From 228c96acdb405279f484948ffe3d690bd83a23f5 Mon Sep 17 00:00:00 2001 From: cherry530 <707078654@qq.com> Date: Thu, 4 May 2023 16:58:50 +0800 Subject: [PATCH] Upgrade to 20220509 Signed-off-by: cherry530 <707078654@qq.com> --- vpnc-script | 1168 ----------------- vpnc-script.spec | 11 +- ...e66391c4c55ee818841d236ebbb6ae284ed.tar.gz | Bin 0 -> 44546 bytes 3 files changed, 7 insertions(+), 1172 deletions(-) delete mode 100644 vpnc-script create mode 100644 vpnc-scripts-e52f8e66391c4c55ee818841d236ebbb6ae284ed.tar.gz diff --git a/vpnc-script b/vpnc-script deleted file mode 100644 index a2bf4a0..0000000 --- a/vpnc-script +++ /dev/null @@ -1,1168 +0,0 @@ -#!/bin/sh -# -# Originally part of vpnc source code: -# © 2005-2012 Maurice Massar, Jörg Mayer, Antonio Borneo et al. -# © 2009-2012 David Woodhouse -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -# -################ -# -# List of parameters passed through environment -#* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect -#* VPNGATEWAY -- vpn gateway address (always present) -#* TUNDEV -- tunnel device (always present) -#* INTERNAL_IP4_ADDRESS -- address (always present) -#* INTERNAL_IP4_MTU -- mtu (often unset) -#* INTERNAL_IP4_NETMASK -- netmask (often unset) -#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) -#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) -#* INTERNAL_IP4_DNS -- list of dns servers -#* INTERNAL_IP4_NBNS -- list of wins servers -#* INTERNAL_IP6_ADDRESS -- IPv6 address -#* INTERNAL_IP6_NETMASK -- IPv6 netmask -#* INTERNAL_IP6_DNS -- IPv6 list of dns servers -#* CISCO_DEF_DOMAIN -- default domain name -#* CISCO_BANNER -- banner from server -#* CISCO_SPLIT_DNS -- dns search domain list -#* CISCO_SPLIT_INC -- number of networks in split-network-list -#* CISCO_SPLIT_INC_%d_ADDR -- network address -#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) -#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) -#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0) -#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0) -#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0) -#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list -#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address -#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen - -# FIXMEs: - -# Section A: route handling - -# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored -# In order to use them, we'll probably need os specific solutions -# * Linux: iptables -t mangle -I PREROUTING -j ROUTE --oif $TUNDEV -# This would be an *alternative* to changing the routes (and thus 2) and 3) -# shouldn't be relevant at all) -# 2) There are two different functions to set routes: generic routes and the -# default route. Why isn't the defaultroute handled via the generic route case? -# 3) In the split tunnel case, all routes but the default route might get replaced -# without getting restored later. We should explicitely check and save them just -# like the defaultroute -# 4) Replies to a dhcp-server should never be sent into the tunnel - -# Section B: Split DNS handling - -# 1) Maybe dnsmasq can do something like that -# 2) Parse dns packets going out via tunnel and redirect them to original dns-server - -# ======== For test logging (CI/CD will uncomment automatically) ========= - -#TRACE# echo "------------------" -#TRACE# echo "vpnc-script environment:" -#TRACE# env | egrep '^(CISCO_|INTERNAL_IP|VPNGATEWAY|TUNDEV|reason)' | sort -#TRACE# echo "------------------" -#TRACE# set -x - -# =========== script (variable) setup ==================================== - -PATH=/sbin:/usr/sbin:$PATH - -OS="`uname -s`" - -HOOKS_DIR=/etc/vpnc -DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute.${PPID} -DEFAULT_ROUTE_FILE_IPV6=/var/run/vpnc/defaultroute_ipv6.${PPID} -RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup -SCRIPTNAME=`basename $0` - -# some systems, eg. Darwin & FreeBSD, prune /var/run on boot -if [ ! -d "/var/run/vpnc" ]; then - mkdir -p /var/run/vpnc - [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc -fi - -if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then - ifconfig_syntax_inet="" -else - ifconfig_syntax_inet="inet" -fi - -if [ "$OS" = "Linux" ]; then - IPROUTE="`which ip 2> /dev/null | grep '^/'`" - ifconfig_syntax_ptp="pointopoint" - route_syntax_gw="gw" - route_syntax_del="del" - route_syntax_netmask="netmask" - route_syntax_inet6="-6" - route_syntax_inet6_host="-6" - route_syntax_inet6_net="-6" - ifconfig_syntax_add_inet6="add" - ifconfig_syntax_del="del" - netstat_syntax_ipv6="-6" -else - # iproute2 is Linux only; if `which ip` returns something on another OS, it's likely an unrelated tool - # (see https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009) - IPROUTE="" - ifconfig_syntax_ptp="" - route_syntax_gw="" - route_syntax_del="delete" - route_syntax_netmask="-netmask" - route_syntax_inet6="-inet6" - route_syntax_inet6_host="-inet6 -host" - route_syntax_inet6_net="-inet6 -net" - ifconfig_syntax_del="delete" - ifconfig_syntax_add_inet6="inet6" - netstat_syntax_ipv6="-f inet6" -fi -if [ "$OS" = "SunOS" ]; then - route_syntax_interface="-interface" - ifconfig_syntax_ptpv6="$INTERNAL_IP6_ADDRESS" -else - route_syntax_interface="" - ifconfig_syntax_ptpv6="" -fi - -grep '^hosts' /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1 && command systemd-resolve --status >/dev/null 2>&1 -if [ $? = 0 ];then - RESOLVEDENABLED=1 -else - RESOLVEDENABLED=0 -fi - -if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then - . /etc/functions.sh - include /lib/network - MODIFYRESOLVCONF=modify_resolvconf_openwrt - RESTORERESOLVCONF=restore_resolvconf_openwrt -elif [ -x /usr/bin/resolvectl ] && [ ${RESOLVEDENABLED} = 1 ]; then - # For systemd-resolved (version 239 and above) - MODIFYRESOLVCONF=modify_resolved_manager - RESTORERESOLVCONF=restore_resolved_manager -elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then - # For systemd-resolved (version 229 and above) - MODIFYRESOLVCONF=modify_resolved_manager_old - RESTORERESOLVCONF=restore_resolved_manager_old -elif [ -x /sbin/resolvconf ] && [ `basename $(readlink /sbin/resolvconf)` != resolvectl ]; then - # Optional tool on Debian, Ubuntu, Gentoo and FreeBSD - # (ignored if symlink to resolvctl, created by some versions of systemd-resolved) - MODIFYRESOLVCONF=modify_resolvconf_manager - RESTORERESOLVCONF=restore_resolvconf_manager -elif [ -x /sbin/netconfig ] && [ ! -f /etc/slackware-version ]; then - # tool on Suse after 11.1 - # Slackware's netconfig is an unrelated tool that should not be invoked here - # (see https://www.linuxquestions.org/questions/slackware-14/vpnc-on-slackware-14-2-is-bringing-up-network-configuration-dialog-each-time-4175595447/#post5646866) - MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig - RESTORERESOLVCONF=restore_resolvconf_suse_netconfig -elif [ -x /sbin/modify_resolvconf ]; then - # Mandatory tool on Suse earlier than 11.1 - MODIFYRESOLVCONF=modify_resolvconf_suse - RESTORERESOLVCONF=restore_resolvconf_suse -elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then - MODIFYRESOLVCONF=modify_resolvconf_unbound - RESTORERESOLVCONF=restore_resolvconf_unbound -else # Generic for any OS - MODIFYRESOLVCONF=modify_resolvconf_generic - RESTORERESOLVCONF=restore_resolvconf_generic -fi - - -# =========== script hooks ================================================= - -run_hooks() { - HOOK="$1" - - if [ -d ${HOOKS_DIR}/${HOOK}.d ]; then - for script in ${HOOKS_DIR}/${HOOK}.d/* ; do - [ -f $script ] && . $script - done - fi -} - -# =========== tunnel interface handling ==================================== - -do_ifconfig() { - if [ -n "$INTERNAL_IP4_MTU" ]; then - MTU=$INTERNAL_IP4_MTU - elif [ -n "$IPROUTE" ]; then - MTUDEV=`$IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*dev \([a-z0-9]*\).