From 73145de618e29032816eb753be8763b6710ea30b Mon Sep 17 00:00:00 2001
From: Joseph Henry <joseph.henry@zerotier.com>
Date: Tue, 13 Oct 2015 14:27:30 -0400
Subject: [PATCH] Added some parameter checks from linux kernel syscall source

---
 netcon/NetconEthernetTap.cpp |  18 +++++++-----------
 netcon/intercept.c           |  35 +++++++++++++++++++++++++++++++----
 netcon/libintercept.so.1.0   | Bin 0 -> 52552 bytes
 netcon/make-intercept.mk     |   2 +-
 4 files changed, 39 insertions(+), 16 deletions(-)
 create mode 100755 netcon/libintercept.so.1.0

diff --git a/netcon/NetconEthernetTap.cpp b/netcon/NetconEthernetTap.cpp
index 88cd3d97b..824f1734a 100644
--- a/netcon/NetconEthernetTap.cpp
+++ b/netcon/NetconEthernetTap.cpp
@@ -700,17 +700,13 @@ void NetconEthernetTap::nc_err(void *arg, err_t err)
  */
 err_t NetconEthernetTap::nc_poll(void* arg, struct tcp_pcb *tpcb)
 {
-	uint64_t now = OSUtils::now();
-	//fprintf(stderr, "nc_poll(): now = %u\n", now);
-	//fprintf(stderr, "nc_poll\n");
-
-
+	/*
 	Larg *l = (Larg*)arg;
 	TcpConnection *conn = l->conn;
 	NetconEthernetTap *tap = l->tap;
 	if(conn && conn->idx) // if valid connection and non-zero index (indicating data present)
 		tap->handle_write(conn);
-
+	*/
 	return ERR_OK;
 }
 
@@ -736,7 +732,6 @@ err_t NetconEthernetTap::nc_sent(void* arg, struct tcp_pcb *tpcb, u16_t len)
 		//uint64_t now = OSUtils::now();
 		//fprintf(stderr, "nc_sent(): now = %u\n", now);
 		l->tap->_phy.whack();
-		//l->tap->handle_write(l->conn);
 	}
 	return ERR_OK;
 }
@@ -856,10 +851,10 @@ void NetconEthernetTap::handle_bind(PhySocket *sock, void **uptr, struct bind_st
  * @param structure containing the data and parameters for this client's RPC
  *
 
-  [ ] EADDRINUSE - Another socket is already listening on the same port.
+  [?] EADDRINUSE - Another socket is already listening on the same port.
 	[X] EBADF - The argument sockfd is not a valid descriptor.
-	[ ] ENOTSOCK - The argument sockfd is not a socket.
-	[ ] EOPNOTSUPP - The socket is not of a type that supports the listen() operation.
+	[i] ENOTSOCK - The argument sockfd is not a socket.
+	[i] EOPNOTSUPP - The socket is not of a type that supports the listen() operation.
 
  */
 void NetconEthernetTap::handle_listen(PhySocket *sock, void **uptr, struct listen_st *listen_rpc)
@@ -886,6 +881,7 @@ void NetconEthernetTap::handle_listen(PhySocket *sock, void **uptr, struct liste
     }
   }
   else {
+		// We can't find a connection mapped to the socket fd provided
     fprintf(stderr, "handle_listen(): can't locate connection for PCB\n");
 		send_return_value(conn, -1, EBADF);
   }
@@ -954,7 +950,7 @@ void NetconEthernetTap::handle_socket(PhySocket *sock, void **uptr, struct socke
 	[i] EACCES - For UNIX domain sockets, which are identified by pathname: Write permission is denied ...
 	[ ] EACCES, EPERM - The user tried to connect to a broadcast address without having the socket broadcast flag enabled ...
 	[i] EADDRINUSE - Local address is already in use.
-	[?] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field.
+	[i] EAFNOSUPPORT - The passed address didn't have the correct address family in its sa_family field.
 	[ ] EAGAIN - No more free local ports or insufficient entries in the routing cache.
 	[ ] EALREADY - The socket is nonblocking and a previous connection attempt has not yet been completed.
 	[ ] EBADF - The file descriptor is not a valid index in the descriptor table.
diff --git a/netcon/intercept.c b/netcon/intercept.c
index ee2a479b9..41ad804c8 100755
--- a/netcon/intercept.c
+++ b/netcon/intercept.c
@@ -66,12 +66,19 @@ char *progname = "";
 #include <sys/mman.h>
 
 #ifdef USE_SOCKS_DNS
-#include <resolv.h>
+  #include <resolv.h>
 #endif
 
 #include "intercept.h"
 #include "common.h"
 
+#ifdef CHECKS
+  #include <linux/net.h> /* for NPROTO */
+
+  #define SOCK_MAX (SOCK_PACKET + 1)
+  #define SOCK_TYPE_MASK 0xf
+#endif
+
 /* Global Declarations */
 #ifdef USE_SOCKS_DNS
 static int (*realresinit)(void);
@@ -504,8 +511,21 @@ void sock_domain_to_str(int domain)
 
 /* int socket_family, int socket_type, int protocol
    socket() intercept function */
+
 int socket(SOCKET_SIG)
 {
+#ifdef CHECKS
+  /* Check protocol is in range */
+  if (socket_family < 0 || socket_family >= NPROTO)
+    return -EAFNOSUPPORT;
+  if (socket_type < 0 || socket_type >= SOCK_MAX)
+    return -EINVAL;
+  /* Check that type makes sense */
+  int flags = socket_type & ~SOCK_TYPE_MASK;
+  if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
+    return -EINVAL;
+#endif
+
 #ifdef DUMMY
   dwr("socket(fam=%d, type=%d, prot=%d)\n", socket_family, socket_type, protocol);
   return realsocket(socket_family, socket_type, protocol);
@@ -520,9 +540,6 @@ int socket(SOCKET_SIG)
     return realsocket(socket_family, socket_type, protocol);
   }
 
-  /* FIXME: Check type, protocol, return EINVAL errno */
-  /* FIXME: Check family, return EAFNOSUPPORT errno */
-
   /* Assemble and route command */
   struct socket_st rpc_st;
   rpc_st.socket_family = socket_family;
@@ -573,6 +590,9 @@ int socket(SOCKET_SIG)
    connect() intercept function */
 int connect(CONNECT_SIG)
 {
+
+  /* FIXME: Check that address is in user space, return EFAULT ? */
+
 #ifdef DUMMY
   dwr("connect(%d)\n", __fd);
   return realconnect(__fd, __addr, __len);
@@ -728,6 +748,10 @@ int bind(BIND_SIG)
 /* int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags */
 int accept4(ACCEPT4_SIG)
 {
+#ifdef CHECKS
+  if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
+    return -EINVAL;
+#endif
 #ifdef DUMMY
   dwr("accept4(%d)\n", sockfd);
   return accept(sockfd, addr, addrlen);
@@ -816,6 +840,9 @@ int accept(ACCEPT_SIG)
    listen() intercept function */
 int listen(LISTEN_SIG)
 {
+  /* FIXME: Check that this socket supports listen(), return EOPNOTSUPP */
+  /* FIXME: Check that the provided fd is a socket, return ENOTSOCK */
+
 #ifdef DUMMY
     dwr("listen(%d)\n", sockfd);
     return reallisten(sockfd, backlog);
diff --git a/netcon/libintercept.so.1.0 b/netcon/libintercept.so.1.0
new file mode 100755
index 0000000000000000000000000000000000000000..221d24287c13813e7f2a8e5d05e15f71769a409c
GIT binary patch
literal 52552
zcmb<-^>JfjWMqH=W(GS35YIsfBH{p{7(9+b84L^z4h$9y><kVJ3JkJfwX6s!3>Jqu
zL<mMRFercpKz6V(FfjbE1#=mG*h0i%v;#9lTz~~a!}KvRFff4hao9n`IqV?%VDtl!
z!3+!xFq#9Ri~(c}2%mt;qthx-bub#F79<q#v?K+@-e3UYF)*OhEKu{{G(;Ig;M0;6
zkUODVf|LMMMG(|JT;ak23IGNM1{e*s9_&961_lODu(|t%G9<VDaXfSVqxZ5OI^2?{
z?)Ejw{d)njLXd%hL6(65tR56Log5;J3;_%c8V#&!oXQdc3`z`ayh;l=3m-T-$0)M%
zg7kpYgTh6ffq_Arfq_AXfq_Avfq?-OB&Hw*3=9lr3=9mQsJ3QcU;sraD0=Lna$NuG
zI?nl)T|V--K|0`ke&Gw3+;X9u4(>>y`5Vva&Z^lqOX1MY-j94Ys>FkjrMMK{D2$M~
zc<oU8?#GjA)@(hv=F!Y4HInTPbMAjg)cUbZ=bMx3)i)gqJ7n~j4P|N*=G1()=BzFi
zdb51d%oeW<*~d>yl9#eZM^(QTaj4`je)+>cw^-3`>&vK*2a}h9ybpC1CdJIa#Q;n9
zFxm5r3=Gh$022b!Apc?$=VijK9+btfsb|Nb{vZQ(b57t8|A@n#^Khu2fkXTy4s$qh
zsQ-XNeLoKIyEw!ZahU%Dhk8*Q;dT>;dOsZIzsI4z8;APyIK*3Vh(E(2&WA(%5hDWw
zwnXX;R?o%YAPi1^3>wgkKOO9TE`|+|VvwN|Dn1`7?w|xw4=amOpyCZO5b?(lioq2s
zen1K$pa!8B+@bags6qrRpyq=pAqFl61yG^Dz`y`X-yjtrV+9#R7#27}9HapfWME*B
zf|@@;5+a}sp%^|x%`bpv4tA(`BvgF?$Up`L23Q?a3KItvN(>AP-XMoCFffELF)#=)
zh%i_{?S&e{@RI=)o+1nnpyDw1BtX@3I6>SAQy&U*52!GOmTMrn)lhpApy4SFwO1V~
zegNvP!yv^B3=GG>@hHq-0JRrX)`FyRq2?=yf_MxJpnL*i`GVaejN$(6Q1cx?1uz2x
zgBVCL0|P?`RQ!M(L;#d-K&)j@@c^hhVey^>wRZ#5U#TF)3=9lbQ1uhg;{7UAy@3Qo
zVH|{F_zzVd08Jq0pyB~g@efdQs-fXC0csAcT-AlD-w#!v0QJ`*s5n1V`~lS76;Sal
zP;)jw0|1l`KvEl^>KmX5Y7<Bh)JA}cPk@@^3>9Z6&QH#cPfLj}N=-~*C@9GQ(eb&Z
zC8-thIr+)iXhNlVV8QtK)S{xie2|L7lFa-(hLrLmhMe-ug4Cj-{33?p)V!4V<ow*+
z#Jm)S^wg60qSTVI#2kjqyv&mL;?$zD%;ePg<ovw6)MT*k;+)jf0*2Iz%o2v&%J`Jj
z;u41Boc!WcG|NE}MfsHsIr)hx@x_(7N%=X&Ama-%!M2oUrZA-B6j$al6sMNNmlnil
z=9Q!tC8rjYpqT@5218DMI@l`(r6t7-$r-81*&t(*b5r6=^5ct3iWqWI%TjY-ocsci
zL*w%jb5mhL#i=Eru*)wf0l5LjEY2t`Ny#tIi%%>{hpPkyaY<zXLMuohB|kSYGY?r!
