8AV^<1hE+S3=xI}?3nch+b6 z@tT{-=OGDvr=mi1Wm&eQD=*yXN0{RC^KYRk(k=W?cop`!EDSv$(KBQD7l=hz-?0=< zY-H7bp?fYeEQ>o&DL`0r@I^sB9072=zH)Ey*Fn->fz99B7UFdzWMx3W0*+)LGGANw zbQxqZG6I;hN$L!CD<9w>-~J<=;4XOV0!pt7w?~F@?(E)*m(TD@7Y6@?D422nU5rhwS0zwCa=L|!5R7Z4o zUfcj*l2|YcN>G?pjdR|B%R>L#Rs5a4Io{dI& zf{KF(HqbvDpxrS8ecz%Wbt{k^n0*akE#P0s4MQY?*ytJbBef=R3Xx_QV`7O85^g_! zKJi&FqSLR49jfe}*@u^9GaN|r8CjPNxs8s??ktE+iHGk`a zE)z&#zM-7`0ucLoDe8b!ax8(LCG<+>Xe0OC13MMWPoaA{Ng#n* zuX6=|H3!F>uAn4P6K+C>$OS}K^~jvWA)p=R2#{)nKwp1FId@29R7l>5oUaHANvv`a zR6B@CMLLP3pv%x8+9ESoFOQrG(xq3iAD@TB~}6vBpHfYMHLAkiff9hiP}JOBmj2?TpGZ7!jUus zVT;iwQyP0)M=5rX8+z?kZvAey`cF`$w0 z6a$$(5SfOYi-aT40)V0b7LE+SBz=&-4-Kt=1ksoQp4DhkB&=cq!{bXt4mGjy1Z?dk z&e*N913AW&-qAL8P*^jJtXdzpqcEu zn)RG3%_2n*E9s211j{At%R$aHVCRlK@>94!bZc=GToYRhew%L%W>mn%O7OM`7o`GG zSF*@SY8FPPQi#E$8X`SOSjDA4%kCEes$q196K#-2A^(jaR}~pBxkd3+C1EXh68fCv?LsF}Mif>)0E`Roc#<$; zR)7o3w?f3PIIR5QULYE#gAK;NzL3sxQHSWmhBAgn%#F(dB8bqcoob4tU|6f;lj5l_ z4NIa$@w&J%2EU!k2*9fZ-T-=T5}{VwHT1l&d?>HylO9yGd6Kyl|d@_?uj0yZ4(ki zk*2C!FC|8RlA*=iCdzWPz6-nR2OyARY06Z6qe~PRXqdQF_4yY)#J>YcCBtnJ3#qL@ zF!*wCY4laxrF#W;VT)5N^z6!wZfN966!0g-1H4c zBcm6UmlZkTB@#2ZfNPLcMyv}a3Y1jeyO-9)E#dAk8G{S;KzgbpxRwtylDd%zm1{G> zJ9!y`hXJbPTZCfk$rsUz1WW!zv?(79f|)47i4evMRL?? zj#E6yjMMF=97(tkdrRFfMOQ?TD~23{6=B4zvq!-5GLsZ^JwTgHYx*c{SFS1EGQcC^+`w9$cmtrjPczg(v zomS1D=DGB?`g0T-an%Zdd|Z|COaV}@HGF~*0U}c)YM9Cg7Fu+JHygGbg%fk^IWIM% zVi=laQ=BGiR0sFJID4lk+qy1GI~*r$+qP}nwr%@_ZQHhe!nSSOj;ND=R$jcB|Cg0j zx9eiA-S%jExADv|dhg8J##`yE2&P*;@a9v7FT(miQ?dnNI##===w{OkYvHu}8K}y1 zh~LmZNvC@l3;I$tFj%+J`9%Rt%>4d()FVueAz}h_(lBRb0bcL=EFNJ_z!*(2475lg zcj6$vMrG8CZOO{=-6cBJ?!d3I4>k9U=$|h1!?pUrpC=Ps`{J)|2G;y=Xuf)-BbcK5 zZ1E;C*h#pcDQSQ_-hV14`%5PKUz|s@+_w1yuxE`<@?S0rQ}^}S8aML3JShfUN}xA= zALCi%Sl8AJ0tyTSYsUC9uUnDG`ks@V$-+hhrR$&=z(PkG(6n-Tni z9-GBa8&qpoun&xu=mX!cDqExCkNDc^{=PLiVtxFFFVi5DY4LA-s-Vwk9$@>K>53xp z>J9Dr`%hKU*KP3mw}QTvDJ$qF@b+N2D6A6_aCrnu-iqXjv^bfOVtgYCJ_I(betl{R zG(s!OvU3l)qv8t%x-}OjI%Uf)MJx5OVnH_wa|phLv;l-ADF-g%21^jiYzsWYOv4pN zIKFALiK2=rM4vf5rI&D0vnmHu0@^51IFMmIDnHGP0L+(4WiLUC^G|-BKIvEfjj7yg zyfg#k%(^}?8uA$D=rHN&BTA?D3R(F);Z-OgOq1w(thg3MG6NJRT7sFlmy~c)STvWdWm&esrHOHO)0a<;Na)%j z-stJaMVlvY`_7EemCPGDI8h}+QR|A0PIFsk*3t@uN9i}LJ^|Fs8phmH%E<5GSW`jRC$<@jSU-273=NY4txUc3BNKl)N6Gl<|+S# zd#>X2iUf;deRlG;!{R1Y0HvZ@qz0~W;XS^zF{>UOPOY836jAcGjDqS`T^ehDofmA-*{AbJVC`Hw%w|EhW;{XdG!TumIEEbMIm zCovcl|Kr2{weqe1bS1k98UO%{765?t|K_~^{W<@$`c2cuZbKCDoBBI~2M}UZIDgwj zq8S*(V*X(-1KDByL;lq;LVMhrJV8vcL1*RX>)0e!YP`X^)WQLr+26vExUZK8}@ zk4~FU$K{KeqWf16$deXbWJmBMTRdIlwdk=(66uzV-cCo+SVPB5)iPYp&zhEGzHWFK zyzUfr3q|yhAx;P*8b)Gg$`U7S{Ayf?M+f3jJ9W{oLUmN9%B6SBl!6AQTKWA6W-o+^ z=%^t{RM0e`4qw9*xQ5aBqPXS8nq-#j#wzpVVvjN1aMvkLX!q2VK7}3&t8;sm2v+Ti z;AFL&NLJm-Vv`J7qqn~v;Y6KX`9$+wOa2~Efp+(&2##_l?!f0|i!X?eqm zWK%!7Q_)UzwW|e1H`&O^t5WDmt{o5)An;}Yb3n{~>4SxND~M82bOGI}5-#=;rXyR) z>*jcoXlK}i!6E}kj@~5C5vJ?|DgG9v`eorSq6`HUKBl}5v_}JYC?Zk(AxYy^l>UjP zX$D;kkUGQI1H|toK~R%78$i&BND=&tgc*fY5e#_&6od+D)^O#wG@1#G;ZE^RG2d=B z<^6%+(kOr4A9YXkbL(`kfUc_~69VNSRSg3A<+yJvDYPtkbp$ia+=u7=iX@TJ9f`(< zM0YBWBFZ`;;(?aeV(~-|t=f{xvZTtYF3VhvYB)!v_|48i*r-+QIoq-7l#AbX)KuDJ zJ#}jPYbi>wyUlUMS7A6mHA9UkLC%p!@1mRJ9<9X+v%M$V&QhmOTi!e4{WFDC(oVY# ze!L=nT>B>rQqo zxp3xKx7L=j*Oso_7u;G`*I~h)FI2nE)vv9-t5xgy+G`KQNlCiIzk@JKW#8%$*^0$X zbNqMU1Ft%;;^!^{-Jb^Pf91oRGAj1jreqfcPmXgx;eX#jrs(l z%p%CM1l#MR0-p`teLx!>Zi*U)K8Tc)Sh2!bNkiTG%(f(>!SuS_7wiRf2d=K&BMDQ+ z@!6DhJ%3>-{lPE2Ye~2#3j&dmUMWt)6M*ZfYmFSW1jOhe4j&mK{i2?uEUUa8fUK6k}Yp+)|DwhPV}6I)f++5x5pORch*- zYsERSI%n!!nDi~#x=_E%JSz4A|1^zfA6M2$&3+hf-jUJ8={`u}q z1!15BB}wjFVS|6y34<)6laJ9Ma#^i}ZTvv=Vk+Dn8JwtHJv4fN1zM0d-UW46IbFw@ zqx|6qP4P!R$qd~EY&&nk*(v}#(doo6Y*p1b%@{~XpclE4v-?0RA&<*FZrTZ0gr)A* z8M%9D;Fb$~Lt6wY=Q$zHH;wq7-aNeLD~M0&?EloS6)3RU39v2IwP-#)ci)psa}8q5 zh8N#hgN;(n4AlT)T3X;jcRPmL%3{!koNHT~k%6HE_o!{v%!)IF9RMyrHY;uq=8F(6 zuN||qfJr*)goK2!qxZUXQaqm53Sg{`MibwF!8+(8zL>%y%iVFX1z~!D^*I*~XjHwe z@Fscu6WnZUuPEFr8MHah6TpSVC_CuB?!R5*5eKPDf}@j8<)izVsrTBk&~s` z{h`a3M0f-S+zabIs1tkXKe&P5!aw?{lMX4&AR=ft661@2*4H4wzy@P)($Xiio z%Xp2bHkJ#LK0DOHx6N(SVGct>3vR;vthCoZFA)8|6{SO936;#kVd=OKMMjLplR4@1 zlupB5pHX*0PFOh<^b-~F+&2A+6o9Iu@M>prZ1G%Y>SA-tm)IWH0MY~AbRDD)9(+5qbeh8-S`T)8(I@3|}I8R{f&$=(VW$DACIfIqS~8el)ewQ^};sNdUTa%9+G_ma9AF)ns3 z5dAr>6<$%tb*h2uj_rcl*522Q1)Q7-{mldeZcDF-2-w}H3Rvs~=t`B=2YHWjq99I& zq2267FXCIcoVVJBWZ>@(0cpgz&vJF1i4DH~Qg;&KPyy#9ZePg0M!y@C8Kn@RckL^E zXabg>)R*~UN7Vuv-Mr`@|B)oThofR1+4XuQeu}8czE9yi7}yG%f|y>BM2AnfN||h_ z(_aMY*DpTY*ZCB&pOiEZAk&b49kQx(2N+8Bl%bbE8Tuh40-#a?q!b9?m)^9&95&h7 zi#rvb8KcPvp?@j0f`K!V!0aI)_sf$JiCHBDR~6{jdvjz4RdX|T4lgok3d%4qc? zdk6J}a44o?bQr&1G?05Y^-Svpr&MIantqN`}4U*BR>gB2yg2ws507O+w4B>=5E*kxicTw9Dz0Fb{6=vbNtU>cx=CmHSpIz{9mOoPd z%%5hb+k@e9K2zs&mmY6VpzWV6)P4gK`i^8e2tn^WW=UmTnwE!J3-S_1%Hg}SHPq=l&~(RaavHh zn&n)J#ed?%38M zh2{8N(-=PGeur6YSZ*osNB7Q_JCo+sN3klZ8K>3kePUIeNlj_`fd_zd|6C6?!FQ4z zl;##sid2jW_&d$u33f#rTKF~pSgn4!VW67%+Hf;7x{i+KbYW!nmC%Lk{eF0EQ;2_b#mv<3H{My8Od*-_=01AxA33-dT zC{b+iYq$y5wiYhTk+~3MM_Z#GA0Lz`Hs#$tTly4K=fgQWYE-e{3~zUdi{8$x$eoc@ z`>EAY0Mc}lm6h&&QuHE0;w^{T292HOFr?>>Z>=k0O0;Rs)6lV|WJdP+?A%bF-vphBYqI$w~L@(-C3=(F@>M z9(=G|`NPBp+%?9c4+e^~gmH#B>5pbFPcH0?tT&dlNo82DVM`UH96<&~d%zgzj!+hs zEMN&-?6@Ud3arGe0Af(^sGah1uwlfVMjdRE5Tjfu8)L;Ser1?hs1S9c1flgKkYVD_G9Y3?z)Hg`dSc)#4n6g1Z_G@9*p2%ZJY&L` zvNF1p;k z^K@#wYsg_!I9QVBY%tae0jOpj{-IS?k8Z`-p2&PbP{ld|zsz^YA>3l+8qQKSD@Q;k znNoiQhC4+oq`w9Ap*MbW%#Jd3JS1Yy5RWBq3G($tVsCG|w~_G}dWyNvs?J~)I6T`o z5d8CSXKyVuXhP6`4Vxp&91ENjDNpII?2vNMCK#(Su$L1bxmJAEyeucZKDe;yB$D_V z{Kh3|CTxO4B17E5cx?J~Ep>J`R@0^AV&k{!VR8bO-VGe<@XX4uN!QMC`oD30!TML2>Fi-|^8aJ_^6zyqnIzKp`y_O%;$XkmVYL^*4avUX z%jT&$wCj%(K*n^WR3Cd^aD=Ai3t%T8W>Fb-892OOKDyaPI(E?fq`XO3DOJ;{ljxSw z2&WPV?_l+>^%JcVa@_A^yL?_0y1eh+jb_eXL~@QK?r)j z$QSDLw2LTjJ}6%r=xGwF#P)GYe-iJfv{#QcH9l{W8j6l5B0!=DX3Wf+2XTAjMKkBI?xx5^6N6;CKupDsS74(NetNpV zToi`4PU2EWBa9VdX-E~xG&fv-1s}#6Y=Jq9b*C{VCy10k`0=RBd^OHo!UMRTNUY+3 z((q}VnDt5kl2-;%g%mIdOv;Gp^h>U5Ohk)M+18jcED3!7G0*^_@08x)#8=T@eKx0^0V*1v~C9p9<-R~;`+t07P?k41gK9wk3q6TTcd9699SJ!5^~`~hu%0gD2G zj7l1mFU^#GKQB>27FJ^VojIs!AiSc`fNCIJ9}R^~)iq3LYYt|F#| z?EV|F^Jh9SZAU>MHEq}?V4<=_B-MIA&}L!3z~{V4*Ir~G7aZAFPHBhU+!)$Wvby`? z3O`dz+3V3iC;upw^+FWr?-p8b8B&A@I$GmcV1cO?gbGa5Ry_j~c=(E-u#&5N4K~^8 zP|m6KkW!)y8mD4SM9fCfgCh5q;2iq-1eHT^@uIOjL-!uZQApW@DCz?=bhchB!=ujK z1%vzX?|o^MPU;dEWXt;zKxfomI+e+-SfJiBS--0rvK^dpzFH&|>Z*o_9-hAVyH&qq8Um zYL{iSoGT=qw0C@51tfU`_iDRUGQxXhllzF)Ef(yaT?(4lIH(p8^Vneh5Xbd>2}4HI zbA&o8qWtP|UpNJnhok}kIQ;U@FPd$UwdQ1(pZfQ2@#wg?)6sjAfy+c+1&u$p_PlU| zcDs{?{sMrw`WXXAi3Lt-(=?N|COs`j>FC?4e%f*cNKn_vGG$S>xmLRd^2+>S3>HH2 z$bCE9Yg&C2NY%hrK`InJMMb3O%A3(y(G)S2m&+d0m75xUeV_5Tf-4@$D0N5L*vYC* z%NUo><8wX6rcGP_3W3(s{tZ*C;eg?5fsCKhh0Sgx9&HcL?yRZHVwHii7e>n(rF zevI{Ok+`^~dXdU@PL9>JMOI%5hJ?<0qCuT(?YH&&)#xu-W?GI-Nx3-C`Z?m5hC#pl^d(0}wyy&EKt`BF zvzD2q;|(0cjG_+4X~QGQ zwGy+8!eD5$`GdXWF#rN*%{Ow6?Ye7k=<#-~GSniP>0Zx&ZG;#sr#wsJc-Ts$u)MyG zvLk?$)9YA&JgQmk4I|KZU8RzWBByz42VXJj*SVoswr|LN9%oHH%fRaFonOuCcN|+Z ze&ni%z%O&Yst&LVY*8xX)tKD;p@l${&47$;&Z^NM1xiXRyASLs^d~VmuZZ!!&Qb?X z2~jkDeN-ITktpZ&_Y_&RoHrW02IO@DNAWOrO!Id7Tm&Q!H#V#qXGQYL?3~zB6|4Fq zht#cZVFYr<@16u81(#IU)&d7Ae0=M6|DSxrz%B5=R*Y`A0J;l1kXxQ#%ULq$Edra2 zzFTldVANRjje<3;ZLjj-OL^6gZ6+e?!l5KZmI49WnD4h9N?9z*E*Xa+-2?nHEyb21 zA=hs!%Dv5j2uFs?4Ds43hOt`}47)6196I|hk7BzjxpqGw7rFXN`b%t-VtNi=_vp;A znX}xlqRb01l?anZCE3sDKX~Z0I)WfSxB$;8_-+dI6~!_)-S#opk8~AYu-@IS*h}#2 zw0*u;^M#ICw%n5`5ukh(nEstgsDP0Uy|6bKZ{kj=BV;3zS!LNWn86w+G@NY@;TNX< zlRPriW8lnT8-W^( zT2}xd>3?vcWAW+?ljB5Tdz>olq9@kXHzg)N5Ig$v8IP>8e)7q;H!Pa-jC!y}?CNGWgt-f=0{N6}z)xQ1xg4G(J z6=u5UUfrsYF3t=-YJc;FbE$$}F8hJ?{Q$Lta6E9d8BV%Hnpx!!-79Tt@t_8MD^9c-}p)I;V#c<*%XbF}cp1Pvuh z{B&?+&P-A9SOfYy={WG>fv6yh+G3cANDBR}NT1NcGVH)w6we%co;@?JShz9kfIT~{ zcHUE!Sb5s&;Sf*;#v)4wW*|XCZcsd{R1;o?W;B)rJV>xr z9W!!qb9Hnkk^zG7UEh+hk3*eWyf1At_0dE0F55mY31cnrsUMOEB7+ttx@eAU?pt^S z0Oj;>b}>ts8iGd1B+Dc@u>9#VGbk1eOynZq&bJ?Tl6s}630b{8ol&#sPJeoadHV0_ z81VGks^YFhv_{lrzdI8t)=5@ox&o3qg^pabfK2W<{8CJY! zECt3mHsN&NW@DC4+P#6p<~REowK+GFz3~&&y%&Aca05pH&~;=7mn4#v4$@|Mip-?i zv>(7fLF)n)6;j|YWQhR%Up4gqq$>ph*#UZZ?nJe!aZqB+N@Rz;{bjsAF!|#Stk)Iw zEBBoI0-rcs#WstPObu?PuA~hw5`KM5lY)nX6KfR}zgf9#5TH-k?$I|muYe_e3DMX| zUxm8^(@iFbq)?P&>ux!S4dGJQ#EPlyC~QJYST7ef+#p@>UFtAq2#b)b6r_vd*af-z z!9bardD!@Q3k&>t0}c_Yn2PIkTZw-jh?dOZVEXY_1r5Vi4TSA(2d@daW_#?{W|P+M zb~gf(7jih0l(lz35n3ofJrp^7CrXaZmxxJ1FYTkqBD84@X#t}tLnmn}V~3tN^p50< zl32n&m2@N`4r$n}CF~@b+9!w3op%zZu#P&t+&ekG;?|+t;narh=*D~1C+3Lj zE@4R-eNVl%9t*`wz4~4*rFnUH{b$`YOxi1aEB})N@V-Udrq|z+82&8@!GBL_#&$-u zW_Bvdpa6hdz;jwA@d9>P^zgwqpAn@zEOV#@xEn}Y)+k9~$*A+>Vsy~-kXBqR6ni^v z(k+Swjsm7RJKi_(I%EK@!?ZCU1bMi>qUQwaNmmGS`}MQr63aYyLz+ra6K%%`!kAkt z;#W)>hU^@3qK8`_!So9BoiJ=_e1#*2q}eM$*FmIn1_OCGaUmX;<6!h@E@oVfi?RAA z4b)$>wdYUoyzl5s#UV)0syKrxjqsg= z)9q>^*T9(^0D%0zFQJWzv!jKP z(|=)PExV0T6yFrzA!UAOMg?O9H;XF(fouTV%r^0^jnF?jN{8~tA%vg_30Ll4J6^O* z*op<-Yoz>I%>1MS=}vq*SsX=YmSdetX5bQ-vx5?P%DzwRcK+)!|jTdC4Lx{?LJSSgj@1f+jVdKfePPrp z>2<@b&U{fKev$B&l;%+g(@CK5P zL`pX;7S$0Y3lQ`CO3Oe`fhR;D#jclQj4O}gDKAKd2vcg&tyWAo5iGGtFeQW*_9d|k z&XhzTYZu?8=!RvYSWbWBnu^Z+y)lwCH4V--RkK;99vtMdou8Md-XG;6Yt-n^aQewI z*-eGPmU&w6%Ks|xv%EW`)93)ptZ_}NCLJAH@Oh#bYQCJYbIfSPb!D8~YUD-{>om17 z?U)Nh>pPL)zD&ugnL0Im7M?QHhpgr2%KR7=GHbVBt0xr_Y>aX2*gkHj@EV@kNqv08 z+QMmfu%WZ(L$nF5OM`ZTGWIfMS{K7(Kr|3yU^d?AvCIw>`vl2gQQ?bFVGu(3ZOf_}nEE@jdqYlILK&zv-wNzu?r ztJ&u`z%JZLumxQr=ZIk1ER@h)Q;$v6X(1dq!gIx$BC*>6JcAX z{)gy}1?xqoJA_-$^iBlJ%}Pl#xwZ;i58wYP;mf^1@R!lH^===e2MHq;g4ZKSmw)JW zG*n2BCnzwt0FHm<9vWI*ZY6SjL(8uXLzu|IfT5@G-%hCB(>~lG%MD7{vKxQR?L_pM zd6Y28B<ld9!r5k(+D6HOO`QT7(AUqXd@E!fCd{Xy;P9ojmLKzj@aB1o1ihE4qwb ztSqoLe!H&40pOnMr(RZ{y5&~qf>J)l!#LD}Fs)Y^3W(H@I&ahqWvV=Snmh)ptX?rS zvNKA+^ZOuxbVoC84vQ^f5>rt3aG*}l&8-RtdC*gf^VPG0Z)G~*`-YOsbeQwr0xY1L zN=GPk+Fcv8Ky4(`)CMWJopMC=M}V#rb{xP%055dcfyo?kmYAG??4 zH0`#Fw3xX!D1R)zNg)o)AHUsQ-}7%JrrPXwQSZ`s4yIA1$T_04=QOqCD%1Yv$QIG{uR5MSci1xt3|MyoSMUNRCfDZA6M4I8pV)7&p|KD^Gi4KKB93Lh>&+vm2-u4$MI}I7huW@+^fZ^Ek9#JSd;ClNNS=PCj3|gFRBE8lB1YRYc z`xp#!Twzf@_2P+7lKQ0kAiA-45Cqd|7Wk0Bu@U31ZNKRw4*R2puW1LN^y=1%?t<-r zL7Hb-(+iqSR$hM_GZ!$<1h>+gl@w^WL#c_?W=vsP)hvMMB}e|sr#K~}fIp%vvbY2S z2wO4%Qz1C6d^}UH2EQmYH)(Em_W`MkXoPJrnPg4k`lZ$63ukJ@ZzVrb@z|#b6w6FY z$tx%U{nb0>9@7Cd{v<_>z?#QgKYTo5vWb2l$ z$@Y>aiMHlrExn|F_4TVRC+AXxVuuReLP_=Kquw&hvum6equ$}W9lrA1B7bB#RV4lN z1HY5{erJHqbxW|-QI*FNZ_xBdOdlz;{AXqMCm*vycP3^6MZPvXu*3ANW?$(^r)OQw zcgFEz;*XBlTUA5tyR3F$?NRGcE2uYh?-i92?PbDRYzD$D+v~=O8MHc0HhGEx9~0B0 zcU4>F`BIZce`i@2;4&mt_ryFJf^X&)Wc1rRD%96k^&`x+M=cOv$<imO8n^f) z4TcYTVd0xkZ6O{`zZf0K(c()-(*GXe)hj(UJ-{LNbX%OEv75#}TJXh~yvIs5&)U>v z&ZB7<@RD;A1$rsI7X2OJEt=gySS)@vhgbbI`D@6flhTg|?CNp29RrZxRa=I4n8wxsv6_foIM2=o~|>gh*U zUqHK2y4aFVed`T`{O!TXpiMB~xE zsMHBH?BoWtjEx(yZBKamVjK_Bj}mD&izT7gRa-YN*E1#hG7Pcqu6@kzO2+Jphwb&3 zBuOlIOC9*TaI0UqGvqeP^2D%!@x*c^B+|)X0{M!b^u4;pk^(8J-A#=lcyf`UwKW~> zv7^lcMMH<@{HaMY&d^8p{#%Cvnn^~C4-$Y*9y`K=k;)6?9{Vu8j80J8bcm9B{pnJId~(j~5(70N#F>~M6)0?% zdf=TZO}yfl*;3>O5@N!pnvw5wHowG-iVn-EjMG;`xnDWR%E(j?&;MxZ$FVD)UzwbTDS8T#c3v1LJ;? zx%V=D@-}8fOWNfkf$)h%hUVbl2@K$!3jIoOVV>r2;YN&B;(X)2fr-YBodM+Ha*%Pv zUOx_04apXAb&*($ldCnV!c8=XZIily_1dj3z66KBL{eB`GDrszg|9r}e&PWJAKuGS z1!6=V$D>S>mj)K&2)0GE=*^O@Y49;3n!zxF#gm>fuAC_iFyM59?h@@;yN;3OA3w@~ zVu|fx)~#Tar9$Gx%L@FBQIq8d_|G=^><_5;*54^#!e83?pSH>WAkW}f0ja^iz%!Gn z$M9H$579BQ--ow5l^G_zVGW&WD#&Qk8uqhgvAhflr`vDT!}g#%j*T&M`%7kgu*pud z81Y%m8PyZVAorD&10eHr*v)?d25lqmdCoxI6X0Ra5V{ndY;yxG{f*gF4fpeXkTF|HczSW9Vk_0N;=N0!mH z{tu!s6^aLv7<27v5eaL#$&U4rQ1;|N}<-OhPl@9c~#t(;U-N)sCzvRr;x7^=x74Mxk4%X>ek zDcsukEWh6p>5z=Tm9lM3&G{M2q}nZa<xJ@|%|$ms*R>i|K;~I1A#WZsiqhRGF$%vO|3e_(o-4wX3_L;OZ*Rv}kc zm_rQwbO#EQL9_cFf3j=v1s{gNig}_Ew=2qMRHY@x8#(HB8NoD(9N)nFLORM{>XBoD z3A2yt&rFhU5U-nIi>Fl$kZ;UV8dGK_`{LY&XEs#SpIxFwjzn^Yn6BPE2a z5}qx$$a&m1s+8`yDTd(Jkom#KCs}<8BcRgnTaZj{TY8Wn?1o}4dk%Zv5rtw}JyGy)qfS_f420~`I#vdn0ogS1g%pkRKs{xpIv z(;;nJ>lb=RP5Z$oxvg^41#ctRJ7vD3q<%JtGZne;<{*61VxrC+!m!d$o`Up~tEMDq zu*}Ki!iUY0hyP+k4Q0;PTjCyvN>%`5FBT;WH*AH%>4bi4n|X2XIA~#W^Ulx20EE^> zrOOu%&sOLlx|l4Sfh<{F@x;5Ga@e3DEfIZ@z?cYw{42pXb)@-bHaTMtuTCNTafA*_ z7H)0Ax=nmrua@b=Cd!FjIINOtl!>p3T-lvV3iCGKQ__l=4HoGX+2TluUyT`rrdADa zJdGFAaR>Af9f2=kDmv5ic*VK8oJHz&Q0P1QaDz*1(r1qX)Y3;&WpCnhrM%ZpZFh~S ze@wEO>E( zm*$*g-p0D0GYo&{4RaCKRnpgD7{LxX1pzb>zBj}G9TNi^)Y$(wW?I(5|D(yz1-?I* z++p6#7Wo;-1MXF4Vy6j9c+eJ9AaN_oR7vKiEaznkmK7y4grJ3GcTvwOwewMeH9r0# zBfd)AoqF`i=3{x7lYrzk^BL821%E}|ReyHYu_)L-(Vw}$#FARbcs%g_PY^G`3yi#X z)X&M8W|zTl;&daCw8?K&0#b@z?NPQvdma_MWmUPn!NVAW9>#QqJH9@BD|W70=}ClF z6l^@Jx@rttR6droSxVlWLP4b+u;@WCF?#zwJ(EQH!(1xod8k#q_C@k>?1HIe8KP}m zeZn)Jei*I{iI|%zTAa^odh6$AUa80L6wz>{Yi8T&-0=>-ZINLo$*waF&Wz_5ycA`Z z`~{DO>rqm7<|mSf{&Cbb*4eQt>M=eduyju%$HzcJxT?H8XW(Qh=@ zc}(684b72wn%PEx%adNi&onDCooPD>!P_H?&wyRP_{0q5#hjFG1UG>zYRt>2hp9J2 zaanzh1cFM^f0!13)r;s5YG#*oxIRRZQ-?)~X7_wReHM(=$v+wXwv8vCuK23g)o%)L zw-)Y{TQ=vwtzSiN^vBQrBiPe6jauxy`$?mq*49g_eEWVFZIFq8t)UY35hXI0S;cKV zkUJuex;q(Mx_Sk--KHD{txT1h&u5M?TQRY3M)SyLdvUP)W!a}I88J6&u%_NjWGVdE zSIU&0BB6RDX~qDeUcF9}TsIN0es*i?Mu~M#@o*cC0H;SkGryD&J13FBeNr1^8$i6X z%f$$DDe$I%UD=LyAmIWl2LwM`bt|!J_?*nx8C9g5ai0axa z^hur7zkO1%gNxytfZUjrYB$lL)T%@W$wN}1e4+Ose*W;R5UH6%2~S)_VJoc)&bac} zdVIyQzokk7uGB_odwmckSW!#jt}ko}!t(D}>`5g&W*ocX4H(M|dH1oatqko3apv_2 z_jh+2rTj&mGhI*7sEHQHk>IiVk4*F+(@GMrj!yD`i7jlenC&>^3lo>$Vr$OdCkHq2xt<5#Oagw7AT)GgMA2@)3^R6cGOkSpjzFRjm?gp9q5?W3njyeJUYsqJ!1cvjaf zJ@w{l^XQhXz|sAbYS`WoWU1IJt*cNcAmdagq4ZC-*Q<@H+LB-e^$EfzKUFT_ zj%K?i-fwWv)8|kHtt8&DVYx8^P9S&){RzDcVa?<%Rd=zgl*}THh_cnHW_lED>tJAm`|_Kah$E*Fow-D**- z2x@K!sQLrEtz8mK(Qgv=R%%p!BI=$Jhg{hzzk43&x-_a@XBI!DFiW>Ask7JZY@>!j zo>1mAlatX2Edcr==xWrCKpA{zNeqNofte?Yy>8pb@s|ciuX%69-q;kXvZhzQgd^=R zZaxYBycQY28cgsC`*JW{!Ugz|3-D>&>3?Iq@KgG;v50;X2z4&?Vg~6@#$)h&Ao)Ju z_`sfFFsAOmAn=V)_nqA3&)kISDAF6}ANc18Br9u#=*Nx>Y#a!cVB_6~+2s-%px6Db z9}xofyuNt=;RFBN#A8w{;o#0Y*STZBm%;}PMZ$siWXzlq=FMy;gFT$RVo2f%A6boo zvaD~`3m+HOMwUE&v{{GIcns?1PFcO}bTc;t7s_NZyy*Kw`rh^kNs$I^gA=tHgCXbT zW3>=Ag*Vo=N4iY}=^MUOI z4I5$@@T$;HC^865gfK+}o+ufV#(0P@6akm+_{Z^Cj8*U}U{GIQWM-HZ2{zpsKPUO! zc<6&LOk@TmMOl=jP}<4>^is(qLJl-C4z}nKD7tL8%i;(8pG`G2?C-^*zwp5X{6B4~ z|A8MS@eHvW^w7a4uWIn=z*tu1d! zH}MuQ7=Ha2F;0h*aw8`t>2qCs;`-{-)_JR~9@!LQ@lQ-6&}{u|>@nPq3NG)9DPl_x zSv272ZzEe0mtvWvNAsA^Th|}o2xc2gY4??)I^cR95E!14r0Y;5x9>UnyT96iTO3vF zdSzJy#sz-JfXoKk@Sza`1$F^@Hc9Acyj@`thbmbNsUOug7Etp{)At1Hh|l*(Z-;K; zf2H*a_s=tH$#DVM%my3jpS-FXD8@vNNfCq2!I41CXFzkh0bxaHc@m^pQu3DT?UP_~ z3JkL=fdv4R`S<@LLVz%g2*_|X}}nKHW8 z!2$ooV(Xfh$cqH&Qa001K-0093|xcBcAWp8cZY-;Cd^PfQq(?)JX{N3rE>X^E@ zK?-xfi$5V)a;YVmeJf?D|Jt{#ZJ>UnPi-W|nv8$#^TkWol$(`3V7}6s3?VVdPnoFGr;+ zF~mkxE>&HWM*8r{K+*vb3b_2`sIPrjiiawm4xKXh{(2f+UeQnGnXraJpplb^ySCL#Z)tG{%W}YBUA%2r3V% zF6jtj8evGeHJ2o*`f-z4o7!&aPbuui^p0M44d0`oBTDsx4_t`gBgBjXuY@4t{@QU+ zLg@qc?&)~6ist)B6ng3KcJ{9~VRN%^Z;CJSDDT>^`68lzY90Jy{$pQM8mPGT4N*AE zb!oZHX01}Q{?EF(!Qz(N#f&Xf#+$ZmXANgWJA&ASE}>3fsZTDs#BxxmGeXKkLyb+% z)T`x<$==^$DXv(3Jp`vJyEpMQHcM%rdnWOz$eqQw=%iL5y<&Q`suFhVSN6%T{kmal z>)Nn`BD7E&2rztZ`%6IHWd=8_hK1zHw|*i$z5LJuj6C>GEB?1Nk2wAtxwP_yF|W=D zB*DPcOc1OR!stWu{Fc_BZYx3xf7@z$o zh))m6MFS*9c(xx`YJNlFEk)7*v3{#oR-5h+_S}*&5pcIw_qJ()F}QVq0xlF7dJ`gg zvpHLXW6}Rlb7UN8Vo29fY8K;82CoAkd@~$)Vr~Z~<{sh*+>ArSNzuejEG#CB zQ~!G@Fkc7J8C!6J3)Q!yt2zA=S-DVWzT;3&X2?`x^V>L!zDy32M@I3*13Vnl%aVB}h>SVV zcZSd7vyP^)mac&oX6Ea+FRXHmP@c%R8kl0Y$~v~<8_HvW9|Z7-KbiAXf4)Vr@uD6W{+esCR+I?B&!rxh zC#xO!hZ5QV^zOcroEjcl?JDOX@l~Q)K+v&UXyO*JXu2An?4@N*>o!yBbc= z8ktfGtjqz2NwVJSn5X4T@1&5&E5VE@Ti}A7KRivTBjl4v{KUN*n@U zt&Cd9fwvcD6}8!Np`kGg5%cMe5n_;AN=+(YT3pc`c#sU*IRQ>Ri4Zq==$wN3uOi8b z4mFq!jSi@<0BHs-064yE%vBtHimo>X@@M>3*tG|oPWW0`qiGSHv&DC-5awRnjG_lN zMO9EiUda$&cBV?U{VZvFMEoe~D^yy#jh90=6ZrWq%;Y+n;X{0uavlOrI zok*QQ{b_5R>3}&dzcnJ#!bXoJrA@T8yY*-bmUnr(7Nr!*rp9Z9yBN`V#OPgw^aI)p zsOGQQR5+`)F-?$Hb=BsHb+rbhwyfKp1+lV=cb*2Mmw%frrae_Ms3*N*Q`SeP^T$W? zL-z!$!;Akr*ZkJa?Y3fzCScsPmF??hX*k=}ThL?ERx(L=?y<;GxG5iRUp!{-Tr!JZOVqcVIYx%J zrbC5crJ+1h%`)~tH8ppIU)lfS?45!u3!`q)I33%zZQHhO+v@Dtwv&!++eyc^JGOmu z>eQ+FaqnNJ?yg#od)8VnbIxyk10Y#A!H`4?AbL@FkaS*hcug@BcEjFhP1ULJ)`+v$ zJ|I|p_{xK))0ax!_OPwM8aS{dh9WDK*US^#pTun|2Y1bv^FLap7Imofnch3|`aiY0 z4_?dmtu052mpb<2tiY*aO{v^8gRUuH#F}$*`_cw0{h<2GtYOWFQ-5ylo#|N;s6F#{ zdGGwLMNnlnyq^SsWa_!7`IT~9ri$3W!PwwfR_{Y0>Y8sC z*@?@=H>fFw#6sc%ZY%f{_@2M+n6sAvI!%%S8f!m|BTwHN3WIk4U&vOD^X6dxey$*F zeog`Z*9+l)It0kY2`LQz90FzzH8lAGgSGo(m*lfK;UY+c$4u?5t0Rhr%w)sA<>#&N zFwVzkzCN-Qgl=(KW`{_rvr0I~3;FU%>Xdomlb@<{iI0ry;}TJ0gCQ-mIkj3kD%Qo8 z{URoi`^HB@RBvM4vITT#dODrIWuiB8W@wuM9q{_(i$aNELM2kMSgxdFndX%)#PLQ} z7rD7a`s6O8lb||PR98ll`!rSxYvi%iRIMW_(`>7e-%K1K6a9gQ$j`vr_AAfYJQipK zvkQ8DX3y(g&*!}4JPq?)GwArW(-`C<`Ni$0Q?;+4|7VTlW zttOfSCZ5FnF)E_g`g#5@%KWcd|8*VbwfeETSkJ3AV4}$nOr~Tm*Rj?mwA>uHzTy_& zcNIY0PDc)7-jVzxs2r(R`~A*83Tr{Bbl2T!XVTZidB4el;1yu-f%&d1YetH~kko@| z5Fv(aaeK&C)tx)C&_=c0jWK$yFud1Uv|w%)VDRUbIb$p#J#=l@c{6+H{!s7)@RJQ`2LVI>O`$BPrf7?E)`Vm- zB}5JVD-HBi`4nkRgCVJriSP zag|#&Z$nN9;mFq8aUW{zkkSv~_{ z8A7{i1gyC;$dfVwtn{zYUncCUkWfUVMG>kaAUh+(di3Z}p7LX)5lO1Sz}_Fyo)M@@ z*%6r2iM2$*eatETjSY9mj4QxAjjtXIQa|WR5A>HcK5+q|fp8cb5&a!FtI&O|5qo<) z(zu&9aG-1;0=lN)MGv`-mlbsqZ8Qn0iufrq=>$D*-MSdl4KV0WXntTYLfqm&A zQ;t81rkGNvNd=>Z{ULG495nHPR^}PE$1le(U;^dZj>%udNvL3!P^6qm`0D{oa=Zri z)N191+2L^+X>|SZO3U_Ys8QNxacKf#28Ay+e*)oyi#+^gNi&#soF1pc%uow*?s8JM zUw<7L8XYt}PDg|p5&xAR-KJ7JS3g68hSq<@_1blfP8+WMGl(Ve>Si{B6>(O2(2L*u zJ?hk~wC1w+Fp3c7pn$NmX9XiK;LFX=&;5m^u;KW2`|vpqb?v_UaCli7=ew+C0qbMZ zXyDaY{BI_EMiO>6kA(p0$2IJ)#K5r1lrO2aXGKPwD2@W!eF7q$-$b7tYCbY;QAC*@ zHPzV-hStg%^%{7cf@zB^F&cH)oU=b{YK4}%P2GY`+9P+oX=En;KyT71DHMiQHqh33 zt;InltfRl!=h?nCC`9<(oD3??l25;gGx9?ns&T@0epF^5dwB3UBz!)10vY_ZvH` zo;~hcw?vA9yd>R3sTE1#wm#<~J4<@@aQfx)ir=LK_g+cXql$7+vPkxljs;8!JG$+1 z*06FVC0I0n*tY#Kx9tDaOkp!FtL`_u4csz!ra0CLVluK*9qe;kQFgW_USUXrj*wgF z(#G?rjPpi!VIkv=-bQEGb{HF4T0on{c=zb$2Y6zcuMc;ESX!RQ2)$Y*WQ>5Q| zDD|lY0O^L;N?T$2`U(s=fr6;q!vYg#EFjK{!Ul!V8d(m}pkgW`LIYVIAH6xQ`{L+b z)`b5~#SnSXjc**<8~cYZFL8rB%98TVmFI+y14IuFqy%4t=mu2kV(>{=Y6Pw22R*06 z!lV&3pw&%OVRod^uX^5T6@TK9ALN+TR2Q%!J*WEU5I#U^sK8>5UFV`cbzvza`PwR+ zg%m|U)oGf-`XLvI6fH6pcT*1GjKnxCVPIn+)TW1%2YLr zqnfCM-X9S@LaHIyf|J(3+Y!IVJ4AvrEUIiZtyl5R#5aMIF@&v5^ntrsu7WX>=&BO5 zL${3S66r(>j6~pv0Rn=ZXNP;(7O}4vRhPxbzJd~&a_`dC6&jN zE$d^lPR%2s1am*$h{!ZggBAZ+qTYnj+9EBC`@X71)e)WaVCi=Gm;ZLQAI#jZ{%n+6?((Igcq5wOa(10p+SAynube-$u&u zDC*K@+_}UunD$1ukYk@54sRpq(LoSGFG6;Y1ML@(`v#UikY51OMCADf*%hU_@H|Mr-A}!k{yNETZ4b=#l%3<~YwZjwZMS@ljZF44UW7H^%p+^on zY;aNTvRMH?P2ub<4-2@tRo~{xU{?DhcDr}mZv_-XLa5)ac2&zLXak)X7EP+{bx9kS zYL+f78 z)cE93mS6th9W(p2mfoA)N|v-}`BRaaM$vIi0%CX0z)wkEd+&M9O-#~*CM?EzNK_x9 z-Bxj`FDrqwbf&r(42IH|->ReP!p_wHOc)_!Ya^TO^@qTJ2$a(w2S?e_q6qKd><>BY z?pnP4ov}as$%vH9BNrgaPI;qjj<^dOHR!X19zPyp+73N>5(C*J&vwLUl?z;z!{_S7M2Xw~1W$ZOwz0LtX`2X}CO$vUAHYv%(^55J)%aVr!*iHF2Q zZhH@7Zd2qJEz+?K@_`R&dyFEgYBJ`pN;7pFE>%7R5Lor;wchbD(Tg0B7G84?NIDmK zxDB0sb)!_V8oUl4@uCgTHd27xFBXyM2FmyJB(;Lf`|@+%roinJP3m+|Y0HzrC)Q3% z(_3QsMq|3bLfZuuTG&m5=kccjwVYYJ3iB$?38=iKd*$B_UMFUFrPasb3l4j)76>yE z;%1$+)HxF3WU>auM&lSczRyn{_)%4nu_7l^aZw_7V#i#*2?ETtE@7Y6tJgau(m1Zr z0lv_su6aea3(Xg;6Q9R5n;(VCCXpW38OAL7<~x9U1%m9Ch8>e15v%MRRnno3>(|dM zX`U)SIXC1ClkMq7pU#2H@QjiFwNQJZp=db)R>U$(E2uYLYYVZ!VslpL%pSSRjNhcL zE#LWj(BF|%aRr~beeM~he~$~%)e)=;r7T#VObt?}ccN4waaI|-D5!QN4{grX`ZQVr zmE*ihp7pQV3*J=U{s&X2QyDulO4-tp-3*`(T$ADG# zI@X)iB7Hl`T^*&bz_lgS(_m-MtSlr1loyfSu=@4H8mPJ5DaehvSqm_HM+{iLKG=We zzGfAIPU=q^1(1yCzavV8cYeIRG_Gv;XOa*;&W2h~cjFlG%33GjFQzM2hN2qM7;0dk z(RS?Uo=O~whQ606l^7$vNO+Lna%|7LFW%*lW>}awV<6$-e!mDXaa`cTs($|sy!#s0 za8pp>YF)p9A9m@)Vrx*N4vc3ywRygPe^i8IG`^9!7zP%$7%-$@^x*WKOP#;9;+bh& zzh3?-V)d^0DuSCZRYRn~$1#()>8YN#bCcvjFes5QxD6-H_$X2&dXO_=D7Ys1v@n-wO^U_@GWPZ(%sNS_0gJ}Z3K4F;7I0%4snZ2 z|L{T9ozStkfSSDtNTstX`ehr zhnP(fZ}V2;*SdiA;OF%*!=Ib}g+3q9^;-U0V#lcVf-B8_whtETU=C|`Zq3VfkBP8q z8!S#l+u@6$b~2Y-zaLezDB&}4^#FhW9#mQOp)k2m&|Ww2AUaD%Ol&iDW&^&wn7 z46{jZov;aA>iFH9EI$Q)oUI@QzWU*GmH3CJdfkyKUxN&S<%*TT-bLg`4k5A}YKq%{ zMTZO;+S*KnIm1Nr3B}|nnZuq@EJDg%#f(RRCwzkW6G#&#YUMLRn^Q1XKB|v}9K<9= z4Mk@-Z7X3s-U*Bos17ojZtEwt{@_bunfGw@7%r6eCyDeuxJ5^_P=bbT#d7c*lz7qN zQ!<%-oX1GAa2Ah-*0j&kuZ5(X>rV>355N>F9zq0gE16G(*D16~6Q= zHHFS}QWt%Z)dHm++lqb}8x|TbF$&f1;#Y9w0b&Spy{`{x2I7d7YFo6ONPO zEmdk`WbuM1j?ED>Fh_Qjod|)OTFZICs|E^e8Y0vP6n=fg^waX+GBd=XC=P5g z<=Ah%^?lT5xPeu+e`oOyU45%LQcaK$+hplX)v!?F4H4W;Lu;JmkC3rUv6IaU^_cGv zB{s!4J|S@12V)PMN#noZZ;!JNjVDVEDh8I4qreDKG*-KUH;n0|bmPu3SqzbNAvn!f zbx~@Hn&$CoQd~NDaP?%94h7kC#{E6f$?>waP?!YcW>L)eOEg@gPFGwFfEChW zvBLC3K{3hB#U1LOH3e!d5{kP2z2UbKjM15MF15j-f2)Nm{I6t4X~jq~_OoC-@wZW_$wLsp;`mMDzYRcg;H9DT!!Y2`|H z1@GwgXXmB;8kxI0-GLq~PjQwowq506G%0OsXDLIk_Zl=JzXJq(sJ5{C--G-vASq0T zpp^t`-k#Zt!F^dDv~O}Zo)pD?F(3YP=-YU}l8kOZIK6FR9Y%)7r?2HA|JG%#&7`C95A z=v*!|Bg_dvZJIJ1w~kkjkwO<@_BNoSFgahYslWdVc~;XC9dz#p;fw!q#{Rztn*I~a zm!cvUwZVwUR~ry=QyyZ>Atlffj6YybRj|wUnjfYdjjW)Hq=P(9nWgyDdoAgnIAx!I zX!<&p#gTbz(U~^palsSStW*YZ%NWUOVCM;LTU`{bLseUpF-NphtQ%h@&cGs-?$ynxil12@-o zW&j1o&XCUi+NzYTmJXJI4QzixOEu;Y&eM4l{^s5ueQoAqPec4f;^|#&BXtFy{+a$z zyg~x&yCB13;eGDIUv_w#4cP;NQy7c1B#Ji6RG@6NSKRpQ4{8H6a^tH=ZkP^iO+tFX zd`G7kzxH3iK&cI?^VJ1RpnJ^B3bm^ZuNczN$eZjx@#>Qk6T>;h&*XXGwyUe zvscr)cUv2WC_swW2!s+~7#EgM67Uu_`O6IKZiN&$27H zd^BF2pORNWqVL7Ig%UhBVrk`W_TQn+|BjH7{ZIclaj+R(U6TaHzLgxr`2EG?C+e($&CIkn9f4l zAcNp+J#>CThU;ar0XEg=w#w#d#)Ff^;t3>L==m9GzQ6}G9qRnXh4`7Z?3 zik27qNSZOwX10OW=(eEBz&cd1F4~C$IAl#_>QJoC?3-c0)<3ow`l^;1?dgGP3RouANutoXdjgp7J1fW-d$0zJ ztar8U4ujX7skNzSmMcoJc1<;v5?LLOMk26GRGIyo@d~3ML$edSMx^50Tmy3}Sdm|~ zZ2?Q+ZtBej@{Sdkm~P)vMNNX~R6>1Q<~JY-WMAFCCJM7=`G)54V6F8=e%j~_9MsGH z1haiYtb5Ho5|@GfAR8SVd7D^3q}ZJ;3Ar~ZRUPKA2vQr@%V2y-*lPisd2GN4dv!UJ0@7_%*B@ zvaH3Dbj>og$Uf7?pD1MqgR`()vZ`cvN3x?{X=I0$4XP)zIHqpq$%+H&?nunD^?t18 ztdzD}K%uA%OJ$43$!_#Wq43cdLim32ko4QQ$gpBU15wK5Lm=b;=eGr)rV zi5vd@d)a;!`tJ#BP2J4?)tp)<%Ew+lv1Wv&4tNhfvd8Ta{dj9&8*4D85Pn7G&~k_A za5PQke9L>ck1_!#i;ex=&J>Tpu5o0kA}Hu;YLe*iK-!u=5bj$?>9?kut9<=gJxarp zLqCf-j<@_m{90x|VUVVVrI;wh!dOrvsQV!wtIP@*7eiMa>^KN82}f z(1I0Nk_|Z>MFw+j^U?w3@%eo0N#o5bO6By);Gvs3yB9$yld%Bpi|BB-E*DF~!(M51 z2VMiW%R$5MM3#qUt?W7D!T~EgxrT;C+nLM~vFFJP7!8y6`;`Na(Qi&~HK2Gw=rO}Z z!@q_yyA&+mwj3rHavuwV(4V3uaK>H@TStb+ifrvhgQms^{?SoG|FjTzut@ojj2O6xm|@7=Q3c9J{_;D z>+@0ICc801ZBbiTb`2P)d%%lZY9Gq~D1brjwTDaq<71HP3GMvp)2)^Xb*b)q8XRqUqU)R#!``X0F(RIS!Dw-Sv zv*c9Up9_-@0ETt6jyfg-u9HHUm{^bZL^aG#bzq0AT930meegscFT1%yCtMwh=0~DN1mOs4lj%#D(_Cy=y5mi0ZZX`A} z@&~7kQkNW<`{9DK9kWWOK6)Xlj$0Dq7MvQW#uy0(dz=SQ8srB(h#YwF-&As6UTU+? z_z^TvA^|>v9B^2~>*;Hj1WI*I4w>&q6d!3$27^tB& zH3l9(L4{fZsNI_tF#$P9BR*-${zSDZdIf>C;DvNGf%!Xjl{k zF&2P!L~UI^Imnt;el1{Kii&4Iw{_Vp&-vspl<&hO5m1Cv$%38A8QXm7fBxZ8R+PeYZ` zk_SVz1lJ_?urS~0%E-xa`yL}Hgh>&wYS+ZZW&oE{Ge^#V;wx&Lr%j@^QoGeH*y3s`^8Brhq+Q>>SaQeJ*?v}0D zRzDx*e+Cxy6?Ps~nKieBBiKTn*Px0DZguNJ#g?7JtCR>j%bEdXo>?VjC5^6aI86!B zwLCv&i=4_PrEHWFC z;qbxj&he4DvPZh|d)h6OKfY)o-iX{m63H;#iQp1VKz&$QQb*F6L#qWA{=+}XLid7q zd>ea$%*bQj`1zD}lsDdAhvVS`qat*(2EHlnIAhVCtRIvq?^iNv*co?|)J&5-5b*v= zA@5gF5==*<*%n+WFM*J*8CdPeA7io>FqMJDT$()?-rHS&OISzxY9;>|ib*V)e%MHU zKY4%hcdKAqQLh(Cr-ymkGM#>@O?a~tiysP z=3a1B>6$V#u72PSc`Ghp;yIfP}ku%yj9Mg!LU?nBVA~L+)8^D`LIN+EXVn>cTYWSPw%1VB}U>t+FOji;tjF)F! zEGR5~0Y%&oK*2ww;o5@j#Ow5b!fVwX`8N0bkOwLc^}*nE4j&LLq zfjDdFF$bK70`fvQ2C>ItKR_GU4&G^55*Nmli)0M_yHf(O1KXfFXWHtpJw8{G;{nke zE0K=U{=G9l#`^hEX!16qDgzs{HfiPV(x0HAxmS`7!bCe*cAKF*r7y8Q&d%)bTS&7H z+ngP%db1&J+~6rpcjDBHq2mi|h4hyo?Z2SCWR9FJxh{I^ypUnHj{csQZ%C=KV*ldB zhT>xAAs|LaZ*S*#)goT4Fm2_+KA(cwkhn87Dd*65C*MPG>XqSY8Shd7?p+EBPHio_ zz1~ZhpbDczl%W4&r~5rz<*VhhwCEo=hect6>B4%BHqNJpVmB?BYbW53)l`Bvnl4hP zrkH(YRVUkA{$9;Dvcjz^K27(6LSCLdBcsG#J!vz<&!L~rDxv*mPoC<*zusKAc8Yd; zYSB|JZdA~U1-&DQ)qiTT;iYjF2YGrJ zr~8&gI@moPqAgJQg^OJ|Hc=;{EStHrqf&!{8eFCQ?!#CnAIi=QSP46umpyeK7y-5G z2aj#_(`~gOTijDs=1XRy*A5O6x(T0bH)U>nIwCmDG3v0T9~0&oC2qrIIL|K_A?jUD z#q50{`2%a7<_g;$@xQE9l$NBO4{+yh4H;jY2vjvlUDrH}Lpl-Cj z=JA2?OH6u9y_WF>!+RBNXl^5y%c|=)%UGan0nKL3k2N>yY#&F+Zs9GSY8o}P5x;fSrbaj?4Yv0<%Js$gF^~+Ohe$)XiYYVJfYBaIg@6k_cO_bF(K>k_lbKv=g z(ip^Ze)kEeyX0fkXgLugk9IE+P3Rt(5O^DvFf91xUX;~+ zqaA#FtZ0a2_W3RDFte#)Lihw14CZ$ZYv2d-YF<+(d?(Sc+T>x-O{{3~-ePFzOy&IqNN2d) zV#e*hEk&};q^o{8gNc2O@RZZ-Kq)li%gu1iA#m*ald?Q=|@~GX{Z8feb00mE@iEY zu-3F2g#yvud)F97aq=F;qBhuVwT3<~>jz~~W8m1(OvPG`y;$L z35Bs(8Yfw3q7pMdBN5mtZr}jPX`}5MpUrYJ-jSN%{Zi1)EyxO`4OlAa&0a1h4p8!F z)t9v54Z73rGldj0QC4;>2^fxN|8R^?gzTCTPl~sL^kv3=2s@BkL@46KeJ0*EIdJ;+ z(ecC3Sd%MW;AT`~x;GttkM;i^-0nWEQRp`H!**CMb<~|StmA+5Iadk(bOh1+)vlK( zu0C_l2Jl;~wFAwLsV0o?4{w{RDBDx9Z%Rb9O zGsai{N(5?nN@DJy^DZ$Pv&+(l4Ll0=jz|+WLs>BsXNbemtohDfajUucci9&F-Kcg1 zn|UZ`#%^&DR*JA26VO31DE=L{)y!e`G#sRe=}~+#g|}36Q0rOzq}wWDujD4O(hx^N zm!LYmv!z7Oya7pfAiy-pj9|Um%UMmQz&N2?#PZ|dYL)8chM#q7(@@EDNAPlFV>O%L zQ=4fQFdY|F0oOfw)cTD8cC=%m?1IoCaNgwc!k}VmQR~I@(TbU(D#gpM-zkE@zF3*a zSq-<~JN>k&en76g&qm2;@?xEf$*5?k&zBZBu8--?lIxSEa>@QFXurGvTa z{|dJJ#QluS`n~LKA|t=zX48S{n1sr<%q4bFLjy3(FK(0*C00vpFhPC2_W5%-(%;~x z*(1q%z1{6|Eia|QoxRd9W<{b_!@(XoZ-IoAb7pOG=zL_^Vm#60EKJSL6=U5xKSG`m z_eRK~p6XJeHXVv9ERiyHW9jhr0Et7>TzEVl-@#94U%S6;gHXT3mSQX;%~L@KDx$4D z28eKAslk;BxieFfEMSI^YlU{xP98GxwPJeMY$Oc~hAtiUCxpVFeD6(hS#rv>XU`G^ z>xf{VY_bHgdo%L&=FiAQ5ajyfs|>Cq6WY5xpTG8+Dhe)~ksf4D#Qp~^qS$DY>k`T# z+EtnE-Slz5F4zbmN#;B{d*v!npU3;eTL35$O6=BB`oK!oL1N*y=~{?C&f=PZf9mA^ z1v`XMlwX6}SXfO4YYt|}aNpv&7t5(7fJhV`8>YERb?rjo9f0(8S9T)2@ zz4-jFoD?w~w$bc-Z|FaX-{*C!ttbT#$xeS~NTXX^g=-mc2swsXJ9A`}g$!}_2OI}_ zUJX6O&BAJz1DjW+#YQQD(=dz3F$k>&5vE?qOki&>H>yDg`P~xbuie5uU4%sxY#;-J zD@}BD4_rfz_vUWhTpd>s-%oJtTFQxbWn9cf0_^G;1Be`}bXSV-;ocwa#2Di5oCLDt z6U8X4SC_=+JPLZY9+}9=xj6pu!Pw?7T;4;g>s5NYHWYQ{y-JO5*bkbloaC%s>CU z?TN#GZZH)8U_s5$fq;6&fq)49rv~F{b2@b0`A!jz75_*$H}~_MQ}e zUNKUxN}V;XWS=C)fGx&0RyPs|;_$|1&mA?8IQ4c%y4;r;-+>)RfYAN3N;4MaN;6hK zK2BlAywu^h8TK8OoT*l%@R#~9IIVjRnh-o}NI&kXEFfkK8i^JL%8ptjltZj)-<1p5 ztVJ;^KVFhNQbuj)UYhODY&A%&6Hm}sh#EqIg((MaXrpM&m0g%PuT+CzT0k#iMj|au z!a`$VA%n9Qb@bSRVxjW%73;&BB6ivzEg&m5Cps9+s-O3cpTQBl&pbLY87ab!