*$/\1/p'` - MTU=`$IPROUTE link show "$MTUDEV" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p'` - if [ -n "$MTU" ]; then - MTU=`expr $MTU - 88` - fi - fi - - if [ -z "$MTU" ]; then - MTU=1412 - fi - - # Point to point interface require a netmask of 255.255.255.255 on some systems - if [ -n "$IPROUTE" ]; then - $IPROUTE link set dev "$TUNDEV" up mtu "$MTU" - $IPROUTE addr add "$INTERNAL_IP4_ADDRESS/32" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV" - else - ifconfig "$TUNDEV" ${ifconfig_syntax_inet} "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up - fi - - if [ -n "$INTERNAL_IP4_NETMASK" ]; then - set_network_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASK" "$INTERNAL_IP4_NETMASKLEN" "$TUNDEV" - fi - - # If the netmask is provided, it contains the address _and_ netmask - if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then - INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" - fi - if [ -n "$INTERNAL_IP6_NETMASK" ]; then - if [ -n "$IPROUTE" ]; then - $IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV - else - # Unlike for Legacy IP, we don't specify the dest_address - # here on *BSD. OpenBSD for one will refuse to accept - # incoming packets to that address if we do. - # OpenVPN does the same (gives dest_address for Legacy IP - # but not for IPv6). - # Only Solaris needs it; hence $ifconfig_syntax_ptpv6 - ifconfig "$TUNDEV" $ifconfig_syntax_add_inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up - fi - fi -} - -destroy_tun_device() { - case "$OS" in - NetBSD|OpenBSD) # and probably others... - ifconfig "$TUNDEV" destroy - ;; - FreeBSD) - ifconfig "$TUNDEV" destroy > /dev/null 2>&1 & - ;; - esac -} - -# =========== route handling ==================================== - -if [ -n "$IPROUTE" ]; then - fix_ip_get_output () { - sed -e 's/ /\n/g' | \ - sed -ne "1 s|\$|${1}|p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p};/metric/{N;p}" - } - - set_vpngateway_route() { - $IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output` - $IPROUTE route flush cache 2>/dev/null - } - - set_vpngateway_route_attempt_reconnect() { - # We'll attempt to add a host route to the gateway through every route that matches - # its address (excluding those through TUNDEV because the goal is to avoid loopback). - - echo "$VPNGATEWAY" | grep -q : && FAMILY=-6 ROOT=::/0 || FAMILY=-4 ROOT=0/0 - # put metric in front, sort by metric, then chop off first two fields (metric and destination) - $IPROUTE $FAMILY route show to "$VPNGATEWAY" root "$ROOT" | - awk '/dev '"$TUNDEV"'/ { next; } { printf "%s %s\n", (match($0, /metric ([^ ]+)/) ? substr($0, RSTART+7, RLENGTH-7) : 4294967295), $0; }' | - sort -n | cut -d' ' -f3- | - while read LINE ; do - # We do not want to use 'replace', since a route to the gateway that already - # exists is mostly likely the correct one (e.g. the case of a reconnect attempt - # after dead-peer detection, but no change in the underlying network devices). - $IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null - done - $IPROUTE $FAMILY route flush cache 2>/dev/null - } - - del_vpngateway_route() { - $IPROUTE route $route_syntax_del "$VPNGATEWAY" - $IPROUTE route flush cache 2>/dev/null - } - - set_default_route() { - $IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE" - $IPROUTE route replace default dev "$TUNDEV" - $IPROUTE route flush cache 2>/dev/null - } - - set_network_route() { - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - NETDEV="$4" - NETGW="$5" - if [ -n "$NETGW" ]; then - $IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW" - else - $IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" - fi - $IPROUTE route flush cache 2>/dev/null - } - - set_exclude_route() { - # add explicit route to keep current routing for this target - # (keep traffic separate from VPN tunnel) - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - $IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"` - $IPROUTE route flush cache 2>/dev/null - } - - del_exclude_route() { - # FIXME: In theory, this could delete existing routes which are - # identical to split-exclude routes specificed by VPNGATEWAY - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" - $IPROUTE route flush cache 2>/dev/null - } - - reset_default_route() { - if [ -s "$DEFAULT_ROUTE_FILE" ]; then - $IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"` - $IPROUTE route flush cache 2>/dev/null - rm -f -- "$DEFAULT_ROUTE_FILE" - fi - } - - del_network_route() { - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - NETDEV="$4" - $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV" - $IPROUTE route flush cache 2>/dev/null - } - - set_ipv6_default_route() { - # We don't save/restore IPv6 default route; just add a higher-priority one. - $IPROUTE -6 route add default dev "$TUNDEV" metric 1 - $IPROUTE -6 route flush cache 2>/dev/null - } - - set_ipv6_network_route() { - NETWORK="$1" - NETMASKLEN="$2" - NETDEV="$3" - NETGW="$4" - if [ -n "$NETGW" ]; then - $IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW" - else - $IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" - fi - $IPROUTE route flush cache 2>/dev/null - } - - set_ipv6_exclude_route() { - # add explicit route to keep current routing for this target - # (keep traffic separate from VPN tunnel) - NETWORK="$1" - NETMASKLEN="$2" - $IPROUTE -6 route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"` - $IPROUTE route flush cache 2>/dev/null - } - - reset_ipv6_default_route() { - $IPROUTE -6 route del default dev "$TUNDEV" - $IPROUTE route flush cache 2>/dev/null - } - - del_ipv6_network_route() { - NETWORK="$1" - NETMASKLEN="$2" - NETDEV="$3" - $IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV" - $IPROUTE -6 route flush cache 2>/dev/null - } - - del_ipv6_exclude_route() { - # FIXME: In theory, this could delete existing routes which are - # identical to split-exclude routes specificed by VPNGATEWAY - NETWORK="$1" - NETMASKLEN="$2" - $IPROUTE -6 route del "$NETWORK/$NETMASKLEN" - $IPROUTE -6 route flush cache 2>/dev/null - } -else # use route command - get_default_gw() { - # isn't -n supposed to give --numeric output? - # apperently not... - # Get rid of lines containing IPv6 addresses (':') - # Get rid of lines for link-local routes (https://superuser.com/a/1067742) - # Get rid of lines containing $TUNDEV (we don't want loopback) - netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /\s'"$TUNDEV"'(\s|$)/ { next; } /^(default|0\.0\.0\.0)/ { print $2; exit; }' - } - - set_vpngateway_route() { - # Unlike with iproute2, there is no way to determine which current - # route(s) match the VPN gateway, so we simply find a default - # route and use its gateway. - case "$VPNGATEWAY" in - *:*) route add $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw`";; - *) route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`";; - esac - } - - set_vpngateway_route_attempt_reconnect() { - set_vpngateway_route - } - - del_vpngateway_route() { - case "$VPNGATEWAY" in - *:*) route $route_syntax_del $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw`";; - *) route $route_syntax_del -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`";; - esac - } - - set_default_route() { - DEFAULTGW="`get_default_gw`" - echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE" - route $route_syntax_del default $route_syntax_gw "$DEFAULTGW" - route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface - } - - set_network_route() { - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - if [ -n "$5" ]; then - NETGW="$5" - else - NETGW="$INTERNAL_IP4_ADDRESS" - fi - route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW" $route_syntax_interface - } - - set_exclude_route() { - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - if [ -z "$DEFAULTGW" ]; then - DEFAULTGW="`get_default_gw`" - fi - # Add explicit route to keep traffic for this target separate - # from tunnel. FIXME: We use default gateway - this is our best - # guess in absence of "ip" command to query effective route. - route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$DEFAULTGW" $route_syntax_interface - } - - del_exclude_route() { - # FIXME: This can delete existing routes in case they're - # identical to split-exclude routes specified by VPNGATEWAY - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" - } - - reset_default_route() { - if [ -s "$DEFAULT_ROUTE_FILE" ]; then - route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface - route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"` - rm -f -- "$DEFAULT_ROUTE_FILE" - fi - } - - del_network_route() { - NETWORK="$1" - NETMASK="$2" - NETMASKLEN="$3" - if [ -n "$5" ]; then - NETGW="$5" - else - NETGW="$INTERNAL_IP4_ADDRESS" - fi - route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW" - } - - get_ipv6_default_gw() { - # isn't -n supposed to give --numeric output? - # apperently not... - # FIXME: is there a better way to exclude loopback routes than filtering interface /^lo/? - netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }' - } - - set_ipv6_default_route() { - DEFAULTGW="`get_ipv6_default_gw`" - echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE_IPV6" - route $route_syntax_del $route_syntax_inet6 default $route_syntax_gw "$DEFAULTGW" - route add $route_syntax_inet6 default $route_syntax_gw "$INTERNAL_IP6_ADDRESS" $route_syntax_interface - } - - set_ipv6_network_route() { - NETWORK="$1" - NETMASK="$2" - DEVICE="$3" - if [ -n "$4" ]; then - NETGW="$4" - elif [ "$OS" = "Linux" ]; then - route add $route_syntax_inet6_net "$NETWORK/$NETMASK" dev "$DEVICE" - return - else - NETGW="$INTERNAL_IP6_ADDRESS" - fi - - route add $route_syntax_inet6_net "$NETWORK/$NETMASK" $route_syntax_gw "$NETGW" $route_syntax_interface - : - } - - set_ipv6_exclude_route() { - NETWORK="$1" - NETMASK="$2" - # Add