zY6(MeWpQ$1P7VV!a2SeHb5fH_7z*-pau|{_^HLZRlffQ>P$mpHnZ+fkc?<<b`RO3H
zG34YYC+3u7=B6?fmlUNz87ZknMGR>Lr6tJ>WoZRPnRz8?3~6aOrNtTW*e@^2EJ+2&
zTW)bWLs4pS8HmowOiIboE6&$5V#vu%N(QmaK&+w?5YrIEgr*n}-+&=LH6^hmks&@l
zskk`4xFoTtgdsjPFNML~$J5C<-bl|#586CpVjvze!__h}Py<2|KFB0la2W$>Nta4x
za)MfmsnGT$NL~Xf57GgVXJUZKqnBgHK@C7~`yEn#g0efbNC0VPV1TyELE=^r5it3}
z9-<ypE<v+CSo{N$xE5FhLi|7yhgJn(2?+;?IiUIi)D8s;GB7YGAc=$8qcCv|Byp&h
z!BPfD;-I!OSdf8%!2(Gf)c%KwJ0OX}>Liey2a-6*Zy+%c4nPtIxfLV^!VyT~u(|;x
zo`59I2@-(f3?y+bs2GSUKoSSFxj|weT!AFc4HAIj1|)GFs2GUqKoSQx`ayyW3=9*H
z#6fKqs4&9}ByoP2AOi!#0wi%*p9Uno0!bXXeX{{c9NGi`DQDP$Bo56)VDSS;;?SlL
zSo{Q%IJAlbi(fzz2lZRPf(#4{H;}|Z{S}z_10->16%Cepfg}#Cg23V*ki^BoA`s#S
zk~p*qf=EEy1E913YV$$_85lT_#Gy?Iu#^CjIJ8O!i%TGhL#te{xB`+mv`PevYaoeB
zgGC_3e^Vv{1&05sECvb;{PGSA|5ZW!43Ol@2mk;7|F8N>Ux6V5l#O3r0P{bA_@FHG
z@&K6s3d9FxotGQH{6`=@D9gND0OsEU@j+ST<pePQ5{M7VA}<@j{8J!4C^%jgfcb|&
zd{CBnnE>YR0`Wmv;bj1rzX`+#Wr3FtVE!r)AC$yj8i4tWKzvZreyITF&jRs5N&2M#
zm_G@`2PNf~3}Aj2h!0A_FF*VP`L_wg2PNH?55W8?5FeCeUtR$7i$Hu(Qhj*<%+CVx
zK}qrD1~5Mf#0Mq8mkYrBC=ef%lwM8%^MgQqP!f9C0Oosv_@JcovH;9?0`Wmf=4Aqy
zZw2CmlEljZFy9Eo2Sxcy2QXg?#0N#`O9L=p3B(5#l`j>*d?^qg)LMQi0OkvU_@Gwf
zO9n8X3&fXaU|@Lp;V;PlOdvj}aDDjz%>SjQz>on-sxL2q`JX_1P*Qw(;P3zc9=*1P
z5)2F;&2Kmi54>3S|NsAP+YfpQ3@?iR{r~ULZQG)&z~Iq*gyW_2zyJUF<rxeQyj=PB
z|Nk_8`4&(bV+al21qy4A#y1))3=G}2Tl5qdJbHapcszPbR0Lks{{R2qqxC>thDUFV
zih|*Roec~O3?ALOx*%ga?|=4K-R+{n<I(y4n2U;nNT-X6;)^J-8*=m%7<Pe1IXpV=
zy=edY|9|U&3TKbb_b;sf{r~^M?eG8p$HDf4wKpCCSsopGIBkMQudSsh1B2m#7mq*+
zWx)#585kILfD+5=D;~YJA4M1#Uf<)F2RVhI`8a>`e}4XU5k>|Ek6zY=G7JnJ$s#*E
z7%%*P0Lo7uy{wTE3=D^1{`Kf(H55bT{}e^#pG4zNMB_)I@fFedAon5L7mjBCN)c51
z<k934(d3_sqpIJJ#-D-4FF@meK;{QSBjxjpPrt#D!WMlP6i)p6j6Hg7?I1y){`dd?
z7mI$w;wbuXnjS3tf;}4FfTFeAwo6BWq4j@-ok!=hU7+H@<2VbrL2=AQg@fUR$RCjD
zbqX({fB*mA9izh79iqb8DbRVtqwxqxfArxret8#AoZ0>q0mt{JKmY$jBKb}l!oF@(
zHIO~u_*+3`pkqj=;ep_tpweU)s7TxgB0QSk6nJz#_w0P~*<-cg0gs*fCAkIqdQ~N9
zogylRm(n`jSv)#@RG2(=<|W6cnkJ{1gScECI}<Ha4U<ic4Ly##s7M(mCNY4-g$z%E
z_@E5N0Ahd}Lm-9`D7}KZO<-Ygn+hcC1QG@@ykLwV7$XYC0CoNt(mH)qvW~f^<S_gf
zP19CjX#VlP^C*AIbOr_n!`rVlVd?oWqerhTA2>)l@4dMD`~QEioi7gm{{O%Ew_Hh>
zN3W>07&zbp#6SVp`R>K`-~a#b%41+)@acTk`ToDCxwZmB>w${R9=*12gc%q*-x(fw
zF&Pw{tXH)Zz(d9!%|{A4Uqr_`#=zpC`A7jc^uc0a)?trc+asb33@?8C`v1T4{R_e0
z|Nl<_6*Mo7|NQ^onzd0&fq}mTGyw2o+fQ&wbX$~xq4SvGffs7O|Nnon5h8d6CJ561
zq6aK!dRCNy!Q=RGP@e8&wa`*vcyag_$OzLt2nml));y5RN{GyIgv^U+5TV%!A&*X0
zMUdheh)f5H%zsS<h8IZ?nP?Q5yC4}4Y%;e&GI|ghHxxZ5K{6r`8DkWg?I4+75Fe_b
z$mD`#9zbM7K{B1JL7ED%AOIK8hkpM54=(>Yg`lAbQV*`gkn#gK{KG*8b=$5`S70#w
z_TuDEP*y87_2{;p2NBs05#a`z3ya@g+nGWPkgDLtcTiOTDgQlsZ3BfE7+zfY{{R2$
zy=jp6ef}L3zY8@K7)rD~dTl3w6m0(f|G(jZ7da3r^!xw+oviH|3JfoHfte*53Jit^
zAQq+}xwrX0JAXSUjeGR6x`;C{bpA&wp27K_l^3nNV@2ct6=pywzrUjK-=guKqVeyd
z@voxs&mr@h|1)~@vhEdTU?>sw=oQ^049aP&JA@e+n*XzT@Vg%Rd^io&e<1Zsgc%t4
zTQ)L4RQ0mX1@jkz`H~*Jth2!UiC{hxoZkrMb9(f$P6ydn+Weo_qnC9Ch@IK|pUb0{
zbsC5r+x(v$rY5lYKZi#z>r{}qYx93rk6zZvAhu=me<6=v*4ZGoZu5T;7+bOVzc7pq
z^3Nks8i3f>{9hESf0)XoL5b|Y=uS06l)}sZ|Ei1B6c`ZYb7*kqWslCY5FPbu3JlG^
znM>J^yE1@UsG#IvcmPzd!}SMu{%(HG$ln^n$iVRJFcW{PHJIVR-wGO`{C2p3zZEoO
z`0Y3&f9nkf28M6PnfP0`gBdLRt<%5^h0@Az#~n&jz8?n7qm=r5JI+yR{_VIxsZ!%(
z1_1$vQZ7)P21(!19=*02!k}{U<-~8G@~hWY0L*>S^zHxu*XKNXZNCVCq+b+)_&Ys%
zZEr&ONg)0bk6zpT5PlGd-{aA1y9~m2`u6|-%aZ?~tOQQSwk;5GEs%IPl6W#iTnHp?
zh9vF?5&!k||NobwNaBhR@kb!>FW^=i#C*^^h~a@3r$FMDk;ESeg5AFfB)$nrd>=%7
z7D#*|O#Ef_zyJSH@+V_(=WqU&Dd4oo#NV<Q%wXkj0gdD}|7R|7ZT`<vlF|I1t0ef_
zagGu`k6v3%hzlQl{{O%6F#`h!Lx}_^oRz`CFHe3(YF{GN^Oqp*S@rq<|JNsA?Fo>+
zvtWsr6F>j|KLNzw4B<C|_#VBsg<$TBqR;>TzpO$Er!<Io6i7S?NjwT7?gSF|`VaCg
zl7B%7wfR3If6HsIKbiPjxEMjXmW#hd63k#J(P{oKz~8bNEYHc`G6~FJE-7vP&ruT5
z{GYYNy7|9gi5w_#9|pBolOXn8`t<)lSPa&#=>Us^gkEm@1P&5NJVMli#pfZ5+auJs
zA&bi)#Pg8F{|SKN9c)e*viL2q_zNd=_e_C^Yk|ajZTlfSnNR=!zcd7g9=JX2(Q8`|
zkzoSKh=XMy?k<3czxw$9|I7cd^yC=o7!nF<6iTpwf{~Gb%Hih!8vN~RK!N#>i@$v{
zBLhR{)o#&vB?Sh@&aaN0f4W)yl@u6SFY&j42Jao4{|I!l+A4wC65kmZ7+P-gx4vg!