+$<cJSwa+$Y7{@~c?E8eN|a8E{T&ZHfCCn!X@1LFdi1*e`31$(Ts0;}d1OdL6&(nwI#OP|+-XgPjWKm*>6SW8+ zncj@1z#uue0RJ87>o@ZrHAB_!yMsysc>j-cL~m4OH8E;^=NbQNqs4&TQ^O}KZwyi= z*CFE2hzt^fk_QMTj!Zc$ptOT}&Ik;ceo><^@QX+wtqDWB3#ga`Ra7zrW;N%SgF?*X zG|M8Fa(3mCMIMHRPENo!Qo4Lu199pu&xi@G^N$HFnly`?S|K2ZK*4B$4ilX#&`og@ z07Vph`C>dcHB12Ax zJn3iFe3~ouV5!#{mIjm{Wtozk&`aN7OkbHZMyLfl5Tq5OhalL1u<7@8z3UXZ z&CFRLn!()BczhvhNv3ES!=Z{2hhR3nR=;BuTm=TD<(1HQJ$XMOunlk{S>?m^5t_CG z;#5QZ8!H2dkC&YH;DiZ-HbQXHKsAh!`uIgbvoC?0;@cKGwDQFPv~&T71V=1qOVx^! z$KP%fXR0QX9%wc}(jtD5si_GheN*sKt;+3O`hl%!n`;|&`5#0@>*6k(m6cg~PAVRbqgenD73^T}v z;p2-FF2Ehax6_(om1BsFRlye~F&4l{V8O7o5>0XNW+E`*C4-tFh-5{pL57png`n1f ztTo5jhD02Hi?xv3^=+YdF^L{4tnKz{7N0(ASMn}Kt~iA6T9gCmnbO_01^edsB+HOu zKwA)tfnTD`fUJdJ4%v}{D*)S+zy{f7!`Q+n=o)&`cH}?~h?Qh&rlugCpoKi?$jFO( z;HteV{ijAgkOr;ztSc`}@(v370FR~g@6;IBS&|Lc2zuZ)18}kAKA^w=>BVN)Jwzl@ zsx%%NY7MOvQ84ke@I%9Bt!TYpQm`Z8@ejEgR{yBsBDgvlc+K%7$dt6~-TriE57x-} z(m{A7ZnwC<@*?&!PpiXO85XCseqvNLnH6aUHEmKS)Dc*zi`yz0lu^Tqi2QW+4}E0c$a?C1_wrfqT_ zdjd3}$>V%L|HT{jhLP<7BkVo+t}R{1>)bG;-Wo*59FO|0`eJ0v;k`ktQGDZ<2a$Jd zP06cR8t{1@o9E;>50mdSSBg3l0cUG`$!6lKlM|RLaxl}i6TBK+LMs3tGok@ZqA3YT zTFX0dwYZ*G?ySHIo zaa#|OF+n)y7{=v0iZFs|0-CsmYw$YUBDp;xV!B=1zEZM4m=QQPWC6%f2AX8UN~QAO zZBtiZY;EYA@T#DXObu610=2Rpe%Or#$fZJ5E-phJ7T5k!4d0uD?@zdk^nk=-AUbln zqCN3oJU((+&J{Hb~mgzxf z+YM4~hNUHendMSU`UKF1{dxT!bZ)UGtD!*VLr#pElFh}AV(&!Kf4`8ByNOa@HJH1O zmR>A=`MB#QSQT``30I9q<6iG$a=GJOb;6!K0ZyF=a-?J$r7am84sb1H3cIpW!Nj1g zehv3s`=i`4PeEhJMZ4NbK@B)+9dQFJ%6Eg^7?B_6xl1JSfHNy4(@Fb;Q?)=`CoePI zk{ywy=g!#6v=}7zVlWZqah;IaW^z=X4}U_QpU7r~QSMiXl<)aL{1%-Uij5)4xtU#4 zpYpKQB}S@UplA~IuWzF7+F{>BmWKy#N@XXZxlx&+P^DAT;@Iej(MiK8TEqntr2JMv zwx|%@+F0Vd9Fa8?$FfSz7JNA|5j5*W=+LoYO2l279tRK0d7zD77eQ7<&^ou0i-$xRo!0b$Dl1Zk0z4#m?R#0Cri_1ghG@P)S7!~*yiOztFYyu!)DTzd_P zP@r+%B7Rdl&Lf%!r@> z9?pEKPFMF8ILl>x-7L@~3))@?TrBWNM*s3pV2uaDV_GaDZ5M2}zL^5I?lfmDG9e=p z5iC$fe3P%>Z=wMR((J;bGDRm~fsHQU%}3-SUX(XjBvzST4P%r(bPgdFOLEaEI8Os= zkXDd6?PM&n#7t$a5E=@T*#(@bhsW54YDT3dL^RA1^VL3+CUfr9S!RG-uU0KZm zo%%eS*>qpjl$6;>XH#%DWTXWh){Y9A(dvjetp>R6f5K#koGhBl-Ka6>-4>;Ln$h;q z74TgcV-38cBj9&TTKBU|D~gKu4qW0ly_*zNVaYVC9o@6(nX}=|_(QJYFzqT0;+zGc zrcLB$odKYAgyZ@Fpgkn>Vnex=iSk%g1r_p$QB`%e4usoRF@Qr&kOo_zdmB>M`y|hT z4Y+FUt7fj%YM<;zbQpvH!`jTuuz*Hl{SmA9uBDS-OaHhN%2$*-#$z_#3sHz?YdXQ8 z3JYEMjwClR@w1YsFiYIfd*(LF!X5nE`o)$k;rIy~>!<-)pz&F1lN*=IznU1_z8<4Wl(Ona)iX-R%V+o=`r-a%q>U=+;8FoMgBDBTjg6K z-UCc?QlR0YNb(#S@fuvesL=R5EW5@1@eO+C$*qCBN4oB<2gr?RR>C~HD2_A zBQ)6Slrs{_cS)q@tVBTqm$5=qya*wAu|t=Ug}Fyf8J>#GLp=XUL(Vsz461utg%*t1 zMzz7nXccgWAkIT7V&0IPu;jrmP&8}vHUz$s;5^edQAgc?r45Ejc8nED+7+CNh^iP_ zT38vLtT5(L=gZaoVNz7zj76ligQW)Gw*3+w26utPOuqI{; zuoR|Dn}`YY=&)&pqF4nqyW4sTuB2pQ{yg~`oti~yOxoE+Lo9grJz z@V7Ss{(xC-3jg@Q`jVG5242<+L@42BIT|kfqwwcJw|ZfmQ~oRwa~q0s7@MzO*ZC55 z0eD`iV#ko_fj-DjQx!aqB%OuiUmR}w$oq*^1EqeQKtyIEZ*?y^yHema;uiAXSf>io zwlbT#?${d!N^vE&t8-8cUAJ=2VfN`_W8x1ri=CVfllpQw=%?EAbUK{`K|Vdial$YC zeo%(M7+N$xu{Q}L%1PvaJ6{2dMLSN{QC94yHQmGoQYmg`diI#uF`ej6Nq#px47aWw|sG3KQV$ZD8pig-4h+^qwo@?1ME)ixlqt5vFz`*O3MZ;4Zzuf{5Fw;-P?qrE2qMCe*7}yW^c?bpuXzkI zNjO(u_oMhh@a5qu?mf0j*^9bb73?3lOe6!0 zRM+6#5?sx2Zra{JW?MxJ>m)v$A_GtPlUp6T4pD9$ta>m-Fx0=Yz?GqDqw?U5(ZKExd(-cIClWPx>OR z!(?~yxd^lI@dPef$#%`@ry)rG?RKYU7?kl&iHK)nQfTltdHmZ7Gk2&b2U8uGUISmx z=t1rpj*kXhoyFjH9VjG8t7yVvCuVY*^OZ#3;=)=wf?qwLH2&yvlKf5vimZpQm5zz9DS@m(xy!I zHcij*;Aj1q!Jd}DcKq(!ZC|@{7*X*xJ{%iEC+35CF@((S=}hEc2*~!3$6P>Z$A>NM zNxTTg$;zl>ik-5Gi+#3{Z|nl)#;y`?xZIA{!%kk_j3Q$YTr2!~Sbv?3XoI`OS1IQ{ z!}Y<5*PJ%56Akb(C~3863{^a|Eg{GEDQgwT{X z8)EUv)o*>-DWx=ne@1N-qrgK#HHW`f<_neu_;`9V{W=)e77x;P9tx6{!G&eo?Y2UxpT06$=$fo=n!IKB5hfFlWL^l`hh4;@mEC6fwr$&1Z={o)Qfl?!p^O$uA#aUK7%z~(Un)WmL$gke!Uuaa&v#bY5q`mTVN(_l zA4Z;7cgyTZGrMTo&f&3=?`;(>xW8Mfcmq{|!F)+X$T zqieew{$SaCag_WGLRaCSzliw#cwZtZV6$PT2{)JI@sg8sPt1`{5}Dm~L1LoRgr4rf zrh?>*3lXIMDv~VEA28eAwb<9p$|LxbAJrmPcpaJ&D)vAxSo5$213!pTd(q#MR|t>i zVnb1({6PU5hrx=NK+MPRo);AZcpw_jxy|2YsTT@)iK1vf6=W^%JtULGfd6YSDK#@Qq8%pO7!=gJm?Co$sf z!yDb%`!;XS1ga!f^!gffSAz)%OpqNCPZKNL%W%96zfiUW-Q6eYzSD>AKeu*#mG#Qi z=O(>*n>ZFDW^D*R3M^jf5e6jxEHhg}Y-4kZ5pbswxNABRLr;@8-o=puBlV11#&32n zpe-UIgYCW1jvKtDQlE-Wg8#usPosS~b<9!M%W6&?TD~jNUN=WP{ny$hN%41>1TnbK zjr7LSieTWu6$DrYP&4gpSDH#r8PKf2efPqIjz{K06spkZ*2lW9DBj}T30Oe7M0K^< zyls`A8KS+Eo}J$in%cR^W@B8`wo7ue9#1mG78(r4!%Lu3_wTBn`#;tflHQ2)GFBG$ zDuS=Y?j@3?c#&~NS9qpxno*BNQNsG>ZiyDhEXi^*ydO4Cj0e1x@G0nBi%RDr_~a0J zDTmkqdiCndmNessC&uvrkDO6U3!bOtBT3Uxuu>SR!q%tjT`e`5_c~(ko(7QzVVaqd zb|ZC-xn;uIi#@rqO?GhemKH{mLTRE^)sri;v(HY4fi9)EyBQn8`vvS@@}295grD%Bk@lHikw*|xz<*Mb`kT{Ieg zCW1uQ0642kS=AJkEmMo<`Ml)!uguuBicIeakegl7wNB9H65J1FQ8U$O6+&xtssdlr2XJl>e~Pf=|s2=BOL!9Ud*kMloRL>(+>w|ehi6!-mT zU`?BmgUpJZdct0Y@scX(t9}&ULT?+EBIP39hMp@qs~5{Di6NE(fKM8&8cbryVaFrv7O z$`QOtyJ?{-Pm8>_-o6Zy(bz?#7o~Vh%t;=$Oq(uC5WE8Q4I7^jw!-|=*hH@RMl0(q zTt`!6qKrfPA~H8{E$PLvgYS`lTcdb~nwGfgDwa13(?-m1KS^s|E0Vu|AB6+71 zHLBrLJbzQ7dcKUKLtJ9Fy16!bRqgd&`MCSIaw3SmQEy9Y$!TzH@9f?$vU zsScyvJ=T5k_oo<$$ySsxcPH?wT={;!-}W9PlcLy5dX84~Xku%(J6*)k$`OM?E8v%p5D6w2|o0x`fyNe*On-Dkei7PwO8n%J^BnqP|Je)B*dDDVsdN{$dMoMy1*MGQ_5)+9=Tt;a$7i@e+y34rc7? z5gu2UI8f?hx2hK3(IikWq302ekHp>(3yREW$;7pC0)`GaIBS3_Opf>h1D@0p!G6VO94&pex$X6!t6?Ga~@6c!7fIBXkqO1_COb9Lmsh~-fVtLvcqxiHw;wEbO4 z-v9E=ucOQvx?}c_TnCX?YoJN#jSLfO3f1KIr26Prq6iykSz9YZV67kDzP;NhYt|Y& zLnl_Asy0z8N@DB@^!NwX4c%G*Qd&-Md~GN=5T%fkhkT>0Vm`qNoy1A@idl;m4Q5qx zst|v?g&Gebw2Fft4#au@Zi8iv;lfbID*Aj%CU~TgAV0+C6^pH(LL`YW;xNdLL`I{? zB$G@R`D~f1k2h79+ING+;UotOj?!P-3HAB`XgL9mg84v7A&JEXg`>?&8k@W>H;MPZ zSa8Ld1&G8S_OX}h^M4=kv=p!sw+S~n6U8qY*r4V>d3!`jd(9bkIM-<6Dw`;%+2qs) z_sTOvVhuUI;eL1F`jVi9ZpVR?$>}FD$vh(qwL4Z51#@HK15O-izRwy2XXe+$){0;+ z`s*8^{rY-NoMRBMM%PXe7kj=M*N7%MtGB^@a!jLr>Z1cJ!b7 z7s2}ZH>m&jqNV>YQ1eeu`5!~7?`mi1@xM;0Y103s+s(byrQcS_wkf=%=boDt6^aqi z7AwYq%?*}U-)x#eR(|ern^mN!c3^n_<8;gVRoKs7QxkA8@VtN^!^^HO272!RKdWc;C}w>E|5pZ8?K;v>)7*F~{eT|E6x zvtZ0Zlyd^J1&YDj2J&|^&RVK}%RVd(fYFl4S)WVZ>FSB1ws)26T+6#J-FFp~Y_l5YMhTa)1>+0iwqd^A-06_Eqa)#-)zS&hno z-KGEn?@=9wBN1gw6`uCVeu78~mSBjaqRLBsD|mP1hO7Hpd--IayO}LTghLhm{>BEo z{ce^c%0O3jqAFmGN~oPJg2);mfQ(BIvy(2DMhZlSnw&&vX+Zlw%NZLC$Cct~IStx; zIS?#|RIGL4lDt1tn7u{yG8A7JzQHi$(2s@3O9r7^XJG7l;36DWbO<4BwMl3|pK~>? zgy;#oD{1ItqDAN8+J&OfsK*7P%P5WDd}!vb+E^q(cG`{-v0vtHANl0ZWK-q57Q=g0Vp!&k8-W#3N_32cS|O;dKsD@Q#*$1s>!M@}UhoR_ z8dNZhvcy%)G?sheS}vZeZ?-@bBZQs%{!^*7BmN(*{{Qs6-{4yR^SnPay->fZ924l8Os3{Q@Are^ zj9qld-VnIaQ3Mg>5C0j?B*NsQsS5n{Hh&!nn+(CyhLM%2hqmRHRA&I5zcQ9sh8k)GEJ8u73PgDXW*OlcWEF zFdqJN#ZR}VpA1iax0|D*lb5HPIOTr){CK$X@$zv3>f_tByq_w@=O7}4HM5PuiUk}97xb{5 zk+lx#t#UYJ^}TA}A~4PlF%~DL{Fd6PB_M`CTD-Jr8EyVO9JhJz+Ad)cgFk(tr9Dxk< zE^iLUNoGq{sn#bS<|ZRQk0N+p6tM{aRgIq;^r(RL0F*x`5WjB<$!2iNEZs8TJY2)yGfCT02`rscSr_4Y`4TmzL|91QO3IOxfOE1`^HO(Vt-C#>=W33?i#R33b zo6lLb0De})UcI}Ew+y_5S@sj5BYg74$7M)P*ataQU)yzTZ7nX+V$FR?qToMXrFQ4h`$M#1hgw)q7qa%y4rq8+4nA<53WYjq3KUN8itRwrJc@Dg`7Zecoexe) z;W0TICuR@dhfX`v_z5UxZAOy8HZo+Viv11_r(hEjKP|ghKc|hESV9N`NrYerI=XMFat2%5Hu870|bDzVdTo>i6Pk;80VCb(UcvBj|Yk>1D1` zO;X6a8l{Y}(GUI)>lAr!=1eoR?~svp1Fb*pX_E2i?gDmH9amteITw3hBXgc#X=oY^ zoYV4mm#t-pdSu20!@gPsIifM!-vwHu@)KV_F+Vy_@z0(Bqt;iGxTKZ$RaE!9*Hxq5 zQVjcoT!)yc!&jir!0d~ zytFtQejZ0&OcD0mh2IOpSqX*?<|xNR#KKS-3QhV|_Tx!h-PP33(M3v}T|I*3jfh|Zf{ynix$fX9ZaPdDFC}~LEs#_bu9=`y&d8_t{%193dH{wO zm5oGrN)O!z1V@xl9C<6Bh}(ML+0A)U5fdj}WG}m48hY-{(i{orq z@|s3FOsfJAKDA|2o#_H}jO*qGW|tJd0hayYuv|j7qUP^aVJ_j z#*NEFT?8OMw3%K#RUZyIURwTTrUz282Uc;ea9GN4H(&&Ig3h|ZaQ3*jY_iPuc7+x< z<1(WZ(zZR12H7lP=3ndbNq(4g*{e)Ij{Sc^VX&RBtO=kPfe|aLV2RXz$7=8&E%Lve zsQKZI0Jbb4-zzkPm@MGD8XMzDzSXHPF=D}rhT97`u!BR%ecOjg%z=Fd?BniC8g?w! z8q&yr!ZX(Zgv&_t3T|3%CZmh<734Nw&vXEACSh(f3rkl-f))CvJAzk_H)kGUlj zdCqGqOcpxDCb<0)bZW}Xn&E7SYD8G9FQ0{E)-$=Q$x4iyQlNH1a38+WK?+`k*1em% zIz>d6l(}OmC!^o|wCGhT;DY-R-twyNriMx1uNq?cF3F8p+7rX8*}ODJ*&eKHipIHM z%?QUEm{ppY53X0-M3ba<<;TP~A@*CxI$Oytd<(H)AgyQ-HaZ}Znz-5J4jUENkq*zo zbba)^WT)Xh#JoZa5HAn#NZfayG#ZCuYbsnBE!T6?CII|Kh8wFJLD;ZA?p>!H+1Ag} zISMrWxoWQ^p|>5}sQw~$NKm1X1{S)cFi7x?BD@Ywgory6`5&ME2p^NNbix^=z@PY_ z1@eFVk);SCthic-bWlf=ix$WEA_(UdoH9ad3FEf;iattbmy*x<{}MyHaCm#~vc%6mBN@WRi1pCzqL zubV)nc39l7Q5<5RUUO5$13vpj!EVLAYDok+c0)=N$$crzPKAG$#??B1b`Sdykc`t>>JC=?Fttt6YuRx!htJ>tSlZH~o&Q}gYPIuQ}*`i^LIM?D=0yt&VKTnIN zdFyVn6SK{YW^QKEdQjM0OeU6L>Z4V#h^d;Ej!)Y(FX8wUU&T&n7<-$DFUWXsz%nQv z42;ANsj6t#V1Z5*HmS4y4-ddo$Bq&qTN6X00;EW+E>TN{{v9(W!ZoZWsy3}r^R+zO zxw#*3wedc88Kp$MAdij{=Z~pki1msPf;O-})m&5aPS6pxG3C+sU0 zuAz`;#w%jGNB(p*EZOC}%~mON#ZI**R*qLU1$+nRFGF#P@_)}64bV`cZkbtqK;fX-V z0&JiBGsVI#j*8MknIgdNv%}B38IQAhcE@PoJlk^jSz!Qzaj2S86s}h)EEyC~r;F6kltqLhB@aweA*k<-Ic^jnYG zAcYD$e23;V%=nEjxNT^H&&i5aeiiIvcUmSb;It18~&(SrH-Gc^{mCjTF-AH=GM$=2xs*>pgFN zJIV-_0UG&YQ`YXg4bv$}fKoqWktA9%frpQ66XEkM<(C`|j{tZo61AXVE|Ubr84_dK zkrt8R#jMrkOlfHlh3FEa55v*~8SWp36TYQ6=2*wX{`{wd3)Qj*CKCqb&x(y;qek zjyP{EL1N-d6Btx8iO5ij1zQIjG{%%qlW$oew7HRZd+}A#7;t7GykU3?ki13np!KjS zP8OCu+jv{Y!Xt5X);eR;AMy1qOBY{r>C~cBoB6_!oW8=6*?IOB7fz?}4JzTmyHFI= z@dVP^MoS&(+{r|d!-H&JF=19>{CFo?w>N%N`|yNr#)9SDyZR7bF?Y~-n?WKBQ9Zpw zPRpeQauxa5KIdp4RvQcAM~=T(-`M*Fe9&XT!S5$lahstJ^w*r+> zia5bJ!F%&}u`Ve*xVaUC=DAb{$P}67^}CN;P-aTn`GS&W%*>*K1|l znNcED${))vfFVK(Azyr5#}UD1Gx6&uV4JewILc=BBhqkMT%b@H8(gz65FfHoe*4M; zX>sRzm98&oEaC7REM;v77iJiHvw}yx~Wr&=&ZPH{Pbdi<+rUJoS3R^?1q+t?C zZ>yUco5Y&S3^FV|NEpR!l$f^>Beu46)H9NEcNkM?aD|8b1WZg ztf10Gp|vS<>ckBX@<-;S|# zXs}ZOl!B1x3C15*eg+nLs=|g$=KAodem18891R@@(F3-q;>UAVmgXMRLkmg`HP5ep z1R?0K@0-zvtS%SjCuAY^tUL;uUctiIjTtTOymyA>E+{c}ml8es=nL2w6nX0XdZn)V z?b1G*vFYc1KFh~s*gCy(P+hUKQ(z{Li0`Ss8TwqH0s<4t64B1wRG`7{)3iWp9OdM-T)#}g4_<3{(w4B0T_bVJ$P=4^jjwp89#X- zTtxx|LLNGUCvD2(TCr0b&KZgTo$)MoCt9SesM|_Kd!c*1dA{K$Y^W#3zPJu}z=Ak*a*=_|O$5o3q-z41ILwh4c^yNbh!TW#P$6MW6I6exsNmYZkZ7U3~sO~mI+%9){*ZG}QcSta$ z%MK5R6iDr$N(Ri4Gb}UWjJhWLCbei^yKglHmp+ObBcqMW3tYG0XE>7BGH+JtyKL*CgYf!10YEuBkZSXJtcdQ%mF+oK{$2f z<9UK{i)NAm+nju5opyKYQGwPUh z+;DoDr;r?m9ouFpI*1o(Mw;j@P;#F=M6O>=tZ)?KD-yP($3dCA-mBZhUaLR|Ek=_) zzY-{cqh>>QDvkpUXU0%hw+4^nU71ydkS{Du9sfMR2nIO4+oxhn56Iop$dxX&m{1X! zg%IP#SkHt^nNIl|8&sh)x9TcSmhOrtWfn|}n#Q7%9aU~Gn5h^pi!lV@373_PZ$Kc% zA2V@k8o`ZXJ&r>5S_Et>G99*-;5+->IhvItyFzmvKWTgli@o3=Lw>v`!Ii;v3X{fW?jq4wei(PQoohM@8h0*De%Zo_w zVt@Syi*G5To^tA++yjL0|FFCMPcbk@{a=sWzeM=I9=j@V5T#QoL2es?C?AI$6V}Xi z;p&VWvGrbIw`|mMI%kg@N5jB+sCfW&;Lbe=}2w+Z%4*T$wbums6DpGNm|dgSFYYVp1|p zd@M}MLDe8(FsQvJxTg=8#Zi=&ZnbN^vQ$Bna5^4ote|MxkVFkCpk3j zjQJmVE%WEsM$pwl!AhAr* z@w|3O1%}f@ejLD#H1YM|&5t$$Lb~zi_GI>E4!-Yi?Km>x>&zH>f)`wzICJC6kbSzs z4vvAlapmd2`w?lEhw!On@$xf*5{@&1ZAU)>Av+$)GNQ_e&?!5~(pa^fG%CGoNxeW& z*Gd>r6obLcNJZd!4i2DxrSs;NxJY}8I<7izCdnk;NQ6Hbn??4Tt$R zDb6EtatTqB?qVJtMv!|U|F*EWiWZEfu#E$`X&at^^RjfNkvOD1cuV;b-b|sVJYz1c zM<#_%fVsRM!MkV}s36*d=tBq3A|q$2atHlG1CauukfSDTI?D*dP?uJ}XoTDWC zN5W(rj=EyoFoB{{n_5r&C~#4RicICmlaZCnYq|5s)#>kbhnk~1faUQOG|3~x>~4Dk z0Rc0{Bl?kJ&~?)jmPq?ZixYApisA|_en%w4X$c8c3$|x*q^$0QaN8Pvh)f=&RTRa+ zwMTOCOh*LKP9y;0kRK*PIlT!nTDmkd^)S$nn?oZKNu3L`Ti&ls5b*1cBdF-3EGupF zAZeDp8FWu~{yANVi)dfCXzuw$Q=Q3h&krrpF&Bc5CaT7W%fh7@GiWYp6n}4>>U{bu zaLW$O>u}d<`i=g^MIcA|FJem~Ou=fd5<(GDre;Y4Y6mL|mTf%fR_~gfvZN2_cULR^ zomlrKqil`-m~((-z9>{dbS}wU0tqL8%UgQZ>S%O@#XejhU7q>^VrE zZLQeh-P^Y$F2r~OS#DBqm z94jgt`3-VJ@yM=pgm_a|3ODg^+e1Vujz^NKHy2L^h@X75u}1LFA-M^Y(0Y2c{^-b# zL=@P=MQVs_u&=e2XOz8nurKT~fT3{b0NNWwZ4xj79lfTAUFdTM(9&rkhlstIj^ijI zjH>Fw1HJbsCtD!G8*+puMlJ<^tjSh0L8O?|*|+#@Ip$u1m5m)KZtKEO_(oB>#6K?( zeN^=~P=4-}?Gnli-0EZBiQ8@3!-q2)KAwy^W39o>kwbH)V3c(aZa){5mA`ggETGNh z6(sMC-sL)d&RlVc{=#WhXQ4is5ei1~th%^W?AwWDG?=!vSLV0_8s}lbH=;HS>@G~d zmm>nno~d?^ELw;bDLVqq9v*bd2{&!SU5?x9k!J)*%gJTkV{Ip#p#^?^+wm~*7dJp{ zoy&d1BulExno3sn$Bvccr^3G=EA&13uk8Z(i^Y!fCmGD0TJbV9;YE$e;1&M=o;&Vr zCx&uF1OQlO`Y)q$->k@Rqv91f#Cm@ zmHWAHOxIfBh1;!yt2O^xx4FX(Vq_}aGEeqhMd34ju5!F&JCk3$o_tNr?+skPt6mMx-897B%k_>@I35gx;wmVp&tJlbaTe zs~v<4N*7T)xoHDoT@;VQjt)TNg-T1fF)LQv%7X(B)*Hn5*uuf?%}NtEWN*yKdx@>Yf4~qz}U7qry~H9aZ+)lhK;c?n?$-6;e;t! zOqnCZ>Y`?ax!BBg&V;f=V-ZW{q7{sCXRd{9Tp%QT+Vc%2>nXb5AF;gXp3bAY_t;Huw|87?$J0 zTSvy|+oeRyl`Y^x9P8P>tA+=$)9z-2)7&e1rEJoI#?EPvF>)%y)=Gt=A)YxXg@;L9 zw8>hF-tETwe60?BRqUNj2HKr%Hd^JwT|q3gR?dRehHvRN_X};;U8Hm>qKPjf7oJ{T zH}1E`YeYT$;e^7q6Yb5*sMIz&=dronVJPA8Rf0qWJa+?n20G?JY$ky0k{ z@0tT?I>_N_3O=f{ZojEaO9BvlN2+@+O&ei%rr-c-15_5dnC!j{iV>3^)L6LK_z^tY zJuab7---&CG|GaTF|eiTO_lfTc}nd^7clj6{Pe9cH*^3tmS$!>0lBEv%4&2HNr zEM4u7&|gn`BlAA9UuuBz*S=3y06lhq?pgpJ!f%002+=ewsToO!x)76o;@LCN*=6N8$v=^U9z zsm@Ab^oSFbht5m6hx?7^U&1U%yjAiCj6s`m2g|f?l*$)Cnn0URILyZ2`9cjy7pv zu9e05j7PuYoqM(K*y>a#9wF~5f?TgrT?Zn1ZEOAc`CnKrW-%aeYmxnc)fRe&&slZ40T4lno-Fh+%nes^p`rNw;>1 z`ih6q#=tIN2$XWNDSva~CEMMEdyj!P@ynCG?+f|r07DeUcW>6nXu!h(+9)~;%TO$s zil335%u_c-^)R4)bO4W+%N4DV=ai5E5>DlA)38}vJ~H!#iHZ(k%72BRX27266Yc7X z98zVi)L^$a+>IvgB4Pp1ouybvi4R;%?!2s01IqHcWR70aK`szBBpvan6}fD6Ir>n|SW?ZUzmqXc5P79XhnbmWAfWv%D?VK=6*7t)_TbkRnY? zfw)NE18i^2&dNYpKFl<1_H%FS3|k2^bbDD48S;h->Dtjoj@Tm~41pfwC)A49Q2A_? zV1@28J>G!)sFg1QZ$d6@j-y(_q4`*L^Qy?!$&=Tu!nM@QvyUXYarH=}!dVI+k(^RA zK&+W1?2Hxg$S5JCcZ_dXvayOeCp>UxR<$MmE_{l1(6LW{>{UKX zrvBQ+VO90bQ+|KVf5W?4dP~V?%PNSFQ-ci|xrp2+QHm?35zK6$^kLD|p9dI+A_Q^> zrZ8P#Q^lcMgaW;&DH+9k3aBtg&Y*>DYcN?_jTf;rMo9!_$}TjaBI*oVdeYAu;7oI) zM(0YK=%o-z=uodlS)5)zTh#5HLJ)a7IHPhd;9*^R<#038bzpGwFQG>AGb*)gdyTBa#Vn`3!CS-h)}Yevs){RLwnAc}TRAR3+|Dv3 zw*|b>zaWuyQ`^RoDfFR<;z_xdygz#miV5~_Z9VP|5|gsK6upU!)WhT{kZ*w|V$8^X z{)SBqQ^|3;5qi}W-hlW<9+^X6z}0T2-%nHMZx}?7EBxSg-XF>KE=o>w`{!Rp)wFN?v z1b-Pp5c}_PT8^0l065y>xwdtGEMh1o0>}kv!NqmpGov`ZQ$~{o!i13KQgmGXxZ!^5 z@(<#kp?ru*cX1Tm%+{x*fhI!{vrA)7@x@RZFWL6A0m-1niX~s-c&vb84I#S(iRB1P zmFHnPkteDRY2t-p$QHa5r0>;vb)s4sj^6%=LliRA-pJ2 zynOD8zyW181Kf3<+yW-4I9{osCrDp$bLi!LXJ^(93D_ro#bWmWklAH`Ra*>v?jhDs zAduP3u{q~1j3uAarI1Zj`wfNR*1gD8wi?GF4ESD(<6f76ZOzG>(RRsqdm)g!H(Q36iHMRXR>OkR$@;tmmBm=Zjkyvs z%DM@oe3Hf1ln#P#Gn~kdMSp+g+pQox$}W#Azv0S-w&G z@2YF3e2{lhA)}q1F#awkXAUAHUHE!a7{N+Hy$P?u;rgA7#a9C(RgqzFh3RS+BD69E z#JU!IFT%zLQyy^{y;0=HvZ-GH_I;gf<{(*3xn^KBZdGSK93v+$jEv1}k*-0e6h0CI zWYeBEgmvv~%r8^)@jZA_+hj%{rRPYGb&*_3dv}D7}@E)^lJO0onq#o_O^%WYH!bVhbp_K>GOFlJ(*dB=hzo>cO(bOPcZ;=&Q9a2}X62cbz~(PVT~g zU2TQ3#BY~o6%WqXn-iLav9CN1=cFs>oKAtSYn6w5LFaxBT-#dM8(Bu5>Ae@TF!MO! zt&kyG<*4ITAYu5s&2Us4>xlP=NB>y?IPih~PASq3JuQrE%nfB_T`fF>XEo)?i?5lJ zv#YQ1s}=;`M~LB}?tHG>)3(<8sX@~d7Z{TBUN0N`sv~VNG!%u~7|Tj8v0%~0z{l#x zHnW^Y&DSeASc?enwaq{9%dU?@d$NcX;qsYNG53{@i6?M5s&UE!s+U!r9-K1CAyK(~ zPmly|@f@WHt>(Gd5lGmK7i!>V`|?_spD8U!aYo}5VzG~yK{qk4Sg`P*{7J0awWHsF z>G;WiGe8m(O6M=B6?>df7ZO38IKiw*JgWh=6bX5GU;al4_@#Vm>EzB?bVG5iQN+9Lc~qPr9?#RLb_#i$+CVj zp!2q6k-XEFJLm*eB?!C&sCkzFX(SIPl|qZNGgIHX+wnY>#Jwy>ZPf70L#gP^%Cb}} zKc2NJg?QNAyDpx!D~K9iCtI9NwSHJNF=Bj09lq9Ux9Q*kiG18|m~qB4ST~n?Y@^wG zS2>#dyrOop1C6Acih-Z`C2l~uVztdf^tIR~nmYQi%|P@lNt-IrOv##qQxSrs4xduy z^A-B8f_wHv2=L_&oH$HOtIRH+RInhR*OJ6|Hw_yj78lt>xER+dB;ub2w#eo8=jX$Oxm?7svroEKrU>$q z#|=(juW%0TgF7mqlCT6%tJK)abyZh-;{AJANzw80=)qW`Du3DZ)sB@zeFRj$ z1vX>jz-LOBLHnraXh)iT|2}>Xzh&)ZbNkhb9ugv^mNCwn!OeX?YjSWF*>?~juZZTy zWZHRO#!1Xpr0*%|shaw=aVvM2(%0~DR5?NT&i`37Odt^$&gs1Un`w8KOM-879T9J~ zR34m_>lGjwCU}8Q)pK$nn|wWBzIq<-0>re>F%fmmMhiZVU26OcrjAGLXyWF;z55rX zHPfBlb_+vp@@9kf7#B!k* z5>fWD)4LkkpuYUtE3lliq}VQ1NA(^*eKZv>#Xqmu(?+>8x3rwf zaurJYP7@#5p!X#1La~Aly=q?*Wpz##cT>E}HWvr?F4tG7qkti&l!fLU8gqJm8PZto zHs$ACxUjbqG+y5Yg03%xKZp5zwkZ!5*FpYvsfTPGG-<)sa(Nsi)-O6qLiI=fO17b?mq)8)EXa2;lO-k)j zM8&NMU8NREa~)K{M1V`hir?sSMSQe6h^fm7|hknj>*~VcHF;$^QBwD^w&Uv+9X2d*kU_ zFCM#0vYG0Rip49(3y7K6h1Os}&(@F()76B< zl$w_Q3`HA!55tK$YExNbTaCK|EZaByQ4YdUarm_nkiQn|;vL{67 z4+dQy|KIw2_~f@c@}`mJne5xWrJL{T7Z=8!Jj0h%vL^hC@Qdr02$1<8yoctcYryH0 zm|_YV8)rfvBb$hld8~^OeWi!G#yv5+5eBJ33!YMV z0QK`wEt5<|V42f;VKW<(-iGn$%%Ow^wzk#8l5d4kekL5ijm=!rP8IhRK%bvCeuavCm zg+J%A=KwT9s0YEP!f!KI8NC~ZjEJwlPBH6@zN8gP@L)0r!aB6GX3ZB%f9sfO3%{_Y z`?R>9^%nt#_$i}8v!GRhR@Sa=tK8R9-ZC4187V5qLliJz&mh^erv0a_nuj)%F-G@u zI387PL_`%AkX6}sU;qMW`KC>0KayX+%bUg2CIWZG^8i%7kiUiJxbu!22P#9V7JlFj zhz1zYS#`_p2@#tZ@2YK}^_5ifB_{_FlKfJypY-`=wNtrH$3!LaoiACHaD+|!-Gms7 z9M)kXcNuZ6sb%srubDh9{~h+u64GB1EgLi&38ty_ybMASG-w>?vb)OJb0W|P{BMMP zV|!?AlVxn%wr$(CZJpS*ZR_O3wrv|Hw(Vr{%=FCF{Wj(Y>~FQJR^7F5mE;!p0tk^E zXfp`PV@iJ(|q)Hf$_ohGM69K$jfS&TW5|k%r8N|RxV`$273Y_Cq8={fJx0i!xE;) zpgHA(*9^fkqq%BO3v%>~Nh@WZ^6CwIKgMY$%7K#wDZB@&_eLDrt_*aQVYNr%qp>+W z=3%?=*0lK3p2}fpqPrrT1^FliQ)`bZ8m^|{n}A2RxVmxP|Gt&oUxL{pn)d6SEhe|R z?beHSTGCsdxSt4UMZS3lodgehX+~Sna=tnsG>T1=)&9yneoCr9E&%{*@itGh)@v?8 zOU_A|@igzaT_S5vc#v(0I=;qOr)n>No_Pz5=x#6*HKZNHeIC2K`K-0R(k@uxiF~z9 zPz6644tZ59_ldCrW6$g`_FhB(P37xZkoFxa&Z8x#8|S5!)vmVtROL+p8R zrT#a#J2)SFFsKK#f#GGiJpkCeWPuWuFH!OgwFO$E1F&)bZX(pki(H6*hRAP+} zpm?j{a4nLrvAy?o)D5PI!Fa7{{5^bogxjg>zJT*hYcQ9rlfqy)3iu^rSgOhZCD;EN;In!WzMCsDrrMB{EuTfuHi5G^L?{)ab-IoyKJrjq zl`>=;5leDH?YA)`?uhV6f%!BkM7P3iwL3J3V3p}JO+-1p;v$PIg;qxaTU6O5psjOK zbj`xWTRLrv`jtw=a$w(f6U*j>4RE26a9eualoCrmYn<;e@IqZ!m5a4N0Jk7_{(kFzDHZ!#rjRIGVW)9rDb*7}n#A$npt_1i?>P?iW5v_GDe>p-S3}uAx>wFOVx~kj zpFAWTL$0)`siE{hbDt@qg{z7)9TDkz4g0xCSH8voPzo2zf+jmDXI$K_*KW{!hE*{)Rd2Ilt@p{3x7UsOR{1h2yPH)^>qm0jO zJD$ulfA9A4b%i2#(sdY6bc*Eiyy*@D^6=jq>L6hCBv}hzU>5)I1{~zZH}dA9tSBL9 zFHP2vV!kSPH=`C#1cJn3zf9Rp-g^FH4J&ai9SZ)`a4Yct4;B8@u)c|*#V>R#8KLpIInQOPz7^1c7nNQ*>p`E4~Hi#6F!2t8BqN@A@iM~>}He4aelDn(xl z1vqv}q3H*K1kP-n3~sT{$ZZ6BI9nbdP{S&VCw2e0&qDFXy1&pH|C;kpvEcq`vEfqy zQX(?h-==Rcp|^0H+`sRqKB=@5iR0l}SR1ATjI*Y0LyxwaTiwP7>38|yj&P~IljDwc z@4yFx0!^FDM+E2?&}*7|%=SPxMk(s;8@(CJ^z%ybmdW>Om*(HYHT>>6k3E1F>5CF~ zP@*Y2#(JnrWZ^t$9WxtYxOn&P@12{dEvU`Ut$$P5hpJaoJKuvlz5CM&JJ5ny;3iA^R|fJu3$__m(6gcH&|UkA23crc00Mh^;-Qk?PQhCJ0`+ z;%e&us_PyBKeB$SIyUFX>QW!Ia!NQIKP z$0+l{!(wsBU@%iFXcYUp=Ac6i@*8#-SNA;&e{F{{ndA~Ms%~Z;tCz-08sK8TSffo1E~I!1%dHNww%2D*ErT&j0r_TSBmwUj z`hepK9;e)yDnMCSzT$`%q4hCw%ih%14{s!Eifm8MuGksd%_~2`{PclqqNXRoWV=2d z7Yi8c8%8K;%@MqlTo9FB(rko1pXDaisH%^O+`T9SwH}soY4}IsC$0=_+(ZHXPFPdK zMF5PqQ)tGyU#gSw?vd{#=-?y(iOhN z(iIg*Ns9%%rOOpgqSQgs=+bxskzc}MQ7`ed4k@N=G}8wBFHz$eXcLL}Y>^)HzT9Gb z@A{mx5iL!N?|D*9c+Oz7;^<6l*tr#{UOZ#s4|R(X8&s{5(coc@ihTxuh>eXK8D7ce z8MU4<8BsT=)z8j&G1JbVmn@n!s4`!R6OQ?ca|;%|KsvXh3t{;R^a>I6A>H3TRGrOp z7Yl3~0^U5%E>)c4-lmbBC!4RI^hL?6mTD1^;pt*7kP0)+iYMd4`t_?P_3<|v8&b>y z@Nrmd$Zv>UD{WctzPZ0u|J$d-Yk8_$AWlZbt$hCLQyy^ak*fdgAh`;tfan@VWuB5 z9Z4#!qR}2Vu~cAtt$e=K)T61a=f5&{QUJZH zs%G6Q3)oq?AV6ff|D2eY)9kuA>uCe`4Au}D^?FlHq4zKjtvxv;nlrEoTqkfeh6ULn z-e?-43t(gUooUg=2w^yL#5$3srgQSi<2*&E1{R0L=EAiI#2Y40<{3k5WszWp5~dby zuC|j|(hKBm9#>RSG~`L#t=2QsdcwnfpEVIT$eYLGLMq)wm^3>AoC~nQ{XwIF#><9V zXOX^nLI69Bx3szpT9Ef~PgqgKYwHG8Fq-e>p(Uh0c1TP0XfsJ1>3pkQQ@u&IYq3;3 z)P&5Utz;YO=p1JU<*g#5W+7)MVIUrE`ird zU|o2q7qqxQcMio747)1kwO>r?&9v0=nHLPbUFz{3+EXP03Hczum-rp~1`Q?1R0)j` zvBq$kkn5s}c4j^R8m6uMcStHoP~B?XraW z6R42HJ{pzwVF&qJaTUVs3^d;<`EJ{&beK#E>u+bsn5B-pN=j9!6pQN!cTpa+rA?zo zI41n5MO}+-ht=nO4SZi!4sXi-haz;rV?aEACuos&E~gWQr#ZmTMMXMpPmyNKG)Kq@ zQwUadlZ$WOC4P%X%H=}&`jJ})6?NK8p^mRa3$n!+vi&+AWYk*$I5Nxoavn(+6>@6(!FftDv(A8TGQn>T(WQ{`+^XCI%K)_R!mZrUK?+)$kY z_B2FA6aMlj&M&R-n!SHvC{fzL(#8J(5Nc=u0HXiuKQS`3Gq$ibbhQ3YIZl@%76@s zx7Lr>3P_@F?ZOJ2%pe1SxZcWRaRoW#GyJTN+ZWbs8rDeq7i1g%m{09knA^_}9Wr%z z3nu%FYA@wC8QkRQVNtPd2cCp05IPpFg~M6^7qUsP{m!@mPWcVO=6&ZSpBH3d^&scqHLE3SC3 zlGLv;?DhutE1rn@$DM`8eFd}H-$F_aNt#|e^aV0R3O?B;ETqyzu;foWI;&6>f4-s$ zqO*mTWm{1yL@La}s2bPq$6Qc*;*JU0k2?$PKF$#ZM0f-nT%iGyS{3x^?rgo4p};jO z3O`6v(1=o8 z2n+akjliziu6!X6m||+>8B6-;IQNGLT>WmXWNsΗ|D(kEYfvPJ>}uui>2<52jj z43rzXa9`3E10T7$ocr-8512=TTN>@3R`UkocUax=;{{Y^U;O8Vc!V# zQu2`+l2^g>0T|7f^J||sMVc%718w%*U%v8{Z3Mze(IW*H45en2NzgX4mnar&hf9UUh^7?-Si}* z&sdva_WT+jpP#rt=4+x^6VgsH$w?SjReYK3c2^6%?FMF)IBJx?eVwJTOcdWxXru}2 zA7fg^yIoslp@*6Ql80iyN|@%2H@V1JIgZ7DIxo9IgM7TZ~DL9Onzuk4hm>)b_R1cOV2CC!KDu zw@tlTG;Y~B^&K6pSBjyL=c`atHCKJ9h0GUm;N zpO_eS`nheMceVSo*s-^D<>^fsx`LxOY)qVfI=e>MuQ0TI!hEOy)q@i>YIMMVbuk_V zW>HooIZPa2OLLqFR`N=^5JM|h0c}^S!KzEFou8RsJVCT6_E1WdTPzHaR#N^$ei*!8 z0NitT;hb!WaUedgOp#-15y%Gjwk8?pK-$xe$CoPqQN;4Ol=@{CtQ`jd^&kN3s*c_T zgRgd?-Y|-YUWAspHBv$&s?4dvJX&vVXfT(I-&Ab?Q%v&vIPKy<&2FZ^=B$vv*Vt)3 zxiFr-#$TD7La~tk*f@B(=;Hfh!sr-b#_#RwcOG9htV2LTH6yF{KDrrs&Aj{EbbC|&1d+JZ%G*1M{L7-q)2@Gc{LxmK38AM}->3Jo`*ryb-auQ4wZDlNGl8Tao z65F*d1M`?C2Tsgv<>2eAx+I0;IJ4!@w5r&CXbo1DF07X@@An^(Ph8WOqDQH%0 zB`+EgbS(jJ7*N)jLspn_HUOWeHYX`?8png2CR}1OY#1gqbEsqYD7@^f=A3_8C`1EC zzri>StFj_3{;U^ZM@yg-o7ls?ErU@@+7Lnudh3-d`AK6hOQwSqu)O`LAaj5>a$Kkl ztm?nnvyu**D6}A;rA(=d9RlhNw8jZoI6r-~q1!S9=m*Jz!jyal-ev}Ij|Hi!egD!3 zBO$+8CmzAMdPRAPUSHpgA)v(|4N!TKOCcW(BFLU2I!T+w>Iws!k6hC~(mTW-Rv>oJ z*E)k_1}R#hf!oWhC9KzGVK&P&pczu+14e8>XcLEwo2G(rs_vfGYg>a%vOZU40KdEE4=vomE zo+p2HXAI)p4Qwyr3X}JeepW9Nj)D1Ni^>K0vu%itnBQ?sX0)br9Y=|k;?@kC#1DY> zto7ROGSBYP<-l*qM5-|nOn0w|wPPbG4-blH^LQv|{6p71wobA02p`Dhk#QJ_fRONk z4J4_B{lf{Abg}L~WV!wMfzMwA@{z;deJ;%sBN%S($ci zm)o*5+8gsB5)!$EJ}(C_K6rM%8Gsp0rR%?iF)SP|Z?~FgQVwn2L9DIJA2pWF_N+NV zSaHgr4OixmBf*lR;`U$1b61QMsP{08gG;!Itfqr3>0Ot>2tTFAkKA!9!JHZ^;hjrT zX~>E$J1@h}o#ra`E7Hinh`-sy>(>zy5sCgV#nS>nYlpqnq)7sj*Nb@JB&41N(b(Sn z3@f2wp5SBE2xw&7IO#EaoN8Br57isHFP>`+3R73XO&~U%4JkAP?QgjEH&jr~NS~@@ zX!+VBsJz!gN!!6LvU0^)tKkSu+P>1BZ}9BhY|i!c!g9uo@~`~MV?t_I#Y?N)iOZ|< zYRjNa`L@GJX7&CSj7qqCyB@wjDPL`s5q)RPO_42XX$*gTKnMC;lTSwXw?H6dPHe91 zubd!g9$Qxf$^DvG)htFU+E+>NqJ}f|7DtF|AQIo_ijcbYxWLqlvw3OmEjnsMTHb97 zvtlHggWNVU2*F`jaAF>$azQn4}deRDswwRG?`&d*^}g+5oa%AbiR@!Y zaSI^)=HRur<{t(GHq$1HGmNORis@0(69B+XVBQth=z1HfPQ`JU(laEs1c>cYyiUTy zmUD7ecA?G1WkF=m!gjtJ6xS21&8BZ)N5|Uutny;Qa61-;#CJ`#xZ7hXw%Sl$Qc2>+ zQyAC2?)JI*7o+?BbpWQGr&|KMfF{-FY;(KIr~_ST8IK%w)x$#5a&_Uv<9Xe^kJLH( z6ziS-KfW{A&blp4{Jb%w!2dVNa{s_AOZ)${JXNXvAIalSY-NQ%oa52x7N6ND__6IH z+G@z*Kg(0TsTLVk5|!i-W8}w=;4ztoTdckiI#Gh?`mn9zI2H$H=h%aG9JF%{qD=uC zSu|(?0-#!@X{k^{GrfxAKuU{@WCa>y*|nrmk~py)nKLbvK0g(@y07r0)`*j@Uk?9k zZykbkcjW<>gaje1s`VK=W3?P>*#=rkvkX=oyT4Z{8Rx}#ni^WD@ZCifip&WP+faR4 zzBVy2M!qjJ6IsfjOksDWo*H73YxJR^zL^UjhAm5W9A{JI)JVZokhv9GcPqLfi#hm0 zg>O6&8#vRiDrDH;_=o8aG`@yom}&zo1x(E{!dn4xBL+=vG6!Ci>N>ze&J1l>iFUt! zbyyJ)rsxLBU@RlVGii`KwoA%49XzAdF`LsID~ia<(4juX+a~GiygRE?yQn({N&MdIr=-9#JY- zR~s=W>Er4KZ3@+79DMWFcC282RZa6w1rz2bsT8x`=-o^PkH1%LV+Ld7?QHkX@%haGKaqlM?r!Dw>chq_>P!f|KwVpXTRGKUEo>NLq{ z(qm4<(<(watOZ{CS?B*&x%mcKRZy>*o75`dPA+#|EU_;0931&EtuSgsiYLXoQLOTh)mAbfK zbc`Sp=L`XDY3bghf8-PIPO{+0j)mUGo4FF2RBR9m;wu-v@7!iLstQx{gHj~VQ`i)%nunU~>G6*m6V2!+iD%>hg+7)8je~?>#(<5DJEc)* zd7dfrW(C7;1qq>%bscrKziKrwSxO-YT?4zyLUbKV2QNIw!zxds$%g1r`K-2T-F`^l zc#oJO*?jHc;3z(cc2K44LjGuQK4uX97I+kY059aU&Pk?oo|eT+-Nzv<1PLe6Cx)WR zcYT)PYDJN+!8cO7DqaG3&sr%SyW4aydqg>$%r2#TwHM^h~}p62KZpNCG;FTJgBI(Pc=NJIQzX2Y$%Xo^!S zEwT|-S4Fo_SvRZ~Mt6)rdLOKljdR>Qk{M@2eg4^l4i`$+ugC=F`K5d0aXad6Y0j~w zHd3}Q-w_7N1UePmko{1#>sz`>?uq1&pu?lDU(sM*EhOTN4p2{A7Tqqx@#pGtYa=yM zDw`J|zero+s*?s{n7almEDKQebdqK#<;X7;4*Oqa$x+i0YKkFK*%5AGj4 znY!OaoIXk48tHhn^&fXJ=eXMPeAAFeB35$T&%A#l$B-@{W!E&vf>*Vx_v_AaeOkK~ zlV|5p-yAn>uoL!7rk@;xazq6XC^$hBY6PTSSga!FXytK zcmOb@9;!uLtoPn!3e!Lji1euf6^-jimk`HQR*OtRPa&5@22(Rwa8YSS^G`|P`|e9Y zYxc&?L4ugCr0Uq1f?_v^2w|16h~o87F`-w6b1wGlY&c=j zBfh>YzQkJ#LBg;nb4YcB_C|-ud{@U%h6M@gt{^rz5dWzcyn=b$v0~~@r=$BzVA64D zoZwU?c*{>!z_9v=rV-(9)GU_HSs_Sekg?ZlMgmx!!caK+mTzihRm#yO8O$bCN$u3D z4h>&)g+*Xo3Edm4nM~B9cHQ>(1n@2<5Kp9JC z$npttO}=o?=U@Uov)fWq2!T*aK;~g&sqNqkK$rrTNasPLglKFbs#X^*OxEM5Y9ONE z*o2tLRE}sMWan6i7>ddLNKrj{4$A{C*-gk_7oQu3P|SqjF3xuvxs8R-AL8r>E~F-Q zz!IPNl{%>dFM;qNi0r97c%?oL5HX zc;h^H0zgT|qG9-C;9+el6FlJw>rpyKAVz#YzeV4zE!$j9o#N6kHt@^O!Zp0L`!@;v52(jV zPUjJU@IvUqD>%E;uV5u2?zbniSJr6HCZNWe#Y9Ch&`IG&5~LeY1aG2|M76D=ck6yd zWBu^&(-^`Sz8e^{uFDWNpw^8J%M)bE1G>`=Pu=izC$;h_?$5as+%9=zGz5>9tH&z& ze**sYQ%tjE&c__i%08->60o(Lq-g2F{hnPEZxnirxip!T%Q2KRl`1?6M2Mgf9ebop zt3Mbb#l_d~LmNwqa3%-cUEpluzBn2+DI)kOAyvbtgTS0qby6#_Kv<>N)P&W)%vaaq#|^TO+0;IH7ChNO3UUb@ z#8plTSCdJ18&&iORMAq5Gw$YhbvpDw_(_R>&c7O1;xGvg2mMF*DqBg~fG3Bd2Wxh}$?{`H$ zd>=Je&zw75YOdaJ`<`|c(YPxhPCYcvQj2t>92zsB z!TOF*S#+s8{uD#Hwbbr4n6u%wYSQf2i|SA8d2;~LlTGX*uwMfUiS66ahLp!fz4H9?$3dUmACfpptRW&&AOBr+NRE!5jaEvPwzwL5{q?o=nnw|+ zejZwmGp(i6W>~GKMHjjg&1RlcgXzixiBpWF$A%}g&83_YaEV&a+l|AiTtj8 z_w+d$yTbx@JpO!AIcur2B`z24W+xzs7BOkuF4v2({ubIO2>O+WSuJ*>3`652A-vxI z0L15qIg|9tBs#(k{Ea`^NL7~I|LZ~zRw*qh69}a5z_1FNJp{b_ri+XfM(tvWV#Nm2 z)jpWJyTS!Vq~neaYY-CI=bpe{xO~uJ- zn1R=I9`i{X}M~@hy-Q7E3P0l7zu-m zg@funw6`)y#;;|WZJ$NAW(Cs80lB22@d`%PGZ!~c?)Y~Y#9CWt5-U3x%XbSZR+8>t zU~2@0=~RdYGiwDbjS|iuPf389rdlC2Mhw+;)`jeTlphD4)GD9B6*N4vEp~z7^k4_3 zFdMx7jWM3A5tIWe?GH|`7XON|!$XtyQMqG=j^O>Z2NG?QALKD@z~lq(XS$Gt!BHP_ zenTHq3iH2_$F4<|(-(x$A1;Z~-8Kr**gs?Crl?_3K1W(cVzUliNTF0#2nK?NR&_|J zn(U7>H6$1%g8n4iirG441OgCJ+TnqM8r3%8^aUrBoN$4CS`q~Wl?a|4GPMt<+e9mo z=`z$VCwxgBGdqI0pLtE?xvQ*hs^d*!uc3Vm5VOk~79s=msO8rXcGWdW)>zvhf|>ov zH8b@MYuOtzxezfxwN<5^f_JPKc9KRV6e(+p<{53!<7!9pIYsh};Xq}*#n93$QfdQA ze>@@PMmLPcAhr>@!Gi4C^zu(M#*|cEENgGR_H~Of%#WK99A%)yjgmZqtk;;@IT=>k zmcqb~X5;&0J0~(2V7q=>UA~CQv%KJ|4}R2BV_p2(8YB?qb)GRmcJ7>8o-$JuKL@52 zLfkHDTgtA2VGPweYk17COkDJzT5IB-+-6KDet^cFCM=-R z8vwb_N2g^N^bJb?3mFkxF-EBY5A_;pE6Pa0?NtnA0CY_Rj&bgn$Ovkhs7d%(CIqHR zxpr^Zq#MuT7|Cy^mZ(NIN>$S1F;u$>3%*Q)Zy6747mdpdr97N~(OKI;3 zld!y8*gnnXLr}Yf1Nh``h6piyKDujKH#l5b?VzY-u^4Gvfgy3!E?a4qa7X%FTT1bm z`|0=K$F+@Fr+X2WvQPDLFy8J48;AkCt(}J%DxC2b(!-ZUzjSBU_FqGjJ&N49Vd@qm zmOC9*VL}&kaH>1xOK_s@lH7cc_%*od$txBkY0t2F4*E_%<`BFWS6?F*S60l%XM$`U z=MCo?wJW{J4Qs+JM1bOp&$p;)x<#Q~Pz{S{MmYOe=q!v|TTqib0U0`uYA@6%z{VBg zN$RUBcXn)RO`IF3MOS5hHfZlYIQG_e6b}tz7L7sQvjAOd(+NltgXyhaoTfHjcrET1 z<~sEI=ugVk;-?I=i=lXLza(`MR@7>> z7*~JiyZiABoKi`NMRNx%NW)4^T~&RhBa6$EQ$Z>RwcluVlu2&UTEvuCB~ZA5fZw)Lnwcc5lHej}f14YylDYTMMbJYMC{#479qo@R?p-xX3sTd2hKYzv_s;jZ?>M#1r zg#qF<5-SE4BCzD)mTG<{-I@eT@Wt5sb$q#3@a6p7%+}kA-IiN?jN$6&=EC2Ot*P1B z;CAtRlz)7_U3!(Uj7OWD+g2m323VC*O!O2p%CgupFw|p^HY@pk%9GPSe&b!vKrX8J$HKuOeBe#n z1p@zA`Yq}F48jePKg~t2L^=jvkPqNp06*`J^6OAM2smt=q(TLk&fxG-7ber`AR-hW z@ND$t4seylcN2%VlhecmEA(jqgc);+CTHfkH(&uHz!yO0ohF=|DbX3Sa2p&_9)-k1 z6|D@Tb>@8s>X><4hTM$4+ntDbEUAPoU(bv1E(tRuASL77h(4mDE&2@HTs`8IiWz^^ zaJ&fLRM_l#JXrlBr%$l1Go*5SZ({+DN2`J0B}ZcFf#*+y6??a{CeTN0tqB%)Kt13E z$T-(&qo;aXIMp>BT1`E7KutGYZw^TYog45>B2;0oqxgYlm&ARJfOHp4Ij#rVYLO=6 zXFKus6s7nNk(Oy~3MhLk@$0}q>qk>giCX_9tNW+9n4>bu!p{SKy zVfmd@FDYV zlCc7$L@YsL2e@aPfhncxzhs(VE+7Ava)jsX4Hf|>a41;{v9x25@c|7GC!b6LciT#p z7@mqNZR8n2FwhrZqvB26Scne87U0*z9~V58z_m#*JCHyW2@tXX$DaSGfMzgY20zK< zgnSppQq!