From 8b0fd5f59a1e7a09efc265d3f018f421b966745f Mon Sep 17 00:00:00 2001 From: Dmitri Popov Date: Wed, 21 Feb 2024 12:07:01 +0100 Subject: [PATCH 1/5] Initial commit --- articles/klp.xml | 181 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 articles/klp.xml diff --git a/articles/klp.xml b/articles/klp.xml new file mode 100644 index 000000000..e83399663 --- /dev/null +++ b/articles/klp.xml @@ -0,0 +1,181 @@ + + + + + %entities; +]> + + + + + + + + + + + + + + + Legal Notice + + + GNU Free Documentation License + + + + + + Kernel Live Patching on &sles; + + + + 2024-02-21 + + + + Added sections: + + + + New section on foo to resolve issue bsc#12345 + + New section on foo bar + + + Removed sections: + + Removed section on foo1 to resolve issue bsc#12346 + Removed section on foo1 bar + + + Changed sections: + + Changed section on foo2 to resolve issue bsc#12347 + Changed section on foo2 bar + + + + + + + + + + + + + + + + + + &productname; + + Kernel Live Patching on $&slsa; + Kernel Live Patching on $&slsa; + Kernel Live Patching on $&slsa; + + + + + https://bugzilla.suse.com/enter_bug.cgi + Smart Docs + Documentation + + dmitri.popov@suse.com + + yes + + + + + WHAT? + + + Understanding and using Kernel Live Patching on &sles; + + + + + WHY? + + + State the reason why one should read this. + + + + + EFFORT + + + What's the effort one has to put in? + + + + + GOAL + + + What's the reader's take-away from this article? + + + + + REQUIREMENTS + + + + + List the requirements to accomplish the task(s) described below. + + + + + + + + + + + + + + + + You are a very special concept now! + + + + + + + + + + + + From b3b2b0f504fbb22ef452214e830241bb67ad97e7 Mon Sep 17 00:00:00 2001 From: Dmitri Popov Date: Thu, 22 Feb 2024 10:26:07 +0100 Subject: [PATCH 2/5] Add klp-patches --- DC-klp | 15 +++ articles/{klp.xml => klp.asm.xml} | 159 +++++++++++++++++------------- concepts/klp-intro.xml | 81 +++++++++++++++ concepts/klp-patches.xml | 66 +++++++++++++ images/klp.png | Bin 0 -> 92562 bytes images/src/svg/klp-src.svg | 3 + 6 files changed, 257 insertions(+), 67 deletions(-) create mode 100644 DC-klp rename articles/{klp.xml => klp.asm.xml} (56%) create mode 100644 concepts/klp-intro.xml create mode 100644 concepts/klp-patches.xml create mode 100644 images/klp.png create mode 100644 images/src/svg/klp-src.svg diff --git a/DC-klp b/DC-klp new file mode 100644 index 000000000..9a22bb8ec --- /dev/null +++ b/DC-klp @@ -0,0 +1,15 @@ +# This file originates from the project https://github.com/openSUSE/doc-kit +# This file can be edited downstream. + +MAIN="klp.asm.xml" +SRC_DIR="articles" +IMG_SRC_DIR="images" + +PROFOS="sles" +#PROFCONDITION="suse-product" +#PROFCONDITION="suse-product;beta" +#PROFCONDITION="community-project" + +STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns" +FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns" +DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat" diff --git a/articles/klp.xml b/articles/klp.asm.xml similarity index 56% rename from articles/klp.xml rename to articles/klp.asm.xml index e83399663..d9df9f3a1 100644 --- a/articles/klp.xml +++ b/articles/klp.asm.xml @@ -19,8 +19,8 @@ - - + + @@ -34,7 +34,7 @@ - Kernel Live Patching on &sles; + &klp; on &sles; @@ -42,25 +42,61 @@ - Added sections: + + + Added sections: + - - - New section on foo to resolve issue bsc#12345 + + + + + New section on foo to resolve issue + bsc#12345 + + - New section on foo bar + + + New section on foo bar + + - Removed sections: + + + Removed sections: + - Removed section on foo1 to resolve issue bsc#12346 - Removed section on foo1 bar + + + Removed section on foo1 to resolve issue + bsc#12346 + + + + + Removed section on foo1 bar + + - Changed sections: + + + Changed sections: + - Changed section on foo2 to resolve issue bsc#12347 - Changed section on foo2 bar + + + Changed section on foo2 to resolve issue + bsc#12347 + + + + + Changed section on foo2 bar + + @@ -74,10 +110,10 @@ - + see https://confluence.suse.com/x/aQDWNg + --> + &productname; - Kernel Live Patching on $&slsa; - Kernel Live Patching on $&slsa; - Kernel Live Patching on $&slsa; + &klp; on &slsa; + &klp; on &slsa; + &klp; on &slsa; @@ -107,50 +143,51 @@ Documentation dmitri.popov@suse.com - + yes - - - WHAT? - - - Understanding and using Kernel Live Patching on &sles; - - - - - WHY? - - - State the reason why one should read this. - - - - - EFFORT + + + WHAT? - What's the effort one has to put in? + Understanding and using &klp; on &sles; - - - GOAL + + + WHY? - What's the reader's take-away from this article? + Because &klp; helps to keep mission-critical systems secure + without downtime. - - - REQUIREMENTS + + + EFFORT + + + 20 minutes reading time. + + + + + GOAL + + + Understand how Kernel Live Patching works. + + + + + REQUIREMENTS - List the requirements to accomplish the task(s) described below. + Working knowledge of Linux. @@ -159,20 +196,8 @@ - - - - - - - - You are a very special concept now! - - - - - - + + diff --git a/concepts/klp-intro.xml b/concepts/klp-intro.xml new file mode 100644 index 000000000..9220b591d --- /dev/null +++ b/concepts/klp-intro.xml @@ -0,0 +1,81 @@ + + + %entities; +]> + + + Introduction to &klp; + + + + &klp; (&klpa;) makes it possible to apply the latest security updates to + Linux kernels without rebooting. This maximizes system uptime and + availability, which is particularly important for mission-critical systems. + As such, &klpa; offers several important benefits. + + + + + Keeping a large number of servers automatically up to date is essential + for organizations obtaining or maintaining certain compliance + certifications. &klpa; can help achieve compliance, while reducing the + need for costly maintenance windows. + + + + + Companies that work with service-level agreement contracts must + guarantee a specific level of their system accessibility and uptime. + Live patching makes it possible to patch systems without incurring + downtime. + + + + + Since &klpa; is part of the standard system update mechanism, there is + no need for specialized training or introduction of additional + maintenance routines. + + + + +
+ &klp; scope + + + The scope of &slea; Live Patching includes fixes for SUSE Common + Vulnerability Scoring System (CVSS; SUSE CVSS is based on the CVSS v3.0 + system) level 7+ vulnerabilities and bug fixes related to system + stability or data corruption. However, it may not be technically feasible + to create live patches for all fixes that fall under the specified + categories. &suse; therefore reserves the right to skip fixes in + situations where creating a kernel live patch is not possible for + technical reasons. Currently, over 95% of qualifying fixes are released + as live patches. For more information on CVSS (the base for the SUSE CVSS + rating), see Common + Vulnerability Scoring System SIG. + +
+
+ &klp; limitations + + + &klpa; involves replacing functions and gracefully handling replacement + of interdependent function sets. This is done by redirecting calls to old + code to updated code in a different memory location. Changes in data + structures make the situation more complicated, as the data remain in + place and cannot be extended or reinterpreted. While there are techniques + that allow indirect alteration of data structures, certain fixes cannot + be converted to live patches. In this situation, a system restart is the + only way to apply the fixes. + +
+ diff --git a/concepts/klp-patches.xml b/concepts/klp-patches.xml new file mode 100644 index 000000000..db004c836 --- /dev/null +++ b/concepts/klp-patches.xml @@ -0,0 +1,66 @@ + + + %entities; +]> + + + Understanding kernel live patches + + + + Kernel live patches are delivered as packages with modified code that are + separate from the main kernel package. The live patches are cumulative, so + the latest patch contains all fixes from the previous ones for the kernel + package. Each kernel live package is tied to the exact kernel revision for + which it is issued. The live patch package version number increases with + every addition of fixes. To determine the kernel patching status, use the + klp -v patches command. + +
+ Live patches versus kernel updates + + Live patches contain only critical fixes, and they do not replace regular + kernel updates that require a reboot. Consider live patches as temporary + measures that protect the kernel until a proper kernel update and a + reboot are performed. + + + The diagram below illustrates the overall relationship between live + patches and kernel updates. The list of CVEs and defect reports addressed + by the currently active live patch can be viewed using the klp + -v patches command. + + + + + + + + + + + + + It is possible to have multiple versions of the kernel package installed + along with their live patches. These packages do not conflict. You can + install updated kernel packages along with live patches for the running + kernel. In this case, you may be prompted to reboot the system. Users + with &slea; Live Patching subscriptions are eligible for technical + support as long as there are live patch updates for the running kernel. + + + With &klpa; activated, every kernel update comes with a live patch + package. This live patch does not contain any fixes and serves as a seed + for future live patches for the corresponding kernel. These empty seed + patches are called initial patches. + +