zU~uVt?gMJLcpQAD;L-Ve|1MC+gY&bi;gc6PKK}pjaqxixq%+ca$fxsx2j?q~-W(MH
zkIwg>Jyv^k#;6E-bj!9YC@^?*hNws$b5RlC_UOF-V(%wV2kE>bymRvI#j6h>p*@PA
zeh=?P5Y_n%+$Va`01Bzr1N?pc;HK3BsC^(Cx>?&56&OIqinJc+bWsuH@0i5^>OYl$
z4S4rr3CN9|_h0yY{Qv(&_y<^1x|`J>q@eK#D7ZjPEyviy;Ple@%BAz2OXu_dqFz`O
zIDk4t58wa)|MDz2;2ju1{XT9`{J+=*wdv6Za0UJQ!~g#tnC5%*+A{Nl)pvaatGoQ+
z|Noc8pzHy*f5-g)|Np;CM(|&O_`x7PN`2=T299yZ&MUzlonJeDdo;cg-~h!u6Mvfk
zxDV!|!r{~FqQbKaG$sLVpdWWp;Q+Ptj=QMvfCeUBJO{b4^=*j+|8`e~wB{d-{4G})
z7(grm{+3gqh;FtmQcwWZsi4-X4=83`4ZnfI->36~4>*#+DdNSM_n>ZWDT7CMEr&<9
z?o>HQtT2L7fJ<kJimFFvjf$*CXNiiaN9X%a7ZuGHJHZitT3&&{r}N#5-|zqbcj;!`
zBd@^V+IpZO-=lYn3TV-TPv-})ebD~W_s<@yT{@4yuz3$^Y}NU9&ruO%VPF9DXfr`h
zXgmT6hRz$1ICYFW3~kT5bUyOveAjvZzvv=)1qKg@GPt6&3E-CY>*pYI6hY?n+P-23
zN7Li?u<p<)k6zmpUa;UfxZqZ(`Ttd&<dN&+|EgLje8-Sbl(+)tQYQYkGoVoJB_gh@
zL9RlLE6|)$TJsM9{+2e7Db2R)<iK$SDk;ISVtC+%$vaTI)N+90!J}LDuZ#kNM|UX$
zI7&d-h65Zgp!o3Uybq3^7a;$4+ZxM(GGd8}z>7qX5uNv6aK8Kh|Aoj~SQauo@Io9U
z(|80FO`xDW%rDP?2xldb0Z5V_y|ykq;Lw}!4i=>Mk;XqD$+-EAMDu^9vINlB2f_5K
z4zj=5cD<|u1H%qbLnp1%m7ydMG-SfQ3)Cg;y#GS@EjXdbyqE=6d_*D|l+zjhi&n{k
zM`S>Jk6zmzNNj(7`~Uw7gEt^QA_hB7di2^Zfn@TlZ(&Z~0?Lkv_E+P>|KGp=FXeby
z{07t#Vb}r6w@CeUaQuG>24_@IzZ>Mq>dt>2y|(EPldIo?iUW_%=it=-*<&?0249rC
z`TxH&MupL%Th>up0UU3v$5>RjI$cyaK?P~aTTrRl28!0sXD_zB`Trjz8u#Y^{}-9B
zLEZrMeL?*NkPNiT59)3H7cBzmK@vgu1vCx;DqTD~|AMQOAE4^s04Q;IfJ*TIQ1?8-
zr_)6x!Kc$lC8NZaU(-dUfM2sm1yptMYfe!CrA&U!IVuYn7#R39m#Az2(`!@?faxtN
z7r^u$l?R|s_kVDW@nY6%P{*@Ig~OxMMTO(V>{lSJ=ngJW=051r`F<a0Eb+w=kg9H3
zS1C~HG+hjqePwvSquct0<?H|dUu*$s>$djjHSOkNVCXz#c;JO1Sc~y~&{*D!FR%Xp
zf8qZMRMseXbRPBSZBbDG6_+3_Au1X^o$o-_8+i1(s5l&VQPBVmz#ex|(E-h^fMhIQ
zG=Yt?e!=zn|9_XxR8Uz03LsDh09PWA_O3_c8_?2{=70Y|M#&#@QIQ9aSAf?mfQBgo
zKoN7?MI{16gG^QcDO3PSfks#uKtc&60U$vGkYEL9C=|pn0ENSG7ZvadgySwMHlTzK
zQeDtlqT&Eb`vHcRUevq<4;WUcdo&&aIRsV?f=nm?TY20?r2@oweFhZYpt6k<6x5)w
z?*|8>iwXx!bJ~Pp@aRtKNk}`)qtiqM<T3$}bq1hB!C`pGqw_S#bWlh!fZPW%+@mu^
z#Q`Mh0dr*lh!+9!%!?OLHzs>D*QiABmuY)+`=|tXw4N+c^k}veDV6RH<Y@lISQ^<K
z$OEE_y8{I}g+W6m(T9&SgK9De8|3~M+7QDk-+1)eUguz7cya0_Y{=#TNUGPi2PC=$
zE(((O=ryh501c$Feh~*1j24CmUVM51)3*Yw&$O6>f#LNXkZ%|m7+gUU-3p+I?##S&
zg#yq#b7om;ih`SqLP@>?bdFn(3#zUtH90l245TtIwH%}-ttdYiNfiTwYfw<Ur(Zyj
zzk85taIk_#enDyxcxqiCGfx3Dy<3!8T&xLE7w#YG<KpDw@9d4Nt~|dqCq*F%G^q_$
z=Natm@8_qWk(dLT)UQ;4PAaFSXfiOkC6*-SSSf(4b#w{}QP6-&X6EN9Bqrq-m4H>D
zs0#{4RaTT*oLZs@4G$#qoPB~_P|O3*<%29`Krs*ExV-!lWQQS{;~3<wppluAlbW8G
zqmWpXUYeVlhs{1uHwBHH{Bi~GguOyuYDs3A0(cz)$Ze2#0!?p&LLa&&0V#?UG@N~1
z6l@h#Q#3(yC=8`}iAg!BAO)Z>gSpH~p(wSav?x!ZEHS4v6{N5zRX4GuBsI671Y$01
zEdwaJR8xvUO28rG=oTO9=NSPr2o$`j#U+VJIhn;7sVP<pswohqpfEx;sTkx4SVGd%
zgD7K2Ni9iDE=f&MNGUDI$xKcxNmT$X7yzkF&&f|p%uz@#$uCmSD9B8)RZY=^X=4Bf
zh(dWrW=^UCX#GQGVoqii$U>+M5L3YGKEUqAsXiw^T>-2NLV^`DFo4!;<fZDT<rifu
zz?`V3P?V~RVpmB<X0bwMUU5lcUUI4)SSvJs!0tlNB_PK`<Uw%(c5G&PUSf_yQe{c1
z0!9{sm=_cj@9z!HPQI?b3L5#PB?|dz3c0Dd`9+nQU~#8VHwBHP(zLYHB3L>BWrGk;
zUswOo5Csj;s)_v45{TlU5LX3_qWn^DG#3=*C*`E(LS(`meGthLoGu{Zp~0>S8i^?>
zpbQI24W-4Ynhc?S-hTe!e(^!BA@O03KHzm1sU;BW8DQh%u;FmnI5=nsyrifS<Z-0j
zsiB&pX{DfA%*CLftE*6unF3C|5MC*q2i1VGXau@g1hiBo6}qMby1oSaS{B$M6SsJm
z&;U0V2Df;3*AOrr45dMQ9|pI05FbRlyN399L-+_foWY(U*xx5U*x%XPHH5)4ARx#;
z#6Ld7Ie;P9Ki<XFDbyXra0>Ewba8eJ4gqsK{aix)U0lOFon1lvAlJ}fS4S6@AP~pf
z)iuD;$1@Bp<KyY)?g|$6_jmI2^YQcp3kUnTIEA`_R0lbSL0K;Tej!2rp&_pR@s7cf
ze$G%?AOCPiu%$uHVc<jn5)bxsfr|(Gxj@AI<HLje{d^)782sadT*8Auv~!TFV+e@h
z8sY2%qW%1xLqfnxLV`m5oIyg40RgUlE?^eOUJ%2@Gsx8$tk2Ki5o9_@(9howQmixh
z$GgB(LTFIn#RrE3xjOnPFn~EO?m=*Nuxns|BPevCazT#aFqR8UJxoE30$4l3E~tRB
zkH2e#tFr<FtjGc}eEgjqeZWGVey$;Kh8ctv5CNwBTtj?3{k*~K2qRN4?FeUt_y&YQ
zOmz$h@No@s^ns{^xd)uXbzqets7ftSNJ>mmNK4V<VhGJEN-fUM0oAOK1z%RMl2k(z
zt1M`d6b>m!at294G6E<gflJkz$N&HLJpTWG&g1|8*F66Jf6wFp|Ia-B|NqY8|Nq}S
z{{R2a<NyD8p8WqW^W^`3ohSeQ+dTRI-{;By|1nSg|IY!beewVQofrTAzj^Wh|DPBC
z|MR^3|6k_i|NlBK|Npmn`TxJFhn1?Ym1;19YOw-CbP1?rHcyGgSZ$S=SC*KQnWB)K
zTbv#bsmwsN1Bx(c6&bkB0F{WK0*_Ie*&4Lg9yDPcaR2}R1*{AV6CVEm4_Xg@;Nk!O
z6-*2a7asoq4{F>_c=Z22XkFrg$N&F>+m=uM{|Bv`EO_$&{{~RI?AibS3QP<P4bT7o
zcVJ>*c<}uHf6%&6gBSn*PXO^>{QtiKv?l81|NjR-{Fnd#-vIGn{r~@giGji4)&Ktz
z%nS?%UjP5^z|6pK;r0Lj5g`7X|NlFf85jiK{r`UfGz#(I|9=Y>28IbA|No!C!oaZL
z<NyB~SQr>KeEk3a1PcShg-`$g3xNFb`Tu_pRtAO*pa1_)U}a!P`11e%304M%1z-RF
z=U`)CDERjOzXoXK1Oo#Ds4)x<kE$RB#tH#OX&!ct35<}n`Jl=F6%YRZ-w9IS$S2Uo
z<j5z{%<RK=fP<-)i%-IlPr#9n!<ic-4Kl|EwBG6A|Nr1NI!KU#fdOPj3IhW}z@z{F
zL2KO^9Qg#AnS!|ZI9$17`8XIrQ>~yDf5D^w|G{fX!Se2W6F8V0xWMMSgUt_NU|?7S
znm&K@|37%GYXF}>56C@j%+7oY%`Cxu6BwCI7`gZqoDcI!I3D8@a5}@s;m+;Cr{IPx
zz&C-hnWc@n2h`gIIT7S;P&#P1|NlRDO{q7Z0LWb+cgrv`Fx+_j|37$*s0*I}b0{Mh
z$V`wvkUXg8VDa?-fAE@C7e0Ypu&g&1ABQhD$Xw9eK*iJl|G{fUUHAm*_&C7fUBbw~
z;Bf!{f6!tTkXaxMQs2YKz%b+K|NpSHsxa{-j0_A0&;I{MUWWrxzX#OudiMW6Y^^X%
z{S{D}eE$DGcpaT5pMVcEoZm1qFi60}5%KBCrx3;`;S3IJaD0d`F)%1R|Np-lWDYn!