|#p}a`yelTYri4D3dD8UJ#cl zgoUk!U`d8*GG|v3ZVc3XN43aAP=(S0YYE=K7XDNw@nsEW!AMP-0BsDw3flB~sGNx^ zcAvS>rK>!Y%5zMgphXOtkk?m20Ta>H3Q+J_LDUZ%r_7fWBizgxz%PFK7aJc%Av%lG z3p>{9M8x<)v;my^;Y*H1-|RiWci0#UshB33ONpG^qIKpxmYTg@MH*DkFf#03`kb>w zTL4}0TK-z?xD_7mm(iX+j19#5{Yz-eDXUH5XsigBH&=Asc%|%);_Y7we}Qg;$jOSJS&o z9rH2ehwUj^OTj$lvRDqIkq=k_1hC|nr?(F-pnWfQ3MgJ4wLBK}X(cx@O||%l$puke zCBb1du~@Su_Cmke0)1rL((L)ST&rSC}CQ9W+Z2L?P*VfK3kMYuB_$~>_X0Oxv<7{D4Q zR!reLEhAKpfl@a{y0P8L3*BLGE_;!xT$NJO~4bktDnaje0$UlzjG zs0GGEBsLo600^EG=}G~@xrNY^4v8w8BKN7dVkRRBrs$@CB|K%`3oElmhNlRTnCc?L z%F=L(+|b;{-iQfsDsRb`3!XoY&v!ul(xZc%q1CmQ&~@Jre`M6|A-V-XGJ-hkVF@rF zC-8SBXI2mo4~1_0^Ey8L+hx+h6k9=;Etcxi$xd$(|1?)iQZ7Om~D76 z)FKUGCa1yzJ-19fkFDD`$^i2El?aMn*Dr2bqYb@h!J8M5R#7%*k}Bv$?ujXrN^v|` z1b`NXNe|^fZ}n!fhK0f~0%(s4)H~DkqswEv*51&WOjTygo8sy#>@n4Lufh3EGJEt2 z6BPDay#00X%H0iD?o8!%Uk0w<+XD-z3-25;3&e(_GWvuv6QjxrYX=7u$?%M9n(Um; zkA?;TFbFrdg_od21Yb!}IFj$t8hU8lc|EwC;vZJO23O(9R29szkSSom%oKV8JcIk* zEO3vn0pXBw6pp@C1HwV0XSHH`sne8gACZYDA3Rf8v%yw(`W=AIRa*-MvJ0P9! zqLFlnczaSjnY-sw<=8*adkWM9qCET9Q8+3D-dYMQ2P}Met^nC#e@`+Hlt~L%s{Y8+ z&!kYcZ4pG)$vVftH&C^wvLo8SOpp)aQ1o5a$5$8b?D5nwsDgOQv00qui&_9pvoD#V z!WyzBYoaOYi{51UBCFo>MgW<)KcU4M0s>1+gsakK(b`;tr?@iwV_aJyXDvFpDw>?&ekI2wM;66jvWy6_= zi=fK>z3~qILMnDvGe|xY+w?K$p@=#p;2=``AF_QL(-E5}YXk=XJ!sdN&gPR3Ov>E*KBJJEz{l)OIN|$&|`-HQ+h4!!zXq zS|yK~A;jW_?{FHsvTM2vqtQy(G_Yo9z)Xi{dbv)SgryW-_9F*walf$8(O+1<>R>25 zXbj-Y3sx_i)ne4)DaLH(pW4XkKnL-hF&$OzFtEAd7>vQPi+}v@DRz;Ow3m)@!wCv+ zaqerF1k8P)F{&SE5LP&IxFz!1y&ahWqV`3nDU7%o2%zu}1`nAC$%JClI0oUS@Fo#XfD$zBD^M<#-Fi`s#$!hqV6kW(UyhwI_V=RXnp zr(1{-<{*@*#yU3}Nc@yGZ9zx|dySQ*WoSAJBEX`^m&%;Pp)4k_7-sfFWqGVSIa{Hd zhS)eD@}y&g?&%V_a}s<3{G5$R%Cc4z zSRW8DNqs10vNg<14Hd&7v4nsIX_ThP2ggX2Vhe2j3pg<5*p+K;VxjcXI4!CMtw+Gk zvu%7_={x6uTvD;L_bLT&iz|a)TmoaYU;Lw-6VS^_jQVl^0-*pB(MLWonrb4T$>%`h zUg|c;maLCb_yM_r=ju5X#JFc;L+SutHJ=g6Ues8**jbY;wl4te+i7+F46FlJ`xS6}#HUVg z=4H`O2HOIaqYslcII)fJJmz+m9Mm+m09AM_!0&Y(wcshHX($<|+*ST~Cte&+ z=1cO6n4Yw6fezAck%3h3la@`^#5{e!wP%{j4PP(H+NG=d%5xszicd|njuM{)I&{G0 zUbPTq#wGTSL;wa6P%R;~0GsuuLMG%kJVKbPOzc5Qd&EC5?C#M)FvcAj4|$eSmB{P~ zVJS*ZPQsqPS(Q=FF7KI98TJy)v-&Jat)=?~6Wb@C><2gpkUnuh7IF?Cupkw`XiBCQ zZP^o@BXU1`13~-wF+kr+tlj~;WlD{W$pRdcng!tXuU{zdLn>Y@qYYWf8vo3aGzSCS zg+z#ev>qlFEs_F!D2W;U7?&$mQ$FigNO2o<{{r8W=9Nb7Gzx>0-`T`Kw^aJlkx~pD zStdzSb9v~B>OnTeJOHDF7ca)GhGvFw=d)zACX(a|H_`BkRmob9Z;0ys79#PDJ7gRL zqw2k0umQuKp+!X!$f!Qa{_5pJelXdc9MimqWac-yKpuosEgQ)Gr8rZgN|G`K!v(?d z;XjbLlj@HuZyg%%E&k~ve|t5?eIaY&o(m182pxavyM=hibXx^GX}S8K>oYxK;nex} zkE$O1bt~V{hUBVoVXGYTrfQDf6CJ|z*=p=&1hvsfOCD04`Vk%OnwxQ2S7a<#`Uqo% zQ;;AAR{C4pgW;;-=0-~XdeulMttKsjK6AA}^K&V=wZpOkDUW^YUVWQ`HeFy7<796x z0>zygMf^rFh`sCN7jAch6#o6!ZCU~W3l2U+%DKK1A60=Gm)SJ_@6x#k@Kmlqn#uR5 zP8@`|DN8V9GkNUa1VF{)*wjviypCSo9U8QDD zPQ%n)yC;ODLMm%c6Ti(SQA72Dn0C4%<1&w3NYiZ5(Pz{Vmh8xBdDb)W3hnYrhfewz z>Gz*3v`NlAT{8V9@>n~-F}NYo5)_@zfPH3H!r&dJH_;pxP>F(3=(Js-0=YBphe9{! z$7ucVeUub<@Y@qO2>Lpkq?WRrpcZIQ7H3|tnHYg+1-E6)qhPQ_tct}Bp&v1c1V_D5 z38i^(6SjnU5)b%$3No&2k#kcdert@_>1_bH?P&P6Tytkyszt~($uUAJjdF`DL%XFK zDs`vHZ{_whGV4(9jBCaX&`xsES?IkTj9468$!uw%b@_efkGQ z_h;zHujTdjwMKe+KDSNI&iXWWGTarw)24?DNVl~qgn0;%eO$N=_Vs3oaeb3h#KpIeq?RXdzV z(s*Es1J%p8MU6J1v=_;2hrP>FAbB8dzDbW$^>32OWcW<_WC0~*%JH#akz2*fOND}lwS75TD_cwrh7TTyo&OgH-?CDgLn%Ts<|H3{le>O{409mfoSkeYrh+$ z8bYDXjca!3V_hh--Mv!Zooi;aJ!s*k85X3Qg#&b9drElPySO!jHiTAc9(Kr%(Ht(E z|JK|R0Rl4rzj%A+?@+&V+cU|IZQHiBW81cECp*}&ZQHhO+t!Zlq*GOWZ`Y}BojdCE z=+S?`yWU^s(zE9CneQN(Eezh(Fg66gg<0&HTvk5!)EVF`N!seI@K|i9*7@ZUQ-0G!EJf@vSob+27i&a|g>N}oCkh-H8M z@s#kd_eQarc1=7;%+6_^U&?1!+Y{^D*|rVcrrqs-I+oVXBF)!twa5mj@Zwha1Yx0S z==EElGW=SA-3<-BIDE(YudhB~4F}cu-zg0Ji2t4WMVzZ(!Sq%7Oz*N71+J*X6DVWxAEFqZY~Pa6yL`KZDS|U= zu$pB<;^ZQt34$~bB=k?I(=xlhMIi7INy8lx_MRo zeXg}N?*DB;{L+Mq9Iblnp#)B-L+PVlflUByTEgB|7xs14P$O6-qNi-;D&hzn{ave3 zVd2@M`U9^1lJ0MhKD|zW^@9L9(rERAA^u(|G}~I8x_!Z?4-ZaV8J#*ki!54NlXRxz ztBcs#pTAGviQZY#b)$TVG+W@lG|a~U^dSx6Orx4Wj=|s^4hjB|yHG^B%%bV2R!*~w z$mAb(rhr~n!taX_NFhW)T|ebSS53@`CyEf~C28Nr8%8LU*AU3giKQlg%l}(l z8NeEjNu=6fQhWv^SU)MkPR?nSikj`$k%pyCulHh#4L5puhKTNwRA^ zBo;U9(ar{I-E;-&X5Q}J+@(U?n23XGzl*Z3*0UA3z88D385y$7%iIk4z1Yw^Cn-Xc3C+!}+OGgdYE~bWxZua)$GYm1 zA)!NKTV|GeTgKTvqtQxn6Mw>5Tw|9s&x*f3V(T_z^PGK%4TEWZLpp z;3c*=X3sbc7^6N#-ZY1YJs~B}X&O^Q!Z_J791;uZQ6r@Md zXs9m=&(g^V@JgmJG*^_!msxZ;U#~b~nm)378K7IRvYGmv2E4{?&{+XsCU+uotb@o@ zus@#WOZ?1N!U=_;LL!&74}s`TX11FZJ4KEJzeB~Q*aQZl7G1*T2sI4ou&*Rr6H`fz ztZOk^a4@ZyW1rfe2nJ)A#+rrh%no;!&cDe`yT`E9=V7>EhESIR2&Tq;K;oTnneDxB zmZF1jeek>gaL(M8hOf z=s$Y}y4*aWjGE0n-Fj5_^RdBiPqPb;rFaMIcD@)$RYo380xs`$VNs5EP4Uvu%7WN6@^XGFeZr9+L^BxWW z9%x&u^M<#nkXlYb!a0b*W)R*Vo<*_D#lAub+ge=~-FcJ_u>Fi35D&}ZI0Hvo8i9sm*==*nz(uj zNC1FKy#Mnq^RE&0n`$4jSgoiZ94}NGv12l7oVha!dV%-kf!=1C8nI60%DT!NOfoeo z5qDN_1R6Kp-Hz7NQiuZLjd&V73j&Ny)zMeOt;6%1R!l=O3r0nUCu4P=iF&1!)X9M} z7+ka$iF2gp^A*jED1itVRN+!)CJYa5eTwf8M4IQSxsggB>*7u7Qb>99$j&~5NKDFg z4B52;>MEFkSaUVG6Cg;FKP#U==r_w!Ugtoy`g7d zUj<%(i457)xrpe7o)l$Zx3a>-L9=iSmIlQtkkrwFS`Ao<_MK`-Tp6C9fVlf0;ZdIF z9cZ=7!<~0qs2DF!TVGFa(cX`z&$qYFdB1$t46o=`N8iHPjz8|6(4Jj}qUd}KyEAk< zRt>hO9l)_t}s0`#YVoa!vk9FwC(_!p%%8pVhd7Rm!zIrcgEYvrC_@e)67OdE#0V`>a0S6KZ^5Pz_1u1dmC^L$i3^C4Ivn|d z(0W6^yIB+YuHe}2eayK70l=n~+$*d}jWnoZ;=-Os=v^rjc+nK?bgblFLoIo2fVMhRf6-zX-goue*CSCIL`ITs`dzA#cW>^Cid33djFN-A1+`@ z-1^BFiczj$Iau|FoM0EE+x$W)2aj+o46q_3zMNR`}PMEr&5-e0CH0I@`VR5o9exh!Ls^byM zc&0){`%qD~J@)B+Il==_jXB8SJRm8p+aY;Hf|0(q3Ep2f#C$HAv-PH!sA+LTo|^i= zCKYBu9`}uyKW4ed2O~!qaE%S*q6jhD)(z}J--OAA`N5ZwuK1gYN_aWa0eo?WLY$`a zlFe4!EMQj^%e@(_76zXetA0*i$z@qNTR$e_bFY)AmGXJpUXNG|l?Sh=Ue- zSwW9ILh>Ljrychx|7Q1rF?yQK2IhDyBxZ(MW2ef^;)?`!eL z2xoZ?pg7*yu>r>k_)qSp058c;E;CviQ-y=nP;V~DceXzCz>9oA6@tRl^G1SzZd3Nf)fSPFUuZu|yiD+6A|xNgnaTBjFRF50qxnyTfVR6Y1G zKf_)bk?(bE;>#mg4fWmlD!lLlP|XvVDzRL4ZIIcMUiKzeDOS=_y9Lg-6eMDG5HOOq zi*AU1^Ih)A$)rGY5TOA^!{PxmNUf&WDH}2M>pM~dV6iE2RfQOM$NdB#NcOdUTOUc1 z>}?Fe3}l-ZD-)2C)gm2kO2YqGc8-T;#2`rb#f>AriQkr`zF$5PpJ#<{vjxXUzppAR zzv5y8^GECjD9R2*8I;C;koEkiPR6tE_jC_ox)P&t?T8%G#qpd-RJwN(UJSECr~^J3^MPgOu0K>YR9i% zVp>LVeIjRJ7(diomDvL8INkdzO*8;N`&#sE3&udag|>8Q=~bIS%VpahYPV|t^)~(Y zf(S@;peHY!C0p;yBIwbT%j%Om^!%h3?%V(nrKY*5WR&PQbzFk1ufLk9M98aecbx`P(9U+ z8vZKK&%gpG@H9X|0m9M!>EGg5=O`N8g-6mO&}u3995})2V3lVR<_RD?btlx(C`)M* zw=mYmLr)88@4pJX27zr0WusrqFc0gmZZ<9#%o;BWBfM+YC zvOY9>4B1|fDqYM%NF~MlbhlOWKA!@6BaqB5E}7+vVWeA7@T1c4YxR-tU!cXWpJE#jxfI>&!4$c zfz=Cgd`8wDb)~2TJ*Y(LHzhlQfQNXo9n%*jenP)shqF;xilb!6kh{AE;r+T#+qMq) zGh1jz+%b*yQ$>9m!rXU*0I;ER0AKzB+_7*B+ag-9XkHkVG2f)T$66jA>-9sl#2&{+ zD;it1ZlA~F{=G#kX3Jda;2soxS^BCuGV;aME!9EkEMdOyq?8FZT%iThvCN^*;io!RxRCM z{%~-xIvv;@V)Lr&Z*Qx;m*W@A>nMb;NvPUGj{x>d8Vy~Fub~7$>|So2_nQKXU`KIV z{HS8#!`0H;tGZtp&D74F8@5x@vL{%#hk{pls{AE7;R{&Po$TPr8vB#HPMwzAoqxhy ze+@&v{ODP(yBU`MYE7Q|SJtE931qqYw=sL~+s^v$joJSwYW!PccHrN5kKbIfAzl0A z;ywv~0ObgCIQ3Hz<^>69jJ;WB8-?(JDXU_0mYb_~*i~|Yi(ACirwqsG)@6BMyyQq~ zrso-n#M324)J%E+^fM1jqgsa=H3INT>|{u3Q2TwAwUrq6g-qlUYLl4~Xc%_?Ar`dz zGb+Kq(;s)ZxdZ&bfW0Z$KhH^;+Wf+7zezQb!gDdG4(fzEB6=5mloq;+g$EM&4Re)k zyqyv!EV!O9o%ghUNV!FdT~NT6oa3LG9ICpa^6O0mSLZ=%$nq~h4YS&eSyJ<(6zZ4c zPh~=uy*t$+n2_xoK-Hr$JCb$kx2O$(I_L#y^ILY71@UF*{)?@at>30>@v{gm*2~F` z&$ax8c7QZ=Rrmo4Vsil9eP;1sodW{(jj2ntYxwEo8>d()g_KEs?({90}g|TOoKhWo~WOBLOcrSc?yI7$|Y-m23uje zr3d=Gw;#TSqoAgSNHt?IY$epEpW>|_Pm0jfkA3Ph(mJpfN7%~m$2+D!m)RwIO1iZ z9TlY?&ZC~&bW%2Df>M;a8P#wxqRC&m(X`8|o+r*UBFQAUh$jS|z~_U-^^*i1U~Zz9 zY%ac{vVC^--osud)8}yiweWVgG~w|b`2^7V-?1DG|Dnk#SYujHl+eGw z7FP*r6$#kIXXj6!;z0Bg4}qYELYa3QR4eNz52Z&#Q49&xY`}#`FwwCXlvu7Z*F7kU_|3+W^PU6;A~?^sF#UH;YhUJ`8+TOQ{!Hfj1pkYFM6C_H1V z)=2dvvUv9X`d{7&>A4gxWpsH$-&@L@I1rwMtTzk~#V=&SR#bqRrTtO4b&eHR@I)1v zH~~e$Kib8Sk-{M!Igp8im>p$*>zZ*&K*2MehV;q#?wZ*c$ksyu%B!c+@PR-iyU>pz zlUws^9>Fxq&BX1dt8FE_DG>VY7(?4Um#v!l3N*WUBt7L>1_rAUS`92U3)Eq5QugZsCHzbX9QSrQhw0km zw;rf9HuZq=0%H!Hp^n|{YqWOS5S8c;(%^JGm02!FD^Wq>Bmw3O?qpr+-R2g^tDC8E zVIfW*=}5uI=W7m)UaLcPnnApq{~ZwhR}Iqr5AXFR6|xJe7#k5--Qx|nbmDpDL5HEpM)UYj$gbu|EEH9NsQb|HRi%3tVPbdDN6%Hm3*eD>htWl zvp|TA(pB77O#HhPSEuYX!hY`kZ)V3|rTA}2w}yXR4*$DlkPT%sb?3VlN{j^n!0;am z@H;)r+~zL?-9$BO$8}c3PwI~_7}GxrRZ<+{#g6++Z2Kz?WubHr1gn&R5t@Zx%|wJXV{Xz0)<#o{FO2|Cn;5_iU{7qBkvLQWZIR5Yf| zK~=UOB(03KN&>}BN~!Bw$@0miQ$~bJ6bfZZl*|}0xG47i!P%$tcmm0cs`r#@#W4^- zKT+;|j1kH^^4vQJ6S2x905R$cN+*Cr--Nzn1Nv_72;*xdfN2U_8_(P*zMB;0$4AI2 zNCx%DuUV{-6s#)7-rHG<*wLYr#*L9Ro%6M(K~ssS!A$e_cVFCEz!GW3!4gC3h-tc% z6b$R*Q3gSfCH5c|CiX}U)AmwPQ-DQOc+T6T z0m28v{PP(ihX6Y{Fr$aOQ5~4tK0o&QSvIk?wQ(|aqk|0FTJrY8@8V}4PWG^Mi=CW4 z$vUwzv+u=wG}J^l(9&E1SV%M#3YM%430RdZ(iHxlUa454e(;f<4=`PhueMP7;29^LqAoV< zABS!#BSkQb+5eLBk`A0ehLsc9{qVpZF`8#{T>1( z{*{6@{Y{sNpzX?!RY%F2vzqqT9gkczeW5x2+ZpCBJn){maBdG*bCgo=&L#{hc}PESU%FtnF_&$>_T9ZbkVz4Z zcreN+%HU70e>h-Vb}e04C+keCzU?4s&ys4Wz%6f6F;m85kc~FwtPV>Xvo^ARWm6dR zFgE4Eqh_d70z!`?J)d2+2}Yvy_%Za;0OykV@l5bl<-6# zezC$y;0kH^A)|?_Zes&RU+O!$w66?x*leltpC$M z4=;3;FjB?8W4_6ckYbB!Xgdb(&8d&b<7EyvuE;(SgVkIr zoV^_Q=~wkL7L8^iI9bTPh%z|w)Ytu(QG0j`r> zTGxiLBx7k(JHT0kymJcMge8;g(~mfb8q7$p<2=Q!7(~~HPIQi7BWKO?X$YN)p=r&| z>rkvv&PVBQvT5imu|X4)ShJE`o0sC8I=SDn($> zbjI)1DOWV|uyjb047qMyC%kamX6+F;mt_pGbrk^0LL!}mP!R7oFvA-|*~g|f2~Uz{ z+gC1WIHwksrmT*%4d}qmmU?U=ho{f_{*bakF(7T^FlUNs-!+|~%HsVv*K|mq>v7y? zUBa7DJTc8HckVRch#p7F|M7KU))R;zxX!7|361nxUflt}^4;K2;2G zt@M#vBk&<&Bj+kpI5JlkB>ptm!A~%s^B50h9HFPo6|7f6cGhFos0SvSx3|m1(qoeS z!?PojhB8QI8FgVf-CkYSw3+Bk@du#wK2RHamfOHbJM7HMpA!cmuLfWfM=aeZm)d^R zoH+r9-s4SY8jrh8fQ93J(n1cSo5o(^AL&2DuE-r_8|$Ms>s7*BF2-h8%FWJd&N4K8 z|3o8ZMmS2QoJ8!4GE6wHv?ojFqQ^9Ebl#PIHK-0=ZTCTas(ng|3=%;*1_AOFzJ*k`>l8;LeYf4@G|>u>71 z8A0$7OP#rW0x|`^I-TTU|M(8YtQe*bN~$F1f1s3MU$c8)J&$lKZ1 zNmCd=<`?b&r)x56pR`U|a>uUTct;;BkX<)fv9YS}*m?Z~#3~>cDk)-X$|`f_yRLE% z4pALbM}jWMQISw{gZ6w>(#SJBfx^uxoShvgTkeIG9|9#@XkGuw-k)Qt_|R;Ob@A#P zJa(cS?|I*1XA}MEz~A1q;Ksgz_}Vl60xkDtnD}%;Ch4+a>*<4*R3aq!&FRfdq(KP=R(;*yo|d7OUO(%| zq-vnk^q@Z`QM;&3-mvV^j=r#KiDXRVIdjpXw4(Lm>G0UL?Gia&mVp{Dv93BHhSRhk z0|F44sUFHd3y%+<8Qn&#Z%!1q|JT|Q>Sx3CdcF78Sgcu%wf-GkCUmeHQH{Xp z1vv2(O(@fP9KJX~vw3Dl4t-!~1!cNixhBCw2?uqgi88yfHka?IY*;jj6dU)?7gA-t#iqurP9e>7-e{zbtJl53ZM8*M z2&T2ou{ENvw$8frj+juips~S@OT4TDQK(Jiw)n5Lt*+MG$TXcb6YXXqrMUbvvo)t* ztr(rdes8Q(QQx`5bJ@-%{1|4y?!ApUra0np?i$$)wYx9ag*{j6#)oV+_>YfEXgcZ# z+b?Uqs|+>7OE!MZ**NC9JEe7|$;U)gQG?*5UFFB9pyc6#RwJH|57kx_}SeF_kC$A z`KE0!{io;VzttuFO%RH+(mzoBqPh&%B#%Q>h5T^B{@59tFc!=YKvZP>Q3=d(p^4&& z1u6_-pPt(>4tw|^aB;%0+Z|6P?85wXW%5rjEMwAZM(Xy72(ytmGBU2gd~ZJ#t)=DG zYAnr|f&!d*r-}arRIR$%m@&g}L4t2Wmkn8Nsn3(S=x7R7-zGOC_zre7s&yiS#N(Wn z$QW7W%ren86stT*y*C~a#ITC}!uF_?nq)q;3vo9|(4y~}KyN}!DzMY*QT4xu3;ri;K(J{_$8<@CMe_y1i-hwEl+EwKZ?@6!^JzX|p_F2j%{Jwj%^+W?>(f zZl*c<{v&XSRKjORqq!}Jc|Nkt@Xt9C*AHRl8ZHYuln4A3aH;BO&Jy@!pSeU+RpF%G z1JPa%%2Rr~8rm5~&+k-LgzUiOO!*JOepRqJ!^HfP!KbeF_cIZs``GZ}ZOC6UqWF4+ zMY`DM=Z#i$KB3tDST&sjXJ`i;5rP<_Ze=*-J@67iWD>}y0INJgVVY%E$A>3D8IPj^ z*MxzCAsi~peE!ZSU{>YuhF$VGy{niHu~Jd9rayE*wPPCd&f?}AgvT+VM_##Ua!01r zoAZ9vo0?KqZ}**wep1{nj&FadW%l1@!nEI%pvokl&)5(?P%e?m zLM2NaZiD)+^`4GydEXl48EN$7%CGaHjAK~_(u1f}9I z>~-MTD^7J0&$eHQ^kn?&>q+ZI3Lg3QM8p2Jg);t+CYqJGjkDW7SLvLUBpuV~;dwQ? z4aP^O*k^_-Q?WM&tW$~#3^PnT5^nri07E762Ifb9T~%FEO)h}-ckz0^U4$J-0rVuA zH>)UP!HvTR=r<%w`*u_jrrrYk0ATxIFFgR;dKWx zkO{TRF}Lc4RG#L>rp1Sl+mKP%~-@tbpYnOl-L`^`{wLmZ#W84NwQ_R~|D zK*T|6)Q!yx#qi1tS1l${ILy8Ow`Y0B+#+%Yg*P1y?PA#--Tm5pew8ee7(*#R z+F{HQf>+w1Ij?a{u#>x^YxnQqRRf0cq*LzTb`Y&i=|fZ^e|+&nG6Xi$YA z?cOG_$;TAHmj(QysF>gg&i^9xv|azzUnJ};X76Rd|5nS{g4pbgn=WUpR#d|;doIIS znMKHeKq%gmd$q=Wf0R>0&J$;oQyZLXxDpe_Vm`Dt-nP{m(4ut_6e^dFKZ-%$zQ{o^ zOKjFjPVGIyVHdEJ=07w^re4r!eVS`tDm2QNsemb~rv?9mo)%ZDfobWx_x-0qL-FlR z9OzR>HRI2Y?DP1&2{&b%;r2L+8gTn8AN47;?I@Krn&_d$$%}{C*DRlGB5WVesx&;7W@mH=|OP@>S@u z@Y(v6H&_h?Iqq>Hgyi(cgEve?oV*b6~h+D!zq_xZxAcXDNmjccwoBG1KXkjg)GCT9d(oeJb$DM*!Vh2T z&nqhSm(>njs|Q)BrNodNH*mL$^2?UdmX z@|o56=%5z#TAj8+Gw|LfpndXK3y8Hu(CFz2C?wd#FvPO}B+nhWr;iCE1WYxVbF1e`Mb3+Rfb8m{B zQrZj&ApIm}b2WEyol5W?*I+e+HhW);H>pj>35kL@H0Wo>V(^{Ar;N;~A49-pR*zeR zj-b52XXZ@tk63Ity};^*y;pm%2jn6p{(T1>NBz6{j(XGt_JBcslWvL1ErTxk&M9%j z`1}26lCV=+Wt8x6o-L(V_L@iB_S>+Bx*f1C!v!K0pAoO-w$3=fhAhFNz=(6Cq%bvS zv=|PVt3X#mLgf$ZEIA~-K;PTf%e)YWvK0I|j{;(94_`An4O@(2)1MMBhf3NjULtk! zWhj`4ERB9$YB2Xfx|cir^?3QL{4}Q!eltG2varAiBzG=5<(h%eBx05q`&UPFzuyn&~r=g~M zCjrP=>5vuOE>3i%J`6Xi37;Ud%uqOrOv=FoV4TM=Ah@J)O7RXW1FKY3wR&p$UVVGJ zH-CJZOD&OD=)kthW}i{o#(H$7)>7_H@o`~OIUF5tT0*Q|=-qm!2k*1IIn?zBoec2< zU2=Er4Pn!O;&sR&j-ip8o$ZIX^fej!V%tqnUd zBmETe772a1RIE~`4g4}V!rj0l3MJt&6m(*o1nOR0pJIq^yTU-~9IR#nV*egnkXbCm z8+@viS}^hgKMBVK0%jw^fom+KInKE)NjztI`R|j7aE>$n9yW zkbOJtM(>Y@QtGxXCXeq@)Ex~=iz+t|{wxLW&W@US)kTtOCdmp> z!A!1?#LQ&s7z4SYWWT`_2c1QwFT`N&pOl))G$<}b*&uJAklN@*Ga*=g28_<2!bgwZ zZ-?Ep-s{G06BjexAO0)br_Fad;O?&X#K4U)Xx@>X69)&5E~uEu%M&bMw)*fy-Vo;FpYvdj=NDG%dyKufHYIQ?I3hS$iE6@K1`ZJ>JUd2!~>W_l_{4Z9}`AO zT#DADkKQmD_XUMbrwJ1V`j%!iRo?>>rh%XGhrS_Iic)F}ATNC1b7!uo4l$#!cIB6u z`iuZ;{h2`1?}~_#Q(=pz`oh5mJ(p6WqaxvvTriCuv%D3quMk9N1d>IWd{_K|-3(?rRkD>?H5%7sV5RLP3U))J*kLziw; zqp>s=%$F(t$Vj9U{jnL7^o@4lEf{ajKe054m`mW`-Rg2yS6&Mk%Dr>05xbz5Md$|P zJ}R|9l~GXnfUSD4(Rqm=t{hkwy<0j6weS7Inoiu+QU=cy90|+&;Fp&a9OWlTLt31* z)qa;uA$<1TLPBs^d%XGoJo&;WXn7hwJ50 zF9$W3(0Q_!REG%NK6dE4trgZnrx!<1wlOU?_g2$QrakFZdj-Cs0?Q2u!@0`85%g z3t8%m9eTq}_QZYq7W9;IT$$jGZdY(~@H0|YbepId^=1Ua(xqM$j)wd&N@!q|S^4(-dbi8s4$Oqa+rFCt??6&Kpyq zce5MJS6Za*K_6!2kRs-YG%BIxhIo4pQ(@&G@`h7oVcRa-v~tz~The-Z@^WsnmF^jS zq;xv}q>9?G6Jr#J<1vglu0Y8(6YEzE*N`Jcewv5Y*|Jn*P{pV?^hmPx69PqtqlVls zv5L_QjP^mZ%^mPKPTY0W_200kjvuVJ;zV`9a%{a%^KRT;zw8}8?XC6M+w2(SXXlj9 zm2Nyuf${c5czRGZe^yAWqUL+Q--T}ynLzf%K=amJLsZ_(u05v4rFiqmDdK=~9(N2} zgJs%y9@RW=jL2(3n-?ROf?6pil1o)fQZ-?;lC}bL(+OE9#45%~sz2Vuij?CYuiIWf zMeBv?IA0$wQWb05WsnW=kU3}OIh z4BtM6Cjg+SGeZ7)=SN=j_7bY0d%%biYw%{E+0QQMshWqh81&sJmBwAGhnPn|Jtt(q zttyS|woY`eAv|o+E9{CT6~Zhz{DV*l5)d#(7@f_W#Z?0i-=s9af1sYJD{Ev&6igdF z?t_45m;mz>vOaS;$?af#rCt3%dHd>rsyR(##N8)>o%Lzklw!NOxBFHsIN23oX6 zZya(FYIBd0h}s$KWO2B1dr}$dKLyQHM1OPHFq_RT9w-yuKTBfDyu)BR-w?F53IsC_WuNCyqwk=qMr?nEC8 z0x@!#mKfO+P@tWG3100^We!#QvcU_&$VFBy6i%Lz5wNOQT2w*@XFXz@tk8kd%_Y|N z)jZ>G8c+Ko{Tv39E2p5tVQmZjvc1lRR%=Zeyuly)1OU;=DsnE9cWFO~7WB#O7#d_M zNJUBAY|5v%`S)C12o`QYrl56w7xpW>M7>wLG+;_I2=$VQGO)FO64D#4%(Tk>s*OnP zz90BO6lmIhuH|jKWi4jkL#SB=ZW$AX9xca3iBedmnxD(G0iZZC3jrS z4924hyIbG`*z(fK4Vz}uw$XRMAaK?h`?#cu&Dd|4k)?jv+ZEjryjzH_O5;EfDTVYX z;Y=tLqPPWc_IG>i8@>Tt2fhB9HwS)cx&S3rA0VMkN^l&Pp^7zb^Q_h@JpX$k7C$|A z6qaU#3|V$iVV>ftKlM$raEI-zYb>VexlIJ_W7K?96;!Q3wf43{>V`kUXeDS8hL%&Z zP>Ps2{z9HuOQQZX!%XB8;X)0f*wMuWI~}@q04ujzTTRa{X&Zn_x^5hB2bYp0DLU2m&F7qI6}ur4l7Yco76p56eP z%PoOeJSXSp{MArzo-@6NtX0mwC68Ryt}c4bl8AQouD+fP4b9#4^IKOJ&2TQRT%MWQ z#AHE(+f!SgXEN3EfiiFqPjD_C;gKIKZIRt-TwNTisLz0z7^oE8&9%b{kwB_CZmhfm zA)gOuydP&XO}u#_GrbzEt$8`6b^@!tx%gpRNrr;8qeM}>9nU!H{>C;d0f0yACv6D( zjA$lChq{l0C>jWaqRSWpX*8ljhg%=rjq@s2XT7ZGg3_(E59$3WKl}C@OGh$PumQ}X zdHTQf)JtQ%@&QjlbTV0iV;oiGVrp4-dXwlmchxLXkAf^3kK14pa|P?@hDuxZ1LJG? zUVoEC@J@N;Vt(#O*l_KZ3O{Ci-9;IirjK%I*;@~d#ef9IR5Tlz&=NGT>HX1f(v+*U zu^bcb5StT;(h3_Wx5@Sg0!|dY`Qy^;iAA9K7*u@XiW{5V3SSMfz;fCBFV`$wm@NmE z?<>|FGynk0e}0HGb~85Ab+vV{GE%3uMBolOy z9vNDAT*yd)sFYG<{ma`m0h!7s&7}VpUh?4M`LcaqR62?fASKnpRJr!1W=#xU#IvfQ zfkVo&n_;Ooq+%)|W^EMPB2y9ySGpJl?RowpVz;wF1_S12t!hjR|AzJ8DHdcc6N}Xg zY{QKlS13b5KqDo|h$aCQoP^=4wK8Q@;BS!^>5+M1edK*Xw03%og@dz4HW6Kj#)75jQT5cYZk={dvPHW-4go%YU80FN zHa+U=K8cOHAOJQM_rh=n_WDPd=D5CtG57K+%U{vexVS1j%zQ&FL2hlotuXrO=8c=M z6=TY+9^PIKA*+he(B=mzxwQLUKqjWp?yM3s>8>wSQ)qd6+N~Jy0)(3AqdO|8m3`?^ z7%1-e))mG);g^a64=5=XG$5#@(OBq+k&ogVFsb|{)+!wqSIMPfHT8x!ZDkk+@Pri&!( zE;s8aY+-x^ed(LC+}(9#w&)YMX9-(sM2%s#YiO1XkR^P-K$UgSj;-_r9%i);0vAKAl1-xw%qpemuRzxRBs>YkyXQ=wcbSUD}jSI#K6 z94mZTyo8y)<1@B4tfn^Vy*|{*J2X(6*wuuIao$d_qLnl^o>Ub8>8WEi7oap-lBYZ-*j-_mqiMpdYX|h}b8&3-7(Kcv zVl;9gagNKVp68sXSKfIWcV7Kc=EPF#g5c>Lp_S$(leW(IalQTgoZ8z_Z4EB0y;m&y zT3jef#5TH}c1}{4E%HaTr0jDEx)O@M+=ourfN5egkY9xHUGCV#p|f_*gdU&dlYaVJ zYkxc%u?aG(KrVT{m44dqA~Qa|emO(gr!q9yps`{26(3(;?{-i749ToywLcU-G9%cY zZ-uiw;l-iQy-*{7ZLp)@3zQg;82-w_1WmpiT+ldmH zom2SOsMiN}L2vBh+Inpas;}?1-JxdzRMVgHI5C50c6=zhs2`HkNCs}3iJwqz;%|2j zgG%#s46KpDIh!o9;H(8j_O}M)+igD%(}5U-Y1mqwNG(=vtLA;+&w@9m-TdIOh6AXC zRkF8h&l?_QIM7a_JyS%f$JvhWeGYnpuez{k`3HJpJ8)&Fze`U#+Wbb6SqI@Ns||{Ie>@VS&WDO4Viqy z{P^*|46FYzh;pS)wS9a$qb6_w0BHa71^Hhsd65{F-EODJMM_{ZC#zTPfq0lErWmLg~n)z04n7Y~T_A~Mkqb;c(v z_1T*J3j-OoD07)u%O|aK%Zd3)q8U-j5HZS?Ntu}dIH}wrb!|*1d=T5>0u8>zwraou z1)5QYuHXl|N>-DuQYoR!sQ}rH2A3Goq__+6n58K3yJ;Lpl_^(b(lqn-YluVkO@s5* z2$CcE{Sdd7wE2c$Y9q2W4aZK6>eeq1WzIee$CrB;abEHqs=8+1ESZG4d8tQASC6y@@IM67|iQ6$k0Lk6r?5+B{`vbUIv` zYnWbg2Tl8?l6Rq?j1a~|Rst9nqMYH5huzDZj25|FxPX~am7dihTEwAYX~Vf%b{;($ z#2qn0@8JXVp|pIVA~yr{ohJmM{vw33TS`3g__^y2(IM?gm zJL0exyu-v}4S;UIX15VL5FT!)c{e5Sy4VO8EPwR(D2s60-B~;0J7gR*D7pYUCDPA9JHyz8HM72v8pJ72Z4jT zHdPR9aBFbAGYm795p_9>2z(r=At1LJjsaOjdl9<~z!MxfdC>TXci8R+v0tt;sF4{1 zB+Y^?itp|XlZWwh7%&5zph*yP$eBWpamVh|BOg+fUPKIEpX$++6cLTQ-*mnpLpSa6&-`eUfilow*6;|qT}gjo02)(Eu=2=bP#&~<0645L2^D<2n- zRgiT@uEIK3S(K9>oPcoxdyJv#!zDwr$(Cjf!pCwkx(-u~V^aRct#IS5Ue8bidtC_vz=}d;0hH zAJ}8;@tvQAxz?JqoB#8jJes*hXd{9E3LWQut(tBg+=%%ncn3Xxo!(XB8)lJA3tfY> zNWFqcv3<)oPHaq_bN}19w;Tr=pwA;svPg&1oflsXwDtf(V!PX8Ce$i#)FOlU9<@0( zxgdl?VQqJHI2(KlHA_L7U|&4mSlN)410c#-mP6Mm`t5vAebQ}csuRzI6t%gchfFGN zjLl#u4>55eqgUOjRBl7y_>z_%BAHI>2m4n+74gB~irKhAk{f=`m@Q>Jk4mZbCOMDP zji}isg3{o6ugb5#Pj^rRtwnW?J3aeB)Q)KD2K<@dbz-rQ4g_Dha#>f|#Nd%cj6Qph zj_* zZ!L>2<*FMZ_{=g$NIZy*D93i&{i3klXw+H`v$($=it1N;#>*r~O%j`>&5u1jDe+HB zIx*gjbq5@2&x^!9^u|qu|6KgefK(PSwJdCDg3~`!_IdNj8_5;YnaSqUwm@T& z)`9j&XV&*y+n$Pa0kwgzNx<;J#z4sCcC1qxD|yWqO#u<{rKTcE%Hy~z?(S?C?(l0x zGTSCF9gh6CV3~U~AM9KH(el3Z7aP0a57XQ?YO4?RIfC!4*Dp)Jgg~wZk7!Dc`(s9< zIN?9UbB?IDNnkk~VPe0!pEPX16i){gS5zcrZmUInFzF5?Ka<~@IR|UweBZrbZofO^2c%orbwL{6-OZL?;F@g;AL|sfh|NhZp_A8OugHt|2cC2F0VvRx z>gLnZj3Yd!yr&%uZdijN-;6mIoV37xoaD4xYx8KgMKfk2AyK`{>HL9c@oRH1-okPW z17DOMoQp`@BL1Y#>E;=7cJ6~liHF6sUgJiH4yO%x(@lhPJMyq)8*uTZI!vZ=7Gg(* ztQ_?*@J-BgL71m4C5V9GjHh>75UD35&YM3B_Ampz-LynI^%>T8r{D2Bc%St$^NCUH z549N3--VQ;W|+@^gK4^916P?qx>xK2E0o{1Yhzwe(OvM3c3#1DO>=+}kOj}uAEbrN z0@+2e7eM-lGZ~=8ujP>zHdG%7v3sm#H%DjO`onw#CD%qxdY&e@TMyp!QMBQ8;7h@? zCF8PAfs^tUgiKZ>Uig98pM^V*JOAE0zI#=5FzWf<&$`oFI|mv`ug1-zJE|A%A)hj7 z7O46i=*M}TWOIP#3YT#3B;9$(hBK&b64@!kv#4386MOV0p8S5Z6s)~%`GMA<7ckmK zfwXm2#rj*ln6|@q|MPRfmV$n0sb*c|kbTHmsLFZd^$a7uezb1p+63{pj7yHEt0Q~S zn?s^{(+?=k>MyF4d3r^eb17StEBpFI%{?=ozrQi;`u5ZJ;csIgG=spEJR()9=Y*ok9*E6ye< zyjgX^kw0c4-6yMHcVn#)_VDxG1Rioe-t$1Vm`fX;pfId}pOIM~ z(m1O3H(s4TNeh9Swn|As6GH(v#O0#L# zhbiQ~%Hc-iFYBLSuk$FtdC);6yFqmU6>%G`>5;o009wa!e0c+zH(({%;0boEcB)@{ z4PRM>U;jyUe|=O#{Bvl$bl=QPC&Q&`fK&opYz&!OaX8yr*;%>%$Gt&r;{R9{U4U9kO2dfo*`iUq;>S>ZTXL220l1$@ z(*rza{?;y{UeU z*i=TFf$SWwXyiJD1K6dqbW90nsxXn;x}Ge~I&Z#iR&JNqnlvTUqaRH|f$36p@Mmcg zR|Uk=JCKT&C0tSjlTsuMFd=I-J(Tp-vm5#MDI{$pj~>Mv6t0A~ZBaXXaz~nqGc`U; zkT!xfeqNi47$(~dj$Hyyr4G0%19t|(3D+*)Fp>phzsfM1c7&JrY{%@qZa+#W|% zyMa!$XRuNQ!uV1~l!z%?79FlWNy<5JO9|jKwi|O~tAe<1b4|^dk*-bP!MHXsHzIaE zDS#)RUk}k_2w*shj0-p2Z`xHEZaej5ehdz7y@eAm4!DJ)Xvem|4~)Tl4$4Zfi?BPl z!(s}eC{W-RbeRH==WYjS@HX%1JC(R`qbtYg5@xgBuhTkD?0^_f!K7ukE?v3Z)Y*7O zzr8iMk_zASAc+mjvjJD{^Qmr*3{D&Yf^S_<2EIQ=^&ZIOUw7Ebx$+_eyx+K>*HGX7 z)Y#GOuzx85++5`Vpvd*t8@vAl!~ex_$ShIVVTlPTZ1zPn_Gu}NTo`W;tu-dHqH%$u z^n6~LVmz|iZiM3u=I0J}dCXF@E{V@}*RO4^**!a4t7{|T#f@Rw)Ez3IRV@#5oN}P) z&^awsHta)!Xe^3J0aa-?Nqn3Hez8STQ6#H9SIS;lGuWL(el1YK#%IS=uxwc?mk(;K z9J|nDfsh8^BFUdbh@jI@FH426LJ}kSn{w-}R2fFvC%U?ghd(`k*4q_<(Zee!49XIp z){~Sw!1Vh~-J5B#bnly|jr#gyyuR0NUR8O2Dtui@^IYKZ zmomLF=m&~8{PT;Ne0$xVW9U|42YvRP()bxH+A^sxZPf;SfvxQEZt_8j5EHc>%A1=V z`#x=GzW}LM1U~$dG#je~KS}HpW@Dn*?pMXb#Takk%j9V}N*JDM&CjEWCHdMEx?hra z+~fCD>|%>SqmH_~b+y2mW)BXJ;ml$jhL#!uO9ubm+bg0&`$q#lzaHQu|G((%U97y# z{*`4lQ`P(9?9(?s0Q{u9MC!^2>uIhK(JI?+I~=TH5o4GME?SgV%x=86q-<^OQ$R+# z_Xkjv*_me-FU>Du5TNq19Ts*Q$QX7Jvu4$jL`|lj_I9i0(n5aaFfGIAp4}o4lylN` zG+vjABaTtF`S=wM-RrMZ1+Up*EvND=b zxXu@=7PCp<@fZ9NS`euPB?akiuiQu}F-e0KSGoX4#q4PcRb_kg@8cWzbH_U|i)Yn2 z1ks0IoC|fDF|Y!BjF~$(gU`j4O4CT1)Nz^MDveTDErNI9lS#K?`?J>V&`b)n65Zrv zZ}blzi4=7OA*GCEM0uzSsZ_Z#Q^dIu$TWxdC*O^MHIwh}$8DA6WHa&y&wSlA=%Rng zZ4309y2I~8udQJzEhGteuDCc7u~3smRblBwy@-g|xhL5spf9UMv2S@U6R{m*XvL78 zCh|5K6={Igg2>C_b06*hpf%8P{z@4Y>Wk{hgRPhp2{DKeK2F5Wk-DSb?nYovfMG?# z8wd3~DF>0SW4xoY|{RmHY#_^*eI+cwdMD?$waJPCfEH(o$2e`1c}X!$&e%dy&~PQDE=v zC4J4hEO<$xB+!jIX3J$_JbX}DzzB;pP*|Qt=Gf8NRzqfWFrvA!F8qOMy4wu8LdA|D z^(@|wElIo5$mjK2v-n52*DXiROs7?n_M%`Obg*=UW~8Ro}fl6JiF8*TdfD>7>_sd`Jnu zg72NIO%B^#*xt@LNb^%{xK)*@^96v2Bu?cDBLVgDF{!R zVutVb!M+wx#?_X(m>vlVYmxc15zhlDFsrcyr}8i02-=dVj5(%(m&s)z_29T)B@S*VCWB zbaoQx%`;%Ae+?;%nSC(o;UY{1)A=qbz?Q}eBsVNKL9)=Aa)%tc;QCdU)CI5x_w9@( zQbxt>cd7;{sdb4S?I^k%&=POVoXC6*;P0SpgN9C$=uqm8N z+tJ_xIi-;KFAAlMY?ImvA-0#-jSHc7FQhz;7u38iGh3u=!5n=yQ?QK_aSFfX>QSrV zD^+|SAchHBJm4?0#b`qcn6@QoHsd(KNBAzmTtUkGE04@Dpsx7gmb|+g$qZ#_y*%ct{6taSOjM=>yE2^*>f!+5G4IZ01t~rB^3N@9HPt zFkUa^klmNOf*?u?0ZaT$fmgBIsT>e5WamVLz_^8d6@rTiB)k1VDF`fQKa!y()Vhfa zB6W>%zR1OYJ>j#=Db!FgdSIM0X4v3D2Etb#c5E}3=dF25z0F|cLTBGk9q>wv6dW1` zG1N#{~rg_toF|XFFDa5;W_<_bqIn!?I9s@zQVf42gW2#{{ z+h;AYuh*NFKHdjRHN)CvgD{Gmd|a;^IJI+28VvZx`g^QX&p{*IMQtQEI7uFvhbJz; z1mgML2p>NdCK)y;ciW_Atf^fsU+sB#Ps_f?_w#rSkMD(b?l@($ep^{Rb5Nqt3GK); z_-$}#Fv5H5J3o8-oa3kD_Mv?_SB7Zc8bVmN+dqrh1##z3CcZ*$!~ZIPE3SywnZ5S& zLpp&3n`n&@KaKUAqp4~&?hLWvf!9J1-(FGP{QXlauDI^aXa@N$=%=ZFw>MD3y>LBY zi}xq}X=mom4gM{oc&lyw88dQ1baL_4XjDGH>sh4l6X+imz<=)S5&i#%$p5!xJsqbH zKMFu0fdJS}r~L~*W9(*S>uP21@~>4yuG-(UQ}|~MgkP30GTAS`=XNy@#-amCE_!bq zwCvWX)g+2}r~BvP1vvQzS$+dsY2Sn!eq;?zXdt>8UQcV@aQO%&t-&m~SDd><-V4#R zp-P>~Ik0LYHg<1A>gn9tLpL6+KG0X8AAKj6sJcVJ53VWt{&8rKyaNS@hIE5iN?cSz zqWmBNnx|M}Qg8i_CGufR$R48tlxcL%e7Rhg9F<`7K$KO-T}W(%t3 z?U|1?=LRq#9rS6ORd>h5QUW5^@(IL&qdTNt%$@v!?j#ipI*Dr+(AAJz-YKlD%D0D6 z?opyy!W_J`Qevd;zS#O#-*Db$>}(xX z$vdeIydtDsEW0&O|De_Ki|~B}6O37Y1o@+Yc)9d-1r!hf$q43Fl%H{-BRx_u2(;D} zC^lvIZZUJ~{NAMTeT9TnL%8rH_3>={@IzS%I-f5SNwleCD0d8ZaL)YFMJc9h(OT5} z+0|E4-6a@8WF{mcH5T8c1m1(2(FqSYlDU=Y0`F(DvLxg?cA_MXUK_}hdl1(&XvV;n zOcH+QA_?M@0jHWytT*9Q6Sv-oLq7P7Q*>R2eF_)twbx@U=)zr>&f5mzpXc#LwX9Ev zEf9sUbP{7fam?7^4YuzRxMl1toC1fyJ^7ZnHPta-U5Qwn?0{X=XTz`ezBer%vi$l} z5A$IjlV1twVVVHgQ{J6$eg>K)}eYQhh4VrJY1&)rV#ih%153F=iEeg=8w#VHP zBHSo&VM91O_5=MPE8>p`x~NKC>p3u6BMy3R!^C3+&O07Wj@v+iuk5$nZ(ujYMEvOs zhz7;O<1 zOCH^S@e2qD9esBkn>1;tG7Jd3>gl47AMQz6<{X=(d{Itm!xfU2ecg?@cLM1z$slXB zu|)@{M$Gh(fJeZ)Esa^0<+~-!ZS0)J$$=q!h!N*mBK2{s$Fd>Y=m&goYNqLaBTM`m zAdxQ(Nb{ln-r*KfK6}|0axPP)_dj*;B!CsNkxezotq`8(GBW~e)I9^Zx+b@@_+Ka3TcuwY4#nBUq^zFkp zQDp)Fs5|#Vjf6uyx)1Hu=(Sfkc37oi>wdgt7?VP8S(SSVpt>~v3x7xpo?aSR;WD!m z`jwb~)D;6hr;kQq6jdB24H8BZ-|302P4L9Gu2=uA8pr%x1uf;H2$WIOr_p_$x;qo% zDu=OX$oH|B3w)`CB<=^cja?xoZZhdB3?1nQm_pWBDf_Z;Ui+b}Ys_U-@B8d(49Sdf zh0B3B9$?#$sWDWaqqdq)U-Ef%9C4ICBy7eX#S)pYE`COS$LuLpIP_l(P^3$>z>*C3 z)3={Fut47ceEVkro%R2bOX`(sphSwn`#tdoiG|L)`89*y#aM z5HGb7w=Gcx1idHCG(6@5PafSaa80syzuOZugR!tTpA2KKL`(<*(;X<)6)_hX;#ol| zD9AN94x-BZV=*?FCWui|PyP*ehw1#m*=ga06m$+)xcikAv7;dAX!-NDuaRw5S?uih z%vO9{eHi>s+O(=hZ9lR@E$2E2R|LA>FbgV8kHFuFiTZ5@@Ls^yL2l?4GFOm28y94k z>HE%pC~g`zTb0~v{OIqUxL_o3^V1fJass!~7gjEHOx6@{iKIvvetLWLhfVlpo}9j6 ztlsYpI_c)6V;kcp4G`~2SG+Bza=;8s!PpA%F)@J*r8Y@gooY~ztV7cN2tI^^S(6d2 z`NnXIP`Jq39L)m~;-12wu!L-gY6rnBGyCy=*4xu~7)=fx_Rjhm%a%t*3}MHwOGcPS zd<6b-y33ytCbK<3Y}O-v0Vy~Hs-;Wm~i6=NMvEl zwf%Dy|4-VW{)Ez${+gT6c)>WnZ)%aT1RWd41Znzz(guA8)YR(wcwC8GOuZ7`4<3tj zJ}C#L~EV zNmNnv#g72LqkRdOe&SCV0n`LZDD!%OfmF|D)W$sI6N(e$$$)^hBMYX9u>KJucucPm zIo%k+f7HN#Pad3wyyPPQGz0?z$X~c&{vR~_FC1uUQonP~9|~xXsuej&uCTdy$*5bl z<#Mc-QzA*@)FwiKWz|>f6s9{pEQQnN-e=Ch#Rk0s(h4XqYH@6Aw@xI>r{nzm1~7@b zP(WX7TBJ#1d#375VBffuMNP-7fPF6*TwpTN>AKyVmW);bT_PS!xe!p_9J-xYlWyB}+>cs(^b%FpDw1z-R3Uo0mU@heS zl|NL_n7qa&ZZC;UlNZvX@&AIR{AkbL?L6P zjQ|0~gcfOsxcL=*9J~5kX_k)a78P%(f?%=wCNfsDkF!y6JaD!l>s(&f!+l)<;L1{* z1Pt+)#qHYt-&D}}bD|Ixk=$arG??qSygJQB^Wj_USeCq_73LT*Ujt1!=|0&t`cYI(nLqARe@DU2Y$6pX9`wx5=xU>9gp96r1Js`{c0TDo!Im6KO z`Jb2(=Nt_O$3(Nb#3B21#Y<7LR*@bGoAK);-@%-Y+?P(`oF+p`)7%+xv<2x-2B>cY zj#5_sVsDNlMZ!lM#}0h_R0nX38+;xvvxGp4W)$^mhS$pQ?F+RiBj-> zXprJ#J5ox1;^3mUpl_mcR@s;7?+p!cmwBNI+a=j{X%2$ScR9{gynmz|>~ZI&Vd$kk zp;8*GCRJ1{*vf`6W(Sa4)A3|`ja|7bN;BqFwZpDbMr)jTZqiDypQCq|`L#G1b8NPJV4fv zHJV1+BT_MqnuJ?lk|kp=&sl7ZgySMs)lP~v_jEWQfe)(DUsjygb$4I)2|!3HT5!ZW z@5@6M0dYqE7evhcK~OPx(s=PH+BC+t%lD?Djx;^1vQzxmBavR_;rMmcguCzlCc%r= zjx|58`3)JRKTjEk|H-ERXD?0l7n%_h2Rl0>`~OAl@$axp+mDQD1wbwg@~_o3|M)q8 z0HnE<#lIm=P2S;v<8Sn(MuZ59E;Us&LDy~nFDh#`M~uWpLu4>qfUV=uM2U=wdu-UJ zPXt=(svQHnp)~1Cmlx~3#IH!;zEo>O?Im1Tz~T3|k|U9#TEib}aSIeCGZz{uRPY*e z<1p-BoO4^cN_4oe2MsFXlu-P~8Hk(^oVcPFXA$-bcvkN~rOXOhrLYG2wAr9uw2f_q zrDS^TaQn@o>M`99?!i)~jC|p-tdG8cln16&KYk;1yrAyf8CiEvI(hpLILNavbIs-K zE*^I{(d3NTKei~k6eTbX83`Qe0lsnrYNt@ij0)Gbyv(gJ)c28+RBxC@K->*%k$gw6olntv? zi%XY|cO0;b)VNoWtAo*>*D%=^g+pl|lp*UFwLjMVR@EGl;5J!0yg`V7Xm?YNwWP8m zHd3z1`F^`Bf=6JCF)Y$v#ll>yBd_jS6&rj%sUWN4YEJ50)hh4n|H`nqC>i1{X&M_K zB+o2ybLvZP{jxLfMfg%Tl&gP_e{4o-oW_!N(kw`jUp65PPljm?3*87A^mU89YgvS+ zCh**LIBjSy6~n*Y@@V)ly|bq|{!eZ`4AhqjvKu9;`c(N*#yK#x{0yOD8y zTI%w4_}hJ~*hmp#Q6#F0Jo#^~ftZktA-fy&-umLY+eEf_S#jlcTThesB~hbh@EPlt zb>xPL8&K=kYg1@x=;EGe*FLEyBDG`qToIA+fVb44suq&u^A$_0Ye!}XgK3aw&PKJ8 zX48E04-=KL_?37>H@!!d5b8O#MnmKu!46I!`nLA*CK&u!NylKu#8w14jHYe=Pw$=2 z*9NXt1tzRPnVx_ z3ON^gq<51g3V$V2zb|oq55RvMF_oInmOfV%lMH|#e3bV9>K1F%8LldbKeSVBl3hR6 zrd@Xf31T%WBapA=pDCx7ng??pL^|6gWAx&nO8zR~MvN&c1VpgJOMuZSXB^Ql(0B?;plHX@>rcUPwZYKC`@G`dhg&Xc z1CdIbjNV$*@N7Ga>+E{qi1|vm_NOA{mrJY)DWF`X0L(M~3e)lL(cnLOT!5f<;{p?s zAB91~A|xc1Ek5DTZy?sAJ~4~V-7bWpoq!pDN^(jt!sm4v8n9C{qE+L`H%z3pN!k zF3>qB);#DdV!N$PmpySUk8Duut&d(7E1Df}m8kPzi1W6{RSC)1rjTko*hhw)^Nj(EpOJm(& z%rc}>f-b~Gs$8zb6U#@dU(LZMOwt3M==3UID429c?k&;j0T z*EUx?MA-xKDEIcZ)cbK^BDr*#IIPN%vD(RIgR-G2S4y(yP}WO2Mw@XsEE&9+GPYqy zt*~2$BSn$8H7Yk!HJLn`hQd*fzLF>p8rq?N{zVkI**u{f8(Ae;CFnLP~5zD*; zWC?eZB9?6wASgr;;4*8lv4rTm{|Jj9#rni}R%Ct|hrqEbChvMhCAIuYWmfL^gZcM+ zv(sMt9I9~%8%EAHbBCkiuMFQz`8|@GnRJv8rrE7&`L_rk%H;zEtJ|?