+ diff --git a/images/klp.png b/images/klp.png new file mode 100644 index 0000000000000000000000000000000000000000..2cb0c5265730414914b62d9c3d49fee147401e67 GIT binary patch literal 92562 zcmeFZcT`i`yEYoSf)sTl0s^uvs0gSiC|%Kwf`Wn+>1>+P1qn4I7KjztA|N0H3q?vm zIs^!U80kn$AQTZWKmwsAKuB_Da2Nf3=Zt&rxZ~V0zVU7R!?CjFT5HaCzV&&ZwH{nH zHV_t+5`;h?!WYh;HHAO~3Ly~w^PBj=FS}A5;=q5r?x!!EhCtrM2(3Huf#coI=S?p` zAffvq5X3zQWDWd;n1nzAk3b;Pju42(a|lGj??u%WEpUSWcO!$d5H{yudQDawgzNY8 z3ujMX4IZEj36uazl$k*j4mTB59t00f@4#O!cVUwx-B@Amu5Rr~+KkrL)$qR1 z1X^pFwkkGByT4;G)m`@rFPO~#4u8i{!tsC36H%+S7r!H7&Ee1EN!9KECDs!5&%;iI z`aH7wD-&*t`me=>T;G44+|&Kqq@H{x1-nvuQI+fV!`YsprR=I7uAR$&MZnFiWI{~YfQtVx1-?@;^m)^Af}mz96Gbx+SR#y^uZRn^W>`r&MH#?c?n zdZ=j|D*SNP-YDRQX)O&bWry$7R=^KvuIDqmu_=+l-=C>>sJX2+Z98n+Rf)a6iq~VR zM2r5Jtw;Ck=J$c8ExDkl!+HW^we24KDd6lkV-)hKD|m3S5`szBJ|z6ZRj;P51cDPM zI9DyP?^31=|9VzXecq(>tLZ!BJ88TGz8REG^xsl_lc~=2ml)m{BmTNVU(Au``$Rj% zc>mgge+Xj9}-_dxJAMx7`NeMp4_4Vis5KSPE6WbhlxPiCnnzA~?i5{2taH;LC z}{{dd5>a`^A`ff5?gWb7-q&BQxphlxya4BQ`rNTB|xL14Zn^;jlliApUg1-{GmYFuJXlAF>wkectJ=!cCJmc?n8hcZJmsl!Z}iEKmEp zwZFKQ*K}Gy=FM(y$}DzQnB@1T7;vl#avi2VK2Va)I$Z|Apm-yK25%zojIXcYbd~$Y zjU3jV-q}>B2|w7k?fW%me_k_#qA^GAPfNSF?{H+39oUC9r=zPEnsa99^Ef%&*vBV| zl~mV6yZvq39fbgqxBnSlHlRGxwaFS8UwS zyLbJ(%ffimd{K)s@#x;!9+8t@5G!r!BVKPInx$U`D4vjXIgXEk=&?Ix14UxHM2e&} z>U5Y(-A1#jPW8N-^B^{e)K?isiQn|6#@$_$ToWFs4+oD0C)zw2G!?*#`w0ypKEicD>vwWm2O@~*z9c1gudC^;X0iwmlK*R!~Q z3&HxH1~6M*WY<@fT%q2jL%i0 z;!|~_x?WK6gJMCofA#0zq$gCKtmAZ9?2%})xEb($tE^jBs+^!bBPpWRMpV;1` z^^x;ns;B~|;0^&{sbAo%MN~|T*21TCQK_8eSq$|fDJ{&Wy4zT@F}I*LwAOylZ;$Vb z>a2WOsb$QP%@NEx9?=gYjA8mhhj*{JWt)Sfo2@?U-4aFjXrI$^OifaP(Bi&DXZ>d+mDme z4!y-HwOB|QSf0e!%;polJ9nxy7!?Z)N5i5wTh zo_rmn=7LDQv9Th(8-Kc~k?S#`I~*;gUDVGam@EdBoF&1rhf`7aq}M-TpFC?$|vhlC*tVVxQZxfjC$%5Arg3oK;UD&y~-evI`mt)YR@% zDjzg0ib1W9E6iUpkcsyVqr5Y?NsPC!e!D{NoCR8A9K&8{Q3(>P)4wb$s~aw&!8$+o zShfArUcK7soLs}<+%(%uyB|R?DtE{x?hd#lowPn{?`DE}!xq*cJFWbd2k}LQ*?^DL zu?%l0Iu*sxVxQD;ZB;hD4Y|($-7-<%&ejOMYvJpM$vPr;pW>}*B8F<@9`};lSN}mw zcE9^IBub37FZc-0_g8&XrXXN@ZA*-8M72Fy90@ z#oH%OQS#azv8i)Nstq$!W^)sB8FSDq^Fu-Hn#Vj17`ry-j+%VfAwGgrCiK~g{D*TA zcF)*5n~_^($vh@O2`LO^GQgUUJHj5p5^%(VPb z0tI(z@^{HURt`!Uk0v7hj0_7(uc$LB_5|vpZH}E*z3L+ z?V#DgWFAV33bwk!+X`EQ2}J9s%k-@&dxd?HN4|+@jp}4IDWF;fR+@6R-fQ^+pL;I= zwi~ZhF?->FH?6eK{Wgu@`Ssuo@ze?K^edYKt#q7a<`!>-1 zS%J$j@5ZHJ!P8I_KfxUZgEoy=*m#$QBM94_ptnX@7;0@;zjs4MQp4kcdYU}qu*7*b zi;h*nV1WdVl)e~u?P{2KttqJL9akE>*rwhx>r3=5SMt$y{`fdksE`xRA2N*E+eM4p z8>~qe7&GM#^Ry!^+NaDa6`PV;?7-Hik_y#=UYduBMu8|YkK3-jxiF4ghk_2=a4i?M z691f2P^iX6I(L(ujc~kwV-PY0G2MWu5y?(rlM?8n#Ry zF{<(#Dg4cMU(@pa4z0yjAD$_{$|=LpD%d8rAW<&(%k5MjIo*hG;AnSQ`mar8CFYTb zyttr2iF3w+o@W&taCb#@tQJ_v(zmYZe z%{tKM?@%w4SRj7%oTw8?^nkC7BFAdCr8Pw5qQz9SLJeMKWCr?}d@#ew%9@OXhh)(p zOMDwknXzasrIH5B{`g`_M$NR@0*u26Artt#Uvl3a4ABRZKiz^XohSpj>#dGH|@6c?*@s^ygJu*RwsN3d1A1o;D^ ziBVW4jW`AZm>PTdmw`2Mfy1Cf#Vb7}E@-x;6XuE9Kz0tP3=EN=s(SY2CC79ZmIYOq z>RoplX);1e=#ZSW=WEk$*SL5Pmom&g)+Sl3NYK|J+#Efh^bMpvHt~>~x+;gr+enu} zeV1)Dm2$!*=NJJqgSIKpJh%IM+oGSemtOMs7Iu9TQ(`d1hlkbjLtj3TI&laKo$Gw5 z{|Ij5nP2)=lD>Ao9d;pcvLXlsIFJx0xM!mCGMIxAu)1+c#^M2q{;j%lFlx zEn}6Q_a(!gP=cEYH;q#upPq6;aC#7}qqO{W`(0MS_<(pN^eWoB;NtPZQ&&O(R09l& zlPI9ztW{(3YE<9wa2g6`)81?8U}yHFoQ%e(T|~(Ak)l1;Z=b=1o>SW9h%9XrqMuqF zk9!0c^?WA5s_imVG%qdikYj_`a9?1{&d%3scqvD@knulG)UeI6jPuDy*Bj(mg)Z6) z9uY?_cR(;J`z&y~iHE)NlZa0bdXsP*AE(0=`(0@|wltUaUm?9`v7>daF+$U~edZl_ zed{jyj*d`a!@dHE!&aAz+HT@xEQ>B>7>Tpj@K|LZ%%FeE1W!|1iP)zTh6tHE>*Jmy zH?mSg*FzHyU+a3x1tp;UP)Cd^zeGv<9ALpF;w_Dp>U8LX0h;;DU1ug0(t>}ruMWP+ zdivEa|F)ec0!DB`#@j}wXHnr+*s8Q);OL&7z%@+tNXyqLMVYL@(`mc$|lFA#T5TIiuOKcANSuzkX(YzzeMqe|?wyKZ4b&h$QRd%TbhDNuQt{#jez%6b-rdht$pvHqhvOgZJ zq(!_EUA9NdWFJ2Ml6HXkr7FFHn<6$H=*me%J#zCc27L&HPV+`8H9Zq$a0YS2kah~r zTF(?NynFgCzql{Ew;-ZdjEnZ+!FI;+I+5bk2Fi3jOc}er@YUNyd--aUXZX@*15c4c z_l`8XYS>U9e&%>?O&S-?1ise&6o)SN&cA<_zFKPu+j#hRI3=TUOhqqSdY}T`5w>{j5oAJ9wUb2^5 z&`(TvB=@}7Sj{LmB|0%GT1Qw4Be-n@&SnNjid!7;33|^baXb(qqik+h0YkxPH||3; zPbsc|5;61}7Y*cfmJ1rP5i6rl{WMpdkwPlfh2J2Wt%sBcYeD8=G3b!YMboAank`s^ zYQ+-od@L`?E;z5SJ=nzE5k%X0VHrmW?D#Q3fSK+WntxXI*(j@IDAv;`Y+W+-7!Ce* zHzbgueh45&5XiIc1W%)Fuq@92?|rT>FO(WAZ$=AA9jgeM5YAVKN}QJYI>#$%f?tXLEQwXarX7!v(Ey338I-R5<JLMP#f8X(Ozek(|(&Q0ZF^p;H-+I4P}QzjD;;@kJw+ zWBRbCPnI}XJ7rqNB_;Aw)YrHHgKs(kcsfOOfM%~%+9s;OmED28^v8zB(rgIuzVd2h zNnqd0rnU#u+ifL|dm&`%i)PA*=)Il7p0Yu==tDt?6nbHUh$3c0+PC_s>=8%3aFAwA zpv?C05qxV`-Kv`p<^EFM4=T&C^5M{2A~Vt`6RCGAH^1y5n*?WNDRa^C%ZIItP#~S8 z4%Iqvs*k3!cy3DenN3oCT%uHSCnBfF?N$RCi87=G%{NK}VX)&DC$m!^3<>PYxu&Xt z(S-rKRgx|{sUXZB?w%TGkw~nA!}A}QUOm&l)Q`gdJWn9vO)q2LiQBg8qW zdX2>^@v1o;C&wOtEo)IKw`H-~egVQ+n%>C~PT$vq&M_@8n$Gll(yfT_^@Iq*X1z7` z{&Sq98G$~W=*d?9?4FGBR8$nYl&78J;Ahua$OWBS>NdgUqN_aSbsCVO9UTiw<;uR- zN7lcoFVZgwlCPtJzdmTJQ(jlUhkEjhqd>7++o2Gp(QUml`aMTlw7e4Y+TiOrc+b8% zk(l@wftdIF(jP#17jX2Ra3T~7B>(mEYlEP*m*)VwA1s$?f=Uym3f1et>6np?it{E$ zi~_8?McjQ9NteG@S5QN!*`gu`Qw!y9zVFYSBCCSzHO5dchB zD96s#3(a#fYLxKs{Bjh&FTOH>l;A~2u~$)zYcLT1_7Q6r+coDuO8eR_gc@rv_dH$W z9W|ZiU^PDF-;zDQIk=n1fS|LlW9I&z=ui0FH$J~Qw~9~5bEr6Trtj4=+&S_#j&$Yj zn@D07yAFC6T&E_hR^3v( zcTg+FqUWVN^FB|_yLF@u%`Aq^R+0?+hLx-3Mt$WG#w_hsHpb>|*vH3`cJ@WOs{^l0 z+~pPSQh+s9v@j!MLuX3y%9Xw=^QSjWW?f9`y20QS?cKD|cMXrJbCLwV24T$_2@Zx3 zwmckFr$te%#QKHbYiUGckuBLs>;1mIo}RhWrpza@KreaCM1aG}RQb>yBw2gQkoc$< zW=!1ib|>U5+vb;zyhy`Z2XB9IDUk-`W*c^O1cZxG9?BO`J%d?PJiBShZP_un+~ z>KHi+Sx5zyw)dwKg>mhtNH3l)$74K3OQZBEa_2PKAe!rryIWh8=(cC-LP7rd5hTw6 zyJfv$RUz~RwojJR{OW8HefJodX~ilnq`0NG5E$qwLWZLeG>jS@WspFUXu6M4-drg z%{~A{TycGF5eqtVu)S$rwPvM>+hejGCuRQ*>B(?@`wKuc&Kc}oGYmQ)p!6jwyA~*j z883l~Wk*y46WKwPc4I=z)#j^17Qc=~Ybp=>wF;xF$)zDS`Fs<&3!xyFLP$*h}kLLEP&ZK_TF{?+3S0d5J*x1?y-6eCvPPZC>$uV zEJD61z$tTLxG4aM;#-Azy=&Yt|KcBhvL%(?( zFZ-Ri>qohV6D$Y;P*0P<8VD-EgNd&me>~T{iK9gYAIt`#3uci!yoIg`A*ya2j^_ql zS*mI!?c%F~lB}nl+)*w|CzJRHopuOe;HV_9yF52@E)<>6fva0A>pyyniLfh$oUi%5 z9U&veOL1wJMJBg$sd0Pp5+-W*hDmY^9mQn8hhKAHi{~--dIE448OYyTK$OY zNw#6fKAUJ*T}U_JC2T6(>S(#>+TYE|N!KpVss?+T>z14hLH3#pA+Bm}z~W-wag%#$ zUU>36;|)EFcmk2;f|}GG4-?yX5X{&_QnjqA<$n20K6uE$_lHbAKPxx2Z2}>?-EmLd zZ-}83l@5qRH^sX4tRio} zn^U*t0;=UlJ{S96+w=DyFm8rM#xTk;YR5KNjw z5sJTmzUL@oMFE+ol%xT*$be|lSJx}Sa;-O(i-?%LbCx}6)67-#E2pi{nZy2MaznG$ zAE8Y%jOX56`n^-Y9E^X!`keODD4DSHjhwlb{_?}(e2kZ3pr#^|;+*DMlm*iu!h<** z&qFB-yDEt2`QF-C3V>f)iuvuk2*e!qb6I=f&Cl&}p5JDs|2VO?XW7?fCJ^>pIgPvP zz3_1ppOKQ^5!$6QH-4PiD=^IUr(qz;7U!b<`p=*>gEfQLzMH&YN_}Rh>SW2!x$7XH z!Hr;TJwE*X=RI}&fB!V`?@xaU=l@VikZ-=Zk=%D!IGajwe%q%Bxhh(o#f6b0sYQGoRfn5~;u3?GMS<)ROaKa&RzH~@O8X*g~U z4qqhy@AUqa-v8FR_r~#jAL(65ny?xnoiJNNx94k00tNWH{Q@$#VgWYgVRd7n0rf*?xTF1&E=Q~cz!0to|E>OQ&< zmozuU?FSNxe%}PZeqsQyLf|k+pu-`g6#yH9{B?uPqqpPM8!pIso3Nf!dWM>xd?o=Y z!=s6D@%fR{+=_KO9J45(-81vcRpg0!eJf_9O1L}+Ol$I%_Nj1M?|`$+fE&5Y115E? z^ACPVy6m^Jb{+RFf(a2IjE9Qo1O2QP2bTZ(C{oVQkwfnIg*h99Ra|{R0sZZHIGYYn z^je(GE%=Ds<$t~jDzM9suB1gPbZS_D+Y~yU=CpEffOHU1O(|;m=!vd$ zOC6N-on(jB z>oi>K{~xB0gj*2-Zg*Qi_CA(gL!Ceob8^wi*kg47oZ1>Aqp79?SWI8>_F?%g4DX_* z{pK>o9GJ5ohXr8WqAKc7@<@GE&kxj*V_NJ3H{RC0SDZlAY4ndmv^~fX zeHXUPMg1az2>`zj|F20Spx*|NSY+(_O!-JOr+rGBH;9oE1TI6#mShIDubokk*C!jSkN0AoGleLB%6UCRLi)7&>b;q*7Z z&N#tGw@ozdW?)8`K4$!c$Q{a`WtHVnTVnMcW$K6P)kcw!q5Q~N(3uu57b;CT=4!YO z{MHU%0O;e#%uKXP&E|-92pKmIg9mbFY;S!&w<>pSZ)BZ@qzlr>Gidqs{WSD#8QNB5 zbq9h@YjiCDr58qT`a@}eyLffM`GLRceD^lx_o#4t8Bb0m$xiz#O}y+obA`%7nY}~N z5iM-6u5H4aJU{Z%fFXR^&;R2rrN0<6q!zL|*#VmkNae;w-@di!HHVy$)7J_bSPBhZ zU(i~B54dWiBT-fZus99xML-oJ;UmzQJDQFh<^Ad;Gv&6Wu*FW6!@yHY(gxQWBND}Y7IR>i#Avp02*{EoSt2o6O%UES1EEEYDLBr z&d4KonbMt4hQ!}%ic`Q{>!$KUtRMWfn$m$I_}WxY_wfOCd#R`YOtdWnTS>dMbYX6% zr?p|em<#;|0(evR#C31LqHGbkuf5gHKw=iln8hRxso5rm5e|w1v_PK~b zu7GVa%N2(FeYm~BFTc_RWP=^Eh&a$$tJdbl#lMJH zo7zVXRkuM54ehIrtJi30!q0!XE1FQvcJiLie%Oz%fvp?Xt~9Fbpo0zrsrMI0T^hl8 zU-7g<@MvUFjEoya!Tpi$Tpdr~DJZ8Q{*gyOG7N#j#GPFeq!!F zbI&$RZQFAX7;(6@bn1#6KcOkXcJUN%5FnY^^d^d$%w}OuJdHCxIeO1We>_xx;M5oB z!~h$X<+Wl{@gek-{Q1LPa&Fw^zaxf@zPZ%yAFk0A8y_;Zc<#lU#uP*>=fZY4!pEdXvNgUGWJVgj25XSH zXY|CtE-y*jz5T^g{K|U)xi?adY!JHdi|Ve=J?(I-v;c$v(823nk~~nJ7VKLMpmV^0 zl2diNXntY`$g!@1ns2udNIdj{j2~BtNDoKrREDp-t1K%%b|rFyW|6f>sNGa(@ObA| zUH1B7YTu%8eoc+GE~D%P;A&Q7*7@S?g1nzYH1j%SdRKTNqn96oM!bk;io|RHkgWt; zw(o$-I*ik^^>FCbVM)5b*ebg7NV>st!HGJZg-?4tL)lrzsmTNLQhl#D?8uuVdkmsm z3q*$#|E@AO=4XIvE7d)hsvlK2ygXl7RSQZ6t?Md5@az)vs46~MAmq0{r^Yeg;>jQ9yon0i?K;fXsS zX?(dt2Xx9)r4YtoK!?)XAs@_4g6K<5`w?(E8&{1U29@$d^SNkFNEr)%@jGd?Y>*>g zJB0ICkw0tox^~XCe%}X8*<4_Ah=IQpH@3tQT{AqoYxECW&69Zk1EMuY6b#iXW^c)+ z1R{pa2{e#>e$h{(ZB=JzZ z%lb2eQK}tU#Vtnnk)_?bYm=`5kL}!}9r1aUc2fqw+}I$L9`d2b7ldbY-1*AMWL0!x zKp*D=&?f_SE~bD6JHN2h)oP|CcFkO$mqQn)bOT-iRHQgph+YZ0s*lP+ z$J1;^3wo?>2$VO9 zvnp*6Mq1eH!I1pLZ*48dceDCCA}stbus~A3&u8!25JXS$uh9RcLWIN%?L=LCU&Ziutmg41-M}I%N4#JapxbjaN2L_xnwE4NMd6N2EyD=?R zTV7LMe($|~oA>UW;&s{j%UQK+d|dK}e=SPt63^(%J&~;-_-i*eq z%MbzUZ_{Feii7=*$tX`*%h0b66q?(^K=j3HQ=Mb96Sja#;?%@5Gr^d*N!*kXz?W=# ze$?3zM=9>mY2tMIl1V}~9Nq*-35+8a;!u=W2m^S>;Qo+W)^Y(pye3*>I=jfZn43~2 zg+HSri02Y5FrO!I_@FIEQLC-)&Fw*etbx~Z2;Fzf<_UxW_E8Cgrh$CQeA$*m@evwJ z(-{H5%66F`8Zmb_!?_+hxqOBOYNJd8T?J`%pTpI3AHea8f~z&`6p_&=v2i}YDb!?u zhxmO?^akX*-F6MKyZ6NVuV}FL!dh<}AKs1??Og`ZT=^Um@$9jTX4x&&RCkty#j1q{ zU?a4&!+?(ypH10;ehmYS_h7p+!I2P%m^1Z9oR_ z-l*}znPD_ae-loJ_Re&ZbQzTWK|$w_U4C_3b~@KTr-A}O#HP&a;63`e(HDT3f1bmv z>AERT;83CBD+P6{MdW!oMsHKaRL8DfD!S2~+2uK6p-{(aREhXwi?mwat=93TxHzP2 z=z-NCYJ_D46EI6c{6TOKx43JmGcq@r69UMbEzw~uHp8Y;SYViClnvW&y2B^boYuji z?WyUUCKxh5?TI-oqkg07P5mO}t#A04w5wclc4_x*PAw7yAj|vjb>DEM2iBZg4yx;G z*C51p8l`y=Z@v#q#5$)OtrO9iyDj=`NX0g>!k>=}D2TXvXpcBNQ2}_di+yN2o0Sp2 zOCx1H%>x`7=TwRlt|D8KvQ8vr4{ z#o|2DuwcARu#od2#v0X6X_3=I?gtdCxCh%6psNw0T621BIC?jVRYDmcHsbe$EAe(t z6=bpD`JR5@wTor*a*By=c^Ro-d#Xs0i7s;~ha@Dw{Oq7v^Q^Q^xES|Zbab>b4o=b> zneq=`8Fp$63Kj)V&T8?Tuk3)KaRr_$l}Q?b9#dMQrCUhU3yoW%m4a-mUPYzj-sz&80 zVW1`%d4{hu#w_>Qw4e)Y^XmhIZ~K+bRjC7Z!tL9@KbFrrZ{{L{zJ5}kb!iR}*k){l z$G2w3iu_;q&bHGCqoJcy@h!d6ARoFoyxJb*#!nbswFh*nzz*^Hc@8zMiNnxc8vrCg z51m>8x$wg2Fx9**1*HtVQuCSk6QG(q^JVD1*t&bFZf?EBIwy#xf!Bw`?!wRW=y_Jj zFRRyKgZlLJ&!