From d04c04a4e8d968f9f82de810a3c763474e3faeb7 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Thu, 25 May 2023 13:46:14 +0100
Subject: [PATCH 1/7] feat(el3-runtime): modify vector entry paths

Vector entries in EL3 from lower ELs, first check for any pending
async EAs from lower EL before handling the original exception.
This happens when there is an error (EA) in the system which is not
yet signaled to PE while executing at lower EL. During entry into EL3
the errors (EA) are synchronized causing async EA to pend at EL3.

On detecting the pending EA (via ISR_EL1.A) EL3 either reflects it back
to lower EL (KFH) or handles it in EL3 (FFH) based on EA routing model.

In case of Firmware First handling mode (FFH), EL3 handles the pended
EA first before returing back to handle the original exception.

While in case of Kernel First handling mode (KFH), EL3 will return back
to lower EL without handling the original exception. On returing to
lower EL, EA will be pended. In KFH mode there is a risk of back and
forth between EL3 and lower EL if the EA is masked at lower EL or
priority of EA is lower than that of original exception. This is a
limitation in current architecture but can be solved in future if EL3
gets a capability to inject virtual SError.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3a2a31de7cf454d9d690b1ef769432a5b24f6c11
---
 bl31/aarch64/ea_delegate.S                | 179 +++++++++++++++++++---
 bl31/aarch64/runtime_exceptions.S         | 146 ++++++++----------
 include/arch/aarch64/asm_macros.S         |   9 ++
 include/bl31/ea_handle.h                  |   2 +
 include/lib/el3_runtime/aarch64/context.h |  17 +-
 lib/el3_runtime/aarch64/context.S         |   3 +-
 6 files changed, 251 insertions(+), 105 deletions(-)

diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index dd6b4dc9c..188c7246c 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -15,26 +15,10 @@
 #include <cpu_macros.S>
 #include <context.h>
 
-	.globl	handle_lower_el_ea_esb
 	.globl	handle_lower_el_sync_ea
 	.globl	handle_lower_el_async_ea
-
-
-/*
- * Function to delegate External Aborts synchronized by ESB instruction at EL3
- * vector entry. This function assumes GP registers x0-x29 have been saved, and
- * are available for use. It delegates the handling of the EA to platform
- * handler, and returns only upon successfully handling the EA; otherwise
- * panics. On return from this function, the original exception handler is
- * expected to resume.
- */
-func handle_lower_el_ea_esb
-	mov	x0, #ERROR_EA_ESB
-	mrs	x1, DISR_EL1
-	b	ea_proceed
-endfunc handle_lower_el_ea_esb
-
-
+	.globl	handle_pending_async_ea
+	.globl	reflect_pending_async_ea_to_lower_el
 /*
  * This function forms the tail end of Synchronous Exception entry from lower
  * EL, and expects to handle Synchronous External Aborts from lower EL and CPU
@@ -140,6 +124,165 @@ func handle_lower_el_async_ea
 	b	el3_exit
 endfunc handle_lower_el_async_ea
 
+/*
+ * NOTE 1 : Synchronized async EA handling
+ *
+ * Comment here applicable to following two functions
+ *   - handle_pending_async_ea
+ *   - reflect_pending_async_ea_to_lower_el
+ *
+ * Must be called from exception vector directly.
+ *
+ * These special handling is required to cater for handling async EA from
+ * lower EL synchronized at EL3 entry.
+ *
+ * This scenario may arise when there is an error (EA) in the system which is not
+ * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
+ * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
+ *
+ * On detecting the pending EA (via ISR_EL1.A), based on routing model of EA
+ * either handle it in EL3 using "handle_pending_async_ea" (FFH)  or return to
+ * lower EL using "reflect_pending_async_ea_to_lower_el" (KFH) .
+ */
+
+/*
+ * Refer to NOTE 1 : Firmware First Handling (FFH)
+ *  Called when FFH is enabled and outgoing world is Non-Secure (scr_el3.ea = 1).
+ *
+ * This function assumes x30 has been saved.
+ */
+#if HANDLE_EA_EL3_FIRST_NS
+func handle_pending_async_ea
+	/*
+	 * Prepare for nested handling of EA. Stash sysregs clobbered by nested
+	 * exception and handler
+	 */
+	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+	mrs	x30, esr_el3
+	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+	mrs	x30, spsr_el3
+	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+	mrs	x30, elr_el3
+	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+
+	mov	x30, #1
+	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	/*
+	 * Restore the original x30 saved as part of entering EL3. This is not
+	 * required for the current function but for EL3 SError vector entry
+	 * once PSTATE.A bit is unmasked. We restore x30 and then the same
+	 * value is stored in EL3 SError vector entry.
+	 */
+	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+
+	/*
+	 * After clearing PSTATE.A bit pending SError will trigger at current EL.
+	 * Put explicit synchronization event to ensure newly unmasked interrupt
+	 * is taken immediately.
+	 */
+	unmask_async_ea
+
+	/* Restore the original exception information along with zeroing the storage */
+	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	msr	elr_el3, x30
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+	msr	spsr_el3, x30
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_SPSR_EL3]
+	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+	msr	esr_el3, x30
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ESR_EL3]
+
+	/*
+	 * If the original exception corresponds to SError from lower El, eret back
+	 * to lower EL, otherwise return to vector table for original exception handling.
+	 */
+	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+	cmp	x30, #EC_SERROR
+	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_GPREG_LR]
+	b.eq	1f
+	ret
+1:
+	exception_return
+endfunc handle_pending_async_ea
+#endif /* HANDLE_EA_EL3_FIRST_NS */
+
+/*
+ * Refer to NOTE 1 : Kernel First handling (KFH)
+ *   Called in following scenarios
+ *     - Always, if outgoing world is either Secure or Realm
+ *     - KFH mode if outgoing world is Non-secure.
+ *
+ * This function assumes x30 has been saved.
+ */
+
+func reflect_pending_async_ea_to_lower_el
+	/*
+	 * As the original exception was not handled we need to ensure that we return
+	 * back to the instruction which caused the exception. To acheive that, eret
+	 * to "elr-4" (Label "subtract_elr_el3") for SMC or simply eret otherwise
+	 * (Label "skip_smc_check").
+	 *
+	 * LIMITATION: It could be that async EA is masked at the target exception level
+	 * or the priority of async EA wrt to the EL3/secure interrupt is lower, which
+	 * causes back and forth between lower EL and EL3. In case of back and forth between
+	 * lower EL and EL3, we can track the loop count in "CTX_NESTED_EA_FLAG" and leverage
+	 * previous ELR in "CTX_SAVED_ELR_EL3" to detect this cycle and further panic
+	 * to indicate a problem here (Label "check_loop_ctr").
+	 * However, setting SCR_EL3.IESB = 1, should give priority to SError handling
+	 * as per AArch64.TakeException pseudo code in Arm ARM.
+	 *
+	 * TODO: In future if EL3 gets a capability to inject a virtual SError to lower
+	 * ELs, we can remove the el3_panic and handle the original exception first and
+	 * inject SError to lower EL before ereting back.
+	 */
+	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	mrs	x28, elr_el3
+	cmp	x29, x28
+	b.eq	check_loop_ctr
+	str	x28, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	/* Zero the loop counter */
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	b	skip_loop_ctr
+check_loop_ctr:
+	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	add	x29, x29, #1
+	str	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	cmp	x29, #ASYNC_EA_REPLAY_COUNTER
+	b.ge	el3_panic
+skip_loop_ctr:
+	/*
+	 * Logic to distinguish if we came from SMC or any other exception.
+	 * Use offsets in vector entry to get which exception we are handling.
+	 * In each vector entry of size 0x200, address "0x0-0x80" is for sync
+	 * exception and "0x80-0x200" is for async exceptions.
+	 * Use vector base address (vbar_el3) and exception offset (LR) to
+	 * calculate whether the address we came from is any of the following
+	 * "0x0-0x80", "0x200-0x280", "0x400-0x480" or "0x600-0x680"
+	 */
+	mrs	x29, vbar_el3
+	sub	x30, x30, x29
+	and	x30, x30, #0x1ff
+	cmp	x30, #0x80
+	b.ge	skip_smc_check
+	/* Its a synchronous exception, Now check if it is SMC or not? */
+	mrs	x30, esr_el3
+	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+	cmp	x30, #EC_AARCH32_SMC
+	b.eq	subtract_elr_el3
+	cmp	x30, #EC_AARCH64_SMC
+	b.eq	subtract_elr_el3
+	b	skip_smc_check
+subtract_elr_el3:
+	sub	x28, x28, #4
+skip_smc_check:
+	msr	elr_el3, x28
+	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+	exception_return
+endfunc reflect_pending_async_ea_to_lower_el
 
 /*
  * Prelude for Synchronous External Abort handling. This function assumes that
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 82986966c..4c1fa1a62 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -47,72 +47,31 @@
 	str	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
 	.endm
 
-	/*
-	 * Macro that prepares entry to EL3 upon taking an exception.
-	 *
-	 * With RAS_FFH_SUPPORT, this macro synchronizes pending errors with an
-	 * ESB instruction. When an error is thus synchronized, the handling is
-	 * delegated to platform EA handler.
-	 *
-	 * Without RAS_FFH_SUPPORT, this macro synchronizes pending errors using
-	 * a DSB, unmasks Asynchronous External Aborts and saves X30 before
-	 * setting the flag CTX_IS_IN_EL3.
-	 */
-	.macro check_and_unmask_ea
-#if RAS_FFH_SUPPORT
-	/* Synchronize pending External Aborts */
-	esb
-
-	/* Unmask the SError interrupt */
-	msr	daifclr, #DAIF_ABT_BIT
-
-	/* Check for SErrors synchronized by the ESB instruction */
-	mrs	x30, DISR_EL1
-	tbz	x30, #DISR_A_BIT, 1f
+	.macro restore_x30
+	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+	.endm
 
 	/*
-	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
-	 * Also save PMCR_EL0 and  set the PSTATE to a known state.
-	 */
-	bl	prepare_el3_entry
-
-	bl	handle_lower_el_ea_esb
-
-	/* Restore general purpose, PMCR_EL0 and ARMv8.3-PAuth registers */
-	bl	restore_gp_pmcr_pauth_regs
-1:
-#else
-	/*
-	 * Note 1: The explicit DSB at the entry of various exception vectors
-	 * for handling exceptions from lower ELs can inadvertently trigger an
-	 * SError exception in EL3 due to pending asynchronous aborts in lower
-	 * ELs. This will end up being handled by serror_sp_elx which will
-	 * ultimately panic and die.
-	 * The way to workaround is to update a flag to indicate if the exception
-	 * truly came from EL3. This flag is allocated in the cpu_context
-	 * structure and located at offset "CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3"
-	 * This is not a bullet proof solution to the problem at hand because
-	 * we assume the instructions following "isb" that help to update the
-	 * flag execute without causing further exceptions.
-	 */
-
-	/*
-	 * For SoCs which do not implement RAS, use DSB as a barrier to
-	 * synchronize pending external aborts.
+	 * Macro that synchronizes errors (EA) and checks for pending SError.
+	 * On detecting a pending SError it either reflects it back to lower
+	 * EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
 	 */
+	.macro	sync_and_handle_pending_serror
 	dsb	sy
-
-	/* Unmask the SError interrupt */
-	msr	daifclr, #DAIF_ABT_BIT
-
-	/* Use ISB for the above unmask operation to take effect immediately */
 	isb
-
-	/* Refer Note 1. */
-	mov 	x30, #1
-	str	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
-	dmb	sy
+	mrs	x30, ISR_EL1
+	tbz	x30, #ISR_A_SHIFT, 2f
+#if HANDLE_EA_EL3_FIRST_NS
+	mrs	x30, scr_el3
+	tst	x30, #SCR_EA_BIT
+	b.eq	1f
+	bl	handle_pending_async_ea
+	b	2f
 #endif
+1:
+	/* This function never returns, but need LR for decision making */
+	bl	reflect_pending_async_ea_to_lower_el
+2:
 	.endm
 
 	/* ---------------------------------------------------------------------
@@ -217,22 +176,33 @@ vector_entry fiq_sp_elx
 end_vector_entry fiq_sp_elx
 
 vector_entry serror_sp_elx
-#if !RAS_FFH_SUPPORT
+#if HANDLE_EA_EL3_FIRST_NS
 	/*
 	 * This will trigger if the exception was taken due to SError in EL3 or
 	 * because of pending asynchronous external aborts from lower EL that got
-	 * triggered due to explicit synchronization in EL3. Refer Note 1.
+	 * triggered due to implicit/explicit synchronization in EL3 (SCR_EL3.EA=1)
+	 * during EL3 entry. For the former case we continue with "plat_handle_el3_ea".
+	 * The later case will occur when PSTATE.A bit is cleared in
+	 * "handle_pending_async_ea". This means we are doing a nested
+	 * exception in EL3. Call the handler for async EA which will eret back to
+	 * original el3 handler if it is nested exception. Also, unmask EA so that we
+	 * catch any further EA arise when handling this nested exception at EL3.
 	 */
-	/* Assumes SP_EL3 on entry */
 	save_x30
-	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
-	cbnz	x30, 1f
-
-	/* Handle asynchronous external abort from lower EL */
+	ldr	x30, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	cbz	x30, 1f
+	/*
+	 * This is nested exception handling, clear the flag to avoid taking this
+	 * path for further exceptions caused by EA handling
+	 */
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	unmask_async_ea
 	b	handle_lower_el_async_ea
 1:
+	restore_x30
 #endif
 	no_ret	plat_handle_el3_ea
+
 end_vector_entry serror_sp_elx
 
 	/* ---------------------------------------------------------------------
@@ -248,34 +218,37 @@ vector_entry sync_exception_aarch64
 	 */
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	handle_sync_exception
 end_vector_entry sync_exception_aarch64
 
 vector_entry irq_aarch64
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry irq_aarch64
 
 vector_entry fiq_aarch64
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b 	handle_interrupt_exception
 end_vector_entry fiq_aarch64
 
+	/*
+	 * Need to synchronize any outstanding SError since we can get a burst of errors.
+	 * So reuse the sync mechanism to catch any further errors which are pending.
+	 */
 vector_entry serror_aarch64
 	save_x30
 	apply_at_speculative_wa
-#if RAS_FFH_SUPPORT
-	msr	daifclr, #DAIF_ABT_BIT
-#else
-	check_and_unmask_ea
-#endif
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b	handle_lower_el_async_ea
-
 end_vector_entry serror_aarch64
 
 	/* ---------------------------------------------------------------------
@@ -291,34 +264,37 @@ vector_entry sync_exception_aarch32
 	 */
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	handle_sync_exception
 end_vector_entry sync_exception_aarch32
 
 vector_entry irq_aarch32
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry irq_aarch32
 
 vector_entry fiq_aarch32
 	save_x30
 	apply_at_speculative_wa
-	check_and_unmask_ea
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b	handle_interrupt_exception
 end_vector_entry fiq_aarch32
 
+	/*
+	 * Need to synchronize any outstanding SError since we can get a burst of errors.
+	 * So reuse the sync mechanism to catch any further errors which are pending.
+	 */
 vector_entry serror_aarch32
 	save_x30
 	apply_at_speculative_wa
-#if RAS_FFH_SUPPORT
-	msr	daifclr, #DAIF_ABT_BIT
-#else
-	check_and_unmask_ea
-#endif
+	sync_and_handle_pending_serror
+	unmask_async_ea
 	b	handle_lower_el_async_ea
-
 end_vector_entry serror_aarch32
 
 #ifdef MONITOR_TRAPS
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 6091f6294..44f892cf2 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -292,4 +292,13 @@
 #endif
 	.endm
 
+	/*
+	 * Macro to unmask External Aborts by changing PSTATE.A bit.
+	 * Put explicit synchronization event to ensure newly unmasked interrupt
+	 * is taken immediately.
+	 */
+	.macro  unmask_async_ea
+	msr     daifclr, #DAIF_ABT_BIT
+	isb
+	.endm
 #endif /* ASM_MACROS_S */
diff --git a/include/bl31/ea_handle.h b/include/bl31/ea_handle.h
index 68f012c14..7cd7b6a1c 100644
--- a/include/bl31/ea_handle.h
+++ b/include/bl31/ea_handle.h
@@ -21,4 +21,6 @@
 /* RAS event signalled as peripheral interrupt */
 #define ERROR_INTERRUPT		3
 
+#define ASYNC_EA_REPLAY_COUNTER	U(100)
+
 #endif /* EA_HANDLE_H */
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index 470d11300..fb2850596 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -63,7 +63,22 @@
 #define CTX_PMCR_EL0		U(0x28)
 #define CTX_IS_IN_EL3		U(0x30)
 #define CTX_MPAM3_EL3		U(0x38)
-#define CTX_EL3STATE_END	U(0x40) /* Align to the next 16 byte boundary */
+/* Constants required in supporting nested exception in EL3 */
+#define CTX_SAVED_ELR_EL3	U(0x40)
+/*
+ * General purpose flag, to save various EL3 states
+ * FFH mode : Used to identify if handling nested exception
+ * KFH mode : Used as counter value
+ */
+#define CTX_NESTED_EA_FLAG	U(0x48)
+#if HANDLE_EA_EL3_FIRST_NS
+ #define CTX_SAVED_ESR_EL3	U(0x50)
+ #define CTX_SAVED_SPSR_EL3	U(0x58)
+ #define CTX_SAVED_GPREG_LR	U(0x60)
+ #define CTX_EL3STATE_END	U(0x70) /* Align to the next 16 byte boundary */
+#else
+ #define CTX_EL3STATE_END	U(0x50) /* Align to the next 16 byte boundary */
+#endif
 
 /*******************************************************************************
  * Constants that allow assembler code to access members of and the
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 41b25d6f9..894165ae0 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -689,7 +689,8 @@ sve_not_enabled:
 	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
 
 #ifdef IMAGE_BL31
-	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_IS_IN_EL3]
+	/* Clear the EL3 flag as we are exiting el3 */
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
 #endif /* IMAGE_BL31 */
 
 	exception_return

From 6597fcf169fa548d40f1e63391d12d207c491266 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Mon, 26 Jun 2023 17:46:14 +0100
Subject: [PATCH 2/7] feat(ras): use FEAT_IESB for error synchronization

For synchronization of errors at exception boundries TF-A uses "esb"
instruction with FEAT_RAS or "dsb" and "isb" otherwise. The problem
with esb instruction is, along with synching errors it might also
consume the error, which is not ideal in all scenarios. On the other
hand we can't use dsb always as its in the hot path.

To solve above mentioned problem the best way is to use FEAT_IESB
feature which provides controls to insert an implicit Error
synchronization event at exception entry and exception return.

Assumption in TF-A is, if RAS Extension is present then FEAT_IESB will
also be present and enabled.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5861eec5da4028a116406bb4d1fea7dac232456
---
 bl31/aarch64/runtime_exceptions.S        |  3 +--
 include/arch/aarch32/asm_macros.S        |  8 ++++++++
 include/arch/aarch64/asm_macros.S        | 21 +++++++++++++++++++++
 include/arch/aarch64/el3_common_macros.S |  4 ++++
 lib/el3_runtime/aarch64/context.S        | 20 +++-----------------
 5 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 4c1fa1a62..fbf2bcac1 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -57,8 +57,7 @@
 	 * EL (KFH) or handles it in EL3 (FFH) based on EA routing model.
 	 */
 	.macro	sync_and_handle_pending_serror
-	dsb	sy
-	isb
+	synchronize_errors
 	mrs	x30, ISR_EL1
 	tbz	x30, #ISR_A_SHIFT, 2f
 #if HANDLE_EA_EL3_FIRST_NS
diff --git a/include/arch/aarch32/asm_macros.S b/include/arch/aarch32/asm_macros.S
index 83e94caa4..3ba86e956 100644
--- a/include/arch/aarch32/asm_macros.S
+++ b/include/arch/aarch32/asm_macros.S
@@ -120,6 +120,14 @@
 	.endm
 #endif
 
+	/* Macro for error synchronization */
+	.macro synchronize_errors
+	/* Complete any stores that may return an abort */
+	dsb	sy
+	/* Synchronise the CPU context with the completion of the dsb */
+	isb
+	.endm
+
 #if (ARM_ARCH_MAJOR == 7)
 	/* ARMv7 does not support stl instruction */
 	.macro stl _reg, _write_lock
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 44f892cf2..53c7d0b08 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -301,4 +301,25 @@
 	msr     daifclr, #DAIF_ABT_BIT
 	isb
 	.endm
+
+	/* Macro for error synchronization on exception boundries.
+	 * With FEAT_RAS enabled, it is assumed that FEAT_IESB is also present
+	 * and enabled.
+	 * FEAT_IESB provides an implicit error synchronization event at exception
+	 * entry and exception return, so there is no need for any explicit instruction.
+	 */
+	.macro synchronize_errors
+	/*
+	 * This is a hot path, so we don't want to do some actual FEAT_RAS runtime
+	 * detection here. For ENABLE_FEAT_RAS==2, its not ideal but won't hurt as
+	 * state 2 is mostly used by configurable platforms(fvp/qemu).
+	*/
+#if ENABLE_FEAT_RAS != 1
+	/* Complete any stores that may return an abort */
+	dsb	sy
+	/* Synchronise the CPU context with the completion of the dsb */
+	isb
+#endif
+	.endm
+
 #endif /* ASM_MACROS_S */
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index 9c9c00f1a..b40473a4e 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -208,6 +208,10 @@
 		 */
 		mov_imm	x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \
 				| SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT))
+#if ENABLE_FEAT_RAS == 1
+		/* If FEAT_RAS is present assume FEAT_IESB is also present */
+		orr	x0, x0, #SCTLR_IESB_BIT
+#endif
 		msr	sctlr_el3, x0
 		isb
 	.endif /* _init_sctlr */
diff --git a/lib/el3_runtime/aarch64/context.S b/lib/el3_runtime/aarch64/context.S
index 894165ae0..631094f73 100644
--- a/lib/el3_runtime/aarch64/context.S
+++ b/lib/el3_runtime/aarch64/context.S
@@ -649,23 +649,9 @@ sve_not_enabled:
 1:
 #endif /* IMAGE_BL31 && DYNAMIC_WORKAROUND_CVE_2018_3639 */
 
-/*
- * This is a hot path, so we don't want to do some actual FEAT_RAS runtime
- * detection here. The "esb" is a cheaper variant, so using "dsb" in the
- * ENABLE_FEAT_RAS==2 case is not ideal, but won't hurt.
- */
-#if IMAGE_BL31 && ENABLE_FEAT_RAS == 1
-	/* ----------------------------------------------------------
-	 * Issue Error Synchronization Barrier to synchronize SErrors
-	 * before exiting EL3. We're running with EAs unmasked, so
-	 * any synchronized errors would be taken immediately;
-	 * therefore no need to inspect DISR_EL1 register.
- 	 * ----------------------------------------------------------
-	 */
-	esb
-#else
-	dsb	sy
-#endif /* IMAGE_BL31 && ENABLE_FEAT_RAS */
+#if IMAGE_BL31
+	synchronize_errors
+#endif /* IMAGE_BL31 */
 
 	/* ----------------------------------------------------------
 	 * Restore SPSR_EL3, ELR_EL3 and SCR_EL3 prior to ERET

From 970a4a8d8c0d6894fe2fd483d06b6392639e8760 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Tue, 10 Oct 2023 13:53:25 +0100
Subject: [PATCH 3/7] fix(ras): restrict ENABLE_FEAT_RAS to have only two
 states

As part of migrating RAS extension to feature detection mechanism, the
macro ENABLE_FEAT_RAS was allowed to have dynamic detection (FEAT_STATE
2). Considering this feature does impact execution of EL3 and we need
to know at compile time about the presence of this feature. Do not use
dynamic detection part of feature detection mechanism.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I23858f641f81fbd81b6b17504eb4a2cc65c1a752
---
 Makefile                                 | 4 ++--
 docs/getting_started/build-options.rst   | 6 ++++--
 include/arch/aarch64/asm_macros.S        | 7 +------
 include/arch/aarch64/el3_common_macros.S | 2 +-
 plat/arm/board/fvp/platform.mk           | 1 -
 5 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/Makefile b/Makefile
index 7f781a09a..a02f04bcc 100644
--- a/Makefile
+++ b/Makefile
@@ -1283,6 +1283,7 @@ $(eval $(call assert_booleans,\
 	ENABLE_RUNTIME_INSTRUMENTATION \
 	ENABLE_SME_FOR_SWD \
 	ENABLE_SVE_FOR_SWD \
+	ENABLE_FEAT_RAS	\
 	ERROR_DEPRECATED \
 	FAULT_INJECTION_SUPPORT \
 	GENERATE_COT \
@@ -1360,7 +1361,6 @@ $(eval $(call assert_numerics,\
 	ENABLE_FEAT_AMU \
 	ENABLE_FEAT_AMUv1p1 \
 	ENABLE_FEAT_CSV2_2 \
-	ENABLE_FEAT_RAS	\
 	ENABLE_FEAT_DIT \
 	ENABLE_FEAT_ECV \
 	ENABLE_FEAT_FGT \
@@ -1443,6 +1443,7 @@ $(eval $(call add_defines,\
 	ENABLE_SPE_FOR_NS \
 	ENABLE_SVE_FOR_NS \
 	ENABLE_SVE_FOR_SWD \
+	ENABLE_FEAT_RAS \
 	ENCRYPT_BL31 \
 	ENCRYPT_BL32 \
 	ERROR_DEPRECATED \
@@ -1460,7 +1461,6 @@ $(eval $(call add_defines,\
 	PROGRAMMABLE_RESET_ADDRESS \
 	PSCI_EXTENDED_STATE_ID \
 	PSCI_OS_INIT_MODE \
-	ENABLE_FEAT_RAS \
 	RAS_FFH_SUPPORT \
 	RESET_TO_BL31 \
 	SEPARATE_CODE_AND_RODATA \
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 347cf20bc..51c5c785f 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -813,8 +813,10 @@ Common build options
 
 -  ``ENABLE_FEAT_RAS``: Numeric value to enable Armv8.2 RAS features. RAS features
    are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2
-   or later CPUs. This flag can take the values 0 to 2, to align with the
-   ``FEATURE_DETECTION`` mechanism.
+   or later CPUs. This flag can take the values 0 or 1. The default value is 0.
+   NOTE: This flag enables use of IESB capability to reduce entry latency into
+   EL3 even when RAS error handling is not performed on the platform. Hence this
+   flag is recommended to be turned on Armv8.2 and later CPUs.
 
 -  ``RAS_FFH_SUPPORT``: Support to enable Firmware first handling of RAS errors
    originating from NS world. When ``RAS_FFH_SUPPORT`` is set to ``1``,
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index 53c7d0b08..d09ad0f0d 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -309,12 +309,7 @@
 	 * entry and exception return, so there is no need for any explicit instruction.
 	 */
 	.macro synchronize_errors
-	/*
-	 * This is a hot path, so we don't want to do some actual FEAT_RAS runtime
-	 * detection here. For ENABLE_FEAT_RAS==2, its not ideal but won't hurt as
-	 * state 2 is mostly used by configurable platforms(fvp/qemu).
-	*/
-#if ENABLE_FEAT_RAS != 1
+#if !ENABLE_FEAT_RAS
 	/* Complete any stores that may return an abort */
 	dsb	sy
 	/* Synchronise the CPU context with the completion of the dsb */
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index b40473a4e..a78837f23 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -208,7 +208,7 @@
 		 */
 		mov_imm	x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \
 				| SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT))
-#if ENABLE_FEAT_RAS == 1
+#if ENABLE_FEAT_RAS
 		/* If FEAT_RAS is present assume FEAT_IESB is also present */
 		orr	x0, x0, #SCTLR_IESB_BIT
 #endif
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index f7c174f78..3104efa5e 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -56,7 +56,6 @@ ifneq (${SPD}, tspd)
 	ENABLE_FEAT_RNG			:= 2
 	ENABLE_FEAT_TWED		:= 2
 	ENABLE_FEAT_GCS			:= 2
-	ENABLE_FEAT_RAS			:= 2
 ifeq (${ARCH}, aarch64)
 ifneq (${SPD}, spmd)
 ifeq (${SPM_MM}, 0)

From f87e54f73cfee5042df526af6185ac6d9653a8f5 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Tue, 10 Oct 2023 15:42:19 +0100
Subject: [PATCH 4/7] fix(ras): remove RAS_FFH_SUPPORT and introduce
 FFH_SUPPORT

This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.

This is to allow Secure/Realm world to have their own FFH macros
in future.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
---
 Makefile                                      | 23 +++++++++----------
 bl31/aarch64/ea_delegate.S                    |  4 ++--
 bl31/aarch64/runtime_exceptions.S             |  4 ++--
 docs/components/ras.rst                       | 16 +++++++------
 docs/getting_started/build-internals.rst      |  7 ++++++
 docs/getting_started/build-options.rst        |  6 +----
 docs/porting-guide.rst                        | 17 +++++---------
 include/lib/el3_runtime/aarch64/context.h     |  2 +-
 include/plat/arm/common/arm_def.h             |  2 +-
 make_helpers/defaults.mk                      |  3 ---
 plat/arm/board/fvp/platform.mk                | 19 ++++++++++-----
 plat/arm/board/rdn2/platform.mk               |  2 +-
 plat/arm/board/rdn2/rdn2_plat.c               |  2 +-
 plat/arm/board/rdn2/rdn2_security.c           |  2 +-
 plat/arm/board/tc/platform.mk                 |  2 --
 plat/arm/common/arm_bl31_setup.c              |  2 +-
 plat/arm/common/arm_common.mk                 |  2 +-
 plat/arm/common/arm_gicv3.c                   |  2 +-
 .../css/sgi/include/sgi_base_platform_def.h   |  6 ++---
 plat/arm/css/sgi/sgi-common.mk                |  2 --
 plat/arm/css/sgi/sgi_plat.c                   |  2 +-
 plat/arm/css/sgi/sgi_plat_v2.c                |  2 +-
 plat/common/aarch64/plat_common.c             |  8 +++++--
 plat/common/aarch64/plat_ehf.c                |  4 ++--
 plat/nvidia/tegra/include/tegra_private.h     |  2 +-
 plat/nvidia/tegra/soc/t194/plat_ras.c         |  2 +-
 plat/nvidia/tegra/soc/t194/plat_setup.c       |  2 +-
 plat/nvidia/tegra/soc/t194/plat_sip_calls.c   |  2 +-
 plat/nvidia/tegra/soc/t194/platform_t194.mk   |  4 ++--
 29 files changed, 78 insertions(+), 75 deletions(-)

diff --git a/Makefile b/Makefile
index a02f04bcc..da9eb9f53 100644
--- a/Makefile
+++ b/Makefile
@@ -809,6 +809,14 @@ else
 	BL2_RUNS_AT_EL3	:=	0
 endif
 
+# This internal flag is set to 1 when Firmware First handling of External aborts
+# is required by lowe ELs. Currently only NS requires this support.
+ifeq ($(HANDLE_EA_EL3_FIRST_NS),1)
+	FFH_SUPPORT := 1
+else
+	FFH_SUPPORT := 0
+endif
+
 $(eval $(call MAKE_PREREQ_DIR,${BUILD_PLAT}))
 
 ifeq (${ARM_ARCH_MAJOR},7)
@@ -970,18 +978,9 @@ endif
 # RAS_EXTENSION is deprecated, provide alternate build options
 ifeq ($(RAS_EXTENSION),1)
         $(error "RAS_EXTENSION is now deprecated, please use ENABLE_FEAT_RAS \
-        and RAS_FFH_SUPPORT instead")
+        and HANDLE_EA_EL3_FIRST_NS instead")
 endif
 
-# RAS firmware first handling requires that EAs are handled in EL3 first
-ifeq ($(RAS_FFH_SUPPORT),1)
-	ifneq ($(ENABLE_FEAT_RAS),1)
-                $(error For RAS_FFH_SUPPORT, ENABLE_FEAT_RAS must also be 1)
-	endif
-	ifneq ($(HANDLE_EA_EL3_FIRST_NS),1)
-                $(error For RAS_FFH_SUPPORT, HANDLE_EA_EL3_FIRST_NS must also be 1)
-	endif
-endif #(RAS_FFH_SUPPORT)
 
 # When FAULT_INJECTION_SUPPORT is used, require that FEAT_RAS is enabled
 ifeq ($(FAULT_INJECTION_SUPPORT),1)
@@ -1284,6 +1283,7 @@ $(eval $(call assert_booleans,\
 	ENABLE_SME_FOR_SWD \
 	ENABLE_SVE_FOR_SWD \
 	ENABLE_FEAT_RAS	\
+	FFH_SUPPORT	\
 	ERROR_DEPRECATED \
 	FAULT_INJECTION_SUPPORT \
 	GENERATE_COT \
@@ -1338,7 +1338,6 @@ $(eval $(call assert_booleans,\
 	ERRATA_ABI_SUPPORT \
 	ERRATA_NON_ARM_INTERCONNECT \
 	CONDITIONAL_CMO \
-	RAS_FFH_SUPPORT \
 	PSA_CRYPTO	\
 	ENABLE_CONSOLE_GETC \
 )))
@@ -1444,6 +1443,7 @@ $(eval $(call add_defines,\
 	ENABLE_SVE_FOR_NS \
 	ENABLE_SVE_FOR_SWD \
 	ENABLE_FEAT_RAS \
+	FFH_SUPPORT \
 	ENCRYPT_BL31 \
 	ENCRYPT_BL32 \
 	ERROR_DEPRECATED \
@@ -1461,7 +1461,6 @@ $(eval $(call add_defines,\
 	PROGRAMMABLE_RESET_ADDRESS \
 	PSCI_EXTENDED_STATE_ID \
 	PSCI_OS_INIT_MODE \
-	RAS_FFH_SUPPORT \
 	RESET_TO_BL31 \
 	SEPARATE_CODE_AND_RODATA \
 	SEPARATE_BL2_NOLOAD_REGION \
diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index 188c7246c..abfe1eef9 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -292,7 +292,7 @@ endfunc reflect_pending_async_ea_to_lower_el
  * x1: EA syndrome
  */
 func delegate_sync_ea
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	/*
 	 * Check for Uncontainable error type. If so, route to the platform
 	 * fatal error handler rather than the generic EA one.
@@ -322,7 +322,7 @@ endfunc delegate_sync_ea
  * x1: EA syndrome
  */
 func delegate_async_ea
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	/* Check Exception Class to ensure SError, as this function should
 	 * only be invoked for SError. If that is not the case, which implies
 	 * either an HW error or programming error, panic.
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index fbf2bcac1..3655467a0 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -60,7 +60,7 @@
 	synchronize_errors
 	mrs	x30, ISR_EL1
 	tbz	x30, #ISR_A_SHIFT, 2f
-#if HANDLE_EA_EL3_FIRST_NS
+#if FFH_SUPPORT
 	mrs	x30, scr_el3
 	tst	x30, #SCR_EA_BIT
 	b.eq	1f
@@ -175,7 +175,7 @@ vector_entry fiq_sp_elx
 end_vector_entry fiq_sp_elx
 
 vector_entry serror_sp_elx
-#if HANDLE_EA_EL3_FIRST_NS
+#if FFH_SUPPORT
 	/*
 	 * This will trigger if the exception was taken due to SError in EL3 or
 	 * because of pending asynchronous external aborts from lower EL that got
diff --git a/docs/components/ras.rst b/docs/components/ras.rst
index 8d003452c..e237ebb92 100644
--- a/docs/components/ras.rst
+++ b/docs/components/ras.rst
@@ -63,17 +63,19 @@ will be added in future**
 TF-A build options
 ==================
 
-- **ENABLE_FEAT_RAS**: Manage FEAT_RAS extension when switching the world.
-- **RAS_FFH_SUPPORT**: Pull in necessary framework and platform hooks for Firmware first
-  handling(FFH) of RAS errors.
+- **ENABLE_FEAT_RAS**: Enable RAS extension feature at EL3.
+- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH
 - **RAS_TRAP_NS_ERR_REC_ACCESS**: Trap Non-secure access of RAS error record registers.
-- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and RAS_FFH_SUPPORT
-  put together.
+- **RAS_EXTENSION**: Deprecated macro, equivalent to ENABLE_FEAT_RAS and
+  HANDLE_EA_EL3_FIRST_NS put together.
+
+RAS internal macros
+
+- **FFH_SUPPORT**: Gets enabled if **HANDLE_EA_EL3_FIRST_NS** is enabled.
 
 RAS feature has dependency on some other TF-A build flags
 
 - **EL3_EXCEPTION_HANDLING**: Required for FFH
-- **HANDLE_EA_EL3_FIRST_NS**: Required for FFH
 - **FAULT_INJECTION_SUPPORT**: Required for testing RAS feature on fvp platform
 
 RAS Framework
@@ -238,7 +240,7 @@ Engaging the RAS framework
 Enabling RAS support is a platform choice
 
 The RAS support in |TF-A| introduces a default implementation of
-``plat_ea_handler``, the External Abort handler in EL3. When ``RAS_FFH_SUPPORT``
+``plat_ea_handler``, the External Abort handler in EL3. When ``ENABLE_FEAT_RAS``
 is set to ``1``, it'll first call ``ras_ea_handler()`` function, which is the
 top-level RAS exception handler. ``ras_ea_handler`` is responsible for iterating
 to through platform-supplied error records, probe them, and when an error is
diff --git a/docs/getting_started/build-internals.rst b/docs/getting_started/build-internals.rst
index a015d7167..390c3671d 100644
--- a/docs/getting_started/build-internals.rst
+++ b/docs/getting_started/build-internals.rst
@@ -12,3 +12,10 @@ depends on certain options to be enabled or disabled.
    interest when Armv8.4-SecEL2 or RME extension is implemented.
    Default is 0 (disabled). This option will be set to 1 (enabled) when ``SPD=spmd``
    and ``SPMD_SPM_AT_SEL2`` is set or when ``ENABLE_RME`` is set to 1 (enabled).
+
+- ``FFH_SUPPORT``: This boolean option provides support to enable Firmware First
+  handling (FFH) of External aborts and SError interrupts originating from lower
+  ELs which gets trapped in EL3. This option will be set to 1 (enabled) if
+  ``HANDLE_EA_EL3_FIRST_NS`` is set. Currently only NS world routes EA to EL3 but
+  in future when Secure/Realm wants to use FFH then they can introduce new macros
+  which will enable this option implicitly.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 51c5c785f..43b13d613 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -811,17 +811,13 @@ Common build options
 -  ``PSCI_OS_INIT_MODE``: Boolean flag to enable support for optional PSCI
    OS-initiated mode. This option defaults to 0.
 
--  ``ENABLE_FEAT_RAS``: Numeric value to enable Armv8.2 RAS features. RAS features
+-  ``ENABLE_FEAT_RAS``: Boolean flag to enable Armv8.2 RAS features. RAS features
    are an optional extension for pre-Armv8.2 CPUs, but are mandatory for Armv8.2
    or later CPUs. This flag can take the values 0 or 1. The default value is 0.
    NOTE: This flag enables use of IESB capability to reduce entry latency into
    EL3 even when RAS error handling is not performed on the platform. Hence this
    flag is recommended to be turned on Armv8.2 and later CPUs.
 