>X!A}<)w2Cj zgNg0^lN2NAf;QwAFM{UOs@d5zI0{|fZf05n(o{j)(D=u!1jtM>hveL25OSxcORJ(xMuX4=O-?a?d`ZS0nx2Axc(9 zWYlczrrUPS4N*{)HkC?R)%{gC@LXx;-PJEHQ$x3)apX0-qIU!{Aw)c7MKKA$4J!n# z&WJL+w-}ki7&zxhw><;fz|;c%8y;lpVN72)Vo&g>r42Xnu{+=xgq?+FJCD_%7UI$d zo1AL%%g&hKqVTRL)|;(7kk%h~^7ZJWt2}JI=-QR>wP7IwyjV7E+acGQ3T4u4o035- zK^xh}xXVNK`oEGcj~KcgKv*#uS~t!poozLF@vk4$DuVMde z>t%5G;h0^cv1XiWfL^cLZ`+=6a^c&)yJazk;c-iEFl7QLp7TSVyP@&x^`I#!x54jXzW<1 zdJaTB!2u;b!0}jZP>z&h=ZXFt$Dh>iBOD5O`4bcT zukn%lzlZ1l(#rkc2>E{_#(QU06Use?b}>pw#~N`v1?TGTmR4T{gZW z`(p$Q6If&w>xRoD3pBUihbY9mSopOI8hcVn?+JpEST&rOZ$HAq6bJqE(J*elgS|TcG8vEV5sD9>-}{_)1h{6>*3tm z+lxP-Ay8A3$;Zu$qc^X&W2ns~L;p9zXP!acFcGu%cfbuJyH}t&O?1f=mn|$cBt#MZB^0A}xQHR2> z5Kw*u5Vj$uQdORuf$~-|$N)k?cg4{%CxHUQ&l3V*3MQu;!s3Jj_b$qadtjKKs0zNT z0e6d(FSMcgBJb~PLH0AyT+q6+K68*!FQ0=RhHNy?1eA(g@4S^0WJ-MFWZsXEAO7z0^@8nKgm~uMK%$e!y59yL7y{Hd(e|2@eFPIQ+Q(z7d$8rb2Vt9 z3mu}qnoy$pCpXiz%4kzONr6~#JF+9FN27!Ie1R>6W)byeY^nYMPgYk< zZx3x*|AC0TDKh3@T-@Pik?G_&+6JVqHtiBmiA-INRUh^CO5?ukn3JI~j6s<%%0o&q zDy0FTh|I#K*ex?(;NWiuH(8!feijF%Yt~upCVmpXx~Z=fo)fGTNt=Rem$fc*LY@sC zHr~a+cs)gq@TOz1uH-#u?m=>KzZ|{;)l_Ah6;8=Jl*laCsXuzvIb><4r`KNl<`ZfV z=EJS*N?4MB6(eg$Z2~#s_v<=q*?j|Z%)u4VYQxAkOW7t8twg%=nm_?9zG?uwo>MfKED>JB!|yS8D=!d`QyL)rZ6AfL1ltB7y1TElmF4JnJb zC?)m2&EReFqD*+elESCmK5ilHQt&W4ULXr{Qd*l!A;Gu~gsS;EC^ zSM0&HM7@Az<#G$)vBT#oml@8doZif~e~?M9BDWMR5^3^`B}luX!#5X$-5WXG@B9&If;OULjyfGZUWdlkJ z@}e8Y`hnx-`^;#cjG>Yu53f;cV`yywfqRSOR%(Ox5~t5lnF5fQu`<7_lSxfXSU{KH z4WFyEDW}5=SVrm)>|QJ?Gu&-dlNDYG%j1r;weNN8YU`lh%AtzxIdau3IM}}TP~gxN zU5)UT=Xcuv-TeQx5sl-`)U?68^htY`~txGgNE1x^qs($fTX<6E6bjjyA za(#i7mMymp{8g`7)5Od%RNCi}*TFO$QZ&K`zE{bvdtE}5?i60s?L*NT2lK-}=bAb1n?e%P@0&=&JgOfwdY&{u z?2c`G;&X~_J6))mq3_E5EKZ52k>IDXdH)#T>~@tx$n^%#*)2XZUvM)tpMwf% zHIlI~%R*2<_NEc!mtgXcyxdn+%a-se#=(U4AQUBJf)1adpIml20aItsdyVj&_xe6P zwg28&yG6+pHVVsfqyl?|q$JMjGoKK(6q+YsPO!}NH+ma<&`{S;e)J9CTV+N!Ex%w(jFoU zcdUOi$pLPa59%G>7BhNJGPtqEMP7BMWk`t z(OEpsi+RgK=pkU5++Xi^HXPwr=(eW<=BFnTJ%zlLE$UL#Vh!lLrl=WK+GdTa%QUyJ zn%5ePY{>A386RV7upN1f4UUZe@hiVz4>6N_+G?V?J6*d2|{xGAYm-v?~^KLVp_( zf@gX*O*UO3^eY4V2;S7(Wjfu-XCB6^SvTmT*7-L7IEE&G*om9nZ{B#gonYKFs#lr6 zB7%Ds%RnHb{?u#xD=gdCSCH)UPc17^kSg{tfI&3?FsOgQ+veX2vj4cVh*Q)1gGBY^ z2pAR-0;YbHo^GLvZuY6fhwI7=d z!KeU(9^_gUAm2BlV%MqRs6}!ay7k}$k+$UGOTe|XUInIr%Y(B#Dzw|0ei?vk)7eC~ zapg{Zb5th7sf8Oz(K%*uFU}kwne;}#(kN~sbg-jf$JX zN5kk@9){kCt*T+ud4R(&PaeB$e03S)%RfQ7G72<-m5wA2`$yX<7t@91la%fI_;&ON zV_!CT6EOVzhD;l=> zsuybtU{}qH$DT2+?ZomYUdr7UqUj}KdvIBHe^6gd=K0*dG^xu!1UN!G@>8>XK%Q&* z#Lm^SQt{`ycSlQjJ^Ptlvbr#3CL0qrgfbhmW6)H$+g!Eqt=$9QBP<73^QDud_r!-2z_@ISOUdpd+-XRDq(U2j@ zkw4w_8-5u+$5KG$utxI~cG~YJz2Rr-F)m}@@gQJjSv9sA^cep}8i#nh(J8!|nNJ8$ zhsxw&*smF=OuneN9gwuGR452zTg3(QHL{E1jJsA3RT4)Q?b-D(yoF4xFs5u1$%T<3 zlzS!siluV1m6pz}Eh@Q9$RHE=G)8EJ;iX6|jUNAIR-4B~$Rk8-1o}Q< zM{|i8DG8ZU+$%^alXHG8_7djKD%dzNI?Iy*Jjf=WJD&vcx&weqLyNGLMYsAZh2;1gEs__0I z>18!28J)&F`HYJ8UV}FK`OksP-zO}6qa^uP07}aXpf~g1aH@YaYzF@eV-S}toUq6T zAhV|Hu#QryqeHl^B@s(I>419}*3mSeoE(#-trOS#-Lo_*K65j=>Y3rYbQA z`x6fZV@Q=o;nO50`OJt>u^=vDo7jsAvc($t_KWd}uvLfuPK(Srijk5(=Qe9Q)YA)} zR|dUma0w{>)%hPIU$NuanYU|}$#5ei=OOeF4lUeJ2A}-8+Lhr)RuO^(-z9n;NQ~a+ z36+Ko)Uo(LnRfCi4Fp5Fu@RD^E~DLkzGoQIPYD zB_u{b0Kn3xkLk*28u#n*a(QzCeV**>Jn~L9z;yJ1tlD@~?-_SkY4(Aie6;XPud6!- z%vU-f6LODWpj4eG8*nx>hy;Wyp)-~;5YtI4F?`~* zEm*;#m-6S&Mt1pkMxKZ#Azgdj0{G+bNj%EkjP~S7h*DZsBpDoWNGt5d0qv(618lvj zV^E`h5CW)SonlwxobSR3uV069+2c}uW;(fYMc;9W5O`UTw=Xxi;>>x^C1cbJap-kM z7uy3F4aOP7{KcBqz{sNC&0YMSKi{pW3>>JO&DT3t$iW838L2;z%MfDJJr~pz(o;*q z3^bK}FDGb*7zY&44oKmJaprm+1ZRYFQ|F=5VP8-D1`nmvCamF@&=J*muwYI^gW#w`fg-3|u+RQ9XiM(f z8Tj%I{e4DXNDRgZAQZv~ZCsAKdW%nWRnP#!ToR_D0WxI5U=68K_)A_-y4D$3=j_L} zLc{>nfoeoy`XRX^pVC1k9xaH+w%KbWImE#p z=j=>6BgOosrE09)M(}Kh6{xvKxdu*X~>O$lnE$(s<92QP*$U&uI*UwEuez z2YrAn!?zym7Hwet6jBTDztXx$f1Udxo*TIDjA5ygZD$Z zq@hl#QsJgbq9H&al-Dr&BZn|Sz!xZ@#&Gxl76q0w5H9r+?y(??Yc|Uitu>`}| z>7Un6h=y~=0pe$1dS{K3l4OZp?S4+_O2_ohu@(J?Iw-!dAZ=9}uSBiD#SYGrV=Fio zNA)>fqiKO@crS9(tdCbH{t^YwL%G ze)aNwXpQz2W;X{4WHaY<42qimNGzsQiUoV|;#I*%W^T@C_7^-K`P?JCd*sP3HK^YV$#d){mMQY^Tk8kU%iwwg zPcN5$$I&I02yaG0aq~Mtfg$ws7Jpk)Y1}&7(1D1ZxCsFwPvf3D=z1Bh$Jpk)!M@tC(LQq5*Mp5o&4??)xUq@sT#rsZ+RsP_;vA0fXT(Kj*2`rt zy#$%q<^173c>g_c3&CcJjsQk_=CFUsSKyyLlB1ikt(A-AzsBtrjg9yX4kW+U9%Gt< zAkzw!>>ln_$Qye0taaFp4RIteaC&7HLfEzgKHGPMyYgzag5$EHn9M-|a zCL^hRNXBhWw=o<+Su8#PBd=Wr?aHnSGuMyZ_k+$QfP864o@p)G`h5> zvvWeQeXhgAnQHnN!c(L)p_gej;Zwm^FW}8q7lnENCd^e}04?))D+Q)7z=T=dCjV@? zJfd0=UWu847?07g5o*u5D}xRN#4Cd?AbX2(&xkKSp?q?D8pPb?dzO41<>a_+bd?U4 zqTs+y@|hb5-tqv~d&B$?&>~t18Dowu>`Z>C5>0-Rl_!HtA}PC8OZC3eH~JM6Y~jI2 z39QPBelS4P9+voGzV!oE-->A}7)boL2-lY}crWmb@CA$_LnUf!hToRNm;RysL}(KM z<{~W`OU++5bE!o0HEcbxz(9MB7I1z*LD3$r*Q&rJ;%_`YP->fnU(i#Sv)p9Z1rRrX zx*lm`cCpnprrHj|qa4?>uJg6p1(~D2(g=VIpcw2WZ9Mlt=tsawy5B{*t@p!O zq_KEN@g-cSlsKH-+td)G&^?DF^G zFZ*EOY4-At@+e$@agafyoV$6gE=E0eimewA2NP(!cO4Tm{5^BN4>B-E&N{c*s{Q&P z$8*#ZSMw$DD=T>I_io}4-d;lL5N(?F)T8-z;FUoV@?_jzpAlBdAVs}BxJo5BH!=!hojT9cI~EHxn94W>W;YKD|e;y;D=D^(@sS)@Fja%ydgnKiVcT6=-X#- z*l0+i-I8B81iAY-V42D3`sB^VY^9>d(z2rPV+`x);_H->$^)I$EFO^Uj+%R4_2`oV z>xDy3XC+yu2z_CB&)>TS5$;bg7zE>acu84fR_>B1Z&v}Ge911EJvDCi|N0>79bCFn zrt>730}Sk0X@cGSR!6!@ZTg zYr^foF1Yc;A~EdrjB%7X{w+zi$LjPYd_Yp8?Y*5gj!iu+pnlXwzsc``7LLCcT#_A+ zB>K$WSmATun)3?+Y9djZWxV`Hoy*~ zm9}l$wpD4{&aAX;`^*3I%zV?+Pxt9_uHLI17w@xwu_IQjwL<4GLi+BgCZ;ff3J^fb zIyyN$AY|89-r|6Sq7kLAlh5og3h93xwMaVc!(st}Z4T2^GR0`*3?arYY>M+}S+$yx*IUf%+9b zR3YYKMs_${ZBZo{e+W^Ft*ft*n#&2MtecK6a{lzv+ppUfXgbDLe_u^FFnJP-4fd04 zHT~`fb7{W&!J`h?o&XZL^0a{YCcMHyJ*Bw2CX=%`g=b>V$yK&TzT7lj;5kt+IP|1J5(X^M zG-4h6r4Nv!7}RCO@mfkUbl+&umte(jB6>5f|KI>u=*=sN>Av2~^LY*KQX+gaJdr&) zbz|Tsa;rkhQiYw4hO{pnKFbu z!|NaEqZt2`!Qg2Bj~dK>Jdg9Q&g=jB^^Ym*T6*2?irZJ7UQ>1#1eFqa_4AoR&eibLkb^=E60V~2`R@M7qu1_KbxJ!Z51YAb%rIHd~A>E_e z)-*jYDnUNf!WyiL_?Ol0p2Z>y$R)SYYh_l&^t@yH2I+dgOe4h{Bl@3vch=T)y6R0L zqbvIwNqrjh8#y8v)OJrWU83AbIs}u^mRy+YK8OVl8Q&IB&a!ayO5Ii(Hvhi;IZmRK zD6W&`Z>!x6mY!%k&{}*7LsU|>yOVPp zXQtsrGW6;0Uc81EW-z~vKJMKzR%O7x#081Cw`Q6^cE8#=!1yW=QZ>f@Ipx`FLH<0p zKJrQk3w=s+b1@pA2?}Wns*~S$`D#ui=hVhOGTsAr_14gZApWqU*9$b3YX|x$mMF5x zCL{E#_~m98`)6e1PH&7F2K_XZS5^t_#dTsmy`W1xJECSi{=-yPSxe>RmE_bx{l<~v zua%>IBdNZQt52o^%R`6*d@rP!BI8$d?^qqB`{2M5b$VomQgfmCv|&Gd0cXDfqI zbr}$iv}RXGWx~!d-U0f2$MQ;$I3AqFF{}_Z7H^+}5xY)+nL{p~Gr=xF2?C5Xj0=lP z{!L`#9;{vA0!z6o%qQ zCq%QU}XjQ4ty=R$I>rXg{PY(XX2xBE-hA{3PhtR;=f_2Ml`rmCgPq3Wqo4?Rn z0MXcURcpH8uI3JZ>c|xD=&yra8l}WUr5E6q<5j^NuIutl_ zcE1oo-WEUCIk^eHRSa(lsV3JZYm5ISaV*()e<>+D%p6_1bTSsnfXlOoQN zZOI_Is>m)ZU)z%^t*ugho2UY;{JGgLy+DV>5j2LeWIVPIC%de?tAo;TQO>(j?>Dk= z?1@j0Zi}BbHU<7U>sAl8Ib^Gcf|x(9+USi(EbHtqkkg|cJX&BD8}hwgo?DfjF*fe8 ze8az~2P&g@>!nJS@GLo8oYG3nwB-xiqZKl-s{ zqYVZ2yHwqu+oKE9NCOPk_>#~g;SjvVBC1yYBZkh;9X{+mhVDK&hapyKJ)gMEZ||&J zMsM1xIrx(~+fvC}HUNV(CjrB=L69H`{t4=I%_yO25K%ltF9_e7_4rw7t`pR}CcYVr zGzd{g;Fn+dx&UYR^Yi?bZjj$P;Yu6CqJe!|0Wm8jN%%^`P))y#F?CqB7nkm8Z*aF& z2{ZJ<6gf{Zp+aS*G)Zkz-Kw1ucRw*_cdi9o-as(3)5WdWOy7lpwT3>;55@oOK#y+_ z+W42;XYKof{Bu*J?|1nBBqEmi%MB~|+YRdnhxIrjQ8YfRetT#rC6#rvG7rIUnvoc> z^ELPh)I&FuELsyvtMKDQ$K3>1GU6t4TrjFG)|(I)qM$Amz{<+WekmUqJ2pZii$I*f zvLHhLEN4zcqLU0})G%tk`K-Y9f`MYX&(R2GSHYbTOvm(AFC~f5k-YN_gG8oPph8y9 z3cxIpWo$?^7)Zx5J1Bnt#jrWPF>{~v&hLAUihYT_%S!zWVaRZ3QeLNNB!M7M4zFSO zVmQUAyUYquwwCIYe#88fPp;z)tXxZbA;+W)8n}bn%K{25^=Dr(E|C z>~BY`>1d!dZ=YRfOs#{gUP+s`*P5 zNXx&(q+?~jS?%er7mt^>0BkJiIBVvd(02;-8LBo9@4=W+_i#-?10d7x-lheNc7Vkd z9qB}XJMiCAqkpWk2>(?A`A>}dpKiG7Vn#M%|L!YZ|D|ch_eJ~fK!#T4#x{~UM)g}*fNQP851h1$c1e(3C$6V-k9gI((JLpSxgCI92zuwI7-0@A%Y=GBjB&_FHeJ-dP6< z%Sr$oq|Almh)c#$c*zHC6RG>&oo|+JZs7khb24e^qS61JIb9r@bZXhM-QOc5XVhFj zxjQ5P#%npk@;WDT;ituC4REfg67nX@q$+vb9kp1WA1iaWVJf%C+NTVGVgE5;QE?b)Jt2qI~9v(~4*$uAVql zkW=nuK8wGAmCWpf#X<_+KsVP!x%Ct%(nuqSDWJxzTf#Z1UpEz*cu8}XSFr4sa)jLI zJ9jC{kj^1V5}||&0^@}y(DE?MkY`otDyPk3T3oR21SmoG6>WzFxJM6|9qV6*Bu-XL ze;or4j1#4An&M+|M*B^u8VbS8D`)7cC8!>nzNjsjuP$Mxzj+GelGFK4#quSsLOac`#m2c|GEnT%;e3VDolqV- zXY&#ObwT}6AFy;!z|dDedKi>U*_vNrI~wM&Hcip#ONcXF^y$I6bVa4VDK&4HXvC@` zlA|V0#`6uYp7BwM(QHk%j9*1(Nlhf?6U1g?uRP8_mBIuiF;DFZtElCReuw-#9blr* za)~{9DdNVvS&P2=^0v;v<*nLG#8(VlHKDY5nb@Dkp3=%UnyE)qXv zM>=tXHK|apXTcnf+c1je=O3jsezKi{re{~jX_1)-!g%{Z_V+b`M#!0&;WtU76%hb{ z=HL3H|Lc?dpWkAVnwA452dXz~_pY>B5zuO}#32FPc`T*>O|S;tZ{LB8+cw2~E#F9{t(A?fqy-qIq6Zcj0b&N4uLIb$vwR4M3rk`Q%?@xXmfKO37A$&6A_ zRdxoZ&nv|li&673ifHzn+lJJ8GDM38P#+dNqi0Xt;oPgz1|$`F(_KV?+=euZFq zdNc~~t|&JX0deK-F~we^34NmTxf6;)Vd6bY0-?#jmdwTOEWf9I1E8eyTXTOZH!Q4K zGeS8Wh>Fmv7Ld}H9&(rQWM5^NSL-~JDgFXLZE2Y~xz+&3XL3^~XC@M@`OWp9CvPSw z8C?s4Q0x)>6&%|2(-TsK(JKb2TasLp4)d0Wzjw@$5**9w(L-(T`O-{P2vuMu}q~;UH}FoEiO%|+Q)d-oc)ZlxY=mI^5YhG zv{$$~c6`CYEMyM#v?;=OT%Clx{b7R~V|&Qc_(TljHHV?yN`Ys_pVg7JO5ILV@%KK^ z=&w$GwL6VKOwAAr9!)TnbnWTY^p;&^kS5WpW|MR)^Cmq)4U^1W>`BDu7VAWgaq?_gb)m3okf9QRvyRqVDV$dux+TtZJJX<|;l zPZ5>Yp-K324)l-QVy9Ukv7{v`si(AsOR4wRHKe7KCnMj!Lj!~%6>x~KF(B%h($-;V zP2VF2!*db4J_KYwBS~?Oe2I!Cac)UGvtRPmzw3;Ez~(4*;1g}Sqz_0r%GB_L$e@tk z`Fo{*Z4Q>|@k!6-qLYnsz$D3TR_xe&>B2}M3cTo_D2&Bwnvtk!BYK+)059?D2t&B3 z6)2bvIqn^_!O`CmU4S;ak~kE3D~?JYlxV!=MMUGCdai-BkGq+9U|W3%ZF?uy6E^e zlE;ym^e5Boj?mRdOT57QFl0_=&URV)qhpri---qEqj+Dg$}> zDdiM~e>hhMD?kW{QJjwlgWw(EX}yc&^M!;DkFPd2_o7|ko`5PG+*h?jTbTxDnYV#E z94Mjs;-7GC<{nCaox_rB?UfbWqLmOL4dSeey$8ouS$gM025-wxZ6~mdZ%D0Kzh*!A z@e)?s#sO_XIs``X;pz}fUWb*jXvo^O9RHNgAdv!phDdDg5-FKI@(rirAD$&6{44@i zES$mv`cna9h5|ORyQe@THnDFR!C^nQy|}dm@;rfcRInDTcJ{T6gV{Xg59W3@z~P~! z!OZWqM1FRj{OeGZSPg_1*3t8cU>*Oy3}y2h13S`1x0!Q&ifKKCtsj#l;8kA4e^AFi zhQ+zsQ|MAJxSU`gY5*jk3uvDL#I|0Aq2NHh=JI#&`f{RZL_<>@PQ(-QsE?U&^}wq3 ze=^Ze6vIfF%2L!icJ7X%vmN$nQ?XsYl6~{u_;R`WQ$zYQq!WI#%jfHpq}ub2lIvHd zVIz@i(6MYUQA56N`OH+x2o>*aJVVKjlTl~PrQyZb-#^In&xHYBT2cCH4{vmOp8u$iviAX-?eB@L+dfaGbU|DC)}KNi>5SRcy?Q;Z5M~s1QKm+y225-i^T5cxpPf3o@Xv{ACjp$tN&b_ zHFX($Ev~eo1#yFQqvvslgY^NoS3JK2a7WJ7yaH)hMp6fFb0BAJMsT$sFls|_UAryB z5lsu`=K2H5d$Np`t^Bbmz*!7K>;@{5)T5${vPc=ujk;!=5kkX#`1It~N@GL0vfl5m zq>Hv@pfq-YdV5ReNjG+elItjSyM1?T0O~JMm#{KnT>&o#ulW|fFZS)*p()9vGlL^& znlpn@_8(n6y8@lBOyY?-{t`Fehmu*Xm@_}5Bpg1RmPp#X#KpYcv<{@S`;l* z?TQ@w3J=Kz#WL1Z%|8+y>V0@l&E9K$Yq~DDT|*SP=BOoCRI%6hV}E#cNzN-5fOUb0 zr!;N6>f=km>DW_Z2cjwhOu2e0R90Aq^#{C=RqZmsKQG~~MPs~e(`H4gQohKT9}No0 z#>ps*$L=-<7V7gG`bDH+BeJDklV_ho4k|m8=}zhX>jM5`EBNo$jW&+o>_KDuf7%to zf$y5*KmY(NV18?D|IJJN-!Z?%w*MLae-@^T>OXD22lGD7e1kIlY8CPaHY@$Hi=fG*yBtW+V!8~DzZNDi! zKG-y^+b0}I9Sx;=9nF4_zoh+uI0>=&ke^SeYZ?CJ&9h2c5p@i^m7-I@bR9W?{<}Uy zIH&~V54ObTIxD^hltP>p;WP>R^z8Ruq3}D}h3GAe2eo83WXdF9bu%(%VrciK8W*u2i7H zH92F<7*K=Ta)+F(2jC6gop9sFF3(rw&{o%MKRn;sbGN5wPwwm@lA<-tpDcchA8e24 zvp)d4rAI|J_wyzCGxIYj)f2}wtsZ8&2#Z4z#Z$W_l9~sWAB>07a8O6EpmA7$ zkf2p4&qYZh)03uB>lB4k$h->I)P5PQTouG^A<6EE)o*=U_vh)&T)7D!;w6T}XhYo7 zx=X62%O9gLN_Q>93~(r039ugaoe`ObS*S+9Zy2q(m){-Z^fE=x?Xq{Fd{X!oE<(}Z zcbm=2E5F!bVMX8!W}}Svds=ASN*ZzfND^O3hby3dc=hh)!!|g#Bp4+*A+-aoT>m3- z?ME|;mbs?QG;4)58$Hvt@#w+Syi11coLwM2bEPBY2&s9^oPUPX$UPJ~Y{u=!b~SOa zgFlI5g|gNu`GLDjOVQC)I;uTz4tIq^!bt?wx&MI>+P2>C>9@8tYE{`YiPZ?3-J zt{Zo$HNupG>R5)LeyCYBKzfmcSFSEZ|4c~$5!5!4csV!bifbU5D9Oie0IUptL;NFp zi&>{Sp3P+lgg==MkRZuPe5IjYUsafG+{V#e?$y?E) zW3QXts%MlIz~A%iGeALr$qJS{;BE6?Ea+~cehfS`LNkuK<=9 zd7KKE$pRPCdKcpIXadmPXIb1mhXtu4oBnxxYXeST7!2*FU%@@K#S$W>HYS+s;y&4_eRZg#^uiKri{8-^he3FWOBv) za&>FlBjcZwcacvi_&~H%K@)^ODr_*E%GcTMG^#*8th{PGOM9W0jAf^r!k9Hd(| zI1^3MJwn(f4KwT>51F}R(<$rb$}aRJPI!(El+3ZBY)rzTd1gc~hAE0E^9~vBv`P+M zZmENk6--@C(_gnrupHFTisBss{#2ec_RpJ~ERn|4w7Jz=a&BRt07Rb#R~La!A>($5 zGA+?;21aTp6^FA`C9YxXhw^Z(U>!U6M0&C>Q}Q#HHG(%kfRt#S)i~AYDM28O+aP`u zH)V(=ynvm|&S`E#k@zd9NDg^!#PuGh#ArL0<J zSjc{8_5N0wQFujA)k2)uLVADf;k+L;exg`O9dQ3uMc?M+k%D9ie9GsfY+x$M>npl) zrYMWfeAW(nrP8~Lqg28`d0SS{?i~$9NxH=)V2IF1MZAV31s&y$r`|p-ZtaZvXz;+H z$e_~XlpZ~ZD8{U1%1cGThz{Q#qup1xtc`*$z~K4rO1CBqr(egLt7P0LT=nd+ej|V8 z7WkN)K&f#NnyOB2s7Ys(%Iko4QM5^WFJiPD*1;p30Jo`@GtVf%3SNeRTEmIC%V$Zj9o>xv4};6qigoiszNiwCAstimT0lxo~1G zpL2v795J}Xt(ZvKNaKWfmJ9*D^TlS{ipox?#omVNlKY}*aNb7dH(`m!avgkSw(oR7 z=x~QqYp!QS(wEp|b0$v|;&*0c1yvyh<48O;UaW)1(}ycn@G7HWjp=Sxe{nQ&eMC6v z65G*p*VOa`mp}DX?6D@ayJiiWqJ8qwgUSxIj+Cr>L^T_b5AyM_pKXiwwH5;dSDiR4 z6O_eJX6Njp%{kURTFIO=ae|d({PB90jQT0t+6Y{4LzVPWiS>PybRTAX=*4-)%4=j~ zX+`JlMg5bzJ2kFGEiTI=3!y!$?7=@7o6Rn+Hgs#V_ot7PBWKL9KwTe&vr2i@Qws06 zp3I-};)|8-6?ApWv8-+v-lmcMbDbz`tsl|AlsMXnHuT4IzAKy(6PZXZb>c{z;Q9DNw(hac8%}86_ICQ(D{O z?}_7t9$*LordTYv+VsNi0mdUNa>Z=PL=eG#bbfkt_GxM7e_Bh1-{qIHiNw^=wDYDA z$#=l2&`wvrm-Hx;L1>CSEs`|S9Z^nnql~KM|C2EQ`R?Gtxoc_;RpfBvb*~;M4*y$A z;0@f!u0V<*+E%!_iX0k}TbUr3GC@$6%-$eqOyJ!$zKmV2FqOhX!X7&X!tH(6^%#0V zae!VQNKGh5ejr(SXu7B=q0`2NHA94<49lG9)I?g{@#iC4v@DoddoH7lTb5}(d0+7p_$4OS!gY49s7_gl?DXgpenxwDE(#h~E?`!Pee4kapIRU7A0m0?@C;H({^319+CXUrwAy<`^mEcPK6bM1N=Aw7*1SokG z=DV_hE7AgXAktLi!CL|3b}|a%XN^BvN6u4UOXk(DIMTDlz&zd!<* z@G?z7K@MV**Vxv52|)q5lPp|FgIH9C{*OKqKpiOt09`$?tp&YQs)hQYg!r4I^`o=Fi(H^MFo(3m?ka9k$2BcFq`K(V%mPqb)<-g5>+z}psIa(? z@o~;dV)a$~3tEUAVqp2FEs7jIKvkWb18NyPUGQ(n06R!ejwpX^1$Cq&5$U1f)wv#q z^QF(>?Riq)zPDfTIXSr5!9hv$WlQy)WbPWprhTAjfeS%_2R+Q{*---m=6d?9?I)pW zj-t+yyVQF`A!PbjO6Xg;^`}MynDUE#T%~w!j0brRk zj~N~7Gwb8Pbx@i+1%juUyn0_aSgG@m>#y@(sCE*Z7qqQglEwKoN7`!m{cN}B$^W zXFDZ*gpPp+$QSOb#*sTU>LyYZ1}x7y(-89^t~C8X;V7b2BE!s6X^TS)XNxwX~Nu;n;lhzP)9 z?8psxRI7ojxl+D;e*Bz;bN}UZKlP~FgH}LiLqaS>o6V2T&PQB#nU0cihsjtWHpr#* z(K(*=#tzL-%H{~H+$_SET#EyNx%Qs z#FKjTy*zT`{0AX2W%x`8Ud{dr2$%SnczhYUbJSIb*R;x02|ktonz3}BM&K2iZ%L|! zb;9qe9>U%EZMz)ii`J!8M%Z^%N=VwX?dC`CGZ8Hl z^~*bb)dk$03BW`(9EPj_B#a;|5R{lKumG=f*)eXIkJ;#7lMTmLza~PQl!>mi)EBzO z^Rr}dq;3O-21uuK_m(0(E=``x>?Xm6oCCtYJPVe0Dc=`I+V)xnSQ=rq!;r-+^fm%3 znfH1|R(32(@}4Y~&* zTHeqcZ8&uu(fgNu6vMTXv`^s{DkijGC#zsPD0*u3Gaa_eP-}?BPk$l z^njK*L>(g}g6)p=f>zp}QktRN;_`NOy2D|Y;3}&n9fUQfs9Pr@QIE|>i?i%6=-Fdn znRZAYR*GN|9Ml=ctXEv33}9nM7~0%anq@*kH|QoTymY{3j0aih9NRW|x$Hi%9(Tex zvo-H1)Jbljmgp={M$+8A?iTEO_Cn89UIT*p}}$X-iiO9M|MsUc4S z7bB%DsbN1mxg@8vIBESTMAwO?#mRX|2&!vjc!<45_V+u!6THE*Te4!eaQ@sL25FVB zIQf0G^J)tGgb3`3Wp6U{vruZ;4XOMT=oYxNQpn$TW1Fj`3-WAnME(Njqc=*AXpi%Yu3&)7g;#+iw>SHK7Jf7$l z9lS}o@BuIiwJzEZv@yn|0&4ihuxn6$o=<=S>#Nl2S*aDbeV&qdni^qYCzMKR(5Lh&2YT|jGwJ79QodW8fSI1 z1YANYr$OsYBa0Q4$uAsBZtdQ!yjBZLm@1Z4Ss^$T_(@}i2s21&IyS39?8UC?LSVvP zzp#Fe`orGVHP;_Z*?4XyiL(T0MXqj0op%~j4#!~wBjUBxa&Afy5YmQ<&>Dx^QdPMg z7$`YQGC6lXA*5?ihB8aa8fOLnh{9cd-Ac-39AvslG&L}fiqM2J94-yZxhzFaE)9nA zZzM?a8!f7NF9Y0>j=p}V#cF%=z&qT`BFN{OtSbYQ>Kq-gv)!Hx$HcT3&XOt82yRB3 z%Wlosr0{_Ybb#ukr1vg$$rURIUlWwZp-L+vuzI4;E%B^=yeWk}5aGZigro$O9VxSd z-2{mPK1 zOSSsY4U<^v7Oua?T_|1|f;<~LMkoq##zVd?=*)52M@;w}~r zl2%EsZ9XP<9DD@t=&>%dV zd+C$4wHAU6e!U%9Z=ox1ZL>8(+m?}zv-RX?6OLR5C-zUMn5hF-`%13%f4DcziHDndNiH&ejM%_c}aq~sR8YMl@?8C!Zs^q4tXXywK4=iO zxuFi@{I>o8|1YHeZ^U-IF^@B~?>4lQ^xq#9{jCi(F?KZkdzqW2_4hJ3#82wa@F-tq zW!d6*p;@Z+-@cZ^RW)Hc>QkUWSdEE|iDpXLxUG%(QXgAaX=yrLE0WVZxnR^0?F|ig zuM_8U2}gd4rz6N~j5^hoZQAB6Y^_oA+9}XZ>T5|973BEkY$w`BNxG$+KaUkPVsTM# zuzl7i)IX$BR4nWto{oc{!t{=dg9~g!2bUHsaBNjaGSB+TnTH?G z2&MKss~1U|s5Xb~!a|3qqeIf-5-ErLf#f7oQigS{h20xAJSFQ3>2cx80GmQk* zWi~T$J9#s@HUmaF_P>d=<%&h0E?LR)&dn-zfPRNJKMYK6MAH-p#}y5yFcDpqidiR9 z3{}zwY<3lqGDI|28M79fP3h=x8!r)i4D70dLzJ92amue?OG@S$7~Fi^U;1C#r5--7 zcXzMPZ|@(JvwoHq+%@dYkI&yRac7nGH{>kFl$Z`17U|QR7x1Bym;-!6>xH_ttHqj6 z!s3yk$|&yHq$k+l&^o8CMH6#N+xJphO2<}Ns#`NqK(ql;spYaL8aSRADyVEZe*n=g z0$yY>&JZH}V2UcJfZo_)-aiCgq?Vrvn6JzzUaD)JvOZx(274G9swv#@)erPNDI|%N zrU?Ey&;FrDSYG>A^PA{FEIc?rWeGRyQ!d*VzDp2#|O4VlPA z8j9H5HUg+xAOo*<3q`tE(99*&S)Ufv0VVjT)mAup`Nqh7ilJ%|{Uh*{qv|HtBCeBqyk6MJ>ON$-S z(2}WM4{Kpo_ZUM8^boX=2s+x7`^qqQgo6faK?f?@b&ZMct=awKcCDaBD#f%%!nO;Q zvJE2JF79CbOhcrZLj#Z)Hf|hUWGD5s97X2(m1CSGjzn0Mb+#&KiCyjp08s6HkH(;x zYCz<*&4Q$B&wHtQ8kK!m5jsOqyL>{QVatz3_Zr9@%RkOD&|!Uv&z^@=Lb0zEqw^9# zZx4&>&6`MnfX zpVm$2fnjZA6D74y$FW82iI{#hsNqq^WuNHnWuL3lbWd4?6z-cgEzJlh~apI?A!R)@2&;uga)WczpiE5Buu&S;6F9^Zy zzIFwFl|uIz+;31H-mz9^mLPu&ZA#573`CQ61EIeNVFfLxPpQ42Fd~xP#s-sLp&?Zh zi6^E^xkR;U211z~x|*T{!Rs2(9_>tik1gApJe*ym6JxNFqXRA^u;9i>)7uE$w1gv0jR;yEdPpa>l zZ1Qk&r7msj*gm}AiPQUqb!t8k7RE}-)R$bBTF_wM=`0^&@ZL8IR7!NK;Y9TOEJ4{c z;@8L<49B)8JTfa>Q4zSQWRJ97dxS+Ky>?Yr7^pqJ71Vg48XhNsSMT6qM=h+_J3FMn zWMn0*alz~}fdX`1eU{Ir$TxA58?D+|fn5pL4o_~_p;w^1yt`RXP&1Kz!SVrsM;u1A z5s<(gv*NA16*SLO!c`c()g}WPtrZ9Xad906zMnk2HaDYc2X8Tw7TdGUa!icgwP`u| zD!5sMYp7J$`QnE|4CQnUAo)zwEdaV*mtXE0>@UwZ+38~B-cm8}@MzJ6DxF*T=i5Q( z2W_yeVvS@~OldUaq0u27ejH|XfwMplGvXL3tUdfCeJj>HtQOCF!gb1O5K%s9w|i!} z39`#K>1wwSjBsWC&SFP@LK<@wctSlYWOYcmdgmf0nyf`VT;K-Xi&jvvx5W5SQqIv+ zi$Oi0MYjEeL&o9)LH~xu@w(S^zML{s!w13S--=ziK|){jg&368ya)4RB)xrpwx;?G z(Tu6Zm+1Ui3f0^Z*hju__?Ig|FWSd}a*sNkyf{As>rYrw_kv%dHrqPT41G>%y9_%G zGLdW^l+UzJCHByM%CAsW61R&6#;I6$0eJqZPUqAqEWxzTscnG6`~IW(uUPVIA?g)~ ze}>ct0Fh7FDkGL)RMNbov(I%by${SOyp%&{3fhUAVjLr%u;ZhRDXYn)PUVGVSkw;i zaIIpdjL`q0Sv`ndB6&8K7`B=72)Z;tHAzrf7R-LSJCg8s_Uvv@7kz&(>Me8W9?ulx zJU{u|g~wiZWZIS3tP^P?o(v^I*mE-2&K~5h@qT-k>)NTFDdJEq~p5q~JylyuaI;Z^~^J~6MnUKPe=Wn>#D zDIhxJ^AzgOaUN2d8S?$PE(}8RP)UN<^(+`9$N%tl6-|jatfaMm*S>5SOX%O0CWLU{ z7#{tiIXn0=HL#Plpb_zCE zNxca}K<>lL+kV?h5b*2Q*o6xpWxDpS2tG8X+xHaB!lRik9!=$fr4jt5Lw1SxPtCXh6k{^+8+YA5o)?unnXDPGF}1aAd~ z)R1E9KsOf5JS4Xm$5DF?tEHSIAiwZ!jvw|hbqX@oF4yxicCa@#X>tG!o5EhIG359| zjHEWmwjS6kkqSnR>vqg(hP=j_iJ~-wQ7!svbApG@LPG{8(!0M{|Ee>jd@m{_#gPR!eJZ z?`<3)S;z=of{V^Y-IMXzKYR3{bsh2TFvfV}3s{10BPxr`t>IczJtmPa^OBp$u;k24 zN6hxu2uucQX2@pmD5EQmlcp9_1^%(h`dMgE`))%cQUygjufbJl40^*THXFXF>*g^* zfw#l0JkPS^`R!CeV}fBkMDyC<6qBq8SshZ=bSPZVX%;Lw1g@!Bi;|^nN-7O+S<)!# zrA!h&Eeh6GUkxog-OaXxGGbmsmkhXXDV$CU9Be-qks@r-_G(Snk3x|0DgOD0G01B~ zJOM3eu7LbeJBPfgsvta-nxJ$uh%lGyCcSP)nW&i zw#w1s+MRH|hfKC2slF7$hEb6y%VAZhdrs4){cFLa)OCPJM$J_Xm5>uS1ELo zp58cKIx@#EDeEXo!=)V0_Y1flFZ)tdyQnlDJUc@cPmWaiD>XbqF>6b4)?&^p-KG%g z=JybTpM{(QbDe9?=TmfF^;uW@KqtJ0S%V@Xi`yrgDYN4sTvGpygO; zu_`=}h8*}#6e}r&4Ig^`5K+SY|JIfN$SnJpD#ia2BG4H-e-BIlDXYwKV(Q)gnR0fR1)a*67pUQzSCLMH z`U_er`Od$CbZuw-$;@U)3XW3InKcx=q3hPV$n(W`=~WV%ZY| zBv~Mywf{1@liYHSifw~W~T79HVL z-byYb{VKi%H;*%K9&@W;?d(2T*1%Qqg2|1RfHAN0AEXSz3tu!~(T{(Mc#wmWvvmE* z&5Jtzu>rYh8i;m+XjUp1E8__f^kbAw~T1mN<{}Yn1!9*o97f zER-RS(I~lyPC5<4kq>);5~FgJ9MWr*ghw|5^V|E~L;K6x+#XHZpX9>d_uU{OpkF^8 zhG9L{JOPibNuE+uq72O4U}MzhYfBgYI2%(#voDYo#9Uud8kNvW4oL_G-l>E91ir*I z_Rp)PM{UE@A&TMltI)yz)0*;#$hRlYkjYC@P-JB{=E93}D-*9E&@TMs3Dx~Eg(kb4 zlh4ExcQ-nl%T9=6-zAOCE{Xe$T&|mfL3F*^uQP!IYshaY!C{Ubm$pkP|7!ZW%VR@& z9(;1HU4$gXJpp_v%~mX~0=mw|G*b?#O%&19l0NCkIomK84u)XP1RG9Cq#=&*8Ro%S zGjn-jqPyoTFzz`#b0%MR%2r(%G(Zg%Q!lJB%}AKW-7cm=VD2g(D1rpYP-W)=vc^XNv6UdVBQ1s{_t36 z7a+XqcTn_WO56`F{A@?6sC=Yc>uoR|M?NkZS{t4B4c9ic0}e$>CW>?++B2pW>WZ zT+`FrM2?L4Je(vx|Gnwr|1~w3TkD$||I^gqWm(>&{cYVR`fc6!@1=(SjA!in*FKm3 znHrkZzM(Nz_)n{k@CvXW_Igs|;of%Xu-OSVLz*6;S*RlLjg7)o+QbS(6kMViUtL_` z^)w#V4RFwUqr_JSt?ftAvW~leJ>tn&By(KAcU-V_)IX3w)gXURIglm6^2ECn8R(j2 z^Q#bR`w7hIj~aNkCg67LNkVJ%Oz+6S$NFAHzh7dct&Bj~H~R@+)jq*g*4n&ii>T>ob<@o zoZR@jyRc?Xj-)WB>h_s)wPDPREI?N44%puTeqzYedG<1Dordryh7$>-`ZJ9oXEbA; z&_YQ65S}NE8B!X=(2P@~If@-eRRqN^uZoTY_13F zGmlD{E79i^lTlfBP)a>h&2CYWho}&`_J~xX${V0}yR}xHn!Y{)UVVB4&x2S}e`dP% zg0QCPJ34pCFC5EOxNfw3w>w_T{%=J)~f}~ZNqfW`h7}5)3z&Frp%1OBs z+zG02kuJ+SA=x~U{<@m^TAhR0VgeCr!XJHwyWS1FhO#_Q-BAG4F042y<@&-Tvuf{#e>Uxhx;7WB^hR+&9f3IG|3&QPf3OqSHHe$Gk*D*;%^n zoQ!+jP8^)o?>GD1mxekdb}o3GM=!XJ`HvW!e!u;4aV!tKA8lk_aJ*x@+#y27A?{g^ zfjry|zm(UPoogqwrxNr>>aW)1uGZ)X6K8Mw9rMIIu2K;{#}bbP3yd1R=mFrF-gN7j zdarqJMC%OGB%(3QXnAdY?8d5->IUr&~4mh7R40CiFdS zc7#izyxxtXZY`76!mo?B>1wL%86W~tr_-d`>PRc3jfHV-!2`+UYyolb*B#JtWZQ!c z%@q#3yGlmklkC!uS1)yLNvFa#nB9Z9R?$3rNK4HO_lzwgf_(u{aLigZ;Lbs^FQu>I zPAUBD{Cam?#hTl=fgB`)mODSc{CL_un!pI-Ap36=$yn7d*XG@>mW_pphe71wR@-dX zAwk95*|G3)XP-GjvELOI3HyG(w~#%?K=6CJY1%nFzSfzI-7HG_GvT)!Gitus5eO_o zHN2ykl(fOw1pAkmx4|xzu1^#BbSzIy=-_~6ss*n1O z3WXU!ysNV@2y6v> z^JHWDKlu{K*+c$SNItSB8dQk$FXk49>Z7CwwRwIeX&tc+vNQ+3HGl8d zu4q-MA(FcmXis~U{V4S`8z@MadpQKHmC>TBSD_dxeCd)Qf$(ZF?F0xm^aZsp_8xK^ zd(nnUUEpNuj1QBm_ZU^-TcD-`jZY(!nm8<9r1ep~__cTiG>b8l%8t>nw`ybuez3`}7;O1eXkWek{8z5z<-SeCYP>E00Zv`el2Ql_8SEeOAs8Qj>q#5+}^P$cB3 zgOMJfa-<5PJ75%TemAi5INH8kNf9hqLCSp(xKI`dgj?RZB3DmoONLx#ASDx81D z$dRf^x9~F!Xow4e@c}kBfED-d?k?xFp96y#LC~rrUIde@R?PXjN1`Dh+%*hE-posq zgeo)G#g2<4Dcsrnl2CbH67A4#g`!;fx>VV-MpJDDjh;!WAr?D;M}t>7w;9-*}MQf30yFjq=H2Mj_?Fbmls(p_;Jp<2=b zON9h}T5*>zDOemgu=MgIJGcnPRf3D+_&5A=tWLaka^OIOC6RsI6G~D+_uae%z`X9CdFxuSiX-h7R~F75-^T zPK9}8i3jBT7fOB4+)2#ENNksgqx-Cdf&4r*!tux0Sy8sPx0_>GOh`{=BzcM_&mVN2 zE^cfYxtX0Ww(doh<%OVFqIs{EFD6GcGPPX5Hd-c!^D1*HeM1 zP~W~P!3V(oI}lj^VhEx)&U@;JL7pgSf=Ed$&fG>D3|>D3BdzkGnec=H9$IwFyWd?m z5@4n8<+Op}+p6B|`55KMbSFYTJ75%U?wlo8`|%!AQDBf5G4zL(;$8=xd$(&-o_2+3 zV?RLY`O*f%Uz;KyQ#$C~hMyyOBZiYj25d(@aO(Hx%?*o*cn2;5D{>T5fOO!~yn{H;P!t3tQhUZ{Cl0UNsZCfFb_ON(&PwszZ^B;;ECK9^09RU(f8sENj; zF*c`IIxE72uDYh4sX~0ev@SvgkJgGYWOozbz4OP)jwQ0>(T64-yK1K^%lNY-a+8P3 zSV@sMlqg)YqoR$fGaF0UB!X_BHFU-|I>m~NYj$5&@o_0*%V}|Rw|u2(cXev2tL{U! z;-X6~rd_zAlA#MP^Xpl4|MxBZ*Y=Gizcn?4`u z(cmD1jtg`i8O~~yxxF>?N`au*u!Y3jBHSI;ZH1y4;;n)ATg5t1Zv#qPesGu)=Uqpy z+|Icr@i(l~Gl#2n2Ik$6QEd20^aPpX+xb6{m{oxU6DD_p-TI@r-u>X!TH-x`To{Hv zr?#fHnDG61-ayG(rRL{luA#N$w^R2h2i3e$o9u!OD_%}w#jV}YA{l!rYp+)E#_*-T z#;pOC%f~ZakD6K{C08MPF!M3hTqr)i(|Z@~-M3s=(KCKScV|vwjSDJPQzX>88zV&9wt~(oB>Aar#qs2`igI}8mzy6ZT3N(PfYGJm zxcnKVn@gf^?H2o6pRf+;WV=t1LryJQ&Z{bBRlA=P*9e%v58Muda+j(Ph;Sw={MO3k z2;7ttB&2tm&3nLzhpEFvKfNGj~cwRu#Nj z>WaT04qBBwG6`IZy(*Q4_pv=^uR;6E-2>HwAfG!5s;k8l5D+lm?3BsYTT2CTJ@V=> z>w-Qs^r!jh8>a{_Z8Kz$YVm#bAx&c~9YI(=c8BEIvJi&a1^Y^B`(dL&rzCwB235JN z^inoVi~)(2Bxs1`yqcJYcpHA=2+iXhy|K{$f|TJ_t?yumzRCbA8H|@yY;SX}y4y}b z+UaUkXpvM?OTy;&>N@_ydh_xPuHW0)fX?G&iNuKoKfOS0q;oO@j7=vyebll@n~0=Z z%_G&mws2ao-Ol=)(^;_D$!=QM`U3dxUzdiL2zJ!psYD>(j+uW;60orOpOQe)e@Oxv zwLp%96Bd4t0Ua>+clDT7mqc>dD57=qNTkR~5>bWwAflh&v5@0x^JoyY0LdbE?$4WB zPU5C-JV1WROWPKTHniF{oQG1HWF#w~liVGu>&A$ZU1*#s!RWJN{#LaVTy{UAYii^B zy{f_&TLyIQUfw5b!4sR&5LW$OHL*pUqJ{v zXs?Z@q5!A9E(68P*xhK-ivwltdo-*d)z;-S?Zu}&DPVMPEn7zXRV~$b8h0%(xz3D z#?k5Zeg*v0rI}IM#h`5*u+x&oBajh{I}C!}NWTY1kUAnvOFqd*;cO?Xh*rg+av5k6 ziOD@`M+|1NM9>$sw48&OsLXg9uA%Ydiz0%#L!T$c@=m7^LXpyv$XC>6V;fFUcu)z> zR%79bz9|rT*&-WwkcWrC@gA0sO*@ADtQ;;Y792d5%;1@&TzFO6ydk$KQ+<@EULft* zTj)e{V2RGhKJJf+&hezM2Wm|Ynp-h%G=|Ob2p`sEk}H_w4$v?iSVIuk%=|qL^6SOu zN5iuCEj z8~F%Im40t%Xsd_Zme&;?)6^r_n+40<;g00|l#3au9j|fOHr}1@Y z_sVLY@zTsgWc0Hlp>DL;^^Yw?qmR;)>jN1@enZe>N&;zvmLta;-kDecu1x4u?H1H` z9ZK6cbspnj^yy_EEc?$ql@Hi)pM)`NAC10<$K(Y6l*)=r7%4SuK40?_ z@LPmcayxLqvnbe3aW6d%yS^|Yd}S^-|0;&FnaIpD!`*G4b*DaKt1-<6)n&&^q!g1i zj-hF;86RZ|?lkg5b6=~yHajs}2C!<@;2Z(v9VrMBB;ZmrkGM!pd8TQ)KsGka1V76v zz{A08&NMr&isgN#=H5995>r=&1L8y&3ZZt9wUe7e5RZMohYWcD_$ceGeLgL+cP3U9 zNOxyr=_X?B>LAkF+qt=kvAKw`IR_rTT%I#ZnF42lrwgpK##|QdyE`dni(2bo-9u{Uw)~-NJD)%O(5L6& z8N~P+eJ;wN;(0Ge@ctlA=Ct9O8`&+*!0dX@R8rWM0d%K)2nt5(U4s7PI{c&*B*bl` zhkS=0j$3!H-GlRrfNz&vrc~S%hFq#Y>`*3ONf99+8Y4uaw1gLR+OUvZkoz!KQ4kAQ z|0c~@g3W*>=@`24RweCm1qyHp$@{Bg=_qNGG$Y(0hBShoE~}q96BQO*y8-Zu91_gQ zvm|l4pYcG0rnPe9f`${bf}#_Ncw7a!95ay1!vZLl?|kC+`Bu$<=_b|lLk@6oA7oVb z6J3#PA)W=lR<7#V<&w3`Mbtr4Wr2ScwrX-lx^os?MX&gEA6KiHRbWp3*1QbGE-K}^ zq$~dT0-|+HsAi*!u3iG80z)GN);1yK)l=wV_L=S8&UcJKn-MkT7M@s)-46C;u?Lk8 zF*A(>jLs^LlsN0DPOWZ*H95FDPqjDH=&KgyZF9X)Iyf_p3|RxR-hpla?05 za9g-V+!Ftv3dh*m-mU+)EPekSMa=LoZ6f}MEN$;%ZT*k>MwZ(D6{R!$U>)~nZJwvJ zz*;@lB0*gdxM9PqH7wHNzjKMDlpG?7zI@zJNGBxu3!x3yh+<}V-JUlk57ZF>GS4jS zjJsWG*P$eu9JQ$o*chs|)V@uA_3iOx3ToE5YS@1z6F2Tt`UYhocA^hURqfJx!9rpV z8c^eXiXnLE2#-DIHU_Li4aTA|{eVD#FDu272)ddmkJT;$a-Fy7%JKWg$q4t(S{Xv( zz^k~YJi`9smQVX^o>on`b#K{VygFmDxpSDqSifDmxG?PQ&%uB3^GwpNx4kq4&*mO#VxQ=vIIwG#+a^kiH>9a0$5v#UxORP!86We0%jdTFL zb%ty(fw?Z8SaTF1aBEo7i`YQjl(n-hzF)d9g#1pq)|#9#t5`FPc1vN%`svqWc7Klu zF^Tqu2%nS(5nEg+6CNeMp%h9Cm1aw^CRNCkKp9+omwp1|=tCdbADW9)oR~~y8Mhm( z5A{Q8Bumc|4Lw3PssJM4PmsNFm^!xTs1P=|Bui++{1Bq=iA0kwGtJ{mZu9oc3n<$` z<6sPPt4i|d^k7%I z@7UwZ=M=L1Qi?ZCWZ$q)y<$e>PK1NzCTiWSroj~LFGI*OTn5`8q zF_5ZF`ysFxe0@_jMFrttiqU3!td1d@Elixlw^;nM{Gy&P(&(VNgliHgJO>EuM^yAT z&en4|_w#4?wpw7Sg^ja=_fhMeeV^94T=IEfxWgesghGb%^)NR>alpaEw4p}WH*c$d z`E1g>MM`!RlE|CuLN-bEt5-NL3#4|nVD&9rn(PM3`HQx=46Wqn4iOqzhem^uB$7_k zC(&EP&*MRv&PtKln#dO6HRgxaNHXN@X?8i^pS+BE=`Ok-rjSQ>^UhxxN$+JX4>9j( zgeM4V;Ubo1BliXw83C1Glvof?SE^a;&+u@#FFA+yVEWrJ5u7YaL3#+;DB`oCMQRdY z)=OJdN(Z;fzny}AbjD`mQu8iUqz>X3Ke#xTXxAFY|1AmrQ&{?iyo=f%%mr)-8{!-$HC4aQH(9RR;~_&eN*oGwbOmTp`w?NMtb!9j zPnsW5%?=Si5DIwjRY+Zz;k1#ieraA~5o-ZQMz>i6or~)3FRkc?RK}RwguV@2G8LtG%3nIzRX` zbM>pV^?DzvW|Q=?Uomd2O~fWpvt{e|gdSm&a6*wDGDyl0i$qtq4?|v@WgWlZe-0PZ)7K$f-Z-LPSD4D#~*_z1k;V2mt($b!?)>)mdrOkdSnig_7nA8Enpz*x2AC&MTyh zEli+f)1-h|!{w;scJX_d{dWrMq*88XUVueN5Z2uvEfEYAS@nnBr;`AH!#E)eP%zJ6iHm0+B$dR9+G>|rm(_(thE4Lwt$7IT_Z5Hdxp7)pfg=^eE84U9S?YTnMcmjXQpESINMs7}`@$2c* z@0xnLuy$!oc2DlzLCMk4%b7*29f9&?^*!vny_mQUtiiP|$j7++fPONiqEHlttoAS0sa$T5HQ6w z421d2+J4XK9Wu%Begu5mBod0LT)J9$>%gsL6bb(^1Nn{lPH9QwHV$j_4n<;i2ClR zxCPAoOhweN@xEeog3xVnasN@aFP1W5oRY1xa!?-w1YXdu^12G-6iyDX#fXmuCx%u8 zD^3Ry#CUBED6kc@J=r%_OSxbfSo+?f5RekG7F~|cDX6#&ZVtzdoV};g*)R&eow&oY z#xOfv zHmIiLcpY*e41~G^Hb!|PT$i}H{WC9kL@=%*TdW5{P}f~sfb4|@>VZX(0p(}orY{==ixP| z$|4R#@1)r)WJyhFJyX!wQiSq`)~{vh_I||c3itclND^6PQVueES1ovhD-qulmMCb0x(+@Aa%LgJP{t+m{hoQg-*p!eER)(H$ z;9VS9RX`|dFWHs!BDp*#jwVq@nG3wu9Lm-z{!Voe&dV3faM*A=+0IxbY;*wK7S>-L z3*;1P{8Fm4=5mrT+)s4!L^eSG5^+WN)9BCd5=2yEq6kFHU`W6x&JkoejcVA45K%{d z9O1I?mDbM3#OX&<;+n-Hi}{d26TWk+?`74L_dK^uBGep5U)*t{oXZz=gUU!vT)5xt z0Nvr6QHZL6JK_lCcZw)fKFXrjXGPo{6$CGQ?&_sD`mvy7M{5PQL9-nTNnpn%+~QUD ze84!5sS_@AQ^e8e-Hsf3m7mW(Hd5JpuBA0bk9>e$zQiJdsPutjCR1&&qkPmEEsy>H zHGhhM-`FR_QrgJYg)&AnoTdMW)7#7lHr6xvS051)#&M!EjJ2fbdIz-lUu*U69_{Bi z4}NrQOr(Ns>Qkz5E7waD#0DTmQ*e6yrtRsKV}+};Nr6QJWJMQ(f9>q+(*2AKg&wPpr2JJbZjw8BGWTcwz4~4zhTtX?Q`>=_F>7g7Bx;#L9>~rkj6r{5o z)_~f@!VQg2x)GHHY6HuWmq(D{0NplIxk&CZdMps`eb|9G(s(5`oWPA*2``8Iomp&6 z)Co#2g3s^m2i)Qw-4Ixhq$9Cr-Mlw};>TKf*{F?fHuOYDMR zl8yLONiZ z_jGl8FMSeO5?3HBwOYvf7`*cI+K+ADC!