From 6028a138e9150ce034acba3879e0410171f4f0e8 Mon Sep 17 00:00:00 2001
From: John Schanck <jschanck@mozilla.com>
Date: Thu, 28 Apr 2022 19:48:06 +0000
Subject: [PATCH] Bug 1691122 - Remove subject common name fallback support in
 CertVerifier. r=keeler,necko-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D143808
---
 build/pgo/certs/bug1665057cert.certspec       |   1 +
 build/pgo/certs/bug1706126cert.certspec       |   1 +
 build/pgo/certs/cert9.db                      | Bin 294912 -> 294912 bytes
 build/pgo/certs/key4.db                       | Bin 294912 -> 294912 bytes
 build/pgo/certs/mochitest.client              | Bin 2448 -> 2448 bytes
 docshell/base/nsDocShell.cpp                  |   6 +-
 modules/libpref/init/all.js                   |  12 -
 netwerk/base/nsIOService.cpp                  |   4 +-
 .../certverifier/BRNameMatchingPolicy.cpp     |  42 ---
 security/certverifier/BRNameMatchingPolicy.h  |  57 ----
 security/certverifier/CertVerifier.cpp        |   8 +-
 security/certverifier/CertVerifier.h          |   3 -
 security/certverifier/moz.build               |   2 -
 security/ct/MultiLogCTVerifier.h              |   2 +-
 security/manager/ssl/CommonSocketControl.cpp  |   7 +-
 .../manager/ssl/ContentSignatureVerifier.cpp  |   4 +-
 .../manager/ssl/SSLServerCertVerification.cpp |   7 +-
 security/manager/ssl/SharedCertVerifier.h     |   5 +-
 security/manager/ssl/SharedSSLState.h         |   5 -
 security/manager/ssl/nsNSSComponent.cpp       |  22 +-
 ...seline_requirements_subject_common_name.js | 247 ++----------------
 testing/tools/iceserver/iceserver.py          |   3 +
 22 files changed, 30 insertions(+), 408 deletions(-)
 delete mode 100644 security/certverifier/BRNameMatchingPolicy.cpp
 delete mode 100644 security/certverifier/BRNameMatchingPolicy.h

diff --git a/build/pgo/certs/bug1665057cert.certspec b/build/pgo/certs/bug1665057cert.certspec
index 358e31b0b302..ee338b8d1ab6 100644
--- a/build/pgo/certs/bug1665057cert.certspec
+++ b/build/pgo/certs/bug1665057cert.certspec
@@ -1,2 +1,3 @@
 subject:www.suggestion-example.com
+extension:subjectAlternativeName:www.suggestion-example.com
 issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
diff --git a/build/pgo/certs/bug1706126cert.certspec b/build/pgo/certs/bug1706126cert.certspec
index 6f48648e76bc..5fd2d894ff5c 100644
--- a/build/pgo/certs/bug1706126cert.certspec
+++ b/build/pgo/certs/bug1706126cert.certspec
@@ -1,2 +1,3 @@
 subject:www.redirect-example.com
+extension:subjectAlternativeName:www.redirect-example.com
 issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db
index 22e7226618bf77851e65c2a5bca4b53b4076d53a..d34eaa8cf98a6731727798d0f2d29089a3ce61f1 100644
GIT binary patch
delta 4065
zcmZvfd010d7Qpjz9|3~wfq*Qs?}P*u6`d+BxFBv6vDAWrM2t#;Az@4M9$;$=$cXE$
zj-a1bN3@EqU<$}k1Y1!n))p72rHVQgt<a(!5S`Aw@4a^V&G-kL-#zE#-1|<>Jvpzq
z*r~YKsVam2c65oNK|#DQ(X#fUJyBMGBxGlI*Gm|v``2%g4Ai!`MQ|VvXW+2(d>999
zp$zPQbt8m>?qCM??6(Tyz%r15s?hHPIJo1_Kv{i@9|Lq*{W)KTHcR|`IPjgofU#zY
zHwTGc4CFaI^yJ`y2LqbZtHyJX;?97|`X@IIo`@O9sD9?k!LSPht3{(C7HH9kGegN+
zZa8t!?a08=)XyC_Xtifxp`^l&gK}F2=75-S989)hV8+#RLJpd(8Ho8<ZN)*hB?D6J
z3jqi8s0Bk|@>?VaHvt0y`XBg~fV7qc==+2`9xqCBl&3kZIiWdf>@&6(iVMcHH?_^W
zRGo|(XX?xK(GF|wX&UHlv=?=Pnr6y2jv1F5`V84cV?|{};=&_^6AQ`;#QNL%EZuY6
z=G@lYMD4;&H^*&K<_zbQ<k;uS@)FKC7SGbaql1J!EHUvThzM4ML&sl<O)zbU$YqEK
zVMQ=2f>;p<zaAt!hyYgjvmf<ig)i&k!w8EBA>d5{UONr~EWH0f!i)9sWQ7MKV8nB@
zXT=!tfN*1lm^Hhy!iC*T#0qCt>BI_0Mwr)+5YzdrUC0QS^OAVL9!tOq3)b`azln4r
z<pzC(UPs5#KGahxpPEI9O^;1&#v8_Zqs|y_Bn?f5Ert~a|DwU77CO+_NXJv2rZ4DT
z(~vR25JDd>I!_H7DvF*NQmA=!wz1G?ZD^&8#@>cC{EQ-IJ7G8pctn^4tRdj5Js?aF
ziq|1fVB&`ggE0p&wxT`|21^ZmG3==TUN-*N;y0Hp5fbp!0WeeOixoaIfRTXBFTqsd
z1ib!lK80R*?HLOS2xzzrVuT)eJ>C<{AmIMnz)j$e*KAe=V$814WaI}3T`-G+z%l}M
z(xjij8Lyq-(;~jVz!9?ptfcuefjwqBCUrtv%;O@!Y63<+1|b3)yk^raw8m`Z3*rgr
z`!nzoSmLz+CK&irgcg{|aF9yCC1*ge5a2aG04%YF)$PDHjj4On-+87lO?T;QrZMUe
zwT#Z9T&e5SPxM5(no`rr)H$kx7SoUEGxQdkprmv^eUUyv@1`j_olc~~X?tpvdO%&G
z>ZyIyW@;_9fC{1POv9$z=CoqI%0xSYAVR)Tr_`$D=$}TT3%3ML#1UR<7`9}{6?2qY
z-CRw!T%``>EFn%Hgviim$)-qSWYIC1$RU_B1>p}Vb2H^RO1Vxa&)gsj<SYSV5KZXS
zI;}oer&P$*3S~i#N~@$5{+xrK3y=_sLbW_wmAOo%R;$!mv*ik3&gvrq5rkTkq|aEd
z%+$qg)Gd)`D<^P9Z#&>a<SI9=%~fTol?pFT?a4fWK5LR};xy?rd`u6{GTs(=6FFI$
zTqUi|Q)=BgwHtmgWu8inGLfxRs8B}4oXOP&j3?M5D_l682uJzjk(@cLlQRe-a@Waa
z=}NT%{pnP?LPyT#;0|I4Rd%*Yjr1D}(-kT@m&=Gf=VE6KT=CH|<+hw=oGXz2Ph#e4
zGzuHeEW{75S8q^j^3~~?a%)a)g%6jl$y}$>DRXs}oK}F-n5&cPe$Vk=aFQ)JEBX5u
z8xu2GI(Z7t7~o8N5s+A;r;45&^QY(91tvw)A5&H)t;vu6k-kL#mCm78(35CaYJ}=R
zwOLGMP;;pu(}3xU>6EF;^d?nfnvNRnIU~Gc0&YYU%%PExz$&y7MB)n&!B}9q3B<!)
zCLj_7Vr>BH!S(^hL%_BGMi1YhfCB1h<jq}X91ng=fe<DJbfA%)iN;<?HX3&s@ks>i
zWn`n>qd~w*3D2M^3f7nCW@=ule_P+K+NJDN+)00#*7R1*s?|yRSEMFhUR<`|(EPJ=
zBH{*OJEw`FHcR3{H6f7!f&LNRm0k&M_rwpJzjGS0n{CUpT4U+W&mkl`9gDBS_!3|u
zWoVj!C5J&ie6$CM;Hn*9DiI2|?*ImDYBM|R1QHT;#%m`*5h+812IIVP=|i_jIk>j}
z*76k5q=V*KN%_();%d^I<=kHql1aQ}OWp{#>ByMp_wfE|DyQ6+?{j`x_$Ldd6~t#A
ztJi$hR#QB=s?00cK#J__LU@%v@K!z0;$6Dok_I65iI<l0B?keY;PXYV+Yv_X1trk_
zF_>TuJPQ^P4u^xKfl_|~NcM6hJ*DGIq4X>m55Ic?oayYlztn%a@#4FUpYTO9OG_GB
zR_bT|tyy+mGJApdXCrY*{i4+Lhbb+-H&%SVt-^Pi;=Rj*TPrPx1%${LZ8N(oC!ja!
z=J2lYU+(PAta`DmIqip-si((MU`bqBX#XYq?So~D-mXk&yB_lDz2!rNo%24aACuJA
z)tQOyJ-QLzd<9)7YD`joo9%k)=7!{%AHaV2&e-AF)!Wyf8y6YZy7NH)$Sup0J07`S
zZrs4@{_gzkOL^~1eQRy8WxVjwh+ygTtkzWtc7E|sk`@lerc}<^SDcvBE%IBj<46AC
z-4Pa{r?00rc4qYqe6`blNbql`f)3v_Dx>$j=eqMh*$NhtHQht}*>%wI7|^~xk3tha
z5K0<>3n-l##C_Ljgk%e2Z67L(?jBSafm~ti*>7pC>;(}dC{YDKsevpcWoW*HCk><@
zY<wRqCj6n`16(jwp?A#hegMh=;Ro%v0_2CLPPla|m<SVVke@HySA$CpO`vA?1K<%L
ze7Nn=D9Ubs;5W2=_!!!L0#uA)=gksdbN?7XKdvQt-mvQ!4vXegxVRP=&<Jy}7Vm7V
zNi@eF2W5cp<RYTMm5tcbiFWpY!IyBbJf{cdqnE%65_X-$Yc$NVUQfG_mphz(jn$@@
zo2~(SYp^-m4W8@6JD?%g9Qy-mrGyx6x(ke0^Thn~U2sr<e#hAhgT`JQt(|az^FG3X
zGOCBo9UlQ}lCKhRnL~px&YYTXhMq<e1zs&0G4C^yYXSN;oVY+}G-i+0wFRYPMJY;$
zBdjRJA(OXsn}wT!EeY>k#5Wqv%&cqYC~^&bj$G|w#&hhtG_}=y_c@qF!jY?ZjfQE~
z)uI}?F8C0++QO0#@v|(Hl$(jYU@r+fZ{w(F%4S{Pe}wX41HXNQ1Iz)F%}E0w9an;o
zdmc1>vz5@)f`X1VqM+6=x(TOj#?@x?=_Zf>_z_mH;VD+3$sEVcgSCSomav5P2XWk(
zkF(90L!b$Ok|F_DIcQ?Xl|vI2a9kz+s8l;@F0TX~fFQXnp$VQj<jS{9z4=R>2d+AP
z7ClKaJmu^4S7-SAe}8J37DspXkG88qy5}~84j#V|a2fCi2G;hvetK^-WhH%E<h`cM
zADxHoPa)8w4)>=p`AxXJ4)v!+s6Rz>{poc({;5B$JB_mDa5z+oIuzTVyrrI{F!c=Z
zfW1$Eh_-LL6;-#h<#JF?XFCm_b@kiNJ9Xl#wI5BbnSN}30q@7Wsbpe7e!}vJ{mWHf
z+^VLlzfXBAizJT3C%-uA9sa9#`Gu%MbG02ur{>f<?v0GDYIfdu(b1zerO(zUYu=&c
zUDvL(9Xt`RE$#l!JNkdVao4=<&0`Jg&uc^z$k?9jy)@lKURLF6-F8LabFiw89X$H!
z{kXE0o`L=l*@g9sq_urdzn*3B&8+)2c8A<6I_$;$`W;{TMme`s-w@6oP`O!D*VPsH
z+<)ox<UMm&*}<y)7hJaAsLyc^I&#0Qgx6si<@{>)>9+Wr({s-zUrBd-78v<WUvj=x
zUF`UwUt%6MAMD_lwX^-{wRuE?=^N1Z1+EPAO2*b<Sv#sOK`W{*0?uq@O?~Env;r4$
z7inRuzs@r}E&91|M*jQy>*%-sb3L@nBT*rvcWv`%AvuYF?fH0(Ub)TN@<?=zBcWp+
zzJKW5+dQ`bd7$Ep;EE5uhO=#JO9xnN8(xG<B8azD$P=xGcOL;YDXVP}o0nez+rfVT
DzaxBI

delta 4015
zcmZu!c~}%j7N72F28R2-?{l~>K|ui*45AWLSkZXlzzjMOW{??<VWztQkHy<~mC5I#
zV$?M%niw5LH*UNSJW-;eAO>&ojEWe|R&}?V-EaM4=KbouSMOETt9t!jZLNK6t^Kk>
za(q^ue2<*yr`gnr)TL-MKoO~<_BcmzAoIc6NDid6q(ulIHJk&<+Nogzm=el?gs?2B
z0EUNfAo}{gU;!9|I1t9%2oyj^00)BN=lOGh4T_)Z$047dX}$s|@Zo^F@~yW3`n)*c
zc=vNp0c3k{z((rnE&vZV4oLK;T?KH;g#)0q%~=4KoG?iFV3zF21J*3bfkS<E=Jo=R
z*m2;+$kDa}$g$zT<N4590IRJyaJK_m3ShMb2fE{G%>}?pIM4x$%><w@<v=@iTPy&!
z+k`_G5}r{4cnUahdf^Sy6i||s(+fMyMIuqOdb3EqOTA6KxpH0Q?6Tgni|UK&J=*13
zWmRj{I?V)4_^iZP5_T!;#cX4e=o9of!>@)}HSxNib)&0qR?n<@TNPP(pwg~lT}7n!
zfaZ;6Zu$Q5;g++m%ql7?Q1|K=)@<5sS36V<H$Nq8VAt=22NA)Oa9H<@m<4N}5gMK$
z<w*$ieMv+R!8{4#w1_~S1n|V4Cw{z&FHd}UrZ-Q#VC-*%l<?$<2gih0Um;)EE8)r$
z7v7~aPn>wBBTpQ7v-Ui(<Cw;Veqt~QW8V;W2y>oDH~}nq|IxIVpKiiW`0fKyK#V`c
zHn1`_ni<B}(og7S+CYz`V`#!~!O&!=Hbm)-`q}zSy?xDtnt##>^h>t5=81u(^J@+p
zw$Nh36}pZcpm)(XFiz}Z{U~}jd(;rGKgf*OGmR{)fzN0%SR76P5fKJG88Sc|im?<f
z)RR%-5R8LiDN7E7bM>SP{AoE5Lkon&0a(NzrPvQ+UwBAQ4m0<`*gFtp6R_?C@D+RE
zF@KO^4~*U6cPtq$cEi{eO7&!@*ac($7|oq9b_@bJ1ngo-Kd}QI^T#N*!`K$;3}mv{
z24icu-#~hrTVZS&1*Q@3`{f`^Y=Ou837bnWHj4n03AnxoNX<?0SnLNf33&Di@G>{S
zV=5LD6Y$+-5NQtZm>diY64=!Q22JIzIlV>1Ix~sr5+7${m_l|HJB_VjYT485kL+V+
z3_FrpN#A7p7&oRHUGleV4||y1&Ms!l*$HeqD`l;jXUsL`CuSqFh^b~KGFeO%V@E%y
zuNbG+l1e(x3V0J0Ds6d%MyrsAn*w`clW1a?0|+BDGi0#^3Y8rFv`VcmRFFww%m>mX
zH$)f)JAw#8qm^luMPrmIl~Of5T_z6_gn@P-m?)IVGZf|8Vd_$uQWYRb{3XDdD4VV>
zlKBZ7UpVFi>BRa7LvIV<PAIC&l;sM!m%#J12EK$wQBtf?PFE@99s=9l9!QD8is`Y5
zi3u?Y1B;L|H$mk3Q8X|nF*Ys{i(CYeGd5PCnyFG(sS1i@PCT2P=;#EZ@ZRGR68~%W
z4#F&ZydznOR#C2!p+B`+YbQu-xxH3Q9}pX#6qAHK*$5JAe8y<68bx`fqTEX0T4H^L
zrbt$%kZHBDqM5N4NW$XdH^-}1R4P@-L#aZpM4lwVEHh^iL&$Y1S?Pbyd$?LHHx<NU
z?5b2<G()LXXtX8*mvRG%gtD|$sY0PF(G|#*8X@37&>$T^ghZvztFSEmQc<M+ONll|
zR;pMD2E?JO6->9%e`W8ZE4Q6p!sfCA(1pCt9Ap}qTBZ=C1~d90N)5~Ca(XaZM*E|*
zdC&kG8Q@Ap!(}ugQE)p8T*Z<2en)UDxPS(ka2E?4#X*=G$Z<cuY&_}X%f>TdDg)$j
zC5^O&_lh;(Wd=w&8_<?T@+Jn!`8UT~<KG*P`M1XVzRiNb{7jKvR^wAqp!HIBtA0>k
zoUv4<D%d~C;)_#b2IagS8JKl@*oBO?v>_?|$<av}16t!3MB7B34Lv4p4NMOZc|)&n
zTp5=k_Dk%ttt6J{qi5<uHV~OB>}nsvs5(GXsi-!9b&Ek2w7&!#;i|J>5D^N`odtR<
znqvI?96-6FPAP@AdVr2fMTG+_TLDx=2<%z`YA|ECamq@t0H7>*A7T|$Nx)fpDjxp&
z5?MU{6j=;{e>}y?(btVe`WZM1&`HMDVGb%Xc=u=KA?4(Hq#OW0TY}w(F&)Mi^&pBu
zNt9Pc^#`vU)QOa5Ttmu!aKklVpi)smV)VNXzD8@U@f8+=Y7>4TYu2D->jUqs!DfAW
z3XJlv!2>{e3uaNp!kaBUfy}->jLdq$=p$I!UD;=BJ^~~ZS?LL*H{$J~Y6foK2=s&p
zlzxl1;CMINxcOT!AHa-eJO>pwoVk1l(&C4ilN1{==S;ASyp!|z&SaNp;#^+FSmBq4
zXr5@r{P89a_H=h&AAj@@Gy4T^H{{6lLx)s+2yw6Y+~bDB^rg~vmxgLLJ>_U^Efp=w
zg^OQ-^1;Z92P!WJLiE2GC8i$u#MG0f>j6oSq~oWS07qX3b;bj)!At^X_5w$CMbO`~
zy?)NjZRu~HWV^Jnlem}G9ORUFE-SYw^l<w5`{(awoFCeG>@YRZbH|h9_OcRYczpFR
z?^lDfs(S~KV|_cVbUSn70vZq3PBgR59#Vb!%kS+|P3}v3Cp&JpS*2`xx$TdXsTmW#
zVfSs!?%FtfZa35%vK<=#=$97`0p0svv3bpHPb7ZxZv1OdW%{Z)vvs>u?`fJB&w1LE
zwd2<An{|B`hEu~P2j<)LwKSScQ;#5L=2ahfxMIth?{|%^eB?G?xpCX=bt<pl#)YSD
z8^b>K|FGB2+dX?yg8Z2DepI?|deex?rGo~RHuw`x9@@|b-L&St%Uk<Kex-dr!_@8Z
zT3hmH7L@G+<)1#RW|j<rj}`$J^eN_VAu3h*_)4^Y`$x;t;@vx@CRttCF=@)NpA#qi
ze|!(_T~_78jOyzMx$3h@H~3e7&^9bM^H@&9;ie$xg&jS*tKP6d>+&(aIk2Pw$5*01
z^=Ewl{4AjOdZGB52=V>Y61ez6{Zim#+&>?T6oO25xb^Rtl;{XbS3jWMpFT0UqjWaK
zc!#cYEM853tzWbmZZ6nyv42y!?7oNl9Q~O&!SN0ITw6w%hy7C0(wTIt+b*H(=I=M$
zhMF7?*5Ayyt^R4swJ$atG_h+Rx4H95yD?wf**K_V;?Bt<<|Vhu8y}q?Sn*A-b9=aF
zcu&OO^m_KQ?xUi67w6t`^_#P``_Y<rCVjD2V??X=K1n<AW5bK8`L-}Fe_T)1q$O{@
zd!IAmME9Z0`b3I(Bg@pu9vj)Lg|Q{MYkz!S^gBFIxWe37{pE%m)Ma{m<jRw|@mqeG
z*E_f0@7_DNnfYXl=DvSQYM$q=OLXqqDWKP|zQtNB$|rLx_#l7s#3J-$5Du~v%5=^`
zrbGP)&UF5ey@Rrc6KuVMA3JEhWE^=Hi~?kuBYz)oTf(OgpLa;n0hYW&Spad9jE~*{
zRIJt2*z*Y~1$8SpA+dxVe6FWzD8!H$)duP-0P53h1#_r@;mrkYMdoZ^`BrT1#mF4v
z^Q|D4f>W>JF=}dft)!hu%L>lh$#Yj5O?Ckr32f;^$vp)%I#}xnVZrBA#8_=Sx&%Z}
zV0N52blDGTtWr?#gA)-ULZ5Uv_BGK3=@wL6N?>aX%B)Dt8nX|8^<u(ISRrbSc;Ab9
zaDwkb`O*~r(S;Y#0To8(7AT-VeS{do2k6LBP~U{rE8)V2Aek_M#~)(NcB<R>*(1;b
zVA^kZsi>9Wjf$@#qs48=D1htQu<C_`r$+C~U?>Gc`|%j{SiI_)CZsyP5vdYzStBp%
zFxspGUerp;#In*_WN_0*>Z+@bRKo6)Aa%EI?V$>Ise(e^J=8!O&8n$H0)6(=bSN0O
zlQ#ZSM-3q05FOS)4Ye_^5{=QNh!8FX>aF=pk=lw}mz+ed!{Mfr_-3TFq#6TGfnxA)
D#GY$E

diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db
index 8caf40f1aa91f4d13e1237201a6d5e8146494cda..01bdc4afa518518adb38346c29fb0636b0e7ef85 100644
GIT binary patch
literal 294912
zcmeF)2{_dI|L}ifCuAo}##pi&`<m=KSt@H;2V>v&rHLqI%TlPQ6e(FN3T253l_go*
z2yGIIirm9F=Xbup@ArSt%(?#8|GuvK|9d&7@iEJLp7Z$BYd&ULY^}|);TWV>P-uW#
zI8uS^Fc|_trj10Bk&!9jf6(E7{PjVN-=O^K3;buqzij{SHWkQZoa7mkR>^2%HOb=U
zlRDzA#<|4_#E!>m##a9CZUpCp00@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?x
zfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=9
z00@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p
z2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfWZH)0{%2KT>Sh9
zoMgD0yFVrX6Yi$(7Vh@fXIecQ1D$;a$bCAx<_5^W&P9r0J&{&6CKft24oEWt2jqTB
z6YKp3$i0?Gy}g!(<|cakkTwQZ<~n)?Qb_#2OdTNi$0vDlSz2l?J$?ikHqa9j9Twt`
zztF`kB0Om8YnQ*)cai&Ri%yrCnu|*i;k0!H4?j1oXJA;ERVX&nEgVDhXPk+pzJWb*
z>%z^1zpsE4bCW~Mi)&MDtzoydhQFIT#{ciDQ2)0zwl4gSH59}RDXF=51raWPWJkFB
zVm!kCUW4kttr7Oe#s9I299m9XkAj+O$6t>I8x|IU3H^H+%Kx^^AD8~eDynkgX*LKN
zE<r&=X3*9y`+I@Ex5)oo>W|&__xYskI33-+Hv6QIZfN`u{C;zj$Nx~++}=84^BlR&
zvs5>~RNeeib?eK`tEeh&o+xdeC~uyqY@VoYo~Uh}xNV-e<4@GKmO}q=y0s#Da}7E4
zANRAliX3`#89DUkI&$dEh2+qiE6JfZmy$zot|f=wTuct_v3dGu-XDEiE6e|}y|uFZ
z*2?l*E6Z=KEWfp~{MO3yTPw?Nt*o$hTZOILDs0_WVe7UETenr-x>R}VQsu2nmA5Wc
z{^QcEm6f+vR@u7dmXh2Sll<1>l}B&hR(|X8%5OC*Y@M&Lb-u#Z`HEZTC~lpj_~$vB
z_o9g2ycfkS8O1Fb#jW)fx7JtO+7C)ww^iD@t<u(Qm9|vzYogKea+`Pl=jLX;>gKuV
ztt)$AloS*dls2#M=jP@W{@mQW_dho`6aL)Xe6)XVZa(BcH#bH9+}vdSV{^;r&&|JY
zwk7rFxqshG`Co3fxl8`Ig38|wDt|R7|J{q<{Hqtg`PX&voBwj%zwQ`+?q9w5&A;v#
zzxmf4<2V1hWBlgkPqobk{O0D*w?8*Gf71QA>G}62=I>3f|JvO8N%O~b-T%&U-^}q;
zazlH%qtW6D<kVb7g8#e0`1h}17rDQ;De%uZw42X6jFGWq6!uri+#UU;@SorV1V8`;
zKmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l
z00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)1V8`;KmY_l00ck)
z1V8`;KmY_l00ck)1V8`;KmY_l;D3@pt_%f^f|8wyN#@@lH9L-8k%<id9}^Q9851jO
z3IiEyDo+acU;q7eef;H{SNnhQk-{L?5u1-+fC7Q=j0toLz<O9=0|T*v-nwp{o9m)?
z%W0t1s44bSQZUH7yLrlB13mmBJTcPvzuDb0D8LOH7$y_^$1SA)TtEgB?G_O1kCE{R
z3Q+bgX=$IMSo?<Cftb%s7n#5@x*|3|$S#vP;{R`p=(6#mD~Y0&@Xq<#7}=5J{7$vT
z-?R@^+cOk&#c@nxQs-g2NqXm{`nK=vY0JFW<2o&eFY{@#lIuT6DeE*=pnAu45<&fx
zwzVjAm+PIGi*rjsLJvlh*_vKet0WtYJ+U4do*1~&quEXUu@4>m=}hl5{pFk&;*Lon
z4_dvj{F2hYADZYpY<qC&gUNbs?F(CN7p}0#!u(V(5u?+eb+NR^XjycT*fZ&Rzo$>m
zq~Rt}x2~KWNRD6=$dzP0`8M@uf(ReA#6aQ#=hw8p=a$KmN{zYO!|!BQp6GV-7M7@8
z4{&E^<nFxR*p<~0o?<6&`r>8k%zjz^ojdqL1bqhYBFGTvBZy>l05zRNs&VQHBZ7(%
z?TXg<`%4D2A|+BRZ=Gz1+6wOjjsaZM>PF{zi+y?Wx6x?HAs6QZ>D!)?BM{^WB$}R@
z_K#J_>Cn8?bgrq!2n+=!LV}WMU)+uW>i&VGh~R$hlkSv95X|upn8<%0s=ki7s)5jB
zOx?4#%Oq~?hODK6mflj{jJDpbzS|$v_uh}_e7CeOqi?3{c)`Uw{j~cb7928P-Tmo5
zNcpMGn!o>&^l)FZY0FfFj&f+Y$Iz!eA^s|NrH-W^X}q4pKCM;Zo*A!DuWzXqHr7-A
z^4M5Enb`8V(vwkVi{7XCx>xN~dpg#|qt{Tn+GO6wRC?@S6m99kg)SqTX6Bh`m#fl`
zrK7xeUuow+9;3U^dp*h5qt`p(cPYo<O(w&zU1RDmBAF;{O3WU%1){D^+C^r&@J`Ek
zuVd8j)eOlezj$dXlUq~%_1kFH^MuT6B4r2CK4*tL5>dw5j|(c)Xi&UrZ;0JrG05e9
zV>G8jy%oP3$cgO+A)RNIWb)zLO>`SyJ5JforPY6*?!Eu*g8MjsrOG?C-9&eTB=0PJ
zgRIHuSG}6Jh@+Ia>;&{LcZr)nJcQI%Cz>+8c2)cg<o_;TpUnEj;6B^Dcqq*-2j;$Q
zVvloP*L~I#jV|YVJ&EPrINlJf{N(deWR1l4#Z!Y4OWAk&Lo$~o^h0{J27FkJ1&Tc<
z>m3e#IW@c^`;rrrOsk8%4Bd=xuvqGvVI^%=`|PcVOy$T?(Te!yPt%w5LMpIYinqo2
zLiU7`k)jY^U|m?!P0J80+n=R(<$}c1Jsa7-8czqrV-j}IQ?_0ts=)syUCN2!{F9>t
zxydGjcm=st=^F>{1>MVhazQR#wzV!z<*M@Y+7E{VX<S;o?%Grp)twi~SCm*Cl`}Y>
zZcb70P&no7(y;ZF@+7zFQ};~ddKyoEIE4A0b=k^HM>qKT^vF~xhWw42{*|7Zg9&%c
z?uPoEsw^yZv5=9Rlf099@Iov~qg#+{LZ5Be<BXQDY^#qXk6NpQ`ormzxT(V{`4yxn
z*f(=T3`+(*Sd^l5GTDAysVrHA)AE><h-yY4m!@#J15pJTiiZX5-^1o5rSz%gT<{9f
zd)wMv(6(YG^+#)^@~gv|0xLMB9ym6>h$7#Wax&0y&s{PJVd*{IjX_VE4u@c@a}oAK
zBmS#ba~!Tp|M*1{)W$S^|DhkxcL&rjv9)Mi9Aisu)i=+_oQ7;tWm1=1&IKVOOqC8(
z>%YvjG|;@P?$~|n+WVU`GhzYVCq?}V4pCT+-jgwUokV?<^Idv<6e^Y!1>ds+Qwe^L
zn^sX@q@$+vif$;~zn*h4uPD~wc9wQwcoI>CgsIf%TU0%#l70-xoHNHOXmzL1=&=;f
zHP+3RQQUl-lQE*fEp6)bK<~7eUR7_2Sp15bM>YNUZTgE6I$z)Y48JM8Cz6ta>%o~B
zeM2<1W8|o_cFXSQ-z6?uBNU&p$DKxljMs(V91v$&K9Z9Ao2ELFzR*Fj6t!({5!v0t
z+CgOT(j(4s2MqT-?@_kbAH2LYm679OUmMDB4q*^%nf*<l6a~*L3xP;Fm)98eip6-=
zux+}{J&Jo-V_4chEYp6&$@39aD1YEp(-!~RJEy(uVFxo_A-MeUOj)*jf0xuZT#PCL
zcXNertV54C%4(6yo?O1Owt|1mbszP9$t!nMi_Y^ebb2pWn%8@XbG8QsK2b6*)t}T*
zE>`*YwXIFmqW-F~%<G5LIboJ+CKAtFj%cJ*sf_8L>dARimLn#3t;g@uWPmn;Hn2s~
zde<4N0J#mSfEz|NnuAukX%(H+gN@hanx0Z4@P`73|LITGxqA_R9I$b29vS`X2RqL5
z|J(sv^~!Jjed7<<g1v)0+%_}NzH(w{(XE3tHi3PZfZ(7|x6l}*9wsy#>xK2e|LZ_V
zorrLspipdhj2t(bbMu<?Y}+k@VzK`IZpeL@uyFhlpPVonwRy=lHeRdHATO*x25A(5
z^~880_XdY!1F*4f;n<+S__$`Rlmd~3=JF(IL!UQ3O4n*6|MiIO&N1r>{Y=hbo%O(5
z$EcN=cWbhZewbD=ZTR%f$If3kuB}_7;`N9?OYK?e;y|9%MZdSzjuC#oo*}fcmmSLu
z(pLDM3!f!V?9*G@iG8Mu6wkee>@b-gZ!&N9^Jn_Zab)|~#40RL?I5}O2??F~^5ECo
z88g<swn^3qpDIgeI_4IWU2B)UdqCsC>qcXN3YEcQdS7;Nj_kkf<ye_Wo-L~$$9$Mt
zxR=lWbX9?y)9tqftoI}2E-~axHauQgtKt_Kr2Epu#Z>O|ran#<6@;B?NY8iUpBEh#
zId?6G)>65LPnc5b9_I<!cVDv#x#Sw_f13#X47Ki*dronEjGJERa|Ve=bW47ig+2Wk
z=L((CZb|YDfeu90C*)~E)h;_W%eQ(3Lqtc0D2=j=j9j{|i>NbSOXKDd-Iv$A6K}qd
zN6^i&H@d|yZjT>|{2IRV)Th;jn5^KnfDrjJi8cpyPiNO`XDjzI<Sw?m&Vy8c-Cbnp
zJZiqS)7xoMs_b$2Z1BeRkyBq4C$44(>3mA~SlpX=`gv%*(4nN>Yug6S&KUJrSs{~n
z#(YEqUSuY2+n*!!-Yq(sH?qgKP1?$h&R=n8Uig8^QN#UQKR?&-RBp>GENkgfvC~qo
zs$kMlP9t*&+O7CzXR1V&W<Fo2oQ>h@fM?4z0(UO2W_=&I%gb$(RfA!n_)UgriI&Sb
z(mlxW<JgQwY$qb{8`soXYO{)~&ku)x+x6|$yxv~tx(ib)oc2NQTONmQ+)rV#5gWny
ztF3c!H<X4AQE1cbA!TxRGZ=4};%-+Q9Nl3XRahnJ`zZLt$**si&vO{xROE51CAu3j
z0~%;d0#hU2d*6r`c!i(bZ7jE?C|1}*-k!Z)bl9FLt1<Hylg(G<ESkIbj%RgeX7sMS
zJTP+Mu(v4(<yWJxg?URASA6;s#R3oYi_NMo_-(8-2-!*)kInO5yfdG4^+dysadfd%
zacy5vCF2X-(L2X!SYB<v>wJ3gqEhRDZ#27}RX$n0(wx(Dn3pEx#c-;1qYGm1kD{_$
zD^6?g4ZhW#J4%W|kID`-=emJWP}G@AGLd4vc`1RSjFj9viXGTz)fQ@4h$__RH1vrb
zG~qPMT#2Hg!7EUWZ~Hje;-Q^Aue$L<y}^I9LYK?%bl0Bc?+2Sb>IXO!6knA&eO&nd
z&9m^`iyfi9szV(8J3q~Q_&ssV=Shg%Txf3M)9U&#A)C+|#=y~AX}tHbJ2OhIhI_Kq
z$nH218dzF<>F}`1+eIdS>_|us&&6qjY`rgmNbW?AhJ}3jUT&Js1EY<N!a@b9ewo#o
zQQt^Wm~iuXD>myk-0qpq>*E*PUflfAE`4QHecz~#wv2V+Iid>MhvzPLy_4sy#r%@h
z-#nH<4YnDZY)dHBnT?QY5dI_;+G}WCJAoaNG0ZR9*%oK3A#w8t^U)spZy8U=pY|+`
zecU<xNp4v1N?o8ir+od7p6d^Kzly|buJBJ&(Bmc)GgJ!>whs43--#_kGNYc7_q?9-
zM_|8}+k6i4b_kYn9f}uaTvfjwenMnU&Jy!_P2bz<e&asT&Iya9-A|Y=7PFC}u)QfH
z`EVF+$|ZhQ?!DA`q@LXYc~?E=T~TB>RLF~zT|^aJ>`z~F{B#wS$YGr0{|2v+`wH>0
zQGMDWU%l`+GV)2LdvH<xVD-?Yj^x5$zh3n3TfUQ$(7xQZME9UHU=3%|#ohNPJmYv+
zU($(5sYJ2|yGtTXbp(?gMiYP88ILJfoJ|Q!XX38q53v?~^d8N8_0`1yM=ySHHEjO8
z&ZGCk%=elsZjd>AH?UHj;PAqhPo0lrNiW{`q{?8i=K)Q5x)MppwZSPbBQ9Dj`IBYw
z7(Dzo<H#u`#IL!gd)cf}EihZdrIM(^8K)KcmBo{KtHM{t!tdf0l9G<zo0+P6T`;t>
zMg4+okw8%Vhn_Avws@8bwBoa&U)O&k_Ql-Hb++XVt*p7#c<$o3_S8eH;!i#EENnvN
zh1Rxv^W-Qoj$@rNlFz%Tho#P&sUFbP+I7g|G7H(U3yq;;nLIjAPE(Bazf&4r_x(PZ
zGWavEp3Rwu&5sM`m|c1Jjn1hTNvu2ae)L4}pFCGawRJ@IKmEx%&y4(!BRa8vJ(}Cx
zW=}T#KX*iTE59Cpm-r((Oe8ii91|LV@x<Z}+BQ4TxCyy!Xu8egGHN#R{kDI7LCZ$2
zrz6LSX5YMohK<o8C?YT%|7sla02UJ^CxjOK;~0<UuVXxEq`?8CC&oR(8ySv2+(Y7T
z%#VMKXzOr~-4^2!v3YEWGzj#@24XOwn@5AnXvNKoDcGd(xBT-E5h;ehm(Yl?@Tj2B
zaGw}){4%om7Y#AHF_F@n%SwCT|CL0v#DBedMTg+z_waEG^~e7!nt|Gz*TAp*udfg0
znx60HW@NaU?>AD;R9!H=+nQ?dUymklnjCjNN5-7Na^Xiw+SRH4%i{-se)@WB%<i5i
zn@^V1bg0w@bGB+*IQb)W38URDV!ogEObmKFbrffhLbQx<zi@N<q2%{`@S%cl<w?2_
z<#g(fK7F?)Eo)s%F8#YQl|#PQRG;kd5iAf$3o+&N!0w@o<a=e|cR}RClkV1CjH+4D
zCH}9XZ^-F?7VA6|Bd+REeo?~s483w0Q|R-UM@=HHR=abRW!HU9m$yZjA3FWWyW_(o
z&yDnpy-yU=5!gm1v5PMlcnTPT6kMcBi;F$?INrNsGFN#O_ulnwLYncm$^DagTtB(3
zO78AAe~K$pOFU7*ny%Qg7>#K={w{29ojCqiDM_yn{<3_*()#m@fGZ6de?A*}ELpFe
zZ$57@5S_R8jFD-{4AF5VfYu@7p6jo^{_*5Nt6!T(lf#tkrpDQE>^pFU5~J_z;__u_
zk5@E_anDSJxa56Tf45YysQ5!G!LHUfcJg?M;1{34wY$EDzU1k@GH#Cg<^1@UyI-Ht
zhe>(+O6j2EYF(dhKC21ZKA?T?p#E|L@8f5pt&b`uRadt!&n44TySlV9W_{#tYUOz1
z@oSbZBq8mF$xp`zmzkW%DFu;QRMSshhMyXnI1{v9CoJ9gJYD@t=C;+3pEHN^eppVM
zHgHONblSf8&>187aK8;Y->~?Y`sWNOR?k~`POOiY(H|c+cm+J!IdE{k#b%qRM)sYd
zkQ$~onj;h9hCO?X*JhY3mEL^)u#qVAXwl}oqymFLP|zObXXumioNf~@!xJPscD|xK
zF-XdD=ZB${-Bd?j#K`Y{HHEmbZ$f+a`lFJCqwjorq7F^hrSuWq4U5jEAv>7T>Ownl
zHECDz&l;Cf$W1#V5^gt_jHn2>DY`J<IB$hqM7~TR?=CJ7o~CIKetv>A`sa<p<)u&J
zZ|$rO^ZA?WN4Sa19Je={tTa~Ul#)}FZ4__~{@l+zs2p`|s))ZiaZUOVde&&WO-hC{
zoxe!pjRa%=!{(1?tC`SpvRYaeFF)rPmi@>(;OZdjSyZv=spjPHKEK;Fmt}bTCn*X6
z0kMrTnFGgbJ2`iWr<-%m<veIz^486B+jZOh#`&7<L={qA3;cA+dEnCYtk2AG4zCc-
zcC&R@B;1rzO~;xCRVIFUY{00}d|;5m0%x0ZGT^zsdP4WO{Cx59wb^GuhSu#nCdld@
zqeKt6ET#mPFKY%KW8hb9ZaQ?W+~Uz*Mny%-)?UUisq`=8j};`V7bN8?d%yN7cYb_z
zw>$pOkv&Zg<j#c^?^RoKse_Qd87;0{W5W}y`kI!Het-M29&~%G<OnGW6O&OM<5AZ>
z7F$gU;?7L=yzdH16Y_g@J}$;^+$>f=jHp5tukT_-euK+!L`eN}6}&<a$A`5*0huqA
z!6N-Vdh4$^Iz~d>!aJB6K6ZJ{;(m-hY_?0yv%RAgWp-|4%7b(E2^ocmbe{~3!MDi9
z=T~l_{5~D!KC_&o<|Z}i)wx0G@a>KK56QH0envlbvhre8s=@Rklp>Zvx%C5r_ke=-
zdS!RF*1Y05fq)1Dgk4C@qcD+#g3C|!L~cEL=XRE2VU!dF$LKDcb=HYr(+jIMiMs=N
z$%OhdYUpoLCGNWOuq<rGg{T6zr&P)-ZSf$z6h5ViCcFZ>z)Ba}vVuNmzdy}Qjg`GV
z1E+64=2^a*@jCgF?%0CT5xNk@W_3+fXOrn5ujd1H67H;x2NzS%Dde=pd*AP8I1*cY
z`-UXXgI)9IjeId<+dX7_n*%2H&RSj69p4sL8Z<vN7ARu(AU4i>$M#+Crz&aQ)d-(w
zb9)(@XCGB8?3%onLs^DlprUDCbnkAqx|JGI6mqEFhon?TZ5;aCgrlX7))sYXK74O-
zvY(~mX6F9ku?V6H{ln^~oSFn4?Vq$|{k-}5;MX_U)Ihgj9EHbO*J@23-Lq(Ht6D=-
zoq>LuZk&YLP<q@c!IbZOORPNBEVelY<<xN;2Mk2|hki{}w^NLTP}iC3c_QxCBRrMA
z*r{WJ29Jysv%SDI9=)>jjL*-KQQc3Yey=^|<8Dp|{PwUt-8NfWvHQ_=sS7U-&2#RN
z;D}azZ0N0%)?VIkr@ddaFR3bc>uB<S`ja&o8C~k;F&lh<00@8p2!H?xfB*>mpA?|S
z-x)>H3|Z1@(ii+E_y7SA009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X
z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH
z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI
z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sHf&U*1&{9w$
z<T_&WDYiCl<=2zbP*BpzRj>S}$3JR{q(!o%wWJmNC-?vX5C8!X009sH0T2KI5C8!X
z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH
z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI
z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X
z009sH0T2KI5C8!X0D=D@0+bYF2#U=UataDEI{KtnWE6>dWQlr-#}a@14<Ueu2?8Jh
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0{`C#=u_h85$N4=8fZ0Yiv5%n4D#-7o-)`#
z5B~^HjC5FpyJt{<8#XXZCKwwShz<0X_KXR13&48FV4~dug8eZv9zg*V!IU^pI<&8x
z7+Q2|5jKH+n1JA*P`A(+q#h<T9P5Ska0|yEbt1xjf<m$3F>>5!&dqDmvu(EsipBc-
zyCL^s!ou<E%L$`Vo0n{3<FyJ6^1}LKkVX+$PmCvWZ*Vv^02}KTjtvULc~T~uBG9-A
zxov2=&8t(hk?*(t>kC>oay=b6PBi=GB{Xb|7C{k#;rIuEJb=YS$qAta|F~<OzwTNZ
zX>b7PiE)qcMuy`nkoX((qj@*4w2h737UL1InT#|D^u`8aFrk}~%4o&Siz(Qo@wfc5
z94Ussm(Yl?@Tj2BaGw}){4%n5D$H(7r1a*p(jIPdQfLWkI*C-{)D=bq9fFhJ!^bVu
z-!0rNP<!(l_?7>al^nmv1qtqT`lKZ?iloP6Nsp6WC#?{?DqIKxAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00RFP2yjryAUtCN-2$*4R@lHmY@oNUn<oV;g%|=8i46?L
zga%+dv2NiQa{ObVq^01b3-%83aHGe6MUixiEa_I#T+-A33mzsUf&d7B00@8p2!H?x
zfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=9
z00@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p
z2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?x
zfB*=900@8p2!H?xfB*=900@A<e+h6?C?b@-OIq6JDAvB=b|B_6(?uq5jII=$7v!3r
z@8@P@xSH=bQqELeFumKFYLJ|ZLXj>$u30OkKxCo0JW1Nn=Z%ljwHirA{F+U)=gE@n
z6YCS160q@|@d9zNvCm`CF(;yDqIIIqMy^EKL{vr4hI@pyhV2Lq4|y6Q5qvc0b&y72
zLBQ7lbN_OGa=(MVjlOKyK%YlG!rn<<V_r&_Y|oFLh8`E(*WB&g>f9JzeOx+Rb{>j3
zICN0fIo;`<leS~A!*>U3`|I{JcJ2pS4sh=e+xKLjxNVBfD;ss|e5(a3v%OdLA}pOP
zZd<UL2beuH6EaOS88uNf&NBL7WMEio@XO$Ueyu)(p0{qhF27E+_Mo=Rp5t26T6=aE
zX@1kR(zvEUt?s7Qtj47ps?w(-rkt$wQb|oQPvMJ#sr+SmGC3#oEi{X)zf89bN;+O@
zSPCtfE-@{kC4NS1QOtbTm0e__jv@^rOu{}w?LvI0NWo`<637&RmjbFgPw{`^H{>hj
z{mHwZr-o<S4lnLDZa%Ik&H+v-j#TzH?3!$+Sr=I?SSna3m=A4l+|J4r!1$0+h#_&?
z=r%?AEV>VL`gn5q009sH0T2KI5cq!-z@cz^sC167l7(TtT|6+M;Vuet9ttXMYRWF?
z%?~+wc{J`Y+L@Y8BGou`g%Lr;gx-tR`TI)-v?3)^^>k8Bcm%!w{>U>0$%UmOf(PF8
zzs%P&+9RYVIoi<VLyka@Bamo%YT7?mA*cJ-ZAv7)%(R0kqYiCz<$_&$)>^4k2zhVW
zTDbT}s^S9M8|QuSm0E-=(IiyL^2N66#f5ik`$cX1s5js!nm9EoX{XxEj8fD!Jygg<
ztg^o>J@m}aYzy&n`wi8R{cSXlWdsz{rOquxBZGF!@^Rn<aT-*6{<QSN#Qa66^iL=q
z92<NWG_yHc?i|fdkzdZ<`}xCAc#*PXt=+G?(q{TMiA8P*T|ccj#&B{#<g|@xaqx%7
zwFuiI!U+n7Ch<Sd3h!>mN2(KyBt`Oyg^oFcwd1j;scECLR@G}B&IT%+?z_gbjgYI!
zjKQyoMaDhrmjAWe+P$JN3?+SPNZ7+xUT(}>!oV4^qtVE3?HN8&jbNlQ3A>y1@m*2d
z$3N*0UaqpJeX*g{Pq*SzW_a&fNP3U*RU@r6Vv#rYHR}lTRnc|kSvZI?r#3b&ht)g$
zC|h*Su)nXGt5}4OR3#XxL_%b~0@gpEU=s6K?W%{di&=*2>}l%@s3!Fa`m^?$)JqSE
zMIK3KXKy?BX1M8z@15HP(mN|2?m$hIK0lfDxxA2W0i%zPR3R9tNJ6AO%WH~<FI;y-
zer29;zJe~#H#$J~n(o&}|CTSx%Lnx~h(+?e?=^Q;;GFOraE+1YsXN71F`gRNH$E%*
z#h%wVpu7nmsZ20ZfrQB4%47B)xQ=)z8W+!088y~o&Iov~RSX=fJ+7qNGNj5uEV2*1
z^Mx*ZYIJ?qxfXFpy@?C8S^KX%dUc^t*+UEMFJXd@R3aFuN<w75h0lg|iSz0bCt2A8
zMdh8!t_larmC57jP>!DxE6l@)Mc(<9S9k3+)8w}xpVYx0g%7Uo`{64atFSEne53Tv
z_2YH;NJWB?DkMZczNfmY^nB5SV-xcxWZ^|3?2KtHy=#Y*jc9I)xGqRq6N@x&ZBFbD
ztn2A|_wMx)?-4e^{WLdEj#?~MjK=4$B-`A_PjiKTpXTn$YD(^k|71|kQV8fEbM5w;
z^|CnYT@o_d_wjI%$Jx=(wjzB&Eg!V$h*b)A+-cm%oV4d@tM|9^J)%4uv*vK>qF~CY
zw!6ANWW_e{mGXouNtu+3L*gdoUD^%N{B~D)UE)44`!aQY@-oXfb5PzgKJo5bVwG(>
z_#^n=^5hqpvX%XmUb{E8-aYf`iL6~rD1yQAOKTN=hs*xk4&S0w_$QQOtR0j$)C0Kg
zH@*9kcWj5*%Do#j{v$u`ZuIi(V&jigAQnlX`T_gl?j0^y?8xe+4c04zh>LtZmTp$H
z+#OxJZ(sU=kCY)8Ns6Sb+QLwG`kc_-$~-pi$K;~gMh!V<oQ>AJwAk9uuiGgTiwr*h
z{3e-y>-y=#j`=raj{F*_YKk1VUW(1$u5l|uKz$Y;DNQhvr01LiAESeGn##8MR@7jU
z-tRx}=emAPl+nfXM`)~3!<9s0ky#!2=2RJ<>&QBc$9MglB<D(d&{o)XP4%%*>xb8C
zy?61EQUoJOdCp<HZ~fxzO)5Q%><fYSN2pmlg(!tyR`yCL{HUvYtM5ZiEON&)S!zTx
znMYN&w?E&={g9v2$0EPBUN|0McVRR&uGk(QDM>Jrl;<3}izj!AMw+=;ESZl)=f?QI
z=xOml_E(EtT8lc8qG@SFEK)r9#I7byo0sw@*}AT}x~1$e+i8-dOvA20_NiLsT)+Z8
zQi5P4DbG2dLRb2{IV%OL6Fa&;ywgV}XpP4z#M$j`rtjhoTN`5~7CA8EoH@@TEogdF
z$iTP%7oQpR>yK87uIHu395$jJtd8I##R*1|@|^QlQ&&}wa-^UV;VRf(S}mS?ldHTs
zYyIY7ne9ChmS$bVBJX51bWQ($cI6d?;ma!S<IZz+zn>?|zY3<dmFqcf?Vyd16eAc(
z%5zRZ{fOQ{q|d;$7T^5Riyz2j1s+*UhW44+udlf0#rb&?i=@p#tte3xP^m9Z^3t?n
zZsajG9sK?1jvD{uGg_{JIUf8p-}Ud)+|A2N#mnoT49Y~Q@4NcDj4PZj-=}W>`1C|F
zmBk@fpW$<7S-ERUzU7$^t8|>&_x{<Pw$HZnNgOu&xl_u&>nw?WT<ALa7W4k-DE~CR
zQj~BdDU%ZITlrKoH-?GJ;QWi-v1+}TOK)FH4zBPWzZSk{^ra&HTQS1ljjbrD4%+(j
zTO67Xd*Akw`gU|Mjcs1H-j%nEJ2++YD^>A3T<G6+_!cGRpHN=R;&09OI*`YbS2)mo
z{B6?3fptFLi}&gWI-MuBRSFS(V(be_us<4GE1K4}sJqR!=n1P-dDoZaQz9o+o(8{P
zSxm!6q6kKkB6)6~e8s8c*^-;uyFUiTX5=YVFpK;?_?(S;*1Ko+u%sF>$&2Y6?2lht
z$ny#-bdZ_ceoNy>f7XEFtoczFN7~pXrf>L2L4uK_Jm;8qw*+w9{?UBvgHlUl73&uZ
z=Dv5kIWn5dUTzGW!todri_H1TDL=p>YFcqildMT!^=taa+%AoF>f0u(cM@}$zKG)^
zkpv@2dCsvej2RGXFsk|J<<jO=>M5l5#n793ZwrspdS76B3rdz)q)6_3FO7MCX>c9e
znKs3#?9;ba+E~R_i?XJ8{5s5CHSm!F1S3g#&RLK2UZ8k(`?g?>*2(U`9M-mjbb$vd
zBNpTRGwnJ;=yZrh9<bx{H}Lw>bddhzJjeHx^8vR%>L@3_)nLH9peeIHeGDJDlVBt%
z&pE>HY(=a)(~J)fuQ;;jcGjs<KW1#PmTGubbj)JH<4!-ZNcqg#%17a1C2BoPyqDXA
z9ZF-UH%=G5zg5c>GPnEt$4Pu7Kfy>+o^zPWF&BkK&CdG#QgyC-Ajy;LTxgq_at2%Y
zx$7OTOU(gdk(BvIMECK{iecKGy#0Zky>RkNuCUUX0c;+<%STD$bQXLhAHhgco^w!S
zhu+>R<nnj(F|l}(_I=WSr`)mH5915hZ;KyxH=H2)ZLPcAIp=`XTY;;Cj^FrXg=@E^
zaPE`n64>qbD^5B<k1ZZQ&3XT0nya~c%BkXCX;V^AR!~wS;k&V+Rn_YcdB0t_a$TUr
zx|M=U<!lv$!d)Nvy066}WYp!&#3*MT+C?22J$Ot1K;T1nkDl_Ucdsq!r&_wsX08_7
z9ruaESMm_9BxQ%sE?c|q&bM@Tp#NyarKQ#o)MYa~8`l{s8r{Woa7R@OvC8>n(YT3f
zDz+2SzpRWeS+!-Y(?9CEv42-r)sE-Kq^+g!l{*Mlx|1@6{JnYYFWSb0t^fR0_qoP0
z?}b+KS@Vv4*My~#15E0aJ`k(CewI$;^^IFplk=y)ies!%*C*~NKJveHEPRP~GWJ5g
zD87=LV5O2f341(0oITnh6ETqxI%?<0yRWme_X9ik^~KLldCwk*QceCQR{0b8=9N}+
zTee<t&-TfuFWZml<RGTLjxo@(kY#-ED4fSvauKX_CuLY3mge@>`c~oeJ@?Q@4Ylpr
zCNjh1(PAP9!JXHf4s;f-600O1!bLp!NIg(-$uXM0*6>gS8;$O?2p@O2srj)ksh=+R
zN=|~6N^T@rHWzp@f0FjL+befbG4eUJ>&$5_?9+*XgRwl*Q*Ir7kBC*yuQFh+j2=)u
z=pXbr$e8*4Wap9V`H^M0{k5*L2`2jN_(~3fmCB?XXN0d7%so3lii|e>XhD|1lF5a-
zp?XSAZ`)dimT1#SB`so=X=}65)5mMo4$XNtg}!JA)mo#J-+lk;am{B8`JxS#7<?uB
ze^e?cpgrXO$s~Fs`uTS$&(e$%>!oosPj<!l3*8@nsIqtHOEZ3GO+4a3ta9b<-Xf<2
zp1Um*=k!Z|j*VF(()^k<w2%61yjB^v(cV1zWg}ck$|Q1ZR?5*p3(Z{03;J4dI;E+!
z{#FlPsn^Xf1>SituJ@cLR+-I}FBY*Ywk>JbOf^%Gzx0{6dABzPIWJK)(I2PKkx{`{
zvJ$K$X%cY@?<(D6azE~q<@R=A{)Jb1hfZ}py3yk{JL}>^Hg|=QSY`6l&+cYJWSIvq
zJlp9WL5VyZ)SG<vR5>zdyx06@U9<(hl7(O;Ns}o1C-2d#nybR!CM53^hRQv;Aa${M
zIe{-*dvE-Mg-*vHVwGi5!&MIR@ds^_`Q)81Jem+1nKwUQIv9yU%Zb(qAXxF0%mgb*
znnZ4EBZmT4j6CT$#qYbMbO#N2=+6Z7)OQ&;Yv1*CdK62na+*HX{fczAQKR2AhyA&{
z{4JJ)BGTtl)4YCp23fmMeZ*I8Cs;|+ByuPhtv~DSvb?uC@twk><iyDWrj9Q)ovS%I
zLJ8A1mjsDbR-I|+dD8lFZE+bBD0@FS<MUeuiCbZ2Yx-dgzs!8zgyAch2v(9biRAZQ
zqSz@`Id^3Ocl62$-FdWBfY5jDzFXLjRS_P0^RdJ#mj~=0rXRdCG<nQS?Zx=G!M=hM
z$WXCSq3-rmTDGX`FYuL&|6Zx);pOS6{7)v4^m;}1g`-@Q=E+iTII_fIzZ~FyX|q`B
zay*MVbd}qyhFE2{r+s_2hBU>=&-$<Z--VdwD{!iYJI6m0QAs+@JW;KTuVf%xNy;P|
zlS->)vedLM*;)2Bs=cUKY!)G{a9VdE=QdTNUi>Q2?;fME&kwvC51$S6D1RC;rF>iH
z4Vkf?E3fUVoN7&zfUFsO<u-zqBuyf1!R?HFwxNa05AC<FcHAb%ypmmi`MZy!P<NPV
zf&P^<F-!XW=KMc%YhHKZTr15>1hRj5e0^-#cs7Hv$|`1j&&n};B|X7Pk|t4qdvqE$