~iyc;omt?BpAS0pOww2}(8=Wu_&4r4O*HZNB>xZT&A4-J0rhSznot zbPNGGZe)Colj1kOnXkiwZ-QJ9cGc|*!s>&udDn_F3x8GDqKbJSs>qd?u2*y$n(?5rb(HcL%Q{M~7peCd4udi?fRtuW4yZPC%{D?l)oMP6qHEGAY@-HQxJX(Ui;v-yE ztm6lMx6=b?%h}Ww)n6c;$I$1O*$zQ{m-Wx2v7-Txm2;Pq|D4};#)_G8l}$aecbrMJ z5(6E3e#m_e;NJ5J3al-Bkdk|zrZw!X z4X5ENnmagr1un=}fZ2-$e(ksn(K8Cx>Sd^??OH~m3fSqnkmyB7Z}bSVsVahZAIzd7e%w9M2N7GO?Lzjr`(0V%&SUY8Vv zOwuEsPcu~in{zDR9BRzbT}!~VZFE>}0s-FFn0G$_(HlW()uR6W@n3=b&nd%;T2#F0 zAr(GItS8XdjeMn(E>ESpXFTKZe9wZ0+=j1#z~mNK5f+9Af!XWv{xg*GPVTXdh<#QK zGRXi(kR(o=a{N^qvIGN1h>M)TNB$6otm%M5z5Se|@cAcxa6@poI}TXv&WkQQh+0u_ z7<&PDoh|!|xb#K@z~LtjX3oF8ACgW5qyUHun334s2VRg)`oE9;SIGaW)V~JwuevE^VP6szf!SHd2d8qQ=3V%?wS4mjAa)NGGn zdtK8tPQ1Xh_fh@ZH$}0wIZAMo+h!7dh6Y*h@@2>o#8gtoGt;fp>Z5ei73MDyCZ+z^ zqkmtJSuFq%?`73AV)ZOKUuK5A=YW~viNHWsS}59iM!JETZ$VN2Cqh2MLp1xVLq`Kr z@HNh!28`l6M>DRr-=Vmp$k*XvE82aA%#Z&>=7k-O3N{1$`(->;1_$2F((fF}xLSLc z5{NZXE6`L~xA%;Ua0Y?f8o3dTj~_PSf)?FqyOW0g4LiTsIZ&ApQ;+p5i z%JcO%!o5@V7pt3+fYJGpM93fd2uCxptNd11dHz{6(D3FNd3WqGL2 z4*&7MErsRK61Z(J*xJba4{|dqKi{aBkI)qFnJAe5%rxg0N8d|mTWk<~@+T=JE7g^) zSs%<;BOUVkX^y{uP3tom9Qe%2t1~>9(acS8kGtflFi|rC@+d^#%Z=nn*fR%$ah_?c zKa}xo+By|0r#}84=QAOU%4nJZuessD-qLz1uA2U{D8RI4tmw|C<4q0CiNA#p#Vii{ zg3L^hype7pqD~kgQh|n>p9f0}EZa(5*G?k+q%L_kxG8O(eL~q_jmC(f)v#k7KMP@z zmoVeLnRD76F%)5u#`tN^GB<6VN$Wo*xZSbb_m|5DGp^P^Ffix; zxY})VA&NLydrl9`u2gY7tu^2$)!JXj$z7qG-12Wt;w2a!+*cR<9@xiU8~z+(b1;LK zz)4X57VLIM#f)bVO->&Ax887jaq?pvC(HfISS})lYy(@~FFx&eMv6~A+ZPwWw6%wK z4rX^uJaVU)twp?KL0!X)Vhnuo+p}iOL)S60)p2^)5JS#C&#BE^#?vkSTd4gJcUv^7 z#Z&aTXBFMd2cKq90t_4QZh72~#$zE|$X*?s zXkuX=D+_6P_Lf}Hj}zThZnZJE{5nELr_(fi)))4fn+tmPM-3_c9l@+jq^3TW(#STt ztnEffuV02KJlXkl%dX22L_~YlOe}ayo!g763_N*g_fL}sU%Ht-k^6LWgFxapvnUa% zSTB23#nsVBM!XCi(_*0@DpPZy-+O(o>z#ZLi|`;!u<*}2VYq&jpS4n5ZFp~Mk>1*N z1(p1;bvb1Ry9yoXyw2jsnP*zXH~v|3*ry-%-71%lFeTorKsox>hQ9huF)^O+wVX!8 zyT2v$zl?TjnJXiaOo!L&SBGjxzFyd4NDu3MXg4j(C@rR4QXckAbm?f?BSefBl{~pS zNyFp1KcPA`4kJ3EwA%8qR2%T49#Z|VfyKD}aRwp>wUASqwHOPu4hi zLHub4sy3*cn;3+>b!CcnFttOG9F|t(;y<-AH&V0JQN26(R+dixYVae{ChFU{QaRf~ zhlOTX=Dy;OB8t2%qf)b_vuqVfD2ST^*9i(K zy8iWk6-g7`zvN@bV4PdT;k7%y+~#@eIp7}Tc`h{coJXmkJX<_BS-sBZFqHOXy<>PKWF1qVEH0a3MW+HaDTrR^9m!27{D;fcQDxy5`MdcXH1;$px-#zmR< z_58%LB-ThYZM@>#_Llm5v4zOFkjACYk(b})|N5AbRZP#9c2wD^TP;S(q;9uZj&dx` z|Mk3(Vu`1A89Tf!$7S^1Li*9X~mS8rl4A3$?A#S{HWF3MMnmHd2VW_}i`8g0AvN(HmO$&-Utd zA{~la*rnAo_vI{5<>s3k$=X@?{FLqq9j6l^!P;l)Y(t12dEDHh@CH}IPs&&CA3foq z<_)~g*;TT*#S{3-y?w5v;I%whoKS*^N-v?uGw2KDW=4TStw$yVBk+^=utvbBTQTvG zmZKU3EH-=@icf8k@u7IcAG29AyISaU|XvpDOqZP%Bl2Q z47gpWo>OV4>!!iOTu{{*0}~#~@4|9gg@uA_?bIS6$TG?5peVGz7s|g9_ zj9=%Ao36MTHbJ{8Fn|8C{B_nuV{Y>>PfSq6$edH`*Q2kIB8Cy*BO&P9HFuMK2tJ;r zfU^)E?_{;fq~Q?J!L~Z*WdLjb;fY8xc}GW3->{jdtn{7EKi-NLP_s7)D)LaoVp%~? zl%9{QJ{@X_X3j>T@m>*MvLiEy4Ya9JGpkn!&9G4^t1xx+BOP~>IMgn&jDE>rigm_>~xF=jbkVc7`2KEYIVbo8Xk{> zPl+>n!kGuQDU%G_1NYNIOcAQ5^BCi5jU_erkz#NZY#Xz_-!&fR`g z<>XFszUZK@{Wz#^RWu0`FtsABh-RjWyeX~?Dy2Gv)Gi4?iqLU(GdiR1EQZr+YXety z8}_Z%d%lQxj4wd#sT;oilNtIW>;@05y-QR&=q2~UzU>8C(m6`JjEoM9zIB~O4~!-o zFCVY7*ScW?fiqrW`fMd-xhrPF+2Y*>mck#{9jl7XAIDRGqsKrn{kYfVJd{FM@Y>NR zrQ+gtc!)<3B2MvRMHcw_$(V#UacVauG`3brX4eS5?Q(^`&9Lc?=^I|c(n~a-VmR!03pWGYjmhPbQG=W8-##OOnXyFh1zTy zYw(_TOE+DJm}VIkK1!ljK2{ofBp%`OkZyDQ<~>N5z%fv+{Z+K=uS3hYjf4=^T@pX* zw{RB=B_{fAWj%Ui89&6TS+oG3Hzui>8bd~3&tPiJ@G8)!3ARB?+(L8NfqkY1K6oiQ6VkwF{|Tq+}9 zL!yYY(KpsK2yvd(qI`s!A0rH)>u7$`@fvP-#Ty&@N(_MycJzmtC<%S5Ukx>-p7eL> zU#=&b+NhI`*7?xpCuaa(z}-O$3KB)_h*}A1c?(p4;Cr5r5N0yPglO90t3i|S!X93N z=F=ax0Z?tAOj;Mu)6e<>@!uTP^3&oUDSc3}JN5b&@#P|P7>$b`J{G1I?{`x4FNu#1 z%r-hBg{2CIbOoO95~k>jRT?(;;S;U1%)#)n_z9c)Z14#V@C)UGcZ}~@b<0MiAU;}U z*q6S!Ol;(jpA;34G0I|<(aOTayY%te(a<{Yj*j=cDv9@si2Jw5*;Xm#aeF5~G;3gs zkB>H#k#9zd7kR%8$)>)ss8y39)GGKRhA3m7Ic?6!?wI)zWr9j5a4ZTA)g2cewKx

d(_{-p#n$^g~AS(pZ7io*j0f6VE=wLBf-J~ z2i+_$qY0FKNs$d*NFLvMw84h>`Gd(Zglj@av?GF;SH~?C)#1f&uJY zfK7FWHj>&m@jQT*WKkxwGIFd8YC`2clKwS$U@95A=*I@Pg17tQANh z*1~~0x9P}g{#u9L6<178OP16Sl|7k$q;^!JcbS_KxjjmOeQk`SP+i8!7?L%9HQ79Ei_7!XeVF_OK;jtuV^d89Om_n zCkYe9vtlq_6OYH)_GMK@UnI|9zaEwU#OfCJgo5I(ewl9!nHZS{671A<^w)PV@(U2Y z!X#o+j{kmsfovp_jd`X1LXo!~dqGBGwirbABC&VF0h{r=lx4SXAyQ=ZfCtgpBtpD zC$xo`NSX(GO^J_scR0kX6|0QoPFJ$VUd6lOxA=tVoELUTv7OiMVq^OPLZ+8$S}dF- za7xwu4Q6;>Wu0$jGg~-T4Fw-*M7CH;K&7+8b&;ZGd8sGL=CJyvx}x$+Fz0x>sfL$` zVtUpSsey?TM%1&H^UUZkZ0YlMi30;ztI_1{T(`#;phl6c-fu;bJ(>xyV(zq$ z)?shQPVR^ISCkc=TSPn#h@82P#k^cAg#rP{9LlTEcKrCfl_Y7=6NM-rrf(r0SIORX zIFsC3let6ZKxZmxn?<8&{=)6sw^GYU&&IprRYUjvLK~PluRr_mBLW?n|YWHue z^~Rg0ygzg=U;JPW5CzaH=QIr0Y5;c8eHuzQQw{4Q)C+bMJ_)p1mA0^yJsD;ze_7F!%5r5U5%c0CmJ8*Etb#Q zqWHPNV_g5+?2AFzich3it!Br3M}eK0RfcrgLy_F3hKk5}p>k zr@{=o{a&TDybX~PK1aG^12X?Uv|383c01)M-a5}($x!E?cf45LdW zHlRf)z`_S({|o5xZ)~wW=WJ50LlV4b~%03-EY9{fh5FC%}3V8OeA zo>|~i?Fc`aGtTPy6zV}Pp>73r5-|zZezdyd;>-zq2uIrp*W?uK} zzMt#k`M94?eopewkn=|#4ezWZjyf-Z&yz7I0Qvp`V3!#>AfA(##4$S#0rAFcTm_?S zx#j2eI0j1oZjxmILKHTd|LWOPQ9%qh&b+n6K49!;j9jf$C^FpZ6kI!muJ}A9Q;U3h-$v#D`wNWyz#DMR@eSC;>UAMvJW4f$l1kt4|&fbn~8zq}|b z-MYLmiA)z+LCYa5{?ii@sz2_p{mIkD{z#Uvk1$qm%kQzmWaW{Y)B>=BM0M#I*xl=A zQ}?aQ2*}H`?XvAOPa@pp)2|zg88v3CJFB?tS|b32-(BuYDzWxc@G>wwR;J{rlNPeKS7#@~MB6 zWOsu0H4tM2b@KoHpDUD>|0iuon$hT8M@55uwQbP6}2NJ<{!`^Q)h;L zuh11T451%65Uq*0@pr|Xp7>@)G3 z&*VGK%M?nNlR}yuw(cp-VZqksRya&vpb__CkfS!g_(eGZa?-v>a`BEh4oh^CZkk!i zoUk2+7G~x1jw(RzWs4A4_p+0o&UE{GOy_f#(pVs;8~Axq;3sH^Xj64kWRUT?wE&Kw zqcm=Q>iNvl9{E^PB)poeY50?jo2mg4eGqG(pz(Mtec?`Pm6w(GU&sC^?cU|p+#K;- z%Zd^#h;7&X_jio>=zk=RT@sGcqG|wYBLm!PZdl>R0%y3Q`kQ(4f3s%vG|qW2pyvOn zV9d;S!qm=F;Hj40r8%Dqj~85BTGY~6_B-tP!62DZA3zj8+~CzW7xf|>4bH2M*1cGR z`Q5%dZ|_yVp6cr@cin;=_e8{N9*QPVEvxh}nmUCvBziRO(2gVCuDy;d?&3)QbCxBV z?ls(Ty|d*^RZrrH$U{$Meit-RG&Dd}eC#hl2NY6<2n%TK$fDssrKc7q2jsPudu?_1 z<}y3A)Mkq=JryrmDobOTAr`aGR1$WjwP}Z9Fl>(191FKMJzQsZ^kJCsVZYh8*FPCl zM6Odx*~>1T#rD4rofvitluSTw3!1dtrgY2C#;JVUIJ++>Qm;DzfeCJ#lYMk6bEcEo zfIb~QQh=RYUW>W9jWJ2ES*l1)fhuHY=4MI7k@2!Vlqk9<&V34bM+!FI@6zXky@of>G{nVlT6ch z@RN1IyqDLINvLH`)jNKVu>?k`QUoKHhyBh>?}Tcw$Rdcz7UMgP3qYvFM|TGyKBcrth6UkejMdgtx_K7qSA7uMd!mnYoN{_u7vU zC0g56-2ZB)p%29qW5RpA&jz17%wf0ek!|?5(HP5>&)e?qE#^n?iyWn1hS z7nNVZe(yxlbOMTIw!FEGt$m*tK%JHrR40^p?rRFI^KI6E7 zH0w^TVTN!040qy%LV9F{$609)j+it^wfK{Ftt}aGl%9C*XsxI-+LP0>)Gw~6SfpJ^ zsW=+%NwW*?A$WK4%9Iqi1X^UYBjwL3a2t#5%!<%%L?b&n^a<-YDZC_VBmE(j{U(Q2 zVaxz#t2f8Cd~|BE_x7w?UjBPS0dg{{Co;II3PafKQ^)R(D_ZPAc$Tb@{>{2s=AYC* zcaV@GDU3~bL}5CUB1A7aYgCn^s%Igp?#!v@F2d*Eh?28vV#-)<5 zX-6~GWO->#@TW871><4t2^oBN^XNcVhXJQfXVK}f!%}{0my9`b3V?vI+RX4A+lKdS zFXaf-fLWHJq^fmkpaQS29YEhugdrJp!_xWVZ^ud|PlFGgP4EfsE85?rYi2xvoM%i z!#ZNKHJaTfUZZ{9wIWLA3ab;t9Zj-hV4?`wNiJY{aj*slcV3lZFktB)_I5Qn55U{y zUb7$K^@yH+OSj)sv_hSu+>D;(Y~H_Ja`S8`M=e`buAOT3M+gq zHcE2gPVH1W0=f?LNa{x0_P=F)%sQu+3jl!dh#w zw{HA@QB?JR;IM(iq)B*a{U|B`uVG zBxBGGu{>rUxkph;1B4m6I4L%B4OxsZl;xt8^#?C=E^1qr4v`9_PM;)%@RY#1yszC>!4T(yOb0>E%ocUzrfP*m8Es*W+7FpIn#sGs{U-wX#> zdCM+wgZ+|-b3}flRZUSAh%>Ehg9MFS&)Sv+kM(7@3`a*BG~ZRMqKAQIe8oEKi|ykk z+RMidgJ8m0u4$-FcJ=$-?BWpt!xzq1<4e|n5&>wY*+8%g)OUe+@DN!AipKjv=Vy)5 ziTMvf6k}6HZo%x_c4V!hpS*dl`rVw?2@NFXWa=cleAu=no`-G3cwg+f)MIl3-zjAr zB?hwsKEIsx)+?)f1J(>BIE5`IXbe%OKOn0o#Ig((O7|)L%f!S3X^J^wuY2{1WER4r zh~dI!Sj_k%rHbBocBauHZdUWK=N&CA)cyPD7S%5Jg)!;OwXr&vS?0yttxeVtY=Yeb zgs>;VqK}k#c5X*lc4f|lqJ#QSAz>1h`MWKDv5zc1`W{QpgU{JAgyjdvUtL||rgYAB z#ITUSxIF`~=JmWWJ(gEsF>&#EGL40r`qK_)F};i*%c}2w!po%i&*fd8AHI-GQ|S!2 zG{|Di&#$V=j#WI+a#FbK31|-eC}66$Uk{SPMkF`#L9F>9F5 zbg|v8-tyKOL9Ui-<0}O-m6WkG!{T)MAv6dkq9ev2b7>QdfIVt*>}CzVClZ#^BSaHU zOwC`SVzcQ?69PNjB^1Nr^wm_=?iD<|if%^Wc;hg0Mciz~1CqG@S4PndIw-#Z$Cywa zb{yM<%)EU&@x)=O0Bru_DM9H2e-sm3+J7(I2Rc{&;M4<~-vua8n{Fz^nH+^T_LK!X zjNRB2v#eb~e00{5)l#7xQ4BQPP&Cux$)g=Q3WZBe?0n>-aUq9XF zX2WJeE-{8^xd1lx)vh31JnIsp8Z@5x=(ePANsl;@?ZQ~9anb`X6}ck&=XL zW{ov@0Y zeQDpmOG6DK@L)$1m|-A_W}~9&quK}7$*pb?+ z#<|lG;O$O?GA=JN+%Cz893Q|&`jwX6HZpe5F`A3B+3P)E3q$%p9IM9Yzf{Yl6Yw6H zL+5w(NNf09%dsBNwg}%yJ80LPkwZIiMe?I__q0~cow4(~&IL3JC)7GasI4bPf>PyS z|2sbGN{8KnZNMkrA)AUATM|Y>TZsyQVEPt-y$-gQRVLywRqIHW<}A%$C?itTTADD>_Ze01 z*Zd+R;RG4(hpFfgB&iF@MO5Ua$kfMJuC=n7%c3B?9+fNqO=YHIMDh;^lkh_6Z57oc z*gg$SZnH~q&S-vD>*ydR;E3Awiv7VNozQhaA47_>fjfC2Wgp~?dS7akuu`uNxP?YJ z%*ar$&iJYNEd&A3wPLQMqOBh|y3<1HY&+!$VY7(P@oJV1GdQ^QQ-yB$ACIWOQLm>w zHgS2Hz~a%kJkL{lNK)+g85Sk|pten1xucjdIyAF0SKE7M>6`X{$qh)AuLL@qUk(5y zMefQ4zaPOq;LBa)b6NzQalc=cfeaKs`RqFEh}^%Ntf;jdgzWrF&&&cdpMfj_YUuY5 z$N2w`A6~(c{{6K78~#tDbXu0L(P5jxcgHg|CtPh`uO`zs{cG=xTSq4!*8jmNCcH)I z{Q47o^zn36&SX{pJ2T9=L3y)C3HOPrkADT~3;%l$09_Wv)FM4E8LDsIr#d&^$sJ31 zTBGd^vq8=!Rv=`xCW0E&s@SJ~@zr%$yp<}q`BY?-xtq&jx3<~8`>1~b+N8=x=w9Ww z8&IECumFT&fe`H=2+7mRykY@eQ6DsD_{mjdt|qs8EhMqL)};^0Qx<73 zpbdX<(ALdc|8ycZ-Mb@y?c`>9F#>z-L^h^aZnL=cZ^*E0-LM^dFW91<&hKmTYr6U1 zOv_gNmj2dfL$UUrq0wDxxk~t&iF#KmX^zkmuat|ocRi{>K-Cv|8ej2xI=9-1H}=MF zSl*k0-Qc=c07zWVpIq&<$2v+H8~Vs}-#M+RM%P|F;eHo0d&+&j{6KxBb!47*{4j7C zi~vy1x4Ze^W3_Jt=#d)QmM~&wY^U~`j>U1|g3(91I7Pz5jzWsP*7O{mctgw2mV6VF zYEw0!dv~JPH>7*jV(=5kN9!&bsvj_4n31VoHpQ^(JZvI7A{w%GPH5b`-~qQwlXNR*t< z*@?yWnWZgy{u^bw5vXm185Ntx!xhJ)Tr5tYZ?7u9*J`}MOrI(f#}2}qEiG9t(oU6E z3D*g$`cFC}QJ_5;-14tIp@&OjBT5Dy+#xEe9Qq6G+MulO-~FB+5uBKG>X~1Lyik{t zlSeJD9Y1|00k3)h|FK$s&2X~G)m?aJM*(^}OjD$-!+{pb8vmTSv^3r58_>S8r*n^5?jTcrH70LWP8) zxC~qVh-_Nwsk?Q;?OGb?`f-mbDp`G5T<IBW+K{enwPDg9Z|J3pDZS}wr_!V!F$irYe{Zpf~<99J{8G(zt~2} zin0B|)R&7_D3S=*KV7w_#iLX@1`9MW3gjCsk8nLy(H?@&)iMYAHC}eVz>r8rpMppT zLVf&GXa3atu0u|^Bi7RHb!tB8dB_yYA@w!m-kFR=XVq>;B(x!`z=oU_Q9sxq#N*j{ z;@)3SGcI2~I8m5vrcc55+tzV758ImqNiafv|NXH1tB6t2LJI8`uG#n&$#A)P06cV- z(Jir0vJeJ`t0m2*7ApFUEZ_0=uZobmXlfG6rQ%P9y%0TC&C#86iCGR-r#c@K?Z|hsG!gof`wB5NA zh-z!b;r_5DI>JaWF_Q#g6P;?Zk5tsQNJvp&SVVv4+Um*wpkm@vOisGgs2?bz~3j3ka7tf2QJPi+f~zlY5t@-c$LfCU4QL{+8}B1;#K&V zaaJN(?%JHG*awyvbpy=-Z^t!s8lz-iMseMnM8}AU#IlBUCsUGnk<*V>)hue>${mX) zu7$+lE)avXXRbx3PnE6-9M!pd8oWhdnv69`w=}%DP%o+zWl%5_6HE#$nX4{xJjRk8 z%dTEWCUKby2VL0ma{g9W@T0jwaOWm=MQIRScC zz2$sDe`#{mZ$KW?UV=@R1tM~@{>N&)_5~PCk~39r%>)+DjGP+CXDGQID|3eI>u~O0 z+|F^Nh4;mWtC$bQBI>$IYPO%k-73{yNL=8LFk#ikLw@Eta7w550-2~&`+khL`VaTa z0{k@nk_XPZXt2Xljz?