explicit route to keep traffic for this target separate - # from tunnel. FIXME: We use default gateway - this is our best - # guess in absence of "ip" command to query effective route. - route add $route_syntax_inet6_net "$NETWORK/$NETMASK" "`get_ipv6_default_gw`" $route_syntax_interface - : - } - - reset_ipv6_default_route() { - if [ -s "$DEFAULT_ROUTE_FILE_IPV6" ]; then - route $route_syntax_del $route_syntax_inet6 default $route_syntax_gw "`get_ipv6_default_gw`" $route_syntax_interface - route add $route_syntax_inet6 default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE_IPV6"` - rm -f -- "$DEFAULT_ROUTE_FILE_IPV6" - fi - : - } - - del_ipv6_network_route() { - NETWORK="$1" - NETMASK="$2" - DEVICE="$3" - if [ -n "$4" ]; then - NETGW="$4" - elif [ "$OS" = "Linux" ]; then - route $route_syntax_del $route_syntax_inet6 "$NETWORK/$NETMASK" dev "$DEVICE" - return - else - NETGW="$INTERNAL_IP6_ADDRESS" - fi - route $route_syntax_del $route_syntax_inet6 "$NETWORK/$NETMASK" $route_syntax_gw "$NETGW" - : - } - - del_ipv6_exclude_route() { - NETWORK="$1" - NETMASK="$2" - route $route_syntax_del $route_syntax_inet6 "$NETWORK/$NETMASK" - : - } - -fi - -# =========== resolv.conf handling ==================================== - -# =========== resolv.conf handling for any OS ========================= - -modify_resolvconf_generic() { - grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP" - NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc -# and will be overwritten by vpnc -# as long as the above mark is intact" - - DOMAINS="$CISCO_DEF_DOMAIN" - - exec 6< "$RESOLV_CONF_BACKUP" - while read LINE <&6 ; do - case "$LINE" in - # omit; we will overwrite these - nameserver*) ;; - # extract listed domains and prepend to list - domain* | search*) DOMAINS="${LINE#* } $DOMAINS" ;; - # retain other lines - *) NEW_RESOLVCONF="$NEW_RESOLVCONF -$LINE" ;; - esac - done - exec 6<&- - - for i in $INTERNAL_IP4_DNS ; do - NEW_RESOLVCONF="$NEW_RESOLVCONF -nameserver $i" - done - # note that "search" is mutually exclusive with "domain"; - # "search" allows multiple domains to be listed, so use that - if [ -n "$DOMAINS" ]; then - NEW_RESOLVCONF="$NEW_RESOLVCONF -search $DOMAINS" - fi - echo "$NEW_RESOLVCONF" > /etc/resolv.conf - - if [ "$OS" = "Darwin" ]; then - case "`uname -r`" in - # Skip for pre-10.4 systems - 4.*|5.*|6.*|7.*) - ;; - # 10.4 and later require use of scutil for DNS to work properly - *) - OVERRIDE_PRIMARY="" - if [ -n "$CISCO_SPLIT_INC" ]; then - if [ $CISCO_SPLIT_INC -lt 1 ]; then - # Must override for correct default route - # Cannot use multiple DNS matching in this case - OVERRIDE_PRIMARY='d.add OverridePrimary # 1' - fi - # Overriding the default gateway breaks split routing - OVERRIDE_GATEWAY="" - # Not overriding the default gateway breaks usage of - # INTERNAL_IP4_DNS. Prepend INTERNAL_IP4_DNS to list - # of used DNS servers - SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` - SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` - if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then - scutil >/dev/null 2>&1 <<-EOF - open - get State:/Network/Service/$SERVICE/DNS - d.add ServerAddresses * $INTERNAL_IP4_DNS $SERVICE_DNS - set State:/Network/Service/$SERVICE/DNS - close - EOF - fi - else - # No split routing. Override default gateway - OVERRIDE_GATEWAY="d.add Router $INTERNAL_IP4_ADDRESS" - fi - # Uncomment the following if/fi pair to use multiple - # DNS matching when available. When multiple DNS matching - # is present, anything reading the /etc/resolv.conf file - # directly will probably not work as intended. - #if [ -z "$CISCO_DEF_DOMAIN" ]; then - # Cannot use multiple DNS matching without a domain - OVERRIDE_PRIMARY='d.add OverridePrimary # 1' - #fi - scutil >/dev/null 2>&1 <<-EOF - open - d.init - d.add ServerAddresses * $INTERNAL_IP4_DNS - set State:/Network/Service/$TUNDEV/DNS - d.init - $OVERRIDE_GATEWAY - d.add Addresses * $INTERNAL_IP4_ADDRESS - d.add SubnetMasks * 255.255.255.255 - d.add InterfaceName $TUNDEV - $OVERRIDE_PRIMARY - set State:/Network/Service/$TUNDEV/IPv4 - close - EOF - if [ -n "$CISCO_DEF_DOMAIN" ]; then - scutil >/dev/null 2>&1 <<-EOF - open - get State:/Network/Service/$TUNDEV/DNS - d.add DomainName $CISCO_DEF_DOMAIN - d.add SearchDomains * $CISCO_DEF_DOMAIN - d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN - set State:/Network/Service/$TUNDEV/DNS - close - EOF - fi - ;; - esac - fi -} - -restore_resolvconf_generic() { - if [ ! -f "$RESOLV_CONF_BACKUP" ]; then - return - fi - grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf - rm -f -- "$RESOLV_CONF_BACKUP" - - if [ "$OS" = "Darwin" ]; then - case "`uname -r`" in - # Skip for pre-10.4 systems - 4.*|5.*|6.*|7.*) - ;; - # 10.4 and later require use of scutil for DNS to work properly - *) - scutil >/dev/null 2>&1 <<-EOF - open - remove State:/Network/Service/$TUNDEV/IPv4 - remove State:/Network/Service/$TUNDEV/DNS - close - EOF - # Split routing required prepending of INTERNAL_IP4_DNS - # to list of used DNS servers - if [ -n "$CISCO_SPLIT_INC" ]; then - SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` - SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` - if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then - scutil >/dev/null 2>&1 <<-EOF - open - get State:/Network/Service/$SERVICE/DNS - d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS} - set State:/Network/Service/$SERVICE/DNS - close - EOF - fi - fi - ;; - esac - fi -} -# === resolv.conf handling via /sbin/netconfig (Suse 11.1) ===================== - -# Suse provides a script that modifies resolv.conf. Use it because it will -# restart/reload all other services that care about it (e.g. lwresd). [unclear if this is still true, but probably --mlk] - -modify_resolvconf_suse_netconfig() -{ - /sbin/netconfig modify -s vpnc -i "$TUNDEV" <<-EOF - INTERFACE='$TUNDEV' - DNSSERVERS='$INTERNAL_IP4_DNS' - DNSDOMAIN='$CISCO_DEF_DOMAIN' - EOF -} -# Restore resolv.conf to old contents on Suse -restore_resolvconf_suse_netconfig() -{ - /sbin/netconfig remove -s vpnc -i "$TUNDEV" -} - -# === resolv.conf handling via /sbin/modify_resolvconf (Suse) ===================== - -# Suse provides a script that modifies resolv.conf. Use it because it will -# restart/reload all other services that care about it (e.g. lwresd). - -modify_resolvconf_suse() -{ - FULL_SCRIPTNAME=`readlink -f $0` - RESOLV_OPTS='' - test -n "$INTERNAL_IP4_DNS" && RESOLV_OPTS="-n \"$INTERNAL_IP4_DNS\"" - test -n "$CISCO_DEF_DOMAIN" && RESOLV_OPTS="$RESOLV_OPTS -d $CISCO_DEF_DOMAIN" - test -n "$RESOLV_OPTS" && eval /sbin/modify_resolvconf modify -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV $RESOLV_OPTS -t \"This file was created by $SCRIPTNAME\" -} - -# Restore resolv.conf to old contents on Suse -restore_resolvconf_suse() -{ - FULL_SCRIPTNAME=`readlink -f $0` - /sbin/modify_resolvconf restore -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV -} - -# === resolv.conf handling via UCI (OpenWRT) ========= - -modify_resolvconf_openwrt() { - add_dns $OPENWRT_INTERFACE $INTERNAL_IP4_DNS -} - -restore_resolvconf_openwrt() { - remove_dns $OPENWRT_INTERFACE -} -# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) ========= - -modify_resolvconf_manager() { - NEW_RESOLVCONF="" - for i in $INTERNAL_IP4_DNS; do - NEW_RESOLVCONF="$NEW_RESOLVCONF -nameserver $i" - done - if [ -n "$CISCO_DEF_DOMAIN" ]; then - NEW_RESOLVCONF="$NEW_RESOLVCONF -search $CISCO_DEF_DOMAIN" - fi - echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV -} - -restore_resolvconf_manager() { - /sbin/resolvconf -d $TUNDEV -} - -AF_INET=2 - -get_if_index() { - local link - link="$(ip link show dev "$1")" || return $? - echo ${link} | awk -F: '{print $1}' -} - -busctl_call() { - local dest node - dest=org.freedesktop.resolve1 - node=/org/freedesktop/resolve1 - busctl call "$dest" "${node}" "${dest}.Manager" "$@" -} - -busctl_set_nameservers() { - local if_index addresses args addr - if_index=$1 - shift - addresses="$@" - args="$if_index $#" - for addr in ${addresses}; do - args="$args ${AF_INET} 4 $(echo $addr | sed 's/[.]