--  ``RAS_FFH_SUPPORT``: Support to enable Firmware first handling of RAS errors
-   originating from NS world. When ``RAS_FFH_SUPPORT`` is set to ``1``,
-   ``HANDLE_EA_EL3_FIRST_NS`` and ``ENABLE_FEAT_RAS`` must also be set to ``1``.
-
 -  ``RESET_TO_BL31``: Enable BL31 entrypoint as the CPU reset vector instead
    of the BL1 entrypoint. It can take the value 0 (CPU reset to BL1
    entrypoint) or 1 (CPU reset to BL31 entrypoint).
diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst
index f612e1ca5..082497cea 100644
--- a/docs/porting-guide.rst
+++ b/docs/porting-guide.rst
@@ -3298,10 +3298,10 @@ Function : plat_ea_handler
     Argument : uint64_t
     Return   : void
 
-This function is invoked by the RAS framework for the platform to handle an
-External Abort received at EL3. The intention of the function is to attempt to
-resolve the cause of External Abort and return; if that's not possible, to
-initiate orderly shutdown of the system.
+This function is invoked by the runtime exception handling framework for the
+platform to handle an External Abort received at EL3. The intention of the
+function is to attempt to resolve the cause of External Abort and return;
+if that's not possible then an orderly shutdown of the system is initiated.
 
 The first parameter (``int ea_reason``) indicates the reason for External Abort.
 Its value is one of ``ERROR_EA_*`` constants defined in ``ea_handle.h``.
@@ -3316,13 +3316,8 @@ The third parameter (``void *cookie``) is unused for now. The fourth parameter
 (``uint64_t flags``) indicates the preempted security state. These parameters
 are received from the top-level exception handler.
 
-If ``RAS_FFH_SUPPORT`` is set to ``1``, the default implementation of this
-function iterates through RAS handlers registered by the platform. If any of the
-RAS handlers resolve the External Abort, no further action is taken.
-
-If ``RAS_FFH_SUPPORT`` is set to ``0``, or if none of the platform RAS handlers
-could resolve the External Abort, the default implementation prints an error
-message, and panics.
+This function must be implemented if a platform expects Firmware First handling
+of External Aborts.
 
 Function : plat_handle_uncontainable_ea
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/include/lib/el3_runtime/aarch64/context.h b/include/lib/el3_runtime/aarch64/context.h
index fb2850596..47d91de0d 100644
--- a/include/lib/el3_runtime/aarch64/context.h
+++ b/include/lib/el3_runtime/aarch64/context.h
@@ -71,7 +71,7 @@
  * KFH mode : Used as counter value
  */
 #define CTX_NESTED_EA_FLAG	U(0x48)
-#if HANDLE_EA_EL3_FIRST_NS
+#if FFH_SUPPORT
  #define CTX_SAVED_ESR_EL3	U(0x50)
  #define CTX_SAVED_SPSR_EL3	U(0x58)
  #define CTX_SAVED_GPREG_LR	U(0x60)
diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h
index 314eb93e7..9176e8887 100644
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@@ -774,7 +774,7 @@ MEASURED_BOOT
 #define PLAT_PERCPU_BAKERY_LOCK_SIZE		(1 * CACHE_WRITEBACK_GRANULE)
 
 /* Priority levels for ARM platforms */
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 #define PLAT_RAS_PRI			0x10
 #endif
 #define PLAT_SDEI_CRITICAL_PRI		0x60
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index ea22655ce..e02917c8a 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -191,9 +191,6 @@ PSCI_EXTENDED_STATE_ID		:= 0
 # Enable PSCI OS-initiated mode support
 PSCI_OS_INIT_MODE		:= 0
 
-# Enable RAS Firmware First Handling Support
-RAS_FFH_SUPPORT			:= 0
-
 # By default, BL1 acts as the reset handler, not BL31
 RESET_TO_BL31			:= 0
 
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 3104efa5e..2fdff3488 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -397,8 +397,12 @@ BL31_SOURCES		+=	lib/cpus/aarch64/cortex_a75_pubsub.c	\
 endif
 endif
 
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${HANDLE_EA_EL3_FIRST_NS},1)
+ifeq (${ENABLE_FEAT_RAS},1)
 BL31_SOURCES		+=	plat/arm/board/fvp/aarch64/fvp_ras.c
+else
+BL31_SOURCES		+= 	plat/arm/board/fvp/aarch64/fvp_ea.c
+endif
 endif
 
 ifneq (${ENABLE_STACK_PROTECTOR},0)
@@ -518,16 +522,19 @@ endif
 # Test specific macros, keep them at bottom of this file
 $(eval $(call add_define,PLATFORM_TEST_EA_FFH))
 ifeq (${PLATFORM_TEST_EA_FFH}, 1)
-    ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
-         $(error "PLATFORM_TEST_EA_FFH expects HANDLE_EA_EL3_FIRST_NS to be 1")
+    ifeq (${FFH_SUPPORT}, 0)
+         $(error "PLATFORM_TEST_EA_FFH expects FFH_SUPPORT to be 1")
     endif
-BL31_SOURCES	+= plat/arm/board/fvp/aarch64/fvp_ea.c
+
 endif
 
 $(eval $(call add_define,PLATFORM_TEST_RAS_FFH))
 ifeq (${PLATFORM_TEST_RAS_FFH}, 1)
-    ifeq (${RAS_EXTENSION}, 0)
-         $(error "PLATFORM_TEST_RAS_FFH expects RAS_EXTENSION to be 1")
+    ifeq (${ENABLE_FEAT_RAS}, 0)
+         $(error "PLATFORM_TEST_RAS_FFH expects ENABLE_FEAT_RAS to be 1")
+    endif
+    ifeq (${HANDLE_EA_EL3_FIRST_NS}, 0)
+         $(error "PLATFORM_TEST_RAS_FFH expects HANDLE_EA_EL3_FIRST_NS to be 1")
     endif
 endif
 
diff --git a/plat/arm/board/rdn2/platform.mk b/plat/arm/board/rdn2/platform.mk
index 1506714b9..ef8f3d477 100644
--- a/plat/arm/board/rdn2/platform.mk
+++ b/plat/arm/board/rdn2/platform.mk
@@ -69,7 +69,7 @@ BL31_SOURCES	+=	drivers/arm/gic/v3/gic600_multichip.c
 BL31_CFLAGS		+=	-DPLAT_XLAT_TABLES_DYNAMIC
 endif
 
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
 BL31_SOURCES		+=	${RDN2_BASE}/rdn2_ras.c			\
 				${CSS_ENT_BASE}/ras/sgi_ras_common.c	\
 				${CSS_ENT_BASE}/ras/sgi_ras_sram.c	\
diff --git a/plat/arm/board/rdn2/rdn2_plat.c b/plat/arm/board/rdn2/rdn2_plat.c
index f1174562c..2a6c658bc 100644
--- a/plat/arm/board/rdn2/rdn2_plat.c
+++ b/plat/arm/board/rdn2/rdn2_plat.c
@@ -137,7 +137,7 @@ void bl31_platform_setup(void)
 
 	sgi_bl31_common_platform_setup();
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	sgi_ras_platform_setup(&ras_config);
 #endif
 }
diff --git a/plat/arm/board/rdn2/rdn2_security.c b/plat/arm/board/rdn2/rdn2_security.c
index b836a7f04..7cd4a1c81 100644
--- a/plat/arm/board/rdn2/rdn2_security.c
+++ b/plat/arm/board/rdn2/rdn2_security.c
@@ -15,7 +15,7 @@
 
 static const arm_tzc_regions_info_t tzc_regions[] = {
 	ARM_TZC_REGIONS_DEF,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	RDN2_TZC_CPER_REGION,
 #endif
 	{}
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 8ca33cac4..8db6f1d6b 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -21,8 +21,6 @@ CSS_USE_SCMI_SDS_DRIVER	:=	1
 
 ENABLE_FEAT_RAS		:=	1
 
-RAS_FFH_SUPPORT		:=	0
-
 SDEI_SUPPORT		:=	0
 
 EL3_EXCEPTION_HANDLING	:=	0
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index cfd1aac08..f47bc3e02 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -295,7 +295,7 @@ void arm_bl31_platform_setup(void)
 	/* Initialize power controller before setting up topology */
 	plat_arm_pwrc_setup();
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	ras_init();
 #endif
 
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 421c8e98f..bbb39d580 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -352,7 +352,7 @@ endif
 endif
 
 # RAS sources
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
 BL31_SOURCES		+=	lib/extensions/ras/std_err_record.c		\
 				lib/extensions/ras/ras_common.c
 endif
diff --git a/plat/arm/common/arm_gicv3.c b/plat/arm/common/arm_gicv3.c
index 8c16877ce..5becbcd5c 100644
--- a/plat/arm/common/arm_gicv3.c
+++ b/plat/arm/common/arm_gicv3.c
@@ -41,7 +41,7 @@ static const uintptr_t *gicr_frames = gicr_base_addrs;
 static const interrupt_prop_t arm_interrupt_props[] = {
 	PLAT_ARM_G1S_IRQ_PROPS(INTR_GROUP1S),
 	PLAT_ARM_G0_IRQ_PROPS(INTR_GROUP0),
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	INTR_PROP_DESC(PLAT_CORE_FAULT_IRQ, PLAT_RAS_PRI, INTR_GROUP0,
 			GIC_INTR_CFG_LEVEL)
 #endif
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index 8a13bf33e..9dfe040d5 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -204,13 +204,13 @@
 					SOC_CSS_DEVICE_SIZE,	\
 					MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 #define PLAT_SP_PRI				PLAT_RAS_PRI
 #else
 #define PLAT_SP_PRI				0x10
 #endif
 
-#if (SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)) && RAS_FFH_SUPPORT
+#if (SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)) && ENABLE_FEAT_RAS && FFH_SUPPORT
 /*
  * CPER buffer memory of 128KB is reserved and it is placed adjacent to the
  * memory shared between EL3 and S-EL0.
@@ -239,7 +239,7 @@
  */
 #define PLAT_ARM_SP_IMAGE_STACK_BASE	(PLAT_SP_IMAGE_NS_BUF_BASE +	\
 					 PLAT_SP_IMAGE_NS_BUF_SIZE)
-#endif /* SPM_MM && RAS_FFH_SUPPORT */
+#endif /* SPM_MM && ENABLE_FEAT_RAS && FFH_SUPPORT */
 
 /* Platform ID address */
 #define SSC_VERSION                     (SSC_REG_BASE + SSC_VERSION_OFFSET)
diff --git a/plat/arm/css/sgi/sgi-common.mk b/plat/arm/css/sgi/sgi-common.mk
index 358316caa..2cd703422 100644
--- a/plat/arm/css/sgi/sgi-common.mk
+++ b/plat/arm/css/sgi/sgi-common.mk
@@ -10,8 +10,6 @@ CSS_ENT_BASE			:=	plat/arm/css/sgi
 
 ENABLE_FEAT_RAS			:=	1
 
-RAS_FFH_SUPPORT			:=	0
-
 SDEI_SUPPORT			:=	0
 
 EL3_EXCEPTION_HANDLING		:=	0
diff --git a/plat/arm/css/sgi/sgi_plat.c b/plat/arm/css/sgi/sgi_plat.c
index 7f79d5409..01b426e88 100644
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@@ -93,7 +93,7 @@ const mmap_region_t plat_arm_secure_partition_mmap[] = {
 	PLAT_ARM_SECURE_MAP_DEVICE,
 	ARM_SP_IMAGE_MMAP,
 	ARM_SP_IMAGE_NS_BUF_MMAP,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	CSS_SGI_SP_CPER_BUF_MMAP,
 #endif
 	ARM_SP_IMAGE_RW_MMAP,
diff --git a/plat/arm/css/sgi/sgi_plat_v2.c b/plat/arm/css/sgi/sgi_plat_v2.c
index 85f99d44d..624fed34f 100644
--- a/plat/arm/css/sgi/sgi_plat_v2.c
+++ b/plat/arm/css/sgi/sgi_plat_v2.c
@@ -87,7 +87,7 @@ const mmap_region_t plat_arm_secure_partition_mmap[] = {
 	SOC_PLATFORM_PERIPH_MAP_DEVICE_USER,
 	ARM_SP_IMAGE_MMAP,
 	ARM_SP_IMAGE_NS_BUF_MMAP,
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	CSS_SGI_SP_CPER_BUF_MMAP,
 #endif
 	ARM_SP_IMAGE_RW_MMAP,
diff --git a/plat/common/aarch64/plat_common.c b/plat/common/aarch64/plat_common.c
index eca81b11f..ab99b1589 100644
--- a/plat/common/aarch64/plat_common.c
+++ b/plat/common/aarch64/plat_common.c
@@ -11,7 +11,7 @@
 #include <arch_helpers.h>
 #include <common/debug.h>
 #include <drivers/console.h>
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 #include <lib/extensions/ras.h>
 #endif
 #include <lib/xlat_tables/xlat_mmu_helpers.h>
@@ -29,7 +29,9 @@
 #pragma weak plat_sdei_validate_entry_point
 #endif
 
+#if FFH_SUPPORT
 #pragma weak plat_ea_handler = plat_default_ea_handler
+#endif
 
 void bl31_plat_runtime_setup(void)
 {
@@ -77,11 +79,12 @@ const char *get_el_str(unsigned int el)
 	return "EL1";
 }
 
+#if FFH_SUPPORT
 /* Handler for External Aborts from lower EL including RAS errors */
 void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
 		void *handle, uint64_t flags)
 {
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	/* Call RAS EA handler */
 	int handled = ras_ea_handler(ea_reason, syndrome, cookie, handle, flags);
 	if (handled != 0)
@@ -99,3 +102,4 @@ void plat_default_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *co
 	 */
 	lower_el_panic();
 }
+#endif
diff --git a/plat/common/aarch64/plat_ehf.c b/plat/common/aarch64/plat_ehf.c
index 41b175d56..6100a2009 100644
--- a/plat/common/aarch64/plat_ehf.c
+++ b/plat/common/aarch64/plat_ehf.c
@@ -12,7 +12,7 @@
  * Enumeration of priority levels on ARM platforms.
  */
 ehf_pri_desc_t plat_exceptions[] = {
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 	/* RAS Priority */
 	EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_RAS_PRI),
 #endif
@@ -26,7 +26,7 @@ ehf_pri_desc_t plat_exceptions[] = {
 #endif
 
 #if SPM_MM || (SPMC_AT_EL3 && SPMC_AT_EL3_SEL0_SP)
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 #if (PLAT_SP_PRI != PLAT_RAS_PRI)
 	EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_SP_PRI),
 #endif
diff --git a/plat/nvidia/tegra/include/tegra_private.h b/plat/nvidia/tegra/include/tegra_private.h
index f93585d9d..ad80596b7 100644
--- a/plat/nvidia/tegra/include/tegra_private.h
+++ b/plat/nvidia/tegra/include/tegra_private.h
@@ -154,7 +154,7 @@ int plat_sip_handler(uint32_t smc_fid,
 		     void *handle,
 		     uint64_t flags);
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS && FFH_SUPPORT
 void tegra194_ras_enable(void);
 void tegra194_ras_corrected_err_clear(uint64_t *cookie);
 #endif
diff --git a/plat/nvidia/tegra/soc/t194/plat_ras.c b/plat/nvidia/tegra/soc/t194/plat_ras.c
index 2f438c3c0..841d70b2f 100644
--- a/plat/nvidia/tegra/soc/t194/plat_ras.c
+++ b/plat/nvidia/tegra/soc/t194/plat_ras.c
@@ -484,7 +484,7 @@ REGISTER_RAS_INTERRUPTS(carmel_ras_interrupts);
 void plat_ea_handler(unsigned int ea_reason, uint64_t syndrome, void *cookie,
 		void *handle, uint64_t flags)
 {
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	tegra194_ea_handler(ea_reason, syndrome, cookie, handle, flags);
 #else
 	plat_default_ea_handler(ea_reason, syndrome, cookie, handle, flags);
diff --git a/plat/nvidia/tegra/soc/t194/plat_setup.c b/plat/nvidia/tegra/soc/t194/plat_setup.c
index d3d09d3dc..68503301e 100644
--- a/plat/nvidia/tegra/soc/t194/plat_setup.c
+++ b/plat/nvidia/tegra/soc/t194/plat_setup.c
@@ -254,7 +254,7 @@ void plat_early_platform_setup(void)
 	/* sanity check MCE firmware compatibility */
 	mce_verify_firmware_version();
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	/* Enable Uncorrectable RAS error */
 	tegra194_ras_enable();
 #endif
diff --git a/plat/nvidia/tegra/soc/t194/plat_sip_calls.c b/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
index f0704edb1..6e42e6458 100644
--- a/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
+++ b/plat/nvidia/tegra/soc/t194/plat_sip_calls.c
@@ -71,7 +71,7 @@ int32_t plat_sip_handler(uint32_t smc_fid,
 
 		break;
 
-#if RAS_FFH_SUPPORT
+#if ENABLE_FEAT_RAS
 	case TEGRA_SIP_CLEAR_RAS_CORRECTED_ERRORS:
 	{
 		/*
diff --git a/plat/nvidia/tegra/soc/t194/platform_t194.mk b/plat/nvidia/tegra/soc/t194/platform_t194.mk
index 289e9210f..e6e0b5eea 100644
--- a/plat/nvidia/tegra/soc/t194/platform_t194.mk
+++ b/plat/nvidia/tegra/soc/t194/platform_t194.mk
@@ -37,7 +37,7 @@ $(eval $(call add_define,MAX_MMAP_REGIONS))
 
 # enable RAS handling
 HANDLE_EA_EL3_FIRST_NS			:= 1
-RAS_FFH_SUPPORT				:= 1
+ENABLE_FEAT_RAS				:= 1
 
 # platform files
 PLAT_INCLUDES		+=	-Iplat/nvidia/tegra/include/t194 \
@@ -71,7 +71,7 @@ BL31_SOURCES		+=	${TEGRA_DRIVERS}/spe/shared_console.S
 endif
 
 # RAS sources
-ifeq (${RAS_FFH_SUPPORT},1)
+ifeq (${ENABLE_FEAT_RAS}-${HANDLE_EA_EL3_FIRST_NS},1-1)
 BL31_SOURCES		+=	lib/extensions/ras/std_err_record.c		\
 				lib/extensions/ras/ras_common.c			\
 				${SOC_DIR}/plat_ras.c

From 6d22b089ffb1793d581fde4de76245397ad7d4ee Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Wed, 11 Oct 2023 11:52:24 +0100
Subject: [PATCH 5/7] fix(el3-runtime): restrict lower el EA handlers in FFH
 mode

This patch does following changes to restrict handling of lower EL
EA's only if FFH mode is enabled.

 - Compile ea_delegate.S only if FFH mode is enabled.
 - For Sync exception from lower ELs if the EC is not SMC or SYS reg
   trap it was assumed that it is an EA, which is not correct. Move
   the known Sync exceptions (EL3 Impdef) out of sync EA handler.
 - Report unhandled exceptions if there are SError from lower EL in
   KFH mode, as this is unexpected.
 - Move code out of ea_delegate.S which are used for KFH mode.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I577089677d0ec8cde7c20952172bee955573d2ed
---
 bl31/aarch64/ea_delegate.S        | 137 ++----------------------------
 bl31/aarch64/runtime_exceptions.S | 131 +++++++++++++++++++++++++++-
 bl31/bl31.mk                      |   5 +-
 include/arch/aarch64/arch.h       |   1 +
 4 files changed, 141 insertions(+), 133 deletions(-)

diff --git a/bl31/aarch64/ea_delegate.S b/bl31/aarch64/ea_delegate.S
index abfe1eef9..28d218737 100644
--- a/bl31/aarch64/ea_delegate.S
+++ b/bl31/aarch64/ea_delegate.S
@@ -18,12 +18,8 @@
 	.globl	handle_lower_el_sync_ea
 	.globl	handle_lower_el_async_ea
 	.globl	handle_pending_async_ea
-	.globl	reflect_pending_async_ea_to_lower_el
 /*
- * This function forms the tail end of Synchronous Exception entry from lower
- * EL, and expects to handle Synchronous External Aborts from lower EL and CPU
- * Implementation Defined Exceptions. If any other kind of exception is detected,
- * then this function reports unhandled exception.
+ * This function handles Synchronous External Aborts from lower EL.
  *
  * It delegates the handling of the EA to platform handler, and upon successfully
  * handling the EA, exits EL3; otherwise panics.
@@ -41,27 +37,8 @@ func handle_lower_el_sync_ea
 	cmp	x30, #EC_DABORT_LOWER_EL
 	b.eq	1f
 
-	/* Save GP registers */
-	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
-	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
-	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
-
-	/* Get the cpu_ops pointer */
-	bl	get_cpu_ops_ptr
-
-	/* Get the cpu_ops exception handler */
-	ldr	x0, [x0, #CPU_E_HANDLER_FUNC]
-
-	/*
-	 * If the reserved function pointer is NULL, this CPU does not have an
-	 * implementation defined exception handler function
-	 */
-	cbz	x0, 2f
-	mrs	x1, esr_el3
-	ubfx	x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
-	blr	x0
-	b	2f
-
+	/* EA other than above are unhandled exceptions */
+	no_ret	report_unhandled_exception
 1:
 	/*
 	 * Save general purpose and ARMv8.3-PAuth registers (if enabled).
@@ -82,14 +59,6 @@ func handle_lower_el_sync_ea
 	/* el3_exit assumes SP_EL0 on entry */
 	msr	spsel, #MODE_SP_EL0
 	b	el3_exit
-2:
-	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
-	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
-	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
-
-	/* Synchronous exceptions other than the above are assumed to be EA */
-	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
-	no_ret	report_unhandled_exception
 endfunc handle_lower_el_sync_ea
 
 
@@ -125,33 +94,18 @@ func handle_lower_el_async_ea
 endfunc handle_lower_el_async_ea
 
 /*
- * NOTE 1 : Synchronized async EA handling
- *
- * Comment here applicable to following two functions
- *   - handle_pending_async_ea
- *   - reflect_pending_async_ea_to_lower_el
- *
- * Must be called from exception vector directly.
- *
- * These special handling is required to cater for handling async EA from
- * lower EL synchronized at EL3 entry.
+ * Handler for async EA from lower EL synchronized at EL3 entry in FFH mode.
  *
  * This scenario may arise when there is an error (EA) in the system which is not
  * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
  * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
  *
- * On detecting the pending EA (via ISR_EL1.A), based on routing model of EA
- * either handle it in EL3 using "handle_pending_async_ea" (FFH)  or return to
- * lower EL using "reflect_pending_async_ea_to_lower_el" (KFH) .
- */
-
-/*
- * Refer to NOTE 1 : Firmware First Handling (FFH)
- *  Called when FFH is enabled and outgoing world is Non-Secure (scr_el3.ea = 1).
+ * On detecting the pending EA (via ISR_EL1.A), if the EA routing model is Firmware
+ * First handling (FFH, SCR_EL3.EA = 1) this handler first handles the pending EA
+ * and then handles the original exception.
  *
  * This function assumes x30 has been saved.
  */
-#if HANDLE_EA_EL3_FIRST_NS
 func handle_pending_async_ea
 	/*
 	 * Prepare for nested handling of EA. Stash sysregs clobbered by nested
@@ -206,83 +160,6 @@ func handle_pending_async_ea
 1:
 	exception_return
 endfunc handle_pending_async_ea
-#endif /* HANDLE_EA_EL3_FIRST_NS */
-
-/*
- * Refer to NOTE 1 : Kernel First handling (KFH)
- *   Called in following scenarios
- *     - Always, if outgoing world is either Secure or Realm
- *     - KFH mode if outgoing world is Non-secure.
- *
- * This function assumes x30 has been saved.
- */
-
-func reflect_pending_async_ea_to_lower_el
-	/*
-	 * As the original exception was not handled we need to ensure that we return
-	 * back to the instruction which caused the exception. To acheive that, eret
-	 * to "elr-4" (Label "subtract_elr_el3") for SMC or simply eret otherwise
-	 * (Label "skip_smc_check").
-	 *
-	 * LIMITATION: It could be that async EA is masked at the target exception level
-	 * or the priority of async EA wrt to the EL3/secure interrupt is lower, which
-	 * causes back and forth between lower EL and EL3. In case of back and forth between
-	 * lower EL and EL3, we can track the loop count in "CTX_NESTED_EA_FLAG" and leverage
-	 * previous ELR in "CTX_SAVED_ELR_EL3" to detect this cycle and further panic
-	 * to indicate a problem here (Label "check_loop_ctr").
-	 * However, setting SCR_EL3.IESB = 1, should give priority to SError handling
-	 * as per AArch64.TakeException pseudo code in Arm ARM.
-	 *
-	 * TODO: In future if EL3 gets a capability to inject a virtual SError to lower
-	 * ELs, we can remove the el3_panic and handle the original exception first and
-	 * inject SError to lower EL before ereting back.
-	 */
-	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
-	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
-	mrs	x28, elr_el3
-	cmp	x29, x28
-	b.eq	check_loop_ctr
-	str	x28, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
-	/* Zero the loop counter */
-	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
-	b	skip_loop_ctr
-check_loop_ctr:
-	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
-	add	x29, x29, #1
-	str	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
-	cmp	x29, #ASYNC_EA_REPLAY_COUNTER
-	b.ge	el3_panic
-skip_loop_ctr:
-	/*
-	 * Logic to distinguish if we came from SMC or any other exception.
-	 * Use offsets in vector entry to get which exception we are handling.
-	 * In each vector entry of size 0x200, address "0x0-0x80" is for sync
-	 * exception and "0x80-0x200" is for async exceptions.
-	 * Use vector base address (vbar_el3) and exception offset (LR) to
-	 * calculate whether the address we came from is any of the following
-	 * "0x0-0x80", "0x200-0x280", "0x400-0x480" or "0x600-0x680"
-	 */
-	mrs	x29, vbar_el3
-	sub	x30, x30, x29
-	and	x30, x30, #0x1ff
-	cmp	x30, #0x80
-	b.ge	skip_smc_check
-	/* Its a synchronous exception, Now check if it is SMC or not? */
-	mrs	x30, esr_el3
-	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
-	cmp	x30, #EC_AARCH32_SMC
-	b.eq	subtract_elr_el3
-	cmp	x30, #EC_AARCH64_SMC
-	b.eq	subtract_elr_el3
-	b	skip_smc_check
-subtract_elr_el3:
-	sub	x28, x28, #4
-skip_smc_check:
-	msr	elr_el3, x28
-	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
-	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
-	exception_return
-endfunc reflect_pending_async_ea_to_lower_el
 
 /*
  * Prelude for Synchronous External Abort handling. This function assumes that
diff --git a/bl31/aarch64/runtime_exceptions.S b/bl31/aarch64/runtime_exceptions.S
index 3655467a0..ed483111c 100644
--- a/bl31/aarch64/runtime_exceptions.S
+++ b/bl31/aarch64/runtime_exceptions.S
@@ -13,6 +13,7 @@
 #include <bl31/sync_handle.h>
 #include <common/runtime_svc.h>
 #include <context.h>
+#include <cpu_macros.S>
 #include <el3_common_macros.S>
 #include <lib/el3_runtime/cpu_data.h>
 #include <lib/smccc.h>
@@ -105,9 +106,19 @@
 	cmp	x30, #EC_AARCH64_SYS
 	b.eq	sync_handler64
 
-	/* Synchronous exceptions other than the above are assumed to be EA */
-	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+	cmp	x30, #EC_IMP_DEF_EL3
+	b.eq	imp_def_el3_handler
+
+	/* If FFH Support then try to handle lower EL EA exceptions. */
+#if FFH_SUPPORT
+	mrs	x30, scr_el3
+	tst	x30, #SCR_EA_BIT
+	b.eq	1f
 	b	handle_lower_el_sync_ea
+#endif
+1:
+	/* Synchronous exceptions other than the above are unhandled */
+	b	report_unhandled_exception
 	.endm
 
 vector_base runtime_exceptions
@@ -243,11 +254,15 @@ end_vector_entry fiq_aarch64
 	 * So reuse the sync mechanism to catch any further errors which are pending.
 	 */
 vector_entry serror_aarch64
+#if FFH_SUPPORT
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
 	unmask_async_ea
 	b	handle_lower_el_async_ea
+#else
+	b	report_unhandled_exception
+#endif
 end_vector_entry serror_aarch64
 
 	/* ---------------------------------------------------------------------
@@ -289,11 +304,15 @@ end_vector_entry fiq_aarch32
 	 * So reuse the sync mechanism to catch any further errors which are pending.
 	 */
 vector_entry serror_aarch32
+#if FFH_SUPPORT
 	save_x30
 	apply_at_speculative_wa
 	sync_and_handle_pending_serror
 	unmask_async_ea
 	b	handle_lower_el_async_ea
+#else
+	b	report_unhandled_exception
+#endif
 end_vector_entry serror_aarch32
 
 #ifdef MONITOR_TRAPS
@@ -583,6 +602,114 @@ interrupt_exit:
 	b	el3_exit
 endfunc handle_interrupt_exception
 
+func imp_def_el3_handler
+	/* Save GP registers */
+	stp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
+	stp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	stp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
+
+	/* Get the cpu_ops pointer */
+	bl	get_cpu_ops_ptr
+
+	/* Get the cpu_ops exception handler */
+	ldr	x0, [x0, #CPU_E_HANDLER_FUNC]
+
+	/*
+	 * If the reserved function pointer is NULL, this CPU does not have an
+	 * implementation defined exception handler function
+	 */
+	cbz	x0, el3_handler_exit
+	mrs	x1, esr_el3
+	ubfx	x1, x1, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+	blr	x0
+el3_handler_exit:
+	ldp	x0, x1, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X0]
+	ldp	x2, x3, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X2]
+	ldp	x4, x5, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X4]
+	restore_x30
+	no_ret	report_unhandled_exception
+endfunc imp_def_el3_handler
+
+/*
+ * Handler for async EA from lower EL synchronized at EL3 entry in KFH mode.
+ *
+ * This scenario may arise when there is an error (EA) in the system which is not
+ * yet signaled to PE while executing in lower EL. During entry into EL3, the errors
+ * are synchronized either implicitly or explicitly causing async EA to pend at EL3.
+ *
+ * On detecting the pending EA (via ISR_EL1.A) and if the EA routing model is
+ * KFH (SCR_EL3.EA = 1) this handler reflects ther error back to lower EL.
+ *
+ * This function assumes x30 has been saved.
+ */
+func reflect_pending_async_ea_to_lower_el
+	/*
+	 * As the original exception was not handled we need to ensure that we return
+	 * back to the instruction which caused the exception. To acheive that, eret
+	 * to "elr-4" (Label "subtract_elr_el3") for SMC or simply eret otherwise
+	 * (Label "skip_smc_check").
+	 *
+	 * LIMITATION: It could be that async EA is masked at the target exception level
+	 * or the priority of async EA wrt to the EL3/secure interrupt is lower, which
+	 * causes back and forth between lower EL and EL3. In case of back and forth between
+	 * lower EL and EL3, we can track the loop count in "CTX_NESTED_EA_FLAG" and leverage
+	 * previous ELR in "CTX_SAVED_ELR_EL3" to detect this cycle and further panic
+	 * to indicate a problem here (Label "check_loop_ctr"). If we are in this cycle, loop
+	 * counter retains its value but if we do a normal el3_exit this flag gets cleared.
+	 * However, setting SCR_EL3.IESB = 1, should give priority to SError handling
+	 * as per AArch64.TakeException pseudo code in Arm ARM.
+	 *
+	 * TODO: In future if EL3 gets a capability to inject a virtual SError to lower
+	 * ELs, we can remove the el3_panic and handle the original exception first and
+	 * inject SError to lower EL before ereting back.
+	 */
+	stp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	mrs	x28, elr_el3
+	cmp	x29, x28
+	b.eq	check_loop_ctr
+	str	x28, [sp, #CTX_EL3STATE_OFFSET + CTX_SAVED_ELR_EL3]
+	/* Zero the loop counter */
+	str	xzr, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	b	skip_loop_ctr
+check_loop_ctr:
+	ldr	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	add	x29, x29, #1
+	str	x29, [sp, #CTX_EL3STATE_OFFSET + CTX_NESTED_EA_FLAG]
+	cmp	x29, #ASYNC_EA_REPLAY_COUNTER
+	b.ge	el3_panic
+skip_loop_ctr:
+	/*
+	 * Logic to distinguish if we came from SMC or any other exception.
+	 * Use offsets in vector entry to get which exception we are handling.
+	 * In each vector entry of size 0x200, address "0x0-0x80" is for sync
+	 * exception and "0x80-0x200" is for async exceptions.
+	 * Use vector base address (vbar_el3) and exception offset (LR) to
+	 * calculate whether the address we came from is any of the following
+	 * "0x0-0x80", "0x200-0x280", "0x400-0x480" or "0x600-0x680"
+	 */
+	mrs	x29, vbar_el3
+	sub	x30, x30, x29
+	and	x30, x30, #0x1ff
+	cmp	x30, #0x80
+	b.ge	skip_smc_check
+	/* Its a synchronous exception, Now check if it is SMC or not? */
+	mrs	x30, esr_el3
+	ubfx	x30, x30, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+	cmp	x30, #EC_AARCH32_SMC
+	b.eq	subtract_elr_el3
+	cmp	x30, #EC_AARCH64_SMC
+	b.eq	subtract_elr_el3
+	b	skip_smc_check
+subtract_elr_el3:
+	sub	x28, x28, #4
+skip_smc_check:
+	msr	elr_el3, x28
+	ldp	x28, x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X28]
+	ldr	x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_LR]
+	exception_return
+endfunc reflect_pending_async_ea_to_lower_el
+
 	/* ---------------------------------------------------------------------
 	 * The following code handles exceptions caused by BRK instructions.
 	 * Following a BRK instruction, the only real valid cause of action is
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index a1fc12be8..335952672 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -39,7 +39,6 @@ BL31_SOURCES		+=	bl31/bl31_main.c				\
 				bl31/interrupt_mgmt.c				\
 				bl31/aarch64/bl31_entrypoint.S			\
 				bl31/aarch64/crash_reporting.S			\
-				bl31/aarch64/ea_delegate.S			\
 				bl31/aarch64/runtime_exceptions.S		\
 				bl31/bl31_context_mgmt.c			\
 				bl31/bl31_traps.c				\
@@ -67,6 +66,10 @@ ifeq (${EL3_EXCEPTION_HANDLING},1)
 BL31_SOURCES		+=	bl31/ehf.c
 endif
 
+ifeq (${FFH_SUPPORT},1)
+BL31_SOURCES		+=	bl31/aarch64/ea_delegate.S
+endif
+
 ifeq (${SDEI_SUPPORT},1)
 ifeq (${EL3_EXCEPTION_HANDLING},0)
   $(error EL3_EXCEPTION_HANDLING must be 1 for SDEI support)
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 13927bd50..e9d22b61d 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -962,6 +962,7 @@
 #define EC_AARCH64_HVC			U(0x16)
 #define EC_AARCH64_SMC			U(0x17)
 #define EC_AARCH64_SYS			U(0x18)
+#define EC_IMP_DEF_EL3			U(0x1f)
 #define EC_IABORT_LOWER_EL		U(0x20)
 #define EC_IABORT_CUR_EL		U(0x21)
 #define EC_PC_ALIGN			U(0x22)

From 9f9bfd7a0b936f2bf5e0b3923548c14d7ef92718 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Fri, 21 Jul 2023 13:08:53 +0100
Subject: [PATCH 6/7] docs(el3-runtime): update BL31 exception vector handling

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ieae66bafe1cdd253edebecddea156551144a1cc9
---
 docs/design/firmware-design.rst | 60 +++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst
index 879ddda41..ff69b43cf 100644
--- a/docs/design/firmware-design.rst
+++ b/docs/design/firmware-design.rst
@@ -1118,6 +1118,65 @@ returning through EL3 and running the non-trusted firmware (BL33):
    ``bl31_main()`` will set up the return to the normal world firmware BL33 and
    continue the boot process in the normal world.
 
+Exception handling in BL31
+--------------------------
+
+When exception occurs, PE must execute handler corresponding to exception. The
+location in memory where the handler is stored is called the exception vector.
+For ARM architecture, exception vectors are stored in a table, called the exception
+vector table.
+
+Each EL (except EL0) has its own vector table, VBAR_ELn register stores the base
+of vector table. Refer to `AArch64 exception vector table`_
+
+Current EL with SP_EL0
+~~~~~~~~~~~~~~~~~~~~~~
+
+-  Sync exception : Not expected except for BRK instruction, its debugging tool which
+   a programmer may place at specific points in a program, to check the state of
+   processor flags at these points in the code.
+
+-  IRQ/FIQ : Unexpected exception, panic
+
+-  SError : "plat_handle_el3_ea", defaults to panic
+
+Current EL with SP_ELx
+~~~~~~~~~~~~~~~~~~~~~~
+
+-  Sync exception : Unexpected exception, panic
+
+-  IRQ/FIQ : Unexpected exception, panic
+
+-  SError : "plat_handle_el3_ea" Except for special handling of lower EL's SError exception
+   which gets triggered in EL3 when PSTATE.A is unmasked. Its only applicable when lower
+   EL's EA is routed to EL3 (FFH_SUPPORT=1).
+
+Lower EL Exceptions
+~~~~~~~~~~~~~~~~~~~
+
+Applies to all the exceptions in both AArch64/AArch32 mode of lower EL.
+
+Before handling any lower EL exception, we synchronize the errors at EL3 entry to ensure
+that any errors pertaining to lower EL is isolated/identified. If we continue without
+identifying these errors early on then these errors will trigger in EL3 (as SError from
+current EL) any time after PSTATE.A is unmasked. This is wrong because the error originated
+in lower EL but exception happened in EL3.
+
+To solve this problem, synchronize the errors at EL3 entry and check for any pending
+errors (async EA). If there is no pending error then continue with original exception.
+If there is a pending error then, handle them based on routing model of EA's. Refer to
+:ref:`Reliability, Availability, and Serviceability (RAS) Extensions` for details about
+routing models.
+
+-  KFH : Reflect it back to lower EL using **reflect_pending_async_ea_to_lower_el()**
+
+-  FFH : Handle the synchronized error first using **handle_pending_async_ea()** after
+   that continue with original exception. It is the only scenario where EL3 is capable
+   of doing nested exception handling.
+
+After synchronizing and handling lower EL SErrors, unmask EA (PSTATE.A) to ensure
+that any further EA's caused by EL3 are caught.
+
 Crash Reporting in BL31
 -----------------------
 
@@ -2803,5 +2862,6 @@ kernel at boot time. These can be found in the ``fdts`` directory.
 .. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
 .. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A (ARM DEN0006D): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a
 .. _Arm Confidential Compute Architecture (Arm CCA): https://www.arm.com/why-arm/architecture/security-features/arm-confidential-compute-architecture
+.. _AArch64 exception vector table: https://developer.arm.com/documentation/100933/0100/AArch64-exception-vector-table
 
 .. |Image 1| image:: ../resources/diagrams/rt-svc-descs-layout.png

From 42604d2d3cdcbfe61540ef642533db5c774011c7 Mon Sep 17 00:00:00 2001
From: Manish Pandey <manish.pandey2@arm.com>
Date: Thu, 13 Jul 2023 10:08:41 +0100
Subject: [PATCH 7/7] docs(ras): update RAS documentation

Add details about RAS error handling philosophies and its implementation
It also updates the tests introduced to verify them.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iedc8c1e713dad05baadd58e5752df36fa00121a7
---
 docs/components/ras.rst                       |  71 +++++++++++++++++-
 ...-exception-entry-error-synchronization.png | Bin 0 -> 83795 bytes
 2 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 docs/resources/diagrams/bl31-exception-entry-error-synchronization.png

diff --git a/docs/components/ras.rst b/docs/components/ras.rst
index e237ebb92..747367a4c 100644
--- a/docs/components/ras.rst
+++ b/docs/components/ras.rst
@@ -10,6 +10,9 @@ precise definition of RAS terminology, please refer to the Arm Architecture
 Reference Manual and `RAS Supplement`_. The rest of this document assumes
 familiarity with architecture and terminology.
 