%0R|}D!+DlxSo*E>u+_$Owwg=0VBFJe?Dl|m*J_P$-t4X!) z_{9h{aKL(N=mTw*@(A`|DBW^8`wi9G?J6%DJJz5mXWanl>uD>(_@ais?3kMAQJc zx<^$;3$ey(UHspx>D$7_U<^Y4E7!T$hOMZKW+~2%vQfs-lmOP?Yl@Ut^MDW4gAw@z z#f}aY)4Z`1qo<`a6~&{D82OE<$^GlQ-D&L%gu2fF{lspQKK?rpm1C`2ux9pI-0>Oy zMEGP*MeeRb?eh8n?sM02Ez;IFUyc1r*2Mb}sQFI8@*Q@i z+#KKdhdDauxw+uI(c5klnA{SatKGa}!g{c|Th+ZLI;zEM%vJ#{++qy|$NG8JukacW~j>aVj42Q!Lr_xi+aHx*~o$ zki)NCXuWf1ynbQX!iN4gW-xzD^}02ay<*+gKpS4Skql-FRZGU9K(88o7ea$J+t01E zD?nxzUUBbP7J}N{c}QH&Dmcqh%Y)mEJVrR^ zkZF`tR)AzA@JF=g!q84wefFXPa=ht|BTU9BggT#H@IakQTi{w8uqIx0?z^i?g*~Ef zB#?OZHmt;8w(!U*CN=v|CR}TSu3}M;#DaG*RWaXdZU|6%9^{QhV zC4QVAtk0oWUznVHp+$ek>b7D9&HWkJZc{q}da8`n4wX*ZvsJ{fGM~X!9&*nq(_%ABrnCDVOzQd1p59h6J={rD(YQ%!!7v^>)~|~P zEo)|vy4iVWk1P7mCB9DY5H~2&^-gWZLWTkiK?Qc%V-*vO)Q!w>M5eDfd4+Tg%`ivGTc09v8}E1T9VUW5mZKC;)(LnSpBu3U9SF2W^+5w4gB0m$1gX=7tef4KhIp|}z9dulbp9J$`L!tI)op6e? z4d}XB=)6WqVw?8zyzS5XDsL^m$GX`Pa=>}NTXR8wn@?FK1~CQo=Qy2U6q|@viM;@i z`o#CAo0Y2QmcA*5ByGL?Ea)~G0{TKf-$0tWOoN7RRYr`r^9F_^ziW*sHf%HYmLhnC z)Ca*dBjc-kp+2O&T?neY+>rp#*0UEh?h=9~K>t}_c_Z4ce0HR{0!;Gh$~ZdlKY!_B zxf@&^F(HxP?K|cQrk;idEYYOxP7W=OSp@(cmbd5}SCruyE)CsuA8G{+C_kwn1TY)3i75*Mzef+*7 zg}nG~?otEyE*Pk%4Rsp5S=)UxDXbg}g(^QKjrtuj9FpI+C+rZ=-II{+>aBtoLw#*~ z@5>~7O3*E`BKU_Lhhr>@%Po=PBB0x}+t0H0;~h=qtcTcORQcu!FgNU=&vbudo+C;3 zklD|Hl=$~^IJp@+R_SOh?bUK25lrZW6oUL+Bq`gzOEA228T277k5ls~pP!;VwA_N6 zYc&xA@4eEZ$pT+mbIf3tkL|f7K!DL>Wshl|& z2G$GCS6F`Fe|=%#Za?VXwI|MJFgmr#w`yiJ_Yk}GLc(AT^d zSbjm!^4g&3W>=;e4$L3axC`}^^jlsSvbiux=Q&2y`X2K9*zjw;-at+_0t+s?BMY=N z96ty;$$>%0(sxhR<*wq9Wc@;LfmW7n03E<3K%4Pi&`Mp0X?{prK>_0;mj=(+u#e_$p4SL0wmF@7zEzIajMhj{o_jtSo z@83{X_9JS1#mAR_NVhbk^5bvO3zIcy5$&aE0`HFh@gZG{Ahg&h{kK=!Al(IT^)D2SvZ>jffy|W~c!+*A6Y`5&762X!+n3U#YEF(#yw6Ax$}-I~rN7pm@bTiucLS5x>YL zEM$RN{yuALWfr_~>!x3xLCoc-%c7Xf@-^M9$g>w2CHd>cKS3$PPbvD>lYG11>r71_c-27gEcG9$%eU`8 zYP$j*&Q7rHS&^@nKnu9v%~5l$He3!%_~||{2ov<)-=+a~g7*=K5tWpz!oiqH&}#59 zu$4Qszewg6xr@0F_0FIOEJf4<+SBTFRbccvY@4c!d8NRsE&I-`1_`jF?(AM*rFECtd2i>c7JJb(UH)_oSQ*!3INf+F;nrfJ4D ztN5Xv23BWV957b2J3&=aTE0-X?NDG1H9EoY$oAIO2rcFn@E%lPZ+k(n-Hn&toU3w) z4WNR#rs{s6$0t~K%cm8?{&jaQ7hg=ri2ZJLcl4r;;<f?M5Ed{akTOtyHI=k z@+?Yz4as#`m>>ehtp}Yd2cRtPI4(h}ys@b!q?v%s9Xeea^5U&tj1XyHsp#OL{Zct& z^lMj&Ap0OI8g7Lg&uavuKj~$($=-?zsN>-cE8-$(Pq+@nX4YvN<6OGRK`6KXd-M${ zzySrNf%y~e0jIJSTjwZCGt#cD+Y=pGE+-9}G{$n7 z0DDw`UJ?}b33MBwkwn*0Zm#4&LsR8ZQg0UmC3UPgLlauBtd91LMcrLs6w@1m0yoNw zn4Hvk{7fv%Y<*o;ul6*1oE?nANTE?gbDkdub0aMMLzvXMbDTCxI1^ zS31DD;^L_&umSDEsBq<-V`RqHp8=S9}jWN>%vav44^58T;q` z?YVvX1B6yPP0sK&CW6d*mEYk2=>&-WSAK*qe=}Ch z&688s1yGBP{+2vx557En^HfXkoIo_DX!`6!+MIAe!Q{qQP=9mCNC5X$w2S|;wVM#x zR>fSEb>)ytTfh>Ok-uk6MB~Rl!OT1QZO4631#INr-Do>Y*gc>z6BY=CYJtClrt0|GMG0}r9_jMd7S+?Y`L!LNh{g$tNjp|zVkgDKI0NLo? zBl8+*!x_2bA0pA*mu8p^P=aN)z1qp@C^GDx(Tx zS2^W4q)h@@-3t!+Pb&?L1E7k~j@qVE(y%vo<#dig9s->1W-z0{d}5~u=xM$lny8yg zn=^wIi|B$O9mpaXwBN;l?DVlx7YQsa14nBsq(I5y(}=w4kF<-@>HhTq#5o87N*`;r zR|(urf)&07`&hK>{wO|KdkCOMvfD3=?U@hHePf^Gol1OwGXy0OV_~veD|~t8xk|cA zj^(H#?~x7UAuR+9%C{pUaP4LIJhRenM$RRV+iK3fvm+wRqMpBVRxzPmH;l7UT1MAz zMflGf0%yj#dARcLGlBtRItgQS6tw8B0K=#+!2SHe$cPHip!7JkL@;1e!cn(tC#NW1 z!?&rBt-xsEy*;%@2WvcVb5f0pwVV@+vIFTosT0yE!ED`ebSs;6w# z?B2(wzr@Sell&Jvlh_RJ(am8c;q&GSIHp6`a?yuqO@k?4m-@)OR|^2bXH|+gpa4>vknr9=*8BaqQbIv;(}S*Uwqv;a7YZUTAydYa`fDbA zK9CgG%}@jO;w-xE;B(R+&)_J1jam=22cJ-jGMdu*=d}i49+2}gt`sy%ZSFRx0@T63aR%6AB^ZwFS2D zLA3&_6*JiX#WlUyw1)|1c34cV8rBteZn^F)1;!4Pp;V}TGm|R~(HGsm7BN1EUp&UY znm*g?Ph4vnz`h|cZfb1Z)%$ED%!TTW8TY^ujcQ0GGfqv!`xlM|C{OJo#WnY#wwj0# zTT5?|XqG-fn5};e$ptL`MdQ3{D#$TN@voy$g;4_X=3T{XHDcaTYxH6~Y^xLUQ{K=U z7bJOZXefWICG}ELVD~|5VsnWVD|RSmDf#ZvAuVpE$~y9tT9uWuG#dS`mFq@XxEGRppK9m$Xn@~Lc9TnLN?Sodo0papKEq`Xv%w3P*{c6jX`_v*u|J>6A9wj;f4UlfarMARsGd7 zA#9s?XPNw)XcwP(%R-_lGFIPgE7taAoz8RCthl1f^bAaAW-^!*(~Tgu1X>tuuyQZl zTsZ#FA{KdJH637pP5sMqUg*|+27f?@v*)s7(U+5%Sr--K;m z1&_NgFcCw!L9rD+;KNq1m#}c>p8_U;+)wiC!l31@Y_=H5yC1s+i_qo_2d79#7kXYr z%Op7X0sOP#f~rM=mKVZLp)VtQVGUTXV|o}^FKu*kX+Djgz* zTJ2C4&c9(Bbljc@&_fz53L7}>hSUqL1aClq6hGah$e8Q1#jiRIQoo$YEGNh-rz zi{??Dv5X{lKIS2u#dAsts0D_(M5Nb@!K^@B)ZXxfc_ni@R*ZG&9#Ld@K-0fV2_f34 zXo&`4;YIpWmakh>*DoLfcr&j?ePm78ANN|Pd`WXGi(5+_sVp;(nlKNFGnUdXv>l7k zK+ych*<<);^L$8ct#5^blo43)VSQ0vIY5_ATOrN*5RJhz~1F<3NB zXJ`B&Tiu(^36ea+1>X<=1x0I;d_nro-@-vHo=Md}jC>w`R=40WcnK%sSI4&SH+^bF zQicWS;LGvK%qFNn=FWa->A#b$)dC|hl5^L)0A@Wshc?!!Q?w1L0PI`E9N@CAw3B?n zjRBRy@iwww&^`ipXz6|x7s$`omr(L5Vbu2gsv#szwBoLPYc}m_f;K6 z-f(X1Y_8rHNdhbX0ak#e+6N839LS}>M>>=>&P4Az!kw8NrK-lU=~}52OV-#BR3#Bx z6f)gi>u2o(?0Jy^3o5P-=R*ZbmBTVVav4ws%miD8%kDzwS`fZOs~ApKsyu zFzkT~5-Q+1AqJn~-uUad@%wP#Q?uiz{AY4noDGrmH;u_=q~Hj4i?fj!mgX<h@g^c(OAfw!lGa`OdLrc=Mpu<=Ls#PCIRH-dKLYig9~v!S@V8`~L}KrKwp9UvW6S zEx*s*&aepXrN_q%R_wBxT%gI)L*!oQ#qW6U-wNljL|#^?}!6zA)Cp2Hv0bYQ|}rp`J6nMO~9!NC4I~?ot~*=jO37{GL?d!Y~W&GC8i8LK+W zv7=d<;iLqq!|o$aep-Y1>84)Nm5!$yKmnP)zlJuKMN6A2a97Wo52tcLYGyq9uB&no z7{cH3V@eF+{D=)HQ=Z)wCZ-DK)ZMABQ|ZEXxMA=>xhcNCsNceitJ{qB2mQg*?-V`d#dp4F$w1CqrH zHkEV48!W?4!>PiD=?%2h&e+9DfFOt>-IC|5rY(c~pF~f<1sk{i3%Uik3+Q`bO;LPf z3~=BFk7{ejd;(;an+H=bYjucz+>6fX!moeQ}!xY+-&`R))`YtrUMTQ)NAECez9LvnaQaUaz2 zLeh@>p%i*!u&LIst!F6kDB}8!g09s^LP5$4N?+a`?{3){a(KsL9J8)6QD9x)@TG50 zQvP^j@MW!L{1KtHxtXNebJ+C27f|46Dd|md|WwjG-P!2hj~)DgQ@~z*^tL@G);7Gx49O;)mWm7>tUJj*re% zYVNwQvC$MP>@yXm&<6^Mzd*LdFNw_9+_3yqs~@eVq9mvBfLBxmY#gWrX#9gt^%bkN z?a(?$h>tc=nz?>sqN;Xdbm2~==EJ$SZoF{+!1r$Nm+t|f?bY^gu1e)&!5S5w$53kh z9H68}hQ37?pv)xB^FP3Jo_;`z`ETW54bSv{&ItnNSMeu3(JCV zHdG5dS>d%C2tLpG6VM)k$^?xVVfC*92Z;3=00^P-ptUB#Oo@&h$-s{88-plOJS{6a zyua7`2>^P&*N^^Bq*MTfL)FipPdig7Rtl>(F^4FY#JRY$x7{4W>GY&2?dU35dhgip zf}ZV3GJs-*M*E(?gV*vzDvZJPrlIAY2~iya z6!f?P?nFhHbWz8!3a}4r0!^V@0o2R8p`;c-uawcB>PC2)03AZGdZr%gZ)lR~^w58b z#<`SP*bEPE-Yf0+@C4`rBjIrjke-T$CN|b&WxGG+^&K%X{^UaG;6*aU4TJOYI|}+y zc+c@2`RKyoWj}}(!qc+CYDnf|0tVS}tYtrI%969FvK?#tI2=SAQ)><=|DK^~6Hg~e zoBTOMZ3`Igab4hQ8&7W2NbvoOy!5y$Hx~+cooTWYixI^8DU&Yq3m9Kcl`gNQe?3I$ z+F<45$wbx=oQIktL;)#{=hcS)=;6dXuZDqU9m~aw80<*(QNh)T=%6&6e8>qPPP+5} z@^!D#9?!#w1Njf9kbvBCx1HcEi(t3Hw4Z88`czDs0fNw_TSJ&4$W6M^$8!bqqglkL z@@}#E+Jw(|e|#9LJJATtZ`I+x4ErdOaSZKGtK_F5&EvIfNX}weAL{)i#fn_ffG4tw zM<24vKUFHBtvpneFg+QT8j;uKCLp$YXb-{dR+4i#erEKJGhAn=poOS09UCQ*@lio^ zB}FZhow#V@4e;MuXK@TgvI4HRiU~lOr#MqQV$>_kwlSQvm_>!tiu1)*Hf7zfHU*h} z3mN5?QAh|lgxoQ?I8KVz%x+Q{Gw9llKx&S|J7mWftE>vm4_Kp@yJ9Q;-ovV^SFnGk zt;~W#wM`9*3r%|f3sEoPsy1#Mz@$-~%$Jlb*?V28OB10GCeHH=Dy020>{|_yscBxX zV||Op?WHWS)rGwy`N%njS=;E?Vmp((Dz<11yif_sAbHstDKIFQB6Vj`6|%NQq+C>- zTNnaVzhTIJX{TtxpRVlZ-v9V0h)H@Y!e7bjxkrUaqnF@>>F>PA32Dn(ZMdez!n*}A zyCBav4(4ca&kTB@KU01^*)5fQg@{1^i#7B*p^m(h zyvXWxq3a>-{MD}kvY%1YoV3p33%O}NIKxQ_Lv3&f6 z< z@Id<@Zo6@*HhpoXW<41y&!~JR!SKrlPpf^yMU946Y}#98NPPi(0A>rLA9@1k`Xl!Ej3j%9jWqfjc^ivnVorRBFWzpqdpNUJ^45u2K?O z4{k-c9JU@J4j$b@GT$2qjOGf}nyqX(*@vrWJ4F`<33AggTWcaq?IfW@3H?6P8qZPC zP{wfwmwPMkIAc&l?bw#}N$X3{sWOtHgG&y7mcfVoxLF6`pG`a{bK-{&vQaDg_1NIQ zhp&oH@Hv-+&h9(g_h-!pL5ufr`FU^BL>C|*TmsO?;5FI#q`?(epJ-b@RNgn15Jey&hW;pR4Xd*J6qJfMq7s6 z`l=_dQLL6mPnnETD#fVPo-nf8{1Fl%0IPu-UVur zSo#h*dqaN9s$1YbLOts!<1T&ZUdq0Rl!fpVO{z7nsu$eyu*2O?SuluMOP)*7MXNB% zv4f)Gc6)r6`~@~h{$@;dI)0QMGLwrVjx+H~?+yaDox25d%3^d(15_|8fLFIOc}c{` zXZ@}1ZD3KwhRQ8uP{C*H0p8lf}8Ix0ccnGMn(ztQv&QCHt%w20)W-jo)l&{ z+x8eh${YR7>>+CRuaGiv#%8(pBE?f-8wnWmgH2k5Bc3dOUZv2CV~$`9J+no|s=|HmrQ zlA9L6OnPJi7%p8dYUZ>V&}Pk#n6gG&<$zCA=mpb&>n#O-@Gie{*uG|>4hHX*!E|4d zl9_nMT`*NvPCVu5?xy$l4GA`2miBru+ueR1@LXd=h+1FkExh7iIcHx*NOoN{#7Q^` z#=loICZ2exI|i|W#&J~bPJi}zFQ8SqOzp4wU*C>-@QG10V{jDAAg=&Jejn(L0ZvaS zM6-mZGcSSBw2pOp4(ytBJnEDGWDR}E$3ewm37Sn@8?T}2lvA}2$`-?3dqIR8Fts+9 zRI)sr6jA=V?>p@hlp|NTZeP-KqXQB|qt-J)H@g5g^&pr`J2{65&=N18-1$Md{K``L z`n!HSd3mFl4(hsJjHp0{ZUbwA6b`AH`vJn+-JNAMH?18;*TA z<=YO}SL<-yzK-*3Dp$dJm1k*`ukE8VfcqT1>4s=!obM2?&Hdy>JMOIj2t-I*VMM#z zPD7MmtaaHP*Wtv_5Z+a5wxW`5Eo6Jd#%d4EsEtJ*}KnpT)!T zRspg&F*AdGTn?2RjGQQxaRMZ>L^GVrNn1FhySM^Kq!jq4WU?V(`BLeco5ZL^aNP~? zFPR6PL<gFeFxNCS`orOYhhY|5GC_brBCYb|<+sntk>py|+;|Yj~ z3!s*c`DAT?IsoC+^4e&r3Rsssfup;ieNm=*0>-^+#Z~)wP|&vtZh0wbr~~%m-MAhK zESyi}yxFvg6$wz0z#R~M*$YI346QayaPn0 z{JKT}O`K;d&H?T_;KDk;)jLZB%uR5M;>-0fn3OiqMku2DvFtP}wRDIr$@BI%=zOZZ zXRxi{R@+U=w`DH28qMe0$6KrcW!10HjRW`Frn)>|VLd&+_;z})~# z_v$VOKc3Q3=FORy^m&D=N__rNvP2KzDjfPAA^TibKMTp(W z6DR~?76{4tv0Zbw!dgjy&B)_<{)=x6>b`#O*nhqU zWI|n6@l)-GHPW&31H_em=KIg5PNhP8KgHu-Nwm142>mZyN3cgLrv?%+1&jCBhwg4M z0LQOB{7pKwMkC);K;PJn(?9nhl&+57#`B5;osh$=QiUjB7yQ2og4fN0Mc+R!YMQI6 z*YD4+`|$U{>wxyj)5r@Q8uy*m2VMb*$MN9mMR9BQW51;-V#P@@i)Wx@`pVhrtC)?R zj{@{Oamk@)+2bFs+kDE(P3Pt508cr#Xvmgi>!0H>?fohg!}EPqUt1C|1I0JY?Y=)ja_OG}^HwXM7FkE8Onh|`&Sm1^JkPJb&a^_OY9;B0Ro8)Q zH};{|&Hbh-3sE^B)FbZ#<~g>l0a-kMK#8+r(}4sviWc>*Js&M_*aMz3d?G)v_~mK> z;OBi7syaIG43vqlKa|hM0<8FzibWjDcj{gjI2fq5(Q!vrf>##EDXCWY=}GY%$^mQc z44Qjj?Rm&WUS+Xa1g_*8gLqR{D$IW-)*%7p>WbH-QL`5cdPBsa>n0U$L`guNZ@sos zgY<=JkpKK?+)hTG$Aw_JkTf>M5N+v70KUoW>Q-#JtTj<*Y!2-aZTDiNkqweo4s5=g zRT8CD>b6DkSzYll;Gbi}l!w01-7Ry;ot zc_56Sm&8%NBh(Lnj|6sgKJH57W5NR16fC$eIh22Y7aLq!Ngtjmn))c-OSX;Jn4Xby zcDOy)ewc!Tf!IK#9E7Z5QmEOcNLJVr+_HzTxXJ-`wiRd8q!-+)5!`bse1pY%&vkkV zh1Z+LNmp#cI*A}S>&4b6;P2W+S*Un2y0td!IP%B;#ol{IHJNp7<3Yqi5fv2_0cR8u z5fC$U2s)0#SO67i(nUZiL0aep8;l}gL!?GUL8Jsh2oN9?H6SG@oe&}fsR^MbKuGeP z8yufup66S?-&$W;@4MFbk84Tpa?ZZ@+2`8VF6T^&mRe)7CiX?^GyXSKbiLjBP>_8o z&Rv{q2sfBgQvexdLnI7!&`CabbAF~#@{^EzAf-6Hp5gQ?mx>6F0ZIA*fnaoF=1wZ4 zKBh!XX){6cvgOrR@ikivcR%3Xj`V>_S^MuQ<<;fwk<|;lhC+Wh98x8){uapJssx1m zZArTgQF7sdEO+U{4o6vyu;Y=U8kGCtNZhmHlkEK4&EyUErY8E^ zS-?f1&&V1CEET>RN^*~ciXxUkE~MuaKY_5&?sfwoZ z&PbCZg^9MH+Xwfrg?7>9*!l4HdHXI0JdNP?N6AIDn_DXfgxvEt(VP0MJB|+uf|OE1 zr|Y}xY}}|2LhOHJg1CCbLG|tXt=%I#`H5)$^W#xFD2U&u!8@6bV{KVrkde~Jr(C;a zAEHdaFN?im3KLlSr2$DZ>3s0i_a1G`_H2tWb{By2*QP#5YAyuPRCV4DKWpRZ3_W!! zK>z;m$Qo2=EU;a;{e1iAV+&*|50$;1E{>Srq>HKPWC7`SW(SO>^#?gQGbR8){}@tA0;fQw6`M$uBNB!Ulnw>`xIg1lAH(ZKAe>H1K9F zl0yfd&WM}hRWWDIk`$T7#S!W@%Nd00d-LUkvKJriUxQi_iYmd*$f@R4#>z#bjScTf zffQSycA$@kH%I`y4YG(1>RNjinIXxbB5@EQtB_WMe-27a3FlyO&-KE2^TW^jRj=9v z_TL6(d3>GoP)nm;QX=W@Zf5U;#D0_n>?i|3mlcCkDs*z@XH?dG%7lP!S^?km(x^JdaaIIl+KX z`eJJck*S*YLfhbvkI$0Ox&5J3P9IyivRNvI8pfvdGNz^m6hF-zXMs9S`*;C-_<&*$ zZIm`6=p)*p#_I5rKyTT@xHyvRS!