zn9{iTI6S!>x%fEz!O;QshYb@0L&b~#|3Qm#Kz4&LXl)c|4Ryhb|Np^j!d*b|&E(3(
z#}N+J@6H_wHU(;y3#f0*#K2(i^8bI(6fA=ap8%5=7axZcHz<*~ar<)dad_h-A!-;H
z7(i+43=;!`#jF4S!E2bE_yl^HocJVqm>u~P+E^U<G@4o6`3`U}>oaokX*lvJIPyt2
z@d-Hbakz1ZqKUY2m!OHbL43`?5W~R0U;@gUumArCuaS4+6X*lk)649{r_ckkr;XKx
z&!Cyjhwp#@Gdm*}pMf*jJ|~!c9w7S+98m=!xd@UUr!X@xe0cN!KQxPif)yOzYnT}r
zUZ9DC!tV$(1H*$i|No1F;>!u1FI+(R!iR4I2h&+Duy-B7-gN<45Ar>P>j?3g2?GNI
zXi#&<+yDPTGbW&X3eE4Hd<IPM@a*ow?FDB$a)aIF!otAd@b3SAF|bP^gbf1&LkwtO
z@!kLb;5FH3?(*bYz`<0F>@G)cUnEz8%7r;B3=Au7LdsMIJ^?pA2`_%`a*hTDdns!z
zV-@hy29P~RKxN{)|Np@~dPKatAjSIvCT2xOaEQaB9pX+<K4t-xneYGq2d_bQ=Uc$Y
z)XBxi;lW+X#{u4>q{7O;;PB!9fAHP}aDH&%YXB<(m4A+)00A*vAt4Ddca$6rfzc2c
z4S~@R7!84u6at_o2*|&nJt80)#s}>QLFOAl8{jZ`TPPp2;2NY3wvP|AU>U@R?dJw9
zPzLcq^9mpuw162z!}f`Q>T?huCja%{|9lW1w7(QY!`iAJpbB7ZEKolTBoFS`GB7X{
zLfr$a(?J97AbC(X3`8?HfTlwjz{`U`d=IDus9g@?!`k+s1=%3}4yeaq;u=ss)ENw*
z86S{3&<a!#4YTjxe~9~EKppZQ%7;3S;RBSP1eN~@<-@`iWEMRzY~MV(U1FeB*$fN}
zYEaq?O1nYnFese{rOTjn8<d^~rI$hJZBY6cl)eU~pF!zwP?`<2(jK(W5lX8;X)`G8
z2BpKGG-weH$n9lNejAjY2Bl#;zPCa7$Ds5zDE$mde}mF&pq2d~`=PWNls1FXuzgSN
z&dyc}8t#6fnhK_RhI)nyMh1qa24;p93K~JFDGDBmB@l646HNwC{~8kSkW|wEHLD3q
zqwkG`<sn#_1NjdbgZgSr3<YYSl}{jX^u4(tF=Px;|5OjA9=3P$B96qCqXt^n1~P$z
z(Ts(G0i5JZI2jl~gDN0l7-j;U4#9E*)CXbaV9#V{U|?qCP+?+VU}j?90oq>1!kz~f
zWK#nRvi5Q?FtD(&X6BVJFmte0u`)0)En;V2U~L8sAuy?OFfg#TfSAl2?4XRq!~_!Q
z28l4aurV;O_JWwK9891cJFII!95xP6uZNkDO_zy*fhm%ifq`|eCj$cm`!CQS0NYm=
zCI$wM!`uuEY~R4$eGX-21_rj@pdkqk4qi?M2DU#SwgAT@76t~kzaX{*2WagT+dmLn
zf#VWL&3_PEgL4Th=<o?f5XXS?ABe*U=2&nhaWF8jF@ZS_oDz%-3~Vf5jt3_<NQM>6
z3E%`xJhHKYIT4(7AeV43)-W+JBygI7^l&jYF)=V?aOQyQ<Y5FkxPVg$<S+p+r-ai8
zWT_Bi4g&*21*a!Sj~F9p1$YDJDUdzljG*b&CQfM(M}o0~iGiV+^D)RC8O9k*3=AEd
zW*`Gp8OuRiyEvuU7#P^}80RxEFwEdo0&(=goCTbkAdUf;vx3tA#4!YOHgKAQI7W=1
zxuzYQb3hyuu-guBt^qmJjBy?l1H%ypu1!n~3~aO5SAfPY*cO01$uS$WFLxn`$-rR;
z(zyuaT@H>AkOP;2d@I1f#^DXp$Z>>$fq@$owIFBnG=Wnb8wV&h!J_M!7#P5!!VGL2
zTbLLactL8JKqpSHr-9bJGTmTgVBjzS9Y?`5lbwNq!w?iqOv#)K3>?Pb1acKLlE*2>
z#S9YRVqoA@=mgoqae|qFfm0E*9+88AX$3O_1D6>nq470vIcR~@zGh=!;Bo~q85p=h
zx~-U@ZsBKO`oh7$z~wE<%)r17S~(=Z?VSbEa~I?rUl5al1GG+y+YiL%U|{2LWoBSt
z0(qU=AH-xAVq##>;Es6#()Ea$fq^>?B+0<Bij9GRJ09e477krT1_tf~kT?g&aS%HR
zB+kPDnqlHj1BnZ8fa+=PjBwCMA;(P)1_tg-5L=965<3F}cUA#21A_zuzXo@d5DNo?
z04PCo*H(juEFZ8iFmTs_MR&6@FmTs{{0@l;P(lQUxjF+AH^?~+AXhSTu&03XI0tJf
zC_6`k0z(lr@+erq#K6D;a+$cqL>2}Hp_xn!42(kB><kP{LZGF{%tF%`85mfEn3)(D
zScO1?Xlz2&pzssU1DBH=3?kqoR5%!z+SnNwcx6B_$o`X^fkA+0>OmF;299iyWz#{1
zGjLpGXJFu&0TO0{IQJr`<N_reUIsP}(2#^ENJI>DpaC1l9To-#(T6My3}U9ByvFec
z#QzB5=Yld7#~%=%k(Gf#Y$-T7@~|>6hzhbYFtDElB^$oCk*o|19Kj3>41Dh)_P=9d
zVBq_38RR<-P|JnyqZm5_0}DqfGXn$Pmp~3s;mgJ$12PAsmt7Gw$jbL;1IQeZO1^&(
zbG$(6|AWop6yRcD;A3FC1qw*cR~!rse2k11Ad@(gK(;Y~Wh5BbI8s2yf{YUT2+Cs|
zpr{i)0CGNPtdou7G)Vpei2oMsz1txE0}%f^DARJh2Jt_DyywHtz>vo;tH8#<z){W4
zz`!pLan?H)1_pkGbsV6U6C1~Gkb00Bu|r_{wAmOKM8U-bha(#U11~tZtwC9wBM`&~
z2e&tvp9tcEgF70`F9h+y!JQ4}H-h-!;I0PqCxZCkVCx3+7lQa;|IP;UH-h+J|E>n}
z4}$n$|Lz9!FM{}B|DFc(AA<N`|K0}kKZ5vR|9~<!8wVpOse%3Tn~i~i2{eAsCkKiF
zcF^(>7Cw1>b_NCxbxsBbK1FVD4J{5%<b0Z-I1{P^RrEq1nL$Y%bOsTVkQ65<k%xnl
znGmQZ<q(PhB~_tH&<PPjC)pVo#Dq4nF)+vq-C<>5P!tklW?;}1vSVdn&=dO3#K530
z^pBZ=!AQu5i-Eyd2z1U!jL;$u28K8x&{-r&LVKAQ7}AA2IT#pngzVWF7+Qq5SQr>O
zgch(cF#H$M0xfuCWMHxaC8g5yObiVC0(_S_I2afN5?L7-_^yJP&LHnxmjH>ffE3;U
zum9mb!o<J;5(MXZeg<xkc90C1&(6RN3Kmd$1oN30*k6MT;JXM;>@Fa4ZruZi5I3k8
zPUL_Vlk5!ayrAMuz`PBVmV;Os7z8Xqr4|FnL{0_<0V@!jg@KI&q(c;>hK&Ox#Ktj~
zgMmQ;QvSmX<A-GSeK3AD1CtX61B0Lns8Pc14a!}D>OVOc7$nnD7z8yz<}h%8CNu=K
zKm{TT2WWG#pf-rj#=w4ynSnuuIm`@HOXz_bFcA<9?>QJ4m?J@{nuX&fGXn#2lr;+j
zg9yh)P{|h!QX|2@uFeY5oLCIf9M8tUz?=+{VBoj|Vy8efw}T8yMbZo|t|b`QFR?N(
z@Gy5T0ci%?+zZisfsuiMxevr<f!Nj$VskLCGlNQN=BW=s8bAZj%+o;<3>-zEmevdq
zn}s8Xm4ShICWy@e(L4*p=3$U}!oa}5w1knLi-AFU6{yHs0+NtP&P`!pS^}yKWLY^G
z7?{9yGK1U`P6h_X&ma|y8@L!4<U#IZVq*pg$b&+LiH#Xlw911*hKY?Cq()&Ms9xg-
zt5Mj>!oa{Jzzp)WBG?Kk=51UI3<}O5H44o0I2afdIzi1hMX-9sWCkW>W>DKjF^_>s
z1uUkd@CamxI`d8@1_mVsu<P`}GT`zDWHdNk9Oq(SPzDwH|Ct$7K;DD3wLvu!sCs9d
z^O>80LDiXyfkD-ui-AEcnu~#fdE$d|wRAA!Lb)1fF$?p=Gv%uFAVr;A3=Hb#Tnr3s
zzd+=Cb!{*kM9x>22eU!seDJ|Cnp2?tP%Ti)coR1RgXTgm$l+Mp*PyNa9#sa0Ty6#i
z9mY_mG6n|imr(H;stgQ0VDS*9Vg?<?KxQrm76$FFQ0XPA3=E*fm{4uHzo6n9KnL?^
zFNX4Vt1>WLhZw><@j|%{V<4l04r36=I}EyVpk2zKvuRWr7<84P9I$={z2BgOc>vU`
za)3%`Kzj#_bCh@(81(ZPm=Azr9Mtq=Pyr>o0%)HZl$#(y`<#b?!Qd??1H)3#>0m!N
z85r&{FfeE`b1^UkGcqt3c0hH&I{Qa>7#P$+>RCQBhR!ztX((f4U@$^grwTGbdnQ!(
zF;xbJtvuiW<Yc}8YKVet*PREIhIq)h4$1`us}5r*^Jm6T9Y*AkWiZ(bD&RMQJhcI;
z7~I$aon|y=K4`)7A*e9)tP6%_UIqqJPzA%Z1*B^|BLjn3aTNp8RuJzJBLjoE8Y2S(
z(>74*W}f(=-1IT1zT5$l{l>_^pnV5w-bGaghEiUT4?>vAK~c?U$)NibDhYPKF&}8h
zI5e(w7(+Rk8MHvY1YwhAP($k^$W-)Ggc#?r@iQ=JfNCmpaLzmns@a$)eyB4mNlRg1
zItS7u$;7~5Y6Z$~mqFYOATH>*D5fhQt{F1}gT*hX?Q(n|M}{&Q>M(|Yh(JaI25n{N
zd=V%foFNK0nKhu!gM=}Iwk}lBT~!8#D2O6PLk4Y6s4z%x4@8)gc><_|3OZMgF@&iM
z6dat)B~T#-i%6)BH4xQc1<+7q;>csr&V|Z@OuPtD!^s?g<Qh;OTLD${Qk8+>158mm
z%nsxAQ0cF#VDEymB?E({KPZU4pm)w0=VbFUFlYxsGaSfTCw{OtPUZ@zwG6tkP-#Xr
z1_rBKD2G=Kst$HI76XH25GW1)K|j@qan4#n1_s@oP<KhHF)-+!LgHxOf^tCCAB0)I
z2Ie8%`%r0BH3kOl_fQT<?OT}IU2wHupwb{qw0WW9UWRH64DteC=Q45r*I^9dWIh4Y
zp{<Uj$OTo=1-K$BBt@C1imt*Hg&-;FLsfJKt|$*l(PmUdkKu|skQCiORfKTUA|yqB
zQ5C&{o3sZ>k&+-v5WI&gx`w349aYgcxFXQTcTk1}1!fMaB1Z6<1qKENYd+9G2WUCC
z8Uw>bR7E^6MaBwHMW84Imj(-9DUHGA3n&FyFrpvS#W*Kgh=D=Z5~>rNXx*V48#M-o
zKM=b(nPG_$l*J7gv_Yp8fE*1{qaXzKJ|{Em^fZVXYw((E(AEnz1_pbW8V=CWkRYAL
zJy2^rVCnq^+_ff3pw<Ssse*no7vr1@AP3KcY6d6AwNMVoq!loWEMOMtZh=aJGs|u$
z2UK$F9)of~rZCvrf*KmejOgQPjC1}7F)-MbL$fEy6bAc!AP0JYhiK5xAY+`PE6l*)
z0B*u~fCoJoLmBMvf;5zXHJ~4E$2ccWn1R7Dm79TqsRXX!ET|>Z1lE9lY8>O7evl2I
zGq#wTU>cl2XW=nE0u|2ar?fH7u@YfmaGnGzsb+%JPh)0aa0Xil;r{^f!$8##gdfGi
zz~I~t3XhqL(>WLz_JH`{0h5`GpjMO|s1E`<KZ|KG*gTi{(2;sX9m@QfF$B~+`OFvy
zYFd0|4ANnYVE)V)!N8!`#m2zEcpKzY^n(N$=WvQLFgSzTjvK*7H?YE-3gPbr@fU$o
zGlc&M#4m#IK|@raAtUGQpwQmP2x?=NurV+wf}Oe(Y@XpYs8hjx4h9B>yCMt>uAp<+
znD#SH<X~V}3z{@=xd>H-;URFVD+pY{K)qvo0%ZGnM)X7N80Q=p11;??N@rj?54QUP
z8v}!NK6H`;luN@zp;>1FXjBH2Ewt;9q)TDa?QrQnB<U$I>1w$2JS6GOFzEug^g1Nz
zOEBp)xb!|G>5nk!Sh(~xBxwOLsLO-l((jO@^<mOpaA`JZdk*ApKbW)wTv`rE8dO_@
z3or|~v>B3g4@|c{T-pywdNoX19VTs@h9nI(SQaM5V9N?hD^D5GkGf=>^GX~Rdr!f!