+**IMPORTANT NOTE**: TF-A implementation assumes that if RAS extension is present
+then FEAT_IESB is also implmented.
+
 There are two philosophies for handling RAS errors from Non-secure world point
 of view.
 
@@ -56,9 +59,19 @@ Introduction
 EA's originating/attributed to NS world are handled first in NS and Kernel navigates
 the std error records directly.
 
-**KFH can be supported in a platform without TF-A being aware of it but there are few
-corner cases where TF-A needs to have special handling, which is currently missing and
-will be added in future**
+-  KFH is the default handling mode if platform does not explicitly enable FFH mode.
+-  KFH mode does not need any EL3 involvement except for the reflection of errors back
+   to lower EL. This happens when there is an error (EA) in the system which is not yet
+   signaled to PE while executing at lower EL. During entry into EL3 the errors (EA) are
+   synchronized causing async EA to pend at EL3.
+
+Error Syncronization at EL3 entry
+=================================
+
+During entry to EL3 from lower EL, if there is any pending async EAs they are either
+reflected back to lower EL (KFH) or handled in EL3 itself (FFH).
+
+|Image 1|
 
 TF-A build options
 ==================
@@ -78,6 +91,55 @@ RAS feature has dependency on some other TF-A build flags
 - **EL3_EXCEPTION_HANDLING**: Required for FFH
 - **FAULT_INJECTION_SUPPORT**: Required for testing RAS feature on fvp platform
 
+TF-A Tests
+==========
+
+RAS functionality is regularly tested in TF-A CI using `RAS test group`_ which has multiple
+configurations for testing lower EL External aborts.
+
+All the tests are written in TF-A tests which runs as NS-EL2 payload.
+
+- **FFH without RAS extension**
+
+  *fvp-ea-ffh,fvp-ea-ffh:fvp-tftf-fip.tftf-aemv8a-debug*
+
+   Couple of tests, one each for sync EA and async EA from lower EL which gets handled in El3.
+   Inject External aborts(sync/async) which traps in EL3, FVP has a handler which gracefully
+   handles these errors and returns back to TF-A Tests
+
+   Build Configs : **HANDLE_EA_EL3_FIRST_NS** , **PLATFORM_TEST_EA_FFH**
+
+- **FFH with RAS extension**
+
+  Three Tests :
+
+  - *fvp-ras-ffh,fvp-single-fault:fvp-tftf-fip.tftf-aemv8a.fi-debug*
+
+    Inject an unrecoverable RAS error, which gets handled in EL3.
+
+  - *fvp-ras-ffh,fvp-uncontainable:fvp-tftf.fault-fip.tftf-aemv8a.fi-debug*
+
+    Inject uncontainable RAS errors which causes platform to panic.
+
+  - *fvp-ras-ffh,fvp-ras-ffh-nested:fvp-tftf-fip.tftf-ras_ffh_nested-aemv8a.fi-debug*
+
+    Test nested exception handling at El3 for synchronized async EAs. Inject an SError in lower EL
+    which remain pending until we enter EL3 through SMC call. At EL3 entry on encountering a pending
+    async EA it will handle the async EA first (nested exception) before handling the original SMC call.
+
+-  **KFH with RAS extension**
+
+  Couple of tests in the group :
+
+  - *fvp-ras-kfh,fvp-ras-kfh:fvp-tftf-fip.tftf-aemv8a.fi-debug*
+
+    Inject and handle RAS errors in TF-A tests (no El3 involvement)
+
+  - *fvp-ras-kfh,fvp-ras-kfh-reflect:fvp-tftf-fip.tftf-ras_kfh_reflection-aemv8a.fi-debug*
+
+    Reflection of synchronized errors from EL3 to TF-A tests, two tests one each for reflecting
+    in IRQ and SMC path.
+
 RAS Framework
 =============
 
@@ -279,3 +341,6 @@ for non-interrupt exceptions, they're explicit using :ref:`EHF APIs
 *Copyright (c) 2018-2023, Arm Limited and Contributors. All rights reserved.*
 