{*GmoSYDxU-X)23*Ae&T<_|hn1_kFaab|=Cv75 zhi@4GpthO!@I<9l4tOM3UzW28KOd}EhYGzHShldp0K_b_bU2N!dUX)n+y`-FvWNYUyA zC6rg$XhxgojEP*u(sYBSaIDx(zk8nzINhXAWiF^`=ahTd*Q0|#5o}>*XdaaXoJ03_ zP0*U47hxK@C8vV>PTFmb>wJ*+F~W9i_A9774Xhp;1vS@YgW-QlpwIo(1jGcgjy|km z8Stj!ZkQ%Xa%9K!*}c9(7*4x|y{9)gerPD!mkiPmGi`r#CK1;e*#l;^t^y9<2XAn3 zIpfmN+!&ddn3UN1NHy;&_tBA9S43UoF_Z%M?%!?styuTcMtX9h2pp~nXI~zwZ(K5Q z=`*g}kXGH++ZII!RD6Oh%Bq?ON|m3A{TcsfcKSGz0A8NZtC5zZo%b48zjbxzk1c{a z#6t^#Vz@Z9qQ^_EFNv*&n%gXThM3WDh{e}~v|Ri|St)~L0QxqIbh%?IP>@a3%Ufiwn}sbqT>7nDnJ^O=CCNf@lisA}Cac6{RL~y}`${ozOfcfD(#OUUAk?fUuH6p5j!g_jf@dRG-h_9(j zY*XW>O*8@64yZWW^H^0RtK9$&htH7TOTQS3UN`{vKdHNpzEn>b@)Zq$N=X|KVSzl_ zOWVEL)W$@(>E7uVn?PZLKbNIDQQ}lTZ;ie?cOGJj28-jAuDh!_Xx@9bkez~FXt3WA z8ixh+5$NEe_Lyi|YcTa*q8}uKHz73V;68(Oy|fQ-;dlESh+H!QMOZ24Y)2 z#cO}%>^GEx%TU!|^!VnF<6AzuOKf^8t$Xjz$?@CcD8f1vH>YguO}G1caj+Y+--4Ya z(qO4y+z8=P{=3g<7Ey!j(TWt%{aEcIh}M=ciLr|o(7l_v%jB*NJf!-DkPwvymUhP* z0nS{fy?B%i%CZ{MbiVaVguZ)6&JOO*1OEEnouGme_6$(J%b4R=vaYtGtTrz#)O&Gq zXJU61^36e!haDoFF?Ja8UWYhYeVuYpJQR~REbTh*{!Vv0?o}^Xmde86pgO}l3go6Q z_JX2~W6%3}r`&*`+><-0!)>M}O<{U=>E%3H*y5}r=q|%ulC%qS9O)@?Kfxiq65#x~ zH}=Zs8T7}Uu3#K6SQ`{xgK*jv-CFpJ-xn?9`*B;$L3K*lUoZV!UWkfsXfl~USN&%JX2iO=sPKt^uGTn9t;9^lGhu;rEj5avE~QU8dq z=S_Ym?@=Ng-daDA6)f?nLwxyTf_&!J7L5?@hKv{)*_H3u4|ZgwGDd?c!DjL)v;()V zqrVPd_LY*o0My*H1#$=a^1v2@ip|a*XZiv@Y8V*;{uQYtVz_iyFf>grnl-WZ%$u=h zx$uU{n-LrC9=dzuhOY1dKOASPDQf+O<+X)!@@(4oMBFqoei=#STPQzG_$UZ(ZELVjV!nBVDkOS4Cz*C=B% zrG;y|loKNJ7WQ2^v~3>`(4}HPG3$%1i#@v6$v6;Sy-CKA()97BYr9GdZ-{FT-bab& z+k^VW^3JJRIo@H_-e&IGT2CCMV+a=V`NfHD2E?0pbLDqB5WwCSgq;JDgnHZyz+h$j z1TWzkfkWMIn>|%Gc4VAreYwLU|VS`%?odCzHY!fW(Wq~p}vuYG(u`RQ}^JAQx z9B(>-@HkB6!;R|LP5Dl+Bs>ALG^pUr-s$=ipN-}RxCx+a3h+U4pz!u!H`JL#n9E^f zwLnI|f{H63<-p&5j}e9#(3xVnfL`xzhAut-c;8%>i1y-0`ssCD2{t|_Q5?W8pPo?4 z+i{;094*vU+Ucgc-GR^K^Sq>V{H_!;-V$Z4KZiUvZ&6;h66v5(;1zLWtzUIewx;NY zouC)1DcA3`nU&ci;}y9IbpeL~bW^c=CXEg1{c>8h;xUfeYGP0^7!JyFM_bYjMEQMF{{gd2H9meHDD8eN{)Zd5A9t)EA{8ZyH?|V9D(b3P=E#8=>!~x8O97b zLB)c$0Ee)ir7(O(T~SN&hw%s^`%NihX<^2?CYo43Za%fMtNIx#_2&~`|N z&Z>iUgzwfX?EWdJwxdnXZCbD?7fdz_ds4LoIk(UY&Z`-L%#RfCTUZDPn7KUhI!%;A zhxSztHzqzR^~wvBVE_^Q;s=aT>wX?Q5|gS}6$_EZ<(*p-UL$wD_-Hls))q;%3HlbF zwYF>Otxv+JEXaPJ|EO8{K+KW$WrDicfvb@Xp?@BW+7S<~2)p9u_6Zz>HGq%<-3tzT zbme>CrRZot#X7t86WKpSR`FS0{3jG1mcNK~?60}q&92M<$8-Ty83oFIT*>#O)PB|j z1<3t?w)S=5$nociP-hZXmz%iIim9UQ(_nZ*MR))x3b;VgnEWPpfH3Fm9l-?aL-Z5u z!-MSjzj-UpL2XIM$VWyR_2tGu#R21T6u9~!*J`#r3~+5Oxmc0GYL_>2H8TpX_Rl5_ zH%mDfLOxR;cfkLSb+ZGP1Uh*%`m`zY`flBkP>8fDbaCbZAC^>}ScL2KIh|?!Yx!Ax zQp&4Lfbd9Xp2@gQ4Iy=>>-LJ+?JeJb9j1G+;PT1rVF^qvh!#E2Jg#F7IEaIr@;NL< zGM62wJOj1?l{28>0@Np@ou)roC3pfug@8u6yO$ehx#F}I;=^(bDK?p z0lVnKUE&4g{jlkJ1<77}(JW1hUu!w%qnzCPh|1^BpPO;yxFd$SJw#$GyppDN7};B5 z&itT+Ex!a(D*>l{{4W8hhZ=FcnoG)lO}LP{nB;eJ+#EwnRj-O|25_~UV;4a2&+U0X zev~*aPrO!^@!r4Isf!I9dH+xD4#OAA{I2%R#fzAQ=BjO0*=DD((}5@_3iZ^G$D9_m z^ujZW4+B!~t{`1%53##Z`DTC8j-R~c8=Q#aw}+c;R4!zu1-k_T$K%twuBkaYz(UEh zx7SWFLx*+ya|)Y3^%Voj><9}7-l9Xb6TDeewRrL9b1R0jd(EwliB)8E$ZEab|CjyD zargb$hV8tdX?xy3?afKeWz|mMS}Qepcaz({M_yDk6^PYmwb+}KzbgVl}f@y_rOHHQ2Ei{0}@&{1mu z|J{O|IQY2Mx`wy*P6k9?Y$q+21%Q~paDKWyFpY^}XA+Odi|*Ds42SEkE1Vf>vd+Aw zp%NhL+CgONsD#M6`V-|zkTXr6YsG*dOMw7tLcN4m^o4kD=OZg~y$N3cTSdUJSt&nVXw?4w}Ry4)1V1pO9oFt3T5SPfVn|H5iCf9Z=gGcbm&1 zt3tph@$G{h%gQeUofEXI{BQ>&u0`|Hq|DQAzT8Izr=UdgpIb(V0eQk;KA?5(vH|r` zY1(Nbmz!l*c55F3b1WhTCJlo{H2+vZTWZJ9;0m#_TQC39&u`JqmWvHZJ(dag+lJvA z^0z?ts%7V2=J`lo-Okf-S-}0l|L|0@QR7ZSu#=XJZv9UWzJf2+ri}%K1mhuxp+M46$_zDSm%{F9trw08v>WX`En@k-vZ9QB2cCi92d zz*qgaC3Uf6&5A7g6|#4Y8!Lj>Q1brsYkG)cMV%Ih1@R|M1X|3EwQhL-reKfhWBM}RvnDv(w zWrAP0P37n}-0sYl9^)CA2;8rurv7ufv%i@gr@V3&q<<_U&TfO;BQ>c4$Kr!TXEUcYjx`2;oXS^)`}dOi==O zKAujC>{)NF*@h@8dpq$;eGYm%H75&gGW0U{{3*p(7c6pnI%{euQ42#GBfg5=+gmoj zyri#8ofsWSngCv?SFk@Afd$7^$ffI^^$2H!4UuWNpsf<5lU z(0-m(8RzwC<(^;vx@Ydh6-Vw%EgEs-WiX6WSuD{!cl6d>W5&XUoqp_?ZLn%-DMMf! zm(EiTkH2mgD?)p3U7pz+%8hZ{ue6-*sV~ZvF>6{Bo5k9o;jDp0#PZHlE>LMep1LW& znFG;1K2^jkE_=?Bqp|byOIY*y&%#r@UcmgyeAlYq&^#Oqtm0n6S=E%HdPwI|&Mx2M z)>@R!4>RJrG!Y2647-bzvz#`fm_LSJ@|@Mtau&bmmyQXUBot$qtN=^p=^cxKz6sbD zj)KYCpB#C~Aa%B-KYu9z`##)o`!v;*&jJ2U z6pWJ1ktJ@+1%vZgFxI1;Kdp?lhuPo@<`I9p(;qD!?P}cW1a5CB`u=fPiv#7Kftc;h zwmRU4)WJ`FM&G|dSf!RG*faXS^pi%E!4D%zYrPzH3&4)zEh%T&ZbAYq>aVS`dx6FJ z*G+r4s!c}lNb@6{MOtK;>ge))W#8{xv`>hn`7Wjl zz$CE06?77iPyMg2x&xSqutM;lfQSG5bEO^F)N}MLO~6E9D>B_<2DXB5o9e9t_;E$> z*JT?31Bnh`8q5Y#RiBg6s<%SB7zqGWQ|{(fe~%ZzI*rPM2khCpGTp4L5S)R<|G)o2 zOYgs|G>#YKEiUdnrua(Z-Sns!?82#)1^yD8PF%nBmf|abq>ie8*I+P-;{|ISp_4{o zXPf>~(6wFnb9#@C@X%aCaCqxGd4M51qQ0+{c$oAP+Sp|ghp zVttnMeeGP>nE#X28jn|x0T_Di@|S9^@%ZBj%o-eWu@3eo@&7&Y|E4U>EV7*P%J+zp zFI~vUAZfooo>r^wr6kOR4C3;1FuPG1Ya(hb!S6If@Zb9GQn<;_8)%|u=Me;Zu2@h&_%0ctljY6 z2VripDSy4F^g~K#M=NUU=3-OI>`kwsinz{-xeM*3m$_x&eB-42}}Qszb26J8cKFAU}oi$KTe>*e3y&yori9 zxv@*$gFs5_AM2Ep+$@}LnkCOfq_TsRB~^en_ayvHo7>|BJph%E&@$Iv1@M!fd^MPY3Lrt-d}oImsP zUSIO3xIQtARk%@?H{S}BjvD<6zFqCJEwwf8^)n+Sylgg4aB0cgnfyrfQt*76P-bK< ziu@C2iL+_f=8ql*iga|xo&Fw8%%MO+*`qjN<>sJmIjQ1rR2Sxl!}^~brj6XJ&9IK$ z7`A@X27S)#rrKhu?I?qRh{^7#gk0YU8T%0W&A>yVJ(sU!cwLfX_|*0FzaUPWI`mG( z?5#;OWB7?2T4{IpHRRCzpG+${bDq@2p9-{EtaWWbBy4O&eL{4cJT2*r)csbhRPzLH zTtDkr&b=kQ1Ng5IZ~ofiS1ghB`mVRAdns%imax0F8MLAgp6-x8-Zr#3lyxI0@oafprrX@p97ed? zUR;P$THG7)M1a+f)!*^EC%kfy$I_V_*(8#0Qg+o*!$HNog2NUg+J&6_Ai&DRRvwUG z;d)I(r-XpTE&A842`p~c?c>9~vNlPS4zJ0oYfR1uS4ApsCSm#pMae$=rCG8NsaGzT z%}ih~Ma9VO{K(YPhTqg;v$RA4d8X|BUks{xcbbsVq-7{|O*kq&LBfV1%X7Ymc`C!_ap`?^Of%9EWBI{7ztHWn6=FHu;9lGYS7tETXxe%!oWEcq(loOn9tCJAGGE<)dL=7G@7 zNh#pFgMDN5*AiKu*TA2oG=Ax7BA-@Pkii)G;3eq{bYZ9oAd$z1U%7aE8Y-n*y0&kKbvrL}cS0fJD_sKazYtJq>4R>Ky@J|8}~~ByDI(jzl|Jjvwjm*i=5G4y8e_3dv}5}vJ|o;gSG*sy}qAPy?0|9 z$_Grma9MFX9&c>4X4N*YZ^vbsu=Qyr^h%UYex4B+-$mbq=`@_r$!?;72XCi4Ry}Nh z{z3pH?>N7o_PZ-tvP>gjmjEj-YQnUbe~RLYUmS&2lG80Q=+sd`*!bzc?J-*&B*pWc z+DWO8JbhbShoAI@U!axByKW}wIHJ0T{n%c14ar+7@;dk1VPKrPNZ(EsZG=nVU0DSc zbp$^vq*hz}P}3ob3^m%)l$G{?(z%J#r&zu(c0D+xY4VMDK5g!c`@wRJ zKs$6LJEolTO*S1Oguko75r9g70)ufEQOhL?7_lB&nGSmvN3&HA22!`saCOBy0UX+| zWt&j8^dZVrJYVu1I6Ri$j}IbC>T`~c^c50&5=X3K>(`b|l~Sgn&4Nyw58DY^M^KIl zu-xMSFoya3<Ta)~vN+9+#mU~Y)u~6S5Q}$b3K>yx6g@Ap7&Rp0 zMAuULL(ZuqRmh!7A9sFg-|ax$^{&3f17C`>wfoGYXr6LfQJAS z#94qvircRs-k0LH9p z5TBBo>H_L|YXg3zUKcE24CUIKXH7|`h3whg9*E39a3%}HRH|aR)Lvxgady@fK3>lI zXniN-F_h`7UddJwly_qf%I{wrNHc}=`*K6r=BG7=I|d{xpR!X-E|$Hf&y>wrsJglY zDttDS4FA^rkby;WvKrm5AkhOcBGbhf{wwG0;E>TuzDw7oPa1&iePs|@Jm9WxqB~aQ zfmaM69pEhbl5wFXnzvw_dm&g`&duv~`VF${HN*Ldjp8B-j-VBKNLtH1cCHS{yj zw7nb7kSFwmFTcsC+4BqAdlA5>yx_UdFFcvNCU-}&75=us@u*u1CKU1z;%?_?<#;D{ zn+JY6JplfbuTit;IGOiNH^?)OJ0TIo(Y^G!`$X;dPGaamEQ7_NTjett253brWxxyl zd}RC%ye^si;TxI6TQWL9RtaWZZ>eyNE8>LpM@!p8$Z)(zhV~YE;GH~{M^*!zS*JKv+O-5H30pkA0< zdA#Ievu&}K7sgba9B>n~A;=MtE!~Ud4pwBihW~M&yubNkoWbTg&j5gML?%oC;`j6a zn^EbA-0dLV=NAaMIUlxTZ7EM+oHATx5_{fz2dZIb!>cEe$h0Dg4R@WmC@moIVb=9p z&1P~j1gUcQvkVRPIV>m?<|8f-?oT|c-Mo+b+8Vb8UStnYhL%M6H(%_+LXbA9nW8IeFtLr>Zqub&IxrY=92os zu8=3yJ-jpFw#v4uJQKMl>(YJqDBk3Uagz3}Mh5dP_1ur$6%~tfie+(9kBRp+5q1-d z4|(FU3Fo|a>Jje>c)oSl_ezy`zav{~W--=&#{^ysyka}n)%JDV^kP_3h)-j@71zybbkSG_D|5F zKXUpBFik|Oaql6&lqnf|KEU+bZHn<{DU%hhHQ_VHb&X$RtFPKLhqQIjY6M&{Qcu99 zlhFj+n9aazJzyO}GPvM}?yOw6?6Pwvu!33g%L3%V^kt&Uu5e0b18wp`d(N$QaoNkB zpsKc_A!}$AS^n+FsC00Ij1mv_6>Oh1wYIyzIf3PfuUZ|-fC2%3y#W6&_t)IV5KY&9W)-?n`VXv6*T1tqhrn^E z|6yAHCmt!>p7LS%wxjjEPi??Q8HOw!gWF(A5kHzeMh#%-w;eC4Fd> zyuksTCw0jjIei@b2?+@~5s(YJ*2yB?z2d1U-^q*e;bP;6aulvo+jJIP= zAn(0A0<63|;SdaOw0v_2@S%1?$I?H$xtdIquTrs3Kvev!`V_(O)!gB!JN~{q2>y;4 z#y28DJln|8)dJj@-(bP*)$SfH{?^7gU0gATsgx;W(;s;9flIEP0WpE=R|AOp3zT|8 zXFfU{*Ud@rloRY3VkuC2y4*OB!;Q3`Y~&`AcZ7yHcg>U>uLU?a$}Ws^EBxmANXTzI zuDWohGyJ+w;>$@QTzmF$k zCi+4(c(%D9jts!W;Y&*+4>>)+WxeOE*H z;;&tfghY8JxdJ4VbuG;qRMPzOLT1MjDfXfb4HQ>?p>bm|b+k&y={IOI+OtY)DGP#h z$88TfkG;Y(i5-xa4S;&c2(3F4)b z@AByw`#L0nJFM#bWUtrGr5(cg7U8qVzQ*x>Ck=Q1++i)>h57NJVO#Owp{XbZ(2#q6 zUV@#Hq$wEI_enkotKZz5h8TWU1b^G97w1mkyw@S%)LxSqaV1nAwl2+$e@3;Z&(aHMZCc1HF?7$=QdA)6sv%+y(52mDDkV8+3dj;rW|rS_5ML*1v>&@Ddo zxdP?vW`XuJ|x6eyDez z>sm8SC7hex)dgPUnyRHsMz-uf4kvlpjb0z&6b-h=SHps;-&8y#tRSl-+4KySx>~@d? zD%Op9#7;_E3<;TuOKS+>skNvCV4Sd}TIBFX)}wn{pf7QK)h>xTVrCFv9JQ_s0I$cA z1s|x~XSAY{o6{ zhYdaT^DdK}4Z?o%`rWG(#`!t}=oac-gNoGBW*=V;WfK)^mJD{8rxXNWgcHx=+Yq#z z{-mt}tdi8?1|*g9&gs;IJJ5mcLS2~B;iS83=pp=hm;Eojka*6P^%rJki{wWTUsE0x z#A*7}ltA3%-Qt)+s^(aSGMV>KAwhaCw2lNB1H8>l@|+nKs4r@`GC zxWSHWXlHvNU*wd^|3qSmx)Six{KmhQi$tw7$V9H*am@9vV>e`Wh{t9yO>|F<~@@%1arr+vsGU(PkFmv&Ck@xhC z`qC{(AoUe8iu?)?XL6)(dUWKvH;BzlgJYSF^3OO}(-)RQQnn%Zp+{de`*ygVTh8+Z zM&6R#ZsIi;>@-iAF8XLyr#9)yW14z-9n{n1ay6ki%=82~pd|vrl-KHRXBKUO+b^8T zX1%p1o=KG2e}=3mDpzQg&Hg!(KF;CwEu|0Fd`$LC;xDb+RA(a>60JxctjK(OiT^YV zN|)D3TeT4w=M8xDKY?GfHW$^V<@AEU&hr5nrzP4%JS24S{zFd8^_iv231!Z1Y&hd> zIoOljz@8ihamXGKVZc|t?di%e_p$f>eIBqz`|klZj#UhC*Ru<$sNs0W^cW4dB8(Qi z{457V#cZ#chcw*n+@M+{8uDs8dhKR=Q*iVW(_(@SfHN3c?CPOas)P@uL8z-xGA+K8@g>vZ@{P{`N0J&p#TKGzjntBD^JRykWfFAb z8tjS0KTkg*I#<#j4#Q&+S~iPCoFkqCN2uz~Yv@C-K9kCsW%*o0h|90D^TF%mq-6Iq z)%78_p?hbYg0k&4$hS0|3T}IqMm-Tn*}i{5TOD4jhrnq)T5QuzI@LG4q^c|e;n)4I zW8t~9Lz7y%y3IEbQy+!yMAlD53A>_s8HYhsp*H{XUN}h&F;usacErHJa+WUm5hR=b z)Av9P=llwst>vvRe`1xvEe7#%V1`$Pf? zoLD?5Z-&6cpZ_!rhvhr2@H%JjOXMER3LZ_{+wdg({F<#8(i_@%O+0aQ{kNH&u#syk z$VJ%ag_)xKo~ebLGGpbX>3YYy3_&=*O%8fe%Yzlo**3T<`;=m*$5#8KE3V7`|5MUCe5Bp3y(lspomQ?nOi@8{@pZs2Hdz7-1zhA8-Jakj}ILY zkp}myY}h~U`PDSqSK0;ifN6RDeH{CiGee$_ZBGjG+yQD5WLA<-jviY{1bJg;YScg3 za|n>}I`@`sK*Wu;%RIz|qVt8=CeT>tS?vlAJn%;ZL^~WebAO{KW0wpXupEuryqt%0 z_Wp7LN#q-|db)cdAf-n(f0xu&2Z-l5Ta@H>P-Nv{logBq<6##Qx;vK#{C&x7`##`< z>g_q!fy+Z?