z2kO#mAAp(^uExM1A`T6MM=;Z@uOmqt!=yjMq_w{xNe98C55lCa`9TNpFfcHH3@?O9
zUxiD{BS}wyNuP#EYwICNuZKy`fJ?g}NuPsBFNH}P$013BgJ>g6iouo{)Rg?lSO8T5
zUdaV+|7J-tFgPCowPrtpgNTiTfkFEmR2j$@<`U2#(uB2+tzRKYhry)N;nGZ?Lx-SY
zPzsZdgiA{yNl$@E`@yA+kfb-mq+Q|CUP#iHVA8fQY3(>9>5njJL%4JqlC*#%)MLzW
z=@ukueV8;4TzVdov>!}b3?^;74M`dt{_-#>20c*8%~%L7FQKZyi{QXf5G~EX;0)^8
zGckilh;MQ-FgSy{_fY;^E(Qi?P!}J{FX3ija6ba7Yk0xxFLQ&=A_8^k#hD;Ik_+Vu
zt)M7XVFHaac!K-ihD@OTH}k{;<?i4vwh<Gki@lVGfkE2>w8$2;*8$WRlmdqe6UQzF
z?P91ns3&U<6)$FB&~Af@gSuQ{U~y=B9@3Lt0F?&yQ5&Grklqidi^|FD0zIOPLHiC=
zC8(D<1F90#jDG?Z2la(FfW<?ZiWwMmUqZz}T_+1M$OJFLU8sT@22h`*7Syi*HSBfu
zq4J=1g0>r!11h>WrNLh0WG;X;Ftq)k(jW^JA<|$AL!siJ4zG3@lmjxu7ov!hxd;}=
zy0uVgkXi;kchDesCn&<vPwZu!Q!LBC;0zi$VhRRF;B6iT24~Rd5mPV|XfQRI7gTqH
z>hfSFP+k3+mw~|(JkXK=R?j@~M7}3@uq6>J&ph!=zWZ!Y4o_kNjX4+d!4gCPEJ5VE
zgA+sr6KKfmDjx%b7HEqi=oBk=a6h*hY;ZY01B0g-s5EVXX)JdK_ifw2^0PoaqAj2i
zZ3YGgQ0F#O1{9Pb&>;v&^dE=HgTgWwEDss~;0Lb<WMBY^w<5%iWufArU<GFzL=V{T
z0n{weF>au`^}Y<ODUbtpkjp!$0?=p)XfOqu5SeNi7#OsFLSqEfb^;a5a7B<Vt}&=p
zGx0<|s8uuZOg@9Q3)HY=H3kNCS&+{{!TF#ZDh|pA_E2$9GHr#5gOYDJSUiNOmVv?8
z2;E2hutdV3XAPS8$O5Gc^b?yI=LpC#Fu3J0FwFw{?E*gogY#oh!(<i{NQP5@fx$Ti
zl&v9rClLQIsErBXSA+Nxpj0r6NlcD`VT%9*gO?lBDHx3)W-P5bHV)7f7aPY@CI$w*
z_nZt2g5cp=^dp8D=k&@kFgSk(rIS@mAog33)l)%EUBv_%p#@FmJBxvwvI^{#ctHjR
zuP}U0VPIh6ILX1lp!bfQfq}6a6h7!DFf-1PR)94ucY}?cA;`es3?Ba24bC^FLJSPf
z;K9k=;C!)H2$pY-g4HumyipFxH^;#8%oFdFL-NgWaK3Q`9l`@{^<RM|{|Dued~=%#
zG_*WXn1MliDbyRFM3o{BNhIKuhn%Qxl!Fu1opJ{4J5cqYL{$S-4=P;wp{vC~iE0W|
z98|c<L&ZUfYAski1T<{Ppsfy-0Og;fU<pW}r~?%T6^go+P!6aNvIv86{=-#+N=Wd?
z3n+sa7eM9VId3gIoqB`ERH5>qDOXVLW1Qov$iQF#8U_Vz(lr2$jqVU(U@!m;m<Ee7
zFsOlsTbU+CsDVaYnI^`lf(BhxK?AO!ZCwm%pn+DViQ$@{vDU4k3=G;kp*Da5bG-uA
zz+{>jp~D!#G%<!j`z};9sN}hXteR<JIA{dakU{$yR0(K&_^$#3gAd5DOvMa7Ah$A=
zG5CO-3QGG7+T5Te%+QfH8AY(&oXitoRf4VnR2mel#@bL0Jfu#*LrQNOXb$K%D8-_m
z-OV`Xlp-v}egvn$*PyNuIK_Ts0u7~`i@{RtN2U#23=GX6KDcU!s6Q{pz+mMIwHy>B
zSo1LhgYRq(1_s8LAV(xXRf89GgWDIUm0*tW1&^e2h%+!agXSBUApA+<u<9ZTJYEk<
zZjfXj#|)a}kdk0v&~Akq3km^HfdDS4pF%?cl&nB$cMen$D6MBGfrAuWfbM~cgVK5f
zR2-!K6jU6P)@OjlK_h+)+Lxf>prpP5EDlNP*P-H|IMICq<$#hpgCEH2Pm~xK{6P$V
zP%Y{YsyZ3Wok4x(u%Ai{44ljppe+wJ4p5kY^(ZOB^nl7(e*^(4LK)1>LA7wWxiUz1
z2VD1mB?gF%pd988DgpgL#U9vh2J_dTDV2z9u$~6E9$RGw26NDv8%&W9$5cS2z|NQt
zcLpd~_=C~{gZTrHK~Y=41{FY6vvIU3LoGiC*8}o1gE^?1&lLR_tULp*d>2ePlM2kI
zAmvcEegRn#Bd!ASUjkguOPC%|iUzAhB0$za!!{ID8^wl#bw|K;%c?*fSchq&Kd6Hb
z^<EpO!ibv;)*S%X9SzgH9j+T5Bw$xC$Zi4+Ys4Q?0aY3^RTvn|<+vCan81@~oXkE@
zlgz_G5f7e4<7D=L32p-UcLFE?5baQNDNrRk5hCaSQ&|ae-6SJb1_mzpDD`|^(41Mo
zCQ!|$1Y&YB!_LbNOa-k4Spiz;5_p=Efq{J`h#Bw%<kV)+iVDO4T!20(QMEt>VIyuq
z8#x#lKv?JxQ_v)C1_lro&SMOE$;!Y0!b0rK!FQP$7(iIWC>V6y5ePFign-Vd2Vtht
zpxulN3?M9=!5FlNnSlX>h4(N9{o`O@0AY4N=Ai$a3=AMFD$f+8%f-L|!orD+L3216
z7(iI)3scZ@76t|o7A|25Qeb6Z0Ab<9Ou<Ju7#KiU%pu5tnSlX>h2ArTo@HfVILr!K
zY64;f<#I7FfG~R&V~{^50|N*PE3q&Xf>wnw%muCJfUGy$%f-L|T5pEFunja~1YUE-
zbi)F4*9|3W&X}7sL6e}MHD}B%ASUvfGv;oP2rCC02k0aZ=;|`ak}{UB>aZncEZ@Kf
zYl4@QvHS+D>wzpOWBCJOLza}W`~|TgOUhXOf!L5GWi0<eY{-%_76wKT2ePD$g%Qkw
zEGc7Q0&^fs%2-&y9LSO~7FI9^vZRcK4a|WoDP!Sa+zww-#=^x2S|0#eQpUo=2y!rF
zNg0a(m;+f-#v;TBnlpkdDPs|1bYoy(fGjCv5oZK#;e#wGW07Dy3|~^lBExtYzNCyr
zm9ZMWq>M$65p?thWJwu|K9~bpQpREc=0KK|u^56mkR@d-M&KcF$dWP^6R_JLOUhWx
z7;l1?lrcTyVqjp^0Ih7|a$;g&0AX&>2|x@C?A2Th3=(V%^`NMk1)7v)@CCI@I3~c^
zEF4$BY>>-1IF7;D0t`H$rD`nDrD`k-K!FEds>ZSq#DpwWV_5_WM#xe%mSvz&1T9r-
z1FsEQ&cMLH1xhEN;D9=ajRWKqu;@!B1_rPwXsOzJ&{8#!TBf&L3=Hi4ptJ;Css>uS
z23@KK3V!HPHIO%$SU4CMIK6uzNgjE%6=+=)mkdZbWL*^Z)J)LI3edVJ?&+4GrOn`V
zQQR{?!b}iXR)SWQfr1URF3JV8+6W}V4_O!00^)ZvGcfQ&)<uDaANXd1_>gr`OF;4~
zL43%%s4XD=PEZjCUKhplmJyVTLF=M;-b3sMt&8IMupLx1g4adye4NJ$TNlOi#T2y8
zh=Gj*v=xpIq!+R-isw%R$Q;nRD4u^1b3p5&c>aUU0k4bVVPFI;vtt3Ti{fEqlmVFp
zUKho~1eO7<ivsP8;{zGR4_OzL%)-FHmjPPJ1X&kV4B}US_>gr`%^-dUh!0s8H5tSQ
zZQ11qt&3vgSPbH?0LeqvJ#7Z@cYv2ron&EP-~|UKsPDzbaTCM`2j^w5{7VoY9Gs8A
z{GT8`I5<Cp`JAi_47}jr1dYkDaY%yr;9wC3E!pJI1o6TCQ3mrZL42@(jKO?Q5FhLx
zXD}bs;pYYWCm77n1j&Q_lMLopg7{$n6odJlAU@bX;OS-1x+fkvPzXcTJ@Lqcf*!o?