/ /g')" - done - busctl_call SetLinkDNS 'ia(iay)' ${args} -} - -resolvectl_set_nameservers() { - local if_index addresses - if_index=$1 - shift - addresses="$@" - /usr/bin/resolvectl dns $if_index $addresses -} - -busctl_set_search() { - local if_index domains args domain - if_index=$1 - shift - domains="$@" - args="$if_index $#" - for domain in ${domains}; do - args="$args ${domain} false" - done - busctl_call SetLinkDomains 'ia(sb)' ${args} -} - -resolvectl_set_search() { - local if_index domains - if_index=$1 - shift - domains="$@" - /usr/bin/resolvectl domain $if_index $domains -} - -modify_resolved_manager() { - local if_index split_dns_list - if_index=$(get_if_index $TUNDEV) - split_dns_list=$(echo $CISCO_SPLIT_DNS | tr ',' ' ') - resolvectl_set_nameservers $if_index $INTERNAL_IP4_DNS - if [ -n "$CISCO_DEF_DOMAIN" ] || [ -n "$split_dns_list" ]; then - resolvectl_set_search $if_index $CISCO_DEF_DOMAIN $split_dns_list - fi -} - -modify_resolved_manager_old() { - local if_index - if_index=$(get_if_index $TUNDEV) - busctl_set_nameservers $if_index $INTERNAL_IP4_DNS - if [ -n "$CISCO_DEF_DOMAIN" ]; then - busctl_set_search $if_index $CISCO_DEF_DOMAIN - fi -} - -restore_resolved_manager() { - local if_index - if_index=$(get_if_index $TUNDEV) - /usr/bin/resolvectl revert $if_index -} - -restore_resolved_manager_old() { - local if_index - if_index=$(get_if_index $TUNDEV) - busctl_call RevertLink 'i' $if_index -} - -# === resolv.conf handling via unbound ========= - -modify_resolvconf_unbound() { - if [ -n "$CISCO_DEF_DOMAIN" ]; then - /usr/sbin/unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS} - /usr/sbin/unbound-control flush_requestlist - /usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN} - fi -} - -restore_resolvconf_unbound() { - if [ -n "$CISCO_DEF_DOMAIN" ]; then - /usr/sbin/unbound-control forward_remove +i ${CISCO_DEF_DOMAIN} - /usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN} - /usr/sbin/unbound-control flush_requestlist - fi -} - -# ========= Toplevel state handling ======================================= - -kernel_is_2_6_or_above() { - case `uname -r` in - 1.*|2.[012345]*) - return 1 - ;; - *) - return 0 - ;; - esac -} - -do_pre_init() { - if [ "$OS" = "Linux" ]; then - if (exec 6< /dev/net/tun) > /dev/null 2>&1 ; then - : - else # can't open /dev/net/tun - test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null - # fix for broken devfs in kernel 2.6.x - if [ "`readlink /dev/net/tun`" = misc/net/tun \ - -a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then - ln -sf /dev/misc/net/tun /dev/net/tun - fi - # make sure tun device exists - if [ ! -e /dev/net/tun ]; then - mkdir -p /dev/net - mknod -m 0640 /dev/net/tun c 10 200 - [ -x /sbin/restorecon ] && /sbin/restorecon /dev/net/tun - fi - # workaround for a possible latency caused by udev, sleep max. 10s - if kernel_is_2_6_or_above ; then - for x in `seq 100` ; do - (exec 6<> /dev/net/tun) > /dev/null 2>&1 && break; - sleep 0.1 - done - fi - fi - elif [ "$OS" = "FreeBSD" ]; then - if ! kldstat -q -m if_tun > /dev/null; then - kldload if_tun - fi - - if ! ifconfig $TUNDEV > /dev/null; then - ifconfig $TUNDEV create - fi - elif [ "$OS" = "GNU/kFreeBSD" ]; then - if [ ! -e /dev/tun ]; then - kldload if_tun - fi - elif [ "$OS" = "NetBSD" ]; then - : - elif [ "$OS" = "OpenBSD" ]; then - if ! ifconfig $TUNDEV > /dev/null; then - ifconfig $TUNDEV create - fi - : - elif [ "$OS" = "SunOS" ]; then - : - elif [ "$OS" = "Darwin" ]; then - : - fi -} - -do_connect() { - if [ -n "$CISCO_BANNER" ]; then - echo "Connect Banner:" - echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done - echo - fi - - case "$VPNGATEWAY" in - 127.*|::1) ;; # localhost (probably proxy) - *) set_vpngateway_route ;; - esac - do_ifconfig - if [ -n "$CISCO_SPLIT_EXC" ]; then - i=0 - while [ $i -lt $CISCO_SPLIT_EXC ] ; do - eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}" - case "$NETWORK" in - 0.*|127.*|169.254.*) echo "ignoring non-forwardable exclude route $NETWORK/$NETMASKLEN" >&2 ;; - *) set_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN" ;; - esac - i=`expr $i + 1` - done - fi - if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then - # untested - i=0 - while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do - eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}" - eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}" - set_ipv6_exclude_route "$NETWORK" "$NETMASKLEN" - i=`expr $i + 1` - done - fi - if [ -n "$CISCO_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" - if [ "$NETWORK" != "0.0.0.0" ]; then - set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV" - else - set_default_route - fi - i=`expr $i + 1` - done - for i in $INTERNAL_IP4_DNS ; do - echo "$i" | grep : >/dev/null || \ - set_network_route "$i" "255.255.255.255" "32" "$TUNDEV" - done - elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then - set_default_route - fi - if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" - eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" - if [ $NETMASKLEN -eq 0 ]; then - set_ipv6_default_route - else - set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV" - fi - i=`expr $i + 1` - done - for i in $INTERNAL_IP4_DNS ; do - if echo "$i" | grep : >/dev/null; then - set_ipv6_network_route "$i" "128" "$TUNDEV" - fi - done - elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then - set_ipv6_default_route - fi - - if [ -n "$INTERNAL_IP4_DNS" ]; then - $MODIFYRESOLVCONF - fi -} - -do_disconnect() { - if [ -n "$CISCO_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" - if [ "$NETWORK" != "0.0.0.0" ]; then - # FIXME: This doesn't restore previously overwritten - # routes. - del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV" - else - reset_default_route - fi - i=`expr $i + 1` - done - for i in $INTERNAL_IP4_DNS ; do - del_network_route "$i" "255.255.255.255" "32" "$TUNDEV" - done - else - reset_default_route - fi - if [ -n "$CISCO_SPLIT_EXC" ]; then - i=0 - while [ $i -lt $CISCO_SPLIT_EXC ] ; do - eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}" - del_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN" - i=`expr $i + 1` - done - fi - if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then - # untested - i=0 - while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do - eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}" - eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}" - del_ipv6_exclude_route "$NETWORK" "$NETMASKLEN" - i=`expr $i + 1` - done - fi - if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" - eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" - if [ $NETMASKLEN -eq 0 ]; then - reset_ipv6_default_route - else - del_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV" - fi - i=`expr $i + 1` - done - for i in $INTERNAL_IP6_DNS ; do - del_ipv6_network_route "$i" "128" "$TUNDEV" - done - elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then - reset_ipv6_default_route - fi - - del_vpngateway_route - - if [ -n "$INTERNAL_IP4_DNS" ]; then - $RESTORERESOLVCONF - fi - - - if [ -n "$IPROUTE" ]; then - if [ -n "$INTERNAL_IP4_ADDRESS" ]; then - $IPROUTE addr del "$INTERNAL_IP4_ADDRESS/255.255.255.255" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV" - fi - # If the netmask is provided, it contains the address _and_ netmask - if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then - INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" - fi - if [ -n "$INTERNAL_IP6_NETMASK" ]; then - $IPROUTE -6 addr del $INTERNAL_IP6_NETMASK dev $TUNDEV - fi - else - if [ -n "$INTERNAL_IP4_ADDRESS" ]; then - ifconfig "$TUNDEV" 0.0.0.0 - fi - if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then - INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" - fi - if [ -n "$INTERNAL_IP6_NETMASK" ]; then - ifconfig "$TUNDEV" inet6 $ifconfig_syntax_del $INTERNAL_IP6_NETMASK - fi - fi - - destroy_tun_device -} - -do_attempt_reconnect() { - set_vpngateway_route_attempt_reconnect -} - -#### Main - -if [ -z "$reason" ]; then - echo "this script must be called from vpnc" 1>&2 - exit 1 -fi - -case "$reason" in - pre-init) - run_hooks pre-init - do_pre_init - ;; - connect) - run_hooks connect - do_connect - run_hooks post-connect - ;; - disconnect) - run_hooks disconnect - do_disconnect - run_hooks post-disconnect - ;; - attempt-reconnect) - # Invoked before each attempt to re-establish the session. - # If the underlying physical connection changed, we might - # be left with a route to the VPN server through the VPN - # itself, which would need to be fixed. - run_hooks attempt-reconnect - do_attempt_reconnect - run_hooks post-attempt-reconnect - ;; - reconnect) - # After successfully re-establishing the session. - run_hooks reconnect - ;; - *) - echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2 - exit 1 - ;; -esac - -exit 0 diff --git a/vpnc-script.spec b/vpnc-script.spec index 547fb8b..bf45bc5 100644 --- a/vpnc-script.spec +++ b/vpnc-script.spec @@ -1,5 +1,5 @@ -%global git_date 20201205 -%global git_commit_hash cdbd5b +%global git_date 20220509 +%global git_commit_hash e52f8e66391c4c55ee818841d236ebbb6ae284ed Name: vpnc-script Version: %{git_date} Release: 1 @@ -8,13 +8,13 @@ BuildArch: noarch Requires: iproute which License: GPLv2+ URL: https://gitlab.com/openconnect/vpnc-scripts/ -Source0: https://gitlab.com/openconnect/vpnc-scripts/-/blob/21a051aa8aeb51a86f6ec9cea98445224d08900b/vpnc-script +Source0: https://gitlab.com/openconnect/vpnc-scripts/-/archive/e52f8e66391c4c55ee818841d236ebbb6ae284ed/vpnc-scripts-e52f8e66391c4c55ee818841d236ebbb6ae284ed.tar.gz %description This script sets up routing for VPN connectivity, when invoked by vpnc or openconnect. %prep -cp -p %SOURCE0 . +%autosetup -n vpnc-scripts-%{git_commit_hash} -p1 %build @@ -28,5 +28,8 @@ install -m 0755 vpnc-script \ %{_sysconfdir}/vpnc/vpnc-script %changelog +* Thu May 04 2023 xu_ping <707078654@qq.com> - %{git_date}-1 +- Upgrade to 20220509 + * Mon Sep 6 2021 wulei - %{git_date}-1 - package init diff --git a/vpnc-scripts-e52f8e66391c4c55ee818841d236ebbb6ae284ed.tar.gz b/vpnc-scripts-e52f8e66391c4c55ee818841d236ebbb6ae284ed.