#J(?3N!;gq5=|$CBBZ?0<`4zqo*Hj-sfi zT*M)sSK=;R?GS7Qc@uP;0Du_-4ts7#qZ09%F}$CU^%BmNuz5(_l$ zQx4}Cyq$Fi;N+X@DbxEiPq0iFdFy!urf*ILY#N6Bz^Bu8za}*1?g}a+rFx>D7A$e= z%g}~bVfosq-Z?_-if?Y-X_hQqPSncg8@mfJ_i2ui>@0 zJq#!5hQ2exXW@*=eH41w;{>X8B;VT`gx&Ww3aKZ{K;e{TqPC2qjr26*>y&4OXZi<^ z|EU?ayFkWGrGu2-aq6;#e4h3d((GE{8!!-09-@2EPSq$;Q)5=*MZD5oF$kV#6o)IX z2RXNycg{wVZU1!mJc!NLn)HM+uP&wDa|z{Gh6R=>x>Iophj#T}A143XSoN=E-&oi> zIU878|Fi5HO-jOf?Qhei<^PjE{*T!=|9RklJpXZwO;VNpi$DGs6}3D8rBrFIpoKDb zN}QUdHe%JHmclc)C{9L&NcFF%_xBxc;W1sW06JILQ8rHIYu;&|^)=OR#&J78#@Yq0 z^)p0~nw&&XvA?&ymyI=+{c-?};*Uyw1yn5i#PsL zMXPa>YLU6Hp~D12nWlXOadPEkfE8BkPysN?lD{K2VXyM_#66tP??KK}6%dZGDcA@* zXV{0x3}R0V-+#YZK+n7$7Cr%;mzeYK=~-## zt&YJOP`k3;AEJ%Elbgi}SU;Vfk#S}2+c&x+6$$X6mXetyJ?)h3=8&06Jmo!+JXK=| zD#q5CqovAX3z05|P19qw8};0KO5s7n)q}fyCs|(r;6!e8>)eP4i#h(bS%2N!C8Q{K z{1!|?)PmB()s{VYiolq~;2PdER-yYf-!+f@MbrctV&DNQeqBV3W9Pk%NLMWN3k7C=D^Fc);;R%v$pXhEV@WMdJRTib>d0yk>z*j#9#C`q&-5K;+T$e=9 zo0bcm{Uv6JOC}!_ug#`_)zZd| z9Jt|M^XYne;Q`L6_Bul`e$%X`l z-j<|8?j)`LsJc0rihk{ zph;^`driHo=n~!Cw%x_eK#)RcE9`D`+CcO(8NYQjH=jOx{(j^_f?*$j%unGGUf{;V z$B`@k9w3?MUsH?bF=p?q%2>d-J3ti)ay2FqOsSS*tq`DT9j1>#+^dpQ*N8w8W-c|& zC2f&RD%Be1ZEsZv21+-;MpH+7@#PG79``=%xw3-~552vg_6`p)GvVdsLlPQp_fX{I z_I8b#uyUg0$zEK)+1q9>Ry>$N1aY*R;@c?c-!9AW)I`Vywj@XBejc}28A2mgb;jUi zTB*9&+EH~SGYmu&CHka1WL5|ULiRFEDry?|%Ry8RFWwp9_@3At6)2L`dj!#HS`gil z9Qvvl{@Qhm8pnDO823fQab}7pknINM3d3mWP&YtDKB+cA<5Dp z6Q6iGhYZ`ywB0nGN>(y|ypW5sBa$wL%I>4ryaRn-|&{p;k@o9R0Uhej3Th>Wg!^M~)f^1+S`ka-ngTrq)R zh1#Wiu%`i*)|X*+cu<>vODRk$*!8F(iEO2+VAx6xZ&Q~-mhE(s8ctjSpJ6`7X;5q4 z$+JiH@-^(4#^rqQO_G``);@IPu%SnBi+5)OOOC-FU13C4>cI?yYwNKI8o2i&JK7V@ z&p-2^)8x6dVW)m<4s)1>>pw(AglCI5g9Eg!k0D%k_1}!=UFP(af)F;a{}7GI2(LrF z1#rR2vc&xcZmx)%lVUaNAO{{*8L#EiTvswV?fv%AK>ec2a-t0f$PvCd0lJ1**5Z4ma%e|YcsP79Bv*0! z3XGk9!eXr&NATZ+;VKoH+i|Y9Kr5VcAB@~-0wBm8Z_-J~5Q__)bn=CAM3%LQPr>*- zf#7>`eR9JS=;J7^g@d|;=Nd&ADgNzDd9ZhPx z)4)F$zE@$!;nx&XJe&qyBqrk!)Erypr__4E70SFH%&P0xoABRIpLI*7);1NNoLwwl zjp!~-j;R`i!PWS2Ya2<0WrlgsQVZu4t5f>HoUKGk#KCLydOi!VoBdi7Z_^W+trCOh zwUw7_ob9EV@aNB@7Bj1Qh+Sk&p=n*LT%73A7HQn!!)Hp5?b@ILYcNs@$6WsSf7EoGYpXZw~+B} zr=E&=rlm`b4n7E0!K1e?rK|F^wp^t7=d|&4Kft_tPu>XWALYwxq(LisN;-QI3thQ9 z4Ayq{$1QZ7l~(PNjvYSK^BT{85~E5hYPZ%`Tpx8b3m^ew)0T2NX!c5}q+FnMNN_`% zV^ui%9es_Xy20i{2LN_fnhdtJOVB^nRL2_bxG@28P~g`}((CHl3V8(qZ zz&54GQ{QKx3VxnR!^$&Mi2m*{w?%252rbEvR%LQL_so z2VkLeY(J7aOOWndexBF&TU1wmRNb3|^-Qm1d;#)}HkwnD?am6 zkqBvqi(K414Wgzf75EcR11|QLqZ&TXWd9;+$GXy8jDHB=vd-#qTDO$YCQ`!W(t?}t zz=?SSVX!_dH=J6kyg#&TZdd+2@6#ZB#nv&sp|+O~vGrS%t?B*$J1*PSz{bSM-oWUe zH&ae7zCM=Z>4WRPrGQKh#AYJT!uI{uQ6E+n*~5SY1y5`%LujMFuNi z^c9?aZ7ebpb!d#FV=i^ByU}x*L2b)!KP9?Wpn&26{~`CX?Z6v!bLmf6-iMC!4ZLgu);WjDq53!blmM zDQ+k&uz{G9nLc!|m2qIfzMHIJvTb68b1bJYFGmJWOi9Bnyu@0&cP!=#7Rr|rR8ZeE zdoL6TN(1Noqg63SA59>e)TH#nn7S-{fi1TFa4N`8 zmVmLz5VwLgV>G1Eqr?4`dw6tvPR}o2maf!DGy6}x=$R7ogov?MlpHw&mJf&?`C@WH z`$@Fv0Xt|>L;_jCv_t5>RvB=iB(EsW{6~lo8H33d;)`(Ry@!$pLvwd6DOsvY#r&cD z#|D+YR~crrT8XZYdhZ#=*aL~z;;p=Q*Y9H`t6@NNXXKNIN2II2Bcn^Z4C#z5LtuJX zfd`Hg)vCSWLzE&bGsR0I1&ODpFOj~Y`ty#E!Zb6*vs#s)vw5c2CKh-*_Q^;=Dx*ifOQxo)W)2tQFl`8SUE5?FI~+5X$e!t?3fpb01g3D|u0^nlWC9W&&;;P(%J~{FateE^J0rScHN?*nosa#shv2|(w`6=;MK=0c^DaX*znxg1 z|E#B5xMgAmX}j5(w!Ya=tLvVzF5jf2WkGLYhk489f;*>cc^mbzgv6+fk6;!!yTn*Z z3#zU#q{cR{z|A9jX@=DTe?|re^d^YMi=+Fhd zP-gyIk-gEPGp(YM{jy~Q7Vg<8OrLI7JX#ez(<+wzL`vyCsh}4AQlBrWeLg;)zY%6v zt~g0$UA8K#379rr<1FEw_s+Zoz7(g0Z^S&=yJBA5O$-wYumP!PhFczjpQ)$jkf5cdzk(_$OLFc z{WCfYc(oncH(a!5l?`*Q?K}Q9Sd`gJu%n{CU7iiEs=hqG)bjlQ zJF3{;+QsZ!S@~yjjh6ro@8x$Z8HE2=ql*9Y!2fvuV-rdGFW*~*UzKZ~#91wTKm?5a zy}yUmC4r+Rimc)&5-oC^NK)YihTymFjY29;FTK#hCgQM*=lRB69Mld6fCKeN?9RE& zpxGE9LP)$*pXrxkQHl`N4q+KQk75-ii8%^xl42yk>rjBa3>6*J%K(2cA7rcR z7;YyqGPa^1o=q+S7S+%!n0oClCa^1dgAy?PtdFiK50xR9Rdvd6Ow)cs6#a5=Dza3l zLf+t9J~c!fTkM%#nF}Y3|D)%nI9N5kF_v*tE)-v+{0#ZtE20qFUz>1=Kx4it+J?3F zup-}^a0Q(GlliO=kcw28)fR$&EAdvkg?JQov%e*nm=f%ZNOROZBWl3DjR&X#!}&m) ziVz30LC*#DIG)Cb_wG+K51wE-;_B)JW7ghy{SQ!bCEvrEHBZ*=DUetK{mqWM<1wIc z^DKM^HL0i{11IAclCak3Dq3JrDPdXskawREOqE0hg-L8UYQkTOa0#61jRjDEWX5C% zoGWo`%3cny(;2-Ev4>jq%BHI0&_^5)!V<7PB`0)_m-{ga4^{Tde~1u8EsI$?7Jfw^ z4^k#nA3V6{6%oW9B5$GuR37t@N#3NEY>kv2{xWn73RS5s!l~Sjk3j!1n-O1zE;+*K z+c;RpBOa|=tYR8B3_I#pBsvzZ2D5iEdVshGe=3bzWXK;XMVF5Xy&stYN;n_+T9$js zl9oNrB(?)N#B85Q(0gE;tAw_HHpZcG(V7$org&CAKW>Xp#sSF6eN{=cMwJs=Y$yIK zXNPoTEpal{^nT?jXBP;L3BQKW?OVbAx?SB4-|AV#(3z(gXE=mtu!1e(6gXcchC5)u zY6n4nu%Y0InN7WkZcrL-%~}nfVY*gAQ@slNEpn0) zt3RJ=pD!rV40U^vCcO_JHBmzi0&H%JyoHQz|M9!a{@SPkb_FL{@Lx-^K#N?>jZQ{g z575}zLuU<}B(7oLv8dO0MQ-L}b%d3gKZGWJJ_muy#th{hb0&pOFQ&lluj}6qX{^^pwRHu5Yf6P%%@amRLAH_;VeS>9rXwYxG_tYq5HtntTrhYL7B&XdDvYSd<%>> zbA8Hp6Uk5AC_GdJUcpOMdCDxa$p&A6D+NcuGnBEPY35$zWjoOx&&vG7cJM|0BIs3m z*yi=XvZieB)9o}1A1Cb6EIs8rxLS&wF;M*a&T?hf!RQn~ZtXo7LE;is1=7;)TIE#V zUSt@BTcaecj4zw`Zgw$o^csbivvoQFU$8dxaBk#YFtBFsio4$HTZTr_nWR>%-Lb#S z+Q}zeu_OSx(5zjugWg?g!Ctg0Kk827vL;^v}^&r3t|Y4+{8If_TAnIZC{*w*>k zN%`5#aTTqsD(p7R4Ip+UY?}vu`;s-~^2)H5mm`F&rCWP0NuOUzb^7+nsCwR}64;Ax zRJP0!iaBPy=8xYY0+o2tM_6~yE9!az%T_mertx_jwESFo= zcvMKGfM2kYTwNdr6NN1k-9BW@gk8D$I9YNNZ>|P)E+A`P`2Xpi{@?l`#lPfSv$uD& zGyP|6iMsLz663oqxqeSL|C$l*@5lY^_a9r*l!l_+y2Rgt8!XFsN84Nz&viNS!UfXv zD)b4U(VxA77C)yQmliNd}S-k;E{m zv5?R%bWL){L-HDJKdv;kc+UV?2IJfnol_kd!!I=N)+Z~{m1k9Uwh@Z@%-cCy8*ho2 zkCZRY*i4U{T~Ec%R(_I{m3(8EtRsZQHx{MtEN)-3ttyJ zYE{)zHqHY#nFOlYjh~l3+`g((Z4|UAmP%Ygsgf132;(O`5)pmEpgAw>=y+n%-11Q! z+;w&tn7x2TUdMn;vGve9KsV?OaE((%+!7zw1b9MLmH{}>E@>JVKNtQ zo{GWM?snJ5p@BaDjW@NG^N6k1!1ABCvoxsygW|}m`lM}b?FSC9cx?m#e2q6S*Psf> zI%1Z&IPSedNtB@POaX#MZGdoxWQ(Afl=W@{x<)|NW-y~2%REwqzN${}{bC7uecP1^ z2#_VimZlGv#5Rb#mevZK>E})$=Zp(Yq_Et1K{izM(igUp9K6LnN$e&rPT!iR&gOW{ zv?IkjX=#}8<_JR0Es@}87`W^@T4`A;640IA zOkCMoK6uuqT6aD581Ef1=Ad?PVzY2lCym~Zf%Ca}+8$Yf6CaYUDCv^KTZ$$uX?E0B zzHJH`NxHN-xSLQhMyz6phB%2)ug;KybmXUl(b_Zk!K3BMF(xft`r*t^l?Te%MEdY@ z+9>=q_1JWI?J`e4b^XgN^MJbP$Sd`79k_C$g2bmJ5Pd%zgF|TrkC0qNS))V2R?>&f zVooVXt$Azf%B6 zpcx7hh}=|GEhe<+qGI0-t2d~OaY`N^~9N)G#<`pbX*k462QL!TbVZ$_o<_v^&*Z@*4% z7PiKAZchK$#ZBVn?J@)qhGy2}8TSb!@B^4Tj%s zF-vcbD#jtan>}^ybdu&!188Wv8J|A^HhTrGr{|6luq(hA*sYmSsp%+34I2RmSi}-a zSnN5|<}6GD`4W27gYlW*6GnlKSx~3>gdvG@_X^_otpWsy&k?}WK7PaA3!nwWF5s)l zZ7c)h`hD*>%ZwEd_6iN$;*c6~?3t`)panx9Ir-iZHcxo)M;I57ZB5%I-dBWj^in34 z+BJ2c?wk*&A5M80J~2a!*0vBEk^j!7B-Q}iVjS14MRYfYGHwTT-w0M@{$^8p>#xJ^ z>F9pl6#l*kl9a)g2!|S{`c)&Usun@vsAt<_chzjKx4Dh>+or8t-wAqR>aBb;IiqQ^ z`~Oh(PT`eCYr1G`+qUhBZ6_7mwr$%<#WpLpZQHhWvU;7}XZ7yW`&s*LUX80c{_%Y; z1?qhK@DJZC04dDF;d!}Ya3RPBN$S!KDiF2_8=p{r{zO0Blp4&Nx!gfhUm|RCh#UvN zuWki80GSl?^Zo&F^K-u5#uho$q=erwTvK({$w(06fQruX7%<_A=){=yaZY{Q7fh|! zALNTxhF_oFTSc8>QZnO)4B;9QBHcFiA2Vd2P+ z2dFo{gLMBl%ii5iWHQLllsNel3i0n%Q92kq+FH37JN)aPD_K?Z2l__&2fv(-r@`r1 z=G3pFY~+_&STVZ*Y2YeShYC!LyDDs?NLsd{6aU@iNHOX{hcUx5aM0>=ELkM>W0c77 zuv|1a)$bA>iGETvZv>6P?q*pE4=bWmj#<+OjHa6jAfL6Tb$mPJAbvrvQWEW_-@`yc z3*%Ph@#-gQF7{8}2w=m*3N;eqq)-X=%fzvSmrQ(D(WWeO3~IU?-zjMzS{X{63Tf3( zB9O={)^w+Um;)dAXnE+Gnse&ZfyUf{GDJ6Dglc;*aPZ*G&h91}5jae&p5d&0sZvM@ z=v)n`gp{YVg)kvq)}t8-7TI&}_ghwVFG44_D}JyvkDo;ON%ykB`X_`qU9I@EUh1jia7(P!Q&bdW;hed?}_(4ln5Kv&-Ba657BG!#H-) z^h|skyRFg!%^&(AKh(HOS1Lgl7^y%VLc~Qw@o^*`v2456HP*w<&z_(wv zo)?XoW4#;+&e5jql%hpPUKM)loq}j+8AP0mxggzXvT=oKaJ8^C|E*`Sr0wkekZ0#T?M?Lfb`Hu2X%S-1NvP@ctkl;n} zY9nA2UDbcH-%g1F;I_nlwy^d=GJz4ZVs3+H{Q&+&+NaFI#^0be4|PJlpddA7pPSpI zv~+@c7*7r*jVoGKHR7L5@{GMQ8OCAlE5@HaKRt<ag3vdlDjS1#_uGp*nC^ji#CI=D z*EG}&tnPB`;F_LUiaVr2JuR`?;*S}R>#wV!PHw-yeo%4498@u?AT3XLqN)zq3D;}) zn>IGVnHZvEDQIysEa2PY#346;|uVL8SCgIlCt<+T@>XDKt$renPymF!bhD z3{9==Il3>RMiGIiR;LPrA-TB6J{-$w8ENx z{eHxV@ndgFBNU)jcfSFw!&5thYdC&2jjlAwiAb4UvWzo-7P8+-q{KfoQB)R3xvak$ z3|$_cI6DRB$Pr`ePU}1lwV<@MC;xbJ?^W`UZz69f(lELS(4m^u5gbAG0J$I9yHH(x zpe-D`WcDuS%4?Roe%*cz(a~>~#7COM>$jC7up4a?K%_-EsaV$OZi(Jribr0iR9J;J zP`c|2y6uuk8G20gsr~%Z1q8fipW2omOB3BA`7YD84dlIlufc<1I_o1??u*|k>FIFC zfVXDvS;}LSUDA1GBjys(uKn?USmw$8t@qo(+2(&*?1QgU}?eZNn} zCDCw?_IUy(gza_k-1AEEx&_6ho4F*QTguohM-}ETB`r&v7_FWCEQL>TXL3398g)^P z&O;=#{9M*%P~RIe!e5hxd--I1gZL7DAYJWu{eKh&WE%_fxfP*hGzR&>)JTp=i7z;f zqscnJ9#xbaG)khZT6M60$x22seK{}<5a*MiU|?|^3JD4}`A6|tR%O~JShcLDVg0R( z6H(Ls2OIj1qrwog&5XWG`k0?5Fq!!64N}Du|>Z4(6&suv2xA zu`D8-H1e1t8DhXx-FOgN#e1g)4qu6fo&>Y%{r+f5w!(R57h+tblzb;zi%>a82P9#z=TdFX)1LB~e zC0J<=IpumA+sw>+#R=J@m-Gd<)tO4X(?Ijbkr+4 zCx9rE*olVn4C{`l=Di|QnC z0|>E~{woMXZ>7DQtl8TtyJCcPIYK9(>}uh%O&EKgVv^3foZv`-^FNLybM z(o1MRRP?SiLLT0MMVZP(SSPg+0tQtQ?{*{ZgMpBho>uJ`&@FbjGu}u*wwADts{sgw zUyx9I*KLN>6+Bk69^rGv-Fk=04yyLLv-6mA6jJzSVs%wrFCWMW6@iB<3#)O3%{&kk zmTY7)PAtsxz%`Z@kYn*S02-x(E+(E$Yi5j(?U)*JIA7o3c#N1wO4y+QBU2qJ@&*BW zrq}DbWo(Rh>uqL_610WV!p7_<6C4>;nEIVw#>>Dov<~ob!-X_eq7n;~edxTZ2ZCGQ zJI3mT9XNBUD}cY`-x?jpcgv`kTW;iB3#qU!$96V6mWw{5X6AzT(y=v@V5&`^HO~fz zXE<(3370_LoC%O^iwyMD13ggJ`u*aUW@aw;=cX{1YM%8DGEghch)j;88*)B}9qOmE>P*chr5KIa5+tXiqPQuXJHWb|00|#^PU|ITyk_2=1Y#zB>^Gb^GV+B(6-yr~i~h zj)Ob!b-vQZ?1LW+1SsxTYj5xoAbFYg!A^HWDYzWNrO{Ix;X0RkjZ&#YNDtz_QBSgd zfY$yc$9VI8pv`mEOhISRk0t4c7=@sfV$$8CN;a}eB-q8gV=C59j;uHIf1({NDuvO> zs)wUmHj+Ulfg3~+8mw(>;^bT~ZhxV+=A0fB89EGSTY*=iJ%CeNouE;MidiA-%{_m8 zRLs_g45bapsN{C=(EQ`JanY9a^s)_BW_|b;rj2ZBnCqHRE9?NB$kzO6WCqr=R-A6);kSbqubBZvCkf8CUL zq+wh$)!v3Fr&>sCeP-*)ea3b$g8>c=s|3W@m0p*gZ#&O2j)09kPbB1E7=IL=&Q#ax z3rjd#6vLWyeuDA}-KinX`H+(uvueHg9s>Y#?j!A1Lq{bhca+L_qE|4DA zPP)6_tv_JCCM$8bR-vT^Jh12E#N*h8hP^EbxCYxuBpr`zv9n(jUsplx3c=*6KbBFM zWhCr0T`i}xE>XX<-J>gctI7A?Dr;OP)SN%Q78s|AAD}%#$Tp}Yf?6Cb@C$DL7F9;_EzylYENH zOOtB1cs%zPjS<@9)kYe%j#Be7IEomH=FANZ7G@|~P?NB*em(jZLX`%h4BSE5rmCH+_T-HN$)~W^R&PXKu7;Hk6 z?0Y|<1qs?=7xQ_cu5*(oty~2bH_l_hafbkwig(<3hNP!~2;W;4p-YqIQ0}YF$_kMZ z=ILVLSqNwZ2>}7^qIE^||6RiLsrg$oYtUXr1<~|zg4-5-k7%HQIs5~#@EIAcFurO>V@7?lY-KtW2AaWY(nDr(U{VeOZ1 z(^=kPJH!biSug&y9@qVD%dHg`Hd5mB{Ok3ytK$n#S0}FSWC=R+->%@%$HiAC-p;PR z7AXu}Z-2gGwPT^36WXNyYiJp?+>8L8QKjP_nUg0KjY?Glr5jNSk-)r>YJHSYF`JfD zBLr0Sa-X~~EL9p(rdDOJ@sfYcMMMXC-Em%GH!{Aqmx*TBhu1F>SS zERjMuM~@O{DsDjdEWT>xYZwpSd?=>znP1^c&Y+fMWouxdBK>N}utbcYVC6bSwHvE> zx==o615N=*g4#ONQ%aHa6GPy@mJoV`nW8T|Af}`F?&MOg*&e@;S^pE5y+!~+fcC@_ zVq#np{B9`w3WJP3e%L~?KCYUVSX=X`?i@2FoXt0ywL5y8)D{WJu>oA}|tPZ%f8!nhB1QG7l!_EmaS#O~d zJ%P0_7GB=Q(kd#B#*$HXEJ~@^id+8Adszwi@&=p8o}n+Pv(G&k)`i$XY^XL37U_Vo z^BYHcF=Q3oqCl(I-}6^P)zV03yZV(TTLB#23n%WoJ_a6X^jczhmON8p zVSHJtMiqVCEslGo%zzzVt46B+N6K{Jz8=Exf+qL74t5l}vsd58+ZA>mgBQ=X9Q+E#&CT%Kn!>MVPn;{V0}Cbdgw_5xt1#uK<{apn8oPpvh6Nf+w1Tg-=@ zsS3sAvI%KK*On`uVc8+HmWNvbV9;Nxj^bC>YqYO-66SJ#t1q$^u6FFo{;e`0O!ga(<@9R082=c(#rMtm^8wBMe580nmu`GL zglNS$!x2+n31;`t&6BY#yM}%sbG7YH3#5oAm8$u5T#aJJl~Y^xRmn)Ya$1_oTO)eq zuTjAJ*HrS~C>mC^@r>#q#UgL6X zh?VdO-8Tj1WiZE5Fg4%wBW+IN?_TUod*4MsY14>#1&sFtB)c&2tv=BiLv>&xXY1ibxq9`BcsbSn(DfXbHz{>kagWx zHR-5Tx{BUFb~l#Ym2Ab`b}8E?HGM2b_pcbo)IB8iilE*cgiX$D$YE=_s9Q3Y!f)OR z^>fiEZMCH0-4D03C(pY(9owtoaG*;+oz4(n4x`hj{_ey8inzD^#5ROq*?R-0>5B*m zJ5zQtryM~~)*g6!H-x-4aCJdgq?4T<`wrdoX3H?85o`gRfJqySEfODrV5Z4%%vEE1 zvsHm)0qFr6Vx#V7f2(empo5PfjTj6C6Gb^L+BG{@E|NZjnR{=q`qN`pKOgjpU3dRi#>xLxbn+VHpGh|?|5s1@{|`No{Qsrh zRPe$m?uctMUI<0N*kv2Brf>=zus}o@=#fa0Q6*wY{D_pko;MW|syJ-+z#wQ6rZ*k0 zjl6aMdz4jTHBh9WBS}M*CB}mexB?}tQzbJ;h!^E3s2C`b?=R~xc`H}xj7nj^0JRr!p5G~gq z4EY^>F9{YjxW@KSu}~PhnwgAZ$z!SKapwFM0b|!tCyZpoNL~*ym$hKhuS9cg@oOK{Bnif;9CfEv{mTMCn%ffJkK7NTDG>DDSE@%N+qWuLgBflp2g9?ZQ58~6jY=&OD6L<4h zoVPFD*AIk#rYFzsAyH|lZo^-WWMK2wLws-dZ`>^NiKu%8v9$WruuA;Yjk<&F+L$iopvF{#QhV_ic^gBv#c zv8hmhtf5JD*q_yR6SvUo^dOvG>4H9$?i-smSYvEZ1s%sOl7Hd7$sAcgl+R}g-#O%BJSZj%CH z6f^knT@#a3LbA&3myy#+>@N;1AkN#P$tTEB8E$Dl-o1iTrIK6jA+wqc4PD3M3%F42 z89pVV7MI03NBLwY=>n>a#FKLG3ZC}yHuk94-QK9b7R8aoh8+eLbGMileG{l|2*V=P8>+UDIG_N1DvWPoB=F6?7<_(n@G8_&LfWKyG=isA zv!6t=_3I1`hh*rJ!u2_W&eAs2~zx_cVU(B$=j4NWZ7m_~>~n^|EPFCE7Ch zjB3^Utm3z()$TWgtWd;d)T~b};Hls-c$L#6+rw*7_i8pVQtKajlgVnjqTW~VtTw1x;aAe? z3*l&WP@nv%oz6eBF@Tj#E#M~x zEH3h3xv+#*R2XjImbKbiL|b4}5c+RxCexzy2WUI~M!ECWD_lJpJwZ>Oz=f-ER74;U zMvdt}2!*LPngw|T!V^~C7mpAVMxu4sq((m6p58NL(Bda7n#a-2wGR(oY@$^Ac96l; zKh&$WqgGK{_Z#WC!k8LG#WDS7zEfGoYZ zhdU;RFkzSDbfVJXi0u~AW0gIC$=+XUqO(0@RPG4aA4_4lD9x~qd7vTV&v-lUX?yLy z*kX7`gR76f+r}HJiAX2}(ND)=&1pdCXq`M-_2Gq2kH2*BA&XRbR(*lvWxWsG>TN8Z z7Ii7a4F+cXug=G_Cy9_ApC&`481FiK39?1RI*~)SlvCjJE{vM+O0MPyW zUxa^La_y69mexW)7c_cq~%o)5N3E_1}G#|U{(imKWhU)wSGSMea)JUk` zqr3abUr?;S;Ap=B6rtz0vNYjf&bt2LR^cl&k~qDVA<`>`U_wtT2m!RpElNb}ZS~!! z36ImdsP%?!n3qK=R`C-1QUJIv~{M@munP^T@MmzS{ZX+k2TCXE-b(+ z1%sKI1zDw*{N{R~CJ{|hDL2gYgK38J7S`CL9Sstp4V%;#pL%qvJlxKC0X3o|!iu5O zXo=j|wI|RF4IJ1tznt#PAzkO!*H67T+jV*-X|=W{YD~sgCvpC4^*en*e|WQXV*!g< z=HYy)o3{a$Q;sC?xSD9%`Q-L#xF<^wGS{JD>d2t6QgfhKj5iHn3k*JrV%(JqfI1o| zMMT$5aLqJ$lJ={e+J%Yw5bz%9ScM2J2$)0P+R0Ny(0rK@Lh7jaU=6rB2K%lOoiPbyXE4Q`Yicy;pTAsRV7kA#!?bix z_6F^&aH~2MMg3%%DWO)*o0FujP<>pB$D=NxqT{wHUOZ#vq$z^GZ<7}jD-R_))G!>w zBaE7HHvTIurE>Cyp?S`_e#b&B!h!=Es#(lPxqRk53I&XQ6YEPvmRCaG5BRC2cQ8f- z0Or`di|jYDqBUX`6(NH=91S$KReB9%Rk zF7fBqyF}T2VsUNrMgBLP_AWn2T3fyr1W!)wTd}%_ww|I0fx-y7U}YN&Y8rWlv9hig zs}Vopsn!BsXReZjo1k$Uw!v3?rD|e|+IZNFdI-z3RV(pN*4AiVyPUcmJ-;#h#B}bJ0ONpmPlqd(9mk_p2*?5ISOiI>WzP24y(N5M=1` zcJ0Ev(C{{~v2lu(xRb8v1R|$Xa4aoNDIjF~yWh4s)1V;DC*;a(S7%mtaMbpBs7t4A zEFsqt#&V94o6*?kD^t~EGk9rdeFFstoijswhzUYt52V+y9y{siv}a{+WRG!tr83UL zC9G%3O3&D;kHX(Yzo%!x*A4Fw8>XxG&1~sye_Do^UWi|M@PmseTAKX%4!aE~!Lqf8 z?RNEkiRJ$-n0RT%$5q&lHanKbMHIM4r$CoT_{4xz+(vWkga|5dC zAVdnR#cYwBe%@FUM;wfp%`;qfknjCe#4DQs{@Tgt^8@N7t=mXim^Y~qeHT2&F{5FFbJ4a5<#J?MMq5dO`@EaMYQ#}|&ioqv&jH$W*RawwJ-+}G z*K+hZ98SX#k z5_dXrdwVGJ#v$WE;E)_pvIcQZMwtm>5kHa)v*>|Qv1}YN#<t4p>kE&kV$v{(os~Z}%uq&sTZpz;% z9QdE>o4nTJMt6X8Q;{*Zs?tKOwk{MDBxP>ZS=&FPOSZc^oC7j3I)syk+uM}{4$m&8?Tx-o2T*diy%}bWL|GpU@xl z>e-Pyc*fRZZQiA}Fycz$SfN1p>^-bmJMi!5`|q7v3H^;N7QafnS@P!Ml#@4f&r`s8 zOkdId5tcqJt_KfGj(F|5cIx#+e-gtd_kInFBl!=ZF+Y2jQTqOIkG@(Z5(;QzW5pJbKrlr*Unas@1JCxQi=s&D zTpO3INA9$(>3oH|{bM-EaGd9S?(@!#S_v*{`&yudgnXGQNrM9SPd)i%+*N>aFLy~G z+apFtRi7-UQAX2K@2LuU%!fycm`XQjoZ%Qh6Q!Oi$&Iz*LZ<+Qz2L z(fFzgU?g`M-BD`8p%r7vCad%j->wN;Hx6)uW)k=xjbYR{=}Fl=t~FHxJc&{(`q38k zGs#rtj52N&;)N%6E+JHbNSlgZt_z7htn(}$6@gH;q<=QlkDRM82e4<8nI-y zR+n7)Q$Y~#XuAsRu#i8R6_tpi^H_|{ncr{ulCtmQkM+~^k)>uZiet+`2?c1@H<-DO zOW}bC?r_UX3h&E_#is>4nG@uAZ+#u5TuNQTMaFIc-(e7Ad~oH=6znX-OYjlu-0>-P zE&{gw#KptQhA$3ptdR(7qph%QYb7{w_Q-zDg_wy^ZU{W{99RHB;$z1JTfFY!71gqd zc_?_1IVeaDl!m$0D`3TXy|XygVb#VS7ltX>Vke={3~i_LJjd?2a5{CFl!Q!}sf$uu z$A$QxQfq->+d`7up?QvE5%?JjAnUR!6zn_ZsK@AILvz&AzL-WSy~Vb}&`fXlvD2%1 zEbSvbrtrjzwVYx9i6Q=X&(XhmOKkM*9L;S1=gL?LI3eQmp8|+&?tfRg?D(HY{^zfM z9ilHaJssECkp59L24Omv04YOyIXRh)?KxDJt!zzYN>kFBlYJ^rL~<`3PXqbeMalPh z9ULNHq2Gm0Vm;HuKobBha&Rxy8$kYAK@Fnr&*8EN&o8yT1FZ=AlyU}HW5n>zR<7v? zrW2yY3OAa0MNxws(Ru_Z@#i}`7+c_Ow+O#DmNl65<92FeeXb;>W0>|;ANu8 zq_k8dw}GOxfpC;N3mQk#J(Q3?hY~o&hLmV^TqX7_sQ~UDh3-bgNs2);grRc-WGHz= z@weNpimxs;E$TD@aRadR25VAjwHKXd*Z6QDp_&9t&hCk1^)w=czUjlD(k@Q4eK;Uk zp~MKxkmy9z!W^_Djb$*PIw*A!^JVm7R{3c9gz+*cspVl}j*ByDq<9l+WB}2@Wp+;? z`Fu_T_nrE_C&Y;@pNY1yTUlW(p2NeQfr($c@;JDWp9Q@F--W&`esj=u>@N~t+xR#y zf&tBXIPS^l9KZ<7qB3J)3v5aCgncB2@nc#s`w~1MWkvJu9LWY5+G9k)nBiJz4Sxqv zX$5*9R!MGYRP*x7i`+ps#X4=!lf3-B##koC@1>JB=^zqNCI4q>jN$IIBaUN7X0FtN5`m;L6+joB-s(eJI4 z{Y|GNr2SO9iiQm6%oc;FlsU4Gxnl@j=J8Uokzvv~UP9Yy=TcA6^U;WPG)U5s)M<~z ztzGleT-M_=ySLXY$RZdyb1uUW3crhTt3`arL?c~;dx3B=_ikf~Fm=GD0av0Luzh*q zuK*NSM=QI{$hMv7atyY%oy0(SaXjOO_Eq;BNs^Vaq5;T=ac1Jj!U{BN$6KD!Vx1=$ zR~|@PH^<7qA#m_}kR#hjl@ajW02NY271K%>u6V4R@&JadOGQEQkqT#Ypj=V!sdA5J zu+v5@7q0TomO8X*+%PzjLQlKXS;0g>==(kpYew8S+4%sS&bVwo4a$Or29@AxMFvGV?5Mvs} zv*z1@2>>^$v18h)lI};Kk1u7{!yvMeAD>=$AUbDMZo+~Jv@XXs{+Cm+&NVJRoa_{e zM+WnuIx;xu?*tIr{)0YJ+WM`Z~76))J_kl;${uGsmJ231g1NVUQDqh{mt46G&y9g_PyoYd-}+NRGXLyR~HxV|B( z1(_lusbFiAHX18uyTq)Zdk_X%0nd2zDyt0=I+`Be-w|14cnEiq=4E1zvgBr(Tj8em zjV;u&yVLiZt|N?@i%qJfn>a{ z_W%$jf+KWMgfF5(jg3qUT2iu_WeNh}Z0BADFyYynUg!L;*~qX%NvJ#-70=t3`!7C_8a_6gDYHzRbi)Z;MyQ}@@~ zxvy&2h=T|emv<;ODaRNptRScsNy9L^)FnF?u3Ecm8S>RT8!N5E>0L+ZWwB=7S8KF~ zmKoSw%#Iz$%5XN#PuCbX-3ocv<@|@mW?Z2L^E5igB>{vRFr83M_%FqUXn<1^cH%QZ z-6(!bluS^*9b2Tj#@aayf7FM`9BU#E6;Hi%o^kOui*EMtgxA2S;TD=N0G?i z1fU6OaO)|0e`M|vTxiTFIZ_BoiajHS1v#%QaDA#lVj2M8MK1ix>c92Y+yGi2+$&bC zIC%Nbw-ye^C?Gbt^s$_+UVW*VZ-Ul)LZ_cHni+}0GRD|K7;bLQPhg4>$}I#0P{%V$ z4T*K-0!yU0o_|0lii|N+f?ftfzsf^R9MCd9SUV@t$e>T zOBA}sD5I%jja)Z(r;5y+Y_WpL=!pD;POF$2o)0y%OF*U-aBWUiY)X#4)Y{xE+c+-1 z-*2QJ!NtHs`?<6$L9hXuwc)MDke7N&q)A_;`*c|WE)tRZFYchSM{AzNLG?OteAFmsuTxKP$>T zKt3RCiV-$FZzm-#_64>A;yeR1!05YUOMGn z7nUeIb9JB&=CWTn^}xpg20%s$({I;g{mHKNEzN`4{WNf zp!wPbNRP>y8^-oEe!1gUWm;C#m8Oj+XJ~ikTbg*_u0Zw?a2g6i2s+eJvmcLQ~U-D5n!?T z7KZAt+qB|?*@?BqSmGt)gK0Oq_70hA+!I=Iq1^gd=xsz>8^ct9N0^&|ueq z2eOB15u5#dA7ZC;htX(x+AavF*SM;#6bZrs5iQjeOqye9I{ieRVdkq3v7Vz#RW-SX zZ}iMR#8AwM_3_m!`6(J3eM~1j*xP^6kR#RwoIf7Ij2W$*@0xlf9slG2C zFUYvHj52V8J-+tM`L5dY8fN3hM0f0)|p%;4~MusUrd{w zs@hAi+8#+4ym@NV>9oDBleb}G!LY(C2^T#6HbaWOI7C&SXNm_{Y(TDA>|4Tr5;cYs z6L^N;VcfIiZ*ID~gkNjAOup(prufMpnT42G?sZ1un&zWjM@rV8QR`6RM1K(vk72mJ zclQ0^37w^A02~sXlJyx~*H718e}WqJG?b-3!9hUUog;zM=AG@h88r6JDQlVthmF5h zhA%BWVXrAl<8f2p(=SxZw$xcWMeJ5EM3key*&Q@q=B)>j`Zcn^siQP`488 zj-%Cmd3sv&H5LV~eGOV_TD$&wG@){#zfL@(rFbuAnCM-u)7 zh^+WJK?5pQo0~e+v;JxC)zbX)`ou(g_0S=Kc%PGP7;0wZQ=Zm*e$C$vs|&fK?yvm1 ze8(GY{67!QQOzy{(CJd;*aD573hQb}ul|Hu&s1{&fZa_j{ukXo(B}MpyDWUJXWAjZLpw`7c-L^dQ~k&54LV~=eu3G_wPBv zq0*Ol3y|=m+?4d>lsU&0sTxTzVjwdc{KTo+bN>p0vXm+9lWfmMmV(bjF_RhiEumY> zUf1=rxzmC`-0Utg#*~)>w)^q$kXgWkJuGavA&Ia8PMU?@uQp$aS7bVG_mW;JI>Ey1Y#iKFL+V280wlab~9FU z$N@K0JM*iku?Z!=VWL@@0Rz}^nMFNH{b7aH&CXD+h?}!evpOGePUmx45>0b3F$|n6 z?>5C2cnXJ0o)!J;RoxZ5&HMm@yl0F^jXmz)Da~Eg?}V~mRrX>Gsc}rcMzzUeZ2G1F z&HHDJr5Fe@s3QpykHI5Zr1w<*%+?aLo1G=R27?ZV1$P{$XNL=6(u@tyF#7k^nV+(& z7fb^u_xq~8utrYkIzG1^%Bj1!V+aGQ!ShR<0%u;q66Y*7M(6d~TE0b23u0YW@epN= z!eaSzav`DmBKoKAr`=y#*&FW4n{BUnr2Hm!b1!3%>_tHfm+N+!lJORJO$>{ZZ_VFD zp}+m`(7xds+!;gU76qJ$EwXnTEI(9DQ0wPDzM%gX3H9HX^M5Z8#7W=L@_)>!3P6J@ z&-~$~fqzO={ykp$pU3GtIq4gk{p&^^tuh<4#)aTbrpq{~RG**M7W;4|L^ocppk^ns z(tf67oIt1!>tewT-MHp^9fhp7s;Wi+YA}6!o6c;=+y)7tm!BCJzc|$E5GZeU7^G|_ zDX!TvJ46OpfM?`CW&l}5HS0%gwiXuP^EQI;CG-ypTI~*y2rS5(B8rb`P@tt26YXMI7j6iAN}`*8l5WR>1snN4GF>s~P83 zuusD^!74CVYdkF*LpR?5C2D0g{nn@UA;ry_iZdBUBCO@k z#%nFJOO=DnF%cRe0yrSk0Z>;sO;d%2fttDMbFn^Pf$1xIf6tq1g+luEZp=o5Z_j_* zU^G)_I(9=bRNe9Z3A(ReP;S=6QY=d~XUnAX%GFyRuC-A?yhYmJ{(GAAA^>9slbnnK zYlfAKEx7yiFj!KC=YTQPV#h+7zH75*FV>c(I@UDY*$zr-InBy&qEXZnRVx2%#H0C) z_-Vvb%vG@D^SA+DmS8gs{xu*Qm`?$wk#9uAR2H9fsW;-gjZ3;J8(>1o0NgCHb=!K} zicZxI0jO7=`6EAx4qO!df8{4Vh0fU4G|;2x1rx#b`F^UXeSSjA68(-J=d_ewNdG9r z`}GcL;1K4al=LBq0N)l&>kCkX+o(zq(kMTs;m2{1Z%=?4vdz|XK!skLYO}xpKoP~j z`;6fsL*u{i52kk5N^EybId8hJ#XMI3=`;PeWW2GgzRj_5b$Io`qO0Q#lk%Oor5tT3 z0MWN)E_dY-_y!E}&?}n7vJ2eWPfav;(wwM+eNIB9NYDB7X#*mF@*jnGn$IMO;NpLFV^=?z zK>b(yIQC{R6#ZC8jTKRNt)&QaKH#R!hbMKqzNRaqeF4bZb_ zO^)I2eiTH9rmtrhAlXKa*?-y!AxxMV62JjdXmv*XN>}AU0ysFjHsl8ppso}_PQBkOh6lZ9dNi^NZM3t! z;1SY{Ax{X!-IYILHETI=trgvqy^|zTn~mnV9&Ik82RXEYaM0aKkvK)F;1%49P^v*T zk~DhPxl3QBN4LMLhf8P!_eHyu!dW!=1n-k4CvoSkaTGkgz?s-F9q!XY^ z+>JP*v(LYlPldow7=|8{5Gn(WlAn=hP~Km}4PE)eeq#ECcTwUcQGS?)wkl%8H{>$> zReMShqW388E1!_UH=kb^Aq%JEM{XjTa$Npu^Fp_tG<;NGp$D2@%qnO1b#)lD+W;YV zYS6>WGvoG?_NoPl;li6Cv~3m1#iymb9P1%}-o~G4Tx>7AfD_n(Of`0|Vg6L_APPtC za;H{@`6|%HjL>wwkl8u#3_{>YAb4QlmquObAd5*u0f1GB?(w?=}?{)6~^qN{{k#g<1_SLFdoBQS`1>kP#U86N0ml zomeiUB*6AJkWCdN%0r&i1&tb`4GNYcz@(Gr)b@_#h8?TI3EVdf9)Xb{OH2PFo>J!# zKR@t`6 zr0=q>zczR-cQ`%0CL*-Ew)&0`RWtYKwhuD{Dm_Oc=x;dbuaNl9&<=YYZT|u#l>JRq zkG5VX>PnQiq#u1!FV{#`)>wwA7chH({(mU@rsznxHSO58(XnmYwv&#{j&0lO*tXem z$F|e4olf#spKoT?oNs3SbN~0w7@6sUz*yR0tW6I?poWHeO8|t^o z3D#sUfr6OlSD>-x?p?L?s|Z&er-5ajUt?72g*-5R|CTy)ZTa<+IHsy7t?FoWD0}t$ z6c-oCy?9y^Fv&T^=JU98?kdV@J`KqwN-qA!GmHcY1Z$}4S7rYknLHQsj+@FA^7GI` zx}O(l;JNA~b|q0%%8MkItvbi5JWhY2MqIpqIvrQkl{DWpAwzbfj9R>0_T2Jg+TmCI>Q<(@H%bWra^R4f2C=EMu;+BTaUPJv|4u`w>y!;JJ%7?&AFEHVf#rE+}46M zoGg3bG4xusA+3QmM7SzcPq-y^`#6KaXfxS~8e$|&D2i!>J&i&^NrwM)ZGQbospf3i*sBzJqx>y}DNhh3- zLt_%u5nR>SDxJmpweqQI*`7pX^o#9 z%n0A~qqDgsN1pucogY2cuEK?_ygNUm%U}w#(%Vr!c{2r3E@s$&*pIuMY9-4Hi4K|i z2mEZ+5J578l4TJ~W%{+g3{935oVe|UzJ*D;GEU{8oVmj7;(TElA+F-ED5zuVAamTV zZ7RbZQ;;qL$JG)cyF-qio@wQzQ^MdY%+cB6kW-^>t;IL!)l-t+ExLNqz*IU1kcibs zP~jy9vR_Z;Qb}?ZSEv=nnlwkNX(^jZPDMi$%Xt>y#lYxJb69niM8IT1%MazXjW(AW z+vbiJNh2x846sIE?uJB>698%el$@b5wsNZ2ZW}WVM zIX;ZZ^CymR!Jq}Srq|0>YDiS9Rgx&E1d;~2gT$zCi6`S=dC&7L7%4A5oz_ey76XGH z-oU-bYkcMA?^$#V8v4=reau|Dh^)+iXD2yjRcxP}3=j1jSex@LyVu@h9w{mxgs6F1 z%tJi!8N2Np;l*!Ls|gG?Kl<7zB#7x%2CC2)HokC%zmTqwoFYDlcI14yJF2HDtKfTd zd-(wJplLnLF5nO0FUj9$8t)5D&CWl>p-)RYBjNUI2#n$hv0X-k4hw~Zt?g3X2rL@G z2S3kZOR3{1fUBakPjnhfQu3r~t{)4Bmkc;+?-w6k`>xVK2>k=9{U&-)c$aW1Z4gUGT@o#eNd)#TY-aj*~99m|0%bPxjt4E;&2{tr(LxX z8V;~>antMY_A)D>vyQYF8>|e*Rmg%*h_C_ah&WaZ0k4~S8p-D1^z(b9Tt;vViG@O= zMwF^^Od$8LX?V0Iwr^>#Y++QjNG-z2!A40`5W^@|Zo@fbzXe=%?a|KZrzPF997COW zRL^S_lBcn&8UM`5WKBpDLz<+8(-*{DzAMrEteb;lF@2=i_j~3{BLs;o@bAPt3J47QfNc%q4LVJ0+$$04n($Se*@WIQG+d zzv!A;L%WbiGH-&hJE2{ZzGXiy#6$;?@*)EmKlr_C3f=EDkKmpWAETiGE5{EJ(7p6! z3K)=FNZkn*PY^%DNP2xg_B65m7uRIv5G^tQcm+`Xr+hOZEx%kEyYi1403uASbD?B1{(a1NpQsg>=bx!wDI$S1rE)aA*6ztnVBfl~>E2P#eyG_T>*}2%Z+>U< z7(w|Kzb>5*NN3v?$Dww80V^OEZr4PSBWnSqv&|8$W}6M@kmOX2BWrd$=@`Wu!C2-b zObmA)YbeB3@Vn&2M!*b^2C>5K$|M%Ah6`QJ4H+!A!nOgdHWOdINT z{%Yz7Hu(VUDZYzBCi)h2yJKwI22w!Po}~HQVj9jsS>+-#wv;}R^0U0D!bUVg@f4C3 zT@8#aGp31GNd^oyRLO}X$HDhZP0!JR9RbAZmT#Za=*kue3ECDK-}qcEARtiEXjS%1uApT18PWkt0|9=<|)mXm}a z$e=4>w&=~8S6O_%#JZtznN|E;pR3=zo&w1HUq7TU7y_&dotF$e`}2IvA2kh{)NA8| zzx3>d6W^`PlVTp%&CazqHuQ0D-X$H-&OujYQpc@;6XIt#liWuUyJrC1#e>UE<=;hm z5Y007BoB93j2@xKk8q8V++TtQ)i9~S8t!x16*>r*I&HERRg*DqLl$TSN8idS2;fAX zv$QnCej*QltsFcKq2>X>yV=E~E{~;hnWJwMxxmDu>IVBDutxO;wa;ZnHC z*_~FCLxzU3nY+({bHsL$)NMS}&hHzHa68zEZ)KlJ(R11%`$4UC+UQ3}+pKf-D(XBi z9z*07cR$1sG+5FM`CX}WtM>a7Y_c^Nvs{(rAUFQ zLaIuSRbK=n3n5nX&7j^(_kNFsfrWRm7}G^e!c{D-JYAM|ti;wS6CMGxz`}7BiVy6l z^)J8CE|dKeUQlXJ+EAUbK+H;=LWBemnj(aXI!)Vf#hv1Tl?cb zT$+G<*mxf}W5YhgJrO?sX3QYtXrAB$ctd6Y-O;~Os@YgN|I<(=M)j|ujLn~+OpR-v z)aIYS0B^;+Kxp`EA}0*AZ%Q+BQUKv5wUic9;BSC%(`m1YP#rW;YHQ+d!&!oi0vIU! z#MR!U+p%tg2u+)d7(EkZZpyZ)-my<#qe0NLK3G1*qA$UEEi&*!Tn6kjuU?tvnZy@T z#T80Ih0|-A>aioJdL?KMfjcT$M7zu+$R82B1)=E6v+cTMK1{HFN6ZLz>FrVnHy-IcXzO_{nW$KzR_&}Gf$1v4s>e`*RNmdl4aLuHXE#Y5; zvAZK;{pShMlA`Ul;o75tNg<$I#emfs3zSy*Mqw4KeKkW_0j15VW7%Gq3YD5&lJI99 zD^al|IX~s<`xMnDN5jh8J{-Pnt7`naf}%Nf{a}%W3D(a*LkhS>>&?|2 z_)@`C_YFRXq>z<8Z>)y+_W{cE4J~S)4=47rzSQKRIu>*(oTQ~rXYOF!X)fT|C+r6 zvigy*1bKT{V+ROV@i~4{ie0S3OdyjZfPq4``J24)VyP2y) z_6%LPeH%?oW`kFD4olIrham9+a`7*l>E+;%&Zo-q7RO8J&4dL%@#{3d-jG)0u6-Lg zr`1?WAFy5KNr9RTIoBSi7iPV!!^(U;fyu1#_gC5jnb&c1KVywcIjK0ka-$D&V@ruF zTrGkNr`Ko~UC`~|lbheT^}UKvfbqaKG7m1R~@4(#6Zmo z28~MSlas~^$?c3m? zj*i&eE-zky@ju$zy%tKb;|(st!_|nJuab7+?4IJi7AjmTuyaQR7&pxz_*JlZ__KnG zC1TRs7*DlQ{!A`4vC56g7@cL~vR}y_)a7%cn<_*QWBTRL!` z6^d~bG1xf6gHgzz6kxLgET~;F+nG`jM=o`C+0mQG%vbGYBN+ z>{63Ku8DWj!9VX^qo&fyBA~e9UUhBF7Fhw4!{snaZ@qQwB#}SM@;Ex*g=RDZ8>mI% z{IjP{39$!U!V(63B>2c|=Z0!TI#rWTY*)owhz{~+pO68bYJQueobaUJMZgGbiB1)} zEba$-h1lejDzjY)P3=zdc*?|=wMOhKhjZ|0A%C=J8ANr_p>vP1BY(<#gHW26ABzIx zbbMXmp9BUm*&Pa05Jw3on~K>W;&dnKSXIcC&k@tJI70gtL`40zc6&x4eRq3 z1GONUQRbAtyHV(ZvuK!}2?-5O_Mlc8o{4KKIf7iBwV%KRuLvdivg2&E!Q-)WLXBSj zVpvFW`lvQW=ilcC2XhnfBPO&6K){>5TREvAr72xfik4c-_`MbqGxtm6VbRvl&@^Zr zmzbO>qu5@cRD963sySR5{0$`5hjz07vL-06@JDeBajU|!$Q__c!e&5LVKlaD9b zeV}U*WP7JQpS%mNzj3kqlR6E6xSW45Kl z^YcT;KwEp-%2WNitKWwXPD${W=V2d17Y?=%gQs78$7qVvblP7L3Y@s5MBsfH4&GfX zx$3F$bi1IF+o*Q@yu$i6E?&9oV3qlxLNC`zOF420f#i}+5B<^brtZwZAeLLhHmA=3 zt{o2_S2%t1_;TjP0+V#XUf#=sz#x2=kR3-jnA@n`815(dCfbGKi5%MdE^9-j^J9Hi z7v?AOon7aAo$`Zs;tVbBN~~tPkcS<5#|{R}iCwJuApdTM6&M=+;S5lPlmM1u|5_-Z|Od-_#4NrvBX0>Wiq>4+MLh>hieT`Wear2c%xXXQ_lw zYXTXpD>V@!swcRx8Z<|4i10wz>8b`#I*%Q*3<=euS_iM`eFA zsg$h>2`>e& zO>oCG{yaCR`GOhltq1WL;NRT=bB1g&5a!-2Klfms$eVm_@@Fb0kTYZA>Ibrwn3sJe zWj5)hh~r+I;H1vg-;JR@Iu2PVz3vUs|_1V3o8nq}3&L?1HFt3ns9CFa=p;sYJ-zvc^S}F(8K$ zWn@FOmlCWTlPDY2PAMk8WU_bzldsHBM#dG0@r@*Uy^J^@q_A9!gtk@WSik_d6B@ga zSb&FMVzSXFT9ne(Xv$1q45rgZ5Eo&aVRdmkRKJpHfpuZVeOWAr{slJFgO0bw@I1uY zf@`yI5h_e4Pn9v}qd{u`S2wn`57$3;+KfkJFBMaW!;5#0JNuA>2?6J1T-G73Bv;I_ zVGAK*L(UM|l;WqQ#sImtWnQj7_if;xzYfYE|RLd>wB zlMFdLYf02K1@W|Ot(h7{K^d7&C|r$~-btU?({O|Vv&%7gwXL?DE-brxi|1)KDx4_8 z@h9()K1w?|y+xIFrQ)bS8TQBcbX7KP%;LMo05|mxVy4*=DGW%{HvGv>+O|9=tp;J3 zIq;|pTQF8!uWiTu_On*PW95Mg2!9_&vn$YKXvexsS{*oHgZ#`dmBYF%rnYw9B}cc$ z&;$O?)H9(f$u!acHhlj3HJua#2+}de5;9_S34&q?DTUajjSlpUtne&cqAU%w)+n5g zis^_9uxTTzwvogPjGl}LkCmdKJZnl-@!=9(_bJW&)R$?Iq^pP#Cue(JL^0O2z$-aT zC7sZ?;hD`yNL;NR;%@Q#SfVHW(+~&+jHr)yFOmATwKO z2{SknuVQ)g;M)eQ*wZc)h+}Ny*EA&Vhaj2g5xHHwYe4rfMK2 zM4bcME|78RS0Vkta0e?%?yh>xK52KCYe2LOUs!=kh60rZQZ{_?<_KE0s~|LL#^4K_ zxT<9K2dl26ZIwW=18{iyq(2kncMBt)Y6uY2l7gpIC3K-P1T}jw=YNE{i-*xamINaJKHVYvJy0Zcj7iG{%yy#)71ZKE*C6pAz@EqM2uf0F8 z?sIT5dYj>5_99Lb$aME_1w+d154r6w65>||ub4T0Jg8^-j^d4c$LsoL?`u4eGMRGir zcYXeip7GUZ+Mq}~+3`gCK z{-`?LV9@6ofcrZs;W7whSly9?@z5{qD@d8#q${~V_M@AR(pLCL@u@)2vMyLZwX7e7 z_0nBPz?sy4yDUZ#r6<&&&ke{P!DGTccCX0O;sv^>VFs5J!6**}9)tk)oEA#zaJ>du z7XvD&F06j)Ckl6LX@Q)%+w@x^TviCykCTuRvnPrjd}!+DToZP0pyGgK94fOER9=9MKouxsMFZ&av4u3C zEqL3~pFE?D>*xWS`OyZ(Fhw-R`%GXig~6FPLi*Y6GrG&Pb+N~)z>aO>R<~8+CY5WW z(%>tY&EH>3+6@b2sjUhbm*a{bFS|<~amd*McOxxaOfFS2D6CqLw`8(;hm)@kfTM3< z_^0Yvtx6&wG7|IQ>Y8>E%YHr~=j30bLw}#U({fCQGNI%*fq$p#%0zp7i)Y8{CIrAy zs($6zVv8yOj-(K?gSQZpX6 z7(TB~;MC?!CiTyn6~ZmFgL`Q-(o8VcatY0qr%q=YpgRuAgIkvnr<&?Pg(xaBlnZ zc;KeJ5a%iHf174C|K7F51GK(&fY$flsjHk_jGX>yoRy;fSBP>fAVgW896VO{oT-{n zmqIHB-4(eVHqrx33HK`f?duSg8wLYB~E%Corx;b4xqv(%ui zrCEgpv#3doyFeDr)2X~>f?UWy27((z<{}pXsINwCkrYrHM3{v7IgDY^bFfgp>q zeBq6xtmYN}IU?#97c+F8uGzWq5*&XenNDP!jFRMGE068fAaC2v!m=meWTsg`-YKKZ zk!z!Dg*)J+4LMB0Uj`Ts8~{_%X^iXI+QAR57=CV_BNEha4tGw@(>UAd%m%nSb#^Cjfay2}6CmurWh( zzgWZS-2aA%`|T@bK$=&U{87L2cw1fF7aE5+N%%sg_{iriO%3vm7%B3o8y5gA8j_>A z>?hgp7fjq=;9C6q+l0v#t!LE?j`NET;HHj!SvvfYZD2~vj5&?hVPyOW*vErWVVJzDZWQWiri8-+70)kqm%b$cJg2CO#ul52l1PeDeBiyN;OhG zpmnrmkMJXZU2{#l>rqHPJU@rSaF$QL&w-=1~IsfvxmL zt88Ke--ak)f9Ye|B?PJv)G<`$1y|2wzz*bGYp2Q+kwC#=YY0d+ZqJb0tB8XMc!7D4g~Wi z`sp6L3|bN(^8XE8d>y35%$gcrTY$!jQjoj@D1~Q+Em1?