ziAQlVcr`wFO%YEiXbGf%0MF$&tPBi-pfyE2SHVosnj)U-e?X$3HAOr(ctFGNT>qIE
z7(jyHEWyvf1=0?Z0rS}zxIk8d;u6e<ttsNU2u>)VHAOtP4uNgw0_7K1&@x0&T86DD
z;x*3#rGp@lXDmV46tbp>*9yc2ttkTO-~*`<0#%KSZs=7E<D8f53=G0)xg`vYZlJ6S
znvW6@O)Oww^!x%^S~IbuPK<$@fq~HrWaLu`1_tr3Tnr41-k?H?dE$p!@o*5=M**}<
zXyS`n3D7kwj2R%s9FhzSl5L>%8lVybwBUlBfkBEfl+l1eaw=3<l!Jjm1|rNn@kK3z
z<Qk}i0tW+w8$^Psj6sSqgwaKcF_4ov1bprg0|SHPai~gd4hDv7u*wil=2)n-6k{N0
z^h^2-R1v5FD|sKv0qK|y(~$_(!65ktD(%d{z_1=H9m>R^z##n*Djoz{R;35tt<1m>
z%fY~K8>|R4*dfIj$UL#5jzQWCDxC>h(kTOJ41tPL8AxLY%mj7&*jIs=vY=zHK$!D@
zY$6u}0|;||mfga|zyQLWXXSFZ7#Kj9J%v#Y)Di(<z7i(+bzBS#OTdLXh$RbZ4S_Jf
zkz6(x0|N-N7c<J1fEpH{g7*`{G;pKC7?fHdjgFVxkVXgk>UhwyK+Hx5Y!y4<_3p?E
z-ElQKpiA1B*MOQGD2)#Al6L03pgNe11C->Mp$lz6Y?fTm$&k<$xa^>%x2!^ppz4SN
zy81nqiGhI=vicpQo`Dmx`W@8T;NXO;eh0AyI3cUwL2L<5$m(|xTY(d@`W?j9;DWAx
z2XPFzpsU|O91AY!>UR*wfeX6&9mMhAg06lCaRRuYtKUJK2rlUA_o<+!3Kw+s`)tta
zcP{AacaVb%xInF8HUUNur-Tc-`W@U<;exJy2UU;_T+r3;(F_a>O<d5`?+Zaq6)x!N
z_l=;Y3Kw+sJGiOB1zr6Ps#a%kL07+nI19L-tKUJK6<pwDt%i&s&IT^%>UYq@{0=VY
z>UWUa4sbzNzk`|#M;N$4O$xSI9MIM8AWw2aR=<Oo44j~;OtwWJ?{aWLR=<M`0W~R7
zz)cF!dT}05GXdmmUQhuC>eGN?6D)ch)QSL!3Nvub;AUVDVAp;Fis?pf1_pLrkV_dj
zL2Jd>^*|1VuAk<R0R<JuPtf{l&Z#n>Rqmj60_Sv)Rt8Sc`f1J?AYmp3uq8Uo3=Cka
zc^NqTxEUBMI3M(aG|6)_FmOJCSdtB5KfVaMkCIay#C{4=BEWeQ#C`^{T!K>r#C`!%
zufTZ<#C{19*Wf$=V!s3V+kk<M1LP$RUyxroKY{8VP8X2$7m!j0&IAzqCrBv=XE})d
z3&iH(TmxeN0Vx+?-~qLQ?t_{mpnzfEX8~myP94Udpmma=paNUK1T;6oz{UYuRVxS*
z7jg%$9%Nx*U=ZX4Em4OwdPG2cNe~~>=urXjH9>qxqsIiqw*>J)jUF}*&^~%WPY_=b
zY+eXRJ`%)-v^qc+hze$c_>fjd2}r&Y#D}yxT0s0x5FgU&m;&O@1o0uQjwK-eN)R8?
z>evF}?*z9RPO&gB2!s6t+Dy;JaSOx;`{xQ+{uPK1_RkYA{}+f4_RkkEpNo}&K^W{G
z&}Moz4k-{H>>m+ut3V6H2m1%KnVyZq3d9Hd#{?|z1>%GK;{xVKf%stmgn;>3AU@bX
zpe5UE9H1>f!eIZDfaSYD@?ih8ure@+bb;cDXFurN5oo;u-rElzt^zFt7X@VjMjlY?
z+etDoh^3`4KzIuz85qPt^H+>~Al*z-3=9&W8@(9$LCKhT;)Z&O%=|J2MgdSdW1iSh
zFOgK5#=s~D%45tE|JO+hfNT~58O$gp!6;(M#=syAN{)<TlbIP9q;){j;vgq5$jk$=
zC8R*BdM8e(7k>icN`jW9`${n|$X<auJeY%lp_Gk*L5?v5WW5|CXziT5AoRM#I1Z3Z
zC?|6^thR+@I*>8oOefC3#sRWf1k{;lGzWPK{i;RAIYt}|43Ho(2f4gJih)54>@Rar
zcDp3Sz#z&2avfN^hcq<6%t7O}`=wz4W(hJIbj_kd0wV*%Cw5rK*`S7;EiB}uBpB^L
zE7&2y;{b9bBzPQ=g2%}cv@#kVJkB70fhK8WE1&_8#lgTZn;jeoprx58p(OhTst6QH
zyC8}<nTuf|CHoC3UCP10a1kQSXvm<*2VR29z|hFSz#uOH<$%=4F@`c4GB79}h3W(C
zLX*7)<$&yvgT=-Qm>u#DpwdYCl|Zc*t`(qCTM5*9;aUl1f?6+Jt3XWU9o!5IAk4i(
z1vIJx!d!mL%AdFy7(kf&lnQ8o1%!FznN&c{7!c-4VN?MP&VVp$1|tKbAfqauFgG)w
zG+(H=Aftdd0|S#712dl$w>7t?Fara#3IjK{9XB%{0|N_`3EC#d&%h1Z<_4lbs@R1Y
znfbW6L7Eta85lTt;U-vsN=+!2)l(S6<${^dz`)JO=qU`+!K29FDXh=Uz`(1<05XtI
zm=R$dzc>;{0BRW6b%HEldp(6=HVbJmF!RZ9GcX8)8Egy;B47q+3yC?{WHDg|W<DEG
z4rXEG=0@n00A(dfUIu0kkXaCyO6f7$OG3gzT~dJ?<WOl=xYrmMWLV+K85m?ukYwbL
zb$SXz^vXl^vVwf5096j=D4IYF0&|qO85tOq!2!a`z@VbXXecbmD8%j{G2KZL<OEd{
z218*61~m}HB*DO-&dOjY3}R?-Glq&YFld4$#2Fa0Kzxu6?an4fMnOhHa8T=XH8C<U
zNlbK-U|`VgY+_^pNiZ<zp}H8wMty`onZy|w48RtOGcXu(GlJBCtT2Kw85oRVb}=xR
zAdK`x^@1tX^W2`oAOp>y-iLC{kz^$p7%U(rf^4xwn5ZrZvKk&JRuDx~og_hFV~xZE
z>9c|BV@1(rix5XM&khnYQ1k4O)uH*t0U9{0p5RDuL_{(uPMqL6xz#0MIzdiyMp7pZ
zIsqOWMGOqC(69g*2U<CVWV$#5gF7^6pt2rFiX|8rJdtE27#O_Zp}@f4jYvk*Aj!xF
zlnxAq!Rf#kn=7H}{6rZ+E(f{UpB0>i0-)A#dkWi2f;<_BEC9+|L3#}Kk~WfgeBjK(
z%D@neBEZeS5CRq8faEs@hES*gL<@HwXto`xZ~{deT?!{yiNp=gfZPlWJc!~7RyaXQ
z5`I`oB7j^z2_lzILf~)(mndlIOBfoj&?GMcT0$xcjZKi41OtN@B2+<{L>!4L!N4Ga
zq*$DRK@t+zkSs0*idtwEmxd%{P_B?cm;j0$1_oKwFlS(pLlIyFZNEW|NUFvPG+4n!
z9tUdu!HEb%aD@ToLhBE1s7_Gaz+#IR7F&EE1_J{>yl`g)C0qe;CBV(VAP9*%Az0K2
zL#i7Qa6Ex4Jy2Q)B{q1;A_~o@pjZ)SU=Tx%IOJFnM~xK;1_nt)h=VF6DddDA4fPec
zB14KAP==C4j!ikF*p!D!Ffb^<N_Ry>3@ah*gT$~hN`!KQsuSc01r2W1fJRFhRxvU#
zFf#t;<7HrE1Rr4q;_H_d7wKo_CFhi;r0N$}7Bheaax#<j)030+D=f_7%}jKQQd2S#
zOLTKG^GYl9!N(K8v_O=@^e1JOKn;M3ph|;|7S2m8VSt|As+R%U(hR?3ST7kg!j9mA
z?~E)iNl8gf)5`#zuK_x{u~;vIfti6JCo?HCUoQi60DN&t3NkaV1R@MNgchO}azrb{
zGU#o)NG3rJbA_tRPtFD%JPYAv=ILcHure@|f@nqt2B?XQ4B*>@QOtu_S(=wwT#^D|
zgRggnm{VMml9QPP5l+cTO9mOo0t<t9kW(P)Y?4Ydb4qkG^PtzRax%g8nlXQ3WMpAt
z-om2C!pMB4Is(it;qZ>$TbSW(73m$xq3_?kmYLU!xop?<wald@EX>Rksy_*HJZDxa
z>G^;HnB_jPFfluPQVh3^3`pb<-mt%Uk!|?NNS|=;bmK?YnYlO=gs(bksz$~!mqhrl
zn;XDfsprGwDIUz^AkNIqv4%sRxpH0<NBS54&r6xByi6WPhBIfU?PgYO^5+oc@aFK2
zzML6(wKS4L|7t0SMk9+$nWamZQ@xn;OPI|#o_I%cD03*UD)TtXe7o+G_sQL*C)YEt
zV&t#^xm~z~Ie)?z2w;}@By3-3%HjK5`19w_pLavS9uDu<lFXG6%$#01%#|EM%mSY_
zXGPa=m?;=cgn-D%=E%rq1|}9pws~Mu9z;F{5g)M-9K|3(LL{>YlLn)(wSs>7#EFrS
zksvK>5p35%G}tP6j&u;a7DRAVf=F2q@f<|RfQSbmf}<2dGIMe~@t!nsVkFowuxZSd
zX&||~AYv|vm<S>~LBwhhF$qL?fCw;mGKl34BEZ}!AeI}50CT5;Sgs%f%)J9*F_(fv
z1MFlDu;Cn~%zPXr9EOva`PVQov9NG}Okn|;!ji?zbuB}uEX=`bQkb2U-MYx)@Tg`E
zBaVqvZlp%(dZ%9pCB8J~APzldy=!38eK{1E^*&v1E@v*|(7Vp;#-Z?q`4j_32{RW*
z+H?-{=C){%GPVddW=@WhI~-99+KM7M^sT)kZ|waXp5E+T%FNZoTwcP=smC1oiCO&`
zhg?DPP3FXs>&zP0B$&BANicJN;xL(kY!XM!z1_av1-{{t6Rjg7KR2%}W6pfSEPjnS
zZ`XBZgHIddI4ql6m^mYutD2@UbLw#jGs{n4_MFFTo|b=OEpt@Kb>>hGFOkj`=8FuU
zm^nYid^xkgyExq2yZJiEsJvawLTOAq44{n2z{v#L#KruXkx`_`r*v(pClf1761FXb
zc@q<(FcUiiBV#&f{Q`qAsJz8m{?fL%1()d10vTMyGk}h9&(DJtxbPAdRK!&lq=HIV
zCPWF#%)n4wl9E`I4k_?Z3n^IH3sIB_E_<2bB_&7{QKB-ziabbR4lZ3;;A+9;EVTG!