zvErGk(bCERUbbtQYFZr3=UN7PmCyf9b*<Y&tny`f{oObHg=V}BOM(Xz`FgKBJsMls
zR%|r1aLV0DJ(31rNk_1fq)9a59D$`T8j}mLeiJwly8B>h$ph^~a-Ot_W^cDE9bKBl
zDv=L=ektH_LMg`_e?C|2eA8KM7G3@Gq9#xK++g+_`_uSJT7s1%O(HJen0~%;XEzp^
z5_WN>ckw&#*c^CN%ckMYaoeQCNtEcjx1Sb|eAMU+z~Iz&qFV083P+w<;)%YwE5k_c
z>LE-*@+W*H4Z%v1CXwn~Mvz!~_vfgpo)BHdFvSbf3U|U<tNh;WdK<`supm0sr(O$E
z-i`X6FQa@P6S=hQefg`hH<A3<NHQL#aO8vn3%-*2KPr{gJkbB>yR&fo%Xm9KE!=i&
z;LYX9w>moVTE4J+GRt7jBwo?)f=ei|Jzm#-^0S?hpnbTP^@}UtqlHlu$B_$*nlyvj
z5)KMex}o?=D#DedOrja>{F&(1ZHM>7$RQsfdnl4za!$s*wiG|`K_i%>J|c-&r8k+P
zqc@+y8T8{NE+LVxbHP&?Q8O&=v8KUPA(gV*nedgA1S?6JL@Yc)%I~GSdk1aSM<mW6
zpI#KA`9T|pJA7<sOunS|HKLYwPi-~#6pyGn^{KEV23&6$P2YZv4OyTaHL4sxoQ9Ca
zS5gqHBxw@elK3Qj>-xa8Hz&Q$9f`Q#mea^sN7gT?&d;Zkybxg4Nz76r`%U}p>$V%>
zOhfzbWhnCX3s}7F`tCCG{dMbEZr-5HSE|VgR+2P{rYEdXA~G@k3E>>OBobv!xII+j
zL`1ar<|+1AT`p7&CstYfCat?nvG!Ae#U9Qc+R%oYIo*50CL#NR)~*Ijm8~Q3l?Z~B
zBu%0-46EZcfweROGc_AwEvNWXO=~Nrz8WEJAE|PCqT5J8tkTp%-RFqSTXDq`Z_Z`=
z>3x1G9Lr^+)ZE|U9%!>8a32}Il8j&_Nt4J9Rjl_R-qQ1Ged{WP>CwP%=}&m8zfb+J
zuuZKP-TC+uvC7g#)od4TuS&B07Tx4sdc56K3JDW6uUMj82WPkiL<VrEr2mLS%d2@}
z{>dQ`1G)cM;p4uiCHwo{E13tZV5(Mbx-SZZo=m(%Z{|9AoLFSE!6&tKk&O<vuTPU6
zlF=C(vF$n)Zgr7ex4DFoIzZbRhe{+INy;2Lb5~dO?)cD-wU?QREDfRbdfOfvFbMH3
zGjFq7<#0Uml33)UJTvY+v-`|n&3zI$&h+VNWu18ycFx72zOb?`TryY$he{wANzxel
zfJtl$o&6m6mMX-l=4Nln;Vy>P(iwK+hjJHBnxcY<z8gLh_1Uxtdvc#u>RoR&=IYU!
z1fC%-TL;c#B~sf3o~ae!Q1JvKNt#0G_SZccPCakG@sqdK;nouERjD(Q<A!^Lmva~M
z%08eXh)FgcE2&!=km5d2cv0)XiLz^wj}KS;=+EXrdL8(rx1je0hl(Q@NzxD+7ayIT
z{w}^SbokZ8Z|#nJ4UI+rqfL4lmWwf#6LhKx#3I)PtWEoO$kb??oKEI8h-DkT-Zf}~
zVGZJ`jS*2k!Ip$W#S)ApX$F~?zdPY}NB<|CVBe$E>F6ril?9(H{eg|vpC*@Nnf&aD
zMWR1Zr;8!jnOU*|&wn=X9nm$^JZ-Q0OyE9`=yzAD;e$9-48cf}Mi9?r)&;Xbi+N5y
zYwePn=MQ;|IGkRGpE~_3`D@g9OM0U3OpIvJ)<?28gw37*J*H7#c9HewJ^S2K1|c1i
zt#OE#hC(=0^uI@{s<|t=d;XIVq%LlACagoh)M3eV!YU(I=G13~6UDYa1C)<>g?CC{
z{Yp$SF)i26DSCh>L0<dIc|D2`ZcTLCIun919><~+jOhi|ai}Q5k)({EbvBO&TF=&e
z!%MDLR*$Dhb4<?qY9{+s=SW5R_i|03iA7$X&hwHV%`fMuMxY#j(`5KY#V&70w}$Sv
z^y`wKr>(-FA_+#4G=j!+k5(>+Nrx5Q62&0phNSofyY$XoM_kQl5-}UmQvXgY5{;1g
zZLCa9qi<2a+|VpVE<EG<Bx=y`rD*(IvUH(V3l0@QFp{JZq&*=f`#A2!PuG%Pz7Fmy
zkuhOM*VV}5HW(iN4h%SJdz4t@_9tl<T0M7E<N88Z{qIcZP3~Vh&Bp!gri^x8>hYEU
zFB~eIU?fQ+=!d2B{vd6ZVn?BC{Z^w3YySCC^73`n9SPdVveK6UMBkUt<ZZEuxmUcQ
zUd_E*ww_z{n1Djr(N7j~l#k<1c#59DzsVd%Fp{JZ^yJnCn<{_AZN>}b*;U^gg2cGW
zHEABmN7-ChTB%LF!bVJzyeFpocb`MxNfqWoyRVf<guW-Ypp|aRw>3Ls4EG}bMVC;5
zktB^Eh6is;f>XRXUSv@0tLu7jyi4|WiqgY6adDZn;^Q}xo)L?jU^sP_Vm5AAG~$hs
z8Qt#w=Q3@Fxa*p^r+Y&gj+Ei-aj200h*Xfr$p534r~?kZP(2a1&86eP=+oyJ#w_P9
zhg+!&P`}jI#~uEB%ylQRNZ)f)YW8x<G#A2XYx7NKdWJdW)0LPN1<%OVr3>vtyuzV^
z2}hDLf_A*KElf43*INjpI6+mjr*`*LXxo}KgTh&^yoaLqe-M4f;h#9R{7vVvy1>YV
z>&X3&+CLx9yin2@+CX)&_kG<g6aKrgAcB!3ji4U_%eL$u9ZuGWh$XFl2igT)5k*Uj
z#S6Mo=I*;w<1&az(#BqM-~I+SQZgX#7$v`Zs>pU~;90xa5h?e<h@9r4F&rw8U?fQ+
zsKR?#lJ9AA!?cZq;V|>j&hOiAa9=8Vv3q@~pg!!Zl@qbZ`hz(4j9yEldq-~DBr7&f
znPmu?eVY~YQh7eR=c@Wa{A;QK1S3frLBDFx%ic{sXwBl^A1B3;ltmFg^fckkIS=&6
zsVn9)5w^r4pLaeBbWzBtnctIOqx<6nb}!EZv$?{1hT1QZzOFMobH$<j2}Y7Mg7p15
zT>I9p?fj)2=w0I8V7$Kvp|}5H5wE_2Og5Fo4Ggi!w?c=XpF8ty{kS`gPGYQkK)y|v
z#OdY(cDksEjmnMh+&GjU!AO!uP+f2<S+Afk+Yz(n^OH2e{-X20+Ic7B+|SN1G+vX5
zb|e-_E2hy>&792_)63OX5@vtGXG-bn1LivvPit+A4^&?+!J&NrJyOL(4Wsyvz7d<4
zOQ6!SDjs}l!<u!?$o!;3yuZq!ayE_~yRy^Ieyq+R7TMsCQ$%l}J!_19!N1rjO2?!5
zv?u+RtHR}THaCwC8sNXj!4i%nWdzZbwmw#fRQp!5=ZS=7&;ivqSmd4&af-%VOVs<d
zK*j6CB9jk2YRq}HM{{jr`u(x$g@NSExogk4a_$#o%DL##Q{zXF55Y*1M$k(sJ*j6p
zi$`4F>0ege{zxVLN_|^G!}G6sMhQ&)Z%+_?zp*6f;zo9~vT}i=mhx+BwktC&_of-%
z9*`qTalL(xMID7hc@vBzX#^F2Od8znR@k^A8YB`=v5XBml^(RG(D6*u&IbtTQq60`
zBv&`$Jq0qbB~%~z294*^c-d!~JWPFGn;T}7NG|P^i^ie62u6}Lf*yor(!FWgKJO~!
zZ?yWk+5e<rK31x>U!~j8#+~!<Mli8RPj1By?n5>A7C!3j$S-O4Q<65OEuk{*Jkj|8
zG2ATZf<s{lMv^pwOvlYnh)kKOI)`A&tB)}&-d<(*H2Jpo`CLa^`TJaJ8Df!1onqq$
zEQNo4p32JY)9JktteW_C2M5{lNgJ7I4*iD?IFu*BNRmd7gyzf<9joo%q*{MnEMcw=
z+fZ2aAhURN|9OUIc7k%c0I^7q%ZMzp(Ce(H`W&iG?pjA}sFXeQGUkwBpMR#qeNna?
zhw}K3NM$*B%s+a2?3cV*X1QAG>8RD*OI;XQ^&ixByJ@+}gigFa>hn~9Z;n`GGpEQc
zTa3`cwC=GEAz6-Vrk$GG&badNj?jCrW}x45;ZW{`BS{%St@pQU9IhEUsJO#J`@pG8
z+w`Nh>P<0y{vN6Wy;v#+q9bU+@if!Xu(@lmc^?|Mx)s^HaC1TxpI}`?mTmLA?KEJA
zL%9)*BxwYts4!HDUpTM7zH9snCG)GWosQA7NBQ}*gH>7D#qI@PB_{d8mHETZf-{FS
zBgPmd*yS&3BoE)YH|P*5?>ZwR5#;t8hjJwtNzw>f31#cC2$1i-dGmsylxWG@nQa#+
zBt2b4L{sBE9^F}_Bo_I55C3P;)E}Ys%uSxAt#Wi6FRBW!ioMy*b8gvcM92;Qdt6)y
zMv^pww4P)n+eSa@>s*^sYusH)6?>walgaP2E>;1p@NM+fM`Do`dXaLB87er(mIw#>
z6<)sMV_XfzS$i^CJ1EKyNBC>tP=^Rck~D%&hXy3FS^Mqd$LO3)PeF`5c+fU@v+qJp
zuXS5OahCZovB*sB-Wg$z9lu<EpJe8=NX}B^JuYomA#vB|P1hN2|9k@+>L9^Ll15Ot
z#^Sd<Ql$#(CeK&5Z@402vYvFj`_{$vJjy-EW3rCuo8R9Sc6Stoq5Irve1`S~KW+cj
zdY^w6gI2-W<ZR>5w&eJ?LY@CTQrXKLt@MxH7h`f@Qo6I7;+xOA_}z6HXDUxLyb6};
zJH0eyUOVu?P^FugWPi6|`q<qb%z3_iy4#+vzYB#`C6ClE?H@S7>)&eDqJ~2`5soBf
z1ReRPBP$(h6Vf;}#iC=nlqxN6etwU=LHV-Q9-bm&6w%)*6fJRTa6CnUBfGCq;N&Og
zULMuH2H&sKNc&P<hR#Qh__r7x2}Y7Mg6OkXzm~M`EmZir%jRr@)rqVh)BGJb3l#2p
zYhR_beMd`7vd8KOUHicyGmQm?M**~*lKwB^=C_%k)R^tr=bVeZjBzLjf{`SRAO_i?
z`w!PKD`^)}=F?_rxNp97jQ{cawbT#G+L&OLH$-3hdsR)nT?X0yq2+dmVEbhgH<}yD
zJJ1?lZ#7u=aP*2=tl?1h1S3frL6J^-a|6y7B`}DN#H2MG)43&jdReWg0r^cSDQGx@
z@-i{WwHF3jN!JWld#;{UanRDZA#hXX-H$fkM-v7slY(D5_;DyZf{`SRAa{oF!IzaX
zF9(}O_f9?K?rBwZk-d14_IwjnzRQaiTcUF^UnO;ZJdn~~V|FcyF}rRNm3T?fDJ3_z
zFd(K>hb#UN4t0QFBuOJ^@8FY-GlwqO+#XMG&3_-KV}AR@^Abs;TNJybOKt_~auJiH
zyz}C7E*H&1E2Af2Z4;5tlRA)b4|sjE=Gi$GXoutRFQV@Mk4QDN8s;Cp9KAYJmwAJ?
zRnw<JH$3<%vj)R!8hPKd_8B$nho!n!ibRM-iVb{4T-c!?@-!_yzbs;3x*)?l*RXpb
zgA6@apOuQx-Nd2x5soBf1ikgNvpsyq>zMV??efbu&u8AH9C8Z@WnV>RPYPB{9GoT=
zS&?&2Ot560;&SuT<adb&HGar49b69Udi-#ww!q-0j9WOAEx|~VMi3*m^Jb^jHrB3_
zT#TmUZsgjx4cx8^S?A&;v9TQI?TG#sp{H5lA<4O?{1y<EhqDB=hc5b^lP?~fYWq^6
zGA~w-z<*0?Lokx05v2EQ`K{ml7(dqkuxW4KJVWA>j;zGHdj-1rtKT$pdhipIyfL;n
z<<YR^+fP4T^B3G+y)~vti2r!2$ENz%uRU$ijN~|!HNi-dMo>%ha@38=X|LOPdUwvS
z&r96symLbOe${o3qCmzLnmet;BDZ_FeGsH(rgu-PK<Wr)Ro!aMrs^4v%Tv87s`Bh@
zw<iu|MKF@25p;g<HHs6LtbZo;Z<9=t6kn5JyNVbTefi|NNYUtT_nj)lBI&F|v<u9m
zB&}PYF6+E=-<4Gu^y6|(_u-QLsk(1voZjM4dkIF8G=e;u&)~*v+2qds@-2w|6eYi_
z;%A$$|4?6ve)EAVYtP;hi<Fk$5SqDgW?+BHIQ^+OeTh1Cl|9Sf)BFZCxTm>IDK&8@
z%m0YPzbEgd_)p#utJ;^tyklgK(lt}z_tYu-o0_YOvbQ5mJCCqZrRUu(dqXTzbNbx7
zPo}c7N4#C7q9$Er4j+Dq|H~`b+EY$e1#OSM_8o_^ARI}`2#PA+S1?v_gk6r~g57sT
zn*M-`xtY#sOhzl8t0^WBHo3$iyCm%@#{G6^_qXoaaqo!nX^UMtCr?W)_r`LB`$r}D
zQsGeM1S3frK@<8ktFLu^Oy*V?*xTPT%{bA`Me0_?DYT|o8}vOR{<k}rUZrn%ivC<&
zvDSA{^lHY#hDJ;mUG4dMN*KfF%09hh9LkJfBuOLa5jL8((Of~PL2>A8r6z-9b^Vmk
zhPfcwv+~0Vwn239#3b#*c=;<0zRRFpu9RPuU968@?@@iqihBC4*^oczVIe&ZWlAuT
zq!A=Ob}kBg?Qv$b^>1>zKu2NgY2Q-^#-E5_j@hWIrx(x@i(Cl**mc(D;`;s85eJ^*
zf=jAe&&VFFAyf1P@_&CG6XeCAObAAjG=h{Kee^@DM+Z|-Z`&6lr6jt1^s{Q070W{7
zN~!&=6ZU1qA~)_{mXPSZn8|hQz#+4*6%v>IJt%UvxkTST-;E^qV@buKj0r}PG=fA^
z%G4&V9&d_MS$H2_^uqGPAoJs(vH+Hz6FbMRh%pg;?mj1JwG`KM^GB@0Z0M!E+OZN<
z6Gw+fy7oSf*lsbi%Akis8U1^tl82n4m)buWL8a!pw^M1#Ml#8$m!#=$y9OBjQs>Y9
za^>NXmuHw+ehv|nyj%O0*O^M>tGC9vBzL5tOov}eyQGw@jrLrLU{3l~cO1%)a3m=s
zC}(Uza2F@X^MYh`N^w__ti}R+vG~5PnFH&W7I?`I6MgCLx8nKKK&HvZ``<T{dH2`T
zv&I&V45bycJ3JE9McRin;7|qxBS{)THHvEs?1D*8_+^)lUqAZO)%A5v3fsro>qSCN
zF=jGlrNksP257zdhA)~Pp0l&*RG<jESpN8a<5_;CbIL;x!sHzv;86MmBS{)TBc|xd
z$S&HMh%8f+YdnXa>IP2k{!t(NcxI^UjAZ7d6|qR#*v_XZLw2{1+;~u$oadC@DlW1v
zuOYUOXr_Lt;0ya+97>O1BuOLaKpy7H3CXMP+v(_sFMR(YJVE*WsD7}1ODK<W(dsjY
zabl56r(=&-##lQQGu!OHbWCpjtEFoCkIr|E4ddaKcYEcZ;83~*BS{)T#tkKO*kK2=
zMc)#!BY~wgU(@>EG+Z)RP84BX+{LU%^iSxBe9{h@yI7rY0kfL<WlYB3zDkDk-Jy>a
z3|IPdj;zt(U+L8$7)jCyvY;}|M(e%{*SD-fs(w;xI>cLEU;adBTlRgfgbZOBX=0KO
z{C_y6NL1YqoYwepbg}5+$?mE3a0x`(iPHDC`EUJn!lAVPBT`9K`Jer1jp#W+Bh99L
z8#7fqKbiG7$yKWMD1<*>t($D3sftT$&?gqj^XgLIwuPX4YlZCIy?X`~AK#(k$yDTv
zAECO>{!5v99*6pmzrs%GzeSQVg3iTxwMI<K_w^}vHqkAG^rKFQWUQ{mA}ZLe_a#f+
zEG8C7u1a2qsa`v`w9cwgnyi%Y-l-UUD}2z-C+^j`E2cXHaH#+I8|?mDBuOJEGVF1c
z)<V4J4pXD{Cd`b-nHd_F*t=Kzr&*;I<?g@NBNiF&{3-ZxeT=hsiZbuRepXH2*1M4j
zOS}37y&fT|%L*|#)NaDNo0LDkii%R5kF6e4n5QYG<#f9nFK|k~;IM*-O_Il>6DBFU
zE)a|4MRxu0c~Z$a!rmIe%O5Ly>y@z3rSS>di@~Q#1J1<Ze<!LY!AO!u5I3KI``j6F
zLt`bqw*S@MnMXqvK74%a`;s;(%GmcY=8i#>tt@FlA;R1-WZ(C7kkCTPR;VblltM~L
zDiyLtL`jMwq)?PB@4UZr-u&>MXQuyefA%@o`97a}eedEv&)t|UH3)UI=2)}lmUG`c
zQ^%&;#y~6NSn5^u_$i-2&tJQ5j@Y|w|H$ng)|pda_^ryRCA2Px`cAI~FeF_SWIq)n
zeVe4cb*lccl8do^`-fBVa{`w4;}rtz^zMFU{X;8cM7mq2fs^j9g=-n9Cy&iFu*GrC
z*R~FhvPW+@$vN<97X_^j3`ti7UEjr!ea>y+D3j%mVe1_?AAEDmG@IY|`hH07&TfzR
zcA9epnJ;eha<LPNn2}O26P?4xapq_GGFV+%qiG@;-zZi;OhK!y42g4uh$PIvTm^A{
zvFUjs_b9+KXWbngvl>l_tJfY{ohs7x)b9|{x^Rr<6O7l+TMQVt$xOKfxZ4Udu1z_m
zQ*(wiCy}}3&j_E{eq-vpY6NgddMYT`v(Y+Q_>vyn6#MMO`cKpuP7$aPeg5_8Mzx<A
zqg-j87BO$~PC7r=6&iYzu-HkmE%c2zutvyqgsEJ1VOM+fi(U#^6&RAP3Yw3%b**qF
zN<G7vR=kzXWg}i}A3b1aB))ccEN}01pC7c2$-&>j2Q8%2a+MA@8QlDmpqTi$S84v}
zm@LB>GyB_3q&x~54-84yRZzn)CA%bC%<TlqQ?x8;_YE1|?oV-pXemOG#>Qrghcs`*
z)(RHo4}a4)<Ey>a>1`v=QP~l}cOc^&>(Paf$l>=%)R`m@FeF_S^yR*;l8eg8q9;RF
z3^ZifC)ex#w!12NUZzr)eg4cbLI*9Al6I_BAMf;G*9vy`JC|nZtYLfQHx!xGcwimn
zq7^}`iGs!fL()}2*$wx092==&GECJ?KFSc4<#QlI?KXEOb)LHY%Z3g2YH5Y6IK9~1
zmd}hTx!uyg-(mX|^R{0EW1$^C-g}PJn13Sfrl3`TA?d0hXnjffhD?v$5*bcL)#&TZ
z41d;HhGl)7)^QLm^jl*@^QqdGcjes}x6`$pg?IXfj!aBvw90R+mJ2S`Bx0t5Un}ZU
z(AZTW)v#m&{4W)h?!{s<q`@wBDUWZ#3@55sEIvd~EE2V@U(<Jw81;wdGF)cT<6|bH
z<l<X<#f`P<1bHedl}p6xYYcS5t~x&@uq9E@%HWXnR1mu0xb&bg-={PgJAcl`XUYS;
zF<sNqH^-)L3@{X_%F#S`e{Xo+Q_B(W`6u8NBQzQzvG=OCcbbv%z!UE<hdsA(rzmI)
zFeF_Sltxi!OVrx<bd>d)Nuh?QKez1chM~pzmb$AMm%i<sm7{e`TBJ;L=cKQTvM)!O
z>@SRxHWpHw);m~?O+z!x^qlxiojb1t3`ti7^$6f<4$hxtD~`HWyJ)wrzxhmN8Kpg~
z_Y*(2x_Vt3L@Q)Zl*F@*Lf+eT2^Vra3l*i#G9=}E*t@k^To#((u~09epcR23>8hYN
zp)8ogr;pt3{Cbsz=v{S=`)kXc3=^xl@u&F{K9CsA*BcTzGc9ijf9d1l8g$5lMV#-6
zmh-YROpdEJDBVsojr~bMD*!{%RY65+F*b>&y%PpauYM)pjA3+*DScopRN2mcR<x&Y
zNQ>r``9#s}XOY$;0}uRCQ%$;)XOmyGY2WG(b1d%CDvymgL|s}&9vG6Y3Ti!a#$EI4
zw%vJgNmfM$lyjGK=2Z8%Y~?iF!#o{#V{(Dk?zVKUS@XJ0;6=7}Q!75taLZ(of(oUK
zQft7^muhs*w1|S1TNRS}=7h>Wy%*F+;BACQgdaO|Ta3mvc46NZUNw@zx)rL#f1Fxu
zYY(Iq@|47yAl#S0j8{0RA}bWfyHPpg>O=7*e%z<YGGS)hsgM3-!6E6XpsFK6rKfMA
z`i0G<{_s1$d4J?n_4OX_Yfw#oXRYA_G|hXQ2WmI&6b9e?6LmCNj`a|y<=7PEv`vg_
zV5e&ynL&Q-cM4ht7?Q3Ea((OA9(YCUSf^H{8#d1FB{}eObJh4hxs)|!S9d>+bD?GO
zam~yR&Bd%|#K{r6wfpA`BBHYo$ukV{-)IxtG213ML_tdfL()}29R5(>7ek#0E7rss
z_l-4N>5?6_ecg9-1rAlk4sXt(`HM5-Ca)_p^;*z0WCDtP<9j$*!z;*Uk6Pu{K-aGW
zh5?%>XenSwx++NeysY%ZP{n~U{*ASd-{3DRbF!YqYOSqNI=NAGPOp~cR2SZ9{m&Lg
zrEzCxZr^LZ7O2&>_TpsBM(5tGfx@`SwhPoZQ6+&P>8c>L*zd;L^)Bx=UA!}>{Ber=
za`c;FyBosJ#^ZmCG)<&_)7ssqvx>x87twmY*-fK*3AsbcETcwh)lipR6?{LV3;s<(
zO8`UCRYBEigL2koN0r#FZToJ0PbYC-&jQEyOPfROC7N+$4u&LJArGBZmgs%HDP=dC
z!OuT4y4mMHNPN|<;T?@I+8bWa$Ua3ui?0l+LL!l2(!X2<m0ZskaMDzgvEAolB_eRM
z>^{$U^9Rf6@}mkzy&m4dZlD!%uBy5>d_Xa{WpYmJ*=8B8zRF`>Q9=BRxt-br&ojGC
zDQGcpNO~%W^gtpfUbreLrs3^}+rv!T``N8X<IT3`VjEOm_5U`((+W8%Hhh2HPt-N$
z9DG=fo$vBQw&M=5n4~>{lDSs)<6FWhXf!Y+T@_S3Wox@PCSf+AAdmeZDxEBCL1~k5
ztaD|Ke$V*fEH0Z?NRc=mt*qgT56ll|$*|YUYf}0%;@+!wbm#7HJrneR+(SW&0z=YO
zL8Kx$zUGlffRo56iv)KozTmfbHe3;^QGCo_GJcIX7p;)%rpwrej+@K&@NXBwsfe7!
z7T2ees*IfvC-)^~)@OB5(A$6^>8haGVee`#^icGGeYkTaLsDan_-x1fn?Y!vmcWKB
zOye}Kg1$$#n_W!NKp9_)4M-x}X2kw!?Y0;kZR!#{zBrdzMSW(z6&RAP3NrbI4$BX&
zX|?|yMwzgbeBB)DC1=E+qa1I0<=1QJ@d#Qb*$r$9Z}fCdH7fqd#Q2}j74)zV%R07j
za8bW(k-ddXeNjXN7?Q3E8tn0GZa%l!F5{-caqY5%Yzs@H#`2vDT)*OXFlwH>YECQU
zv;ZYVaK`BPWJCIV>U$ECiTvd+<HgQp`8I1VG_j>0p`e9Vg~Ss{_<x$9aqm3pX=3TU
zB%x^ZM9{jJfsOXmzHHc{Zu7y_s%u7z<}8wjOng^gi^iQYW8dR+2O{<)ep7XnJD?DF
zkxRbQO|v40g5ClSNlyhmR@k>!@NU+~kZsYmIXApEiMK0MOO@k|utsu>VREV|Et4{`
z&(ctNav8M_tt|F@%7?scp0r$k(QxVbE@vsNz48+j^k!g4x+)0k>1~j+cfzrou@`pv
z{M74MufI0xeZRYjK-SIDlJqUKLO$3K$$R0EcJ)s-4-*NC^DS+=atfNY#P*xkBvd#|
z<Ei&Jt5&8|S+=|Bc^u6cRkuSb)iY5iv*Sy+(}#4|!h_H1h;4UG$k3%ftrIkF#DdON
z|0?J|5ewgYjj9y#*Sr#ho6<fH83kL)D$gF>ewu<_wJ_zfkaSg$hEpZCy0wmYbpeVw
z^tODN#aLSOCG%L>r!Nc!W)0G-Xqh~LYrNH^aoU$%p{{zCp_NVMgh`h<^UoXZ73}gQ
z0|sUk^s03!mxZLOf+mg^YqZQg{F3-bPpv>c5^HWK{E0bjlhw<ucU~pPHs;d`IeWZz
z3&;F?jPW6^l4DWN6KnA8f@4`bS>Eq8;L?{)q^_5`YFWx<A?d21a}BJnp6fjh?V80}
z9G-=*+}&s7(tWsG;1}O0Z_^pR8?-|19ZUD+i!-jMDXdYD{*fg##G0cr7eBfw;&P;P
zpUw~JrP``hDOE74SV!W&Tm>1-N1d+EcYp&OIdpzhke}*rs-4VAo!ea98X)<7IEdyw
z4y*ZuAHP^&MkTHw@5ub&nJrzjSAy4E4v@N0!e;KxLw)gh)uNQkL()@0vPO3v6;(Hm
zJ#zDv>g~uMnfBdv$=D!cv?oGIqEShb=4o;0wms^VwX|gK(GJC#yUf#J=E*xQXz$#@
zRqy`MYV1rP1-)ub%4H$xs-TDKe5^QFHIp9a>Mr`_Z*O%Hz1!HUl$R;HaEs~v+e@*u
zcK2BSX?y<?O`XTdiRYs2O4pcfyV#I+&=OVjT(9~oX8m3YdhM#7T(-OEsh}erhdZ|E
z_lEt@>K7V~(~tW=;x5SMY}Kw$i<>^B>Dfao<brIq%v0$^Sw2nusiyVL<EKxs<a7&*
z2T7?jzT#A8raq1q0EVQif?f%VJ<ejte3k(fJ&sEKVxpws{8<;hU1RTcvZzj3J<WG8
z4AI*M7D^OigjiBp!i;yk(=5AiRmQmb4adg^%9D!^zERMt7NlIZyXmT+S7K@XOi_=9
z_Q`D8ko=`Hes^Q3syy$^BgS|MondDKn(y=)HO)Ut*g35EuGB31_X7igeLvS)zG%J@
zqyN-Q{D6WuGX=eBJ<4Sv>8hX;g&|lA^g|EZpN*ClIr;sJQJ04t6n{4GbM@Gp{%T5~
zwYyzs{XZ0l@5$q(FrWYBuJM`p{ac+#dtQ?G^V(Z6+X#3Hns4Rq#uD+$4*xVkW2*{J
z!7fRju>-tG*XQ<b{c6a!?m^bD!LcaLa{jl89yAxfcE6iSxaBdx>~(-V)o~<N`Wu<?
z#g+Tfm_tVO4Y|qW4HPslI3zt4^s)Q+83D)6;_3c5&(t=~a+BkjJPIyI{s31+4v)Yk
z5n3iGZo7m8`-_Q*j*|oHRJR3<a;uMMl|QxSFz-v4l;foSiDcDcl*>%gRY5&h-lo5>
zW<k|_7;n<<^X>o1@K$eO3io25;7NiN`y$QRb`zTpno9F_Z?p@KFt~>?9&|Ky+U|6j
zV6!vAI*;q(J?i7=Rclc$3rW|FSeXTR;e~TvLQRr|MKr^ZhJH<i9tOgFU=ExiZoR#b
zOUq=w_03?ZDfm}~aOPvX#}ykEekt7-?Nc1@)$8}ch*VOisjgaza#={aD#)T7-#8)U
z^u6mMG@w!X%(CIxq<;PTg49Di3QuOAe*8u&WN~#J?!w)0*>n3&Di#-SJ25f+V5<2<
zfSl~w7z(f9N$QlqRVz_03rSZ6<(KfZ78NqGdVG%%I=0@Eon4kC-0|lI*;36XqopIv
zG;hTC^&=1RWhM1h6*XWmwJkYBSTEPQLCW#7Xx+m*`z}zY^RHTna#={aDk$=uXt>-j
z$UIe`Y%r@HRqa`N5O2PJ&!D5N&70&`o1$r%G~i8$Hg09XVV|FVQh)zLMLi)^O6K_0
z`k@&4l(??SehPZkI+R$PDn$OLKgu(rdR3!qs>l}<Mhd1<el*t(P3keTJ}4m*(_R{W
zvVB1-WNxXa|AO51{4l<z)}I8nIUJX8oxOo?OL(0^d67mS^|Z*gs)Ck<q^E+^ttcuB
z6(^(ojvZr_YY@pR*mS6)NMW|@-K|h}Bh_>Bv_gKfk;F2H6!WNt=BgQLp_O>wL|O$r
zy>(VZUM;Nrr9~kH%?b=jR|UnNY_0#n`};oA=0S_CN)}aK94yXSYuN(aH|}Y^t=LcV
zV@bCp&E?N|H>|PwaB8?9;rp(2r`}0TJK1eqY-FDyiuUqRKcxZ;Nmm77Qxe$Y6*W~A
z<E(AX*^HQ*qA$i}6^`{pt#vz+D$r0s%cRIx-fPZ&Cl7Z;{WfgkJiyD>Z5}iSB{Udo
zjW^k}#8HpQRclZ#J0|I>AXD@GANlPwZZw~I%_bu>Y%iDI$lVf=Fle{C!IMRg&zDxn
zUt<nBHnsN*Io=6MuXFDFQySYozd^L(soDXQQ+o{y_1wK`3Cd+5>8c>K;A58&?$cIU
z0UG|^bBUHFYISw%JAxkB8w@eQT4r^$LcV^r>%~dt+b=(-q}iqK%6eJTVp=im!t`qR
zsfI(Oz1IK*y=n!@Wg+RRppOns<&y=Z-wf=8qOi@|lH+r>o+D|y2o>w7A5BTEqxlX-
zpYg24CB}`Ux3l~1a{BII^WHasKF|?SIq}KDM*N<s0Y!p=MHm;o&Wq^l8|dldkh=pG
zX8mARe`?zlPe_|%dR!@i1w)}=+?T#p%Y(6B_32tcyU-0IzTdCZ-c6o4q&goZcQ?b)
zPFB)e&rII1{*(FtclO@Q%3&X8z(8hVW{_p(&E}iUGQc@ZGJo`N?P_D@SM<Vqo3gu9
ze?B(zTyrYjjg$J_-74oqROF9H^~lYUm61V_ossF0RuRMqorrf47bE5(Y9gY-<HMaJ
zn8Tk%h=qR&F9<6QOAeO{`x<T(&K=eg+7)^y%rtCWn0J^;=+BV(kiO91P>s-x(8Hly
zLc~K@LN0~CArC_+A-ciF!Scb+gA;;32VV<z3GxXt3mOl)8O#&Z8gwQwGcY7*ec<aL
zT;O!z-GJJF%YoYi76PpUg#+IE5Bb*zkOCwEq672-Sp9kZzWFEm@9{76clB5BgZwu5
z-SYGGYx7I-GxxRe)%5N5J?}f?Tjd+-6XWCHv*`24SH!2^C)c~k`-G3A_ppz?51V&`
z*GsQ5Zxe4mZ#Qp6ukW6dp6y;fURbXbFH<i8PXUif&lFEn&oWORPpk*lL%^fV!^flD
zBgMni-P9fH-tL~_KIvZO?&BupI_vV$<*{>-bE2D-o4Q-4TcumNTaf!&w;!&eu8gkP
zt`V+wt~*`dx>h@Xac*=WyX<n2a$$GLbBX<bKX{D%Ct?6GfEYjwAO;Wvhyla^VgNCK
z7(fgl1`q>?0mJ}e05O0VKnx%T5Cez-!~kLdF@P9A3?K#&1Bd~{0Ac_!fEYjwAO;Wv
zhyla^VgNCK7(fgl1`q>?0mJ}e05O0VKnx%T5Cez-!~kLdF@P9A3?K#&1Bd~{0Ac_!
zfEYjwAO;Wvhyla^VgNCK7(fgl1`q>?0mJ}e05O0VKnx%T5Cez-!~kLdF@P9A3?K#&
z1Bd~{0Ac_!fEYjwAO;Wv|72h*lQyHTvlI10y*_?+D#|1kRiYZ+4)eeNl(AUULm<bX
zYDAcJ{AYVta`69c4lQkdAA~WedmxNQRe>;sx(mWM)Ey93K~;h<0d*UMRZ$fyyuf%h
z2*xc9yd20esIuih{y&?mENxy2!Wh&I5XPgfgD`|D0bv}f7=%?&MIcN-6@suT>e>n~
zL`O$eN5`ds7XUd1mB0MQ|7UaZ(&l*}j6vmsFdlUogdx-=5XPY{g0KoI2ZRZzY!FsO
zWv%q020JJ(ecKjw0muoc^B@jGs7w%tU{nT(!#Gqrh(knF8i?aDsMM8QMFm5`{{4J7
z>Ku?0P-j7$I=&PTr;hIoh*QUx4C2)BC4o3~e5Y4%HIk!)1Ab|Ir+}P*Itk*`@tpv1
z>i7~toI1V)5T}kW9>l5RJHC?R)kv8CIzHoooPat8;?(iQf;e@2F(6JIUo?nQ$43Ei
z>iD8Wn6w%G>pZE3!Kyis|L(s?ASOhBFbsu*Fa(EzFpLWYVTc$4!gx&Z3QSOgaj?VR
zfdv6EArORNC;)^Z*dK&poF527L|+ibV|-R(6)YLM)F|FSOz;9>81e*R2=)MB80QYc
z5YY{U@fg<?Se2wk#w{I+E<j9h24NUF3c?WV1i~=R5riQk8HDi|hm{zwj3qC1BngNK
zFbKmC5riSw9)zhEb|4H9Z9y21IkE!d9bpW#RE{=4Ot1!F7&;8X5Nrj)FwPQ$A)*Bc
z<1vR;Vl|8!d8s@O0x`iHgki`Ggdx}zgkjtP5Qd2RK^TwOw-Qs^-Vyh=754%$!32b1
zXb%WOurUb3I3o~-h=w4H#~7@@5J?&5sP=bYyMdUn3xr`vAA})T4}@WyE(k+J9T3K2
zv{zz?fd8)xterqi*a5;Yqy@qdtO>#}ZaWA=L=6zeW7Jn*oFhaeEqzj64TuQ@5QZUD
z5Qbnp2*WrCgdrjhgz*@al~@f+Ccu9WMJx~#ltGyKeRvRtU?mWSaf%=e5fwlfkC9)A
zRWK?lOXo2;ASTFyFbv6nFa%43FpQG|VTdRR!g!3t3ammRkzvx`Jthvs1TheXAv6d>
zuqX(_xNRT|5x0Uc9wV|6<B25v(j}EJ5EHh5Fbr)5VF(riVHmdwgdw6J2;(suS7MAR
z){*#kk8J>A!g>&fp>-e(!D~Sn#tDEhL|g;Hcntpvj3wfg9hNSs_<)$e3&JqO1Hur@
z4Z<*v3xpveCkW#)94j$S6(TRyJv$H+*gzPDSV0(qSwI-ZF@rEfWCCG4hLMX&n8S<c
K>l^6l<M2Nw8@X@*