=5~s2@{q? zoUdd)a{`_8FfuRm90NXdG9KZ34XuP14ZGCqrCKaP(m}%k^VECeguA3a!@9hZPx<}| z9i&9T)>Kup)rB$}ki2!OselUOsm^)^bXPB>dcmp}`gqOvqRGwjQZLlZGq3OH2qc{Y zICOR)1EYN>pm-h&Iq^$I^0J8}YY@C_$$LfLJZJ`X70X4BlZuo^IOA7H>X7k z&~&vG#Q;WSaK_wbljEu3-V>$}m0eTHJ@@-l4b^YxCtZ!V5+1SH;1jCYMGtMC6=aBR zKL6{&$k$}AFD8tSIA7g6eDKbflL)*R{=S4X8TXPf0Td51|7I)uk2c`HlRZpT{;PJd zP>>SKm$onW%#*Ju5Z7duFDyGXf;aABKA+npUWox16h&Ezs?swW*l%TFC%SJ z>0Lpydj-$oD6i#J5?xr@=fsJPcFdFE#G&7p2t)oTw=9+Rl}mv7hr>Zzq(GmTWW0)` zzAp?C#kxqPydka7RRU8}SdJaiwdPleJor}oPH`HQFL0TU#^0gI5U}DP7-*Tzq$ev1suKIVc^m#Bk`2tSU z70X*>84u7tTu$RT zb{_~Y3)=$+y)mZ0))VAllHu>7v+3t@Lx`Ci=(TR^#bT63G;+Ka$i-?#oim z?yuT97Zm}S#MyS$9tYuBdkO;MxphDQ`wurBE>5q030(s22@vxs7+lh9uIuo_pEl1s zW=BFClRwYVKI5F%r{VO4wxabOB8h=&xyqdbUEar(I1g`05t<*ljwvfsWM6Virvm<507+9$^y2sAuwLV z!RAfpRS!u@$@P3ef+@n)lJcRaZ4eP3ERbQ*S#`qDc)vFp(fqh$dGMIgN?QthD!9pm zn3=Fvf=Hp0QD6Q^-4Ql_M+(>n+Fvwf>@UnvoyCkFg2XKy0g?7XmXI;%SR&e*QjrDmL2-F*iQ}_ z>|)w2q3rL>1bT928o!`cJ2%ReHDSen&r1f4(YN$jgC*a95755gGy&^l1z5|Y?ldRJ zS9}4kOtYJe$zyD9ni>_`&%J353)6ank7ueO!kaSWh27nEV9zB(JMiW0&DfgU^>z2+ z$^JQ_!IHi;V8Q*unj2S&isuu$dqDG>Ki6AYkVvO3Ze<~qSui~@9j(38miz|`l+31Z zL-Xi?vRQg2HI61RJTP{8q#)WT~;T%*AsV4*T(dG(qP8LsECaqP=;gWF}Awl*xC}CSkbWnzt8XDqr z*cDa6XqkPN(bsGvU4>4O*sdk>zgd;2mcc1_GaR6C1V*Cv(VvjG7yzTVqE+7o5mwDy zrf0)ziQwSmz|mo(F1BK)>~+FTnxIE;btf-!2=Yq#x^U}5Q}vs?j^x;g<@2^Q09`y#q2YQEghwdJ~r0@roMM@m}YvS-lCt^u3oA+R!Jl;^|N^tnRdEDMUX zbtr2EoUe@lr*L=Xj)?L~|M3|ZOF>&(MVFNo-{0JPL8xHez<$Jd0g#cnuZ*D7EHF|t zhRd+Odr{s77g{v0TMKPE=Zu@=_fYF|lWF)^}=eimKE3*?slou zH9D>&t1LX?r90Pda}0r0rU@!URXYtvihGb=^L<#n=OUCB$074cgr+Ly<`#`JL2tDs z|CUB-boMP>+yjs5C4q<_2*)GBRMCeyM z5mlw*I_R5&hpk_llhHJ`RjXqq-PP|1>It+k9cqO z+(LE<_-4i4-rl3>%W5>fqFhMDDErzD^t2ueN5yJrZU{6Oz~0;!yrRBCa&7Njw49YL zJ-+{qQly4X)Aol_bOR7){cCxTe~t70dJ_K^L+2Q^zZ$7jKqHk~B$yHj=Vh4yIX#JC zoCE*kGOz#(FdC)-B=V7zbLwY(`naLJlf-lm`O}_WKHqe9#+i6vfc9y+>5ydUKt|~V zOVdyk39Ag2xwWpXd^svZY!EiB57l3^=uIyVB3!xhO= zMH|s^0mJ~~cy9nPAO`RTl0#N%*pa|7%hFY|IIVV4Jgm(YR>gsqeH9jB&Kxw!?PDl> zG09~aoiuS|du#L0ntgb%=t$R{GIE9AU%h`fVakv@In%(B6X?H6I(fs3uMj)i5i#ck z1<;EUHQyR0k-sZyo&+Rb)FskrDOpvVhy~3Yd$C3`2O>;rYhRX;1+on`Inm`fY~9n= ze&MItPmlB-;gnzD!5tA5#)Y)RW6LZKK}1Mol-#3qbc&IZ4GMjJnh1O~ARrwTsnn7E zpdo@YKv7Xw?xn0*oOE;C1aM`Unh1NG@6E_A>#MXgerVyPk?ATmYvUm<)Xt9k#iI=| zoSmU3Mrw3d$b*-rc=`LZN8Vgd`AC7rk71jJsRo~5yN6!0#fFPlYiTGa@QdLdUAT_N z3jY|+F7023ZNYFRj~`0V^*F19RctW*F`9Q4^VJ%U&q*KvRg&e3baC@eHPlF!xf+68 z=?5SE5#86c*ImK}+hQ^8>QENW&lmWVm;ql&GHxOA$TG1Zd)e3|l^l%w!wdr%p5dWXPfn_I6`QWY*U=ywOL7y=1&>nb5vY=Ug@#)TKks>6{ z$Hh(pIi+Ey4W%u>6cbx~(>I?8oqqqoyVda$7QTcEfQLfDbUDu z3a$l$zMUZg3|esbZT?5XmW9aM%CfQu8QQk1%mHj%EgT9N{(O(dM*QF_W-f35n27Wf zLIw9G#aqfYZD4z0c=O?c_v~*%ORHZ7*X`A!Z*4SKixm4|nTRX5;P<2%=6GG!gx<^t zVyxEX3XUri_S;!|lKLp+lH0i9!tDvaigto>PJQG}(CQQfXit z(S`Gi4uuQ!1?SdM=E%R+oOV(w;^+#}V3zeOTh0M;0XL|Nxh@_`)1I=HkBRj z#)QsQVcE6;yEE;e;6J-F;Xd1d7;xf<9y{uO(||f;*Fz8PA~n%REZ;Ck(!I$o(73~{>OF%-Y*3dbMB9|3#I z-?Ad&k2-U|aeHL;J2U5yuhROA8Zn35kajAVpO6;Ll8~;#ddoDvA;r&qA=qI5$M%dY z0+vuG)}1_G6;i6CUpTpd$l7W3mTW+|T1mzU4E|IbtFi6*HU<-j?AT2nu*P_j(3qCRIk|ZYg=r8Om=ho#7r8SH2gDUGY?ROD zJaclVUc}G1%e9%Qy)SGd;-x2(5P0`oO(P{iD&*sIdYt&ef__k1nLgMLwt~w|M=hEj z^=|~d6ue}dQ+i{0Z?CYC^nB7u@Q=jnjei63T>HpMIlxtU27o!y|L^YE8d?5RK4T1E zqYUsG%k8>YDS%{pM|kZmr(QnNzoP`Cc@V`@uK;{{rbz{yFiaM1 zdxo1Chkp!_5#IkeKGN)0z*l=ui$#K_n;9Mx1SdtMApbaUR{}}rw-#&36A&Y!Ufef4 zO_QBA9*1;WMd(Oa?$`igz2fbOIoQ=qj;-inwaXOBk<$IGn*dGqo^lZ58C!w zcy34xzXubKl?wvZkwBPc(~KCLK261Du_+H!FvL{e6K)7|Y5~fqfD+PQbhcifV#F9K=n>e0lh8EET?XAV8b>X)!ZoTJJ^)0Q!Hnb;a4y{-Ob z8xL&I2AvH^LLOXl!wj_SA5Kkl65eF_%nXUTVc=@2*A^X@YB7pgkWHBsfe5xT^fn9i zeathg3yB)OU9aZ!R9j@ibz@HfrH2nt{W#GNjOa;aRz5$%920g5&D!79Z#$9%{5C45 zQw{7@(~|=t??tS!}pbB@EMV!AH4w&%gYpbBX{J8JJAqblF2{f4pbs zpZ!vNfKvff&4*I$#m6RJ(&E~9$8>W9!pfGv9sHiGkwbP-2{g`EJ2;F~Z)twL^gg46 zC!Ovxa56-qaGwxlzVw0npTxBPi3e2w*O_#1vUjmJrZYFSqcgWRw>NfiGWow8?!!gv zdRGAFyXOB_tp0DmXZ+3C#opG=$kx=-gxD)H|=&T0DPsT?SS?^y|%F14l`0NlSBgGwZp^BINn;3m7QcrJJommph#S znYlVU9!3sfaG0*SUa3#t-XwJVD?-dTz*At^h>rQSwefxj6o;lcFzVRtxK5;vC1g_r zu6_}|>IX)$>x?EToMnDII*1)}6~3g{ePu_Yuql-FNouZn7z)#HDSoJaoiq}f;(R%$ zE7)$A$%hWN2I8K3x4y){L`)Oae#N(@n=BL7jFKdNsYl`~wU9p=KU_=7)gcT~xj^Q6 zqKp*HAa)|@AQR_I@Y)y`ZHb9H4kP+>y2C?I1 z$5MW5q|u3a6XnlTlj<0g!)5>q)qn8ddHxitIFr(U3e^CvK~*QR9EXon(ppN+xFG+? z-zkpj3%Nu@@N1mMVCKXWRnoW+_j-vdX2?p7`^stDH8HN9vuGa&h`VuJzOy7}X=Sfl z@r9GoRXOaRG|~Js;orqJp~*Jc;W~tnMi{NC<}1rJjhG>&Lxx}1uOujdt}cg;oP28fJf{L)l4wmv~hfEs~Ag2hvf09&CU=Rr54}r zIiD7)hNXb-Y`9%TLfs0Nef>(Y%tvaANz1(;cE;`~T$(C!Mi?mhF4cJcCk3f7KY_(4 z1$Nl>pj#ZPC*3(uP{;<}-2)(S=$rt^zM32=E^}^KW%L^Nyq4bp&MwzbI%_ZaBsKXe zBmJmlahkW33y%^4y<+NP<-%YiKG0m*J9Z_PaUHbz{oAF0>qhFBGp(pfdq3h)p&iHB z;j9C1L*K+mEx;Sa)lX2w*xhsOMs`+?J@%2s;~PQVLu{zK6VF<25kVL4!S#3{ew?-3 zI{n#bL;@)kuh_ir_{^3^Th4|C#auB^}1hI0!tabPU_{Nv#CPbL21#*{;tsf;hl^S!D1A zQlVajj@27dnahF>C9F;{5(k*jX#pX)=rN`SJdJBWy-jYp)Et^`#CAG=NuSJtdd7ts z5jCJwzTwk0d){2BY12+*YYaZ6yx^5;Ry=LYB-N}@C2=D~cLJvxJV-#t$YSLIp^aRK z%OL4zro9mMPKwY#_HAIRI45x>P!;uND(*dNNZnNUw=?~h2imw2ep#ZCwqT=dp+xvy z<7_gm9VxrS#nPb%7`wegW_gV<+Mpp6@+ggJfd4r!=DWWM z%oQm{jxF{c4Ro<*q6ynk0UB2fd1a~wR7!^giRG6W3ml_&ae(;cZm1eH}9!wxJTI zIV{{)G?Z72mC7mHL=T8BmLa!IpfFAC$ZJ&2P3O5XyRM%J!UdV3(KroE#-=oPQ$e#> zzKy_ol$<DQk0fFkvow_{Rct}i+IJBF^>BpUFB&jXy9rYmX z^RV@7tqiyP4>9e|LznG?Mqp}9otspDdjgYJf2)x42pUVCigREb2w`SxZzqEDnc zm?62-X?S&zb1uRi#*ek&OTNYH$=BE#sUm2Uc!c~<^!-aM=4mk-?+OG2lm+;Z{IBS1 zZ(>SkZ$@WqZ)ft&*oEHKL`@YO2zV28R!1+22?mrH3CPQUSl5|q>Y^51`3RIaqy`6k z6aLqD!nTAYs`4Zn%S1tfly1H|m~DHrkl5C|@Ip4gYYwg0x8g_h?P~Ku+0~<2?dOB> zQPX8U!Cvn#8_Sqj-KVWJCN?dowH+^IiAnob(>`TXprd$-!#QG(Z zC&e+;5+hOJZm+zih^dt7vmMPaqH@ACzaUP(OHZD=k7DttEGDH^Hk-Cu_baPu)63+u zu-9H_TPDFFpXSJlS&9yyGNWc{0p)1$h7k6$nD#>17E!MXBwnpz0gL-uv%UZ;@s?-W zKBLm4m^LH(i{PYA2s7TKM~*XVfxO76N$Qsb+7|1f;>VE*;q`jrog%cG;3249r;hkX z>wLxjtgfz>H*36b&2sn(V6U^$;N@j>>tyTc(lPXark;$3H6RT$(tT7ELl|Ad;lwYN(j0+O_J!iY7@JH+NOqN*Dz2#dAXd#oQ#u9Lcn3 z#;yqbniz75l;o$k`~3F4o9dIjz45cw4ii(x)n{<3rgjRmHR_DUz0>5b(qL5~s`8Es zHIFWjgn%Xn1t<%Jjfz=$T{#>9w%v&~L%N7LjVfHd#;OO!rkEg@Ug(QDbaw&-ot1w- z+$@?C30-Sb6Nv^hZ!UaT-htPT`PW$osBB8xRd-IT-3Iq25_dGy3T7hKxA`&@%;f%F z^wu+MPjLPn5UUE^egfWF!SPpmV1|rlussR=u?*x_U`=M0iOKE^zTZAB$5L;q(9TFM z)Qd(AyElwY!e_DvVf_`Vmti7OR(e2!#VKl}SW!kAR>fvbZW_P312vv#4kU=rl6D=~ zgJgGa3SpgFkW3`sHw`}^bWq1wz0=;&db%L zYLQoQ+i3ealRsz5bUQz@p&-_htq9dBae{iQk{o5 z9#%_vOh}*$;&=tyk)~b04R~@93Vw(=zh=0Y25UTyqrW4tiCnj3dN7^ZI>5VX&T8J@ zH|iU+h8gFIy-R65KQ04%dc3iYq&BfxX9H+u{{xXMQpLzl(^md<>~_R}izJ%e7*yx} z@L)jDl~DKYqCI_!pPPW5Ir^hs&{9GG+#^u?7ub8xpU~Q|*b}B>u#mA9ebt~#dfk_G zcUl+>1au3+x2x%87HMy6bGcr6G`8#tM~5n5_hB%~L3ycVLT5{!&WY<*D03+ ze?({VI!t~TmfCE5A(U{>&1Y5OvOEc>u%eU@ESNY)x<>Uh;L9y96RJNcD)&Fqv2i>w zU=x)&T40hVDJQ3;7EK7Z1lbV^U{FxptdBdlZ7vP+A)_rwKQBb)QD!Kf=0;5@#B_DS zQNbI{R{wMzm)0WEG=$YZ0m`JUIw>+WjYN9mMCgCwvg@3EG}xa@@Jkt_6gg++f-nCi zHx}5{c%zw|Hv%00G~@vVonaKtDK5{e1e3T6WDK@$I_UexXBES)X{wt0##gwa-geql zKL6(0cMD=DqHjzCae_vU+nV_Unt+1i#3`+Im^0`^t=n?^20stA-L%Ue1}cn+c)QRa zhdeqIP5LOEdk9!2c{N?Xls`}Q)}Cy_G5%br#K6A zIEl1K=#A4Bo$s4ffa>$2{QR)A_z zFsIDM!kh-1weG%FK@+`%V6wRYNtoRZ;x4!@D5cw%u)OvY_kT0VX~Exh*f+%;Hu)$R zuWg6EAowO*qEVVJb`|y2f=$l8HufuUx4@Toj7akuRFOE4j4lFsxBDH4vV+1SHU7tW zJ*WH!vM^{4uQ+3=3@H~_hqL4~ETarUmM@Mg9Edw_>7eBDh4w72j9{Jwqxoy@q~*vB zZ0)y>d;6B-_cbXz;mCK+ss)cDMwOpLKXapTlRK@+x6iLG+u3xiE?PZq-mZpexbZDL}Lu72zIkz>+6C$)O64r1oG(ReV4`)^GAAL#RkgFE$ zVEYvp`)+A?ip0e|3-tQ{4T=*pfVm60hiS7jSV=bjffdWP`v_MfB}oI;gN5zMBUP1^ zBkB?ge@@sf_9KXmA2Xu`5K_$cNbHsF(XVTWY2wWr5j020!~L}ZHJF)eFl+8B?~Q#3 zbD%!smmA_qjUNco858LAyPGBc`RJ)}lq%d>;4m)xk4PS<-7EgVNBbDHU`E~rsbCHi zM!+0t>`8|ay>3Ht+Sfdci@7eYhW+*d!JBk0(F|iwo%s#49;QpuAtFS6ySgw+`IZ0>f57xRMqX<@BjE;_QP6x&pE$2WvtFQOMM3d>D3Vve@R6L_Sv_nhcIYArsTjc zR*3Qq#r3xF6vto~cW7+yR7GG!0NI!>KP;0y&ZQ0|=~9ueii=?Eh!vrjs8#28gZ`u^3nOcEEt+Un67rL254x3o#dTf zM%os~Iu*)zoA)&T{)2n#Mi`Bo;-7E1@66NTce%x9Ip$@dUMc3)9dlS;+_}#|eoiI( zb~I|Mjjv^!T|UR3h!Ww_v>=(VMEA%)T3FM`V($TVmj}TK zGnigpj)x-UUCst~PL7_jGJyW&^d@l4k!5owcJ`y=U-}-ROCB#*zhBr- zvF~!Q?~@2>4#^YCF2YYLkaZN?*vKl4lTpvPXq5wBhFL;l&E9 z|JTc^6h^Sd?(apF59j}sudx50Td)5Arse6onEvN<_Lb)ULgrPq!YCb2TJo1({37$X zivo3jRagUDG_69LUu0gAicQ)7K<4$43RdM?HyAM{Xb{EE@xBalXIix#tT|HNqc{;x zh2FHi_yU|(8dZ##SQ)Y$B~VyqCg_ySQ(mc9B7cy$5+TvS$`___n$?=^ht$ggJ)~)Zcu$;6N*ltL9)q5i9Z=7NSz2Fc z!QUw?r`@qBMe@lODec51l6rh3Fn$f0r3q&&gX}6c>`FQ{B0n;Rt^}2N*G)U{8mWth z$|`nEkJlY~tI~lE@^k!!87Bad=~~XyNt1%`igK57W-oSD82Y1y^^PJ)zL%WI!)P+- z)3{SBh2?m|!-Fy^!N=eYMrkB=i$&QjG>(*#Fjn;DmLBex zm6$NDfu$rRB8LgdBM6A7jKunTre z{I14~>Nt@t;UMNH=1Eu*s#&E?MA5#5=vGs^u#ik;#x*YX@Z>PbwuD#JnY$M0=~-MJ z2Fxyth2Skq!A}-5O&NUvxiaV)zyJBR4tSTec+tbDAfgr~3jSTr)~0btGgDc%Guc#- zPp%QIv|Hohc7r8IIc(=C+y_A@NS`T% zWy2o+v0(BqoFd|F){$vHXVR{GZi!rPCDjbSCD+U>4@t<~-?%2g7-vV`^+O!oMV+E#l}J@qp6enO(c zd)V#0$;n}5wna{wN?gs8f67hKpid9n4z}sq!rjlWjAebRD}Lg$yvPakp-hRFwI_B6 z+HPu=Sayol_@BdWcCqC+((ad(7B>!hWDQvva*WI&imqDg;WpVVa4_y}?;1WELO<7O z|Jmv8+2YN>Q)#tH?rRtmOB4rHs3$q}oVoiCf?xc(P35`t4RN#-dsfH_Ofx3ZsGASh@DrjD^N8rhz^T+c7Otsz)T208K+`I*OE?hyW$eZCx% z+R+2u;@5Hq!0=vmB{rufPWxXcM(gUTqBJr9fUhqA!2dU{`F~9e8%sM^kN-X_bgh-K zIh($1exR-{C-NArM=_k(>^=4Q5QH_>8p8%nl(o&}6Ai^$RWau{oCj`8UvJ8~NM}ay z#)OT4Y;r35b&A!b&;8zsEG=5r=hP!_b&etVJ1W++wOvOw*fVy+j9B6}MlzVmZ;iEI zd0aLGk>Z0H8qYP(ML4$O+ozEBjtHX*P6w9V_S3zVO#JT|kOJr2YH-br0EK&)u=`^F(Qk^OF&U z%2zUYm^Y&#ph0T)qr+f3aZK)0Ya%bS}P4K7CoyDN+q}qFv|5Eo+?!)0F z4EOQJsPE-HTz1s3IUm=L8MXnuzqCK`A06ygzylEUkU%4fYzJ}JU|{WA(J-DP8&s|5 zsc`&yN;op&L5x^`ezXY>BVq&YQc@j9&@doF&?Hv z;LV$CO!^Sy7gFHo29h8WG`xLK`G|dcaJu2&F{8mdr0`jM#MIMO_kTCz4ZM}WkB&m8 zNmTtK5MbmTjRNgjnEJHlC}0yQr!Rwx^wIT`CQzGM0@6bW&2o_b5S>FHP6ym0KG1q9twO55{a?41;vwRxUs(TuS5F zXwwGNcO$Wi_RAN-7TLP}B6{l!;cd!maUGaVw5%4fqGKTstZs= z^7l2j2qYcnzu9EY2n9T?a|tE2D5eyuRgmc=Kl?Q+ZR8p~s}g5QvV|06`4p5xl>^3j zFSi|%R|KA&HKSZ-K|$uZ4-^tY;o__KjWfQ_$<=~4N5a(# z+=8{-m*jtYA?5SQTN1`3PmR?p%;i>{9J}8c=H7F0m=D-CxDz-%m~XEvS>TM2|13DL zC-nM3Z)dD)c9$uFNeMGDsY*5qm>UB4M!*d!nqVc4y)9cX8QYHqyf`snzaUZ1RJo4x z;#FCSfw9!-#&7vCi2_CnzBhfBvIe>?Lu;nWm)_NQ(&HuA)Oy-b0;$Ls+HGQ>dYVUT zpp^@B=~=g6tgD{@uY+)t4F#yIuY)}h(t>ZE_3TWb%8(1%ud+uDuSyzpmG-_h?a1io zK)y`Jjg<=citX+Lx^x<~HMl$5Y65$tv8`ag366gV`nUjxbzmt{5VgQmP-C|3iV<+4 zLAn52PuZQE!^;B8u(;3PQtPIe_Gh;Pc~766gL>de!q`O&jj*Qp90bivJ{e49O#$}v zeH@u8J}lv#b*ScNN$FSCnCVF_m8}DBn3Z*+4aIkf9j=We@(9(Bi#2BLf8Ha3f_Em) zn3YV>SpHa>C%yXbXXa$r?S-C9YzPrs!g`JMy~xR_x!3A_ytFD^zw6G{!;Km(K6J5| z#M@{!6nYi=K(zMF^&>Vjje+cOth#O~xPapiFRS4Cz=e7G9!IOP>b>tc0Y58*MWb;2 z3!umNlNezN2tJN`4m#}rw24B1J2p7pm9H@<0Nr4Ko4-~v3fQ90VS=AP^w@(lbbYV{5rbWumRobpjvU4UDQ)ws;{HPwBc>Ll;}_B^nXUMZ?-YRDW1f zyOit%0~8<{;UAt!AwWa(DbdcvlgbPgL};2O&WTw+`#7Wm0r$ollBZx{;jJht8$yKl zGSeIi7Bn-9Q!jny+HxD@LY@Z=c828)O>m5;LGp)LROBhYsJ}@05RKO^9h1voFintH)F5uNb{LD13 z8aY_H;3;%J3#BBjs(p@07Z{~xo+(NGf*L=4-gNd3H|r*x2n1pxtW+@|qkxtN0DsaS z%hBQkv1AT_3U{7!+O|hsb~fJ${UnaAIIRLwY$|xr0q|QTVc03ky=}gy5e!GFU4Z!S z0V^qe^!;8m*nMaPmPL7KGnh0&V39q>m+pN+z;#pvAT*M{33-ol zD-vOnqTpg|bZ4e?R#Zq$h{hSH+Mn3vO5(^&6vrdvUc`E&^>TP~Sj_yc{I z2@nmCugF(ui7iGE&SKa(zv&MgRzO@Y37jf1|34`j%~}OgeV-idY=J#NbgN1w&@ltJ zDKzCA#%s(w+jw2jz%_&8w5lj})1c&hGm0=lx+ZW2V2``fmtz-z)zNS;8DL*0Vq*2m zbLx`DTRTCoiBu^vUI2V}ZnMLH#r-W)*Z@kK^khS&-Ns?0}N!|8^Z zzX4TtFv@O`uocs)8wo)ifaR3tA{~+Kmo1?<0P^yj-0fTt zyV$QD1)GT`;W@E@9E_eoi{ruxI5%of=>!5@DV0R^`(h=r(jF5@_gLe{`{I!ccJFX5 zrKcw+i~LCX4IXslIjW)Am8vVR1u2uWk}N?LIUsA3#-&%9yR>ncm*{i~R1Ra|#So^x zYj$F*p1ishBxPUpuo$~y9QVm(O~xml9W#5WKM{aCV<2JJ{ba)qD57i6r3B)OPwHI& z^$>P=mV4~w<5$mbojn5Yx>P%0jCM5ImZBhd;rfb^1-#Us0_pgdqCeOKbgbVuU|aG}>Wj_d+>#xjLFgW`c96 zPn74}`hBRIz=M|t5j#Whx2|GQb^1_!fXHT4g1TJ}=QE}=gZUj7LcY*PakeCji0Q>* zV+*{|!tCJ6(lU5Nb``B|^?Ypn$dm~vYgz-CgjAGTH09T;$$8SBLhfO?_o;dQ1>IGu zg7u6c9W}U5w!;qamDsl9?gUj&%EmJYh}?ZNmhE}9Efv*>?X#^V#U-hzvnyG(5v>w6 z0rfqZO$|yzvjUji`Txjk<;jN`kB#C^Qn`DDFN20c5LAwqaCMeZpn#v9iZw=lhY z2CPe=iFQ^SWwVfl6Ck)DaNHJgu^I}Z(AbKxd(_MaR~klBTJeb{!U!kJG6GV;W8${T zErYLk1`Zk;fso-7uM|@Ugk@z6A_&I8#sO9rm{E+J*%3Ezc+rv9=(~@zu*A2*TF0(@P^xuu} z*I(bA-PdIJbNO?*YUXy4(COP@pA`w~stH!~K5IcP_np>LZ(Rc74(1<)i3Rd+)Id1q zPXp{|4EK0EKRS$bCJJV#Ee&Y{7~{JC?$`p^XFlAt$8qJAXTp1D zo9!zsm`rnS{9AT1#bk_^L9OZ&amKbCo>Mb(4OZ~f6)*Rq)xA)yr4uWG>=p9IM{!=h z9<*NE-M{0uDsPzOjklt9(7`uuchY1#4YvaDU%~_OzD{saU4sU*#AcdklPFN=)4t7+ z+k8cvECwI1HLBNLWV@yXD}_RAlhi(JnZk^i-W||+*ksOQKtN64a=d`b1i;xY^G#CV zsyvPEG_{`B!D_DyjU4^9qRL)T<%xcH5No`A1{eYMK@MDD4zPVa2ac{1<6!+#Me%a) z0XRdzIvgxp+}t+NSqEd~V#ahnW7msvlsMq(?ce@mP7t^MVgXiMQG(pQpCSE}D>bL2nXQ$u zQ%Vm-YV(>(EI;rVJjirpF6rJ)RU7z+DpMibP``2)qV2|Z?7nAJ?qs z?5Jc?3@U@M3<#p>_7xQklZ^Su28++fR{;K!LKgJ*adRL{i zxxuz@J~z+OT7~o$|Jv-9*vHDZ^GSla9MPXZCG)|7>1zgTLy+7M#t3~o)QUu&F^*tp z>gK}pc%!%|6I|rwKE%_%irnqN#ZP8D9|bqp*O)R>yMPl-kIQ_EjBO+TUA_XBXb%0dx8MsjL&G9Y%j;=u^lwoRmur zWK`gHAMZ$zd)gKuZWAT9gbY9N2?Eu*(*2}-rFpQruVK9|HjkErb;)y7xT3c&Q^J0E zo_9*cA3YRebSobMB4NQ9%<)M=cIdOu;If)W`zx$te+g1*$LV@uQ;@SGjw(QAJ@yijuPcTE;qCs=_C_O@$202`on`}x30_uZw<;eG2u23 z1!V^r-izCvf9Q-3b>U^|AI+4YW~KC~-})jTUh-yE&`qscd_B~)Z^AozHDndg63oUs zmgHyEd%0Yi#Ea(OR8YCoWMG9jkENH9VIioMjj|+?S;PKeJrQS%SjYsP7PHOS`(^?D zSMl-PHHb;B;lECI(ZBVq4Sf=O3A_1H*N5OHbsVT!u^oT@yhNPcxDY28<1IfQ*gx=7?t>ptN_f3yVodHXH%>5JR28EBXtgDLTI9Y2A5&#pET+ZhmlzBX_QrE$Ni z@FnFzgvQI;fgcG`sYNSOzlk{#q&v9`TZHGhV8 z@Ft-DBbpsu^uUjGpT9p8s980#+4W<@-y{)pt6d=K;oZ>&wVyxS7S^tl!P(An`NR(K zqO%lg9YNL$Wtm1d+#f6%f*p__{aBV#BaF!Db~?MqA1KQ!zayTdKbskzkZT3tr2gao zpB-2xjVcRm-~a&qzgiB_|F45d-`>IHKLN7-hk(O@^o{cq#R&{85lD=GZH)G|@7&lm z+B!=p*QS9Iot8$CiJiHeq=K_o`155(aX!*`*tw(kZVC<3Na6H44UIo5Gj;+DkWpz= zCED8P(DxUC`afhFat6vPDNAHni&bhwXG;&D5}9_eXk~KH=(~fyn0@rxU)0Vw>K8Il z7Q^G8u!9#8qbezlCRz#80u~%o2;how&fBsKbhMD+tF>R@CWg}{M7P7YJ0-&8^W3zY zv;ZUw8p=ny3pr2|JoCGznwDDLtX`z&5BWJb(D)q-8h87cXjV4;!jGOokIv)aiG zKr==PO9q`r6MlU$VbqS17~k6Xl5exWKDhdKZO7F2XNPA08LqVL;bPx1c><&aN6R)f<=f}LJ#cQNDO^Wz=6MV3y&W$38lwx zZGih{9Z)WHtU}7mXIB|HE_M@{qs6xH5v|xk>z#MA6Dnt7p=)Wj&?vK)(F>vKv|`1L zV9mG*!eK^-NK;?7w&i<_ONfgeLx2b0Vbprg()Q8Pcu~x)jB@x7zh>(c^*caUmVc^t z@f5JS$lT4>ugU@kt)ph7F~J#qfb5zsG<(GnjMgWi&6Zt9-qfHRnsxjkkL z|CJDm#I$BKdU>gw=Jd}e#&y@z+(71W>+*dSW`sx{FO%%Bi`(cwwAr0s(ZI1BMS0cY71V-e9xVc7C8>NI(+aIeVi4! zu5&y(evae{r>YZ+QR&X(@jPOzj+)jk5TT>cH(G}|z+QiwzeZv)!hzZ&Oi3%mO!7c+ zkpZej(yJYGa30H$kRa_RQysK%RFCQeM2$iSc#6%5w^6j7b`;ItR3|IoG5^e$FC!s7 zgIK9|RSiG2pI)0mcW*9!ek+b%taLor|2W+ZRvHm9aZSu_z_9Vm(c=|wj@$K~6bsJF zxqpO^K-Wd%4z))xs3lIS5(P&0zsgn?2N6|hxpC*J3W^pgh*34_0kn97sXlfrAnK`6 zQafuG@h=R62VXwK#E7@FIG=R8#q^oM^Q^-I_@BxYDT>0StKSm0SwzNFMmVcrmX=kR zXY*-ZI*g3TQFLFtU9yL)0dXMVLr*}FxI_+opt4yG*Rb*|(fD#%?KC5M1kF)Jrn$1nYES@eX30P#Cp* z4DsZ{MXYg1k-}|aO{ zPRvoVWDiO)?62f9S8jwlewpDc4`40Tb@+-v6{$DAWbmrFZDjtAAvt&{%L&u!pYxGs z7j_y}w^$t2O~Dw+=tE$Y>a}DY+OJN|@!S6RNF093jjj&QB1c!ja?+>@Y1_TB+2X=L z^*Q@sMzrMWVvCg*LCN7JgCa)UDG=hPp<41b@8~HO&0FwTi_5QwF1(0p54u%Zw7UUDE^Gm8QA+Uh}WoGS8p5x|JgL@3<&J&dQ6nV3E6M z0jF2~#L%R-XV2RF+@IrU`+oGMojJz`^^M%kN159XWf8w#i5d19RFZ? zIWi6kkHd?MIQ)yjT>Z)d=3c|*2Ct^Bajpc$qNpj@?ywy!)wgxyzf{eUZKJZ$D9inc z6Hp@bnAPFF&>)HdWkAiy0we-d~;P*;kc5ub882XAm^he)p@k0p@$O?D%C?I`(_NMj zvGSnX>%g~SF}gu3kuiQYqkYh*kwu7^1s+`&LB*y`r=Gf24-%zn(>WFzv(fpFFe^;N zxtJIcJCT_w9`p>2#29G2Lq#6UMx79Lh0`O84p47EPnQm{tp*kaHDQ0_ntN_}Qh%zP?9 z^E5>R*0i)T>BFbXhif~~NXXJgtvV>K()z4C>N}+Y;_q^vMxEJmU)Ia+e7NwF62i~E z`t195o5JsQc0Anpd-9sLxY;^#b!BhL+L(PlrbnCh*6Dw7WeJcT&|bsN1rtF1DgPu9 zx!Yz!*Mkx$;3rUsk|JXaw0ddYl1@<)muOWg7Nn|1Gu^T0m&30+ zDs@pl3segIt3mD|L{GsX#vD>!w39Q-hj#`HmA`TKh#Dj9P*zLnthUU$(Rqc<8V-+wp? zm>Kp`YT83vt>+JBE@v3@GQpeO93tWv$V6*h<|Nkr8s}@Oj2MjUgVPKV3jdiUzmB@O z?1q(FFUMv$@mutG9%e=Tw}IIa-XKi@f777{wS_<5z>G1b*Q}np#hJ?m^d8Silow8t z;@chahZr@QG8a)wLw;EJ#9us@W0F0cCcR=v0Xxjt$Gbw|jFsEp3tx}baESA%%3e4v z5ieFPlp-nb7JAM!Xdi=q&cIBBIxSRRgyxMGY3GkP4lg`YwlVr2>|VroVqSh}JV~eH z>w=%8uLK^pnBHpbV`@}hC|+?mvrpkz0}reXSgbzvNB~l&4Uf9NdF@NIKc>Q~j{qK| z2c}UN9R#@dmTOfkJ@_p2@9p@FdYN5}VOc^#RgV=+v7QvX^!FpaqfC;e>SpM>xk}Fu zKG1pQ-`)-ht}?6WlRz`ZN38-FKI_9A}k40i@ZD4w-C9F?6r{pjtekg9Q;0OLJ zqtN$jL-y9l4ON{w9GV46rRrak-+~C2i>^v{1^(PN- z`~9R=jJP+x?ey;2mvZ1u(Na0)*sJrz>)n@DAVaPdUs>nc*{JiLc|Y;{T^XRbXKQ-6 z#BYkFj`hB!SB&z(PDeT@c_T1M_q`WAW)-61x9M0Nu@Y!2GQ)nt$@U zK+TFw*KHRh#-0RH=wsm?#MQD;jA%cuK?Bl4rQne5-##VLIs{Um^k`0T?72!}(PC`S z(n?gV61A*k?Q3#rXNTvRkAa#qC_ydFee5!LpWhGXewW~VEASeZaF1kqT?-#F?qhQI z6*whd_WWZquC|&$%EM}O8)fX5>Hxk=4}y?e0um0K#ZE-qHe6cQ6@u=$avu0{-pB47yyfzG8u$@%_-d0oe@biJK zdOL}5MHg6FVnFW3VpL=arQY5*g&an4r=WXe=5^$GixeRiTgGp5Wy z^4r3`HNjP05Tt!Gq$Rl0O~<{KnJ}pya{0u7c{6+G5Y~GzvvY0<0f|g0ds{PN z7zQE$Il7Z;=v}^YH?P$Fj+Gr@WQ_xyC(z3a#QN7YQ@6}8{(aa8fVQ-s54buvDkglid%nOxkAr#04$G> zOZ%B(oMk>PyZ=NkYc?>R-uiTd#P)^vxWwZ`)6NEFL-`?tkpjsUIgzwRVgwTH?S`GXSdVr??r-<%cf$H#2M!!K ze7JD>O`j#Rn5)nQRT?ql5xLQv4#RvL#M^b_u1Ku#hUP7aC%JZ>gl%KV{ksfGf}L0# z^zY0RypQNHr4Yc6fn6h9l6sk>l`l+9olwYZ4s{v`RA~}$JfX&dTh7CDx_A_1KotH+ zp92s&bLE0jmAC^V;`lz;_*<9~6F8HI{k3|DaU4;iL-T5t=AI7DTshnD;g%tf<}+)d zjIA_#ZR>NB9@-nBdlY96!tv4PXT2e6kL4D{Kcn zBts0VM3Z4%Mie>~S`5$%eLw!>X8yqeTH0ps!uARFL&jTNF=^*h?4KF3Hpv`{X-IkU!x7R z6&(g*V0TjOp)#C7^p${qWc|+Ow#m&K1dHuI6?H^;BYX<6{OW(xV8&b1M>M`GOthua zeUl~Q!s-A!l-e?y<@UTa6)*?}*po<841WdbG$*ZrA=x9nj8O`M(4q$p*AIt|sMt{h z(dCYg*HfKn$S4TRa6*d`decRQ%d!=5DsO2p?XWiOx_D)P((fdTYq@m6Y7A~hwiOL( z_R4wXAvZ3{4FUYcha;0!%pmDHDr<`}>7h!K9E6+I6|^&>@ob?(tjcXM5!Y z$X=H~d4Y$mD_+Jjs(chjkF?K=0)y_b$89{rLFbcrEe4v$ofzt0C)G>bLP3PcFH(Ng z6yfv%$G4!&%NQJI<@TI}C%Fsc(yHq|XGD9P6Z@Nz1m%HGSdvMt{>xl3Au6G1N`br0 zAz!LDHnjm@EH=^-25?OP#5#Ej72R&x?;kr6B>z1Vo;H{<;Aub{z_s>hi;h&{XcK_^ z{_Uf`KuUVv{jGyhQ50<8Y^GT}TUe8PZbkqoMX(2nvzNl=L7P5}v8uLJN~Dn$w_Y$a zXi8xD<8m)zPNm(KzSqtp&cNf!?;p5U>X^k?)?$03 z%;KMGn%H&|**w$dC@N|(EKJAJ+>w>D^b%~2M4a%-fH{eBo6RaiFA`TWNxwOTSZ)g3 z&cv?;BY#JQh@0Q_W*gjPqe8)(&pn7l$dyt&@5M|Ou9znfC3hvpkv$P`BdwDl=1V2B zr<#H2?G&N~qL_JC1R1k)j?@FCw0pWTe-BN}~zax(Ij?uv4 z)NFR12G>8VrjESv-Dp@D!}c#wHqXp;4f5HW4*8Fa59A0^m?w^ zs%0cnwR8EFr$;E=i*#83A%{x=quXI3h_K@rVQb&QFt1Rd3ZBe$eHsh!u+(=JOrR{d z)EOOkCaOA)^#e7-l8=cvx?>a9HhwW3Z175V+h`}sIF_#YkY`mCz}6=5nkmY_Ni$+^ zT6y?ko^7fQuojth2k`fDDXrJ;>z7CLEH&22; z1c^VE0-f(HF@x>JM-A{Q8Y@ z$OhmsNr5{x7{#y#j7R_gx<9mK|A;WcuF~E@nGl)>{kPTyyGqJ9wrORYp&ogkjnN6y zy1u@Qbbt|7xmX?5g!NWA41?`7Cbx}AYuT-?SjJ^b{8*yw$Z>Cj*%RU|Mc;%z z`q;UU_glf=_WqB1J=!d(AZmR!ChLGjy0R3jk>WTtS^3Vq=QZLzPvvcY740h=qc-bV z(u$dtnnuALum()(j5%*F!)ae#)`Zt5!x(sntZ@d@qN@JPVw>6_W$H7YuH}C>+^!n* zfqj&LJjdf&XGMOPR{^rae`SBqQIAXa*jc743l()8-cRz>CUGa7Og(I^V~5dD-!849 zcfmIi>kP?rn!hG^7tQ;E+UW*vs5;7_%3BCaZ!m+hp}BQhkNQ$%aTu*VabN_~YdXdY zbJbp5u#n7b4V%>SgCLWq8JAzgtUv3={kh#Zu5_*7&)R{b;Iy^KB$sk5=?Oh&9X$o; z#U@n>fJ2{QZV*6-s`J%fG*%3|Vg6dF?sIpgJp1i;Px~6vP$6W}SOnFGTEN9ZmoPZR zaxJi}7mJWUA@oY9mbG0aQvc_zQOY{YHIgd5x#)N%tijz2i#{xn3}-&ozfRbD>V`wB zXdqcAxaGsM?z)UI;V3mZt(AF;kQUkIv0uS4n6s=VtT~(qx;{8SjqS!~PIy&RAVLh-GErJ>xFXW?rJbGz^5=3`4phocm|x9YNseNfk=}TTn^wKI z=1!-8tg)e3b{kEZ-Qm^Kwyuyhg-2xV2z2Jcw%t=R(uVir$P%h8rdB(GMFCXxGx!s*4a>Dca z78xFQRPu*)Q>cDd0&eYhB@S-}b}+wqY!yHF5~%tfeLN5KI*d%6SXop2)1<_)05=3< zu$l5qL=^G9XG1JI0FYE$I9$Rp4(Vdnd072`RaI$(-8{ zp2XW`+`m@KsW|({r)9$c9~XukH5^qsZG)wI zG_RoSNA~G7e-AV2Mw;Rc5CA3m3JkIv8u5-}m--H)(7p7(D&6kf5FIOyZ?94A$%bW`@ zUVCyqA8+Jw;&wB90ik~E9P=kc=NiZ}f!7Z1$sAw|_fOFzCP)WUpi+X2$Y`2HU+2Mn zSKd3x--SW_tXmW6%q?rV1=B=VMpLmQBVDP1YRt`m;`%dP1G>pGJ-xh#&F2(25 zv8+}VnlAIEYs}+mc2b95u7QL~cBtI5r&f;W3pJM(AqkK%h@TzO+%_C6bn@@7M;d^Y z4SBg+k4MH);7@JEqfcVlJ>|upXo+6p;RwL*XY{&_Z@|>|S{b$eFj`ocA0zs%bXU^j~y#4a4WZI}toMWqf zd?k>`kfc^0XN9J+Wd~-+rxyX69Y$aquIM_M$kU_BMl?aihW{lm%%X2Kr^O*uU7Ck} zLFgBwnS{=}3e1-`kI+z?X7{9Fm{!u}6AV!IP&wVQ25PC5Pl$PuMDU`aS5%6urTu$GofONjxq z$*wbR8reU~aCcnFjtXsp-X1iE#sB4g<0#wPGyAEi0|kz_&QE|nHGT%}H(oN-RYG1K zp6K>021})B(Cmw*n};CA5?h_`%*l32RWq$hBKbmWuxcF z#T}5RgvpHCD||)(CET0{2b$3_OLK#e~dM$_OIM=Rizya z@Y~wM4@Mr^ezv&cT&Y%oB>sdU=HFsWOwKc71~l#6eBf<0P)g)?bHWo_k=ML^%&uL! zT>Ma(MtYtn$oX!+*Z{`OsMtG44IobxNUfsAUhhEqg|)Cl%?~aJ`j!Vd(I-0NG$|!S zF>+m%-h2^_k$|AjDE30{|ENU|4eb3&^enrxmg;U z{%`h*qOAO(08GzZUHvd@MdWbckQC=78iGY2k-WX`m*kmZ3h$izgsu=@z1yT&}RtNH3hd}p2-mC=i{F@>zq z$5dn8^c31m#}V{oAW-f06L(lT&{nd6@;F#D-yAO$?C-14|K%6I0G|IBWb>aa zAgOAy&Rc8s*s%Jt7bPC6Pn;q9DBfl?G|A^*iS~lpj+UMzZ z>+G&qv%A;_Jha+Gu%e;| z-8-b`J4#GZY`(y<)=yGP|Q5c>T)k0@u2e`p+lKOWH#h@J|(1&0qRxoiGhp6evR(7kh^f${V5- zw?{I0Seps8ZZ?7*GOQArbxO`G^GKt>0oT(5pNcqMT2d~fquqnMYMWMnVEMj2E zJQ`#5xMrHHI+jx-P?d$(q@(3wr7FcLgf@HoG|(DvS=Q_3wG?SlDI9j5lf2JXkI%5* zP!;c#>c-7cg4P9z*5F^VVs$!PVi4tq?2wBqf3DwP*0a~VpbMkz5${{tx9Id(?WcbR zpB=%pvjip61gkR_dMwBqz{+<* zb0Up-wwYlcSkWWCJq_t^Iz1}%a>KS5T!o6M!ULl@cOnPgHgV+5BqfqhRHCzNs?SjN z>U#4#X||aEjXL-u^PjpT{!^*hdoa5|V-d@&^j%rZ4%s^BQj`>TY%h~bW?Yt}KFSoI zbo}7f^kYfhsu2ke!vXfm6zv6j;K5(_e*c8ZwJ33^7-dE`ZZAc{qby3Ix%p;`fpmcR z>Y$nTJ4M5-_{ZetM>zIIVBZZpN~>#F!dPD+=K?dm0ja*}paJLathF?hkGI)A7s|6^ zsoFrA75iAm2gos2vhT5VWclLV3iF6UTfIPiuw@iv&icT1cNo->m8jN$xh@(voLT<_ zs#|F@Q<0_Xc<}0}^q%+Hg(2oZ@r`p6t!e#|TJq-&D1AW8=w}_85dC7v?|;b?V?pd< z0sIY;4nqAuY4pEgp-%q^b2qG^X#aZ@`~IRnrr|?S+nid(-SPG~CCyn}p|~{_VT1*w zn}k)+SQ8tNQQmGl3r!*#jyP~5XW;8y-FbXp?hg|t_I`<#5i{=W(uR}Y99k^Vw0 zBI%5q0V;hfk%hAoKwZiM;U?SQwCZM~D5We3b7B#uW>((U`-aPQ08ArDXR+uEx-R=K z_eLFO%8Bxenfx{O_IrySeE73=CFsy?IfF-@ZhYN;^=9wRkwzM4?|iwqZ-K>I9Pqy5 zsVaVrct(lhsV$(VtPs?Hg%>E{hoyowv>ImCG6uEm+NJ7JdXR zt*w?&JBUC$;z9^F|DMGYX@4ymJLW{f6ZV)ZraObS*MB~03|*7;_t zOt?-3HIuki->p!=GFtzu(kC9q1bfX9FIR}cwtOubf-cLZVYx%)97L6aSt^6B7>jWA zlFw;1g}TXVGcYVVUr#9;L`4%kX#); zmq`4irip|%x$ULM>e~oK@|!iR6thYxfrWMH3Jv+dKa6iXMvZ8P#NOC z>w|#k7?(L1mJ?Kf6SWyHa(x=^VwG#i0fcTK2P*Hxh&@ys-d(+R&CnkPRS#z86g z+#Rd2?!q5KfXFCYU)upYu}aR(Y01{6;`C_u?YJNuB!BD`lYsJ&0J7yJ+E>Zrn`_1` zxQ5!&=r&TTb)MeFgb8Kf^4p4 zGL82AYoc1Y3pU)YJr-!&hqCe)tCi3dXZ6i`wT)2J9Bj=j{^H@E`cpkcqr)?9!4F%k zFY%4?mpcxrzwNcHxyn(3ncR(wz6S5mzj)wsyDi zZB=~Bp*g|TUFtdN&{l~2gM7l^Emt9k(&V{z+5q_M3%@F{$ctW8;?p&mSj(YyoM_UG`K2GHjz}hVk?mf<<6B_ zA(RW5w!JO`ST<{$yc~0SK2FkhxnJT-d?%4!a@B+T^#FUnz)rLD#Ai@rcs`;3$8`6< zj|Z6lRc~)<=kj081{`Z-6iUAt*2Ta7ME~V<_#dDDkHO&g^?%N{%+`>#CvHdNmG1rB zh{hZHHFX^^^y8px20{F7MoTq|88(7fiK0a`OTuN-ZXjFx$x#<|t0bN540_G0rCT|z zR2P-!hY3M&ui^6S-UhATpiJP#E^3*uAF6`nKE1S&P||m)v8iS&sK-7Q^*^gh5U-bz z5mOVidP$abTrJaRHDfl z+CI4V?a83WyT5Ks=lv%7=Jo5!g$S|fkM*qP5d~mpHC3|Zu$3;J(V@_BDX&qffzBpo z>9jpki>ThDwnt1TOQv^~MXlc73ths{y&wSo`A1e`^J>V2Lo`lb6y{Jw0|m&Q1#iTI z6aCt{$}k{)ea3pG6chSd7xFUACHz!cqtpUy$h+OK8M9N7A=j>xGx_Vq4YJcb$pr{2??b4K;VCMppa#%f{9Qsp z?6No0ruAmXp(drn`MJBFSDNy>p9s9b)I+%5`(yjc-T9K_?j@^PeE@!hn|f{|PnuFg zt(|GwvWv^#xC_6j>1@*vi%`Ked&Aida>A;VFEm1q22&zL9Yg|noJ@}N(g9T`j|*`h z`syE}X_@y|C&MSo1AR~!tBE$Z`ai9LQ3SOXbOVdtDGg$Y}ro|l~QQav~1&k zT}UO+nB$#H$*1d&q=<gMJskW^_ZUS7gcnub?yYLSZ7YG|_`94Mcg#<DD&yq1W7K|z=OEgKq-ML zhhW#C=m+~(tsb98>7A-&WW}X5zocBOT6>3ElNU*))|WuI*GW-b_KnHbXGxqMlBsZi z5-a)(DCW?3(beeydb;uP^b{$L9@ytW&wHuU&u$x8=yS0%fuBIvXd0AbXS9Np+ryQr zVzdiwPDn{RxRv)zWh{Fm`ix@urJ%X4?j_3^78KQ$N@xjb;OK+?h+K(Pov5Cd1#D)K zN>|rRp6n~(H!*TxVA+p{7M-9uU1!Xh>fIEx@rWVkx^Re#Q{D8uTL zAM}5Sqw{e`=USl3V!|$#VaK!IDvYB+@K7UoCJc4TnLO6>6zsE;R6&lP)_@z%D1esR zcA${XW~;JzN{gVZHzpc_V~wt=1Wl7PFkC25^QCIEz>;b0h@|k7Ju03M|AcDFj?MBl zX>{Px|DiGR=9TXgMO;%4B4-g5hj1&XgFy-Dmh^9&s7yf)%bs!f#(5h*oLB*qzQo;A zGEc_2+^Efpuil}q;v2csT=0_uBFu6Yz|)O`pK0F9b@BAtFQy~dewirCBdXhMks?Id zNwI_ur-*LYh0nJr;rIEjJD2j5m@d|AnRzcf??#iRK{ec=rH$B}S-4hBV7%Sif5IRj zL><~)_983hT|g24Qo`V2fDg7<+1>X?ea_ls6LaIHl7$Wop{jJqLO`gY zjPW-R?Pj~>euLxLAu{^Bv|k0vskY=ljsmBOTbVk4H#C}?Pgz_;$op3fb#H~xIDPuV zv+k2Ogeq_)&`JiFh>j*@C+>~*Ni^$4>*&kl6M>{hBPv(Ro1($uGXDWpn4q{SrO6jI zR=>=gKOgJQ)dsBEV<)BO!HdXA-o7eA5|(wpGRarE%>Hbm z18I>Y;~eA|zY$fXws4VkgDIGql%&}yYv9g@-#X8kDt*8R%fmF{=-A8$6`=;13{Jqa0#;5+qps~ltvQBGxH8MZ^U)Hr# z5Hp4)v+&2t{XS}2jd9P%C;>XEei&xw#N^n~(Y230PUYcpWv+McoT9i ztv_MxYIrhR_}NpKN18Vd*-Va}0qNzOE3Zt&AP|ZA^R*BlDtUDXp5Uj%6 zY;d%;hUCDMNs6lDNv(&(E)JVdX`6m4HDO0XnuVmXcyJq=XxBKr4|cs3Z1JMQ(lEOz zV~hpG7;+icci>k@O&8*5*Nd8ZSA05lZZ6c4*bY`}ZKzpvP9P0xnCEA>nB?p1QID|N zBFW{X>umH$KHw4t0=;JALGt4qzH;EzBPu^%(bs4o0=h4^QCY|;`N(7MAfw=PY>#e~ zrJZ{zQTxUHboZc-kY;d*TBzdE4%;yd+p~1jrCYgM?Nxo_PF~uD+?}XVoqujSvYse% zf82-RnlRhCw0pgBzjH2KtR-x+B3X9zj4jO`@gz>ibbcoMv^xJd#_?*lPO(M&Q0{eV zbvwhlkc0~k!+XD9z-Aa7cNR^(?Ru%%lFqu5$&*x|6`B|&XES(8U3fTmPqB9+>H4Qw z-q;RfGo}hOFFR|g^+0wZzrD%k z|EV{zFtu^`r8oW0y-Br(tvxn7(s$JtDl*`7HH>Krh^V7O5>RCJ4rJPf;8m6)4jgUs z!30lrs&*o^DDA`UEoR~eQEyS0UQpi-Y1rVOKPP`RXXTKHxE7!K%buzWFSRAxYqAtl zSg14DZ`80eNok(sjvE@BL}i;3Lvch-o5${{Z)DDM7c`2gJ^%8SCWDSRTJyZ6s^Yi^ zYdhviaa&ad!T*>=0e)rl}vl8feCVZwQ_iQIX*pO$~=qnsTDV+Mt>G7g3ZvulUQLS zN0Cm^4Cgcv*0Ujb$u;(S6=qeeC^vLCco~vZYEoWCYq8x>=vDu@^Q7<(kBA(3q}I}j zIiLQta%43nWskb-)%Wcx$$Sfge~h{u-lXpM6fjRiKmC1w47$@(`ZgT*FK&4FEt#Ys z#OtVZqYj)w*^%UUBJ5gff*2VJSEiwPN;Ti9O|2TcKDB9u+mgydq?twAl(P^GtVTn& zyk!FNH0|asg_OLJL@=JcD$J3Dngqzq;*dgC%((Y?Jm$X4<&{&p!?EHht=gfLIVkgW z7_TDBkGnbL5Cq=(b(MyB&v-@H<&`2vb9^8+&eWB*Qf_Q!<$YbMy4V!krDo0NJ+N(K zAjO=9^$`DgU2E2j{zga9e#M)U$}~$R(S#g^HuIo+g|wUOnfUN@H*r2>D_3b=N?kRLC8hJLK*TzNBm~D`r-pAcfyrASs0Yc$V@`_TPm^O3Vb^ za(z>-0M~hr#z?mMqf90Gb&|p(IjuP4K0wiBqQMr`P7_Icir!_hTa=seyl~fPcdh(z z8e%2{usm(3MmTULRNevo2lE##mdRD^eZSu&r$(ey$OLxfbICy0($xP*75w}?M zLaWm0;0~Qv9C>etV825M*OL~Z;f7()c6Z7Jh zaEd*>UEu+Oo$<3$haYRb<0wbln5uu}WkJvJvDga9|K1E5gqYL@B69QuF(nwnDOA9O zl|N$ADH_6qrYsce8sxN+!PxQZ0O*9VUWe2QjH|dvDz4RPk{ud&7=k)D?gX#FnTxC|aA!)^I}O5TYwjQo#2;Iz{Ai0lI)(>-mV#~smkf_3k49|_PYIpveGZhW zycFEmV02Qq33$3ViyaB)ihQQh@qr_!(k&qYu#GYh+!Rw$;`_71wFTntz4`k*ct$KE z;RaqX7~`H^J#L)wfI>ZFi7GzsJSx*)sM_O3Tw(31-Rjovt_|F3h!qwB#zjD%As?y` z6ewML?rE`UDGONfj&$pVaXtz1z-_RB(HNbxnsxzYp#vQHfC*t|gUmdaFoz|6C1o+=AqC)tO4pE3?h-Y^InQ)n)CRZJO%=v z;`;$O?we_}6(B!IpT^uXD^3hbx0K=JaNs75A1#SP?Sy`I6{OAfep^TDr!}^{MC!dh z&3>C>2L@0|=(yETtH>)r+t2q})q@SbBe+<2@NianM?7qieDg+%rVmX#3`MkSec4r> zb-0Na=DXIVu3@T=+LDy;K*QvQWwxYKT>~KaNulRqhc}|}pEh7D?6h#;>3>1)wjyk2 zQ((7E=Av1MJ85?g=B|iqg?jnJJ}<3&C@$We5T);W^LArD5_5I!@;|p+;uCCA>wBK3 zktNXAe`$4Sbjv(PqnE93UNunAwDc673Mx-Bs!hmplgfGZ@68gcIPXRiZOp6u=DLDU zpbrWHfcN?}V|zWF1?NLHw|p&e$E7=ac^@_=yst35J;M+Aqr!IG8hf1>Vy`W|+bx?_ zn6G-Ff6t5Q;B2Bwh4$k7xp}=v3mcec?#rv%q->_O=b-3F#q2@dh&{ij*>WU*BGzuy zby}niCs*dCIZg?c!