zW?+C7pP<d}44h1`NfqYf42(=!68hnh;gK90m_<3}MRS;(+0wk4<9cMX4-+2)BV#!@
zsQ-dScxW2b;DAI9SqAWV#AzvbLlsoog94ZtRINb0%Yq1O76yh=aAgJ!ENEo}<)wnE
zHV_-B#>-F61`C728mXRPVBlne%{wsjFfxmkFjv?xmqjphM@*Vn7aQ3htsgmQVsmX=
z!0u?~iYF6aazrhPX6Bj@7{y!>k-%IPF|j#vV&ufg7;rXi0+W$z+dG)KBbdw6m^ss!
zE9XT<?q<%Mw|j9VhsYczP6kFsMAe<l06V1I)jfcrII}7h<Z*Dd5AsrcW}X>Ce0+9h
zUJ64|YFTPtNijowd@)E}d<jBTVhKZWW?p<+Vs2(mB}05XwDOJzojwgxmzft2GL0eL
z(?7mAu`D${H7^Bjv2O_IbaZF$_#nq{hWPlr)QS>@{DP9q{Ji*_)I5gx_>{zwM6g!S
z-3F=gNr}a&2&*fMOyMTE`Z+rWfUGY{Ed$4KJSh7l=A|H%XXYgq6@ZkKWPr|<jt7TC
zUSbZ|sbEXM?gQIVlv)BBQj3qzFV9OYVu(-9NX*PbGOD10AwIdZC_Xtqr!+T@p(r&m
z2kCTquw&CwiV+%8a^NlvbqQc7DoBnmE`gqK?hHO69ux>Jz6_uf?c+h)n?T`}n^=^c
zS_C#FJ}o64<Z6bL{9KSz;^Xs5i&Kk=8Ilr{vvcy(8A>zrN-W|_;MRD$`v!n@f<iw&
zvp65@LpM(!(82M}-tq9m)R962eB(iUF+*uyab|j6YKlT~Mq&{t(hD;4iW#6cK@@|1
z3vy>_atT9jWqe9%aS20ON>OS_JgA)pN)Bf6#mV^vsqvX9Al=~P4{k#tTo=HQms%bV
zG6k$D6&e_jv)>W!PR-8)yBl=h2a@LkJbe*rGV{Q#KG2r0cu>&g<;UmbCxfpQ0l6i<
zAioF^Ebc+BV4WbxmVotD<>#d$xhu>JY#}JD;|ofP7+~oc5;mZV9vISdD?y2)I5W=-
zVt9N(J~(gWCuirR=7CauNeU>rB*L-<D2G&~7UeU<L!z`8mde35D!?2B%|pdGsi~lJ
znwAoun^>F;4sOV)?j~TBkdQ1Xi!UusO=f`RulN%1B?zEY6%X=$HUlW$L751a$vvHY
z1K|F24Mwm-T>^YOLtGh3GBS%n)7J56If?1TMsT&hju8y*exVA^mX?sy%@lB-dZwV8
zTT+^rYMY*#ms*sWte~5lSd^S$TVY|QYi6RLo35biZ=|4GT#{m&Y-y>Wn-<{dj0kRU
z&VxA@Tq2Z$5_yUd!rS0tA+;howV(u)zo2DBUSe))d`W(MaS1rJW>%##q^FjE{8C(+
z7hjNAk^wdW6e96?kX#uL$wvrXppHX+X$eSUX=VyIAEqXkfWtFCCnY{VEv+~ek&J?Z
z!verPjI<PnlB)RJ%)HW))Z%hbPKb{$H3JuU77PVN`6c<u`8f<Z`FZIIU;=aqT4r8m
zNj&sM5^xqsO$HTtU^_u>1cwN?3;`FGpnGvZK4gfGPt3_o2NjFpPDo~6d_ieRF$1Wi
zP0a(j6c%<apdtk|;g;rsvJlwhq|!7<L5ixP1XK_trWisfBM4;-p-do@DMNfQDCNh;
z7lYDXeqKs(d<jENequ^I<lX{ME=Ws(lxwi77eGlJls6O8z&Sl0>=jUfnVwn#Dlb6W
zUgP8QK+zeWo1c;jQV&)WAD^6GnuiGUkN{BR#22NOfQ&27C@o3JFVBllEJ{bjA~^U!
zc^70{T1s&|xU*ZFS`uGc04eZ6Ne7%7z}X0<6P%Z!`7b#mH8~rUc)&MEfG?n6$gRvv
zEeClW7R15MAxOn*X&yYc1cU}4MK`=81;slkF+%Mqh7}F*pkN2ZAh-ZGGz0VV)6(Kg
zz?DQAr~oa=OaTQ7C^IMLrofyGbBU)*07G#iq^1PlrvOs`3S-bk5e)J1pwIw?H8^<U
z<3VX1WRa(TJgE98Er6tl_~MNGB3QkbmS$!Gj@)!`!T}iu>7z4%q6(=jcJ}uT067m-
zX+z=-WNc{~IPHRi&>3>)1|(TPF2rDn2j^t4g$kgs0htd9hEzmII=Q-r1bCnoz+lIu
z<P=xtGQ^jGZWv01WzG2b)SS%X%=|otJV;Fmj#IFY(^BF=nK!3Avmh08qZLD5JUDxS
zvjZr#fZYlY&;ZW>hGK9Q1}Bs>q&7q%sLcV-;f7`m#g)a$i8+YcJ;XTx9FxXIpa4$G
z%t_75XV5Ro&o9wWNiEX{RRSfMsYUsDsrq@TCCT}DpyDH?xC9g>XkG=?t3~;hpo$XY
z1W?>4pr)si6i|r;YAJxd1Fo+?0ST!sz!gV9eohXU0gC?A5{A@@Oi+r07E#7Vpc>LF
zJ}oD|JTosXpCPk29#lGIg6>U9O<@4t*ObaoQWg)bX+Tve$X}qgVSFh(%{zL4YtrJ9
z#M}Y~P~DpY_D)$^K~ZL2Ng6|1T25(k219&&St7Wx6<?B=4(hOg+Bs<jun0_tv*P1n
z1zcJ|X-P6eaY<1c*hEm94%{UwN==8fCKHQN6B+W$Qj0)d0G9<|k@)!ZywYTteNfjG
zW#*+bfZBK<dy`7jKuuYOq|!7{#sb|&0-7rZ(cn}JVkGD1l@#UYFa$gM#ybbOy14p<
zcslw7GeGYy$pbSoQi{L|f;`<lLf~>`sW}WFBS2<>%m-@$x34qv%OKee6eFN!9XRe7
zGV{w)lfed-g4p2f5g!lM25tm{E@1=BZG#L2SI}VNp)Lg30FubeF9R__y1<QKa7U*o
zHMtC=6LwnAdg#dqj0^#M&{KcJp)?}{=p;$d2p=574k`lOR}B(mWC$>Ts<wpESaiXT
z6LN+t3578;L_o$cFt9Lyj{kwM5hUz*p<1XaMut!ra~V{KSdAetjm=Pvj10jrW(!mZ
zWLC(07;h<5l#wAA#zeL>1hicN;Zz0&2H0^!Q{Wmg!jEjTUqa1%52YCyKnrY9tcRUc
z^bx9riNO-XiLld$o<P-Li7Y))h^hafG&2L||M@Turx-+%ks$!atcMGQ!I({Op#T_j
zGF&KZ4wShZN;5J9z?iT@co-SNAod{0FHq;etYu;_m=9wM!%Yf?F=1y9F*6j`&xdj9
z5b9v=nuHL7xeMk9kPQg?AuM!PfCC5S3>mmt0k9K`G7v)O#)Gv&Ohu5e!#(Cf52#>d
z2!%11L4`nxG;}_Uw-qYN$Pfx+Zi5Oz6e7%qurO^1!Dd4U78^pa*?^f1Fl`9LW<wwr
z8v?P}5QveAF>MIKW<wAb8-lRe5JZFx5!h^qz+yuLHX9-^Y=E7Oase7!j0~YL<};`e
z_6Wq(7=leBX1ri(41{TX0=1EmAsEI)b_8Y&V44*KGYhom9+cFu<Y7!*5iniI)?o$~
z>{JZ^B`3Cn&D2y2bJ-UREAsEKYhYCT07{<$n9^iqcaD^QpvKFo+6vjLT7Yc?k
zA3=p6#>04w(6ccZ8G>O<4!BS#j0xI}4hlbrUKmdht}qzJlz<C`!kDl#L?C)$ykxjS
zj5-5$=*KR&l290PKU4@}7L0csD$2+Z3S(Y|3PBXYc=w^Aj0~YLChTkwh(Z|eJ3=9h
z2|FbOq7cU8mjeY00|O&ND2xd^F9f0x##2WqgfU?!hd>m<c=iZ|FedB_5r{$<FC3u|
z#!Q9^K@`Gx`A|_thEN!@6DkBz2;)tMiZU{U!kCMpLJ);8-g>AgBSR>Rxf?13Q3weX
z1bF}|%LqLXgOMQ=#x#Zt#lV=%&~p$VX2E!hP*FyP7#LFpDg;po<LN;~85u%hOcS_J
z42;<X6@uu6@fJZv85u$mu7|KN{SX54!&kT;Vqr{}t3k$x%!l!m;l{_pm@rpE6vB8g
zhchySz?ex0y)b4nR0yIM#)J8Vks%hwM0g9d`WWILC<*h{TUZn^1j3m9aBqddm@orD
zHU`dz@esxbLQREJpJB#A&0=FHVc`5AH6K0b*cfWT;^-j-6Gsm&c81T4As~a$LkwmC
zda%I^LJvE*LFmB;(*XAhlmR;~W)0Lwj0^#=GzHy@%YdZ?3p-Wi2Q<nU8A4&q{h-y^
zpou1iU>NfzR0tHzq4Qz9Z%|Q2hF}=;A5;jU5XQ5Fp5cI{&Vae&3EUkaFlI2+EJlVf
z7!zhQ$oLSrJ79;HFfxR}n2^iUAYG=A`7j>B9T-h#m^<#n-4O_5UV*zK2F65oM<CoC
zKM@LHOjrnj92__w#zVLRbln~_9wF2hsQoY><McetESTRwHW1}g*eNYOP}g!W1W#s}
zED|u81twAkmEi};giPiLoy-w4nI&K{3rqr*EVw`lCJV$&W|_<a6T1M_%nR<UPG*5h
zqdON_E5zpr5@r<aBpfWs26l+fF{o{f3<2!WM8*fDu_Sufkuk1tC801T?4TD=Fot3@
zL@_mnVAF`%p2XA`h)pAA;}KJ15H^jNt#V9_5!f_hwjV*KQh?$h6cIQuChX`L?16)+
zF$9}N%)r6a7>G?HX5he%wpoI3DvbFWE))!7@<GouVP=^4upGv5g$hEv1mnd)MHv}_
zVaz0`5JVx2R}K}$k~CqCn*eu72#o0j*A)h1!fXZ^A2J`ti$^GgF<~}C6vB82cVLug
zFn4sr-4O_5y1<Q(fiYn=gNzS^yCV^y5XOYr3{eQ<A>4scqAh^h5A!i20}jt)nuXz~
z3sAFQhXS#J3m^#?7Z&4)A`K?;9;%TGlm?*19ZU?CBm^OH$ORru3U(|ITA>EYF37k6
z8eBV|G$TVOjQJWa6bxg&g$jW}GITzS_Zuq8$Pf%;{)Gxb6vB8$(DPfcBte)vmOwQ!