 .. _RAS Supplement: https://developer.arm.com/documentation/ddi0587/latest
+.. _RAS Test group: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tree/group/tf-l3-boot-tests-ras?h=refs/heads/master
+
+.. |Image 1| image:: ../resources/diagrams/bl31-exception-entry-error-synchronization.png
diff --git a/docs/resources/diagrams/bl31-exception-entry-error-synchronization.png b/docs/resources/diagrams/bl31-exception-entry-error-synchronization.png
new file mode 100644
index 0000000000000000000000000000000000000000..cdfdcb91031be9be8c9fb2375785b3e4f4303e85
GIT binary patch
literal 83795
zcmeFZcU05c)+icfBPv@^q=-n7A{`V&rGrYBULswPBHaK1LRUl-LAof?q!%Fq(wl%$
ziV*3YC@u6rLckEpT|xIb=ezIw-nehPe=h@v30c3j=A3KxlIMClYNt+~KM8?APHCv$
zHh@6>Dh2;;A3p~EVxeOC7W{X_%RucWq_pS4B6#zcqq4R#1X315yK6%Y-k*4=Zt4Yr
zF!NFV9nmo0U57vpay4!%8~ItS?477FGET?t`9Pa3<&AU)t1&C))$Y(n-C@E+>3Goc
zs(0%V(SbWO65U41tbb9Xj9?<YjQMvY__Wpee_V*w(7Sy^Md`vt<=dB7@7%e4?8qBC
zj@zeyUY@JNHtW8>hf)Z@-IcXfTUjI{(lI>g&ql7KvzLW9mM|UMIRZeVKzAEP0TKcU
zy`5Ea^zfAux4y;iPr2d*0IrmuSan9|?^o))k;1=U@iL&8e!pUPK24zy_<0Vt<J$09
zC7YCteb5pm?+P>647pEaZ?WI7@JpoZ%7p-X^0t=E@DEHgnGbyG^%}6;%P-UkvNBO@
zfIpGRZsRhD*j*orD_Rai-iT?GqrqFG${~u@S19`{$$_Uo&wu}UiMXcbGSG%@%<sXC
zjTmHk2b=7nGvo{R*V3(vn)eXaL}>FqKhZjP*nIEnyT*ZLw$X&!uMbB2iU}i~_eEkV
z<>v7t8L%L&H+<-h`(YU0^laQq4skgb$|-t^0NW*<ynOkMT@m;YF)Z!zEO{~=7I{|C
zVBfW~aw($`aq9V%kS$d;V#d?mJA12C^u;*epdrM|F>iN0-I%mux(jj!e#{hvGq(W9
z1JO|*&R<!)pZ}NiOr5gM6+A8i^M0RX)LE3Hn$CuJIa?c#eebsY&Utf|uV+Aq0z`on
zAT<2SVxwY_mb<%Y#S(6R5k~a*;<GKHsqV>xek13LztHI=9n@3QT0u*BqEZ<~otbCn
zmZLz0@$7tg0K+0vE0Y>D&%~#<dkLU(<?{E=JC;9_1xrIy-qjq{ldRtgS`L)WymN(&
zY_9!U@z=%0Xt{j+gwL{Ui)r=Wls&Ul!Jd~CEE^l`o$p~C2Sd*JR5)%Z_i>V{)DSPl
z>)|<O^)TI^qcoIFALv;ec{b5H_cqnz@7)OVV?`nIrNxdvmCF-C_6)8QL$-gV$sk?A
z4DV7HP00w*<+gKw)!x!>Y4lRa)K<<83(^{E>K(f>XRXs<wRhmoktx=Ms2OV_-}^a8
zfd(=Nz&`zkiYBI@*gr-egWHeVNj@tRz<hzXKCTz;=pAGNufg#->IYL67cirkLe<-^
zcTMgWUr$BV9oTM0r=yN_1l!3=B2G;xKJ@>YbjavQ*<jb_`CogC9lg)x>=P<{{g}`5
zDw3uWwr?QA&m<^_HONpl%#;9pQFLk9tiyICq<{M&nmcS({9u?WrpQa?l)kwyhd_fS
zWgV9sxH{uy$#qdjx9o%aeZ+LWV;$CZ(G`-VoH-n9yTLz=4@K=K5VV3$N9&b`dEtA5
z$b*iGPh6z#gXQF))Zs5<(E%rs%#`hpM@*koGIrlXEiZ-mhN$k1va!o|(Z*wTUkoD+
zF}R)gg!2?MLNx*T3r5P(&7P_QfgYbG(^1qH@nf;W?fJ#kELKvKt?tEutx)NH!LMYp
z2^C8jx{X5>AGv1Hc^1nJs<V}cP}xwRYVSzMA5h%#v!d{J05fxvLu(ajNw<4EquQeq
zyO;wHu64*Fyr!OOFPvFw?%p-skRS%8&Pn0h%+;=1vz5=^CIsJ`O-x$KGRNp8PfBaE
z-xx5uK~Xi&j-i-rs}Wz7iJvk_J&$5^s=qoG9T68ZRC}w#*b|=9+yB==e{8?KI^(;V
zlbn06srh=QHLZB?W^v)WaqJoIr%Kik&hD^gZHnRwHOs8I={hS;47(I)W^k9taaoPH
zq&QC6=Bw7#FTS=Wp2}9~x$?QNwYe4HzhVLZLJZ@!PE4B?3KT+oTO!@)a=C3K+;&MM
zF`3Sw=Yl<7FWL1_y$u`%K=%I{i?mgi@*q{U>gtj=U&u$*6ovKdy(%i?bfdStXX&%7
zPQ>5>zEu<yTw;X&OxT>(<VGgBtOe;?$*4;=;?{a`+s=DKRL-cn#zXa4z#1w1`6lPW
z<szZr<ZaU*ymuZ|25l=lE)9o}EIrWiSt)uJ;kxG|ix0ehSoXNg*Jpp7<9ovRw(LR0
z+2}(RTX`E6UYFo>DTs|(hDPRo9#UwR5!Q<`etpzs@TsNFi49IR52A=*kw$K~=C<PB
zCK<sM9kuU!>e^%n+KRta%ispJj@`)TJm}Ye4^H!&rv-nB2pagApxu;zFkW3>FsV(G
z<~Gsn>Du9RfG=4d=<Z@0{DSjg@rZDB+?qlg)l<iSJ*JVvOh~m--??|9kE*+codil}
zE4h(xw8sUCDxUruOc$A819;$qrK&mKllq#z6G9*6MaLHsPlsIDQKjJeMAXQe#FM<y
zm5f<6I9QxqLv{Vdq{~1s-?18zs2^Oc`{gO_x7H*&9uvHp=(uw*X`g6nA>|&3^iyC*
zj?X7uWrPBz7>*KIig5*M0caFaeT#Q%H`+Crk$s&}&_`16A<g_JzX;GezgLWdysq!E
z(BgA3QKfy<Nr^Xgks<xk-7W#j!`Zq7SxXl4;PJ$)Zx<~2s!?*?4bcw0d@8S-CJtT)
zK{ZC16En%v$(mw@+J}fPdY!X>Bel{GgicS35n531JMZC1=jkth#oTQQ_MPO=vbC+_
z8+<7)?k<&;g-Q8ka$H`5^YH#9gD}4&W2-B)?}1A3(L9cPoHh1D&}cJJLAn{Uz-uW{
zt0qf|PLWW%k4STWr9BTfk!bur@d`8Nn#C#ET!RZkyzys(#!Jf3>EE(4ohHffcA(2<
zrurkgn4l3cMpXw><nFRoipq#}1YpTpTD*xXFWL^3=A(XvIDOS?(H$)jKA>oDZ&LbU
z=}z#rqg>Z>=d*cwy}5}2LYb`1o?0v#Ypv=TAzg8e>HQ~&i)#|?9*nP8gD{($x0)G5
zT>JDa_C^O@F41fU{UD`qFSbXX!dz{(H4}zfL}%0vdIel#CG;$+`~ZZB)%^_tBKkc8
zkXcKS4;-v@?WEBLrhvidW>Zz?)5tJX=C1R~d199hXQ5=B!m_EJ(c8=6k==-H&-O;E
zq<Z!Eg`=9m^YA*3!a1?7O$1+gX%cjEac4`_(jr{&olxzaN~hs~x}C)~g1mJEFUho#
zq(>0WtMo(-4j{(mt63NY+wDULKRzUdmjIe@Aq7hHeCLgneVuX_2_GCZS8HDgHmloI
z+Kk&^C9?U&VR<L_M-yG-X(OF&%?n=V>gJ-7hM$Sn2Fsu9D$ePvMkD{Kc;4ii9x03{
zX?Jm$c$;z6TDUxi*~Ow`L2MKUlrPXn(<kAMh8ATb9(y&kLcZTxH4~_-5<c9h??!}0
z3UAjL`R`<=n_<&+7Opqy8EBkI%%9d2?@_qFKQ`~8^6GGl%vTgRuhB>|LWwhCMcxf3
zh21tHMS*PNRJS%MvdxDw=5w*om_WsG*w|ZDH_=I3dUP%CxDJhb^6R3K8cb%TDpm-{
z6eN@B&EHBgtLEmU8^&wIv`urU#;g(+@-sj8wa{Hf8?g847kRLEa+oH|?n`c)lT4OZ
zshJe(^zdex6LOZNx(DMEuS^{l`zLv-zY!48U+`N05P-ZE);%04@*kp?@-oASozs6<
z`g`vS<XfFox!j#=BAfE;y(bOtI+5uv_-H=E$s=MMHT1Px8HF4+c*1*uR!UC2=Dr-!
z<HUe0*RT!N`q6pI+>FU$t$#04kWkfrouSHn9e8ct2W|H%S3W(R-Xa)T><wckW*QuH
zt{nvPm;*QBw;(<X=g{Y4l_C<R&7k#LAyAQ$$EtQ0WdM?f`3mC22fgIsbUqcS-f&I5
zZw#HOCl`{peZ|FV=_DNxyf9s&ux}l!DV0{IXpog)?d<qp*MqC;e@RxHdr?<&GP3?5
zE%^qN4N)?&x$t?ugnRYdp08dJsg3H;2fhmQdg}$_IVQmp2k}v}8`t9>j64bNIi3<C
zz2T3}%IaHK^izhh2pK?5-MyZh!xf+9K&&1gn0wKg>@pAcPm-F`xjq9o=QX$|-|X~M
z#%qm=4;!6TQ;zsH0q#1+D>rWVS%b+J9m}x>;~e(GBbR{BT^5IT9*eLpvf6WGq4&=D
zuyoLBPzhsO{=u7Og<U$>@b*BLKR(Tlh;DbWU+$p_hti*pI@HhSfnyZ8SF?SN=)1k!
zSMi?fwi?C49&tVN{FQ(^q*r$64p}Iw?*T7^AR=-+Zun_~>iI9?0u9cg_(Pg!QXGZX
z>0-a2%{%<)zQ?i6`zoARDQ+awC*XO3O95no7$aQQ$vw|f3Rs-@7ttBbeJF(6rc0`+
zUnRun-@8PL)C2)PdoUzm_97bpc=mb-nb5S9s&mSj?B3*h<maJe9Ku!kC>vWKS<05P
zKlrOOof`O6``sgJJ&Y~NGxJPVe4+A(_WJ?FQLDmzvVrShj{zk2Ztf8Zhy9sZc@^V^
zKON+6BaO$`ZVkR`(+-E8pg2VUS_)Cr8+NulnVtD{_VaMJdR%OFQjNo*G^gqQL5H_>
zAf~FAEu`WbNxX0QIo44+92LUhUGMl#xjf?lUq993l4-O1xV8A`@qcZ~@N<sUJT;7w
z^2BV1;nI+GLut>-Zt70;efLd~YwA7(AlTkRGWFQ%{?y^4dV>F8p#E26@k%VQw6r1U
z<IcXeZgGhGOVk*F!8B?QL?il&jbs(#WbaHklu8dc761c)HRT!C(T{G;b(`~NmZEyl
zMF*Ex9MD-|cKior8z$J=SFN6htZ+n6`ahppiHn0;at5N_$ZT1Mc*Ovxy)WYcdv;se
z#cUG)%Vp_P3s1NsXTiS-aTH~Ija@eQCebBzk&!Kg{Hbk;;zgPU$8OG{rxq3{aRl83
z`3R|!)Bgn_SGMhW{-yWJG{py#d#uC|x&|$9HH>$iqUC%sY!9mm7M)%)aAwreEVaYP
z6!<;Qm0(FhF4x!e8#7)nMSUklq&FKLAil4rqmFC1Q@r&X=rp;A?NfdU#P@oVho07V
zfzsIHj8IY;(1QcSAS<8Fm;+)3e_F5XfwLS&;q^ef7om|K2TK=5^tcClKi=^sZnajN
z7y!QMZ@%RP`0Y24dsAMa#%2HZ#4Cn?@TA!KAYteF{rUiAft+9xxIUv0VsVJUK`~Uz
zl&^NN_qlUV{Hbt9`U27aB<=24CC*$5@#Q4ky!rZoblOwK7x6gEuf&~${rAl~xNU_}
z3bW}Hs$|8;RpHNd-4~6i4c?urjV(+of0`txrX>H5RNmy)vrrE7-K<Hee2{it7G6lu
zh6f#M%5`6mRo+`4I)l0yewz*9S}&#eMKNTD9eXADt5rG`LM*iAANir|aO6-f|KS#4
zNGJ&L0Mfq+O$`C01Mh%rUpzy31*GC%6k&o;L=adxRap4#Oz?^#W)R8~6k;E40p5Zq
z7#;zMqNoSplx5fa-$Maa{x5m|4;bkt6I3llr^u50_NF85`qz`@$G>ca*(1np`EK5H
z2D8m;{eFRu+qS~~^=nwXir(`^64D=HVwu84|C-sL2Tzpk-E&nuH~z1ecgLzZpTc28
z;=B7xOKJ)}3hE~DS8%Rkt{rUSj$~yUa?AhWuVD4whxadv@AK<O-`eun?JobmNE+82
zi0Im8u9}Tr#Riav6^8Iy7Z2bWUuMo;sN($BZ>pJFa~JZ}4crMR(em@m+0*~=*}oUb
zxhjeb0eSiG1&G@H=zr_<|36Y1x=Y$>KQZ{T4Arx*c;{(zZP^EkyxRdk;!sZU8n^>D
zufba{28JVEGKrl6^8Nmg&?+f}v%^sj034x#?|#d%Qt;@@I@^yxDJbph{nim&&8}*e
zSH^%1<qG+u3SvFxRR8=b<A44Wq*)&tRRt7EyLhB9(6~&HPaXqI*%WUb|Kd>ZQ$tR#
z{j=u!pEXJ~|D1;TNAYMk^IxW%4>>e|fLM8dmi+UFf{Y*<x?+@YRe=U>Pe1zgW|==o
z2Mi)%d3D7HSBVwYcXV#c$nQ4Q&20##=cD4j9&5(Qsp9>j(;IGgziu`unXFL*)-G$k
z;3&!K$B#3W6uUCZDy+H1r!k%p`>WsahdF9kwe1&m&+^=4%us<bn@=Gnq1ccG`NZ~z
z(9Vv)@-7WlCl|{GOQ~3X&(%-swb9cUvl?H>nKZsN$hXS&TurPYZ|;grbz7`S3`TeD
zTygpZ(xa4WS00*s?N<d|zUo*mB^t2!unjHwzSE9qS<!vwIJWn34t`O(f&`xqUbP7B
z5+JU7;R*{YOo~?P>6xuyknfNG(6U#?yGA2AfN&PxZ7I$~|F>98p7P#8Io3Gehi6a}
z+nBkgKu{s-VnUu9#g3y{v+JtaOG+E<p6n=--z~kr`ED@JFl>j^kGqkr7b^10o9ILQ
zOsFubfBTeWn~%k6a$!ZQ)MF}n!h8P#{Ojm_`4HXX8(l$|5dFRP-RA~NRs{xsPM=xA
z3qLI+l)4EteJQQG|Ni_nn|Fi=76?e=P)w83)miaD&sag~$iQF8`t$}y8okr-b)~G1
zM#qMQ3!e^ZNcXH_I+y%#H>4<ePf4nr2u6$qpGhYbLbTc`Si8E}^>y95RRK8GG|?!>
zr?!ODSk$k=GnlJ*zNlwqL_(q%o1Ksvv<R|WCy{y(#I4_kEOe=z#{W$#kKqyf&6udC
zHI=9AjW5J86nhaK4J+>F*qh~D@GilWBiHX7>EI)ud1Dgj6cg9u0#!Xb^{`g}E44~A
z<Ij1u7_@cQ@#>JG)nvK&s`r7Pqvo~H-G9Vp&Q1tD=v#H?M8ittyF23=db63<dCjTt
z$<tB~Cgg@b-L&nvISQSel4#Xbt=9`o;8js2SBf&;tyb8o+gW+R9u5@?mHUTEe)woB
zyqhmx*-GJimyr~bewTNu-ON@ZTraP&{pjZk<`QAKFr{5)F-(pOMsaF1rv2!cJUXO>
z0KcO?5eF}`TdKFB)oLny2(qu?P>E2Hf8_m!M5kucpjIBWPmSGQh6saLD{Rw`_tKYW
zEP^tEVu)s^g<1D}4??R`hqFbh#ImUxt*W2!if*TpvIwYi<>{GG4(wMJXIhKTE1CRp
zAU>r>jl|I}C+|LSdgK%pbuP9SD$nue^MLZ_n@xq<O)w)XaD%)hapEUyrXy{1NIQUe
z%M__4K%fHrK5B^1CG_2&i6$%uHNB+bis1-E{BAq+la|xNHY#Kh5Neim%gili<Ve=o
z<kbmM-Y1Sb;+I&TiTvo<XKcUrM`I-NW6leNm^Mv!+Vq%lT5<l+@b~OOh!<RAKPF4N
z?12gTur5MXnf=1!&3Qkvv`CXq`B~E${jL1utqX-FZX?EiD6008k;PH*)B*Not@arq
zxp`>Qq+fE^rqAZr#2@&lrGIRn5wdm@i;;v3wDsS|%H$f8y97$g83mC&xbHtMxR$kF
zc2*fO445XF_9)CotVT$fCD=(+r%9?>dUxx=m6KJaKn|d_m{W;a&muQ9@N^u53f%+u
zC0UKigV6_AaVLBWuXb%F_OCzZ&9={o#?;I0<K@~3EsyIVSp%1YA5}EhF43R^g75M#
zzP#X?=Bpi6_wlQGr3<Dy+>!lR4>}|G>u7{UP{+eakNCy*>YDv^HPL0O4$ikn?5I%2
zCp%ihyk5ELff_;43y<?_E3fUXeCs){%Y-~{-s$_fv;%a+DK|A~YbO!f?Mw32)d>Ab
zzd4tlkVYL{vsqZuS15-gqG1l^v7N07_lbDbr<cw`iu5;CdK1ol#OPL2k=2&4VpCL~
zP*)sYGp}|t(3>G-S1D(fZP<>JJHxcWDuDORqE}Csb5B=Bab7n6Kt@W2T1TJnHNW)a
zMAgpGF64#0F$+wl0@*f#5CGwt6eu;gt<bLHkBjN?K1zakT75kRN7=Wf9u2>U>3Akb
zU;d+%(G<ViPVm;>ws8jOnu7aZbs5t&ARl;MeCt#=;0zf%w`1PCfBAm4S7wC`$sOIV
zvD|Qdw}1Lbmi0?c*}`D>-0ZY{7D#LFSxjBGd%}L2`i&SLQjlaZO-w0<9<x%kEO}j#
zoAZR^fICxp4{t`iGhA(+)*O#Py;s4R^WyJz+^_Z>uU?7^N&SHcHaJhZvmXP!E)mbv
zemt@`F*Z(CvG)FZ!p|8R#q&$=pSS4Y?9|dZ5$Us}c<icLb>pX4d&s*9(&wv=j5>TT
z1Pm?0V-T4O$!5$@23Avk94o%tLrDr$*Jj=my*6~8e%W~gYeh0w?Z`{a7=JOs*T2r)
z-Q9%_yhFywY<rDWXvw2*b*edNqz=DpAyp|mC_xrgVM!11CFibhr7Z+LbKCA$ZK}GF
z8;8|SS442gZnGjOb)WUWsY0)_77CK1*u>7y)mjU(L>8|X&R%)30~346upk|egsY)u
zE4@^Z`b&>p*ap%ZqltkfgFL#vLG?E}HBT0OF?VFtby*-bNuCrgsOenZ*HUyh<uo>l
zX~%Pv=V)RaF<!yfAvtGJ#*Z7xz31V<$*O}}DaQtLTd7#$-?tM4(D@<@3h<%MR>@P4
z+}RlB9u`HTD~%B#i65_Lp%Faf5arwtdsf$oVH~Qz`2e31r|4g`c=<L_W}6y4e77+x
ze>Yt89=_?o|L49mlf3(9*)%a{QwMucYQqa3<q8)lWpJisYv{K6I8VWw*xOwA@AR=E
z6y^{~SZGstY#0N?ogK%DjjAhj*t-dk*U*IVEn3|8ZW}4x+V`RiDq|+uxqylJ;3BDS
zp>Ls*#>tdt)5ZA|l0%O&Zf)OPCet*`t=zRwqa7;ibeKgXAuE%yru$jJ3l9x{GC{a-
zv*!2hG2a{A;D&9&^6P8|BY~BxFZO!u;ajfqIaBVxZWR-j!ip344{}r|x0Q?giQX*D
z{b56}IFEt&O4yd$L6x7ZovgLUsJ_IcdWJ8dvk|o%w>(+)Q|X5rK{Gy5`1zeH$wW~S
z6^&~LW6QO)^8<6x&-Lf(b>!77MptNrMxjqe`8A71IjKc8Ik7?CUo0<ob=q#s+jpg<
zKWS%4wRi|L39)SWt;faCkMC+UPm_jf*XXsq=WV)TO^|6~9VT{5nR1xnN!gbwJV$QG
zOe#(ZiZpDo+AwT=(&a2zprS|CsA(sfD~-q<C;N@nndFnBg&ty<rH{vliR>M$g-H^)
zT&8lQP=v)1G56Gu)0&-Hf>&7K)aF!bXqW=j2p>*Y`7BY$Ke`y{%i(S;L(UzW?(|SR
z?O?6nq0qbK^BQ}d$G&l8dGr3IUUIYL+a}mn0&IeYu=P4_uWn*Kv%h=w3p;5-lstgw
zx^@jC197?uOX7+-6^tQ$=q(XlHk}jn?`;nVAv+Lg{@O31n>97cF5$JI-`yn5DXHum
zl+xSHLL7izVxhl1F-}{@5tM>itQ*0P=UvcyLsREz{;mJp_ydkqjWc=T+p|*rX6%V1
zzJ;b=x$#|3o+rK@o*)_!q#!L-YjQu{M{mz?%Hc?6k-}^Gx2>`-O%~2>cREmTdFOF!
zB*>PLoSj+t7(idU%SM%aBfn!oi10D9ztKG;HI9|OTzAzES2I8U&C#7p8!+xoX4=HC
zBs!Lu^@-kiS2d)4-{oNCpG-%%VrI?N#2e~%dQIXl(*(~K9B=N0?EEmK)BDz|6HIe=
z{(%UxznhAOAVYM6S;xE_77+I`4^FOl9{g>08h+ZO<A~4eb{Q4?K3DFg)3ZOZQ-)Zd
za}3MX$9GUJMml<rj5}~y-NB!Hto6GUu0-y|xxtKM$XwMedvb5a>0}!F$ktsG-U>XX
zkFI9bXhK*^g=D`wH_1olDEfB`ldfq%NZD%UDn!w8kZ%rJpO&(}{T0Wh4yq4Sj6uO~
zIA*2N^fJ~IF85dSE%+>x^YY)lrZEksd2mg`7RJZ(SI)OYgR|=uJ~JGS2e4JXjy<Y^
z-SnRG_2o63aqYovE}}WkFNB--LRXuzQYZxF8J`v^CF{AT_|^8$^yDgX6p5`$_nGEV
zE6M0tpzb_{XJB&mEdz~tXv?s2_}znbwYF3h<6)0cs9!jwomPHKsA&7~@5%%f>vkRA
z4t^d@R8H9aw(K2rZ(gB5g8r_(B@1$)pST)5t)$N|f2F^0R>CHG*xqJ<X?J4hmmPen
z@|1DVS*J$sW~9TTIVqw1c#QB{3WTlmJ9}Ht^;crD1WKI|oSkXuo6|+Zwc<C(MsGHb
za<L1P+HU<Y#1&jS!9JwDlu`dy@nI(oS~lag2?aJPc{A=#@%az(>yq?JLeih&{Pygv
zORYI${gaG#wrZ<$L)^~>je64PSCs{Q`)1_%=0ltW;qm<T(+tHu9fH)6+|B)&9iPP=
zTTZW!G34#vP$`WNjLLPRY(tE|tuB-G);4okpz##*E7s)XM<6r0SRQdwf-z;In?`;H
zeqV_FVKbStA4i{#ue-ZNf`&s+hQ4Q`B&Px}<duc}XJ_U=q30WdX>KqCL5f}o1%1z=
zuiHGR*F|F0Y2O-oP9|C8#qWYBWRTjDO}hQ2aM+h_Lr33p)4Lm8%asYU3mDGkxMY1C
zjq5hkwP9Q}1+vf2ipSKDaMbm`k1kRmG3N}hJoI<A|IRxe-yb&|c88^|4EMQJm|AIQ
za-&$VXi}<Iq_gxa00sA>Hwt4Wz_6_xrLZ7@G`EgOEv=q|2VGk(uel$<1r@X5kW2%$
zK8;zn2vYX3iJbPtN`J9t?zH8coz(y#Qe*ij{m7c|u6yzu&Ebf0jYO2O=-RE?{(e1+
z4t0|^bDz{r4zG=Y$lbteZX<t|OVJK?*K~X>U-8^ptzyAd8@k<1WrOd^PsI`&=yJaG
z&+TkBce}l@f2A-f@7X1nG5kQJ`8F(5pm6qHZG4vz1FN=|!`GHTvWTXLRT+xZ@V#;M
z0eV<F{{AbrHB5$PFw%94s)`)x{9oDVDJVu;NAcpCG3@eFfm%m+Sy9G!KrmpncmK(Y
z^>|kmE0)#Zu>yC$AA_yJ$COM&Et)!{*H>V{A8FD7gx|tW3r2nOAjS8;YN}|F)}A)L
zrm<<gHV1j|^(j>e-IIxYGLzxFTbu{)=1$%2Moc%<+yp1=-aMh4=oW8bp&>@<&>LKB
zInh0Q?4utDwH-?ac!Sdi=1?qJJ_SF0_nYhn(4Us`WywcKlZDtsoAID<MAHZIXMrs>
zeMV?y1O1$it`-d5g%Ex5kq}|aMFN7rh2a&D?dUlp)~Z#`f(U9~zHKEADc2gxcj||!
z&-Q;IKC;&P7RKb&`OMlxe8S3;-QgP*>+=AA&D#F%cI6m_f~0ok<iNK-npQE)Ar2hh
zlVqQjM|a<!S7@gLwVku3XAP%VK%>$`gRxTK@)~=7@b};X>@wfl>$!02+3k*H->P_w
z%G*7q*Fh?||3DgVHW}fWpPyS3-wKVyfZD`Wi~&SL6~+_>^9Y^}T#xcRGi9bq&qEhE
z%;xfa&c|&>weiYBjSf=xlSZAl^f%UcNzq2!NP0xtx^bgYRmUSNz01QNP8FQQ9pU;w
z?MBnn9WC!xD(pW$L0BPQ4=)-ICCW}l4ZFpuKl<%)5{|q<OgYmt@?DF0Lk0}<wYF~o
z`7lGl(U@Qo=WB4UbNO8xs$(ynlhstpqwhR+duTW97w}i}FJB3X=>}fng9^^$^~eId
zjB}`cfud<mgBKK$|Hues5DZ4vF6YjhpXBNQ)c;QC)mWM?&a!+`{i;kbykY9Dn;3SR
zW&855QxoE;Mju9<4==Mg;TT9Lp^jCdq2qwj$;n<hntXSDmo9n<m=NKH$FYteH1*oz
ztWG6A#=3-`Hc&9w?Zm}3a8jv@MHb8S(+EmTU|g_oJ})o`uI#V}Cnsceq(X6(lbXo>
zJKwE~`xxX!?S`8?-r`P#z9)gGxCiHlCP=UI`jA>c0tFp>rFQ+~&Gb`mKYSkzSzjG^
zVwC>2hjVq8ql1MVa(KjB8JFA&uZF$UE9tUm-b+i<ok9NJACxq(K=Cqh!(GK5;vP->
zkaCBq^5`DiFE>GdU9OG!NRYC~*bFYC?A<Z^%i3F8Vz`={SF~5l>kbG%!Z9KcjoUC|
zNBpWdi^cel+L=4f&c+stMA``#Ms<Nw9c;t=uvYVzH{IKRDGjxoso)=xdMf(L<}W^1
zRBT#7z&EtpXpvmArfR0I_cSAgZx(64r3*97WLLidh?3C!vXZRfKU5t*P*-F7+4$is
z(eo=Z?<(dj#8lF@@2d`Mj##hz3|cCB=OWFRx3iw&Udu!D@QI6`6;?}~jeLn2CcnCm
z#@=Rx!iV<WJuf6L-z|w04yqeIy2=R6=Rqd-Y)4pU2L0>|a$a_4PWdbT&VK87)vY?!
zpYeYEq^vj{80b-HX)QjE;6qXgN;F#WKRHdd=xd6rq<ZuuyQZi@*n_<!*n5<aF58_0
z2&&n19)U^~rPOmlC|D!Ij%c(PyKhI3FXIU}#yKh)gU**s6W3pP>xK{wUJTvvT8ejc
zE8j+*`MAE0O_|S3I^`^0R4!1C?VJ8-r*E!!fw0bqoDnUy>vKe%8_+~+#`>%G^I4W=
z+k%O?rYS_t;Fw8Oa;0E)xq-!~4(%0MVfIL2uF+ZX27Iy=5)*W@fg7VFh&$1xa8R@^
zbdzIox~NMfTh5w-%E#tu#9-5QaSzskLD$4xu0SU}p65D9+8ML2j%~XM9mtrxnC^5@
z_5qcp{OtVj_T{fHpf)Nn>YO&?>KNlyakhC9h5l;-fmE+VR$_LuYPfmpEP9vS(CFTr
zCf3cdomLLI2hr0-FPmijCrGiqWtK8(7AjYa_3}=*Th$Je5PAsXMR-aF2rG~*h)Hk&
zqtV?(kPYkbp(HuFN`IKQJPUGnll+3veO+O9>!<M(x!;G3!W!y!r!d7d5hc7=ZgZmB
zn~#9jMYzw;Q*8#@r!MO=L*o^&4HhEE24;t3J&UxL4OX*n!>+z<)dVeN>eooj*)Nc`
zMO<aNF$6W)aB4$pLiBWG>;gAWhUtuuf@cHwS5Zdj@tc6P6<7DNDj=D|I+BIY>uTZ`
z3_3uj7B#rIK+V&}Xd>eoOb|cMJGm%3?S+Mht}G1SFsy8RH61yk7I{)oB&S9xm|bRK
zwt=qiT4Y8nuWD0Ey&*N`M>J>{Y&nK9PNSIULi1<U%&0*$Iz)wiXQu$S_?tV~I1p-Z
zKUY|>ZRD)Dd<a>CP<-C>ifil5!MvH%Xv)=Q<;Q5j9t9>0D~~m;M}XZGT)L8Txi}c1
zACxIVIZUKQ=GDZ5$lefR`+R!IdzOeN<YV+P9MbQs(#!aa9!a@P`Cz+4a}+tnFw1iJ
z*Y_PvDW_~Kjd!Jmp##u<y@c(I)4rum-Ze7hx{Kk^)A*G>4jz&x%}s9gahLOyK2+$h
z?wgGrSPN2=7A%|#T*5VfJi}mK+Ycl5oPnYm|GMSzqQ!+1SUFBzbExNel(E(<+|wlD
zqVtah>F(_umDfkLrjEy+s^7XUjTS^1SAp8&d64Y!h$M{BoSuGJ!QAC0&S<6FF3Eba
z@1+#}c%jf?)=fbUr~sgV20)V8RnKB@6!iMZ%6?sQQwvy=OE_oAO^tFXDe{~%{La0a
zWR?F$1T;-i6dmZjO~GjhzCHS4T1Zx)v|NLE<P~PayeFu|i&N>Dtl|SjBRHA#q*eGh
z;!?<fOn%$FLzN=dn1TtJ3-TMvg8%zaROV!Ko1xT4bKON+O+Hl8?PRUBE~tN+LpgAX
zmS-P}MR#u#jR^7^%trV0E$nGP<=Abk3Pbu7*iSvUccslC<IR>+zy5sMyRN~`T65!>
z5=l8-T~D!E|JM~(mooFuJKBGq2hKt<lUG$i(0H@xTJ>zj)Kd8Pprj>ctKsiLk)#I4
z+gI4QpDzaXs$;hwfR>i-Z8}(H&Er#%#pmQGO}y?A$KaT4)BY#F)T}u1GL)u-aH!5@
z<iGIObP~)D*$MlZPCha|5@nEE<NRD&Ti%W4o^J*zOQv|{o}+%qj|y?08#EKwKeEq}
z{51?anFI~)HBPS6pu6HhMns;c7?sq``CQ-pkn@<rK(HypdDTB1J#c!Olj5(~QOd*6
zm+TdvvT8c%KyiNww1~ocrEbY@Q&n{=9Z?xsh^ty##5#QQsMH>R^nsBP-^A5L2dVqD
zzhRFKXtL^KsQ9>J+wn3!E>_n{Qd>00G0gCqVN=G-?j|t-Km<EtkSeo7bMe8)`GBXO
z=t~i<zhAN|_TrUiXcqS~m7UrC_)ST%N0;BWeWg8!_?TVOS=u3Ka>M?%RDX~_shPoQ
zi$&i|)ZYs-iE&2+BC~$Il-%*Hn%LLMJL7KJ7&BdTI<oiyH?AJPFWm2bhBH!lB(o;+
zxkv#5c&STUUSIsy)HRxTkS{7^|JDbs(B^(9E*#)67f}4@p~32~L~l-Tjy#zz;xiR5
z1=-Qe;QdY6p5<ew6Q;=b2T{HjCwAgF7%qS_vWBb8n(eI#^0zDmO7DeD3ta*|L?$d#
zm+x4@RQ#Ep_=zuejT^g(r+SwEI?V_j-O3)f(o42BC6Sd!s7`vN<;Ucg5acJ9wJy)z
z^BNjS;-eJ^sn~voJKE{Ff1=rJ#JR<OJCTd9>v_32pSt5<x$x#rxu@lPi&-rZ_Kp02
zLqs>g$7uuW@I~>OwHw(sq~jV$$jr)C>UkI{TKUI01(}jak2_q7WiB^YcAvvST$V%>
zMrJ-*lAGXGEW=h3tps?&Y~naQH7XUqydAJoZS8%~)VVqW5;GgV#=#C=9NX7~N70LJ
zqid3_E6a~>!Up5DLgbA0W?z<dZ=Zx^{pMdvwTfVKtLf>Wi=!r<Rr*F;uOEH~6!D8)
z6U0{^^xLSTtjF{_j)W^f@MhP)cm#NUD4?HenBHG*R=Clhuhqgw9lIaWOr=yCHBrj4
z^G%Rrr0)KdyY#)p)f8;f!SEG&*Y5FIg&%N?71A&I;br=pSZ%YJfVaicKb9YE9LGww
zZB5d=t^O<3C!kqyskN9*-uk-6OAe{oN=|{~f=FRf&|q_hOu779LQQqPE^S2yZ9V#U
z1(Nn8Fb__TL1Ud$6ZF~HL-mAG9})vO>ErOln7(bBumLfNrRi4pwt>SwoRgr<11>p_
zgexdPcXHX2F6g}mnTxs2mYn+U67)T@_m-m{X+`EQQYTL4zHG9@dwC5!a_y26Em(<P
zmQa)Fc=T4GJ1E305B+-FmveS;JO^p$aZ5}RJBJQJUSGJ@<%Azu=y#<TnT(4&GCUz)
zil9|0^i?#QSy6PC7PkyJeo6@4#TPlPd7#rtT;5Aq>6+c1nwRqr(8pn2w^;8my;oot
zb0XajjWWC4@S7hUBxbFBQY^(Z51_0GOZ_G5(fT3`C$3X2CaX?6|CnRShvBAo7Mn-H
zt#|4ECbq=frhECA?pWK)m&a4w1vcu%2%$Z4cdyR)elpjF+3T3&W%Lpkmf@Iu&+1V*
z`ISV0=kEgqcwlT_#2-u@)msAXz=JB2PYXG#bceZDgL7YMX9<<=Zs}gb#tk?tLftdY
z7{lgRklRrrOi+q(kim@|bNt9X4H{|K7@=1ZJdV}XA6$hyM6?u=wOF5DlTi7fO<2wx
z&PK{2X+PZtO*VM@zmtNU)Ij4S!c-dF8PnvszY4#cqs2B(#TT@n8FnFP(q=dlFZ`xR
zu+()e14A5}n0KbzNrltPmaSdfjZUlkSfu|JcKblb$e`)Au?5L;XkISfYz_N(i<J>N
zs50~<0h0_$qf!{2&!8dV8pvQN?Hl+I)5JkZ&`Eu+x;1vm3u}6Rkh&WkLI%<d!U(|z
ziO_zaKXf&pYpPiqdnws)Ks0w%>7F#w5k9qBgrTAoCMWW`kECIgU8H~l-jft(+u|CS
zhYSn*e@qHwyYfTrRmLx6bX?J-@ggfcHw61Q65h<4TT?U_EcSpxGbV=+qYnG{bEI!U
z?hzL$p^8h>b@ii%icRx4NoLdMIvw=jSN}1`Uq!<&U)f1+r*CA{{o=m`G8X4aGFHEU
zHm8wa(p0z`uqwW5uzDoCHa&9qQLMGiSw=!=sYUB6C4Cm?Jo+)mt>&*S^Vgte7JI*F
z(8U!<w&_3}$m2U16`iaqeTQMaL0?t~|Kq%A65n%_aqaC|bY@MF98?Nth_=m05jZp~
zNn8{+7NI6{*K&786@GorSd5!5_r1nNk4(ZVH<1R0&>?|Rd<!ca9u!7s8FR__ne0p_
z@NLmU#)`(k2ASPAZs(<xoO}jqa4&t*=GoHljS5n{(q&VJA1U=#25w0Af?sT!%dC6k
z^P2%P$vI5W$`Le3Yjes!Hr`i%GW*-AK8f>q6(9DBHUy*)itnYJ1tTVJ^P@f_^f}|B
zn8KluAJNl7inCOeiA*-CmMXAyUX`dRo$ouBs%SKKGKE(jB~dQyaXX0hm6J;xqKiS;
zqk4?%y|mV~8`-5Y)>r!oQb{?l=L|>oZW}}v0}c`>%|bIJpE3mMKgwR30rZ(uxMu-a
z<N~dLC_T3ndJF&5jF&&Bcr8GRokWz7_Xb_F;f@^ZYOo~Eq^P>0&Cr{i=N7X%<<5C~
zXmJXVw3p)y9LYOWsIUT0?Dh+U(l)WDE!_pPKwcIb*@Pb}c>@HqKzw<>mUVk3H^gdH
zxd7^)(fvT!X#Pvn*)+HzPDYZnoVSFbeJ&l@oAzi}7dqZFVm*=ky4lOB+0db5MPYJ&
zdk_eKz?N6iilplnT)E>ujL-TpU+&sMhgJ%XI{wLTG@L<9Yn)HE@_AZeg>knNdK#F3
zkHhMx>msb|m4o*q>3~Z?k^psLxCtS+bt{GiD92yX9C+b}-wd?q`lim+<oJy}u@?2N
zvfn3S<Sr*1?c9Uo;{T*&2%?WBhWYZl5hTL2(;Af}L4o45U>zwggna+5R}e=tl_~-2
znYM%9x$4D!d7HT7)_>>qwC0p>@Ot*EN_s?w(p|i^lY{}Tk5lT>J|UY_&qJcPAwl7(
z3N9;}*zGY(x;MGW`$1A@q^{RN&**N`SgM+BI<jxif{*<7+aOClyop5z=h2?}sut3U
zsI^_F-Md5U_E&-j+X{IlpvRhKZ2#j$sTXbxxOM_RI$JKoSK&%GBKQaeb#9lziS<v#
zJv44_1;chixdrBxGZ5byz4fr^Pi;9wYI%Uh57ij0yx;aHp3q+Hx;nn^w&AFpoopgH
zG9M6RWoY-UE2YdbMrdJw@x4_|<E%t{rrXjJ!O~4=WtZ)^65r;{RmCQe34a9aGj4k*
zYDHEdrKWDy)8Wn9%S3hIc~{sz`^OjpIjB-PMyHZotGUG*9Ao;uKuXdEBk3xBKVXj-
z^`3uxjX%0agl7MA?493&dXzTV!&B9|gXXkpjpfri|JBzT5<KW+IS>4<C7gWMaqk3|
zNM!MD9Q}yI^gPXKS4d-{H2#zLys~=jqNu~88HLkvg0h}U518fF^cfsxAzG?RuW4Wm
z(jUw(BixG599^T5kylZ-UVGc9mfA%sS?0zb;A84vV3Vot5)@v^-rKBe#NSvQ+l)RR
zjK!I!SzG6&gy~6A8Ua|7x)_y>ifwj}Vk^}08Q=Tz#l>mh>)qGPH*xhCb?!#RK5R0^
zxG`j%oK``ipv{Whd-~Z&(J?*G&^<%n-I^uw1CF&S8D!+)D5kd5GtcmRchxWb)|n?r
z%k{g&6}-8sH0MpRy<WY+!bx?<h2mkIl+SDktJ$zDIo%$@;QgEmNWEN)5+6`ki=b)d
z208Yyk}+&|#fJV|1*2)g0;Qk`x?s8rER3`jye0^<Z*|UerWEqV^kzfzd$LYzNc=vL
z^-Z$;TDPuIe#m*;$}>Jn;)6ZK_nV@N<RvCrn8Ou(P1lS#x((HhjtF*_nUd@={VSg8
zv=In?n!!9)lh=<o$-Pwwu~IwlG?8!3AP4b^pR*u7aKC143bxchcdDnFHK1|rc!#as
zb2^fU7-rywUG^dWGLAQqGyRFHb43(0dg~tC)Dzg(qSeaip3RS4$a8sP)~Z=A<w{qB
z2NvXd@P5mnBa;T9FpIF^kk0}p*V^+3Vvt>w2j<?@^2pKZg)oU(1Hl>BTdR~fOUR1a
zZCYRYVzF}Tc<tij-XiU<7ngdhb?vKeo&4?Ft6sR__t}(I>uKvt;3QUD`vOKOrFnwK
z4qUy3JT(XrLdXpME9^K#2O@9|_UfxShc9Ax4gqm~G%bV~@)*Tl@awc)m8k1q4)ZsO
zuLh|bqIR-L)Za=afpz}%74%O1HqYvwJB9JK#f{QSXqxWFev69mJ~RNrysb~&BGTAj
z?XoDjFhWN_$FXzBIPFp@-Dvu?*I=qaQ<$|yI5$Zo=hQ%7X%MEUXFJB1Zb`PP3tflc
z<&5*7Z<sEBwYPW{jke7(jyyz%iQy;o{_qW15t2B?gmHmf?EBIt0-xi_CwIcvch+_K
z&PccK*pOd|ug5OVDap4VPo&B4|B9IG=%b;SWbAT6>{XQ}Mvb9e`Q<v$8)f+HP`#d(
zl^@fL(1%h0{Z7a3ZU7okW}{LThI|sS5q|M2>P~#tvlo}SdtNtJt$#a8<mtMgju>3~
z8okt0@ynJoerm#VjdrO4#QDJ9r`gNKDjbS;_{d_fiA+@8Q8T~_8miju!xI^Uun#*R
zR4cAW+YQ_{<6fq<{2mw!4<;xNHQ2M!q6PFqC<#!j2)9!9={xLpn@k#pIS-Sz6-n_q
z#qONTck<O_^eIsrlkFUbTW(u{a3&*)X~J&rrOjDpnQWh))$f^y#<5LaLv`&&!27!0
z&R0YzsJL2zdE4UkJ4ZL-#Di=0l09x9yQ-kq3)s$~G#EHo%ludQcv6WRb9=asIL`Gs
zb-~|0;j^TGk4bddrJ)9l&~=^=`yrb2)zb4t{%LO~!^iv2nT9sDp?C&N*`F5BdYqeo
z-`twjqMib}=x&4;O~q`=W$Yc-FtM{13dxLfdW4s04Ebd4eArxmxev7O0Q-EJt@$^J
zbU=fVG%on#7gAk-DOod5xBWOLlKvn^AujAa$W;{6BHg{|%6AmV>4Xw@rFd=N5s|hG