{A0+?i;a~U(CkqwQOmz(Zf8mOoNg|8jeutNpTEzK3mo%;lH%$D7hEa3pztdguK!sMabh^IACxunK8RCn-Ih{&UP{lT8*OlbA8#)seyc=b4qNZE?u9X2llsyi)$CG|db;~f`hHuWRS&<< zxh-Ch4%qO^?4r4MscUaBE@*PUCI>NT{$BcKa{{Q)@*(1cW}t%>aJOmzT4V%nb~tVg z7;lsI3p;FZ-^5bE;-&*G4u^aM*y1p)fa)9|u!XV@GsC=1EguZv2Z6W7wzsn3GfIn0O z4v)joiwg|`oVvqgLYh8wv-W=UI`@tODERGA-p-jm_h6~R9)Aq=)B*oT975x}-;U7p z>6xngI>50Hvvs}2fZ3{bePSP4GN9r1b80ua+-z)l?YCS~=%mzKN*q2&)8LcbhA z76I59$7~9!4#BUyx$c%4*+iIw@xN5UYElsC!%hsQ{~FC~6LKHEId&Ss3$ibfZ`4}+ znm_u)2?`zkN99eTcKknm;SHzNmv2U3KY!A8-6UNY^_R}hU#{zL8qv2Fqv zfQ8tw#>UYdR49w*y3}`MW#m?lYbWm)Fp=q|1OW5k$6T4JRt)iHBfN zXEIoN6D{S%-oN|L6hHF1>M_@)c3)QeCxiJo_#gyj0Z*D`MnGzKH(VpCTEv53{df#K z(cS09R{-u*rCP8iCBQw!G*o6lei)8mrO?=njP?hB-NT>XEkbge(;EoUMrJZD%Ba5G zgg_%t2(SP`-yvG#WC?Py{I`udjjiq?N1Nx>H=XZO;s%eUfDt-J2NPRo(Wd`K8Ynw z9GTX2{M5RxCUq3ivvvuqLb4tRn<)4Y1jjfzq>uxy+6!`S7*5o=%OwO8K>FKE&--rL z6j2apqq09n+QBuhT2Z2Qs?&a#%F?IQegH|WXJkXoBE*`#KsL8(29!DNrze1#awa%! z=qV4wnhssqmMQ|SlM^`$^So`zTsiWPime=apErqVrwV9Hxr6WJ z`!#P>U0fOc*Jwp(^tSh4_&`8tWNLWH0poGwxqS+k4E!n&JRksnwS`JBK|JjaDn#c|gs}f?x6kqr6f)TPJ%3gl8g~{|ls*EE`VyGu2vaU|kLy@=vc{rdwaYU(+5ANXPAZK&c$0WP-dg5E+fy zL6!gClT>o{eN_r6n*RkfV)NVg1Nwk>D<2=rwnyvXbHRcyz!BY5CCm7)JwM_Ut19R3 zgq#PdBmSknObIOC=1SHqND{Qm9PaCY>9T`cz=nri1eqtQ6&W?|H;3nj0cDQ2pHMqk zweI56r!zrQaL^&`sNqUD1z=Q=$0FlS2vWFAmg&A`Tzz!5)x!S5WF^>8A9%t6F?8ly znTr2Hw0NehgX$H)qVj74W{Oq+3f#j#<90vV=tuL#(~oLjoLCSKPMPHNqL}HY z*3cmuxi~DYui~O-Twy~p&ID}hLuz*!O7$>&w(3u^uJaZJ{EURk6p*45<|CkS_Wed} zjAY!%CIH(X{s5u>XLC)i??5&z=#`lTfO3q#yqtYid55YH^Gl`$o^b@;mov}0m#83G zku$>GMDVaHwiQ(nv9&Kt7o;yoKA0fEGzg?Z(DNP^7PgA!TZGOVkLX@IT1+XAKm7?2 zUh6An%T-%m^MqY-ga^dp8|eC|lcgG*;XP5f|IJT8)%M@{>WX zq2yNMUSGE%D&C*j=T<+|dvU2oawcsC#IxhW?4X>yMp5Rz#Sy^kSru^SybR)l#F`i; z<=)5oSTlroIRle(eQc_z^_lJrkBABox-k#U9lmNP^VCz*nYq*19*yKYVU9*_cEETu zi`>zNTe4ldX z&90x}WrDy1{oysBz6r4CLNfpc-tGsPsttY2PYH4xL4dbeWEagh&e0k9bhqniC^xK_ z0^)sOFMB(XGXk<_F`X)QCcz+xIb5VWzf>y3hSGbxHPrSXmcGCXJJVwwXSKyu#GHyT zZDZcJUjI{{zv=~CodnsR`+8^aorMC(29~!XBPqpQ5934L-d`!+_emrS$^^xcvZ5IH zV|IeN9YS%v4?4r494&)=b)FKgxkR}QgT=bOALfME3RUYmq~2!m_71~o+dzZEqlVv| z{+9oi$tVsnUPGZSOJPQ0?Vu#c@0ag3)w523Ro3A+LxLhZ?tlyZr1HQvM+Jma4|~kk z6_DU6BDM!2Y%z!=kSHmIrxnY~sa9qrhfg*E#<4IYWNzHlPfqPX+)rMi<-O!+TRAY8vxut86`VX*;zR*noe2&^l|%h1KzPq%g3mK zkQ~hO-QTRmq(8Prb$44KKyw$wgH$-PvAobVagyTO_ddvkpukBBxztTNknb3;S@G4C zxZN16vfS$fVvT!Y5ihoN#VF-xcBVeXlN>uca$DU0B*%K`j5Z{?%Mjy2N}05~%=ty}%Fyu7p7`i*4{@?$_(sIx!W+6f zGQD+~*T==g9}Vr^wxe?4noHvg9A+aelabbtXhJcc4wS51ba0Vg&VEr30_P9Z#ul=a zv=K;sS)3BpZ48;%UYCjwXhU?lvz6SpnF#S5@W?(FgLMyLcoudyncRzp=M;oiW#; zr5=RAF6w@eehS><6N>rUyM7k-c>M-BI(ypn51sTcJCmC=M$Z_#9vh>A^VY)O_&KIF zWsdG1^8-yvmHz(dw)5BZy+01cpVE6^rf6{5^_&hqqqRO0)Ooty`Jo~|zo^=gbtm*m zv(jkq!{({c9Hyx#XoYrWYTXcU!OsbMY&qu;eWBthFG$BLW5!R1ol&TjD$=TbFjeM@ zRf7U3d+gcuW2h(IFE_`ya`mp};W!xV?s-3ZD5(}5lJjHwPcC(H=Mzgw1nJPA)5E`QgBlk6qV%tUUZ<2C;ts}K zdp{sjGxR7xIBdQ61{u8HCfg9!2Ek5gS(Mggx2OEBrshY>;}`zdgFDVUkjna(dY$sr z^3mCPs*tKnmG{@3odl=1I%kK0t{F?yC#a`|p?(&p&X!*fS_?b-c#ZY8F0qCaSp99m zvsU`&E)Wf{_z(LXyY{Cak7`ccii_!W^RS%$>|Tjk9_qH|Kjd{FU&*yQ)5}G8ls+@w zmU~)@o>cbRu`mXw0a{e2A9tBHYxS^KhWYc4VeSw@eM@0Ye)&yJe^@%<$!nMVp$Y#`dSzkyr^Lg)7bi+{;m9-HZ!Ng9qb-$AQN8mtrsZJBsp|l+9~Jl^ zyJQ93-AB~fLEh1dc=O$IB0co^<9RxTeT;FBO796)P+YkFOi@tWArW%()7>4r5n6s@ zJ@S6z6u2lQ@WRv3u`T_dFnaA@hl6WX?L|4M0p~ORj8VF!iyGa%C}yqeQOHm0zsC$s z|18A%5@#=Nhz2L5edxnqj%_Us>1>>PMsx4=`;q|vFl!{Y&HlEY!{FrENh|yn7UApT z0#g6u^+-``MxpgcAuHlcP;XdFpCjn=RjX1cE;<~>OxsT&+|<0N%C^bC`2PA~Djg@C zAkB}L5QiJCi2cXs!p})|5&KXl2IfC(jUIW#tjHUnbtn^bXXVsN=x$+$Zj$(Zq3^fRQ$}fO5+x z7Ge-H=s_<qq`qDqhB%c{u)=+ zt}do@z|iDYYFw9rnhH{}a`uttL8QA(15@8bNAFPZaAGf`vz%k&qB~tPfU~?_L2uQR zP{MM=WG*l-lDxl73rIE@*@y?@1zE@^?hZtvToI$>z3^;z!;bxS(8*}wJrnjh?~M)O zMC^l}eP((d8k->*>LFioc860+OQ*aW0(^m$273GOho#FURKzMST+C7J9&QP6+^O#mfvhjD5yi{OvNn2Qky1-q?|x8dgM?K`-y_^*FsE1 z`bi-a?@6EctH9n<6}>c7?)+R!mU}{P*pNYZ^cw4B(Z(yTY`>?jQ#6F>3vm=1pLpMX z;gPa$0occDI2q#hO}llG7U6AQqT#pw8awkW?*}dwrtw@J3DW~B3uudRSGwk28G00d zmK^4Mf^Y9y7TB8~TMxbXoP#|l+$VnKh5}MCxMJ*S$+tk?9bF0(Ut1|WdDHXb!^Y3Q z`ucwUrKqZp_CMNt@2DoX?p+jdV}XsRR7Jo>kt!m+*|4FYC`DQ*0!oz@N`Q!p3J9?Q z((Nd{2qCnfl!#QNgpLv*lt6$$LI@;hy+QWg-|zd*y=UBU&ba4}d-8`elDDii*IKhY z^I2=&OXLksF-e4Xc>}LUVl^1NIjX*`u9`Dfitt8E_m6X8K5|iOPiClotRAF{T#E_zB2X?$a+AoW6|E#E9$x~2 zMs|s1TQZrK>#7>wC!bHq94FyXmD5oboaI(Ug5AkR%RZhL7~90Ys4=E@#bO;VmoDgw z^F||AeHz^C)Ir0UFArh7E4xU~g2G}N?C~9{la-Y}M;ZLBETAS$=k(^3O)wrU4_>TI zr@yr}B=b^P4VKE(3NG4f-(apydH%>7e3G>tP&FCz-=?0C%c~ZsW6jof#$Yaa_Mhg* ztVdF2pkF8m0&c9Z(y0KJKidiQoqbbAF@OiekpdYm) z+7=<>-4~?P-#5aE=-c(o7wx6$kDkX9J;yi^%bL<5%AReOa;ud#)QRN89DETf=u2v} z?4S$r02Qc=zU+Tr5NRWM+=G7jX{(CrL6^_Un7IM`xJ};e>8jwo{%I9Ot>OkQ>Q@Ez z<^jFMCP%AJ)q2yv-bI4)Y61B3NFRN@X#p0k`Kr^uQr9d9_00R^=}zoMJE| zu{LV(JQr15x=9{U@lFDp2FNt<6(I!K#H-1SL5eRAojpC}bbi_g_bBWB6(?>IKzf@7 zstCUr@w#1L$VIQ(Nq7^ucxCgwmVb6$IF~L~K58zlIOOVeGUA*M^UTBqFr)vQtu+vdau)BbyM@G<&-Y}eg!9P=0 zHuwTFWSJu3`%{u~UR((&>6dvbT+EO_ng&yaKR1Ymc?~#|-OZ7mL&`w+6pwd1dSZ0Q zssVCVg=AIQ*IH$QuOf|E3*)rN31u`De>5LijUl_7Y=!lk=xXQEELXq953m=9h3VhR zSO)`EfMir})yYlHQ6uhKMGc#P=~FCNglC3x!7u1gpQzi2#D^?cdN%R079Ex*S2PnH z)U-WQy&cc%;V!~^6x9_6rQ@s3S;PRW#V%%xiam;d+r?~gqd1v-O5@mzSB|G2v`btQ z5@IcnHu+Y}c5bc#rcgi&K4DE>ObetHgCpp!wf3ip1k5_QjI<10l&DG)K>&NQ#Vto$ zelA!lJ@`~9b#*k-o2Z8j=mw5}FCmy}b%3H}KB60IRpWwc2aZer5MBB~9X3c3RN>S| zsF7}c?WlFT@fAM3)?vZFI~)S(i^XrfrB6#+dpDi{>vSiK-1gD&E)U7brhJ51ZbeRm zoHUgP?+j0yojB5uH;DK73X3a>jL(jdZeAIBN?`;%RFEx?$ii5JixvI42hNo9lE?DE z+^i$^@C=dC`O4qtE=?}*!FVf|X&3v^Zh7Lb&ZKwNq)Cg}Vw+Y5brw)vCMJa9YnM@ZW3t(wqPpg+0sL#2*L6&M9wxv?q@S|!sFnOVaNQLEvjZ9_%*YSGojI4h*}xYaXP<$G747!0lbA%c3O)|Iugz#QS_lx zYDS>haVPT%J480y<WZ;a;i$W!3^R!%MO4{GpdEaB>QyJ|Kt29yBZb8vDh_1u^aWO+4bxCEB5@O zO(&C06I?CUU%?Jx*I)5$chNFbs0noMBs6cYrh*wN(A_50`EIwlEmXb;$O{t4!eHL5&{g%hcNasy%NqUj74JLVCH-~F;eToF z_dRQ+r8sVzzWA5^eK1rt{@su4*Z(5K6TZ2>Wo35xU!?v@(X{H3ZCcB{J9!tER;HlJ zQyd(-{&`7~x#!~IdD3S^g|QGpaPf`ED`35RhXCQ-dwWW1<<5BcADLs+iBn*4-PB9TU)R$!^^cdRiO)RhRlG+GsKKW%Z_X zXyM*AYtY|wJLnHnw5)J$Dqmc9!J z_D0T1%?4-*X8D8z)I{iz4XjjsE?Bsd@`${VOKoWdlK!Xj%wHUkQsF9*$v5|zSgu3} zfY4^`2_Lqu{a9v-sRmn9$1sj{J}QhwQRY-#8wm0HJ)oGh&T$&~`4DDq^~|4#G(8*6 zaSM7B# zo1)q;Zg9K5EmiBj?JDE`<-S;+%{E#}{R^M7c=ec)tf2$HfCF&fCF&1Y(HG#NS+_h_W8I`mHxNN{8?h+|k znS6U|MJ#%^4a99}J-%WKVG~W5NaDC5Vnzfqxz2Jqjgo2YCOFJI&iH<)(4J&E6C9wT zGc<=J04u7Lz?z+lYIOqMk1xu9c9fz5(_WbL{i2oZm7@7zZfdjb5#w-PJ+{(Zdaw~F zx@CdxMIO=%h4-YSat~nM<;2|<;Dqzya>>A_KJcftS76VPBF65@ngX=VcXy(UEmAW+ zbyVCJc=&M&my0Bqo(C1FybA=f?~_hHlGVdQDs|Ont;)thUeJir1_7aNA~p~vQp$W- zh)WLaUdR;e-VB4E&b3pFYZ)lNzpA8D{F#dyModpR#Na{k8-}cp{ZEN)Yf4>MDHVlT zobUG-2&Vn19%>OBH?K<8OOS!LhB9Y@9mjN+7uzrhbS;If9e7Nnpyza=U@aYn%DN5q zd|fF@d9x&fA;4z@mQf-p*EDTrDJt2;Gx@is5sil80biPKHV|Lvb@hrqY7(gTR$XwN z?vwUZ(n&v~P^m!*T&hZR*LL)AaJRmkS~>k#t~Hz1UGP}^@R4gPIKlao>f(a;J&u$O z28kVYO}zzR#6}@-403&3)5nVar9=6}(LxJyCNs8k1ZkhVn*h!<+~dXAm@(oRjahbS z?J8$ISBcG~LG+do(*4CMm;+VA-uW&!NzaW>#_}Gn(E4A83fQDN9z5iW7pcOjRG+?c zIN}pAVevps;4}?Kz{Aw|np#8L3U)$Ae zebSjxtyno7Ab-3FZLH&Gd6&DZ(m36QOr3Tn#g*&kT2?WIl>~H+9)nH+;ewJ`02!DD006ZvwW#lOK@e8OZ0X*!F~qUgqiusI7p@m*Ja=8L)b zSx?E;H_|52h9gg>KYUgTreRK6$Uv!^5))g*%0{nJsy2mS~ z{{@$EzX`mYSgPRrYZ|B!CGUaJ^R0)Fb>0<<6aXxH{m@J@e|1<%hc9_r@6|b?AMt?8 z2-voc7E8KnhkLDxlp_PM(JW*Ipk?&B;`e+>CWY0WXLnVN&3?v!-ZfVq;U+apldsOL z#Fe++=dVvt$R{Wr=x`1COQ3PBYX$~P2%sD`t3&6AW)l5vEFv#RpGV(wUKxXM$=LZ3+#ese9(zN=#qtu;Tz?jS<|k4ZL+ARHz`?!YyaFO|G|I4x z(Pr?rOJ{$3RpsE~qDIn2Ujmd{{C>g@OEFdq9%3H2KT;35Raa8fq+Ik7xbsT+L_vY> zXe8zQFcsLPoxK61*}C%!{`Z}^2bTJCL%o6=8YfrW?Bw#ZuG(P((>Xw#Rf>6o5xlwO8fp* zoaT!8j!>TEGIXYj3%PvI%+YYrtEr`LwBAEE6lHeJ&RCy#uYW15rpu@w-e3jJ3~C;d zMP!f3=kr7lm7c&TfYd95K#HnUCW}P(UX#1l!norOMw#CbwvMx*7VlwSFTWa)f>#D(pUs-E8oO~tLF9L5>7sc#KKx0f_ATCF) zin%fuLB6RV(0yjm@0T$4Fo1{Z$af7{gzrsCLL*gJMeUQ}yw3}r23uca-?z6P0>0(n zQ(Zl~x132ag)$1I;y?c9Cd4uhZesFQG=`$QR@Z=8op_rw4XVtu1eoi zH{}OoMUw@^%0W^@MbcN+D`K&eMIWer0dgICy({us(ytU&3py!Kd7VMtWp8tMfrTwZRm_A?uPL7?_xr1HYWe1`|{QuXY`BfNDUS8F;oC;Z1ePONxg z_%-f|-Nu`%?evp_t&dKoLh){W$_wc6&JWt%3Xe| z&Ign8swk_ZXrim!MP%+>jLHPCDzzRE3~3GOv?qteYWYt;Wso~JXD1$tBb=XyXXTh( ze@EppKwK&bu;qy>A5}VIlYMzXVA=>Bo-6oS z{p(}S3E-6rE?}vZqpDVRxZ1dx2x1BA;b;2+1+|X>iVjj@zPB1259Nn{!p(;{uN+9# zgNPm+mmaZIPMM`*zGyPAQ$24vwVeT4Dd+jbMiwMEY{r3eSx4N3j!-nK&i$&HROxOn zQZlj03F5dkhRs^^5b8TCQ_K7h1wFEOj(Z9YUSZ-50msGjjje?auJ%qzM{ydyQO?0o zGPk0Nx;jjRqQMt|x>F8B8SlY%as!k#qiTQ{Z}g(lQjd4U6$tlu{+b<#8G#%-Cn9(t z62sU7_ZZ-=yk9!K^!`~@3Z~23I%rRx?ts_$%M0}2{%Ld7Da|PSW838h(L{wt!eTBV zbFtJ%D|ab2kM*;WC_GS7ZlM@7^*tYGaTU2zNAKNeig@YZ?BSa&$L)V5^SRW^1AzZ9 z$O&Rn=p7!CsDNKte9k4xC_E$9>KP4WKS>&H*rxR{I!^V;C(mIt$de$ zHmQw7^u5Ighl}weH`t|f;qHOZDoIm+PN$Bhn5&1f!k91Df#@!Ke)#;<(CF%)!P2Ql zMm&)GqkhX@Hs7g^+ns38dmca$+^}GL8MK-ly!u?sxh@a3~X6VH!a>jY#uAY#jmRCm7;I1}-b#=k* z{=`x?U%I8c!X#3M#;rF2KwJi{`_tc1&TFCH`i5vtF$CBb zsIMa!|F`rLj+c__;){Oh2GKw`IG+6D@lbDWuloWJ<^)}EYz?(r!@r;}_L@LA>2Kf* z`eOUKv$Dou;ox|<4gVPLD+h+=nz;J;$=H^dErXx zrSb1Bi>EG&u_|VSlJD6kKiVdy6>z>^%_pnC9-s{LFcY@;jy3;<0s}p$)qZ=Ni%M4-6u$3X5mv_;+&1p7;+R}sZ3_S) z`)4*Ka)=?SnAW|@vD_tEKt+rH10ykCT(ncrI|eCu;W%c_F`)1B9yV`^^XWX|M9oIcU^!_EscXYWj#sE|=e2B~OORve(R#(^aqe(CgnV)~5vGRU?%lCT9bo8AC6ubtO4)QEv{}KDDT`$rWLO zBrB$1u56&7+tW2X6}CNKW-w>OKiBb`&6+aL zKDxvYC9&NincGUh0!s;Z-#wl4OjO%xkW}c1Dqqb!)l<2IS5lv>1bA}cY2j{&uccJt zNbaopk8=wg_41A|4JD{$iC?Bm93zult0$-2;re0Db$}0X6kmnbxy%8IC5l~?&8MIj zV&&=xW|O1h$O&BD11Kdsqr#d4Tsk&YgyZFw_2CD^j#eaT>}ggCkNGjY0v7R3pj$n3 z$#tw7So}Bfwke0+I#$8!?$i>}7Z=o%L5NR@6T>4<)#NJaIuylJX$+aCeFS_=w)rsl zYsg}t?C7(s6k#22!|zk3xLO5Va#6M3MB3Ds?g97~pgy^|^b?}r1GWfoZr$4m&%Xg) zqMLR2>Np;}L^$`M@R~0EWVWvFJl<5tUIRJ#{!pVTTA5PrhSg>{O74b%;^R2iv*Dot zo#BT3+V5OGS9nN~4~*PQ!YhdlMY|UV>xs$0zZl92Ob5usSUosCuJzw#oXiEc7EE1T z2GHjdbGrby5>7<>Iao`~O^AsGa=|ro0rK1lOxzoLz#CEw;w8No>h6;`Dyg1}PYONK zny0J@_=Tq{(ZUrW$YDB+{wzawP+IS_EV`M#eT`BD4ASxS(AqId(iTXB44GoiA~ zbGaX)xqv8Fsh-!;?Hv{kO5CaxEe2DSjZ1wm*D**TwM@VYOZH#yLNPmM3$jq17L3gDmhCSla)T`*3$6~Fy{}T`;P`NK#c0~9iS!;5~O0yY5g{G ztE*xFxs55i4`(vaw3}xV*El-=FmBDyEQXzt;=B+fT@XDOCROkn4aO6}NlL7a$rCv-PPXVUh-7l6X<%jasb ztzp#Ir=wF~HlKZz1C~W0qk=rp{!