literal 294912
zcmeF)2|Sej|37+rcG-8vAWN1RyAVS5$WB=XgR$>xVIoAKWJyulkV+_7LY7cMq9~L~
z5=peF&>8Og{@>r<_j~>`bD#4#=RAJr_ntC7b1k3ibv>`~zCLpq*zUE!MPd;?A>l!o
zNQ5#)G6f|ig&qPyK|!HR_+TJ>{B@%vG-&>MK=@4gFYW(bQ<*}+(S#*wg@Qg_n<C+3
zQfESC0wzH;emq_~{>uMuC72EZAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0{>kF0=I186&9w%
zZ;!-y24aJ-kr+cvB<8Qr^aeIY`gTSLJN;c2Mu@+rBBXKN2x}WtOMM$>gt?J3!hVnG
zUV9^i)gFX_)t=oJrUrHh8zXBAeFGyo1mQ1J2ciG?q$HzAPseK@Oi6(Y_Qu9Wgas02
zx?`duLpC3~|JA=c`mYwlE;>41UNOpjn+tdaU~t~S5fRqmxM)lycFUjPO!pWXIUzP@
zZbbNd0faOLjZ%`)quuPoakGy=j3+km??veTOCOsv|Dz9OncXyWyn<qs?tjFN^7O}g
zMgH9f?SJVb;*Z(?(F+=dmNB5F<K_QrZ*UP2QP}XmyP^3n-TX24KYGzX%cR>-Zs8RZ
zqs$K3JY;`&@OO*q&#wMBY=2KD=fLUjva+$0Lts#Z55jT7C=ouCH`<#MHm0CACTVOu
z)Yy2avH5Ug5e=1%JJpRlwT(OVjXRBvJI#$d%*LH3;ZAe2E7TwNn?0g7`aq-p*v>{T
zXw*hGXw*hOXw*hWXw*heXw*hmXw*huXw*h$Xq4B+{h#sv$hX<E(jV>3o|QIxR@&@Y
zX|rdg&7PGudsf=)S!uIp<;``KH`i6(TvvH>UFFSn)i&p<ZO&EOoU67uSM86vn?0*-
z_N>0S<famOlSyfFf0a-h>nd&TuhM2_<<05Jo70syr>ksEQQ4fL^5>L|t*D?jwxY5r
zqp~TZvf01NX8$Ui$3b;-UDeHXRX5jF-Bcy?i9#u%H#Yufb0fXR##Gei!d_TaWff)B
zjRpQ}ZY=O;b7Sj&Ha8;t+1%LMKbsr7{AY7R^v~u7>mSWcpFf*_ueK@m=hVMfQ~Q_I
zHV(-j3#k8{LH(}`YJcY?H2=y=X#TY<q4_V%{<UGk)W7l)ntyGW(EMw|gyvrxCNwvm
zY8x2{&5h^VpUsUY-JebGznj><n?C=mx%s5|V_DC?<9Kew@m9s4yggAU8D%OuUSqNU
zU19wDE7%?Vcbl4U&Y|Bp@32G%P*6KnP&ictp7J#R?|LSJ+#mn~AOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00RG41o9A+cq$q$R#v%xUz;mjg_VNvkCl~zf|Y|Km6?JgO(2!;uYZ3n
zPME*3*#C`ND)Y|W?@tptpr)jZh{QzVysUA-!MI@GT^R3;Zc%8oB1)c)+Mb4*c^fX+
zD=^9%D^K{9?%p9m7+i3KLg*h$D_~<WL7{<I1+S1GHQ%!>9kbM{U-A5uAG0$hC-5vD
zlp8mSOB61I|LsxTHa-kzW9Vglk1sVucP8zBt8pXHtRGp^HxhE$<+<#nes70qX4i$f
z_HSJ2Uj%VS^jnfI32Ads8Qx31*kz(j`<C-4CEXx>YjK*CN7Kyt+0P;3_nxJ2HomM@
zPceEvuy^F?#N*3-+C6mh{ix6nMGvPLFC8D1aY+ih*Xn~4-Y&o1Yij7sbnn8P=~`aR
zsI8tmZ$$K|{4^g)<HChqIQk5F_FV{EQKrHA^wF7g{3Npe@|njeQJkWA+c}QDPWyRK
zQix9WapEVQrS$$Mds4QmHsrBIHsxN)>cRL*$kwa{d2+Gvb=_^~&gqOybyPANeUUa}
zuP7|SFB~T3H{47~L5Vs<nSu(UV~|ZVN&C)1Ny~!rK<WSekQt>ygW$M-fcZJC)HQS2
zYhCgA2J5@-1YAkE-#sE^d-s%UuTu*ZB_$Ol0>wy2|3@!W3@AZ529GooN-Q-Er7R7r
z1x{*<%UaFLneQ}(nu#=rD7VIzQy;CbcyhZB@$If+4o995CBNEU;bM1%Ukbr2JXZHK
ztwq~!8m96mTjLH^&xfh|so&At_gM`cS*yE-Gz~-vEKF9tt){+C_?6lRDg3SW<5k+4
zyHzsj#<aIf(#1FQZI7clUv%WWo533`y@|p3>sotdX61Z)`=ay?N*v|7;C55s;gL6J
zj)y0Ny{z&3q)cik5$I=1gZ%?1tW1=juZ(-E8~c4KP<<$nq2#ee<DnoAwan5WEj3<<
z{sE<8jkz07&~@gIqvsWJ{NFKVd>hPR3ilL_PY?{agrhAAE_mmrHo;u<d%*wDm3XF3
zcJ!fU&+dQ=R%PQjlWXyEwJa*LobA3yhNVX@^myM@vRs=uKsXFkqz(hWlv|QH9Ygd;
zojR7&IX2AJr9g`MYg$69%7aE{#hWf94}<QRh!*MHPR`eiAEa>Yr@`mm*JHIwn>+dQ
zT(|A%oCP&^?s|7s^n=d%hvki8>J~XKANve14er<z<10|qq?~o#b4u^NO`_w_mdA6t
zAIk6IbmZ@7YBHW^8hBPL+atDR0sl2UFL7&5TWh+!_d)L;67KsA?02YyIG;Xju)tn%
zO03~`q=vlr{NP79O54_7NAp%k)c5$C9?~$l$g_Mk^{u=BISNuo4+OTI%JcSg*3MM>
z$~!9h+AGo{?e1WV9<>~AO6mehg>p8VUa4$ad*KcW#cgc_g}HI-sk<qOPy2mNKm6rd
z@P3_Z-@sn6(g(bfzg^rgtmhc<LEBMMlv*iUzg%#p3~-s6@EJ6B7TW7796BA>R5l)v
zXN=I+kSTd7T|f1-Ue_S&{ZlJhb_4e8s|lX&>&g#uUW*KWKbc~iTD$7qKEG&&OB}<e
zHf73+bXym_r0(f=*y`(P_&dBd%<9Wb*OTrK<R~ywrI#*MCX4(~(woLRzT6d!Wm^>-
zPGUM>|J##i-GQB?LjUZJ&c+C;dkUAo;-yRp3ZEYpQN2;CJvc%C@Y(a5LRHJ{sZ9FQ
zvvhjD#>yTIhL5;s=B&Bdk4Wm|24;Ozw`*j+mu?^>RCI*m2AZuJF_6RW)$rlMDxVYD
zK6s_)_^QH{FZmaYo~dapF01rVDaMXIZcX@EDd3K;o0-TGWh(S~$wT?$MEiWxz~IUw
zeWiMbQ$8M^&Qj??7Z1^XI@zJVg&YM><hN&UPcC82U&$g0B+s5}$}m24qom4CIK}k7
zd11kOk_wXOFXcNPpGCa;sCd$7k)V)yXlC2%mRHz`(3I#N1=+<j*#?(otRBlvxN@GB
zHdB+9IP}%+wtd#9@FLf7>YkxnQH)MJ(sX`HFQh-qNUdE-m9FLQ9nH7&!&C?k1|%3B
z<}FxYotiqy5?+7NAY6t8uXbQbbM#{sHx*O-?3;;`IoT^i%8yJRHa?1aTD;Zw>HfXe
z_l6siwS%6xv!{o)mE9#r!A3uKc#nJBujjP7sso?-TaYoi#dn80-plRVpOPiY(oIr9
zD!!xi1oK|gr%Sxug;4~BSN2_Q5(iCmmANy2`DMJT|Ex_lyxrDLDNH~<{d<0|(Rjps
zN=4*~bX-D0MucGtt^9ygj~hSh+yUCFA7ww9jZ|#+4m=vW!aq&fFd|azE!BCgL%6=|
zd*O?;7cUDjtlUk%H9spTMZZwGdN<GD$8J9R&ad@J@m@3|k!5n>`4nB-k5m?YzS^A|
zK6&t)=Z=#!l!Vhi<^S}P^+|JTJoUy9O?qQA^shIr6tn;L#%L}yLxgP;#%S1RTyP{d
zJP7NJBmBjmjXWs)1eyuOurWlV<D{~;{p$feCzXLdng_+TF=q=Wi)Bbua3o>OhH$`P
zW6<I#v5o1BoC201@wmW13_>1Z<bd$TdPeyoBC!#X2*S$3gb@W{Atp{PTdY@9I4&{{
zVHE6(3&vu@2_r<b8cJnjHZ`X_VNE;2I)sS`X~I^*qaq?>Lc$~c;$#TjC<YV$e3A|}
zT7IKjc`w2r(Lu@nudxmTC6BO|A0|AI@JE({^){9ubn>sG$vm^tAwCx7%KU(_a@OjC
zX`Q{a!~Z&(yk&Z1e+k9bW9(%=&Zbws8M-v?`t!q5#&gFuZ%)4)x#@7Z-&=Dv+9Rp%
z?~patX_59{(483e8g!B2ilJ;7;~T~7`=J`}WVlz^|H@H@Fttp&&VEBo<IcUi_V5}u
zD_j}zuhJOc_Y*4+O%F5U@xtjcL<_yN3@DSF8|Z13V$sNnJsbEk_Bz^dLAuK=PDaD4
z{JgA55u@5g*6=5B_ZuZ&uJq)oDX#eymbXV)xE0>_?VOtwxSo0b;ebjeC9Z*0`ur%f
zKml`zvb+4b)2F?4UD}#VXRlP^-+R11m~O%}X+L?A_a~qA*=Bo-LHtF{#H<RAOqG`9
zSZw=|w-HvgGPGolCYzm?zfzXuJvx4uW!Cnoy?B(U^6IN$jqB3AAG-%bb-t4<SI3Nd
zSi<xTDc@C`Sgn4rF`A4X%Nv-e9!zwoYtVZ*+WNSzqt@lC($7=0jard9mx`nt7Ab!W
z-7d@X;C0PBochveJp0_7(AHW+>v`RSBieS~vhJTe<b(-fdoS^Ocl*VnkJa0r&ZTBg
zExy4%J9wN6i!8ICmIztvX|3?vGhCSYZVwJit@OE9@wi|-Wf&r*{mhxCQnbQb<wJIb
z-a4zaYv1wW_-lb8#W%b3_G@Zot+%KI-ey-q>AB{-cwUj#IJfi4ZC8ef`APOQGksPM
zE3;B-wH4clA6dt164)N2{WPXtX?tCfnXo^*ojShJeDBKQ*ri*3FL_PUx%rj-s`eLS
zZTI#>-|3D1=7KM}@PgtZpSh(&)8+1lbBE)FTXsD;=wC|CSwktw{o`~!b1KGtn69}`
zBTK+CdZ*C&TZazIpS<&Vhdb$U)OEeslGh0jv-c?8ul+PnIBU>#t7_+K&cr@WS=B|?
zv-a_SslES8#cwcgM{~g}x4fd%>*#p5?Vld*RKuT@Po|v;*VYXlVET?-auTEv(rKjY
zeYrm8vHEQ5(6q<C@24VFs%B?++&PvM1!oIP8QvUjceFltj8AKEQotI0xj;1aRQ(#i
z#6bnWnB|_FQ`#DtvA=04Klw3#Y!Tsab>1Oh6itr8nzoLod{Cr(C9CCf8sEK^T~+3b
zVIz78<?)Q}y((WPNj@2k%g0v(*j#Z<9qjzu><J2IEzc$7+>b{;k4jge*-Ld&SydtO
z=axrzE$-i3%U^F3^@~$$&uZlG(;CV9hG5H?DlwmUM)e`~R=Pa3AvH%mBZclcHqLKX
zJ}J5$??@E3VHm4v4A-bVe4Zh_bSSwbRX-u5%}#i?#gkJdmJ0@xOzTZDCGN|bFZGKL
zTsZ!K<A`QsX<J$0ez^-&>Pk5SlN~3>Q4r1*-&?1+a*>*0bjy*mXqPIUUHv21dXnnL
zW5@eLD(;a~X#RaA;ZW`y?&|Aj)l(S>3T1-Iy>i<m6(TKvU8oZ^)to;U?Gu(S*pH$3
zJsx9z{}P9eZqbkL<B!fPx()97iWs?d?t$0MM-DetPhMpYcN$&ozqo_vnWyZwJ;^!)
z9fz21*kYUWDL6Rtc8%Lz|2CSO_HfiGJuYY|q3#7{C(ZEqlu&AHr(!YR&gCi0CBw81
zhh=V0-E`F*cb-KC&{7=26_cZIYtP{vhMH@Y7Ofd!OU#cXv6UU1u_Fg_q{EZ=Ya_(8
zNGgaH)l75uQcDHIa~=O>PEb(#P_O!&BKUd5<4dy^)7&`yuyMI;zg;afvtj4IikB=*
z1xM)=vf0klu74>zf9QPQnTu|R^LlhDuYVGi=RBman$-9pdHH*WQ9j!%_SU?RZ$Gy^
zH8VJN@#*<X_bs_zNp4$+x%N?3^mkHgPfCqBg{jvqLxp|(cFF5nFYEfJ%XfPH&|npD
z6bpC4^x$u#?~e&5M<M6LpwH9Yb<w-o)sPB%wF3psM?{ow9Qt(YKB7PQPR1*e3W%?V
zFP?sUnXCI!<uSF5x-dwmZ2loMys~WI=iDp%K6DuZS8ekhH9+y(<AA!>BhwXMI!Q~n
zGlI$8#$lx%<(v(#{ob?Oxzg8pEG<-uy=Xl<PEy6mw(h77Px4zYA!n1SGgVq+o+mzB
zQ}MDu(%(s7;}i9)OV!{K4(XdpjO)zE*3f>k$XwzZHJ>KoSuxbD?#lblQSwpMF(!Lu
zS2d2%&C%rl^pka-71bZ3NuGZlNp7^c@ZSILjV8@+aT7L47)^%yhInB%Hjna0OQW{^
zF`5&#!v=+hgk!?v5C+)rNSqJOi!jtg=to8Rg=~xg(R?VLjU^d5+5Q?k{yF$VOQ4W{
z3>XEi!$W*<fmnob6wVv#jj#%h#0BBv3D*}xf)6Cz*_m1(`RPu1lKgJJSAMEhH@5%l
zh^{GPZ-rqt&r|)i;Q9<YwXHhZoX_T_Rn2aG`0D2vD3Q?KBUv#uCfZVShVFE*K-zM^
z>uQ&%0Dtc=`uIyO<woh>g`P;9p-SvGSQWuN(m=@MRUtY}r^g#DIsyV&7q}0xEhS#V
z3DgWz?Z}eV|5zS6#l~`M&4+3G4T%#M4>o3C;&N*ob9EkT-J5DK5v@=k&M;V%;u*8Q
z?c;JKkt$blN5a-*I*ErufrZx!F#B%5F5tKug}%UieDdal@2l5@C5IUn8+lpF{a)22
zC?Z2}Z*FGhV}w6$dn#E{b)0^WTAz>vja(Z~mg3u`oKw8$hPriA@t@&)yU<UluRiBv
zR9!em=7?^;RM67X**puXu|pz-(HTRImql+XGfoL79i8bB@GQzCSu%|0l1y$~3_NyJ
z?88m@#f=eN7*E<A<1HLAM{HjwOlV8Xpg;GCp`XyD@wcUWHhN0w4q>O~X5I_*AIaWs
z7r$!2XEfSA`f%{uEgQ9uZU@F1R`123Kimnjq7bi~SD!aKzI@|BiFHa|w(_73-||T9
z?sJ#;w}}f4W6|}Yhv`RdslN!klUmdk<-nVy&{(jxCCaP&^Q+KL*hcfYF8ScXHxy^|
zoKF^qWaAH0@G9|^=DA4cMZC$IlcYQOA!6}aG1qa?g2l>E)T#U}qqer`<~x@Wx4qbt
zERb&6BeLuCZ<s9I@H!XyixQp~CnpG9Eczmt{p$F3J*|U_KdnwmoUIx=Sc$r|>lue*
z>+YDKSMhiE3X~i`y=_q+I3uuhyBisayh=|_<-Xq$B(U3sF<W-L>kj9#hzak^smm@x
zyQ*kpXxhG=2_ap%um3>jIPy%JT(v)TRbYuwxqW{*8b!$khF10rO&_Q>F%MxZqLdhI
zFk#MQ`^ouL?P)j*bJPt*EMv#X%+%qsxN9m$vaTG-KW$yz{sTLmG(T%v;A$M&K+*1f
z5gp0lV5?MN?um~MD%TsgxcC4!^P>(ekLmM|7|SshkVG=vr!pSk{`%e#lhk3#Q~q=M
zQq6<O9J2(5t)JT}x4eD6;`~sC9EBlWEZ^zeGv4F$_2$)gS5K7RO+BC1xAJQKrvMf1
zSgQlcC!^t+-r(a{6Q}t0w`v)V1O=gn<CkxVzB=)-@l^KmFMbQ9mz6f}tqWe9E#tdS
zKQS*F`eWVOiF%4hCsd-hs;rMUpt9{zUpwYV#ntT^-iRftZ04v0gGwfR)KHE$Q?Cr}
zU@-pFUWQLek+wL&Pu%m*uKV7*bDq|5z4Kg+$Fl~CmAJ+8-&z$XZ?a!^KVk3Na{QHU
zew48)=0uhNGI$(mwnmP^mxkP3=&z0X9>tyIw^f>q@2HhbxWyq*)jnI2n`~D+NGg2K
zj?nmMs?Iv5PG_dYK~UK7mHkoC?<*#AT#oA>%v$#a-}mM6%E&o88RzY1>@e7<lB2*r
zgFKbF=U3p7#nh~WtnOlxxwc`+J*R}3W?wK;4|?7VGG0Ctb7PO4;Iq<KMwZ%%tqA=h
zq0*p;G9EM0foQkv!^Z^<QRC+Hh3%%R*h)o4+Gj2YXjbQ)NowIA=XqV`aCvDhm!F3A
zP;<<izP;oqP&s{#?ydMSyI$peo;4<;VCHtFzrVr0n5R;TH!8hzNh`3m?=M!qf}Pyg
z%j{wzMNrV@ee%{K=2YFmt1)W_RBxi?{Z1GObGj^u*HPwNQGMCSBvu$=v`vU@?Xu;9
z&nxlsM{;ghXs$ZEFtetl_1`Z?I}_bjHh4R524T%rlzOZ(&FQ4_vu&yZZoH2eZnqS8
z%q&x!%}jW@za~NL@~6?Wh|_M(Cb4Nkhz9DzM*TLHw>UW}YWZZc?T=-#*k@lru~(9#
z@Kb1(K~SHvz|lU)*9_b2uv1sa?u8_7n+?|q@6hCPq^}QlW(Fij4Cx=bn0|vD^@X6&
z;}{a5gZ<PgxxN0bT5LwwaTgY0>D(A$pJ97!O4~!Jm9-bY=gyYrH>EvrW3|rSWBe-g
zXZ*J&o|I!Oi29UkO_vN0J*qJ9J?b68;wyP*d&~1kr)d9L@o6E+qQ?0N-khV~_@(Ch
zTU*z7^cTzd1-_WeWW4wJeNC=Uuuvp~y+J+4(yx@x^QNA3{7bf>6Jd*+Bf9_TCu<4{
zhWw2I6x=`n1V8`;KmY_l00jO&6ksH5n>uNRB55UQk?;v_AOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JQJ|6>7qY8uL&E;K{bn+@|@+*DhrX&83yet(*gu-DW{%M?kg
zN#6;d;06L900JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0{=q<Xs9VDsW<MZsHrI!
z7?VaQs1uDS5{;5P6A%0kA%NWk0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X
z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH
z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI
z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2Lz|EC1h
zsKXghXtW|qo{rj{hMIXBF4!wD${Q;m5#{L}5`@78M<|5if`f6vz6#h_Oi*YbR>3PI
z2=7gkVn&I=PoSAl3>$0GaZ=ga{`G*KlgdCJ&4c3Fn6rhG#WEx+IFis6!U2bkL5rir
zHl{Oj3Rs53;{pRQ2zi8&1Hv2Y8Rd(J#70CS2rCPt1UD99;^eZ$dPRlfBI6K7!M?a)
zEH<1F1+9is*_chuDNk6_j<614B0`$5mGG#D$e57uNWVB4LN|)Rm>{eUHd=n8TX`=G
zS`H;k#~_<#lJ=d2l7W&(*vk(S9*Bv=1nX@q@ozgx9Y%xqrbPLprBU1d*qW#vHYhYC
z91|XgFu;aK;(Tykm`E%_KPu8MWFsS*55=>wBqJx=U;FlFIJ5)``Ns|kT8D@D-~zD-
z<0zar)*E3J8i@<S#bY9IA;DCH!z@Scp=L~4q@Ye}rAT_5^p@}mZXf^xAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&@ZV5?lUj};A`%mc^RmVT2jhZ$cVWCasHG{f(YWA9
zY<LjX8;6O+QZrEVP=@-3cwwjr`^f%Z_LGtDh&rjBB55{hknjm^AOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY
z0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4eaAOHd&00JNY0w4ea
zAOHd&00JNY0w4eaAOHd&00JQJ-$;OuT7@#ttaONvg}E|6V62?Ax?oyoFYPe(#*70A
zcXp;0NPfCgo+Q89@0Fiw)s5{`ywoZTYQAS%I%cU?zvB5RKW1l2PT*NQSO|OFNMA~k
z<dj&K$a)ZWpzDBWLVWy_cvM_g>`bhF%$ex#(Kb=nqUa;NB3dK(!z056!(>AbhfIZN
z1s4P@1z7}^2T}#N`ZxG<;)4C|`$_mF`8@Yg#pZg?d++ut^IY|G#MEL~Jp9}{-9_Bu
zTt{3L_h;^VyHC&MwDULTy-ru1wm5n^v^enDN7xP6$=IgaytLV|H{be`wYk-0E6P3l
zEpJ<LSOl5(nv0tynm#jCG08EWGd9|N&ghqsgJF#!vw`ofj$Oj~v3kRL3c5#jPVdy!
zDc1g~ZLL+MMYjW^c}J61BV4^-U0N+g^@XaY%1Px#WizEqN)+gQsCpE;VxU5g0#g2f
z+*3K!_DtDn*_|>)(#z5oQkSJDwz){&lw_6g6YmfgLPm={5|c%wioOul5IG_IL3p>&
zIl-TT_5wEqnD~A8+WCZdV|X6($Z@A}z2eg5EaX_`uw<`br{3zu*1*QW8pP7eBF>!1
z^o&V`F^6G}!H_@>HxK{;5C8!X0D=Eg0X!0~ORIl~gCYXw>+XdOk91eYs$x(o-b(JM
zjT>4?358Ea?WbdqO*2XR&O%Acin2oK|NW2|r9y+~JTI30;^;cR9IL{CPyKskK5Nk#
zxb%uPOO42k;TE1;qN1dvqC}t=>FEFHg^J-{+cb!Utr|ak%`H4W6jELEeDnEL&JVAt
zdkmj?0!+2@J*n#U5K`_Wo)Sey${^Eu_5cT)>L2sI<td&T4{InBFRz(9GrwvKT-Yga
zewI|q(`!YOv#w*Tu2s*CJXv~h!g8srRk+OC>a}r?bIVUWz>DFvXm$Uz48X?yMT!0=
zl<zfnByrGJPt)BM72Q_C$i3f<$@kf(iVnk{X#%%A8AM2h+(z5Y*VTUDHR45rB*&}r
z=9{G<?WeA?e$kpKFh2ZC`~)H74x%B+kz~KEV$I38timYCL|ZS={pqOe0ZY##3}Yg~
z&tHD4U3VcB^33j6La0Rr+f;9_h+SW5){nngd^5XVrER%e(4>3#aX%rXCee^;WE^h!
z%-kd1@1HqMh<V3vXAL}FH|>y2ll=42r=)P<)D%q_QXvmim_0BuSBsImbct!v-0B5#
zS;438$jxm&qFfQ}m)s=@AvK7GR3#&%?ep;c?%h-4^OwK*#cI+zYv<Zrws_t3;7LZy
z4&SIWO;RBRgs2xr+8?MI#u*@+pHlo{M`}-5XC+<qsn#(OuoP-1gj6RQQiY6=tu5y6
zzbxdGW_)iZOYw7Nj4)uLnj71$G2K;ry|UxzYf>S93T->7r#HQ<9$WE^`mK1KY>U!|
zN4pj3r6Rr8`*atM5<;pG4XI2<$bv^a9zT60o@U6oI8#}4UYN6=_>hk-Zon$9(T3^2
z-b*Uv>+>w0>{Co;<sO|4S88LuQ{!)L_r6h0dvSix#9)Ut1tFv=(U2Nsgv`)7RypT|
z&h-*1ejU?vsQebzGj0BYxDB&a*XYELwscY<t(<P?_+&Y#k8WX0e!lm0drz{`%wdDz
zbj4~@yR;r!142j@q9N7E2)RFhkH}Wd_0XMHz82hKb+maGqi=IpQ*iKAqRbVOR_7^F
zA?-Mv{J%Ww6><GipU&`zEvC<`M{N3a`kTkok!X{&C2c}ASN`{EuHxybidOq4g>s7(
z1Fu?PLRLmjkUf6S8P-pw3*ioFP4>ljyFxreMKr0Dk$d?UE$sVhj1#_3hR#^Um->vH
zOu_^fKT<#NBEzxqAR(m^@s#9LN@xCq9wX+AY!zGH+Y2}<Ti<`zJ7*Yi$y%)p|L(ZX
z2QE@6AIv_k+8H(R8a;VKn)~eDUuhcm3a15sHILrY7>Yi`jV2s$#eX~Co0O{mg!0o9
z$~%+X`{Z9}28IRNkJ4h^zM?@+6xBO@(?9*S@iq&oke)Stz1Gpc(9LCmdqTX$f2Sy<
z-W3izAk%U7l#FigiZvmm0@0A<NJ@+*r>ULJ;BjiTT`rj)WZ2r$av<h~sjE<V$=mzq
z&i9iFc^UbbIt7dOKJ7iBwVXZu@ox3|Q0+m3>|FsC$g0VTbA*ucL_?Bu&iS75_1NW0
zXK3x7r@eJ>@04g_oii=(3l_{Q)1zO_mO4f%WOT(e|MXDOt&uD8En^iGJ5K2gm@wU8
zE;(fSHEE_&+K>=Zj%Y}7&N*hw+gWS8qUR#rO~%7Ha5#4r@!)UUxfG0Kmt=k4E6S1z
z>2_IXmL>7oy-Q+7<KsEFFG};J#fkB6UmCW3e^a<J`I``OJJFEjoO5*VGbcE(HcW<3
z@}<!&?%u7epjZ6Vg9lT15IH?E(iu)Fq|t*XTK-4WcK&`}cuPu9_ekNBC@tlaJ%Rz!
z&-0t3D(49yWr>C)=bYo5bok_8dm3}!vZe7C2Zf~UcSh4C(h-4f0<($<F6Q~9Lh8AX
z9}-B(POu+yVKW<k_j<8&hYZu%ySa%MBaS|F-5Es)DMK_QIp>`7QBSwqDeuT~E1(}5
zl~?(AjaFHitt0pV`Vptamcz#nlM0!t8{^oYdaQ(LrZys`*TQAbyAs}<y-`CCB+bW4
zcRMx^LP`@2NzOS3{n_cb(5$ZKq(q%m3G;Pv=Xb(6oH^^~GQ$}4g08zSlM3lS%ylbv
zlxlG0mGSst8(XSo=b8-J7XI|<KKJUozwsu7YA*F3)m#m$sp<7k3gxjMOVWCFo%gvX
z2dQ1?$|@WV?DrOV85klGk;3Xedmx5XN{6_|0>&KoIA~LY;yYjX2WQN8&Nq)wf2UaJ
z6#ikPcb1TH8}XFnRLak%3QVcC)jzv4_%hZWe<k+qmGdL6Q&pN>hh<7`@tr+KDkTPw
zRIr(0zi_{zFFyB<=-k<DpX{m&%zVrCZBfG(3I!7mxcI*x@C{1Oe?s|1ezZe`eo|1u
zai_Q4;7fa6=1<;9JIluNhimk1(Z|@53Mr<bD<nA081aQ+t?;B8-SOhtn^(1U0tL2F
zf3JEqT`f!qi6k1597)Yvxl{``n49ONi&Etpg;zea23(cDQnZ#4JrsCUVgE}~A!Wn{
z!_-AgerHQKc4)E0?zAx-<cav+@+RYHy{X`~!Vp48F`^;KIp>IKnVeO-%ewnX<uzWK
zkm5JC!_BubG|}-Q*FtaJn~wNQDx}w4sv*AJ56Ts;MzZYllsLv5UG=Sk^_Qf1Kng#9
z-F`DdNCeT4<eYPiJue$e9<ErDv9+XMDX5}P+&6EpaR#?=`SQL4$1D$@AQdw9w{*Q#
z=In3tW1~YKMJ4HGf(I?{CdyWG*!r^iygMXC2q{W5Bsu4t3F{T6s4mZ<tQ$uaJ}(>Y
zIGeqMFr*7Ef9>mC#r8#z<d=6^qj9#|iFl5c^C5FqVdiZPUbYtB&hO3AVwZ84YEG^o
zgcKnflALqS9g8Nt-ghUyb{(0=%be^gSw2)9G{n|@{Z#H(rFoHGYNRBuvpCSaW4#{Y
za8Em}U2Uwp`~Cha@#;)l<nw2|C`xOS2_c1vh9u{lqh8%xs<jZed_4BBgl)IGc<K$*
zi0M_q_qUU6k4zt5B{?{kO%knkaE<8kIFq`Q)g&f8;Me3?7gR}%!fP4M@wfPCLP#N^
zA;~%CR8-&C7TnbypQL?8B+J`e9GB5LmBLw46|ZlPeSO=Hhm>U0rv|qpM@x;4JDcZg
z7(_7nqaQh(Ecwu_eNSV@F>3nnglaDM@6}w{#}lLML%7nWs;s80s!7JHF`QITDQo?4
zy<9Y<h0xZw7Nefx)Dz8~>NMpT&kT|Cv7}O7jY;E;5jbzjcKvoQTJq$L*&->6nHNa{
zF`_-rQg#n|2`L4LrzGcqr!v?+z#nnV-xpRX@E-f7lv7|}q2NKl?x5vtasA>8)1*@7
zSIPE$N2R@Xk>}sl{OGjBaQMgSVA(sX67}&mM{6522`TxBrt~DI3VreZy-0JS=T~4|
zSpOyaFP8Dyc6<95WqIW*Ki|E^#z6AbSk#RbW7BgMWpiz7QiB(i#D9(nT%bDj!s@+h
zv9c1?ND?6>AJLSmo@5+x>}sOj^7bDgC$Op-cfV|Xmip#v^w&OXInCeZedX76evq={
zcQEaHZ<Clf%$+YSc!67(&s}4wdHr310PjckZ4TZmgp|BQQ+kq9ERnDB*i9ZcHZi2c
zab$ig=5tbMoJIAXUNpPipT=BeI!P)em+p%!&J(Va2cr12m4o=x!XEig&WOn5zm9&O
zm}-})LP*I&G$r9OHR&tUY&JJjYmV-94&c=|>%0E0Xp#Rt71d=Ndeu>ndib<M2&t49
zr{>bsIC`nztlLx4r%KK<RG-LiUf0sYB}A2nUd_8oNXbn!r5ZWojK%5WdQTRejbl%z
zM#`98w_9U(lIT)vXQoQp5)vqMYbU9cUy#^9V{!8@C<~<Pj<_#bha50bTHYwi@fQ*@
zG)G-t5mIvfM@o#kiYoS>RHAMx?5ez9U;uVa2K8%*ng4hFLKW^NH_gk)iQy*QtP)Zw
zQ@=7~x*z+Pz2CdiPF>0odB&r0XIt7W2eCu<Io1n(x(O*ciKir|5?wl8bKFxtBWJK~
ze~aUqXSqz?nB8p6(OZa!k(=0Px#y%(zE$o2dUxr<jJs~iD<O>H$#wyeE6xF2m8DaZ
zng#<#1B8?uL{pMgiMF_Xa`o~V_*NNj5mR^g7o+nxQ{%YzCI`zkmoywz50E_fc<Hh=
za*5q%+B%vak^a!bJ|e_-$uJe+{{BtcIq?^ls|YFCiKZm05;bdTKX{%l75-8C&AA`B
zV+~dJ&c1S=S{)uL3!Of{_@s%HCBpeZM`=f-n;64Ah5IJA4;kP3gy*)DE81CnUi+kZ
zc@QDxR-!4%szf^{Kc!q4^st<2;Ebm^Nv&DYkwzcylft&6r}f9s^%jyBU5-}LExHP_
zM181LlXRV6KD}q`isi74#E$n({vK_QPjL`ZvJp*5RwbGfd>*+v9C6vT{N%u^!pmEF
zgF2%g?Yy|-J+F1iT0KtzDNDA{!jS??{fT5g-i6dOLyd25OEdIpCim`2{n?eR<Vr<I
z$x1XOS(V6$Cr2mL>7`}+^Er#!htpl5(G;}Ig;xun={HM6zp_*%l@hDfQ8&<}+o4#?
zgz2EIt6B3J-Pt1Gi7sZG|Mf1pS(cEJ<v&uYDq&PK{z)a;K7H9hY$Zwg#g)8$a||i$
zXB@hBbF)X9<{rE-T4k`zODg4^)WQZf%mmgQaWCww6=mS<)*~;c8RJLS;&zE!=~So@
zQZf@yNlqm~TsyDvRBxyM{CWG9Z~JQ-MAcuNMrSwsEa*SxXV@L`om9$wM?RkW7{M1j
zY%0ovii{5$k1ox&I4x9^Y@HP<V|uTNkdldLO0p`^S{7?l_!ps9qpA0uDqId49jne`
zRI+{EYQ$z)$H?-Som9#^i;0AAG&&)7S>If+-3gt2WBKfGXc+zZYtjb`it9J7_A?Sq
zNmeDo_KVf!HH?{vPFH!~v#y+y*`;>d)c$C&?(wknRZp=Uq*5l|@ujoxjIms~`~CWE
zmCsKml)sM%9c4Bwq4A0jwyfGX;tWJnl2wUrI*f$ao)gNO>dd@;AX1Hs_Nv;uqJ@dI
zpVz4_C`b2`yz-KF<4y6Ptj_M?3>L@!>zUSqTW+s2;QJ9buDw%dXr$XmNJ&pLC0UiI
z^Yq-akJPJUp*mH1L$%W8^^x~2yW24~*mu?Wt5$0Dq%052_kMoVk|g<!j=zI9`xX9R
zRH}GGLH?GTSFRZC>pYx8NV$b*O0p`^>nzRtt@?r@MTn?tZ!pc?xRe*8)guQNqa`Xi
z)w*t$l1e#OI~d0OQOvXne@x}|Rh>rXJl*N;<V<DhLwqglbR2|>TzI;FPpRbNjq&_P
zmB`&zLy`Hh(*Dt<D>rr@x@~jq8U2M2?v(vkUWjtcEAmv5O8L8tGw86wV@IC-&5NmX
z$AbKyD}1Ey(CoLwzgL}1ZQ2;Q(GpKdP9?%g%CCL!3zxXN)#%x7zG0!GY3&%#MGgJq
z=Wj=b9{x`9O$9%WDIK*g5i!|6|1j;;SGmqS)1npDG9$*=+}|->`$n7zDQSqNB&!m=
zdzAVs#`k$;(Lsk<X}8Hr>)o{~VLf{Hgm*HwUi18Pgp}nmDRv!a>82G&Bx;)VF`Z@b
zL-SWgA8&E~3i-}A*D&~rkdm5cO0p_ZfZg_vZyo)t9{N{9jtO?0Uu9kYQAcM))&23U
zjugvRYEmh$URS=7L+Q0Dr&kt^e65Ifi!H0!muY38eKk>5Pd0etYn+N`O0p`^2O$fI
z!g~`7QYNkA#iuTJmY_zqpA*hvHVk{f#AL!n@_O65k^M(#ClwfG#xzI7jfLrYJNcF^
zU9$GSJhh#ACpAqbAtfczlw?(+dYNmN2PCpaT_(Pnl=E*<?_${&Jg3b(ZYpLNl`=3Q
zP0Dh32fEm3#X4$F=h|nALVc}q3VV#c7QeqR;*0-qF$X6hB?ZxxWL2V%)K{`4PTBR@
z6pD;^KWzF)EA$5O<EviQ)-Mgm?)EzglS-K|H^+R{MRROv+sQ&{k2n6IP261q59DJ{
zA$xCC@E;|-9#8s@kQjBWx7R-z5*?h)S{A!+<gubt79hUvhmy7t5lvS>drJ=76uGne
zP9Uj}U&`+d`Kqdajd-RuJ!-dVaSHF6CRHkFW-$FIIDF0TIUbovJR~`FC{kf!^yd1r
zn#DGw-$^%CJcKVjQKm+JJ7?{}$8+|GHOcGgr$)2e(t93y9`$jb?TK=FZX<rLX&M!_
z)qief;iu$OJ|20HXh^ckP*m>cJZTTzx-jvxtGiS^nc7!hjvX)RuCD$V<D&6+#~D(R
zwhjkU=R5tjy`XHoU3uC%dHEq1_bJPuk*vuW&&RUbgeT<zq9MtuLixk524=e?_f2<6
zON5&`n<4KNYb56$cwJPwzLXqnVNWWgLDDxi<~ZX_srG>Rqdc$6pNUu|WOpnd4h;)>
zA$4mm8;?vN8j`FcL@`=i8H_q3>-Ok|%snB^%6G-%Zbn(RFOMvV$UNQt^*5=IHD>aU
z1-e|{{z|^}y-8^F>iAG&<cdsm%rA<}^&Fj$-*{v^(U4@-Al8fg>NR3@(ZxaUjI~Uk
zC+K`-PBa~$RCGVIen)4xt&dbl0X~KreTfHZBk`rQ3?pv&797%Z=qLUcxfSyUDAg}~
zz$4>`h9s*5#g?2qq|=_tpW~kW%<+cC-F?lt9<}Ww1NJ=<SMgFx{G>vfq4KpZrHQYN
z_PZExDbr0CzK;B*-hR#3)~WQRrS^~&9vS-|Ayt)?HPrq|33C4Jx3kE7!XfCp8`e3)
zdTZ-~J0j@))*mCfx=-EKjw_G~nKVAVt1#S8b-}QL{;a9yT}NegCheSlQwuHsXdY^R
z8$2?Gct~<eP`2UNrBi_>%X*mn0JTi-^oLfCj7P>K3I(0?MzzDU5Trsr4LNe#=XPRt
zC&d|**3q)VrF`lGpK11b<|5a*M{c^Fz$2rHh9s*5O&VYN<^8a3WVCOWLNT-9a@u`8
zYYY2ZhtiF6wXYrQN0SQ4=c<77)f9KTT`Ke@y<%PuYyJI;#9iZ^Bh;cSx34y8;gL~9
zLy}d3)Gs_#IZzf7D|yKLioDx5KK6^8Ke#6|`n`Lr$2rrl;Yo$OrT*Z+&92Ut=en*J
zoeG$~>`m*C?=4B~ev`M@pvbpOc;OgHG$dIisH?W~^f`OAV`$~55z6AJ605uW>OC{-
zGH3Ey!h|Z8ev%4VwYB?An^aTC9M6NpYh$%SKOTq97<?RON)g)IcvjGza5XT3Xh^b3
zkj$hS(s(NG-Z`nxcOr}j>T7nDKVrJBmN9tNW8ZgL$|zDHU&kE#+3S7da1d*)naEFL
zsi?QN0~hbO7;ka8sB8SXD;bXrCmNEh669K~_#kxj%=7wCzEc_zE%o|qMol4Fue<G~
zg=J<fW=Ouj@^Tes_-YN3{pzRp+8Kv$_J>Jrq37vb<!=u14*Z@jT8~GD{d-8X4^~AD
z^-oIBlUG=up5TY^Z8-HaM$29<h@X|ObGr`?7jfH7MjnzTd70qk7OR+>Z;jl#P!$YR
zqAx42N&C_b1b^NACG2YX!7KL(gY!`0A;~F06|Of5ueWoAM|$AX4wpVYJwE7fVHj(a
zX>{Qr-HAezC!`MdtfM2=D!aqPUQ5gTj*ofi>Q|aR)V;y4k@9@onVpsi*Vsach9s*5
z@%*T6ZZ<=VXgK+c_%9+QMbu)0WLQxV-~1)-zu4FDiB!l(4m=qeuQE$g4dtGg{bV_k
zcPoW2Wa)E$j$_-%{Db*HJTjPQNU}=MP1R<-i~4LAUQ3=$*5i+oyt9BCK9I5hWWM%u
z{}S6BB;VrQl+pXnY=-i|P|*Fhx}lFnrt7u-@2EOUCWOR&!(K*p;E_Q@Ly}d3el_GR
zy&RF9AIfr}t0>TWb`<9;?r$xm5c0t2iXhE)lHWFQReNpvG`%CoruXx&e*M{w-1MPS
z;e44xvo*b^3?Jrt;E{nuLy}d3LNgN|H(d?g^A+#%?#nfFuyf^@_R{#U3$+%bKd$l(
z$twgUEW6mQUWgJ<Sik$B!SdK~C8vs`eWQzs<31mL$@J*C;E@4DLy}d3jzmb*Ro!YW
zDOx+SeEL1E`=hh|v4*&rc`ufzFR>i@w@E!G=XRad?L6(cHX-G{=aZC*h2J)zovgP`
z<=@ZAZ+l_g^#G6b|BsLuHBBGQe^P>|2E3iUei(>5jxu_pTUk(z{xy*`S86;j+&|)T
z@fQWjH#X5Qu?Nt-dwG>1fIjKAT76x3iOoB<6oG_*?xHCM1KA2Z5=T5FIVI?Gh`q9W
z-Tc(2hkN$oEIc}on6ti(@%}+=&y{PhFR`LdO41Ums>Cc+Aao-yHCU;r-e;t^tMsGA
z+LP?Dl@658$+vi<AJLFxm7vf$o9$dTGtW=&rr~5z>7!UU$W_<oi5-%=w@_uS*nF2%
z$N@!R6e6XccT9AQ(^gLP)^9hJ`8$_G#>0OX^j#ISAY8TbB^r{f5@g=@#l+agRX*H%
zUU!kVUj5;npP?_1JMw0q=uWsZh>-lzr|hFY`*Wx8)%P=fkLj$^Z5!P44xgTHyi=>&
zPmt-o3gOkF57Cfhl_2hbw3q4eCr%}_NtE&lijRg{&9?RPa32?%IJ^J*o4FZMlDi(1
zjjDA8_I5ogSJhave1~&V=AyA5f5Y{Jv(|vEmGD9gOEe@|C1~az1(Mmhc2I1v^GaIV
zFPTS|elwJCX;9VT{XaeK^e6e8>`VA@@Wv1tlcBrrF{NZ@*__$r@G$Tmr>@wqo%dYt
zgyNCjL_?BQf;5zOdTdQN62T+OVEatJ4eNGQGsNkgmEyBex>MZFoUEiI=_c=nII|p^
zv9;ClJ3nyef<sN;eVi4?7*A;+-3)6`B_8SZA0bt+YAW9Uqy(X7neH6-iI%(L)vxVy
zueaJMbDf?hv17?CVfnn#g=?9lLgv{P*FGKm9X;l-ZmU`Ja`^|3<D+tk=+7UzmDabe
zlz8Ehp2S0vQ-Wv%QRyjqOgYk(40+B~>HGJ84k$3{K<Y@u{C1-rQ6PC*-0oQtD^zza
z#LZ6dl&}P4J*Pn?Hny4deJD1BHv6O<;Uz7GXh^b3kc)oubcn?F7}?LZFLdwATs2Tw
z>D)0KolkGf^?-xoQZy+^<5nb+hmx}HGDmD|t?F!?f3?f#@JeWtuzwyp;%p8J9_c|e
zBv~bBK5@F~p_d!=9n?&>+46{c+LGIVvBNgkyd6GnosS1emY@-;vXfKUNtIXHxD1b#
z439`lo{o`_wFxga8A4Vbh@-?K-HC=Is|4X>-OD+=&T_}+3?7m?qWs;3`NYdQ%AT`j
zbKOtu9^B$3CHYC}vxJq1ZfqjGtk1J53X6;+%xB{Rk1&?98ZE<?A1ClgH=-fQDnUA<
zMGeA7uEtMHJ*kbYW7#3yLf1T+XqBV8hyB+siy0?UA)jScUDDglWH^Hx&1;htaiNw#
zZ~fA)8(Z)ki!|?>CyatziH0Pr1bxAGq@;ScEBH;#td~Ax{8_-zknMD^r(t!0VfPz~
zl0&3I_T{LVB0R;Uw~jeczyA5@Y3UQ|k?w7Wo9_n(k2whL-GfK&|M!q6A0-X+Ke`<4
z^`d|OM1Z*1)r8W#(CzoA4+q8X@T%Qj*W5QFZdW)%@`9Bo)sCN9nf9k=Mcg=4zCJWK
z>UQbohg{!tL06nAN*!lU;gS1@ha{&2C9jUDYVL9~Dwe!uC_i4NQ4)OnSKZ|`9u9Wo
za$G~dH7QA+@wTXEfyETB9M=-3m(yQ|+V}PDk(@5bkyEm2roKYBVC6zIBv~a$<I(w!
z2y7Qh(sfI9!G+qxmn4!{Xt}3&9Ckmk<~U1LNGhbZ%zRvK+s&M($yB$h&Oa&5_q5@b
zji=ek?{dJr?XwXB9_dUpBv~aWC~>-QznJ~CpO?j6df&+LoQ`_u?7m9%puI-Kl<DHq
z0I85B{;~QMlxyP}&#rp42FS#GEAP5etk_XT;k$>sFyKW99_d6hBv~cs7r#ih%HBci
z`_+0DnQexj+t+1<Sa<VEq}|!^M&1JzL@Fd@WOj3M;L6LsWH*Mk-EOQGR~NWtd5tTL
zKbLYFvOgqzuhx-hNU}=MV#2O?BtuJ0ZAtBCn!xduU*c=gan%NFlKUQ;CZK9bzLECb
zT@@AA({hTckJ-wL_x2?Za(tP(RIF^6@j&cRWxEvz9_c_dBv~bh%T6-y^PZ+HtBO9K
zVmlCzZO<)z?zpUjQ1f(obGZ6Q8YxNhklr(UY@NOjF1wz7n?S$AOQ2F4BQLtgC}P{4
z-9<KWc%=P*gw#~`^uqj;QILg-sw(ngLT6>-%Jflx1;y{()koIqZb^Ktr+-w7S|$0$
zmbz2~a*Y0X%d1wmv?;@$%EY=As)f9*zaMv*r@ZRI6W%y&M?54sB}mp^qO`$V$E40?
z$eBI&d68C(%uV}eTjQTN1T@liH8qlwTtPq13tUQ9&RiBhVwts)_S>oR#uF|zf8Hn8
zxfVre2=7R?B^r{f5;TnHW8w%-_fnSiH@j}|(M^*=Kdf?WpCmGmEvZxd9LYC@wRmuj
zF<fNsaWi`In5x76T?^Yvs#r<03!iFl;VUbdC_K`JXh^b3P_f0_3-<8~`rZpUk1PtC
zSBCWK57e^A3>k&~*2+5iLW`6nSAI%9rAWeW)6uCt6Yrk83dL5B{>Z4?mLk@130Wr_
zk4Nq$8j`FMMAtUej@R;gWaoqFuY0Ket$H%?`{S|JqTR3MjptY<NWKAmvWIq|NMoi^
zq@7l{oND-jTdM|Yj4OP!F76Ea%y@+x9%)T9Bv~a0!R>HiaG|Zcwt}fQKi<5oa^bGr
z%N_4&-skzgl~mbBa?s1-SGqoY_G-XZcixX%GBn>?alQ*J@hjck*!6heUMCZw1X&Rc
zNmdD(qgL}Y*tPYhcO>t&CUYsnh1Ps6HYLpQ4yk~zv?306qz-p`w@I>4WlCSR=$kwb
z6$638=a!sqWlg1ga;MuC;NaDcNACHLkjh?O-pc=^1WA@ZyHi&x=lyH{=^@>*(ek&i
zS}Tnl((P$&w(|zO+(q)L8g{j%KDO5T`aZ#Ao}%X#Kka|=)JhDQdYstvfOAfFfN<`%
zBp#BS67))50rPVY11CjOFz(4aPLZk|2t{ERc{=pn{iR<eL`nWQ@E-LG&jW=ymCHZh
z>0tbzQ!GMnp35I*JSe1elCfEtR}qi2AR3aa66CVKCR=fizsZE&;x}@@?sSeJhfUAV
zU-;&?ceBLP>KjNMZq2z#<&V#YKbyTAMrdx&K5@-?sj!i2|HN6-?{1~;_t)`AbD|;1
zDnU3w%C75&q}Y*9OB*zkORJtMTTQ(_|J8XR<rGhHylMiekcTMwMWmwVo4>@rm|=H(
z|FJr^*z?MCu6Ye5Zj|m}^I<&FjA%%*N)X@u)jKNhqSEKCD>`(kyRKpyuP3|-v^Tqd
z!0W<MWEaWrcc-)bn55qt!X0<_yBHEZ6O^TT>A+CXk&E9rzV0d!-AlL@WJ)w7StV$E
zEjc$z4BfLj7pp%cjNs*D3yH|wPf^ynH^-=BiyFz7w6m#_;=WTStm8@(cSqeypsP0v
ziz)7letLmNl(U$!^%x#$LNp{<B`8WDcz&=|Xxn785)U#@hU%P8t6XNEYc_9t%h5#D
zG%Hev`-|2rmU6gkG{?R2kh^-1&58N86fcSRkKWfVe$q`YM&psj{}$5Q2aD2B{zs!A
zqw4p<k?s*Y>P?*GWU3Acgyna2S!X@t+J~@M=&-x$Mk=I~z{P#nrzRuW>h^!qq0R90
z{E}3ccJJ5iz7)RJfIxl+JaRYjkmQu0j|Bxo_>3n@rN?On1Gl=TU+VgCPkic*2Ji8K
z5Sr_4Nu)wj1u?((_!d&|O;t`fC-?P$ZXxsX;luJdR$Vr7`65h&?=2b;4M|oB^0U50
z6L34;v6(G>>B9pF+|d(blY(@6;xC`$WBn{(`<_(DmEtRu>kH@GWfu*prgM(`jvf3_
zko`H&ET$+U?KdWoFz7WT8j`FMRPA^nVnFhPP#rZYBu4S};>uveXmk>{Y_m_@%Yv!X
zB)=)|bHVjlnj~wC&}bjVXzol)&P|~XbhXEgYftS29V)sA7f}s}h9s*5{kU<!7R4P?
zTz`xQy_F-JD$j)1Qv7Czdq1!7)9#^rBwy0n@Ep3aQ-N=~WTG}OmC?n~%5E5YKvv?|
z(>-sK?DWn`<B_|Fh9s*5)!Y#6&L0?PH(sJm%MW96kUQ<Q+mnK`_}fL7gy>9_98!mS
zZ1rf<VN_|ge9Xh1BBa-ri#2s+-CNXICps9y*!wLBKi{TLG$dIi=&<W^wQI+=<-Tlu
z+Va`vwIFv_S6}c|wX8z{gAI>93E7Yena}bzj{5bK{4=XEg{4KM!U6+xM1K79d^4Qg
z)Q{(QZah-&KSFAt(Wrk^f)qP1e@E!wC@Z#UJ~4bT;ytaciTz5I*}EE=x|6@r_9VY>
zggW|s=;JQUX5s?v>+^Dj`9J2AUsC^URxib#@Q!B15|8}%Ut#C%^It-eQ-Y>{RIhuM
zwo@YA+tkjh#D#``nBN}y)3PymShp?fP32col9P5Z^+&iYKfd|ZxXYT|m}Ox7&Y61Z
zb}!Uo%-fOmyW@D|zyAii{~D6466A3t$neT=%%}V_sy_KSJ?!PRU-o)Gw%K_)#FX#m
zmoj%!Astr}GN<pZ51bz4&)JnTbXlMu)w(TN!+|!t?Eaqo^>92=hxp+p=f_t&E5+3k
z*K56obDfsx_jXss^ki(^wteXwhh)YS{V$W_q(atid6~eAOym%ryk_Is{%LwX*$RFB
z@WOG7olcj<U5pYQsZBH_StZD>fp<-$^Yy8Vx7eoXRs!=+pNi`;NL)Oj$)7LA(RzsF
z+Z$B+r}cQBjXwOc{Zp*d%=2F=r<85(YI*!0?VWivRR90S2idYDp|YE(tj%`E*b<T!
z6j`Dyb7$<kv5eg)DI$a{g;dsL%a&+Uls2@YQXeU4MX8A2e81=XD)afB_e|&a@AdEF
zjPraw?#$CQcjk3{?6_ttFa`&e7-&6UNRBG#5yUI&Y_X#^X~s<X#Ynzw!TL+HXKy)t
z%AD+U9~b8P$<E~9W$h9}3I3OETKRlJBP)czN^ayCrhNZVG<a|)xA9SCnd<^Wa#TU4
znxt^zt|ME{?sQ!$uQ;8#e_6ZU=(L%jy@1D36@JV~b|FI#+7;rc$8}de-(tG`tkN>9
z(IIKKYf^XHhpmiopB$bt&^rGLi6f8+fAuALv%`-5^=n9u>qdV1j1GU1m36<KROjh)
zNPBwu^E<qk*j^DE-7SnVAeeXl6u?So=GczyG)aC#Nuh6D_M+ZfUgIGj15E;l<fMXD
z+dSLpcj_LuvIhOS&R2f79iiEz^mSK$=*$0z)H_P4VP{eYdwh#f+s|gt{3phNCOGr1
z0Fv1j!wSi^f8O^#FDfZzptXS^IjSHh$*dn=`_!eUXG-kHH-*sGn%kD`e_^va<k5o&
z@!553w+XHC_Hk57^QFak)s<`2S}$#FCZ<Ifw{@?lmUhJOK3>m26M-Q)Itz*`qx)JL
zCefcbaq%mqow)XZs9fz*9jU`Rwzss{uSSQR$>mz+C*!2d`R2khM4QN-(J7`A9$#>_
z36Axuv%<SnMi^)a7?Pt3n%Om+mYz9(^ISeH;%v<A`t2s}U+O6)CK2=*OQ}*c+b=(4
z+^tjHXs42O*1p`~kbdvoJ%Ou>L*{ojz+bSNMW-4%7-#}8Bu5q06_}}{r#yNuLr3NZ
zJ<on$M}Yhu@`sD@^Cnz|qu)f1urv8YgX+F~c5{M}-JYxF(`I)cOA4OWzhdHgwd83K
zpL^db1{x0x$x#K>IfbXJ5v}l{#`N{}NrjHSwJnKRn^Jo5m`ZZr=?j(K>_Wciz0$Me
z`!rOin)AJCsYG|e5i4Eu5Es=wFB)ST;6=;|V%-Etb)%4UbhQ8Gy`XA+>z!||o%Na0
z@Y*3^?Jlo7ySd&^buFW%PUOZuY-JU@kQ$nbV>hqdc9YuGk|e8;w0ZNBrIwYu_Qm~k
z%eSG#_lPY6jb$~tFeE1x)GpwtYgn0&rmkoU8Q*s`K>OyqOB(d_F>&Pw?&HQ<Y3xE;
z@<b-cI;J|WdY0G{$sN>eYGSh5wOe#W>B+l2w;Db38E6bJBu5pLx5Qt&JLy*KutQRU
zG-cPa7L_!WmE`-;2D$J3WrSj`vI|+K-^yQf#BrwP(Ab%u&n8McUz7Hkx*CeV=`rq9
zU)RaJwzv)$lA{Xh-;t%Uq-34y)AL;l-g`@%2l<z%zaz<Cb?V=mZZ#mu_RRrJJxAWj
z?^fh7NT9vLUcu?z^SqI~P1n4<CAy^3)pj%gc54Aca#TT8k3uH9Y6mQ39_p{pT2fc(
zPNZbXzq9K1LRGom9Y{50XHqQPkv3dhv}@-o%DVUUOZ+}QZloD~KedLJ_i~aoS5z$n
ztqBatSp{itJF%_y?c1l7RxcvsAJ1pTPx~s%^5wpkCmsKISe0#08tnHxKWVS!(TUwY
zsJJ47Vp(0V<g@|FGvCZVnry2s!$4~QLvmC>O9T72XEDNZMBO4{`@^$ewDPEi;agMs
z)Mp&lmB>u7y|#FE6@PWDR>`$msUAkV&`)Iv=_sq`F87^#u}3RY%8s`)(CYsRNu<Jm
zS3#OK?kdA4*F--Xxc{ywo8Mx-K!CfmM}3>0)(UNBsP-+p!#&PJ3U|7*ah<;hZ&mZS
zrMT$VPZ?#!kwy_UvwQBE_K!2rYT%HZRM7sSGw;QMKYY{-LLX_9=n`p{yt3uA{xIXI
zyiHXAx-yGh$j)*Vo42YfX4cL*B)34_q&f`dF^vB_)wD(Ae(8Y=%+K_y0z-0CL2r}t
z<KBGoy>v9>)YgrHPo?1&tNa-Cp@TzBD;saDQ6RDl*<q2E8Qi&YpZmj%ZCMlcpG;;;
z65k4J6<n<QX^ei&nR$Y-78sJF3JRzeDlRXNOw17M<QIAs^_pA4)}fbvc5P%ry2ZT*
zb8Js~DKg8NM5|qH48PGx7v!o`)?OV~wZr!0(7_`sug1sr7ckJQD;243e?BKUs-Ra}
zCUdsMYR8ldZqzC7E0x5zExR;U!_zEy-)OMQ(ZPhB$(}_1B)uo8=V`=yw$eWe#+p2X
z&enBL-yiC^?I5e0h+?2wH!3a+$x#I*wbm#NhB*}`o2EE10t@DMq`41V<UjRd^Ci=)
zIWi>8E~MhHNO>GF0>VESkI`FENtc)t-X|tAW_jVRZTX2)N?RFd72x6KsDiF<FC)J!
znmFhj@(nAf`LH&lQjljzP^y+E6?3#gYzogVr06My`s%zShcRs(`dG76#K&!xI4|)+
ztwzf}C%f-riVU>!zd~a1IMQEzL8JC^@jmncdEGtRhv@UIYT+iww+|dkq)k90-{Qme
zH(g*C((P5miIpY6lkwMbWVVfCb=`QKD)6Gg*rsI0y)2O>ry1x~;E<eDkd^zQhqbDE
z%g^#%y+Q9xZ{gZo*4bO@o|B;JcrNDj%rLu<mvW`6+|RcUJj8c&*JQ7!4qen4U4Q6N
zJ^icltHa#+4h%FJ7?Pt3Dn1=mDV@IU2#=c4$O+d*p>m1kd^MpPXhz04#N=Z|{p>=f
zULH12x`?d_%Js49kX?UVC#k+S#}_?P-(6kT)u-6PKq~=5a#TUNNij>*osQkB=#0PI
zkw+ezELJ6mWxM+GHM<yY<h}ZiT}ZxC*$&ImBicJWeT5TOhe{h9nN%6d9@Efmt!$)~
z8iz2@iolQ@Rgi*GhgUp<Fw+&d$n(W+?Wzqo9}T>!r_Ndr^F;*ha4ujMG9Ax%h}uY}
znSGtJS$o2uxO+0mzV*`W!K9hIjtuqDItE$+7?Pt3YIl9#IgWMy%+-FAtae<eUz(Ti
zpgc;t1TRv%&*+q~F}sjIs~hjGAgzjjhp#U?T&ntFz`(gajjKy=_l#$viqQ=k11%2>
z$x#KFOHBXlu=^IiRp3k-;dA$456?5BNfE)AQNH_|(mT1Q*o7pOoNP~fdBeJOYbzt$
zoTM3Z?DKS?+r{R^=P+uC54Q9(&~mIH|8ovR{Hw32M!GE?SuSK!N+?{XyT$@8{VX&p
zyd!FDnO*jo5w}d?Ty`N>Bq;S4K7FD$_)yH~@X5!GhHHrQ`sNt!`$LyotekZYG0?K$
zkepOd^7lLR$@L}~?`7xrs!F{%WSE*XQT#ID_J;B5SDQUlI@yJs9{r(k0!keENLmVq
zW7?$}hCO7pzSDAriVv+!UeS@lK(nr<q%JVYQ3btDZ(6zq+uz;1?1rVuP`5=4$?9R3
zs@!Tl;Z3$@zn8JS*fb}lTdx)VB-$@6@0Qs=)6YtHAAi|@cxIj<*WXn*m%_YCD-AZu
z$=lKUYN6?=hxVS~Fm!I#bIMNq%d3<39cmr)BhEx!^htMPXHvm}o2$al{hqP}cfpUV
zdb7SFBR2-lRBe;U@Lxh>@W2c->tae4lbkG5gxV!94Y(%8T=lcspL<Y$vDh2uZ*r3k
z57Olp4UzGUY(F^===6km-#~xW3z>pj6SyPyF=GwN=QnP=0Db1J{nS|?%|Ns6rCb=2
zqYAnblh=Ltu-G{fsTcOc1wBu?^URig#|x$?)!j*JIe2F)JCl{W4`_Qb+RlE5TSwdb
z1HWsyWy`j7DX)!5?^jAKJjc8u#=4erVMvZD$aeYh+lySHO$%}YMux*f%_JSsu^yLg
zj^=(bf?CAauw8tTI@#g!Wr@={NlTkGU9JPijUG!z*2XM5Cb>0tlMu~?c}0wMD<zdm
z#1PzYfAd~YPw8>T_fb^EOZ<WZJ>46wmtXU!-$)@h8#qkp-{lr&`+>Te1iEQLs-x34
z?=!dSYl@4q{U7t1Std<nNjVPPovkQhpjnqvvV`QMf<lvv_DHKiF*tQUU4yv*y~e}#
zcN@=k;6z?qTW_%6!pH7#M_ys1j@KCUD1F2w4g5^iqz>lM4U2qFJtevgE9NRbWS}Mf
z_3Hl9Bu5o=T<_ySQO!CpUhyua{Q6hWluKKi?o++>ww_xmtkiC@eb4+OpLBx!`3P?9
z6`MyXE+jXzyg2pLuuQ4Msr}J$nI+6i$;*HtIXVlXP1D6kPwPLfl+mQN4WxT~HThZ8
zcJuKo3yg+5Y@_VK&SYiKq?pCctPiu;Y^O&8$F5*b?KpQ@we=34Vx?PNpwWH?nsp=P
z!o$tcS<u}5qH)vbC-w@<8K%y0g}(ow=bmHgN4Bi;cMfXBxwGBg5b!K#>ieOw6DeXR
z##$fRy?1XK!>_9vpn9Jx+q-fOW?legT}ZhwBu5p*i|#9l6@2aO@Id_-Dp|qb%ijKu
zw0d01j*8%qA9N4;vokp{$a8wOA<WWo=cwlosd&=|cbv#Zy<ZahX0$0zPh^=p2Uzz}
zE)2<01)a&`cM!2{Qatr7`k8jm$u#a{a`pX!`o#v1j-K0{QOx#V+8LXhYpM(Ix2Fy_
zWW1~HerY1DL*G7L7<IB(I12YHka=d#x{i`c#o!_Lzxqcky~OdlVUjhfL4lO}>JuXz
z_bn*>)Y^$Jq}Odq`3-R*>`b11Ek0q3m#ldtMvFAqYuR=JnrfaOd-`5Wt;Ta;+hcPE
znspl`OGr*CX!jt=eB;KFPQB}Dn%dN~&FQv-O;`__0AEJReBf&?wtFxppf6ajl$@Ez
zG=mP|+ts|C83!Zw+h?tNUpOY%q4Tbifo5GsxiBP06_n$vFP}11Sz58TTViT|vqG#u
zqH8KNcuAe>hNFd=NiRE-1}@EyKFC4nw>ey!c#fbelRLZPYp|}eH~PFRLslHP#6Yv|
zqFfk~qY64^D>1CJPsZRa-Kwd5Ixb(-=4kMtYW}lkE<Y&!YUWSbh4l0~6CoCOk9Hu%
zUXHf=<LdcSzLYnGQ`sU(7GHJE1D-R`tg9#&hUBP%s=SsQ<IR4f@_t~XH0Hj4jDTfr
zUR%iM<@B8z#`tk-wrA#|P?A})dfhD{n^b3=9Bjk9zwFycjm6i!9Mhu&6m^(y?6Yp7
zTo{t03R;TG9;WVm9<+OM*z?mPvR}bASG0UJMxjo;{LG_Ie6H+FirRj$8Bn42IE|c}
z3m@0|r+H~Uu}^ckj#Ym2dZTuE<_C`j|MeH=&sR4`6*Oh1^3O8^ewnT?Kbvp29*@Y_
zZhqmrq1|O&oNOXdOm2`}$OHd8&7}|udKRbPdX#(kZ@;QCR@B2)e7dTwn!QrUnE7FN
z);*L|3Yi4|-O93O>XpN9&E=OQAB3D$47QWLO|;aycyk*b6QESc?Jr{6lZxs-@&nyY
zLy2Yu1UrHJIf30ykd;#OgW#(9N0uK)jTvaxHIytNIjNwOyDD2+YPxDAdn)2@{k*c|
z{18PKO*IrOcIPsjeL{$2XL3aQ!?<hG3yn4>!Rsf=w$yGCoxtt<q-AwFtfT7v%bLRs
zH0u`1g&{erAi>Wi&TBs#MrJz5iwQRgP9EO9?46U59A4z*Kd(ciYL(fAEHAUNPiQ!5
zU7C9M(c;CvMHJIe<s6C6t1aJRcRQi3Fu#?|x`c9JNRBF~MzkNojBwxHmE1D&^UY;!
z9R7~s^Fw>BnpO)hFSizD`w{LlgIpRzrJr~T2XY>sGNBbum92OFAVbOdXVcrnk7cUS
z4D=$_7tVs`Bu5qGEf_>kQH#5}9wSa|Ou!utjaRGl>7C5>w9P#yc>M<3Gjp*WH$0YC
z)E8Z;H@hX<7>deukX0GCQ@6OWwZq3$*P4rgW?ezaVv>`k_R>L@0&TO`&dJ^`P97Uc
zq3AAtB(SvKPxQK}aI~@6jsSLt`)HFQUuyP+9~w{WTGjP6Fw+6?{fBs7uJ~xta4EXp
zZYcxJx`A?GNRBE9CyUpR6)3iQkSwrIyce5OQ$(l8+glr~Ut5^<^Qy>2b|JC74}Ru<
z<IA;BJ!I?3Q)}6~F6)$|WHL3UJ4E5i>n10L3Ky>&AweRLOrwPd1XHDai<KSYdQ~nK
z<r&Wu+TDxSYwf`>7#P3b_o@}axc=+bwQHT9OPT8A<SlEE^VvA_{LU(A=Ps#i*O$Y^
z4PIk~%gX+bm@<5VuKPE0x$!LGQd=Z?;kNVjb5=&OH+Or8P4p}hlON=*qF?NHK2dLZ
z!SPt|>cuD&s?{qQ6*m>98z&Rj6i1JH5O*}rA(k9#9Q!o3D0VisBQ`$fK#W)HqL}Nk
zt72ZolttG>r^l#AzmM4(BOHAv>S0uKv~{#ZbWk)t>PzI$$Y)UzQF>9iQI1ivk;;+0
zk;Rd4<i$uvq)EiK2#tuYh=UQM5#<ry^kDi<`UiS#gb4jEJtI6XJd!RM{)kQp{~F#B
zb}8&cxPI7N`0jAIu;-z#L%YK$VJcw>VH?BvLPbM9h9-xahgO98gldLBAyOfAA+(Tt
zA(<gIv^_Kf+GAQiZJO3fiwfQwObwn7zD$!39u6)EstigAULEu%*ff|w=tf{~V11B9
z(2^kEAg#bp0TTgzfx&^ez|27FK=A-^|A~Oi0PBGIfZza}Kh9s=zurICzt2C@-`daG
z59inCm+3d*SML|>EA8{c`=$34uS&0EUk6`Z-v_=;zDIrOe#?BPe3X2+eUAIY`ndRP
z@EP>E;5FuT)7#B^llK~L0q>LE`<UX9AH)D+05O0VKnx%T5Cez-!~kLdF@P9A3?K#&
z1Bd~{0Ac_!fEYjwAO;Wvhyla^VgNCK7(fgl1`q>?0mJ}e05O0VKnx%T5Cez-!~kLd
zF@P9A3?K#&1Bd~{0Ac_!fEYjwAO;Wvhyla^VgNCK7(fgl1`q>?0mJ}e05O0VKnx%T
z5Cez-!~kLdF@P9A3?K#&1Bd~{0Ac_!fEYjwAO;Wvhyla^VgNCK7(fgl1`q>?0mJ}e
z05O0VKnx%T{+|XEc#ODdULMRF^#+Hy;N6&a`y)_sE|~xPU~xFqMIgtZI^=l_|ND3!
zw}}6JIQI9$+dvqDIuF7`R4WKWs1^_=pqfD#k7@#85~>k|wNd9-ybxd*!V-TE-T>qn
zRQ<wV|KEp0zaL%$!Wh(95GJCkK^Q`v0bv5F3WV{fN)RTYDnM8pRnF>#=%%AX`8{|U
zkYiA#EWiFg4~Kt0{3HltP$eKtM4bR(2vrQi1XK|S<57hmOhO$8VQthg7B6^rn2dM-
zb$e}80g#hW`5+EMs5}sdU{o%M!vxe(5QoU991tgBP}!`UtWAL2e$ST$<RsJ)5NFPp
z3F6H8GC-U;Upk00=Q|AI%=yw-IfNq<NWbSx1#%MV5QsD9O964_e90irobMorGv_-1
z;>`JySUAp|N{0WKZ$FTeP>CSUoNph9Gw0h2;>`IHK%6-r1H_s0#mn;;asBak5=Yi{
z`{Ty0aX?Ip1z{M90bvM^24R>G1;P+H5`>AE2v!W?@g(A}Cng<;N#P(2Lt!8c!J!}w
z6GA{3BGW*ahzVxFSa&x9@%P=pgMgS62*NNF0KyRL55h3P4}>AIF9;JcKCGBb)N$AO
zb;P`ZnB)b*Fysls5bOcMFu@&!A+j3?6ERd)OmHI-sJ{lI05J&$VHhHVFa*1TFida(
zVTkMu!bFS{3&yzPNLb3R!S(<#X*USNkRu2~umcFggk2yEk?ld4h_PeEI@&OW{A(~<
zAST&>FbwSkVF<PcVVGbA!Vq}}2oo{eSuvhMq2hlHW(mY33lN4Oa}b8$Z6FL2wt_H3
z-U7lz%;trd>h6Xi;eQ`7Gax2y0$~_31z`x@2*NPI1cV{7F$fbeMy!~G#bSOBwgHGq
zh9C?>>p>WT4L}$s=z}ms)&pT8Mwb=i2xP+VGk+Z*CXqlGhO|K#f{7pu6Ce<V$OI53
zV(={3jY87V(f;)s!vQe~3&PC%!-FscuLEJ2pasGZSrdeb7!6iTq{4p;rVhj;H4ug&
zRS<^YwIB==)_^cXUJb%Tj0!8p;&G(kr&P*7Oj-rPFoXtS2v!1Nn4k#45Lp3)i5Phn
z{Ga1R{CyHE2gD><5QZTc5QboB5QYgWK^P*h0AV6#IV&b&2yVDvuQ4egCP{)Y3`u}6
z1TO<&m>>?q5P2yG6ER|}7=wr0e?JwM05M4vgkeYogdtcMgkgdZ2t(w>AWXyvvS13C
u1po1mrT`F=_(2$k_&^wfc|jN^ECOMO%mczi47U)EoM0fCMhg!Jrv49)()9QM

diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client
index 7ac76facc6955ab0a87be2aef616d7d9b2f4cda0..5b038dc61079304832e101603f0c2adaaa2c1787 100644
GIT binary patch
delta 2227
zcmV;k2u$~o6Oa>-U4M;e<IEroSZ@LX2mpYB1BfcfEJDO7!VdJIr7QOtTJr*YfucFn
zU6NDYzNAMPbju;ZWfqG$;5+hvC?Edmt5N=Nty4g}G<jImI6)oDMG{i#{W>7sz?j~S
z^Eu0q{|80a4NRcNaXvAL+kXaLI74k0%rU(GVUEeh6;&8!6MuDI)J^ynD@b7{o5gvY
zZlTz3i7U|$CWkY|S%^kRHzHQ&+XEDuNrck`RdLP>>>G}7;w00ogg0f|d%LN3bGQBM
z)sah{ii&XELwE5~JQ!YjaC}NZ!?=~97Rz<^#nu4Xvli|)usUY_;KJ1u!In`e@-*98
zvi2s#F{M!4z<)w2)?|#bu{z(OVxO<dGE<#NWaid;MT;9w7o~X<c!mMCHwX^Y(9;cC
zF>}|NQqnxV{&6~Vh&=@dGb^e|n&s1O<H}4b!n5@ct8eg{J!TQk&;vyKU^|c1INy_a
z*wjxA$}2?-1A!5=1NzZVsT3WeARv!YG#E#OKQ~1p9)B%-lQRW!zmXc&sO1ZgR5!dA
z(=IO}O9`xYQx@{G4>Mrg^f?Xbf+*JH`@@{0<@`+zO&{MYRho{N<7B}Ax>vm~^y|z-
ziFCBq8ocZ*!Nd2LH5-WS*Md}Wv1aaCL~b$V|8e?Vj4iJ;<fo=MiY$5d>15tx<tH^0
z<d3}+?|*y8sPaqmXAhtlBOxD?B=-5hvqF$|yLiuc+r*f8fdg6Qk|Oq|=`*QBcq7pp
z#-@<y%|xc=(C1)y8wJzTZ-EsJdd*=SMl;I&#CySNq7H}4`CGA5*oBa$arban-ljHb
zUwO?>dRqb6l(K)lK73)t8UpwebG21ku;j5@2!FvRFij^5M`x1*N7#hw)8-y^6zn^_
zOL#*IO~K&^@>WhT+yEsN^CF~yT*+`>ha47etRbYcA-aPdHRy<HqW9{JIC2V}utYdB
zvrCB`ecZL7Rg|iCXYQz%rfcu~F(vMe%%W|5kTUwP4$vHxTB4>uxN*ZGbR!I`k&N3p
zJ%2&0oq2|Fznh*|>$M5#6d`ryuy3_EwgZqD;0KrV0NI4`WMa{imL=Eg)X{F<#mO+-
z-VHe#)Y`zPxF6w1yyQm}y%Ebl&0bQP2KRm1)q;u{1R?_hAY^1JAl9^;JgSmn=Ld4<
zgtVE!J|Vsj-_$%=nrSY66ft;6mx$5i2p^fgFjv9s3mhonCHo0bAE{H0geoJE^kJfV
zgif8XD3kRAMt>$(b{akNmlOg52ml0v1jr1qDluj_L=ue{i7?2H;VAysyEUs*^d5L{
z+t>hnv2Ywm8O3s!9asU)&n66tQ3|lg9p6ZWG-!nPDnl5QI<wJvHl^~vS4DE*3exAC
zghpwB?e7(GsCFJ<>tYu!o1Q2q^ju1j*{iy=tiwvj_J1D#@x=?C=sX0vapkx<nDUD4
zXszqxT+Mq&(+A0+5c2kSci*#em!Og8wN<gTNMSRW9wnVQTB9Ra*s84m;RROtZ>Xf<
z(|BBloiKV0z<+-4mdKu$+dy|}E=5<%P=|QwR7R`PW*rhWDaZI^CD9sk+={!%5*iN>
z2izPae19H)r_LxVG+xGKfu{++2ttr=3%^Q`eCp}=l3<xV2E=*5rmLO?C%DEYSCAf`
zT(L5FwkA#*@Y*8yQI6znsN~;mGQHGj`YpC7GjkOnAx(HcLWG^u_Q`93ENevrVAABF
z@1qMRskmG>9HnxOlD-4qvjJJ>97dT=GrrT}v42c(z7bR3dD><V)#1C%zfFj*3VKoj
zP)EG?E~W7G0Lo<@eXTBdvlcqZorYdHVKT$J<LhtSbqu0KVFtMM&y_R1kuM1ahm8D8
zJJT#mPaG401IITU3Teebe!DTP#z+=`h^uEiKosOA@Cs3Ih$m<JQlUL$3EYznTO5Hl
zyMK30hgcr9?d;idtT3F_J?S+f3H@Z<)mV#Eu;x}V?W7neTI9ji)BKwIei0ZIx#ZHD
zCZ~DEFGKn8&K(7Uda6aI*D=A7&cVp`M;cWL7IA6$@7-MCQcpE9j^}=rpYjd(Pnl$5
z7zTXYP<lHhg5)@8;&%pgF@%%=CV_RoiGSWO$T_!==V|`qEz2HJG_{f-RcYipRlMo8
zo>h#|DgWg84uF?;oL<JgK^%EBzxGht$9C=9S3Q-g6zMO6pni}PfK;|(BYaVl6~>94
zVq&%)w4;bm_6;Sp-_=TOz}kSQ;StGgj`gdar=<!M#^c*vZIv0b8@SRC(_MjDMSq^7
zPKhEh)G<rQC1DHwv9VUgCRe)(WH0Au=cnxd=S|{U8-K}p*#a%*U1+SqA434qTczam
z(Q|*7BTEWobkT>ftyZ>@Gy-E;ByT+Dp+NXIcM>fa9}jKCXY!}+-26##xs=BbIz^l!
z`29C`FD!s4tNg++1Ns|)Ytqr3Hh&)}x`@d`Z=hj#Gn&yNFe)$<-NWmIZ=EA|w(nPP
z9z3lk_2z>}>#s0%e@u7+1_l)L%$k8Ll2x8Me<AoM4PP@GAIYy#ZjASh@4>3NO1mn>
znpHaLUwwI>*4c(CqiJD5!7Hrw(ivYOc^sIQoN55wlks0M?=s0?+am{hy?;R#hXs$0
zH(LpM1!T!|B-OYIa0J`FH(R|EW&<M@zshWJQe+!|cvgGnIEASS9N8`bQLF#@HqLzl
zk7--6f*BZd@T6kN#o8O1PFn+qvU1Bt0rQ2^yoAD&+z}WAGi96tx?eyot-ySq{%5=1
z9tOlbxDpG$%iUIh8lc6GyJ2)R9K)k-Gu&^uEpdjiJQs5+NYmbm(cd_sHC~5Kx0<V1
ziU3m)K-{1XU&IBr=(haMR-?L&w@Urmxh#1k3Eds=)-Ra~cDiC^t0)~h>a3?|YR1c#
zoNv#u_**Sw)$aI{6A4=)?dg+tZS`Q@ij0B2RYPkC)(ob21PH1M6EyD;wb%jz2mpS_
BIm`e6