z5Z#@}l}#1fmx<cyjogNJ?d8=P#aBrSyu`(&)o`dtIT*M3-%fda%Csg3q*Qt~PY8Yx
ztG6wv$crCtffQ=nO)|0C3|3th`cWkNMJC%c^y3Ym-6!WM&FER~qK4+Vmlqy(9PfN+
zFg)QoMccz^)3bW{GlG3T2VpJa*zvTrn2|C}1N`V`Dz$&E9kf42ffl=>ryH~bsOzVE
z71lF`-zi(dMlTP}W$E_}KMi2#jqT*-DYi3;d|&GcS~O&0s%MA3^2@%kmJ~e=xbEmh
z9%&EU_1s@|O$#aSblz~e*p!K1)Sq{B`%(Y`Wh1D?l{;ye-E=-=HKlA%nN#iz*~%RS
z*~kA4l6MRep0;0hD|=`Te8L&DxL?#-j|CUhfqo#_@E43`8eNs_mx`Cg*{}$+)Y_&=
zb?lV{?hli?Y-t`J`(l<)(KjuLycVamqB7;~x8QHwRvQEjjZ2TkL=CIVw)k$PN|lXW
zKTv4Lg$K&M8^)cw=wSC3W-$40XtMQ{J9{&O(LLuwcckE;1*FJ&=1%_ABs}BjZw@Pv
z9sf-&Fw`VZa;bbz%WW8%)4mjV;D<$y?%cbmA)UYc080#p;e6$Fb#H>otij}9NXq%E
z?&)5kl{g5_xSeJ+IdBU_hkbF(&KVDK{G+DU=;iGvS8?dN^^sq5MdM$KK<z%Sf-?;y
z_X+kq?Z0ypHz!A5R`r1rtP(7IEG|s%joIs*ZzQ`2f`7B)_x$wyudGcz?Cbo?D~P?R
zSt-ttDs#(&7ktiymsIKbSSg9~=RjXO$U2;aGx;0}Nvtm;wEe8Y=cDaM_r8u5a&CzF
zg>p_2Y$!{Jt8r(0j?~Cf8kK$S;;oVWbDm1+9k?SXCj4XiGDu&~?tM3Gu-0JNSrIWh
zzn}7)fNx`ui=#)TS3b-(Lx2jonZACJS!t{``OCclrXSJUfgr7N*b~_TR`LfvqmFg3
z(z<_n>E!yC00ofhqqOIT-unZRx@5CBx9tGa_wzUs$a)@j=RXD=c)Gt%({hzOZhH2N
zqW&7NZ9uh9ntqRi4t}|xw?sle;@SS_ng8a&=*Oz&i{L~7)PHkgwr6&U_c=Iq>VF3g
z+uJ{KKl2AuMyS%|Na5KNoVG`DqE{aXv#VMj5%ohyoci6ON101Pv_{;8IF;YW=o7zv
zhQGt_evDrFr2*FcH(+0t-kf|6hI&Dj=k8ByrQnTpdLR&B_(hoO93c4<Kyt_|)&CPE
zh?2tk|F@+>s6km;-=g&9z0cAQPQFz}mWaEeILGN<5m&9rBVT*ywDy-3qQCOra8<lv
zIvT78L(QCxTBXsN-U6d0&k6pxJ`X1w;eEf|e|4qjRX6(+-nHsxp=LNKE627%wgxx{
z_M$VS!T98St4X3+|1Oy)Uy+1o3D5ZW>qmn8Qj1MSA^E(?$1#)I^<OmnC&uZ!>T3MG
z2ZXS<?D%T;S+oYgh-tVe;y&3GBMu<>H!y8md+}SV2MgF2et}0@|7o2+>p+&U&0+Ye
zlPa{^#TKJDzO8k>`T&qUT<dAJB2~nRn2?9@9}b({6Y}?G8y*Nf?~ZmLx0E;S{p`Oc
zBkoB;lCN@P{P?i<!_J<J_aL!v2$h1~e9(EXF|j`}7mzj_knsh5(tP9VA(HpWEhE8~
z8~5&i-J>mtGc+lB;U3hcf#i26&erBXnV<N36(9vYM^(t`TcKJ`x&0Q6)~z<%XwVq$
zVsWHpR{ImO=4km-q8P-kWlKK7m>iG~wEz<)X8$P)VD84rcY0QEu-fLG;azzmo)gTl
zWS;y_)&K+WV<mU1tM8hKTGb|iIh7)yA1Ko-hw=iJ=a}|yBoxiu!h!Ey$jCBro3J*p
z1*0rVe*dw{XIydF5w25HZ<;#<iw-ASL%`9L@u)x2MGaBHFH(<+*L$VNJS^xSv7(st
ziZ&{ldT_V(evb%(Q=j}k^#~+3a3?hI+oo}N2B`YDgObai?)Sea<2GEQyC;Prg)<Yy
zN(J)o{g+Q_|CzCrJC|Q`R1*li$iL+Y5<2TC-tG>**5l6y5cMOJxup2Q#a|kO8}EDv
z{~40s-2{_*6i=fSEDmL)O!jcS@xH=z>B0vdG_c~7X}%l?kgFdFgY|<{Ve`osCg1^q
zc`0QNynbGQ#L5Bbz5%L2`jL$^-vsAtp~=NWb9%-e>Qu^Tks!cSB*E$0wwzS;;G;BF
zB>X;v>(pzZ<B5H!By0aoawDKn;X`*|%pnFqH<?xip>5#sjOxKqmgGYA0D6{SAtV{6
zc~VqW0HV$VAeAEQS*^%Fyxn*uAZSBA1H<wfTpJfP(34OD=gMZ^I>N<Q`cOz8aQ{9y
z>NL*Ln^1<DelOtHNjCt~^Pb;nxGKRP19r@1=6oFvY0nMP)Te8~Ft<?E?4I@A^S_Rj
zpu4PlA5oO7Fokk>pz5u_8tHA@0A<+=k;0$Ah2uMSAzcArqGA*vD-QgF)cTsbl^&-i
z%t`Ql93!Cr+p25`d`x;5LoZ$%6#0Anwp}(-__huU6s^1e-ql>^_d<?0A#nQ?E(m0i
z|7)bLq7<~-ys2b1$g&9(eG`*<0u;VRJOqYf)*HrWpCp#It7-}O(g&cewzK!7x$Y<=
z_SD*_v=!_6w8Z}1a0Uu2rWQ%&Z$IbN?AQ_ADPOpNVt<nZCc>S+WOavoL4c7CZ!m4}
zbcAJ~&$ED;kg&kTNQEYs5ZvZ;K;v$lX48lZ_yU7)ucP^Zw>%wSe2?b^X_%n%*ELAt
zg*@%FK&3ygEoI83jDs{$maI*8ieyeu8|#65=9#!&<GRfFRd7v>UMU#+NAD@baK(7l
z{9?KLMhJ{+ga%U3nLs72lT8Ggr#s~yZjhM^Gvh3jhJaMle+yC!Nrc4uAcNME{2z{J
zR=S=t%z$K`ryvG}*}trl$loS0L3gmqhDY2wMY)6lDd2%&T%qp~4%0H&#(??0$?yya
zL<m^Kb_5f&)ny>b8kSpqW|PIY;_v&X7%4L_<==2IY>-$7Fu-;iSfkrL$Qp*7t3mgs
zjV-84p4)@b>2v@~*Ji*Y?Z;Cr5H1Z0D^WnO(1XpTPknuM$OYx!F2tFOfj#=bumvQG
zav(Jm^kzozXj=b37p`<e?ldgs8@}~Ca3LtH)EEBGvLxZsZ`6KpKm<(n>6Fa}qJp33
zE;xhlb!Z3C^zVfN9>c@h&b!}AmbQ1(xqu*YLrZHI)`)k&L(-?#<Hz$0SYKRY(Q%S?
z1AKz&lF&Ylp!Ciw)d6)fS2D65O$fkK=HN3RC6r6LhDr(;NE%Mzn>SKw{@X7u%y0H^
zj(HJyxQTxvgH&x8pPfvmSe~l(Uc-97fkfTEMvc3KSRcW+4ZQ|;N@z}EkCsy=T|>RW
z9C+tpOf39I&rnbl0G|O*=TP<_5Oo$Hyx_Z0fM;_wR)AkO-AG$o`*Tu>EWNbH(j-}&
zD3^A%&@f+z$w~zh8)QXRj(@+qmL$~^uwDP6Dj;1aKH)6C4r6eIp2uMTM$M()w6i2!
z`D-R-piiaZSscA$YHn%Zy+=zMpXJc~gmgYF1rr*24v~h)SRZp=PME6Dot=B;KlvdO
z%;Hw>nS0W-8B(q3_S&VnI3=B4Vi$Q?O|N>C?$~xOwR$iw{Z3Frcq1911Wb)_(2ZXi
zXP{R5lLsYv3WS3#IZ+(R?x#^?@!!CY(o1KA?uqZx#{bxK*_MYN7$+C;i|x>-=O@_N
zeN%+%xhPocQwqet{S*j8_;jQZ1E>>F9_2tWUF>}_EoAlE&k4Q#u7*1ayf+8F8@LS>
z^{ek{B3TZ78Gx}ssXE`gnoefmhtBC+oM8Z6pws`jXV+Y1R|1Vc?6QzlVJbo=KouFd
zl;8>?V;|gvF^T{7RiCfpqeLlg%L^cU|I<MfgZTLWZ4<y=pjF_1!hvE0!5C;EFR01^
zua0u(H?sgd4gdD|fW<KYqEsGEU#5g$gg&`_HnQ07-)<b3EX@Jk-S)JcwvWKH`SIuA
z8&)=^|K&^qeNG{RX1)g<r?0|?I!Q_eU;f>8MTUQRlg;?gR_4&dJ`C`MDk!a~VZl<p
zKc@K)REyp#p9KeNF$RtYoR<t0$E-$<##;Xa#qS85f`ge^WN|d-wqb~KQ=_sp0$*Tu
zb>2f$ta|yy^ByOfDzrGM7W%k!W_{RYfQ55v22tx=?$zCeTE5}=FgxY?uDCop`6HO;
zNKVvq5HuDu@YeWAJquLM@9X}ZM4%A*)vIYu7Cq&{s+#iJmjYe6_Gf#H_;muI32wtO
zjL=0UAIeZ%DD!^<-&myZ|6=St!=g%_w_$W;Raixlu!4XJC>cco$%2xjq>(I05F|*J
ztRkxfL6Dr4oMx1qaZx0L#F4DP5Cw!`7&1@IfUf&numAgg^YRR*Pj^>WSGe!0xcyB^
zkaXXubfn*@G&R-yH1L_aZ$eNc>dL@C$+XyH4HV*_9UzkEzzaXiLRb<oB8dJ6#6tj{
zlriXrn>J*wsGTS%L9s__-8COl-xRE)p80!sV937gu0Js$NhIn)^0ABE)v)UK-Ykvt
z-2o-uqi&3Go|nJ!cE4fv2pG7i2zE%fVi|E%us(Lhbk}Po80oOP8MpQHwM0f0>|~87
z>ZnK6Y>9J(IK-|b{IdsikVXs_L5WwzK9UD>CK9&kY2ZjEr;Oe{P-ee+^O)-}D{9lX
zzrZ-wG1hdeQk*s8iGOwQTv7=8HuxF#i}VCeV=~m&+7-%OH;=$J;<f>cWHWt1OI?2r
zGxai0E6)alPy>~zvdcoO{Pln*oEUm|8pKN$+k1%X?hx_`u8sJ?6y%>ar1yWZ=+PYa
zg$*YoEFYEMTjE5G>+PrbdNZ?H<aM>ya`;vJqp#**WC)7Q1axRWkofOcJ_8KPX4~E1
z$R&=b)KXy=(-6mUk$i5ia-&6Qd%x0Y;;L`n&<`!dG%9YZ+vrubtOZ>xSTt_OzCRA9
z?B8p9AOR7j7@>5sJL<>_E1Cx=SpZ9`#9w*Y>-ometJ<Bx|H{~iVV1bTn%|^lYPshY
z4(*4y(8=Xr*Yh;4Ka(FjtX?1Njqu#LQfQZ<D_~PdH#95N-h6DK<s|MduI`a*PpJoT
zSyW8v)u1*%#Qfn3*mG<p0UVZ)jEzmnt{wh8AZO|_KY!L5c~oZg5%R<G(uVQ*4Snrr
zx5BjbtN4>kCO4k6p+y9;GWvIlCe7q6WrjM7Z*JS@ylKFS7W+Hs^*}-hOf!PNPS{Ao
z5;Y|tP#Tz$W1eZo*~wz;NO9eJ?q}?!!V>r02EB7uzAi#1SWeO``0GhmJarozNbJTR
zt6%WlUw-pQsK@$-Zi%+vj$<p)vSCAhhO6w~2PR7Siblef4u|B|Rj;Sqp;T2qXzETH
zz;wu|+w;4&ylC6_uy|Xx=XtQtf*YgMzhBX*tq-uAE%vzPY07MUdoA106@_c|W}v83
z0dLh8nmTHQ`P$gF@q0?PoZA2Vsk;8OrMo0}Th=@ldiwHCjhc;+3;t>RhT5l`?0htp
zOS%2{o~SmA^Z3qCSO2o}fr#7gO{0x3&Ue4BMn}b;L$l7_^Qv-mTy!7zq~EzvGAiAi
zfveG))8Emt_n<@#AX5VAy*9>I=7&qm@9Qnw@F2c5;AWcFq>Xs)=*<tL(4x@;&y$*K
z*9}8T^m|vzF7aNoCk2k~_uW-gw3iN}2I>6@WD5p)gRz;oAtN1X$%%eN%C!|q*Tean
z3HEi^IP@2U`)Y)qx$#+hqbMD^zV}sPsQc8`<~ItRni{mD-mu4Mw?wOn)>zkXMNe<6
zv~}Slhaxvtrs~lQ_*e7BNg@f!1C$nU3;s*J5H647CO}mp><4Q{TBu4{sFM111~JbD
z$Lk@(kveQKX;084V=);OiYFX7QrzOk`684YyQ4w}&Zh(}V@y2)&mFZ_c~NSY;YQEO
zC#5`+Xgt)$))$QU`*tv!htJ2~>XPE{%u~W!fTi?U-s;GRVU5{vdF(dt^vG5*o^WFm
z5f6kY4HQBMRgkimerf=6$7~4zsr1n@**Q%<>h@C|w`oq5Q!U1Z-H8-7Hy*`1GStj2
z1r8g2T-$1*FDPBC5Sz!k4f&u(RYrL5w@+x&#K1tYXi(Rgm6Xf(e;<mxat*Hbf0ljs
zP7gR%0hgyNWgw@2_=)_LP@P-y@?$0Qp@>bg;N(uZDB<}~4N0?*V8%RCjkZ;Tkdrk7
zmU@G$38+XgL+2Lh8!=H<DBj@zy($QI?%DTX=Jthlk1EJ2kQKaLqBmxljKg<cEi#@y
z*d{D5>~PZcZ(|xJ^H7uRLA%)G_k-0Zy~>q^ZflIM4l!aUCF`DztQmTw24XLvLiLTf
zJlnA@qy`zSbB8&a$CrxR6U1v;w@|MC$9}ror`-+~cZgytr#c)^@%ba>nNWU%U18{Z
zE@V^M;8V_m`~E4Vd_Fv(`<uA}Dx3aJo-HgB^M*P)?Fn=L_nQ?#QZS)HRVuV<VK_ze
ztd1%ku0)B<&);;fvER{D`;=vi3444TF@WYlh@gEYHucW>MU3d0NTMwrJt`Ro6p};+
zHjJPU)W7f7pB8Oplp~Xb192}pirdxDpz`rr@7v`2L$t0|MIR#cOGd&KYYq^W0!}xF
z*Sz(DPu2gix4<BBd>oEg`@%1#%2VJmW;OEYT|Cd~up@p$<;3N7`r>bkfkOS6`h6$N
zUpiefoV?^yZ1Um2EG4r4EPG}t*~Vbs@Qyo>=nVg{Lv{^5>N752U<RjBA<Cn}vaC=m
zW#y@AC+#)jO#Hv_1h+WU$B&vDen5S`(0rll!wd8jlfO=+XTb(%`?OQn`pAq@4VI&N
z@M6h%eB);Ebs=R1R$veCxL60$*I=h>8xpQ<xCn>%dLOke)|$V}fEvy2oNQa!MvH)b
z_p^OLv<?rwA+OVNVaY4)H1k8GezvEjo^O_4Gx7fIB~R)m+0lac?1HgPr$|k0cV-jf
z0wu8YZ!px39LYwebLa7xY;I&r((Fbu)A>uqvsQhBjQ_vJvdm5nD%24+GtHrtCOd*3
z9hz^>i@|F*nk}ClE5ESFd8K8k!F-E@T^Tg2wY&~%=s=})|DBP6DO%K=yk&tamNrjD
zEC$q;?Pgm>2D|$+o)^tru~*&;4RL*WgzTDFxeq1W6cYcxBqhDBPafBi68}i%uW4*J
z{X-eJAbvjPFMiARTi8-*^}y9XzG>0-3g9)5Z-UbRSk5JCM@jdZQH2nxlu|O#fIr>$
z{b(bfyxu$mNzr`MK0e&qB$&&Q_*|nB1qLC9)NdTw5IGMk2F(E&&1w^sXUpr_k}>5O
z8DIL85?C_+^#%JdIPVn={>|2BemmDF)xg;B+Z~-2OHa<aK5(GbZxj=E!iF~HJoi7^
z(1n2DD-m6MSnw`vr)lRmwxW9&@k!V5>?br?C<+EnsAdQX%#yI{YWkQ<AWzvY$erBO
z+^~jM-xes`AB1XC6I`Xe1RNBGRj7iBP0ly)GS0S>zxPZhPHM)fT#Mg{N@|`a(QUZH
z>GioWGiN;c$4h@U7@yVwS~h2P-h)tx;d%LVv7uGd+nukTm!dZj+eY3z8O>`CD!Yhb
z?ub)V2o@VS7f1hXk2$k;kuX69SwqQScq__km3ODQ2i>nYKIu>%uiDnWEIA${L`*(5
zUfr_~;8T9G!PRId3g0>+J+#I8Cmr}_%XZ!s6n2JoVLTnY(<#oP26qSl<JW`pPYQB>
z6i{Nip6K?Bkm=Cc1h=T4aNYjfjJEpVqMK|JE&jA}kr?gIStS^UyZiOCWq%zRX8Ew#
zc>VMe%N=6M1MbvaqvqcqeJsl=gS7vzY2SwO-6Q}(GWX=>U(Su(b+O$K)b0x+exT>C
zKQLRpd3WIa54*XR(QCgPSnZ9wGI`;Vu7jZfD<Y&OI2iv~nXqnAw??CE=@U;fZ_Czz
z&*q({0H(udw_%olMCRjYEX^HySlU*V#Pt{bMKxJk;yX*vvFYCLP*HA))p&Xt{W?gG
z_XowjNxT1iEGqp(hGxljvna1>6DUhKUSV-UDc*V2H@_k2T-zfOGtRRXl_zjosPfDg
zP|OWXQ{6OL_>`JxwS!Ka4EaZ?-BheCygG2f>zEERCcH9hWHrvrFX{AQKsB|-V>}cU
zI8bW(S_E??xm3ZNVBB8mywe;Yoj55kW#ue#aPynT%(sV;UTZBMo`|)-0H<>Aj=9BZ
z*|p#1-Lj-9X`L1yz_jQM^u3A~lc7ZG`tCUvb(;(2Y4dKfI}oZf=y@UED5vWMu$EK|
zo-#<dXdanf#ls-FKknN@rYcaly2L2UxMtNTk@Q9<yc<f+?Y=u8r+;@5M&-*!ITkuX
zz;%O~afF1mXjulS__FHU36b3$kG-MK3Y2c(3ugnUI3Liv5Jn>f+5wc8CH!9ZVg{*8
z749g%+h?Ceu1B48uqV%8b+Z!dv^J7>H4DW1@`4#fFsG>Gioc4#V!X4RoY9^_D>(9I
zC$oIzO&x0#dU|V+DZwWG3J!q47jqJl8jI1^YsISt1Br%6n%qG|CF9!K0J-bBtp<<8
zv@fc=Z33ND-BRsa-`!bsusfj@J?VTB^_UwuSOWHJdII;|;sZkxHQ1Pwt24qy#v5No
zw?eH4JT#xVxjN=x|LUubFB!z%Y$n)MRe;k-FD?0fS=(q~P~USdQPfS!X7k;kcA!Vx
z?0Ie<3;jmRiD`#5e=iiTkTTNZZ_f5e{SdBiRo;zU{N-pr*2$j9k}8As%>iv*P8!ao
zouy~4>nlxWnDW82?!k+yG$jkvUJ|$!jD`1IQRP{moc^-yg0SX=jTyxeb`STs^+h^+
z4f-PUVZFNMruHahdWLK{^74cTeWQ<KDJ8cJpRjx#Q_J}wBx>V{G@rf&`h4T^&ZmTR
zhL}-UmSJ54kIeEx4|X-DMPnM~^6;>vkm%|+JuWPUm`I(<%CcLs@>wPya@5uv-!aiD
z(xDDS+?m(Z&~Kb`F)H!?!@Auf5$(lzX?}xh#bqjKLoB4|5764(1*Lq7NBybf)h|r#
z;5p7Yg?`~*lJS|1_qcIS$JG-5p{H)He2fvJ**Mn;wl=Om#URixLS%k`8xw6kAX>9o
z6U^gdO?Jl14Y0`Lol!3~3Y?ncMg~rqhdRd%oSay%WMta%{5rHL-FRDP`sYc0+)NLz
z+SMWugXM^s0r=^&)UePSd>nGLjOG_dwYH-(YHCcQCfixnUrmKdJH!SZ>&#e-5Os)o
zsZqm~=+gXF;!0GGtbLkYoab0FV;Kv2foGyALG_iLulFA<HcH#~^z7*;Yzl{}=l0}4
zERfUSvV6>~V3V-@wW6(DbS-r?t&iT>am47D%NZ|iCm#&RI5O+<*Cmc7FNTOg9#_k=
zXtUsNq5EZ$CbSMj#BtoQ9WgjWgen^u@)X<|JvK6Xq`cK3R#ag9GTwQeb;?EC(Mv#s
zl+){!74`S4T&vB@YgeDArj#nALrvInrHjqyYNi~nH@&dkii(Jz;8#{Nq2V>39(68v
zqhEh!Ft*8+-66H^y<X>))G|QrL~q?rYyLjAjA3Bzi5ufxc=gvzggy1;JXI4KO>fq}
z#9M)}iyl)+D{1C3OVwYDRr&L>Zf@sjQ@r?e^@8xa`w%{B&_+NN9~(POT{AE(&ixe!
zf$VIzpFdLtW3%^}Kmt#94=G*Zh!_mb@;F#6HXlD?P`&zW^<p4xP3?!fm%~R^IFtds
zJ2DsfDY1QG`+kI;afuyPw3h>XjT@*@g{VW4DMrhO=un;4lg>$hpd}x1+@8}~pPF6d
zd_0)7>_SQ{AS{Vd0OWG(7Pi7LZXkCdXO1l`*#_1R6Od!Y_(T`(yIs2>;*wk9?j_*A
zcMv=n*mYVqLPL{05)q?Xd@+~+kM|+Ui?0-E9penq8p^e{yucKkSg&G~g$46sybECz
z!h)rdllhmWzla&V+n;jzqO7?5rcB3UZbObL1A(-l)`r)w_wdNY)&=ZKEeC80VrQXN
zt`_!6H_U6-+|4;<tb3~zE(UqHx0P@lNEY?r=)21D<8d1;&S_4|RN{`0!x-7e8H-rn
zup2_aAMsGbW|Rxrf(2GlSc98QQoSz0?i*!8Hr1g_FQBh4L2+w#4&pZ`b=O6#6^POz
zdc=<wkwN@*7q@;en&zefm;)?u*`&MEAcWODMK4)a_4jSYKBvG@y6Tvy&~{@2&`;SJ
z;zs?BBe*Y?Xvy2BF-NiEMSIT@c4T3+srZ<Eef&z=nATs9s}dFLqLkU+J<VxCg&Zel
zFCkjO7i9Uc!*AO6DNyP7>Tc*y%Pk()ES!2J-+Ona+s^XV8xxJn1JsBcD0^yGd#xOP
zWTpDNTMz_1;r0B;N4+ddffWxvruiYVUaA)C4Uy6;fU<nnLxYekDT(DrLLfzJ>F31^
zGSR(dQ@bqr9yU7$R*A)3AsNwO;_dr+%2fdTqHs-J{fG^1$+9E#uHF^~R&@sY(;Fw8
z#J8?QhnRu<u}tlK0f-#!@d(d%aXf-f{>H(kOPr#cNZF>KAtNM5Btyh7PeJ&aIUey4
z6M$G#M@BDldM#rHB?QO3E0@~~H2-IdgJ6rj;H!Y7rN!5iQW~Z{j#Ylr4R=#yIGwr9
zsMd0H#_TG!lt5h|q_tG!!<U-$Gvw3%me-+45Av@l<!e8Ww`i$|Q&hQxPUl18^5HJZ
z2%Ee(L%fRuI9)p~%_nl|C0OY0==H1=H7hFoUUTD;cb%V(mHbH@Q40}bXa(Gk;e-=i
z8NX3JUI=y)l`1wi-Fz5DA+zG>Es#5K(#i=%p5U_)AwJQL5yqL}EGL9-&ClWn(qn)R
z+#~w43^9WY?SR<g0K`ZTTc<Z?Lj5XRokKTeZpb_Ju`JS4vx2}@LiG_L=Qf72w&Yh0
z3<ePQs$>!<(KGQ7m;bocp;Nwcwb9JF*r*lzrx{oYDR3!WS4bP8N6;Ff)UPy@tPmqq
z7UnmMBTvkmyc2B|Gic%R8w{OwiefXii+W$VjbmzGt`d*SdSLF<Xp%S&aeBO}#a5UO
zYgFg~8;$eabrGqZ^)I!5xFBW^gt%WjqC{e7Zca8V|7}~c6*TRe$sUknnvK?!WEVT<
z^-W8@;|ysq6`N#AOv~{blFUig0kq&xISh0)_dJT&P#{af%+}nXxa@PtIZ2SsykjCt
zmli=;Q}59{&pbm^A|op<noFWGCka}@!k#sh?>4~#2$!N{4~SHzH#lX_(t+`#lK1Y~
zcC!D%sC8*HUBIffvP2=^*)yN$S)o@7loKw~*toPH{gF0Y5;d>uoe`Bu2k%*4`Efoy
z1P_m)jEv{>h7NLhk%;ge+VpcTYVXNwL-D>y0|s~F&-bEwOFYf}=_57T?PBhKS-g>&
zIS~`d-gPNP{3+DVS4b~KmvYb+s9nq`4&D3<^vH~Xz8R}P+8>RGA0{C?n1rIU<&)jM
zc!M-^(G8SnGnM*C!?I*ddgHR>bwK*Zgc<6`kQZ(!pI})7H3Pnz7EJ)>=+Pe<$84}`
zztP4VUX+}Q($2Iz-7}84>)>&?c1#r@oP!R^t}p2cb=vh`Imqj%?SBL&A}E!}l`KG6
zWvc13YJ>%HI(l)YAEsm=n#$QgXM7L;+;wraYFX`dKZhZ<CFlAsC?{O8ckgIPhsyWG
z?SJJ!O2x`~8*(|Ei3{CXC#>cUmXrvG7)2^yDHwMz_7VSp^%Pz&W)LdP8W+afBz|!l
zm^q$K(fdIJE0_gXm1_nrlb4-8t7&}6$OG^QT4>}4cH%Oaw_)s!by_uV?#6rFs;bTl
zPGtrq2HaB}HssSEE<nx!#nHmI`~|k`G*X5_dkG>%o&v}vnYEA6;>{?mlNQ{>{dJzZ
zNt5LsA!k~wv=*yf{`(FT?!HL?HE1Y2i>c0rRO}vvL3q;5bm~>DYL`D@1H`qSAA_hF
z7}|T;K4M5vAvslr{IaZs{957Wv%tU%?xaEFh0ewrz-s6?xUoOiuEf0v!`_!R8fknX
z+k-apnzDX}0t+r@OHYEW%qFmYtE#_j0yA1n^K30HthrZ2i77~B>@MeiSpze(!Uzx`
zNK*g8^NTnwzf*kG;HV$B4}cZYUaZ-nu(2Iz#JodNmDe*z-Lko+%eB5068=@CVHdnE
z&`G8s^Dp-+z!n2hOdd*l|L;7WUiQ>W<_W1)!o7%2d%+Xa6k)`4WP{xKYXjqC<?JMG
zksCQ7uwAxpJ{cBZi=c#cn^}8S-kGLNBcpd1#0>b-dr^g-0{|BlyGlr9E{--C$hjpL
zy&~r^kO4fw#B$x78I7%~L$vr!At+H<{*jE%hBYOh1~r)Fj!T-0N1T;L?9fJLKN~no
z)25}sbIGBpY1CO^-rEYfu$Dr&$N%w4e@ZcNoRd$YnW8RW5q7_Gw^3MK(mqOMeaBZu
zZW=qq*MutVB#oLY*O5Qkb&xYdG22kJMH^aT+<aEdmqDpeE+(!4-7PX!cMPMPjbz$T
z<hi;bU%{^W_4-r$UREMs4%~>_7$kq`QD-1Ly}t!z%|~m7X0F%_$Wf4e$SS17^hf(C
zXMT@H?VJv6^FFiS$S{W{gU6N&EhFP=Sc8ok4T?WvRqZ3L{c<wd!O-PLfWK?MZ@zgi
zcU>q#Sduid!if)^wiG*T!PA8FnLy}ICuP`s<v4V79c-^M4qCSyahv(;eB_lhQl0d9
zyUpA+9p1F&b0>wgYzwu@j_WAbt7ZpNRLxqe23$}!dg5{BephCRfZOndmE${<Ueob4
z!7z|+Vv0oads=*#_1qE9O5aUk$M}T`A!aw5HS9h!0zFGCpN6Z(MIGT{e{Fi8=P$pI
zLSYnQdR$Ol0re2W_$;D+bS5EVM{3AjR?t~81fj=pe_YHEg2^)qlpu;B@%bl1%_23|
z9rBM=j>KxWE9p<V#icaa)uXuePlP@A^@sEUlW}JHjbl$AnnK$~WJhIdeR8h*pzn4|
zL8;ueLDER{vIMHL(Js^l|LW`dBv__g%GBZLcP}UmK39s5JD){G<yBNWrw4>a0>B9t
z$WA#*8PglrIr*YNSj(^@BMuW8^uByDtE{fe^u`JSWu;<c|Lxo1_JLDc&p{g!V^qNa
z$byK3i})llLFS}xkXQ+IHH&+i<LmF6kG)HrY`peEyI<6)F-t06dn4aAmBTc&{F-iK
zc4uD4B$aidcFr54Ue=*5sc~ql_@%6^nX$b~qoV3&UU_-FZ`-UCfk^$Zih6cM*e@*T
zsqnpq8mJ1F<6y5!-aW!`Cs8*2d>i1G?j0RJ{Lh)zjLQtnDZ8EMR7@Q{Rv(;whGAzI
zyCgi}GP5|S@ja+vvO;L?L}AM~Peskg&DGj<a7a3QV{*Q;aqHOw!@&I6@PWVHpDK$e
zZYX>^?CRoTcyP)6IhwSVTu+}=nVL(MEVqu+l~@&@oXb&+ivVu<u2Tr(b8dN(rs><8
z4WEm{%Kk`*YV9{QTfg;bv`MVCX~C1SrmKbhiKYHz(_P)<N=CJl1EWm~1N%6Qy~&OF
zrT^^o|7ZWRmGi*CNJQNzDb#{gXhwD4Rz!c5y|ZZvHxTyrto#G=*k#Frs}50$l78Wd
zGZ|xon06QXdG^1|BP*9EW<Cx}oHJKA)3rYZl6uqF2tD%V$YDb&7zmIe-z7d<8S*(|
z%J<ep#sYS>-RsZcG&gEiM13IpxR-5WRin(Hm@%>1>80pq$}qUWmoHED(hl!6U-{+}
zPaE<!@)_$QJwJ8f5y$b!>$YP{f;>Dz2E3<}9v8g^b55kVE+QywX5jTlA-fRo8vN#8
zZ&kGyv?=(x*lcBau&dufdN>#IxY;vWY%Y#+`1}*fOYMgcJ>9o=3t8_Du4KPBubN2+
zd<0i_?kqURuo0jqyO&XBsxs4MS<N+Rg)=DU^xAM0Z|3wz#b@m8>Ny=Ys@HG(PGV+{
zr<3+3+Ss!WjvQl4K|vdaR{orpxoFae>olf#5#FWm8sJ9Ys6s#xDM~bF#S3TFXu-C&
z17<8%w1$eQ{N|rOq9cvO=*Sganc_E){m4lE7^PQZ8tEAGTKXxE_&A@pbkK-EP8lzT
z$K%dOTUb46aN4|9{QNrKe7)1c1aCLwuC1NL!T4iT6w_*7Swt0=x)Z`_7~COF>`LPy
zE>!dNe<Y}u)p9*KD0h7(<XVsG!Cn!&)56M6Tr<7mEHc6VSgO=7>y+nxJzvCDp;Bfu
zl^biHa*5&NsXEpYy8(-LUUo)ewS{lj4{7KhW=~1?S~Zj3#~Qj{QAT_2lSk>jHX6gp
zsM@=41Dm7IMr(XO=pf7m%b{{Hqdba(n1?!_xDxpCQ`s(#AxukAT|rz;48>RcvrEZ5
zjI4P%Lq_y|b3d49Yg-aKc|D0|5{=FX<cDiHBuYoOQCFilFa-g!*Bpn>V(cPi|DI1}
z4^6XUYSD<MIb;eYCWyy~8H&85n-No~nxQ-tj{+#X${9&nG8!|PykaZl_;@*^b`zw{
zhnNcnvn=e>Pz9YEuXuA7p!p7;D!K5`))Dsz(evKYA^PoL-$oD;HGb@QEIm|+^)kni
zBzGm+)bAplCZ}EPb%DZI_w;j$@3VGC+G7xhVpyMq^GIrR3^MyVo%u4Hj-JNxAZv%C
z9HRIa6hBTIH=V56nBli-<eiv{w29s^YCLq_YslN4*3o>h>j19Zml2=&k7&NU?6Yx;
z5n{BbCBDlwjte<RDqEHmx5yb_o&La&;qMc`6~>u05Anne%mt4)&(!zioOZ0QI^wm%
zkr0`|yAYK;s$kTc6QA#vr%8Y_5hI;i0T;b4=n%eN;`{gOQX|yOTRbe2`(H2rX5q!c
zU?3jN>aX0FqIl4?Zw#?N=8aHD4EPk@__RSN!e}_}^2ANWRL|Xu!=I~Z+bStXu{h)Q
zFi%3VLzaH6xRLPs_Qta-oPxrr{vRPf_26mW#V3{zuX=wE^;>}lZgP&z++Iz&@0z`{
zuw;qISI4uVvzO50VGXtO?grdg&vlorFLSilR9l@gAl6eE;=a%Q5+TAVTGcr~L-k`u
zGGMYLUf@2~0O@|B@h1y$2E*HO`Fr8bx~|QDC<nhFDDtp54P8{iCf^6e%U0KY<nnI8
zmX{bCCXERAs>_20{yk3f(%BY3&F-nmAmerLlnbwtJla!x$DQq|HHB9rSOhTsMtvzh
ziRt`Ea8b0D;_pkh%@%Q^Y^JbUOWfYZNxc4ZwaZ2EJaXUFP19*G;CYnD58V20{6WNI
zN%xdq0CkmZm=4{i@blhgs%0Hw4(^|_?oP}tmIvv0m#U&Bs>3U+%etVcl5ygRnyLB$
zF0v}ysI`LEDRCS?dnZ%!cdMwi9w7kIb}KaeaeMt%A#5<o&&$DcY;Z(I5F9(!K(9Df
z`7$XP6OEPV6r1r$02Z(tCZWxIU!hc&{%-JYYd4J}H*_n$sq1EQDSKnoxz7QLt09b&
zPLw6)ank0Pb;(49U!B0kl?*Mo#FU(G5nS_w6ElnFm>j&w6vCE4uKxYvba*iB+v8{X
zkYw|FLhcn0vL#>YY@q4vE7<_nEp8X{zi%L)hptA5Q95cyh>U#QR%rcm$#HU|So-OE
zFNu~00d$K;^P20YC3*FQQI4;UCWay6HD%Qi72gh*8%#XC5~nWzDljKGnl)|ivSfm;
z@;@gPbD-<sI}kaNCIAT#jqU3O`tqhMAv`Wl0^7#OOZ~D@0_Mgbeksi8GRG~8y4e?$
z*Fyg6#K;5Jc(j^nLV%Myi3JWZ3n&M^@)oY#@$Kf(d4MWlY@>#&ZQi7|Gf_F}t#1~m
zl(!7fukauLM<m-Wczq=9^|gQ;X(rwqyvocs%-_!j_NZ>~Xj1%PIPNB#CA!d}t7IQ>
z9B|)<8UX{ehZqs6Tb5h^X}<a=0g>vl^7YK|$rM!q5hjxb`pQ8pSWnd(^A)w6e_BF*
zd>4#Kv^p`-N*;IrtbrwO1(PSd9s~6m$U~?|k`sRc+$^#j@OGB15p)po`WO$GOkYt(
zk_W55fM-fW1q?03pzvA2u7j<X4;^YS+rN>F*8dko8UB3QUMESs0S=3tz<<%8e`{!G
zQ1EddBMA%nFT(Orc*L|XoQwy{pZ^O$ZQ@7}zj8sV>!7MC`6=S-5C7uzu}V1=RU_k(
z)4qZ$%23cShGw-34sO{H;k8b`c&(IUI>icI;-_g})~@|=cIUhH?>lYq-<9$UV6k66
zO?XKEi-*}PX1fnXe(_N5J-^p;kiX|*z?K3m@?M^Gmq}$hBeeU_;1>_at;BX8+Wg{S
z>-D{d6u)?=EPZkJFL{6Q&_Gjo_o2kE9`>m)nS#<7r~NO)Rn1kh>tGDcA(CILqsdsJ
z_-ci0KS(Ue+b1{QLfeF&;lm~w85D_q_J?2vNnlhifI<BWBYf1$RS7p$bCY4UIP2R9
zlB<S`zkmo|fL?JHPxx^ua|HPOQov6VwEk(M_2Q)0P=ZL}TDMz!%}PgIVutGa=bTy^
zLf5&cLya0f>QJZ4zu?`>pk0=*%c$lTDw3;=z*P8-SDu+9(0msbjPnUd-Lz1`pC#<l
zT}cR6O0p<BGI6bO<hWFJOLNGGlD*b>b*Y$oFU(nK+S7oH<a8t^r%6ta00VAGT&Mgx
zx6b7x7E!zE$t}mQT<cATYhMJ(i)hRVkWv6&ozb4(Wup-=!TX<+I(%$pGJU9COoV4b
zyuoCQA5!#!Zp1beBs$5mk>3vLB!{;WFs6S)!^KalkX`?x%t*2XJ-4p*$D}B%`f{md
z4-%gPO8m_sI^fX7iIR-N%N`UuhOm91$iJGEOu%720;9>~hAn)s-4Y4G0wC#ZxqJDr
z&vQ}*h)+NtjY>7>S!fN(>~H5NNY=2xBUEv#Gt%Fe8ag6JxqX^Ed}-a_OBEAf8`WHk
z0S$2f1+-edO1Jv#Y$)+7H}HNP+TWm$K{?r_-C2;3q)L7)7bE^LpN|DVP+{22oCtaf
z;k%Kgj<<Kr+S(MhXPwvc`Hg6cfrUZBqWTdSd4$0_YXpOerH%oKsJ8i1F_DT5&z}om
zcC+nnDha}Av9YmoN^2PMobH)tMjnYWR!L*^A++8n!U)u)*LQbrSe!9j<0bsrIe}gH
zf+&FSH3KCKQwflJlZJx@l|Cv~NzzzxO->2D8>`AtnGu){(6IH<E;EodkP5-1l9ak`
zv`YJUoa35@K2&`lTdK8_asV+RdGIOWikpI0zI%!Lt&g709eH+CU2}^uyPTGNSC<~2
zBv2Z2pu)siw<CnEGY|aI$IkbNskU;n=MEBsW@Y<M>r{VQ&x<W{a?KeWS&h+97u)D}
zZ|}l;JLbM7h2k^;<NUB$(6hOCK`0kFk1eJHR!!0Eg=tjnaM4ahnAF{suslBvlGAI6
zF{N$n$kbG+d@!{ti48E56^J|};S^w#K@ij(ZsYF{@>jG*{_=xYt3!xW3~Wt9fK48_
z<7p#pKl8*WnsPtMg}|JPT?lG#GLl9pT|xjjpnzMkAE+E8*10!JqVS|7SrByp@nC8+
z!1ox*gCy|P%)K~CvZQ}{M);#a85Nx@cZ%q->mm8&<16e|qb<B-lOzw8A$msv1{@lG
zv=2BMB<CEtIbBmLiL9=8lIKSOdJb`xB|0Eg0_TJzIlfioXtv}Dac&x7UrXrb8W!@?
z90;_rPn`=V`IfADK5Y3V?Y{~Ol6J6;y74ZYQ<4eEr-tp<mj-j1_jn^DSF`3kj?&Uv
zGF|f0`jSEN-1?^hAMhYIJ5xp$dLCX=_H+D=WC?)VSLulF(^}1q7t`6wT6;5)Z*pT1
z%9t!gSq;pXwY6Iai0eCSXKJ+1HaWnMd@f(b^j8sqRR@DJ1<g^sk%+3q=)7Qo1h#lG
zl7<`t(W_eULfxsWx~D`v_2>FWQiCriaBUut*J>VZ%K5z5bT`DwzRh)M{4oEU1stFx
z)FCc;9Q2bEXYU+_gp|bLdI0-LOA%-g8zy1ZAb4cy;1QCm0800R!tVmWrP0jXW7;M7
zQl&p8xw;a=oV{5~<p4i|Mz7z01S~a@B@1k@uhqxLs#>V+0!6Z%ilo@tp!X)Ju<F`u
z$XXB;dXNE*-Dcg%pbUQeS87I(zQYDpk=59Ctt#}}B023Y&kNG1^R21CY6M{<JlPSt
zvvbR|CJY-J6>1`DXZK#&raRWnj+&QK!U*u%?%7*L9)^Zz2X0=x{YcnlxndO4%Nv8y
zPwyO6Xv6kC7@i?u>juIH@)s!_iD2%^AcQsYE+N-MNKOD?93LIQc~o|&v)Ap^rV7(u
z9Kd}z@iks&M9|B?VW>h7d9>0i0?x*_j@5p$_AI8QyhqF#xm+p~#N)_LIQ?q$@?fk=
zU3UOaT${9a$@N2owW3KRlVU~?7kg66>JSee7c1ob_0Ai)!y5WA8H$5=RwecmP6qR{
zi%ozHj|g{>tb1WPAALSB3g=#l!=4Xm1^BhmrW-3>$4ExPb-hy9TiO61touFX?9-ar
zf%;^BayABrPM%+$+G(DTr&&!qwjTF7hV{8Oe2ZyeYsb4MqO!8ne5{$9AI+Y`%Z6MI
z>oR4D5a-TZ4Q;NHn0h$cZZ;mJ^T-cM$=p7Z7An*!$77L5bD2!({8agJ@v>L%z#jZh
zdDL6wQ6eXya{PMPw*m9$4eMb+|8V2={CDLE#<<l_gvB{yWVhWoGc@y15=-E>(l&Fr
zbuAE@I(pAOtQ8{k7hUhKp1iksDSN~{XUVPD?w!=6XbYuWjXM>hc#-4frn;?rERRIX
z=(|}b{GqdA+--L&=DTbHbF9+)-Rc&~n}%HcjlN6@S~ZESbKTL5K-(PlNNSz)a}xt5
z4^ainoe{gX+k`2fHLp%f?FN-oY;d*B{0*t{PlxHY#-00;XP4<iO=ax5?s6oGc%#i6
z2ez8H4Oq&Oe)HP4bMe9GT!v<$e%fjHzKOCxNOKdm_PG=U`2Vzt5R*5GH#lqdp)%_C
z>?4X2_j=_zL!0kYpAx`4F?wU-8263_vA#)(U5V?+i1Nr~A-=t}xm=OY%MClZZXcH9
zmVitWan;eD_9}Lpe?>-6?r`0O10BS`>S8~K2;`xrM_Je`IUpHsaL%o6w!9^YbjStk
zIX~MO;;$psXoGGKM98Nt#ChmN3|qua@?;ZKB#GwdPyQN&7QKWXVPNxI-6CWU{Iua-
zJQ-1RAEVNfvtvD3Nm-RR`@!ZQ`6LIV7wtX?pdUoo0nuCH)r)bc8>jz||NDsSXxtKW
z@M!kn*e&{++59p_Z2o+HV--(CqIhP;zVeI{>&m?0n(j$9i4_oq0D7p}Lu&f!8-&`p
zjHin8!7_XLgeMDH3J<J(xC><Z2~8<^LZj^A-zKPbMrQNpn;X`gAJ#P>`xPDRsh!r6
zAH7T8{Kko_lwl|vbFKiSsd=37sH?#`fU84B=n#~67aZ1PSk;Tcp?o+Jjnn#hXaX%*
z-Z;2Cw#qc8=MHDVS3X%qc_9o>Z6WB$rOh?u)`-x^du4kqJxexZWqNz#og_%nLf3T&
z*i5kTqMDnaS@Roi<mS9l+F}LLp~T?TLW##kXZ*Co$Z|~;@}20=>{`~cxQ2cafe=if
zzmZ)Ho647$QHh|p(Xzd+y~nr~9(Zw9sSEwZ@DL*|bR4LpIv<7{%@!w_ZLKu8@+!%K
ztpYf)`4e-YNxZRFQtv0sH~(&s;TG#DlH_LOln(3#8>5QB0wss~h4R6YEue5HsOW)K
zbBukTV;vSfLdh2LrsA_h(mX;5=D#(s$GyAs#QB>9mxmnyLytMbTE;YnHKID6>p**~