*dX(WrE45+K!KZr%<};R#K0K@}@;Z69|6-4IiR zrdbvlmyQh(qr}~qj_T58NF2yWb-i{(VMgaG@clXN4ORI51N^v0t(blWKXR)b2+mdT z?`@yZ)T`2Yb&=kNi=@&)w?#QCcr=u|1}Sd-zsEfW8+_<;2UYCI;VTDS47)8H(n84o zkvZrqyz=>u!v&~{i7yb>$;Z)iDNne@oY>kRP}Ji+^+@!}yrySiBOK#Br&sVt)v`X8 zQTJ^&AZ;rm<<<>{#anY?j0H<$=PD_76_Jm$E&1vczp&B?zsngyw{sE@I|+ z*)ejFQ0D3rxozLvBFNmRl~&Jm6dTT9%NJ*M0nlFSib%j@m!x--qHdWBcb`csxllqU zzLW}|qztQvDdfIxVFfeOqXoN_0q_DNFV@eO&lcC4el3`7X3|04E-KH6HQU(+;KAC^ za_Zy`h>A=K`tfVAv57oz#VbT756TXl_Ec3{5Y_rHh}dCB6%0k@Eq&*=k2&rpnGS0e zPn>e(>j_+~MeOEpMRnrW)bIz%zk5<@S$d1h)83(Bm-%Qepg8j?=7SuIoO{twniEQt zhlt@DxH_kq23WI^fazE`umSO)CQm=lAv_c$H)=NZd0nPjcpEH9dg< zU)hG8>2CuRw_sePTupQgY-y~vnS0nLWT#>xJlq9Qb8-krTclkY|T-h5T zKpqZGAws<1WaGg@=y{FYBynhwDHJP(t-fk{u`&!+r0(dWHz4ftMlK)ZP+YSYPq(r@7usFy z??m?;Sy{@;tu{Wo{yAMwpP z=j890Xq~I_k2vc8*@GZf0rd9&esHzMN#Wo)wLYT&qv2m03g}fXu~Fd@`}Y^`WSK*#0N|d0AvzUq;~#bS+BMCaJ%199{|d z?g|jwX$H%38AGP>{r1*9ESz}UZ+FR$_D;6#nbb=^>2Cy;i{d!uamj8Y*ifQishipg zzD^HiLL?WUTQ#}VZgYzEzAn2Hbd~s={oSW9uy_HV|8%c-VGA#m%xb=mpvEPC?mj6 z0QbGDzFz`33RM+r1QU*zaR88m+IVA~Lh^U>?v!1v`L;$~0beS!U*c-xXa-y3hj6q- z9fF#7X=>6WMlLT09L54ZH-M+d0XE1u$rb))n1Iwi*s}m$Y-yHYS@2f_&CafU*}2XW z0jc^EY#DT9mR)WC`^CG~UVPa%`!~}AG#W@AG+LbyBx-!IEd``1PjNtufr*}$amtS42iJE#3o<2(_Sg@Hl9GAG*KQE=Qm)5Z?_E_F+)m)n? z-2Z$2_{l(*GS-&P&P;IJ?)^Rgj>>v%TWw-zNH{+5vRnSifFE2)VP_BiUL;zFy|xWZ z`?0&&v1x5azs>>|n*Nsymu0-RiT(WhLXY}<`x+mpns(~rPZ2!AV=WEgo5jcP0k)QD zfz#j$-AzlEjWn|x_5Pwzn6duqC;q4K<%tYpOM{X2^vK$^hrO6OlfR$4jf;AIp2Zwu z846q)S{YLp^}`}p2om=5BMp&^!4OJwuMXIHR-U*@NoV~D>Xn~)0jh{YMaaj0yfYl{ z%rY0z4ffNR{P5-rC{LeVeZRLuKUIIEIeiWD1}%A2?diltCG`~X)3k{xzDHxYNlCK# z1RC&>@wSL*vmje0MW3beXqU?S{DZj(yHuR-VOK_#z{*lUjW(wu-?rn}sSS<~V%#LN zt9G!!UlEavrWDO98?!**q+S#-6so>3-KRdcx|3D0*k$!VDRjc{l`pX+vae(S-Zx9b zvTVY6i|vCy_hY{NeiR_ln3>oO!TUTS=d{TczDs>W%=h7@AjOva9V(#A2A&4W{2SfB zr^7C>m^3UOP8{Jr%$QiAw3^$UoDw#-WGQ+LRy;G3&S2}nmw&}81XTN0(u8+qUyBs%RaoVbJOs84)M=5gK1aYMh%p+Z(+`Ffj669b4)zvKeS-ED zCMzKgU5tM}MeR_2mW3T_(j3cucN6com`DREU)b#3)4DBvURbeMedf~P;DzzFcZLa2 z_4oXlvZ?!b`Sdh&sNIfEWKqLGk|UqU;k}e%+7MEIk9X}3`|-9{uRk*8>PGu)kiV``R0@2fgc#{ zROD!LoPLJN_m2?f%kja6njnkwebKnWnU5K1uCsFlRfMtj^rs6ADY92Y zW{UB)>{{=2oQTCv^Va8Sb4Ut#2#aLBCODpB;`Euy7t(YvB!X8_vsxnFvLQ8K@EW;* zhrbmMX6%(BF6yC-l&6Ol%i+_O^Q!Riwte!};80CMJ^M{df{vjlwE_Jd?dR?7(=2uQ=C6{UiwxnqOnkgr@WM2wh z`t_hO7R42y1BWBPX6Q5|lYVO7E}l*x9`v{yeI@{#9GF&cl-cYR_N-i2T*>ot8tgi9 z+6|V~z^R>FYJiZxLg5*)u)r0nYfCZrAN%O`is$Qj^lPk?08juqV1cBVS)*1-^HKop6q|(_=*hg4s9_wAWa| zQ4sD(1pW+k6VOd3orEB^+zljx%{<$Jpj_&s{Y$%}jox#oL}Dd=G&_QR!b8~Jn|YuFZWG9Ur)TO|o2c&{l{EjbJq3;{a_;1)WUcSRWD z~Bm2)j3IBvL>`8$%EeSI)c}O`Xd2c8^I~l`-w=3QqMNVFl?h#uqc<+q!P0JA z2v0?dEm2yu^GMyLqQ_+ONU^@z%C^9!0t}Tl5CC(qT9g&)-v9Lcs(h-!1S!c#TH@E* zs7ZlQ6YPE_ZETc%zuB3&Lg&?UwmvRqe$IuAz}p0vRv0rE9|Cy}KaKF~_bhu_AFEHw zukj)9Y5cq$j5bc!(+xn#$I4-5zwq$m7jug_%R7Vy>BFk8DKH#z1&2I1$g+6-es}(I zuz>{j=|%N{qX89ic@>4fcLaI@&9&J{LOZv+6{f)aCYJ{?c)gx_hQv5O&vV2jzb@Jn zw#RAL`Lf#c6{og79Ul@~H}K3@ujl7<4Fz>&a(4rLtR>Z|@RV&204x1d#q^!NJue*f zf=4gMc=TZUSj3vX1RA@6$kb2W&$<-O`vqHvcVbH zLJXl!j4KIn-2kGC2G&z;9OF??Cxl_hUn@Knu3(Z}x6s-iq>`G^j!{poo3MV-a(ROE zxW!U0jcq2f%LKX=0GOEnc~hd>X4*u%w716qpZ-ezurfjQ>6MEz+kkh11`JRHxia7` z5A*&(&zM0W9+HfwYMQK1GikIjLE4r8lq%j?As@Nio__y8tj7Mi%4>=j74nJA$@sVA za34Is*H_gFQ7gN=s^!VtwX_~b{!^fs@~g#_9ZoF)1#*QPT%`=G_Sftx1!5Xv=BCLn zH1L~>lQ^|))3rNm<3b{ca-FBa-boJ%DYQj{@Teb8Q2kZ}1C|wWH@344haG<%ed573 zvEBYmuvJwebm9BOU{b(=ift9sobImEX!2|_u@{oNH<3$ zt$au!sOgM&&_VSQ;AUP7i|qt9iP}sj5=RqYo?Tz^;(17r6N+J2hs@O(ptqy&M!=b4 z4UTX!0vy{yEIFiDd}Lt}4>R6FsiX~N0oyv+m18wSb!v<+j^acB zpW76016_%wWm<@IE3Zn`fWC5aRdOK6aL%Csjy>elsDSC)%qMQ`Wy<&_pRWYmn_9;_ z_qqOhXd5Mc{0+*iq7@j*bW#1#Wxsz2CD$k1rc~8$lJdI1;>i-EPG1=&C}O;$g%mOY z71Gl*wKDYE^FukWt6N}#6<|`81ctBvFjSJX#Q~qV=G2B{R^v8vSg8Lq9ul2GBzmSF zy=hWMP<07k1r}M_b_)3Ht8sct=x>(>5oykq_>bm1+H>0iIl3aKA5Gr4QDp2Mh)o z;6g{`U=1<5pcy>`yppKacUP4yroohXNyjl7jKfUkUU&=6!j8JLe>&N{@Z9inM_sLH&Br5LRGI-bAQW-Z3E)YtRzM4RLlDf;-~XU+NusLfw{9+UDD;o1ih1eXZ!5IPKR136LrG+p<|a z&~8k#_&p~B$R!jCx`ubx069v49h#nr;ym9A9C6Oy>Ht`vKUd2iNr0jt$)UVTYOkDf ziAi{>thd5KcA(holC2Z2B~=?e_`)SURL#3$Di2#VGBt9DoDm4&}c|2W$0J0C^C@_;dGBnWArK>jEJakKRvBp_IC*8|m=gn;5~j zb4W*ePZBrjM#EFdNc>Lp2SxeI1X+rPBC9_IF@u2=Fe(mvkp=?bF9ASTTSHq!fxt6UbaI5Uki#BG0Lk98XpwlE|H2_kD!sj-26&%%WV)SjmT54Dsg~<;o4GB zuL|V=CS<22>zNbANNym+u;Im&P-;&kg}*MRL)thkMHD@jx!5Bm`RYFo8virZ^?EgHN`me;zCKEXY!#>1lhrrKFITaon?Qe`I6lk9%037 zTF9`k$dT)39U}ZLWEiD_jhO+{y{fdKImbiAhmw{dV z5^s-T!8|(7fR)~|Z(~ki+M~z|`iGIsmE*{0$d7A64hf7x)~5`2K|~h zhP%4~MC?(xKoAvD7-THgA~E#~37DEQf-db7E$!cy7tlr-y2e>$?T1>S$a@|DPGG(% z+woOw3MeyM2FfC;Jt_ltA?qohgr0TwvT;kgK8*BC3LMJ8wR8!@J0-gwO93iJW%?E6O-XK`@s+X8Mm@cX8Fd;f=T;`qnYZvW#o>+c7T+W3!m{GZEt|6i7jm}q{C@)+zW zdqQxC9j{ia7umqh2XpNGV?&>a;~&2@^Y%X=?k@B>v3+fFad2!o{#%(q*RI{faeMpk zJO0mw|Letb+m-L=E>)H)7?oKXgF6vgamV5|C$X2<;Vzos5olO$%kmxF0gahmHd*dE zdxe^c-`EeW?rMu6^RMgy%hYK*1&!wIf~vg7TOl=YHRxp|`+;v1v3G?2>vbGoQZw@gocM9bIPZe7pLx? znEiMqW0IPvi+~T}@#^nCgaBn5^5x!Ee-yCO#XHh{kNVF3JP!5brSHNv4Jm=b2f=?o zS>;l-QG0v4%KO`ukX1xULjAh6+4W*9Zv?6SA0qJ5hLbF+Kv3|W0$lJo-0SxD7e#%r zM~N+|<%HXi!;R9iWzmW0^b}3s(_;Am3mTya+w-;o9M_BA3>d1O+Q8_SNq!)qJXF{^j0E zM_g>k;$-J24R~kn6G2q+5Nr@2(z^7gl7?&3pewmpyg*y_I=jnP5ifTgv;*+ICTpSH zxRDH?NbO)uxW`Njk#B5;|7p!xN|QbE+FdgjGHn_CHNcST;F669V+ zlcg^vJ%=7uqlc?z91AO`aP)%7uDCFeqs{|L>&oz>A)HHVSqR(NssyY?&ii&$SL+=faHzkw(gvk+DLw` zzn(JvLc+6krF@?Q!*TcTCu6cW;W=h7RT?g2pFQ4fGtWR`o>+~*zjxLFLxTA@8V zbu-wajR;ox1&%7@=#@KP9R?hkDNhEq&#SRdNYUED)A;go6=O!OL>~YSb*|H4p`oE{ zy)u2N@tzyF=?3=02JLGF4hBICVmi{+9bh-KZypc^GQebC=7S)fmA zE$>=u(BZJxn@QIve!TNXEiO;xsSkL4+MpdVo2ng9qO+P+wF))b@7|g)tCyD5{~&?9 z5O$_O(YC_kT($VLd+(=n(Api}Q<-=R^0Nq2L)-H~VEaUWwt8b-SgRg`^q8@xVBf~G zWpJ43W4#g5)2DTR-(nogUQZ&YN+FGmyt9YBM8Ly1?(IFp?ho|$zOUceO$UD-+v4*H zk{I;a{*TMozWE>d*Dsf~A%e5%dDnBhesDdXpMiznNiPo%Cr>{PuUmdMZ+W^HBQF3E zb4WrzUAOmh(sJ~10{?LwIeg@Z!eKQ9<)c>*YiKE}Y8}x~IIOO9_;8jBeEwf<@bJ2R z(>dtBe?zZUixD`CZ#ej>g`Y>D^G$ar4i1eNRa4y4kxIhi3UBk+bI#Y1n(+>VN#nx_5Ymj8cL0UG>h!zhGGuh2*ubI2vG-p3|Fm9h)4I z$B5eJq7S%*s*T>->CJ3k**EcQCZYC^NM<=tC$yJys&7i4z0#1P|!cfLaJ322=D zwQ6u!dCa$CE0254;{2V^eG9u?lRL!V1~(i!5y{eD3X_hV-&EdgDSld8H}8>g)%LWj z4UffT212&(8@S9VdS#(J_IsknwXKs^h$51?85>;oc5|IXCI0-(YpG`|+0m9#oIdb^|r@^GUrOk z_Wn%@*&p8P-)^n`_<_f~Y4CbW$mOf3M3iFxwUc#GN!IxNe~e!zML8i|og_lXUp@|n zy7V{3D+GK6NNouk7`sU@T&kH%g z{BxK6c7u>O zA7OPf>DEGzP8Z9^N0eJ|UoU)=3UCc=G}+|O{dK4MCzIm%0v+Y#z;;m`UJZNsYu-OF zl8$soeUD_bmQ!zD{&^~zbVT&YL|~fy#=^Glmsc0!`Dq`%2elmzIoOqkEaS(IRHm(a3;PCliqf_j#xY(XM2Vx#?JO4B`Ku%TQTxlff^Rju{*W1Qr zZAYx{bm$K9h4r*sW}RtA?%PexJ8S9~IdfRds`PAQtEOR_@KN3%_iYgpFrP_H5VJ zsnb>MHD-O-)a5~WcgA~DY&F)KlzGxZ)=oq7=TEyBx7fg~r|p@0PQ-mlvH5QLgO@Kq zAaL5>^pcFMUh@6%ki|OEw`Ur>TG^ioh7yi@y(l*Zc3lqrnJ(*OxUGF$YV2F?O@B)F8w-#8_&mZN z;^dKX{FYMlY>#vly$ywydqDXiTPyduA5YOe*LS*jHDhVA>2B$D6t_fFBBi8lpYwA$ zx7q#e^;r{7?LPe}{gASI`oXZEW9bKy8*}2spI$;kLm2TZ-(q#9QcXw6<)xZGGSnyrA@uTUv-X z|4eD?nYzu^!7f}@l=QK?K7`fFKML7 + +
TIME
TIME
PATCH LEVEL
PATCH LEVEL
Kernel update 0
Kernel update 0
Kernel update 1
Kernel update 1
Kernel update 2
Kernel update 2
Kernel update 3
Kernel update 3
Live patch for update 0
Live patch for u...
Live patch for update 0
Live patch for u...
Live patch for update 0
Live patch for u...
Live patch for update 1
Live patch for u...
Live patch for update 1
Live patch for u...
Scheduled reboot
Scheduled rebootViewer does not support full SVG 1.1 \ No newline at end of file From 2e655b546ad2799acb1abf75e6577df6d59eea50 Mon Sep 17 00:00:00 2001 From: Dmitri Popov Date: Thu, 22 Feb 2024 11:26:42 +0100 Subject: [PATCH 3/5] Add more files --- tasks/klp-activate-cli.xml | 66 +++++++++++++++++++++++++++++ tasks/klp-activate-yast.xml | 70 +++++++++++++++++++++++++++++++ tasks/klp-perform.xml | 66 +++++++++++++++++++++++++++++ tasks/klp-troubleshoot.xml | 82 +++++++++++++++++++++++++++++++++++++ 4 files changed, 284 insertions(+) create mode 100644 tasks/klp-activate-cli.xml create mode 100644 tasks/klp-activate-yast.xml create mode 100644 tasks/klp-perform.xml create mode 100644 tasks/klp-troubleshoot.xml diff --git a/tasks/klp-activate-cli.xml b/tasks/klp-activate-cli.xml new file mode 100644 index 000000000..d6726fdd3 --- /dev/null +++ b/tasks/klp-activate-cli.xml @@ -0,0 +1,66 @@ + + + %entities; +]> + + + Activating &klp; from the command line + + + + To activate &klp;, you need to have active &slsa; and &slsa; Live Patching + subscriptions. Visit &scc; to check the + status of your subscriptions and obtain a registration code for the &slsa; + Live Patching subscription. + + + + + Run sudo SUSEConnect --list-extensions. Note the + exact activation command for &slsa; Live Patching. Example command + output (abbreviated): + +$ SUSEConnect --list-extensions + ... + SUSE Linux Enterprise Live Patching &productnumber; x86_64 + Activate with: SUSEConnect -p sle-module-live-patching/&productnumber-regurl;/x86_64 \ + -r ADDITIONAL REGCODE + + + + Activate &slsa; Live Patching using the obtained command followed by + , + for example: + +SUSEConnect -p sle-module-live-patching/&productnumber-regurl;/x86_64 \ + -r LIVE_PATCHING_REGISTRATION_CODE + + + + Install the required packages and dependencies using the command + zypper install -t pattern lp_sles + + + + + At this point, the system has already been live-patched. + + + Here is how the process works behind the scenes: when the package + installation system detects that there is an installed kernel that can be + live-patched, and that there is a live patch for it in the software + channel, the system selects the live patch for installation. The kernel + then receives the live patch fixes as part of the package + installation. The kernel gets live-patched even before the + product installation is complete. + + diff --git a/tasks/klp-activate-yast.xml b/tasks/klp-activate-yast.xml new file mode 100644 index 000000000..f857d99d5 --- /dev/null +++ b/tasks/klp-activate-yast.xml @@ -0,0 +1,70 @@ + + + %entities; +]> + + + Activating &klp; using &yast; + + + + To activate &klpa; on your system, you need to have active &slsa; and + &slea; Live Patching subscriptions. Visit + &scc; to check the status of your + subscriptions and obtain a registration code for the &slea; Live Patching + subscription. + + + To activate &klp; on your system, follow these steps: + + + + + Run the yast2 registration command and click + Select Extensions. + + + + + Select SUSE Linux Enterprise Live Patching 15 in the + list of available extensions and click Next. + + + + + Confirm the license terms and click Next. + + + + + Enter your &slea; Live Patching registration code and click + Next. + + + + + Check the Installation Summary and selected + Patterns. The patterns Live + Patching and SLE Live Patching Lifecycle + Data should be automatically selected for installation + along with additional packages to satisfy dependencies. + + + + + Click Accept to complete the installation. This + installs the base &klp; components on your system, the initial live + patch, and the required dependencies. + + + + diff --git a/tasks/klp-perform.xml b/tasks/klp-perform.xml new file mode 100644 index 000000000..d10b3f090 --- /dev/null +++ b/tasks/klp-perform.xml @@ -0,0 +1,66 @@ + + + %entities; +]> + + + Performing &klp; + + + + Kernel live patches are installed as part of regular system updates. + However, there are several things you should be aware of. + + + + + + The kernel is live-patched if a kernel-livepatch-* + package has been installed for the running kernel. You can use the command + zypper se --details kernel-livepatch-* to check what + kernel live patch packages are installed on your system. + + + + + When the kernel-default package is installed, the update + manager prompts you to reboot the system. To prevent this message from + appearing, you can filter out kernel updates from the patching operation. + This can be done by adding package locks with Zypper. &susemgr; also makes + it possible to filter channel contents (see + Live + Patching with SUSE Manager). + + + + + You can check patching status using the klp status + command. To examine installed patches, run the klp -v + patches command. + + + + + Keep in mind that while there may be multiple kernel packages installed on + the system, only one of them is running at any given time. Similarly, + there may be multiple live patch packages installed, but only one live + patch is loaded into the kernel. + + + + + The active live patch is included in the initrd. This + means that in case of an unexpected reboot, the system comes up with the + live patch fixes applied, so there is no need to perform patching again. + + + + diff --git a/tasks/klp-troubleshoot.xml b/tasks/klp-troubleshoot.xml new file mode 100644 index 000000000..45585b91f --- /dev/null +++ b/tasks/klp-troubleshoot.xml @@ -0,0 +1,82 @@ + + + %entities; +]> + + + Troubleshooting &klp; issues + + +

+ Checking expiration date of the live patch + + Make sure that the + lifecycle-data-sle-module-live-patching is installed, + then run the zypper lifecycle command. You should see + expiration dates for live patches in the Package end of support + if different from product section of the output. + + + Every live patch receives updates for one year from the release of the + underlying kernel package. The + Maintained + kernels, patch updates and lifecycle page allows you to check + expiration dates based on the running kernel version without installing + the product extension. + +
+
+ Manual patch downgrade + + If you find the latest live patch problematic, you can downgrade the + currently installed live patch back to its previous version. We recommend + performing patch downgrade before the system starts exhibiting issues. + Keep in mind that a system with kernel warnings or kernel error traces in + the system log may not be suitable for the patch downgrade procedure. If + you are unsure whether the system meets the requirements for a patch + downgrade, contact SUSE Technical Support for help. + + + Manual patch downgrade + + + Identify the running live patch using the klp -v + patches command. You can see the currently running patch on + the line starting with RPM:. For example: + +RPM: kernel-livepatch-5_3_18-24_29-default-2-2.1.x86_64 + + The 5_3_18-24_29-default in the example above + denotes the exact running kernel version. + + + + + Use the command zypper search -s + kernel-livepatch-RUNNING_KERNEL_VERSION-default + to search for previous versions of the patch. The command returns a + list of available package versions. Keep in mind that for every new + live patch package release, the version number increases by one. Make + sure that you choose the version number one release lower than the + current one. + + + + + Install the desired version with the command zypper in + --oldpackage + kernel-livepatch-RUNNING_KERNEL_VERSION-default=DESIRED_VERSION. + + + +
+ From ccacd44ae71f611ffc0ba95f4c1a9770ccc2b389 Mon Sep 17 00:00:00 2001 From: Dmitri Popov Date: Tue, 5 Mar 2024 13:57:48 +0100 Subject: [PATCH 4/5] Assemble everything --- articles/klp.asm.xml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/articles/klp.asm.xml b/articles/klp.asm.xml index d9df9f3a1..9f827af4d 100644 --- a/articles/klp.asm.xml +++ b/articles/klp.asm.xml @@ -21,6 +21,10 @@ + + + + @@ -152,7 +156,7 @@ WHAT? - Understanding and using &klp; on &sles; + Understanding and using &klp; on &sles;. @@ -160,7 +164,7 @@ WHY? - Because &klp; helps to keep mission-critical systems secure + Because you want to keep mission-critical systems secure, without downtime. @@ -198,6 +202,10 @@ + + + + From 4cd99f88b29bc0be18a79fec672f7960234f87c5 Mon Sep 17 00:00:00 2001 From: Dmitri Popov Date: Wed, 13 Mar 2024 10:11:12 +0100 Subject: [PATCH 5/5] Update KLP downgrade --- concepts/klp-intro.xml | 8 +++--- tasks/klp-troubleshoot.xml | 53 +++++++++----------------------------- 2 files changed, 16 insertions(+), 45 deletions(-) diff --git a/concepts/klp-intro.xml b/concepts/klp-intro.xml index 9220b591d..a362f95cb 100644 --- a/concepts/klp-intro.xml +++ b/concepts/klp-intro.xml @@ -19,21 +19,21 @@ &klp; (&klpa;) makes it possible to apply the latest security updates to Linux kernels without rebooting. This maximizes system uptime and availability, which is particularly important for mission-critical systems. - As such, &klpa; offers several important benefits. + As such, &klpa; offers several benefits. - Keeping a large number of servers automatically up to date is essential + Keeping a large number of servers automatically up-to-date is essential for organizations obtaining or maintaining certain compliance certifications. &klpa; can help achieve compliance, while reducing the - need for costly maintenance windows. + need for maintenance windows. Companies that work with service-level agreement contracts must - guarantee a specific level of their system accessibility and uptime. + guarantee a certain level of the system accessibility and uptime. Live patching makes it possible to patch systems without incurring downtime. diff --git a/tasks/klp-troubleshoot.xml b/tasks/klp-troubleshoot.xml index 45585b91f..d5b691e89 100644 --- a/tasks/klp-troubleshoot.xml +++ b/tasks/klp-troubleshoot.xml @@ -25,7 +25,7 @@ if different from product section of the output. - Every live patch receives updates for one year from the release of the + Every live patch receives updates for 13 months from the release of the underlying kernel package. The Maintained @@ -35,48 +35,19 @@
- Manual patch downgrade + Downgrading a kernel patch If you find the latest live patch problematic, you can downgrade the - currently installed live patch back to its previous version. We recommend - performing patch downgrade before the system starts exhibiting issues. - Keep in mind that a system with kernel warnings or kernel error traces in - the system log may not be suitable for the patch downgrade procedure. If - you are unsure whether the system meets the requirements for a patch - downgrade, contact SUSE Technical Support for help. + currently installed live patch back to its previous version. Keep in mind + that a system with kernel warnings or kernel error traces in the system + log may not be suitable for the patch downgrade procedure. If you are + unsure whether the system meets the requirements for a patch downgrade, + contact SUSE Technical Support for help. + + + To downgrade the latest kernel live patch, use the klp + downgrade command. This command automatically detects the + version of the latest live patch and installs the preceding one. - - Manual patch downgrade - - - Identify the running live patch using the klp -v - patches command. You can see the currently running patch on - the line starting with RPM:. For example: - -RPM: kernel-livepatch-5_3_18-24_29-default-2-2.1.x86_64 - - The 5_3_18-24_29-default in the example above - denotes the exact running kernel version. - - - - - Use the command zypper search -s - kernel-livepatch-RUNNING_KERNEL_VERSION-default - to search for previous versions of the patch. The command returns a - list of available package versions. Keep in mind that for every new - live patch package release, the version number increases by one. Make - sure that you choose the version number one release lower than the - current one. - - - - - Install the desired version with the command zypper in - --oldpackage - kernel-livepatch-RUNNING_KERNEL_VERSION-default=DESIRED_VERSION. - - -