delta 2227
zcmV;k2u$~o6Oa>-U4O)&v3DHGS@{A22mpYB1Bl!KH_=m&jpztNCjSphQrE}yDu~$q
zNEE8OoD6Nb6;<)2k*z=a7F7;m#TaTWCwwka5|OQ0l`y3?`?=5^<FXgT8wPwZ{u@{b
zO=@FHgeg_-tu@W-fDIi6LI!YDtmB4=fD2UVZ;2op7w^?19DfK1YcKG7QON2S3EKLo
z=#2vpV^slbx%Ur|C|t2ke`kE4n82f&-B~fjc96Dk$VndOE**hh+cHhs8;q7aJ>D24
zv^#Tv-DGq9+agpB7^TDA;Vbt{k|xLQ$D)Njbf3Co@btWmO2N`{57#>H)ymmM5D?Ul
zPG4CwmVz~g8-G6k;(q_6)o@6}p&G2oODd%O<s=lpVdmnj`cn3@okp;<(=x{W3|6kW
zxqVPuLmi9`UmGb2nfTO3%~o!_%_DOh6T-{`T&=qR|I*7~_ltCPe%$>aG0+UnWR8R}
zsg%N-9rWGKT;f8*%tb)*s?>0jY!Sk|6ZL=gsS3Bm#(#kizjs=NvPu!Cul8yINOT#b
zybFs|pCz~&=hud<_BtxBHkG_4w^5I)<KF=H#1#rmzLB;>Cs$TQTdEDXWqAO#O>jSm
zS`roT4J|0x*;?T|ZNND^vVKAV{Dqbf@9oZa05_3h)lL=3yC-<}&*|os)+;02Uj7+h
z;#BB%V1H#f-D6!m=T-+*Ve5a>HnRXYH~@;^UE!W39$Bl&DCn(;Bt6-ijCFdmDG>Nq
zMS45zL?aEE(}7iLk!QZyCV_L^gBvLW&C`chTbu)lfX%!skvoXY;(JlB4JRvmW!rd|
zS>#Si%(IRPb?#*K?h6O;ZY#n9U!*s?Ss7XqU4N8tHZt{m`R{#Q4tn2L-XvK_Q}d9{
z<{VDXpJPY;*mhd-dI)O|hwA?BJCAr)S5(Zad!Vf*@pefCbfI;3SkTWc*DlgwSx72<
zi%k@Nlp{=Iq^Yx}g-Q^-j0oIO)7}OGI>!a9z$g;#2i!9d{G00wjs(@v1Uw=jF>m)z
zD1Vn45BDiy`U130)W@TsARGH%>ZLR?m_0MV_rL2}aWzIQAtJea&yFVwke9{tROCIf
z_%d(6gi3A94Cg@-Ac{N6)zjfMhf#06#!Pj?(P~Z%99L5eH}CVC*_5T;mnTDGA1-18
z^M>-vuTHVCg)?hvs5_$72fhbPEO10l8XuISOmfOPTWS*~5qi!;_a<E$q6fKP1VoTE
zRv?q@i<9*OMt_N_NNCmA22uh72ml0v1juG`2LOV)O4e*0^-qU8yciqST2D)`spAAA
zReG^Qk@Wc5!l-I_{u4?WJx=g>hBR>m2m4R{E_}lp@{Zx5MdtF!@zdZCrY!@*8Fb}p
z?UuFjmZ7rteK}plg*T^lEMG1_LQ_BBlmB;ex0)p-ynj`%1~7-aKs3q2-#pQc=&~;$
zM>SEaKs4B~dCVN`AKnRv4TFpE?n;(a6R~HQNgn=TP+WWY_kmSjQ;`Y#vZsPrMJ>=Z
zBB1TL4}xktlx8<}VGU<T?iwbdgN}JqYB7s~AJ1-q){TBL%)n^R3vt6BDvz&_Y@KV>
zQbI~g5q~I2OiG?`F>+6x?GH8CcbD<8-C?M_B#>_4Hop^=pk_~{=A=j*dQ|{$c&J8p
z@FCWWmr^mf?%O1!XRp^>fxsqS^wiJipida8l)B?X;CW!x(4~CO<>@wnN%sHMub79I
z<}wMCVFVDE5}+^KP`sOGu&l>JN&r-7(oU3$b${g#%QU&}=06KkZi7MTP$42T6^48`
zF!~d=mI?Mez*5ca2`DI3%)vL?d)*Jf1zkT=YYyW4(t|cp<<zI^y<q%zc?oF@G<K6~
z22R)F8*WP6@az{DdXg7FNVWAEN&$phJEe3Tge(NmiK)*W^O#wf@&RVR(@^ye!R8wX
zCV%z$uqgX2FH_s_kb-`!#SA~L&pi)hCz<8WD)<e98SVMFR7hD=Rw_wON*kwYVRaLf
z|2=|p6wdCJBF@8>)G(O!>GK&#z4X&gN2$n<0*|^PSd9fX3V4?my#s&Snd4jJz6K5O
zMZ##QFejJ2X=FNfwut=#UwiY9ODpbukbmI4`(x$6N{a3@O~@~ZtgbI!%JO8G+Ip0j
zr2uTC=v!6(d5t(-muRond9a3ag3VJ_Bl~Qt=dVr*)U7ae^8|U0M%{rGrJwE=c)XB(
zw!z{;3^jk7?_mVHX}DDe*s0{~9x?#APO$ZMBN>#7!Wj2A2@<cccJS;eYjgB2XMZHL
z1@EAd!@uzq4X%r8*P^`52qB4)zH&wD9h71J5rz_q^Y|y);VDOz86)yYY})WusZ<oO
zn|D&{#pPN&Zs2u(2F<<EwvL3MNp}p_1@9C6H?5jlklaifNCJzWOqZef6z<?qeMD))
z74K%5*?A;R-1p|2(uh^15Y~ON27l%h;VJ1(Jza0D1050_g;&dj#Ue`aWR_VQ(GYmZ
z8}4TkB4tXyG!zxA0xIwBOg#!5{AffWTPe$z@W&*XuUS=z&P&V+Lb1U#oyR%YryVE3
zO<wTFivhIs+$hIxGo|??l(<GqFxmdW_cMf3z;4}QnWlEo`8FS4;)}R0TYu&1dRBUk
z+dU0Vedgc|-1#|L@C97fXBa#OW@|5Bko$CeSz$gfnRIxw`xAsAl*(N}u8N#9Un#cw
z%ytj4c-3a7$(-v+ORJ*68p1iq&IU`?S{phg=DEy%3^s`)qNM%DS7<y#;F0OF075I@
zo-v^24mGgwSKC%x^yoc$wqegMtro~c&4aa_sw=}ZAv!}4%d6cQg8twAm=JWg_3c+M
z&U1lj>>X|Ut^hNR94Gb22IUJ9Wd>gA$2jU`R%$v`R!sax8BhB@&P=Dx{WVxLh)s!?
z#dWw%+DOvK;>O{V6A4=)U~3&8<H@$d>9Vg-I$Ej(IzC+i1PEZBjs`m-(*6Ph2ml04
BJ9_{C