#ghs7)-p8%Fj&(KfC1@DNzAE`^hbXQ#>O(1_!ubTb%}ITi$yt zAs@p#g@`w9xJx)XCd3|LTXWPMc9YECvRh~93G>d_h^ZAYd&`G&p^WaFK{OCCdtb}UTryr+M&j>iX! z>2Z5b(i-oJW-mI(J>lK4MTcce&EeGzwWy?cQC#?+3g z@eh*1$n;x=TbFBWx|ikPeg8s?AHL)-*$$V)V)A`re6gWHT1!ECW;4I~UOOpr1%~^L zu8fx$=|L$6fYhJ=1^Hclz`H*Bi~N50MSlO6;h6s+wfy&X=6?&vELQ!0l9Yq^V3hWx zgj+#_!n_@_P?*)$1g_{PA`9|NC&-ABs3e!~fqq`L6B232q#G8x18x`89N~W z4XP@-(Jo^`hC_vGicE!^x&sw$*`+dBNGe~5P8aS_mz;)KHCS*}X-0F+%mMtIY=aZ; z*uD^rn8GuvDc)iTo-0CWH-l8rtOgN}E-3~ulC@2lR zZ5WmkHGl?zQF~B*gbh{{OJ+wltkO+8x9Ln{?JE9pQFrH$@5qm|F1}r37hT1A$CI*y zvHWO3$Mn;^^ih!{Hj8#!@@t>Z?UFJ_J#F=ZZXa{n@I z2k?{5rvW(3pug@$rIbM=loiO{CW>um-XKGS{z#P^v{Q)0=8wBhui&g)V6P$(2S#32 zGpHyAfvAHhM^^tvCl{kT7VnFqg{B{Y59IS5AVCMPB)1@h2{vtM+Yxy?WX7T4_X;Fm z`k1Pkv0Yu$ry-iGOTMpOOiNX@*L%oNaLN2lvJMM!NdBZ4I%Orx(<@mMSg#NJh|{@5 zrQd4Lsjg_dik4YvcQ%W}DN-w6Fqy)rvBaEowvx8+oC9^n(~akbm0 zgkdpHX3k&Wen9~f`y6Jh722509qjW0`$^h)t%EnzSYiqT?TJ@0hDMj&IwvC3h>lz? zw%vlQ6?oWgd&C!)Gk-mWx{0ZCk1z~&39^To4EN_07VSgze)l%Pk!U%Vli<5-TObgi z7ttZbG_U{w_1b&60adTZ{v*e`lf#EV_Qk!IFC3c{Tr7l&9=d5Eu(<<`nI&@i+*P|D z(O4R^X@v{7@1>Yj-pD^WG>tn83RT@=z~Q&|&i}wvmbL+7c=Ido!?{EB;>{p@_lj6c zs%)1%2+VTgOFtiZIYP)KohRScTo&wk-aw&>hbT#x6oQ;$wVWZ)!T)d##Ge`u zgtu^L`=^N5#5u!|7jYi{c#e3P@XTWMvlDRVh>{|qO50uR8~KUYa^O)gu5qu`aax9-}11FnXi zT3gLXx&PB;oPjk_UJIuGrkVOFJlA5Zcffl6m!n8nh}7!z@O*C3L-iv+>7RK$_CO7= zrxHX^o~p2OYdqd(I2nODJbjRv$|z}?-Kg!`UfA`PZkuH^(b{MugLUm>c`jaF(uvJ!5M#mV>!%iWswEP9%%?yY!aQR zQgUq}$E>3re*X1Y{m&Ef(5WrJc8mkk9Ds@`Y>_2bDS;C_j|tnm+Q^{akl=qZ~1+; z{?FrLqO5(U07B^Ojy|JMg^4&y1s?LT0J6HEtPLecOaVp33d3H?Jzci0P}SH^ccTE7 zcy}sv-Qx}StoIN(5CEM_Be|+AP8AzO`@9@gjEcZQM+_l0WNn8Ur&SbaQ-=W1=t5Bf zXYYsv1b;#m6IPFyzQF}(KL(VU`Hqpj*4j9)#bI9a7~X_XxfO`_c)epDOX)6ab0U}c zS@Pz;KVoTPUOdrwX4jO04N39i0GX=K{gn_!u3d%DR`)WS}>0D2(Wum)`BX;N^(t7@J@-sN`hAF zjd1VIUE75*pu3C}L?X-rjlaEQs#!jJyS%#kWGCttd28#qQOXRn#?HX7ljGl-h2y}V z9^nQLfBf?UCXgdLM?7!KG4;Om33sHZo?n_8c<=&@L`%O;3f1X?%kl(NKGUp326Z5q zWocDznQ7m^=8{!umdn>XzpLm030h!g*Arj!xG61&Fox4Fd$jMy6%XRO45L|Boaf@z zXET;Rp{#EK48M80yB0}HxMi0I=OwnO6@HEcO!-SsCXZ->P=em}Y>v)J^D@!mA zqSo(LwA+Y`ETlB3Re7grUq?m-vR8;fn}ZjBAnxkL|-Iz%f(@V9GJZ|c&ZBw^sYlNR{O>)r~DpquB_fwzKzi}pM zPynejaV8tQgKlvOoRb?GMOY6xFR?-uMoZP@b6{2Zt*l6O!6$m^51idJd(cV@GXt6b zSf`BpuKuw|^NB>wKRL`1YmCl;qrfBQG2#O8shnX(r~Cuo#k8dk?!WV$aCVX`99>Nc z+Z2_WBf4|4$^i>Jf#m#tp8EDlg&mB)fMj=FGTUZkFlilr@Kn|7MLLpnGUtW?gz$R~ zEn3@#*nn0jb`M-X2gC`mgFKGW1;HDutG@;cwDy<_o-bhw7{Bu5yIdvCQTbvK;3}b= zdO(VF0>gi7pg^BL>RI#E+O^&1+qHREZfT=4><&2gbXB#9dXkc3kFV_+I5l!@21vG( z#PhyGp+=BF=8kw;YC*b($#)bl+N)=ZDKBE#eC`mn*rq3;Mhy_>N=G2a0;!8-%jU#b z;nC%-q*hJ)tF&;0KVRyca+8b%Ar9m0%IIuZf>hifvr#Ep`A297SPRZTr{izUqb2-5 zN96c=Y(fdSEHLLeH8tkg;Xl#I^K?uIY!VdK%J}S5XyHuu2$6KLR2ipPRCwLVw!Viy zHcSycMz4i*2hAj>?)J-~hs8V6=nL5O%6=(Up4$Cc|Ne4tzRmD@fAnB$euLIn0zJ%= z1+;sca)`txrU%A*H3)FodcT+XppeoZQ696%$F`h`G2VdgH#iegk%yW?l&a7F{4W*R z#?1wW{VTk+3jY5(QU5oe$};zt^QM>^f0W;FMs{0XT%gIz!9SOkX@(Z>`Q=oe0`H9I zQRJY$z%8gDA`JnS*{7eKm-Rtuc|MKSa`s{R@(a!*`=Sm{Glx3l!N==KJ*!4*hdI zSh3&H1S=hAlNPj2x)B=^{`t`os$?ObIFkiPRAGl{q9p}9sYb;WpxMUx!4QY$(899_ z(un<`Kt09RAw(4rrl0nTs>9>+^H$AJ#6s*#$Db63Atz_kZ>gy}c+`$2mL8wKLu0mj1_Y_G@pQ_(VC@{IJR zXie+`@J$5}J<)(fa9IU=J{C?vCV8z+G{~4(;WeQ-R12WuHL)!|dc~{$sjgrJkY3Ws zkZMZ15IXT~=ghbi)&r?@t%`5|NUbDgxIj?H-RD1XsENDDvCGrlnz?_#x@E?KxhYVZ zy7-s9@|Ocu;t_%04--dcY&k;Wk_S#K4_&~YCGt3}7Dx}bFBT>E_z1=2MGXv}Z)OD* zBf6AckB1wt|3gX5^>5T@mz~3%E6*zz1`cin`@D?VqEuQDYqMc9^FISkbv0_k7{Y{; z%}l{&IurBSLGXIOI=_^ZJ!ZkC#^|CpP_W*aX-XK*b##I5>fuZ>e0}3($QVtfP zAgH)_^9Vml0AZ(72E`y@FG1)O zotlnt|AYOn1WeKLTNNN00>yd{rfGT?Quz+-7!6t#7$9*5oI@wfe1yp2Dk7uyWpg-K zgyg4Qx%7Tqh{ieBRE4d(@q{B~iQLWA*Wd=VWP=T6-XsK4t2C|*~+a4(=jAgoS5Nz zc>Yg@cV=5}mq-|5XsdQ8{c`|@1mM|=Q4xME&^|ekfMEN-oPxQwBNhsd)J{1y=ot4y z49};3DuUYHX{x;7^dENXB~J1nGsR}NQCpj9wf1ObIVS&I;cn6PO&hE$v)UyXK#9Ob zCXmZq`rd({Wnm)}G|nR6fZpW*;N$E~DDzDOvzw|E1w4)HYibUJu3`;AS)7U7c6JgP z$JKzIA3-dOeNU>(j{&<_sV%i!VG>#kc`Og4qCYOno!d&_4dk@@ba!JAK+NiRcQe6bXP11k&HFV;KesOR5YOJ+ z`$Ps{MBc)XfisOH69bVl3iq_4qYuI5mx^NFONV3rTbf|gV!w+;M|Ns*2eMu;UuUN(Rzj;|Q|5+;y@fuQnm zgS^L^(ON4khRh&Anf*g5VB?6=8*NR8eD^ok4#u1g+q5dUO~vjg&@RB=Xj<8nI|YQ< zIk{%XxSaKl229nv3SB#brtMxXlwL%9EK3KF24x$44cLZ%KjkV^ziBe{GE zusi7Uy60eVE?~|`N4tXW0V3b3`1z2cHg^mU$51I`w*FW{_`Kz~mk0O(=;i~mCNj%D zO{`_q=*xK*h9R*@5M3gT?CA*NSQo;>ldmhWqYS7Sj^i?Cj~hVmKZr;o&~?f#_4)@c zRfaUlNzZsFdI0fQW!jkX=SKYm1gZ@gdtvI<7nf9YwX>;@@a6+-85DjuJ(t^C0~7MRBneu4R9Ok@_onLsECI%MEC%7HU9i!5hb?p>_~xA=Zc1)BMoVFTE{tjdWcfK}`{DigC_yqu_G zbchH~f)VvYr|wO&O$(88$Dq@$$hvLswj4IlLBVPr;<)frW6Sz;56srd({be_GGp_4 zm#)pCU7j*~H&ecB-CQ!(k|2w?BAfe;Q{pu1(RWmFZzQ;Y#iLt=b;5f)i34++n5VY= zLBe(t#A{z}7R?a(=}8JzP=d#&1`p7`fpOe6WEX^fHIZYO+G0@ysz2_f%{bWxp!f@B zGOfxI2WdJWjOk&<+oMa&V}kWsAdbnhW#);5fQ!fu`YJ(j(M_n8%{A1~3$S(NG?zd{ z)WO0OpW{C%$_H&oOsh}c{r(J^qbhht=PBu;kg7@pfV;^O5N@gI%kH#V$DIBo{lD54 zp2_Yx8gS;&yLcPGEjDZw_gQIq2n$Y2bv`(Aw<@T?T)JT!E?5pzsS^Tf84*F2CIH>u zv*6n5S60E@)li`~p?Z~Yt#tRNq%RyoJ0&DqNSV(Ihs9qY5cF?cS;mbjTT^in!ToB2 z8UK(7F}oBbRWS5CPLD=Y$h}MJ-+PGVt?F^SkS>$5wf9Zwc-cIGzbmm<_5MdtL>l9Q zOc*eAIl7U|w-3ds+0=Nl%MztMbt zP`hb^yJ}?J;TrQj1p% zh=ywVeK`FT84^54s$m$L4Om*5EiE4!v|Lx6KH<&_n+lizF;( zPNuny0OaaKT5%bfcw*`@DQe=M2uOBEih|yf07b$a`5w_l^`KTI8KoZ2-f6{cJ5Rc1 z7|ji77Cf9ubrj?F0Wt;VCd!(LsS$$B%pmFt$mW=$y;L99OyMfW7Lt*D1Gmkb+Msn- zbS}fKAX?6-ae?=Zb(VCwi~)P#XS8GAm%G<;j3GA!Z>`{HC0qBWBoMIQ!W2Lse1|+R zIMkk40wj}c-Czx9=QqYNFSRAFI2I)R@@{N)TI z*_YLUMM~1?W^6Ru;O%t-vM2$`D7EfRL3KyUKM@gTpHp+yIeRB@7-6l=3KyS#+5ASe z4E7TS3 zKph&}j&4WHE5p7`)B0OJH!qhs&NI^+*1i2hwk#~J$3lB=nE;pH5FWVzrt2Nh)YTuE7PfyN^TJbe)0 zS3;R$DjbsiNgz3LG<>d=FpGNI^~l(*p|*RHHt;aE$ZQRCi%SwW$*vnls~wR{de#F_ zy-g6k>$ukG5VNJfPBjtYFzuM_>ApNR?6X+!GVcE3tJ#d9)<4A3G$SBK;68s)1GVkj zbO=E%+lfn4vnyy#uSan^xkXBmOvSW{8$)D!j|cC?wPv4Wn*hkGx4nt)0uAJBeCl)q z>;Qi*N^rtQh$^UXJQ%Meqi1f~`ugpC^dhE-cEw2)H`$IeWgb&?j+Y<#i5{Aa-eJMw z*lt$aj8jFl)=dC;;77+N|LB3j1(l8(-+#t+-&u?SiGvEVa8$G&<2rE|tK$Z8SfNcf zG~338Xs7>@m;p9HKhplF5aXh?!GiulmScV}k&Kib3a_kcsSIyHWr~&&HHMo1Ux3 zK72I2sDdm=bn?2|h8W7vR1=<^K$DAd1K`Q$hpu@rH&>W?GU(k=M}E zUnY&A1eMrAP~nBo>G2R05W{92sL<&J^ak?#z(X^3?c09c>Y63i$M=y)>C=5#iV$Bk zuaWOq1%Q z;(6YW{H%5;h73s=Pth<~gr-@eYGRwi0_CP1EwPUPzT9?XW^c2TB}+pW${8HhNta2@ z#oWu_!HZhK(m`9L>MJot`ZDdLQdT7PhhnoB+@G?oY}znR$=Ent^OQu|b3CMRmkqVu ztjKXnto(RQkD27c<1oUH#HK`>&&F|}BqP+814e4-Qm(goVPvoZNs%Erqe;is&Q}a2 z=7)btXa&f`b!#26ny2T*byLe*+-7TNwd6896^)2ozbb8&Z?5RKRm$^YJPBAswj=5g z=vOe?yr^U*7Vyr<8Jnb7Z3jYZxB{d*gv=;Vg5it!t0Q})ka!I()|t)F_OuksI=Qt} zOzM;L;Dpu{4#OaLvI0qBxC>Ea8-@RK_x0jMCWpr%Z<0~ft_?qY=WGvLGy4zN-DVh2 zGt|k%*g`=W&Pc;N)c0AixQH@NPP@L`zF$X2FZXF#VLuv4gb(Z_F!J0e|3D$@{+3;h z=3$A_kyYVlpm~$D_>y}V%Ljzd*^s)xnYx^@L7k_XfABm+MB1*7roPPsC@}(^=&fj~ zyIt#J#|G7b=J4LQ^{C@38l9zRKdsY4VBG@?=F6YaULNI}2*5&3i6+3G3t~f}%_msA zVe}>)rmFepbe?#P(z!vzS@$4L!Rdm>uy0Mqi@2B+PX6E0mx3@pnFSm*6VEd_%8~f-gEEhwNy6Dkywo%rJ7r7q|bdRSqbZMGB%HwA(ez8q%_P z5w6$1{>KoCFvfvq+F|y1)bsaB*5FDz8WD57soC7F6kYl0N(eynMPMUm_5p{vUK7-#@Nw?R<^qym{xVw=4oJcj#(Y&G$VuL(3850*s|fJ79A2 zg2VUR<@4RnKiJ^x&8)x#W$nYlWoj31Fkzt|?Es@bMX@zDq#&_c_xqVU(nS(JMrHig;=6A=hEhi$ef9mUlnWG>Q%+3VZmFr|=0t5a5``+%<&mDMz*Hg!_Mt`*wq*)353H(D7l|1PBWD_l7Z)FXXzA9jirjUz=OP+A zyGJjuWbBho%M-htQ&HTWgXJHm?zh+gwjFdlqv|aO{?oCG-;g^qUH4`{hR~q;EvI$w zVC^1uZLFWnR=>n*F0Bjd^qMdG+^LB|VBYqm{Zl*7tTLY^_m|Nl92#+rG1k2Gz(F3=QQVO<$9 zY@S203*O$aqiVq0Bc@x(YYvXki&fYm7nA!^Wf(~W2}~NWH`NZbR$KFw$?jfI-^XAos^Vb?6hV)JI z6-gUlJuXs`mG8rD)Wdj?|yiqf&uA_b- z$#5TH`tECd{{DRU9!}+iv^OP$Ma<$&JlopFjRjp2G-Sa9gf+^9EE#QFM7pan5+&z+ z>*UykAR22^vw*aI+{xILui`qf8|$g=k`9n2HJON`4S^gzfP<%vqa6bw37$NSKljUx zk`E^<7e7lc2S-1=(b>_(?fv=a;phs*{dTDT{PqB!ywo0CXh18T_?AkR+dqR-Q_0Mx z1)4HV1%tXYvD_ph?h!?sn%tEs!KlEln692!QIdBWHoGh!5VM~0!O{+SGH&G=^(7bf z!w2In^c96lHqsYgio#ZO?H07qGpo{{?nDi%gFrvY9W5v)$>GGToIeqUBA;RGP z0gA*XO|FD-hY zV|kG@GrjVAh_6eT_js)XV?e;AA`Cb#osr3tQtFhG_68v&ldIjaT4mA7U!2Tpi^@z$ zXLm78y?iRomLf9_MedmngQ|rrZz1ncp4R z$+F$nN2$p2EGk~V+-MU=!<5ilP2EzptrxG5DAfkvPiUh9xVZ2cf~898Qti)FKfVRz z$ZV&F`LBQY?_Z9(B?ZZi`f4V@31<+&B(%2G()ZUDOdiLgH@3u&--dIyyiJLNlqxPCIEI~!;!Fsp zdOYRZ!yRtG^YtHzu?dTgy2GTyLp|nqZNDCcXYCYHwHj*m$4A)-pLRuXp=}!m8$Pt% zz2O1;x?WGUy0i)&cuGiCe+FjRY@C zb#{|MZO>7no~4e=nIEJUZl^c0rh~t;w)do&C9(qbW0URU5y8K%{0oO4L#V>`l4iVfXvUUn94k8Gt1RNw9W^O{Nwf^{M(?UW%;7wC1Z`s4uc6kiRMPHpoIrL2L zLc(dwo12xN##a|AZU&CgBosYE_*8JzE^E;{5-)o|uh?;7hpkF#qkcg&i0g4Y78&GhnX%7cU&|k5$=eAAdFMjBGDOwOo+U2Kcl4;2R8Y_cFbHL8kld<>*F+5k*Onp)+6J^ zhHV#S)XgfdofUtvmSrji*&5WPXO)OsOC=p>b0pyqueO1FXyM;}W@oj{kKgYzfh*dH zK%^9z#;{Joj*tx(*R$3U5p24R{e*8%I;K9rpX|mxpt!_LeE^ zU9|SMHqY{D|19Z))xm3*)WANKt`n$`rKnj;SU=FrdgP4moLZE}#!J+YeHLMh)Yys< z;7%}g=a9Xh1VhI<&YupD(_6X;xJF#E#}t9^n93Pba)Ahn+Z)vp%K6vhIg(}<)Q(Ks z#O7Gyby}***FRt}G%p1)?ys zTPmUOkT@Ss>2O91UMUs3q^3z0jurHb&|#=wBgCTJd%Tj~b8KM5HQ`nr&spQXT@ard za4n+KVL;M$>FN0X92_5nO6n~f19u7zM)^{@96olyj4JmfL2c*3a?)Yz>uhkxonrWn9+L|<6wcq|Ikzj$*Hl-3JKtL^cds3m?8-44{^dB>WvEq>)6C6a z%*1aP6(36qD?*=ND61Z3T*B`JL+vi6vMu*51%>N-7%@p*N$2MJsuHm!ZY04Ri?dP`}K#o~i^Vg1*DZniQjlVvdt7ADD`US3fTF2Yc-HJpCX z=j}$dY5a4B6+rx>i8okSenzOp{@9Qf69aE~>=19V4h5DJ>Ga6p>Ye#f5QUgzi3cmm}6!5!1WsHKnQe zT(3B1;qt0dy_RUNw=?N$R7d{AtMnnG1*Xt6ZYu=x(rk@?-TE~+-DgvWg1oZ{kG7X! zlN(lW@dq(=H&d4_e(z5|5 z7H{;4B%V{il|7lX(~!^fTj}oE)1tU>@9j94T$#z&YIC=Cn0t$f8;62>9kL+KbsK4a zv5SKYy?Fg($<^J>Na;6`D*woxys;sCPo}Xn7%npS+aDZzGnr2ABJmm70YC8Ab}P?} z>(L!!R5???`V)!FWfF*fW%bII>y_USL#&L1tfqYGcI+ji>*lYg1M>so-m$^FBDt&= zA?$L^ZMU?3l0?>K`(Mr5`bPe< zEwo$9<4!$E6-R)v@B%-@!c%5p*q+9FBW zL|qj z76icBg&)&07A}HVs5m*XXl^ME=Bg|@I!Jv}Ie5YlHn3ve&&Xn7GJ;>)7yp-0Nal76j06)s2CRpZ7nbz>kQ#W+u+)7jmrCsJE1}dV;uLGD^mJ^HwO(~ z$5SdUYwo_L9VNh-xxqJP=5f`5C&q}xY(pZG?MgS8tw+AKlV-cy?11x7(8Zh<w%3`)2s|a3@?6 zR4_p}1N??_e9>!P7H@HH@+;qO^uS)CfoSuvj=#?}ce6yaW7gdbT=EG-Z}Gwvcx-Wx z%l#_)+K+Ku9_ie}nsX03NUWD=4UgKgY;Q${dkigqxp$7@3c{0xyx~iP7I|8o zQHel^Fhfvvu0R?}PKO<2UChnPUupRSp-b<8_~utt8Q?ivUheK2vR(s4?gdxWin{bC z#W9~x+sz2IMi0{oSfSsblX*?tpY|A+e2s2~lLCWQyN(>;e0RkE9p=;5`&HfX1K8{N zdFAN;{|4}G7PiKAZvUeP)g(dC?&pmQp1rNba9EFKQ+WK7b7ERpP*T+tC&uYH4NzFe z)*PCky8OMxxF!`o0cbpXpJ|6TQ-ca%z3Kk6^a$e;tDj{ei{=gdI@EnnsH*594`$N` zM)o%k9L<8yk~mk|1ekvg+!2kh1YaK&bi6pJieEgkF>|MARv&i|MS+JxKpGgR2LlIl zOzM4+Bd!I^fb1%j4?UH|lShYVgHb6U1-P(ky;W$gi(s_W43FPrjc2x8*IxO!)7l+1 z?ZU}FVU@VaFgCYYsZ{U3%cdU{Ty1$vcOv_&Zd)nD` zqb3WAy3+lj>$|s5a^+rB3Bz@v1a$=!NU!nAf_0I^(SolI-?Cjsew@1oI#<*S_`1#1 zR#BY`Y0XVRUB3R-g04*fDXj%?Ju!T81epj)!^R;s!X9DsO==~Kc?D@PvBu3J?x2}Z zAv+TyjQL!OA^xAvy>K?*>@ZgPU*FTo73VUPkguF?Ff%8Dl>YWP2E{c<=tv&S*$j$S z#p~l(Cvo>$u4=UY(5KnjApY);LX?=^Fyba+b^7e&NbpvdLqMHkQg1q{3{nNXPWqHUEf zO?R6Xm15e6^d`lxh{PHCXcrHm%B?dYR=MN?D=CxU(S<}cw3l$^^q0^ExlFMSPJR?h zT8z>1+k@Xo^^DmX;HSrnw?n7tyH zrgBq%Ei$dqTddTzb`{yJL@ zTpk3yNwXe$F(xZ%tbf@xX3I7qIq>v+TpSLicJOxe@No2D<;@I_ly>lR`115*?dBNm zW#2paK)=0z_;4XZ=?ZpQ(yHdp$5^$Ituz+ zR)0}`wP{zm=Xx>^*2{xl1Q@>No-fLym+hyUX;`flFzxsB46MHwW#IrokLpgWhq~$n z7@0|1AQyxl$egw|{j#49t1Wmc!&RIPHRv5Bu!0Ho3y~j-&D}YGwh^;GOQ1W#Gui$* zSflguXJ0Ab9?(`s%iikt5q7O#MF_x@J{CX)B=D%c#PX5DED0v;$9`@V74V%L%WPJ2m@jyBvcq3SPt}N zK}I0kd<9ZImX?V)`4 zTOuA|=i+-zyv1>JxUw7=l~rp&{J`Oc+|)p8ciouAO+`YJ0^P%bSAatAJ)_(wro0Px znF@Gu_vdf9d-orw2H{Oy=TawEBSjafze!4r?(Z58hpJz0h1f-qy!$v*;1n>#8@kYk z=}X#js-wSYBqZ5P$q8B2@4z03Ow6eFX+f(Moy`%rYN+VcmT;l|622)0c6IhoBzDNP zYIUu!!HN$YhWdV9b$)JO+zE?}k6IHX3F4asO$Szmv;>!1O>d61M2Cqbpv_+0Cr#2X zL%GmXVrJb#808~P`H~cXHVPkLSD!KA2HGP83-Am&(3x5U6e|`*S1$wC#JtyTJ)-NmnfV+#(hY z=%YK1RJ}q=vv&lMdXuLGX<`+kHdTpw1!)Lid6}e6gTPLxb75HA^^>XZR$x(UD?YV6 zi|o61IwL`Yeu1HdaElS-hT({&ix0lcrjF2|RiTy)sM^g4vxH%3DvVQC(Mqrjal7J; z&8D-M5G^t>Y_)mmx*izqN5T%q$P*V(qnAwZP8{z&CVQBF3tJ<+}%y;X}d5aU(ig#}?-w_mAzFKMUDs@6EgckX!{!cgbX zK!RgxC|U=#Sp_mx22wB{<^Na9sZ#o8N8C*9j2OBoj*|P8G>^s7abT#}P0;u<4 zx6Nu>7FJRL1@_qt?YL9JS{_ib0fWLx{rLFU++RKsfWd(6$&-*Ej|XvYCzfgi2vV$K z1oe=tbG0)AYEZJ_1Q$K4AYLL-$OeCbO@+dH}%V zw@c>Jz=3Ba!m6->Fq(5SSW$YF5gGFpt1lA}oT0%FEqhy?kvY4RdQ>)o;7j2n3$d}` zZ{3N}+5+Q=oC^1lYUIFDMkd8hC38zC@xn4@(1&=ZYliXE3-7X6iEvb(fP8H_(7_yE zuv%?8kTXKzvx;D~TAnTmKKb?$pBWGPl57{Z5w?+K%U*)rZ2B7_0{g}O@ox8`s(vQ)Awj`ndgo_(Lm}G{3 zcZUCuQT|^Tn%;ltaQ^$*%{$2^c98>NRBtuca11)>BH0+8Q1<~u>4dHTs9EV39AS{0 zEte#%(%(OF_;9zI=?)Fj>KlsX4Y;!($L#Qu4x|A3mKST~rs(?J!evo#N*2z)C_3wy zXO07^x5}ZKM`@isBjJG3Q`FR&VAzdbu(Q?01{XiDl-MLfDoNfWNoPs|yLkfH0J&m| z@_CjjMEjJ3+58qzeC&Rax&+&+7@+UNP;pv$;jm1FPzojl7At#OKro3Ie_aaIB^Get z#kNPawL8epKZW$TvuAG2sJF^PaCUU9(t5(f^}0?dHe@nONDCxyAed6e>f?-!5N?7F z_KBAUEKFl`l@BU%8K+m@^_R<{<1L-T#WwV?cMcg%FVJK+}H345Rw-8ur6B-=bC;`$?s7OGMW5km8wu(GB&$F99S z)I*jAN@p{j@>1uPTxyd9D?G#tcX7U>Ckr|P$D!T5{3o!0uM)s=7l<1bb5DX8-=jq>P6F)QL)%9JxroNu!SRJ`>gM4`OB4U3XucUi!WnHZH^nmiwXnk+G| z>E6#zW|Rzv7S|&OrQ2fEz)#B(w+5EKN%v@FDHALdZ^TPL7dihpyT~g4)x_Es0E~U; zFHEK1`pYBs+yegNj)_t!ES2`%?*U!`J|`iSXmgsqU-deelz>Kk#LgsAJZ=7Ab!HHgo-~j{!v9 zM5P3reO{fJ>iC`k_KTOuC5cVNGL;6)mvHVwCPQb~I4O>scn&+u2&GZ92Fx_>Cow0% zEfEaU!z=;!Wh!rz*dhPsbq>qR&R^ezC)ty<*2m=$Bx12f5ysRO98!n*LuXtLmXr79 z(y=Fq#Pr9po5hofl5hMaV;sS$0SU-h;+E18l5lRs_>HDn4*c`Wweu0!sD|EnLr+s^ zxfd^%&aNc&*u25uHK8g^iC~Q%n{IyX6&ZvQ3kA%H#R=6~Py)hm9HA5xvnyHqp5)3O zDSitqAwCUMUF+^uOnomoGgP+|1f!n7|H&R|-vZkQS8j9>53(J5)~ENADX??bn5ip0 zn!ePY+kgIYdf1(2v54P+m^}74~Hy+rl|3Q(`MGg;q zG=h@ws8w@$!ymcUTXJ-pSu0EcwOFMg+6r74qLpoR*}qojKxMHeuo`t>tJ)i{*!8OE*#V!%O5?6A15^yJG}h=(Fd~ zyCF8z9|@jAvI@+NyzWom zClw_BX9wCDzb!-t2B1^m&7b)I$W?ep~}MOD{%>TJK9boKdhTD3HoSZ#W#^ z(3g-M()yQpeEPN>S`GevA31phVIDQ&R55l{V{Yf2ueqD#YMme+`cH8A@CEcDE8Dnd z8bpTXzR3AR1;#-~29Ya?P&{i@vzmi}s%bI5!LAYb=@W#jfc8u3pDfrWL4(OM>*k{b zP%fAGUvYk~xy61Bwp)d6m{*{xoX3dhsS&)3Qu1r;n7m0c*ue zu<_B|^`&S*RK4^@jkWO)>+zQ6r$`p@Wc}eRY2&kA`ZAY96Wqe*GD##4QSPv$?9h@# zyGoi15(QRrwN!5g!g{M<5;A(u3-rjqAT84V^r~)5Vju(mDYF8HGa3GV*eQE_ z&75T+u+C)!4!54;vGIC--J09BnsFA$HR>~1H1l^YKkyl2tje_BuJ>tR(yZKxXPU(Y zju&i}p;!04_7Ji5!K-Z!{!G)sBoIKg8hsX?-NeooHvdRiF8oaRRsJAwDG zkK>z=X56D6msD+ecEONiu4sf`XMfi7$hBMhN=?thwl|lzRKQPn0#MDZHlYb`HmPd{ zTW4gEl{REITH8#mNyC*i9*LR+pvD}uwl5aO_fIlpawa?;OGS6BGgCIoTPRF}z0b4g57`Glc1K_h}ZyGB$bB26t*vDyDna_OMdwwCQPS z|K-qf^*21mgjJEl^_$=G3IBiQ4tobCO9+0>pyEGP9sd{S(0|S$R;zFS2PXb2BGb>* z@knBm;et>HkB59S3Uyq+6FS0x!aQ9mY=T5u$+e5<`~6BnGUdJ!kgZpOB-RbT_x*~( zY!nedCTR;(af?G^!+tE;Sw_NEjiF{Unu#rX>@0h%y~zu-S=#{^PIffo@WotB?1r3O zjRKOtsFsj0uuU@})NX88Zn@5sJ8nYIhVu;p4NB2rr#y$GKjlX5OM>KziRMbror)PDGjrs23K&e z=9`-(Z(!pn$*@tUv>Brp6Q0}|@q+`;j+e``PoSF7#6T&qT+{XcRBxJ~VaJX#X*4x!dClqacCj=1BKl=J6@iXsqh4^Zf-9h$ zF*&nhTFeD0_RMoGPx{)w9$sjG(w==pQQqwMfwde^WpH=C(VuFr?=Hwh$~uNb*&ihd z{@Zjx(*5(qP42^yMM2bnb2;+;bQI3qz3BK0aZ^+=#sAPzGPsuJz}0yO~nS8 zq-vKMmf73$DtFp!_v94@VZlLe*c0lRc93TnlW@mCd`371p3%GAN2%9oi3TBvqwOx@`99}{p(Huj zu?h1vRqobGUy$?aG?B=R|H?w>rGA0g> zuD0B&%TBh=*+b`o6?ajx_Rip=9%$STw0p~8ejWmhdERNKj!$?L7NFwnU>4cG4Q&g5 zB!yWC+hCdNj8oiHnUjMfz??IEAAWaZ-B2C(&!^4}W2Nt?IEwtmXIoVbAa$P3dYdmI;*_ys^6T3TJbQMF1-6&f>R)gfcBJU+zUdry!-yTdN;@?33 zx$XXQ5`p;Nh5!F>%yx45DcJn0M1tkV-xTdt6n|$?ekb-fSoaPP_p?rN`6w%uGQaI-+dgO9vlM3$;fVjN@I=^CG-~ifK18R1$BZ2@VG%4(``mW z5bx3vL0%^yKyHcn?14x2gbjK$I1q=MoBCvle6h$v-7Opdu95*rOu>pgyA#Qg>D*qp zJ2IUTCp?pz`Fh`9$#n7iyg$7>TpS#Vba_zc^m2MTIJ({)pr1MEB%}7`yQ$mwW36oLkO3&uL!bfY~C|c){D%3ln70K?2dC5hOWV z1}ecicGKxi_`UTatBK9a%>+(3z3Y;4cKGCZ*Zg_KA5<01p>MQBn*IrO8W&F zbXk0Wz!FfI7w`ZJgmXX=&mn(n6?{(Xz+c%7@xbz^z;p(xgC=#0cvXsx@|{Qa>G<#Y zza=gcG^hizUVDs#=c5ez%=CIA1{)Og(au+Psi~|Xi!7P(q!6^ce;8@*8JW@7ZLS%&JZLE1Vh zW=r`f2;6N&GM>tf!=z`GT`{!WEk`@N?&iu6k7oPiVWSC$jXy&m>w2$ispFbhD+Yqr z(FA6&gBMgDqr0<57uffrDNXxY(5|cweO{)vP@Z*cbRYCkJ!PItp=z^`swL2gt<&){ zp$EQTUZ@{fKW8*&$7~V07yuPe`@B!M-kadXEJs0skuZxgr+91H2nH9k8zk&mS7|iu z48!Lw!GpZXib+-tr5atabQr-?xN3*Y2Wt_&Kbqdu{PGnEyOpMC-gx2)r+f(QAZnIb zDEAt}Q|~zT!*F@3m+`5rvCN(mfwPBWeBKdlrNbjV}I+|3+afS0+PysZ;t+Xa(K>zCJq)3rtS5h0`iq)@#p@1 zNOsi#K8pwxVgs)v)0FZ(Ig|lYXovvc%TufYxZZSp`S#gF7C+s;ua)~LPuCkt6YJeCi&+8I25a- z#UKQg$(?*=PQ5$1v6f#WPPo`5*3h$JwR5=8S)Oa9yCr68*E2bT+v)}&i*0zkzVBzR z<}7dXXJ&Zigv&jtdIGN=!WhSdlqw{I&eTi1$DQPTe@)ZYBGLbPsJAZ)wce-&oOBzk z8a`_+#1y>xooKFS=6`x&jwCFtJNZGC#zU3zqROpO@%a!M(ci81*~`l!Uw+JwhJV{} zhFp+%I4=E?!q6OTuyxxXWPHT{#4i-%6T5uHxEvXU&VY)|zsD`dPhY|Zd=!sf!f!79 zIzblS9SeBElo#i|b2h#~F-qW@)b&L?vCYh97dT-g=v&$)_2w*7ys6lE+ydDv zm@#a5m23(b0zn~?tmIrf}UxVYD+eGYQv(;0PB_(P#t6&mjVz= z33fo>J~hGAT?rI0d?Ui9ZJPpFy=l|@O3O0P3u@xaZ&Q^Nz{{IXE_@F)9TMS)+m%X* zL1wROe4c1pnUL0;VEt01a~Ls0y>J}d>3-ymf)TgSX{yj=?-?3rF9)9)fp&VbCCh|6 z%;wE-oEH7sRv!B<)p2f84&#A-sQPH5`?{F^gaBtxnVW?1FFD@NzaJFEuiY{9nqL!E z_5;izu~lJQcp8UM@Q8f@HO3NzZnMB{QGm6g1e0?oMbR@>z*S~tU>6;c;6U4-_=}@dQ<}F*`^3%n~s50Bdv}D9+(+5W zQ1G6#-L1k~Ul-QEX9Z0^t5}-BFRQig zD-00Za&y@Tsf|k$Ec$YDQFR7hCM%4tnY=_f3`DgAKwwj={xx3KGWZt{!7fi8&TXY4 zDLfU`$qFdSArcmmcQzh3DzBO@lk&j`fK3ISRx#XkS!$KpuRuEKdnb^MmD{Hl9?Tgx z4?J@$Yl%LY8;5IxRFE0JO3WJeAjUN|1MDrfh=Dqntg@HB@Kpxo@h(>j(*$_|<13qJ zOtG9UyY-ItS16Fyn7-V_s&7A3&4dql3jZey@sdL&EP+p@ad`pD^(krmSt5W7N`=51in~$O#Kx0k0mN*J#m--{|a_TbR?aq~oy^GX_sh z9!1ldZYbBbR)JrW^;)Vuy}e5VwHQZmc$pnh#sp=s!=BZmY|`zm%=CwJsZs*A)NtUh59+5%%eAS6*!;Vu2_oO*9x zn+iYcc#^O@xGR3-S7YPB7C@Ma?w7OnzQ!ec&e+|juHQ?UwR!Axs-_QfiT6;_wVega zuzy>uRxW$|q;9(iDxWq)3`!(DsUWb}q+TutW@0urbNH;DDJJkX;tqOAN^k0n>~@RvMmng2#G-uk55qa>C8M7WTT*@A z@=%&(7mVAeUUyKw3S-dp)$e#HqDWRmpe%>q@hK$7S;ni%$*iLqMN0-@Ycbs%9AoA-~h`iWFm<9*f0cEZk@#>@OsSgfz)jQ>%k zrA)*0b_IKjT|pVz}`lPXm;O-a{sLHIC5e1&8r~)`gDBW{iX1}7z9+u zCLRUxPQO5_Bez6eVDm+K9J1=3juQso@Z9{Re3(cqsqMODA^Tl;@a#&VS!)04vtW01 zlU6CgE3d9i`GuPxK*L#&8HEjdn>wE zRUDO0b+}DV`_NWd(3T9i;%wjb{na0*_nBjk9CQs3l(A{nl!pD#Tt`a5XB1!{@HHl^ zsJ8ycvPu!--WAnV80Co~EMb^5a^chRZJv#hq=7aQ4D1M7KFt?a#lyuQy`=T*kd^hO z_24J0_CbpKKWhwKBh&U)pCadouifwxvb*~98LK{d^Ypf$VxFQ}v^vK8!9)O$s-Z65 z*P#>JP@CwZcr_{szxjI!r1*W@AZAd1ng~Oiocr;|7Rc{Gxb#BkfbiD=T+QKcXWd?o zM|&{VLsg2(&WOz!*(&39uFN+fx0s*UclLSqra%(2+J@Vis zGf*ZuH5rWci*dVqXL-Xb^)REBn5!ykf%%pQ~em~3V6 zHRd`WF|G4o?RVQ4V-|J%pr>IKgHvkFnU?4)ZC{k0$HeMt(3{*Ug=o?Xv4!R1-`TE+ zW{+Gt=sJALCU11jr*B5Ba^~mzaNV`A#Z{{p?Ep%~zsGmVS}k z&=WucJSzDXGmsr>7BWj7aC+tvu85oMX9ixkufZ=KCSg$*bbWfR2-$BT9MpXvr}b%d zM-3Iuk1&=>EbRyEg;bU2nKn^(uULA)I#+L#ja9Kh(tTckM~g7};BgGb;WkrJOx89^ zzI>Nu8K26dNps4G)4fLq94>{vnjfYGOwV5Mt`%~o{d#yA>)x0^g^#9O5&=Asnwevx zq1Ms}$eA%|byxAEmJ|0fjHNA?p4#34(b}7u1#23waf``|jno~N*a;rQKiVUlPT`3f zaAxd3qlOT68w+`9YF*8`%P5xA>1Tdmu59tn6DdsWMZ0zMEb(Q!hx?QWNbvDtTJX6u z-kVQCmD@&Hj;SFdz%iN@qWv#y$`4PzjVg@H+s@O7*OeKzD`a0O?7pU|=%dq%fmghf zqmB5k{6zyCDWGvWujjh#+#}+Oh>M(IXMMRmuLJVXPN^}SI-#MV*_Vm0N0gqaIy8MG zgEo;K)1+%EL%ON1ExA@LWz!*7IQKztO=~o^NpNOsCVB$7ox9eQpKf@L37Y{6L*-F2 z9*Z+Ps-<1@dT)-3v%3#u-5tHfuUbq&-?*Q@C^g5mYZ^^beii#Ry<7IS|EZ;{qA|6k zt)1Zr|BC;zDb$}X%a$L~Id+Uujlaz0JMP^)1}GR~y&Ixi)mxlza7UqH5m_Gx9m@K3 zz)8$nQZ&D-BVrUIRb4j&$b44r#5V$tPQbR0$%m!4(}A%E_?Gp?@mcC-{S>oooKoDL zI9q;O?JP2fKhi10ZAL9Amriy}SJ0&AnnrVs=Zvb|sFt>nj(phO><|@Ju6zOojeM>H zW#;~3Z&m-nYq(hO)?zv3p;l2B7yf4IL-Qo9TE{F_KFdLvbW=wLEFZXV+~PN>EiFET zO@lVEj8y~x7BbdQLEL3G6xnb1&5nF(*Cp`1@*#qB4ds2%33RwuGLo}?0hSbp+Ceg^ za1x)(;+i&hzW!Ba(i=ocf6e>*es5X>XV%mUf$PT!uIk7oRhp~oSB=2;Qpy&Q3o$y1 zQg(*iBWT;617#}n(8!V*>INC`+F&e%#_aIyW&+&DMm2t2s^+BzC_n8liY?vjkL~ZC zpmbXl-EjbUfX$bFnhn1ktn3nF9OhjzV}b!r93Ni>96XrVA$t}+tZ3X(JfH8uU3(HZ zIA0DP6yMyeM@a7wL#o8+AiT58FL#cQ+s>|P4PI}aCU{&kjyE5W*c%0>A=liIBKk81 z$9HWm?bmS{1$uHW75ELK){^ z<(MXgr_&8rmy`H;#p?40F3VN&dc9C+zIlVoz3`Tcfv4KwPWw-Qq^8g>gYR|2ri(q6 z_4P)nBnl=8VH7B_aiY*MlYGLAV8xX}wgGctm&bGGZa}r^vr7DY^*vG2hAf4qVJsdV z28Q76B}QSB7_oi*{qEp3Nujdik*u0@lbq{i<`Rq;Wh$Zj<=GBqIUrk)b zR`K7LF%R>^^TdeB+2WQk>ccig!j*^amlxa-xR#C6F3`s|VzL>{m&UKs}(DC8wNgi6RLXJ$HBs+90ik) z2`CL%>wRMiIeI#E)V*RkC=ecp+{II;P*1Yf0&I*mlJtIbBTx?}U+nzj>v{pqHCb5i ztQ)tus)!!m-iT{0xF)8odflrcyL;je4#s~4F&^I`X$Jr=6L&j23Gs}7tEV(a<{n+U zTLf11i!v{GerKKQE`|gIv=NJ;_7K;KkyTr8QJ^+O!3n4dGsL6V37~Nym(hgYT1gv6 zG8fbSiM_DWxlYKQ5`%(I^pZJzcW?Dy(iJyB*P1;Y}Ds@L)blPW7|YixI3 zu4ihSheUY^zoz^2T?`ToLi{@CIce69D?E($NXl@u8qrn98fxKy1NpY%YGUu|t9WDR zh#0P=^rIQDCo@JUiIjef1%IuFT~r^>jdl>mCSxWqVvU8_eH@-UvtCQT>+jb$QEe$j zow8q}?@SA_I2gxs4bIGHYSE}Xwqn2GHCl}lcV4emE&4n2zcY8ehxf1+f4b1Re@w3k z{!JSCpYRXGs!X zw7Ci(Rt+XxcB0Zzd!)hKvgj(*kAx2xLTr#hMFekyFxkxkEo*^gG_AlOLf9n7U_W|J zHnbw5=W|oi;0Z)7i`1D}zXXPnXTU;T25AK6{CrgpYls1^iH~1ef4%UcJ8GnZ3Nx2F zu&Optyo;}U)H>>FGS`^xD}9bIv_ywo9y$SV`-+(8?^<>pf|H@9?KwrW z)X}%tGOirLf*p=MKALtK7Fd$@$A9%%tH42VP0Ud=wTd>d)ze2HPk)%jaF(qeNG_;= z7>L{_EE*yl>T5FqnNi;0CwduucBBF}*@W}z@uzgnr+}hM9D6oCecImiOQ3FfVp&(C z)*TV|H9q+LYhnUEpEFTcw>9ETgX;a9To=o>75gNcl)OG3J9c>YzWZZ5$(6&Ji&U{o zE;8h_okCY}pB2#auTv*9AkT20cQomKfxBbTk4ZQLqnEMIMLf%&QigQpuaZtuWFj}K zg^qmdKTI$+Q{XPDAoZQX--^z2wg~=&SBhymX*7D*$9X~_t^|DKfMv&?>Q!Ks4ZsK8 z8(Bwxf=9AxIJ@|ecSld4t9=Va?Cl@EzPcOVw*h~ge$2|gE!;D`IS1qd(AzyMiy9t%_(3N28#j9+*ozzNKVJGGI-nQD-XfYsbWa`8n-CBQ}!kl}}44-+-g)XO7R6SRxF6?pOnmOA!1iK=nUX!*q z6fE^hb@Yxcl1WZCwdhg$gD%FnqKQ|p+1U%~oUJeNGjDx`7Fo-e0KER`Al$JFU1Kdo z2m#A&lY*z!h7aUU=j=EzZ;hwrH1S4I(VcC8)S-6|CHo@_tsAry-w(-^x^vnT6*lo- znxcO$Q2k4rUq=hWe^r)(Q=QbR{n4nY{qW`gr6%bg_lx{EBbYdvT3DOV{i80WssaiC zxCuP}D_Z%l^THAE6Y<=-ya140%MA&XY)UsCucnkx}w33C!xhv(cWZpf?c z&U!)4N3Jtd=Ae4dVEK=Cy2CRXpbryeS`v6am4<~*k|^c+;9RoHXyDs0)k;gzE1^nQ zot4K-VKVcEdfGY<4(d}4aCZ3NGoWSG(jB+henxKn5HHOzQv!ZjuRj1hj|R+m#`%rH zJAq*v86otOG~06!8_LPj6^>xtZR&Fvw+9|m3oV{6k;CHB)F2(rMV0J*zWi{Q8@CA@??fu7QH> zUmoN8F=fPYR3riOljs*~C30&31q*x*+0g}bQ068pz>q`7ajwVHQ&D>3YgC4W-{fhZ z8|e%=Tylzyv)V}6LY$i=rt6sr){fy}4t&(d{mLU>ms?#b`a_6K?w3~#QqUd8Q9V%$ zSKf$K8BT4a^YFRc1k}g80Ov_bQ<}U7nmk+h4aqLIzCmSKu=;?k*YqJ>$YOC6Y1B*hJ6_n+m>|8N($x<+rL{+WH+AB7^(zxuBHWA>Fq1w~{< z>1>SuYu;_*6>S3iE^47cW?0gWT&x6AfFMJ$V^sRcSRkMZz<5QI5jDD`wlYr<6yWG3^;Peo?qvL%LhR;c6dpr8clDmBZ;Ix0Uwen_XP44yKo*@ z^l6vcRtm>!GRz>7B!I#Jr2x9IAdTN@Y%$63$R`ji@=yG*CRdUgbUE3sq1>ih$+0_M zZ6a7T^*Gn*uobcZ89>OL)*`3y$FOZYXI_x~m0s!eWp0e-PL+N|I6*^pI7X^ zedY%C_6CkNc8>pQ=`tU9py~V^3TD86Ch*@)-hU1BpBMkVo;<9oXt&6K;A87Ej0j1I zs}takvo34_E)s>-jB6yHn5nH4ImFh|*dp|Pot0g3$rjW?{+96PdDCs%o3B(7$Swu8 z*0HS3oJ}w;3j}~6!Lrh$y`fHn&{#=h1oR9iBw9z(X0I=w&Ld<%A1-=KF_82`p*{+) za}1!TkWCxP9lbYr3~)e);-c3L<=2|PbPGXI@Cbo}Juql3f_-9sLmy~zt?F?47{ba% zjaN3V^aY2lD~{u-3Q!@4XyqOT#FXdwRcnJ zH;BP;ST9NPeL#YCQ5XBdrgJ}I$77PCtrpHbV8~!=Qp{jXdUvtv@CE}?ACJNZ%J7DgRuT#zDROK8P8=uP|Gk&uT8lK~SW zk3+PDAV6NJvwY1F7T|FMnC~~sf#W`t5y)dt7W=3as9}Gq`RKZ?5oK^0p0}o?Sg5jG zlK?Gg^>%r7a(^o*pT&jQT0yHWRH;esoW*?C%T8SQe2Y^U_y{rM(N{%qM`6MVzPKBA zxv_Ght!+X1LYpRlRP@b(nPK-OK5+YUWHIOUfm%7ZX^%MHACe>Tc6RAipxtQwvy6-o z6IP~sTjD0G>((jxl3dV^>Rc!M)iYUCy}qnTXA)~I6-7K1le7_l2e!}In1SC@4WwFO z;pK?awm3|jmYYLSSC`lu(}Gl0ZZA?-CS-Zzun10TP$3*4Z{jyzs_;Go4Z3xPav0id_EZ4^ zU1HERDr0BVEcWEh6*ok8V{c3UuAzDl_ULZJENcG2_lqE>FB1|L5&so8zo386fKuoS zUZLfV*Sj20b^&Ac7V*C*`=%((x-HqXU1{64?X0wI+o-f{+qP}nHY-(W>*l%L{~f1~ zM&Flje=mDJ&9!4qM1%;OpsTa4-|W_*@S^ja&lmNtm`!tvucYHox*8Tm5#b2HK-%-u z-#x4Z9J@zN#@Y4`F*Q5?u)~K1d0l({eONz`{^D+5)@jH(x3~K@LtAbG0~81MyCE&h_8?A?6^QH9omy}k@U3e zKP5YwSR(f>3MFfa^^K)h+;o^8!i}mb&`HzPuvywt;S>F#jjf3OkZQZ_H#w?H@*A=>3R99sNOO0}STe>Cw5S0KzqpXbQC4e*}xVu_UwcrXrzH=w1 z-mFz>Aa@Mp zsx_G+E&td=xcF+LOj2{0rEql`lX#P(DkV_ne93a|r3-mjUqzFIB6o|xI!)Pos4o3O zcluk{JHNHSaj7HsUU^C(zm{X!Gh!OAPU5z`5Y5E(kEp|}$d@Lhg$Uv8V@tuKbnD&(fgt{NfYz^X+LA4KEekXhFthLSgIJZRR`=vuDG9Q1`Nb{#B z)d!FYRkuI7{6&aAK2(gF3NLY>;45)o_W(m|HoC_R!b?=k=7VoPyxfQ#u;t^!(zYQ3 z8A3bguGtGw7=tIo+A@n{?~N&$!XAA8YuDz?}C4De*pX;fU4N3#D#w<@kvLU84RP7@`z?Q(Ora|xSO`wKr3?-8Tv_SqBn9hS6OHJJy$9PB`ceh@ zX?BA6qh|m-nF+6|-o)=Dg$+%p#66$`cp*7Y%!y41$|$}U?6hhU_2UO|*d*ADgq_&j z$J^Z7lkaG0%?(}1YDl+Mn6PFp7~v9T-zz5`?|S9PIR?X7jC0|jRWP>FUB<R!+C zY+SbHMaF8xvItz1dJ1WXF*Fw%tM@IpbIlB=Bzd4M^4gfVc%V}ai87b=pLot|&%4_0 z+3HI1#r^mqk>!Q~hdPFW7CzOGbyyI$>(4IyzAA~HrZ0)x|gCbG~s$&E59a_R6-L{5}ff)rPapX2j{uk)vJXV=IDaZ9Z4u4$-%?FXT^eZA*> z#aUS-x-RL^EDOlN`YGLiigJ3qB5n$i|0KCb_f=lWPrxMWx$Ls)r9&3KoZ4HLuXkd$ zb~otlxWEbbl4?iwjcDZpEd3_Qi-ZyILDIZS1ZymU+$RB`tV}h2V(;7sBcVH z$RE$FR$;0JwjUy*;ebqUgQRwIN)E!Z+prCP(|Rv4`led(?QTE6=1plKrIQh?LL}s1 z+1tge-6&5gaD3cKW#?pOa?g~6)hWYb_@F^h4TD|<1LYv5qHqepZWm70J49D(B)hbf zyQ~2;YB^j-HKW+5g^$ei=-KjPX=-YoXB^zPIt9W5!uW%WU{}xXrJA#{n#&>^`^6MQ z!ol(~cd~e@^}}BOVyX!#c?M$;i&7vD=s^pumlg&PT|QMD?`34i)Adbcm(%FPZ)BTh zQU`gouI;wpQ#VSty)8*+scW#SAZO=Bna>muT?HX>?832gi9Vg-+c@HSHDO`B*_&U& zVWp6@r5P5^O_#ZZxV+ygu3&o|$77lBJ8$HF?^D(|uRU%)9&?9L+<`hmep$?KgmR|B z;s`;>*{h~l*hK~Vh>%!m8RlBARhqc9M$tU#>3h#XycPyJc^IgV zm0oG$YSKZdd-)2hb!jffu!*GWDQcOH?0g1;riw;0w1o|$QpWW0fNAQM2*IlF_-I|a zsg1?Um_n*JN>4izY82woPFrYAy8pp_+LCDalh*I+;(0x}xzzmNb*Vi)H1aE=n5N3? zfgDVtH6_XHeKTJz_k;U{V2`L+Yw-dEJj`;%QW;z-$kX#oV_>BRP50^D9|S1m;{Y$q zk`z6~Hd9RJMhj0SN3njZiF6#uDg`0p_P_4xZ6NS2zl?1nhPC-zr(nd~?7 zoL%_}OPTTrsd@?pkZ`uVynMWlZA|A!jqM7YaOjseQ-|d**u5%ogey0lZ1*k50AP54 z;rvyJZmlG{I)m8o&Yy16MqmZyT99Q1F|E<=;|@cNrMHn11xv3ifdW z9nUl%gS#85-p|=e7s8+!M&NDac?vMjcA(JRCcV{)Dv7<0%smv#++&Jhs-0TqTq;sO zIlI+y3}na&1pI(xp;Hj!6@-d&l+{r~0{WJglrzm*>tZMR*6GXpZk#-w7`e`fjA$Iv zYSO;hbv`I5zb`z&CH#EnjiTvS#!w(2#}pVnRiS`9N!-Woj6o!+$18*x6%y=~C3$Pc zWjZa~em70{B1$=2i!r56dp=t-XG{|++&X*QoZjC8bw^Lnh>@W!6kud#4?N!+F?OY9 zXYZccqGx#q%q%2GfWQ<4xvV-9i~$FZQN&X(=w~o2`_&?V#Z#({qj8I@+!}uiFi{UB zk74up`;Wn@Cdvl^Fex+~W9g6rPm_*w{ZrDQxpxUsX|D(^QvlZ(LP`Y zySPf{zwyc`$u+6ZP2+9Hz`=`D|3EFlyxW}hm=v(N1J`@>$v2|`Np2w`zmWXB%JM&7tPk)cT} zclRF2kD$GeZir7EuMdj^FKFjbGIJAwU$xlj+v`}sezhPw}_xrMGg~8NIkpV;T zPY%Ym>E7&EU7L>Zhw#jMm^?Bx+5F#IM#Dh@o|Lkh5Au8-X9 zH|b+=wtaD{S+}ye#9mr0&9?n`B{GYW6|ZY>2hG_-v`D!GV?W7!8~}`3|vdrXgQ%<#_pF zA#1OxTl^?%4Z&vs+Z<^81;*iSZH9dx5ZA@Li8wqBahKM@OFM}Jne`m=Jldoe@D0y1s?EYg$e3NgR zcT1qBLlb*~N$2n~tt`vY#)9P86$!=tS57mV`gWcNW6=mj0#NNmDf5O$$$I${>%}(fQXNHQ>)lMjhI1Qk8WAKrs0Q5Tr(%VX znTd(h!J8)ay{ek~R|&DE=-l$kj$%Ze-J1g&^DbsDyc^?29oPBb4mjh_I_xIGUjl8Z z>F0xDU7uAa{lE2o-#Y*oHe~LA9@?Cj2TUtJ0t`lX>38k%_+Ig{lkKT(^#C_S#5GI( zRQl!ERSNcpQxVNyDhA?6aY#>0iM2a3^6ZO{Tm{o7gYLjQiKLdLMlC*tT`GR8roXh{X2N{XHtI^`|hf7d>86e|C>1f9q;b}a!N^Bc7q>*=RlXCX^}E- zxY`56UL07tAiuCbuavB@Ze+UovAP2fB=Grr;>Hyi1NE?qjeX^D{5^8BWt-Uj7@sH( z6s7d}A+qKT0-(6Hg{fYHL%jkKq#`38R2&%QYH4kSX}_38EvHW1SAhh}4wdDUpWCx1 z1@tWqScc;Hldm@vcz;iko7W&z^D+;mCASgSHjch9NRk!8O;PWJpOSLNB?