zHZBUb7WI-PL;mR8fX=BomdTzGC0a8`>JFr!>KWLL&Hq>{!`cmuDwqTxdoeYzgKKN8
zOImyO$N@A!OV$JLP+V<GbM(a$?%fu%F$(hqt&X%>a6cV$nUk0~mD%94j|2#Nq^B*N
z`ZR5;*uBL4b2Tv3UgbKrjdHmjiLrX3$~0z1HMpx^G`n>n1L_}y)V;KjXVP(|Z}mx8
z+aX3&mNg}aTPEN^aPz?5SQN$-bH@qvvs*6D9npYzGS_`fU)ZS3S+ij40ew$#HVm?P
z)_r_s;YZ?lA=ulR#gMt6DZ%#KS2$azQs8VIBieum*_Vun<lcR9vH!&SGqb*R^|p*=
z>qBA}S3(v$89MEcjkM#8|E);98B&lefb=^A3_4;LNV(Y8by^=a|8_`yt6S-iG1KGY
z^5!ic`kmDBp8fNfz*Z%2v{|0n*kkZ>4<atq_`Qxj`v<rTM9b-)SJA;rC!q#)Zx%1F
zyke{U45S%?rFQiYLDPUSezo%x4T4W0o1hvi#n!imvGn^TbgJ~kx?d-kGL*H9y_3*J
zRhAT|#`BfbK^p;x4H1mQV}$N=gzlElFGCdkp3k-9pz1KY6PMAsd?mMOG%0nS4=q$?
z0za5&E}bDL4MKNY`4j1-l<G3d8{eA4_A8tvjSR}|e}ljGC7!#ojn@wi1on&4uaExk
zEJ*+~v1?ZW7jC!zX6E_-eKn!&=fCGp0zH5KJy{Yp)jji2ieP;Kt&Ze@`_D5PZ!eKm
z$u#_JC)pOd6^1!&_fSrXeaWsS*Go9(HtjVGI=^GrOxBV~5O!AJ=jRW7iXE+>2a9D5
zg`Q3=Z<wVa3A?iz$Gzb*Q0Q~-Wq&pP&X-Qmn0pI<l2xRLHIOzdEzmsl&?W25CvE%u
zH_@|B>TcsW4wN2=+$+F!Yaql5Gqof!Q5NTrocfd`VK%e#%x&G1Tdf;HEZ`v#EJQv9
z7b``H*ktijo9%LsWB8}qdrC(VUW)&@$t$XQK0?+I1+xolAyN`aQvIps@)ro!`<L@_
z9056<EezPybq(wo<@c;o^|%8e1*Sr<5gXgzrFYH>-nLEYA9#TQ&<vD1AVjiBSQ6%l
zL_#@;)`B_A@r)<=5r}Vg=PcT7DXc~l;F$%&cEi`~BcM<rA+@&u`R}`p4X;9|6>M8A
zOAhX2h_P`DwPot{XA^M8gpk_YaA|*EFA=L7hyQ83RLNaR<Z}U{sjC%RNQ-cf{S2lK
z_0AS9Sa~LE#b?fKTNLcQl-)2i>1l4D`9pKX@5ZlXr@sD?J(^n29-E6+)@XVMU#^t+
z^M}%S6aCxM0IKcu9nHRM$%7=&ZX9(WzooyRAal#j;9NTZ+SztvxclTz;CI)8b9XJ2
zV*@$8bP7^U%9A10!xyj{kR|DSPvj+%bOsPje}xylkTFwM+lilkwEgqj==XjWwEMG^
zK<1iLdwApOs6YtB29Dq=G7irqT{8Fx{^`kGq&bxDNFlavybAbX;`(;#LQcXhLPLpm
z89XVO-Doy=;RNXa5U%?yu7jzXWAgw>=dL@YpkcX>8e+!gBHmpGoR^&>`{rRA^b!)m
z%lWbGsg01P&BmY5=sC%7Fvn4tKXckqn_6Wbfy53jQBG&-o6=6^Y?dc0bDEHs%4gY)
zf%gwYrTzStx^?I%6teJVPTSWjHxtlX($H-B%S_Nw-|n{^j`25cf&=`0n*mfnr!BA;
zXBA!l^Bexom7eWhGob6yK?`OViy3Lr4z2%Ho{2Vfo<G8S1*3(kH$nhof+wE-yQ`(}
zqIk4vMeny5o=<?3`>|^B=a{qpQocDA4xLln4Glic7DaY8HLM9%<+fGZJ}s|AvlUsr
zL)NnHJKgtP95|8Iw1$GR=2{-~1wcg)+6|IZKS<?3TJ#t{x9V~Zzf{{~pgUbSCv+pB
z%aU!@aGxC1(<Yn~<=6nuf}o{!0ZCV<#yY3JBY&C{%Z)~NZNXqHSI%JBw@9=Op6sgC
z-dS<7r=mhxx(P%Tut(ME*FXT7A)P!DP)9$6-BJ`?kbi_Q5`Z>{CvxqGm-iw^fHe=T
zxu&MtGHyWSM7MGIEigoWh-8?QjNB1ALEd{}oCB}tVFrMT-E(YzY&px{4}E33ZMKGA
z>$W!u<a&@2dRoA_AnMZ}%V@7xVINYyR7@+CXJJO)TebhW<`19rpB1_SZOUSszJKUx
z;)fD0k$<G~)GPhHQRIIy3Qju^muvm59Ml;AmG@!*KQxS*Y7ya&C(043!J7}9Q6%qw
z^&?(q9r)3Qas>2lYk)V+%ugRSf@MCir%b;eS1ayd7%K%`RbDtLhwGyiAuIWl#7Z$;
z$q3)Tl~L+mYP^qG;zaQOtV7Xwt_4o9DzRs(9BE+|7wL>5i0F|U8Wwq6gAOE_&r}h1
zuGK7~@onuQ8d2?2SFYncox-5c^+2uA^UJ$e(htRw8PPSXbHv{Ub|-q)Pz<WE%Se!9
z`oGbL5@sz6$Jp2<e*WrXy2HjSF@XCM2|X({ubhX%sQ=!XqGWV|uwHKg$EkQ$ahUcH
zlgSV#Nrw<LG#y%dUl`euVIY%9?onl!zf<;k!arMi(ztE<-8rsQQPn?pZ`L28aJ>=M
zH|F;j$$Ojds?h2kPmiHboE4r{3@;K!?xC!0Qy%QFl2n3^lX6RhV*Z2(%#ZmzRiNwL
z71F1*&@V(njQ``(fM)ybcG#sl-6kxQ$D=BKd}a6Y=1Ae-MiMgoR_%XT&b;?ufUbrm
z%$CBH*K9VdOLYalaJ4t5UZj_pM^yTF|GL0{(Ie#KPXz|l8@<RqY6w^-U4E$kduM@3
zv6vGTLBxwGm4O5_17wX_;?s(cah7nu)2n+5ch@UJ{xHy7J**~TxhMR|>U{jK+uxSx
z$|N;)zn$3fM|*$Z<;JY3Wh~QOoW8vxaS@{DM2Q9_d|r&RqWs}6ZK1yOJ(XX4rrr7q
zrD^#k{a-<~g2YTFw8Fez^aifub&cA{{6=MuK<g)QaUigFra`$QRwnCuB_pjXX+XB`
zZeAA3=`2Z%u(=63K~8<#$hrQeh1KV>p?dcPJ+8AF2ivEGJNtGT)^GA<Q!fJLi1-DN
z>ms1^pp{@iIL1z2U({x8+@*~zmx~5rOdhEa$cbMwd*9i{&nuFl<skBius)6_-SXhF
zQJWhOO);fP4C=i^o`=J(hwCHtVLPC|$K7jHWq~=(^VZv^Ju<WISwV;T?${ubKd-o}
zG(UY54l++T{I_mHE#qwEjK3nY9*VtUU(!oIdQ>|KPnSk$i+E2t^ZZ(_C_X{3`;x?(
z2<5f;ul6-Fu0yPe8KM2=%R>n0ba3O-sDdglmd-4^?!AG2nQF+AJ!-sKYyE!dZJK1`
z66#_g?~jJZu6MXN6WUiNB_}%B<2J|JHS3=YJ8#bk&IF8-6|pdfxQnfnYv`tV?dmrY
z325nrWb~e|k_wd&UG9GC5ZaOJzH`ZCrn9!_m0|VPie8cR;@Kk84o~&T%EdNMXSXEM
z8Ds{{{X~em^7bOxH_x%q)@jKZ1A9T=)KXJRjf2~&)(|<k=4^a_ru%TwXkOC&#Pil1
zWp)wbjPnh0`F1WmS$FinFy_e>#_P>gx(yQeOB!mbQ1mHZfmQ=d4Tw*3E*;T{!qG)!
z?H#N^C^4D=+1hBjPd3)A0h@3<k^N35Z^R3;&EDCkQ)2Q?u<cE~@4Hps<4~=@PZI?t
zsWq()1=PG;Z&f+EF|7IE&kn5%KWe%tW>TNi5IP&?TpE08P_vRzXk<H&DO|~>P`)!D
zCpV~+FE9tHJ1mNZ7&TEN<_X<RI2g_Cdz>~+?YkooLS`EJd(q;}(I+PI3;P_qgQVlg
zCrK3Gs+x4NYM5}>E;a^zLOMa`L%V#x&Lio#ecSBzD~+(CnmN)*io;hUcXRoKHFFF=
zcU;rU3plNly74Jgtj&yN>6ybkkd1j;X20p}G@u6g$dCJPl-CB|R8X)_Qw?!Q)nmoy
zb=JR2XdkZr&=<^-&5x`WbC9Z9-^j}&gH|;;_oM3~K4QA}Fr}{E=}<dp59LWCalj)D
zeWKvEnxbQCVHvwid)2$K`>pr0ORB0za<SrXY}yfl8V8NMMAl~8Ng{TW($8z5O{f9g
zbU1xuD(&>}O5Zo_v_JyyJt9tq=CW=**Zr0OmZ+@M&8))A!yZC4*k-AT{LfYK=ML*F
z9Y_n?(4HPMHtz|d=QJEq80A5xzIJ!}KtpIEp4Y?yop2WK(IU+EVR$kh1#ng|uveNo
zMet;rdf2rXF2ql`>Wr&0!u|McEdmEu?YOVfk+1hhu2>}9w=KE&X6{5nR<mE0uh;L@
zb={Jtl*DAJpQb#x)LHk-JwIldawH1T0q^8d`iC{;6Mw{tL#cdZ^3<yjyxtmkIKZ1{
zQwC~-s0!p^Rl}fYE%gnVsxsMXFI@fa?bxV59;7unX99iV&1{!ByR*(sP#Lea-D!4I
z0fOfxt7lvYar>loTEqbUl=j?0!tl)IIRX=%NqF9EpvliJS*b)61qwjNRfb74f1die
z4Iv{t>1v~C;cBHuyZq-unQEqM+uU$|b+49dkk(zndG<l|)AYO4id0ZY{y`>T&N(gn
z70LXMAo+71nFJ^DHK!&|KLV2!a3>1X29>3<R%>Zt4)vA#R8Vo`IKl?bn(;!^+GhEQ
zm7-S#Q}6t(mY1D-{iyxVUy7Qy^^OF_nPYc^P*pp?L?tL<$)>by8xQ`D8qntP{LRe$
zO`_IQumXlYT)|L-@zm$|b@ecAyn!NqWYMu)6xBZ*mOI^P<5B22dn<0jYi0ao<-%E@
zG7@@fq(VrA!Sx{qQP{91z&(vxv0L-9KM*WLR?n5$Qu~fez9p%m`Fz3CizRk4NsPs6
z`C>IHpPB(Jn|^p^LpN|KdrwqADYJGl5uwxKHBhm2tli}?4{QHUrCIsuEY*p;PXn7@
z-D&?R!FBn_N3M6v&RZ^<y6u21*>aaG2feGcQ>52<N(Zlye#Ef09C6j$ddTgn^US5;
zzVnG5*E}_TYnEQ=S=Uo#@}3v7VBk4Dw>JrJVi+95!z(`BLj_`}@eLeR4@!iVWQ}A$
z-Z>rjn8BX9cvr~dqz%H!3lw)Xn_<TQnO@U$)+4FmKds5R*jd$lyx|;XOowV3LcAjO
z<~d-DQ?BD4Enh$vgxR&-7R&iYFfL}S;d0=6d4>Pm`nb}OKY}i;7hG_DjlXFj#&f#$
z`v-v-@G!T8)ouPRbkd-}x>g5DUDO3t0089$#~tBY;b{RXX#;<FlqF+l>v?BxAR-1!
z*qCk?OciodvYOkc^-<k~Lw1M*IoP%FiqT%{Ff5Sp6fQUQUTEmGrOg*jgw-i;T=)vz
zrfFmn#bJ*{8?mlpS!K!foNbpEuoahuyQ&`+?kR(r8~UUX43c#b?<=j#u<LnVTFOM7
z&oi}Y{*ZRXW$(m)iC_!l<j#clGy$?|_N>d(QA0w?Rh#p4lOs?-;S)cS<E0U=T=l5C
zb^=|3UDJ!nM9q`17V4H8^S;@$z9`|E3LACNrDZ9Lna|j^EocMvBFk5fm5BZ$V{aO5
zLfz^xdx8);6Sd|tGTAn5XcjJH@GX#HVJYF<okYQ=Q27WNeq&z5{APJLwqhY7l_*?a
zs2$fc(T+rT6_(>Q05@(RORa>x)tx=3hQcV2P;+iU?~t;4VI<Y9gGaTtas9Ao<5oq9
zJ=`c-BPNzua0;F?5_((Hx-d;B9TAl{LJ%afWqMt*<zW1?+cT#j8AmAaB1Hz#vY+6S
z+43}$XwvYCD}0JkV0(OZJ6W?-3t~Gu<DKR&baoa>1hJyi3amanoB2Gin%kTNMH3=|
zRmc?b0y*7=F>b4)?>uysDTbDwSj5lC)doK=U`JjibpHvEEgMys>XffH(2waNA(RCq
zX5GRgyC7MoQ)$iLbpZIh`Eahc2pgR*?=Nv@uu{rDsXFT+=IpFv!cf-VI;dGFnoc#(
z|J;*Eho@GDGEh9HD$k}xR6KAnLQa1RHaW~ZiS~o=IK4sS6!ze=bUxX8F#{3~_cRtQ
zjAgiE&~vmX=msHF@PGsGbZPpU8fQ2`5zR*ly=vlBxAtR@q)9LB96vH1<3CHb^Ta)$
z9SKE^Dtq(!GWM^Vy$$S%dO?L~taI1KQGnWMEQD6$*^?<R;zwEq1cPk1y;{xvM^+-y
zv3N;tje|+2)*cGG40@CiYv>Vm&jq0S$jF1@ep#0<FWbb1ubrK52J%MUI3J&bqKx$P
zBLW*imcB1sKz#`;gV%&Y05))$-GhP))NxC7Ibeh81A2%Or`Z5@=%<Y$PY01nH&+ST
zCpCs+LGQCuALOK#N_kobaGvSf=X{ahYG%?eDKe}>t4n-S9XBIUvHDV5=GM?ww>~k)
zQkD%N6eYe<Su)Pvf`Bt{d9gIrV&XI_;{M7hNPAy%@gQsUCFgIX7EIk)?e~kEEiNzM
z3CTQQG!yM9Dd4<NTLB?M$MkVX&~oT+H1HZhc+Gpol_y8WXbXe#XZVzgs#x_164<-o
z(7QO(pK0D=q<3HQ!T4@Vgy*}FA3t3{_a8mk$IR?Ge)<_MH|#i^w9zvg?*=xME!p$R
zgRQo`S|+#EdKWuKgjbh8l_?p?oZYihc7s(?+`z&14VnrK70b1Vs08P$5#3WT@rRmT
zAj0}al)wUonbl`EaMd@fTD083=^@iNSRuZe-CrHo{#XtOJW$Gq4Ca#XMu%;L)0ie*
z)e5XUMbJwSJ=QLWv~^zT^3ktBW0$Yj-NY*#J!SUt4oOE?$93j&USGdb3^*}P1l?cW
z^lGs*_2PB2=J_hF)T)#J@>}M<#oglhFw@SH0Z>}A8<x+LL#JJVW((hsmKRtMP5oVY
zwHxaoucT(rZ`D6(waw(3>5;gd*<)${K_73`H)+H_;!bko%Dr!LU<#4PaLk?5nVgMp
zdlz4C`LWbZiQ)R$y<PcdE$UJ_ak)-?C&K4EC~{Wt)fl%mmO4~vImW+lrs2(t#0=Im
z;B^z)P+{{9s1bZz1X%lZ-B)KDy8rHI+mLOSJ%4dO)tet5PpGv(*rx0ntKNboP7mAr
zp6Tm%)>cg1a4Vb2tQqGodgC!qT&uFG#k<Gj1x#j|!n(pJVH;mvbeU1NFuJdj@v<zI
zgFzblXNP;u+0qfc-}~1euK#xkloh&wEY{E>aoA}yb!PRW2jrs_nuem@KXFDq2!J(!
zp1>2E+ZXs>FEt!e)1gpetcSYf(ZWw}{%0L}o|Gl_^d-n%VRorJD%F&x--m5@E!{SK
zUS&%jXQMymmYB+dtJ5M#|KkFJZ@gVh3q|0cWMa!}#@9TgzcQyKh5IaRpPhZ&sOglP
zxO?TX?8XsaMnWTFl&M&b?d@E2!IA=hT@S0PlGbmA>(}Q#;S(Ggy{c7vzb@(@FleiR
zob_n2?TlcKsqm{!&;CK)-_TuQHkCDZ6zy9%8b{mXD0Jg^$6Sq;aZQ%bP<eN7SSwrA
zor{V+Q3Dh-ykpc@VVkjB4`(sZJ(x-;1CsuGFI&ENv=T!l1UriE*G1McAMJ+nicl@v
z4<hbRo{O`avQEoJs~|A~0fuA?pIkmZE@dWXXoO~G#LFAY=g=Q6M6b|v{*re|oqkRe
zLrha9d8z^sW^6;K?yQUEAHi-bF5h12Ud1Fv@zS1@KA$q3nru46nM`P5l?@(s{78s^
zfoV6p#&36zW1E>}l-8rOd^4d=>h4)0V)-*!p^gGO(!zO5ZSq#_>}h6eFro{-+4~eE
zSI2J-o-$yKx~O`I_qMI-S+fvBE(4WIfv53otk`^qG6MQy+jDc{uA)K)kc+GJqX$xI
zvOZRFQ<mwM@m<ga&-#wE>Jia`v0KiDc-kr-S2@#A^>6V=W^fS9#4aYo?hrKZPn-3M
zw#QxDaFJ8Tv_D>mw2jNQrSpSWHe|DcmN)}UABTGgzjQ0#(E9`DTwXHm?9K{yz`!N*
zb&mGgu&Dt`%%c?$lfr1x+kRGES&|7|Zkbjd*aPh&wCZuttHHwM)GM9^eg&^`caJY8
z_r2OJE_!A!id%Huo;r^Wq$Gd``G_*Tu%lyupLZ5<I%bixbJ@9E);?yjA{Ww*({ot}
zdscAJ#`|1lLvo%Zd9+8<{b}$}^(*u2(?)lbd?q>(XUi{r`(EwV0Q>p<3@3F?V2Be$
zntGk9k?w76ZlF^kFlp+7m2ZqA4y{qknFBU@Z74ChsD>u@(-*fGHn?*eQi|yDnK|wu
z&gs7=4tV8GF8rQl6rbhmxAieWRS8Unv;UpTk&`!0;9#sb?2iW*IV&nDUEXU!nI>#L
zCHw1^+BQ2nGZw-m8Xyj$oBq3tm8Oly1^x^2p}4wKrSL4@{P{nRLBX{Dk(8N+Lv$zQ
znbWR!&+53P#g1~cn6c<^AeW!!@W<6?&lY=+?be}^E6RkBVgp|cT_)advZ4E}UNl|w
z`v&3L?lYeuOvNkean<=ho6m8c*~0X|vs0NpCSsf@O?9bhzVmmg*io7qRDJpuP~M;n
z85^9PucSAbGxJ2~;Imv0zucR^7n%WgF8%j(mZgI<?6jDw9FTls6E_RW%s>8f-ppp+
z5Y8Jra<kW!BZ^Jt%9??;3Ti@+^xYsM)?tCSpEA2LN7}S1rl8^v*Q0b0F}6If@mu>s
ze`Z^C^$mlMSgm%nsJwZqX?XsdEgRko&d0R=b5oL`3<=8<203F}NUM$taU*x4)7mZz
zWA$**tPI-!_{D5`j<z_rwL4n@EO~isBACmH_pU*s)8FDy&{{veSEyv*W=1816;ng0
zkPv%)>vp8X^X})ni73aguMNVc`HV5SiUMvQ0%{A$9|LHMo(l1kpqZhDcRxU3>0QOJ
zrjf10O)l$HrLbD_`s#%MiMztyeEEbNakhgjS>fL&cBVEf7zu6Gyhd8<`kY(pre{OR
zZQcExQO||-Tp868)`RR~2yqjGbom$k(!I=G8V89^PZi(kKmJ!nI7RGpEie%T*E3vj
zY{W=UU0Xi&ZHxe35nu}k^V*D{mTy_sNUnC^%Vy_BCo!>v*D&^ov%G1AJ5_W=WsdAk
ze0Gs58R@8*tBS_Kqid*|0uzH~tXt!pMm+j=D?37CiSDZ>(;R^(r(oDDA23XNpsq?H
zbDXbu!?cQmOvJ1rF_cohsR7Ol!6CM+E_whRc>hO|m*R1`?%h6OoRrF@g?;EJvHKO-
zy%I~0a<u+G!oD-AsqA|jb!;$pil~6nq$4OQAXq`^HAGq%x}boRfFTqcqtbhCN+&?1
zw*WQ-5{mQ=BT}SB6N;g}JK)UEng54(&GN&nMb5qVoPBnAc6rcvuiiHm5RuovT5nIN
zQzZT-z6F06B;s!VDF(xki=7H+-#G!FQ^5?c8dRP6tg~Y+eK)jbynGxw22|&ksX0h~
zP;qOLZ(z90e-!>}dcg8$C*Ws?)#kUEYXYzMk-`L<07oue*6u2I0NLj=WuVd1zl3t0
z_TJ7GxR8A|{5}Hhp+?Zfs#Dd6GEB7_zIGU(_@SNrhH`_mOw#)Hz3Ka3!3gkwf1|L2
z<cNY|b^UHP_PsnjW(4`a!bWdKX*+%Tx{&)=GC@n@>OeJ8arwha?vq+H-hC81h}$d^
zr7Xeh{bu<p7+|ZY{RenSSB-n@qGkGHj$N!CEsh<9hU%E{rAu<?*IzupbS#UuM!u~7
z$3gqYsC2;wbAFoE4_H{&)X-)T%o$DAy6GL4T>gL{a@2&pkh=<sjh;`O)b?xD%bgri
z&S=}NlD<n`&NZ))>rw`ZnmsEzx!iSyPVi|t)|+rF9^Dizvj_5XKq|okNDVz}s;RR4
z*Dle<g&d1fzwX_b(B^rr!VZ0bp*6K<ac-R2Pxw8Kt=tlJyS+s8?uZa80uG6W%zqm4
zxO4<7mTO+?+6|1aB??8cOIuogm*In1=iN)IN~2<VF7KFcYY#1XxM-_jyx%irt<qoS
zD|cF2cofC`fz#;ja+4<qpu}#|;r`pTn|yK%ume6G6hZ#Y5pD9Q=b*5$_JX@v2>{^l
zY>OhKBQ)EfKr|Z$pVva3G-pN9$;<eUG#iU3m<Fzs_r{>iBh1#V{XTkeVc*m$v)Vov
z01!vO={x@M;>s&^&yP45QGIUsc=FDFi&m(7bi>)MLT)9E#O^A|o5oG3f=+mxzH3ZM
zT57x#n`s|l@tAdw?sakpOwG53Sjv&@HbC#DtJ|$FKTw~TK=j9*mJYgUaNQ9RSER~u
z&n107orQ?Txec})=B@p2%TMy-;~hw#r9&ToMdL?@IXI0o={bE>t0}^)&v0`)%v|8f
zAO@5OUEs!z_45s*OHM09r{mvO9V9eNFY=2bFBfE%nUua@zD@RCjhLeK+->%Ht)`r@
zt0ILdE&1yNp({!vY!R+fT6%aK#hv}4d!UXxH<Vca%U_s(tAc8{VAWs}*iun_wRo16
zJ@L%t+TjpX7$Pn&rK7fLSaf~JO5%%kqFC5DK&<G4#5kob&vKJQvS6y_sRuPuxdeL$
zR;T_ju517)$h$4=YB+mu_XDr&pCL9+1`PoD>BNc*U)<v>eETIm{`e{0o_~c}gKE*5
zb-=!*^^vLeCnnaeCIlaKHpO@Q@|;M-+9X14+;bS|B^V~{F>3MoLSeYr@5I~-maI$#
z>JiBKNvm=`p8PqCt^N0N`r)2yU2SL&c$K!cjWns+HTUvW+nHm<rv0W9)eW%<33FWJ
zncWGk8G>BsG$y`uM#VTL2aIt-yXDhD@hKpzqqA|wky$8#Tfo83?5V91*PGEnda7}D
zExkxJVp2xvh>qp0^V~e!TB@sC*$+{nvy~Cwv#Ot;mv%Jxkk;<~QY>D5vDh1`n*Xh&
z;i28@DwAXq4$E0OJ$&r+%3Eg{lDjuP;u5P3%vhMW={J8|C@zzs^Cb3?xdOFno54><
zUz<TBW~m}pb``%zNnvzB8A6oS-I90o;~zj^<nyFtLdWxyV!<KyZ2~-hSlmeV|GlyB
z|CHx^FF(`$Ub!F{5S!OdVG5;b0uiCth>UATQw5okt>Xi8<_Vsykot~W@jOJQzk<AQ
zFg@|G@XXS$<Fv{|*mLUoJ#tdm6gM7;8Qfl+eBjRgSbtkV&Z7J|mKQue0A$^W2ze;U
zeTIC`Pq@Zmcg|Cq=+jPS(}hulQ7@}rx?2AtZvRpVbB4A7vq_vF%nm<S{<?d5YNlCK
zX9t<<8>`Na&rppIm`(5=I*~V|C9<pKU2>ps&L;W5JxyOU{+3Zlh?l#ZF#ERp3$Del
zMf2uq#9SXs6$f!&?i^02T?&0i<mFSS`4}UbqFL#Gzw1I9zCHEXNcM7373MK)Ea}x6
zzPgG)>)J82c?%eSj!wV(BknlU<!!;cmKk>E!uMpk-EJW!LC<PR>hk#_<{kf^s-uYX
zL&#26J^S{F94AzmwppqrvrsJpEsbCCYv!`gBh2ok=jz7|_y5@3Sm6)qiiW^|o?rOB
zV(O&=@QrE1oQ&I(705|cPBgD<jx|eT39tb;><Mp0QtTd&$0EjE8y_okGZm~PT$l_z
zhw&CRFQ%tryxhB0=$~41+v8s7F<%_f$rRtvL`Kth6hl!%f4wh*T6+F-Zmlbjr_!0h
z=0DYx?im-+8;F1%-S^I2PwyQw@)|MIhRaJ|`wF-jp&<y_#mK;06qy=k)DDzUq_5!P
zg_AnFSL9bvBmvzRnI7SCo!x?Y?=tLKUQErXUr)$-WS${r_m7KkEvIp-J)`aV#?Y%v
z?2h+=5N|l=Lj{u8w<yP2YCv%N?G{EG3Cu@Ew0g#$<G-W3u2S6X!d%7(bCR)8-H_8Q
zut^AJeGF9QCNb9Ev}P`!Y6@TTwDZq-m>H0s@93)HMx>S{B9L8$*Ou#Dy11sfYgSYe
z@s6RZ7j<@22D%Kjk5&a7O3H*RI-OzZJZiIlVQ1=-^#mU|c9ye1J3sM6ei{{`3>#6u
zJx1ooUpnNX87BCt@<DvJtdf;j8RpelTlMr^fr*6FZ#mmPZ<;D-F}VQE8Nk6rnH)ww
zy>Pd+q9YHBZs5@Ad>AFKCA;W3kyH7q8%48d;zYN!b72y_p@hD6LEj!@R<i80@>cI|
zNl&6i2Dr4ggIx~3rB^APa}J%)vxHTeGmf~fykMHvKlKFVi7nUhx~Q`ot3K~F8+Jp1
zNG*&@DpYX~)CIst@KV?nn6U%e{Aa^TrtnGHJXu&M>?0cQLQC;`RW*D9P2^tNK<y0H
zKdKf}`0@cN;bXU+u8aKAq*V!7E~jsJMNgrW=Y^@9utjh7zRHe>(yG65!af{(*bw0F
z+df8v`U=gJ{o!6p+cfuXx<=PTz#`E(xPtF3yRk&vEuQPlZAcVLsoAOGd&=1*BK+F8
zjg`%)SZr)yk_c+?&pK<?mb+MaPdV)?4PS+*lq1%8!YJ@8j7$1848Y|WJudV}B-Hcs
z+KwTiIi?ty=$xV|OKnHnzn&{`=_K+<Zp{U)DBSD-5kA>FPZrA7shI1eHtpWiU<7G}
zE)HqeHt2jD1z4t+&|>eTe9Cz~RR1V26)$=$pD)9|Z;YPAT`D!j%7!vmB}Vu+h8=Rh
z(gn=M9fCLe0MW`x8C}3$or<G6c=Te_*T1KKw*5>|^RZ@pzU6m9GtbRU(yUuzYgpeq
z0J<3mzkv-tHOkpwp&0b1J9a&Nq^0qlz#W;yCfdB+w^+u^FG%~|p}-p-qC<IjC>G}!
zgV~buhVsOwrHJ}BUt~RTOvhYyd4I?Ha>thtB|23sQ_I1FTkiEWW1pX&T0Tz}d<CD1
zD5&N~MQI<_?<NW_yA%%i7L>J>p31y*wp2&y5vv>BZR6$CaSFak8QWnKtC&y>%1)c=
zbtjto<AT4*8?QZ5TX!fEx37P{EKlA5=6;X04@Z}EVg`Q5BlGo61{hR^IId*8M5NDK
zX64CiY%er0ika4L*mLP5Sy2PkM#+7W@JxDI1bEeg?>Kt}eQ#QMxeIMtYO1>LM$^`P
zIDC~T*lXJ0y)6}L=w^8x2ZiHW)ltx@9%_O4z%s4BZHN`$^Ga+|x-ABh#iE$C_250+
zI^hlv-eRDB{x6&@BpiIK88UzF0$_dHCT}<*uu29?L@Q50d<Rf6cN|0JSnmukCciO7
z8`fMfP<%CXrh?}7EbEDu;`&7=^^A#xx+R#^5p(Q$#b!LY$!rj;&Wv0L2}k2O*-PpL
zJ>Plpn1ln+vhV6d>rTU;Wy&nxi62IM7jhV|lobiHwmL{=w#ZJO!K|S|?w4PoNA}>i
z(@6tU_H{u23tg4K81RQKfD|V2=3p&ZFIO&dX)Rq^)51}~dDhMCT}3PSgf!6_ska_&
z!GuF5MYYmuX6i>=OwPmj4A_x~5Oh@E;JE?)XG&e>l;t&U)=4S-1nm2x6P{^0N#8e#
z7jGWT{K<Xy_l}q--Cmm7gdhjJUf<rYgy9|LFEbx@t4%`4v^6Yx&>3Jv);*9o5?@vs
zz49w=A?Km;Oy5%O)c5+-NXd;q+2Rj>oOTO%aC7K#v%MErNFAL*GSj?HgPBu5x%#JJ
zg!<i7nD%*TT(tk_bOlnIA;8<)jy@fE`(1$bps9tcNX8rX@x%1_TQ5p56Q??@KY0w3
zKA?>96Il+j3sQmO{CRPshPl|+@5-b*En)$-5Oez6Jo5bC`{&z|Znx6e=~l(OQi1#+
z59izQrz%JILQL~q$Jd<h(S?<pu{@y4i*urSz7IKqz-__6o3vcFPD7^M(`~-2Vxr-K
zVLI_c(Hu)YXwGfL#hy!7I~U#}6V_hl^nd7h+ZJ7m0l%PmWq0szn<`}|L*`MK-3HXc
z5(xhCkV6n}@9aqQH}i0x8HijnWm|kEV~150P~R6XZ;klex;+$1pTRd_U|@k-w7|0N
zDsB`g&6E2f33Ue~dgVPQ{=usK_~{8(dX)cp$dP&C7GQD^Om1h;g_24A+e<>yAt9WS
z+trmJ6R~|tBYnRsJq^l5tWd|q$vpThipM!u_}^c=8nn+VDeKWKpfC96*O*2$zIjqo
z+qhmv93ABUz#Ja!RTr3~Nk=t$xk@G_-|0^@OuL=GYXevv7*)m2^es2?b1OsWmRq&;
z>Ur(csC{?kpT~@1?q7d(0QRcktogcuwP(g9)iim!$0Gl=?q?GG()KIRo=2bU%8+aZ
zX(2tMrEHz+bKRIMPq5#&3Lu8cR9|9)58;~rE*n2*)H98?){U8Y0<@o;Iy*v+{j$@P
zm}yi(|C&O}4o+=j`mc8jIxkB#-(wFD(%J2R8Kk<&*xA4((@j7R9$c8}CowIt-rBuo
za?JeW3krVh8kh!H|4#dhcY+L|P^-!T5Qi)M3_R0Y^v6JE(8+y^(SOk@6C&fg*Z9zS
zb*HicT*?G?dX~9U!O&f|$)ng)J@ML>PKOnDrj}*1B@RO9)<5Br%!dy51}+6Udp)x>
z7QhdG=e@bk;Hcgm(k#EWzRf{GjvX5DHl2~d7hxH?(DT<E_f1E9<1J16=R$ziX+4F7
zM1os0;Sh&u#`d(Xw=NI`_B)$_Nh`Z>S#aR^$%LOa+c4iAPvsY}>>P=Z_1j1<+fHx3
zOMtJUyiQ~ZmJ74a(X^A1I=5ke0Nv$BSsv6-Zmx8UmszPeHAO+Cbikx*wz+M=sIBk1
zEyZy;OGbV^uY%qX2)+g%ACSD!6N!_x70Ay#pv_}1f{a_V^aWr$pv*ySrsHbw%{U&p
z11BzNmyKPi`03XyG_R^P$9?Cy&L+K~0ZITScP|Gd5<bM(!#=%joz`EYe_~_kwT;gc
zLwCU$MC+O{t})psX7-&Ur&yZE(W{nncNT2jmxITvPOfZWP{lb1pgDuS-gyzDYNbs$
zq*8}x8dXf3)Y|X1U=2rk06ZRy%FAJ!%)-R*rRtaR(i<P6z`cxGJdp+VL%Yo93XGzo
zOQcylw4F`t!))@rfw8cGG#>{YXX7B>rTr<|Rb{&uWSa(#_rJ3p<w2Qt{5VKvx-MRZ
zYQR@ONo-VRd8Op%s-NlPFx!AOD?(IKZG1wb=F16zF+d-na&o8f@lKdZ#Taz(;iZs6
zkxK_2;GjsrYvn^psj9YJMUm>h6HsZV>}&yyL|`CZ&Z(cPp)K0o{z{N&K@}8#YX`a?
zI)9g?&QNz%+qAy1^O8#Qg)`ghOC24&MrMv!CJ5>~5bxF;LNwQ8S=#<l$@v}(nb8(G
zb4LR9sw*@j2h*t<B3jURb-Xp2>@e)2n7r-b50?d3GzPDwp5-zW@a57X7ecXG>Ko|!
zH4R8`Wf`wjiyEB`w%Zbvil2FQV>Doa9oYf78@_5=$5IlJhm|T>c%=8I8DK9u&J1s6
z-@N6SYCfILlD=PYDffwF0fOv(?4$S}wkMso_)|22QGoHtlFK!QhO3Sdo*00Lj9P4m
z3Icqv`x%BlsvGx7qF<A!&F;FW6_$RZ`|ZM0Gt<ZE$yZq(<41%oBi+FQ-vu-&G%fJw
zsyVBPJBoQBo@CH9gQQ@V3N{chltk|@q{Nk|H}kPM%`kY3dh^k7PLGJJNA;pxD&o}{
z#6ch<!+8jT7w-9_BDwBI*KV^cMvwu(oOe9y+>G8i2&P4aCf|pK!#~Ev4x~Y{6pAe*
zr4E)uvkrj2x0s<Z))?mPXIKp4>?e(u=pMlh1?AJdK>+25Y^ddEFO#BB^<3M=MS3-R
z80iF4n>q#B2w<#}P*NLVj&9g9eV}9%enF_dnn0G~Mu7itd^&vHn9BoUH|+WPz7oC9
zo$j{3_<13!)9eQ6MnO}hKpoLihZ0uh@OUeTvlymBA-Zv5Jn>1Fr71hmGZ&K_xBX->
zqZ^`YGF?>wATcbQ(%B96_6~bU9}Ux4GVx)2%{)b>=59)?gty&iBYI=YmMOWhe;p5V
zw@<y?Q(wx9$MQ|<7lQ_6K=Y@qr@5&*?yr}fkC~Y{y{%|#Ll_=zv1@ZBB#RN!q%UaP
zUl+Z6-Af5W`{qn8Rt=eq^+)5u!26yJ2!XBo@Nz>17r%qzc6mtu$6osIl+C9;<u=*y
zoE;R;F3iKK@AF#qmJRVHwTzw{?FWTuLvzh-es5;HG&L|MUXaN0@V4Ap#{}mq^3IcU
z?=%?7e%hZmv0}N+<oP1{EVDd%LrHvn&6ssK@*ri_0Me|Sqza^Dn~I_bI3Ew;H}uH_
zn|AAsFEj8zODQG{PiBR-Wfu|LiP8tgSVnO}vJ31c-DrB1jZ*QXq(8hqFLVsix!d6K
zZet*ZX6aq7@C=t}$)Jz#AHC#+O1HkMC@XjV$67@WednNJgZ|OHpp5?c)pn(A3s2&1
zX1W@C<525O-c*sC#(K;s!HJzH{M-PKg~AGkP-qYS$)Xp$=XeQ+>rls74MXUA!CZHF
zGP4$bZ4sNO5P=*esAD=k^nHJOZjiI}J7}2x=Xd|`42OO$6n8BO*E9Ayl3mp1NW_hk
zi03T~AEK6&eba5bH^oB<5?eo60B=Em(n)<NcQr1a?MoITuakV0g*nP|?p-h8>;G-b
z%Xsw)jRy;T<rwV4&wZp*r`_5w7%ld-FFB9!ooy;NW4+4y6bpaBzTU`tVHC(?F98zp
zUKh|$cUE1xYs6p!WSPG{l|9mPJ)$Cc`XE|isg7GP*TurHK&`jLX!pr^@Gt)`2IT<X
zy&vw+t>gc&3U2Zxe~&A^lOVIQ{5B*?Po{zpIvqT{{b^GLJs6-j!#o5!xy{=IKI;dS
zC_N4b+G(jTz0kONN#PLv0b?wxSEo^Q(SYiyzc~%*r+ttsqo~6E_0)Zmr<7=}%c#s~
z#i)!R{tu_ElcIB;|Fh$uyf5)rE!9P~O^suxwGAern}dobqDgiP=d1^DoGBe?ZcVyS
zYYG*T45?sye+tEBps<Wxm>p~G$ceL`Ms&9+-^|m=Gqis)z<MQ)+OQw`xBm2E0{rRW
zJSY<4%3}TA3_{=Q+54YQ(+TeBN0waeV$%s-w4IxS2XANJ9IY5TuZep5!Ng>n1yE8m
z+@Na{`2LQTuMH{&%D8^_j|N+>XcyAYTe^?V&$tuXt>}c9n{v*j5tJ~^e4})zRrF9=
zMBo5xxtde|=y^Ik%<%6O6UB1pDkqM$Pz3gd^ebX^LW7$=y}PgVC!2L~#Gh@-&nS$r
zI-S0KlPVK9@V4828Ew#+0uve*3tt?Cbm||IKWXyc<!`iz<a(`9U4fV&l&3U?B9!!h
z{(>Z!o9HfEoED*;Pq3{P2ZkJwtdmUigFjEcn8|tcoQbi^^zm93Ah4y+bU+tP-uP@p
z=VRSG;{<XbC(>;m%d-IADTW`FZ}7an2r8m}JJ7ujgDcmOyf-P5Sr3?QwW^j|T-QCf
z4C4yZgyIm)8leYzcW&i7Q_aIV^t<IUyq0bqZ{ZdQ2wCA?QkpwHhWKYO6PTmwyR(xp
z*3WoZZnj-~@yrOL!p{SA*Zw;1;qqAL+wY(Nv8-2Y0tZf)J2-I(;tS|Kj;wIkhV*j!
zNtr@Vp#+7#f7ylPH=k8O;;o?FoxK+(1#EtEmxb>i;Cre&N?9#uztf;|+1`4}HZ=5=
zkRRmXd>yzj?<qZUrmI`3tX#q*Z2ery0J6L#9QnT`0GrX};Bt>@)!PGhJl_!VzsuhT
z!{RS2lCU-DdUidCi#xAKYY!MXFWt_lXWyJ3Id381WHKgC^2{I*Ie*GPQF_K+)IW1{
z>3rZHY`b2eryl3+n|e0r4aYXK9X%Ehggc+`Cv;>TJ<k~aC0x%fKx+c+E`+3uopm{x
za#Ry#$pmv&MBt+hu-5DR8D&!oAMO=n>aI@2?d%_x9i+vemTX~A-tA}(J{T9{2LlPS
zOpmb2m^coPbyarCYHav8pOk?spH?xrcy?l9$ITYU=H1D~bj+D+;1YM~*2(7w*ZtND
zqPw+^E{>LpM0)#mIP-1)`o|C?q20dT5387dk)<x(IZ>UIePGv`KJH2DGjdIv^jcTl
zX^GJ7_gm8tm3cLYBZ;dxy_(Ayze~F)x8eOEsNH=3^^MuVy*<pG3F~VOiT({1G5#A3
z7NL!C7LqZ%f!EKeAAbLb*+}S%y+XJ49K3So`C|bg-(-R3C*i;60*pe36*L{+zJ4yS
z=as-oZj~#+o-7t7PD2xJU)vM&CUnv01-;INHKT6N7lR1n&cTImF2nIMh$KkEE9zA(
zE{@-O)VbCy9b*{c3gck}Xxf6#ZSidu!4<_Tg3aPD`QPI=s+Svf?&ye_RXjsx34W=9
zJMWgI*tC*;dDw|SwLTpX(tQne1Y;+Fhe(9+iYT1NRG|jTyetP)_GStng;k^VsmMuM
zj@S2R^0qTgCeB{8dBtk~#8%3#@v7}pgzt;X=4qW|hx8(+8&OC!K7gP|F*sEYSGogk
zTXHpoTt~{@!&n&>$E6?0`7CcXqX#kWwr?ilO=Q+6Gj>T@P5mZ0-CUQfSgEK}5vk9m
zi)or@J>0Zl?so32)wEE20BAonpesAJ^l&JLh5semlGm?K6;y}0Om>vFW149>?{0KW
zyV81>9cAX-Rc8l^#S3>PFDh-LwvW4gy_WuI<N|!`EtD{(2|kuS1ZeYP;UWYjzE>VE
zGbkX+Rqe=Nd<U;;sZ;NvXL>eu;)VMV&Sb+T)!n)?vN7^upA`13t?`@q-h$m}h;1R=
z%BZuL*-@z*1#p!!LDydK+`XSeYr+ky$flFm(0zbQIy;YDrhmx`a1|CJw`>x^?;BO$
zC&1{c>UdSCcxnrw>|CKj@}g=&p;5ws%X66w^aW+yo{(-;lq_c7Sn&;~p9?>XW7py<
zw;nO<Ezdh|HykIL`&iN9lqckIooXAcS<W|NeGIIXaa3`FksABF;6%%|1}^%Wr4p1O
z!^}_&O8S1`O+-0&T4xdF?pc)`%t(P#Sb1Dv)H%OPNr)bh4ciE@+}Pi>CW@>4+p>QP
z>DEN4VAKThbP!~7r&g6PQj<P4*{+`HW6XM<bDoG?gHqu_=KD}9qWrGW8m%4HkEprp
zJ+n%=okw4<;e8m}SIJ25z$C^Z2qlzbJVQT)f<XXG67y`&XzO)E%D89ej;fl^t8KUE
z=)Za-nA_)a2bVsy?l_UJ{^}-52V*CQANgB2AGU!B(o&Q=uaV^CY~L@8lgG@r?+DUq
z>N9>-6D~<+3H>OROZ1Gji{-(Kjv=5WW%FPdGy#}+eq+3_!u^fK+8F*Y{S;<yc8k??
zuAm+9dtv`>9F@0U%x|00uoK7?I%tgQtm>k~lI{lm00XTFmWLtv9BlXN;^S`F{Kj*5
zA_$0cKl(H-$>@ycTE%-gSmO5ai|$r4jDMZGfx3%n8Y_-kV)zd3ellItU$KGs@T6oC
z;(g?MU8#ve#<*wp>)Feee#c{$81pTaabgL_WrIw$*X!?UU|1ko&tOY8^5NiWUOP+G
zU&~uSAd*^y?#*EEf6D)mgsZ|jdU58m?XEP0su@ujqwzzQoAcNG9Zj1kJock#-K_hi
zIrW3_tg8B6_?2-V_Elfi#Fg=wZ4swypVKg*U)s=(p{u<`Glv#RE4rO0mZRdA*p5-%
zo)RvEBRj#3+<bi+$0ZM4yFRZgvpt??oS8JaYFV~(#I;OqlS@J*+3!m*`4M{fEV)yf
zgNzXFx<|TnJ=w{{CZas^ts3%z6K96jS@O#x9gz`X9iQK0(Jy(VUt2#hD82JE_VOI>