zGK9dGZ{R{<Fec1qkntgKcYK8_41qEKz=gtKOqgRJdSN_-(=cKX<}}cOEuf%dWC(;Y
zk=+r9#T|h#cfgDXS&CUWz)m@O3U_S)%w25oAj24R1fA3Za*q#ONhpj7J3k0yUFdum
zFASj&qz@TmniYc0tPm__VKj#^%?iY3Rv;F$FxtK_v)tfL4}vjaz5)3Wvrd7Xi3B>3
z2INsjhEN!DIozyZ7;`sN2wdL6I3J*bAPYk0!+8IoqKpi|FeVdp(=<dO$TnmQb4fW|
zV+f4-9xfCEW5TQfnH2)J^ebFp2%HJEl#wBZ5z0h%2WHhZ32FxH#3pcw18xVwL|~!8
z2`Zu>%_o=;EKIl|1r9_KCI~y0i5uE}0vn1P1jy_hD2I_D6vi}%T}QwW3uA)s4Q7Be
zhB4bVpgS%=#(?$~gJ?zuj3RswNSuLz;S`i+WC(yU;rk95Fp?WoF+($y!N?E_V}h<V
z0*QhmCUicG2Rac5B+AGT3S+{IhbRO|V#BpiK}LoU7!zhDNMi^V8$z(zfEmxAtJ^__
z!;E8O2!Lrk01^jxlLBB&m}{9CCcdbHO2a8wQ3%@I4HCrCJ_VgA36fHW$6+XpnFAF9
z`6qNfj0d`D9i)MgAr!`hT~-HC2$Dp`FdN=L1sNGaU`&`zObq1=FgDB{kYOQMYz@I?
zD`qIdZ2b(kH4w&x*~H8+v7;WwLAEv!i?xB+ti`MeVAjHnWn>6~G2@}Z$;c24V}f>d
zg4_r4YtVccFAbp(#zb~q5Ej=3!CW^1suyA+j0cM#EcG_*DiN3sj0^##P%}WskAhss
z$PfTCXf{-eks)9il(_{;Gcp96fHD!*Vbpn6P$e+GGBO0g4B88oVq^%yG$;t<5M&Iy
zps^h~Pud5iS)g;70#F(@{fVp>#0DK%529h}(Wgs6a>&>aI?rVcrA?r;Gn96R(&f;Z
zrD`Z$3#HMgnUKu}u_r=%m9P%zIVd02w}o{zVMnhjL0gxwzBtGXWDMKz0IO4A%dBA+
zUcgpX!%o;o)(c{TZifNUQP5a{MHnna!cqh*u0d*1uwHRxZb@PigI;k-5rocwvGVdu
zQuWgFO7%bs2vT%2Qy9R!jKty$2ECNZJkYukFkMmvkts_p0<ReXD}!?4ix~8ZQgaeP
z3ZblmoDv4T643Hgy`p^Ze7s(2MtoWkXyF-X0RWuGpa)t%5uaF8lvv52mzJ5A31g>J
z<|XE4CNt=z=a+y9J+Pq=!;*@N8T3G_8&dO181zz7lS<R$6N?h_(o>6JT=4n~m{d{{
zXq_vRmy?;73R4AI0tXY$Plky?O+pDpbPh8EBLggVAj>f`FfqXH<3$x`W`Nzpiz?2-
z@Bwu03$h^S5Gw{&h9u~{x5!e=3~UUr`*Kmm*%@H>?xKowFu?BTMHL5KBZe#jVKXyu
zF~E{2L<B-IGjKC#Xh7J=Br^jK!v@%na3l$424038hDZWXCNl#c1MI$Is1TT9X5eRl
z-E#~UfD+6M0u0#h-(_YHWO!i@9WaBc1yRflLJY9`i$Q!CW@Zp(fSor869duA3?dA$
za|=Oy7-nXGmLo6$D9y|OEk~ey7{$y0z3l`h0Hv83B%mx*ikSg+`!l*Ybbbz1n1PuA
zIwOZ64xLIv5(kwOEDRt2BME_-yr9GU7`PZ<MH1}3FObQM3?dA$lO93W;ej-Oww8m$
zVaGzk#7)619}x!Fp_j1a3%bt>q#kxuC`{Z3svZ{3Fmpg19*}z2`J6EI@lf@!gE(R0
zSx|A<>7Ow1VyHOmz)+Yt=pbv5`LM%BVdCvj^{`_%VdB%E;;;iXVd6`n;Rc&Rtp)`!
z==58tdf1`tFn^r^x3@9F|0)h~P*`J&FHq6Xh$a0$2iuF8&Otjwgc!IO&~LmFWn^Fg
ziKAbC1G<O{T3dsh0LQjq^>8kn5e>SH5h)+R!UuG)Ha2rWw>M%F?*^MA!T`Hf2Ue_r
zsxoZq7vpfxc18vU0R~|P3)ox-)TR4ys0ZCX1_}qzK^`Ebplzfe`YsOjA909_FhRl-
z)~AM*2r^J{*f_@~kl_pr49Z|}C<lo$!y)bo7UyDsb$DUN5eI<9kqm$`K^L8Z{RN#V
zhTTw6ibH)D4)OV5aV`efE*n^vW-VA8Y8eu>A1uzr09$SXDlb6Nr@-PM7AgiEqJ%Ae
zLAzfC7(^I2oKVYiR%S>zqvtzGs5ttKbSliC^dN$f9>7PfqB;f416?MJ%{`z)!a(5(
zn~sECH<1Lj7q;ro3~UMmLq1d-{Vt>`s5ttSN1&^PK<1<0Xa+j@5Sx2I7c7I+!|G-5
zflmw!3>(1aLmh!c9b;x-5M&TxfSr#E%U|cf>bV$T%MD>&jvHWcBm<z#S73222H5;q
zC$!xA1Qmx(H-OG81Ze>u7sbHE02|wfiG%KD1-TzKDlHB*hZ%HS6R19dR$-4phJbEk
zhKi%#{G<*Rhbls%tia-24CuFIIYY%^%W7ch(+@0;WB`<z2o~pJ5P%K?!NyKf!QxOw
zNK`9WoQnb0gooX!)D0C!Ka2=;NG7)U1s#qlh-5CD3Ep!BT7s{a%m7)XtXGg&RHA2y
zynzU95i)2+Gia@BY6*BDGic8cXy*}Zy9!7eViZ^!x`-Sk3SRsUVjvblr{;jPg2a%v
zYk{~(n-Q?=EYJflYEI0_Of1$jf-cAgwbsFFkwGhS!3%BUT_XJ)eL*`~+<p9=9DU;b
z-Q0p*L*hdmoqSy58NeL_EZaUXb|-)>1Fd&<aB%nWbaIY2(lgRCWkBEDgenW)B?59z
zZgD!AY-vd`st9-?J$UIcsyJlh460asD!7-Do?23xnSv^XwEF_G*c(+Eb&CmfMLVhz
zNZgq~lLKVQIjRcqB5+h8L@cAZ2b56I_Vz$mp`#iAUAK=Wn4g@DSdonx14wBG)nky|
zHK>L`7QLg2f%h3;NngktTjJxBii_imOA?Df=^eau8`TilYIrnJ@Gd*>s&Dw#N2J{%
zC_6(?cI-g5M4%c5+tmkK!H+7NlMmSwg4j<1+Esw629`^qdq%)H5S$;u5d>NY58I}K
zWe*p4e+Qa*uuVD085Oiq4pkZGcvsY@0p&VWHQ*f%;GG?yxCU+iK-+i$${MIzic3;b
zi;7Ui;AI*G3{XD>RK|jLP%|*V``@sBICNYdZUd}64if-f>GkdZ|9qH!SU(*`gO2V1
zsRf-04WeP~TM!$BLFcK1y5w;EPzJnT53TS(_JX8f`e8jlQ2z*IHb@R+9<1LFqYGgY
zAW3i=AIgAI9t;c&|B>7e8y|qt4N!F;J3vgBaWERRjO-the%Lqyj0U+6qz~QwATbb5
z0ry`(x7&kw4Dj&=*to+4h%l%*2WFxBKM$(k2`tM1AD4iQPk2Bb4x%_g=Ve0G!NL#H
z&tqVK1~aI!2T>sap&Vcyg>V_5!f?6*8m2J)u=W&;eu&oPhv|nJ#{e4E2Q^(_*1*O?
zV00_Y!%z)qTn5mgo5=cM<0deg1tba83!*^r0HR@d3e^2D`(fiNFggI%p@C{Zw|^c3
z0|V%MDp2@>l)%Pee%OL|3=HV%(fO+w7(k;m@c4y~*FaBqL06B?-v&DQ6FjyBwa*UH
z-sgboe*pDA%-=Bmuy_C+!U$3Vb3bhS=LP6sM+VRp3J`N)BuqbyJ^~Ftn11*;5j5c&
zfDDIeMoND${b$ki!^V>g93h%u>L5JK@VpE)6J|ebJj4R3{{&1Ul!k;3l*7Qla06;T
z`fwXeKkQOnm=2hCVDv+%ewaLrPJ!CL0VV*YVfvt4h7UOOi$F7Uy*W%Jghto@2Z#R2
zl@RqzXaR_>p9^%@2t+9gIkgeOO(URR45}YJ{C;;r^#1}C?hq!JgxL?H6`}gUl1RkY
zsSu6^wEqp^ffi!JSP)tVhkjYmY0?Y~3=3cuL6pO)BPb8lr(;0mJ-8?X!`>|r4s1>b
z!o##5WIU|wfT;n|KemEM28ISM2n||HY6MNIAQ4#k3o4UgX%{38!xhju&@-@%3zY!b
I2W5gO08#Ms8vp<R

literal 0
HcmV?d00001

diff --git a/netcon/make-intercept.mk b/netcon/make-intercept.mk
index c4c0da32b..e70b0e6cc 100644
--- a/netcon/make-intercept.mk
+++ b/netcon/make-intercept.mk
@@ -27,7 +27,7 @@
 
 SHCC=gcc
 
-intercept_CFLAGS = -c -fPIC -g -O2 -Wall -std=c99 -D_GNU_SOURCE -DNETCON_INTERCEPT
+intercept_CFLAGS = -c -fPIC -g -O2 -Wall -std=c99 -D_GNU_SOURCE -DCHECKS -DNETCON_INTERCEPT
 LIB_NAME = intercept
 SHLIB_EXT=dylib
 SHLIB_MAJOR = 1