`Hme^tB% z&KWE*k--}V-D8MaKu%Ds;>;c&0*(C6_EO6=)i`5{6vfY`Tsn)zD|c$zWMRSG+k-z* zXgtVbR)hX|LrQ3>+D5=hxDiM88_eFMmpguA;jPY$jreS5ftp?9O^Oq%1y zSD1ts_-D?H9Ae)>)TO?RX*+OX#rk+Pur-H4GGxjv#d;jn`gqW$VhcKpKn>jj`9(x0 zGYxb1{A7q^n1xXl&b|KSi0*kaz6e637qkO4YPV#0Vdh4A`tV1CN7U`sR2_Mg_Cm@v z*$Na}CF|7`&V+TYwL!!x3ybj@1)y=4?)USGs4o&Nv|IJeKdED=#7sIIYx{ub@izmw zi=5HJPAZJ8g^jkN;3JsSaykXDK;(0TzvS+1nq@M)tC^2=`{qS8l9d2jCe)aHRoHRA z@R6N(9Dw?5M&_|%sX7IjjM;hHfB`lpa>?@;+hNCeDpjlKU1%_=e`J%PxLoX2!OoZ7 zmb+~pnnjH2C_kW!cQcpFikwhyiu?l0VuND0bpjo5S}_00=~Wg_jfYfLyS(Cr5ZFtC zgS!AP0=`F|MQ0?-yIQ-CyeebHL*@*2_0n6#b-DUOQ7_333m22eChH*sk|+Xq@xHhLia@%kP? z<2Gl#-NJ9_FAN-Ae@`&-x?Skf+;bNataj|VKba4W@4xwK7nwv|z7^R%0scDR|23;9 z*mlU6hXMdNr2zn7`u{kXx<x8 z#5&64693VqgB=@0Bi~AgSYArfK2qoNZAvbgJu$OOYY$mf%XjMbO&l)daMDiPnBB-n zJ&7?)jj-W1Zw1SH$uKfXxqHE(i(=J*NUgNqf8yuw(5P{Pf<}z{+NCBK5fkCTacZP= zlv$_5JA}`TmCX8_AXWwA3#;qku70o&FXgX?9l1f7BOIgF@uD z{$nt~vUkF_)W}v;5m7j%bjH4nyqCtMC>CSvPNRTBjRXfl${0SZB5}HKAsd%2y;beN zMJoe^7G}XK3pYm1sh+Tu8?<=!!sr8y&svhO3EG$FGXiw!j1OKeEZQ@tO?|sf3)aXU7o1$2$3ZGlBZ+VwqL=_!NU94%FY0Lm zua!cTi{i&b$PF?27wetJR{X1$x@IvZLyrVY=69np<>&<&!hRa}K}$Iwv;6jAxp>fv zyON7WB=}=o18zaCU8~xa&`sMQSey?p(!fL@8}AK2ZYkHL1)KXKcSLAOJqz=M(=Eyp z@;u?$rSh?Tu0u!L5Ni*MWuen$;`0?!g&pau*YhX?vkI5^xCPEPDb{j;S4VhA|H3O< z5OMcue03-sk-wO>@};W!ezYZGXYW1EJse;=gNv2N>6JV?clnFbAh29Jlg&UOEyHxo zov%w>P9W6Fn94-dsWQ;ic1B08TRgk!^RS)9#$gKws7)w<+Xu798vE|C#uhi5p&w{n zUOm(YkRmSBJq=kF(ib(ROAMl4$VIuSb8cKz=r_c%ZKbU>TRj4#aKy0jlYu3;q5G1h zTw5UBS<={=>QXB7^G7?_3i=n?FTme)No<%dFV+P{OU32Bq-4)mM#GBwv~{q7HCEPb z3B2$Oo=>tAoF%iVU?jU_;C+%N@`}r@&J2ey8pt3R{;Y9}aD|i({MJnHzIBWA@_X6< zf&_9d>{vP6j0b6qVF(;~QI-YuKLcfm*rR~7UigLhovRvmr87z=C2k@Ucb1LgDu^Mi z=aWWNB3B-Cj6^nrqvrPo0-yTDY>M{(imwQtmX&~ciECPU3kHetp~KUrU6i(d=f^(f>4wPSfeL%+LP!nQr=~7diQ+Z6Su<*!|05MqzIo?C@}%DVQ-- zi(6Q$dX#jm^JbVUjTw_zr&ChnhSHo4dGq0q*%}A=pUzS8TP~MW00ofm`xG$Zxa};Q zDkQ9G7+&=}(OS^>4y#Or))l5$d@4 zIXlTl5$c!^OXz{L)1c;;$e9>T$QZ^4U3`w2!GMtu&y2Eu-`8ENA9p%+aYP- zuL+)PJ2nr2J#)lTm=2*^8n0Begf=GBFf_OB7_UTl%_j3Ma+kDr6t{Miv%Wi=<)YAP z@99zE6!%&QO?*bjM=}DSn5Svd6iTDcH)h^ob%6_kY4VKlQfsY3i5-kbE*t(M-uQFP zLcUq!8EO6F!)VSaL1aM&H7W-q-KN=;UiL1-Yz}u-_Uk9x2h-*KjMD<2R8xkNh8tu) zM{cn8s2Rw;5#mf1jDA8)N~-V0R2@uDVHZ-_X>mU2+ZwY=tn{^_d%HCu z!idacHQsAvKV}R)(@y#}rZ9{5N(AW|18F9?S8;==?xYfBEs(x~A!o++bnC9p#YPT( zLru?uZ%37oD^_0oyfn|fsWRuS%Wap5X`1pvF%5|sH9pmf*p1@&aw7o~ji#t?PK7kU zw9icR^#xZ+ulo-|hmA&xNbpDZk%AANdhi$Hk8ljsf^U<-a><%062mIjzOzi>E2mXd@VcLgY4cov2k`STC-JI~v; z!!ZTrq!^pCFRAn%_q#vv6`q}6FIQyOtLIs(DJOicVj}`ivg<3_sRB0-lMc?V zfG$VwOK|6%F|j@Fg+IgGy8YceQm96;ElCGwGVK-8k3|M>d%`%%2YUW^|Kz$=2+Zj1 zSS+IKKS?j-J&oasYq_G0=8H;E!Q@lO6KIc77E{I>0&^!1U{0dUWz+2$=F+iR+Vmh)QV810ssP+1vF4X}T}<#FK;oRZ<^pr)*wF zey+mO2cD*M*@?RyvRd?D*M+ei3iSsJfQzxu`8+Pf^z%JprAuG1DWV%Q_UF>Rr@3=> z3%85cs4!{{YTxg(4<{ArJdGw>j6$}32*uke(0qB^tEygavI*gU^cm(u?Z?6#a%a_J z0p$L#c@`P{5G|sgmHvWpL*!v1wv{^w%& zKlXSXZS?IN&1{_6J`*+XyZ_3sG`R@G>@%}sR|0s^twrtnM5qySy zhOpt2aO_DhiBQPo(;wv&kwDi=znjOYpelVjJAXKd(T;q2(zG|8BZ4WboZLfQT}@2A z?@k#$et-iE6Sk#zcFoc6&_jq+0^>5Z1jo!D+abn!Rb!<(;!)WP_I{R2+D1Uh}@@7m= ze+rKtkC(VjBm#|nO0)?ZqCFuHLy*IuLO5bw@QXt%#}i0H19c{7-MM{h(W!W#iHjN} zYnhLsl~q4eg@mZ2V9Xi{z--OIkT%eEVoZ@Xe2cSXPkwbjGl!hdEiIXG=44Lo?n4cu zEwm)O92$goxYDP4`@tuiZs5}2qn_!zh7m&}kdn#P7ujz_) z=uPR-*rY|y5sIfqw&sUYg0vDdXyV%Am^m)iPPodvMhD1r6L3(%AvGatFt|rJjR>#{ zTG(aDq&P%womL+>K{ey=&1x4Qp7xIr|Gv7b?G&!|CY67P==j)3(MJBYXzi6l?~Kfr z;4r2#awAF@^&p=KYIZ0ClN!EeS%>-|3`K)_N(p|>F>UQz7j+E;vlrBLk~85C zIqcLuFQrUBX*HuJ^ptMyAg}BgWo#*QZX3hP>f38zWUn-~JKo|3`qeQC=YuIcN&OS| zWbEygV=GwQ5T4^PT!cNVkxOM6$1=^QzmCQ7Xno(zxF|dDuv&jkGxWLjByrxf9E>h*n3>ox!RDsDP(RS z1|R@iTU2(2eP*5y>}=R)=H57$ZT!LeW1{URyGM94`0jUO>ICCXp7mMp;p5hI z#?4ei^#m76^czm5kt+Mjo^F}(oEK22Q;_xPlu97mY9T~U2Ym+War||^Bb2GsnI)aK zQEzvdE9bI+s8|df?%deo<+XhDt#fUcy}VnpKJDOiD#7im?TR4(927Ky%5u1p7Wxv_}c-}eMlKy z_#}c=7>AM)W46CDP^gJ5kRnJ1$_DjrE~9VVhQEw=z+&@a^T*Xj*S z(M+>MN6lt2R&x@>b8$ScH>WQH_PH|-;sk5!v4SRGBkY;&BS{91yRi41g+?ER>%F{W z$G;y7YdQs6ikVc+s=>+^1t$97TJSAoE&za`2g=Q*HkQZJOfHG`ov1OTjOA%qYwbr*8Zsq9@*{>MdTU896ogNT`OSUPn`A0^?HiA9d>^CCWBK{jI7bAURYg-%LZ$VxYb5mU_ za~o&3e_}^8sqQ!uwjp{yzN2_4I%@_%2R6XFUk@ei*Lv+OgKOflPA@Gd%Vs0yy2X;l z53jD>er4N8^y;lPJP~mFnk=4uzMkV*ypBKuz&L*x9eVERwIj%x9knX;C(@g33Svzl z#ka=?$*CmHmMWmzk#m;1`|;VAKz|_*OIGdjaQQ`o%(o`FcoU+?w)>Izd>gnhtK`C& z>yuIe?$;qS0hi6b*H;s(2KgpALEDm9=ocP5l?v@3O76Pl4wtBFBD8+Xp*7f5^Ikrw zR-hc<(k_^6*ZAjN>P7{l9lYm<#D2udmLo0uBYv3|3YcDH`>sHg?z%!W>{HExJ#Rv6 zI;I2EL^>%rqH8*!QqJ>+|fc9L0^WBtjB^wC?X}~-!~o! zUht=$0*o!^$1Pc8owk1Y$eOb)VC1XD&fJk(c z@oaEQA_?b51yFNHUS((2QqY>|a&u}(Zl$!_*XM&<54h@bhx;e9xJK|AL(=>X@~Q`| z>7+j+y!}w16-nPUh!$pch51p|Gc>DnCRl76S8;XX#aJu)cm}vYE;#4oCOeT|V>yGI z-E<6iWa0oPW!P(8(Uww;8!yiH&`Dz;&?$!duJPiJ#l56u(5Kcs4t%pOlAh(h%6&`MLpexU`w=8jP^dZTZezCV0bA)|J)5#d_K?eXAv{dL{9t6=Y#k)txiHu ztDrr(@_FHaCD1|gZ|MeD!&=kJSH%f;62Wb+pQ)J46LCM3^VE3GNjo z1^RD@(|sV04X@13NoU&@9tei$2K`Ik48Q@^I8-|=qCh&xxg&w)fPBF7HeCdE67c`j zU8I_Ty4;X&1u?Ae#^KpLZMcyqI~jIE9q7$?VVw@=4CsjwU2+*q^K1|DZabNVgkM^N zF;Zh~p=SdBb{PrePjY%%I3$X!;U&^CM6Psv#<5=xO64DGz(Xr`V+qpy;DjOTUfXS4 z&h;*>Frh_(b`;3eu_;T4l}?{$uvxDJ4-9B`5e3PqH0gNJMl<6^!`%8hUANM=)Xu8P zNa+2H^Mo5*rGuM<8bKcATE@$MJ}dvYL%n$C!Kl_8MXPAcwn_fMPqLV?=Z z5Bzj3O!e-d)0h|m3%ea2J0uT9a9DpXH0$9>;5x8DMILINxrc|a z+`eM&VhZomhwX(%=Ee%yb4YqLP0^TuoptFc+iml+&QTr`vt-l|sL{n4eZDs)e{D5z^h*GFKNK1fxem-qjyBIkPkqo5+*qZ zc>}ed8`=bvH?98+)Fn-WD{aNp6J@zUO)PhuX-MU>Q-aF!2c=&|7&1k(87`h|4r*@ z{T`b9O9A}FyzvqcX?r<MYFuTsk|qVuMJAr1brqyq&=#lAvE zOKWPW(R0aUL3Me75=#Bvyz{~%65jo3giqAJ;UWAZmeFDCa22zU6vD5qzThhXbMP#b zPy(7tBO?9_$vMtgsG6O|sBfE!+9aFHt1$9N`fgE}F5=|g8~%ujr8*+J6N&}XORZlF znAR(mWRa1vuJM#VL3Dx7ZYKM7l~um7w3Jv{0aKg6A3)GRZTH8LJ!A+IK~C zH+wZC{#BT;{*1gQ>c z3P>!bYNJ*B3}%@&t$;mXua&Xh-*WXa-!ADo%@>CxK4nt}7dY0(L`;g(F@L0;e2}50 zUq~4|ghJyGBxP`K0wc-#&A9G&77e;fo*H76D&VX{+eYuJ;7OH{w^0~$6ZR9f_=!TP zlr(4Iw)-5Log;>LDlkoCNDW`tiY^2Zylq9_(PcHr{#@H%F^J{A84yPtQ{X}u3jm|E^lq?k~2;#@91-{6JutNkgwTi;DMF2QbH8jXLJ5=bQ*Pg)4DGOKkX3h(+& z{mp`L0Dzm8B|0pLq=j`P^0Jp|GWx#q3V;m7^>Y!PHgnet&vBS2p>c3(b|Id%m_B=2 zYX2$g+uATjPrZHUuAKYLs)^wwK!R2r^^-S){)Q`5-&X>fT!#8=>sjn$EJ9Y^= z<~6zkG)=zQbF9uQsk0%X-ULru;nWV)3B7iZ^_g4UVLm7Ju+XRtwuy77!=Z1FBcnUH z8BxthH9WogAN1<8L5@K>b2 z|2AdC3pjqWm4ap-YF5X}ED7*Y6Abg<09{cmz=_+uYPgWR% za*x7Qfd=$|F=D%Pf#+eAB3TY!3_^_in!(?funpdz~_p=oe9lg_SRdO8|_%AU^`zf*1|*H`bgN}Fj=Zk}|1K$(BX z@HTq!g!=Ya@hr&iQk^>moeQedh3+I-Svlo?)%vI+%DtrUrZzC{3kLHZC8!7u6rr*lkmLr$>*K znd?vB&CTA2B|bBf@z*J{@X_Wt~#L@jn z>&~LYKAVki&f?62q8)FOwgo(w&1#>e#-v&tfPH(u*jheLe)OS)(^lsPIoV}=F)-95 znkLf2%?X``ITYSRwgxO77~?t|Z}|Kj1OTmdi~V9HdNNhuIHroxtof*ij`~Rgx$u@; z&~QQUwwY5eQo3__{ECe+P|vJ;Js2-p&Mq^^U`NsOg(bh06})8=pdp4wOg}z6OB2Mi zlKu$4=zL8_a$*?**#1(gsh9-Nf%izQu^gl%s}p1S6R^MyIR`h@@gJ#lxPjPGc^d=m zgm16JobAID)rS2uLE;!q8|jGcfPozz4vOYY-!oykBFVV5a==R9CH6#?W`XP7&@tv8 z*UiTQ95Cq8**Hl&c+U^ivgO{R%42G7|j?hKHz9iA_S-W`D*R&}E$6Yu4| zFF>>>4d&gGCrlXHLaZGjIWJb6fXFSx@Vw5nO8ATv>|q{_Rs7tsavN2|JNhCl$_nY` z9!vPlkBC`u;kiOBq>P1-nCg<`X-=dHU8k&&s!8J+B7tIoN$4p zZico2~4(KKs8UV*d3dqx38L`1Kl|K=1_a!3TjPOu%czlRpQnu@w?0K5)j#)A}mTdM>M#H(TkOfG$Ixj~*s zMVzL;bax?#G~BwOpBk_1p9>^aa->ffIxBTNLkaT6A>C0eB}~W0P%V>ToiAH+7cn7W z?=Bku7LT=+`?Py4TY=4@X~VCEq!bo!#F`I$z`qDbfeHitClg9?h3MJ@gL5xdzwp~B zs2*0#`|?PBB?R&?br!)C^iTvww}FsO6viQArbpKH*e+wrWX&jB7nMG%Z^(&p`sBq) zu!L%q)b*MvCsNG!5cOuaznGT3}k0~GPKXZt=$xWpVeZmb7GY+s>KI+unBXBZS+n5^!G!AlcSg<>WP zZ{G}E1is&%TUx)9CIjQg@OYi_WG!&Ouo4efjVxbgfOV1mv)-sra9w9OZ!R3Z2*TVL z)u!X>9T{KbJn%t+t@tT?z$&LASKV=IObAh^F1rCIhhS((hz7I+$d{Ovo#3wr(Q~Fh zJrNHu0v2NiP|tQ&4y49CR5eZu4|+*OEoNBW%MG%8A#X#3>UPunL4PieZa!m;B8@eB zV#;h7m`+tG@>Jx>F zLx8LaBifG99G%+NY!{e=s3`G?Kz{-lJpMvqvbwp z5W#3hAJLP0Lh_S$nHivLPxj=)C&NmcDjC*WRyCmR91bUS)g2nXuM zcoQn(yqIEk@JIL{a!$q13(b(XeIaiCVkU>WN`k8KKx!$+wWtnL)~o zZrPu|agK+y;L=Ydm|&dg=ObUE`zsCp`PPU2ud&zB+|=gZ-T6=yF5?xx_i3*X007AT z!|VDEhGyRq>V{6v4#t14HQ=ne5xvQZw0tgu@&l2x;#sJv)wMU6njvt^_`!=dacVr#(HZuO>>Z=Jpate$fn_d13tJ4Q>I ze&JtYm&g0OEt(^9Z)MKRCPknVa`iW4oo8HHjyV$Ep$O$ljyxQ=^q*{4RP03G6fyc@IUr5T7R&n>lFNo zDFu)4mj0bZX8Bq-$CzaX2!&u(ufk2h`HLwtNBYkho9_Nb{_*qzOKMnOJO{cXKbmR4 z&sPLOK{j>i$2rPwX1WcjDNOX=(?jsTBT7TlGe32`Dfga7 zA7^GJ*AsXNKcGfOd62XSrDd3mj3T=Sgi6$KzR56fysI;Cc8(wK*OqE} zO>%ZJ+Jaopx+|K|l_zPYQ1+u=`-r8ztuB6@$Wxh{gy<6}H!!_`4 z{CrCk`3?#@nwnr;_rk_^{(^|XluETXluB*?WE|2 z6a7O0V@+!rdgTTv72Z%Ve(AjIM{U_#f0kBhjoI{=>P`|=9?Dgffg|=?R|Zv44eq^( z#JQU;2VL5gfYEA;-)`DtZlky-~ z=gXWV@q{xgZmqIGTa}>!I>lo1;BfbeU<|JF-0qHIa)fTVtwzxQ{j7Ly!ddcMZ`k+i zVmcb57HVN*z<`>fr-r+%iEg2hwoR%JDRL$pCrp<81GjvI*%m3LtD9IIVp`2nwrL6> zh~zxnMeD>PaQLA@Ywkosicf=eq=NDS!`F@!xeH%1VWp3Z(7BHztZw?;8MC=l@g@wM z_h#k%(r~NTyAC5J*DCvhfJ<5uEv-*bY$)dlcGXT>zS`#|J)}lzD=s?eKwDB3m=zMs ztwrSpv zGG!5+UTq2Sriq4zSGK#1iBC4m)Ym_(*1vWOaoqec>^EkS-GXoPY4KdFc6SIemF3HUtiz&0Dp*3U!g?y_G(E{KmiiUcwz}K z$bxue5Mom~Q3v#p%(ku4Hyieo_i~%1F6Z;*o0unKGS3spt(;HK?2?YH8LDwBjhWVL zetfHV9;z}y{K_gK1aJEnXV}hq))5ZK&nvX^g?cpaAfM?T9s7VUliIlXTKT3<3qzl^ z@lZW0eRG>ZYil!OBO`rl19Ks55mYjSM+74hS?yK~#zh-EyE-nh{fryhy(qMXC+ufw zi(famr_#Tko2ATgmh~c9&E05!iG&+gwvUgxvY!ajQ0@ zygsn?U+CWG=lk6J(!40Y^2ySA`MQV*xfc=)fU~rTQkA0a=#8L*6;W&KA?;SLW6iZ~ zIgzo6X>M+=%DbMDO11!$QU!MK@=Te>q@BUcFz-kY_@y>=oxJ7*|NHjRC@#@kXg>Ch~26~>48fTV=*fBpd zc1&2$!ong!C+BFS;YtD_V0H24y0OvGqYWGJBe_{bN{N?GmT7IYmk%uWc{S&$G4+Ql zZGTMs&|n$8QA|QYLXqQGPlabae(BAk#b84sNBM>k(;ZxDUeex-k6Pw&Xk{-i#&5N} zJJBwhclNfUtE;Pl%jY+@r5HBDo41xMVXk~OeVgL*&Da9y;%H?tsCat>Vb5{^9 zRcYtinSTru6WPh5vr9gR$9rP1v9zZmI8yErr*fiJ#`_N++^<$VE#7;7_f{bxp{RDA zyRU2q8y<@}*?kO`kU+1_$;o*b6hwdVW!;Gi5COy-3HzwuH?L};jXi$*IP3aPtKh%Z#n+jZkVzCwXLUOsIb)C^*cQ3 zOBswq=y=KVRw*TJZn5W|ovusJJa(-ifngI9zgMPtYe}^XD|4u@EoXx)VH4wVx4gVO zHmZJ(Rd=jr+SR(37rCAuH{Dvg+xpyY>yLcId0Hv`Tz=~lqw>JwrW8ZN`Dq%Tbl1pyq&h&wp~BIzF~jk`YGRexRMCA_SB)2ZI}dC8wnbw8hUoma z!s=`yWtZs98yj~W*~6)x6!OJlgE62<%Jt?{jm+zs^Mm?J9&xHM(vp%H*Xp~{YZW~a z8p{K@r*7&q30QamSeE!5kT+;Z(ByL%{p#js()8-`d@pIyc)p9C?ADTDW_%^-?gsi2 zX8Sg}D$%iX&y-d+r5ee93=ukZwK9Z3pyQ^Y4YfloDZ9(Vq&8YX+7WQNDO_x#PW8an zSj(1ljxf^VjF;~Q!cd4)?5dLt6Cc>ai)7hDx6|w0y!^0moS9oI{ZP{DftP)CajGRH zAJYNscb&L)VSc()!l%`eES7n_S*3+rO0p1`Vx!|^voXa_p2r>R zWXLL)^WsZM|APu_?Ck8E7h-<{YfS-X&;T3d3HoDcyjCgFtTBn!7wIcKHPU{p-BtQJ zEQLkEOwZ#JW@=u$g^s4CrOD?;xw%ab#3y%o9jkQ99eK^QX5+5&eGBTzdd#cVY;AEnh3}!e?ZY}ntFKtNF-Zs^oX|BDIRa`V$A$TVY+D9wn+K$%} zFjY2qo8GY0$GgB~?y5~&Oqe5QBxTrCJM+3bX>lw(il2nm06TFwV`fE@z&e%uHIz}mcr6oLtb+9qnw?1CIG$!1Y@tAR?m#qK6;@OG8+Dv9KM;q8~ zc8lEMOtvY3Yjv?E9eED7XSLFm5DdLn3 z#K$)-2^uMEieO}+Nt++|`)_lZ9e3}@cPdROWnqFJRBAm4yWHVK&EF+rcU^R<%{s-Z zyDZ(j!=X1+uscB2V5lkOG=$+>D_;VZlzHgGbgoFRnuwAQif&8GKYe$7io;lsmp7T+ zdGrH&uGkDKVUi!6@eCSs=)HcK-9*VY7$D6*eEv!n1=$FCt>8dxWY=gpudn+y_L6#a zeP-}P`DP1n3tGAU;?ZcuP)4wx!&aRLENY2bJ4`zP0HliqjF*Dd|J2zy(8;j6*nE7Kw+5r=MEMTd3Tk#W*n{l`ce|P3p^OkgXhGSQ+ zTp1GUZny8`9^Ofa_|$fWnNa4IW8GUKMXwvMD|!p#@k4r~g^87S`$fvi$~=IQ6vJ*u z+EY7BtCC^ocmVsJr-vxRR{5GG=kqVl_e#h_$vsjDYXysLvnuC~s!<2;>T+ifbCc)I zKR%oz<+-!CaEpXa1o7TxW=6|AnzU9vup>T;w(RV=kz9MGXlg8&Ke6IOW6?B?5_#&* z8q=z!VN237E}TbtHkABQEs;@Tw%S+a+7lhU`6|+)bs2@Zw}t-Kx)n|I%TBQC=#{fw ze!Y!4)(RV$g^!m#;_6tM1Y*kQD>{0%YilB}0Q^EZ18ZN&)0P8&95WF+=ZH z>FZ-^)V0?|fJzhx)Ndbwp;1d*rrLwlBtG9-Wzd#Qbf@er*+QBw+;!~gxvtR>fp#1J z?rB*0^?P`Ec@@QHz6P|^DoKReF}->|{rS$8u1H_;mc?wCYV~W|K?C31m~}W<%~4qL zTS0n`9N_zbY7z_MwG=SCswUCq=4L*tukUfQ59{R#vK45u6r8!gIR&|Bg{lssZky}e zFh}`g%Z@xD_;#iX$7Ico;vMQmrZJ&`Do#`F_J+-=Mo7PhY{*O&*?Val9@FiUE_x`# z^5kL1X0h>4*v>kF|KH?b~RUt+UxUxZ+n z+rH<{GtZ0HJ2*JdXr-*i*%Xp?#M&RNYZ5jMDYZC zkeV2%kJQU|tOgZe0{?R%_Wa&`V=ErW0rN3>1J)j@1_Rb>vuibH2#*K)LTok9DlX?G z?`99RQL!0n;sg77N^|hQu~Y+R(>;gy1%uF+V>KOlMMY z)r5Vgi+~=iQ~E4vv6mzr#G`w(MW5P{kHG`OG5Do4Mps3l?f?T44MOWHiKc9#;c?3j z(ajR`-vZ)4z(hV6xFogYIanjmab%3N=az!0c!>7cclY#^Y*P}YQ<7M)ai0EiKR54r z0oW-KK&=!ui~`}QW4H-J4VpzvmG3S-HfgV24^?2vv<^dDjcb899WmfidAc-cW-%cIna6SEtj?sA?upo zDQ<4^JUROZAf~ZdPxe*sySIsHCvdvf!FS`92imvI!;kUYRa{I2+$Mg$y*9euzP{1W zS1eF1UL{IS$G+W`VR%>@gQ+OE37>Ig$SytuNnF<9uyOFb7p<^%l9C}-WgHw6V(@2gW zt!SI!`v-edoM%Q2rq2KNh)Z2D-i0ZQ)rfvx34xv3AkWn9WN*0kUa44 zSH4UVuFhJCV7|mkq27Sg0#3e`$FO%$MYo~h z^uc0YfFLSa0>boAe8Ix**ObJ9(a})@c)S$LR9sA$oI@K7BNi+nCD6Gu-BfiW!_oab zIbZ!Wa;%J=O;uG@`Lc)IWCObxEUZ4C2*zwM;bxRn*YW zrgY(Z^MLfcpX7euC++2?4-7K}Xv6b#20A*+f|;u}19cqYOY>uFzAN645#c6@$$6u4 zT8ZFwclG2F5;R|3I;CZX#%Js~V%&l}XJTQ|xM9>W#vK!4B{#o7CHVq_iScd(2pi_gr~tLHxHv_Q5$yz@ zL(rAu<`7kSiJn&>(3v+!AG~4%Jr6J`!F|9l;{zPk)YQ;tkU8vMq)068!=QxVw~PhO zwBmHGCd-`ez*v3qqM}4286pUAIHNJT9>^3cst5oUX-bKABp7K5a6*mOHm0bVkP#zg zQkm3*SH=e$d85xg*$UC1*l87E(i+%H)BSGXQ9z1<)H-Q}eT!FtvC$w19!uIfaCToJcypvWn6i; z>-3kqjAOi{8TqpH*MZ-(xsrycmFl~;h>f4udaPIAJTu)+b)_dSP9#U_LTDxP2g?6%G3S=Eg!qBpa`1$>2i9zQ;E`E*^pI&Ty*jdZRT$2j^=EOqme+}$jbtVrFD z)Vn|tdmU7GDv6Q?0D_iJb>X$Lvhom{La7SWnj@pco2e8Oq@6?8;)=Dqe}l*+m)o}& z$TNVC#0zsWM7f&~0#vU_OuyY?0MambV=dWsD5bOnzExv!0;zlZ$c8sbGyFSYMLNX> zr?p`TJqkCABy4}(EOIVHkZ**%w3zM)+bO@mG5}U?uQfbP@$KwiDD!tEBgZY71Havq z21Dx#P*s$T6Pp`K<4_N#RziH(O(ie6$|Yv2Gx~yP0+s5oA_5RmJ2F?mwU*`PrLO!p z)cmOqgNaNo+1s-(Wc{B*fI~)dfJY#l1GtR7mN^XDlzqqkI1u}7wvD}5=sGSztVTbN#WbVgrPz^9gD+V z!CWcjL7ht@1Hdo>v!^&JiT%`H>~?%om*MS-kK%MHIO-0TTLHtvlf9+QA<4^nA;b@|M> zV1DkXOoL*NbQdo5Bpo*kG7fMW^eF{2vRhV%BUhM1&y$5wC$?MXMw1W06#W97lEGRz zY*Kp@^~vHWQ_`+hc!0MQ12JU=LZ{d^nb~UL3CwHg%Vu(l-Ed1bt%Qkkdo9aZrx93s zZ{Qrnn7NTEvOZ`m7hTkn5qCCwp!{w%L#;JFP;Zts2fDy^&abDFbELi>VcdD9JBTBr zGE@YQZa0VlQmTy)H6I(v=?xps0B(2_-rr!G;Y19z?{GLEya?1QL=6J5_Ont3;O!7f z4qOA*1AgHnY&#$cF0Yy?`?_;(yuWsX%k7f@WzvDK*M9EAxVfbjXp|Q2m=p^YIJO6H zr1bZ5S+ICMqNDFmQ|)1~OCG7~X?}IE?=E4o^h&D~j@K|etozy~=JJA%m9@1Y5IS0a zOn3=Ap8{}pc4G;8K53r9YA>V~O(LUzYc9-A$mbZ(eEr~W_`&Z$uCB{a>u|wEkl%t6 zb*i5A<-wK(Pt;mzW&Q627pEzzD<|CCkU06S9>8<#Gn<88NcJ|-I7i*wCWl+;9YbKz zhWXtr!4r_58Z}QLW1;m*ED1sU4>?`6?qmbbHm> zogC+R*8wWIgV>buWfAibQzMeoo0MU7M1j1}Ai|M?T8D4?X1E=yTbP779MbI#u~uxe zsa0sTRLBIAzX`$807y=5n`LQthtt#u^NDM9htznNAh_3FQ+RruWAvu%Wjmr`4R3-N zZJ}_eIj#0u?%ZMh3n$DPyntaBgUx0(qNO*I7j4hM7w&Cj*b2;n<6+K+}U{=M%OY+BMvo z#am;wK-eC35~Bk|28Ht0G7hhh8a2cqJ z+ota_aZ%2^*ki|mY8F`Z11}IIZqLGJ4SGI4p%t<&9wE+wtdh~w>zFKso%M!@RM6xC z26;Sj5)gylsf~)~C(@;@k6utEkD69IJ%QjApasf$E3d`-06cM3RTA5=FgK+%KQCcF z(zZ*;>dNwARBGyT7%%bNI`$$Z*HQmI2oPXi&x#yZHHEMHZcb|8wDD;3D5zBWVoj2A zdY+zc-!cTc(EW1Zy{Nhl(3K`29pmoz1Mg4-0d`!@-Q@1H#UXw z#I=CQZt0q4JeeEHN8uX_G*2#K;j6#W$no=?#GI)Dm$`!-TN7UKUvD};#Ajy=aB)Dq zH0vdx^K(jXPfv8c+|hGOY6vg&>iXVXN!e`Ol3vWna@Mjs|HkV4?G&DlAtp#H^ea(* z-@xMrXc2TXoG|B~PaWkZM7;3}+=NV);n>yfrg@zUBldVwv~mG(GckMEQXP;FubXa@ zlJZ8&(i=g-gqL~?bUaQ8D==$GH(l+j9|$-OOv$~!Hl`HJx~q&U*$WVHhwwRHH^IJ$ zJ2lsUvsV?#Lx{Vy1w&8>lFtm_tKxj0!%mo~$zC1-|0R- zl>+Avdc4^HyXh@quUF>5AGD9h;6c3k+tD9kREAk|cv!{)iz@i#k8P;PTO-SE0^Gb(Pu4Og7^)I+SlXJH(h220turSrh8tyWw z>BTI<50POzw{~V*w>S_+Jfc}1UR01?%bC!X0p>WmQd^*OiIZKPyn(0LozzNwm?=YP zRf=(_RR9c9OC>%B2EaN-)dNgyBiq3EE>Ug!p54du`A`+~$TA9ixEQEXunKTv{SwEs zuge^ic&ZDMWrbH<2HcJM^g%$qWC;(FpPjj1BC$yGo&Hw1#c=xD7d)d3?HIL0#RAdv zCUA(!8(9P+Uvym}=o$m9VPt#)oz7{%W76=@3F3-kTt%3eh(-QHgUZ06G*rCVLv!yR z?vuCafc+QoWCk8nXqP9qu(U{BGWhcDZYwJpSU-e+{p%zhU{`(h@#-Z#$(m_bwamd& z7?{WjaR7)dTdCSv7TzG00##&|8h~5j@tx@O=Q}7@Z$booE+52W+S=XST@1^pwVrup z0QdK09BkmG9Ui0GCym;#0ZAMxU9E)Q(uf{e8zj}Ztf4pY8 zxyp4X3hs5=4hFmz1t**fhVU*1YUK3-(bd%z_R(&R!W`rzF`QnjlF6F{tXwdW-)VBl z%UgeE2E@t4%u8>72Yl`=3*u$P({>CrBe~RqL+U&yCLLf&5xJu3m`^tEIS*=H2Mn?{ zP~6uIge<*5SCMv&{93wV;jx6g0!=v8Ha(;8$JJ-~?R1o-uH$-t*f z{MR+`IF^o9aeu_RQiz?e4zz2;4Pc;j`A$=caW1*S8hUzqEpnG#<|Zrp=D|7?;vYTo zua=hs#HzXGH0IQhW!Z@gPYWS8>eHr^&3j>FM?ZrZ`p7-vJkS6fNpn5(u#l#vCb2iv zKAO9566~#5*S`ItoUV~#ZL|U%k{E%tzDA2ScUQtXKdUj?v?FtxeSa$fl>Jhv9^p2WjHX>Z2j2Yb)d3}EC4A(k+t zfO~sYW`X;9-Oni|HeJ479C7MS%>Za4PhW|}?Crv33GvAV!Y?nz2da@i-(HJ+p5X}v z=(8vMjzFeG`%@K5*d!F`RquDBP2_H77M28^lO+Ls(;88+C|S{W`s#iy?K6e%|$16iD`b$%! zC3^Od8>f*v4CgRQTp5v7*K;sBZr*Y{Die@0yYIPY&FL-|1w2H4J(wi#YysMQ`EVGl z%tLhXk9FI+Vk8z!A-o=p(gSq`L2B)D=b2F{7LaAPNabZ^9w4rx>hN^#v8co7WGUF9 zdzM}KA7fP#5{Y(m!&&tGoD_lytCG6Y$ zfI6A8rs>IfAOc0*Wt|Saq1n`eIk{(%A7?=@KFPkWEm?&44SLHN;vCmqMr+WFM1UVQ{O%($Z1Jn`X?7o2Mo`yG&9UvGvW1>7aEBgL@vwD+o$oWL6c z_5$ni1e(OoL(KqEG7WT=6@b8dFqte4_)i)dJ@*aNO)*G4Gz?FE^A<^JN4_Dzk$Y>V zStAdg=9EqqOyzs!2R;|m2NP+@q=k6&A{=S=#z`s!05u^0?8shjPJg*? zIMSAb*JqjSNR>vve&93t6k!4}Mii*MduzM%SjB4hIcPx zl_I=RnZShcIPkVo82-|HBWXdsW%53&>&@K`Umvb!Ty^V81NE0%N27sr(f}w+zd8^=NXIMmq2}VY^tS*6ZPuU z6Xm~mT9tDzv+2Y71+Ym6bktseFg}%bP`0 z>U0ki;e9N^HagjK=h8yw&94t-3;=cATfq~BdMZPiPymhZ#z_QQyyn;}GW4n|Gguja z$t)@7;Nl#4NhE5~mo&eR#rfM?lwH^ydYQ1Rnfq8?MT0+rjA2kFF&Q#*zSr^3IEMRI&sfhWd)nn#j4pI`REb zS+`4H1DJPBLBK@V=#=hn>W9Nm5 zMvf|%neHGO;POtBkaC{f!)rG0emt!MAWX^W4fE{CcZzXo2*;$8FtOb8VnMw6;v)c8 zf<2E7*JrR2`VY@+CKz1+W!y$AWu`&IF6D>`@v|ajK7R>Q4so6B$4i=gw%t7Yd z$OCs?KER@CgF)T=_I7P;U|DB1oy=}J)#!8XuqWFyD%{*mAh4q`Rf^9I8F;UHBk;=r z;d}`*v4{?{6iQ(6Sping;N2w(tj`O<$4$2)qQeT)@tHLwU=m#ye3a*{k7qJWpV+8t zFJ)(EC+7kHhp{3^Mg56AO7&0A&QS131>-vA-{9%Mr-F&WM&DXR5$-TpHl*Pw$C}In zhk?X3v5r$aCAw)a=9E&Z?ZR02l4ys^RD1T~>>%a7#Qf!!-acj{W8+fT26{YM%bRG> zCJw~K?7UXcQxRMW$}$p^u1I?{j7vG+apJUhZp`uPO-I6RcDdte#dEOh+=bokV1n5L zFXOxL-do&dcDsoWn#?qfV%U~V1PW!mzr#sf7FH?}wCM7>0Ka<5JI%p5o&$SR20#*=|5g|&>whq+ofF&zaNQdeOmsbP z;9bZON_sSNtc-MQ>o2;G=~#U@zz_`l8fg~=SrW*IlF{yRLx5sj47@}D6fGHMrQk-}&0Er&jgt)Yvn+J;mKNtQ0Y@S;y zF@35lzh(oMgam1Bcy=eZ)^LATgDo&JT;ujevRkLT1{3m{#+ zFxTM^CrsFiJAHS3HDDJSrD@jbd$6~dlVtCZiPP zt#csGablnvmcoFyx_}EwIxweU+o?xuo5D3lnSUgxZT+=w#rMDV+&=lgFaGa~|9&xm zw@eYt$9)2PY)3o;ymV_p7sO*+CE0FRs}m2U=I#O$IM6^2zE96_zN)H9DM2YrH0My^ za*}b7MwUe=^(KC;#eVFDe8JDW=HJ;?4}em5GJ-GM(tSTZ#aDobD`(XT=E?MqyebiT zK+e2Q;M;FTPMCb!6G^F$Ro(|k@t~RyK3MiUwdae}`np`(!N8QO_{^pZaAujtB;8}; z7FA(l$HWi9R|^tgbm&6EzGX{VcSsi?+5psPF^e%k9*94sD-n@b=yh$BcSCSyU@!)zh#!kyWM%|1glE{Rm=EOA zN|-Puu$a*hSOT&8k^0rxNE?Zn4@zAj)|DKSg8O8AyzDz1*x|EGK)$XR8SOCh60+_o zVzzI4_{^s!)V4tr@8%7Btts9DB@mj9eo}tDYO~-Ti`V_p2EJn@OqNBMMRD85Zxf5C zpcX`gAtK6j2L}fn55%!9kOMrEf_Se(p^}!IV0|XZOLOGvh*NhAyi*{SWdmzFTBrPa zo1);}*~ww;A>!hAj6`v(B{>wHyMUz8s@uc9W6(I!;ENkPU<#sOcY!?0Y1{Tet{q=N(rK>+|k?l|uAFxOL zAtJJEjM(s5yH1xWshQE@xt7!yOUwhcF-jpeHL}GlG5eR80S?rpJMQ37bm10>5Zt-l zf=4hj5q7yhDyU?3V(=L3@|n#-`}dK8DJ9;XG)k#4m>Z_89lur=t6})Hr|0U|&bCk? zkgRyG$vr8E7x~Dza9ZEK6h?w%frSC>P8>|kLbHnrwbKd#?13d{(6&ScWfT!J{>Aee!cWxMk^0E$6|6sEsxONkEJkW)hCN&QI?Wu+YIJL9q+S zq?5qckgOm6uqr~Nw!md>*O5ynVeL?B&yM%wfW)TSwmss!$l0(9xL4JC`+XwTKnyYK z7Iq(ua_+H+y#+i_9muhlvrNzW{~N&Y;1P&={T78E|NW+;WXJzox%OqGIo34eDxPnO zm#0S{Va8S(@25E+f>xF=VlN zzc<&p;8k+&9;(r0efv`#<>$yFzm}dqC3MfOlJCNixk0`Q52kA1FP~?j)*E+t8JhI& zKC@c2ru4k&lEuDBZ?b>Qbi4ErnZ#~H+clbV8Q-PsY7r_u|5ot(BUU@`t{`Nt#nVQv zZ;ISn>2Bq`WapsP!#deVFlP)#1|p@eJ$H&H%K=k+=cj3_S;o)?0=czEtb#GQ0=!T4 zGoOsl?ws=84RfzIjOy*2w59)=|8acK=f=hz0pEv}MrJt!KgayfAslen2ud~Klm6t@ zS$n1w%lXiN5-PvJ(t-$wXX%5gO(MO!ICqtPsua4nzJxE`+UMEt9Pgdh5iWhOClDe& z9=iT`dDU}O7IVu#*MT@YDc?3^VH)b@27V>&xs!W++u2h+5GgI5m9(`Vm7-hi#C=z} zsZsaA42<>IgvjB9b7YJE3}>$F`=SOgz%LOu4m&EAej0%V7c(YymSg@n_}>Q6&XMiW z;lEdEwvgDPXt~}^q$S0&F21kUg-KcPoiIa_##VS<6<_+G`R+5h#yR$ch&`#83pQ^V z^fskv6Oa+!x%y<+9dxU;w{FJ?*p>db#XcvWfC_n9V}Tsz*3soR1B75(c!qc4XAZ6U z{vp*km8hQ|if~>o4|`w=R>zAUYw`r$&4przjt;jOb}!IM2Ao3f`)|E*HJTi1#@seH zx4!!LARt{$9DgB52D;A*u6*#r@EPs6VsZt*Y&A%fSd}O_)2yv@bio3aKEJNTTHuk}^Ap6mDPu0d`CT zr@KQ#LxSJltim*@sCGFlA)AJ1g{K`+?dylK@WxXw-w`h(T z^{cdv31@H5b`^V47U!r_-CKuBeIypA1wnhtXWYkp*2U2vGM**NWo)@6_Dn5Ni#Djg zBwR3+Pkp4d1#=s}6y7iWef0*p#IRM-8_>I`6SFO7V<9Zu_+~qHkrKVOntiC!uyluBh$qs+#SJaSU2g z8F9}OkM6A>kEl^CAWdgT5Orn!`G?taW}U@ZSbWD_bi=FWY<2yrdKVnX9ru@%U~#Y* z#AN5TcPylN+RdSqQoqfsG`6f|wmFXpNyB9A?%rM*Wo6~!;sQ_`27NkrwBR2G*P{!<0Ca zg_c{_IRR-E(--%*3Z5LJRaE*bn8QHv2(xHlt;ssSJjLW^?Y~y2T4#&*ow*%I1(KjY zXB|HwberMXNy+`MspVLt7teIby1S)3`hu#ezec-j<88MqbK*Mp2@Q!tLo!2-o8bHJ zFQ2%->(-{Rip&zn11L|ProDXm^2Kst;ht4jlB-UEHZd)SX?)(aevL^OmP0J3`8en{ z{=VOq+977wZrk{xkkE9gN@B@5?J=?XHxT=tcEc?PnAdP$&?OHtwNy6k8V-2(?wv_z zfs21Q{n-Yv#x8GxjaP+GZv8`{9Q)RCbd2_Wld}-d;Q$CiO*=mte%Hp)2dCir)nXz7h z);}C|hjXaTy&^5vpFWB%&5xOG8|a)D$^0tv1NmO0=pFm60VAR~4R4SMV1ExEv7{EHvpM!3~;_ViDUS@Qs&epFFPN~&h>G8nJe55u_SrK+nNYV#|;a)q!CIL00d zaIS;QEAbVEJtE7cs86+kI{Iyfk6%qlNH~mTH*|C^bCce%p?~aKNqEY&?mIi-=X&($ zk+Pm13mx6e%*;BORfOZlfzCfU%<=tyir-D^{-iVea$mi=G0egT>_J{|_m5XiSW>O6 ztgxP`U+~9E5t=FgS;W210Nt;IczAgHw9~U#%*((oARy5H8@}?Mu=P&{bMMdPdGRpR z=KEi-ICg+1fRMo|KT_H99)# z=Jp;m_+N&LhqK@RnV$W#te6ppaI)lyfTiAF7yU0wu!l02K7DOQ`I{F|R8z(2{Rv(=0 zt#f;pm)Hw7941>)p&+;wKX>%@fzCf?@WYUs625-@DygT}(GtFbFu?YGkZ-O=y?S+I z{e}(xn^zG`R{Ujst^@@HNSd0ON=hO?!w$UL`{RixM?aqb?~G*+<$}68`wzQ3iFW;7 zaL0}vviFz2xaNm>|FBa`yL#|rV%$GW!lZkHR0X-|E?$`(ye(Ki%=^j{oqEAC?i9l%y!U zY+Ofg;g&oget)vb`tR@e1M&N}<#-SMaPeCT91;=|-~|8&CDt5++ZKmWjH z7vbcF2V&MeAF<3&Qu1qex2fch!JL%55)>39^K%Abbh)3lK``;bA9cR1RQ59$ z;BOm(H5q?(Hki-LmvVofkFf1Pzz=x2^?leT*Fr_?muLMn<;gMQ5(t`XY;3%|yzAGm z-|F)#!6a$_PqPa6#|Ujx|A7GC4eBqx&Lb$ba zPwu~v^vud1Q?3a_5hwX@seIG0OVKoMny%@(V>9?G_RBSg>YQ`{}dkoI$a(f z9v|447nC2b+`3x4@qZZo&n;F_RRwi)@#4jGGH4Aa4}PDPw3-@%0z~`W>+lOt-uy?Y z-DCKx&GPbE4p$Kfwh#ZDiiXB62#m7#R}j((%^34FH5usieT$AUZu#*Dw$$>nvghgP z$Jy8bpq|6te0lKWtvwEjem|X;@O0n5HUPx!KTrht=ucSx9+pD*&0F^WlcZQ!Sl~8& z@~Xgc@QSB9=;*+Q5D9Nc5>8ql_%kr&<%#~Z31mpI{(p&S|MkjOR#o{vfByVmVLx@l z`t{EvBKG``Eafk3`Ugt^rTBMP`Tqpa|78ULJT6?=|99~Cw_p5Na2#~1KQ3-WT!v}w z!SB%)oWWr9>jyfz>MYC7Lx&Ha`-eAx#dLRf)6rpy%8lc&KUe<&3E!9gANbNZLRXup zo%Pp1D*})TR_gaZ23pwZznhemwYC3WO=|hy-$KcM$k=z;#?HKk@M-1aXMZ6wj~*3+ zngBzx>?}~$(0F{~?2q>z91u!@_=83f}SjbAd7wUPclWff>813zodHqO~?c&Qr6K4vH5A$pAsJb4-4|?!nJGH*x0}s*uE^! z_Wdv4m-u~I8R(R@wzfa^;UM>H`_C0<&5<)dNftx_u+GE<20{eSpK%drQY3`U@8JEP z^^vyw7Yp9{jtno z5B|VvxS{5>bY@M7#5SiIJ0KY3e4UNap-xX48bbi86Q%w zt`E^y3Xj9OvvCxdbOE@*k<6`=eFPi2Soc=8n-B#AzQfb2X042C7lAmIh6q_3EY8nh zO=oOUl8@bRi&Uu(^YTvz1<{K+O?q)>wH@uh0lPMkp}D^fQ=@Or_Qy~_(0gJnJ7^(B zn>Iy};qAD>c>RS)=DqvC19$8-0->BXUaN#Tw+7v1k2VP>>E_y{zy`@IEiPa&vri&y z+di4~pGGm`t6H`ev-?^z%_D&rrVMAcN@JloUfxZ0ILW{#wy}OZ?lL>ROW4LFQlb%7 z81q|}OM3T7HH=J$a%>NzA_4^wc&aG?Y1) zTHu6jSRiO%{N5(H{(%stPPAT6Q!toNdU~8=vdPf5Xkabl2xcDQ@wk731J;m7oVvqr z8u}{bip^=4{+cLat%5)?EY;R<(xOA8FD58qvk4-_TR<8{y&01O#?`G2< z5(pY3D_ezq6s?34Cr)5Xhh0E>g*#g_%o>|q=Y}KC+}~_w%;|zR{@0sRg?$~cDvP`@ z>3N^U@sQ)xNPECD{h1(ty&MR>lCS!+09bGAh=0p!70i2w*~Z0NetB(qJs=>qQ4owZwhAUI8z>o3;y zB??G;GuHPB8-INK&`-3lBi{)tY^&jO8Ac%YA3l1NG1&^ohu zI^OO+PJ)5r^?P&xK$SSw;31q0ftw79DgllzmyB0O%9PUUJ1Y-nV0LMc zW=kFrYOfQY`RX5#x@xmvgxXQDQ2btyzN=>ZbwJRjKHADx4qC4+ox-uB*`_Dk4>j>& zc@9vJWfZ)>nOUVH4G{aWu{-B?RV?Mf{!Rc{7O7PaI66p63mVxsF4tU6KcpIcPFDCA{x_HjH$PUT^u!43 z86{X8`<_jAOcgYKw#LGIY(jD7-bQ!q>41G|w33%7tV_!+Zm_>t^smfX+c%wTFv1Y4 zm+yFD;4uvJ=)rT3e_NU(F9lmwc)Lvl{G-BRaT%{}GS6y%%2}6Abk=^oBBC=B7Be6f zSlL1Mb%X*_Or!@NjZuisx>nDLbwuR3cB(%z$|rXUzX6+ z>+?XDy4tL(yq&1|S+Wu`(Xazoz$L)*8~Z3)8FKCGGL^!`uMQMmjfUtpXuIiI_k(yd z;l#4?@<>$Ra&pf>boJkCXvL~sOd6DP0Qu>~c!Cq&Yj|=_$$n@Zd&qB?<~)>ECC-st z6)eE(x-h7pZ2$4e$Bpkw#`d(Og3yf8In$bMx{XreZFb@4LU3lQMJ^UgbcuA%D3+OF zJE_LOkWYRt5XiAd3vhOZSeLm;VvQ_27H2VGIBnTKiPnrI8=!Korwi6_yR@blmfEsl z3%Lp5%>>3lESyVCO$`{uR&78-=ev1Hn#K?dGFz_2Pg9o`sfW0^y+_(}WAYZKDZZF= zp5MU-9{`qFCzF)a|6;S0*==kkgS{Z+9I!(N*6n^Nyl?qw#@gB%o3r87!Hc}f&v&*w zeL)lbHS0Pqfn4*O+p7d__QwN-5XNR^0i!rIKKqfjO~L}{$CLc8uLoc?0VZ0E z#n_`QfJ78}^0d@Spq-#2-FskL)4(5~tOc0KUgrYQJKb^u#QV39g#n_cpOhvOz%fN7=y-k76}3FhZ*K8<75JdPE+8{r{%bo4=C+kx#6a8r82oJ!Qd@hh#d zX({d$#@UxIm(y@z4kcS$zujqqDFhF>rd_LliA@pnfG%M^`SJ>ZAz-;NCh3RTwQxX? z%)*8e{&iU;7##=d;+AuYAz)t5=?<*UcbdYii-XPli7<+*A0GgAK#9N8VJkM!$^e>Q zTKMbi3&uj5z~Y$Fr6dinm)ULPF6<7{53{=%z-L&3>mU5W2iXm#pJVg1Ymd|~Tqpvl z-hpMPkyV-ywlUEhl*D1|lY*)PYxo$q3O|!K8;2oC1^dtmL*tLfmi!apFVB67N2MU;ldY` zk9R@VID+IvqyBQrHSk+jr;!}v`92v5tzIJbmf9jdy$2_}W5*7(0~95b!>uwPN(>R( z=jWZZe@!{%*SGZHYo8$y@BM}0Jv6=PA^7`Ze2d@}qlmQzGI4K#_RF$pZyiFP^UGwm3-^z1$hBfZXz zQ{x~ODrd1+3`;i#ofnYSfyqS&pgI};xMZmXtO|>jfDzgkVe4E+nJ8n3$Coc(#*RhA z@oJeyrw&UdA*(BGHwrgpl%dmPxMyHV6&9^vxds}mZCDI=5wXjieYsp{iN?C5+&hPj zn|#G4HA0hp8IBz+@nTSozaF2M=>Z-cyO;I8!gX+14kHZge%2T*!AKcx3lv;7#a3Yp zL9iK1FIEY0*wU2BDWC^pn2w0aXD!_$gQLKpqHI`}+g5TV=UEMt*&$+M;KQ=T%CU5_ zMjmj_UG%y()sA9qc(XlHFgJpATTI6dUl^A9EK7)2mkVnu-OOVx4{~CkFzg^Q4?dna zB|>e>vBshyT5#w5)%t5ri!taKER2J ztpEWXuH-X+0DL52#dk&-z?r()gBp|tz}Ot}iI~n$tiPy!LKwRliJP|$f?zS6A2OCO z8=uj_+JOVir@I>JSx_l>!2*IIk?V7!q~|7wDcAuMSdrjx;T$d%Hld)rUCVl|mBnLv z*3}w#X%S##ZpW&LgNh-$F!K+aLL#O+b_RoZ#qV=D!s#_oNE8EYR$A zvTHGo*(L6L6MJNtiI~K{e5o>`3=g=5-L<@5lF9-&mPP9eS$~7KzptJs$O4tU+)aSN zI3%Ux&MN%Ko>1SAm@#m$3~>#i{mli2t*=rH`p!>NQiWdV(79&jPwzHsZ2IR zD8Uw>Kv203o8`3uXIx=z|_%-aOp+lI#pU+%Lu%ynSPG)!5Y{`MsW_C_Gv$7bpQ zw!Fj4O**>n?r!Yt6R>#{hl~VSxJtxf^eeW0iA+yVKQ;UUn_4`SVPP;1bGZ8T>(}Fg zuKfDJFPD0Qwd7ij-uyXeDA z-J}|9l8bx>5pkMEp@7`Q!G zam0jd#R}i7$^#vEeggFDT}x$JiC2SSV}E*2*94WcBmyG+H_+dD`CClr^es=_0JA89 zVTIdS3LRB_O{cCPH2o~)!%UCWrsdu=G7_`OIu6~BHaR{9f1nP}4kr7$Og6J)M^?aY z(@(_y#d}za>o)!R4kif`fzCDtpYxq|l*ayz^r%tVKxu4x>Ew+9d$PqWIs2=hJY(K` z7p95f5!R_YYl?5JScPX`-Y>1aPcTmdeJ0i^%M_#QRZ{aHu2_IVZ!$~H$AfzBBx}`< z#y#tVgoI4jnpB1e9m7)MU)Y}WE#JQEB~E0l<>cgC_K1i3WPr2#PQMm&Zq&6e22Wzrq2C9?90V^QN0FE-}D8%0>`Jmv7qlS9pT|AjIgt2#qJjJqX=ufxNN zUHsQI@Wcv4&mHM{2HM1Wacq5n#pDwQYa5HE`qWMwtAo!FZY2_6mBK|rwbT%Qcq0@L9M zQiy$r1Fc4$_e87<<`iP?FjkVe&Xns%Cwy%Rcv^0s=R7kyJ#0y00_2uKB-b^LnR_~I zkw+_O0u4{O$7G>l+&jkDFTB*~+_Obu{s{KRldj;`2HlK!hy5Y2jqIJZ%!+8_1+xRw zVBotjTm8IDP)C!zDxPl8Q%NQOB7=IE3w%nBgxYXt#)n1(u1sf^QE!L zM$tBC z9f&P?rowW7d0l(m2t=JjJUl)anDc#jxww`wodzP~MBhUHnoD?)1nigcexI)wc1=~D z;03jTLEF0LqiG#6{an9vw#4ZBed{DgGhQUGIC0{{a-&@AP+Q;nRxcbz!imjdm*wA@ zdOFGOV#lM;X1` z;hyWR@BYrrTI+e9H8X4M1|Q}!bs9@%i00;gqaEn1=l`B3FU=F*SgPYc4`%iegjhIR zEeju?<4m?L%5OsS*(C>nY__Pj0oo1x37DJ_IWYE;QfJ9aRIiVn!RD*x&T9B(F6?8Zj`k`Me@-qSF}qq{S^<|%#I2VfAXQG z1`;Wy+6jS)0yGi@s+g&Q#fW_DJY4Kf$V*QMfu+l|cm|2n-L2nTCU;Rmcm^U)bhAfU zOD=tSNgil1D@-I{WpdmG;Dv$Grg$b#wN|c*fbvySg7Td^r$Jk1D6XPSp4%Ip<)08v z)eLvHb-I}qPb7r4T!<;QnmE1>k8n3Mqjc;{Pp+zCA8uS|hZL1WuHDzwz&${LE?Y_v zy&<@Sj0nx?biP@c?c+mLeCg@wpR%YIef;p`=rG!Mi_jC(6cN74e(J=Dw&H*xR6@nJ z9H%aBZ)$3aCiqanEKf=sRPd|{)k{TXg+P|kp-em*-&crnsMH+;S_FTS`F3%;k}686 zmfB!G&XpO1jtN+N>jXEO zxLFQty{~hfG%EUTzA5F;DU%qbbtJEVvytZnSixNxZh1EWO6#5(1g#OCJ^BfdKNkAm zNROITqvQ%I9ntB~1c3Rch=>S-HJav`qBN6eRZz{$(Xs9$&n)=*JQtgh-;D`Hu~!?! zg%48v!0mU_EGVZNZ^CEPk%nqo4=2TXKabp+)-$5sa9o`xMZ>VUxrs7F3Q9_!P(4k= z9BU8Z&{PlfimDNLh!s$WuZXQd9|Ux+_Sp_x8Sxdq4