zgp87U7F4|uPFE1Ju|Wd(Y`B4&B1ie+CjSnCVf=xK!U~0eipl<Fad#!Z#HH*pwW*Az
zXW3cKk=BWVnqFffxsmEsXAJeq3mm$Ir0#xTOPJ=D8WYIl4M%>5`D&XNpgw4rwg-GB
z^+gXoU|4xfWkPB5P*GA<uM5|mgreR}kOYZp>ZMhg6DgL0x#K}Armo=;%(_hc@sU*y
zZ_NYd1w?#t@92BoGFo+g3`VZ~`jXf7(?Yw<>z$WX3=hNU!l`CEXHe&<7DK|}VXLae
zvl6Hzd+Z8&Uwoapg#LoExba^nqzg=%%E{BsmbMaOKyyJsHDLM49Ak+8vv${VQ>AWU
zp7~ufdED!A(Ct$<)pkjcS%}vdgU)vcv|rY_?w<Jd(k{OM!TYw3&<jR{>Znn<uqE}O
z>qH!J<hsbF@*J%rdpre4%5LtR)KpQ|d&K+kwT}AZHD6W_BXR6lYIleD`lmPyUQ@f@
zbxzB>Z0cn}q+VzyPoCBOl~i{(FYjWv3C61G7poh@-a+R`ss24eb&Z04H-k9!n37~p
zPssO1Hoh-*=$@K!wJ4vxn=ujJ_cb7=)N!&WelJiZ$tsYqLmR;hLHuY{_!4u(+y5Ml
zZQ~JqR#@DAt%;(!bWZXH-$YcYL5t1~`8onpfL-un^Q=ovweQ%s=^FB-ab*^4Aa1R)
zdl&0fe)0X6)j0-A`3!e8bndR&*|l6cM-p>zFt5$YlMb>RLE0<P=GQ-Bdg~VKNeCAu
z!pfbS$`uDns?s)$=Ac%B{E`qwNz_Imc5#_)qZ_T0m%S!<e)q*O7f!(VrTny5$*(%i
z;&wKBsi>FCsXcc*COs>@9`$U$kWgokWv<K<=D`z_`dr54eiX>`jjBVs<M}h!8pM)}
z6hb^}j2|e?=&;XvhN4&1or}0M7R`H^5(-O60utEY^yu3`e>f4Vf<bt}s6V=<dARx`
zA?S=io;ESDW$I61@43}ikzMr!WCrL*?%*V0!Sh}oZy)+b=<z!VB^rOdMPa#}*Ta)A
z(~7v7!MmKmf7E3;`GbQYP4PkR5|Yj@gB2p@66ydz^nihjTi5x!ESD+tnQF$;HIX?L
zwO~3V{ItY<&=u|8U)h<}WS{%M#&YCX2ya@5TXS}DPfEhONF}d~y|MjIh<s<Kh@4qt
zOAlOyr0OCrP=<(D5ppqMLf`<5nA|jjUaQSF!F3R%e)iDoPIU#L4Z+~W%DzdCS6xG;
z7uj~KvMx**2D))-MEI8i`{;LGQf^}RO*<1Rn;bd(MGj9slThWS0uuL%Yo$kMw3CwA
z<!TP+nzd+C<t$qk<Y7$ESXDYfi0i-4d+VXs%1uR~38^t&gJRRNFH}ZSIE@X8%T=V7
z*P8MLa%X-^(6&~T+F2`GVB0$SaoKgn<!a%+Zo#LnjuGOnlPpUk%CAVciY22VED_iC
z<=^)vVtZVPXK<Cs2HLpgzSmx!x07zOK?~E}W$kyWQ@N)DO1p7?iax6?D3X-e8RXfQ
zAehYCKa}ulJV;isk}#b0_;7c;?$wMPilR}#YpbM+;j4Rif=PhmKOZ4wzivp*YVY^|
z<Xqri_PMfI+=SPN^XuBa&P<Gn9Jw=xhLgmfX;b#~)tL_TDKs$Vnr^o@hAB^zM|6#p
zX3$j8<5qb>$dOB%M?;c0S+{)*F$qITf7MpmreBggby}<!yuD}gIHxx(C!)l(Z(9uE
zocmE(8XN@ds&EYQm<`X)T8+5jmrP93{6=-kC(MF^3z#@{mUEUGmH0x?@;!@@)x!wI
z-V7!&>}T!a_TOeL*T#D&esbK64qU71k8%`8j|Q7x4crTR2}3Y{)j^0S`#EKD-1lKo
zQNngIMV9io!_P4IHZ{e5rK^rsBu<2QuBt?_=d8=Zc<Nba#nVmLuTSr78xsv|e9kWz
z&#HQ{sXWjGYQIdaoX|Ctdd`qy@1?$YyBLv}Hs#sARRi_!mUwG&<v{iLLjU|Mzay9e
zCy{!IQ+2y|B>i9z>#r6e`{S7;#MnCma`G&?*-6e<OL4H)G&RDQo2KB)<*;qcnEWPj
zpEUC1IiGM`S!nbjLn~TxtM1|+v6b&jvjz!OO;Tp?!eas9e~_$QTfGB;fi}eaTHrou
z#nIbWUH)^aZJ#H$WQ$Vu5t5DA2+s5(nT>ZOb18VHQq|IULT^FC4Wa<~!}QQXNltut
zVW9s&sFs%1jYtzmOOxC)jjISr?WsZ9nln-8#SFDVfoJ=Y<5Jg!LXyfPABnWsIQi5O
z$fum{)k|E%AWr;Ovglr#9xkyFvRlzwtc_SiWjbL#P^P@$AR5(Ay0{QI8gPQgDW_h7
zr*1#ve>O?z^9(J=V0DtaS{Eru|0!o8;Ytl&O?>7<3)@}}X}!_t5c8XXr<ngdkiY4=
z1as9;4?#=F;}}}bs9$R_GJb58aziLie(;zi8L>|yEy8H@3Q?&WtNz@C{@Z7i?EC-O
ztHZXf1^e9P=`PlleKqSV&EjgQGVJK~(gje4u*fS*72M_GmqpwmDR61cpHs5W{C9;r
zBOSH9w48Mh()VU@mDGwDmua>RvVlojO%5zT`JMBuUz=~Zh$~!1R?2_x`^lSuClFQS
z*zB5BU1xb==UNHp2)tXm+kLSKUr#B?2Cy^EVo0VK_mw)tv%sc>6?Ctt#u+l=+V3ai
zbZV><WD{=MC@8Z^M~+5^nyUm#{3iS0M`mBq+QYv5l|RN=8E!#PeG<6g!6ru>+%&la
ztN8UcompDWc~LB{;U%SaM*D|9RN4=SS(*e!WAL#qm@B!1WrcJ4Jb9`%ooUYI6Ii8N
z`61?h6h?+N@YL(UPX@itcV%F_P;#vOk=*h5uY&C8;%`~b@uWV9l-$4*y?9r`(luxp
zZOF&q?X~t9?$;?~%jqHukG$t>x@Dt4<j_GiNSv<YWJo>_-ZLQdr@$0OgAbYjA)izp
z85wW#ScpT%NNLhyqqjJR!`avL<#eZVBLR8(0{bg)&GB=+Jo{5Gmbw4cUUBOyL}blN
zfx+501Er+LM|)BT+aLA;urYem(Fbgt8If~a8)2<>s<&VM%PK`DpeL>URYSl+k|lFz
z{7Utl5sEVM?Mug7Ps8~FVJoy6%<RgafY2!iM9{dR=-3(k8m<e*gY~q;L)v-u5*Zs}
znX<bC@eIj};B)_c_oD?9g`wUNLH)nAx=xOYrW%n{RNq>Tzh@Nsw`1e~w_{U$8f!w1
z{yI3owdnFuS)uwhhzgqHl1p@(udW<jRCpPZUH`X!bUt|6ZPXhRYzek?hB7f52VzqP
zMa+qOH6ui^cf688kznIkb;p@+bZ6p|ALsP3W4^fQg72mKKGF@A_G!3PS|ayxni34_
z%cj>ynulsdGiX9@@55DqKHv`dUy?Rgni(&2sx{m-cD&O<gJ|!|S947%Qtoe`<8ULh
z?$B(HWz^aOQw{SRE4urHR-e8*ztT)VMwmwFIf_10TIQ}Z%Z)&4)D#&=-Mf4>qooR;
zy|#PxW_XNc<*@W=XTScggq4m|w)O13g_uasd*Euf;GQLV-n8qfI9<rgpbK7qF#H3b
z+;>|{f9ggi`?5<&S(EjcZ>dYD&dSj6MUCNcj(vRjr!6m(DzNWmaWQx$nAPZMs$uGX
zJ^lCPaPX$a^4oo)m$Gw4i|w2TFDeTkCPh<}16vJ#VE^bzVjB-vS&}Q~b=L4S^~Hq*
zi8o^|A-#q^J1*2yNs@ONuAu)Xl0sp$9I+|doqH3oF9;c0LY_4vFIgZ<pf<udxSS|J
zjV?G~h*azH-Y?@RVPF24m^3Y(3u41bDeTIbz70>Frau`WZ57sNXtXvJs$@Gcw<8AY
zJSLnsQy1E5DBR`s!)^34&&|%e4i0(=yBizDj_8JNy8`or{uV7Eg94{8nZmWfsncw~
z>y{e36;M@FPka$dSXI1;p>M*3FpTjuki!S{Rga6i2MQn2udCd51k1(i7#A$33j1&=
zmEmG(``WU#8p^!;u8D8-_6q{F&9$sW0dlgD*_Priu6f9NuP&8dW3r`{n@FYsE6GAr
zd|gEO9D&U$bF5xMs4n|Np^_M0wb!NF+^+*#VD^fHKla7>kV^j)N=<!JVfFQ1RlGmJ
zpuiS8&UupH6hGoS512Rwa!KH$A-Ey9Y}x6SX;M<ACFep#CYYc`j@5{#jJxV+?@YLM
zbl&HDBb!A{`^I@OjyPj}rIg$mP;oX5Y>=iM$`F5WW;xwK#)PU}d!qZQU`ZKcVSv+#
z6|F?WQ!OgK6X0Yc$P%+pMc>$-a>^k}2-n$blY~Kc^jcK^wGvQ45oVZ?%r++5JmPx{
zEh#}VD+Q+u`*$)TrgV%#>;X{mVn#yDmi-QlPi%4J4LP}Q7bl`3FV>Msne4`viZbQ=
zmKPe9j)vNi)w8hvVFgQLvWQRjT5`yxMu)+or{#l7yH>kV$0Cr+>%%PN%BbJspiiT{
z_Upg4bjpOjuU!&sR^QeKTEM}Gzb2e@xm}C9F6Tt0)9<8wBW11`Cb5UgZ^iQVpO6XV
zK#whll93EO3LSJ1rF7TX{(U+w+fYLz+0i;iFn{o;E=OFY;K!}xae2mGanETvMthe>
z?ghPOTyC3kGx;O~{oBJO#%cPYW-ZuaFKS+e_0!j*e(RHVWW9jcVeODM<-;zkyV8Oe
zD58dW=9h`ie#`C;%%j?B<@MUQ>+(*#cM^$uMF>6cjPmyWOt@5xA+b&@?<p;mEECXz
zXE>9wcUQ!2)ObFl{_Zo4j)pUWc@F{8`+3+bp&gs=BRM74)Z&mRSW|bVRE1_SES9gq
zM`1-;RgRM?<c1M#HD3e4^PK9iD$Q;;IDm9!i`*btiC)w*2>4|3V}ou>yNge}Fz8?|
zKvi2dwOq@Zc;H7Fcva0g)Klw{9~AMSUcw`XaO_YyLDDC}<4m}2N?C!%3e~Ii!p=9v
z=u!<2$Epg)dF{^e$ZlPnJhekyW=&yjs;%Lrihz!*L<`HS*FpUrd;+yB6aZiTe)r(f
zzu(=s#UYQQrtURU=FTJPq#;h1ir^}>71x!b_o+#!`P&=fxQ!KaH}I9CPor>H#czdX
zP3O_>ah19$!^1|cu))Qdf)-UCBzF~~Zb_}fW915-a)j@JnJ%I_)2(BOK?%{ik`rG{
zF;KQ`%Zz-NcxO<4L4)z(#_YGJwgYl*m(`kcNGa{ZBoPkC7S+PLW@eQ2jrv9*_j@Uc
zTesy8|1M?OTp7csN&24(XK(P(1B|*OW7qkr*E-ywv-rM}GS_yV{i>2aZ2kcMy8!aY
z*|c!~lM+bQa|*hjZvDPeovPkpe{;Obw*6(Ue4_jBm_Q8v#Lxq5l}s`1Q+7B+<_c=3
zrpFAs227^R<+lVyM}^Nt0`RsIUz~Dwe;3YC%?1WtwUYG@ez*?2SW?zfuJJ~9=Kx=S
zXZq~!j;54h&6=`#jImLJXCd2!I80*D{GIH0mzZ@;-H~N6e~xY36zBQBYpCiv*OwtS
zCv`RIcW`c^df-4BmMl9w8h$_a{m}eT$qHK%QK?rvI~0Qd=|i`z&b^>frV<Vgt=wL`
zlViZ1<!Ib}cAkK2stB|k6800!1v<Z~O(+;|Tz-UpC~`HHRhKWMi9LXunTdavz^7xN
zkT^`dcUg6&F0cZ{$4x&NuQ5dRJ7TH<jCc&Fs8~<*aj)^hHj!+HAMq@oH|0#xZ(*BX
zQ^O}^1fGaM4kckc#>=iT4}Ce`D43TwLcA2njFPM%GV4+v97)gpv_#AG>jO;Wr$0jc
zD*<8HftMXf@#^>+M(29Ud}O?e$Y=7Gci(DYh4{Q2PR~Gz!oulgX@6>`Mz!6{a8*gF
zvti5)jJ?k#@gwDuul#e)r3mwBtJW-yYfezEHk7uwhH4ur1x6s{79<>qxYs@r4R0#M
zbqds_oxfBub=a_7PFoH#{)#mr9k<G)sgzEa=UCK;ahx%{%=MmmhxWBKo4>YK`Fm`e
zmrqOx2^(q+@>I;o=$uh7OduT`3HU5z^hDhe9id^G_va)>10QnPWtL6JHLucIX^||-
zU{5LJzI+-qDHMI00p?sZNBW?-;CFdm&)i`>ma4M*RN5XYii4*%VYM+~=oJ#7BCHhd
zRENU%jAVBlDd>Me8DPYq4wJJ!x{j9T#t#mbqmJ>^Rh*z+zKaf8ZqKDI?5;Mb@4W8J
z#87$Wt7~^$GkTAp!tY4OF*jcvL@xFRWLQ2K+Q*37r=CAMTPzym#`zEsd~hR#4#l+C
zev8(J7(oWP#&k~UX7rNs<itQp-2>0%(b;aP`_<|Z$}bfHl)^`dC_VKf=X^BEi8z54
z(Wz-uYXIe()E^Bj&M{9o+4!B9c4{Q$Up9Yh)#>=@_(HY7&NM_4ZFz^8bUUG2cxs+x
zmC1UcX&+$&8C8>Pu#lMH<<(HQz{r4gni1aB(wf3%6lB?ksgIlT7e;*w>dza#+ibbV
zvGzU-63{YW_LB@c<Z>+8_|JwCy}bS}1LC2p1C+mH-EVNvs~*6GM{F;?l*FQ>7}$iB
zy1gc!Mn%O?l)ZL2R8)jerLu3pMN}esN<0Sqf`2@pD4i`L7-DV|h?X9oEim90J7D++
z!Z}d*y;z#6k;%N8^vS&yhvU{BsJaJaJ`OZ=PLi%Rf^jDCx6eC39@a)-(|Pv&;GxGW
z2GEL^(_03#!E~jzG&#cGodAwELKOdsRmvxat>|909}9EX=8k<<4rdaLo_+SBDoCpv
zcSF^NkA8?^ri?ikLCuM!tyX`<GUa(KwIGj|%ry*Pa~Ps4ADAx|3Fq-YH~WpFbf|qr
zSsK#4FgB7NWw5+$w5Ed+<AvP$&yB=P@-9YpVer|;C<RelMt$)+y=>38GWO5)Ye!z=
z+tf~FK-H92RIrofwxeJkAuW8E%~L;*`Y@(<Y_+YT+e9E&Gu)#tx7<YR=$XZswB;5U
zS8~c3pmT$*7-SDP0mn)w0eR=ugO8>Mqn;k=jziF-Tait2h{tP{|E<~c+|#0}haI?o
zWP<F1UCN7|;M14D;hbX(0#A^9!u8H0AF)J@DAx~M9cNmVJ2Ffhm|E=XkL!$hVnP&i
zXtQ~vDs}g*jQW8atrU(@Q+3CMO2(H>{#~Kl@6mlk!)+%a_i|8CjRh$#(vxkEwZP~*
zlX}v!F-z79Y|kO9VlFRyxZem{tG|3P0)szqw{nuI6S|*LTTS<wX>OAPJ+$R;9)KlY
z`KvO9Ik6$NRcD8*^hB{Qod=yS3Sui82aD;@#g|(|32)>8Pu=SiBqvoi1B2d~?Ko&C
z3%+5>*zEykCu18i3%59M&uO^6j?KEe2|2U<N-o{ClhQG&s+kCuS;_A0^;Q#e^Xi{-
z2cLJPh^BLV&1b1iK1}km;H2dJ`9|MJWP0Xa-@EHsXQpEg3z@L%<|*~1fNPW(CAT?3
zB*KYV|FD^|uymw~0;34+87IR6%u0V3KVqB2_?0aNzmK5}I;c!LR2_?LR<?P*xlrYm
z=)T_BWJz*%zL3S~#wn}zdeSH1qFV3=NvDcr!Q8e770FHE$S7A^gT(@ARoaM9-n$&O
zlCscn^Uy_smfT=Ct#7w^iY>=@>2Pwq<>Cw!K$xZ3q(+>;IW<OB6m3746P{5<{F<#K
zzKSTGJ}YXd2Sjet#pv3;gqSpjlY{i*X<|X<+UGUapg7{9*Y<<L8~E^HhF1@hvk}#a
z-*}KKQ?4X)`i@&Upj{OVciLZy^6)9m@YH3}pFzxLf_dJ!t@!KEkbbek+Oh^uXHe|#
z+NG|SYiT>51}j^A*f)&GIA4iK=yETMtqhjFckh4(>Iz1|jH|LJ)SMM&(noHIE;pnj
zHHyj7DDQ@^1Cy7k4~Aur!Bob~u-JjTSTqN&%V8)&`kHA9f!lF^8q7ndm&0tTltq@t
z=p|oW8OT|553S$J2DtV*<2LC4$|{q1H$GunDz}($arGkl{%~YGCgt5|eaKo?-0xKe
zA?8|vO48@+F0WV(;ts%<tZaSBUO8#=7cyhp$E&y_{N$24Gwa4J18<DdfiJXE`+PVO
z27{=V6lKfukM;Zp?*T&(=<i{sqGzvdU2^>8rlx_kmuyXH@H=yp5pTfQn=P|L&LAHM
zBO5*R{)Q9kxZbH4ViZQ$m4!<WEOK;lSs?TJ!^&Z9cn9~^lDh!#XlTZE7Ly!=<)hR;
z@qKNw95bG-m1ahkPh!R<0r%lI=G44<!AWU0Qx$_&kGm^f8>M^6sj(sdrVWA%uzH4D
zySIRPNx%ebyXFor%)j{(Z(>9|q?7)e<!~Otw(GgLOm`5_L<K4+S{K!n`N-$xasD_*
z)sJ|yS~{eYah@w1d=R-YmaN;Ox5LcU1LdT5h4=x2#gMvV3%-hp0rlEDqPXy>$pr27
zND#eBWES+M$3mj`Y)5y)4o#!A1b4zlREKnKr9={f9TMX1L}Bgxp0tP)*i7JU`rleR
zMGQ)=CJdE0QBh;UI*n^eu@9tYYdawWlXC1lxz0n+(jp2eIaxLBc`~)9K3~Bm;$L6M
zNLPBs)cXqHj3CparC$ef%H^=iqXV5|%J`aUJNF^iFP%;5TmyX1%E@u3V9ar;8ih4l
z<d+2U?o(Pkb>Sxro%|c}cX<Oy#&D8jE6E^qYrJa8v%6!4fNU9BWS@wNGdogJMmg@t
z$Jg4H#g^?^sW&~wtL<cGB5N!feczyJtVxF4OvW$H8HE_%<ld-pa&?=K;kPozVs|gz
z)BFeU_6MJGqd!BAxSnfxj{E*lo<NI=Sqb{bx1kyL0*8WJCsw31RexVJ$P7!t&%A>m
z{+1He)COHD|M8&zuN%jr8eehSL}ALGwHxQ?Su?U4s-sGY5FGdF{%zLvDsRa42C)>Q
zlp@p#uXvd<2S2h*=z_ywRAFG%-0uD%qJCFk?@eq?mpEsH4tMW&Y_nEk)Q6RUnOonj
z7pppIBVt;Vm2s7IHQJ>+bq|lR2wDo{Zla%nsBLBpvz5VTwWFJLC<tg4m(}`$Gy**O
zH&9Qh_r8zFj5UiD&uHD!Uj4y>qSmcxa>$gCq(=n57Tu^+4PA+<`Xr4V9*`LBOo=zD
zjnE(R9}QiZX+@^Fqr6s5my-5KR9+IcbhI2VT(+UUwC!3&po0Q!gCBp64_xY6^WU$V
z;;@`ft>Wf28SM!%zZJ-*jQa*@9EK}0-!^kNh!8n4qLkDk)=NO9KmSfzAH188;+Og`
zRFc2(Yszb?>dxH4J5J`FmBWiOJ$#}5E|kPR>tQm-Aj<+KX2ED>uBt|tz6aTk8Lb`-
z0o!Qoa)3vKBYCyy{z32wl|BEG;fP*HnL2noDvehGeg++iXJv#kpGpMHiauL4V^bcY
z)ZJ^5ZEJ`~u9J{h86VupY!Pl;r`Z*LQmtD1l6}2yeEDKo4w-kn(Dx8g_%L6%UhU`W
zA`A?ZZ#GktEJuRW^lukn@J5!t@%(p^7RQC~jqZnIHX2x*YjBw%PBse!dE1rPnv31v
zS=D{Q<xPEsYaR<tQ5g%peJ<^;QLR{DnsUp<L!R_#Aqn@gJLxYEE)^E%6T55CraspK
zYm@C}dh^ds6b)+g6P<<UtyS0aZvPKd!OS*J){X_9;Q8-s@lc1|@w`+N&9k+T#MLdp
zU5JYA;R)k4tq$(<39Awxs&h)ytwmJ#tQ;O^a(-!&T}6kf>BS8(EkfHYn2q{5zbs_M
zrzJ);t4Dt+?tuXy=im816*;#Fln4*ka`I|<>%CXpN*b7sTF}!5|J+eCtM(G$g3WUm
zkR?Y<`)O7G=Gn>=i_8udf9~37u3Q3{)g~@C?ZxWkcUi%+FgsFc9^<1gK4q@5>~a?>
zS@!C@pk&9_;a&_EP@JtyzMdpHa)i^(EV|K$o8Wz*;ki!bC(4R!YLBKt#Qt9u>rt5p
zUtdp2&0vgC#Xs5=Y>CMl(lxv^zOR0Xa)-*7ymVHXW!kv!U;(VtZUR0}BLz>CDReF<
z#M5#@o5b+;vtGVbIWc~%KtZLgP?dbF7ooZp-CY<fi+;=@%_@+q{Os4;?jPX2s0Puy
zey;mgnGz{fm{$EY=Gw=Vw4z|#YOh4UA^GB1i#)o{@Zwm1qDSlMAN^*=$5?dek6*kc
z*?oR&{aVeQvq=cMV6%~_ZD9*55868e;>qZa8=J1_%<v(f^~O<^@Cnw1g>N6%;mhkN
zih<jtSx2Lji-h(;;smIZwvw0<)-716)n&45%{fdM8NQqHMl5bd+;znbkD%8E6eix_
zmm4ak7016LiM^XaQxX!*gVsaE>ldGXQprGNF17l*3Z<9%E)!-JX2icat;BXaw3o&`
zrE%YDv6ezNQ!0vsEu0iS;daX#Qz$~VS~~Uaw8#bFQa`o7Uk~FNF{2eGnmZM^Q<`7%
z*sr2-_)X%{RG)COlNY9d{&s6So3Y2@-JHw??~P_-SD?^(XnalbE}Q1za`z~~kB!R|
zYvgB(s5?XT6;>SBBqq^3Ub;5?C4JSrl-37%BK10Kr>|81RM!<zftwhXpNL893X@#b
zc{*+e(fI|MqNd{BGz1Njiwr;)xLK^Byay^D>VhZcqf%MfiVwsu2{p1+CAUwc@<IW@
zM!fb-ZiN=eTRHK|oeyb680x7L^}Sa5Cf!}a1jARWMPkvjkLz>pMgo!;dIMt4-pea(
z%aqs#3dLuL5a`t(FaIM2@;PF&a$2)P&dK&R9ft))+=rzQHFd@^7hE}a`|xh=pci!6
z2dW^xMMF%kWpY4P@>SdFns(!to{%MjA!iI(Fjx6sYVDmrW<(0@6n1K=F;b2(7F;fQ
zjeS4jWlCowmPxbU91CeqhF_o`SU;3PWR~*!F6$|->^R28u6CPPo=cZ!K%I@)wHR&A
z_UUl@P_YjC(PAcdK!cK{iBEnN?(I#+Wr}ovarrxx<vl-MJ-uqCkR7+%-TMhGM>~^w
z3{mVS+%3?kop!i3LQbarIL2Ps+RZJG?R>c2X2rzcR!Qh3IE`s^=W#-<B5#_#S^RdY
z3_T+a8mD$wP)wR%!2YPBPZ_=yfg#Dv1|88i1oLJr$Ie~V`4NsI_-=+puB?~31SXj4
z0X=mTV`KL0a~OnLf!R;HP4ckJ;YWVe1iyum@}M-NZ#7HpF9I@kHAK9GL)<2P_`rCf
za_O_v;uja4dtchUh1Z9Y204SQjw6LC5c0-E*9jFxhb?IisbDn5suXBYHuI0HWN)*g
zm)CtaSOCmUw&p<yMRB~)b|4+MZbtIZJE%p%Z6aJdMUT6D{?qKpCQfIRk2kAW&s~Wp
zJ-BXz;P~|}*glO}qGOiyl!`grt+6!7uIvdmMEP(W(w`lfs{LG-^<<?aJV&G;tY}1e
z=&Uks3ewX57$3y-F8hHj$gw@d;DwHYCq;*W!1L#$sxxqfN>WGDuXoVcP@LI>Y*$A<
zdJT_f&G3zHS~|0UDv3Av>KiAJqU*7I<QRe*b6W&Gf%^AhWq*YF4delj<sN|p<5fb2
zqw}X={n{%2%!JBC%b{(_^5q2<Jrp5eM+n!MdY3v-8^NqY*Dxg1SEHp9>ck;2XSZC;
z+WEDMp&nGX-ZU2E&fNXKswpYk4s&V&6(u*cq0%gF&1+yGkE4psyiyS^e|&<ff6D*$
zScIVM<B?czp+@)gr$pqgh`T>yEz6)xiXXG#)s%XH+>uAW3hTbOsy~Wtdz_+edk9I#
zAZrzG(ss-A?@A#<s2^zbQ#p%2cQ9~Ob-jqjF|}b}lEI|eEy0@Z;Rx)vT|nlpM3hj%
zhEM3#Q$s}_<b?DUIED6=-bFV{VqHZ#dGa4CU&LsPR)s9x8WPq$@T<ff1I3GeA92~u
zOP}Yn)7>SV4hX)?<b|2X=#>^aaR(6A#T7%P1n!6+0vjc<9?L^Ml>IN?ow0|CDy}Kp
zNky?71qTP}v7%cT`L1JF@R|m-|9Td)1QnIgUU8g?^6~e0Y3FWwdc5#jgVI$eK#e=t
zMX_0%<+49`#)1fo6wZ3=RT~zrUqw&b3j8*AFMjaMljy~2aF;b%aou*vjM6GYDO)d<
z84~U%8WMWeK{pyozb@aGoVQg(Ib&wW<bs#Bf2UVN{Vgs+KBG(qU({1#mV{11BH?WR
zaBgJIKsaXXVVjCF264BRB@IFN^(H9`g6KmnEC_%a_*u>3ZZ`DjPC<?fK@YPCW>;uE
zW1ZJ8cz0s%g|;c6%$0EuAlv<q=tnrY1$iq(ovXR)84(L9@^}+U+hM2=T~Dz(lf)vV
ztgOwxmlnpfE4%fAXFJ9}bc6?=OZZ4J&{3@e=F@)yF<}dc!#W7~W8nNGm@L}LNpAlV
zC2Fs`;ry0ks)1ca692oVzIJMS|D+cYCs`Y=M>(crP<#B>749q&ke(G%E?$$k&H>lK
zhGminNbi0DJn@J!&f-^J(MJS3gxk*%*S$(WLR}@)a$3p@e`sztUeS%4{+Oi$k@{v;
zoR`v%`nv-7G(tM1k9+-B*ZI`5#_4k&12eHnOH-4N>awh6#Y|y|NahARtbcdPNkKf+
zpKcc7hIcbJ(CY~QJ|ISQoe2?qF9r|cO9t$aSs*35Ow)kxUz_p6Am1uZCgY3evY*Lj
zVXRqn(TTVg+lMk$vwJ|kfCB!(-N}j9hkq6l3*?6W>IboG2Mc$FUa%>jmiL9PX`Y~&
zC;q}Q2+oxY&koVzEoSM6g{emx(_fa-amS^D94V%wQla#sWc3~D{J$!PdJ=dE10~4p
zj9nhhG)sv*$XG+rr(0dm9U_2#=hG&nKQ!!o%lnT7tG1klWjFV_s}2{*Cgp+N9>7JY
zB;VuKLz7L|DxZ7_0f5}6mE+Cg0gj}yYLiwd41m(**ozUYTn+pRjm4#xaegt0$i%rz
z<LxIfYNN%I5~I?}xThDP_`$Yo8nL!g8LaBz=sA7}I8YBm5K{{!y;mW;LOXDe_lLZQ
zY4XtXi?pl1wBsZVEN&K4>}F}~+BroO6Mea>1@*hN$<I2H>z|=$-vFfv^%<r;2S{>f
zfBD^{in8wC*7zg>si=l^m&(<9Ro;!(J_ZVy1yk7G+)v(*#!OHkulxWU2>A-%;Li9A
zH6SY9`u^=(0dOZ2Be>Uqo+u8a__k&1JzZnFy*|dm@X!K^QD4!Ej}tMDHm*as{0rVq
zwAupg5L!<29n208QpCqg-($t>#Rz3+GyF0;AH`@)n&ceS&CtNQXz~Xw3b?I81K?F3
zLyHL3x|4NbdjC=;T}(FtCBDJ|5Wdu2de!vy47Fz^SpxV`X`*w)gh&fV@u}gOHxzL^
zz$d%BCQ>w^e0wiQe{(`Jt|!X6H!!AU>Hty>;NV-iMd8SBy<*}2^Y`rV_e^4hoEa*r
zm#V*TY>@!I{e3Hqhc50;9}m-ApX}NsF>Re)o<y2+*l4|T=mdX@R-&+N&_7GD!lMtu
zqotwJ7b-<F?rkmw-g;AG<TiQ@`-V}x_vbMw1ggO~WP-OvEs@7I?En1Qk5BkQ*4h3b
z5fT9j{Rv)B9!PVjit6QNNa-R9E8|?guQQ2kKtanDyAg0HUzJ_!t@qGjTkz0LA|kUf
z_`IqSk+lbsNuB9-Toxt2y}A355CPS|<WD|9@p{wC80Bjg!(-C*@CHx&CjLIXz7G&z
z0%~3mioq`j#l9q^50{ct6FDEmQ%N?}(dBk<;(N$oSf<-uTWryuy%X`mH!YGZH&?pq
z9{p2pGVQj4g3LWJw`ksCW!KjVpcMIKT+P&K=u{LK36H_3ZYZ$YdE=x{OV(ZyJa~XB
z>NXMb<39z!_V^~O#3D4_LqNK17LN~tmTMNr4S^cbB&0?lZG>{q+YMw!Ru>0fl$;);
z**2Ih{Xh2JJF2O)eHV_7Sg>FL84I9NLsb+Nkt))Ai%1)lq97n$y5gYHrT3yz6A02f
zj40BJNWc)vNL5;-B|s?W-l+3B@67LfXRYtAv)1`<3fcSFPr0AFT-SAb-f7QIv&Fr6
za>R8HYI%xOqFyymF=(q%R`i(rs-26wx_i)ZK>mfighe;KKc7wnqy)eo?oFWjFK0jK
z)UUFsxK!0@G{G#e@>w$wpImlPmZD10r07!0x*MPPL#K+AnTplRGBOrz*|8IUJp3j0
zCA6)!=)oIVcAF$QuNx^T2*^vAG>x}hm$viu4~IDnPQWW81~caZITA47At&3js%Q*m
z-P<(wK&<%f(&KODBXScj5bMuH=*dWEG&~8AkQ57k))6c20EB7O?<eXAyVZkTemq{w
zux@{y?i`ZqX*V!ycQ*qcZp^PoSa~Z?WN8%U4u1|v`uHI|E_XfwK{03;cLv(zs(`KN
zFwrp^z~RbQ<=QQv4)Vzo0M4<TsEA$!H$ALO{&4j@!ZF|v<2^#$L1czOm7If)X_^4e
zM}306zJ<`fD4ho%raV@)GF%jLT+Hd!<i{>gJ36ei*9-zX77UUfTu`-muH)BGY{q74
zVw&9fc*tKCL_JWTB6+nFgqUJL>ACpPli<wxTrW9mVxEx0?g#cbXV*wdrxLt^2P)YQ
z?tv;a$iy*egR%l;6&JrqyWmWpv2$xAhp#5iinW`rGc&$=nm?xL08lKoixa#5{ijYN
zp9gi~4U9jK2VKR-u#jJE>-#0;;7C)VHU3zJnx%aO0!OlVuhY~3ywLpCLKBgQe;KXd
z+1{q#LC$DY@nKhS{Zf83CcQAsI<2bkAZYR_0hizeNF#=IYZ%rsf@}uyWsb_PPINj?
z7!~0x7TyJSG6zb*4?B6G0n<Nbf{T2c?~t6)7J}VKgQnBsgU0gTCO+gmFL>a8(3Rg+
z#q}<6d+@)lK)uMfF)e<c1Ex0iwd*4S!XP-T=_|{6g;kj~yptCyhyU0Fm%YA^PCW}T
zAwZD(#|Pv?Ur1pPG14&7I=2__dCclP#&%H!G4%e~?2}EmG_IF{pzS|aDa^Joau+CQ
zO`ILojcyA{q>JRs&qn7U9Si^Q&B3R?4dU&UlcV6E-T!G2TD!l{=7q3Mw(S^ioLG7?
zn{$rC5nF)2fvAOOZSdy6_A|U>jgJ<{O=noYT~(`Ob2crKKL7w=3K0l><f89k%vtgz
zu6YZlxVl0`{KAsbxEsfMtX;dRC9%0Z^Gss9{Q%pzhM}h6^IG~N)@HRJ4JCnqG?}#l
zVA~3y`*!>IKJI2@Q4ew=yim30b%dciAq2kcN@CuPqNDdHn8eBO`(sJF)pd7J$prFX
zoG-uz-$F(nXkf1h$Ea8mtG=-ii>>>W8t*xip0(YW>SWh#D8iUPE>F%2XgBojM9B)^
zD@PwQ?%16X*c^o+@Jg=ttx?@*5f;8_gF+z~cV`<yZvR4P)sJUC-6hJRF(9e7dt2D2
zJoIitqw3>KN#j0g`E~x1=cj*6V}ceFW`M@P(w94PaigNmtm%k9&Jj-G5d9gb-*dEg
zi8d32DpW8TCg)W*j`;pHnuzjJVTa#XMD4GM+pB7i3y<yrv=|&(JKq>U#)K()*>FDn
z>o98rLcsQIB;y|S#mP+PyB-)J?$9tR!sJ;`Zn_H@C*wq8ID`*WR(W)!&W6#chcvpX
zG^R>S6W%ce*hi5l116s8k!MGrqDM`QGh1;3-IHbh<vi^oCQU`{=Avc&x~mP&t!`dt
zCS6Nhsch<+$`<00Mrt<6l6N9(^LQp}Ry$6tRZi72%wIMW^~e1VvNPuaRTRsE_lNPm
z_#H~GwdkHKAN&Dz=du&TD(hQnqBoe)UXu-T>3`%$NBcBXxAR-wj6O0@@5p(3!>l4#
zLLz_Qk~C@Oyx}9Q8P8(2L4(zg4$+OnAKS0oOd@^wMaaSCgO~bLY4AyRynr9oDZEsv
zA!UsUf*mR#I}c4ApQ$in>i#;Y5zz847;6`~!#T?=<YHLo>)fxx>{*p1%@os-(2~_%
z4%if86eFLoPdz_3?aX+n*n;OlvO{6>0lz@rv+cL;2W%H51<ZXLOLW1Ym_re?_H%fY
z+cIDy8R9`YN4q;y5OA7ocZx)+u_$qn)$6#E=|y8>{AOMMF&BQ<4VOpPTFIjF2Z?k~
zC%xQLgN!c6Oqa<KOT(aEPy5s#%u?g?R#1L5=?TY#!=f@Lg_yf^CS>v`iy6>fuV=1Z
zbJiRymz<*U?sDs2rAYF8yHcQsxs<S`Arss(-wwHU(-3dwue*4qR17&I_1kqHY(77P
z`CM;fE)Tsyu&gKEE9<QUO@Mj95R~=2NaxxmKa0$9eYSfep)U46J=9;DZnRKb`{+_6
z#`zPc!{M@<GbL;Wa>S3}KFz693@&R%ZMR5`7(-vQ%GANPf>E_m?3&3q6W+XbujbgE
z4<cb!#3_qJ8k2eaa+A1gpgzL_hR-B%#-qP7<QT=Z_j##5+8<{M?NEX3h=mIOH<OqE
ziCQz}9r(@$L5I0IF?vN-QWCS`sc>hKgJA47CJaR)s$d)MSecu4mM6Fv)ke?|)#yZ-
zf75Bw9$tKlr}V6Z&ByUOAg+qsm_TG!;PS@}{dL1B0nA}lZd{=@@Mse=ntNp8q1gFq
z99y%l*4sO8b<eaD)L;>8Md#h{-WCs&_L!{mhf?pu`AW>NeN0RTut+ht{ux{BQNoM`
zk><mCVQRkc`-KVm6dWK=1vT^U7BP(<Kh;=J1&S`GZYQO`3Jt5Zm4t>#(lkx1C|+q6
zmg=KL&8R5}e@d9=M)4PnAsvf}^#6Wppxu(T!hP<keMf_sIKAj1%la!k$!lRAX-W}_
z^_-(__|ZO#9(#(lJ=Xl=LBW>u^Gq1LHqZ2O+yBRuGh-+XY&F{51B0tc^U(Cjvv*Rv
zQ)TwlWVX>|Ol$Hv-i&j3Y|RyH6iP<ORGRIvffv%0h_miS=%^OqF$s4;0bAFbxyOpP
z(bM4YeDN%fK1(jSAY32Q;>4M;+l{-Kp+FS@8~-`gqbi8{O}&%s+4rjb17wr_evEl-
zUwCvV%OF>Kf)<R4%tXG;LuT5V_Iv2uo1}s!)-$G(QL;@3Ys^$DCu2VP27{W>)iF#y
z8%C>v+#-`~RUP4;ycShpd!hYxQbPaR+|&gUvS!IPyrI;-%eDocJ;R6R24cRs4Ecc7
zZ3IEL1W+ceX6OX$WpVeR(MQG_Ej!+){JxxGBdHca1tKot{8amH-8Ym&GHHMWwcL34
zCRXHO6R(pU=dMe-YF^~Z)sB>et@5XQe-F&g=N_gQ7_(xOj@D@Rm^uarb_q8(XJ(wH
zoeZg1>^EDK+fSTioD(bP7>^TzwW=9yasT30W0oiy()XN9<vYHH>;uJ-HG@l&XwMqI
z*qsB}<Nuqv+U@UZ{RnJHJ{8?EhX)2{FKCrA!d1*6e&%Jej~7F{nIWfH-#>O}Q@lMB
zrmnJh%yH*3vwe-?wRuh@yP{iEX%Ux3O3TKUQKuzvi&{H~<)!81M$TA+hfQ!_c>zG*
z2c+i3;z7R@>h-(-vP0NPzgu=@YQH>N7H&!2U6p$OBqRv+*psfMd3~@BE}sq^g-6VR
z1Ts!A2Z2i$nKJpJv0%TJ>XI<cPP)>fY3&}5c^0US#{q+bxS#(yO-=EoaItFdd$F!;
z69bzlyQLjn$HZHgp!9K*TK-@Hy7)=w<zC}Cg8}?il&qWrvzwCl&kqV;mI=Jgt8W;4
zus(ugpiz3%nao*MHQAh+HGrFL*dRsYi=!EOlRPdK_B6ZHu(;k`es#zDRYapfRrJU{
zUi=i_DPMsX{?N<e&aN>No9VTA;~_B~0LtQC2|q8D;mjV)mrwL0hL@Mdowv0f(@VJo
zHlSK%;)AiZVII%;SzlQR%;gJ9O>ct=;qU*ldW{|@<<1d!@y4DWpl^Pg3vXR2I5;Kn
zs<KY`<8-4N-0;8NubH%KU8B?l#)Y*MWg8h1({xX6gk8UDXVzVktR3-z4k1?EFavo8
zC2;OyB3SIC{^RX$-bXFWH)XYhhLmQ)6&i2Joon=@+;b&=<`7M@-bm_iJD{I_e;031
z%i5e!w0*L;t!y=|Dm;CKNjyJzHQ-M5P*ZhI$ES@txH2$Y{s4_J0%M=80w_$I??m#)
zio^pTQ^b+;FW;5AhyGFy{@I7_srT2MKSkQQQ&KafsqVX3=2vT{UY3;RZ%8)D;><~2
zyUK+_spq5}+#`C7{Bf!ziJeB*VhgKAMU0FO92D_RS~u<wogjaS)|>2{z(lKPiMfmi
z(>sc@o*Y%H$y4rXy^?IV8KeDd^XGkkeXoN9cOX+3Z7Rm)6%udj?&XWArnNrh!w^S<
zT-aLX1GKIy`h#wNIo=-I@qsQwJu&?fgBLq(US1*1p76EKNgf+7-rFRCu9%$NnWf{l
zJ_I4H`mQX(Pxix9V*jZ)*r4fBv!vk5@3MES;39L?dK{Ev8!iphw*p<aE~?LFEF-L8
zBy01^Ea#$}SMg~|^FWVyzPgnZF!<#Gg%ee5fkMe&P?VL{`Fys9`Yu>h_a0@)8atfw
zl}@kcMnKnmt_>H5{g_a{zDq>8fMK<6w4NmSD~JLBXug}Fj5Xw${kR|Vpzf`DHOGIQ
z3y!Q(VJcmnS05aF(Cu{EWp!3Qsw#o_ZZe$Q9(Bd{usWA!03WUB>>(0~m^a%$wRVG*
zBqr+qajUXg{FbIqUqfF`#62(YlsDKys6GBK3l2tSS&g$G;3ye=XW9RhADG=Si?HmN
z3%Ws;)PgC`%@tUlVc^B9jGP(q|J`}^P$2_l{;PXS3R3y;+!=nFz19%J#JEfkGJ_G#
zD+2Ca#AxxX0NkDVZgU$tEQB;aV(Lu?C|2n0Q!Y3O^l2Vxa@Cqj(pN*@=9bd)-d$zA
zFi4r}XG<>?4z0JJera{gyi5i^WN|R9l-`~2hm0EY0v~=)%~qgsj|zince+EsQ_mG`
z{PC$JM`{si8}dEe-gF+2jr6+!eoBiy^V}}p(mAH9VIFmnRyXa?F)az&lwrO6(y&r|
z?|AQHPlM<4Mpt1!SzT|qUFH#z3_e~Z9mwu9y=Jv`8Vpw!F4;Q!Z|4&LEnzWRW%DN%
zV?{At$mQCWppN%Jn`m;(0@p*PWniY?`!c7+3rCvWytUBa8h%KrTfgEyK2GwEj@qsf
z%*vAW8?PxD{ON1A?aXWk7nAPas%ew<z5a2i>Gb9RKK*=no=6HlR05lM2f7LWeE*_T
zOT!Mn6+2nR=SAmd;&-ba?v(&mKb6xqat|8O_r{uhD8pkU<7(O(bdm{{rMv;;v%%6f
z>o-YcUX?74Ghm9Qw70%V;<|m1;`mx7fbZ5?_gbvvmNdIRI}SK`l~{m%%0pUkf6qqz
z@Rzj}?97DIKg3!N`(Gvcyoul((7ZOl2qX+sM?$B*x>*VO4C&k?F~lGk$k3Bj$ZcDz
zlvJZ~l*}R;X?x7P=FMScpgevIF^ggl!!{2Lrf3?$UQX$PHosV9T(Zl3LjnCFaR<Kr
zY>b$q_#@Q5)TpXel|L<#&;4vMz)OUUxbu4+#PaNo@pTo4Zy_-BvwmO-um$M5^&_<B
zjkPnnR~IbK>%P)pyf_2sW%#tne|Y8~0oXFahgVqt$z*`b@mGusE|4(j@_YOb@8P}!
zW!u!@EH9QxqX%!Dwj6d(;_e~XJ;L9eEbs6$%)$sd3S;}*?W07RpY#hAR2trWYdDQr
zH^B$qrC_?9jC42$uWGc+p9>KxDHE(d72B0jRUH#lRc%N|BzMWo$BZq`8Ar$=0iMoH