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..113aeae8606f7a65fe954a453c4c0267b9ac163a GIT binary patch literal 44546 zcmV(>K-j+@iwFP!000001MFP+avL|3&%ee~;8X0fuG%Us zI0KSc&A|XOqWNXBkF_tbFSgwc%y1}@I_y|ZDw?uO=QSw^08-s1Rx!K&Qdo8csmU6qkz1^z&urjjW?{5m(*ltOm zeQTN@uRrg)8b@B)cv_7UQ@*PPRPQ$j?uV_d_Uio)pXc{~qu$u8f7kvxEYDy6@csXJ z>t7kFBoO_wrz+DhxNQz=|68lpzuso2qt{Xm)y<9zQ!_vr0K z_xgWkpI*~!lb`{x}Vk7eY=Q6#;j+D}#BmsKc+(m;p(gX8m)-qrD=7VwJ!&;mKRo+ajY_*rXg1mEN~F;^0Y`EJf1cDo}WvT@QF%B+|ksa{-L;(yu8m7 zcx<>glHMghJLsJp{jz^@eE7N!jS?|5b}};(8k{433{;eUf=}|3Co@{GA$$-zQ3K&6 z)CpUR6%ehW4zKfxl$UfjjS?-qOX+ubqEkutCL;-r;^<-^RFG;pFUr30l^J~tN%BZ0 zr`16*IQ z{uf5-E9J>s=eWiHH(Rx>1^>UR3P!w+MA+8ZlVLd4-ifJa88Q8@jk1c8OvhFS5>D9Zy0|2SGml!^t1$acrt?j zLiYg+l(;ZlCC?4INmx$@aRPaD7krc479RV&k|F$YaGPG)%^hV%of&m zt1RnQkoC7_Dh5~+2lr%Yq0?W9q489!;pm3Vx}2rOZhsx7bP6}`$I$gI*S7aOH%2BG znH9YYGksxhwq7^R24*D=$8eT0cbbeue4E&^5y=k>|Gk`){3E!&zXeqPD%Tg_Kc|kj z&+!@fzu9cH9`XMJTwlKaxl3C)$1V83)@U!_|8@h;e~tDt7=j#pxH{bwXYu4Hu zJjIv~VAq#C)qrQc>FZGXDh<()zu?_SB}xP{WLAOu0NhRhV$y+_EQ|nF-6<6o|DOBUL30i zsEm>@VC<9(==EjT#Zy88JyH#i;JD4+r$M61c)!CjMz4ku%O#klF8F`XV)7*d$8@&Zu`L@2BnZVi+MGSyDm);{Z4qB7Vj*C{ICn zuA-~>(#9e%SV0p50Yz1Yd)y0@j9?9s2+7A%vseDRg?VT4f}Us5l|%Ta8UEh|OIFTt zoBwY&7S4a|#@6Pe|9^n%kiy^dp34P|&~5p#SIyCVITTR}CStbaWg9)O)+@Ct`!F_% z282*P2AgormF3U&(VTcN;adSlhW{GJ{s^p^Iavwj=4l!!h;V;;J zMrQ{O6Sa1^QL8ujdy#4kKfM>m2wmbo|KI=WA$*&Hp9342#F2{mUaTV-bBVUPQt*B_ z&JK*zsNIo)BbX{Oz`?uIqjKYioH)06uF+U;AdNfxy}ASfRS-zcUxi6XpMIRJ%bR(U z8nrSVmX1nm7wpbg4+vYUk#=V@1&70tsexJ6XyQv-SG$hjuImQKTZ3A^0=b`Qwd|d zV@Bk<8MQye`Fn1Dei*~Bge+ciso=ThE>g)G*$i&D5=V!+4jv3>)(&=V0HISJfCJ1s zTHkn`?HPAI`a2wV1PW(eqQbg{AmDw;Vc`d90Qd-+@?X2>Kb?Fy=ex%r`LDZYXS>Je zA74@l1V9B2NZAgg!Z833p94o)M9CBgXZ-!a+5S(^VRx^4)II-*aOJRjetgjD@xzld zzROQ{&(6F1AC7j<`00nU)05so1&+&-(lP8Nu?}cmKzP0cM;z9OGIurEo6yzBd-DyY}cWUh%N(= zcMpt(gb@za07gFy;u!YkUJQ^3+P~lBaAvI6%JpWg&Oh{aEk`F2e`^y(W@-`{nvw%Z zAa03t$WO^?wph;BOrcQG`zS!56}8|$tEtgdsv@ak(QF)*1KY_|Y5zR``vILV_y3ez zxN(l#;=ip{bK(5oYP28y{{vj#|BIBmucE50wi+;Ii>G@0bz?$N3E<;CA_OW*7Ig8hHJ?qKB{x8Q%=`iuDgvHs^lt_=SJf@e!(fqNMNNw6m=#%sQ8Zf`e4%NNq$-fA}*JF+=ww7spZ?H#{$ z?{UBNmVD6b&$9nmKelR)+u}d9#rn^7tNCdEAL61|&66kdrp=kiC)aKHnGB>b(7p~J zF%2~X_k5oWsOqZ#2DJy%L+Qs_WcdYl>SFGlBEx`lpZ)Gm zeSgeCB2VZ@SE-d_U8aZu`*3yyl;6YNS2LG-zh334s}HN%V%NE+2 zD8q3EYhpO8N|rEjX_!1~fYL85 ze5>6CsZtBvIe$F+{Q{2Vm_~s%e-KA3f1xDgHEds8lmDOy*DWIy1#{DAbY8jtkl8VZ zs_;O_z}zx6ZX@iDv*dL&>;;xVPzgkR(^f%zc0omX0gsh=HypD^>6?5 z>kIrpn(RRU(D}A^KyUH?waxm%`=70?+GG94LtNuD2re+oF6o%T!QYJCn{Q>_*CO&p z7tVWj@}z?yuXX{B_`f9Paz=1G>rl3#Gyjg|eDkG64p}2ug`rGt8?)mn=m7>9++y~E z-j$4?eUTBSB^mhzh7y4JL#eYjm&}Z%yYjM%iRC1j5q-CEoJ|);!E`n?zUPQ;{+k%# z&)fg|C#N5~$M5bq$Ibh{)daM^@cv)3(R$qf4{-4%7iC8djt|aukND|_y`%0vhyMr1 zy#uzaIb6SFIg=9qIgKQ*@9e-4f#t@pqIxNfV|bdEU>b00QioeBF$8eni$;uH@m2+%h; zWnnSPh`dg@rG+H#2*w;{9FuDOiiflb$aO5mB?@CMGhf0-NRXBT%)|gUAON?1CDcw)NfQ|DvFuGCHK4+Ri87;& zQa)9dlXmz4hV~`q#Zh1Y6+m1p>j*jvUkhEajZ@S)WrXfns{u56mP#BX;*p$KdNaAd zv^taxcNxW#d|aOr+6G4kIU8D?b1Iv|h`8N3Wc3WKN+b)i)Dk7-iu!1H5Jq4540IJu z779~FwA0-rb|fSmHQHR-M=`F7mU)eZZB>E8KlPcL1$MLvgw4czQe!Y4Ta4kMjg=^8 zhHzvnQMPnNi;~3hifr9%)dy}L6vZJtke>u*-Ah@ErNf!j8*!0|oWc+k{25~HC~-_C zgAXJOMDu{J=0oN5541y#seqHr%1jC*SKLNa*-){&jQU;!00BFk}^;c4MaSPT?2{TxOn`ih~U1WK6yk)|y7~tS-hD(mMZ<`x;n??qI>i z5b?^!uMAjloJ9u4`hu|ldkhptNFQ_7!W1mJISC#+C}<0AQK}T>3bg8;d!2^c-t)(}Wz1RhL729860zNzptZ zNy&)b#zsR8-X3L{fD0k+oo^iD;{@F-=pEWtvLIKn@@ak_t)sRa7s|QNF~a5)R_M9o zL?%?^t1IQFR1qEb$&lDdayV1MIvEMN>CtW@KQx*R1AoB{NkH7wiZhyYR-$DlV2 zj)@xuI4I4`S5{_iwav3&U=Sk$T!H^?#?t2pXYYG__xLT}KRJHeJ@1|z+j=i|z$)># z_{%-ry$|?^8ooby+db^=@8S)dvR1LhYfE60(@l~*hI0wiP}R0I6Ip3D6DTKi#8eZW z*Uist&?pYj(-<*z*f#_;3QJHZlVeK@{(!LMSfgUsVC~e>w+8T9f)q=P08CCk`G^7! zNIe-rP|!7E1>ZjQvptoK#zF~BFDnr&Ji#$=Tp(3l398ShQ7rK@h66F_*bT0T7T_GF z<=Gn!C^o0tb0c$%thygF0zATIHH!9-fgGT*FY1rU>~HR%Rt=c4WOcJt06gor8Ry&+JytMX~AX=IjMf)Gq81Xn$75pWL zc))ZTEr{M(=nVEqzvSQ>jRr>52D=MgSOK_WGzNhRPKawu4uNc{O2|F(1w~`o%civ3wK-* zFET-Z!4X+(#b!IrSsurP7YG%CRDkFV2E62#QjT#;pawXo$80x~xi17mRA^eXg!U9j zuj2HLj9?aYY`|MSG{ZK8C}(HI0xFmn-CSwxY#v61uvr~!-WrxFUnP6&Atal>9W)+I z4Zd9D^xAIb?CfS|vS@GWMwzco_J{NuF=p!sj zLy!p&*SB#RIx1kOO54}!f@%JnduU(_2Sh7M)KPkf;azm8nH9zzfvQK{3j-2jbfx|_ z-lTmheSB( znoXopW(aTnfPP+)%I(y=RRL!!gFzO5%+>&Cqao1OkxS1t!3y7o45B%am#h(+vp^X) ziwI%%I;kD;+F+Fpmd8-2X=nos6rXd>Bv)6Oa<)6@V9FFi0eFtTn!t^8K^T$`9xbVh z#X>80W{KRAd;0*kfQj+;;qT@Ane!`WCx2158cot`n1TG9j?;>$renXZqf-qBHxGMoeYisXMYnk zkWOgMGnSEE!Hgf|JY;V&4ijdPMov^Zl_|tmqxvS7S*#CXAo5m%2}$uCV7}ncHNtE@ zrUM9F80(s$cbp%+gh%W0VT6w9ldxc}5%_`(QMN4CoEq*JWC5K&G?I5HrJ19w0}Ydr zFal);k@6YvOTJGei%>6$_yS2!^)^z}jRcP|_ag=RV4CN;9$>!lB5z zk<7j6GE-PM(RjW!7It`bvm^GC0n(|)N1Ypgojh2PQB0WoFbjEawyCk~h zCJ$Q&?#gQ&NvEn7@kjddHx!Xe{I?-*orRD7{RtSo-o|k;>zuLlaD7bm4Vlo;73?oE zJH|DMrqM`wRmi1(TT?$>!s+bMf@HE(Xg{}?D59JphN=U9I7=EQeuE0xE8kGht?OVKE(L8utAg|+VhD#M*T=a6Wjib}kL+lQ?U7!@ zgI&TvK;dV)Le=IQ7p2!E31PPP)WhkH$1?ijhZ8#o()*bF{kk)Fd;i%={=gZG-l8sx zSL(!T5HVRvJ>`O#4v2~VlbF;SOGXuioM)mg0@=Wfw0KyTc?TxsO0?-s8NeyQYCH3G z2rmK(J!~J$FRE&N`SQ|w1O3zps1B`i*cX?1cVyik3h6LpyU#V3Sg>poG8N_!V{@Sp zAv=y`AUW|N49sz_ZQL+}{iNV%nQVsWq?to5xcY2#iAHBbirCEAyx@Bn1d|8J)ys_* zFzgn-M}~>vdCtfZ{xG-#SY={tPAuDEepfWJ`16bpv+M{WHIQmTe&OUS?j|F(hXF;6 zsNxW=2v%8vgU6~Tq}xe|Y{wHfg)W;sTTk@5P`D4J26x9{WRC)cfu|?XX`{_9&}wJi zLf$j%(U1%f3D4;=ya`L=Gid-zplH%gFW3rk#&aNJbHP*-583!7U!ept%4IeyOOItf zCS<(v^`oH#yXxDdx9}1md?<-)?FPT0_j^KmX$U^7KPCy`E0yhV}CAeG@RR2h(nm>Y;WYry&=7rMx9e?yg!7@;EZ zntLjPN#+xm^n#m5G!+bNqI(I5VzrS-#o3WE=)5`n+oL1<#1IoBK?)niE9syRv8V)1 zRCj%4T2gQg#r~oO9Zyzg9xK`m5pk!}MFAlcw1`JA2*n8ygXM-moM2*fbLf=NxnFdZ>3?Cxn<&2F$pXQ^{gxBorD#s5P4Uo#pQnf(pu0xCV1ehQ#i55hbPd$6U#CgcB;NVXr2AGxD-l2mp zEZT5CR8-EMwXwlIR~Y<4M4Qu3JS zr7rL?j{JoIoYrzj{?a3^%{bi9ScELxjCLQvq)N;uDWWOjp-52T1jEX)lr|$FDLO31 zPt};mZRNYf!CrB>!O8esKGVP0t&advybx4@Zhj!u19zU0w@zU8xT}u&4J<16L!FQ> zn?3n4KKRVw1`Vz*GD8vL#yNbC4`7Z_BHAo6H8PlRjj&?S@g2Cp7$EV8 zpGT&M?@pNn?nNGZ96IAOhyk7I!xh0`-o&KiP6_A*y)FlRW9-Ng-prGRJxP?ndZStx zsQ{?N;%$OIvC0^(E!qd&9i&ST@D}oRn7g;KTmrBQCzFTwmbYNZ6F5UqI}x`44Olrc z;_wV@L_-8vN*3e*LL@LG>DHn$7iY#g7!V~?pOu6_sP(RBZ(~l8lmev;y#V*(*hwT;)7yRjw>Jov7urG z@~BfJ2k8}ZI9q!d&S0Bxcx?+#LS%;kz~TrsUo=6}^!3@imYl(GOE*_ScNA#U$n79i z;S792Ksd&Jqj*%0NAF@c_(Z2>ltuyKSRpzl9wd&YN9{c{q`77o2!S9P8D(={*!i!l zd-su&Ih>`5m&}t$90V>#FTg(YgbkEowC|$uAdvhxoC|`-r;f3p+f8@R-3qc}S^=;e zp8W(mezdK@^x9&1x~gkmo-I^n`OCJ$!m{F5}(r)d?MNxqGlr#|COc?rUmC zZ9Gzk2+h^h$4W=8G;1YABmC|)j7|+%okm5MU>-fS6kpW)ybjZT9~6odlgGtj(a5UW zC?#b@rH+*6mZs>iehKo8*lepDO9TDL^d-~#l}Xm((qU}Z4RPLsAqJS%#K$w2?o zX@N<^5`RU7N!mi_1U6h#^{SlLCBCukZa(M;b{G1n=Nm;jsFQ=l<;sI*7exuIyH>&n zB=G=llp>duvQq4*Jvd%?5{A*cb%pP@-k}Yu)#Qd!g!$&RfvhW9Pc7m;NSe~htFZlu zn$|SzrP*K%=k^K@52!@xAq{jJHC(Nxw7amLS11Ad$Ug$L;bun8UFxeaIG)hy;U}pH z{16`g0LZ8**Yg7g)gEy2fN2I;?l@HdQH0c)FEnuv3NRm)rUeth4Z$NS<>|$(Nhu%# z8k)n)ld|4YiYopEeh1Qnv#zmSfm_t>;wi!xyc0PO$B9crI^;)&cMxfPT!bNGC7TjN#9Mf=_Eo1NMuqQ@&X2YH+pi32Xtg(YtWj)CL`jgzKf- ztZF53pJ<=ua$c=+_5b3e1vz)qq#{H!B0$32) zfFC_7!q2-Nf{`+jK{qfM=7^OmChRyX8XeEc{uu!apI`*)0@VZ3jy|z*|D0mbh_n1t z>Opf%-#3^VWQ6aFrP(eAl5{(F}vPlNuCvsXEzXTvBEdW5!i~_(92_p zx(Cj|86Rwu-*gHC4iCXV3`P`AfNlutD4YrN!J(snMCklS45SgX5N@N#vViGTIsz}_ zT?XDa80-mWBUg;k+;p$ln@S0Bg8AY=C7lD@G{^pwlv7xn&00`F6I5H+4@s=?;aMUR ztOpdtJ-~19$G{=OBTS()1nDPwzT^gxBFVEsoq`}7=SEqPfx%o>^ADNL(1j*}H%AgM za?0aG#?Pb`g(=xgfVUC|EIMMu1Mda!6^VB)yiJTL>;#%rWP*=Dr4xBJ=k+n9*Xv`P zJ3;@`wQ~MHe*RefC)?ckHkE|Adb{j*@cB~xw`}UH{%bmO^Zorlf5qnq0#usvuW&Da z)tg=prz{5$N7mvrmz)d>cgh$#?LD<;1@-UDu|s;JXQk`iWeuH5GcRVEqXETQ1K_8e%7~@2Z%f6so9d`=$DT1fvpWyG?zyES6{qvpl4rJ8@ z{wDt{r!M7xO7GrHD7j~H0TY9PlJa}sqoQs9<;g#D3I0j``_ItGySlpi^vnO+?~~B% zop_b?1$BS(%jM-q_}T?(cWpTZfB%>C4u47{K1ys{ehn_7E4h^a_BZ(hpUR3>dhwn= z`2MU%S%M`XLUJocP2x(o_~7+Vav3xqID@Mz`KN0s=#8FdorQh<>kriN{A2eYoe17n zy!n}Z=#Kxs_dnm_I|07G|M~y^^DXCJ2ek_QA72{dOZ-2T&Yac%yvcm8|M^#Z@Et9{ zQq9p^lIV~Bk=|WldEyWJ{g$6(JnRq5kiA+sQ~CDOf2YJlwnLA-_0)fQb>BZ<`h3g% zN8|l#q`)8G|LOa?@BII-_n1^%B&XI^{%!*~AwSA3)o_$erl zYD3oayxh{%9>&qC%7A{6>Z)3vOw~d@UoFB9`OTweFN^){4k+c|77`B)E0^syA74`1 z_||QkyH#N_J?@IiWY-xv{exsxwMDzVxqUt~6V~cFVRkpi<{?|rkB95Bw|wq(y3e^x z`Jf+5#k-=}Rkn?OzBz18=brX#v`uMw?Ph$?t9WDpuZm}>LWGlOEv8raP<tGUzF)1C+QqtUCG6QTm6x{jwY7Rt)l%_(wkywa%auJ# ztq-N9{@iNKwwp|*v9U+naw>~Ax}MnO;1OPS)lkh#}at6S;5nLCyg!>T{mZg;mz zEm2+B)= z@p9doHJ@Iz)NVRGq^p?+wNjt<2D8>+lu9YnVZUdtbbl~3^~QMlIe&N4?