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index ccc12f6b5a8c..6f554d87958e 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -234,7 +234,6 @@
 #include "nsXULAppAPI.h"
 
 #include "ThirdPartyUtil.h"
-#include "BRNameMatchingPolicy.h"
 #include "GeckoProfiler.h"
 #include "mozilla/NullPrincipal.h"
 #include "Navigator.h"
@@ -6090,10 +6089,7 @@ already_AddRefed<nsIURI> nsDocShell::MaybeFixBadCertDomainErrorURI(
 
   // Check if adding a "www." prefix to the request's hostname will
   // cause the response's certificate to match.
-  mozilla::psm::BRNameMatchingPolicy nameMatchingPolicy(
-      mozilla::psm::BRNameMatchingPolicy::Mode::Enforce);
-  rv1 = mozilla::pkix::CheckCertHostname(serverCertInput, newHostInput,
-                                         nameMatchingPolicy);
+  rv1 = mozilla::pkix::CheckCertHostname(serverCertInput, newHostInput);
   if (rv1 != mozilla::pkix::Success) {
     return nullptr;
   }
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index b3c73579429a..a078809d8122 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -111,18 +111,6 @@ pref("security.pki.sha1_enforcement_level", 3);
 // x_11_x: COSE is required, PKCS#7 disabled (fail when present)
 pref("security.signed_app_signatures.policy", 2);
 