z|8xIC7^A3VXBK_tAUZ7dc3!|C+bw4PtlImDRDmQ)Om(}MYgr3Jkt=}&?DcnIP3R`C
zSSQn(bq}NY1iq7`*_o1vTXP>Nb8{P9>8Sw7siaN%TX96|s{?Z@BxIp~JXK}8`hVZ}
z-~DGrFct4P()`8!73rC15*7FIxX~rMnH;c*CBNn?v!HJ$9rG}wRDTjU`dL$Rz*?3l
zWb4X7%9p>SC~Y?5z$Cq_##9IqrD3e6Fzlb^OAf4MZ(J&*Y5deit6MYk$3~el{)bgj
z)AGlqd|2UdmL3&QRcX96v%4UB(7DpD+{Aeo$7t-NV{OX&n~1qwP$WBCI73>L$nc=u
z9VA~8IcxLNMfkU{2D<j8tL(b8w>6N%K9Xxp0&N)8>ZP|q)Ln_0USg6NknI<$x!I_u
z(a2a-N<Y84T71krxz%B>oA?kkPDhe=KaR^^p|+wD7{3F4;u+z<J;$BPlb3+VMuF*i
zrEGuhX-<up&>LWrZzLsG**rHhh&d%B_&*Je15EdjOI)1zj&R)9S-!hI2c2rLnuf#@
zO~}^N9flr(-#z8Owyhep#Le`5>bVl{2l|GNVwzOk(Yi>EmUS&dPLPthiD<L^E$j+A
zU$5KIr{Xnx_)L1GovNG7%<hWBOd3=AHu|`wD!?1v_6~?0_8-E!{mrlZ9^Zxox}H(w
zMlQvoJ_4PdnJ+Kwx;x5)6sl!0ZxU^)oSaEBi<TnWdgU5F<l4pivBlYls<^7eRggq=
z78~ek?gO%jE$FMz{dckgW^h!%?VY0pZa_GEr4TbYsQ*m6cqxc=j_=--mU2_(_;!=n
zDl#0u#aqOekuPSVtCCy{><1I%XBq~^<7}I~j6cXzI!pH2zL$bq?(CXHO;}^KQSqH_
z5h`*1fosVmHO83-4~{N<9*6_|Jv>xI<2kf=t&JC*i?4+aUB&m7+#0SRlBP6eoZk-#
zXid>7Gg^sh&o1Pv+TPLr?4>w0oqK=Ob#U5Ol&K>a9q*%*o-%Hce{-NK!HGjU<PLBr
z#Q*ghwSewDH!}KU`)GvBLA3vv`q4-hJC0ory~*f%l`jKk)`!uSU$Qgo>63JG+Z}^5
z!x-~T%v~$Cg-s*gYsJ8f^|3`auXznc)5M~Har2(g114jxV|=lOG``#q-7e8tPb${&
z19RrkVt5I}r(ZqV!7#xP&vAh&S)lYS4R<Hx_ywusKPM~z-+<LSn7-}QC~^mJrj@#_
z6=Aw?4(UB+ym`W_ubCHU+#62)$ulZF^?Ucr|D5B2E;V3m2@KzVH%*A{YB^w{DYR!<
z?55eopX%5%CFeChJn?98^^Rk&5BTplgRxD7M}UA0B<HVMLX!UJ*`M<Ruv&-wp%2w&
z`amJ)@esY8+~4iB6U_A5rr}^hJi(J~Kc~MS74`jE4ZXg%j%g_Hr_9EGvep0Zhks2D
znO{FUU3@*oZKYcJZPQEkC)juW#u`1;W8_N7=~yv~^WO_GQ_L0@Hv~CTqu7&$Mjgy^
zQeda09>&B+iN9FaE7=h1sTrwEju863oKpi;2G+!U-}`ezR^*9cZ1Xd^Hd^ChC%~V#
zXl_G&b@<$Ia(wXl@2Mx}L<{s_Km1z9gg&?VW4?$twUOk>;R)=gqIn@-6bc2|S8Odr
zbk8ByOMvwCamY`gP`~}xuYQ4nqEJ9Zr-w+{_uIblwTBEY3iSXG>NoE2;iFXUq&eGq
zYUf(zgHTNof=r%+tb@zgD|IaOLYuaH@D#>jhE~455u{v?ee;Amv4}vZH}R84XY1T1
z-ytXbEO^KNd6}}ZotZyJh2xw#;K|!gp_|H`?TT*Cl@V*3j%nW|k^<bppjtpt6oji`
ze88w>ii&~;W<u<V(030VoBG@J`4wy8sm8_on%#?0M&?Ei8-T06)Ptm9{`-fIhb-4i
z+05lH=fn^QWi42Yo7wJkU-iWBD)9+;FXu}vqI}^}l^RqIWzoOS)wQGkeA@e$6X|(o
z`7&SNt(Y+oj>Ty4Lz(5De~CNY+<Wx{qLVYg>ePR_ju7xBM0*F-dY2*Bzx;g;GsgL$
zj>@vE9aPc(d(iKm;%?bRsvndy1e<{zNcvGkDiVc4XuF*{hF4>Uc_+#Nr(2NZBC}Kq
zrWy|X-xiJse^}KfJ9;l~=qmmzvy)LpX>W~t&OG+vnCLxS=@dr@hxb9f0)+y-0ABvR
zK<_@)_&GhYpkllaw1uvDCcl+XeHG(0z1UI?aH)hU+t$ev(SM!ag&|%Z=aZ(%ZR61Z
zd21xfotf;dBNP+bSMY3(^fwK!*!f-r?u;lDTu`V#z8`_Hh02us^1_O-3p1<hmV<Z#
z(ae;iD~Uy!5Fg&wqTd}a(*uw_(YkvBSGY6#4F+5A?!UEfFS2?6^lhXb_!c8>D`^Dm
z4ce~nu{B#m-}S-TQG-SM|3sLk04(_XTkS$hO6>*0fnLDb^CMJK&Y~q5hLwr*Ae?lO
zD;ASx<p^!x3RL3$c4%~6W$Z?szkYq+lB^-{X1((Cy)NA_c?0O?@zchBS<0)<gSXEy
zERpZO=$3U<%uIFcu#R#^CN4Fk7%G52ZD=siNg9SMx9It_xxg?#8qDO=w&Zjwj67X`
zR72^nr2$)fS<xMCd?bT0^xC#768*h#SXsaYL^tk>8K;)xVi{Gp$g&^bqE%*^h%o$Z
zv=O@1;Ap^&V3CxFzn^``0hu7_7bdp!RLdUsxL)r+?`6K%qh$Rac33<a!$NCqSg)}%
zB45g{M89e}liz&YN(v3m)VI|GaZ0V*K$`=$D0JJAn9{_27|YoU6-L2|srOo1YOVpN
zhaqqivmGq-%q_S7s{Bp3^ZPNDv%5+k1PK}V966QiY2N1*oboLO53E%mNxvHws=X{{
zFnTQ1>3it4FsyjMJjVJyw-42R+BPEQ)?OaacKZ2A$Axm+5+Rv%btrU4^2RHTgOp4@
z#g5y2XYF}gp7K|u3Qso5ewB8(UPdX2L8XC0#`hzH7{<_Hv-Qg8uD8rRIP)swR`l+<
z(LUDP&&j*A5>*n4B<906PHLYYjkj&$=MHtn8lIt&Mxz4XPF()YoFWk$;fZjf+$BeP
z2Q$mYvk0;BbV?wD29F12310}uW#AeY)&2VCr<cIYYq4XJ+#PL8@C^%m+FM4G8tYz}
z8sasn%%F?I(f2kteDNzdoZZa7<t-G4;1NIU@jF3$;427)bypd$8`356#)L3lb6~dB
znO;$8K75VhaZL(b-M=qOWN0qZL_7Hv5aJ12UcSnexu$YpyAJ)|p39Y4D!d8_3*6E!
z2sB3LT78+KTr0I0Z%9G8_UGq8+2wJ`kLLx3ZK@vJoiz5gGd}sXsN@39=88$1L~!;8
zhqrta&n*TU(HT?qH{UXafimJxGl7K4F<U3U5RaWLIUxwegj#oBsUx18m_vo*+4*es
zf|(q`Co2Z?rNH+7FcCKcaIOrADWKPrN}0Z%v#v+IANEq70S6XFbG|-t#PA7+m?p@i
zVjySxOxUt>w|6TjLuvii*nr(@KsAlJ{H~~y(RghpxgG7J0Bs>*ILIxc2W+~DNMmAt
z6BGKCUfax!VKm1DIBNhrKt?Rr%7_8&`>r$s)0@L)HhvkIU>C3dVChh*%WhTUfTe`n
z$2NdNL|?}GsEY|s;SpEEk4=u3+J0BbYfc3b_MacAcp$A**euu-kpXO07&%vK6mRmf
z6q^SY5#gl$7~5?-5r>c51lqCjwDcA~1G~lVA}#c+-~@<c;1H*RcLslr><_-eQqcK(
zvcf2ZcId8gN_L1nt^bX4p}KaF%iRV4HSth0qfma|CW7|vb;{G~K~_3*|MRi7R-d%T
zO}WD_kRnJu0!KA-BbqLFM^nq1ok8yJ)d0uhzz3e`(do6Yp2bJjwq`xyq{>MJczFuQ
zL&M7v7vkFUy2v9B8Fld6>R9tenR`B`YcXQTRjwArj`Q!_n_fm}Xr&UHn>XS=(*E>R
z0}4||bIgWImEORbaC6*}xIBDw=H;J1+)VD&RRJlLG7jIMK)f(rB%`R6agBgM-~E8p
zn*n_Dr68gp5i2{;H}2MVI)grLx=EPwnb*~WCgJW$_G+BG(;eA3y;cluB~Xzdt_Y(<
z?n!z9{HlM<={)tb3w+5cXU164bo?O||HP15q2}3wF^nA_IjYM!OR{yZ@R}?~U@JfU
z7)iWq@!mG7vBv>W<K$#4Bt%*q>~pMcvJMKqtDTBoOL+4(LQAv9Vfqo@Ps<IbD#PS@
z&e7uJ6fdVnjv@!@!<L*yB>5>so!=LN<HQwP*r-Nj0wy_BOqwp#Z*XTO(6*#UwIOkR
zSNmrBL$mrmlh0mo6r?VHyE30%wJY*!W_6;NsZVH4RC7n0+O+;Cb-2aOxU@C)#a)J|
z*(+miG{C5<%MxVQe1l8v>niv8MybLGL7P~r_xrP2vwXf^UIKx|2jN%g4d}vqp<Q!N
zaVg^?h@Id74PKbRz>ka=>6ds*v%*N8!qWWRsVQY(1Uc0^+z2tlSg2`a8+^6`i~!QH
z0GV-iz3>7M9}!N|>y$U}gG8Di+KPjc$zwYv?&yQ)t4yJNZ^&82)>97iJHH?1jhU*&
z9fzCf)2$hyu`Wf}4Nrmc4G;P?j~9e^jbdf^phIF{Q(VRUmzF&iamIS5u40niO>}YH
z(@p%5%H2nnmxiX!b0%(YSum<*e8Gru{&I>~?OcBS^rylE+F;_K39$8_-^%4K$xY}N
zw@3u{)ST^u?o*;~tbWfxR9S8W9PX#F)@>~F{pBR}PVZti?~R!v(cDLkVd$JLd~5FV
zVLMpa{Sbx2uuk99HQc4GRWvECIxTtcV%KdxnvTq-m{0JUx#`AW5#EJGe}M7Y=y4)b
zT4~tFx&V{Z1UGW)bJ0oS)n_K)4|7_u9MY~X?GEj{4T=sc?NDl6P0BFJZuIheHJvl%
zIafJq>GO?UA`tlEFve~t=<^mrY7d<80~JF}tWF}<1HBrc6_el0D!@4!QL^)FlGmN0
zd5S8Disjo;!w7#QD|e{z%LC^lPT$?7sZ0*r)WT3rE$2LTv-a-}mLvYwsSLI_pQdbX
zQrL2uA)QVhv~Mjgb9gf~bv}(_KI!mhH#KO@Y?upuJ^!;IfV3Z>Ds0a?cpK-zo)79R
zFWShIK(EW_+C2q($+BNZ_3lEVlo?hLx`=G<i7233Oeh^Z*V`1BKo6}h1+!Y*gb#R#
zju*~BUq~e2_-kW=2$c#k!nPV+kRUsjWnb548*Lzb5Qi|?X{K5fCMy^7838uL`S_0^
z4E%T)^M7!!YPvCEQagUKwm{?lx9b!fgsb#mVt-6}=+aOVdE$ZQN6bn7^qsq9{`r6T
zqiqGVU$qQJzS!viQS{Frq~HOeMJgy28winrho6Ai=`lUsiY0YK7lg1+E*zircl%6q
zv2Q}t@_x0u3i-1C%-U>S<X7X98geF$gl*HJxT$(jZuC=Wm?^oNg?JV)w<oN>+2Sr)
zJI>U=xP@912YMc8U@Dw%`KDVumNUdoK*$$ULmQ7CWt0Xe86(6oe=SOJoo>#5%|3YL
zn||GYruK&q^3xLi|M;WutwVJ*wJx)5CvTjpM>NU-DflDC3}CLtEANz{_d9+8^$dEu
zAZN`oy|lN0{M79$G@cpCUW_$BP|e@GgUr|=%MX-aR<79K;>Rs)z+q7Q;n%?x{`QBb
z1D0ezVwX1q9QbwiH~Y64+U6m)9=Rj_FaCjU9u&S80q!_CI*>6)sQDl?Rr81IhL4%p
z*%0`)2iG_6LF`b&`<krtC6(#k-pmI<!VLu!JY-f<EK`4<JFG1o`a+pr2>xs8W^kSv
zCnIlkrWd9KY2N~~rt8b%RCgQZa<ioZ3Z={B+{N@V2Y%2AF((S8V^obahlZtu7Gm&c
z8cxe{-ye{;`2hZ<pz@oAaGyxIA<OsR+Sg-09td(-C{*63A1`nOOwGUi`_1pqLm{I+
zq1TehCuaa_j(C_4jv_e7#Wt*fB?uB?K?Gvr#Uz`ywOb&@!nss_&33Xv=h6IjZmx~_
zCp7q{Cl|>9x4ax*Yph*L?it;(R&FBx^$r4t?dtQj>Y5SXAxz#6Uq+9(5mG+Zy_AP;
z_vf|}%IohNC7Cuy9Dda0a%muQy@n63Jy^PObdkV{!RGckilT3gI7NBTI*)bjV(x!&
z^xX2RkC!TjtFTlfZKqI9I(B$wZC2S3RzDX*fGo`+t*{1ogB?5jebaLxf$73^4OGDi
zT(z4gW^wt(G=ck_h_*LX_LkPDhhy#XL;<x>ubw)YT1`xQV%f3q(VdXFxYOun<L8U;
z+-*2G4fQjR%1ckBMu>tcMFa+Q^9nseynf-;ZC@%V<#q49z(lgUi)OOhtFnTNCujW`
z^-YfUoy>SU(Yt}B2e!%s6qrN5JnimG++!iGR1VSHdP5`Q#s=`w(jPt9H(5K;73DIK
zKRhTjohBicA5?JsWMe};tMv<Yp;hwOqXl=js~g-1tx=ea3@I><7ym#jYz`oVQbn!a
zlj4gcHR`1O6}bryb4O*112SPpD*m{X^<}@v!s}=!&0R16kP<*al?#PcRNFlzX1|iB
zy_K|pNj~<zTi@eZ?^DKWCN=5tUN!Agr<GcbUtMzGfY+o#sPreCV5y>p1bHpv2Hh{!
z_QRtSFGG?i`Nb5bM@uzxx~QZ@0$ul?X9`NUo`fAL4t*++{sNZw0h_-#Ja&cPT~w{>
zx$^LEoBg9MX9?k1Lr-4?bnbeWl@F`u4mc`$jF<-uu&*OI*sV4J?)0%9Ys16wmz4L0
zB{eYZJa+C_s#pK4F_#VeHPY2=3G9moTI;%z$h~~Q9MjaGz*0M=BOIQgjZ0<=iGj85
z!_$kg?Au`{i+}%S-q(UT!Q`GsedA}2<A*}d=?>bGLI9_aN(DiZ%?~WoydL`Mc_rwj
zQ@p=cyR9|8pNN!y{JTH@r0&$My9Nc9zj{TBi=FQ=kf;12Wd>$W0v;U^9-)U>@P<}B
zDo09YI1v?c*Y4tyf)dZ6EH2BL;L#Nd-{FupeTiLp&A6-0=RXhcM1`3Wtb{TFO^#2g
zthr-tK7GsIb5GC8a%uPM4D$m-HOvE^&Xe)_mid>?iR2ZN34Sy$6Xx}B6M1a$Lo>??
z>A+%qnP+12TXfMiL&em}OV3+#CdNU74J3Xws4A!vqA)U90K0b`6Eh1E%%pF$EpOEn
zb7pI~ycNZ04u`nBaOFDHrp^9E*z-~)V+rx}vg+PH>5S^J0D~upA44fT=1B{uMpWKp
zgQZ85K2ryF(Dvcx-CCRu>v$cReT!}BMQOy8?d|~;kbRniGags?@vI6^&s=@;wHPZM
z{(8kx8>Qf{#VA!L0V?p%E(01UQD)P|Na<8ik84;IvSq22zN%UI{QG>OuWTCBLi>&n
zmK3m-akDR>PVD;j1$13#(@jGtOYrX6Bd#<?CR>g2pTZshY~Z*Ui>*#Zaiz93sVrkg
ze~VNlSU!ZG(y;UFg#UXz)Qd3OAB|`qlWDuOf(My;N}7g>C%bHyhb@<r_PQN8w7g*z
zeL1EeyDB(BVQkjx^vi&_(i=9;MrCVwf_4{k(w#4cCZ|Hqm{0GvY!Cf~xR^w$l*&C+
zR2pX1EBI@=-gJM0rwTFpjsbI)oDkI!uig5286UTAQ|Y8XY3n~nbJ2bzGf9C~W3cyW
zE82&v?l8t%a+zv5|ImmSX0f);vPhrp-lNj&%I{}nxYuCuuG+F`y=_e;si=Vb`DD?3
z>e01v8Gk;Smmjt4ezLpaTx7gpPsX0MxOOrRY8DVtCxATh$H8;oKK<zYTdVSGORKLa
zZ9~uFfRJqYRR*)T{;8_%z2*ge&$lICXQO2E1CJzfQX3U`9g<5-^Lru}F9{rttTK}G
zB641Xc;8iEz1&5+?K7`_d$rJQ#%m&T@9W!jC2y0|6A3pMF-NxTx3Uw!8@rk+{FZd&
zzJ8Sx6vCTe_wqwH^Q$%83ID}-m#pM-Y}jhos|*%jG^S%@xbD&)aWW0@r{_(E1T*#A
zWttcHsQ|iJMRb%mWs3F&Wc*la#sP>r^sIg0!}aKwpgNaLx`KMjjk&W>D}F(=`IH|&
z8O~#AcL;cLDfX~U7<xAEs;Ag_fpDEiV~@JPusa;yM^F<Dz@@z4`7Cj$=KXKx9GH&J
z+&$&eq;nxh&ds%4PM_?mzc@14<M?4dQ$W8g%SLF+2`_qqpw#<wyp%KWB_r@9mkqyv
z3260CYM$Qc+R(CizyHZn<duPu3T#S*OjWcvHfeA!J&CzVwmTFM0;^4_r)h?_?aZR0
zKhkXL`;y5;SUm~K?L&)$0yf&rhRZ2Qn7ybW#M@&8qxVSs+j2b{`ZIc39!qxq{1P#b
z$V;G8h%lYDMwpJ_sIsBFp<?y9(no^IZ1MT8Y}B`$Fg8rnJg&wRagdkCR@JksY~O<>
zFp0+@O9)=V{<?_hf%kN^7V^b*hxgbiLeNoWG}kvqH}T{wz?GSG80(5ko2ZvKP7d1k
zU=jz-RQe0HJh(s07eud#Ol^AxBW>@AOR$}u1R`F=gUsvHUvqO8#&{18ML@<VWw9B^
z(WK@x^}5G%k6yc7?O`Qv6xZfGSygVa4K)jKDzX<Nf)cpcF(1Mh+Jxt%1b0Z@Z{c^E
zo^Hnm;Jx`NcX}LrEZtfi+Gs;j$}|<Ns>kBFGprl_aTlHP;()gcJxdN3IrLPwRBTBJ
z)5|6vrU6qO;JIaL$>Dsn0s~d=^cg`if%vl0aI$I5*I2iMyv%uqE%9EpWyjrT>z=z&
zcHn$&4x?*e?a6}aTk*%2Gt{iksCe5II9LuF5cDlfa^ucdMns$*Uw?sH8MU>+Qr(o-
z@6}xsnaFc3Z`i7F#8X}kvo~&Eceq)FzwgB~0L(-v(}G#Gf{bTktJZd$EjI<NIdlM@
zyOF#12<0JPQiIKh3Y(7e)3oj>Qrx_u%Jpgq+19}_EzjxYfQf$QlGRBk%on~rHi*GG
z@-6SMNvI1C)dgic9iwiSuuExQSjzdA>ulX{!IF2=w{KYe;zXA8G*Dfo31!`3qm{-j
zyLihtB{U|lC%7%mo9Mc1)R3|9H3SV2tNVVJzEqMHX>*elcETU;&!Y1l2t&V&2P<~-
z&nK+<D@1qumcmyk$>~~4yiy+I*01rFcP<R)x5B@}Gz}@;48hLH`DZjA?#FE$2h`C=
z_O~478yGNjRjTym9E_M`uN2>PckhL_m`Tb})DYD1kxk6g6zIwa%`;{QY{BgpY1;|Y
z?iM)O#%z3>jIWMRyT{x`k<XLdILY-TnZ=h5JD^Fzp7$AtZF(uvV~N`|co8l4jl?A?
zwaET3y`3@=Aj@G?`%Yglm{CZ#HcFKjh@Hy<p&Qv^+B+JqfE3|bVYSF8E+0u81anxR
zQZpJd9-#|C^hn-x<M?nA*|Aa)>{G=04ldNwU%;u*gfeW{g#qK-Uc>oU>-NrVx#d~z
z!5hH^r%%o{J0vd!PPo<DIz8lMAA#N^`K%|mrkwKvj_+dsKF@@!TTe!|Fz+x)^;U0>
zYbV%kc?<sg10E>q?2mmjQ7)}M$xvIf>Leuc=dp~7%?A!{G<=C?QM1GkHb3_MHGQ1x
z7mWnCBR?l+3GFTasL!!qtI=a&)`8$BupQf0qSAEyIZDF_95RHOdE4Ii5A*2$+;QcJ
zMY5zt8}_JQ%acWtiD6dF-DcfgTV!1be>6_i81$v@{sj{%rI0o+bit9}UDHgyhsrEg
z<vTnYAvs(j(%5&%I4@*&z+j%<*qanLy4X!DxaBZrj2eZ)mBvWdA0G_%V)lBw2PEC?
z*M0D8L{6!J!p#=nK<$-o{~YRsqGy-9V9!*NOHpV$u8>NZZ+zmFyI~WJYlfhK;{b@7
zB7{rvSgO7SMdOeJ&CFs}+LFCzqyCGVtWg2qJNsQuDN^=%^yr<NF09mv)a%Q}71da$
zkl9#v2v1JvLk;eBlQQ|U(9Kr$>6E06rHll#9a%YjYa7)#ug?1qEIk@;%NcK>`z&T(
zj-2I{23fU39JBrjf;=y`l<fxxPys}^mJkE6_`%#Ib6%}NrFE%6K9O@rR%^qT6yZ69
zOI{jyX@4gX8oCTtW@i*!Jdqj~s`+3pL}M;Q6P#K_2<^E=Ri|2t*%u;z;r3o}*z`<S
zHb^0h%!$t#suM(cQA?qIxufHw%_Yu`hj;w0bJji&b!6{HtB>=s>>!SY_*fe4udh7O
z#o<^xGXlit7)<P<j&iVknKKDmjJAs%-}9ixPn&r%nJIQBN%#1Et?7o_f0z`p#fk#u
z92EwB)gnUPP3Cg$k@OzaH-EMut9HP8y&!;qRwaXS*i6gulc-9>8(y!dvu>+>@a*CU
z#24>JCx9d_EH40|o-pj}CkZq5N<e=dW{4LJ*b`RWko7|HQna?pgA+A16DP+?PUW?Y
zlka8(;GhwfS@3m;0+4cDu(8YK46m-G^J7J)M8B*jTWp@nLzG_{IGIl`y{EfEz}Qsw
z>HoU_;1drI4{amEAh)~5V+|0^D{S}YGgU;NWV1|5y%)*MQRO;wC|NUO9bYriOKxm=
zzx9u6KpbDMn4f>sE4KR=nW3;l275I?J>rtX2(pFX{N!Ki`x;~EsAgiMRob*WY-VBI
znSE{413E{T1^<c~ie-+TNDfjDv>M~zz0*$_iN{uIf~jV~hTjJ7V=iaVznb&7t<&cj
zVh{z-S5Ulp9lB8a-_*D2?Ty=Of0*v~w`luIxK%u|Tfk4aEj;dPsQ5KjopqdFU}vb~
za_+kc@3?{Ilo`ngQF~N_?{2SqH@q!0r7VS#?_>SqDsGjn81%b)*A2aIGXvF$;~zDd
zG4>$-fqIY%Eqy3Y_}*d7_X^oXG5MP7<{Gd3;;9ilHJCf*u{J3>Y3(+0z;m!I+PJB#
zKUUpKtEwLx*}FCtFB;<h+neo+Jv06NlOu{9US$1p9RYG5vCLRxu7_2;t2-k}%QnF|
zZhqZ<blrP3eZBMSt%0U;4Bdm<J@cB2)5^B@4%6Lfce0gCP3l|1S}xenVhs65Z!v{)
zFe5>n-UiG1JJMtbOC{{^T~Nj@x<lHr@+iCI#t1JTeGoduM@z*{WU_R)YlrPOVQb!+
z%ex8&X?i(YLY}h$ZHs)7%aW_lFXg-B4kYum7sRx{vC@4rxTp<xC#J*+H53S(Z(Bpp
zpaLERhohApy3?ZeQX57hRwPoJS#5emi0<7mLqpGr*JCTxHE=;fuQ0<wIlzNYc_&Fr
zUq3;6Yf=3tKOeoSG<!z&??&qW@oy@ev#hn#Gker7q1|aX?u2LBw{t%Cida;6%#zkC
z$zB-i*mG!F>9Ls#q49MkdH;$>2F0H}{VtVf$2hLuIJ@{^kU@6`0}Gz?3u=x!j<G54
z(`QT-{oz=zkg?$7e>UX0tF(Nrj;pbbAkUSA3+XwdUdi=D5Ka*EW|wxF5tmM!$Jw-n
zol=6<Lv(2|?-iDdZD(A94l8RvUTfa963{+Hhl4icC;CnCCzf5Gl|3@Nx+SZMqpUP+
z^=n8;76fW6Vh`X{AB1$tL_)xfCfort{OA{{adnX`o<&vzmHBtQ?S|j2tiOE1fV(=L
zFl@-RH+G3?(rMDgt!89MwM2a}_s4Bs5(l64Dt89p4jC|XFf+nRDu64MnS8$DiW6;s
zh>USa%aF-U$z)^*YZGs^LdCdavOB2p4I8wirf8!2{5AWym!6ki^i|uu-AVPh-tFL+
zv@e#J?1{rzu&Hz9P?N475fN^W^w6vU<w&QHJ*gxR6Z{~_ApE5W$DtsDxGYt(>rcE*
z6r#w)Ki!p*&^G(lrk}2~_Eo#BXVq2od|qs^rr6t8;QkDqj$2&4*}dD1pS-^Mn;f%<
z-J8CtTMg4LIY}?7zp6AR0H|RtN)n%(t8aX8Y`NLqk00Ml&4AEd<OxG%E`@wOT=khp
zGm*NZPOpJd_qr;+pt-3Wg?%){3nUEDlp4p)a}M8(g({J~q83o2R6vGKd@w?m{*>**
zQT~qXA<O<m7jt#ng?D8_TcBF*H>oUAR;ki4K*MJ_h3rg?N8>kdB95mHQ(NB&dG}Xj
z8GpLPeD#f<xPfirX|oS8MM9?0(e<;3<tM4+j*_)6tp{9z%_M1l(8abgyqq*|uGn&Z
z+G)n<tbhfJVn;Q{$qiRUTSC!>wv#&pDzb!9MC#goWnJ)C&D?FmRFY`3^_tbppur^b
zV7P;~#=zj$Pm;xt`>UUIf&}o^luJurl*^c`ioXaMxp*wfT1X$@1d_*q4FQ{po2IiF
z<PDgbt5;zpA7v@RVuY$Zst#N~I62!QOnk5JM72IHcHZ5jYHJ%{uWh314F<{_phW(g
zF>8TN9bqGpm?$J6l?cXQxVtKKqxxB`yc~0^kCJ~Z;+d|qj0kv44awz0FiH44nzT~A
z5#xNPZMc-4)xlSaXp?dEWqwKXoO!YjLNbb7JJVj@XAx~Wuy%jrtMT~l>|;@^G|v+u
zW^&JBw@oV_oFlWiXMrc5ZA0FYGFQteucbw7R!Ei2cV*+|5$jfK&(^(W$4MnNE1`6D
zNP40#xO_UgmNtplwSttV2enb);o8qb^$LB{)G=JVR*^oQ`WR%Vl7+lTA#O!7?&tJ0
zmN|0kk7Xo|xqDX~Fp#Lz<sARhl2Q;n5z_yTV7*tNgxiAuz4sHZx#xpo%08v<BIM^>
z9-Ax=VL-<{2=~!Wz{2*;Wqe6OSj<|O@RU`%Nko-+CVxJ;K>1wH8vcL|{^QF$pJF6^
z>)VJqUe<KV{cVJ%f*q67Tj=k-pKWy^En&Hn^N>viy+2PDl-46J42%RC^PX6y7-)4=
z>PygR572~XJ;gn`Mc6BqM6kR(!m%5<q>yaV(PuV_0(ceI5m1hPo7+ck(6=OjX#;Mq
z_o|%za@xmfL?;x5MVr_a-d(8^r8c7<3J%nV+AFa(Gi}mVk#~!>jt+RQ6vJ$V`Ox$5
zY4)6TeX02}VON`(uzioc7hwNQ2e2$3GJ4pU%*Ml$b#Sx=P143(^c2r&caCcaCRX!C
z0PdzqjZA0Zr!?%e)9_^R_EgeYAwdF68rbNzuoL)Q+9Mz7g2c7ZckPBt`jGTeNtv9z
zc#&PTLyb@I5p!>!CSm;=YQ8*S-e921!7#RAPP2p=h}v5+(^G~T-2GD`u6fa;Q#PUP
zvmc`EK{lwzq#TJ_zHe=nmSIM>Cd01jcpo&6nGimkL|+wmGa|uBPu*$pj|^l?&~pyB
z1ks>YPniZke(FVLhih8xR0xnnY#5XxzRy-;?#14UTl#I&0ZErL1}gOs#Iq4{njmEb
zr>Ux@zd>I^RuRxlv8Vf0I*k?l4w=y?x_iui@3G=eT==vmJ*oqIk@AR%#ogiB#|E)0
z!K?RPD4)m)yCmv<T+R@Q)4=dqu37jo>U}5{#9ok(<hUJwgHjK%?%K1<C9V%wKDF=_
zP?;*KE{?lLQ$De=qI7~x>^QDQdeU~l^pwybWzgxHERp#b+WX<EH;y55aEBMawI@r<
zPIpEWpYAy|yb`d|KRl@(u`9Lpm~C#4B*Vt(%A5j@r&cO<x<R6NQ<8Led4<;9&=C-*
zY^t~kv%T8mTY@!ylaxzxhjKo~j${5BvBcVKJhY{A9YSKd)}a3!G>sskYK(gEG%s8}
zy>*eE6G<lM5v4Q0MmrIXqmRQK(0ftZ<f1E$UXZv}S^8N^nQJauXhIk*^2~Yi0=ZL?
z!Q`l89x|G#_j1ckNitkYCBxU-s;ygknLU)x+WHHG0mrW=a{DOOC%`4wuM(!>ZTByb
zh0zHrxj5HmRb=Vh-V*k@GKAf%C%EXtWS#p}8M2%2b}6T?A9f&83KM|^w)dhKHMO95
z9ev`ORS$MFQLINy#CF=c<V*cC#!GWNO<wW#iuj1z>I3T&ySR}U8_-DTrhPWV7q-!J
zO2%vsgPpsDx?XlDojGdN(WBmN(lyG6J~0hK)lwUmJ(jzJk*%HA%zR|caXM^=!%VoA
z;!ODcfW%jIL4)?`r{~Ne+vbMn6E*r8D0;!yE!%?{Tk6kO5mTV9zWO>)kl4vPK^aQe
zF0dmDLIJ}PDoVq3*`K{kGEjz|=ll7TRt2FC@7cJoL?N*Nf0<kKDJi9LbiVrPa_5Qc
z*ws^Y-3htg;^VUjb<!;Q>cO(D&qY-=lU|nP{{|o9=NXrJAz#vq#LF?QZu4BtO2iN-
z{)ID|TN1h)pRP0oMT14VSTDiUAtX!<cd5DwYy#)AXDY-+D-=Jv7QxwoUS68I@eET<
zHtPOo=iOq~?8VJLj<eMx;pHNk2AX!6o4du<j^pKvsg3CS@``1QT2jRDN@(`c_*R{*
z3!;cFM5};xQ2dR)4rAQux-c9xKuHqiBnQa_bww$LcU2SE)Ta1|1&&#)cNoodG$Vjw
z^AcxjGPU;cjAuFPL$f69H24@ITg4y3v|*#-j)qk|$vc;&7OSl+`(JL|Z{Y%RSi=)m
z30I~2*g26%9jEKWHqkoBtkqk&_PX5dWzv*WE#n1XgnwXM8;d$xI<(8P#?$|1$N4v#
zpV;sj>vwEyf~L~4ZPq-IhZJCiq^bq+>23PPo69mVq%amXmn6t@sEAGCtC#uSl2>$H
z`CphVx-Y(~U<LX0#y`~A3XA*MG{-lF>@D=ApEioud&_%&iLE%@w=G8MsAH*}&k8lT
zD&gvu#-JmkBZ(K9i&UN;Dh*!^4cOT*_zBT+I$nj+&<9r4{ajw2X1ZDT1P^+B^_ha`
zNL1!Nua%S_5MNxoLGf$%c&&eJ|EVuaZ_Fn$YS^&QBQ606E@XSS3(E-ljL-UF-s=G-
zP}Dbc2)htk_Ho3es-<;1its1q_;i0B|G0A_VnwKBU|qk|!my!R>jXnV+9jiBUB*e^
zJ9lLT+3JET9xZB#dWuw@j-F$g;-^=znQ|=xZd`;mwdKxzaB$EIx;qq0SDW`5Et1_(
znNcZ2x7UW;?PtO@uX#aY)A3UV0{}DDvjw@hkjQt)CsnL}W1e4}xmOHVYziTm%-HTQ
z;Xkz*&bvg>aa^D<?dBY_^r6VkT2ZVQSwgSA7>|!$)ERejO_^cZ{$OG!Z?LH`9~u2f
z%lyaC^G&-V84o3@UvAeoe6}Fh)WVi1rjUG)?nLyFycJ(Dp6j*gqmx&<j*)ZmF1lA@
z8LL0M&<rf()kY%Sz&JV$T{vz%zkjwr`W*C9o(ZlloUDg*7C~{mAJ64MX>Qy4DD|wC
zc~a-XzBM`)DNjjjQ5Da{6?|Jh5+olQj{D-X_^EL>5+v&w#|$-81Wrasf4eTO1cPQ_
z7LuIlT~$A3@ld*x8GR<LB|_`a0}@-VyR0Xa7ZZH9oV05ge^S&_$As~v(@?$P|MHRh
zg>im%;zApHtb53JGv9UAZ3wsW#(Kk>mRHbl;!EQ^+eXAn{})WwV}ThRM7j=%;8Q<Z
zcX&K2IDLX+-!dHR$-!wTe>5B~0;4jp>tkA~{cMu(XBH<Wid`l2_YoV{>oA=~H39u_
z@wlk{W=fFN%mFfhB>mgZ98>!@3cKf%Hmh@vsC%(<onqyTOAEhp-R7PR4BWYDok2S*
z54A=qK-Ip!13jj(isLjSgabfbgdF}<g9ne)Md4GLUdF*>5>fx?eyvud_=%PN@EWP>
z{*~GI(`s$ZXrfT>4Wvma9T|aTO?$QCkF4hIU5NfV;G)`kd@pKFv}W?xv9eQnEs}d|
zaT{tD3-DefHM1>lquYH&C(pr)pejBaD|AtLpO!&rS?kET_r*OyJsCk;cUnN#3^$!-
zc{a%&eb)V2IY?eKi_Pe?PDnb`>=Xb*F~W&C5yrRo{H2WCqw{ID7n}Emts>zlA#HEm
zgm+|3Ayu~ePZV9)d;Yn3_Ll~RqgzfAni#HAwOMQuo{4H985TfeJ<m2SF%p@%pS<$E
z>`_-rZt@hrgo6Ei3wMaN>PAWUdZ#$lMvvT~lfCz~<AykP6v_b(QIP9l-^_GYBrel$
zK}l(W3jVpW--`p^hBEvCds<y}ePKL-bEl#n5*$uMZ@9da;9Nii0?Fqe@E~0wMQ)#0
z@SJ+j)pqdVGbMSoLzkfn>$wHS^ne49@6x6mZJ^1zndZqjU#)B6YSUXUF~cvbP|2R*
zY21-nAb6_1Y)PW%Ht}&w#hw#bkR1DxoaH^?omC)vVz%L@1c3VZTG2sIk=Ic40Oh)P
zQ5odB0Wc7n-CwG``0HH4x(}CwN#pMTmuhTynJi{pv^JZ^r;<1@X0!M)!Z+dQ&IpZp
z9IF<T0ebW~o=s%D-fcukV&Bm<I5B|JCk;3YYV$46<*+OcF4{kb?A?P@7{4acPr#^a
zUUTjB68HGNF5iX+wh1rBRe-pbdI@B4`>S1wFO6r<tW;fEq+TKP51ZWB>YTD?B*I`>
zls46HzD@XH#D$vp9`$G~Fjk75pJJmHXEtb!H5j<hI-3nEMqay7d$g)u-nULv3Nm~i
zJ_t#KEXcMUw5_Z%USt!wl1Q{kU9aU5-557=)VH56If@mlc6(92!B&&SwZ0a;K$tWf
zrAG^D9hQKkoF?`728$6ZWohOJk|fJAN%$aN!zTQMaJ5G=o%^#H{!ogCX&7b0+B15k
zgfG`2YFBC{=$52$)(2UpZOpK3OvTslQ-N>)9lpJ>@wkvMgB~P0&6WAJ5?2@C0|~z*
z>mk{Dq-p#7zAZc@kPgV&uDTtkez~(tpZD3E@6g1xYP->*72at38^|nj08F2V;2tE>
z?ooUQD~xfPA*~-WvO+uM<g`>>zp#i$H-h-r#l8D8Pc0vbm|NQD?<4B-MzABvDa(rA
zVy+jt6bRaIJXv>^RV9^Y4seW6E~``Vu~81mo;BGU@nvQ6PL0kh0^XM`#2~8GXty>_
z@wzzQlwj66cZ1r@FX>WmUj%{RV$rxz=Y}MdIEibKPG$xJS`&}cLQL5PndUFI4mVq4
z_*oO@f8`P|VS6!f-`lBerI~v7t9Vhz<#gAo|0<aB>ZN)@rjU^G<u`)M$U=F}FOclp
zgjt()EJrC$yw&@q3z9FB{LD&6Dgr|lLOHGm7$w}_&7-{#1JXaXedW;$o&$}|W?q?)
zV=!gwIY#Em;Gvmyhpt&(&h;*SHTSM!P%F6c774+-#)R=^md?%O^5H`b&Ba|MAex`7
zXpfBBv%XYakN=gAJq0-l(ANX?KsZLkJ5rEA!rMa3qD-SH=7l13UuFzv<fV8zf4Zrz
zWy8!nrXyy1#x(kpR)^#DbG+_@-YOM3A^vkV>`h*-&FsV|@lHj0sFC7!Ho0I^)|Li_
znx?{u>G~$!N5EkjoZdcN(8rw{RMu`Afyp{`^$UV_D5|7{mgm4AIH2Vq3S~A2;0zpF
z;dF+?%6)+D&?R<r1K7;=&P^p&2a_1Hwc=sbuC;vS6X<rsj6>Ul4hLK}Bxb0)C0F<n
z@l?@Kk_FAHCo49sWp?e-ms%Y)7D#L&&5BW|2)`ClZqC}x%$IP)ssCb;CiPx4`9ENh
z`nMur7)YIJP3L+S+9*TXsR*h&FnNf4y0|7KqyC&r)ZV&xjHeE|t8t5sd13C{4DkqC
z3VOy{cpsRrH<VINv%di#aP4JD_kNk?;?q}+^On0u#TO&D_1N_3mvF+i??tFJQb&+(
zA_!)v%iGZYWx-vZ^Ul%{LS7kJM2FL5^lUY?Ts+?hqn-v@0l0Pst6X_%W28Gwr6r<R
zhccs#1ag+^EY&|`Nld$P2JOfZae?y1mJ2_Z)-es_RtO`*PScL{3{Bh$IsYE>>T*r<
zuR!g3Uyh)uy7nRHDPE~D7E8F4SC*F2+vZMM*0!{cFxwuu)pV>Ub$qP)73td-rT7g7
z2;hBy(jba&(l=Z~E-3`<06t+R33Ay|*5C-BQnu>llJMhfD<!ycvF0b4XRfM##H|s}
znE9izQ=uvYKAeNjsa^VoR;tAdn;hXn^TBR6x;T!^-_DYp`nhNMVq4q>NYnRCgdE&O
z0&v4}MOu5~_UNt2w`RIKBGZOoJf(d5#MhZToBkY^D|Cw5uQ?>(cC@OmU_cl-n`30d
z*uODT)dJ+q$W~w|y!hP<wP0iQ%-bl>94j62oASgj7f+2lL0q(Gy>Vt*Yw=AiW<rt{
zsY02~S1rJowI}UpsW7UkFVqemnqWWFt~*$fnY*G(3$>&s{o)j|53pxI8iU>U3@}T$
zK_@q<#E*057yaawT$)lMlprW<Jj|z6*`P~95E50btemFI0t2V&s@vUr6O8Cx*+~mg
z=Y40Q-wv#wjW?$D8^>sGnU2XvXPVN31Th$@X9d9=pU<c^X&NFfUHQ($Gqz^^>|jm0
zxHi}BGt%QsJ&r+pV>u(9AkUpZ=I3}J+Z68A%+`+f<<Mg6FLG0IejCcsa>qOUkJ(_s
z6$t4phaQ)S(zO@n1SGIyIee$0^#=qWn!4Lo)?BI>SXmQW_|9RCE)i<Qv$I#X%(q~K
z%P1J*j1tLf8Er8R+DPk=NI`t{xz9I^t}n8PRza`^TN3<J6pHD*)jF?uETu%yC0hKB
zTFgNZRhkmdS*+9pZ{&aNKqw2a5pfo@>TUrS=#W)8L*?bwJ5P0j4wA5#FLya+e%3Ew
z>0rDbXp#pj$d9XB*0C%<y;^SP^3zL!BSrrvUV61ZiYH|GR@sH?gMbUUCa{5We#k}8
z6z_WAg3F!GnZTJD(8X2^4O)x$`~sdj_Z1=p+|b6*AYt(I>i_birK)>xDR`FsORR{#
zy5Oh6*U#I^gQI{;1w%j!1Qpa$4wdb^^#Hh(D-^tf4b+~s|Nd^#dbt~qW))`LK4&{~
zG4M_u$a=+&iJ)1{;6o`>dV97Nib^fn_IacG>=zTujhNP7-|+nEL}hnlcVH3a@C(?N
zVGu9|u1i`lEB@;QJv~r8_zJYLi<>W~`sbqu-B*Bfp|2*E180Gai(P;@bO|^_4OJHB
zxcS$F{(aH3@YVj={6YUMHZ0!!LSd_*rRf*Y0=d&(mZk+qXXVaR2F3#D!X)5MOv9NI
zcE_G~FJ1U?Z+BkUeEDnlfXmua+_+YQrYz>21}(2!b$pr5nLVF@_5hE91s2W+CL2#%
z@&9$je7y~I7nbe+b!kC2Xo}#qj<d&~&o2$-#lnnM`K{AB$?^uM1$g=gBf|s*<7aC_
z#7ksXbFX33Wm~yE{<3dvo=ddX8W!NZ^~tGB`^y94|NcA4u^QM62#f%_js>(9R-y69
zt7gz`%u?Ir)_G6(pI110pU~ZpwbrZ8-@n<%d3UvprjWhyuBG#4zlmSJ+pBi{-Hn^P
zE&-QBe*N%-6_oX6mJ0)&0PMd36N$mhBe7m<fFnZT``=aMZ<Cog2bcv*lU_$(-CzD@
z>AtH!*=n<-H2wd*J@xv_>py?He_h-AjQNXZ!?W566GQ7?0dGJIEjsD}G_D0S`su(s
zG0-L`1=Nj=O#?L=cfI&^JOtD%1g`FEpQ8D^L~3pP^V4~iPW#^#aXkQ?RCue`+W0*W
z&;a1XHLxHA0tX%Ns$n2YVH(JdARqwTk_KUQ0LMHatRukHb`Vw)@bD}MYa?V`F|eqM
k0IyXAic-foiJ({i+4nI0D$TrGUk|d&)78&qol`;+0H?$br~m)}

literal 0
HcmV?d00001