$>LRqMz<% z?j?P~e3EGM|=ZSGnH}8s^Q)S&q!Rr*ygR*|~wAe!N%wWxscSQ*Az0_1b)) zj}xoT*q3_xe%G#RZTrEg7WV1m^x&p4t;OtVuH7ZtiB|ruuQsmLf!ggo==+IRH>}Uu z-L$saKiBq8d)O;x9z7o)w(-- zN@=CT%S78uUOIQT5Az4$@6YR8R=S_{HkMmVv>mfmPUwT3Y45hxW_E3?nx$c`*fgfo z%-BmU4*KVN)jzI#gK{sEI~-oRtwedTlIj)vW>D@wmG5r5y^N=C{m1phA1r7|^=isY zWJlUd*wPb7pTnY(8i2bCb%;@kTZLW%{M> z&UI_nSoz)2;%@w+9q${H=6K&)E;jB{QB7q1O0$0494nGj_cPP>Y?dge7ka6?s*Ja@ z{#Ny7FKz!p86NiKN#js*G+L5cducg^e(GT`C@m&8%Khe6YFlfw-dk^WnV!CCRQIDs zz2{%Qq;GDHdvlvJr|NMvtS|P}f3x?cYlENJ5;HM`>~&DuJ5)LIR%w9MG8-nOv!wei8})as4ZF~a(?D_bqDvY&PPsjO8N zHrZk7E;-hY!=*|c8aZaT+KiJOm5mQ_4ckw8PH!OekCXPo8ph+yVPMAXhS(OSa!YF{ z?X}#=4N_!CWid`!`}xo;AJ-l~87Wq0BCWj*W6oMqqq5uf#>>Qb4U8>zA_=y)oNZTn zVK^(y*nTVJDqFFhqDJj)W}Djd6J2pS%m@i-UvEr1o&Ct3q>|b4ERxwC`<&9?GD+Pt zt;}Z0&h56d9%VQ0yb6aU0xpNQ#r*cFGhBUXKI6WW-{3&`QFq& zW|PA@x4z>U+28tLc14xRQ*pH=ByyEQcI&Lxezvj5h!ackD{Zy!XiL#96+1;?UaWMb z-qxl#_+Fq7+<$$T}PTZPn)$;d4~FDvq>*4B3U z)}7LCwUpd0QKZIBzt_!!SuXUCdN!l9y0VeqG5cCqW^1#_uA$TtwWF;<*|7mlYTXhk zt1B6`mQC)dYFG9$lX^cR*Sh7LzR~;bTJMnQjfQoml&{;GGqN>Hc6)X`Q!3!^_Hwka zXLrN4UFl}Cl-viAXx)`7?x-}~YIV7l%Vb)zGMVJ!G7hclX5sr@uC~2$Vq$yAV!Y_D zcILKww{5TrHC^bvp}t~@ex)@OYDsxoOy>AX-gm9}sF$nic5=3LS7zL?tJ=}u>={3~ z-H*#Q+hgmLP1EV`lNC$pZH{BdER zX5$t>aG0gh=jvi^=?Iy`%IN_ccR5*B8<|-*o3Unc4P~O(u4QC1nUiNS6toI5+tYKc zR=p-~vf06Yd&lK{wU9dMirl40gHA7}C~^f<8H6gA&$Ki=RMsTVT1f&d)2b;M5dks; zpfYI*;gj}ld8 z>Gb;rA^Al zHot6Z)Q*u7N^+{V_U5u+npJL{Gb)|Q>`*TbJJO!l^V8n4&X-!Vp2h72lQZI@;pF!A z-iki4lK<#w*Z()4KVts>wYfijUYY-MobWXNllVUW|5HA%g%Zsp_*>IBhY~$~vNtsY?dr1}Q^zpEcJGv9X;+)ocJ*$Kt#w;$P3av5 zvxh(^gwleL;Cmwi>J$=uZ$vv}TBHs>`)EcrX86JJkrw#|6*onJ5RIzv_}DZPQKb-OKl z(H~}p+P1o?F+!_L9i>6NAQ&5eTAj9+9Vb~Wx8|nMo^0iPqgI*~YpJ#8D&uC~H8gRa zG)G=JIWvbFuQ72O{U$YuOgmba?sOk7#8nrKmb7fMqj+JL*&9MK zzimi;#gcOK&7``skM1zb6(T};LYd{Ul>#4~Ukt&6&xgEVvWwnPa$NfLP zYlhj&;l~Ssz-#_r;JC;BUraF4yZ`?aKCk)zIeOpu;(`B9{+R#I9UA>-{C~HU0RP{s zwM*b7&i>!_$6S3nE`ZnPTf505->Jz=A=_CMI;AnMKpY^qda^8(GEHzH5Ce$e^0(8l zwm#L|cXri`!zBk|t2mA{R_1uAm0IO#yxvN(amCInVztm6^o7iwFd8SNbvBjB^dmz) zV%OrcB(+Htw{_l82J5X*Fc`%L^Tm8KyB2&eXJ+Tqgq;woUTrZLPxF&`->xUj z?#jJmY)7Z=%6o2@1ZS?dXGS%W%t=nZr{z2Afj6;I@^Mnjdo#Z(ELV0)x|2ukp;mKS z!~SgCUL5RqD+<%kQk@O5EmP>;i%-bfVh8vF*eb>)xC0le4d`HTy zGfX{Os!7xB^uTj1h{i@e>QHyIZpRc?HSmu5M3*PEj4T&slRIWNxpQ}ld>IRrb|6f> zV6`BZQ@V1MnoJ(bK`sa$?2NqIWhZx~%I*&0!Cn!9h*MzE3A-Wd}LAnHM6A>{It zR&SN<7gKI3$Ig0Vi97g=ZY0KTH^GawT`>SK%VZ|Iyeq@(yT(wx-Kt#cPAh|rS6Qzs z3*Hy>%6{@VDy@c5>0Yi#dM4Z1)#8ovE+YC=s#ccA(jD-8KP`4vJX4(THAzvMS*e`z zMj0_ulKW$R={834T2a=A?rJ+MN~^m>uQn@ZQ&hpvFN)1lywRC+`%SsLEJQ|SwV4pc z()`$6_Y|?0E#|uZBs1sK`es$1&W3HyymQ*ARxQV5spDu+Qu>jElFwyIDam$trY<(M z;kLA2N^M`&_|@*X-L3g!HNx@p?ru_xC~mvyHXBT{=*20cm6~qby~IxD`kEjer@dh* ze_+dtz0@(|@#T(*?^c4?@5wV|l*lltoSR)9Gxcplk(v=LPvu)JsZ-LE(`2K?Z5o4p zmm8}_dB`mL+>APJ{4<#@?>ROu2IKhxuVx6@6pET z^N0EWubct+y8mYr9P`xw^8)wo|Nn$fc=o zPD`_?v?-=dHZ2V>-ls5Tvf+2s+w8p1X0#wHW z6=8`&S{Ks^DV=1}iDcSf()33_w6lYa0F(MZ}F2kus??-~+?Z2}%MCTTQdcw9cgyskE-AMJAon(vpZzsh_k2 z4k?vL>q1)O(^4`Gv>F2y`Sci2PNWlTT4U1*KqdjzMHTx6lwkNUP9O_B6vs$iz!!$4 zib!Tj$H4*a431L(`bcR;ORH>}fu0iSq@ErNh_$98Xg!tYSfu+H+Y5Y}1Nv&n19&3A z;JLJ_Aw^SCnl+KP!WgQX27=b4G*DDXrUgPmLrwDu1OTI9Nktyy11SSM5(GkAkeP8> zOr{wSA;20MacLe%%cdnEtpPcBlo*;<&uaVFiz01 z5ZDKVAR-2|28jhKqBc_DrC`QBxcwJ}76b#v!{S47g@|$a6q<6RYaoHCBl`q4%_mWL zL=EK!q%T3VS``9i2bn?Y3+Y4xQ8GkiA4m~sEa)1@gl43Z8VVrDsFqHe*b?dr5)KmB zs}iw+o+KaM(|j9(-=3V(s#C|9Uopx2-?Knl<%;3N=O zBNhuR0hkIcWsfPZ%;VkU=n4FizxfFit2$b%ZLWfHu3+aHlVOF_*|5*5Jt{w*Z~NmK`bO0Du_j(e5mP3R49;o z&i5d-x$`D}&@#j<| zEsz`R2#63sN)ihSLO?_XY>rMG0Z3MAObiN(-T_b=69ERs5_!k=#Byn&GA|4^@YgVE za4NtEkTz5}9W4-a0R-iV1Ln!Vh+HR$+JbUJEf6L2$3)!$3=9Ks0KTXOfguE)0#YD^ ztctqB5;p`-01cjq1h5x$9S{=}fySE>;t&*oHUe~m7-mo`KpaUpM&F)7c7V=;NC6#9 z4wW8!T9QM!f#Wd(cgdh05ek4bf-ePFpz#o(fC__;<^nBd)8iyk4m#jTPyrs581#gJ zGzWtP(ytS@2!$$%YBXYMfj%Ne0}v7bbdXYkI2e<79dHLw5paM3CrC5|WEPRxXdGGO zC}?An_$Kgz007jTA)Gdd{{whq)Oa8<`~o2YcM1xUBJK^k0cim$!DwORAc87~h778M z@6%BULr!x6r$Oa3pr(#p!%rAE=sy}B@)ytq1cA5-9FIssF0_wh>;-HI00(~tW(EY3 zA##F^LhB2o<4Dj4!Vd$0XaYnSxCc=RSP!rj&<8kOXqw;y=o-;VGyx=3fPq7J0O&E~ zFNn551~bNR1vCOG!th~?*iInMOhc6egNK6<5OHY75-*!T#L=~jhz8Im#i7*#DvpWO z0yhNiAH+sSP9qm}R2p`Su_*{7FcTaRm|Jj7Ac#D1pHA&1QETr<{GAHX;$EyL1{5025}Pc3s@77L|`Fk41}DW zLy#!Il11CL?bo(#+qP}nwr#s#+qP}nw*H$xn^{l9sa0(&va)Vw-U8UGVHaeFnO5NB zrxP$1aPi=U!59rFI&5IM!v#?zvy~tUT1aT*m#!b*8q89}Kt|q$z zgE}>g*qcv9GdIbtB)cWEidJcj1VsdH(Da0L>MUq0$tI8jYbMbQ-|<}kjFrB2zUpcgp35wh0ccPFpR)B z$YUom_0N>(;djZIN>FE15O_yJ$dx5hkY_@Z5K%w~Hn1XJ3||L82BP7g=s)m}h!-b; z7Z%DA8<4>5HbNje8xlw-Nd%o%mH3Lj?}{izAA$O!Z(xFuVbGLL;6OmH#4l%z$BRY< zdk+@wBVp_ZjEi*O;wB70N!R(xB`L;Fx<~wl6C!v)y4d!i0T+oSIz z2WStk0%O$|PT)@s+D94(L82FkN)$e&jn4->VnGCp%g3kpju%PZRK^lU8^F_tIitpa zO5s0^C;&ku5`YP(aQD?G6`Der12huk$!^LA#0A#|mI93l_{h)gBc9Vp757Y(rqVA> zCm;ey6($-{;12?LI*i~9Y?p^@WG8CI$blB72+>aj5UlzOnAGks&#z`L%O6P)2-pt~ zJCXH4H`P%LFSF@{0p1~V@eE(yr}Z#Z68fdEagPux{n8(kg-4~P#5 zgtMnNVAWE^J!6>|{Dhx7%% z$N(04bVyYa0~Szk51oHWTseRo@t}N2G@!*l0J)i9!$=&b8hH{pr=ZwMoM;Y=K8~K@ zNCKu0x<43*d=yzxe=MKKkO;D%-xxX|KxzIVv0z}0a3G)j!cjm}V$m@XWL1$9-l>Q? zRt~WNG)v<2!Ga+xwb3F(hDwnWctp)^`mD*Fj8WZ2+Z&{7)uD}9jm`K9fg<{Fw&InR<%=v=%APCM5OdAhha0oBE8 z_Z?k0FSjn#T~n+GpWgIykM9)ujTXzmLlrTXiD_Cgm5Zt#=NVUUdYfFeSg{+GXg2eg=bJ%&E+375mQQcdOc%DHVV!m|*g}nR z@L8gTsj~7;rV6rDRHxsZ6>B*rJqwJQY&s3Bcqo{rQe#wXrmf3;noFo?q%0te1hmRd zQi2%HR!xa{N7)mWsq4^kIuDMaX@=X`bnYqulaP&VcMD8gy0ui5kl5^AIfQDCxJNEX zhBwA|nA6^U8xSenr@ubV%8x!IyMg>Yib`@EbR9IAq z^vACkI#+L9dx}OVWmg}*dxlwpU-X7DdNJ`7ZPI^<$ z{E=QSclGr7tYu8d)LF;3X?)h{J|b1i5z?zpiy6UfEN6Z)EN$Cz*4p6L+SCY&e5B1Q zKmMCEug!aPiK-S}9TpZ-fvuYO=1-x@&P4f}65`dMw zCX$1_q$rq(k0~a=89uo^m&ka0Mag>)M@nCCl4T^Z(fqRc7CappF(O>4!l`PSGzqP& zGe(W=*Cls#dv#y*#A2 zL7^->nLPBsIU{4rOQx)JGhqW4)*p|-*Ph#C+&Ww(=0iEkwKB`J#Yhe^%zbo57#n8Kx?tlg(ia!D!2K;eflM3sbFQEv4;ivC z_3eXJWvfGK##M~2pJbB3>+>GB49A$fGeoSNa+4S8y# zOzNo(kM7H{aW2+s%jHEOsna;lrsIfVszfCZVQ1Y5^kzciRSENZd z5@xH)I5lIEVO1}sLN;|WX(2aWmWx$mw%W<4rK9pq3Ru#KB68HRZLvzdR1U}~+hoX( zCryiq-WL9GF!fP#dt=Gk2&ux_)Z0rz56?*ZLQbzuO6ASch03JMzo3EsCt`W?P^WvH z;t%8CG-DF>i)7A6L*BmYP9!Cs+ZC$`MlMQP9MvZ0k(yRTPuhq_E6V)mjyA2uRw)w2 zY^7;8uWDw+OubQ~s&S>-BU7vNGS_>_71|9}#64kSSK~v9WpP)QomQeXO>2$}jRtDV zWv(HYbqK>s;v!w~6Av<5bh64)rj%u?w(I-YO&fb^+mdM7@PKW0UIT2W^^CABw6BBTuYVVB0EjcvGAY?TxTR)$KCj!di8^@xnu2Q9Ky zEhpc3BsE=wERCj%<8Mkmm9h(2Hm2okcd6l4Hy78e&ZtS>*;SX?)fYQGkBnpdZs3>Q z&qtxp-W$VxP6odZN&LF(-$am;@y}hLGCF4WlP`}gTp3?ID-t% z+nJrbI!dj%Tn+S#;|tqswQ`k-o!4XEt-Bs9)ViSW`|xcTFN65@G*@A4I#8d+YrF1* z)Drf;`(m|0-*-l7{X`moBUyEU!+^hcGW7t50xOg8zPp}~)c%mPVP8E|`hKwg#^vm& zwN`0vUp`(JSDl$(LLPW%$YFcp87t?fmK$R{dD5;2lA`p^&z{8`6)c({fsEKQFWEy| zdfo+D{;u1iQXTffS6U!2B|*7+@Kglo;i>j7GRv1O1)r9j95Y!#9;3uZ8z)8LomYWF z__P=D`IY`6@oq1|~eioA|E6U2E`k-rlLUr=|X=Eu70+^rJU7%tia!o&OJ32sO8tynULWQ*xUK8AC8OhFur1Fg z!|m1>4D?Xkr8lF#3xD})U6f}v z8G;j!4mOfo_4QPKUsJJ>uSFlemq#|cx&t<8p#6sboYW$G7vSs{G04CC_I%6EeRh6< z)jL#MXLLD?L>@FAREUPla+dc!>vsvLb?Hd++B(ap_v>3Yn3l&U=j*!^{{w$fW*EpVrEvaM6#kzuU?Zj|!?3885p3+RAdp)*lUW2CCOvlHoot>#Ze(kZBwH z=Q^-%cP_fqZlt?LquXJA_k5I%<(M|Br(rd7YZ{HuL~8m#LKQ!`OF?md-1~z0Z%RB* z8mJwx0*y;Y`$w64>P&C0mGn2r4~ZV-7B3}OFGvFM4jy`G_HH!|_AEr;a|peS45P$> z&M@Yb`Z>5nJ&sX~MnoV2q!l2HVq70YVzJTIKc%?)faHb!56)u@sIYJ>^|O*c46aJfEb=Ts@5k+L!cW|qpDuAQ)kmGf_Sy*U)Tw~20LjHa z>1_!=9gJYCRTQbqj(bW0tr&Z2k7hMQJB{FhshxCp(Kh3*$9q?OF-oXD4!Kw*JrRUd zyueB>$UNXZ25cekMSNz-$={QHR359jYBzAJos1r#!y5*F9+C6Q)#(vid`O9YELdsK z48Y(>SnQ`n)~}So^X~9>_zNk{51#r&AS<297jdH?&|TmCG!x`e81Yo)*nWyYA5ecpfg+;`It{Q}v7_D-(mqDBQ?Hj%WGv zVNvG|J#FfhN2;K9JAf?JpcZB>4TazYcDU26=jwW_Pl?wRiyNeC2bMFLmWq@Lyh(%l zw&QT;pzp-9vjO&IBM2OR-#o|uoH%BO+9GnvjCOadR3a_qb)>%Rvx6Edv&M! z6|<+{Bw}pQO4GcWQxyO{p??xNo|#zf_SPziDOXeEs;lY@9h8?uYjmLqJwVA=HvK$gh=(E2zX!^$kPYCag1YU`PQ2G&inrrOoB(cS0tBP&>* zRqZp=a8@iNmqY+YAru%ZBDb zG%yp|;;98Isj}jritlH(gH@45Xu)WH6Jjy5Y?85FYJ?9)?}C){wzyAUtV7P@!8)o7 zrS?YU@z;}SL?#`_rCe#r4skq31e2~MxS!v^KKHruz@`@B%J_89pT zAYcS8y%&NC&@TA6RdD5mH{E^Aa16;7v|V|Airw zkBbzJghB+;eg*&P94QLxcYISz$RC`BOB{qkj^YxHuS>>TfSv@a2O}+fwAg~fNi;4K zaBT1=(OTZYU}NZbgzzIPwu>GRK2dn!>43O1(;WyWfr3_C3o-gMAC6wD>rY(8R5E)I zzqO6;x63C{oCg2ViH{Z1?pP;P*v?(((vHqw*LgF3m>!~&DpMgQmc7}K*<&_WR3(QF%c6Yki_E<7Iu)U_L!NKV_o9crhx6U;S}E<`u5+h{z02 z!-#^}oi-#rd;y3*|gf$W&gGKso}d zlKYa5+>upV?YzVQpSC*Z&m+PcP4Gd;1z^5CYz+<7^J<*7`MCuG@N?0YMd6cvc6t-@ z^sZZF&=9mXjz7!vUT0X<_II=>mL6 z-nO#v4vw9TEZ9BkMbE(|F9gbh2O94D0q|ZRT;+g2@*Fg&}Q|$i3ZS9HG6s)y6UyN_XaEAnF-SEmUrFv$D{Z?`wT2cibxj9N^JSn zbULB!gSnmog7||A&5G&P!r=|u&ZJ`TEH_h79&V~J5^Mvns%rA<9lJ~7d&K$W4@t+_GpkANgn3S>44!KHh!#LQJ$W2ND zoc7UA!wXJfcVCjWPsV3{HrAg>2SJa>t%s;KI3tyz8Y}rg2qI{%#*)W@rPfiL;o>V8 z>}9s51ME3nWSm0!84CeePVq!gHz=GEl_0#5En>=VbaAd}5S9+V?_J>G2PA4!ryRKl zLN`*v0an5!9Xar0Km&u*FABF_YJRFy{YDgw*Z3gT3`V;Vj_rkJz~cERx|C5KJJ#YXnoMnDl$hLOEV;41f7Yc#rC=bRPW!u7B$0YZNl zba#ity$wQ?pUZBQ@YQxh8xL{^7M6qMjbM-&%61k_B+w`5!)WzVW%{``RL z!^pmnE*%Pxy5Pf1~|y0C@}w-4OcPIT@XVdXBf46Sg<3+OK@doEBH~ zuzZ-pOsA+i6(Om)8o(cR%&ls4sd5onJVL%cjKW@l)#5yExhw9F)~BSt9Klw4%SFPA z#lB%&!zM?`L~kfC2H{oM=m`3(u6^*UrP4D91KT|wdgx*lu6qXwCtP>{ z+-q`nT^Oe)eK36BrTP83*+&GG!R!?@&J%(zsBk&Ywq%+_Gwk@TfJ}`o9o)VuPoxO$}u2gGQOqtUH>vA!ionpdIk=WFgS_m->$2@Xzw? zb9XuVi?5vMXBm~31j4+rIu&lRPQnWzc-2ef&-&vKh;?Q&E;sLAg#6~xl|krn4Tg*( z!