-// security.pki.name_matching_mode controls how the platform matches hostnames
-// to name information in TLS certificates. The possible values are:
-// 0: always fall back to the subject common name if necessary (as in, if the
-//    subject alternative name extension is either not present or does not
-//    contain any DNS names or IP addresses)
-// 1: fall back to the subject common name for certificates valid before 23
-//    August 2016 if necessary
-// 2: fall back to the subject common name for certificates valid before 23
-//    August 2015 if necessary
-// 3: only use name information from the subject alternative name extension
-pref("security.pki.name_matching_mode", 3);
-
 // security.pki.netscape_step_up_policy controls how the platform handles the
 // id-Netscape-stepUp OID in extended key usage extensions of CA certificates.
 // 0: id-Netscape-stepUp is always considered equivalent to id-kp-serverAuth
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 035e3264c4f0..be0b39efee78 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -252,7 +252,6 @@ static const char* gCallbackSecurityPrefs[] = {
     "security.ssl.enable_ocsp_stapling",
     "security.ssl.enable_ocsp_must_staple",
     "security.pki.certificate_transparency.mode",
-    "security.pki.name_matching_mode",
     nullptr,
 };
 
@@ -407,8 +406,7 @@ void nsIOService::OnTLSPrefChange(const char* aPref, void* aSelf) {
     LOG(("HandleTLSPrefChange done"));
   } else if (pref.EqualsLiteral("security.ssl.enable_ocsp_stapling") ||
              pref.EqualsLiteral("security.ssl.enable_ocsp_must_staple") ||
-             pref.EqualsLiteral("security.pki.certificate_transparency.mode") ||
-             pref.EqualsLiteral("security.pki.name_matching_mode")) {
+             pref.EqualsLiteral("security.pki.certificate_transparency.mode")) {
     SetValidationOptionsCommon();
   }
 }
diff --git a/security/certverifier/BRNameMatchingPolicy.cpp b/security/certverifier/BRNameMatchingPolicy.cpp
deleted file mode 100644
index c70801adcd29..000000000000
--- a/security/certverifier/BRNameMatchingPolicy.cpp
+++ /dev/null
@@ -1,42 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "BRNameMatchingPolicy.h"
-
-#include "mozilla/Assertions.h"
-
-using namespace mozilla::psm;
-using namespace mozilla::pkix;
-
-Result BRNameMatchingPolicy::FallBackToCommonName(
-    Time notBefore,
-    /*out*/ FallBackToSearchWithinSubject& fallBackToCommonName) {
-  // (new Date("2015-08-23T00:00:00Z")).getTime() / 1000
-  static const Time AUGUST_23_2015 = TimeFromEpochInSeconds(1440288000);
-  // (new Date("2016-08-23T00:00:00Z")).getTime() / 1000
-  static const Time AUGUST_23_2016 = TimeFromEpochInSeconds(1471910400);
-  switch (mMode) {
-    case Mode::Enforce:
-      fallBackToCommonName = FallBackToSearchWithinSubject::No;
-      break;
-    case Mode::EnforceAfter23August2015:
-      fallBackToCommonName = notBefore > AUGUST_23_2015
-                                 ? FallBackToSearchWithinSubject::No
-                                 : FallBackToSearchWithinSubject::Yes;
-      break;
-    case Mode::EnforceAfter23August2016:
-      fallBackToCommonName = notBefore > AUGUST_23_2016
-                                 ? FallBackToSearchWithinSubject::No
-                                 : FallBackToSearchWithinSubject::Yes;
-      break;
-    case Mode::DoNotEnforce:
-      fallBackToCommonName = FallBackToSearchWithinSubject::Yes;
-      break;
-    default:
-      MOZ_CRASH("Unexpected Mode");
-  }
-  return Success;
-}
diff --git a/security/certverifier/BRNameMatchingPolicy.h b/security/certverifier/BRNameMatchingPolicy.h
deleted file mode 100644
index 1f9910cee20a..000000000000
--- a/security/certverifier/BRNameMatchingPolicy.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef BRNameMatchingPolicy_h
-#define BRNameMatchingPolicy_h
-
-#include "mozpkix/pkixtypes.h"
-
-namespace mozilla {
-namespace psm {
-
-// According to the Baseline Requirements version 1.3.3 section 7.1.4.2.2.a,
-// the requirements of the subject common name field are as follows:
-// "If present, this field MUST contain a single IP address or Fully‐Qualified
-// Domain Name that is one of the values contained in the Certificate’s
-// subjectAltName extension". Consequently, since any name information present
-// in the common name must be present in the subject alternative name extension,
-// when performing name matching, it should not be necessary to fall back to the
-// common name. Because this consequence has not commonly been enforced, this
-// implementation provides a mechanism to start enforcing it gradually while
-// maintaining some backwards compatibility. If configured with the mode
-// "EnforceAfter23August2016", name matching will only fall back to using the
-// subject common name for certificates where the notBefore field is before 23
-// August 2016. Similarly, the mode "EnforceAfter23August2015" is also
-// available. This is to provide a balance between allowing preexisting
-// long-lived certificates and detecting newly-issued problematic certificates.
-// Note that this implementation does not actually directly enforce that if the
-// subject common name is present, its value corresponds to a dNSName or
-// iPAddress entry in the subject alternative name extension.
-
-class BRNameMatchingPolicy : public mozilla::pkix::NameMatchingPolicy {
- public:
-  enum class Mode {
-    DoNotEnforce = 0,
-    EnforceAfter23August2016 = 1,
-    EnforceAfter23August2015 = 2,
-    Enforce = 3,
-  };
-
-  explicit BRNameMatchingPolicy(Mode mode) : mMode(mode) {}
-
-  virtual mozilla::pkix::Result FallBackToCommonName(
-      mozilla::pkix::Time notBefore,
-      /*out*/ mozilla::pkix::FallBackToSearchWithinSubject&
-          fallBacktoCommonName) override;
-
- private:
-  Mode mMode;
-};
-
-}  // namespace psm
-}  // namespace mozilla
-
-#endif  // BRNameMatchingPolicy_h
diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp
index f2cb8b459fb1..dc8b5a41d370 100644
--- a/security/certverifier/CertVerifier.cpp
+++ b/security/certverifier/CertVerifier.cpp
@@ -105,7 +105,6 @@ CertVerifier::CertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
                            mozilla::TimeDuration ocspTimeoutSoft,
                            mozilla::TimeDuration ocspTimeoutHard,
                            uint32_t certShortLifetimeInDays, SHA1Mode sha1Mode,
-                           BRNameMatchingPolicy::Mode nameMatchingMode,
                            NetscapeStepUpPolicy netscapeStepUpPolicy,
                            CertificateTransparencyMode ctMode,
                            CRLiteMode crliteMode,
@@ -116,7 +115,6 @@ CertVerifier::CertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
       mOCSPTimeoutHard(ocspTimeoutHard),
       mCertShortLifetimeInDays(certShortLifetimeInDays),
       mSHA1Mode(sha1Mode),
-      mNameMatchingMode(nameMatchingMode),
       mNetscapeStepUpPolicy(netscapeStepUpPolicy),
       mCTMode(ctMode),
       mCRLiteMode(crliteMode) {
@@ -990,11 +988,7 @@ Result CertVerifier::VerifySSLServerCert(
     return Result::FATAL_ERROR_INVALID_ARGS;
   }
 
-  BRNameMatchingPolicy nameMatchingPolicy(
-      isBuiltChainRootBuiltInRootLocal
-          ? mNameMatchingMode
-          : BRNameMatchingPolicy::Mode::DoNotEnforce);
-  rv = CheckCertHostname(peerCertInput, hostnameInput, nameMatchingPolicy);
+  rv = CheckCertHostname(peerCertInput, hostnameInput);
   if (rv != Success) {
     // Treat malformed name information as a domain mismatch.
     if (rv == Result::ERROR_BAD_DER) {
diff --git a/security/certverifier/CertVerifier.h b/security/certverifier/CertVerifier.h
index f3a9ba9db494..b69a4b209490 100644
--- a/security/certverifier/CertVerifier.h
+++ b/security/certverifier/CertVerifier.h
@@ -7,7 +7,6 @@
 #ifndef CertVerifier_h
 #define CertVerifier_h
 
-#include "BRNameMatchingPolicy.h"
 #include "CTPolicyEnforcer.h"
 #include "CTVerifyResult.h"
 #include "EnterpriseRoots.h"
@@ -220,7 +219,6 @@ class CertVerifier {
                mozilla::TimeDuration ocspTimeoutSoft,
                mozilla::TimeDuration ocspTimeoutHard,
                uint32_t certShortLifetimeInDays, SHA1Mode sha1Mode,
-               BRNameMatchingPolicy::Mode nameMatchingMode,
                NetscapeStepUpPolicy netscapeStepUpPolicy,
                CertificateTransparencyMode ctMode, CRLiteMode crliteMode,
                const Vector<EnterpriseCert>& thirdPartyCerts);
@@ -234,7 +232,6 @@ class CertVerifier {
   const mozilla::TimeDuration mOCSPTimeoutHard;
   const uint32_t mCertShortLifetimeInDays;
   const SHA1Mode mSHA1Mode;
-  const BRNameMatchingPolicy::Mode mNameMatchingMode;
   const NetscapeStepUpPolicy mNetscapeStepUpPolicy;
   const CertificateTransparencyMode mCTMode;
   const CRLiteMode mCRLiteMode;
diff --git a/security/certverifier/moz.build b/security/certverifier/moz.build
index 268618d1e430..bf9ac0a38cf5 100644
--- a/security/certverifier/moz.build
+++ b/security/certverifier/moz.build
@@ -8,13 +8,11 @@ with Files("**"):
     BUG_COMPONENT = ("Core", "Security: PSM")
 
 EXPORTS += [
-    "BRNameMatchingPolicy.h",
     "CertVerifier.h",
     "OCSPCache.h",
 ]
 
 UNIFIED_SOURCES += [
-    "BRNameMatchingPolicy.cpp",
     "CertVerifier.cpp",
     "NSSCertDBTrustDomain.cpp",
     "OCSPCache.cpp",
diff --git a/security/ct/MultiLogCTVerifier.h b/security/ct/MultiLogCTVerifier.h
index 8f3047df7f7f..983f96677b59 100644
--- a/security/ct/MultiLogCTVerifier.h
+++ b/security/ct/MultiLogCTVerifier.h
@@ -19,7 +19,7 @@
 namespace mozilla {
 namespace ct {
 
-void DecodeSCTs(Input encodedSctList,
+void DecodeSCTs(pkix::Input encodedSctList,
                 std::vector<SignedCertificateTimestamp>& decodedSCTs,
                 size_t& decodingErrors);
 
diff --git a/security/manager/ssl/CommonSocketControl.cpp b/security/manager/ssl/CommonSocketControl.cpp
index bb6fd19e2f66..2623ad96201a 100644
--- a/security/manager/ssl/CommonSocketControl.cpp
+++ b/security/manager/ssl/CommonSocketControl.cpp
@@ -6,7 +6,6 @@
 
 #include "CommonSocketControl.h"
 
-#include "BRNameMatchingPolicy.h"
 #include "PublicKeyPinningService.h"
 #include "SharedCertVerifier.h"
 #include "nsNSSComponent.h"
@@ -192,11 +191,7 @@ CommonSocketControl::IsAcceptableForHost(const nsACString& hostname,
     return NS_OK;
   }
 
-  mozilla::psm::BRNameMatchingPolicy nameMatchingPolicy(
-      mIsBuiltCertChainRootBuiltInRoot
-          ? mozilla::psm::PublicSSLState()->NameMatchingMode()
-          : mozilla::psm::BRNameMatchingPolicy::Mode::DoNotEnforce);
-  rv = CheckCertHostname(serverCertInput, hostnameInput, nameMatchingPolicy);
+  rv = CheckCertHostname(serverCertInput, hostnameInput);
   if (rv != Success) {
     return NS_OK;
   }
diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp
index a0a8eecde6aa..688bad668444 100644
--- a/security/manager/ssl/ContentSignatureVerifier.cpp
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -6,7 +6,6 @@
 
 #include "ContentSignatureVerifier.h"
 
-#include "BRNameMatchingPolicy.h"
 #include "CryptoTask.h"
 #include "CSTrustDomain.h"
 #include "ScopedNSSTypes.h"
@@ -279,8 +278,7 @@ static nsresult VerifyContentSignatureInternal(
     return NS_ERROR_FAILURE;
   }
 
-  BRNameMatchingPolicy nameMatchingPolicy(BRNameMatchingPolicy::Mode::Enforce);
-  result = CheckCertHostname(certInput, hostnameInput, nameMatchingPolicy);
+  result = CheckCertHostname(certInput, hostnameInput);
   if (result != Success) {
     // EE cert isnot valid for the given host name.
     aErrorLabel = Telemetry::LABELS_CONTENT_SIGNATURE_VERIFICATION_ERRORS::err7;
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
index ba14c1ab4832..e6db9703a336 100644
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -95,7 +95,6 @@
 
 #include <cstring>
 
-#include "BRNameMatchingPolicy.h"
 #include "CertVerifier.h"
 #include "CryptoTask.h"
 #include "ExtendedValidation.h"
@@ -372,10 +371,6 @@ SECStatus DetermineCertOverrideErrors(const nsCOMPtr<nsIX509Cert>& cert,
       PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
       return SECFailure;
     }
-    // Use a lax policy so as to not generate potentially spurious name
-    // mismatch "hints".
-    BRNameMatchingPolicy nameMatchingPolicy(
-        BRNameMatchingPolicy::Mode::DoNotEnforce);
     // CheckCertHostname expects that its input represents a certificate that
     // has already been successfully validated by BuildCertChain. This is
     // obviously not the case, however, because we're in the error path of
@@ -383,7 +378,7 @@ SECStatus DetermineCertOverrideErrors(const nsCOMPtr<nsIX509Cert>& cert,
     // would be nice to remove this optimistic additional error checking and
     // simply punt to the front-end, which can more easily (and safely) perform
     // extra checks to give the user hints as to why verification failed.
-    result = CheckCertHostname(certInput, hostnameInput, nameMatchingPolicy);
+    result = CheckCertHostname(certInput, hostnameInput);
     // Treat malformed name information as a domain mismatch.
     if (result == Result::ERROR_BAD_DER ||
         result == Result::ERROR_BAD_CERT_DOMAIN) {
diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h
index 73ee1dbfa9d7..a48936a89395 100644
--- a/security/manager/ssl/SharedCertVerifier.h
+++ b/security/manager/ssl/SharedCertVerifier.h
@@ -24,14 +24,13 @@ class SharedCertVerifier : public mozilla::psm::CertVerifier {
                      mozilla::TimeDuration ocspSoftTimeout,
                      mozilla::TimeDuration ocspHardTimeout,
                      uint32_t certShortLifetimeInDays, SHA1Mode sha1Mode,
-                     BRNameMatchingPolicy::Mode nameMatchingMode,
                      NetscapeStepUpPolicy netscapeStepUpPolicy,
                      CertificateTransparencyMode ctMode, CRLiteMode crliteMode,
                      const Vector<EnterpriseCert>& thirdPartyCerts)
       : mozilla::psm::CertVerifier(odc, osc, ocspSoftTimeout, ocspHardTimeout,
                                    certShortLifetimeInDays, sha1Mode,
-                                   nameMatchingMode, netscapeStepUpPolicy,
-                                   ctMode, crliteMode, thirdPartyCerts) {}
+                                   netscapeStepUpPolicy, ctMode, crliteMode,
+                                   thirdPartyCerts) {}
 };
 
 }  // namespace psm
diff --git a/security/manager/ssl/SharedSSLState.h b/security/manager/ssl/SharedSSLState.h
index b6597967f089..31562fc76bee 100644
--- a/security/manager/ssl/SharedSSLState.h
+++ b/security/manager/ssl/SharedSSLState.h
@@ -36,9 +36,6 @@ class SharedSSLState {
   void SetSignedCertTimestampsEnabled(bool signedCertTimestampsEnabled) {
     mSignedCertTimestampsEnabled = signedCertTimestampsEnabled;
   }
-  void SetNameMatchingMode(BRNameMatchingPolicy::Mode aMode) {
-    mNameMatchingMode = aMode;
-  }
 
   // The following methods may be called from any thread
   bool SocketCreated();
@@ -49,7 +46,6 @@ class SharedSSLState {
   bool IsSignedCertTimestampsEnabled() const {
     return mSignedCertTimestampsEnabled;
   }
-  BRNameMatchingPolicy::Mode NameMatchingMode() { return mNameMatchingMode; }
 
  private:
   ~SharedSSLState();
@@ -67,7 +63,6 @@ class SharedSSLState {
   bool mOCSPStaplingEnabled;
   bool mOCSPMustStapleEnabled;
   bool mSignedCertTimestampsEnabled;
-  BRNameMatchingPolicy::Mode mNameMatchingMode;
 };
 
 SharedSSLState* PublicSSLState();
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 53eef93d0940..b2b076c01c1e 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1340,23 +1340,6 @@ void SetValidationOptionsCommon() {
       ctMode != CertVerifier::CertificateTransparencyMode::Disabled;
   PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
   PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
-
-  BRNameMatchingPolicy::Mode nameMatchingMode =
-      static_cast<BRNameMatchingPolicy::Mode>(Preferences::GetInt(
-          "security.pki.name_matching_mode",
-          static_cast<int32_t>(BRNameMatchingPolicy::Mode::DoNotEnforce)));
-  switch (nameMatchingMode) {
-    case BRNameMatchingPolicy::Mode::Enforce:
-    case BRNameMatchingPolicy::Mode::EnforceAfter23August2015:
-    case BRNameMatchingPolicy::Mode::EnforceAfter23August2016:
-    case BRNameMatchingPolicy::Mode::DoNotEnforce:
-      break;
-    default:
-      nameMatchingMode = BRNameMatchingPolicy::Mode::DoNotEnforce;
-      break;
-  }
-  PublicSSLState()->SetNameMatchingMode(nameMatchingMode);
-  PrivateSSLState()->SetNameMatchingMode(nameMatchingMode);
 }
 
 namespace {
@@ -1558,8 +1541,7 @@ void nsNSSComponent::setValidationOptions(
 
   mDefaultCertVerifier = new SharedCertVerifier(
       odc, osc, softTimeout, hardTimeout, certShortLifetimeInDays, sha1Mode,
-      PublicSSLState()->NameMatchingMode(), netscapeStepUpPolicy, ctMode,
-      crliteMode, mEnterpriseCerts);
+      netscapeStepUpPolicy, ctMode, crliteMode, mEnterpriseCerts);
 }
 
 void nsNSSComponent::UpdateCertVerifierWithEnterpriseRoots() {
@@ -1576,7 +1558,6 @@ void nsNSSComponent::UpdateCertVerifierWithEnterpriseRoots() {
                                    : CertVerifier::ocspRelaxed,
       oldCertVerifier->mOCSPTimeoutSoft, oldCertVerifier->mOCSPTimeoutHard,
       oldCertVerifier->mCertShortLifetimeInDays, oldCertVerifier->mSHA1Mode,
-      oldCertVerifier->mNameMatchingMode,
       oldCertVerifier->mNetscapeStepUpPolicy, oldCertVerifier->mCTMode,
       oldCertVerifier->mCRLiteMode, mEnterpriseCerts);
 }
@@ -2384,7 +2365,6 @@ nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
                prefName.EqualsLiteral(
                    "security.pki.certificate_transparency.mode") ||
                prefName.EqualsLiteral("security.pki.sha1_enforcement_level") ||
-               prefName.EqualsLiteral("security.pki.name_matching_mode") ||
                prefName.EqualsLiteral("security.pki.netscape_step_up_policy") ||
                prefName.EqualsLiteral(
                    "security.OCSP.timeoutMilliseconds.soft") ||
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
index 56de79ae7cd1..d33ad8b27505 100644
--- a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
@@ -3,16 +3,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-// The preference security.pki.name_matching_mode controls whether or not
-// mozilla::pkix will fall back to using a certificate's subject common name
-// during name matching. If the Baseline Requirements are followed, fallback
-// should not be necessary (because any name information in the subject common
-// name should be present in the subject alternative name extension). Due to
-// compatibility concerns, the platform can be configured to fall back for
-// certificates that are valid before 23 August 2016. Note that for certificates
-// issued by an imported root, the platform will fall back if necessary,
-// regardless of the value of the preference.
-
 "use strict";
 
 do_get_profile(); // must be called before getting nsIX509CertDB
@@ -48,8 +38,6 @@ function checkCertOn25August2016(cert, expectedResult) {
 
 add_task(async function() {
   registerCleanupFunction(() => {
-    Services.prefs.clearUserPref("security.pki.name_matching_mode");
-    Services.prefs.clearUserPref("security.test.built_in_root_hash");
     Services.prefs.clearUserPref("privacy.reduceTimerPrecision");
   });
 
@@ -57,239 +45,34 @@ add_task(async function() {
 
   loadCertWithTrust("ca", "CTu,,");
 
-  // When verifying a certificate, if the trust anchor is not a built-in root,
-  // name matching will fall back to using the subject common name if necessary
-  // (i.e. if there is no subject alternative name extension or it does not
-  // contain any dNSName or iPAddress entries). Thus, since imported roots are
-  // not in general treated as built-ins, these should all successfully verify
-  // regardless of the value of the pref.
-  Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
-  info("current mode: always fall back, root not built-in");
+  // At one time there was a preference security.pki.name_matching_mode that
+  // controlled whether or not mozilla::pkix would fall back to using a
+  // certificate's subject common name during name matching. This no longer
+  // exists, and certificates that previously required the fallback should fail
+  // to verify.
+
   await checkCertOn25August2016(
     certFromFile("no-san-recent"),
-    PRErrorCodeSuccess
+    SSL_ERROR_BAD_CERT_DOMAIN
+  );
+  await checkCertOn25August2016(
+    certFromFile("no-san-old"),
+    SSL_ERROR_BAD_CERT_DOMAIN
   );
-  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
   await checkCertOn25August2016(
     certFromFile("no-san-older"),
-    PRErrorCodeSuccess
+    SSL_ERROR_BAD_CERT_DOMAIN
   );
   await checkCertOn25August2016(
     certFromFile("san-contains-no-hostnames-recent"),
-    PRErrorCodeSuccess
+    SSL_ERROR_BAD_CERT_DOMAIN
   );
   await checkCertOn25August2016(
     certFromFile("san-contains-no-hostnames-old"),
-    PRErrorCodeSuccess
+    SSL_ERROR_BAD_CERT_DOMAIN
   );
   await checkCertOn25August2016(
     certFromFile("san-contains-no-hostnames-older"),
-    PRErrorCodeSuccess
+    SSL_ERROR_BAD_CERT_DOMAIN
   );
-
-  Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
-  info(
-    "current mode: fall back for notBefore < August 23, 2016, root " +
-      "not built-in"
-  );
-  await checkCertOn25August2016(
-    certFromFile("no-san-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
-  await checkCertOn25August2016(
-    certFromFile("no-san-older"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-old"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-older"),
-    PRErrorCodeSuccess
-  );
-
-  Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
-  info(
-    "current mode: fall back for notBefore < August 23, 2015, root " +
-      "not built-in"
-  );
-  await checkCertOn25August2016(
-    certFromFile("no-san-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
-  await checkCertOn25August2016(
-    certFromFile("no-san-older"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-old"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-older"),
-    PRErrorCodeSuccess
-  );
-
-  Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
-  info("current mode: never fall back, root not built-in");
-  await checkCertOn25August2016(
-    certFromFile("no-san-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(certFromFile("no-san-old"), PRErrorCodeSuccess);
-  await checkCertOn25August2016(
-    certFromFile("no-san-older"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-recent"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-old"),
-    PRErrorCodeSuccess
-  );
-  await checkCertOn25August2016(
-    certFromFile("san-contains-no-hostnames-older"),
-    PRErrorCodeSuccess
-  );
-
-  // In debug builds, we can treat an imported root as a built-in, and thus we
-  // can actually test the different values of the pref.
-  if (isDebugBuild) {
-    let root = certFromFile("ca");
-    Services.prefs.setCharPref(
-      "security.test.built_in_root_hash",
-      root.sha256Fingerprint
-    );
-
-    // Always fall back if necessary.
-    Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
-    info("current mode: always fall back, root built-in");
-    await checkCertOn25August2016(
-      certFromFile("no-san-recent"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-old"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-older"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-recent"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-old"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-older"),
-      PRErrorCodeSuccess
-    );
-
-    // Only fall back if notBefore < 23 August 2016
-    Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
-    info(
-      "current mode: fall back for notBefore < August 23, 2016, root " +
-        "built-in"
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-old"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-older"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-old"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-older"),
-      PRErrorCodeSuccess
-    );
-
-    // Only fall back if notBefore < 23 August 2015
-    Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
-    info(
-      "current mode: fall back for notBefore < August 23, 2015, root " +
-        "built-in"
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-old"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-older"),
-      PRErrorCodeSuccess
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-old"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-older"),
-      PRErrorCodeSuccess
-    );
-
-    // Never fall back.
-    Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
-    info("current mode: never fall back, root built-in");
-    await checkCertOn25August2016(
-      certFromFile("no-san-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-old"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("no-san-older"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-recent"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-old"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-    await checkCertOn25August2016(
-      certFromFile("san-contains-no-hostnames-older"),
-      SSL_ERROR_BAD_CERT_DOMAIN
-    );
-  }
 });
diff --git a/testing/tools/iceserver/iceserver.py b/testing/tools/iceserver/iceserver.py
index a8a113a9d2c4..a909229a1705 100644
--- a/testing/tools/iceserver/iceserver.py
+++ b/testing/tools/iceserver/iceserver.py
@@ -882,6 +882,9 @@ def create_self_signed_cert(name):
     cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60)
     cert.set_issuer(cert.get_subject())
     cert.set_pubkey(k)
+    cert.add_extensions(
+        [crypto.X509Extension(b"subjectAltName", False, f"DNS:{name}".encode())]
+    )
     cert.sign(k, "sha1")
 
     open(CERT_FILE, "wb").write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))