|s6Ut&c~JMn~|??iTTE)=6Nxsf;UhCFH$gy@32TceNt2G@N%MY4X( zFYJf>GRoK3nyzr`a|}Ad0yjX^!7QX^$>KQ91lJPrK5)z91|g4s0TU79ppgNFgoTUx z7lcvRkv1gy;K|Yj#PXAct6rhGzyxCCNZ9N7NAL!)@HGlMHMy%X1|#8T()f%#1B=8- z{60ef{o|?Wh1&`xA)GI8kpIfztU`OEaWp$SoUjo{M6cP>d0IM2>FEn!bs7~_hepW= z!wL37#W?EA$~gf{5#wW+Ud=t=jpX#-zxcNRuG1X?@13nEj&qVg#CF~X5F>Mc$(~?m zUe3^jYgdg3honjpy7Az&k=}tr^H-zjBAx;V{<7-S zrJcKbw{8xT&XAsXCbi-A-5vVHfcmx{QL|ZT8x{}xRBEM0IKX^`RneU)-t?psSFtZI zl!?Kv<@XOG-~1q2pbR;+mZitVFgVCU;Oi$vkx>_@Flq1odDHpTy*0Li`V5K9t)&27 zuX0<93fnpi+Zq=7xfkMk+1=f7HKWUma z=Ld8*fLO|OY<2hg=K6X3BXi=zs~$Oty>S=Xv1nrFZm@l<;sS5$QjWzZ`qw>KJYZa4njZwX#h zzBzmP2i6FnG`f2G|_p%r4DAa(< zNk7TPzrCycJ{V~h@IV)Is2djHmy+Pe#y?mM5V8)S(k(ZhT>l(%u3|)M&%SQJBSuhw z=0}Bn76AeP6iC3QKwjw6PiKQIjezVG6K_sdcee&%2S>-Lb*L{G;b0jD4{gkYXVV^i(PPvo(NH*k0gwU@R z^O!a=#A!SKEnqlM;x~l7=Plgp9r5=VB;ic*?raAP;S>9A6+*(VVk1o^AvR4Ws3%wd zwTbq%jrJ8a`%TRrN%tnqZwvm{QD@&Io1cP?y01}ampX6dSQq2N$>kk=&W}lZ|GA?j zN+lN;nf6bJaxa8R&)&r3F@0W$-~7wFEB_eurYk0t4pv*(kUJjX4WjW6;E`HBZ`6fR z_yDvtJX(7FxrGl@P{D0J8sO7Il39m)Liw)jGF$Y4n1uK4Fmb&@t`~bgTLQ1~Mr-`T zP|YpLtdNt{73?(dJZ;B*>=C_-6`6ri;ukrWo!9`x(OTeW8-R|!wDapbGmQ68LeS2H{`ucmH#jRyD~|VXHNB!uy={d{rjfqGRdGpa<}&uRYi6vq3#=g`kr`ww{=6zO-IkQ3KI_7YWRK}7|&cobKcgla)2Hv zskZ_~_#>zvk^{_6^2P!TQdCEa_9ss(k-Kg(zT{ZnAhdcUTeT;ez6XYdI-K^@e5;nv z@*>ms?(Sq5w8^aB9eS$bKL6_yKv(o227`O^d-DVCX4Eg(UH(OSknJwT{)K@!uRgOH zXCO~0t-$6Za51nC&Bp`khyn>+^8+JlnAQKQ3uwFQFp3iGMRcy~>>&d6b0iiR`Z-j0 z@XxXsbmcygi8~H>wzYd6XGg~(H&;5E*xB<8C{@8ab`FjbIZG=LZqK_oJWQA5*Xgs5 zl{WVge2JElT!V#zoTNnrSw)HnOHOPfwVUO$AZls{_l9d! z+5X)dwk%;EQ>fX2tk{%oLZloHF^4U`!YSLSEuGpY@7#5a6KBseK@9x&Q|JP8(8g>t z69SM9L{8%56I833Le5DYEj6h+-&p`gue`bTsUZykE~zb{nd>aJBM29iG(g6?Z@XNA zuvl6e>z_)UwTR1INGLt|o8Oc|?@jvDCVQ-d^X*e5;CySfXFN?%^+YChHoff{XkDJ+MqXs2Z+&}#QFxxC?tkx8J2>YHP)-alB<B&8ZC^$1$Gz67Mf3lx9yY^bG4bNjor-FapI149?dI>ZFntmtud29r zDpd82W{JUSE>kTz=*{(K$_eO3^zaan(38fH7}r_h(CFljK32VEy=C(qfWjad2X38{ zP3>&U>Enib7hjJ@B2CYJVHVW02f3^Q%w`P+LeCP_;_wW;v9Jc97j-}?XB0`OMDBvX zDX`!com+%;V~IBfRNqWPY}YOVM$&-w;F}S>0nShR@-kjV@_xKu1dqZg+3!pCL2o@0 zVyqTm#@E^j4n@4u`>p6(4{28z@~jY1^(=y~VBKD3v`L}ka~te~SS+4qjrp#J78im3 zjNla93h>>v1-_NXzJ+ksY36Aa^1gfG} zzN+-Y%er2s#y*WsF~)WLPC6a@LL=%6W)hSV=$=t4$BFO~d@?cqu11mHOH?ualhfbw zk5@UrE=8W+CDHwS(j)5KH#jo}tsVN!YxA zS?dUeR%Y=;+u$3-7t?TiAWI&Nk7GbMqo$ldJpDJ=2nWAC#_aWa94dboH8`4*9JQrE z>gdTz0vi61f_it5*fS*O<>EtQP9?n`Q|zmL0v{cM zLFll1(%b#(D1h8+t0C~ij4ue7+U^k_7R4XMXa^KdrC>BGe|ox7mcEx=6KM?UHJAyZ z_{r_zu2bDKthIuvi+I*JYZK=b!`sHTdtABMrMZQg^5`5b0su?O^#S z`s@vm^zDvQd+`H}J^q)yLM?p$+~(bT?Ed=vm+yq{-R82)(vohwyPqO9_uW^wfBb%4 z-}cyD^!%;(4701~sV~5?E#uvRSr};($oweVQt`3Bz5Oh`_`hhespQcT^|VxcTsa>6 z+u+;$x0Zj%g3Il8oW59bW~7SiY%X=G=YMb!-FGLv{>vwq&9P6Ag^#iH@9&nzCtB4T zt1+I|pxw}s%*nkM{X3V9cDLV8{Os%XuTGPv5We2_uMxxVEYoXmM8xZNFW)}$&2LDj zAM9+Vf7(dZhg_D&nB|5W8(w?A2;1F7+-4NqOZfmCjG^ z?`BqCT@WCjvDr0es+5`bEQ9t&pHz{N83cuYpF>ljEny{ATP?54ee8nYqFWU1D_c6b zd!=nTr|r|%vs(FydZ>&V>}Z~r{5YxJ535FbY7E=p&oj(V69c9#vCr*|(OvEc{4H;& z2ZpctE26$P%mY?e$LE{-(QX?!BtrfTpFKR%E52UobzTqnJ9e#9Jk3~+Sxt=6O)~h_ zQ1>wtpI?boEZS#^Y`wgM%Lyw&H}LdhDrEj+%VnUhu{K0WzNJj5MW~Sm>BIw!)M9sR zG_dCrp;2|H+Wsz?42O<=Pj297jx?QJK`HN7AbR{Kf$Xebp#sD(+20sWo9*zO&kHDk=ZcGeYpZYd)^w$vcUHd2?&a5_W)-c+AnXwS~x zpP&7R6|;LPish}c#mZ$SgaHOaI0hc+gJ4Q$zs?`xr9=kN=)NYSLl6yC--4=`filaR z-{#k6EgPK4o>M*d$k=$|aZx=CBe7s(qdo?+%{^dt+0+~wFbj}I8s-fwNNMYt!>#5U z=q>QJ(_!21$__72UXtMJqbnbHNoy&l?d9#|?>rXLfuD0GOC$S zS#ULIS?tAekiKZ6>Rnx#P%gaKOG4j_d|+7bh)0x4pWQHKt<;p1m~F;8qiEF6Wi2KZ zr`c62immT(%d9w6cCY7X+R@ncynPgK07|9J3b3WE4o)P`V#1}d9C>x;EE|YG?!%+i{X|(g;ky#yUjR=XkXr;+AwGM7N+iPV!O;pd!4y- zoZRfFmYQZ)$t(hnKE#?2VrS*wEK}5Pymnlt*9MbkBxYldS0KqjsYH;H0UPTaiTK;d zf%n^0q=>~?p2!t30;f_(kx*-*S=d)C>UVLj@onsG`1RAX&+3w0WuZR1xw9}MMN@(g z5ymQC#S2FtITdONth*LCueS;$MofWPzAn#NaXfOnL}s*@O*dt47 zDzR}Wv7+$4j#!JL?~wbCN)>k{#TVnEdEB(R`L1`!Y3+iTsm1RQOURPv1o#tg-xK3r zE^nE{Izj5^C9_)6&)f@WEgfW2a|Z01N?~)yE5LkG>9SI7jfN!>Fl35IxRi!&Bmy}RwPVjnz&uK2cTsZ_;)qYMql!8hPLf~Av1U}6avJ04pGwdmFGM05dmzkz{D4#C>ty~#ICo{> z-{x^;E`jtrjtRd2G(GE2B33LTG#gA8zvGKBjz;yo3Xk)cCCTJ3XYo*8B^JPEeF}R@ zNlf*qs;<9|y=$)P;a?{?shwpY~oY>&~ly!^qL_Cj1YNNSzv!lu{DZuyuyZ`!)YIWO(QjCm)$ zqT{P{I0zKzl%o`95{#L$IR<~kAFq_l8tWnMyz_B+sa7#D^Dg}yyf$WhwuE-e?Fz@m zOX!SIM=y~P5^bi2Sn)Fd_d(9eauZu8(fx@An=cn{p&GUVQ!fL|!P+-4Sc_X_x7<<< z6)7j8%zFQe$I%5*6d4o^-8_TyV2xkzL2q;1X5if9!(#Q;4&|)w z$*E@32IVR3$qUBRrbu3A(q~>&wEWx-6Zeae2Lg!`*8C$=$-hIhwmi<1g|z`?`FrI% zlHSIXMs9UA#bc%X-p@T4wXL=m9ladVxW9S3P=$ym5mGynXEs9Y9>jr&yyfOk*>U>X z>c8K-B(2y?i)ofL8eibkB5+fPcB&I3pjtxM<5btgj7;3i_FDv(Dp%zsqBFAl1a($f zFFTTQD`w7Ziaa0pCy@M>wd`D;9gLpui$o7QBZUMO$4KH>OBKKzmMex7x&t`hb~8{0 z_)y5A@prVV{$I<)C@mXW+?zy&EsNS=6ru z$AXr3AIspUQ66D9Lp{p?bKzvy60PCJs5{=DhG$+xjTD%0reu{9fxiS$67sh>k{W$S z1Fn$KQ@;miC!6k7@gb4Ho(k%9#X8`)8=NgKaCRY-)LYVRmzkAoPF4-VLZp+R&lyH$ zz=`Oijg!?K(uy3g3n9xR-I808Ffo7f?cnmO7Eri}9p*9?GnHF8(Xva>0|U0^t6zhX zIuz>Bb#Lr$c|TcPJJ;fsie0bz7goB}h3n#8BwnMTFMVk0n0GZ2V&;o?o$0H^3~_j= zNo)5Jk>HIZM1D~Ic9O7XDwT!pHt3I%hD^v5-FMn#a^EI5MPiR0Bu`_GkCS|47OB5? zDKriGzOoYUKg^gHx+}V4p6{dJR8&U8OykV)>2wG_;YyK=dS{L0?78243SE~>ye64< zZT?8?!KN->CXMTJYmA(ub!)OBVI3NJ9p!`unKh}+Bk$x$|K-2%b#|HYIl$@JD)?8} z!M&)Oahf#D7p21u+@{DRFca}N>qL9%tgP-AJ@+ndh6 zL@*_}7qvL}0qy2wem0ki>jzhGHA+KPGJ=CxS44)P9e91p{SH~g=DVSIA+(JDL4|zn zOA+~;Ja=+Z@uu9{zviy4RSqim41`%38|J{&3@UzdVl-qjZ^m{n9#!+HBd$oUs+t~+ z!}EDH|98TCEX1dN<~J@jlA4>}Pbi6~n`vlIvi~ZVJWZKsI+UH3{QEx1-Z>?kd>8xK zrROmqw~oWhFN(L!1L@V3k-gu;R;6k~^Edrt!&;rP-6#WaX5IqUVa7LW!9xe%g_=u- z4`ngE@4OP9ku#qBVu(aCfd&+A558lCO*7|HLD-5Z(@Gs{B72argz$;n2b$xo9u>O> z?la7(xdJxXsl`IFG0LR&{*)SKSIkMnTk!;cL3&dg^Y7IG5DYhVyexV%iIPYztkp|< z?PT1gCYvr6G)CtQc($Tb)aosjtD=s&|I3z=h)#e-zNznm)eDEto|RKYfu)q8_x11^ z&1sXf%U}zlut_~5KZM%(pn+J6W_})a22d1qXmxvsId6q#n}Lt@j>SOmd%BI#27kB~ zpLd$OKlIRZ@AA#y>5tBPjoNp&!uL(<=PhOP=kQ0TsgFA6N=}4<0_W#4RC6uuKotJ*Rk+7okmC1`Bn(uQyWbiRdrj-({6 zpo~BHvpYJ~NO+r`dUnt>W|#TUArq?JbbXQ(7%b*Gx*L#P}W6!uHD5 zLW8nQpE?gPUNbVbXoSx|Yf<8v7_E>`@pFGZ^MxDtV1<@1}WNkd8_ zdAq56DSfSV{jh3R>455f9PE7DyJv_pf3RXWPpDuQe4j^2deZgw0ixS~9Kx%_SEF9U zjm9^aa~jn-&YiO5e5>&bN#Ok4||WZ$xt z`5uXuUke?E1O53#yb$0vzUgre)C+B9#;9;IiGGGed7N0^;Fp2CJX+ozUx(|kn{44< zUgKCbYdnEX|2(>@;IUoAh{#ix3cH1ZRP2POZ!y9H2gRd%Kd=x`aNsP+t}Auxqr|*d zccZ`gyq#yv+ds)fwMKT%qn7x{7*O*^yZr78$nMV3U`3Y#-ad3w8f2=B(}pVQ_!KWc z1*k5t_+Te~u-#M)bc=6C?Z84!E+N`&aZsUSPgdI2|Gd~;w1TI2ihM)hCz^8~tb&J$ zWr2&q<1Mmn!1{7}>iTFCKGoEEw|;DI9H!jjsidkj2wW#y$6-(ipX4cr*{fcsDn}Gg zgsE^*39EIPBn(vgV4FNJ57Sk!T@@7M2xd%m+zo}yD;$d8=VHIgUG_;5d!* z*8+yJ#TwEH-|Ha$LZzuTbCtn0(ZvMgg*giF(GKKS!HhE?FCL|!V3*BhNa+Lzg;WS< z2a1Utzc5qtUku;u#GvtiG8^#Nl4gzv*~*Oh>eKM`*xo}4Km7G zRQB;QgOw7``v8j5IBsDDY@pH&i!~5Ln<;gD?H*#4yJj7hk-`9Vx*p{ED^3GJSG$%nrI|_7a=1gce986F7`N+OyJjU-!wVFt!&#HP(d;sRPc{7w1<_t*uAHm*-nrC+L@|h-St1o z!_SCM84BihZY^DIZzbIvt?S_OL0g&vbCLQwc4)!APg~zVs6`X^G^SD}92Yj+p-+Kp z6gqnlslgV`dR(rX;(!k6$ zZb^JGp^Bh1k@rCQH-#7^uT;v5k&M6>$_U9Ic{i&(B_YK2S2Tf;0hLwcJ(a3E)qh z9Ku*|oW^%?wx+m0y53Y}CJ9~rxMmwQRdmJkqf|v=`B7bA|6OudTl^)P=&fR-)DE$s zscic@b8l#X9)Y>1>=nie@OXvACd5h_!%oe5K3ZMb2{-+>ya{ENAH-N0F)OS)wn&Q^ zZUK>2TTkMNaF)KajW?^5|A0RAta8nynK;KP1)^T8zs#0!$2Dm{c=^4+1fZeuS!Ut`2Y6ai-tVlwaoPu$L^>&}IT{M_4=~ZnmUYDd zOjUmqU^)-$rUiIy&FzE}2TN)8#BnFLuTGK>br+8$ge~M@P(tU_;MNaT!$iRoAikIu z0~rT_(~D_IE;kfC(Q!;$x*mB}EOeMP0;S5YxymB5GcNJXD+w+K1Pak5fto)yh0J)f z5}SeY&Poq;8h`~n;lY<{hzmV$H@&*9V%8!J@yJfX-*EL$@YOWzILF0#2oXDWkkCIW zMg}!dC?EI@Y_bS~=m@f8-XpB>L9uYy^3eVD`rDcne81^^+1Ib0^{KjNgsVNA8SGB< zNy@fO(swnYJ;|wbkVHfIWU9|q3w}WohLl3xe~@}J&-Y(o7zY!}J(a^K3ic ziqtRCN@@-@V$D{2aW(>nP4zA3?ty_Z=Z^505{-sFR zQ3l-1cAZ*W8l{bylg_Fk=Tkk!Zi8!^kgiH`>ya4N#X=#$)r>*YH6?3XGU<66A7Y*n9;l91Z-=1W)czuMJI?UwxgyG z8K>TiOEsFAlxpK+wrI7~X{MQ0J}oNma(nKNG86bCpFLgJOeCE!Cw8+}J@sxa@cNGw zbi!mK4>UfArvNB=S?O?24h|RJko_^PTpAzHWRLF_W_G9kORd+v$&LpJRoPs*Le+87 z^MVZ6E&d42t&gSGTPx(on#ca$wj%;JRqYic3IM5VAeM%jiTqrGYoftnj*`NWMm(My zqZvWuIbOssA*46^go5`6fgp5TB%I>l%!69LLAwf8yK>l48!r2wcB|2!fh`J=Oh8&> z7Ge;y2DUv*w7sRf)mD>|1Ahb~4jp?7*U-jhbj4GcP2D5~13}o6#QB6WIrLnS;B=b- z>cF~sW?wN75Mls^jlRNvsJF=?TFUX!teJ@OiUuY@-Bl6pvMbBXs?)ve%fZjnX@?sH ziElS42@{QKAForTA$Vfyvos?ViXsL2n;JmMIIqRj;{nmvXlxmC?Sr*UK@nS2R|cU1 za|bvpH=vXmyM#-A*fCywq6{Gm{9fXm`Rl z+ZpsDK%j#yOK@vCJsK0mhA5aZ!hOJCHcFODk%%H{8oGb--QxVKVBI$9;a>G@alfV1 zwb8YG>QJ_*8*(ikFPJE&xW1YGC7{I}U;~7j(l>$+W9#;eo9Xw^> zJTA;G^-QQp!IZ1e3Znj7m*v9(6@IIo(6K`;fx3e*+^Rc~j$vpqo~Q&Z%(;c;8A+}* zF4|l&O^~2}6XH6?)|a!Fh+p`Ak$K*%p;X5lG+wP4c1Uk_323%0yeH)wlC2YO(KLzn zDT$wGd)s>9MTEcXcM(RW+uQSbVVF{<2T6#T*Jv-6vg5hDWBQCq>+Iw0s6*4)t5#Q) z5(i(mEjFEE)sv3O7DqdKF+k|TarX9HNUOIy5;$`$^U7-zR@%~ z`s#$ywCSb9)uCgQ<7=K4b={*2DjJEhAhX~(OSPe{lk&tQW+!S-Dy&5bq zD0m*S2IXGxdeO}f+ubKh$_yi*CS4yQrA>K9+m#;&VaQUlvnN0cJ->X|RTSRr@`uoz zKr)>r3$dI4{(J%nJhp`mjpTqnqCi&cKLI~2z|!Thh{NX0npBB(@{F95B)mCzpb6RM z>5Vcq7xS{gB|QgoPAiO9IiBrDW!3)$G*)p zB?C`)CQb=S7t zm`zYzj(Ny2aP1Qwt3+otTi{a?vI@m?->_GnK@FnLHLa=so$Qql-c{xC%`-BCp3THy4E0M0#j4lhh&Q(kj90>5j9%F{&uwH1O}Z2`=2Dj?6R^xVnO|7vpdN2jw(OPPLN{{f=(?Kd3Gm~gk{%)jOAoDauWx!Vj|YxAwN z@bXW`wkmVL(H z;@)hvk!tn4|Ngf;>vJ-URJpQ9n{XOGQVVBK9QC*wICn(s;*BY_q+dd{Aacfh?HnA^ zkFp_!m8yg88MW?_f=f!DMx!G?=3Ei(@`zPZJz?PGJV+UwHkgbD3TULsg8i!8k}^2%#v9KTon> zV;bv`JzC*ZP;m@E2kJXbdtZV6=bgi8qc<1NK5O`Mtf1FhyOJ&G&B0M3^!?Pho}x1# zatSixWaEnFXeIeNNCKYlfhi#8-CbM`kRLR%a>E#POh)Nb`WT}y>m28cj&bHQKg@fq zlC$<^oUeS!BCqPX6f`|_rJyNWz3W!rd`1(wbF{ItxX6wTy>>9@`X8jOIQd~E(0BTq z22~D*PGB-QeQy>j1st`C{;7&T>d_QGqU5y}f2z+~u@Kh0E}?aayxK-;2e(B;Hc^AH z>*Lfs8gGQ7(;BiT(vSD!a9GoEKbwmSD6~;WNK5B^J$|o4yP^T=D1gBYpI+0@uQx+YqhG1WkEUDl_+tgsQ$M0TV2&pOBGAY4#r6>7{8zi zg3?zCymH`ORZ3`-fM09U(g9#^hlu%xpBG4&8BC0j7-DitWGUr#!k#|^L&gA{*BxE( zrn%4wyLdKqmHfGom)EN2^&@{Kx^)kM^5|qH#%~_yJY&m6v<%A`umO0TV!Uy{;oN@k zfe1E+wj8*{-6^~L#IT$S^)XRn!w_ydiP|R;+Er;8p?`2?a5^ozgUFgWX7X+@E&Vpx ztE5#eXHMKkGr8u9X{3muZ${kbJk-vE%X~KV1sJiT&aAdsBhEKv&ZeAshL=aVBSdH# z$Gw@=?pHu9uiOJ}6N{HtZ7JFI4Wf^ZlRI0k(S_1+OJ~i`^hm(OwJyC;7t!m~gMhe8 z8Vskb&$0K+0Es)zZI~7b(fVNhrqaJ7!c$J;GtAz92pY5sn~#Yv8prJr=EMM;PAw+n z@l0ybg%aW&8^T=a)o57R^YV0B%_);{i&j#>4b@RNXyy3)@>W}N=$)J)w+=$JuxE7P{_j3{UNJOqV5f?!EU_G#POQH!##^_u;L*5%NK zTWKI(yA7qpT2{&-StltdAj4LCK4r2Mq)6Zt@A=~t&{npP4*2?qj5V*lbjq5%GT9Ttmf@hp8gzuf z{Cz@__qtU@vo^`!o^lG`mUG=HS?`m|3;CsEfPN}iuUR~0vcel3*m&C2|K`f$+Wk+h zRugWs#BNv`;VbxMYmcTcAFgoXc%L);WugnP2di;lwV}?l;};2f=aAF9Ul^ z@(cSTrYq3WH_MJqe%2@bo!S0u(RT4;aLqm>e5J;g7pL`U%mPW6= zZ>fEI8iZTHaC7au+RCHVnoY!H?%}9GIH+og04`8-T;k!YJKFu&%*oUULIwAdiwi^Q z%d}w{biDOIJy1;?^w@a#nR#>)^`<5h`4q7$`Q004HVNY9=}nfOHOI+0%d3}|xcqxw zxd_y8b#8^K+*9eBNgjT=bCNu#O1=fj+w$|1e4>iQoMwv_Pu~!8)UkMyN6C2s+;1jN zH#}AB>X^Bd9`E?mrX`UtAvc^xGS++w{0$4>7E_x_w0#?zzhRQ6()^5>b3;E?Nw#TZ z<}7=+Ei)C_>snJ+PI5v&Ys#De_9PR{3b3D;(7bWX%0ZCwg(#-8syN$yH;88L_;<@c z9Y6yC_My<2<0;amE`o3pk(l9JN75DbM{dK5KW-)z!xu1^pWr;m=`W?{=G4i zMNFXHkSJ+>fh?6HNdjKx=159i3b=vX*BS(q7B+1$ z#(mP}wu)NPcciubhuzYmTCFw(F71q?5Wbz*d$qanleJV0sSy8gK!(w{8ovObSPx0U zik}O(#P1Zu#5(}hSg%^FOE9Zloz(Tj??He^R#i8f4UHF$jVJvek~pmqG07kt)LaJZ z8OOi09%W1;SgVQq!3xgZwes3)I(Nh^;5DZqI{Fr1n`thR9j^p=x z%Q~>^rR1pf#gm)B_JR*`-!DcpgU6V5tad-HJMVFS4p>jj!44N0= zB0p&?{@ee!kAtnK>OWfPJ@MDp9)8#Ctactf^8F{xCr?(J-Ia%H{>jP7n&+=PS@pYh zr&e`19*w&*+i1||@#9DQFMU$~Hk*%|jel#dQX9>+)wRb>dcLx{)?E3w#-D+J34D~P zNo41mRqm$u>B0Sre3rgpACKs4acOZ${ontM1Iq8zwnrkNdJ~4-vk*Sr-*+$1FIWB& z40XV|06@LQb|`;UGG4jZN3A<&HcaVAmwV zItzz70Eu>r2P-Cg5;I(0l&p$xc8{Kubg4G?epPQa4-Pi>j(%OY*QosqUmzjuH$te= zm`2_J=`(r+;N{N2)^n<{`E-|5!Cw(T^4adu9tmga+5UmrRIfGDRt;`SQ)B61Ghb%oe?hAlS0ssWX!+Pbm|1?XC7jb`5iyF@DYo=6ArI#o-;(> z;n+L8#f=>luH)j!ARN;cCV_9l>})PBIrF(p`*f$atR6L~kT-Zw;<-Ac>d%56fqvEx z5vKDg?N=!Ja#N|sO0(IhHXk;cO1(bZ#DG$tcwUkJ-6YoF2mlfg&WBe8wLj`6wi&#{ zGT}ivVTj<z(afBSX*vrkGLD{g4(U1W8mux50Q`8=WqjRs{w&gX7Pr?s1 zIDR-#k>~f)W?W-W5k$4LUFV!n9Is%RdxwjQlR-p4hDQfST?zPa)7Fn^x8-#8%-`!3 zp=lyz3%I7XtUv=Oj-bLfIyySe&N;CRtW^$*8p}YD^g`NZHx(aHr~v%Ev~+L|s5TiX zSI|~9Q-HB>g!l}QuScARj&S7Eu`a^lz;+PxYeF*UjuRL@6*kh9r>GNG2ns`lY|!qe zR8WkC^*C1Ga55T(Oyiew)wSn$8ZG?SqYr=i@ZsvJ_51Iamm)~&Fb@fB`@@IY)m82H z-)onb1S#&b40L~czomABkx5qAG0j|$CyxHE4LzdJS|_Saf^lsS)`>yZe@4=Qj^FPG zG>y#TsNEi|&J&J;gkTVG{w3}HALy3M1z$%M!mc5@p=2j?<6yK1kg5`wL8QV!$C!oP zlig@AEMOWqjf{8t-Y?oqvpfh%85x`sm`Wa)Hg$^{Z0CU3-#IuS<`xX74XFt6MYnxSRvY8{z`_;c0=UeMSNF7;kQ z(m9q^o9OsQuHt_fB5fz}`<=Zb=*oMC8^z+H3+|=$cp?CX-|$q~$VD;FFexP+*atgD zuMeQvZhSBn5`JBSUl8$;Gc5XILlyr*3NBu3J>Pw?{c3l6qxemtBfB~=u@0~qh9oZ# znU}S?CE62%t3W?0(KFSQ&Yv%p7QW7`sGYzLYXIlka9D4`b2 z^|T=QJ0_br>-2k4o2EzXhcA6-N*5NM=Db_c@3wN@J=E{EbKb4$cSp~64{>#0ry0)f zS@#+%AMnS1QN>MFd`c)&#ccwhM^`8cBvq6Lg+*MZeYtt~AMLG|+wj}kC{zzsJ%j1G zu0YU|?RQLUdp3id9a^)A5GhNzg~eIV9kbT~6TY9WUJ~>}%Et zr#W(LWOF&JV`@usa&1U!$b<*Ei~Y-%x$z2|vBvY*%^|ICk`!a%NbhGXI40Unu!Mf- zvVsi%bKX@~V@{E4w@z5tom$yk2kCK3&yL&yv8`UVTgU zMBbncF%!D}$>bFB%CeHpw?=3ru>=}!6rCaDL1>Ov1|lrz+IX8?RgZg(MoVTWc4eoc zBr0s{4fOEv`F1?fW+^%-S<`e-MpL$8n+Nap=KdXS=q20x+JMsKn=fE=(5zAU`{&2le&HK|( zqyrA?MtBo-Sbzz75|=a$ZdTk=07i`9K)D<8Qm$xVXQUhWsw@(Yu_tgZ52bvK z23KvFH9#ubnU@AoPE~0^yi`R)Xo;phJ=->KI-H=NzW#~Y2v~yq$3zS{4%MHAxQU4v zd;&;|bWn-wjxww`Qi<)Q>UCwGG`PT-h%+Y5gr^ChT4iT^@Tde~Bnu!opzYkU>igb> zwL0st2BAXKib00I@eyIZsPcNy70NU_NHm`GdNqqxTv~EB8ePpqH>&XlgVPmlxyIQF z%EiWWYx`bbmzEQ!AMP=RHDG_P{qM`|zu;N3+n8#s)?(Scp)@XW{7^)# zT0K73W${3w{YXY9*I=o;hz(Udib@cjOF6yN1B1HG;d#f}I)pJnCR)NBHsT{`pXK^h44T8+l4#BzG8S&GSBQeN>fhKJF9Io@zctn^6jf(<1hn!YW;(;^}$N2+Nm~`b{bj+PK zhZ9BxjV4l1YoLwD$QF@P8|$cq$YtKRBsT?GE+GWW6+S=)Jly$pTfX*=UIdprkX!R8|l z=sgnZl*9o}wcHOGqK;n%fgk4!GX}TEJ&O7ReVue_X}3h?kZIb_MBJAti9i z>b7b&o-~xPZ z2RldU+uAIc7|Vo9or%RE^oLz7-8#>fH0Td-@&}(+L54ov^2XXU#N-ZQPqf-)E#o(}x3j<#N|`AZjtM>~@JAp8FEd9z2#Mc0L0V^8U|yjR>+Xy=ocEtLI>X_iKjx8qT(8 zug@s;3T%2y_rx09T1~|_*hwb4cc$(Q8Dg1tN@m;~F913e)zp(C8q2czcdSu!^%uXlWK| zJx@KcD1XFadu-)2hC}p*=wJ3d&WS6cfx)?9LLjRcM|vL0rj%BaSOO5Ykg;q7zL_i0 z*P*0eVQ6yat|F+#coK_21e&&FnQW6vL9FFUmc@X5B6!)lyp0z{VnbQhbHw5Tw%b!< z4jrJAqJ6yDKRALmPRjlE?%q!&NS~<8(id&wc7u7d^HjP@810207!Eq%OM~>+ZA_>a2 z8ved7E?OOvp4$%A%}6 zAtyTS60>6ir&FN*tvJT)1R`jRXoca%Hz>bbw_`8Rd#*mu5p_t5i}` zS88j2@91Fv#S08=b88Dm$fNzl==KM`Va%%6_b!c^>8mzvKivQ%4kbz)J`j67h^+Zk z67j((M&H_)>W&WlDPrl!nw|`{jJ1VL(g_WNps*(8NHuJv8H?$Kw#2iLZxkP5E{M5(s+(-)(vij2tg?;|;Me{+C6`d7^>1Nh4@NqLqV4e5_ zzZZ-h{wPA~oJR?K?oe&4(f@OJ&bjfTPdpNxIVDizc#)5G`MDDc8VCHpAXe)(2M0bT znZ;D7Yx{(_k4Xl_SBI+`1@*4@uJ}L|rupd2a=6R&K(J@j9N%e{A6YSZf9ud6k2RCd zG3}bVU}Ao^U@E=xM`zwpC{QezOutze`Bumu3-&IU@sThClTLPhW^F}_@ATn+a;Q>? zokDDlLc3F6!wc5#x#x%8H6vgoT5JkjcJf zL5j(kzS#a1kOr9P^Nlf6SoPOz=&}H@*Y%0IjJK!6&iP|p2+iRnAC?gXcFm2?kuQO* z4PvxR0XA{UAtJwq6JoAs(?69D;=K3oU9NX~pGBwU&3=oTQQmk>Kd)zN`8`{^xo2y) z?AagVSeck{R-~};x!!%u-{hzz*MrY6RM*FJEzPZ(j&r%$NOju>V4LyX79H%u=2{Ev z3As!3HM`pU>8uC#dE7%51{8aJ*G+S90}wbFzN1xKg2s$TpB2QsQD481ei;Ac&4Zti zm8J>-WaH68Rei6j2Zec@%2n)&EkKIyPgOmHV|dEjIv?a(?5BQfh>is}?Rw3XzD(v)j4NitNviT!N2P0!!*TRK_Uv)-Hj#No}>M(&)xL2%AVZ6W2kE2d7y* zkSVU)wr0;Vg6Y?N|)4M z(RWA~xC5u{Xm&c19;3Y7&gVCp(i<|a({t)j)3?%pCJ)lP&%g5L%l&^ZgF)@@(X2M$ z54*OuI?ez0@uStXjQ{Ury#F&0@IT!Dw_aD-$y}`0>3_993QmIo9~%teQUQ+|_%}wx zF!|54mgsdKo(ziH*YEe-~pa?7}t0-g1Bd zt7R7!YY+J``>-x__`uV6Clj*&-MjDvwkq#z(RMB0AJ!UxK+1QhufgLC-gb$$GMY6X z=#G3JC2_AmYSrsR>7DoRV(8)AkMKtkK5TyX@L>ff#?HlHeNqLZ2SA+DT#sm5 z^}X?g1X-ST+>aiF>Tryc+ZsvM;}9mI8vQ=ks)*a|N3}-9skZHneYaA$d$=#4($$)7 zwGvHJG%l&Uk6UdGt)X7^i#~v`I|#<`T;wB(uK;rK!ef8R$@v6s<=q`p^tTAVYC|>F z`Q>Fq-`~hcYHS(x_fP%~$)#YPvafETBIW(T1y#6=YCD6AU=$8;6j3g`k|PpRh~^tU zn7ZJHAjC3-@%nd#J}1<-R?2j@HZGvwiy3TvppVB)HMnm1T8wfYgQ?>Y=pL z4^Llk0+J1IjmY1nzEB6tg%|rjwO{P~yz`<^sUZ0ifY~ZX!8syBoewc|PUE%C)AwAQ z4WaAtl^dr$+@Fxc479nTK`IG`S)bX(PH^!WjoXFT$qO@stkhTW@HsSs%X8 zGVw?1+$Y?0VDK3v`e2)05ikZw6LBtAp4ea7F}jSEH!`l82_Pa%B9I)gaj+wY)@_}~ zp#5^^==uJ(kjK{{>DOaiiPc#6QgXKE{b9$>V!4a>b*!ZkxAexHGYRZ)?(sHq?27Ky z>ey5}Rz!fmR_~ox?{(F^=dF7$TlWqN%f|1Siph;O+vL#emIssb6Mtmd(>jZOs=imv zMrG0E652DM)F{zBNvZY4)JymA^`i5l+^wDZ<7XtH|LS{4t@S{assMzJ@Vl3!5T5ai zX3kr1y>f+Ls8XU^PNC;8De6+KB=BGWTEaV(eS3(YX+sg-WAXemBxd21=gnu>(+){X8yIT3e_LDLmH0m z6d;E?A7W1rM_&_9x@o0ZA^KNVDk_@?*9yWz9aY zZZU3)kjCv$F%N*b@-oJj9H>m2-{nXwzx$(*8{%wGlc>dmHDD_aK9X&zA2ru+33snh zL(rz#5%qy~_UcZ~hXOFtkn%RQ2OG9MJ$Sv8qU7XaaR^WRNf@_lIWJ@C3&JZoPC=nk zI|o-O*BkF@`hRu5-1tO{x8goQ&i8k<-|koH6_-Pp<$U0u(pFe2u2k|Cd!Zl{h#q{C zE9V%P`9jb}%&5vat;6V8)0d3O^}oG+7rmQ2+j;iv-G|M_Zx24Dei!Q`u$D@uqujBt zvKeTJiQT3nmQ%mRt`N~4+Bs9Q_3J32JOvV1)I<#}w0Jl=dz8G>8-sp@wQ_n%xXhst zXE~AP@-y-K4aH|{Ny4FxHzpV@V84qVl*{kB58l-(59pstJxCCU1!pLvxt?5qkX~q2 z9B6AWP4Syx(1q8BZa|iXz%i4SWOs>myk#$-bbVZaga=CsqPXmo=$G}nE*KPGQzzWz z9$$EJUR2N$QNczm(FRBZKp!&>eD_{e4WbQoE56m}=tEi+Ts9C2d>P2oP}Yr`x@Uzk zQjyL{)S-ucIMNi9_HHl$0N<2lPk+!5M_S1n7(78E@g#TZi}PIsN8>B8sIpf8X-jZb zB~>dJu=5v)EwWt~g-0&s=}VW1Hcf{m71kKBagO&;cD9i*WOS}{CQvs zECCnNA-&hL0Gaf&aLl=pnSYli^(v|FG7Qpu4MvsFdJkyyZuX{k^@`c0Ywvf=^{!CNU#;xcM^By!Pqqte|&J5g^`b< z`JnB|tO>Nd`2?!ttvS;ij?5A)#BGmWPV1)Bb3{;ZENW8x5A}Qm!;4iu5{o7$@zV_M z)q{jgS-|n!#*AiJTH-V%8y?>lwDdG>oNEqRow3g9_}c9|{`s9ZwXgMdZk9Kq0{I_? zM23M;y4;(w4$qOJ33KDNABMxo0MTh)bbvg*ooOm+mYN~7EyuY%)jqZ5Ha%-0IN}d9 z;oPE(4(2;4t}=bi<1C?;%R=04-)i-9FXD*?j_new)#Aojq~e5k1arZKIkn;_?)I-IJ4--n~F+$sk8JXg!tm726|;I66Ja(~9XpPSYsH!+i{F(ur< zMl+XGuTvZ)iwxQ(rXk}8QVLwDaz-c3j-TH}C^@#9eO65c)eL-NEDIE`hK(D8IH#jmx* z9OcU>T)f7K)XQ~Mci1Y{bD8B6Hb>Dv-!q(A-yfWg&*;H}2lMU=>~=G2Tv~pP-Uh#A zIQuk)<#%m0-6sb1W_QnAfQ?#liNA*d^-WnmJJ(Ef=b4Dg*NBlu=xLsgsVM^(U33y?Q~w!(S>5Uu(*V7;Xa zuOA>V|HhRcl~mcai;}i8@L_#T=|E9s**;=MF&<&pPQ!P6-vM>o&i*o65jlXP$N35V zv)RCvEEvvoKw{Vz;H%(`27E|#G8w1A4>%|NnGYq#+NL?eK@U+{%uQ<&I{0S19p@m_ zw*n^!Z2{}NH_~1{4sn_Z95x~Cc`)Kw2La!*IIZ2h7(t45 zW|<1R-5E5Br!xB)q3wYxYt8wG4OM71NW&vyP!0l^C=vqiTnoCJT+iF-<=o9(&1s-X zfk%sl_AJ5pjf=s4rc4y84Z2d)$}HQ=UhXca+4@tLrRllm0qNX^ygvbN zys5cjvID?XS*HUK<#j3mnxgq&AX``pOpcIi#$`oY{ZMw^9F-xn6GIy9O;u8FAiQ{% znT1x(p(uBB1NxYH#Iu1@gOo@YqeP!D2`bEwydfK*)@Dsw})-B@Ye1+*IN`Q5U6d{;?HX;zoiH#r?%)WslHe6@V+sR(>l~W7Sc`iwZF|d8X{Xu1vct{IZkp-;+&n4+D3?(=tRl;- zQn^fLb1Vl^F4LI`YzpVO&19umLw`5=r#5X*Qc+^bEVGL*@fKAhvsox9N}*^&wqg({=h#E zFTR=)Uc2t!&JLe5 z(Ri)>$0Qh+b6lXP(0{j=|Mbu2-T%l$&6wH7?E4>$l}C+c=KjZ{)yH@DKmLS|8}V9# z=R~lI=LV%h+^?GP*om||5Y;#GVPxZM$^l+5IP*swB@n@z`+a-kHUSm^Y$gM?q?^4N z8M(z-x{D+m0~^9JQyJYs7u?{rfe8Zy_ux~VP|kCsnfu}k;0<&D=bi*iLP+_sj^Q5F z78munqQ#FoeAmGLAQAa!Q0Ed*5t|dDUzxa}xWm|aZ^8|+YoA0?LdxWD zy=lV}abZIp{(AUg|0mV;dSuKw5rr-~1)<|?d9un0W+EF~p z1&&;^L1O9RLKJr1`(q{$dO|bjd*?{-Zcq2do#EmFCytT292RRsfeRunJqM25kSo}@ z4n63Yr)_U^io-~B!6s+3_8V$jrUbsRa(CbDH==V!Q#=0McMt!Jo}&}lo}=-+uK#y4 z@Vn35=k9a&x%=FG?ml;)yU*R{?sNCK``mr*K6jtH&)w(lbN9LX+